Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch
diff options
context:
space:
mode:
authorMart Raudsepp <leio@gentoo.org>2019-07-23 16:00:09 +0300
committerMart Raudsepp <leio@gentoo.org>2019-07-23 16:00:23 +0300
commitf584ca053067b4aa6fb09cfe655ab260035366d2 (patch)
tree96833610806ce437dd00ea15cd5f457d901939fd /dev-libs/glib/files/2.58.3-CVE-2019-12450.patch
parentapp-misc/rtlamr: Fix typo in HOMEPAGE (diff)
downloadgentoo-f584ca053067b4aa6fb09cfe655ab260035366d2.tar.gz
gentoo-f584ca053067b4aa6fb09cfe655ab260035366d2.tar.bz2
gentoo-f584ca053067b4aa6fb09cfe655ab260035366d2.zip
dev-libs/glib: fix CVE-2019-12450
plus an unrelated small patch from upstream 2-58 branch. Bug: https://bugs.gentoo.org/690498 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org>
Diffstat (limited to 'dev-libs/glib/files/2.58.3-CVE-2019-12450.patch')
-rw-r--r--dev-libs/glib/files/2.58.3-CVE-2019-12450.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch b/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch
new file mode 100644
index 000000000000..949ac56431f1
--- /dev/null
+++ b/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch
@@ -0,0 +1,53 @@
+From e6b769819d63d2b24b251dbc9f902fe6fd614da3 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 23 May 2019 10:41:53 +0200
+Subject: [PATCH] gfile: Limit access to files when copying
+
+file_copy_fallback creates new files with default permissions and
+set the correct permissions after the operation is finished. This
+might cause that the files can be accessible by more users during
+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
+files to limit access to those files.
+---
+ gio/gfile.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/gio/gfile.c b/gio/gfile.c
+index 1cc69166a..13b435480 100644
+--- a/gio/gfile.c
++++ b/gio/gfile.c
+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
+ out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+ FALSE, NULL,
+ flags & G_FILE_COPY_BACKUP,
+- G_FILE_CREATE_REPLACE_DESTINATION,
+- info,
++ G_FILE_CREATE_REPLACE_DESTINATION |
++ G_FILE_CREATE_PRIVATE, info,
+ cancellable, error);
+ else
+ out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
+- FALSE, 0, info,
++ FALSE, G_FILE_CREATE_PRIVATE, info,
+ cancellable, error);
+ }
+ else if (flags & G_FILE_COPY_OVERWRITE)
+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
+ out = (GOutputStream *)g_file_replace (destination,
+ NULL,
+ flags & G_FILE_COPY_BACKUP,
+- G_FILE_CREATE_REPLACE_DESTINATION,
++ G_FILE_CREATE_REPLACE_DESTINATION |
++ G_FILE_CREATE_PRIVATE,
+ cancellable, error);
+ }
+ else
+ {
+- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
++ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
+ }
+
+ if (!out)
+--
+2.20.1
+