From f584ca053067b4aa6fb09cfe655ab260035366d2 Mon Sep 17 00:00:00 2001 From: Mart Raudsepp Date: Tue, 23 Jul 2019 16:00:09 +0300 Subject: dev-libs/glib: fix CVE-2019-12450 plus an unrelated small patch from upstream 2-58 branch. Bug: https://bugs.gentoo.org/690498 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Mart Raudsepp --- dev-libs/glib/files/2.58.3-CVE-2019-12450.patch | 53 ++++ .../glib/files/2.58.3-gdbusmessage-limit-fix.patch | 120 ++++++++ dev-libs/glib/glib-2.58.3-r1.ebuild | 315 +++++++++++++++++++++ 3 files changed, 488 insertions(+) create mode 100644 dev-libs/glib/files/2.58.3-CVE-2019-12450.patch create mode 100644 dev-libs/glib/files/2.58.3-gdbusmessage-limit-fix.patch create mode 100644 dev-libs/glib/glib-2.58.3-r1.ebuild diff --git a/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch b/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch new file mode 100644 index 000000000000..949ac56431f1 --- /dev/null +++ b/dev-libs/glib/files/2.58.3-CVE-2019-12450.patch @@ -0,0 +1,53 @@ +From e6b769819d63d2b24b251dbc9f902fe6fd614da3 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Thu, 23 May 2019 10:41:53 +0200 +Subject: [PATCH] gfile: Limit access to files when copying + +file_copy_fallback creates new files with default permissions and +set the correct permissions after the operation is finished. This +might cause that the files can be accessible by more users during +the operation than expected. Use G_FILE_CREATE_PRIVATE for the new +files to limit access to those files. +--- + gio/gfile.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/gio/gfile.c b/gio/gfile.c +index 1cc69166a..13b435480 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, + out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), + FALSE, NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, +- info, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, info, + cancellable, error); + else + out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), +- FALSE, 0, info, ++ FALSE, G_FILE_CREATE_PRIVATE, info, + cancellable, error); + } + else if (flags & G_FILE_COPY_OVERWRITE) +@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, + out = (GOutputStream *)g_file_replace (destination, + NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + cancellable, error); + } + else + { +- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); ++ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); + } + + if (!out) +-- +2.20.1 + diff --git a/dev-libs/glib/files/2.58.3-gdbusmessage-limit-fix.patch b/dev-libs/glib/files/2.58.3-gdbusmessage-limit-fix.patch new file mode 100644 index 000000000000..0828132003d3 --- /dev/null +++ b/dev-libs/glib/files/2.58.3-gdbusmessage-limit-fix.patch @@ -0,0 +1,120 @@ +From 2d655ef8954695cabf9e99cc61411de2bb4cb847 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Mon, 28 Jan 2019 14:36:42 +0000 +Subject: [PATCH] gdbusmessage: Fix check on upper limit of message size + +There was a typo in the figure checked against. Add a unit test. + +Signed-off-by: Philip Withnall + +https://gitlab.gnome.org/GNOME/glib/issues/1642 +--- + gio/gdbusmessage.c | 2 +- + gio/tests/gdbus-message.c | 72 ++++++++++++++++++++++++++++++++++++++- + 2 files changed, 72 insertions(+), 2 deletions(-) + +diff --git a/gio/gdbusmessage.c b/gio/gdbusmessage.c +index 169e6fd15..2ad51f888 100644 +--- a/gio/gdbusmessage.c ++++ b/gio/gdbusmessage.c +@@ -1984,7 +1984,7 @@ g_dbus_message_bytes_needed (guchar *blob, + "Unable to determine message blob length - given blob is malformed"); + } + +- if (ret > (2<<27)) ++ if (ret > (1<<27)) + { + g_set_error (error, + G_IO_ERROR, +diff --git a/gio/tests/gdbus-message.c b/gio/tests/gdbus-message.c +index 88a9c5d86..74e0f712e 100644 +--- a/gio/tests/gdbus-message.c ++++ b/gio/tests/gdbus-message.c +@@ -141,6 +141,74 @@ message_copy (void) + + /* ---------------------------------------------------------------------------------------------------- */ + ++/* Test g_dbus_message_bytes_needed() returns correct results for a variety of ++ * arbitrary binary inputs.*/ ++static void ++message_bytes_needed (void) ++{ ++ const struct ++ { ++ const guint8 blob[16]; ++ gssize expected_bytes_needed; ++ } ++ vectors[] = ++ { ++ /* Little endian with header rounding */ ++ { { 'l', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 50, 0, 0, 0, /* body length */ ++ 1, 0, 0, 0, /* message serial */ ++ 7, 0, 0, 0 /* header length */}, 74 }, ++ /* Little endian without header rounding */ ++ { { 'l', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 50, 0, 0, 0, /* body length */ ++ 1, 0, 0, 0, /* message serial */ ++ 8, 0, 0, 0 /* header length */}, 74 }, ++ /* Big endian with header rounding */ ++ { { 'B', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 0, 0, 0, 50, /* body length */ ++ 0, 0, 0, 1, /* message serial */ ++ 0, 0, 0, 7 /* header length */}, 74 }, ++ /* Big endian without header rounding */ ++ { { 'B', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 0, 0, 0, 50, /* body length */ ++ 0, 0, 0, 1, /* message serial */ ++ 0, 0, 0, 8 /* header length */}, 74 }, ++ /* Invalid endianness */ ++ { { '!', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 0, 0, 0, 50, /* body length */ ++ 0, 0, 0, 1, /* message serial */ ++ 0, 0, 0, 8 /* header length */}, -1 }, ++ /* Oversized */ ++ { { 'l', 0, 0, 1, /* endianness, message type, flags, protocol version */ ++ 0, 0, 0, 0x08, /* body length (128MiB) */ ++ 1, 0, 0, 0, /* message serial */ ++ 7, 0, 0, 0 /* header length */}, -1 }, ++ }; ++ gsize i; ++ ++ for (i = 0; i < G_N_ELEMENTS (vectors); i++) ++ { ++ gssize bytes_needed; ++ GError *local_error = NULL; ++ ++ g_test_message ("Vector: %" G_GSIZE_FORMAT, i); ++ ++ bytes_needed = g_dbus_message_bytes_needed ((guchar *) vectors[i].blob, ++ G_N_ELEMENTS (vectors[i].blob), ++ &local_error); ++ ++ if (vectors[i].expected_bytes_needed < 0) ++ g_assert_error (local_error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT); ++ else ++ g_assert_no_error (local_error); ++ g_assert_cmpint (bytes_needed, ==, vectors[i].expected_bytes_needed); ++ ++ g_clear_error (&local_error); ++ } ++} ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ + int + main (int argc, + char *argv[]) +@@ -151,6 +219,8 @@ main (int argc, + + g_test_add_func ("/gdbus/message/lock", message_lock); + g_test_add_func ("/gdbus/message/copy", message_copy); +- return g_test_run(); ++ g_test_add_func ("/gdbus/message/bytes-needed", message_bytes_needed); ++ ++ return g_test_run (); + } + +-- +2.20.1 + diff --git a/dev-libs/glib/glib-2.58.3-r1.ebuild b/dev-libs/glib/glib-2.58.3-r1.ebuild new file mode 100644 index 000000000000..310e79a8cf41 --- /dev/null +++ b/dev-libs/glib/glib-2.58.3-r1.ebuild @@ -0,0 +1,315 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} ) +GNOME2_EAUTORECONF=yes + +inherit autotools bash-completion-r1 epunt-cxx flag-o-matic gnome2 libtool linux-info \ + multilib multilib-minimal pax-utils python-any-r1 toolchain-funcs virtualx + +# Until bug #537330 glib is a reverse dependency of pkgconfig and, then +# adding new dependencies end up making stage3 to grow. Every addition needs +# then to be think very closely. + +DESCRIPTION="The GLib library of C routines" +HOMEPAGE="https://www.gtk.org/" +SRC_URI="${SRC_URI} + https://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz" # pkg.m4 for eautoreconf + +LICENSE="LGPL-2.1+" +SLOT="2" +IUSE="dbus debug fam gtk-doc kernel_linux +mime selinux static-libs systemtap test utils xattr" + +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" + +# Added util-linux multilib dependency to have libmount support (which +# is always turned on on linux systems, unless explicitly disabled, but +# this ebuild does not do that anyway) (bug #599586) + +RDEPEND=" + !=dev-libs/libpcre-8.31:3[${MULTILIB_USEDEP},static-libs?] + >=virtual/libiconv-0-r1[${MULTILIB_USEDEP}] + >=virtual/libffi-3.0.13-r1:=[${MULTILIB_USEDEP}] + >=virtual/libintl-0-r2[${MULTILIB_USEDEP}] + >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] + kernel_linux? ( >=sys-apps/util-linux-2.23[${MULTILIB_USEDEP}] ) + selinux? ( >=sys-libs/libselinux-2.2.2-r5[${MULTILIB_USEDEP}] ) + xattr? ( >=sys-apps/attr-2.4.47-r1[${MULTILIB_USEDEP}] ) + fam? ( >=virtual/fam-0-r1[${MULTILIB_USEDEP}] ) + utils? ( + >=dev-util/gdbus-codegen-${PV} + virtual/libelf:0= + ) +" +DEPEND="${RDEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + >=dev-libs/libxslt-1.0 + >=sys-devel/gettext-0.11 + gtk-doc? ( >=dev-util/gtk-doc-1.20 ) + systemtap? ( >=dev-util/systemtap-1.3 ) + ${PYTHON_DEPS} + test? ( + sys-devel/gdb + >=dev-util/gdbus-codegen-${PV} + >=sys-apps/dbus-1.2.14 ) +" +# configure.ac has gtk-doc-am stuff behind m4_ifdef, so we don't need a gtk-doc-am build dep + +# Migration of glib-genmarshal, glib-mkenums and gtester-report to a separate +# python depending package, which can be buildtime depended in packages that +# need these tools, without pulling in python at runtime. +RDEPEND="${RDEPEND} + >=dev-util/glib-utils-${PV}" +PDEPEND=" + dbus? ( gnome-base/dconf ) + mime? ( x11-misc/shared-mime-info ) +" +# shared-mime-info needed for gio/xdgmime, bug #409481 +# dconf is needed to be able to save settings, bug #498436 + +MULTILIB_CHOST_TOOLS=( + /usr/bin/gio-querymodules$(get_exeext) +) + +pkg_setup() { + if use kernel_linux ; then + CONFIG_CHECK="~INOTIFY_USER" + if use test ; then + CONFIG_CHECK="~IPV6" + WARNING_IPV6="Your kernel needs IPV6 support for running some tests, skipping them." + fi + linux-info_pkg_setup + fi + python-any-r1_pkg_setup +} + +src_prepare() { + # Prevent build failure in stage3 where pkgconfig is not available, bug #481056 + mv -f "${WORKDIR}"/pkg-config-*/pkg.m4 "${S}"/m4macros/ || die + + if use test; then + # Disable tests requiring dev-util/desktop-file-utils when not installed, bug #286629, upstream bug #629163 + if ! has_version dev-util/desktop-file-utils ; then + ewarn "Some tests will be skipped due dev-util/desktop-file-utils not being present on your system," + ewarn "think on installing it to get these tests run." + sed -i -e "/appinfo\/associations/d" gio/tests/appinfo.c || die + sed -i -e "/g_test_add_func/d" gio/tests/desktop-app-info.c || die + fi + + # gdesktopappinfo requires existing terminal (gnome-terminal or any + # other), falling back to xterm if one doesn't exist + #if ! has_version x11-terms/xterm && ! has_version x11-terms/gnome-terminal ; then + # ewarn "Some tests will be skipped due to missing terminal program" + # These tests seem to sometimes fail even with a terminal; skip for now and reevulate with meson + # Also try https://gitlab.gnome.org/GNOME/glib/issues/1601 once ready for backport (or in a bump) and file new issue if still fails + sed -i -e "/appinfo\/launch/d" gio/tests/appinfo.c || die + # desktop-app-info/launch* might fail similarly + sed -i -e "/desktop-app-info\/launch-as-manager/d" gio/tests/desktop-app-info.c || die + #fi + + # https://bugzilla.gnome.org/show_bug.cgi?id=722604 + sed -i -e "/timer\/stop/d" glib/tests/timer.c || die + sed -i -e "/timer\/basic/d" glib/tests/timer.c || die + + ewarn "Tests for search-utils have been skipped" + sed -i -e "/search-utils/d" glib/tests/Makefile.am || die + else + # Don't build tests, also prevents extra deps, bug #512022 + sed -i -e 's/ tests//' {.,gio,glib}/Makefile.am || die + fi + + # gdbus-codegen is a separate package + eapply "${FILESDIR}"/${PN}-2.58.2-external-gdbus-codegen.patch + + # gdbus message upper limit check fix from glib-2-58 + eapply "${FILESDIR}"/${PV}-gdbusmessage-limit-fix.patch + # gfile copy fallback security fix (wrong permissions at start) + eapply "${FILESDIR}"/${PV}-CVE-2019-12450.patch + + # Tarball doesn't come with gtk-doc.make and we can't unconditionally depend on dev-util/gtk-doc due + # to circular deps during bootstramp. If actually not building gtk-doc, an almost empty file will do + # fine as well - this is also what upstream autogen.sh does if gtkdocize is not found. If gtk-doc is + # installed, eautoreconf will call gtkdocize, which overwrites the empty gtk-doc.make with a full copy. + cat > gtk-doc.make << EOF +EXTRA_DIST = +CLEANFILES = +EOF + + gnome2_src_prepare + epunt_cxx +} + +multilib_src_configure() { + # Avoid circular depend with dev-util/pkgconfig and + # native builds (cross-compiles won't need pkg-config + # in the target ROOT to work here) + if ! tc-is-cross-compiler && ! $(tc-getPKG_CONFIG) --version >& /dev/null; then + if has_version sys-apps/dbus; then + export DBUS1_CFLAGS="-I/usr/include/dbus-1.0 -I/usr/$(get_libdir)/dbus-1.0/include" + export DBUS1_LIBS="-ldbus-1" + fi + export LIBFFI_CFLAGS="-I$(echo /usr/$(get_libdir)/libffi-*/include)" + export LIBFFI_LIBS="-lffi" + export PCRE_CFLAGS=" " # test -n "$PCRE_CFLAGS" needs to pass + export PCRE_LIBS="-lpcre" + fi + + # These configure tests don't work when cross-compiling. + if tc-is-cross-compiler ; then + # https://bugzilla.gnome.org/show_bug.cgi?id=756473 + case ${CHOST} in + hppa*|metag*) export glib_cv_stack_grows=yes ;; + *) export glib_cv_stack_grows=no ;; + esac + # https://bugzilla.gnome.org/show_bug.cgi?id=756474 + export glib_cv_uscore=no + # https://bugzilla.gnome.org/show_bug.cgi?id=756475 + export ac_cv_func_posix_get{pwuid,grgid}_r=yes + fi + + local myconf + + case "${CHOST}" in + *-mingw*) myconf="${myconf} --with-threads=win32" ;; + *) myconf="${myconf} --with-threads=posix" ;; + esac + + # libelf used only by the gresource bin + ECONF_SOURCE="${S}" gnome2_src_configure ${myconf} \ + $(usex debug --enable-debug=yes ' ') \ + $(use_enable xattr) \ + $(use_enable fam) \ + $(multilib_native_use_enable gtk-doc) \ + $(use_enable kernel_linux libmount) \ + $(use_enable selinux) \ + $(use_enable static-libs static) \ + $(use_enable systemtap dtrace) \ + $(use_enable systemtap systemtap) \ + $(multilib_native_use_enable utils libelf) \ + --with-python=${EPYTHON} \ + --disable-compile-warnings \ + --enable-man \ + --with-pcre=system \ + --with-xml-catalog="${EPREFIX}/etc/xml/catalog" + + if multilib_is_native_abi; then + local d + for d in glib gio gobject; do + ln -s "${S}"/docs/reference/${d}/html docs/reference/${d}/html || die + done + fi +} + +multilib_src_test() { + export XDG_CONFIG_DIRS=/etc/xdg + export XDG_DATA_DIRS=/usr/local/share:/usr/share + export G_DBUS_COOKIE_SHA1_KEYRING_DIR="${T}/temp" + export LC_TIME=C # bug #411967 + unset GSETTINGS_BACKEND # bug #596380 + python_setup + + # Related test is a bit nitpicking + mkdir "$G_DBUS_COOKIE_SHA1_KEYRING_DIR" + chmod 0700 "$G_DBUS_COOKIE_SHA1_KEYRING_DIR" + + # Hardened: gdb needs this, bug #338891 + if host-is-pax ; then + pax-mark -mr "${BUILD_DIR}"/tests/.libs/assert-msg-test \ + || die "Hardened adjustment failed" + fi + + # Need X for dbus-launch session X11 initialization + virtx emake check +} + +multilib_src_install() { + emake DESTDIR="${D}" completiondir="$(get_bashcompdir)" install + keepdir /usr/$(get_libdir)/gio/modules +} + +multilib_src_install_all() { + einstalldocs + + # These are installed by dev-util/glib-utils + # TODO: With patching we might be able to get rid of the python-any deps and removals, and test depend on glib-utils instead; revisit with meson + rm "${ED}usr/bin/glib-genmarshal" || die + rm "${ED}usr/share/man/man1/glib-genmarshal.1" || die + rm "${ED}usr/bin/glib-mkenums" || die + rm "${ED}usr/share/man/man1/glib-mkenums.1" || die + rm "${ED}usr/bin/gtester-report" || die + rm "${ED}usr/share/man/man1/gtester-report.1" || die + + # Do not install charset.alias even if generated, leave it to libiconv + rm -f "${ED}/usr/$(get_libdir)/charset.alias" + + # Don't install gdb python macros, bug 291328 + rm -rf "${ED}/usr/share/gdb/" "${ED}/usr/share/glib-2.0/gdb/" + + # Completely useless with or without USE static-libs, people need to use pkg-config + find "${ED}" -name '*.la' -delete || die +} + +pkg_preinst() { + gnome2_pkg_preinst + + # Make gschemas.compiled belong to glib alone + local cache="usr/share/glib-2.0/schemas/gschemas.compiled" + + if [[ -e ${EROOT}${cache} ]]; then + cp "${EROOT}"${cache} "${ED}"/${cache} || die + else + touch "${ED}"/${cache} || die + fi + + multilib_pkg_preinst() { + # Make giomodule.cache belong to glib alone + local cache="usr/$(get_libdir)/gio/modules/giomodule.cache" + + if [[ -e ${EROOT}${cache} ]]; then + cp "${EROOT}"${cache} "${ED}"/${cache} || die + else + touch "${ED}"/${cache} || die + fi + } + + # Don't run the cache ownership when cross-compiling, as it would end up with an empty cache + # file due to inability to create it and GIO might not look at any of the modules there + if ! tc-is-cross-compiler ; then + multilib_foreach_abi multilib_pkg_preinst + fi +} + +pkg_postinst() { + # force (re)generation of gschemas.compiled + GNOME2_ECLASS_GLIB_SCHEMAS="force" + + gnome2_pkg_postinst + + multilib_pkg_postinst() { + gnome2_giomodule_cache_update \ + || die "Update GIO modules cache failed (for ${ABI})" + } + if ! tc-is-cross-compiler ; then + multilib_foreach_abi multilib_pkg_postinst + else + ewarn "Updating of GIO modules cache skipped due to cross-compilation." + ewarn "You might want to run gio-querymodules manually on the target for" + ewarn "your final image for performance reasons and re-run it when packages" + ewarn "installing GIO modules get upgraded or added to the image." + fi +} + +pkg_postrm() { + gnome2_pkg_postrm + + if [[ -z ${REPLACED_BY_VERSION} ]]; then + multilib_pkg_postrm() { + rm -f "${EROOT}"usr/$(get_libdir)/gio/modules/giomodule.cache + } + multilib_foreach_abi multilib_pkg_postrm + rm -f "${EROOT}"usr/share/glib-2.0/schemas/gschemas.compiled + fi +} -- cgit v1.2.3-65-gdbad