import glib2-2.56.4-9.el8
This commit is contained in:
parent
bea9bf982b
commit
5b5d052d1d
38
SOURCES/CVE-2019-13012.patch
Normal file
38
SOURCES/CVE-2019-13012.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 32ed752130bcbccc008819a7f1ea27651c601ee2 Mon Sep 17 00:00:00 2001
|
||||
From: Matthias Clasen <mclasen@redhat.com>
|
||||
Date: Tue, 22 Jan 2019 13:26:31 -0500
|
||||
Subject: [PATCH 9/9] keyfile settings: Use tighter permissions
|
||||
|
||||
When creating directories, create them with 700 permissions,
|
||||
instead of 777.
|
||||
|
||||
Closes: #1658
|
||||
---
|
||||
gio/gkeyfilesettingsbackend.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c
|
||||
index f5358818e..3d793f5a8 100644
|
||||
--- a/gio/gkeyfilesettingsbackend.c
|
||||
+++ b/gio/gkeyfilesettingsbackend.c
|
||||
@@ -113,7 +113,8 @@ g_keyfile_settings_backend_keyfile_write (GKeyfileSettingsBackend *kfsb)
|
||||
|
||||
contents = g_key_file_to_data (kfsb->keyfile, &length, NULL);
|
||||
g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE,
|
||||
- G_FILE_CREATE_REPLACE_DESTINATION,
|
||||
+ G_FILE_CREATE_REPLACE_DESTINATION |
|
||||
+ G_FILE_CREATE_PRIVATE,
|
||||
NULL, NULL, NULL);
|
||||
|
||||
compute_checksum (kfsb->digest, contents, length);
|
||||
@@ -708,7 +709,7 @@ g_keyfile_settings_backend_constructed (GObject *object)
|
||||
kfsb->permission = g_simple_permission_new (TRUE);
|
||||
|
||||
kfsb->dir = g_file_get_parent (kfsb->file);
|
||||
- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL);
|
||||
+ g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700);
|
||||
|
||||
kfsb->file_monitor = g_file_monitor (kfsb->file, G_FILE_MONITOR_NONE, NULL, NULL);
|
||||
kfsb->dir_monitor = g_file_monitor (kfsb->dir, G_FILE_MONITOR_NONE, NULL, NULL);
|
||||
--
|
||||
2.28.0
|
@ -455,7 +455,7 @@ new file mode 100644
|
||||
index 000000000..3b4dfb872
|
||||
--- /dev/null
|
||||
+++ b/glib/ghmac-gnutls.c
|
||||
@@ -0,0 +1,151 @@
|
||||
@@ -0,0 +1,160 @@
|
||||
+/* ghmac.h - data hashing functions
|
||||
+ *
|
||||
+ * Copyright (C) 2011 Collabora Ltd.
|
||||
@ -539,7 +539,16 @@ index 000000000..3b4dfb872
|
||||
+GHmac *
|
||||
+g_hmac_copy (const GHmac *hmac)
|
||||
+{
|
||||
+ g_error ("g_hmac_copy is not available with GnuTLS-backend GHmac");
|
||||
+ GHmac *copy;
|
||||
+
|
||||
+ g_return_val_if_fail (hmac != NULL, NULL);
|
||||
+
|
||||
+ copy = g_slice_new0 (GHmac);
|
||||
+ copy->ref_count = 1;
|
||||
+ copy->digest_type = hmac->digest_type;
|
||||
+ copy->hmac = gnutls_hmac_copy (hmac->hmac);
|
||||
+
|
||||
+ return copy;
|
||||
+}
|
||||
+
|
||||
+GHmac *
|
||||
@ -661,34 +670,6 @@ index c7f28b5b6..a2f9da81c 100644
|
||||
c_args : ['-DG_LOG_DOMAIN="GLib"', '-DGLIB_COMPILATION'] + pcre_static_args + glib_hidden_visibility_args
|
||||
)
|
||||
|
||||
diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
|
||||
index 3ac3206df..5212c2523 100644
|
||||
--- a/glib/tests/hmac.c
|
||||
+++ b/glib/tests/hmac.c
|
||||
@@ -1,3 +1,5 @@
|
||||
+#include "config.h"
|
||||
+
|
||||
#include <glib.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
@@ -427,6 +429,9 @@ test_hmac_ref_unref (void)
|
||||
static void
|
||||
test_hmac_copy (void)
|
||||
{
|
||||
+#ifdef HAVE_GNUTLS
|
||||
+ g_test_skip ("No g_hmac_copy with gnutls");
|
||||
+#else
|
||||
GHmac *hmac, *check;
|
||||
|
||||
hmac = g_hmac_new (G_CHECKSUM_SHA256, (guchar*)"aaa", 3);
|
||||
@@ -435,6 +440,7 @@ test_hmac_copy (void)
|
||||
g_assert_cmpstr (g_hmac_get_string (hmac), ==, g_hmac_get_string (check));
|
||||
g_hmac_unref (check);
|
||||
g_hmac_unref (hmac);
|
||||
+#endif
|
||||
}
|
||||
|
||||
static void
|
||||
diff --git a/meson.build b/meson.build
|
||||
index 0cefee51d..81b16b004 100644
|
||||
--- a/meson.build
|
||||
@ -700,7 +681,7 @@ index 0cefee51d..81b16b004 100644
|
||||
+# gnutls is used optionally by ghmac
|
||||
+libgnutls_dep = []
|
||||
+if get_option('gnutls')
|
||||
+ libgnutls_dep = [dependency('gnutls', version : '>=3.6.7', required : true)]
|
||||
+ libgnutls_dep = [dependency('gnutls', version : '>=3.6.9', required : true)]
|
||||
+ glib_conf.set('HAVE_GNUTLS', 1)
|
||||
+endif
|
||||
+
|
||||
|
1021
SOURCES/keyfile-backend.patch
Normal file
1021
SOURCES/keyfile-backend.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -5,17 +5,14 @@
|
||||
|
||||
Name: glib2
|
||||
Version: 2.56.4
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
Summary: A library of handy utility functions
|
||||
|
||||
License: LGPLv2+
|
||||
URL: http://www.gtk.org
|
||||
Source0: http://download.gnome.org/sources/glib/2.56/glib-%{version}.tar.xz
|
||||
|
||||
# https://gitlab.gnome.org/GNOME/glib/merge_requests/903
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1630260
|
||||
Patch37: ghmac-gnutls.patch
|
||||
# And the BR for this
|
||||
# For ghmac-gnutls.patch
|
||||
BuildRequires: pkgconfig(gnutls)
|
||||
|
||||
BuildRequires: chrpath
|
||||
@ -56,6 +53,10 @@ Patch21: 0002-gvariant-test-Also-force-alignment-for-tuple-test-da.patch
|
||||
# Backported from 2.58 (for 3.32 GNOME rebase)
|
||||
Patch30: backport-per-desktop-overrides.patch
|
||||
|
||||
# https://gitlab.gnome.org/GNOME/glib/merge_requests/903
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1630260
|
||||
Patch37: ghmac-gnutls.patch
|
||||
|
||||
# Backported from git
|
||||
Patch40: 0001-gdbus-codegen-honor-Property.EmitsChangedSignal-anno.patch
|
||||
|
||||
@ -64,6 +65,11 @@ Patch50: 0001-gcredentialsprivate-Document-the-various-private-mac.patch
|
||||
Patch51: 0001-GDBus-prefer-getsockopt-style-credentials-passing-AP.patch
|
||||
Patch52: 0001-credentials-Invalid-Linux-struct-ucred-means-no-info.patch
|
||||
|
||||
# Mostly from https://gitlab.gnome.org/GNOME/glib/-/commits/master/gio/gkeyfilesettingsbackend.c
|
||||
Patch60: keyfile-backend.patch
|
||||
# https://gitlab.gnome.org/GNOME/glib/-/issues/1658
|
||||
Patch61: CVE-2019-13012.patch
|
||||
|
||||
%description
|
||||
GLib is the low-level core library that forms the basis for projects
|
||||
such as GTK+ and GNOME. It provides data structure handling for C,
|
||||
@ -261,6 +267,14 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
||||
%{_datadir}/installed-tests
|
||||
|
||||
%changelog
|
||||
* Tue Nov 10 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-9
|
||||
- Update GHmac patch to implement g_hmac_copy()
|
||||
Resolves: #1786538
|
||||
- Update keyfile settings backend
|
||||
Resolves: #1728896
|
||||
- Fix CVE-2019-13012
|
||||
Resolves: #1728632
|
||||
|
||||
* Mon Dec 02 2019 Colin Walters <walters@verbum.org> - 2.56.4-8
|
||||
- Backport patches for GDBus auth
|
||||
Resolves: #1777213
|
||||
|
Loading…
Reference in New Issue
Block a user