import glib2-2.56.4-156.el8
This commit is contained in:
parent
455c8008af
commit
c913e00e78
@ -1,170 +0,0 @@
|
|||||||
From ee502dbbe89a5976c32eb8863c9a9d274ddb60e1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Mon, 14 Oct 2019 08:47:39 +0100
|
|
||||||
Subject: [PATCH] GDBus: prefer getsockopt()-style credentials-passing APIs
|
|
||||||
|
|
||||||
Conceptually, a D-Bus server is really trying to determine the credentials
|
|
||||||
of (the process that initiated) a connection, not the credentials that
|
|
||||||
the process had when it sent a particular message. Ideally, it does
|
|
||||||
this with a getsockopt()-style API that queries the credentials of the
|
|
||||||
connection's initiator without requiring any particular cooperation from
|
|
||||||
that process, avoiding a class of possible failures.
|
|
||||||
|
|
||||||
The leading '\0' in the D-Bus protocol is primarily a workaround
|
|
||||||
for platforms where the message-based credentials-passing API is
|
|
||||||
strictly better than the getsockopt()-style API (for example, on
|
|
||||||
FreeBSD, SCM_CREDS includes a process ID but getpeereid() does not),
|
|
||||||
or where the getsockopt()-style API does not exist at all. As a result
|
|
||||||
libdbus, the reference implementation of D-Bus, does not implement
|
|
||||||
Linux SCM_CREDENTIALS at all - it has no reason to do so, because the
|
|
||||||
SO_PEERCRED socket option is equally informative.
|
|
||||||
|
|
||||||
This change makes GDBusServer on Linux more closely match the behaviour
|
|
||||||
of libdbus.
|
|
||||||
|
|
||||||
In particular, GNOME/glib#1831 indicates that when a libdbus client
|
|
||||||
connects to a GDBus server, recvmsg() sometimes yields a SCM_CREDENTIALS
|
|
||||||
message with cmsg_data={pid=0, uid=65534, gid=65534}. I think this is
|
|
||||||
most likely a race condition in the early steps to connect:
|
|
||||||
|
|
||||||
client server
|
|
||||||
connect
|
|
||||||
accept
|
|
||||||
send '\0' <- race -> set SO_PASSCRED = 1
|
|
||||||
receive '\0'
|
|
||||||
|
|
||||||
If the server wins the race:
|
|
||||||
|
|
||||||
client server
|
|
||||||
connect
|
|
||||||
accept
|
|
||||||
set SO_PASSCRED = 1
|
|
||||||
send '\0'
|
|
||||||
receive '\0'
|
|
||||||
|
|
||||||
then everything is fine. However, if the client wins the race:
|
|
||||||
|
|
||||||
client server
|
|
||||||
connect
|
|
||||||
accept
|
|
||||||
send '\0'
|
|
||||||
set SO_PASSCRED = 1
|
|
||||||
receive '\0'
|
|
||||||
|
|
||||||
then the kernel does not record credentials for the message containing
|
|
||||||
'\0' (because SO_PASSCRED was 0 at the time). However, by the time the
|
|
||||||
server receives the message, the kernel knows that credentials are
|
|
||||||
desired. I would have expected the kernel to omit the credentials header
|
|
||||||
in this case, but it seems that instead, it synthesizes a credentials
|
|
||||||
structure with a dummy process ID 0, a dummy uid derived from
|
|
||||||
/proc/sys/kernel/overflowuid and a dummy gid derived from
|
|
||||||
/proc/sys/kernel/overflowgid.
|
|
||||||
|
|
||||||
In an unconfigured GDBusServer, hitting this race condition results in
|
|
||||||
falling back to DBUS_COOKIE_SHA1 authentication, which in practice usually
|
|
||||||
succeeds in authenticating the peer's uid. However, we encourage AF_UNIX
|
|
||||||
servers on Unix platforms to allow only EXTERNAL authentication as a
|
|
||||||
security-hardening measure, because DBUS_COOKIE_SHA1 relies on a series
|
|
||||||
of assumptions including a cryptographically strong PRNG and a shared
|
|
||||||
home directory with no write access by others, which are not necessarily
|
|
||||||
true for all operating systems and users. EXTERNAL authentication will
|
|
||||||
fail if the server cannot determine the client's credentials.
|
|
||||||
|
|
||||||
In particular, this caused a regression when CVE-2019-14822 was fixed
|
|
||||||
in ibus, which appears to be resolved by this commit. Qt clients
|
|
||||||
(which use libdbus) intermittently fail to connect to an ibus server
|
|
||||||
(which uses GDBusServer), because ibus no longer allows DBUS_COOKIE_SHA1
|
|
||||||
authentication or non-matching uids.
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
Closes: https://gitlab.gnome.org/GNOME/glib/issues/1831
|
|
||||||
---
|
|
||||||
gio/gcredentialsprivate.h | 18 ++++++++++++++++++
|
|
||||||
gio/gdbusauth.c | 27 +++++++++++++++++++++++++--
|
|
||||||
2 files changed, 43 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
|
||||||
index 06f0aed19..e9ec09b9f 100644
|
|
||||||
--- a/gio/gcredentialsprivate.h
|
|
||||||
+++ b/gio/gcredentialsprivate.h
|
|
||||||
@@ -81,6 +81,18 @@
|
|
||||||
*/
|
|
||||||
#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_PREFER_MESSAGE_PASSING:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if the data structure transferred by the message-passing
|
|
||||||
+ * API is strictly more informative than the one transferred by the
|
|
||||||
+ * `getsockopt()`-style API, and hence should be preferred, even for
|
|
||||||
+ * protocols like D-Bus that are defined in terms of the credentials of
|
|
||||||
+ * the (process that opened the) socket, as opposed to the credentials
|
|
||||||
+ * of an individual message.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
|
||||||
+
|
|
||||||
#ifdef __linux__
|
|
||||||
#define G_CREDENTIALS_SUPPORTED 1
|
|
||||||
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
|
||||||
@@ -100,6 +112,12 @@
|
|
||||||
#define G_CREDENTIALS_NATIVE_SIZE (sizeof (struct cmsgcred))
|
|
||||||
#define G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED 1
|
|
||||||
#define G_CREDENTIALS_SPOOFING_SUPPORTED 1
|
|
||||||
+/* GLib doesn't implement it yet, but FreeBSD's getsockopt()-style API
|
|
||||||
+ * is getpeereid(), which is not as informative as struct cmsgcred -
|
|
||||||
+ * it does not tell us the PID. As a result, libdbus prefers to use
|
|
||||||
+ * SCM_CREDS, and if we implement getpeereid() in future, we should
|
|
||||||
+ * do the same. */
|
|
||||||
+#define G_CREDENTIALS_PREFER_MESSAGE_PASSING 1
|
|
||||||
|
|
||||||
#elif defined(__NetBSD__)
|
|
||||||
#define G_CREDENTIALS_SUPPORTED 1
|
|
||||||
diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c
|
|
||||||
index 752ec23fc..14cc5d70e 100644
|
|
||||||
--- a/gio/gdbusauth.c
|
|
||||||
+++ b/gio/gdbusauth.c
|
|
||||||
@@ -31,6 +31,7 @@
|
|
||||||
#include "gdbusutils.h"
|
|
||||||
#include "gioenumtypes.h"
|
|
||||||
#include "gcredentials.h"
|
|
||||||
+#include "gcredentialsprivate.h"
|
|
||||||
#include "gdbusprivate.h"
|
|
||||||
#include "giostream.h"
|
|
||||||
#include "gdatainputstream.h"
|
|
||||||
@@ -969,9 +970,31 @@ _g_dbus_auth_run_server (GDBusAuth *auth,
|
|
||||||
|
|
||||||
g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
|
|
||||||
|
|
||||||
- /* first read the NUL-byte */
|
|
||||||
+ /* read the NUL-byte, possibly with credentials attached */
|
|
||||||
#ifdef G_OS_UNIX
|
|
||||||
- if (G_IS_UNIX_CONNECTION (auth->priv->stream))
|
|
||||||
+#ifndef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
|
||||||
+ if (G_IS_SOCKET_CONNECTION (auth->priv->stream))
|
|
||||||
+ {
|
|
||||||
+ GSocket *sock = g_socket_connection_get_socket (G_SOCKET_CONNECTION (auth->priv->stream));
|
|
||||||
+
|
|
||||||
+ local_error = NULL;
|
|
||||||
+ credentials = g_socket_get_credentials (sock, &local_error);
|
|
||||||
+
|
|
||||||
+ if (credentials == NULL && !g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED))
|
|
||||||
+ {
|
|
||||||
+ g_propagate_error (error, local_error);
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ /* Clear the error indicator, so we can retry with
|
|
||||||
+ * g_unix_connection_receive_credentials() if necessary */
|
|
||||||
+ g_clear_error (&local_error);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+ if (credentials == NULL && G_IS_UNIX_CONNECTION (auth->priv->stream))
|
|
||||||
{
|
|
||||||
local_error = NULL;
|
|
||||||
credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,118 +0,0 @@
|
|||||||
From 1485a97d8051b0aa047987f7b0c0bfe4ba4ce55b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Fri, 18 Oct 2019 10:55:09 +0100
|
|
||||||
Subject: [PATCH] credentials: Invalid Linux struct ucred means "no
|
|
||||||
information"
|
|
||||||
|
|
||||||
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
|
|
||||||
might expect it to fail with an appropriate error like ENOTSUP or
|
|
||||||
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
|
|
||||||
yields a credentials structure with pid 0, uid -1 and gid -1. These
|
|
||||||
are not real process, user and group IDs that can be allocated to a
|
|
||||||
real process (pid 0 needs to be reserved to give kill(0) its documented
|
|
||||||
special semantics, and similarly uid and gid -1 need to be reserved for
|
|
||||||
setresuid() and setresgid()) so it is not meaningful to signal them to
|
|
||||||
high-level API users.
|
|
||||||
|
|
||||||
An API user with Linux-specific knowledge can still inspect these fields
|
|
||||||
via g_credentials_get_native() if desired.
|
|
||||||
|
|
||||||
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
|
|
||||||
on a receiving Unix socket, but the sending socket had not enabled
|
|
||||||
SO_PASSCRED at the time that the message was sent, it is possible
|
|
||||||
for it to succeed but yield a credentials structure with pid 0, uid
|
|
||||||
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
|
|
||||||
if we were to read those pseudo-files, we cannot distinguish between
|
|
||||||
the overflow IDs and a real process that legitimately has the same IDs
|
|
||||||
(typically they are set to 'nobody' and 'nogroup', which can be used
|
|
||||||
by a real process), so we detect this situation by noticing that
|
|
||||||
pid == 0, and to save syscalls we do not read the overflow IDs from
|
|
||||||
/proc at all.
|
|
||||||
|
|
||||||
This results in a small API change: g_credentials_is_same_user() now
|
|
||||||
returns FALSE if we compare two credentials structures that are both
|
|
||||||
invalid. This seems like reasonable, conservative behaviour: if we cannot
|
|
||||||
prove that they are the same user, we should assume they are not.
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
---
|
|
||||||
gio/gcredentials.c | 42 +++++++++++++++++++++++++++++++++++++++---
|
|
||||||
1 file changed, 39 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/gio/gcredentials.c b/gio/gcredentials.c
|
|
||||||
index c350e3c88..c4794ded7 100644
|
|
||||||
--- a/gio/gcredentials.c
|
|
||||||
+++ b/gio/gcredentials.c
|
|
||||||
@@ -265,6 +265,35 @@ g_credentials_to_string (GCredentials *credentials)
|
|
||||||
|
|
||||||
/* ---------------------------------------------------------------------------------------------------- */
|
|
||||||
|
|
||||||
+#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
+/*
|
|
||||||
+ * Check whether @native contains invalid data. If getsockopt SO_PEERCRED
|
|
||||||
+ * is used on a TCP socket, it succeeds but yields a credentials structure
|
|
||||||
+ * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
|
|
||||||
+ * receiving Unix socket when the sending socket did not also enable
|
|
||||||
+ * SO_PASSCRED, it can succeed but yield a credentials structure with
|
|
||||||
+ * pid 0, uid /proc/sys/kernel/overflowuid and gid
|
|
||||||
+ * /proc/sys/kernel/overflowgid.
|
|
||||||
+ */
|
|
||||||
+static gboolean
|
|
||||||
+linux_ucred_check_valid (struct ucred *native,
|
|
||||||
+ GError **error)
|
|
||||||
+{
|
|
||||||
+ if (native->pid == 0
|
|
||||||
+ || native->uid == -1
|
|
||||||
+ || native->gid == -1)
|
|
||||||
+ {
|
|
||||||
+ g_set_error_literal (error,
|
|
||||||
+ G_IO_ERROR,
|
|
||||||
+ G_IO_ERROR_INVALID_DATA,
|
|
||||||
+ _("GCredentials contains invalid data"));
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return TRUE;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* g_credentials_is_same_user:
|
|
||||||
* @credentials: A #GCredentials.
|
|
||||||
@@ -294,7 +323,8 @@ g_credentials_is_same_user (GCredentials *credentials,
|
|
||||||
|
|
||||||
ret = FALSE;
|
|
||||||
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
- if (credentials->native.uid == other_credentials->native.uid)
|
|
||||||
+ if (linux_ucred_check_valid (&credentials->native, NULL)
|
|
||||||
+ && credentials->native.uid == other_credentials->native.uid)
|
|
||||||
ret = TRUE;
|
|
||||||
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
||||||
if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
|
|
||||||
@@ -453,7 +483,10 @@ g_credentials_get_unix_user (GCredentials *credentials,
|
|
||||||
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
|
||||||
|
|
||||||
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
- ret = credentials->native.uid;
|
|
||||||
+ if (linux_ucred_check_valid (&credentials->native, error))
|
|
||||||
+ ret = credentials->native.uid;
|
|
||||||
+ else
|
|
||||||
+ ret = -1;
|
|
||||||
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
||||||
ret = credentials->native.cmcred_euid;
|
|
||||||
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
||||||
@@ -499,7 +532,10 @@ g_credentials_get_unix_pid (GCredentials *credentials,
|
|
||||||
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
|
||||||
|
|
||||||
#if G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
- ret = credentials->native.pid;
|
|
||||||
+ if (linux_ucred_check_valid (&credentials->native, error))
|
|
||||||
+ ret = credentials->native.pid;
|
|
||||||
+ else
|
|
||||||
+ ret = -1;
|
|
||||||
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
||||||
ret = credentials->native.cmcred_pid;
|
|
||||||
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,83 +0,0 @@
|
|||||||
From ef1035d9d86464ea0b5dde60a7a0e190895fdf5b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Mon, 14 Oct 2019 08:22:24 +0100
|
|
||||||
Subject: [PATCH] gcredentialsprivate: Document the various private macros
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
---
|
|
||||||
gio/gcredentialsprivate.h | 59 +++++++++++++++++++++++++++++++++++++++
|
|
||||||
1 file changed, 59 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
|
||||||
index 4d1c420a8..06f0aed19 100644
|
|
||||||
--- a/gio/gcredentialsprivate.h
|
|
||||||
+++ b/gio/gcredentialsprivate.h
|
|
||||||
@@ -22,6 +22,65 @@
|
|
||||||
#include "gio/gcredentials.h"
|
|
||||||
#include "gio/gnetworking.h"
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_SUPPORTED:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if GCredentials works.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_SUPPORTED
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_USE_LINUX_UCRED, etc.:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if GCredentials uses Linux `struct ucred`, etc.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_USE_LINUX_UCRED
|
|
||||||
+#undef G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
|
||||||
+#undef G_CREDENTIALS_USE_NETBSD_UNPCBID
|
|
||||||
+#undef G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
|
||||||
+#undef G_CREDENTIALS_USE_SOLARIS_UCRED
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_NATIVE_TYPE:
|
|
||||||
+ *
|
|
||||||
+ * Defined to one of G_CREDENTIALS_TYPE_LINUX_UCRED, etc.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_NATIVE_TYPE
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_NATIVE_SIZE:
|
|
||||||
+ *
|
|
||||||
+ * Defined to the size of the %G_CREDENTIALS_NATIVE_TYPE
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_NATIVE_SIZE
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if we have a message-passing API in which credentials
|
|
||||||
+ * are attached to a particular message, such as `SCM_CREDENTIALS` on Linux
|
|
||||||
+ * or `SCM_CREDS` on FreeBSD.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if we have a `getsockopt()`-style API in which one end of
|
|
||||||
+ * a socket connection can directly query the credentials of the process
|
|
||||||
+ * that initiated the other end, such as `getsockopt SO_PEERCRED` on Linux
|
|
||||||
+ * or `getpeereid()` on multiple operating systems.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * G_CREDENTIALS_SPOOFING_SUPPORTED:
|
|
||||||
+ *
|
|
||||||
+ * Defined to 1 if privileged processes can spoof their credentials when
|
|
||||||
+ * using the message-passing API.
|
|
||||||
+ */
|
|
||||||
+#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
|
||||||
+
|
|
||||||
#ifdef __linux__
|
|
||||||
#define G_CREDENTIALS_SUPPORTED 1
|
|
||||||
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
|
||||||
--
|
|
||||||
2.23.0
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 4ef58e5661849317a1110c9b93957f2c608677dd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simon McVittie <smcv@collabora.com>
|
|
||||||
Date: Thu, 3 Jan 2019 08:21:40 +0000
|
|
||||||
Subject: [PATCH 2/2] gvariant test: Also force alignment for tuple test data
|
|
||||||
|
|
||||||
glib!552 (commit 9eed22b3) fixed this for the tests that failed on i686,
|
|
||||||
but this additional test failed on Debian's s390x port
|
|
||||||
(IBM z/Architecture, 64-bit big-endian).
|
|
||||||
|
|
||||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
||||||
---
|
|
||||||
glib/tests/gvariant.c | 7 +++++--
|
|
||||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
|
|
||||||
index a7b19826d..c4a996c1f 100644
|
|
||||||
--- a/glib/tests/gvariant.c
|
|
||||||
+++ b/glib/tests/gvariant.c
|
|
||||||
@@ -4820,6 +4820,7 @@ test_normal_checking_array_offsets (void)
|
|
||||||
static void
|
|
||||||
test_normal_checking_tuple_offsets (void)
|
|
||||||
{
|
|
||||||
+ gpointer aligned_data;
|
|
||||||
const guint8 data[] = {
|
|
||||||
0x07, 0xe5, 0x00, 0x07, 0x00, 0x07,
|
|
||||||
'(', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', ')',
|
|
||||||
@@ -4828,13 +4829,15 @@ test_normal_checking_tuple_offsets (void)
|
|
||||||
GVariant *variant = NULL;
|
|
||||||
GVariant *normal_variant = NULL;
|
|
||||||
|
|
||||||
- variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
|
|
||||||
- FALSE, NULL, NULL);
|
|
||||||
+ aligned_data = g_memdup (data, size); /* guarantee alignment */
|
|
||||||
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data,
|
|
||||||
+ size, FALSE, NULL, NULL);
|
|
||||||
g_assert_nonnull (variant);
|
|
||||||
|
|
||||||
normal_variant = g_variant_get_normal_form (variant);
|
|
||||||
g_assert_nonnull (normal_variant);
|
|
||||||
|
|
||||||
+ g_free (aligned_data);
|
|
||||||
g_variant_unref (normal_variant);
|
|
||||||
g_variant_unref (variant);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.19.1
|
|
||||||
|
|
371
SOURCES/1176.patch
Normal file
371
SOURCES/1176.patch
Normal file
@ -0,0 +1,371 @@
|
|||||||
|
From ef1035d9d86464ea0b5dde60a7a0e190895fdf5b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Mon, 14 Oct 2019 08:22:24 +0100
|
||||||
|
Subject: [PATCH] gcredentialsprivate: Document the various private macros
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
gio/gcredentialsprivate.h | 59 +++++++++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 59 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
||||||
|
index 4d1c420a8..06f0aed19 100644
|
||||||
|
--- a/gio/gcredentialsprivate.h
|
||||||
|
+++ b/gio/gcredentialsprivate.h
|
||||||
|
@@ -22,6 +22,65 @@
|
||||||
|
#include "gio/gcredentials.h"
|
||||||
|
#include "gio/gnetworking.h"
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_SUPPORTED:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if GCredentials works.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_SUPPORTED
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_USE_LINUX_UCRED, etc.:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if GCredentials uses Linux `struct ucred`, etc.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
+#undef G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
||||||
|
+#undef G_CREDENTIALS_USE_NETBSD_UNPCBID
|
||||||
|
+#undef G_CREDENTIALS_USE_OPENBSD_SOCKPEERCRED
|
||||||
|
+#undef G_CREDENTIALS_USE_SOLARIS_UCRED
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_NATIVE_TYPE:
|
||||||
|
+ *
|
||||||
|
+ * Defined to one of G_CREDENTIALS_TYPE_LINUX_UCRED, etc.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_NATIVE_TYPE
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_NATIVE_SIZE:
|
||||||
|
+ *
|
||||||
|
+ * Defined to the size of the %G_CREDENTIALS_NATIVE_TYPE
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_NATIVE_SIZE
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if we have a message-passing API in which credentials
|
||||||
|
+ * are attached to a particular message, such as `SCM_CREDENTIALS` on Linux
|
||||||
|
+ * or `SCM_CREDS` on FreeBSD.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if we have a `getsockopt()`-style API in which one end of
|
||||||
|
+ * a socket connection can directly query the credentials of the process
|
||||||
|
+ * that initiated the other end, such as `getsockopt SO_PEERCRED` on Linux
|
||||||
|
+ * or `getpeereid()` on multiple operating systems.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_SOCKET_GET_CREDENTIALS_SUPPORTED
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_SPOOFING_SUPPORTED:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if privileged processes can spoof their credentials when
|
||||||
|
+ * using the message-passing API.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
||||||
|
+
|
||||||
|
#ifdef __linux__
|
||||||
|
#define G_CREDENTIALS_SUPPORTED 1
|
||||||
|
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
|
From ee502dbbe89a5976c32eb8863c9a9d274ddb60e1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Mon, 14 Oct 2019 08:47:39 +0100
|
||||||
|
Subject: [PATCH] GDBus: prefer getsockopt()-style credentials-passing APIs
|
||||||
|
|
||||||
|
Conceptually, a D-Bus server is really trying to determine the credentials
|
||||||
|
of (the process that initiated) a connection, not the credentials that
|
||||||
|
the process had when it sent a particular message. Ideally, it does
|
||||||
|
this with a getsockopt()-style API that queries the credentials of the
|
||||||
|
connection's initiator without requiring any particular cooperation from
|
||||||
|
that process, avoiding a class of possible failures.
|
||||||
|
|
||||||
|
The leading '\0' in the D-Bus protocol is primarily a workaround
|
||||||
|
for platforms where the message-based credentials-passing API is
|
||||||
|
strictly better than the getsockopt()-style API (for example, on
|
||||||
|
FreeBSD, SCM_CREDS includes a process ID but getpeereid() does not),
|
||||||
|
or where the getsockopt()-style API does not exist at all. As a result
|
||||||
|
libdbus, the reference implementation of D-Bus, does not implement
|
||||||
|
Linux SCM_CREDENTIALS at all - it has no reason to do so, because the
|
||||||
|
SO_PEERCRED socket option is equally informative.
|
||||||
|
|
||||||
|
This change makes GDBusServer on Linux more closely match the behaviour
|
||||||
|
of libdbus.
|
||||||
|
|
||||||
|
In particular, GNOME/glib#1831 indicates that when a libdbus client
|
||||||
|
connects to a GDBus server, recvmsg() sometimes yields a SCM_CREDENTIALS
|
||||||
|
message with cmsg_data={pid=0, uid=65534, gid=65534}. I think this is
|
||||||
|
most likely a race condition in the early steps to connect:
|
||||||
|
|
||||||
|
client server
|
||||||
|
connect
|
||||||
|
accept
|
||||||
|
send '\0' <- race -> set SO_PASSCRED = 1
|
||||||
|
receive '\0'
|
||||||
|
|
||||||
|
If the server wins the race:
|
||||||
|
|
||||||
|
client server
|
||||||
|
connect
|
||||||
|
accept
|
||||||
|
set SO_PASSCRED = 1
|
||||||
|
send '\0'
|
||||||
|
receive '\0'
|
||||||
|
|
||||||
|
then everything is fine. However, if the client wins the race:
|
||||||
|
|
||||||
|
client server
|
||||||
|
connect
|
||||||
|
accept
|
||||||
|
send '\0'
|
||||||
|
set SO_PASSCRED = 1
|
||||||
|
receive '\0'
|
||||||
|
|
||||||
|
then the kernel does not record credentials for the message containing
|
||||||
|
'\0' (because SO_PASSCRED was 0 at the time). However, by the time the
|
||||||
|
server receives the message, the kernel knows that credentials are
|
||||||
|
desired. I would have expected the kernel to omit the credentials header
|
||||||
|
in this case, but it seems that instead, it synthesizes a credentials
|
||||||
|
structure with a dummy process ID 0, a dummy uid derived from
|
||||||
|
/proc/sys/kernel/overflowuid and a dummy gid derived from
|
||||||
|
/proc/sys/kernel/overflowgid.
|
||||||
|
|
||||||
|
In an unconfigured GDBusServer, hitting this race condition results in
|
||||||
|
falling back to DBUS_COOKIE_SHA1 authentication, which in practice usually
|
||||||
|
succeeds in authenticating the peer's uid. However, we encourage AF_UNIX
|
||||||
|
servers on Unix platforms to allow only EXTERNAL authentication as a
|
||||||
|
security-hardening measure, because DBUS_COOKIE_SHA1 relies on a series
|
||||||
|
of assumptions including a cryptographically strong PRNG and a shared
|
||||||
|
home directory with no write access by others, which are not necessarily
|
||||||
|
true for all operating systems and users. EXTERNAL authentication will
|
||||||
|
fail if the server cannot determine the client's credentials.
|
||||||
|
|
||||||
|
In particular, this caused a regression when CVE-2019-14822 was fixed
|
||||||
|
in ibus, which appears to be resolved by this commit. Qt clients
|
||||||
|
(which use libdbus) intermittently fail to connect to an ibus server
|
||||||
|
(which uses GDBusServer), because ibus no longer allows DBUS_COOKIE_SHA1
|
||||||
|
authentication or non-matching uids.
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
Closes: https://gitlab.gnome.org/GNOME/glib/issues/1831
|
||||||
|
---
|
||||||
|
gio/gcredentialsprivate.h | 18 ++++++++++++++++++
|
||||||
|
gio/gdbusauth.c | 27 +++++++++++++++++++++++++--
|
||||||
|
2 files changed, 43 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h
|
||||||
|
index 06f0aed19..e9ec09b9f 100644
|
||||||
|
--- a/gio/gcredentialsprivate.h
|
||||||
|
+++ b/gio/gcredentialsprivate.h
|
||||||
|
@@ -81,6 +81,18 @@
|
||||||
|
*/
|
||||||
|
#undef G_CREDENTIALS_SPOOFING_SUPPORTED
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * G_CREDENTIALS_PREFER_MESSAGE_PASSING:
|
||||||
|
+ *
|
||||||
|
+ * Defined to 1 if the data structure transferred by the message-passing
|
||||||
|
+ * API is strictly more informative than the one transferred by the
|
||||||
|
+ * `getsockopt()`-style API, and hence should be preferred, even for
|
||||||
|
+ * protocols like D-Bus that are defined in terms of the credentials of
|
||||||
|
+ * the (process that opened the) socket, as opposed to the credentials
|
||||||
|
+ * of an individual message.
|
||||||
|
+ */
|
||||||
|
+#undef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
||||||
|
+
|
||||||
|
#ifdef __linux__
|
||||||
|
#define G_CREDENTIALS_SUPPORTED 1
|
||||||
|
#define G_CREDENTIALS_USE_LINUX_UCRED 1
|
||||||
|
@@ -100,6 +112,12 @@
|
||||||
|
#define G_CREDENTIALS_NATIVE_SIZE (sizeof (struct cmsgcred))
|
||||||
|
#define G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED 1
|
||||||
|
#define G_CREDENTIALS_SPOOFING_SUPPORTED 1
|
||||||
|
+/* GLib doesn't implement it yet, but FreeBSD's getsockopt()-style API
|
||||||
|
+ * is getpeereid(), which is not as informative as struct cmsgcred -
|
||||||
|
+ * it does not tell us the PID. As a result, libdbus prefers to use
|
||||||
|
+ * SCM_CREDS, and if we implement getpeereid() in future, we should
|
||||||
|
+ * do the same. */
|
||||||
|
+#define G_CREDENTIALS_PREFER_MESSAGE_PASSING 1
|
||||||
|
|
||||||
|
#elif defined(__NetBSD__)
|
||||||
|
#define G_CREDENTIALS_SUPPORTED 1
|
||||||
|
diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c
|
||||||
|
index 752ec23fc..14cc5d70e 100644
|
||||||
|
--- a/gio/gdbusauth.c
|
||||||
|
+++ b/gio/gdbusauth.c
|
||||||
|
@@ -31,6 +31,7 @@
|
||||||
|
#include "gdbusutils.h"
|
||||||
|
#include "gioenumtypes.h"
|
||||||
|
#include "gcredentials.h"
|
||||||
|
+#include "gcredentialsprivate.h"
|
||||||
|
#include "gdbusprivate.h"
|
||||||
|
#include "giostream.h"
|
||||||
|
#include "gdatainputstream.h"
|
||||||
|
@@ -969,9 +970,31 @@ _g_dbus_auth_run_server (GDBusAuth *auth,
|
||||||
|
|
||||||
|
g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
|
||||||
|
|
||||||
|
- /* first read the NUL-byte */
|
||||||
|
+ /* read the NUL-byte, possibly with credentials attached */
|
||||||
|
#ifdef G_OS_UNIX
|
||||||
|
- if (G_IS_UNIX_CONNECTION (auth->priv->stream))
|
||||||
|
+#ifndef G_CREDENTIALS_PREFER_MESSAGE_PASSING
|
||||||
|
+ if (G_IS_SOCKET_CONNECTION (auth->priv->stream))
|
||||||
|
+ {
|
||||||
|
+ GSocket *sock = g_socket_connection_get_socket (G_SOCKET_CONNECTION (auth->priv->stream));
|
||||||
|
+
|
||||||
|
+ local_error = NULL;
|
||||||
|
+ credentials = g_socket_get_credentials (sock, &local_error);
|
||||||
|
+
|
||||||
|
+ if (credentials == NULL && !g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED))
|
||||||
|
+ {
|
||||||
|
+ g_propagate_error (error, local_error);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /* Clear the error indicator, so we can retry with
|
||||||
|
+ * g_unix_connection_receive_credentials() if necessary */
|
||||||
|
+ g_clear_error (&local_error);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ if (credentials == NULL && G_IS_UNIX_CONNECTION (auth->priv->stream))
|
||||||
|
{
|
||||||
|
local_error = NULL;
|
||||||
|
credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
||||||
|
From 1485a97d8051b0aa047987f7b0c0bfe4ba4ce55b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Fri, 18 Oct 2019 10:55:09 +0100
|
||||||
|
Subject: [PATCH] credentials: Invalid Linux struct ucred means "no
|
||||||
|
information"
|
||||||
|
|
||||||
|
On Linux, if getsockopt SO_PEERCRED is used on a TCP socket, one
|
||||||
|
might expect it to fail with an appropriate error like ENOTSUP or
|
||||||
|
EPROTONOSUPPORT. However, it appears that in fact it succeeds, but
|
||||||
|
yields a credentials structure with pid 0, uid -1 and gid -1. These
|
||||||
|
are not real process, user and group IDs that can be allocated to a
|
||||||
|
real process (pid 0 needs to be reserved to give kill(0) its documented
|
||||||
|
special semantics, and similarly uid and gid -1 need to be reserved for
|
||||||
|
setresuid() and setresgid()) so it is not meaningful to signal them to
|
||||||
|
high-level API users.
|
||||||
|
|
||||||
|
An API user with Linux-specific knowledge can still inspect these fields
|
||||||
|
via g_credentials_get_native() if desired.
|
||||||
|
|
||||||
|
Similarly, if SO_PASSCRED is used to receive a SCM_CREDENTIALS message
|
||||||
|
on a receiving Unix socket, but the sending socket had not enabled
|
||||||
|
SO_PASSCRED at the time that the message was sent, it is possible
|
||||||
|
for it to succeed but yield a credentials structure with pid 0, uid
|
||||||
|
/proc/sys/kernel/overflowuid and gid /proc/sys/kernel/overflowgid. Even
|
||||||
|
if we were to read those pseudo-files, we cannot distinguish between
|
||||||
|
the overflow IDs and a real process that legitimately has the same IDs
|
||||||
|
(typically they are set to 'nobody' and 'nogroup', which can be used
|
||||||
|
by a real process), so we detect this situation by noticing that
|
||||||
|
pid == 0, and to save syscalls we do not read the overflow IDs from
|
||||||
|
/proc at all.
|
||||||
|
|
||||||
|
This results in a small API change: g_credentials_is_same_user() now
|
||||||
|
returns FALSE if we compare two credentials structures that are both
|
||||||
|
invalid. This seems like reasonable, conservative behaviour: if we cannot
|
||||||
|
prove that they are the same user, we should assume they are not.
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
gio/gcredentials.c | 42 +++++++++++++++++++++++++++++++++++++++---
|
||||||
|
1 file changed, 39 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/gcredentials.c b/gio/gcredentials.c
|
||||||
|
index c350e3c88..c4794ded7 100644
|
||||||
|
--- a/gio/gcredentials.c
|
||||||
|
+++ b/gio/gcredentials.c
|
||||||
|
@@ -265,6 +265,35 @@ g_credentials_to_string (GCredentials *credentials)
|
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */
|
||||||
|
|
||||||
|
+#if G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
+/*
|
||||||
|
+ * Check whether @native contains invalid data. If getsockopt SO_PEERCRED
|
||||||
|
+ * is used on a TCP socket, it succeeds but yields a credentials structure
|
||||||
|
+ * with pid 0, uid -1 and gid -1. Similarly, if SO_PASSCRED is used on a
|
||||||
|
+ * receiving Unix socket when the sending socket did not also enable
|
||||||
|
+ * SO_PASSCRED, it can succeed but yield a credentials structure with
|
||||||
|
+ * pid 0, uid /proc/sys/kernel/overflowuid and gid
|
||||||
|
+ * /proc/sys/kernel/overflowgid.
|
||||||
|
+ */
|
||||||
|
+static gboolean
|
||||||
|
+linux_ucred_check_valid (struct ucred *native,
|
||||||
|
+ GError **error)
|
||||||
|
+{
|
||||||
|
+ if (native->pid == 0
|
||||||
|
+ || native->uid == -1
|
||||||
|
+ || native->gid == -1)
|
||||||
|
+ {
|
||||||
|
+ g_set_error_literal (error,
|
||||||
|
+ G_IO_ERROR,
|
||||||
|
+ G_IO_ERROR_INVALID_DATA,
|
||||||
|
+ _("GCredentials contains invalid data"));
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return TRUE;
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* g_credentials_is_same_user:
|
||||||
|
* @credentials: A #GCredentials.
|
||||||
|
@@ -294,7 +323,8 @@ g_credentials_is_same_user (GCredentials *credentials,
|
||||||
|
|
||||||
|
ret = FALSE;
|
||||||
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
- if (credentials->native.uid == other_credentials->native.uid)
|
||||||
|
+ if (linux_ucred_check_valid (&credentials->native, NULL)
|
||||||
|
+ && credentials->native.uid == other_credentials->native.uid)
|
||||||
|
ret = TRUE;
|
||||||
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
||||||
|
if (credentials->native.cmcred_euid == other_credentials->native.cmcred_euid)
|
||||||
|
@@ -453,7 +483,10 @@ g_credentials_get_unix_user (GCredentials *credentials,
|
||||||
|
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
||||||
|
|
||||||
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
- ret = credentials->native.uid;
|
||||||
|
+ if (linux_ucred_check_valid (&credentials->native, error))
|
||||||
|
+ ret = credentials->native.uid;
|
||||||
|
+ else
|
||||||
|
+ ret = -1;
|
||||||
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
||||||
|
ret = credentials->native.cmcred_euid;
|
||||||
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
||||||
|
@@ -499,7 +532,10 @@ g_credentials_get_unix_pid (GCredentials *credentials,
|
||||||
|
g_return_val_if_fail (error == NULL || *error == NULL, -1);
|
||||||
|
|
||||||
|
#if G_CREDENTIALS_USE_LINUX_UCRED
|
||||||
|
- ret = credentials->native.pid;
|
||||||
|
+ if (linux_ucred_check_valid (&credentials->native, error))
|
||||||
|
+ ret = credentials->native.pid;
|
||||||
|
+ else
|
||||||
|
+ ret = -1;
|
||||||
|
#elif G_CREDENTIALS_USE_FREEBSD_CMSGCRED
|
||||||
|
ret = credentials->native.cmcred_pid;
|
||||||
|
#elif G_CREDENTIALS_USE_NETBSD_UNPCBID
|
||||||
|
--
|
||||||
|
2.23.0
|
||||||
|
|
38
SOURCES/1369.patch
Normal file
38
SOURCES/1369.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From a18f091c6c090b93cd816f8cd5be763b6e238632 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <withnall@endlessm.com>
|
||||||
|
Date: Fri, 7 Feb 2020 17:10:23 +0000
|
||||||
|
Subject: [PATCH] libcharset: Drop a redundant environment variable
|
||||||
|
|
||||||
|
It was used for running tests when we built with autotools, but is no
|
||||||
|
longer used in the Meson build system. If we need something similar in
|
||||||
|
future, it should be done by adding internal API to override the
|
||||||
|
directory on a per-call basis, rather than loading a path from a shared
|
||||||
|
global table every time.
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
||||||
|
|
||||||
|
Helps: #1919
|
||||||
|
---
|
||||||
|
glib/libcharset/localcharset.c | 6 +-----
|
||||||
|
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/glib/libcharset/localcharset.c b/glib/libcharset/localcharset.c
|
||||||
|
index 0c4d544be..ab3a2678d 100644
|
||||||
|
--- a/glib/libcharset/localcharset.c
|
||||||
|
+++ b/glib/libcharset/localcharset.c
|
||||||
|
@@ -117,11 +117,7 @@ _g_locale_get_charset_aliases (void)
|
||||||
|
const char *base = "charset.alias";
|
||||||
|
char *file_name;
|
||||||
|
|
||||||
|
- /* Make it possible to override the charset.alias location. This is
|
||||||
|
- necessary for running the testsuite before "make install". */
|
||||||
|
- dir = getenv ("CHARSETALIASDIR");
|
||||||
|
- if (dir == NULL || dir[0] == '\0')
|
||||||
|
- dir = relocate (GLIB_CHARSETALIAS_DIR);
|
||||||
|
+ dir = relocate (GLIB_CHARSETALIAS_DIR);
|
||||||
|
|
||||||
|
/* Concatenate dir and base into freshly allocated file_name. */
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
204
SOURCES/1713.patch
Normal file
204
SOURCES/1713.patch
Normal file
@ -0,0 +1,204 @@
|
|||||||
|
From 4f0a31d66c2a6588495b8ae682f555584dafdf45 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Claudio Saavedra <csaavedra@igalia.com>
|
||||||
|
Date: Wed, 21 Oct 2020 13:19:42 +0300
|
||||||
|
Subject: [PATCH] gmain: g_main_context_check() can skip updating polled FD
|
||||||
|
sources
|
||||||
|
|
||||||
|
If there is a file descriptor source that has a lower priority
|
||||||
|
than the one for sources that are going to be dispatched,
|
||||||
|
all subsequent file descriptor sources (internally sorted by
|
||||||
|
file descriptor identifier) do not get an update in their GPollRec
|
||||||
|
and later on wrong sources can be dispatched.
|
||||||
|
|
||||||
|
Fix this by first finding the first GPollRec that matches the current
|
||||||
|
GPollFD, instead of relying on it to be the current one. At
|
||||||
|
the same time, document the assumptions about the ordering of the
|
||||||
|
file descriptor records and array and make explicit in the documentation
|
||||||
|
that the array needs to be passed to g_main_context_check() as it was
|
||||||
|
received from g_main_context_query().
|
||||||
|
|
||||||
|
Added a new test that reproduces the bug by creating two file
|
||||||
|
descriptor sources and an idle one. Since the first
|
||||||
|
file descriptor created has a lower identifier and a low priority,
|
||||||
|
the second one is not dispatched even when it has the same, higher,
|
||||||
|
priority as the idle source. After fixing this bug, both
|
||||||
|
higher priority sources are dispatched as expected.
|
||||||
|
|
||||||
|
While this patch was written independently, a similar fix for this
|
||||||
|
bug was first submitted by Eugene M in GNOME/glib!562. Having a
|
||||||
|
second fix that basically does the same is a reassurance that we
|
||||||
|
are in the right here.
|
||||||
|
|
||||||
|
Fixes #1592
|
||||||
|
---
|
||||||
|
glib/gmain.c | 32 ++++++++++++++++++++++--
|
||||||
|
glib/tests/mainloop.c | 57 +++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 87 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/glib/gmain.c b/glib/gmain.c
|
||||||
|
index 95992253d..a59cd686c 100644
|
||||||
|
--- a/glib/gmain.c
|
||||||
|
+++ b/glib/gmain.c
|
||||||
|
@@ -3573,7 +3573,10 @@ g_main_context_prepare (GMainContext *context,
|
||||||
|
* store #GPollFD records that need to be polled.
|
||||||
|
* @n_fds: (in): length of @fds.
|
||||||
|
*
|
||||||
|
- * Determines information necessary to poll this main loop.
|
||||||
|
+ * Determines information necessary to poll this main loop. You should
|
||||||
|
+ * be careful to pass the resulting @fds array and its length @n_fds
|
||||||
|
+ * as is when calling g_main_context_check(), as this function relies
|
||||||
|
+ * on assumptions made when the array is filled.
|
||||||
|
*
|
||||||
|
* You must have successfully acquired the context with
|
||||||
|
* g_main_context_acquire() before you may call this function.
|
||||||
|
@@ -3597,6 +3600,10 @@ g_main_context_query (GMainContext *context,
|
||||||
|
|
||||||
|
TRACE (GLIB_MAIN_CONTEXT_BEFORE_QUERY (context, max_priority));
|
||||||
|
|
||||||
|
+ /* fds is filled sequentially from poll_records. Since poll_records
|
||||||
|
+ * are incrementally sorted by file descriptor identifier, fds will
|
||||||
|
+ * also be incrementally sorted.
|
||||||
|
+ */
|
||||||
|
n_poll = 0;
|
||||||
|
lastpollrec = NULL;
|
||||||
|
for (pollrec = context->poll_records; pollrec; pollrec = pollrec->next)
|
||||||
|
@@ -3611,6 +3618,10 @@ g_main_context_query (GMainContext *context,
|
||||||
|
*/
|
||||||
|
events = pollrec->fd->events & ~(G_IO_ERR|G_IO_HUP|G_IO_NVAL);
|
||||||
|
|
||||||
|
+ /* This optimization --using the same GPollFD to poll for more
|
||||||
|
+ * than one poll record-- relies on the poll records being
|
||||||
|
+ * incrementally sorted.
|
||||||
|
+ */
|
||||||
|
if (lastpollrec && pollrec->fd->fd == lastpollrec->fd->fd)
|
||||||
|
{
|
||||||
|
if (n_poll - 1 < n_fds)
|
||||||
|
@@ -3656,7 +3667,10 @@ g_main_context_query (GMainContext *context,
|
||||||
|
* the last call to g_main_context_query()
|
||||||
|
* @n_fds: return value of g_main_context_query()
|
||||||
|
*
|
||||||
|
- * Passes the results of polling back to the main loop.
|
||||||
|
+ * Passes the results of polling back to the main loop. You should be
|
||||||
|
+ * careful to pass @fds and its length @n_fds as received from
|
||||||
|
+ * g_main_context_query(), as this functions relies on assumptions
|
||||||
|
+ * on how @fds is filled.
|
||||||
|
*
|
||||||
|
* You must have successfully acquired the context with
|
||||||
|
* g_main_context_acquire() before you may call this function.
|
||||||
|
@@ -3711,10 +3725,22 @@ g_main_context_check (GMainContext *context,
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* The linear iteration below relies on the assumption that both
|
||||||
|
+ * poll records and the fds array are incrementally sorted by file
|
||||||
|
+ * descriptor identifier.
|
||||||
|
+ */
|
||||||
|
pollrec = context->poll_records;
|
||||||
|
i = 0;
|
||||||
|
while (pollrec && i < n_fds)
|
||||||
|
{
|
||||||
|
+ /* Make sure that fds is sorted by file descriptor identifier. */
|
||||||
|
+ g_assert (i <= 0 || fds[i - 1].fd < fds[i].fd);
|
||||||
|
+
|
||||||
|
+ /* Skip until finding the first GPollRec matching the current GPollFD. */
|
||||||
|
+ while (pollrec && pollrec->fd->fd != fds[i].fd)
|
||||||
|
+ pollrec = pollrec->next;
|
||||||
|
+
|
||||||
|
+ /* Update all consecutive GPollRecs that match. */
|
||||||
|
while (pollrec && pollrec->fd->fd == fds[i].fd)
|
||||||
|
{
|
||||||
|
if (pollrec->priority <= max_priority)
|
||||||
|
@@ -3725,6 +3751,7 @@ g_main_context_check (GMainContext *context,
|
||||||
|
pollrec = pollrec->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Iterate to next GPollFD. */
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -4320,6 +4347,7 @@ g_main_context_add_poll_unlocked (GMainContext *context,
|
||||||
|
newrec->fd = fd;
|
||||||
|
newrec->priority = priority;
|
||||||
|
|
||||||
|
+ /* Poll records are incrementally sorted by file descriptor identifier. */
|
||||||
|
prevrec = NULL;
|
||||||
|
nextrec = context->poll_records;
|
||||||
|
while (nextrec)
|
||||||
|
diff --git a/glib/tests/mainloop.c b/glib/tests/mainloop.c
|
||||||
|
index f5d672a63..397921f2d 100644
|
||||||
|
--- a/glib/tests/mainloop.c
|
||||||
|
+++ b/glib/tests/mainloop.c
|
||||||
|
@@ -1511,6 +1511,62 @@ test_unix_file_poll (void)
|
||||||
|
close (fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+test_unix_fd_priority (void)
|
||||||
|
+{
|
||||||
|
+ gint fd1, fd2;
|
||||||
|
+ GMainLoop *loop;
|
||||||
|
+ GSource *source;
|
||||||
|
+
|
||||||
|
+ gint s1 = 0;
|
||||||
|
+ gboolean s2 = FALSE, s3 = FALSE;
|
||||||
|
+
|
||||||
|
+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/1592");
|
||||||
|
+
|
||||||
|
+ loop = g_main_loop_new (NULL, FALSE);
|
||||||
|
+
|
||||||
|
+ source = g_idle_source_new ();
|
||||||
|
+ g_source_set_callback (source, count_calls, &s1, NULL);
|
||||||
|
+ g_source_set_priority (source, 0);
|
||||||
|
+ g_source_attach (source, NULL);
|
||||||
|
+ g_source_unref (source);
|
||||||
|
+
|
||||||
|
+ fd1 = open ("/dev/random", O_RDONLY);
|
||||||
|
+ g_assert_cmpint (fd1, >=, 0);
|
||||||
|
+ source = g_unix_fd_source_new (fd1, G_IO_IN);
|
||||||
|
+ g_source_set_callback (source, (GSourceFunc) (void (*)(void)) (flag_bool), &s2, NULL);
|
||||||
|
+ g_source_set_priority (source, 10);
|
||||||
|
+ g_source_attach (source, NULL);
|
||||||
|
+ g_source_unref (source);
|
||||||
|
+
|
||||||
|
+ fd2 = open ("/dev/random", O_RDONLY);
|
||||||
|
+ g_assert_cmpint (fd2, >=, 0);
|
||||||
|
+ source = g_unix_fd_source_new (fd2, G_IO_IN);
|
||||||
|
+ g_source_set_callback (source, (GSourceFunc) (void (*)(void)) (flag_bool), &s3, NULL);
|
||||||
|
+ g_source_set_priority (source, 0);
|
||||||
|
+ g_source_attach (source, NULL);
|
||||||
|
+ g_source_unref (source);
|
||||||
|
+
|
||||||
|
+ /* This tests a bug that depends on the source with the lowest FD
|
||||||
|
+ identifier to have the lowest priority. Make sure that this is
|
||||||
|
+ the case. */
|
||||||
|
+ g_assert_cmpint (fd1, <, fd2);
|
||||||
|
+
|
||||||
|
+ g_assert_true (g_main_context_iteration (NULL, FALSE));
|
||||||
|
+
|
||||||
|
+ /* Idle source should have been dispatched. */
|
||||||
|
+ g_assert_cmpint (s1, ==, 1);
|
||||||
|
+ /* Low priority FD source shouldn't have been dispatched. */
|
||||||
|
+ g_assert_false (s2);
|
||||||
|
+ /* Default priority FD source should have been dispatched. */
|
||||||
|
+ g_assert_true (s3);
|
||||||
|
+
|
||||||
|
+ g_main_loop_unref (loop);
|
||||||
|
+
|
||||||
|
+ close (fd1);
|
||||||
|
+ close (fd2);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static gboolean
|
||||||
|
@@ -1751,6 +1807,7 @@ main (int argc, char *argv[])
|
||||||
|
g_test_add_func ("/mainloop/source-unix-fd-api", test_source_unix_fd_api);
|
||||||
|
g_test_add_func ("/mainloop/wait", test_mainloop_wait);
|
||||||
|
g_test_add_func ("/mainloop/unix-file-poll", test_unix_file_poll);
|
||||||
|
+ g_test_add_func ("/mainloop/unix-fd-priority", test_unix_fd_priority);
|
||||||
|
#endif
|
||||||
|
g_test_add_func ("/mainloop/nfds", test_nfds);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -126,3 +126,4 @@ index 5ea5c2b35..42281307b 100644
|
|||||||
g_test_add_func ("/bytes/null", test_null);
|
g_test_add_func ("/bytes/null", test_null);
|
||||||
--
|
--
|
||||||
2.31.1
|
2.31.1
|
||||||
|
|
||||||
|
388
SOURCES/CVE-2021-28153.patch
Normal file
388
SOURCES/CVE-2021-28153.patch
Normal file
@ -0,0 +1,388 @@
|
|||||||
|
From 8fef6abe1131da0c8a7211c740a12ebe11cbcc51 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Wed, 10 Mar 2021 16:05:55 +0000
|
||||||
|
Subject: [PATCH 1/3] glocalfileoutputstream: Factor out a flag check
|
||||||
|
|
||||||
|
This clarifies the code a little. It introduces no functional changes.
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
---
|
||||||
|
gio/glocalfileoutputstream.c | 9 +++++----
|
||||||
|
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
|
||||||
|
index 57d2d5dfe..6a70b2a04 100644
|
||||||
|
--- a/gio/glocalfileoutputstream.c
|
||||||
|
+++ b/gio/glocalfileoutputstream.c
|
||||||
|
@@ -751,6 +751,7 @@ handle_overwrite_open (const char *filename,
|
||||||
|
int res;
|
||||||
|
int mode;
|
||||||
|
int errsv;
|
||||||
|
+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION);
|
||||||
|
|
||||||
|
mode = mode_from_flags_or_info (flags, reference_info);
|
||||||
|
|
||||||
|
@@ -857,8 +858,8 @@ handle_overwrite_open (const char *filename,
|
||||||
|
* The second strategy consist simply in copying the old file
|
||||||
|
* to a backup file and rewrite the contents of the file.
|
||||||
|
*/
|
||||||
|
-
|
||||||
|
- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
|
||||||
|
+
|
||||||
|
+ if (replace_destination_set ||
|
||||||
|
(!(original_stat.st_nlink > 1) && !is_symlink))
|
||||||
|
{
|
||||||
|
char *dirname, *tmp_filename;
|
||||||
|
@@ -877,7 +878,7 @@ handle_overwrite_open (const char *filename,
|
||||||
|
|
||||||
|
/* try to keep permissions (unless replacing) */
|
||||||
|
|
||||||
|
- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
|
||||||
|
+ if (!replace_destination_set &&
|
||||||
|
(
|
||||||
|
#ifdef HAVE_FCHOWN
|
||||||
|
fchown (tmpfd, original_stat.st_uid, original_stat.st_gid) == -1 ||
|
||||||
|
@@ -1016,7 +1017,7 @@ handle_overwrite_open (const char *filename,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
|
||||||
|
+ if (replace_destination_set)
|
||||||
|
{
|
||||||
|
g_close (fd, NULL);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From 6c10e8ce6905e8fcc3466eb8af707b5d0d3bdb85 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Wed, 24 Feb 2021 17:36:07 +0000
|
||||||
|
Subject: [PATCH 2/3] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION
|
||||||
|
with symlinks
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking
|
||||||
|
the destination file and re-creating it from scratch. That did
|
||||||
|
previously work, but in the process the code would call `open(O_CREAT)`
|
||||||
|
on the file. If the file was a dangling symlink, this would create the
|
||||||
|
destination file (empty). That’s not an intended side-effect, and has
|
||||||
|
security implications if the symlink is controlled by a lower-privileged
|
||||||
|
process.
|
||||||
|
|
||||||
|
Fix that by not opening the destination file if it’s a symlink, and
|
||||||
|
adjusting the rest of the code to cope with
|
||||||
|
- the fact that `fd == -1` is not an error iff `is_symlink` is true,
|
||||||
|
- and that `original_stat` will contain the `lstat()` results for the
|
||||||
|
symlink now, rather than the `stat()` results for its target (again,
|
||||||
|
iff `is_symlink` is true).
|
||||||
|
|
||||||
|
This means that the target of the dangling symlink is no longer created,
|
||||||
|
which was the bug. The symlink itself continues to be replaced (as
|
||||||
|
before) with the new file — this is the intended behaviour of
|
||||||
|
`g_file_replace()`.
|
||||||
|
|
||||||
|
The behaviour for non-symlink cases, or cases where the symlink was not
|
||||||
|
dangling, should be unchanged.
|
||||||
|
|
||||||
|
Includes a unit test.
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
|
||||||
|
Fixes: #2325
|
||||||
|
---
|
||||||
|
gio/glocalfileoutputstream.c | 63 ++++++++++++++-------
|
||||||
|
gio/tests/file.c | 107 ++++++++++++++++++++++++++++++++++-
|
||||||
|
2 files changed, 149 insertions(+), 21 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
|
||||||
|
index 6a70b2a04..4a7766f68 100644
|
||||||
|
--- a/gio/glocalfileoutputstream.c
|
||||||
|
+++ b/gio/glocalfileoutputstream.c
|
||||||
|
@@ -779,16 +779,22 @@ handle_overwrite_open (const char *filename,
|
||||||
|
/* Could be a symlink, or it could be a regular ELOOP error,
|
||||||
|
* but then the next open will fail too. */
|
||||||
|
is_symlink = TRUE;
|
||||||
|
- fd = g_open (filename, open_flags, mode);
|
||||||
|
+ if (!replace_destination_set)
|
||||||
|
+ fd = g_open (filename, open_flags, mode);
|
||||||
|
}
|
||||||
|
-#else
|
||||||
|
- fd = g_open (filename, open_flags, mode);
|
||||||
|
- errsv = errno;
|
||||||
|
+#else /* if !O_NOFOLLOW */
|
||||||
|
/* This is racy, but we do it as soon as possible to minimize the race */
|
||||||
|
is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK);
|
||||||
|
+
|
||||||
|
+ if (!is_symlink || !replace_destination_set)
|
||||||
|
+ {
|
||||||
|
+ fd = g_open (filename, open_flags, mode);
|
||||||
|
+ errsv = errno;
|
||||||
|
+ }
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- if (fd == -1)
|
||||||
|
+ if (fd == -1 &&
|
||||||
|
+ (!is_symlink || !replace_destination_set))
|
||||||
|
{
|
||||||
|
char *display_name = g_filename_display_name (filename);
|
||||||
|
g_set_error (error, G_IO_ERROR,
|
||||||
|
@@ -800,10 +806,17 @@ handle_overwrite_open (const char *filename,
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef G_OS_WIN32
|
||||||
|
- res = GLIB_PRIVATE_CALL (g_win32_fstat) (fd, &original_stat);
|
||||||
|
-#else
|
||||||
|
- res = fstat (fd, &original_stat);
|
||||||
|
+#error This patch has not been ported to Windows, sorry
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
+ if (!is_symlink)
|
||||||
|
+ {
|
||||||
|
+ res = fstat (fd, &original_stat);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ res = lstat (filename, &original_stat);
|
||||||
|
+ }
|
||||||
|
errsv = errno;
|
||||||
|
|
||||||
|
if (res != 0)
|
||||||
|
@@ -821,16 +834,27 @@ handle_overwrite_open (const char *filename,
|
||||||
|
if (!S_ISREG (original_stat.st_mode))
|
||||||
|
{
|
||||||
|
if (S_ISDIR (original_stat.st_mode))
|
||||||
|
- g_set_error_literal (error,
|
||||||
|
- G_IO_ERROR,
|
||||||
|
- G_IO_ERROR_IS_DIRECTORY,
|
||||||
|
- _("Target file is a directory"));
|
||||||
|
- else
|
||||||
|
- g_set_error_literal (error,
|
||||||
|
- G_IO_ERROR,
|
||||||
|
- G_IO_ERROR_NOT_REGULAR_FILE,
|
||||||
|
- _("Target file is not a regular file"));
|
||||||
|
- goto err_out;
|
||||||
|
+ {
|
||||||
|
+ g_set_error_literal (error,
|
||||||
|
+ G_IO_ERROR,
|
||||||
|
+ G_IO_ERROR_IS_DIRECTORY,
|
||||||
|
+ _("Target file is a directory"));
|
||||||
|
+ goto err_out;
|
||||||
|
+ }
|
||||||
|
+ else if (!is_symlink ||
|
||||||
|
+#ifdef S_ISLNK
|
||||||
|
+ !S_ISLNK (original_stat.st_mode)
|
||||||
|
+#else
|
||||||
|
+ FALSE
|
||||||
|
+#endif
|
||||||
|
+ )
|
||||||
|
+ {
|
||||||
|
+ g_set_error_literal (error,
|
||||||
|
+ G_IO_ERROR,
|
||||||
|
+ G_IO_ERROR_NOT_REGULAR_FILE,
|
||||||
|
+ _("Target file is not a regular file"));
|
||||||
|
+ goto err_out;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (etag != NULL)
|
||||||
|
@@ -911,7 +935,8 @@ handle_overwrite_open (const char *filename,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- g_close (fd, NULL);
|
||||||
|
+ if (fd >= 0)
|
||||||
|
+ g_close (fd, NULL);
|
||||||
|
*temp_filename = tmp_filename;
|
||||||
|
return tmpfd;
|
||||||
|
}
|
||||||
|
diff --git a/gio/tests/file.c b/gio/tests/file.c
|
||||||
|
index 98eeb85d4..44db6e295 100644
|
||||||
|
--- a/gio/tests/file.c
|
||||||
|
+++ b/gio/tests/file.c
|
||||||
|
@@ -671,8 +671,6 @@ test_replace_cancel (void)
|
||||||
|
guint count;
|
||||||
|
GError *error = NULL;
|
||||||
|
|
||||||
|
- g_test_bug ("629301");
|
||||||
|
-
|
||||||
|
path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error);
|
||||||
|
g_assert_no_error (error);
|
||||||
|
tmpdir = g_file_new_for_path (path);
|
||||||
|
@@ -779,6 +777,110 @@ test_replace_cancel (void)
|
||||||
|
g_object_unref (tmpdir);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+test_replace_symlink (void)
|
||||||
|
+{
|
||||||
|
+#ifdef G_OS_UNIX
|
||||||
|
+ gchar *tmpdir_path = NULL;
|
||||||
|
+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL;
|
||||||
|
+ GFileOutputStream *stream = NULL;
|
||||||
|
+ const gchar *new_contents = "this is a test message which should be written to source and not target";
|
||||||
|
+ gsize n_written;
|
||||||
|
+ GFileEnumerator *enumerator = NULL;
|
||||||
|
+ GFileInfo *info = NULL;
|
||||||
|
+ gchar *contents = NULL;
|
||||||
|
+ gsize length = 0;
|
||||||
|
+ GError *local_error = NULL;
|
||||||
|
+
|
||||||
|
+ /* Create a fresh, empty working directory. */
|
||||||
|
+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+ tmpdir = g_file_new_for_path (tmpdir_path);
|
||||||
|
+
|
||||||
|
+ g_test_message ("Using temporary directory %s", tmpdir_path);
|
||||||
|
+ g_free (tmpdir_path);
|
||||||
|
+
|
||||||
|
+ /* Create symlink `source` which points to `target`. */
|
||||||
|
+ source_file = g_file_get_child (tmpdir, "source");
|
||||||
|
+ target_file = g_file_get_child (tmpdir, "target");
|
||||||
|
+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+
|
||||||
|
+ /* Ensure that `target` doesn’t exist */
|
||||||
|
+ g_assert_false (g_file_query_exists (target_file, NULL));
|
||||||
|
+
|
||||||
|
+ /* Replace the `source` symlink with a regular file using
|
||||||
|
+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without*
|
||||||
|
+ * following the symlink */
|
||||||
|
+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */,
|
||||||
|
+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+
|
||||||
|
+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents),
|
||||||
|
+ &n_written, NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+ g_assert_cmpint (n_written, ==, strlen (new_contents));
|
||||||
|
+
|
||||||
|
+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+
|
||||||
|
+ g_clear_object (&stream);
|
||||||
|
+
|
||||||
|
+ /* At this point, there should still only be one file: `source`. It should
|
||||||
|
+ * now be a regular file. `target` should not exist. */
|
||||||
|
+ enumerator = g_file_enumerate_children (tmpdir,
|
||||||
|
+ G_FILE_ATTRIBUTE_STANDARD_NAME ","
|
||||||
|
+ G_FILE_ATTRIBUTE_STANDARD_TYPE,
|
||||||
|
+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+
|
||||||
|
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+ g_assert_nonnull (info);
|
||||||
|
+
|
||||||
|
+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source");
|
||||||
|
+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR);
|
||||||
|
+
|
||||||
|
+ g_clear_object (&info);
|
||||||
|
+
|
||||||
|
+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+ g_assert_null (info);
|
||||||
|
+
|
||||||
|
+ g_file_enumerator_close (enumerator, NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+ g_clear_object (&enumerator);
|
||||||
|
+
|
||||||
|
+ /* Double-check that `target` doesn’t exist */
|
||||||
|
+ g_assert_false (g_file_query_exists (target_file, NULL));
|
||||||
|
+
|
||||||
|
+ /* Check the content of `source`. */
|
||||||
|
+ g_file_load_contents (source_file,
|
||||||
|
+ NULL,
|
||||||
|
+ &contents,
|
||||||
|
+ &length,
|
||||||
|
+ NULL,
|
||||||
|
+ &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+ g_assert_cmpstr (contents, ==, new_contents);
|
||||||
|
+ g_assert_cmpuint (length, ==, strlen (new_contents));
|
||||||
|
+ g_free (contents);
|
||||||
|
+
|
||||||
|
+ /* Tidy up. */
|
||||||
|
+ g_file_delete (source_file, NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+
|
||||||
|
+ g_file_delete (tmpdir, NULL, &local_error);
|
||||||
|
+ g_assert_no_error (local_error);
|
||||||
|
+
|
||||||
|
+ g_clear_object (&target_file);
|
||||||
|
+ g_clear_object (&source_file);
|
||||||
|
+ g_clear_object (&tmpdir);
|
||||||
|
+#else /* if !G_OS_UNIX */
|
||||||
|
+ g_test_skip ("Symlink replacement tests can only be run on Unix")
|
||||||
|
+#endif
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
on_file_deleted (GObject *object,
|
||||||
|
GAsyncResult *result,
|
||||||
|
@@ -1170,6 +1272,7 @@ main (int argc, char *argv[])
|
||||||
|
g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete);
|
||||||
|
g_test_add_func ("/file/replace-load", test_replace_load);
|
||||||
|
g_test_add_func ("/file/replace-cancel", test_replace_cancel);
|
||||||
|
+ g_test_add_func ("/file/replace-symlink", test_replace_symlink);
|
||||||
|
g_test_add_func ("/file/async-delete", test_async_delete);
|
||||||
|
#ifdef G_OS_UNIX
|
||||||
|
g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
From 7f0b0d7fd744ad2f51236444005db49c80a0293d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
Date: Wed, 24 Feb 2021 17:42:24 +0000
|
||||||
|
Subject: [PATCH 3/3] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
|
||||||
|
replace()
|
||||||
|
|
||||||
|
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
||||||
|
---
|
||||||
|
gio/glocalfileoutputstream.c | 15 ++++++++++++---
|
||||||
|
1 file changed, 12 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
|
||||||
|
index 4a7766f68..275770fa4 100644
|
||||||
|
--- a/gio/glocalfileoutputstream.c
|
||||||
|
+++ b/gio/glocalfileoutputstream.c
|
||||||
|
@@ -56,6 +56,12 @@
|
||||||
|
#define O_BINARY 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifndef O_CLOEXEC
|
||||||
|
+#define O_CLOEXEC 0
|
||||||
|
+#else
|
||||||
|
+#define HAVE_O_CLOEXEC 1
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
struct _GLocalFileOutputStreamPrivate {
|
||||||
|
char *tmp_filename;
|
||||||
|
char *original_filename;
|
||||||
|
@@ -1127,7 +1133,7 @@ _g_local_file_output_stream_replace (const char *filename,
|
||||||
|
sync_on_close = FALSE;
|
||||||
|
|
||||||
|
/* If the file doesn't exist, create it */
|
||||||
|
- open_flags = O_CREAT | O_EXCL | O_BINARY;
|
||||||
|
+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
|
||||||
|
if (readable)
|
||||||
|
open_flags |= O_RDWR;
|
||||||
|
else
|
||||||
|
@@ -1157,8 +1163,11 @@ _g_local_file_output_stream_replace (const char *filename,
|
||||||
|
set_error_from_open_errno (filename, error);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
-
|
||||||
|
+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
|
||||||
|
+ else
|
||||||
|
+ fcntl (fd, F_SETFD, FD_CLOEXEC);
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
|
||||||
|
stream->priv->fd = fd;
|
||||||
|
stream->priv->sync_on_close = sync_on_close;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
From 440a178c5aad19050a3d5b5d76881931138af680 Mon Sep 17 00:00:00 2001
|
From c5cc0bb6f2d6e468c7402915a0a4e6799f0febdf Mon Sep 17 00:00:00 2001
|
||||||
From: Colin Walters <walters@verbum.org>
|
From: Colin Walters <walters@verbum.org>
|
||||||
Date: Fri, 7 Jun 2019 18:44:43 +0000
|
Date: Fri, 7 Jun 2019 18:44:43 +0000
|
||||||
Subject: [PATCH 1/2] ghmac: Split off wrapper functions into ghmac-utils.c
|
Subject: [PATCH 1/3] ghmac: Split off wrapper functions into ghmac-utils.c
|
||||||
|
|
||||||
Prep for adding a GnuTLS HMAC implementation; these are just
|
Prep for adding a GnuTLS HMAC implementation; these are just
|
||||||
utility functions that call the "core" API.
|
utility functions that call the "core" API.
|
||||||
@ -14,7 +14,7 @@ utility functions that call the "core" API.
|
|||||||
create mode 100644 glib/ghmac-utils.c
|
create mode 100644 glib/ghmac-utils.c
|
||||||
|
|
||||||
diff --git a/glib/Makefile.am b/glib/Makefile.am
|
diff --git a/glib/Makefile.am b/glib/Makefile.am
|
||||||
index 8da549c7f..c367b09ad 100644
|
index c0c3b92f0..43fa17051 100644
|
||||||
--- a/glib/Makefile.am
|
--- a/glib/Makefile.am
|
||||||
+++ b/glib/Makefile.am
|
+++ b/glib/Makefile.am
|
||||||
@@ -126,6 +126,7 @@ libglib_2_0_la_SOURCES = \
|
@@ -126,6 +126,7 @@ libglib_2_0_la_SOURCES = \
|
||||||
@ -297,7 +297,7 @@ index 9b58fd81c..7db38e34a 100644
|
|||||||
- (const guchar *) str, length);
|
- (const guchar *) str, length);
|
||||||
-}
|
-}
|
||||||
diff --git a/glib/meson.build b/glib/meson.build
|
diff --git a/glib/meson.build b/glib/meson.build
|
||||||
index 9df77b6f9..c7f28b5b6 100644
|
index c81e99f9c..306a67f13 100644
|
||||||
--- a/glib/meson.build
|
--- a/glib/meson.build
|
||||||
+++ b/glib/meson.build
|
+++ b/glib/meson.build
|
||||||
@@ -138,6 +138,7 @@ glib_sources = files(
|
@@ -138,6 +138,7 @@ glib_sources = files(
|
||||||
@ -309,13 +309,12 @@ index 9df77b6f9..c7f28b5b6 100644
|
|||||||
'ghostutils.c',
|
'ghostutils.c',
|
||||||
'giochannel.c',
|
'giochannel.c',
|
||||||
--
|
--
|
||||||
2.21.0
|
2.31.1
|
||||||
|
|
||||||
|
From 3befcf1eb31e0fa7a988b22a9c24240218cd4744 Mon Sep 17 00:00:00 2001
|
||||||
From 423355787ba9133b310c0b72708024b1428d7d14 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Colin Walters <walters@verbum.org>
|
From: Colin Walters <walters@verbum.org>
|
||||||
Date: Fri, 7 Jun 2019 19:36:54 +0000
|
Date: Fri, 7 Jun 2019 19:36:54 +0000
|
||||||
Subject: [PATCH 2/2] Add a gnutls backend for GHmac
|
Subject: [PATCH 2/3] Add a gnutls backend for GHmac
|
||||||
|
|
||||||
For RHEL we want apps to use FIPS-certified crypto libraries,
|
For RHEL we want apps to use FIPS-certified crypto libraries,
|
||||||
and HMAC apparently counts as "keyed" and hence needs to
|
and HMAC apparently counts as "keyed" and hence needs to
|
||||||
@ -329,26 +328,53 @@ Most distributors ship glib-networking built with GnuTLS, and
|
|||||||
most apps use glib-networking, so this isn't a net-new library
|
most apps use glib-networking, so this isn't a net-new library
|
||||||
in most cases.
|
in most cases.
|
||||||
|
|
||||||
However, a fun wrinkle is that the GnuTLS HMAC API doesn't expose
|
=======================================================================
|
||||||
the necessary bits to implement `g_hmac_copy()`; OpenSSL does.
|
|
||||||
I chose to just make that abort for now since I didn't find
|
mcatanzaro note:
|
||||||
apps using it.
|
|
||||||
|
I've updated Colin's original patch with several enhancements:
|
||||||
|
|
||||||
|
Implement g_hmac_copy() using gnutls_hmac_copy(), which didn't exist
|
||||||
|
when Colin developed this patch.
|
||||||
|
|
||||||
|
Removed use of GSlice
|
||||||
|
|
||||||
|
Better error checking in g_hmac_new(). It is possible for
|
||||||
|
gnutls_hmac_init() to fail if running in FIPS mode and an MD5 digest is
|
||||||
|
requested. In this case, we should return NULL rather than returning a
|
||||||
|
broken GHmac with a NULL gnutls_hmac_hd_t. This was leading to a later
|
||||||
|
null pointer dereference inside gnutls_hmac_update(). Applications are
|
||||||
|
responsible for checking to ensure the return value of g_hmac_new() is
|
||||||
|
not NULL since it is annotated as nullable. Added documentation to
|
||||||
|
indicate this possibility.
|
||||||
|
|
||||||
|
Properly handle length -1 in g_hmac_update(). This means we've been
|
||||||
|
given a NUL-terminated string and should use strlen(). GnuTLS doesn't
|
||||||
|
accept -1, so let's call strlen() ourselves.
|
||||||
|
|
||||||
|
Crash the application with g_error() if gnutls_hmac() fails for any
|
||||||
|
reason. This is necessary because g_hmac_update() is not fallible, so we
|
||||||
|
have no way to indicate error. Crashing seems better than returning the
|
||||||
|
wrong result later when g_hmac_get_string() or g_hmac_get_digest() is
|
||||||
|
later called. (Those functions are also not fallible.) Fortunately, I
|
||||||
|
don't think this error should actually be hit in practice.
|
||||||
|
|
||||||
|
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/903
|
||||||
---
|
---
|
||||||
glib/Makefile.am | 9 ++-
|
glib/Makefile.am | 8 +-
|
||||||
glib/gchecksum.c | 9 +--
|
glib/gchecksum.c | 9 +-
|
||||||
glib/gchecksumprivate.h | 32 +++++++++
|
glib/gchecksumprivate.h | 32 +++++++
|
||||||
glib/ghmac-gnutls.c | 151 ++++++++++++++++++++++++++++++++++++++++
|
glib/ghmac-gnutls.c | 182 ++++++++++++++++++++++++++++++++++++++++
|
||||||
glib/ghmac.c | 1 +
|
glib/ghmac.c | 13 +++
|
||||||
glib/meson.build | 10 ++-
|
glib/meson.build | 10 ++-
|
||||||
glib/tests/hmac.c | 6 ++
|
|
||||||
meson.build | 7 ++
|
meson.build | 7 ++
|
||||||
meson_options.txt | 5 ++
|
meson_options.txt | 5 ++
|
||||||
9 files changed, 221 insertions(+), 9 deletions(-)
|
8 files changed, 258 insertions(+), 8 deletions(-)
|
||||||
create mode 100644 glib/gchecksumprivate.h
|
create mode 100644 glib/gchecksumprivate.h
|
||||||
create mode 100644 glib/ghmac-gnutls.c
|
create mode 100644 glib/ghmac-gnutls.c
|
||||||
|
|
||||||
diff --git a/glib/Makefile.am b/glib/Makefile.am
|
diff --git a/glib/Makefile.am b/glib/Makefile.am
|
||||||
index c367b09ad..b0a721ad0 100644
|
index 43fa17051..1175bbe40 100644
|
||||||
--- a/glib/Makefile.am
|
--- a/glib/Makefile.am
|
||||||
+++ b/glib/Makefile.am
|
+++ b/glib/Makefile.am
|
||||||
@@ -125,7 +125,7 @@ libglib_2_0_la_SOURCES = \
|
@@ -125,7 +125,7 @@ libglib_2_0_la_SOURCES = \
|
||||||
@ -360,7 +386,7 @@ index c367b09ad..b0a721ad0 100644
|
|||||||
ghmac-utils.c \
|
ghmac-utils.c \
|
||||||
ghook.c \
|
ghook.c \
|
||||||
ghostutils.c \
|
ghostutils.c \
|
||||||
@@ -352,11 +352,14 @@ pcre_lib = pcre/libpcre.la
|
@@ -352,11 +352,15 @@ pcre_lib = pcre/libpcre.la
|
||||||
pcre_inc =
|
pcre_inc =
|
||||||
endif
|
endif
|
||||||
|
|
||||||
@ -372,8 +398,8 @@ index c367b09ad..b0a721ad0 100644
|
|||||||
libglib_2_0_la_LIBADD = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ @ICONV_LIBS@ @G_LIBS_EXTRA@ $(pcre_lib) $(G_THREAD_LIBS_EXTRA) $(G_THREAD_LIBS_FOR_GTHREAD) $(LIBSYSTEMD_LIBS)
|
libglib_2_0_la_LIBADD = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ @ICONV_LIBS@ @G_LIBS_EXTRA@ $(pcre_lib) $(G_THREAD_LIBS_EXTRA) $(G_THREAD_LIBS_FOR_GTHREAD) $(LIBSYSTEMD_LIBS)
|
||||||
libglib_2_0_la_DEPENDENCIES = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ $(glib_win32_res) $(glib_def)
|
libglib_2_0_la_DEPENDENCIES = libcharset/libcharset.la $(printf_la) @GIO@ @GSPAWN@ @PLATFORMDEP@ $(glib_win32_res) $(glib_def)
|
||||||
|
|
||||||
-libglib_2_0_la_LDFLAGS = $(GLIB_LINK_FLAGS) \
|
libglib_2_0_la_LDFLAGS = $(GLIB_LINK_FLAGS) \
|
||||||
+libglib_2_0_la_LDFLAGS = $(GLIB_LINK_FLAGS) $(gnutls_libs) \
|
+ $(gnutls_libs) \
|
||||||
$(glib_win32_res_ldflag) \
|
$(glib_win32_res_ldflag) \
|
||||||
-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
|
-version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
|
||||||
-export-dynamic $(no_undefined)
|
-export-dynamic $(no_undefined)
|
||||||
@ -452,10 +478,10 @@ index 000000000..86c7a3b61
|
|||||||
\ No newline at end of file
|
\ No newline at end of file
|
||||||
diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c
|
diff --git a/glib/ghmac-gnutls.c b/glib/ghmac-gnutls.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 000000000..3b4dfb872
|
index 000000000..522b9b302
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/glib/ghmac-gnutls.c
|
+++ b/glib/ghmac-gnutls.c
|
||||||
@@ -0,0 +1,160 @@
|
@@ -0,0 +1,182 @@
|
||||||
+/* ghmac.h - data hashing functions
|
+/* ghmac.h - data hashing functions
|
||||||
+ *
|
+ *
|
||||||
+ * Copyright (C) 2011 Collabora Ltd.
|
+ * Copyright (C) 2011 Collabora Ltd.
|
||||||
@ -506,9 +532,11 @@ index 000000000..3b4dfb872
|
|||||||
+ gsize key_len)
|
+ gsize key_len)
|
||||||
+{
|
+{
|
||||||
+ gnutls_mac_algorithm_t algo;
|
+ gnutls_mac_algorithm_t algo;
|
||||||
+ GHmac *hmac = g_slice_new0 (GHmac);
|
+ GHmac *hmac = g_new0 (GHmac, 1);
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
+ hmac->ref_count = 1;
|
+ hmac->ref_count = 1;
|
||||||
+ hmac->digest_type = digest_type;
|
+ hmac->digest_type = digest_type;
|
||||||
+
|
+
|
||||||
+ switch (digest_type)
|
+ switch (digest_type)
|
||||||
+ {
|
+ {
|
||||||
@ -531,7 +559,15 @@ index 000000000..3b4dfb872
|
|||||||
+ g_return_val_if_reached (NULL);
|
+ g_return_val_if_reached (NULL);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ gnutls_hmac_init (&hmac->hmac, algo, key, key_len);
|
+ ret = gnutls_hmac_init (&hmac->hmac, algo, key, key_len);
|
||||||
|
+ if (ret != 0)
|
||||||
|
+ {
|
||||||
|
+ /* There is no way to report an error here, but one possible cause of
|
||||||
|
+ * failure is that the requested digest may be disabled by FIPS mode.
|
||||||
|
+ */
|
||||||
|
+ g_free (hmac->hmac);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
+
|
+
|
||||||
+ return hmac;
|
+ return hmac;
|
||||||
+}
|
+}
|
||||||
@ -543,11 +579,15 @@ index 000000000..3b4dfb872
|
|||||||
+
|
+
|
||||||
+ g_return_val_if_fail (hmac != NULL, NULL);
|
+ g_return_val_if_fail (hmac != NULL, NULL);
|
||||||
+
|
+
|
||||||
+ copy = g_slice_new0 (GHmac);
|
+ copy = g_new0 (GHmac, 1);
|
||||||
+ copy->ref_count = 1;
|
+ copy->ref_count = 1;
|
||||||
+ copy->digest_type = hmac->digest_type;
|
+ copy->digest_type = hmac->digest_type;
|
||||||
+ copy->hmac = gnutls_hmac_copy (hmac->hmac);
|
+ copy->hmac = gnutls_hmac_copy (hmac->hmac);
|
||||||
+
|
+
|
||||||
|
+ /* g_hmac_copy is not allowed to fail, so we'll have to crash on error. */
|
||||||
|
+ if (!copy->hmac)
|
||||||
|
+ g_error ("gnutls_hmac_copy failed");
|
||||||
|
+
|
||||||
+ return copy;
|
+ return copy;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
@ -570,7 +610,7 @@ index 000000000..3b4dfb872
|
|||||||
+ {
|
+ {
|
||||||
+ gnutls_hmac_deinit (hmac->hmac, NULL);
|
+ gnutls_hmac_deinit (hmac->hmac, NULL);
|
||||||
+ g_free (hmac->digest_str);
|
+ g_free (hmac->digest_str);
|
||||||
+ g_slice_free (GHmac, hmac);
|
+ g_free (hmac);
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
@ -580,10 +620,18 @@ index 000000000..3b4dfb872
|
|||||||
+ const guchar *data,
|
+ const guchar *data,
|
||||||
+ gssize length)
|
+ gssize length)
|
||||||
+{
|
+{
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
+ g_return_if_fail (hmac != NULL);
|
+ g_return_if_fail (hmac != NULL);
|
||||||
+ g_return_if_fail (length == 0 || data != NULL);
|
+ g_return_if_fail (length == 0 || data != NULL);
|
||||||
+
|
+
|
||||||
+ gnutls_hmac (hmac->hmac, data, length);
|
+ if (length == -1)
|
||||||
|
+ length = strlen ((const char *)data);
|
||||||
|
+
|
||||||
|
+ /* g_hmac_update is not allowed to fail, so we'll have to crash on error. */
|
||||||
|
+ ret = gnutls_hmac (hmac->hmac, data, length);
|
||||||
|
+ if (ret != 0)
|
||||||
|
+ g_error ("gnutls_hmac failed: %s", gnutls_strerror (ret));
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+const gchar *
|
+const gchar *
|
||||||
@ -617,7 +665,7 @@ index 000000000..3b4dfb872
|
|||||||
+ *digest_len = g_checksum_type_get_length (hmac->digest_type);
|
+ *digest_len = g_checksum_type_get_length (hmac->digest_type);
|
||||||
+}
|
+}
|
||||||
diff --git a/glib/ghmac.c b/glib/ghmac.c
|
diff --git a/glib/ghmac.c b/glib/ghmac.c
|
||||||
index 7db38e34a..b12eb07c4 100644
|
index 7db38e34a..b03a5aea7 100644
|
||||||
--- a/glib/ghmac.c
|
--- a/glib/ghmac.c
|
||||||
+++ b/glib/ghmac.c
|
+++ b/glib/ghmac.c
|
||||||
@@ -33,6 +33,7 @@
|
@@ -33,6 +33,7 @@
|
||||||
@ -628,11 +676,38 @@ index 7db38e34a..b12eb07c4 100644
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* SECTION:hmac
|
* SECTION:hmac
|
||||||
|
@@ -84,6 +85,18 @@ struct _GHmac
|
||||||
|
* Support for digests of type %G_CHECKSUM_SHA512 has been added in GLib 2.42.
|
||||||
|
* Support for %G_CHECKSUM_SHA384 was added in GLib 2.52.
|
||||||
|
*
|
||||||
|
+ * Note that #GHmac creation may fail, in which case this function will
|
||||||
|
+ * return %NULL. Since there is no error parameter, it is not possible
|
||||||
|
+ * to indicate why.
|
||||||
|
+ *
|
||||||
|
+ * In Fedora, CentOS Stream, and Red Hat Enterprise Linux, GLib is
|
||||||
|
+ * configured to use GnuTLS to implement #GHmac in order to support FIPS
|
||||||
|
+ * compliance. This introduces additional failure possibilities that are
|
||||||
|
+ * not present in upstream GLib. For example, the creation of a #GHmac
|
||||||
|
+ * will fail if @digest_type is %G_CHECKSUM_MD5 and the system is
|
||||||
|
+ * running in FIPS mode. #GHmac creation may also fail if GLib is unable
|
||||||
|
+ * to load GnuTLS.
|
||||||
|
+ *
|
||||||
|
* Returns: the newly created #GHmac, or %NULL.
|
||||||
|
* Use g_hmac_unref() to free the memory allocated by it.
|
||||||
|
*
|
||||||
diff --git a/glib/meson.build b/glib/meson.build
|
diff --git a/glib/meson.build b/glib/meson.build
|
||||||
index c7f28b5b6..a2f9da81c 100644
|
index 306a67f13..07d41456d 100644
|
||||||
--- a/glib/meson.build
|
--- a/glib/meson.build
|
||||||
+++ b/glib/meson.build
|
+++ b/glib/meson.build
|
||||||
@@ -137,7 +137,6 @@ glib_sources = files(
|
@@ -127,6 +127,7 @@ glib_sources = files(
|
||||||
|
'gbytes.c',
|
||||||
|
'gcharset.c',
|
||||||
|
'gchecksum.c',
|
||||||
|
+ 'gchecksumprivate.h',
|
||||||
|
'gconvert.c',
|
||||||
|
'gdataset.c',
|
||||||
|
'gdate.c',
|
||||||
|
@@ -137,7 +138,6 @@ glib_sources = files(
|
||||||
'gfileutils.c',
|
'gfileutils.c',
|
||||||
'ggettext.c',
|
'ggettext.c',
|
||||||
'ghash.c',
|
'ghash.c',
|
||||||
@ -640,15 +715,7 @@ index c7f28b5b6..a2f9da81c 100644
|
|||||||
'ghmac-utils.c',
|
'ghmac-utils.c',
|
||||||
'ghook.c',
|
'ghook.c',
|
||||||
'ghostutils.c',
|
'ghostutils.c',
|
||||||
@@ -185,6 +184,7 @@ glib_sources = files(
|
@@ -223,6 +223,12 @@ else
|
||||||
'gunidecomp.c',
|
|
||||||
'gurifuncs.c',
|
|
||||||
'gutils.c',
|
|
||||||
+ 'gchecksumprivate.h',
|
|
||||||
'guuid.c',
|
|
||||||
'gvariant.c',
|
|
||||||
'gvariant-core.c',
|
|
||||||
@@ -222,6 +222,12 @@ else
|
|
||||||
glib_dtrace_hdr = []
|
glib_dtrace_hdr = []
|
||||||
endif
|
endif
|
||||||
|
|
||||||
@ -661,17 +728,17 @@ index c7f28b5b6..a2f9da81c 100644
|
|||||||
pcre_static_args = []
|
pcre_static_args = []
|
||||||
|
|
||||||
if use_pcre_static_flag
|
if use_pcre_static_flag
|
||||||
@@ -238,7 +244,7 @@ libglib = library('glib-2.0',
|
@@ -239,7 +245,7 @@ libglib = library('glib-2.0',
|
||||||
link_args : platform_ldflags + noseh_link_args,
|
link_args : platform_ldflags + noseh_link_args,
|
||||||
include_directories : configinc,
|
include_directories : configinc,
|
||||||
link_with : [charset_lib, gnulib_lib],
|
link_with : [charset_lib, gnulib_lib],
|
||||||
- dependencies : [pcre, thread_dep, libintl, librt] + libiconv + platform_deps,
|
- dependencies : [pcre, thread_dep, libintl, librt] + libiconv + platform_deps,
|
||||||
+ dependencies : [pcre, thread_dep, libintl, librt] + libiconv + platform_deps + libgnutls_dep,
|
+ dependencies : [pcre, thread_dep, libintl, librt] + libgnutls_dep + libiconv + platform_deps,
|
||||||
c_args : ['-DG_LOG_DOMAIN="GLib"', '-DGLIB_COMPILATION'] + pcre_static_args + glib_hidden_visibility_args
|
c_args : ['-DG_LOG_DOMAIN="GLib"', '-DGLIB_COMPILATION'] + pcre_static_args + glib_hidden_visibility_args
|
||||||
)
|
)
|
||||||
|
|
||||||
diff --git a/meson.build b/meson.build
|
diff --git a/meson.build b/meson.build
|
||||||
index 0cefee51d..81b16b004 100644
|
index 0cefee51d..eaf8d3900 100644
|
||||||
--- a/meson.build
|
--- a/meson.build
|
||||||
+++ b/meson.build
|
+++ b/meson.build
|
||||||
@@ -1596,6 +1596,13 @@ if host_system == 'linux' and get_option('libmount')
|
@@ -1596,6 +1596,13 @@ if host_system == 'linux' and get_option('libmount')
|
||||||
@ -705,5 +772,63 @@ index 4504c6858..d18c42a36 100644
|
|||||||
type : 'boolean',
|
type : 'boolean',
|
||||||
value : false,
|
value : false,
|
||||||
--
|
--
|
||||||
2.21.0
|
2.31.1
|
||||||
|
|
||||||
|
From 87280b23902290dcf843a42d06cedeef571a673f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Catanzaro <mcatanzaro@redhat.com>
|
||||||
|
Date: Thu, 1 Jul 2021 15:51:26 -0500
|
||||||
|
Subject: [PATCH 3/3] Add more tests for GHmac
|
||||||
|
|
||||||
|
This will test a few problems that we hit recently:
|
||||||
|
|
||||||
|
g_hmac_copy() is broken, https://bugzilla.redhat.com/show_bug.cgi?id=1786538
|
||||||
|
|
||||||
|
Crash in g_hmac_update() in FIPS mode, https://bugzilla.redhat.com/show_bug.cgi?id=1971533
|
||||||
|
|
||||||
|
Crash when passing -1 length to g_hmac_update() (discovered in #1971533)
|
||||||
|
---
|
||||||
|
glib/tests/hmac.c | 22 ++++++++++++++++++++++
|
||||||
|
1 file changed, 22 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
|
||||||
|
index 3ac3206df..16b2fac9c 100644
|
||||||
|
--- a/glib/tests/hmac.c
|
||||||
|
+++ b/glib/tests/hmac.c
|
||||||
|
@@ -493,6 +493,27 @@ test_hmac_for_bytes (void)
|
||||||
|
g_bytes_unref (data);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+test_ghmac_gnutls_regressions (void)
|
||||||
|
+{
|
||||||
|
+ GHmac *hmac;
|
||||||
|
+ GHmac *copy;
|
||||||
|
+
|
||||||
|
+ hmac = g_hmac_new (G_CHECKSUM_SHA256, (const guchar *)"abc123", sizeof ("abc123"));
|
||||||
|
+ g_assert_nonnull (hmac);
|
||||||
|
+
|
||||||
|
+ /* Ensure g_hmac_update() does not crash when called with -1. */
|
||||||
|
+ g_hmac_update (hmac, (const guchar *)"You win again, gravity!", -1);
|
||||||
|
+
|
||||||
|
+ /* Ensure g_hmac_copy() does not crash. */
|
||||||
|
+ copy = g_hmac_copy (hmac);
|
||||||
|
+ g_assert_nonnull (hmac);
|
||||||
|
+ g_hmac_unref (hmac);
|
||||||
|
+
|
||||||
|
+ g_assert_cmpstr (g_hmac_get_string (copy), ==, "795ba6900bcb22e8ce65c2ec02db4e85697da921deb960ee3143bf88a4a60f83");
|
||||||
|
+ g_hmac_unref (copy);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int
|
||||||
|
main (int argc,
|
||||||
|
char **argv)
|
||||||
|
@@ -545,6 +566,7 @@ main (int argc,
|
||||||
|
g_test_add_func ("/hmac/for-data", test_hmac_for_data);
|
||||||
|
g_test_add_func ("/hmac/for-string", test_hmac_for_string);
|
||||||
|
g_test_add_func ("/hmac/for-bytes", test_hmac_for_bytes);
|
||||||
|
+ g_test_add_func ("/hmac/ghmac-gnutls-regressions", test_ghmac_gnutls_regressions);
|
||||||
|
|
||||||
|
return g_test_run ();
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
@ -94,3 +94,49 @@ index 6e417f6c1..a7b19826d 100644
|
|||||||
--
|
--
|
||||||
2.19.1
|
2.19.1
|
||||||
|
|
||||||
|
From 4ef58e5661849317a1110c9b93957f2c608677dd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Thu, 3 Jan 2019 08:21:40 +0000
|
||||||
|
Subject: [PATCH 2/2] gvariant test: Also force alignment for tuple test data
|
||||||
|
|
||||||
|
glib!552 (commit 9eed22b3) fixed this for the tests that failed on i686,
|
||||||
|
but this additional test failed on Debian's s390x port
|
||||||
|
(IBM z/Architecture, 64-bit big-endian).
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
---
|
||||||
|
glib/tests/gvariant.c | 7 +++++--
|
||||||
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/glib/tests/gvariant.c b/glib/tests/gvariant.c
|
||||||
|
index a7b19826d..c4a996c1f 100644
|
||||||
|
--- a/glib/tests/gvariant.c
|
||||||
|
+++ b/glib/tests/gvariant.c
|
||||||
|
@@ -4820,6 +4820,7 @@ test_normal_checking_array_offsets (void)
|
||||||
|
static void
|
||||||
|
test_normal_checking_tuple_offsets (void)
|
||||||
|
{
|
||||||
|
+ gpointer aligned_data;
|
||||||
|
const guint8 data[] = {
|
||||||
|
0x07, 0xe5, 0x00, 0x07, 0x00, 0x07,
|
||||||
|
'(', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', 'a', 's', ')',
|
||||||
|
@@ -4828,13 +4829,15 @@ test_normal_checking_tuple_offsets (void)
|
||||||
|
GVariant *variant = NULL;
|
||||||
|
GVariant *normal_variant = NULL;
|
||||||
|
|
||||||
|
- variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size,
|
||||||
|
- FALSE, NULL, NULL);
|
||||||
|
+ aligned_data = g_memdup (data, size); /* guarantee alignment */
|
||||||
|
+ variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, aligned_data,
|
||||||
|
+ size, FALSE, NULL, NULL);
|
||||||
|
g_assert_nonnull (variant);
|
||||||
|
|
||||||
|
normal_variant = g_variant_get_normal_form (variant);
|
||||||
|
g_assert_nonnull (normal_variant);
|
||||||
|
|
||||||
|
+ g_free (aligned_data);
|
||||||
|
g_variant_unref (normal_variant);
|
||||||
|
g_variant_unref (variant);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.19.1
|
116
SPECS/glib2.spec
116
SPECS/glib2.spec
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Name: glib2
|
Name: glib2
|
||||||
Version: 2.56.4
|
Version: 2.56.4
|
||||||
Release: 10%{?dist}.1
|
Release: 156%{?dist}
|
||||||
Summary: A library of handy utility functions
|
Summary: A library of handy utility functions
|
||||||
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
@ -37,50 +37,71 @@ BuildRequires: python3-devel
|
|||||||
# for GIO content-type support
|
# for GIO content-type support
|
||||||
Recommends: shared-mime-info
|
Recommends: shared-mime-info
|
||||||
|
|
||||||
# Downstream patches
|
# Implement RHEL 8 core crypto components policy
|
||||||
Patch01: 0001-gdbus-unix-addresses-test-don-t-g_debug-when-also-te.patch
|
|
||||||
|
|
||||||
# Backported from git master
|
|
||||||
Patch10: 0001-codegen-Change-pointer-casting-to-remove-type-punnin.patch
|
|
||||||
Patch11: 0001-spawn-add-shebang-line-to-script.patch
|
|
||||||
Patch12: 0001-build-sys-Pass-CFLAGS-to-DTRACE.patch
|
|
||||||
Patch13: 0001-gfile-Limit-access-to-files-when-copying.patch
|
|
||||||
|
|
||||||
# Backported from git glib-2-56 branch
|
|
||||||
Patch20: 0001-tests-Allocate-gvariant-data-from-the-heap-to-guaran.patch
|
|
||||||
Patch21: 0002-gvariant-test-Also-force-alignment-for-tuple-test-da.patch
|
|
||||||
|
|
||||||
# Backported from 2.58 (for 3.32 GNOME rebase)
|
|
||||||
Patch30: backport-per-desktop-overrides.patch
|
|
||||||
|
|
||||||
# https://gitlab.gnome.org/GNOME/glib/merge_requests/903
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1630260
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1630260
|
||||||
Patch37: ghmac-gnutls.patch
|
# https://gitlab.gnome.org/GNOME/glib/merge_requests/903
|
||||||
|
Patch0: ghmac-gnutls.patch
|
||||||
|
|
||||||
# Backported from git
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/50
|
||||||
Patch40: 0001-gdbus-codegen-honor-Property.EmitsChangedSignal-anno.patch
|
Patch1: 50.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/309
|
||||||
|
Patch2: 309.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/403
|
||||||
|
Patch3: 409.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/546
|
||||||
|
Patch4: 546.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/876
|
||||||
|
Patch5: CVE-2019-12450.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/552
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/569
|
||||||
|
Patch6: gvariant-tests.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/105
|
||||||
|
Patch7: 105.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/532
|
||||||
|
Patch8: 532.patch
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1777213
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1777213
|
||||||
Patch50: 0001-gcredentialsprivate-Document-the-various-private-mac.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1176
|
||||||
Patch51: 0001-GDBus-prefer-getsockopt-style-credentials-passing-AP.patch
|
Patch9: 1176.patch
|
||||||
Patch52: 0001-credentials-Invalid-Linux-struct-ucred-means-no-info.patch
|
|
||||||
|
|
||||||
# Mostly from https://gitlab.gnome.org/GNOME/glib/-/commits/master/gio/gkeyfilesettingsbackend.c
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/450
|
||||||
Patch60: keyfile-backend.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/603
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/issues/1658
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/974
|
||||||
Patch61: CVE-2019-13012.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/984
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/985
|
||||||
|
Patch10: keyfile-backend.patch
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/604
|
||||||
|
Patch11: CVE-2019-13012.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
|
||||||
|
Patch12: CVE-2021-27218.patch
|
||||||
|
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1927
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2000
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2000
|
||||||
Patch70: CVE-2021-27219.patch
|
Patch13: CVE-2021-27219.patch
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944
|
|
||||||
Patch71: CVE-2021-27218.patch
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1981
|
||||||
|
Patch14: CVE-2021-28153.patch
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1938284
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1369
|
||||||
|
Patch15: 1369.patch
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1948988
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1948988
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/873
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/873
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1353
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1353
|
||||||
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1691
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1691
|
||||||
Patch80: gmain-corruption.patch
|
Patch16: gmain-corruption.patch
|
||||||
|
|
||||||
|
# https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1713
|
||||||
|
Patch17: 1713.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
GLib is the low-level core library that forms the basis for projects
|
GLib is the low-level core library that forms the basis for projects
|
||||||
@ -279,15 +300,34 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
|
|||||||
%{_datadir}/installed-tests
|
%{_datadir}/installed-tests
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Jul 26 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-10.1
|
* Thu Jul 01 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-15
|
||||||
- Fix CVE-2021-27218
|
- Fix test failure introduced in previous update
|
||||||
Resolves: #1974888
|
- Related: #1971533
|
||||||
|
|
||||||
* Thu May 20 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-10
|
* Wed Jun 23 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-14
|
||||||
|
- Refresh GHmac patchset
|
||||||
|
- Resolves: #1971533
|
||||||
|
|
||||||
|
* Thu May 20 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-13
|
||||||
|
- Rename and consolidate existing patches for better maintainability
|
||||||
|
- Refresh CVE-2021-27219 patcheset, using better-targeted fixes
|
||||||
|
Resolves: #1939108
|
||||||
|
|
||||||
|
* Wed May 05 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-12
|
||||||
- Fix various problems in GMainContext
|
- Fix various problems in GMainContext
|
||||||
Resolves: #1953553
|
Resolves: #1948988
|
||||||
|
|
||||||
|
* Tue May 04 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-11
|
||||||
|
- Remove CHARSETALIASDIR environment variable
|
||||||
|
Resolves: #1938284
|
||||||
|
|
||||||
|
* Wed Mar 31 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-10
|
||||||
|
- Fix CVE-2021-27218
|
||||||
|
Resolves: #1939072
|
||||||
- Fix CVE-2021-27219
|
- Fix CVE-2021-27219
|
||||||
Resolves: #1960600
|
Resolves: #1939108
|
||||||
|
- Fix CVE-2021-28153
|
||||||
|
Resolves: #1939118
|
||||||
|
|
||||||
* Tue Nov 10 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-9
|
* Tue Nov 10 2020 Michael Catanzaro <mcatanzaro@redhat.com> - 2.56.4-9
|
||||||
- Update GHmac patch to implement g_hmac_copy()
|
- Update GHmac patch to implement g_hmac_copy()
|
||||||
|
Loading…
Reference in New Issue
Block a user