<html><body>
<h3>Signed-off-by: Kevin Weng <t-keweng@microsoft.com></h3>
<pre>.../glib-2.0/glib-2.0/CVE-2019-13012.patch | 47 +++++++++++++++++++
meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb | 1 +
2 files changed, 48 insertions(+)
create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch</pre>
<p>diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch new file mode 100644 index 0000000000..29c5d98402 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch @@ -0,0 +1,47 @@ +From c7f7fd53780f8caebccc903d61ffc21632b46a6c Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Tue, 22 Jan 2019 13:26:31 -0500 +Subject: [PATCH] keyfile settings: Use tighter permissions + +When creating directories, create them with 700 permissions, +instead of 777. + +Closes: #1658 + +Upstream-Status: Backport +[<a href="https://u12060237.ct.sendgrid.net/wf/click?upn=ZUEdHBk4v9DOmlXxaQIXsnGdThIumwxbeCM-2BExoUQb3xoFKw5ia4SQ7gfdvTfxmZ8uW8wNMPXLlzqfBPx5Spkg-3D-3D_TE0Kxc-2FihH-2BEaJFZv0piOBm40-2F8jB5b-2FHzeWxsyZzZlOtbMQm4wqVCgNIpo7dsW-2FzBSP60qI2GfklY0UAhXTU7-2BagK7GE0pY2gSbtzQgRWAya5z5oXuJLBeFfOyIUWgwQYBvVRCFNERs3rRKhqg8nOzFaltX0WKbijIhhfyKGLbpCWM-2F8tTPNIjBerCdf2XROEWYDCcBqE9iPUdJJ-2BxBTKtJjW7pwDmIg8dkaNHbL0FwsRYKiW3MhLSe6-2By32FRq">https://gitlab.gnome.org/GNOME/glib/commit</a> +/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429] + +CVE: CVE-2019-13012 + +Signed-off-by: Kevin Weng <t-keweng@microsoft.com> +--- + gio/gkeyfilesettingsbackend.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index a37978e83..580a0b0a1 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -89,7 +89,8 @@ g_keyfile_settings_backend_keyfile_write (GKeyfileSettingsBackend *kfsb) + + contents = g_key_file_to_data (kfsb->keyfile, &length, NULL); + g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + NULL, NULL, NULL); + + compute_checksum (kfsb->digest, contents, length); +@@ -640,7 +641,7 @@ g_keyfile_settings_backend_new (const gchar *filename, + + kfsb->file = g_file_new_for_path (filename); + kfsb->dir = g_file_get_parent (kfsb->file); +- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); ++ g_mkdir_with_parents (g_file_peek_path (kfsb->dir), 0700); + + kfsb->file_monitor = g_file_monitor (kfsb->file, 0, NULL, NULL); + kfsb->dir_monitor = g_file_monitor (kfsb->dir, 0, NULL, NULL); +-- +2.22.0 + diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb index f007596968..611abd8eb8 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb @@ -17,6 +17,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \</p>
<pre>file://CVE-2019-12450.patch \
file://CVE-2019-9633_p1.patch \
file://CVE-2019-9633_p2.patch \</pre>
<p>+ <a href="file://CVE-2019-13012.patch">file://CVE-2019-13012.patch</a> \</p>
<pre> "
SRC_URI_append_class-native = " file://relocate-modules.patch"</pre>
<p>— 2.22.0</p>
<img src="https://u12060237.ct.sendgrid.net/wf/open?upn=TE0Kxc-2FihH-2BEaJFZv0piOBm40-2F8jB5b-2FHzeWxsyZzZlOtbMQm4wqVCgNIpo7dsW-2FzBSP60qI2GfklY0UAhXTU7-2BagK7GE0pY2gSbtzQgRWB4AmDK-2FyXkRCDVOTR37H31U-2FrgapuX34FAlgC23YxOj-2BIubL7OKaPjwaZfTaWQKU9w6bNdrrhAfkhhfFQ4-2Bg4tq0lczYO8nXZDxtNj232J8nUInR4-2FVbHFXT8RHoXpP2iyAqH3XIXoU-2BK98B0E6sqo" alt="" width="1" height="1" border="0" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;"/>
</body></html>