aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRasmus Thomsen <oss@cogitri.dev>2021-04-21 17:59:20 +0200
committerRasmus Thomsen <oss@cogitri.dev>2021-04-21 17:59:20 +0200
commit941cf98a287b63931847d822d2cc29c88ea2b67d (patch)
tree5cd40cf465feb10a19e19e1eb76ec57f54a41a3c
parent9e2c406d6b5f3096882d3bc6519fce2fbe5f66c6 (diff)
main/glib: upgrade to 2.66.8
Also add missing secfixes
-rw-r--r--main/glib/APKBUILD14
-rw-r--r--main/glib/fix-symlink-attack.patch467
2 files changed, 8 insertions, 473 deletions
diff --git a/main/glib/APKBUILD b/main/glib/APKBUILD
index 75ec15dcdf3..062ca857ab7 100644
--- a/main/glib/APKBUILD
+++ b/main/glib/APKBUILD
@@ -3,8 +3,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=glib
-pkgver=2.66.7
-pkgrel=1
+pkgver=2.66.8
+pkgrel=0
pkgdesc="Common C routines used by Gtk+ and other libs"
url="https://developer.gnome.org/glib/"
arch="all"
@@ -18,13 +18,16 @@ source="https://download.gnome.org/sources/glib/${pkgver%.*}/glib-$pkgver.tar.xz
0001-gquark-fix-initialization-with-c-constructors.patch
deprecated-no-warn.patch
musl-libintl.patch
- fix-symlink-attack.patch
"
subpackages="$pkgname-dbg $pkgname-doc $pkgname-static $pkgname-dev $pkgname-lang"
# secfixes:
+# 2.66.7-r0:
+# - CVE-2021-27218
# 2.66.6-r0:
# - GHSL-2021-045
+# - CVE-2021-28153
+# - CVE-2021-27219
# 2.62.5-r0:
# - CVE-2020-6750
# 2.60.4-r0:
@@ -67,8 +70,7 @@ static() {
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
}
-sha512sums="f6e6cc0fe2ab4a31a623bf9a1e63f833783e044e7ed55b66a84fc0cbf1410eec233fe0e226abb20aac0e40167a9624bf5e65197f9eed879da1293af44408d530 glib-2.66.7.tar.xz
+sha512sums="d9d1bee82409bdceb14ab6008508f1abbb6eedfc22a35b1635d381594ee43c4ee9a1569d46bebe5b0b6d9fe7c629079f75660c6fa8f3b85a1dbca304bc6a6205 glib-2.66.8.tar.xz
32e5aca9a315fb985fafa0b4355e4498c1f877fc1f0b58ad4ac261fb9fbced9f026c7756a5f2af7d61ce756b55c8cd02811bb08df397040e93510056f073756b 0001-gquark-fix-initialization-with-c-constructors.patch
744239ea2afb47e15d5d0214c37d7c798edac53797ca3ac14d515aee4cc3999ef9716ba744c64c40198fb259edc922559f77c9051104a568fc8ee4fc790810b1 deprecated-no-warn.patch
-2211140fde86c9a80f67d0ce54dfd3e9e77d61dc14aa9d4c3df6f995582dde48b334622785f54b516cdc37f9cb27e3c75018f4134a72b519801ddd64078841b8 musl-libintl.patch
-5d3fc46cdfcc7cad606f817a8fc4da709d80d8501d5fdf183700102d509d58921f11398b5a1ef81f3101969f04f60c24f889f589d0558fd7cedb602ea26f5b21 fix-symlink-attack.patch"
+2211140fde86c9a80f67d0ce54dfd3e9e77d61dc14aa9d4c3df6f995582dde48b334622785f54b516cdc37f9cb27e3c75018f4134a72b519801ddd64078841b8 musl-libintl.patch"
diff --git a/main/glib/fix-symlink-attack.patch b/main/glib/fix-symlink-attack.patch
deleted file mode 100644
index 6923911fefc..00000000000
--- a/main/glib/fix-symlink-attack.patch
+++ /dev/null
@@ -1,467 +0,0 @@
-From 78420a75aeb70569a8cd79fa0fea7b786b6f785f Mon Sep 17 00:00:00 2001
-From: Philip Withnall <pwithnall@endlessos.org>
-Date: Wed, 24 Feb 2021 17:33:38 +0000
-Subject: [PATCH 1/5] glocalfileoutputstream: Fix a typo in a comment
-
-Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
----
- gio/glocalfileoutputstream.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
-index f34c3e439..e3d31d6b3 100644
---- a/gio/glocalfileoutputstream.c
-+++ b/gio/glocalfileoutputstream.c
-@@ -854,7 +854,7 @@ handle_overwrite_open (const char *filename,
- mode = mode_from_flags_or_info (flags, reference_info);
-
- /* We only need read access to the original file if we are creating a backup.
-- * We also add O_CREATE to avoid a race if the file was just removed */
-+ * We also add O_CREAT to avoid a race if the file was just removed */
- if (create_backup || readable)
- open_flags = O_RDWR | O_CREAT | O_BINARY;
- else
---
-GitLab
-
-
-From 32d3d02a50e7dcec5f4cf7908e7ac88d575d8fc5 Mon Sep 17 00:00:00 2001
-From: Philip Withnall <pwithnall@endlessos.org>
-Date: Wed, 24 Feb 2021 17:34:32 +0000
-Subject: [PATCH 2/5] tests: Stop using g_test_bug_base() in file tests
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Since a following commit is going to add a new test which references
-Gitlab, so it’s best to move the URI bases inside the test cases.
-
-Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
----
- gio/tests/file.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/gio/tests/file.c b/gio/tests/file.c
-index d8769656c..39d51dadb 100644
---- a/gio/tests/file.c
-+++ b/gio/tests/file.c
-@@ -686,7 +686,7 @@ test_replace_cancel (void)
- guint count;
- GError *error = NULL;
-
-- g_test_bug ("629301");
-+ g_test_bug ("https://bugzilla.gnome.org/629301");
-
- path = g_dir_make_tmp ("g_file_replace_cancel_XXXXXX", &error);
- g_assert_no_error (error);
-@@ -1785,8 +1785,6 @@ main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-
-- g_test_bug_base ("http://bugzilla.gnome.org/");
--
- g_test_add_func ("/file/basic", test_basic);
- g_test_add_func ("/file/build-filename", test_build_filename);
- g_test_add_func ("/file/parent", test_parent);
---
-GitLab
-
-
-From ce0eb088a68171eed3ac217cb92a72e36eb57d1b Mon Sep 17 00:00:00 2001
-From: Philip Withnall <pwithnall@endlessos.org>
-Date: Wed, 10 Mar 2021 16:05:55 +0000
-Subject: [PATCH 3/5] glocalfileoutputstream: Factor out a flag check
-
-This clarifies the code a little. It introduces no functional changes.
-
-Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
----
- gio/glocalfileoutputstream.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
-index e3d31d6b3..392d0b0ca 100644
---- a/gio/glocalfileoutputstream.c
-+++ b/gio/glocalfileoutputstream.c
-@@ -850,6 +850,7 @@ handle_overwrite_open (const char *filename,
- int res;
- int mode;
- int errsv;
-+ gboolean replace_destination_set = (flags & G_FILE_CREATE_REPLACE_DESTINATION);
-
- mode = mode_from_flags_or_info (flags, reference_info);
-
-@@ -960,7 +961,7 @@ handle_overwrite_open (const char *filename,
- * to a backup file and rewrite the contents of the file.
- */
-
-- if ((flags & G_FILE_CREATE_REPLACE_DESTINATION) ||
-+ if (replace_destination_set ||
- (!(_g_stat_nlink (&original_stat) > 1) && !is_symlink))
- {
- char *dirname, *tmp_filename;
-@@ -979,7 +980,7 @@ handle_overwrite_open (const char *filename,
-
- /* try to keep permissions (unless replacing) */
-
-- if ( ! (flags & G_FILE_CREATE_REPLACE_DESTINATION) &&
-+ if (!replace_destination_set &&
- (
- #ifdef HAVE_FCHOWN
- fchown (tmpfd, _g_stat_uid (&original_stat), _g_stat_gid (&original_stat)) == -1 ||
-@@ -1120,7 +1121,7 @@ handle_overwrite_open (const char *filename,
- }
- }
-
-- if (flags & G_FILE_CREATE_REPLACE_DESTINATION)
-+ if (replace_destination_set)
- {
- g_close (fd, NULL);
-
---
-GitLab
-
-
-From 317b3b587058a05dca95d56dac26568c5b098d33 Mon Sep 17 00:00:00 2001
-From: Philip Withnall <pwithnall@endlessos.org>
-Date: Wed, 24 Feb 2021 17:36:07 +0000
-Subject: [PATCH 4/5] glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION
- with symlinks
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking
-the destination file and re-creating it from scratch. That did
-previously work, but in the process the code would call `open(O_CREAT)`
-on the file. If the file was a dangling symlink, this would create the
-destination file (empty). That’s not an intended side-effect, and has
-security implications if the symlink is controlled by a lower-privileged
-process.
-
-Fix that by not opening the destination file if it’s a symlink, and
-adjusting the rest of the code to cope with
- - the fact that `fd == -1` is not an error iff `is_symlink` is true,
- - and that `original_stat` will contain the `lstat()` results for the
- symlink now, rather than the `stat()` results for its target (again,
- iff `is_symlink` is true).
-
-This means that the target of the dangling symlink is no longer created,
-which was the bug. The symlink itself continues to be replaced (as
-before) with the new file — this is the intended behaviour of
-`g_file_replace()`.
-
-The behaviour for non-symlink cases, or cases where the symlink was not
-dangling, should be unchanged.
-
-Includes a unit test.
-
-Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
-
-Fixes: #2325
----
- gio/glocalfileoutputstream.c | 77 ++++++++++++++++++-------
- gio/tests/file.c | 108 +++++++++++++++++++++++++++++++++++
- 2 files changed, 163 insertions(+), 22 deletions(-)
-
-diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
-index 392d0b0ca..a2c7e3cc0 100644
---- a/gio/glocalfileoutputstream.c
-+++ b/gio/glocalfileoutputstream.c
-@@ -878,16 +878,22 @@ handle_overwrite_open (const char *filename,
- /* Could be a symlink, or it could be a regular ELOOP error,
- * but then the next open will fail too. */
- is_symlink = TRUE;
-- fd = g_open (filename, open_flags, mode);
-+ if (!replace_destination_set)
-+ fd = g_open (filename, open_flags, mode);
- }
--#else
-- fd = g_open (filename, open_flags, mode);
-- errsv = errno;
-+#else /* if !O_NOFOLLOW */
- /* This is racy, but we do it as soon as possible to minimize the race */
- is_symlink = g_file_test (filename, G_FILE_TEST_IS_SYMLINK);
-+
-+ if (!is_symlink || !replace_destination_set)
-+ {
-+ fd = g_open (filename, open_flags, mode);
-+ errsv = errno;
-+ }
- #endif
-
-- if (fd == -1)
-+ if (fd == -1 &&
-+ (!is_symlink || !replace_destination_set))
- {
- char *display_name = g_filename_display_name (filename);
- g_set_error (error, G_IO_ERROR,
-@@ -898,15 +904,30 @@ handle_overwrite_open (const char *filename,
- return -1;
- }
-
-- res = g_local_file_fstat (fd,
-- G_LOCAL_FILE_STAT_FIELD_TYPE |
-- G_LOCAL_FILE_STAT_FIELD_MODE |
-- G_LOCAL_FILE_STAT_FIELD_UID |
-- G_LOCAL_FILE_STAT_FIELD_GID |
-- G_LOCAL_FILE_STAT_FIELD_MTIME |
-- G_LOCAL_FILE_STAT_FIELD_NLINK,
-- G_LOCAL_FILE_STAT_FIELD_ALL, &original_stat);
-- errsv = errno;
-+ if (!is_symlink)
-+ {
-+ res = g_local_file_fstat (fd,
-+ G_LOCAL_FILE_STAT_FIELD_TYPE |
-+ G_LOCAL_FILE_STAT_FIELD_MODE |
-+ G_LOCAL_FILE_STAT_FIELD_UID |
-+ G_LOCAL_FILE_STAT_FIELD_GID |
-+ G_LOCAL_FILE_STAT_FIELD_MTIME |
-+ G_LOCAL_FILE_STAT_FIELD_NLINK,
-+ G_LOCAL_FILE_STAT_FIELD_ALL, &original_stat);
-+ errsv = errno;
-+ }
-+ else
-+ {
-+ res = g_local_file_lstat (filename,
-+ G_LOCAL_FILE_STAT_FIELD_TYPE |
-+ G_LOCAL_FILE_STAT_FIELD_MODE |
-+ G_LOCAL_FILE_STAT_FIELD_UID |
-+ G_LOCAL_FILE_STAT_FIELD_GID |
-+ G_LOCAL_FILE_STAT_FIELD_MTIME |
-+ G_LOCAL_FILE_STAT_FIELD_NLINK,
-+ G_LOCAL_FILE_STAT_FIELD_ALL, &original_stat);
-+ errsv = errno;
-+ }
-
- if (res != 0)
- {
-@@ -923,16 +944,27 @@ handle_overwrite_open (const char *filename,
- if (!S_ISREG (_g_stat_mode (&original_stat)))
- {
- if (S_ISDIR (_g_stat_mode (&original_stat)))
-- g_set_error_literal (error,
-- G_IO_ERROR,
-- G_IO_ERROR_IS_DIRECTORY,
-- _("Target file is a directory"));
-- else
-- g_set_error_literal (error,
-+ {
-+ g_set_error_literal (error,
-+ G_IO_ERROR,
-+ G_IO_ERROR_IS_DIRECTORY,
-+ _("Target file is a directory"));
-+ goto err_out;
-+ }
-+ else if (!is_symlink ||
-+#ifdef S_ISLNK
-+ !S_ISLNK (_g_stat_mode (&original_stat))
-+#else
-+ FALSE
-+#endif
-+ )
-+ {
-+ g_set_error_literal (error,
- G_IO_ERROR,
- G_IO_ERROR_NOT_REGULAR_FILE,
- _("Target file is not a regular file"));
-- goto err_out;
-+ goto err_out;
-+ }
- }
-
- if (etag != NULL)
-@@ -1015,7 +1047,8 @@ handle_overwrite_open (const char *filename,
- }
- }
-
-- g_close (fd, NULL);
-+ if (fd >= 0)
-+ g_close (fd, NULL);
- *temp_filename = tmp_filename;
- return tmpfd;
- }
-diff --git a/gio/tests/file.c b/gio/tests/file.c
-index 39d51dadb..ddd1ffcba 100644
---- a/gio/tests/file.c
-+++ b/gio/tests/file.c
-@@ -805,6 +805,113 @@ test_replace_cancel (void)
- g_object_unref (tmpdir);
- }
-
-+static void
-+test_replace_symlink (void)
-+{
-+#ifdef G_OS_UNIX
-+ gchar *tmpdir_path = NULL;
-+ GFile *tmpdir = NULL, *source_file = NULL, *target_file = NULL;
-+ GFileOutputStream *stream = NULL;
-+ const gchar *new_contents = "this is a test message which should be written to source and not target";
-+ gsize n_written;
-+ GFileEnumerator *enumerator = NULL;
-+ GFileInfo *info = NULL;
-+ gchar *contents = NULL;
-+ gsize length = 0;
-+ GError *local_error = NULL;
-+
-+ g_test_bug ("https://gitlab.gnome.org/GNOME/glib/-/issues/2325");
-+ g_test_summary ("Test that G_FILE_CREATE_REPLACE_DESTINATION doesn’t follow symlinks");
-+
-+ /* Create a fresh, empty working directory. */
-+ tmpdir_path = g_dir_make_tmp ("g_file_replace_symlink_XXXXXX", &local_error);
-+ g_assert_no_error (local_error);
-+ tmpdir = g_file_new_for_path (tmpdir_path);
-+
-+ g_test_message ("Using temporary directory %s", tmpdir_path);
-+ g_free (tmpdir_path);
-+
-+ /* Create symlink `source` which points to `target`. */
-+ source_file = g_file_get_child (tmpdir, "source");
-+ target_file = g_file_get_child (tmpdir, "target");
-+ g_file_make_symbolic_link (source_file, "target", NULL, &local_error);
-+ g_assert_no_error (local_error);
-+
-+ /* Ensure that `target` doesn’t exist */
-+ g_assert_false (g_file_query_exists (target_file, NULL));
-+
-+ /* Replace the `source` symlink with a regular file using
-+ * %G_FILE_CREATE_REPLACE_DESTINATION, which should replace it *without*
-+ * following the symlink */
-+ stream = g_file_replace (source_file, NULL, FALSE /* no backup */,
-+ G_FILE_CREATE_REPLACE_DESTINATION, NULL, &local_error);
-+ g_assert_no_error (local_error);
-+
-+ g_output_stream_write_all (G_OUTPUT_STREAM (stream), new_contents, strlen (new_contents),
-+ &n_written, NULL, &local_error);
-+ g_assert_no_error (local_error);
-+ g_assert_cmpint (n_written, ==, strlen (new_contents));
-+
-+ g_output_stream_close (G_OUTPUT_STREAM (stream), NULL, &local_error);
-+ g_assert_no_error (local_error);
-+
-+ g_clear_object (&stream);
-+
-+ /* At this point, there should still only be one file: `source`. It should
-+ * now be a regular file. `target` should not exist. */
-+ enumerator = g_file_enumerate_children (tmpdir,
-+ G_FILE_ATTRIBUTE_STANDARD_NAME ","
-+ G_FILE_ATTRIBUTE_STANDARD_TYPE,
-+ G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, NULL, &local_error);
-+ g_assert_no_error (local_error);
-+
-+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
-+ g_assert_no_error (local_error);
-+ g_assert_nonnull (info);
-+
-+ g_assert_cmpstr (g_file_info_get_name (info), ==, "source");
-+ g_assert_cmpint (g_file_info_get_file_type (info), ==, G_FILE_TYPE_REGULAR);
-+
-+ g_clear_object (&info);
-+
-+ info = g_file_enumerator_next_file (enumerator, NULL, &local_error);
-+ g_assert_no_error (local_error);
-+ g_assert_null (info);
-+
-+ g_file_enumerator_close (enumerator, NULL, &local_error);
-+ g_assert_no_error (local_error);
-+ g_clear_object (&enumerator);
-+
-+ /* Double-check that `target` doesn’t exist */
-+ g_assert_false (g_file_query_exists (target_file, NULL));
-+
-+ /* Check the content of `source`. */
-+ g_file_load_contents (source_file,
-+ NULL,
-+ &contents,
-+ &length,
-+ NULL,
-+ &local_error);
-+ g_assert_no_error (local_error);
-+ g_assert_cmpstr (contents, ==, new_contents);
-+ g_assert_cmpuint (length, ==, strlen (new_contents));
-+ g_free (contents);
-+
-+ /* Tidy up. */
-+ g_file_delete (source_file, NULL, &local_error);
-+ g_assert_no_error (local_error);
-+
-+ g_file_delete (tmpdir, NULL, &local_error);
-+ g_assert_no_error (local_error);
-+
-+ g_clear_object (&target_file);
-+ g_clear_object (&source_file);
-+ g_clear_object (&tmpdir);
-+#else /* if !G_OS_UNIX */
-+ g_test_skip ("Symlink replacement tests can only be run on Unix")
-+#endif
-+}
-+
- static void
- on_file_deleted (GObject *object,
- GAsyncResult *result,
-@@ -1798,6 +1905,7 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/file/async-create-delete/4096", GINT_TO_POINTER (4096), test_create_delete);
- g_test_add_func ("/file/replace-load", test_replace_load);
- g_test_add_func ("/file/replace-cancel", test_replace_cancel);
-+ g_test_add_func ("/file/replace-symlink", test_replace_symlink);
- g_test_add_func ("/file/async-delete", test_async_delete);
- g_test_add_func ("/file/copy-preserve-mode", test_copy_preserve_mode);
- g_test_add_func ("/file/measure", test_measure);
---
-GitLab
-
-
-From 6c6439261bc7a8a0627519848a7222b3e1bd4ffe Mon Sep 17 00:00:00 2001
-From: Philip Withnall <pwithnall@endlessos.org>
-Date: Wed, 24 Feb 2021 17:42:24 +0000
-Subject: [PATCH 5/5] glocalfileoutputstream: Add a missing O_CLOEXEC flag to
- replace()
-
-Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
----
- gio/glocalfileoutputstream.c | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
-index a2c7e3cc0..4c512ea81 100644
---- a/gio/glocalfileoutputstream.c
-+++ b/gio/glocalfileoutputstream.c
-@@ -63,6 +63,12 @@
- #define O_BINARY 0
- #endif
-
-+#ifndef O_CLOEXEC
-+#define O_CLOEXEC 0
-+#else
-+#define HAVE_O_CLOEXEC 1
-+#endif
-+
- struct _GLocalFileOutputStreamPrivate {
- char *tmp_filename;
- char *original_filename;
-@@ -1239,7 +1245,7 @@ _g_local_file_output_stream_replace (const char *filename,
- sync_on_close = FALSE;
-
- /* If the file doesn't exist, create it */
-- open_flags = O_CREAT | O_EXCL | O_BINARY;
-+ open_flags = O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC;
- if (readable)
- open_flags |= O_RDWR;
- else
-@@ -1269,8 +1275,11 @@ _g_local_file_output_stream_replace (const char *filename,
- set_error_from_open_errno (filename, error);
- return NULL;
- }
--
--
-+#if !defined(HAVE_O_CLOEXEC) && defined(F_SETFD)
-+ else
-+ fcntl (fd, F_SETFD, FD_CLOEXEC);
-+#endif
-+
- stream = g_object_new (G_TYPE_LOCAL_FILE_OUTPUT_STREAM, NULL);
- stream->priv->fd = fd;
- stream->priv->sync_on_close = sync_on_close;
---
-GitLab
-