diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-06-24 16:36:18 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-06-24 16:38:35 +0300 |
commit | c8f4712845034714fed763414987305bacafe1fd (patch) | |
tree | 076fa034dbf82e26eeb4be701ff70e4fb8f66881 /poky/meta/recipes-core/glib-2.0 | |
parent | 0bd2291397ecbeae3b2e29a25d7184177b094f25 (diff) | |
download | openbmc-c8f4712845034714fed763414987305bacafe1fd.tar.xz |
subtree updates
poky: 50d272863d..0b3e371116:
Alistair Francis (1):
recipes-bsp/opensbi: Fix the u-boot payload name
Changqing Li (2):
update-rc.d: update SRCREV and license checksum
update-rc.d: support enable/disable options
Chen Qi (2):
context.py: avoid skipping tests by meaningless command argument
oeqa: avoid class setup method to run when skipping the whole class
Joe Slater (1):
glib-2.0: Fix CVE-2019-12450
Jonathan Rajotte (1):
lttng-tools: update to 2.10.7
Joseph Reynolds (1):
dropbear: new feature: disable-weak-ciphers
Joshua Watt (4):
perl: Improve ptest package reproducibility
python3: Reformat sysconfig
perl: Reproducible build fixes
bash: Remove .build files for reproducible builds
Martin Jansa (1):
gcc-runtime.inc: create the correct directory before creating the symlinks in it
Ricardo Ribalda Delgado (1):
go: avoid host contamination by GOCACHE
Ross Burton (1):
pigz: bump alternative priority
Tim Orling (1):
ptest-packagelists.inc: add libmodule-build-perl-ptest
meta-openembedded: 3b245e4fe8..64974b8779:
Adrian Bunk (9):
libauthen-radius-perl: Remove manual RDEPENDS from PN-ptest to PN package
network-manager-applet: Remove obsolete dbus-glib and libnm-glib dependencies
ndctl: Remove the unnecessary dependency on virtual/kernel
tipcutils: Remove the unnecessary dependency on virtual/kernel
xl2tpd: Remove the old 1.3.6 version
gpsd: Force using python-scons-native for now
efibootmgr: Remove, was moved to oe-core
efivar: Remove, was moved to oe-core
wireless-regdb: Remove, was moved to oe-core
Andrey Zhizhikin (1):
cpuburn-arm: add aarch64 machine and build configuration
Ankit Navik (1):
safec: Add Safe C license
Bartosz Golaszewski (1):
libgpiod: upgrade to v1.4
Hongxu Jia (1):
dracut: fix generated initramfs boot failure under bash 5
Kai Kang (1):
xfce4-screensaver: 0.1.4 -> 0.1.5
Khem Raj (5):
stressapptest: Fix build with libc++
stressapptest: Implement reading sysfs and use it if sysconf is not there
stressapptest: Use git SHA instead of git archive
gmime: Add recipe
pidgin-sipe: Depend on gmime
Maciej Pijanowski (1):
recipes-benchmark/stressapptest_1.0.9.bb: add recipe
Mingli Yu (3):
mariadb: Upgrade to 10.3.16
mozjs: Fix do_patch error for mips64-n32
python-lxml: replace -Og with -O for mips64-32
Naveen Saini (1):
pm-graph: fix multilib build failure
Nicola Lunghi (1):
libp11: No need to delete *.la anymore
Oleksandr Kravchuk (1):
openconnect: update to 8.03
Pascal Bach (3):
protobuf: 3.6.1 -> 3.8.0
protobuf-c: add patch for protobuf 3 compatibility
python3-protobuf, python-protobuf: 3.6.1 -> 3.8.0
Persian Prince (1):
blueman_%.bbappend: Avoid PAK archive (application/x-pak)
Saikiran Madugula (1):
gitver: Pass git directory argument to gitrev_run
Tim Orling (1):
libmodule-build-perl: drop, has moved to oe-core
Yi Zhao (1):
snort: upgrade 2.9.11.1 -> 2.9.13
Zang Ruochen (3):
python-twisted: upgrade 19.2.0 -> 19.2.1
python-wrapt: upgrade 1.11.1 -> 1.11.2
python-certifi: upgrade 2019.3.9 -> 2019.6.16
Change-Id: I0c3385628e0382c56c94fa27ba4d14e301c2e558
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-core/glib-2.0')
-rw-r--r-- | poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch | 62 | ||||
-rw-r--r-- | poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch new file mode 100644 index 0000000000..59e49195cc --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-12450.patch @@ -0,0 +1,62 @@ +glib-2.0: fix CVE-2019-12450 + +Not in release 2.61.1. + +CVE: CVE-2019-12450 + +Upstream-Status: Backport [github.com/GNOME/glib.git] +Signed-off-by: Joe Slater <joe.slater@windrivere.com> +--- +From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy <oholy@redhat.com> +Date: Thu, 23 May 2019 10:41:53 +0200 +Subject: [PATCH] gfile: Limit access to files when copying + +file_copy_fallback creates new files with default permissions and +set the correct permissions after the operation is finished. This +might cause that the files can be accessible by more users during +the operation than expected. Use G_FILE_CREATE_PRIVATE for the new +files to limit access to those files. +--- + gio/gfile.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/gio/gfile.c b/gio/gfile.c +index 24b136d80..74b58047c 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source, + out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), + FALSE, NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, +- info, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, info, + cancellable, error); + else + out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), +- FALSE, 0, info, ++ FALSE, G_FILE_CREATE_PRIVATE, info, + cancellable, error); + } + else if (flags & G_FILE_COPY_OVERWRITE) +@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source, + out = (GOutputStream *)g_file_replace (destination, + NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + cancellable, error); + } + else + { +- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); ++ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); + } + + if (!out) +-- +2.17.1 + diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb index bb77294e1e..5942241de5 100644 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb @@ -16,6 +16,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \ file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \ + file://CVE-2019-12450.patch \ " SRC_URI_append_class-native = " file://relocate-modules.patch" |