dev-libs/glib/files/glib-2.58.3-gfile-Limit-access-to-files-when-copying.patch - third_party/overlays/chromiumos-overlay - Git at Google

 From: Ondrej Holy <oholy@redhat.com>
 Date: Thu, 23 May 2019 10:41:53 +0200
 Subject: gfile: Limit access to files when copying

 file_copy_fallback creates new files with default permissions and
 set the correct permissions after the operation is finished. This
 might cause that the files can be accessible by more users during
 the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
 files to limit access to those files.

 Bug: https://gitlab.gnome.org/GNOME/glib/merge_requests/876
 Bug-CVE: CVE-2019-12450
 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929753
 Origin: upstream, 2.61.1, commit:d8f8f4d637ce43f8699ba94c9b7648beda0ca174
 ---
  gio/gfile.c | 11 ++++++-----
  1 file changed, 6 insertions(+), 5 deletions(-)

 diff --git a/gio/gfile.c b/gio/gfile.c
 index a5709a4..e017ee1 100644
 --- a/gio/gfile.c
 +++ b/gio/gfile.c
 @@ -3284,12 +3284,12 @@ file_copy_fallback (GFile                  *source,
          out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
                                                                     FALSE, NULL,
                                                                     flags & G_FILE_COPY_BACKUP,
 -                                                                   G_FILE_CREATE_REPLACE_DESTINATION,
 -                                                                   info,
 +                                                                   G_FILE_CREATE_REPLACE_DESTINATION |
 +                                                                   G_FILE_CREATE_PRIVATE, info,
                                                                     cancellable, error);
        else
          out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
 -                                                                  FALSE, 0, info,
 +                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,
                                                                    cancellable, error);
      }
    else if (flags & G_FILE_COPY_OVERWRITE)
 @@ -3297,12 +3297,13 @@ file_copy_fallback (GFile                  *source,
        out = (GOutputStream *)g_file_replace (destination,
                                               NULL,
                                               flags & G_FILE_COPY_BACKUP,
 -                                             G_FILE_CREATE_REPLACE_DESTINATION,
 +                                             G_FILE_CREATE_REPLACE_DESTINATION |
 +                                             G_FILE_CREATE_PRIVATE,
                                               cancellable, error);
      }
    else
      {
 -      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
 +      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
      }

    if (!out)
	From: Ondrej Holy <oholy@redhat.com>
	Date: Thu, 23 May 2019 10:41:53 +0200
	Subject: gfile: Limit access to files when copying

	file_copy_fallback creates new files with default permissions and
	set the correct permissions after the operation is finished. This
	might cause that the files can be accessible by more users during
	the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
	files to limit access to those files.

	Bug: https://gitlab.gnome.org/GNOME/glib/merge_requests/876
	Bug-CVE: CVE-2019-12450
	Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929753
	Origin: upstream, 2.61.1, commit:d8f8f4d637ce43f8699ba94c9b7648beda0ca174
	---
	gio/gfile.c \| 11 ++++++-----
	1 file changed, 6 insertions(+), 5 deletions(-)

	diff --git a/gio/gfile.c b/gio/gfile.c
	index a5709a4..e017ee1 100644
	--- a/gio/gfile.c
	+++ b/gio/gfile.c
	@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile *source,
	out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
	FALSE, NULL,
	flags & G_FILE_COPY_BACKUP,
	- G_FILE_CREATE_REPLACE_DESTINATION,
	- info,
	+ G_FILE_CREATE_REPLACE_DESTINATION \|
	+ G_FILE_CREATE_PRIVATE, info,
	cancellable, error);
	else
	out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),
	- FALSE, 0, info,
	+ FALSE, G_FILE_CREATE_PRIVATE, info,
	cancellable, error);
	}
	else if (flags & G_FILE_COPY_OVERWRITE)
	@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile *source,
	out = (GOutputStream *)g_file_replace (destination,
	NULL,
	flags & G_FILE_COPY_BACKUP,
	- G_FILE_CREATE_REPLACE_DESTINATION,
	+ G_FILE_CREATE_REPLACE_DESTINATION \|
	+ G_FILE_CREATE_PRIVATE,
	cancellable, error);
	}
	else
	{
	- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);
	+ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);
	}

	if (!out)