Package: release.debian.org Severity: normal Tags: stretch d-i User: release.debian....@packages.debian.org Usertags: pu
glib2.0 in stretch has some minor security vulnerabilities for which the security team have declined to issue DSAs: the most recent is also pending review as a buster update (#933535) and the others were already fixed before the buster release. I've prepared a backport of the fixes, which is very similar to the delta between jessie and jessie-lts. I have done some basic testing of this proposed update in a GNOME virtual machine, but I no longer have physical access to any stretch desktops that are in real use (the only stretch machines I'm responsible for will be upgraded to buster when I next get physical access to them) so additional testing by stretch users would be welcome, particularly by users of GTK-based desktops like GNOME and XFCE. Test binaries are available here: https://people.debian.org/~smcv/201908/ As with #933535, glib2.0 builds udebs for the graphical installer, so this will need a d-i ack. Thanks, smcv
diffstat for glib2.0-2.50.3 glib2.0-2.50.3 changelog | 22 + gbp.conf | 17 + patches/gfile-Limit-access-to-files-when-copying.patch | 54 ++++ patches/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch | 115 ++++++++++ patches/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch | 78 ++++++ patches/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch | 86 +++++++ patches/keyfile-settings-Use-tighter-permissions.patch | 48 ++++ patches/series | 5 8 files changed, 425 insertions(+) diff -Nru glib2.0-2.50.3/debian/changelog glib2.0-2.50.3/debian/changelog --- glib2.0-2.50.3/debian/changelog 2017-03-19 23:21:57.000000000 +0000 +++ glib2.0-2.50.3/debian/changelog 2019-08-13 10:46:20.000000000 +0100 @@ -1,3 +1,25 @@ +glib2.0 (2.50.3-2+deb9u1) stretch; urgency=medium + + * Team upload + * d/gbp.conf: Add GNOME team configuration + * d/p/gfile-Limit-access-to-files-when-copying.patch: + When copying files, give the temporary partial copy of the file + suitably restrictive permissions (Closes: #929753; CVE-2019-12450) + * d/p/keyfile-settings-Use-tighter-permissions.patch: + Create directory and file with restrictive permissions when using the + GKeyfileSettingsBackend. Mitigation: in this version of GLib, the + GKeyfileSettingsBackend can only be used explicitly by code, and is + never selected automatically. (Closes: #931234; CVE-2019-13012) + * d/p/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch, + d/p/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch: + Avoid buffer read overrun when formatting error messages for invalid + UTF-8 in GMarkup (CVE-2018-16429) + * d/p/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch: + Avoid NULL dereference when parsing invalid GMarkup with a malformed + closing tag not paired with an opening tag (CVE-2018-16429) + + -- Simon McVittie <s...@debian.org> Tue, 13 Aug 2019 10:46:20 +0100 + glib2.0 (2.50.3-2) unstable; urgency=medium * debian/patches/tests-gdatetime-Use-a-real-rather-than-invented-time.patch: diff -Nru glib2.0-2.50.3/debian/gbp.conf glib2.0-2.50.3/debian/gbp.conf --- glib2.0-2.50.3/debian/gbp.conf 1970-01-01 01:00:00.000000000 +0100 +++ glib2.0-2.50.3/debian/gbp.conf 2019-08-13 10:46:20.000000000 +0100 @@ -0,0 +1,17 @@ +[DEFAULT] +pristine-tar = True +debian-branch = debian/stretch +upstream-branch = upstream/2.50.x +upstream-vcs-tag = %(version)s + +[buildpackage] +sign-tags = True + +[dch] +multimaint-merge = True + +[import-orig] +postimport = dch -v%(version)s New upstream release; git add debian/changelog; debcommit + +[pq] +patch-numbers = False diff -Nru glib2.0-2.50.3/debian/patches/gfile-Limit-access-to-files-when-copying.patch glib2.0-2.50.3/debian/patches/gfile-Limit-access-to-files-when-copying.patch --- glib2.0-2.50.3/debian/patches/gfile-Limit-access-to-files-when-copying.patch 1970-01-01 01:00:00.000000000 +0100 +++ glib2.0-2.50.3/debian/patches/gfile-Limit-access-to-files-when-copying.patch 2019-08-13 10:46:20.000000000 +0100 @@ -0,0 +1,54 @@ +From: Ondrej Holy <oh...@redhat.com> +Date: Thu, 23 May 2019 10:41:53 +0200 +Subject: gfile: Limit access to files when copying + +file_copy_fallback creates new files with default permissions and +set the correct permissions after the operation is finished. This +might cause that the files can be accessible by more users during +the operation than expected. Use G_FILE_CREATE_PRIVATE for the new +files to limit access to those files. + +Bug: https://gitlab.gnome.org/GNOME/glib/merge_requests/876 +Bug-CVE: CVE-2019-12450 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929753 +Origin: upstream, 2.61.1, commit:d8f8f4d637ce43f8699ba94c9b7648beda0ca174 +--- + gio/gfile.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/gio/gfile.c b/gio/gfile.c +index 851213e..c085fb1 100644 +--- a/gio/gfile.c ++++ b/gio/gfile.c +@@ -3154,12 +3154,12 @@ file_copy_fallback (GFile *source, + out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)), + FALSE, NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, +- info, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, info, + cancellable, error); + else + out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)), +- FALSE, 0, info, ++ FALSE, G_FILE_CREATE_PRIVATE, info, + cancellable, error); + } + else if (flags & G_FILE_COPY_OVERWRITE) +@@ -3167,12 +3167,13 @@ file_copy_fallback (GFile *source, + out = (GOutputStream *)g_file_replace (destination, + NULL, + flags & G_FILE_COPY_BACKUP, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + cancellable, error); + } + else + { +- out = (GOutputStream *)g_file_create (destination, 0, cancellable, error); ++ out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error); + } + + if (!out) diff -Nru glib2.0-2.50.3/debian/patches/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch glib2.0-2.50.3/debian/patches/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch --- glib2.0-2.50.3/debian/patches/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch 1970-01-01 01:00:00.000000000 +0100 +++ glib2.0-2.50.3/debian/patches/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch 2019-08-13 10:46:20.000000000 +0100 @@ -0,0 +1,115 @@ +From: Philip Withnall <withn...@endlessm.com> +Date: Fri, 26 Oct 2018 23:06:37 +1300 +Subject: gmarkup: Avoid reading off the end of a buffer when + non-nul-terminated + +When extracting a UTF-8 character to put in an error message on parse +failure, pass the remaining buffer length to utf8_str() to avoid it +running off the end of the input buffer. It previously assumed that the +buffer was nul-terminated, which was the case in all the tests until +now. + +A following commit will add test coverage for this. + +Signed-off-by: Philip Withnall <withn...@endlessm.com> +(cherry picked from commit 8cfe53f081f8147cd3c36aebf64c635e04d3ab09) + +Origin: backport +--- + glib/gmarkup.c | 30 ++++++++++++++++++++---------- + 1 file changed, 20 insertions(+), 10 deletions(-) + +diff --git a/glib/gmarkup.c b/glib/gmarkup.c +index 57199a5..0b8f521 100644 +--- a/glib/gmarkup.c ++++ b/glib/gmarkup.c +@@ -563,12 +563,14 @@ char_str (gunichar c, + * emitting it as hex escapes. */ + static gchar* + utf8_str (const gchar *utf8, ++ gsize max_len, + gchar *buf) + { +- gunichar c = g_utf8_get_char_validated (utf8, -1); ++ gunichar c = g_utf8_get_char_validated (utf8, max_len); + if (c == (gunichar) -1 || c == (gunichar) -2) + { +- gchar *temp = g_strdup_printf ("\\x%02x", (guint)(guchar)*utf8); ++ guchar ch = (max_len > 0) ? (guchar) *utf8 : 0; ++ gchar *temp = g_strdup_printf ("\\x%02x", (guint) ch); + memset (buf, 0, 8); + memcpy (buf, temp, strlen (temp)); + g_free (temp); +@@ -1223,7 +1225,8 @@ g_markup_parse_context_parse (GMarkupParseContext *context, + _("'%s' is not a valid character following " + "a '<' character; it may not begin an " + "element name"), +- utf8_str (context->iter, buf)); ++ utf8_str (context->iter, ++ context->current_text_end - context->iter, buf)); + } + break; + +@@ -1264,7 +1267,8 @@ g_markup_parse_context_parse (GMarkupParseContext *context, + G_MARKUP_ERROR_PARSE, + _("Odd character '%s', expected a '>' character " + "to end the empty-element tag '%s'"), +- utf8_str (context->iter, buf), ++ utf8_str (context->iter, ++ context->current_text_end - context->iter, buf), + current_element (context)); + } + break; +@@ -1345,7 +1349,8 @@ g_markup_parse_context_parse (GMarkupParseContext *context, + G_MARKUP_ERROR_PARSE, + _("Odd character '%s', expected a '=' after " + "attribute name '%s' of element '%s'"), +- utf8_str (context->iter, buf), ++ utf8_str (context->iter, ++ context->current_text_end - context->iter, buf), + current_attribute (context), + current_element (context)); + +@@ -1389,7 +1394,8 @@ g_markup_parse_context_parse (GMarkupParseContext *context, + "element '%s', or optionally an attribute; " + "perhaps you used an invalid character in " + "an attribute name"), +- utf8_str (context->iter, buf), ++ utf8_str (context->iter, ++ context->current_text_end - context->iter, buf), + current_element (context)); + } + +@@ -1431,7 +1437,8 @@ g_markup_parse_context_parse (GMarkupParseContext *context, + _("Odd character '%s', expected an open quote mark " + "after the equals sign when giving value for " + "attribute '%s' of element '%s'"), +- utf8_str (context->iter, buf), ++ utf8_str (context->iter, ++ context->current_text_end - context->iter, buf), + current_attribute (context), + current_element (context)); + } +@@ -1564,8 +1571,10 @@ g_markup_parse_context_parse (GMarkupParseContext *context, + _("'%s' is not a valid character following " + "the characters '</'; '%s' may not begin an " + "element name"), +- utf8_str (context->iter, buf), +- utf8_str (context->iter, buf)); ++ utf8_str (context->iter, ++ context->current_text_end - context->iter, buf), ++ utf8_str (context->iter, ++ context->current_text_end - context->iter, buf)); + } + break; + +@@ -1600,7 +1609,8 @@ g_markup_parse_context_parse (GMarkupParseContext *context, + _("'%s' is not a valid character following " + "the close element name '%s'; the allowed " + "character is '>'"), +- utf8_str (context->iter, buf), ++ utf8_str (context->iter, ++ context->current_text_end - context->iter, buf), + close_name->str); + } + else if (context->tag_stack == NULL) diff -Nru glib2.0-2.50.3/debian/patches/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch glib2.0-2.50.3/debian/patches/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch --- glib2.0-2.50.3/debian/patches/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch 1970-01-01 01:00:00.000000000 +0100 +++ glib2.0-2.50.3/debian/patches/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch 2019-08-13 10:46:20.000000000 +0100 @@ -0,0 +1,78 @@ +From: Philip Withnall <withn...@endlessm.com> +Date: Mon, 30 Jul 2018 18:33:39 +0100 +Subject: gmarkup: Fix crash in error handling path for closing elements +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +If something which looks like a closing tag is left unfinished, but +isn’t paired to an opening tag in the document, the error handling code +would do a null pointer dereference. Avoid that, at the cost of +introducing a new translatable error message. + +Includes a test case, courtesy of pdknsk. + +Signed-off-by: Philip Withnall <withn...@endlessm.com> + +Bug: https://gitlab.gnome.org/GNOME/glib/issues/1364 +Bug: https://gitlab.gnome.org/GNOME/glib/issues/1461 +Origin: backport, commit:fccef3cc822af74699cca84cd202719ae61ca3b9 +CVE: CVE-2018-16428 +--- + glib/gmarkup.c | 11 ++++++++--- + glib/tests/Makefile.am | 1 + + glib/tests/markups/fail-51.expected | 1 + + glib/tests/markups/fail-51.gmarkup | 1 + + 4 files changed, 11 insertions(+), 3 deletions(-) + create mode 100644 glib/tests/markups/fail-51.expected + create mode 100644 glib/tests/markups/fail-51.gmarkup + +diff --git a/glib/gmarkup.c b/glib/gmarkup.c +index 0b8f521..f67b0c4 100644 +--- a/glib/gmarkup.c ++++ b/glib/gmarkup.c +@@ -1855,9 +1855,14 @@ g_markup_parse_context_end_parse (GMarkupParseContext *context, + case STATE_AFTER_CLOSE_TAG_SLASH: + case STATE_INSIDE_CLOSE_TAG_NAME: + case STATE_AFTER_CLOSE_TAG_NAME: +- set_error (context, error, G_MARKUP_ERROR_PARSE, +- _("Document ended unexpectedly inside the close tag for " +- "element '%s'"), current_element (context)); ++ if (context->tag_stack != NULL) ++ set_error (context, error, G_MARKUP_ERROR_PARSE, ++ _("Document ended unexpectedly inside the close tag for " ++ "element '%s'"), current_element (context)); ++ else ++ set_error (context, error, G_MARKUP_ERROR_PARSE, ++ _("Document ended unexpectedly inside the close tag for an " ++ "unopened element")); + break; + + case STATE_INSIDE_PASSTHROUGH: +diff --git a/glib/tests/Makefile.am b/glib/tests/Makefile.am +index 6cdcc33..99e6f2d 100644 +--- a/glib/tests/Makefile.am ++++ b/glib/tests/Makefile.am +@@ -155,6 +155,7 @@ markup_tests = \ + fail-36 fail-37 fail-38 fail-39 fail-40 \ + fail-41 fail-42 fail-43 fail-44 fail-45 \ + fail-46 fail-47 fail-48 fail-49 fail-50 \ ++ fail-51 \ + valid-1 valid-2 valid-3 valid-4 valid-5 \ + valid-6 valid-7 valid-8 valid-9 valid-10 \ + valid-11 valid-12 valid-13 valid-14 valid-15 \ +diff --git a/glib/tests/markups/fail-51.expected b/glib/tests/markups/fail-51.expected +new file mode 100644 +index 0000000..1c7e8d4 +--- /dev/null ++++ b/glib/tests/markups/fail-51.expected +@@ -0,0 +1 @@ ++ERROR Error on line 1 char 5: Document ended unexpectedly inside the close tag for an unopened element +diff --git a/glib/tests/markups/fail-51.gmarkup b/glib/tests/markups/fail-51.gmarkup +new file mode 100644 +index 0000000..860e1e6 +--- /dev/null ++++ b/glib/tests/markups/fail-51.gmarkup +@@ -0,0 +1 @@ ++</0< +\ No newline at end of file diff -Nru glib2.0-2.50.3/debian/patches/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch glib2.0-2.50.3/debian/patches/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch --- glib2.0-2.50.3/debian/patches/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch 1970-01-01 01:00:00.000000000 +0100 +++ glib2.0-2.50.3/debian/patches/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch 2019-08-13 10:46:20.000000000 +0100 @@ -0,0 +1,86 @@ +From: Philip Withnall <withn...@endlessm.com> +Date: Mon, 30 Jul 2018 18:10:25 +0100 +Subject: gmarkup: Fix unvalidated UTF-8 read in markup parsing error paths +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +When formatting the error messages for markup parsing errors, the parser +was unconditionally reading a UTF-8 character from the input buffer — +but the buffer might end with a partial code sequence, resulting in +reading off the end of the buffer by up to three bytes. + +Fix this and add a test case, courtesy of pdknsk. + +Signed-off-by: Philip Withnall <withn...@endlessm.com> + +Bug: https://gitlab.gnome.org/GNOME/glib/issues/1361 +Bug: https://gitlab.gnome.org/GNOME/glib/issues/1462 +Origin: backport, commit:cec71705406f0b2790422f0c1aa0ff3b4b464b1b +CVE: CVE-2018-16429 +--- + glib/gmarkup.c | 14 +++++++++++++- + glib/tests/Makefile.am | 2 +- + glib/tests/markups/fail-50.expected | 1 + + glib/tests/markups/fail-50.gmarkup | 1 + + 4 files changed, 16 insertions(+), 2 deletions(-) + create mode 100644 glib/tests/markups/fail-50.expected + create mode 100644 glib/tests/markups/fail-50.gmarkup + +diff --git a/glib/gmarkup.c b/glib/gmarkup.c +index 7103d48..57199a5 100644 +--- a/glib/gmarkup.c ++++ b/glib/gmarkup.c +@@ -558,11 +558,23 @@ char_str (gunichar c, + return buf; + } + ++/* Format the next UTF-8 character as a gchar* for printing in error output ++ * when we encounter a syntax error. This correctly handles invalid UTF-8, ++ * emitting it as hex escapes. */ + static gchar* + utf8_str (const gchar *utf8, + gchar *buf) + { +- char_str (g_utf8_get_char (utf8), buf); ++ gunichar c = g_utf8_get_char_validated (utf8, -1); ++ if (c == (gunichar) -1 || c == (gunichar) -2) ++ { ++ gchar *temp = g_strdup_printf ("\\x%02x", (guint)(guchar)*utf8); ++ memset (buf, 0, 8); ++ memcpy (buf, temp, strlen (temp)); ++ g_free (temp); ++ } ++ else ++ char_str (c, buf); + return buf; + } + +diff --git a/glib/tests/Makefile.am b/glib/tests/Makefile.am +index a6bcef0..6cdcc33 100644 +--- a/glib/tests/Makefile.am ++++ b/glib/tests/Makefile.am +@@ -154,7 +154,7 @@ markup_tests = \ + fail-31 fail-32 fail-33 fail-34 fail-35 \ + fail-36 fail-37 fail-38 fail-39 fail-40 \ + fail-41 fail-42 fail-43 fail-44 fail-45 \ +- fail-46 fail-47 fail-48 fail-49 \ ++ fail-46 fail-47 fail-48 fail-49 fail-50 \ + valid-1 valid-2 valid-3 valid-4 valid-5 \ + valid-6 valid-7 valid-8 valid-9 valid-10 \ + valid-11 valid-12 valid-13 valid-14 valid-15 \ +diff --git a/glib/tests/markups/fail-50.expected b/glib/tests/markups/fail-50.expected +new file mode 100644 +index 0000000..e0a11e7 +--- /dev/null ++++ b/glib/tests/markups/fail-50.expected +@@ -0,0 +1 @@ ++ERROR Error on line 1 char 5: Odd character '\xfc', expected an open quote mark after the equals sign when giving value for attribute 'r' of element '' +diff --git a/glib/tests/markups/fail-50.gmarkup b/glib/tests/markups/fail-50.gmarkup +new file mode 100644 +index 0000000..f110f15 +--- /dev/null ++++ b/glib/tests/markups/fail-50.gmarkup +@@ -0,0 +1 @@ ++< r=� +\ No newline at end of file diff -Nru glib2.0-2.50.3/debian/patches/keyfile-settings-Use-tighter-permissions.patch glib2.0-2.50.3/debian/patches/keyfile-settings-Use-tighter-permissions.patch --- glib2.0-2.50.3/debian/patches/keyfile-settings-Use-tighter-permissions.patch 1970-01-01 01:00:00.000000000 +0100 +++ glib2.0-2.50.3/debian/patches/keyfile-settings-Use-tighter-permissions.patch 2019-08-13 10:46:20.000000000 +0100 @@ -0,0 +1,48 @@ +From: Matthias Clasen <mcla...@redhat.com> +Date: Tue, 22 Jan 2019 13:26:31 -0500 +Subject: keyfile settings: Use tighter permissions + +When creating directories, create them with 700 permissions, +instead of 777. + +Bug: https://gitlab.gnome.org/GNOME/glib/issues/1658 +Origin: backport, 2.60.0, commit:5e4da714f00f6bfb2ccd6d73d61329c6f3a08429 +CVE: CVE-2019-13012 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234 +--- + gio/gkeyfilesettingsbackend.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 8eb7681..b87ff96 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -89,7 +89,8 @@ g_keyfile_settings_backend_keyfile_write (GKeyfileSettingsBackend *kfsb) + + contents = g_key_file_to_data (kfsb->keyfile, &length, NULL); + g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, +- G_FILE_CREATE_REPLACE_DESTINATION, ++ G_FILE_CREATE_REPLACE_DESTINATION | ++ G_FILE_CREATE_PRIVATE, + NULL, NULL, NULL); + + compute_checksum (kfsb->digest, contents, length); +@@ -627,6 +628,7 @@ g_keyfile_settings_backend_new (const gchar *filename, + const gchar *root_group) + { + GKeyfileSettingsBackend *kfsb; ++ char *dir; + + g_return_val_if_fail (filename != NULL, NULL); + g_return_val_if_fail (root_path != NULL, NULL); +@@ -640,7 +642,9 @@ g_keyfile_settings_backend_new (const gchar *filename, + + kfsb->file = g_file_new_for_path (filename); + kfsb->dir = g_file_get_parent (kfsb->file); +- g_file_make_directory_with_parents (kfsb->dir, NULL, NULL); ++ dir = g_file_get_path (kfsb->dir); ++ g_mkdir_with_parents (dir, 0700); ++ g_free (dir); + + kfsb->file_monitor = g_file_monitor (kfsb->file, 0, NULL, NULL); + kfsb->dir_monitor = g_file_monitor (kfsb->dir, 0, NULL, NULL); diff -Nru glib2.0-2.50.3/debian/patches/series glib2.0-2.50.3/debian/patches/series --- glib2.0-2.50.3/debian/patches/series 2017-03-19 23:06:44.000000000 +0000 +++ glib2.0-2.50.3/debian/patches/series 2019-08-13 10:46:20.000000000 +0100 @@ -13,3 +13,8 @@ skip-broken-timer-test.patch 0001-Fix-trashing-on-overlayfs.patch tests-gdatetime-Use-a-real-rather-than-invented-time.patch +gfile-Limit-access-to-files-when-copying.patch +keyfile-settings-Use-tighter-permissions.patch +gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch +gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch +gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch