On Sat, 20 Mar 2021 at 17:08:14 +0000, Simon McVittie wrote: > [x] attach debdiff against the package in testing > (as with the recent mutter and gnome-shell unblocks, to minimize > noise this is a diff between patched trees, excluding the patches > themselves)
Sorry, really attached now. smcv
git diff archive/debian/2.66.7-2..patch-queue/debian/master | filterdiff -p1 --exclude 'debian/patches/*.patch' diff --git a/NEWS b/NEWS index 0f0a6a28b..d4a4703d2 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,15 @@ +Overview of changes in GLib 2.66.8 +================================== + +* Fix a security issue when using `g_file_replace()` with + `G_FILE_CREATE_REPLACE_DESTINATION` (#2325) + +* Bugs fixed: + - #2325 file-roller symlink attack + - !1982 Backport !2325 “file-roller symlink attack” to glib-2-66 + - !1990 Backport !1976 “Use the right permissions for directory watching on Win32” to glib-2-66 + + Overview of changes in GLib 2.66.7 ================================== diff --git a/debian/changelog b/debian/changelog index eefd875a6..80c0657ef 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,23 @@ +glib2.0 (2.66.8-1) unstable; urgency=medium + + * d/watch: Only watch for 2.66.x versions. + 2.68.0 has been released but will not be in bullseye. + * New upstream release + - Functionally equivalent to 2.66.7-2, except for the version number + and a change to Windows-specific code that is not used in Debian + * Drop patches that were included in the new upstream release + * d/p/glocalfileoutputstream-Tidy-up-error-handling.patch: + Add patch from upstream to clean up error handling. + After the fix for #984969, this function could end up calling close(-1), + which is harmless but gets flagged as an error by static analysis and + by error-checking instrumentation. Fixing this will prevent it from + obscuring real errors. + * Add CVE references in recent changelog entries. + CVE IDs for the vulnerabilities were not available at the time they were + fixed, but now they are. + + -- Simon McVittie <s...@debian.org> Sat, 20 Mar 2021 15:35:19 +0000 + glib2.0 (2.66.7-2) unstable; urgency=medium * d/changelog: Add bug numbers for integer overflows in previous versions @@ -6,7 +26,7 @@ glib2.0 (2.66.7-2) unstable; urgency=medium replace a path that is a dangling symlink, previously it would have also created the target of the symlink as an empty file, which could conceivably be security-sensitive if the symlink is attacker-controlled. - (Closes: #984969) + (Closes: #984969; CVE-2021-28153) -- Simon McVittie <s...@debian.org> Thu, 11 Mar 2021 10:23:38 +0000 @@ -16,7 +36,7 @@ glib2.0 (2.66.7-1) unstable; urgency=high - Fix another regression caused by the GHSL-2021-045 fixes in 2.66.6 - Warn and fail on integer overflow in g_byte_array_new_take() for arrays larger than G_MAXUINT - (Closes: #982779; similar to GHSL-2021-045) + (Closes: #982779; CVE-2021-27218) - Disallow using currently-undefined D-Bus connection or server flags, to prevent forward-compatibility problems with new security-sensitive flags that are likely to be introduced in GLib 2.68 @@ -41,7 +61,7 @@ glib2.0 (2.66.6-1) unstable; urgency=high * New upstream release - Fix various integer overflows, some of them potentially exploitable - (Closes: #982778, GHSL-2021-045) + (Closes: #982778; CVE-2021-27219, GHSL-2021-045) -- Simon McVittie <s...@debian.org> Thu, 04 Feb 2021 20:24:20 +0000 diff --git a/debian/patches/glocalfileoutputstream-Tidy-up-error-handling.patch b/debian/patches/glocalfileoutputstream-Tidy-up-error-handling.patch new file mode 100644 index 000000000..04f040d40 diff --git a/debian/patches/series b/debian/patches/series index 772de8095..8e7842b2f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,10 +1,6 @@ -glocalfileoutputstream-Fix-a-typo-in-a-comment.patch -tests-Stop-using-g_test_bug_base-in-file-tests.patch -glocalfileoutputstream-Factor-out-a-flag-check.patch -glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATION-wit.patch -glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-to-re.patch glib-tests-fileutils-Make-more-use-of-g_assert_no_errno.patch glib-tests-fileutils-Fix-expectations-when-running-as-roo.patch +glocalfileoutputstream-Tidy-up-error-handling.patch 01_gettext-desktopfiles.patch 0001-timer-test-use-volatile-for-locals.patch gwakeuptest-Be-less-parallel-unless-invoked-with-m-slow.patch diff --git a/debian/watch b/debian/watch index f028879b9..5a5e3cbab 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,3 @@ version=4 -https://download.gnome.org/sources/glib/([\d\.]+[02468])/ \ +https://download.gnome.org/sources/glib/2.66/ \ glib@ANY_VERSION@\.tar\.xz diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c index 4c512ea81..78d3e85a6 100644 --- a/gio/glocalfileoutputstream.c +++ b/gio/glocalfileoutputstream.c @@ -943,7 +943,7 @@ handle_overwrite_open (const char *filename, _("Error when getting information for file “%s”: %s"), display_name, g_strerror (errsv)); g_free (display_name); - goto err_out; + goto error; } /* not a regular file */ @@ -955,7 +955,7 @@ handle_overwrite_open (const char *filename, G_IO_ERROR, G_IO_ERROR_IS_DIRECTORY, _("Target file is a directory")); - goto err_out; + goto error; } else if (!is_symlink || #ifdef S_ISLNK @@ -969,7 +969,7 @@ handle_overwrite_open (const char *filename, G_IO_ERROR, G_IO_ERROR_NOT_REGULAR_FILE, _("Target file is not a regular file")); - goto err_out; + goto error; } } @@ -983,7 +983,7 @@ handle_overwrite_open (const char *filename, G_IO_ERROR_WRONG_ETAG, _("The file was externally modified")); g_free (current_etag); - goto err_out; + goto error; } g_free (current_etag); } @@ -1078,7 +1078,7 @@ handle_overwrite_open (const char *filename, G_IO_ERROR_CANT_CREATE_BACKUP, _("Backup file creation failed")); g_free (backup_filename); - goto err_out; + goto error; } bfd = g_open (backup_filename, @@ -1092,7 +1092,7 @@ handle_overwrite_open (const char *filename, G_IO_ERROR_CANT_CREATE_BACKUP, _("Backup file creation failed")); g_free (backup_filename); - goto err_out; + goto error; } /* If needed, Try to set the group of the backup same as the @@ -1109,7 +1109,7 @@ handle_overwrite_open (const char *filename, g_unlink (backup_filename); g_close (bfd, NULL); g_free (backup_filename); - goto err_out; + goto error; } if ((_g_stat_gid (&original_stat) != _g_stat_gid (&tmp_statbuf)) && @@ -1126,7 +1126,7 @@ handle_overwrite_open (const char *filename, g_unlink (backup_filename); g_close (bfd, NULL); g_free (backup_filename); - goto err_out; + goto error; } } #endif @@ -1141,7 +1141,7 @@ handle_overwrite_open (const char *filename, g_close (bfd, NULL); g_free (backup_filename); - goto err_out; + goto error; } g_close (bfd, NULL); @@ -1156,7 +1156,7 @@ handle_overwrite_open (const char *filename, g_io_error_from_errno (errsv), _("Error seeking in file: %s"), g_strerror (errsv)); - goto err_out; + goto error; } } @@ -1172,7 +1172,7 @@ handle_overwrite_open (const char *filename, g_io_error_from_errno (errsv), _("Error removing old file: %s"), g_strerror (errsv)); - goto err_out2; + goto error; } if (readable) @@ -1189,7 +1189,7 @@ handle_overwrite_open (const char *filename, _("Error opening file “%s”: %s"), display_name, g_strerror (errsv)); g_free (display_name); - goto err_out2; + goto error; } } else @@ -1207,15 +1207,16 @@ handle_overwrite_open (const char *filename, g_io_error_from_errno (errsv), _("Error truncating file: %s"), g_strerror (errsv)); - goto err_out; + goto error; } } return fd; - err_out: - g_close (fd, NULL); - err_out2: +error: + if (fd >= 0) + g_close (fd, NULL); + return -1; } diff --git a/gio/win32/gwin32fsmonitorutils.c b/gio/win32/gwin32fsmonitorutils.c index e6b7d1dcd..b47124634 100644 --- a/gio/win32/gwin32fsmonitorutils.c +++ b/gio/win32/gwin32fsmonitorutils.c @@ -345,7 +345,7 @@ g_win32_fs_monitor_init (GWin32FSMonitorPrivate *monitor, monitor->file_attribs = INVALID_FILE_ATTRIBUTES; monitor->pfni_prev = NULL; monitor->hDirectory = CreateFileW (wdirname_with_long_prefix != NULL ? wdirname_with_long_prefix : monitor->wfullpath_with_long_prefix, - FILE_GENERIC_READ | FILE_GENERIC_WRITE, + FILE_LIST_DIRECTORY, FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, diff --git a/meson.build b/meson.build index aee96566c..740e46b86 100644 --- a/meson.build +++ b/meson.build @@ -1,5 +1,5 @@ project('glib', 'c', 'cpp', - version : '2.66.7', + version : '2.66.8', # NOTE: We keep this pinned at 0.49 because that's what Debian 10 ships meson_version : '>= 0.49.2', default_options : [