Bug#985610: unblock (pre-approval): glib2.0/2.66.8-1

[Simon McVittie <smcv@debian.org>]

On Sat, 20 Mar 2021 at 17:08:14 +0000, Simon McVittie wrote:
>   [x] attach debdiff against the package in testing
>       (as with the recent mutter and gnome-shell unblocks, to minimize
>       noise this is a diff between patched trees, excluding the patches
>       themselves)

Sorry, really attached now.

    smcv

git diff archive/debian/2.66.7-2..patch-queue/debian/master | filterdiff -p1 --exclude 'debian/patches/*.patch'

diff --git a/NEWS b/NEWS
index 0f0a6a28b..d4a4703d2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,15 @@
+Overview of changes in GLib 2.66.8
+==================================
+
+* Fix a security issue when using `g_file_replace()` with
+  `G_FILE_CREATE_REPLACE_DESTINATION` (#2325)
+
+* Bugs fixed:
+ - #2325 file-roller symlink attack
+ - !1982 Backport !2325 “file-roller symlink attack” to glib-2-66
+ - !1990 Backport !1976 “Use the right permissions for directory watching on Win32” to glib-2-66
+
+
 Overview of changes in GLib 2.66.7
 ==================================
 
diff --git a/debian/changelog b/debian/changelog
index eefd875a6..80c0657ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+glib2.0 (2.66.8-1) unstable; urgency=medium
+
+  * d/watch: Only watch for 2.66.x versions.
+    2.68.0 has been released but will not be in bullseye.
+  * New upstream release
+    - Functionally equivalent to 2.66.7-2, except for the version number
+      and a change to Windows-specific code that is not used in Debian
+  * Drop patches that were included in the new upstream release
+  * d/p/glocalfileoutputstream-Tidy-up-error-handling.patch:
+    Add patch from upstream to clean up error handling.
+    After the fix for #984969, this function could end up calling close(-1),
+    which is harmless but gets flagged as an error by static analysis and
+    by error-checking instrumentation. Fixing this will prevent it from
+    obscuring real errors.
+  * Add CVE references in recent changelog entries.
+    CVE IDs for the vulnerabilities were not available at the time they were
+    fixed, but now they are.
+
+ -- Simon McVittie <smcv@debian.org>  Sat, 20 Mar 2021 15:35:19 +0000
+
 glib2.0 (2.66.7-2) unstable; urgency=medium
 
   * d/changelog: Add bug numbers for integer overflows in previous versions
@@ -6,7 +26,7 @@ glib2.0 (2.66.7-2) unstable; urgency=medium
     replace a path that is a dangling symlink, previously it would have also
     created the target of the symlink as an empty file, which could
     conceivably be security-sensitive if the symlink is attacker-controlled.
-    (Closes: #984969)
+    (Closes: #984969; CVE-2021-28153)
 
  -- Simon McVittie <smcv@debian.org>  Thu, 11 Mar 2021 10:23:38 +0000
 
@@ -16,7 +36,7 @@ glib2.0 (2.66.7-1) unstable; urgency=high
     - Fix another regression caused by the GHSL-2021-045 fixes in 2.66.6
     - Warn and fail on integer overflow in g_byte_array_new_take()
       for arrays larger than G_MAXUINT
-      (Closes: #982779; similar to GHSL-2021-045)
+      (Closes: #982779; CVE-2021-27218)
     - Disallow using currently-undefined D-Bus connection or server flags,
       to prevent forward-compatibility problems with new security-sensitive
       flags that are likely to be introduced in GLib 2.68
@@ -41,7 +61,7 @@ glib2.0 (2.66.6-1) unstable; urgency=high
 
   * New upstream release
     - Fix various integer overflows, some of them potentially exploitable
-      (Closes: #982778, GHSL-2021-045)
+      (Closes: #982778; CVE-2021-27219, GHSL-2021-045)
 
  -- Simon McVittie <smcv@debian.org>  Thu, 04 Feb 2021 20:24:20 +0000
 
diff --git a/debian/patches/glocalfileoutputstream-Tidy-up-error-handling.patch b/debian/patches/glocalfileoutputstream-Tidy-up-error-handling.patch
new file mode 100644
index 000000000..04f040d40
diff --git a/debian/patches/series b/debian/patches/series
index 772de8095..8e7842b2f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,10 +1,6 @@
-glocalfileoutputstream-Fix-a-typo-in-a-comment.patch
-tests-Stop-using-g_test_bug_base-in-file-tests.patch
-glocalfileoutputstream-Factor-out-a-flag-check.patch
-glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATION-wit.patch
-glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-to-re.patch
 glib-tests-fileutils-Make-more-use-of-g_assert_no_errno.patch
 glib-tests-fileutils-Fix-expectations-when-running-as-roo.patch
+glocalfileoutputstream-Tidy-up-error-handling.patch
 01_gettext-desktopfiles.patch
 0001-timer-test-use-volatile-for-locals.patch
 gwakeuptest-Be-less-parallel-unless-invoked-with-m-slow.patch
diff --git a/debian/watch b/debian/watch
index f028879b9..5a5e3cbab 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,3 +1,3 @@
 version=4
-https://download.gnome.org/sources/glib/([\d\.]+[02468])/ \
+https://download.gnome.org/sources/glib/2.66/ \
 	glib@ANY_VERSION@\.tar\.xz
diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
index 4c512ea81..78d3e85a6 100644
--- a/gio/glocalfileoutputstream.c
+++ b/gio/glocalfileoutputstream.c
@@ -943,7 +943,7 @@ handle_overwrite_open (const char    *filename,
 		   _("Error when getting information for file “%s”: %s"),
 		   display_name, g_strerror (errsv));
       g_free (display_name);
-      goto err_out;
+      goto error;
     }
   
   /* not a regular file */
@@ -955,7 +955,7 @@ handle_overwrite_open (const char    *filename,
                                G_IO_ERROR,
                                G_IO_ERROR_IS_DIRECTORY,
                                _("Target file is a directory"));
-          goto err_out;
+          goto error;
         }
       else if (!is_symlink ||
 #ifdef S_ISLNK
@@ -969,7 +969,7 @@ handle_overwrite_open (const char    *filename,
                              G_IO_ERROR,
                              G_IO_ERROR_NOT_REGULAR_FILE,
                              _("Target file is not a regular file"));
-          goto err_out;
+          goto error;
         }
     }
   
@@ -983,7 +983,7 @@ handle_overwrite_open (const char    *filename,
                                G_IO_ERROR_WRONG_ETAG,
                                _("The file was externally modified"));
 	  g_free (current_etag);
-	  goto err_out;
+          goto error;
 	}
       g_free (current_etag);
     }
@@ -1078,7 +1078,7 @@ handle_overwrite_open (const char    *filename,
                                G_IO_ERROR_CANT_CREATE_BACKUP,
                                _("Backup file creation failed"));
 	  g_free (backup_filename);
-	  goto err_out;
+          goto error;
 	}
 
       bfd = g_open (backup_filename,
@@ -1092,7 +1092,7 @@ handle_overwrite_open (const char    *filename,
                                G_IO_ERROR_CANT_CREATE_BACKUP,
                                _("Backup file creation failed"));
 	  g_free (backup_filename);
-	  goto err_out;
+          goto error;
 	}
 
       /* If needed, Try to set the group of the backup same as the
@@ -1109,7 +1109,7 @@ handle_overwrite_open (const char    *filename,
 	  g_unlink (backup_filename);
 	  g_close (bfd, NULL);
 	  g_free (backup_filename);
-	  goto err_out;
+          goto error;
 	}
       
       if ((_g_stat_gid (&original_stat) != _g_stat_gid (&tmp_statbuf))  &&
@@ -1126,7 +1126,7 @@ handle_overwrite_open (const char    *filename,
 	      g_unlink (backup_filename);
 	      g_close (bfd, NULL);
 	      g_free (backup_filename);
-	      goto err_out;
+              goto error;
 	    }
 	}
 #endif
@@ -1141,7 +1141,7 @@ handle_overwrite_open (const char    *filename,
           g_close (bfd, NULL);
 	  g_free (backup_filename);
 	  
-	  goto err_out;
+          goto error;
 	}
       
       g_close (bfd, NULL);
@@ -1156,7 +1156,7 @@ handle_overwrite_open (const char    *filename,
 		       g_io_error_from_errno (errsv),
 		       _("Error seeking in file: %s"),
 		       g_strerror (errsv));
-	  goto err_out;
+          goto error;
 	}
     }
 
@@ -1172,7 +1172,7 @@ handle_overwrite_open (const char    *filename,
 		       g_io_error_from_errno (errsv),
 		       _("Error removing old file: %s"),
 		       g_strerror (errsv));
-	  goto err_out2;
+          goto error;
 	}
 
       if (readable)
@@ -1189,7 +1189,7 @@ handle_overwrite_open (const char    *filename,
 		       _("Error opening file “%s”: %s"),
 		       display_name, g_strerror (errsv));
 	  g_free (display_name);
-	  goto err_out2;
+          goto error;
 	}
     }
   else
@@ -1207,15 +1207,16 @@ handle_overwrite_open (const char    *filename,
 			 g_io_error_from_errno (errsv),
 			 _("Error truncating file: %s"),
 			 g_strerror (errsv));
-	    goto err_out;
+            goto error;
 	  }
     }
     
   return fd;
 
- err_out:
-  g_close (fd, NULL);
- err_out2:
+error:
+  if (fd >= 0)
+    g_close (fd, NULL);
+
   return -1;
 }
 
diff --git a/gio/win32/gwin32fsmonitorutils.c b/gio/win32/gwin32fsmonitorutils.c
index e6b7d1dcd..b47124634 100644
--- a/gio/win32/gwin32fsmonitorutils.c
+++ b/gio/win32/gwin32fsmonitorutils.c
@@ -345,7 +345,7 @@ g_win32_fs_monitor_init (GWin32FSMonitorPrivate *monitor,
     monitor->file_attribs = INVALID_FILE_ATTRIBUTES;
   monitor->pfni_prev = NULL;
   monitor->hDirectory = CreateFileW (wdirname_with_long_prefix != NULL ? wdirname_with_long_prefix : monitor->wfullpath_with_long_prefix,
-                                     FILE_GENERIC_READ | FILE_GENERIC_WRITE,
+                                     FILE_LIST_DIRECTORY,
                                      FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
                                      NULL,
                                      OPEN_EXISTING,
diff --git a/meson.build b/meson.build
index aee96566c..740e46b86 100644
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
 project('glib', 'c', 'cpp',
-  version : '2.66.7',
+  version : '2.66.8',
   # NOTE: We keep this pinned at 0.49 because that's what Debian 10 ships
   meson_version : '>= 0.49.2',
   default_options : [