Control: tags -1 confirmed moreinfo
On 2021-03-20 21:58:39 +0000, Simon McVittie wrote:
> On Sat, 20 Mar 2021 at 17:08:14 +0000, Simon McVittie wrote:
> > [x] attach debdiff against the package in testing
> > (as with the recent mutter and gnome-shell unblocks, to minimize
> > noise this is a diff between patched trees, excluding the patches
> > themselves)
>
> Sorry, really attached now.
Thanks, please go ahead and let us know once it reached unstable.
Cheers
>
> smcv
> git diff archive/debian/2.66.7-2..patch-queue/debian/master | filterdiff -p1 --exclude 'debian/patches/*.patch'
>
> diff --git a/NEWS b/NEWS
> index 0f0a6a28b..d4a4703d2 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -1,3 +1,15 @@
> +Overview of changes in GLib 2.66.8
> +==================================
> +
> +* Fix a security issue when using `g_file_replace()` with
> + `G_FILE_CREATE_REPLACE_DESTINATION` (#2325)
> +
> +* Bugs fixed:
> + - #2325 file-roller symlink attack
> + - !1982 Backport !2325 “file-roller symlink attack” to glib-2-66
> + - !1990 Backport !1976 “Use the right permissions for directory watching on Win32” to glib-2-66
> +
> +
> Overview of changes in GLib 2.66.7
> ==================================
>
> diff --git a/debian/changelog b/debian/changelog
> index eefd875a6..80c0657ef 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,23 @@
> +glib2.0 (2.66.8-1) unstable; urgency=medium
> +
> + * d/watch: Only watch for 2.66.x versions.
> + 2.68.0 has been released but will not be in bullseye.
> + * New upstream release
> + - Functionally equivalent to 2.66.7-2, except for the version number
> + and a change to Windows-specific code that is not used in Debian
> + * Drop patches that were included in the new upstream release
> + * d/p/glocalfileoutputstream-Tidy-up-error-handling.patch:
> + Add patch from upstream to clean up error handling.
> + After the fix for #984969, this function could end up calling close(-1),
> + which is harmless but gets flagged as an error by static analysis and
> + by error-checking instrumentation. Fixing this will prevent it from
> + obscuring real errors.
> + * Add CVE references in recent changelog entries.
> + CVE IDs for the vulnerabilities were not available at the time they were
> + fixed, but now they are.
> +
> + -- Simon McVittie <smcv@debian.org> Sat, 20 Mar 2021 15:35:19 +0000
> +
> glib2.0 (2.66.7-2) unstable; urgency=medium
>
> * d/changelog: Add bug numbers for integer overflows in previous versions
> @@ -6,7 +26,7 @@ glib2.0 (2.66.7-2) unstable; urgency=medium
> replace a path that is a dangling symlink, previously it would have also
> created the target of the symlink as an empty file, which could
> conceivably be security-sensitive if the symlink is attacker-controlled.
> - (Closes: #984969)
> + (Closes: #984969; CVE-2021-28153)
>
> -- Simon McVittie <smcv@debian.org> Thu, 11 Mar 2021 10:23:38 +0000
>
> @@ -16,7 +36,7 @@ glib2.0 (2.66.7-1) unstable; urgency=high
> - Fix another regression caused by the GHSL-2021-045 fixes in 2.66.6
> - Warn and fail on integer overflow in g_byte_array_new_take()
> for arrays larger than G_MAXUINT
> - (Closes: #982779; similar to GHSL-2021-045)
> + (Closes: #982779; CVE-2021-27218)
> - Disallow using currently-undefined D-Bus connection or server flags,
> to prevent forward-compatibility problems with new security-sensitive
> flags that are likely to be introduced in GLib 2.68
> @@ -41,7 +61,7 @@ glib2.0 (2.66.6-1) unstable; urgency=high
>
> * New upstream release
> - Fix various integer overflows, some of them potentially exploitable
> - (Closes: #982778, GHSL-2021-045)
> + (Closes: #982778; CVE-2021-27219, GHSL-2021-045)
>
> -- Simon McVittie <smcv@debian.org> Thu, 04 Feb 2021 20:24:20 +0000
>
> diff --git a/debian/patches/glocalfileoutputstream-Tidy-up-error-handling.patch b/debian/patches/glocalfileoutputstream-Tidy-up-error-handling.patch
> new file mode 100644
> index 000000000..04f040d40
> diff --git a/debian/patches/series b/debian/patches/series
> index 772de8095..8e7842b2f 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -1,10 +1,6 @@
> -glocalfileoutputstream-Fix-a-typo-in-a-comment.patch
> -tests-Stop-using-g_test_bug_base-in-file-tests.patch
> -glocalfileoutputstream-Factor-out-a-flag-check.patch
> -glocalfileoutputstream-Fix-CREATE_REPLACE_DESTINATION-wit.patch
> -glocalfileoutputstream-Add-a-missing-O_CLOEXEC-flag-to-re.patch
> glib-tests-fileutils-Make-more-use-of-g_assert_no_errno.patch
> glib-tests-fileutils-Fix-expectations-when-running-as-roo.patch
> +glocalfileoutputstream-Tidy-up-error-handling.patch
> 01_gettext-desktopfiles.patch
> 0001-timer-test-use-volatile-for-locals.patch
> gwakeuptest-Be-less-parallel-unless-invoked-with-m-slow.patch
> diff --git a/debian/watch b/debian/watch
> index f028879b9..5a5e3cbab 100644
> --- a/debian/watch
> +++ b/debian/watch
> @@ -1,3 +1,3 @@
> version=4
> -https://download.gnome.org/sources/glib/([\d\.]+[02468])/ \
> +https://download.gnome.org/sources/glib/2.66/ \
> glib@ANY_VERSION@\.tar\.xz
> diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c
> index 4c512ea81..78d3e85a6 100644
> --- a/gio/glocalfileoutputstream.c
> +++ b/gio/glocalfileoutputstream.c
> @@ -943,7 +943,7 @@ handle_overwrite_open (const char *filename,
> _("Error when getting information for file “%s”: %s"),
> display_name, g_strerror (errsv));
> g_free (display_name);
> - goto err_out;
> + goto error;
> }
>
> /* not a regular file */
> @@ -955,7 +955,7 @@ handle_overwrite_open (const char *filename,
> G_IO_ERROR,
> G_IO_ERROR_IS_DIRECTORY,
> _("Target file is a directory"));
> - goto err_out;
> + goto error;
> }
> else if (!is_symlink ||
> #ifdef S_ISLNK
> @@ -969,7 +969,7 @@ handle_overwrite_open (const char *filename,
> G_IO_ERROR,
> G_IO_ERROR_NOT_REGULAR_FILE,
> _("Target file is not a regular file"));
> - goto err_out;
> + goto error;
> }
> }
>
> @@ -983,7 +983,7 @@ handle_overwrite_open (const char *filename,
> G_IO_ERROR_WRONG_ETAG,
> _("The file was externally modified"));
> g_free (current_etag);
> - goto err_out;
> + goto error;
> }
> g_free (current_etag);
> }
> @@ -1078,7 +1078,7 @@ handle_overwrite_open (const char *filename,
> G_IO_ERROR_CANT_CREATE_BACKUP,
> _("Backup file creation failed"));
> g_free (backup_filename);
> - goto err_out;
> + goto error;
> }
>
> bfd = g_open (backup_filename,
> @@ -1092,7 +1092,7 @@ handle_overwrite_open (const char *filename,
> G_IO_ERROR_CANT_CREATE_BACKUP,
> _("Backup file creation failed"));
> g_free (backup_filename);
> - goto err_out;
> + goto error;
> }
>
> /* If needed, Try to set the group of the backup same as the
> @@ -1109,7 +1109,7 @@ handle_overwrite_open (const char *filename,
> g_unlink (backup_filename);
> g_close (bfd, NULL);
> g_free (backup_filename);
> - goto err_out;
> + goto error;
> }
>
> if ((_g_stat_gid (&original_stat) != _g_stat_gid (&tmp_statbuf)) &&
> @@ -1126,7 +1126,7 @@ handle_overwrite_open (const char *filename,
> g_unlink (backup_filename);
> g_close (bfd, NULL);
> g_free (backup_filename);
> - goto err_out;
> + goto error;
> }
> }
> #endif
> @@ -1141,7 +1141,7 @@ handle_overwrite_open (const char *filename,
> g_close (bfd, NULL);
> g_free (backup_filename);
>
> - goto err_out;
> + goto error;
> }
>
> g_close (bfd, NULL);
> @@ -1156,7 +1156,7 @@ handle_overwrite_open (const char *filename,
> g_io_error_from_errno (errsv),
> _("Error seeking in file: %s"),
> g_strerror (errsv));
> - goto err_out;
> + goto error;
> }
> }
>
> @@ -1172,7 +1172,7 @@ handle_overwrite_open (const char *filename,
> g_io_error_from_errno (errsv),
> _("Error removing old file: %s"),
> g_strerror (errsv));
> - goto err_out2;
> + goto error;
> }
>
> if (readable)
> @@ -1189,7 +1189,7 @@ handle_overwrite_open (const char *filename,
> _("Error opening file “%s”: %s"),
> display_name, g_strerror (errsv));
> g_free (display_name);
> - goto err_out2;
> + goto error;
> }
> }
> else
> @@ -1207,15 +1207,16 @@ handle_overwrite_open (const char *filename,
> g_io_error_from_errno (errsv),
> _("Error truncating file: %s"),
> g_strerror (errsv));
> - goto err_out;
> + goto error;
> }
> }
>
> return fd;
>
> - err_out:
> - g_close (fd, NULL);
> - err_out2:
> +error:
> + if (fd >= 0)
> + g_close (fd, NULL);
> +
> return -1;
> }
>
> diff --git a/gio/win32/gwin32fsmonitorutils.c b/gio/win32/gwin32fsmonitorutils.c
> index e6b7d1dcd..b47124634 100644
> --- a/gio/win32/gwin32fsmonitorutils.c
> +++ b/gio/win32/gwin32fsmonitorutils.c
> @@ -345,7 +345,7 @@ g_win32_fs_monitor_init (GWin32FSMonitorPrivate *monitor,
> monitor->file_attribs = INVALID_FILE_ATTRIBUTES;
> monitor->pfni_prev = NULL;
> monitor->hDirectory = CreateFileW (wdirname_with_long_prefix != NULL ? wdirname_with_long_prefix : monitor->wfullpath_with_long_prefix,
> - FILE_GENERIC_READ | FILE_GENERIC_WRITE,
> + FILE_LIST_DIRECTORY,
> FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,
> NULL,
> OPEN_EXISTING,
> diff --git a/meson.build b/meson.build
> index aee96566c..740e46b86 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1,5 +1,5 @@
> project('glib', 'c', 'cpp',
> - version : '2.66.7',
> + version : '2.66.8',
> # NOTE: We keep this pinned at 0.49 because that's what Debian 10 ships
> meson_version : '>= 0.49.2',
> default_options : [
--
Sebastian Ramacher
Attachment:
signature.asc
Description: PGP signature