diff options
| author | Mark H Weaver <mhw@netris.org> | 2021-03-11 05:34:28 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2021-03-11 06:21:13 -0500 |
| commit | 21b3b755151028647081fe96d2992b3743531d71 (patch) | |
| tree | 264867809c519a310d1d7de6a8b2d4827816ee70 /gnu/packages/patches/glib-CVE-2021-27219-17.patch | |
| parent | 500189b4d2f1e3a2d4ee8ab73d889e3d8ac70632 (diff) | |
| download | guix-patches-21b3b755151028647081fe96d2992b3743531d71.tar guix-patches-21b3b755151028647081fe96d2992b3743531d71.tar.gz | |
gnu: glib: Fix CVE-2021-27218 and CVE-2021-27219.
* gnu/packages/patches/glib-CVE-2021-27218.patch,
gnu/packages/patches/glib-CVE-2021-27219-01.patch,
gnu/packages/patches/glib-CVE-2021-27219-02.patch,
gnu/packages/patches/glib-CVE-2021-27219-03.patch,
gnu/packages/patches/glib-CVE-2021-27219-04.patch,
gnu/packages/patches/glib-CVE-2021-27219-05.patch,
gnu/packages/patches/glib-CVE-2021-27219-06.patch,
gnu/packages/patches/glib-CVE-2021-27219-07.patch,
gnu/packages/patches/glib-CVE-2021-27219-08.patch,
gnu/packages/patches/glib-CVE-2021-27219-09.patch,
gnu/packages/patches/glib-CVE-2021-27219-10.patch,
gnu/packages/patches/glib-CVE-2021-27219-11.patch,
gnu/packages/patches/glib-CVE-2021-27219-12.patch,
gnu/packages/patches/glib-CVE-2021-27219-13.patch,
gnu/packages/patches/glib-CVE-2021-27219-14.patch,
gnu/packages/patches/glib-CVE-2021-27219-15.patch,
gnu/packages/patches/glib-CVE-2021-27219-16.patch,
gnu/packages/patches/glib-CVE-2021-27219-17.patch,
gnu/packages/patches/glib-CVE-2021-27219-18.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/glib.scm (glib)[replacement]: New field.
(glib/fixed): New variable.
Diffstat (limited to 'gnu/packages/patches/glib-CVE-2021-27219-17.patch')
| -rw-r--r-- | gnu/packages/patches/glib-CVE-2021-27219-17.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/gnu/packages/patches/glib-CVE-2021-27219-17.patch b/gnu/packages/patches/glib-CVE-2021-27219-17.patch new file mode 100644 index 0000000000..3153979071 --- /dev/null +++ b/gnu/packages/patches/glib-CVE-2021-27219-17.patch @@ -0,0 +1,37 @@ +From 31e0d403ba635dbbacbfbff74295e5db02558d76 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <pwithnall@endlessos.org> +Date: Wed, 10 Feb 2021 21:19:30 +0000 +Subject: [PATCH 2/3] gkeyfilesettingsbackend: Disallow empty key or group + names + +These should never have been allowed; they will result in precondition +failures from the `GKeyFile` later on in the code. + +A test will be added for this shortly. + +Signed-off-by: Philip Withnall <pwithnall@endlessos.org> +--- + gio/gkeyfilesettingsbackend.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/gio/gkeyfilesettingsbackend.c b/gio/gkeyfilesettingsbackend.c +index 861c3a661..de216e615 100644 +--- a/gio/gkeyfilesettingsbackend.c ++++ b/gio/gkeyfilesettingsbackend.c +@@ -158,6 +158,13 @@ convert_path (GKeyfileSettingsBackend *kfsb, + + last_slash = strrchr (key, '/'); + ++ /* Disallow empty group names or key names */ ++ if (key_len == 0 || ++ (last_slash != NULL && ++ (*(last_slash + 1) == '\0' || ++ last_slash == key))) ++ return FALSE; ++ + if (kfsb->root_group) + { + /* if a root_group was specified, make sure the user hasn't given +-- +2.30.1 + |