r21429 - in /desktop/experimental/glib2.0/debian: changelog patches/11_chmod_symlinks.patch rules

slomo at users.alioth.debian.org slomo at users.alioth.debian.org
Wed Sep 23 03:05:20 UTC 2009 

Author: slomo
Date: Wed Sep 23 03:05:19 2009
New Revision: 21429

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=21429
Log:
* 11_chmod_symlinks.patch: new patch. Fix potential security issue 
  when manipulating symlink permissions. Thanks Arand Nash for the 
  heads up.
* New upstream stable release.

Added:
    desktop/experimental/glib2.0/debian/patches/11_chmod_symlinks.patch
Modified:
    desktop/experimental/glib2.0/debian/changelog
    desktop/experimental/glib2.0/debian/rules

Modified: desktop/experimental/glib2.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/glib2.0/debian/changelog?rev=21429&op=diff
==============================================================================
--- desktop/experimental/glib2.0/debian/changelog [utf-8] (original)
+++ desktop/experimental/glib2.0/debian/changelog [utf-8] Wed Sep 23 03:05:19 2009
@@ -1,9 +1,16 @@
-glib2.0 (2.21.6-2) UNRELEASED; urgency=low
-
+glib2.0 (2.22.0-1) unstable; urgency=low
+
+  [ Josselin Mouette ]
   * Move libglib-2.0.so.0 to /lib so that DeviceKit (and other potential 
     sources) can work without having /usr mounted.
-
- -- Josselin Mouette <joss at debian.org>  Mon, 07 Sep 2009 12:12:46 +0200
+  * 11_chmod_symlinks.patch: new patch. Fix potential security issue 
+    when manipulating symlink permissions. Thanks Arand Nash for the 
+    heads up.
+
+  [ Sebastian Dröge ]
+  * New upstream stable release.
+
+ -- Sebastian Dröge <slomo at debian.org>  Wed, 23 Sep 2009 05:04:37 +0200
 
 glib2.0 (2.21.6-1) experimental; urgency=low
 

Added: desktop/experimental/glib2.0/debian/patches/11_chmod_symlinks.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/glib2.0/debian/patches/11_chmod_symlinks.patch?rev=21429&op=file
==============================================================================
--- desktop/experimental/glib2.0/debian/patches/11_chmod_symlinks.patch (added)
+++ desktop/experimental/glib2.0/debian/patches/11_chmod_symlinks.patch [utf-8] Wed Sep 23 03:05:19 2009
@@ -1,0 +1,103 @@
+From 865c47d1a02d0e7a826e4b09c9c28ac2276d998b Mon Sep 17 00:00:00 2001
+From: Benjamin Otte <otte at gnome.org>
+Date: Tue, 01 Sep 2009 09:54:48 +0000
+Subject: Bug 593406 - Permissions set to 777 after copying via Nautilus
+
+When doing a g_file_copy() with nofollow-symlinks (to copy a link for
+example), the later copying of the file attributes copies the source
+links 777 attributes to the target's attributes. As chmod affects the
+symlink target, this would cause such copies to always set the target to
+777 mode.
+
+This patch makes setting the mode with nofollow-symlinks fail with
+NOT_SUPPORTED.
+
+The aforementioned g_file_copy() will still succeed, because it ignores
+errors of the attribute copy.
+
+This patch includes the whole patchset from master:
+3826963e65d8c4c68bcd3e4066505f63ef734b95
+bb7852e34b1845e516290e1b45a960a345ee8a43
+48e0af0157f52ac12b904bd92540432a18b139c7
+e695c0932f5d02f3b222f0b7a3de1f8c00ba7b81
+---
+diff --git a/configure.in b/configure.in
+index 07a6fec..998fb77 100644
+--- a/configure.in
++++ b/configure.in
+@@ -936,7 +936,7 @@ AC_MSG_RESULT(unsigned $glib_size_type)
+ 
+ # Check for some functions
+ AC_CHECK_FUNCS(lstat strerror strsignal memmove vsnprintf stpcpy strcasecmp strncasecmp poll getcwd vasprintf setenv unsetenv getc_unlocked readlink symlink fdwalk)
+-AC_CHECK_FUNCS(chown lchown fchmod fchown link statvfs statfs utimes getgrgid getpwuid)
++AC_CHECK_FUNCS(chown lchmod lchown fchmod fchown link statvfs statfs utimes getgrgid getpwuid)
+ AC_CHECK_FUNCS(getmntent_r setmntent endmntent hasmntopt getmntinfo)
+ # Check for high-resolution sleep functions
+ AC_CHECK_FUNCS(nanosleep nsleep)
+diff --git a/gio/glocalfileinfo.c b/gio/glocalfileinfo.c
+index e0d5b90..05516c3 100644
+--- a/gio/glocalfileinfo.c
++++ b/gio/glocalfileinfo.c
+@@ -1815,15 +1815,40 @@ get_string (const GFileAttributeValue  *value,
+ 
+ static gboolean
+ set_unix_mode (char                       *filename,
++               GFileQueryInfoFlags         flags,
+ 	       const GFileAttributeValue  *value,
+ 	       GError                    **error)
+ {
+   guint32 val;
++  int res = 0;
+   
+   if (!get_uint32 (value, &val, error))
+     return FALSE;
+-  
+-  if (g_chmod (filename, val) == -1)
++
++#ifdef HAVE_SYMLINK
++  if (flags & G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS) {
++#ifdef HAVE_LCHMOD
++    res = lchmod (filename, val);
++#else
++    struct stat statbuf;
++    /* Calling chmod on a symlink changes permissions on the symlink.
++     * We don't want to do this, so we need to check for a symlink */
++    res = g_lstat (filename, &statbuf);
++    if (res == 0 && S_ISLNK (statbuf.st_mode))
++      {
++        g_set_error_literal (error, G_IO_ERROR,
++                             G_IO_ERROR_NOT_SUPPORTED,
++                             _("Operation not supported"));
++        return FALSE;
++      }
++    else if (res == 0)
++      res = g_chmod (filename, val);
++#endif
++  } else
++#endif
++    res = g_chmod (filename, val);
++
++  if (res == -1)
+     {
+       int errsv = errno;
+ 
+@@ -2116,7 +2141,7 @@ _g_local_file_info_set_attribute (char                 *filename,
+   _g_file_attribute_value_set_from_pointer (&value, type, value_p, FALSE);
+   
+   if (strcmp (attribute, G_FILE_ATTRIBUTE_UNIX_MODE) == 0)
+-    return set_unix_mode (filename, &value, error);
++    return set_unix_mode (filename, flags, &value, error);
+   
+ #ifdef HAVE_CHOWN
+   else if (strcmp (attribute, G_FILE_ATTRIBUTE_UNIX_UID) == 0)
+@@ -2229,7 +2254,7 @@ _g_local_file_info_set_attributes  (char                 *filename,
+   value = _g_file_info_get_attribute_value (info, G_FILE_ATTRIBUTE_UNIX_MODE);
+   if (value)
+     {
+-      if (!set_unix_mode (filename, value, error))
++      if (!set_unix_mode (filename, flags, value, error))
+ 	{
+ 	  value->status = G_FILE_ATTRIBUTE_STATUS_ERROR_SETTING;
+ 	  res = FALSE;
+--
+cgit v0.8.2

Modified: desktop/experimental/glib2.0/debian/rules
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/glib2.0/debian/rules?rev=21429&op=diff
==============================================================================
--- desktop/experimental/glib2.0/debian/rules [utf-8] (original)
+++ desktop/experimental/glib2.0/debian/rules [utf-8] Wed Sep 23 03:05:19 2009
@@ -2,7 +2,6 @@
 
 DISABLE_UPDATE_UPLOADERS := 1
 include /usr/share/gnome-pkg-tools/1/rules/uploaders.mk
-include /usr/share/gnome-pkg-tools/1/rules/check-dist.mk
 -include /usr/share/gnome-pkg-tools/1/rules/gnome-get-source.mk
 
 GNOME_MODULE := glib

More information about the pkg-gnome-commits mailing list