Ubuntu
glib2.0 package

Merge ~whershberger/ubuntu/+source/glib2.0:ubuntu/noble-devel-lp2072586 into ubuntu/+source/glib2.0:ubuntu/noble-devel

Proposed by Wesley Hershberger on 2025-04-25

Status:

Needs review

Proposed branch:

~whershberger/ubuntu/+source/glib2.0:ubuntu/noble-devel-lp2072586

Merge into:

ubuntu/+source/glib2.0:ubuntu/noble-devel

Diff against target:

156 lines (+134/-0)

3 files modified

debian/changelog (+8/-0)
debian/patches/lp2072586-gfileutils-Preserve-mode-during-atomic-updates.patch (+125/-0)
debian/patches/series (+1/-0)

Undecided

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Ubuntu Sponsors	2025-04-25	Pending
git-ubuntu import	2025-04-25	Pending
Review via email: mp+485047@code.launchpad.net

Commit message

gfileutils: Preserve mode during atomic file writes (LP: #2072586)

Description of the change

Backport 45a36e52

Unmerged commits

46e0c19... by Wesley Hershberger on 2025-04-25

gfileutils: Preserve mode during atomic file writes (LP: #2072586)

* gfileutils: Preserve mode during atomic file writes to prevent high umask
from rendering dconf database files unreadable (LP: #2072586).
- d/p/lp2072586-gfileutils-Preserve-mode-during-atomic-updates.patch

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Wesley Hershberger

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index 4999ee8..e1645da 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,11 @@
++glib2.0 (2.80.0-6ubuntu3.3) jammy; urgency=medium
++
++  * gfileutils: Preserve mode during atomic file writes to prevent high umask
++    from rendering dconf database files unreadable (LP: #2072586).
++    - d/p/lp2072586-gfileutils-Preserve-mode-during-atomic-updates.patch
++
++ -- Wesley Hershberger <wesley.hershberger@canonical.com>  Fri, 25 Apr 2025 16:53:19 -0500
++
  glib2.0 (2.80.0-6ubuntu3.2) noble-security; urgency=medium
    * SECURITY UPDATE: Buffer overflow
 diff --git a/debian/patches/lp2072586-gfileutils-Preserve-mode-during-atomic-updates.patch b/debian/patches/lp2072586-gfileutils-Preserve-mode-during-atomic-updates.patch
 new file mode 100644
 index 0000000..bc83847
 --- /dev/null
 +++ b/debian/patches/lp2072586-gfileutils-Preserve-mode-during-atomic-updates.patch
@@ -0,0 +1,125 @@
++From: Wesley Hershberger <wesley.hershberger@canonical.com>
++Date: Tue, 22 Apr 2025 16:37:49 -0500
++Subject: gfileutils: Preserve mode during atomic updates
++
++If g_file_set_contents{_full,} is replacing an existing file, require
++that the tmpfile have the same mode as the existing file.
++
++This prevents the umask from taking effect for consistent writes to
++existing files.
++
++Closes GNOME/dconf#76
++
++Bug: https://gitlab.gnome.org/GNOME/dconf/-/issues/76
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/2072586
++Origin: upstream, https://gitlab.gnome.org/GNOME/glib/-/commit/45a36e52b570cf86ce2599b657e63a83d284cb46
++---
++ glib/gfileutils.c      | 25 +++++++++++++++++++++++--
++ glib/tests/fileutils.c | 14 ++++++++++----
++ 2 files changed, 33 insertions(+), 6 deletions(-)
++
++diff --git a/glib/gfileutils.c b/glib/gfileutils.c
++index 2801777..7811016 100644
++--- a/glib/gfileutils.c
+++++ b/glib/gfileutils.c
++@@ -1318,8 +1318,8 @@ g_file_set_contents (const gchar  *filename,
++  * to 7 characters to @filename.
++  *
++  * If the file didn’t exist before and is created, it will be given the
++- * permissions from @mode. Otherwise, the permissions of the existing file may
++- * be changed to @mode depending on @flags, or they may remain unchanged.
+++ * permissions from @mode. Otherwise, the permissions of the existing file will
+++ * remain unchanged.
++  *
++  * Returns: %TRUE on success, %FALSE if an error occurred
++  *
++@@ -1362,6 +1362,7 @@ g_file_set_contents_full (const gchar            *filename,
++       gboolean retval;
++       int fd;
++       gboolean do_fsync;
+++      GStatBuf old_stat;
++
++       tmp_filename = g_strdup_printf ("%s.XXXXXX", filename);
++
++@@ -1379,6 +1380,26 @@ g_file_set_contents_full (const gchar            *filename,
++           goto consistent_out;
++         }
++
+++      /* Maintain the permissions of the file if it exists */
+++      if (!g_stat (filename, &old_stat))
+++        {
+++#ifndef G_OS_WIN32
+++          if (fchmod (fd, old_stat.st_mode))
+++#else  /* G_OS_WIN32 */
+++          if (chmod (tmp_filename, old_stat.st_mode))
+++#endif /* G_OS_WIN32 */
+++            {
+++              int saved_errno = errno;
+++              if (error)
+++                set_file_error (error,
+++                                tmp_filename, _ ("Failed to set permissions of “%s”: %s"),
+++                                saved_errno);
+++              g_unlink (tmp_filename);
+++              retval = FALSE;
+++              goto consistent_out;
+++            }
+++        }
+++
++       do_fsync = fd_should_be_fsynced (fd, filename, flags);
++       if (!write_to_file (contents, length, g_steal_fd (&fd), tmp_filename, do_fsync, error))
++         {
++diff --git a/glib/tests/fileutils.c b/glib/tests/fileutils.c
++index 56be804..b7b77e1 100644
++--- a/glib/tests/fileutils.c
+++++ b/glib/tests/fileutils.c
++@@ -1686,7 +1686,9 @@ test_set_contents_full (void)
++           EXISTING_FILE_DIRECTORY,
++         }
++       existing_file;
++-      int new_mode;  /* only relevant if @existing_file is %EXISTING_FILE_NONE */
+++      /* only relevant if @existing_file is
+++       * %EXISTING_FILE_NONE or %EXISTING_FILE_REGULAR */
+++      int mode;
++       gboolean use_strlen;
++
++       gboolean expected_success;
++@@ -1697,6 +1699,8 @@ test_set_contents_full (void)
++       { EXISTING_FILE_NONE, 0644, FALSE, TRUE, 0 },
++       { EXISTING_FILE_NONE, 0644, TRUE, TRUE, 0 },
++       { EXISTING_FILE_NONE, 0600, FALSE, TRUE, 0 },
+++      // Assume umask is 022, ensures that we preserve perms with, eg. 077
+++      { EXISTING_FILE_REGULAR, 0666, FALSE, TRUE, 0 },
++       { EXISTING_FILE_REGULAR, 0644, FALSE, TRUE, 0 },
++ #ifndef G_OS_WIN32
++       { EXISTING_FILE_SYMLINK, 0644, FALSE, TRUE, 0 },
++@@ -1741,6 +1745,8 @@ test_set_contents_full (void)
++                 g_assert_no_errno (g_fsync (fd));
++                 close (fd);
++
+++                g_assert_no_errno (chmod (file_name, tests[i].mode));
+++
++ #ifndef G_OS_WIN32
++                 /* Pass an existing symlink to g_file_set_contents_full() to see
++                  * what it does. */
++@@ -1784,7 +1790,7 @@ test_set_contents_full (void)
++           /* Set the file contents */
++           ret = g_file_set_contents_full (set_contents_name, "b",
++                                           tests[i].use_strlen ? -1 : 1,
++-                                          flags, tests[i].new_mode, &error);
+++                                          flags, tests[i].mode, &error);
++
++           if (!tests[i].expected_success)
++             {
++@@ -1808,10 +1814,10 @@ test_set_contents_full (void)
++
++               g_assert_no_errno (g_lstat (set_contents_name, &statbuf));
++
++-              if (tests[i].existing_file == EXISTING_FILE_NONE)
+++              if (tests[i].existing_file & (EXISTING_FILE_NONE | EXISTING_FILE_REGULAR))
++                 {
++                   int mode = statbuf.st_mode & ~S_IFMT;
++-                  int new_mode = tests[i].new_mode;
+++                  int new_mode = tests[i].mode;
++ #ifdef G_OS_WIN32
++                   /* on windows, group and others perms handling is different */
++                   /* only check the rwx user permissions */
 diff --git a/debian/patches/series b/debian/patches/series
 index 2deb54b..5d89fd6 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -38,3 +38,4 @@ CVE-2024-34397-15.patch
  CVE-2024-34397-16.patch
  CVE-2024-34397-regression.patch
  CVE-2024-52533.patch
++lp2072586-gfileutils-Preserve-mode-during-atomic-updates.patch

Ubuntuglib2.0 package