new file mode 100644

@@ -0,0 +1,53 @@

+From d8f8f4d637ce43f8699ba94c9b7648beda0ca174 Mon Sep 17 00:00:00 2001

+From: Ondrej Holy <oholy@redhat.com>

+Date: Thu, 23 May 2019 10:41:53 +0200

+Subject: [PATCH] gfile: Limit access to files when copying

+

+file_copy_fallback creates new files with default permissions and

+set the correct permissions after the operation is finished. This

+might cause that the files can be accessible by more users during

+the operation than expected. Use G_FILE_CREATE_PRIVATE for the new

+files to limit access to those files.

+---

+ gio/gfile.c | 11 ++++++-----

+ 1 file changed, 6 insertions(+), 5 deletions(-)

+

+diff --git a/gio/gfile.c b/gio/gfile.c

+index 24b136d80..74b58047c 100644

+--- a/gio/gfile.c

+@@ -3284,12 +3284,12 @@ file_copy_fallback (GFile                  *source,

+         out = (GOutputStream*)_g_local_file_output_stream_replace (_g_local_file_get_filename (G_LOCAL_FILE (destination)),

+                                                                    FALSE, NULL,

+                                                                    flags & G_FILE_COPY_BACKUP,

+-                                                                   G_FILE_CREATE_REPLACE_DESTINATION,

+-                                                                   info,

++                                                                   G_FILE_CREATE_REPLACE_DESTINATION |

++                                                                   G_FILE_CREATE_PRIVATE, info,

+                                                                    cancellable, error);

+       else

+         out = (GOutputStream*)_g_local_file_output_stream_create (_g_local_file_get_filename (G_LOCAL_FILE (destination)),

+-                                                                  FALSE, 0, info,

++                                                                  FALSE, G_FILE_CREATE_PRIVATE, info,

+                                                                   cancellable, error);

+     }

+   else if (flags & G_FILE_COPY_OVERWRITE)

+@@ -3297,12 +3297,13 @@ file_copy_fallback (GFile                  *source,

+       out = (GOutputStream *)g_file_replace (destination,

+                                              NULL,

+                                              flags & G_FILE_COPY_BACKUP,

+-                                             G_FILE_CREATE_REPLACE_DESTINATION,

++                                             G_FILE_CREATE_REPLACE_DESTINATION |

++                                             G_FILE_CREATE_PRIVATE,

+                                              cancellable, error);

+     }

+   else

+     {

+-      out = (GOutputStream *)g_file_create (destination, 0, cancellable, error);

++      out = (GOutputStream *)g_file_create (destination, G_FILE_CREATE_PRIVATE, cancellable, error);

+     }

+ 

+   if (!out)

+-- 

+2.21.0

+

@@ -1,7 +1,7 @@

 Summary:	Low-level libraries useful for providing data structure handling for C.

 Name:		glib

 Version:	2.58.0

-Release:	2%{?dist}

+Release:	3%{?dist}

 License:	LGPLv2+

 URL:		https://developer.gnome.org/glib/

 Group:		Applications/System

@@ -9,6 +9,7 @@ Vendor:		VMware, Inc.

 Distribution:	Photon

 Source0:	http://ftp.gnome.org/pub/gnome/sources/glib/2.58/%{name}-%{version}.tar.xz

 %define sha1 glib=c00e433c56e0ba3541abc5222aeca4136de10fb8

+Patch0:         glib-CVE-2019-12450.patch

 BuildRequires:	pcre-devel

 BuildRequires:	libffi-devel

 BuildRequires:	pkg-config

@@ -51,6 +52,8 @@ Gsettings schemas compiling tool

 %prep

 %setup -q

+%patch0 -p1

+

 %build

 ./autogen.sh

 %configure --with-pcre=system

@@ -90,6 +93,8 @@ make DESTDIR=%{buildroot} install

 %{_datadir}/glib-2.0/schemas/*

 %changelog

+*   Mon Jun 03 2019 Ankit Jain <ankitja@vmware.com> 2.58.0-3

+-   Fix for CVE-2019-12450

 *   Mon Dec 10 2018 Alexey Makhalov <amakhalov@vmware.com> 2.58.0-2

 -   glib-devel requires python-xml.

 *   Tue Sep 11 2018 Anish Swaminathan <anishs@vmware.com> 2.58.0-1