File CVE-2024-6655.patch of Package gtk3.35196

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2024-6655.patch of Package gtk3.35196

From: Matthias Clasen <mclasen@redhat.com>
Date: Sat, 15 Jun 2024 14:18:01 -0400
Subject: Stop looking for modules in cwd

This is just not a good idea. It is surprising, and can be misused.

Fixes: https://gitlab.gnome.org/GNOME/gtk/-/issues/6786
(cherry picked from commit 3bbf0b6176d42836d23c36a6ac410e807ec0a7a7)

Origin: gtk 3.24.43
---
 gtk/gtkmodules.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/gtk/gtkmodules.c b/gtk/gtkmodules.c
index 50729b6..c0f0c30 100644
--- a/gtk/gtkmodules.c
+++ b/gtk/gtkmodules.c
@@ -229,13 +229,8 @@ find_module (const gchar *name)
   gchar *module_name;
 
   module_name = _gtk_find_module (name, "modules");
-  if (!module_name)
-    {
-      /* As last resort, try loading without an absolute path (using system
-       * library path)
-       */
-      module_name = g_module_build_path (NULL, name);
-    }
+  if (module_name == NULL)
+    return NULL;
 
   module = g_module_open (module_name, G_MODULE_BIND_LOCAL | G_MODULE_BIND_LAZY);

Places

File CVE-2024-6655.patch of Package gtk3.35196

Places