mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-20 00:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

dbus: update 1.12.22 -> 1.14.0

Browse Source 
Drop patches:
clear-guid_from_server-if-send_negotiate_unix_f.patch
stop_using_selinux_set_mapping.patch
(both merged upstream)

python-config.patch
(patched code removed upstream)

License-Update: whitespace fixes

(From OE-Core rev: 4513e4369973afb71f40625da058a3eaf6ccd4c4)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Alexander Kanavin
2022-03-09 23:22:14 +01:00
committed by Richard Purdie
parent 1341ebeab0
commit 73dd9fae43
4 changed files with 4 additions and 293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
meta/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch
View File

@@ -1,104 +0,0 @@
From b8f84bd39485d3977625c9a8b8e8cff5d23be56f Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@windriver.com>
Date: Thu, 27 Feb 2014 09:05:02 +0800
Subject: [PATCH] dbus: clear guid_from_server if send_negotiate_unix_fd
failed
Upstream-Status: Submitted
bus-test dispatch test failed with below information:
./bus/bus-test: Running message dispatch test
Activating service name='org.freedesktop.DBus.TestSuiteEchoService'
Successfully activated service 'org.freedesktop.DBus.TestSuiteEchoService'
6363: assertion failed "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0" file "dbus-auth.c" line 1545 function process_ok
./bus/bus-test(_dbus_print_backtrace+0x29) [0x80cb969]
./bus/bus-test(_dbus_abort+0x14) [0x80cfb44]
./bus/bus-test(_dbus_real_assert+0x53) [0x80b52c3]
./bus/bus-test() [0x80e24da]
./bus/bus-test(_dbus_auth_do_work+0x388) [0x80e3848]
./bus/bus-test() [0x80aea49]
./bus/bus-test() [0x80affde]
./bus/bus-test(_dbus_transport_handle_watch+0xb1) [0x80ad841]
./bus/bus-test(_dbus_connection_handle_watch+0x104) [0x8089174]
./bus/bus-test(dbus_watch_handle+0xd8) [0x80b15e8]
./bus/bus-test(_dbus_loop_iterate+0x4a9) [0x80d1509]
./bus/bus-test(bus_test_run_clients_loop+0x5d) [0x808129d]
./bus/bus-test() [0x806cab0]
./bus/bus-test() [0x806e0ca]
./bus/bus-test() [0x806da6f]
./bus/bus-test(_dbus_test_oom_handling+0x18c) [0x80b5c8c]
./bus/bus-test() [0x806f723]
./bus/bus-test(bus_dispatch_test+0x3c) [0x8071aac]
./bus/bus-test(main+0x1b7) [0x805acc7]
/lib/libc.so.6(__libc_start_main+0xf3) [0x45f919b3]
./bus/bus-test() [0x805ae39]
The stack is below:
#0 0xffffe425 in __kernel_vsyscall ()
#1 0x45fa62d6 in raise () from /lib/libc.so.6
#2 0x45fa9653 in abort () from /lib/libc.so.6
#3 0x080cfb65 in _dbus_abort () at dbus-sysdeps.c:94
#4 0x080b52c3 in _dbus_real_assert (condition=0,
condition_text=condition_text@entry=0x8117a38 "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0",
file=file@entry=0x8117273 "dbus-auth.c", line=line@entry=1545,
func=func@entry=0x8117f8e <__FUNCTION__.3492> "process_ok")
data=0x8157290) at dbus-connection.c:1515
#0 0x00000033fee353e9 in raise () from /lib64/libc.so.6
#1 0x00000033fee38508 in abort () from /lib64/libc.so.6
#2 0x000000000047d585 in _dbus_abort () at dbus-sysdeps.c:94
#3 0x0000000000466486 in _dbus_real_assert (condition=<optimized out>,
condition_text=condition_text@entry=0x4c2988 "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0",
file=file@entry=0x4c21a5 "dbus-auth.c", line=line@entry=1546,
func=func@entry=0x4c2fce <__FUNCTION__.3845> "process_ok")
at dbus-internals.c:931
#4 0x000000000048d424 in process_ok (args_from_ok=0x7fffffffe480,
auth=0x6ff340) at dbus-auth.c:1546
#5 handle_client_state_waiting_for_data (auth=0x6ff340,
command=<optimized out>, args=0x7fffffffe480) at dbus-auth.c:1996
#6 0x000000000048e789 in process_command (auth=0x6ff340) at dbus-auth.c:2208
#7 _dbus_auth_do_work (auth=0x6ff340) at dbus-auth.c:2458
#8 0x000000000046091d in do_authentication (
transport=transport@entry=0x6ffaa0, do_reading=do_reading@entry=1,
do_writing=do_writing@entry=0,
auth_completed=auth_completed@entry=0x7fffffffe55c)
at dbus-transport-socket.c:442
#9 0x0000000000461d08 in socket_handle_watch (transport=0x6ffaa0,
watch=0x6f4190, flags=1) at dbus-transport-socket.c:921
#10 0x000000000045fa3a in _dbus_transport_handle_watch (transport=0x6ffaa0,
Once send_negotiate_unix_fd failed, this failure will happen, since
auth->guid_from_server has been set to some value before
send_negotiate_unix_fd. send_negotiate_unix_fd failure will lead to
this auth be handled by process_ok again, but this auth->guid_from_server
is not zero.
So we should clear auth->guid_from_server if send_negotiate_unix_fd failed
Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
dbus/dbus-auth.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index d2c37a7..37b45c6 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -1571,8 +1571,13 @@ process_ok(DBusAuth *auth,
_dbus_verbose ("Got GUID '%s' from the server\n",
_dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server));
- if (auth->unix_fd_possible)
- return send_negotiate_unix_fd(auth);
+ if (auth->unix_fd_possible) {
+ if (!send_negotiate_unix_fd(auth)) {
+ _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0);
+ return FALSE;
+ }
+ return TRUE;
+ }
_dbus_verbose("Not negotiating unix fd passing, since not possible\n");
return send_begin (auth);
--
1.7.10.4

34
meta/recipes-core/dbus/dbus/python-config.patch
View File

@@ -1,34 +0,0 @@
When building the dbus-ptest package, we have to enable python. However
checking if the host-system python has the necessary library isn't useful.
Disable the python module check for cross compiling.
Upstream-Status: Inappropriate [oe specific]
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
configure.ac | 7 -------
1 file changed, 7 deletions(-)
diff --git a/configure.ac b/configure.ac
index 80d27b4..becc1cc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -279,13 +279,6 @@ if test "x$enable_tests" = xyes; then
# full test coverage is required, Python is a hard dependency
AC_MSG_NOTICE([Full test coverage (--enable-tests=yes) requires Python, dbus-python, pygi])
AM_PATH_PYTHON([2.6])
- AC_MSG_CHECKING([for Python modules for full test coverage])
- if "$PYTHON" -c "import dbus, gi.repository.GObject, dbus.mainloop.glib"; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import dbus, gi.repository.GObject, dbus.mainloop.glib Python modules])
- fi
else
# --enable-tests not given: do not abort if Python is missing
AM_PATH_PYTHON([2.6], [], [:])
--
1.9.1

148
meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch
View File

@@ -1,148 +0,0 @@
From 6072f8b24153d844a3033108a17bcd0c1a967816 Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bigon@bigon.be>
Date: Sat, 3 Mar 2018 11:15:23 +0100
Subject: [PATCH] Stop using selinux_set_mapping() function
Currently, if the "dbus" security class or the associated AV doesn't
exist, dbus-daemon fails to initialize and exits immediately. Also the
security classes or access vector cannot be reordered in the policy.
This can be a problem for people developing their own policy or trying
to access a machine where, for some reasons, there is not policy defined
at all.
The code here copy the behaviour of the selinux_check_access() function.
We cannot use this function here as it doesn't allow us to define the
AVC entry reference.
See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/198
---
bus/selinux.c | 75 ++++++++++++++++++++++++++++-----------------------
1 file changed, 42 insertions(+), 33 deletions(-)
Upstream-Status: Backport
Signed-off-by: Nisha.Parrakat <Nisha.Parrakat@kpit.com>
diff --git a/bus/selinux.c b/bus/selinux.c
--- a/bus/selinux.c 2021-08-11 14:45:59.048513026 +0000
+++ b/bus/selinux.c 2021-08-11 14:57:47.144846966 +0000
@@ -311,24 +311,6 @@
#endif
}
-/*
- * Private Flask definitions; the order of these constants must
- * exactly match that of the structure array below!
- */
-/* security dbus class constants */
-#define SECCLASS_DBUS 1
-
-/* dbus's per access vector constants */
-#define DBUS__ACQUIRE_SVC 1
-#define DBUS__SEND_MSG 2
-
-#ifdef HAVE_SELINUX
-static struct security_class_mapping dbus_map[] = {
- { "dbus", { "acquire_svc", "send_msg", NULL } },
- { NULL }
-};
-#endif /* HAVE_SELINUX */
-
/**
* Establish dynamic object class and permission mapping and
* initialize the user space access vector cache (AVC) for D-Bus and set up
@@ -350,13 +332,6 @@
_dbus_verbose ("SELinux is enabled in this kernel.\n");
- if (selinux_set_mapping (dbus_map) < 0)
- {
- _dbus_warn ("Failed to set up security class mapping (selinux_set_mapping():%s).",
- strerror (errno));
- return FALSE;
- }
-
avc_entry_ref_init (&aeref);
if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0)
{
@@ -421,19 +396,53 @@
static dbus_bool_t
bus_selinux_check (BusSELinuxID *sender_sid,
BusSELinuxID *override_sid,
- security_class_t target_class,
- access_vector_t requested,
+ const char *target_class,
+ const char *requested,
DBusString *auxdata)
{
+ int saved_errno;
+ security_class_t security_class;
+ access_vector_t requested_access;
+
if (!selinux_enabled)
return TRUE;
+ security_class = string_to_security_class (target_class);
+ if (security_class == 0)
+ {
+ saved_errno = errno;
+ log_callback (SELINUX_ERROR, "Unknown class %s", target_class);
+ if (security_deny_unknown () == 0)
+ {
+ return TRUE;
+ }
+
+ _dbus_verbose ("Unknown class %s\n", target_class);
+ errno = saved_errno;
+ return FALSE;
+ }
+
+ requested_access = string_to_av_perm (security_class, requested);
+ if (requested_access == 0)
+ {
+ saved_errno = errno;
+ log_callback (SELINUX_ERROR, "Unknown permission %s for class %s", requested, target_class);
+ if (security_deny_unknown () == 0)
+ {
+ return TRUE;
+ }
+
+ _dbus_verbose ("Unknown permission %s for class %s\n", requested, target_class);
+ errno = saved_errno;
+ return FALSE;
+ }
+
/* Make the security check. AVC checks enforcing mode here as well. */
if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
override_sid ?
SELINUX_SID_FROM_BUS (override_sid) :
bus_sid,
- target_class, requested, &aeref, auxdata) < 0)
+ security_class, requested_access, &aeref, auxdata) < 0)
{
switch (errno)
{
@@ -500,8 +509,8 @@
ret = bus_selinux_check (connection_sid,
service_sid,
- SECCLASS_DBUS,
- DBUS__ACQUIRE_SVC,
+ "dbus",
+ "acquire_svc",
&auxdata);
_dbus_string_free (&auxdata);
@@ -629,8 +638,8 @@
ret = bus_selinux_check (sender_sid,
recipient_sid,
- SECCLASS_DBUS,
- DBUS__SEND_MSG,
+ "dbus",
+ "send_msg",
&auxdata);
_dbus_string_free (&auxdata);

11
meta/recipes-core/dbus/dbus_1.12.22.bb → meta/recipes-core/dbus/dbus_1.14.0.bb
View File

@@ -7,18 +7,15 @@ inherit autotools pkgconfig gettext upstream-version-is-even ptest-gnome
LICENSE = "AFL-2.1 | GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8"
SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \
file://run-ptest \
file://python-config.patch \
file://tmpdir.patch \
file://dbus-1.init \
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
file://stop_using_selinux_set_mapping.patch \
"
SRC_URI[sha256sum] = "8d25785c798ec4f892e6f9d177fb0ceeb8b29867b119798f9d5228561d3ad474"
SRC_URI[sha256sum] = "ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4"
EXTRA_OECONF = "--disable-xml-docs \
--disable-doxygen-docs \
@@ -37,7 +34,7 @@ PACKAGECONFIG:class-native = ""
PACKAGECONFIG:class-nativesdk = ""
PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
PACKAGECONFIG[x11] = "--enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
PACKAGECONFIG[audit] = "--enable-libaudit,--disable-libaudit,audit"