mirror of
https://git.yoctoproject.org/poky
synced 2026-04-30 03:32:12 +02:00
dbus: upgrade 1.12.16 -> 1.12.18
(From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79)
(From OE-Core rev: 7337d7e4faf20a513c065c44d7d9d472334452b2)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a62471f064)
[Bug fix only update, drop cve patch now included
a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18
8bc1381819 fdpass test: Assert that we don't leak file descriptors
272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix
31297172f1 Update NEWS
041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged container
55b3f71376 Update NEWS
ced04aabc7 doxygen: fix example for dbus_message_append_args
3e40637b10 Update NEWS
3e0ea34966 cmake: Add X11 include path for tools
d0992805d7 doc: replace dbus-send's --address with --peer and --bus
dd32f6b617 Update NEWS
d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12'
2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors
df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12'
beb79b94fb doc: Fix environment variable name in dbus-daemon(1)
eab5d4a420 Start 1.12.18 development]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Wang Mingyu
committed by
Richard Purdie
Richard Purdie
parent
d1a9079782
commit
871a373527
@@ -1,78 +0,0 @@
|
||||
From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
|
||||
From: Simon McVittie <smcv@collabora.com>
|
||||
Date: Thu, 16 Apr 2020 14:45:11 +0100
|
||||
Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
|
||||
|
||||
MSG_CTRUNC indicates that we have received fewer fds that we should
|
||||
have done because the buffer was too small, but we were treating it
|
||||
as though it indicated that we received *no* fds. If we received any,
|
||||
we still have to make sure we close them, otherwise they will be leaked.
|
||||
|
||||
On the system bus, if an attacker can induce us to leak fds in this
|
||||
way, that's a local denial of service via resource exhaustion.
|
||||
|
||||
Reported-by: Kevin Backhouse, GitHub Security Lab
|
||||
Fixes: dbus#294
|
||||
Fixes: CVE-2020-12049
|
||||
Fixes: GHSL-2020-057
|
||||
|
||||
Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63]
|
||||
CVE: CVE-2020-12049
|
||||
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
|
||||
---
|
||||
dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
|
||||
1 file changed, 20 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
|
||||
index b5fc2466..b176dae1 100644
|
||||
--- a/dbus/dbus-sysdeps-unix.c
|
||||
+++ b/dbus/dbus-sysdeps-unix.c
|
||||
@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
|
||||
struct cmsghdr *cm;
|
||||
dbus_bool_t found = FALSE;
|
||||
|
||||
- if (m.msg_flags & MSG_CTRUNC)
|
||||
- {
|
||||
- /* Hmm, apparently the control data was truncated. The bad
|
||||
- thing is that we might have completely lost a couple of fds
|
||||
- without chance to recover them. Hence let's treat this as a
|
||||
- serious error. */
|
||||
-
|
||||
- errno = ENOSPC;
|
||||
- _dbus_string_set_length (buffer, start);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
|
||||
if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
|
||||
{
|
||||
@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
|
||||
if (!found)
|
||||
*n_fds = 0;
|
||||
|
||||
+ if (m.msg_flags & MSG_CTRUNC)
|
||||
+ {
|
||||
+ unsigned int i;
|
||||
+
|
||||
+ /* Hmm, apparently the control data was truncated. The bad
|
||||
+ thing is that we might have completely lost a couple of fds
|
||||
+ without chance to recover them. Hence let's treat this as a
|
||||
+ serious error. */
|
||||
+
|
||||
+ /* We still need to close whatever fds we *did* receive,
|
||||
+ * otherwise they'll never get closed. (CVE-2020-12049) */
|
||||
+ for (i = 0; i < *n_fds; i++)
|
||||
+ close (fds[i]);
|
||||
+
|
||||
+ *n_fds = 0;
|
||||
+ errno = ENOSPC;
|
||||
+ _dbus_string_set_length (buffer, start);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
/* put length back (doesn't actually realloc) */
|
||||
_dbus_string_set_length (buffer, start + bytes_read);
|
||||
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -16,11 +16,10 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
|
||||
file://tmpdir.patch \
|
||||
file://dbus-1.init \
|
||||
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
|
||||
file://CVE-2020-12049.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
|
||||
SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80"
|
||||
SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
|
||||
SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
|
||||
|
||||
inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even
|
||||
|
||||
Reference in New Issue
Block a user