summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorWang Mingyu <wangmy@cn.fujitsu.com>2021-09-07 16:32:23 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-09-14 17:27:42 +0100
commit871a37352780e9da9dd82021047651f83a376b4d (patch)
tree15854e57107405bd352dae72360b423ab31dd78b /meta/recipes-core
parentd1a90797828b7de6c8b2628db9edfbb4c05bf1b3 (diff)
downloadpoky-871a37352780e9da9dd82021047651f83a376b4d.tar.gz
dbus: upgrade 1.12.16 -> 1.12.18
(From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79) (From OE-Core rev: 7337d7e4faf20a513c065c44d7d9d472334452b2) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a62471f0641551717a260c67690d3a7d280ac028) [Bug fix only update, drop cve patch now included a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18 8bc1381819 fdpass test: Assert that we don't leak file descriptors 272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix 31297172f1 Update NEWS 041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged container 55b3f71376 Update NEWS ced04aabc7 doxygen: fix example for dbus_message_append_args 3e40637b10 Update NEWS 3e0ea34966 cmake: Add X11 include path for tools d0992805d7 doc: replace dbus-send's --address with --peer and --bus dd32f6b617 Update NEWS d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12' 2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12' beb79b94fb doc: Fix environment variable name in dbus-daemon(1) eab5d4a420 Start 1.12.18 development] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/dbus/dbus/CVE-2020-12049.patch78
-rw-r--r--meta/recipes-core/dbus/dbus_1.12.18.bb (renamed from meta/recipes-core/dbus/dbus_1.12.16.bb)5
2 files changed, 2 insertions, 81 deletions
diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
deleted file mode 100644
index ac7a4b7a71..0000000000
--- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
+++ /dev/null
@@ -1,78 +0,0 @@
1From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
2From: Simon McVittie <smcv@collabora.com>
3Date: Thu, 16 Apr 2020 14:45:11 +0100
4Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
5
6MSG_CTRUNC indicates that we have received fewer fds that we should
7have done because the buffer was too small, but we were treating it
8as though it indicated that we received *no* fds. If we received any,
9we still have to make sure we close them, otherwise they will be leaked.
10
11On the system bus, if an attacker can induce us to leak fds in this
12way, that's a local denial of service via resource exhaustion.
13
14Reported-by: Kevin Backhouse, GitHub Security Lab
15Fixes: dbus#294
16Fixes: CVE-2020-12049
17Fixes: GHSL-2020-057
18
19Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63]
20CVE: CVE-2020-12049
21Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
22---
23 dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
24 1 file changed, 20 insertions(+), 12 deletions(-)
25
26diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
27index b5fc2466..b176dae1 100644
28--- a/dbus/dbus-sysdeps-unix.c
29+++ b/dbus/dbus-sysdeps-unix.c
30@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
31 struct cmsghdr *cm;
32 dbus_bool_t found = FALSE;
33
34- if (m.msg_flags & MSG_CTRUNC)
35- {
36- /* Hmm, apparently the control data was truncated. The bad
37- thing is that we might have completely lost a couple of fds
38- without chance to recover them. Hence let's treat this as a
39- serious error. */
40-
41- errno = ENOSPC;
42- _dbus_string_set_length (buffer, start);
43- return -1;
44- }
45-
46 for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
47 if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
48 {
49@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
50 if (!found)
51 *n_fds = 0;
52
53+ if (m.msg_flags & MSG_CTRUNC)
54+ {
55+ unsigned int i;
56+
57+ /* Hmm, apparently the control data was truncated. The bad
58+ thing is that we might have completely lost a couple of fds
59+ without chance to recover them. Hence let's treat this as a
60+ serious error. */
61+
62+ /* We still need to close whatever fds we *did* receive,
63+ * otherwise they'll never get closed. (CVE-2020-12049) */
64+ for (i = 0; i < *n_fds; i++)
65+ close (fds[i]);
66+
67+ *n_fds = 0;
68+ errno = ENOSPC;
69+ _dbus_string_set_length (buffer, start);
70+ return -1;
71+ }
72+
73 /* put length back (doesn't actually realloc) */
74 _dbus_string_set_length (buffer, start + bytes_read);
75
76--
772.25.1
78
diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.18.bb
index 10d1b34448..2fcb3079ad 100644
--- a/meta/recipes-core/dbus/dbus_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus_1.12.18.bb
@@ -16,11 +16,10 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
16 file://tmpdir.patch \ 16 file://tmpdir.patch \
17 file://dbus-1.init \ 17 file://dbus-1.init \
18 file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ 18 file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
19 file://CVE-2020-12049.patch \
20" 19"
21 20
22SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" 21SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
23SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" 22SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
24 23
25inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even 24inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even
26 25