diff options
author | Wang Mingyu <wangmy@cn.fujitsu.com> | 2021-09-07 16:32:23 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-14 17:27:42 +0100 |
commit | 871a37352780e9da9dd82021047651f83a376b4d (patch) | |
tree | 15854e57107405bd352dae72360b423ab31dd78b /meta/recipes-core | |
parent | d1a90797828b7de6c8b2628db9edfbb4c05bf1b3 (diff) | |
download | poky-871a37352780e9da9dd82021047651f83a376b4d.tar.gz |
dbus: upgrade 1.12.16 -> 1.12.18
(From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79)
(From OE-Core rev: 7337d7e4faf20a513c065c44d7d9d472334452b2)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a62471f0641551717a260c67690d3a7d280ac028)
[Bug fix only update, drop cve patch now included
a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18
8bc1381819 fdpass test: Assert that we don't leak file descriptors
272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix
31297172f1 Update NEWS
041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged container
55b3f71376 Update NEWS
ced04aabc7 doxygen: fix example for dbus_message_append_args
3e40637b10 Update NEWS
3e0ea34966 cmake: Add X11 include path for tools
d0992805d7 doc: replace dbus-send's --address with --peer and --bus
dd32f6b617 Update NEWS
d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12'
2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors
df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12'
beb79b94fb doc: Fix environment variable name in dbus-daemon(1)
eab5d4a420 Start 1.12.18 development]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/dbus/dbus/CVE-2020-12049.patch | 78 | ||||
-rw-r--r-- | meta/recipes-core/dbus/dbus_1.12.18.bb (renamed from meta/recipes-core/dbus/dbus_1.12.16.bb) | 5 |
2 files changed, 2 insertions, 81 deletions
diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch deleted file mode 100644 index ac7a4b7a71..0000000000 --- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001 | ||
2 | From: Simon McVittie <smcv@collabora.com> | ||
3 | Date: Thu, 16 Apr 2020 14:45:11 +0100 | ||
4 | Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive | ||
5 | |||
6 | MSG_CTRUNC indicates that we have received fewer fds that we should | ||
7 | have done because the buffer was too small, but we were treating it | ||
8 | as though it indicated that we received *no* fds. If we received any, | ||
9 | we still have to make sure we close them, otherwise they will be leaked. | ||
10 | |||
11 | On the system bus, if an attacker can induce us to leak fds in this | ||
12 | way, that's a local denial of service via resource exhaustion. | ||
13 | |||
14 | Reported-by: Kevin Backhouse, GitHub Security Lab | ||
15 | Fixes: dbus#294 | ||
16 | Fixes: CVE-2020-12049 | ||
17 | Fixes: GHSL-2020-057 | ||
18 | |||
19 | Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63] | ||
20 | CVE: CVE-2020-12049 | ||
21 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
22 | --- | ||
23 | dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------ | ||
24 | 1 file changed, 20 insertions(+), 12 deletions(-) | ||
25 | |||
26 | diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c | ||
27 | index b5fc2466..b176dae1 100644 | ||
28 | --- a/dbus/dbus-sysdeps-unix.c | ||
29 | +++ b/dbus/dbus-sysdeps-unix.c | ||
30 | @@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, | ||
31 | struct cmsghdr *cm; | ||
32 | dbus_bool_t found = FALSE; | ||
33 | |||
34 | - if (m.msg_flags & MSG_CTRUNC) | ||
35 | - { | ||
36 | - /* Hmm, apparently the control data was truncated. The bad | ||
37 | - thing is that we might have completely lost a couple of fds | ||
38 | - without chance to recover them. Hence let's treat this as a | ||
39 | - serious error. */ | ||
40 | - | ||
41 | - errno = ENOSPC; | ||
42 | - _dbus_string_set_length (buffer, start); | ||
43 | - return -1; | ||
44 | - } | ||
45 | - | ||
46 | for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) | ||
47 | if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) | ||
48 | { | ||
49 | @@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, | ||
50 | if (!found) | ||
51 | *n_fds = 0; | ||
52 | |||
53 | + if (m.msg_flags & MSG_CTRUNC) | ||
54 | + { | ||
55 | + unsigned int i; | ||
56 | + | ||
57 | + /* Hmm, apparently the control data was truncated. The bad | ||
58 | + thing is that we might have completely lost a couple of fds | ||
59 | + without chance to recover them. Hence let's treat this as a | ||
60 | + serious error. */ | ||
61 | + | ||
62 | + /* We still need to close whatever fds we *did* receive, | ||
63 | + * otherwise they'll never get closed. (CVE-2020-12049) */ | ||
64 | + for (i = 0; i < *n_fds; i++) | ||
65 | + close (fds[i]); | ||
66 | + | ||
67 | + *n_fds = 0; | ||
68 | + errno = ENOSPC; | ||
69 | + _dbus_string_set_length (buffer, start); | ||
70 | + return -1; | ||
71 | + } | ||
72 | + | ||
73 | /* put length back (doesn't actually realloc) */ | ||
74 | _dbus_string_set_length (buffer, start + bytes_read); | ||
75 | |||
76 | -- | ||
77 | 2.25.1 | ||
78 | |||
diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.18.bb index 10d1b34448..2fcb3079ad 100644 --- a/meta/recipes-core/dbus/dbus_1.12.16.bb +++ b/meta/recipes-core/dbus/dbus_1.12.18.bb | |||
@@ -16,11 +16,10 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ | |||
16 | file://tmpdir.patch \ | 16 | file://tmpdir.patch \ |
17 | file://dbus-1.init \ | 17 | file://dbus-1.init \ |
18 | file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ | 18 | file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ |
19 | file://CVE-2020-12049.patch \ | ||
20 | " | 19 | " |
21 | 20 | ||
22 | SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" | 21 | SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" |
23 | SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" | 22 | SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" |
24 | 23 | ||
25 | inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even | 24 | inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even |
26 | 25 | ||