diff options
-rw-r--r-- | meta/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch | 104 | ||||
-rw-r--r-- | meta/recipes-core/dbus/dbus/python-config.patch | 34 | ||||
-rw-r--r-- | meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch | 148 | ||||
-rw-r--r-- | meta/recipes-core/dbus/dbus_1.14.0.bb (renamed from meta/recipes-core/dbus/dbus_1.12.22.bb) | 11 |
4 files changed, 4 insertions, 293 deletions
diff --git a/meta/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch b/meta/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch deleted file mode 100644 index 6bb6d9c82e..0000000000 --- a/meta/recipes-core/dbus/dbus/clear-guid_from_server-if-send_negotiate_unix_f.patch +++ /dev/null | |||
@@ -1,104 +0,0 @@ | |||
1 | From b8f84bd39485d3977625c9a8b8e8cff5d23be56f Mon Sep 17 00:00:00 2001 | ||
2 | From: Roy Li <rongqing.li@windriver.com> | ||
3 | Date: Thu, 27 Feb 2014 09:05:02 +0800 | ||
4 | Subject: [PATCH] dbus: clear guid_from_server if send_negotiate_unix_fd | ||
5 | failed | ||
6 | |||
7 | Upstream-Status: Submitted | ||
8 | |||
9 | bus-test dispatch test failed with below information: | ||
10 | ./bus/bus-test: Running message dispatch test | ||
11 | Activating service name='org.freedesktop.DBus.TestSuiteEchoService' | ||
12 | Successfully activated service 'org.freedesktop.DBus.TestSuiteEchoService' | ||
13 | 6363: assertion failed "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0" file "dbus-auth.c" line 1545 function process_ok | ||
14 | ./bus/bus-test(_dbus_print_backtrace+0x29) [0x80cb969] | ||
15 | ./bus/bus-test(_dbus_abort+0x14) [0x80cfb44] | ||
16 | ./bus/bus-test(_dbus_real_assert+0x53) [0x80b52c3] | ||
17 | ./bus/bus-test() [0x80e24da] | ||
18 | ./bus/bus-test(_dbus_auth_do_work+0x388) [0x80e3848] | ||
19 | ./bus/bus-test() [0x80aea49] | ||
20 | ./bus/bus-test() [0x80affde] | ||
21 | ./bus/bus-test(_dbus_transport_handle_watch+0xb1) [0x80ad841] | ||
22 | ./bus/bus-test(_dbus_connection_handle_watch+0x104) [0x8089174] | ||
23 | ./bus/bus-test(dbus_watch_handle+0xd8) [0x80b15e8] | ||
24 | ./bus/bus-test(_dbus_loop_iterate+0x4a9) [0x80d1509] | ||
25 | ./bus/bus-test(bus_test_run_clients_loop+0x5d) [0x808129d] | ||
26 | ./bus/bus-test() [0x806cab0] | ||
27 | ./bus/bus-test() [0x806e0ca] | ||
28 | ./bus/bus-test() [0x806da6f] | ||
29 | ./bus/bus-test(_dbus_test_oom_handling+0x18c) [0x80b5c8c] | ||
30 | ./bus/bus-test() [0x806f723] | ||
31 | ./bus/bus-test(bus_dispatch_test+0x3c) [0x8071aac] | ||
32 | ./bus/bus-test(main+0x1b7) [0x805acc7] | ||
33 | /lib/libc.so.6(__libc_start_main+0xf3) [0x45f919b3] | ||
34 | ./bus/bus-test() [0x805ae39] | ||
35 | |||
36 | The stack is below: | ||
37 | #0 0xffffe425 in __kernel_vsyscall () | ||
38 | #1 0x45fa62d6 in raise () from /lib/libc.so.6 | ||
39 | #2 0x45fa9653 in abort () from /lib/libc.so.6 | ||
40 | #3 0x080cfb65 in _dbus_abort () at dbus-sysdeps.c:94 | ||
41 | #4 0x080b52c3 in _dbus_real_assert (condition=0, | ||
42 | condition_text=condition_text@entry=0x8117a38 "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0", | ||
43 | file=file@entry=0x8117273 "dbus-auth.c", line=line@entry=1545, | ||
44 | func=func@entry=0x8117f8e <__FUNCTION__.3492> "process_ok") | ||
45 | data=0x8157290) at dbus-connection.c:1515 | ||
46 | #0 0x00000033fee353e9 in raise () from /lib64/libc.so.6 | ||
47 | #1 0x00000033fee38508 in abort () from /lib64/libc.so.6 | ||
48 | #2 0x000000000047d585 in _dbus_abort () at dbus-sysdeps.c:94 | ||
49 | #3 0x0000000000466486 in _dbus_real_assert (condition=<optimized out>, | ||
50 | condition_text=condition_text@entry=0x4c2988 "_dbus_string_get_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server) == 0", | ||
51 | file=file@entry=0x4c21a5 "dbus-auth.c", line=line@entry=1546, | ||
52 | func=func@entry=0x4c2fce <__FUNCTION__.3845> "process_ok") | ||
53 | at dbus-internals.c:931 | ||
54 | #4 0x000000000048d424 in process_ok (args_from_ok=0x7fffffffe480, | ||
55 | auth=0x6ff340) at dbus-auth.c:1546 | ||
56 | #5 handle_client_state_waiting_for_data (auth=0x6ff340, | ||
57 | command=<optimized out>, args=0x7fffffffe480) at dbus-auth.c:1996 | ||
58 | #6 0x000000000048e789 in process_command (auth=0x6ff340) at dbus-auth.c:2208 | ||
59 | #7 _dbus_auth_do_work (auth=0x6ff340) at dbus-auth.c:2458 | ||
60 | #8 0x000000000046091d in do_authentication ( | ||
61 | transport=transport@entry=0x6ffaa0, do_reading=do_reading@entry=1, | ||
62 | do_writing=do_writing@entry=0, | ||
63 | auth_completed=auth_completed@entry=0x7fffffffe55c) | ||
64 | at dbus-transport-socket.c:442 | ||
65 | #9 0x0000000000461d08 in socket_handle_watch (transport=0x6ffaa0, | ||
66 | watch=0x6f4190, flags=1) at dbus-transport-socket.c:921 | ||
67 | #10 0x000000000045fa3a in _dbus_transport_handle_watch (transport=0x6ffaa0, | ||
68 | |||
69 | Once send_negotiate_unix_fd failed, this failure will happen, since | ||
70 | auth->guid_from_server has been set to some value before | ||
71 | send_negotiate_unix_fd. send_negotiate_unix_fd failure will lead to | ||
72 | this auth be handled by process_ok again, but this auth->guid_from_server | ||
73 | is not zero. | ||
74 | |||
75 | So we should clear auth->guid_from_server if send_negotiate_unix_fd failed | ||
76 | |||
77 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
78 | --- | ||
79 | dbus/dbus-auth.c | 9 +++++++-- | ||
80 | 1 file changed, 7 insertions(+), 2 deletions(-) | ||
81 | |||
82 | diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c | ||
83 | index d2c37a7..37b45c6 100644 | ||
84 | --- a/dbus/dbus-auth.c | ||
85 | +++ b/dbus/dbus-auth.c | ||
86 | @@ -1571,8 +1571,13 @@ process_ok(DBusAuth *auth, | ||
87 | _dbus_verbose ("Got GUID '%s' from the server\n", | ||
88 | _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server)); | ||
89 | |||
90 | - if (auth->unix_fd_possible) | ||
91 | - return send_negotiate_unix_fd(auth); | ||
92 | + if (auth->unix_fd_possible) { | ||
93 | + if (!send_negotiate_unix_fd(auth)) { | ||
94 | + _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0); | ||
95 | + return FALSE; | ||
96 | + } | ||
97 | + return TRUE; | ||
98 | + } | ||
99 | |||
100 | _dbus_verbose("Not negotiating unix fd passing, since not possible\n"); | ||
101 | return send_begin (auth); | ||
102 | -- | ||
103 | 1.7.10.4 | ||
104 | |||
diff --git a/meta/recipes-core/dbus/dbus/python-config.patch b/meta/recipes-core/dbus/dbus/python-config.patch deleted file mode 100644 index da2f10c726..0000000000 --- a/meta/recipes-core/dbus/dbus/python-config.patch +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | When building the dbus-ptest package, we have to enable python. However | ||
2 | checking if the host-system python has the necessary library isn't useful. | ||
3 | |||
4 | Disable the python module check for cross compiling. | ||
5 | |||
6 | Upstream-Status: Inappropriate [oe specific] | ||
7 | |||
8 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> | ||
9 | |||
10 | --- | ||
11 | configure.ac | 7 ------- | ||
12 | 1 file changed, 7 deletions(-) | ||
13 | |||
14 | diff --git a/configure.ac b/configure.ac | ||
15 | index 80d27b4..becc1cc 100644 | ||
16 | --- a/configure.ac | ||
17 | +++ b/configure.ac | ||
18 | @@ -279,13 +279,6 @@ if test "x$enable_tests" = xyes; then | ||
19 | # full test coverage is required, Python is a hard dependency | ||
20 | AC_MSG_NOTICE([Full test coverage (--enable-tests=yes) requires Python, dbus-python, pygi]) | ||
21 | AM_PATH_PYTHON([2.6]) | ||
22 | - AC_MSG_CHECKING([for Python modules for full test coverage]) | ||
23 | - if "$PYTHON" -c "import dbus, gi.repository.GObject, dbus.mainloop.glib"; then | ||
24 | - AC_MSG_RESULT([yes]) | ||
25 | - else | ||
26 | - AC_MSG_RESULT([no]) | ||
27 | - AC_MSG_ERROR([cannot import dbus, gi.repository.GObject, dbus.mainloop.glib Python modules]) | ||
28 | - fi | ||
29 | else | ||
30 | # --enable-tests not given: do not abort if Python is missing | ||
31 | AM_PATH_PYTHON([2.6], [], [:]) | ||
32 | -- | ||
33 | 1.9.1 | ||
34 | |||
diff --git a/meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch b/meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch deleted file mode 100644 index 7035098e41..0000000000 --- a/meta/recipes-core/dbus/dbus/stop_using_selinux_set_mapping.patch +++ /dev/null | |||
@@ -1,148 +0,0 @@ | |||
1 | From 6072f8b24153d844a3033108a17bcd0c1a967816 Mon Sep 17 00:00:00 2001 | ||
2 | From: Laurent Bigonville <bigon@bigon.be> | ||
3 | Date: Sat, 3 Mar 2018 11:15:23 +0100 | ||
4 | Subject: [PATCH] Stop using selinux_set_mapping() function | ||
5 | |||
6 | Currently, if the "dbus" security class or the associated AV doesn't | ||
7 | exist, dbus-daemon fails to initialize and exits immediately. Also the | ||
8 | security classes or access vector cannot be reordered in the policy. | ||
9 | This can be a problem for people developing their own policy or trying | ||
10 | to access a machine where, for some reasons, there is not policy defined | ||
11 | at all. | ||
12 | |||
13 | The code here copy the behaviour of the selinux_check_access() function. | ||
14 | We cannot use this function here as it doesn't allow us to define the | ||
15 | AVC entry reference. | ||
16 | |||
17 | See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2 | ||
18 | |||
19 | Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/198 | ||
20 | --- | ||
21 | bus/selinux.c | 75 ++++++++++++++++++++++++++++----------------------- | ||
22 | 1 file changed, 42 insertions(+), 33 deletions(-) | ||
23 | |||
24 | |||
25 | Upstream-Status: Backport | ||
26 | Signed-off-by: Nisha.Parrakat <Nisha.Parrakat@kpit.com> | ||
27 | diff --git a/bus/selinux.c b/bus/selinux.c | ||
28 | |||
29 | --- a/bus/selinux.c 2021-08-11 14:45:59.048513026 +0000 | ||
30 | +++ b/bus/selinux.c 2021-08-11 14:57:47.144846966 +0000 | ||
31 | @@ -311,24 +311,6 @@ | ||
32 | #endif | ||
33 | } | ||
34 | |||
35 | -/* | ||
36 | - * Private Flask definitions; the order of these constants must | ||
37 | - * exactly match that of the structure array below! | ||
38 | - */ | ||
39 | -/* security dbus class constants */ | ||
40 | -#define SECCLASS_DBUS 1 | ||
41 | - | ||
42 | -/* dbus's per access vector constants */ | ||
43 | -#define DBUS__ACQUIRE_SVC 1 | ||
44 | -#define DBUS__SEND_MSG 2 | ||
45 | - | ||
46 | -#ifdef HAVE_SELINUX | ||
47 | -static struct security_class_mapping dbus_map[] = { | ||
48 | - { "dbus", { "acquire_svc", "send_msg", NULL } }, | ||
49 | - { NULL } | ||
50 | -}; | ||
51 | -#endif /* HAVE_SELINUX */ | ||
52 | - | ||
53 | /** | ||
54 | * Establish dynamic object class and permission mapping and | ||
55 | * initialize the user space access vector cache (AVC) for D-Bus and set up | ||
56 | @@ -350,13 +332,6 @@ | ||
57 | |||
58 | _dbus_verbose ("SELinux is enabled in this kernel.\n"); | ||
59 | |||
60 | - if (selinux_set_mapping (dbus_map) < 0) | ||
61 | - { | ||
62 | - _dbus_warn ("Failed to set up security class mapping (selinux_set_mapping():%s).", | ||
63 | - strerror (errno)); | ||
64 | - return FALSE; | ||
65 | - } | ||
66 | - | ||
67 | avc_entry_ref_init (&aeref); | ||
68 | if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0) | ||
69 | { | ||
70 | @@ -421,19 +396,53 @@ | ||
71 | static dbus_bool_t | ||
72 | bus_selinux_check (BusSELinuxID *sender_sid, | ||
73 | BusSELinuxID *override_sid, | ||
74 | - security_class_t target_class, | ||
75 | - access_vector_t requested, | ||
76 | + const char *target_class, | ||
77 | + const char *requested, | ||
78 | DBusString *auxdata) | ||
79 | { | ||
80 | + int saved_errno; | ||
81 | + security_class_t security_class; | ||
82 | + access_vector_t requested_access; | ||
83 | + | ||
84 | if (!selinux_enabled) | ||
85 | return TRUE; | ||
86 | |||
87 | + security_class = string_to_security_class (target_class); | ||
88 | + if (security_class == 0) | ||
89 | + { | ||
90 | + saved_errno = errno; | ||
91 | + log_callback (SELINUX_ERROR, "Unknown class %s", target_class); | ||
92 | + if (security_deny_unknown () == 0) | ||
93 | + { | ||
94 | + return TRUE; | ||
95 | + } | ||
96 | + | ||
97 | + _dbus_verbose ("Unknown class %s\n", target_class); | ||
98 | + errno = saved_errno; | ||
99 | + return FALSE; | ||
100 | + } | ||
101 | + | ||
102 | + requested_access = string_to_av_perm (security_class, requested); | ||
103 | + if (requested_access == 0) | ||
104 | + { | ||
105 | + saved_errno = errno; | ||
106 | + log_callback (SELINUX_ERROR, "Unknown permission %s for class %s", requested, target_class); | ||
107 | + if (security_deny_unknown () == 0) | ||
108 | + { | ||
109 | + return TRUE; | ||
110 | + } | ||
111 | + | ||
112 | + _dbus_verbose ("Unknown permission %s for class %s\n", requested, target_class); | ||
113 | + errno = saved_errno; | ||
114 | + return FALSE; | ||
115 | + } | ||
116 | + | ||
117 | /* Make the security check. AVC checks enforcing mode here as well. */ | ||
118 | if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), | ||
119 | override_sid ? | ||
120 | SELINUX_SID_FROM_BUS (override_sid) : | ||
121 | bus_sid, | ||
122 | - target_class, requested, &aeref, auxdata) < 0) | ||
123 | + security_class, requested_access, &aeref, auxdata) < 0) | ||
124 | { | ||
125 | switch (errno) | ||
126 | { | ||
127 | @@ -500,8 +509,8 @@ | ||
128 | |||
129 | ret = bus_selinux_check (connection_sid, | ||
130 | service_sid, | ||
131 | - SECCLASS_DBUS, | ||
132 | - DBUS__ACQUIRE_SVC, | ||
133 | + "dbus", | ||
134 | + "acquire_svc", | ||
135 | &auxdata); | ||
136 | |||
137 | _dbus_string_free (&auxdata); | ||
138 | @@ -629,8 +638,8 @@ | ||
139 | |||
140 | ret = bus_selinux_check (sender_sid, | ||
141 | recipient_sid, | ||
142 | - SECCLASS_DBUS, | ||
143 | - DBUS__SEND_MSG, | ||
144 | + "dbus", | ||
145 | + "send_msg", | ||
146 | &auxdata); | ||
147 | |||
148 | _dbus_string_free (&auxdata); | ||
diff --git a/meta/recipes-core/dbus/dbus_1.12.22.bb b/meta/recipes-core/dbus/dbus_1.14.0.bb index 792f34c7ef..7598c45f8e 100644 --- a/meta/recipes-core/dbus/dbus_1.12.22.bb +++ b/meta/recipes-core/dbus/dbus_1.14.0.bb | |||
@@ -7,18 +7,15 @@ inherit autotools pkgconfig gettext upstream-version-is-even ptest-gnome | |||
7 | 7 | ||
8 | LICENSE = "AFL-2.1 | GPL-2.0-or-later" | 8 | LICENSE = "AFL-2.1 | GPL-2.0-or-later" |
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ |
10 | file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" | 10 | file://dbus/dbus.h;beginline=6;endline=20;md5=866739837ccd835350af94dccd6457d8" |
11 | 11 | ||
12 | SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ | 12 | SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \ |
13 | file://run-ptest \ | 13 | file://run-ptest \ |
14 | file://python-config.patch \ | ||
15 | file://tmpdir.patch \ | 14 | file://tmpdir.patch \ |
16 | file://dbus-1.init \ | 15 | file://dbus-1.init \ |
17 | file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ | ||
18 | file://stop_using_selinux_set_mapping.patch \ | ||
19 | " | 16 | " |
20 | 17 | ||
21 | SRC_URI[sha256sum] = "8d25785c798ec4f892e6f9d177fb0ceeb8b29867b119798f9d5228561d3ad474" | 18 | SRC_URI[sha256sum] = "ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4" |
22 | 19 | ||
23 | EXTRA_OECONF = "--disable-xml-docs \ | 20 | EXTRA_OECONF = "--disable-xml-docs \ |
24 | --disable-doxygen-docs \ | 21 | --disable-doxygen-docs \ |
@@ -37,7 +34,7 @@ PACKAGECONFIG:class-native = "" | |||
37 | PACKAGECONFIG:class-nativesdk = "" | 34 | PACKAGECONFIG:class-nativesdk = "" |
38 | 35 | ||
39 | PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" | 36 | PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" |
40 | PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" | 37 | PACKAGECONFIG[x11] = "--enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" |
41 | PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" | 38 | PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" |
42 | PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," | 39 | PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," |
43 | PACKAGECONFIG[audit] = "--enable-libaudit,--disable-libaudit,audit" | 40 | PACKAGECONFIG[audit] = "--enable-libaudit,--disable-libaudit,audit" |