5 files changed, 145 insertions, 147 deletions
diff --git a/meta/recipes-core/dbus/dbus-test_1.12.16.bb b/meta/recipes-core/dbus/dbus-test_1.12.24.bb
index bea0e74ed0..755c841bad 100644
--- a/meta/recipes-core/dbus/dbus-test_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus-test_1.12.24.bb
@@ -1,57 +1,31 @@
 SUMMARY = "D-Bus test package (for D-bus functionality testing only)"
 HOMEPAGE = "http://dbus.freedesktop.org"
 SECTION = "base"
-LICENSE = "AFL-2.1 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
-                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
-DEPENDS = "dbus glib-2.0"
+require dbus.inc
-RDEPENDS_${PN}-dev = ""
+SRC_URI += "file://run-ptest \
+            file://python-config.patch \
+            "
-SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
+DEPENDS = "dbus glib-2.0"
-           file://tmpdir.patch \
-           file://run-ptest \
-           file://python-config.patch \
-           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
-           "
-SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
+RDEPENDS_${PN}-dev = ""
-SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80"
 S="${WORKDIR}/dbus-${PV}"
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
-inherit autotools pkgconfig gettext ptest upstream-version-is-even
+inherit ptest
-EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}"
+EXTRA_OECONF += "--enable-tests \
-EXTRA_OECONF_X_class-native = "--without-x"
-EXTRA_OECONF = "--enable-tests \
                --enable-modular-tests \
                --enable-installed-tests \
                --enable-checks \
                --enable-asserts \
-                --enable-largefile \
-                --disable-xml-docs \
-                --disable-doxygen-docs \
-                --disable-libaudit \
                --with-dbus-test-dir=${PTEST_PATH} \
-                ${EXTRA_OECONF_X} \
                --enable-embedded-tests \
             "
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
-PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
-PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
-PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
 do_install() {
    :
 }
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc
new file mode 100644
index 0000000000..9b5cc53d92
--- /dev/null
+++ b/meta/recipes-core/dbus/dbus.inc
@@ -0,0 +1,36 @@
+inherit autotools pkgconfig gettext upstream-version-is-even
+LICENSE = "AFL-2.1 | GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
+                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
+SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
+           file://tmpdir.patch \
+           file://dbus-1.init \
+           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+           file://CVE-2023-34969.patch \
+"
+SRC_URI[sha256sum] = "bc42d196c1756ac520d61bf3ccd6f42013617def45dd1e591a6091abf51dca38"
+EXTRA_OECONF = "--disable-xml-docs \
+                --disable-doxygen-docs \
+                --disable-libaudit \
+                --enable-largefile \
+                --with-system-socket=/run/dbus/system_bus_socket \
+                "
+EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
+EXTRA_OECONF_append_class-native = " --disable-selinux"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
+                   user-session \
+                  "
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
+PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
+PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
+PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
+CVE_PRODUCT += "d-bus_project:d-bus freedesktop:dbus freedesktop:libdbus"
diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
deleted file mode 100644
index ac7a4b7a71..0000000000
--- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
-From: Simon McVittie <smcv@collabora.com>
-Date: Thu, 16 Apr 2020 14:45:11 +0100
-Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
-MSG_CTRUNC indicates that we have received fewer fds that we should
-have done because the buffer was too small, but we were treating it
-as though it indicated that we received *no* fds. If we received any,
-we still have to make sure we close them, otherwise they will be leaked.
-On the system bus, if an attacker can induce us to leak fds in this
-way, that's a local denial of service via resource exhaustion.
-Reported-by: Kevin Backhouse, GitHub Security Lab
-Fixes: dbus#294
-Fixes: CVE-2020-12049
-Fixes: GHSL-2020-057
-Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63]
-CVE: CVE-2020-12049
-Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
---
- dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
- 1 file changed, 20 insertions(+), 12 deletions(-)
-diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
-index b5fc2466..b176dae1 100644
--- a/dbus/dbus-sysdeps-unix.c
-+++ b/dbus/dbus-sysdeps-unix.c
-@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket        fd,
-       struct cmsghdr *cm;
-       dbus_bool_t found = FALSE;
- 
-      if (m.msg_flags & MSG_CTRUNC)
-        {
-          /* Hmm, apparently the control data was truncated. The bad
-             thing is that we might have completely lost a couple of fds
-             without chance to recover them. Hence let's treat this as a
-             serious error. */
-
-          errno = ENOSPC;
-          _dbus_string_set_length (buffer, start);
-          return -1;
-        }
-
-       for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
-         if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
-           {
-@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket        fd,
-       if (!found)
-         *n_fds = 0;
- 
-+      if (m.msg_flags & MSG_CTRUNC)
-+        {
-+          unsigned int i;
-+
-+          /* Hmm, apparently the control data was truncated. The bad
-+             thing is that we might have completely lost a couple of fds
-+             without chance to recover them. Hence let's treat this as a
-+             serious error. */
-+
-+          /* We still need to close whatever fds we *did* receive,
-+           * otherwise they'll never get closed. (CVE-2020-12049) */
-+          for (i = 0; i < *n_fds; i++)
-+            close (fds[i]);
-+
-+          *n_fds = 0;
-+          errno = ENOSPC;
-+          _dbus_string_set_length (buffer, start);
-+          return -1;
-+        }
-+
-       /* put length back (doesn't actually realloc) */
-       _dbus_string_set_length (buffer, start + bytes_read);
- 
-- 
-2.25.1
diff --git a/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch b/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch
new file mode 100644
index 0000000000..8f29185cf6
--- /dev/null
+++ b/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch
@@ -0,0 +1,96 @@
+From 37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c Mon Sep 17 00:00:00 2001
+From: hongjinghao <q1204531485@163.com>
+Date: Mon, 5 Jun 2023 18:17:06 +0100
+Subject: [PATCH] bus: Assign a serial number for messages from the driver
+Normally, it's enough to rely on a message being given a serial number
+by the DBusConnection just before it is actually sent. However, in the
+rare case where the policy blocks the driver from sending a message
+(due to a deny rule or the outgoing message quota being full), we need
+to get a valid serial number sooner, so that we can copy it into the
+DBUS_HEADER_FIELD_REPLY_SERIAL field (which is mandatory) in the error
+message sent to monitors. Otherwise, the dbus-daemon will crash with
+an assertion failure if at least one Monitoring client is attached,
+because zero is not a valid serial number to copy.
+This fixes a denial-of-service vulnerability: if a privileged user is
+monitoring the well-known system bus using a Monitoring client like
+dbus-monitor or `busctl monitor`, then an unprivileged user can cause
+denial-of-service by triggering this crash. A mitigation for this
+vulnerability is to avoid attaching Monitoring clients to the system
+bus when they are not needed. If there are no Monitoring clients, then
+the vulnerable code is not reached.
+Co-authored-by: Simon McVittie <smcv@collabora.com>
+Resolves: dbus/dbus#457
+(cherry picked from commit b159849e031000d1dbc1ab876b5fc78a3ce9b534)
+---
+ bus/connection.c                | 15 +++++++++++++++
+ dbus/dbus-connection-internal.h |  2 ++
+ dbus/dbus-connection.c          | 11 ++++++++++-
+ 3 files changed, 27 insertions(+), 1 deletion(-)
+diff --git a/bus/connection.c b/bus/connection.c
+index b3583433..215f0230 100644
+--- a/bus/connection.c
+++ b/bus/connection.c
+@@ -2350,6 +2350,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
+   if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS))
+     return FALSE;
+ 
+  /* Make sure the message has a non-zero serial number, otherwise
+   * bus_transaction_capture_error_reply() will not be able to mock up
+   * a corresponding reply for it. Normally this would be delayed until
+   * the first time we actually send the message out from a
+   * connection, when the transaction is committed, but that's too late
+   * in this case.
+   */
+  if (dbus_message_get_serial (message) == 0)
+    {
+      dbus_uint32_t next_serial;
+
+      next_serial = _dbus_connection_get_next_client_serial (connection);
+      dbus_message_set_serial (message, next_serial);
+    }
+
+   if (bus_connection_is_active (connection))
+     {
+       if (!dbus_message_set_destination (message,
+diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h
+index 48357321..ba79b192 100644
+--- a/dbus/dbus-connection-internal.h
+++ b/dbus/dbus-connection-internal.h
+@@ -54,6 +54,8 @@ DBUS_PRIVATE_EXPORT
+ DBusConnection *  _dbus_connection_ref_unlocked                (DBusConnection     *connection);
+ DBUS_PRIVATE_EXPORT
+ void              _dbus_connection_unref_unlocked              (DBusConnection     *connection);
+DBUS_PRIVATE_EXPORT
+dbus_uint32_t     _dbus_connection_get_next_client_serial      (DBusConnection *connection);
+ void              _dbus_connection_queue_received_message_link (DBusConnection     *connection,
+                                                                 DBusList           *link);
+ dbus_bool_t       _dbus_connection_has_messages_to_send_unlocked (DBusConnection     *connection);
+diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
+index c525b6dc..09cef278 100644
+--- a/dbus/dbus-connection.c
+++ b/dbus/dbus-connection.c
+@@ -1456,7 +1456,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection)
+     _dbus_connection_last_unref (connection);
+ }
+ 
+-static dbus_uint32_t
+/**
+ * Allocate and return the next non-zero serial number for outgoing messages.
+ *
+ * This method is only valid to call from single-threaded code, such as
+ * the dbus-daemon, or with the connection lock held.
+ *
+ * @param connection the connection
+ * @returns A suitable serial number for the next message to be sent on the connection.
+ */
+dbus_uint32_t
+ _dbus_connection_get_next_client_serial (DBusConnection *connection)
+ {
+   dbus_uint32_t serial;
+-- 
+2.25.1
diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.24.bb
index 10d1b34448..cf6f7dc0ef 100644
--- a/meta/recipes-core/dbus/dbus_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus_1.12.24.bb
@@ -2,9 +2,9 @@ SUMMARY = "D-Bus message bus"
 DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed."
 HOMEPAGE = "https://dbus.freedesktop.org"
 SECTION = "base"
-LICENSE = "AFL-2.1 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
+require dbus.inc
-                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
 DEPENDS = "expat virtual/libintl autoconf-archive"
 RDEPENDS_dbus_class-native = ""
 RDEPENDS_dbus_class-nativesdk = ""
@@ -12,17 +12,7 @@ PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '',
 ALLOW_EMPTY_dbus-ptest = "1"
 RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest"
-SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
+inherit useradd update-rc.d
-           file://tmpdir.patch \
-           file://dbus-1.init \
-           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
-           file://CVE-2020-12049.patch \
-"
-SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
-SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80"
-inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even
 INITSCRIPT_NAME = "dbus-1"
 INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."
@@ -93,27 +83,7 @@ pkg_postinst_dbus() {
 }
-EXTRA_OECONF = "--disable-tests \
+EXTRA_OECONF += "--disable-tests"
-                --disable-xml-docs \
-                --disable-doxygen-docs \
-                --disable-libaudit \
-                --enable-largefile \
-                --with-system-socket=/run/dbus/system_bus_socket \
-                "
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-EXTRA_OECONF_append_class-native = " --disable-selinux"
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
-                   user-session \
-                  "
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
-PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
-PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
 do_install() {
        autotools_do_install

diff --git a/meta/recipes-core/dbus/dbus-test_1.12.16.bb b/meta/recipes-core/dbus/dbus-test_1.12.24.bb index bea0e74ed0..755c841bad 100644 --- a/meta/recipes-core/dbus/dbus-test_1.12.16.bb +++ b/meta/recipes-core/dbus/dbus-test_1.12.24.bb
@@ -1,57 +1,31 @@
1	SUMMARY = "D-Bus test package (for D-bus functionality testing only)"	1	SUMMARY = "D-Bus test package (for D-bus functionality testing only)"
2	HOMEPAGE = "http://dbus.freedesktop.org"	2	HOMEPAGE = "http://dbus.freedesktop.org"
3	SECTION = "base"	3	SECTION = "base"
4	LICENSE = "AFL-2.1 \| GPLv2+"
5	LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
6	file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
7		4
8	DEPENDS = "dbus glib-2.0"	5	require dbus.inc
9		6
10	RDEPENDS_${PN}-dev = ""	7	SRC_URI += "file://run-ptest \
		8	file://python-config.patch \
		9	"
11		10
12	SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \	11	DEPENDS = "dbus glib-2.0"
13	file://tmpdir.patch \
14	file://run-ptest \
15	file://python-config.patch \
16	file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
17	"
18		12
19	SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"	13	RDEPENDS_${PN}-dev = ""
20	SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80"
21		14
22	S="${WORKDIR}/dbus-${PV}"	15	S="${WORKDIR}/dbus-${PV}"
23	FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"	16	FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
24		17
25	inherit autotools pkgconfig gettext ptest upstream-version-is-even	18	inherit ptest
26		19
27	EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}"	20	EXTRA_OECONF += "--enable-tests \
28	EXTRA_OECONF_X_class-native = "--without-x"
29
30	EXTRA_OECONF = "--enable-tests \
31	--enable-modular-tests \	21	--enable-modular-tests \
32	--enable-installed-tests \	22	--enable-installed-tests \
33	--enable-checks \	23	--enable-checks \
34	--enable-asserts \	24	--enable-asserts \
35	--enable-largefile \
36	--disable-xml-docs \
37	--disable-doxygen-docs \
38	--disable-libaudit \
39	--with-dbus-test-dir=${PTEST_PATH} \	25	--with-dbus-test-dir=${PTEST_PATH} \
40	${EXTRA_OECONF_X} \
41	--enable-embedded-tests \	26	--enable-embedded-tests \
42	"	27	"
43		28
44	EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
45
46	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
47	PACKAGECONFIG_class-native = ""
48	PACKAGECONFIG_class-nativesdk = ""
49
50	PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
51	PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
52	PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
53	PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
54
55	do_install() {	29	do_install() {
56	:	30	:
57	}	31	}


diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc new file mode 100644 index 0000000000..9b5cc53d92 --- /dev/null +++ b/meta/recipes-core/dbus/dbus.inc
@@ -0,0 +1,36 @@
		1	inherit autotools pkgconfig gettext upstream-version-is-even
		2
		3	LICENSE = "AFL-2.1 \| GPLv2+"
		4	LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
		5	file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
		6
		7	SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
		8	file://tmpdir.patch \
		9	file://dbus-1.init \
		10	file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
		11	file://CVE-2023-34969.patch \
		12	"
		13
		14	SRC_URI[sha256sum] = "bc42d196c1756ac520d61bf3ccd6f42013617def45dd1e591a6091abf51dca38"
		15
		16	EXTRA_OECONF = "--disable-xml-docs \
		17	--disable-doxygen-docs \
		18	--disable-libaudit \
		19	--enable-largefile \
		20	--with-system-socket=/run/dbus/system_bus_socket \
		21	"
		22	EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
		23	EXTRA_OECONF_append_class-native = " --disable-selinux"
		24
		25	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
		26	user-session \
		27	"
		28	PACKAGECONFIG_class-native = ""
		29	PACKAGECONFIG_class-nativesdk = ""
		30
		31	PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
		32	PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
		33	PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
		34	PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
		35
		36	CVE_PRODUCT += "d-bus_project:d-bus freedesktop:dbus freedesktop:libdbus"


diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch deleted file mode 100644 index ac7a4b7a71..0000000000 --- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch +++ /dev/null
@@ -1,78 +0,0 @@
1	From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
2	From: Simon McVittie <smcv@collabora.com>
3	Date: Thu, 16 Apr 2020 14:45:11 +0100
4	Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
5
6	MSG_CTRUNC indicates that we have received fewer fds that we should
7	have done because the buffer was too small, but we were treating it
8	as though it indicated that we received no fds. If we received any,
9	we still have to make sure we close them, otherwise they will be leaked.
10
11	On the system bus, if an attacker can induce us to leak fds in this
12	way, that's a local denial of service via resource exhaustion.
13
14	Reported-by: Kevin Backhouse, GitHub Security Lab
15	Fixes: dbus#294
16	Fixes: CVE-2020-12049
17	Fixes: GHSL-2020-057
18
19	Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63]
20	CVE: CVE-2020-12049
21	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
22	---
23	dbus/dbus-sysdeps-unix.c \| 32 ++++++++++++++++++++------------
24	1 file changed, 20 insertions(+), 12 deletions(-)
25
26	diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
27	index b5fc2466..b176dae1 100644
28	--- a/dbus/dbus-sysdeps-unix.c
29	+++ b/dbus/dbus-sysdeps-unix.c
30	@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
31	struct cmsghdr *cm;
32	dbus_bool_t found = FALSE;
33
34	- if (m.msg_flags & MSG_CTRUNC)
35	- {
36	- /* Hmm, apparently the control data was truncated. The bad
37	- thing is that we might have completely lost a couple of fds
38	- without chance to recover them. Hence let's treat this as a
39	- serious error. */
40	-
41	- errno = ENOSPC;
42	- _dbus_string_set_length (buffer, start);
43	- return -1;
44	- }
45	-
46	for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
47	if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
48	{
49	@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
50	if (!found)
51	*n_fds = 0;
52
53	+ if (m.msg_flags & MSG_CTRUNC)
54	+ {
55	+ unsigned int i;
56	+
57	+ /* Hmm, apparently the control data was truncated. The bad
58	+ thing is that we might have completely lost a couple of fds
59	+ without chance to recover them. Hence let's treat this as a
60	+ serious error. */
61	+
62	+ /* We still need to close whatever fds we did receive,
63	+ * otherwise they'll never get closed. (CVE-2020-12049) */
64	+ for (i = 0; i < *n_fds; i++)
65	+ close (fds[i]);
66	+
67	+ *n_fds = 0;
68	+ errno = ENOSPC;
69	+ _dbus_string_set_length (buffer, start);
70	+ return -1;
71	+ }
72	+
73	/* put length back (doesn't actually realloc) */
74	_dbus_string_set_length (buffer, start + bytes_read);
75
76	--
77	2.25.1
78


diff --git a/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch b/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch new file mode 100644 index 0000000000..8f29185cf6 --- /dev/null +++ b/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch
@@ -0,0 +1,96 @@
		1	From 37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c Mon Sep 17 00:00:00 2001
		2	From: hongjinghao <q1204531485@163.com>
		3	Date: Mon, 5 Jun 2023 18:17:06 +0100
		4	Subject: [PATCH] bus: Assign a serial number for messages from the driver
		5
		6	Normally, it's enough to rely on a message being given a serial number
		7	by the DBusConnection just before it is actually sent. However, in the
		8	rare case where the policy blocks the driver from sending a message
		9	(due to a deny rule or the outgoing message quota being full), we need
		10	to get a valid serial number sooner, so that we can copy it into the
		11	DBUS_HEADER_FIELD_REPLY_SERIAL field (which is mandatory) in the error
		12	message sent to monitors. Otherwise, the dbus-daemon will crash with
		13	an assertion failure if at least one Monitoring client is attached,
		14	because zero is not a valid serial number to copy.
		15
		16	This fixes a denial-of-service vulnerability: if a privileged user is
		17	monitoring the well-known system bus using a Monitoring client like
		18	dbus-monitor or `busctl monitor`, then an unprivileged user can cause
		19	denial-of-service by triggering this crash. A mitigation for this
		20	vulnerability is to avoid attaching Monitoring clients to the system
		21	bus when they are not needed. If there are no Monitoring clients, then
		22	the vulnerable code is not reached.
		23
		24	Co-authored-by: Simon McVittie <smcv@collabora.com>
		25	Resolves: dbus/dbus#457
		26	(cherry picked from commit b159849e031000d1dbc1ab876b5fc78a3ce9b534)
		27	---
		28	bus/connection.c \| 15 +++++++++++++++
		29	dbus/dbus-connection-internal.h \| 2 ++
		30	dbus/dbus-connection.c \| 11 ++++++++++-
		31	3 files changed, 27 insertions(+), 1 deletion(-)
		32
		33	diff --git a/bus/connection.c b/bus/connection.c
		34	index b3583433..215f0230 100644
		35	--- a/bus/connection.c
		36	+++ b/bus/connection.c
		37	@@ -2350,6 +2350,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
		38	if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS))
		39	return FALSE;
		40
		41	+ /* Make sure the message has a non-zero serial number, otherwise
		42	+ * bus_transaction_capture_error_reply() will not be able to mock up
		43	+ * a corresponding reply for it. Normally this would be delayed until
		44	+ * the first time we actually send the message out from a
		45	+ * connection, when the transaction is committed, but that's too late
		46	+ * in this case.
		47	+ */
		48	+ if (dbus_message_get_serial (message) == 0)
		49	+ {
		50	+ dbus_uint32_t next_serial;
		51	+
		52	+ next_serial = _dbus_connection_get_next_client_serial (connection);
		53	+ dbus_message_set_serial (message, next_serial);
		54	+ }
		55	+
		56	if (bus_connection_is_active (connection))
		57	{
		58	if (!dbus_message_set_destination (message,
		59	diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h
		60	index 48357321..ba79b192 100644
		61	--- a/dbus/dbus-connection-internal.h
		62	+++ b/dbus/dbus-connection-internal.h
		63	@@ -54,6 +54,8 @@ DBUS_PRIVATE_EXPORT
		64	DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection);
		65	DBUS_PRIVATE_EXPORT
		66	void _dbus_connection_unref_unlocked (DBusConnection *connection);
		67	+DBUS_PRIVATE_EXPORT
		68	+dbus_uint32_t _dbus_connection_get_next_client_serial (DBusConnection *connection);
		69	void _dbus_connection_queue_received_message_link (DBusConnection *connection,
		70	DBusList *link);
		71	dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection);
		72	diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
		73	index c525b6dc..09cef278 100644
		74	--- a/dbus/dbus-connection.c
		75	+++ b/dbus/dbus-connection.c
		76	@@ -1456,7 +1456,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection)
		77	_dbus_connection_last_unref (connection);
		78	}
		79
		80	-static dbus_uint32_t
		81	+/**
		82	+ * Allocate and return the next non-zero serial number for outgoing messages.
		83	+ *
		84	+ * This method is only valid to call from single-threaded code, such as
		85	+ * the dbus-daemon, or with the connection lock held.
		86	+ *
		87	+ * @param connection the connection
		88	+ * @returns A suitable serial number for the next message to be sent on the connection.
		89	+ */
		90	+dbus_uint32_t
		91	_dbus_connection_get_next_client_serial (DBusConnection *connection)
		92	{
		93	dbus_uint32_t serial;
		94	--
		95	2.25.1
		96


diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.24.bb index 10d1b34448..cf6f7dc0ef 100644 --- a/meta/recipes-core/dbus/dbus_1.12.16.bb +++ b/meta/recipes-core/dbus/dbus_1.12.24.bb
@@ -2,9 +2,9 @@ SUMMARY = "D-Bus message bus"
2	DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed."	2	DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed."
3	HOMEPAGE = "https://dbus.freedesktop.org"	3	HOMEPAGE = "https://dbus.freedesktop.org"
4	SECTION = "base"	4	SECTION = "base"
5	LICENSE = "AFL-2.1 \| GPLv2+"	5
6	LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \	6	require dbus.inc
7	file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"	7
8	DEPENDS = "expat virtual/libintl autoconf-archive"	8	DEPENDS = "expat virtual/libintl autoconf-archive"
9	RDEPENDS_dbus_class-native = ""	9	RDEPENDS_dbus_class-native = ""
10	RDEPENDS_dbus_class-nativesdk = ""	10	RDEPENDS_dbus_class-nativesdk = ""
@@ -12,17 +12,7 @@ PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '',
12	ALLOW_EMPTY_dbus-ptest = "1"	12	ALLOW_EMPTY_dbus-ptest = "1"
13	RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest"	13	RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest"
14		14
15	SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \	15	inherit useradd update-rc.d
16	file://tmpdir.patch \
17	file://dbus-1.init \
18	file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
19	file://CVE-2020-12049.patch \
20	"
21
22	SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
23	SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80"
24
25	inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even
26		16
27	INITSCRIPT_NAME = "dbus-1"	17	INITSCRIPT_NAME = "dbus-1"
28	INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."	18	INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."
@@ -93,27 +83,7 @@ pkg_postinst_dbus() {
93	}	83	}
94		84
95		85
96	EXTRA_OECONF = "--disable-tests \	86	EXTRA_OECONF += "--disable-tests"
97	--disable-xml-docs \
98	--disable-doxygen-docs \
99	--disable-libaudit \
100	--enable-largefile \
101	--with-system-socket=/run/dbus/system_bus_socket \
102	"
103
104	EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
105	EXTRA_OECONF_append_class-native = " --disable-selinux"
106
107	PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
108	user-session \
109	"
110
111	PACKAGECONFIG_class-native = ""
112	PACKAGECONFIG_class-nativesdk = ""
113
114	PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
115	PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
116	PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
117		87
118	do_install() {	88	do_install() {
119	autotools_do_install	89	autotools_do_install