diff options
Diffstat (limited to 'meta/recipes-core/dbus')
-rw-r--r-- | meta/recipes-core/dbus/dbus-test_1.12.24.bb (renamed from meta/recipes-core/dbus/dbus-test_1.12.16.bb) | 42 | ||||
-rw-r--r-- | meta/recipes-core/dbus/dbus.inc | 36 | ||||
-rw-r--r-- | meta/recipes-core/dbus/dbus/CVE-2020-12049.patch | 78 | ||||
-rw-r--r-- | meta/recipes-core/dbus/dbus/CVE-2023-34969.patch | 96 | ||||
-rw-r--r-- | meta/recipes-core/dbus/dbus_1.12.24.bb (renamed from meta/recipes-core/dbus/dbus_1.12.16.bb) | 40 |
5 files changed, 145 insertions, 147 deletions
diff --git a/meta/recipes-core/dbus/dbus-test_1.12.16.bb b/meta/recipes-core/dbus/dbus-test_1.12.24.bb index bea0e74ed0..755c841bad 100644 --- a/meta/recipes-core/dbus/dbus-test_1.12.16.bb +++ b/meta/recipes-core/dbus/dbus-test_1.12.24.bb | |||
@@ -1,57 +1,31 @@ | |||
1 | SUMMARY = "D-Bus test package (for D-bus functionality testing only)" | 1 | SUMMARY = "D-Bus test package (for D-bus functionality testing only)" |
2 | HOMEPAGE = "http://dbus.freedesktop.org" | 2 | HOMEPAGE = "http://dbus.freedesktop.org" |
3 | SECTION = "base" | 3 | SECTION = "base" |
4 | LICENSE = "AFL-2.1 | GPLv2+" | ||
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ | ||
6 | file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" | ||
7 | 4 | ||
8 | DEPENDS = "dbus glib-2.0" | 5 | require dbus.inc |
9 | 6 | ||
10 | RDEPENDS_${PN}-dev = "" | 7 | SRC_URI += "file://run-ptest \ |
8 | file://python-config.patch \ | ||
9 | " | ||
11 | 10 | ||
12 | SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ | 11 | DEPENDS = "dbus glib-2.0" |
13 | file://tmpdir.patch \ | ||
14 | file://run-ptest \ | ||
15 | file://python-config.patch \ | ||
16 | file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ | ||
17 | " | ||
18 | 12 | ||
19 | SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" | 13 | RDEPENDS_${PN}-dev = "" |
20 | SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" | ||
21 | 14 | ||
22 | S="${WORKDIR}/dbus-${PV}" | 15 | S="${WORKDIR}/dbus-${PV}" |
23 | FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" | 16 | FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" |
24 | 17 | ||
25 | inherit autotools pkgconfig gettext ptest upstream-version-is-even | 18 | inherit ptest |
26 | 19 | ||
27 | EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}" | 20 | EXTRA_OECONF += "--enable-tests \ |
28 | EXTRA_OECONF_X_class-native = "--without-x" | ||
29 | |||
30 | EXTRA_OECONF = "--enable-tests \ | ||
31 | --enable-modular-tests \ | 21 | --enable-modular-tests \ |
32 | --enable-installed-tests \ | 22 | --enable-installed-tests \ |
33 | --enable-checks \ | 23 | --enable-checks \ |
34 | --enable-asserts \ | 24 | --enable-asserts \ |
35 | --enable-largefile \ | ||
36 | --disable-xml-docs \ | ||
37 | --disable-doxygen-docs \ | ||
38 | --disable-libaudit \ | ||
39 | --with-dbus-test-dir=${PTEST_PATH} \ | 25 | --with-dbus-test-dir=${PTEST_PATH} \ |
40 | ${EXTRA_OECONF_X} \ | ||
41 | --enable-embedded-tests \ | 26 | --enable-embedded-tests \ |
42 | " | 27 | " |
43 | 28 | ||
44 | EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" | ||
45 | |||
46 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}" | ||
47 | PACKAGECONFIG_class-native = "" | ||
48 | PACKAGECONFIG_class-nativesdk = "" | ||
49 | |||
50 | PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" | ||
51 | PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" | ||
52 | PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" | ||
53 | PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," | ||
54 | |||
55 | do_install() { | 29 | do_install() { |
56 | : | 30 | : |
57 | } | 31 | } |
diff --git a/meta/recipes-core/dbus/dbus.inc b/meta/recipes-core/dbus/dbus.inc new file mode 100644 index 0000000000..9b5cc53d92 --- /dev/null +++ b/meta/recipes-core/dbus/dbus.inc | |||
@@ -0,0 +1,36 @@ | |||
1 | inherit autotools pkgconfig gettext upstream-version-is-even | ||
2 | |||
3 | LICENSE = "AFL-2.1 | GPLv2+" | ||
4 | LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ | ||
5 | file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" | ||
6 | |||
7 | SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ | ||
8 | file://tmpdir.patch \ | ||
9 | file://dbus-1.init \ | ||
10 | file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ | ||
11 | file://CVE-2023-34969.patch \ | ||
12 | " | ||
13 | |||
14 | SRC_URI[sha256sum] = "bc42d196c1756ac520d61bf3ccd6f42013617def45dd1e591a6091abf51dca38" | ||
15 | |||
16 | EXTRA_OECONF = "--disable-xml-docs \ | ||
17 | --disable-doxygen-docs \ | ||
18 | --disable-libaudit \ | ||
19 | --enable-largefile \ | ||
20 | --with-system-socket=/run/dbus/system_bus_socket \ | ||
21 | " | ||
22 | EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" | ||
23 | EXTRA_OECONF_append_class-native = " --disable-selinux" | ||
24 | |||
25 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ | ||
26 | user-session \ | ||
27 | " | ||
28 | PACKAGECONFIG_class-native = "" | ||
29 | PACKAGECONFIG_class-nativesdk = "" | ||
30 | |||
31 | PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" | ||
32 | PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" | ||
33 | PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" | ||
34 | PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," | ||
35 | |||
36 | CVE_PRODUCT += "d-bus_project:d-bus freedesktop:dbus freedesktop:libdbus" | ||
diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch deleted file mode 100644 index ac7a4b7a71..0000000000 --- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001 | ||
2 | From: Simon McVittie <smcv@collabora.com> | ||
3 | Date: Thu, 16 Apr 2020 14:45:11 +0100 | ||
4 | Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive | ||
5 | |||
6 | MSG_CTRUNC indicates that we have received fewer fds that we should | ||
7 | have done because the buffer was too small, but we were treating it | ||
8 | as though it indicated that we received *no* fds. If we received any, | ||
9 | we still have to make sure we close them, otherwise they will be leaked. | ||
10 | |||
11 | On the system bus, if an attacker can induce us to leak fds in this | ||
12 | way, that's a local denial of service via resource exhaustion. | ||
13 | |||
14 | Reported-by: Kevin Backhouse, GitHub Security Lab | ||
15 | Fixes: dbus#294 | ||
16 | Fixes: CVE-2020-12049 | ||
17 | Fixes: GHSL-2020-057 | ||
18 | |||
19 | Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63] | ||
20 | CVE: CVE-2020-12049 | ||
21 | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> | ||
22 | --- | ||
23 | dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------ | ||
24 | 1 file changed, 20 insertions(+), 12 deletions(-) | ||
25 | |||
26 | diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c | ||
27 | index b5fc2466..b176dae1 100644 | ||
28 | --- a/dbus/dbus-sysdeps-unix.c | ||
29 | +++ b/dbus/dbus-sysdeps-unix.c | ||
30 | @@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, | ||
31 | struct cmsghdr *cm; | ||
32 | dbus_bool_t found = FALSE; | ||
33 | |||
34 | - if (m.msg_flags & MSG_CTRUNC) | ||
35 | - { | ||
36 | - /* Hmm, apparently the control data was truncated. The bad | ||
37 | - thing is that we might have completely lost a couple of fds | ||
38 | - without chance to recover them. Hence let's treat this as a | ||
39 | - serious error. */ | ||
40 | - | ||
41 | - errno = ENOSPC; | ||
42 | - _dbus_string_set_length (buffer, start); | ||
43 | - return -1; | ||
44 | - } | ||
45 | - | ||
46 | for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) | ||
47 | if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) | ||
48 | { | ||
49 | @@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, | ||
50 | if (!found) | ||
51 | *n_fds = 0; | ||
52 | |||
53 | + if (m.msg_flags & MSG_CTRUNC) | ||
54 | + { | ||
55 | + unsigned int i; | ||
56 | + | ||
57 | + /* Hmm, apparently the control data was truncated. The bad | ||
58 | + thing is that we might have completely lost a couple of fds | ||
59 | + without chance to recover them. Hence let's treat this as a | ||
60 | + serious error. */ | ||
61 | + | ||
62 | + /* We still need to close whatever fds we *did* receive, | ||
63 | + * otherwise they'll never get closed. (CVE-2020-12049) */ | ||
64 | + for (i = 0; i < *n_fds; i++) | ||
65 | + close (fds[i]); | ||
66 | + | ||
67 | + *n_fds = 0; | ||
68 | + errno = ENOSPC; | ||
69 | + _dbus_string_set_length (buffer, start); | ||
70 | + return -1; | ||
71 | + } | ||
72 | + | ||
73 | /* put length back (doesn't actually realloc) */ | ||
74 | _dbus_string_set_length (buffer, start + bytes_read); | ||
75 | |||
76 | -- | ||
77 | 2.25.1 | ||
78 | |||
diff --git a/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch b/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch new file mode 100644 index 0000000000..8f29185cf6 --- /dev/null +++ b/meta/recipes-core/dbus/dbus/CVE-2023-34969.patch | |||
@@ -0,0 +1,96 @@ | |||
1 | From 37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c Mon Sep 17 00:00:00 2001 | ||
2 | From: hongjinghao <q1204531485@163.com> | ||
3 | Date: Mon, 5 Jun 2023 18:17:06 +0100 | ||
4 | Subject: [PATCH] bus: Assign a serial number for messages from the driver | ||
5 | |||
6 | Normally, it's enough to rely on a message being given a serial number | ||
7 | by the DBusConnection just before it is actually sent. However, in the | ||
8 | rare case where the policy blocks the driver from sending a message | ||
9 | (due to a deny rule or the outgoing message quota being full), we need | ||
10 | to get a valid serial number sooner, so that we can copy it into the | ||
11 | DBUS_HEADER_FIELD_REPLY_SERIAL field (which is mandatory) in the error | ||
12 | message sent to monitors. Otherwise, the dbus-daemon will crash with | ||
13 | an assertion failure if at least one Monitoring client is attached, | ||
14 | because zero is not a valid serial number to copy. | ||
15 | |||
16 | This fixes a denial-of-service vulnerability: if a privileged user is | ||
17 | monitoring the well-known system bus using a Monitoring client like | ||
18 | dbus-monitor or `busctl monitor`, then an unprivileged user can cause | ||
19 | denial-of-service by triggering this crash. A mitigation for this | ||
20 | vulnerability is to avoid attaching Monitoring clients to the system | ||
21 | bus when they are not needed. If there are no Monitoring clients, then | ||
22 | the vulnerable code is not reached. | ||
23 | |||
24 | Co-authored-by: Simon McVittie <smcv@collabora.com> | ||
25 | Resolves: dbus/dbus#457 | ||
26 | (cherry picked from commit b159849e031000d1dbc1ab876b5fc78a3ce9b534) | ||
27 | --- | ||
28 | bus/connection.c | 15 +++++++++++++++ | ||
29 | dbus/dbus-connection-internal.h | 2 ++ | ||
30 | dbus/dbus-connection.c | 11 ++++++++++- | ||
31 | 3 files changed, 27 insertions(+), 1 deletion(-) | ||
32 | |||
33 | diff --git a/bus/connection.c b/bus/connection.c | ||
34 | index b3583433..215f0230 100644 | ||
35 | --- a/bus/connection.c | ||
36 | +++ b/bus/connection.c | ||
37 | @@ -2350,6 +2350,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction, | ||
38 | if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS)) | ||
39 | return FALSE; | ||
40 | |||
41 | + /* Make sure the message has a non-zero serial number, otherwise | ||
42 | + * bus_transaction_capture_error_reply() will not be able to mock up | ||
43 | + * a corresponding reply for it. Normally this would be delayed until | ||
44 | + * the first time we actually send the message out from a | ||
45 | + * connection, when the transaction is committed, but that's too late | ||
46 | + * in this case. | ||
47 | + */ | ||
48 | + if (dbus_message_get_serial (message) == 0) | ||
49 | + { | ||
50 | + dbus_uint32_t next_serial; | ||
51 | + | ||
52 | + next_serial = _dbus_connection_get_next_client_serial (connection); | ||
53 | + dbus_message_set_serial (message, next_serial); | ||
54 | + } | ||
55 | + | ||
56 | if (bus_connection_is_active (connection)) | ||
57 | { | ||
58 | if (!dbus_message_set_destination (message, | ||
59 | diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h | ||
60 | index 48357321..ba79b192 100644 | ||
61 | --- a/dbus/dbus-connection-internal.h | ||
62 | +++ b/dbus/dbus-connection-internal.h | ||
63 | @@ -54,6 +54,8 @@ DBUS_PRIVATE_EXPORT | ||
64 | DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection); | ||
65 | DBUS_PRIVATE_EXPORT | ||
66 | void _dbus_connection_unref_unlocked (DBusConnection *connection); | ||
67 | +DBUS_PRIVATE_EXPORT | ||
68 | +dbus_uint32_t _dbus_connection_get_next_client_serial (DBusConnection *connection); | ||
69 | void _dbus_connection_queue_received_message_link (DBusConnection *connection, | ||
70 | DBusList *link); | ||
71 | dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection); | ||
72 | diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c | ||
73 | index c525b6dc..09cef278 100644 | ||
74 | --- a/dbus/dbus-connection.c | ||
75 | +++ b/dbus/dbus-connection.c | ||
76 | @@ -1456,7 +1456,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection) | ||
77 | _dbus_connection_last_unref (connection); | ||
78 | } | ||
79 | |||
80 | -static dbus_uint32_t | ||
81 | +/** | ||
82 | + * Allocate and return the next non-zero serial number for outgoing messages. | ||
83 | + * | ||
84 | + * This method is only valid to call from single-threaded code, such as | ||
85 | + * the dbus-daemon, or with the connection lock held. | ||
86 | + * | ||
87 | + * @param connection the connection | ||
88 | + * @returns A suitable serial number for the next message to be sent on the connection. | ||
89 | + */ | ||
90 | +dbus_uint32_t | ||
91 | _dbus_connection_get_next_client_serial (DBusConnection *connection) | ||
92 | { | ||
93 | dbus_uint32_t serial; | ||
94 | -- | ||
95 | 2.25.1 | ||
96 | |||
diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.24.bb index 10d1b34448..cf6f7dc0ef 100644 --- a/meta/recipes-core/dbus/dbus_1.12.16.bb +++ b/meta/recipes-core/dbus/dbus_1.12.24.bb | |||
@@ -2,9 +2,9 @@ SUMMARY = "D-Bus message bus" | |||
2 | DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed." | 2 | DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed." |
3 | HOMEPAGE = "https://dbus.freedesktop.org" | 3 | HOMEPAGE = "https://dbus.freedesktop.org" |
4 | SECTION = "base" | 4 | SECTION = "base" |
5 | LICENSE = "AFL-2.1 | GPLv2+" | 5 | |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ | 6 | require dbus.inc |
7 | file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" | 7 | |
8 | DEPENDS = "expat virtual/libintl autoconf-archive" | 8 | DEPENDS = "expat virtual/libintl autoconf-archive" |
9 | RDEPENDS_dbus_class-native = "" | 9 | RDEPENDS_dbus_class-native = "" |
10 | RDEPENDS_dbus_class-nativesdk = "" | 10 | RDEPENDS_dbus_class-nativesdk = "" |
@@ -12,17 +12,7 @@ PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '', | |||
12 | ALLOW_EMPTY_dbus-ptest = "1" | 12 | ALLOW_EMPTY_dbus-ptest = "1" |
13 | RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest" | 13 | RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest" |
14 | 14 | ||
15 | SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ | 15 | inherit useradd update-rc.d |
16 | file://tmpdir.patch \ | ||
17 | file://dbus-1.init \ | ||
18 | file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ | ||
19 | file://CVE-2020-12049.patch \ | ||
20 | " | ||
21 | |||
22 | SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" | ||
23 | SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" | ||
24 | |||
25 | inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even | ||
26 | 16 | ||
27 | INITSCRIPT_NAME = "dbus-1" | 17 | INITSCRIPT_NAME = "dbus-1" |
28 | INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." | 18 | INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." |
@@ -93,27 +83,7 @@ pkg_postinst_dbus() { | |||
93 | } | 83 | } |
94 | 84 | ||
95 | 85 | ||
96 | EXTRA_OECONF = "--disable-tests \ | 86 | EXTRA_OECONF += "--disable-tests" |
97 | --disable-xml-docs \ | ||
98 | --disable-doxygen-docs \ | ||
99 | --disable-libaudit \ | ||
100 | --enable-largefile \ | ||
101 | --with-system-socket=/run/dbus/system_bus_socket \ | ||
102 | " | ||
103 | |||
104 | EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" | ||
105 | EXTRA_OECONF_append_class-native = " --disable-selinux" | ||
106 | |||
107 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ | ||
108 | user-session \ | ||
109 | " | ||
110 | |||
111 | PACKAGECONFIG_class-native = "" | ||
112 | PACKAGECONFIG_class-nativesdk = "" | ||
113 | |||
114 | PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" | ||
115 | PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" | ||
116 | PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" | ||
117 | 87 | ||
118 | do_install() { | 88 | do_install() { |
119 | autotools_do_install | 89 | autotools_do_install |