diff options
| author |   Wang Mingyu <wangmy@cn.fujitsu.com> | 2021-09-07 16:32:23 -0700 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2021-09-10 05:49:28 -1000 |
| commit | 7337d7e4faf20a513c065c44d7d9d472334452b2 (patch) | |
| tree | c13534d96757573c13b377eb815d5721ae93074d | |
| parent | ed52bea54f135b7b5367a24bb3861d9bc0c53117 (diff) | |
| download | openembedded-core-contrib-7337d7e4faf20a513c065c44d7d9d472334452b2.tar.gz | |
dbus: upgrade 1.12.16 -> 1.12.18
(From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a62471f0641551717a260c67690d3a7d280ac028)
[Bug fix only update, drop cve patch now included
a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18
8bc1381819 fdpass test: Assert that we don't leak file descriptors
272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix
31297172f1 Update NEWS
041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged container
55b3f71376 Update NEWS
ced04aabc7 doxygen: fix example for dbus_message_append_args
3e40637b10 Update NEWS
3e0ea34966 cmake: Add X11 include path for tools
d0992805d7 doc: replace dbus-send's --address with --peer and --bus
dd32f6b617 Update NEWS
d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12'
2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors
df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12'
beb79b94fb doc: Fix environment variable name in dbus-daemon(1)
eab5d4a420 Start 1.12.18 development]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-core/dbus/dbus/CVE-2020-12049.patch | 78 | ||||
| -rw-r--r-- | meta/recipes-core/dbus/dbus_1.12.18.bb (renamed from meta/recipes-core/dbus/dbus_1.12.16.bb) | 5 |
2 files changed, 2 insertions, 81 deletions
diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch deleted file mode 100644 index ac7a4b7a71..0000000000 --- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001 -From: Simon McVittie <smcv@collabora.com> -Date: Thu, 16 Apr 2020 14:45:11 +0100 -Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive - -MSG_CTRUNC indicates that we have received fewer fds that we should -have done because the buffer was too small, but we were treating it -as though it indicated that we received *no* fds. If we received any, -we still have to make sure we close them, otherwise they will be leaked. - -On the system bus, if an attacker can induce us to leak fds in this -way, that's a local denial of service via resource exhaustion. - -Reported-by: Kevin Backhouse, GitHub Security Lab -Fixes: dbus#294 -Fixes: CVE-2020-12049 -Fixes: GHSL-2020-057 - -Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63] -CVE: CVE-2020-12049 -Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> ---- - dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------ - 1 file changed, 20 insertions(+), 12 deletions(-) - -diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c -index b5fc2466..b176dae1 100644 ---- a/dbus/dbus-sysdeps-unix.c -+++ b/dbus/dbus-sysdeps-unix.c -@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - struct cmsghdr *cm; - dbus_bool_t found = FALSE; - -- if (m.msg_flags & MSG_CTRUNC) -- { -- /* Hmm, apparently the control data was truncated. The bad -- thing is that we might have completely lost a couple of fds -- without chance to recover them. Hence let's treat this as a -- serious error. */ -- -- errno = ENOSPC; -- _dbus_string_set_length (buffer, start); -- return -1; -- } -- - for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) - if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) - { -@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - if (!found) - *n_fds = 0; - -+ if (m.msg_flags & MSG_CTRUNC) -+ { -+ unsigned int i; -+ -+ /* Hmm, apparently the control data was truncated. The bad -+ thing is that we might have completely lost a couple of fds -+ without chance to recover them. Hence let's treat this as a -+ serious error. */ -+ -+ /* We still need to close whatever fds we *did* receive, -+ * otherwise they'll never get closed. (CVE-2020-12049) */ -+ for (i = 0; i < *n_fds; i++) -+ close (fds[i]); -+ -+ *n_fds = 0; -+ errno = ENOSPC; -+ _dbus_string_set_length (buffer, start); -+ return -1; -+ } -+ - /* put length back (doesn't actually realloc) */ - _dbus_string_set_length (buffer, start + bytes_read); - --- -2.25.1 - diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.18.bb index 10d1b34448..2fcb3079ad 100644 --- a/meta/recipes-core/dbus/dbus_1.12.16.bb +++ b/meta/recipes-core/dbus/dbus_1.12.18.bb @@ -16,11 +16,10 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ file://tmpdir.patch \ file://dbus-1.init \ file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ - file://CVE-2020-12049.patch \ " -SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" -SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" +SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" +SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even |