From 7337d7e4faf20a513c065c44d7d9d472334452b2 Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Tue, 7 Sep 2021 16:32:23 -0700 Subject: dbus: upgrade 1.12.16 -> 1.12.18 (From OE-Core rev: 8d33a2a4e4b6ff8f831523e5b1b16ead6b29cc79) Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit a62471f0641551717a260c67690d3a7d280ac028) [Bug fix only update, drop cve patch now included a0926ef86f (tag: dbus-1.12.18) Prepare 1.12.18 8bc1381819 fdpass test: Assert that we don't leak file descriptors 272d484283 sysdeps-unix: On MSG_CTRUNC, close the fds we did receive <- cve fix 31297172f1 Update NEWS 041d579139 dbus-daemon test: Don't test fd limits if in an unprivileged container 55b3f71376 Update NEWS ced04aabc7 doxygen: fix example for dbus_message_append_args 3e40637b10 Update NEWS 3e0ea34966 cmake: Add X11 include path for tools d0992805d7 doc: replace dbus-send's --address with --peer and --bus dd32f6b617 Update NEWS d251fe7850 Merge branch 'cherry-pick-b034b83b' into 'dbus-1.12' 2c6b0ad7f6 bus: Don't explicitly clear BusConnections.monitors df0c675b93 Merge branch 'cherry-pick-bf71a58e' into 'dbus-1.12' beb79b94fb doc: Fix environment variable name in dbus-daemon(1) eab5d4a420 Start 1.12.18 development] Signed-off-by: Armin Kuster Signed-off-by: Steve Sakoman --- meta/recipes-core/dbus/dbus/CVE-2020-12049.patch | 78 ---------- meta/recipes-core/dbus/dbus_1.12.16.bb | 177 ----------------------- meta/recipes-core/dbus/dbus_1.12.18.bb | 176 ++++++++++++++++++++++ 3 files changed, 176 insertions(+), 255 deletions(-) delete mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch delete mode 100644 meta/recipes-core/dbus/dbus_1.12.16.bb create mode 100644 meta/recipes-core/dbus/dbus_1.12.18.bb diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch deleted file mode 100644 index ac7a4b7a71..0000000000 --- a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Thu, 16 Apr 2020 14:45:11 +0100 -Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive - -MSG_CTRUNC indicates that we have received fewer fds that we should -have done because the buffer was too small, but we were treating it -as though it indicated that we received *no* fds. If we received any, -we still have to make sure we close them, otherwise they will be leaked. - -On the system bus, if an attacker can induce us to leak fds in this -way, that's a local denial of service via resource exhaustion. - -Reported-by: Kevin Backhouse, GitHub Security Lab -Fixes: dbus#294 -Fixes: CVE-2020-12049 -Fixes: GHSL-2020-057 - -Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63] -CVE: CVE-2020-12049 -Signed-off-by: Lee Chee Yang ---- - dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------ - 1 file changed, 20 insertions(+), 12 deletions(-) - -diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c -index b5fc2466..b176dae1 100644 ---- a/dbus/dbus-sysdeps-unix.c -+++ b/dbus/dbus-sysdeps-unix.c -@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - struct cmsghdr *cm; - dbus_bool_t found = FALSE; - -- if (m.msg_flags & MSG_CTRUNC) -- { -- /* Hmm, apparently the control data was truncated. The bad -- thing is that we might have completely lost a couple of fds -- without chance to recover them. Hence let's treat this as a -- serious error. */ -- -- errno = ENOSPC; -- _dbus_string_set_length (buffer, start); -- return -1; -- } -- - for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) - if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) - { -@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - if (!found) - *n_fds = 0; - -+ if (m.msg_flags & MSG_CTRUNC) -+ { -+ unsigned int i; -+ -+ /* Hmm, apparently the control data was truncated. The bad -+ thing is that we might have completely lost a couple of fds -+ without chance to recover them. Hence let's treat this as a -+ serious error. */ -+ -+ /* We still need to close whatever fds we *did* receive, -+ * otherwise they'll never get closed. (CVE-2020-12049) */ -+ for (i = 0; i < *n_fds; i++) -+ close (fds[i]); -+ -+ *n_fds = 0; -+ errno = ENOSPC; -+ _dbus_string_set_length (buffer, start); -+ return -1; -+ } -+ - /* put length back (doesn't actually realloc) */ - _dbus_string_set_length (buffer, start + bytes_read); - --- -2.25.1 - diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.16.bb deleted file mode 100644 index 10d1b34448..0000000000 --- a/meta/recipes-core/dbus/dbus_1.12.16.bb +++ /dev/null @@ -1,177 +0,0 @@ -SUMMARY = "D-Bus message bus" -DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed." -HOMEPAGE = "https://dbus.freedesktop.org" -SECTION = "base" -LICENSE = "AFL-2.1 | GPLv2+" -LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ - file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" -DEPENDS = "expat virtual/libintl autoconf-archive" -RDEPENDS_dbus_class-native = "" -RDEPENDS_dbus_class-nativesdk = "" -PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '', d)}" -ALLOW_EMPTY_dbus-ptest = "1" -RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest" - -SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ - file://tmpdir.patch \ - file://dbus-1.init \ - file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ - file://CVE-2020-12049.patch \ -" - -SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" -SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" - -inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even - -INITSCRIPT_NAME = "dbus-1" -INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." - -python __anonymous() { - if not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d): - d.setVar("INHIBIT_UPDATERCD_BBCLASS", "1") -} - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/lib/dbus \ - --no-create-home --shell /bin/false \ - --user-group messagebus" - -CONFFILES_${PN} = "${sysconfdir}/dbus-1/system.conf ${sysconfdir}/dbus-1/session.conf" - -DEBIANNAME_${PN} = "dbus-1" - -PACKAGES =+ "${PN}-lib" - -OLDPKGNAME = "dbus-x11" -OLDPKGNAME_class-nativesdk = "" - -# for compatibility -RPROVIDES_${PN} = "${OLDPKGNAME}" -RREPLACES_${PN} += "${OLDPKGNAME}" - -FILES_${PN} = "${bindir}/dbus-daemon* \ - ${bindir}/dbus-uuidgen \ - ${bindir}/dbus-cleanup-sockets \ - ${bindir}/dbus-send \ - ${bindir}/dbus-monitor \ - ${bindir}/dbus-launch \ - ${bindir}/dbus-run-session \ - ${bindir}/dbus-update-activation-environment \ - ${libexecdir}/dbus* \ - ${sysconfdir} \ - ${localstatedir} \ - ${datadir}/dbus-1/services \ - ${datadir}/dbus-1/system-services \ - ${datadir}/dbus-1/session.d \ - ${datadir}/dbus-1/session.conf \ - ${datadir}/dbus-1/system.d \ - ${datadir}/dbus-1/system.conf \ - ${datadir}/xml/dbus-1 \ - ${systemd_system_unitdir} \ - ${systemd_user_unitdir} \ - ${nonarch_libdir}/sysusers.d/dbus.conf \ - ${nonarch_libdir}/tmpfiles.d/dbus.conf \ -" -FILES_${PN}-lib = "${libdir}/lib*.so.*" -RRECOMMENDS_${PN}-lib = "${PN}" -FILES_${PN}-dev += "${libdir}/dbus-1.0/include ${libdir}/cmake/DBus1 ${bindir}/dbus-test-tool" - -PACKAGE_WRITE_DEPS += "${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','systemd-systemctl-native','',d)}" -pkg_postinst_dbus() { - # If both systemd and sysvinit are enabled, mask the dbus-1 init script - if ${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','true','false',d)}; then - if [ -n "$D" ]; then - OPTS="--root=$D" - fi - systemctl $OPTS mask dbus-1.service - fi - - if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then - /etc/init.d/populate-volatile.sh update - fi -} - - -EXTRA_OECONF = "--disable-tests \ - --disable-xml-docs \ - --disable-doxygen-docs \ - --disable-libaudit \ - --enable-largefile \ - --with-system-socket=/run/dbus/system_bus_socket \ - " - -EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" -EXTRA_OECONF_append_class-native = " --disable-selinux" - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ - user-session \ - " - -PACKAGECONFIG_class-native = "" -PACKAGECONFIG_class-nativesdk = "" - -PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" -PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" -PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" - -do_install() { - autotools_do_install - - if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/init.d - sed 's:@bindir@:${bindir}:' < ${WORKDIR}/dbus-1.init >${WORKDIR}/dbus-1.init.sh - install -m 0755 ${WORKDIR}/dbus-1.init.sh ${D}${sysconfdir}/init.d/dbus-1 - install -d ${D}${sysconfdir}/default/volatiles - echo "d messagebus messagebus 0755 ${localstatedir}/run/dbus none" \ - > ${D}${sysconfdir}/default/volatiles/99_dbus - fi - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - for i in dbus.target.wants sockets.target.wants multi-user.target.wants; do \ - install -d ${D}${systemd_system_unitdir}/$i; done - install -m 0644 ${B}/bus/dbus.service ${B}/bus/dbus.socket ${D}${systemd_system_unitdir}/ - ln -fs ../dbus.socket ${D}${systemd_system_unitdir}/dbus.target.wants/dbus.socket - ln -fs ../dbus.socket ${D}${systemd_system_unitdir}/sockets.target.wants/dbus.socket - ln -fs ../dbus.service ${D}${systemd_system_unitdir}/multi-user.target.wants/dbus.service - fi - - - mkdir -p ${D}${localstatedir}/lib/dbus - - chown messagebus:messagebus ${D}${localstatedir}/lib/dbus - - chown root:messagebus ${D}${libexecdir}/dbus-daemon-launch-helper - chmod 4755 ${D}${libexecdir}/dbus-daemon-launch-helper - - # Remove Red Hat initscript - rm -rf ${D}${sysconfdir}/rc.d - - # Remove empty testexec directory as we don't build tests - rm -rf ${D}${libdir}/dbus-1.0/test - - # Remove /var/run as it is created on startup - rm -rf ${D}${localstatedir}/run -} - -do_install_class-native() { - autotools_do_install - - # dbus-launch has no X support so lets not install it in case the host - # has a more featured and useful version - rm -f ${D}${bindir}/dbus-launch -} - -do_install_class-nativesdk() { - autotools_do_install - - # dbus-launch has no X support so lets not install it in case the host - # has a more featured and useful version - rm -f ${D}${bindir}/dbus-launch - - # Remove /var/run to avoid QA error - rm -rf ${D}${localstatedir}/run -} -BBCLASSEXTEND = "native nativesdk" - -INSANE_SKIP_${PN}-ptest += "build-deps" diff --git a/meta/recipes-core/dbus/dbus_1.12.18.bb b/meta/recipes-core/dbus/dbus_1.12.18.bb new file mode 100644 index 0000000000..2fcb3079ad --- /dev/null +++ b/meta/recipes-core/dbus/dbus_1.12.18.bb @@ -0,0 +1,176 @@ +SUMMARY = "D-Bus message bus" +DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed." +HOMEPAGE = "https://dbus.freedesktop.org" +SECTION = "base" +LICENSE = "AFL-2.1 | GPLv2+" +LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ + file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" +DEPENDS = "expat virtual/libintl autoconf-archive" +RDEPENDS_dbus_class-native = "" +RDEPENDS_dbus_class-nativesdk = "" +PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '', d)}" +ALLOW_EMPTY_dbus-ptest = "1" +RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest" + +SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ + file://tmpdir.patch \ + file://dbus-1.init \ + file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ +" + +SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242" +SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306" + +inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even + +INITSCRIPT_NAME = "dbus-1" +INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." + +python __anonymous() { + if not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d): + d.setVar("INHIBIT_UPDATERCD_BBCLASS", "1") +} + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "--system --home ${localstatedir}/lib/dbus \ + --no-create-home --shell /bin/false \ + --user-group messagebus" + +CONFFILES_${PN} = "${sysconfdir}/dbus-1/system.conf ${sysconfdir}/dbus-1/session.conf" + +DEBIANNAME_${PN} = "dbus-1" + +PACKAGES =+ "${PN}-lib" + +OLDPKGNAME = "dbus-x11" +OLDPKGNAME_class-nativesdk = "" + +# for compatibility +RPROVIDES_${PN} = "${OLDPKGNAME}" +RREPLACES_${PN} += "${OLDPKGNAME}" + +FILES_${PN} = "${bindir}/dbus-daemon* \ + ${bindir}/dbus-uuidgen \ + ${bindir}/dbus-cleanup-sockets \ + ${bindir}/dbus-send \ + ${bindir}/dbus-monitor \ + ${bindir}/dbus-launch \ + ${bindir}/dbus-run-session \ + ${bindir}/dbus-update-activation-environment \ + ${libexecdir}/dbus* \ + ${sysconfdir} \ + ${localstatedir} \ + ${datadir}/dbus-1/services \ + ${datadir}/dbus-1/system-services \ + ${datadir}/dbus-1/session.d \ + ${datadir}/dbus-1/session.conf \ + ${datadir}/dbus-1/system.d \ + ${datadir}/dbus-1/system.conf \ + ${datadir}/xml/dbus-1 \ + ${systemd_system_unitdir} \ + ${systemd_user_unitdir} \ + ${nonarch_libdir}/sysusers.d/dbus.conf \ + ${nonarch_libdir}/tmpfiles.d/dbus.conf \ +" +FILES_${PN}-lib = "${libdir}/lib*.so.*" +RRECOMMENDS_${PN}-lib = "${PN}" +FILES_${PN}-dev += "${libdir}/dbus-1.0/include ${libdir}/cmake/DBus1 ${bindir}/dbus-test-tool" + +PACKAGE_WRITE_DEPS += "${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','systemd-systemctl-native','',d)}" +pkg_postinst_dbus() { + # If both systemd and sysvinit are enabled, mask the dbus-1 init script + if ${@bb.utils.contains('DISTRO_FEATURES','systemd sysvinit','true','false',d)}; then + if [ -n "$D" ]; then + OPTS="--root=$D" + fi + systemctl $OPTS mask dbus-1.service + fi + + if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then + /etc/init.d/populate-volatile.sh update + fi +} + + +EXTRA_OECONF = "--disable-tests \ + --disable-xml-docs \ + --disable-doxygen-docs \ + --disable-libaudit \ + --enable-largefile \ + --with-system-socket=/run/dbus/system_bus_socket \ + " + +EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" +EXTRA_OECONF_append_class-native = " --disable-selinux" + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \ + user-session \ + " + +PACKAGECONFIG_class-native = "" +PACKAGECONFIG_class-nativesdk = "" + +PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" +PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" +PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" + +do_install() { + autotools_do_install + + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/init.d + sed 's:@bindir@:${bindir}:' < ${WORKDIR}/dbus-1.init >${WORKDIR}/dbus-1.init.sh + install -m 0755 ${WORKDIR}/dbus-1.init.sh ${D}${sysconfdir}/init.d/dbus-1 + install -d ${D}${sysconfdir}/default/volatiles + echo "d messagebus messagebus 0755 ${localstatedir}/run/dbus none" \ + > ${D}${sysconfdir}/default/volatiles/99_dbus + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + for i in dbus.target.wants sockets.target.wants multi-user.target.wants; do \ + install -d ${D}${systemd_system_unitdir}/$i; done + install -m 0644 ${B}/bus/dbus.service ${B}/bus/dbus.socket ${D}${systemd_system_unitdir}/ + ln -fs ../dbus.socket ${D}${systemd_system_unitdir}/dbus.target.wants/dbus.socket + ln -fs ../dbus.socket ${D}${systemd_system_unitdir}/sockets.target.wants/dbus.socket + ln -fs ../dbus.service ${D}${systemd_system_unitdir}/multi-user.target.wants/dbus.service + fi + + + mkdir -p ${D}${localstatedir}/lib/dbus + + chown messagebus:messagebus ${D}${localstatedir}/lib/dbus + + chown root:messagebus ${D}${libexecdir}/dbus-daemon-launch-helper + chmod 4755 ${D}${libexecdir}/dbus-daemon-launch-helper + + # Remove Red Hat initscript + rm -rf ${D}${sysconfdir}/rc.d + + # Remove empty testexec directory as we don't build tests + rm -rf ${D}${libdir}/dbus-1.0/test + + # Remove /var/run as it is created on startup + rm -rf ${D}${localstatedir}/run +} + +do_install_class-native() { + autotools_do_install + + # dbus-launch has no X support so lets not install it in case the host + # has a more featured and useful version + rm -f ${D}${bindir}/dbus-launch +} + +do_install_class-nativesdk() { + autotools_do_install + + # dbus-launch has no X support so lets not install it in case the host + # has a more featured and useful version + rm -f ${D}${bindir}/dbus-launch + + # Remove /var/run to avoid QA error + rm -rf ${D}${localstatedir}/run +} +BBCLASSEXTEND = "native nativesdk" + +INSANE_SKIP_${PN}-ptest += "build-deps" -- cgit 1.2.3-korg