From bb4913459e4185b3909064ccee65c1392832ebaa Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Wed, 14 Nov 2012 15:29:25 -0600 Subject: [PATCH] 1:1.6.8-3 - %build: verbose build, use %_smp_mflags - %files: tighten up, use less globs - tighten deps via %_isa - drop old/unused patches --- ...n-t-access-environment-variables-or-.patch | 234 ------------------ ...pping-capabilities-only-include-AUDI.patch | 37 --- dbus-1.0.1-generate-xml-docs.patch | 11 - dbus.spec | 28 ++- 4 files changed, 17 insertions(+), 293 deletions(-) delete mode 100644 0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch delete mode 100644 0001-selinux-when-dropping-capabilities-only-include-AUDI.patch delete mode 100644 dbus-1.0.1-generate-xml-docs.patch diff --git a/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch b/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch deleted file mode 100644 index b449a70..0000000 --- a/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch +++ /dev/null @@ -1,234 +0,0 @@ -From 450d975046bbd54271da62ce5fcbe50113f2e453 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Wed, 22 Aug 2012 10:03:34 -0400 -Subject: [PATCH] CVE-2012-3524: Don't access environment variables or run - dbus-launch when setuid - -This matches a corresponding change in GLib. See -glib/gutils.c:g_check_setuid(). - -Some programs attempt to use libdbus when setuid; notably the X.org -server is shipped in such a configuration. libdbus never had an -explicit policy about its use in setuid programs. - -I'm not sure whether we should advertise such support. However, given -that there are real-world programs that do this currently, we can make -them safer with not too much effort. - -Better to fix a problem caused by an interaction between two -components in *both* places if possible. - -How to determine whether or not we're running in a privilege-escalated -path is operating system specific. Note that GTK+'s code to check -euid versus uid worked historically on Unix, more modern systems have -filesystem capabilities and SELinux domain transitions, neither of -which are captured by the uid comparison. - -On Linux/glibc, the way this works is that the kernel sets an -AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on -startup. If found, then glibc sets a public-but-undocumented -__libc_enable_secure variable which we can use. Unfortunately, while -it *previously* worked to check this variable, a combination of newer -binutils and RPM break it: -http://www.openwall.com/lists/owl-dev/2012/08/14/1 - -So for now on Linux/glibc, we fall back to the historical Unix version -until we get glibc fixed. - -On some BSD variants, there is a issetugid() function. On other Unix -variants, we fall back to what GTK+ has been doing. - -Reported-by: Sebastian Krahmer -Signed-off-by: Colin Walters ---- - configure.ac | 2 +- - dbus/dbus-keyring.c | 7 +++++ - dbus/dbus-sysdeps-unix.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ - dbus/dbus-sysdeps-win.c | 6 ++++ - dbus/dbus-sysdeps.c | 5 ++++ - dbus/dbus-sysdeps.h | 1 + - 6 files changed, 94 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index e2c9bdf..b0f2ec2 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -595,7 +595,7 @@ AC_DEFINE_UNQUOTED([DBUS_USE_SYNC], [$have_sync], [Use the gcc __sync extension] - AC_SEARCH_LIBS(socket,[socket network]) - AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) - --AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull) -+AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid) - - AC_CHECK_HEADERS([syslog.h]) - if test "x$ac_cv_header_syslog_h" = "xyes"; then -diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c -index 23b9df5..3b9ce31 100644 ---- a/dbus/dbus-keyring.c -+++ b/dbus/dbus-keyring.c -@@ -717,6 +717,13 @@ _dbus_keyring_new_for_credentials (DBusCredentials *credentials, - DBusCredentials *our_credentials; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); -+ -+ if (_dbus_check_setuid ()) -+ { -+ dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, -+ "Unable to create DBus keyring when setuid"); -+ return NULL; -+ } - - keyring = NULL; - error_set = FALSE; -diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c -index cef8bd3..b4ecc96 100644 ---- a/dbus/dbus-sysdeps-unix.c -+++ b/dbus/dbus-sysdeps-unix.c -@@ -3434,6 +3434,13 @@ _dbus_get_autolaunch_address (const char *scope, - DBusString uuid; - dbus_bool_t retval; - -+ if (_dbus_check_setuid ()) -+ { -+ dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, -+ "Unable to autolaunch when setuid"); -+ return FALSE; -+ } -+ - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - retval = FALSE; - -@@ -3551,6 +3558,13 @@ _dbus_lookup_launchd_socket (DBusString *socket_path, - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - -+ if (_dbus_check_setuid ()) -+ { -+ dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, -+ "Unable to find launchd socket when setuid"); -+ return FALSE; -+ } -+ - i = 0; - argv[i] = "launchctl"; - ++i; -@@ -3591,6 +3605,13 @@ _dbus_lookup_session_address_launchd (DBusString *address, DBusError *error) - dbus_bool_t valid_socket; - DBusString socket_path; - -+ if (_dbus_check_setuid ()) -+ { -+ dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, -+ "Unable to find launchd socket when setuid"); -+ return FALSE; -+ } -+ - if (!_dbus_string_init (&socket_path)) - { - _DBUS_SET_OOM (error); -@@ -4086,4 +4107,57 @@ _dbus_close_all (void) - close (i); - } - -+/** -+ * **NOTE**: If you modify this function, please also consider making -+ * the corresponding change in GLib. See -+ * glib/gutils.c:g_check_setuid(). -+ * -+ * Returns TRUE if the current process was executed as setuid (or an -+ * equivalent __libc_enable_secure is available). See: -+ * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html -+ */ -+dbus_bool_t -+_dbus_check_setuid (void) -+{ -+ /* TODO: get __libc_enable_secure exported from glibc. -+ * See http://www.openwall.com/lists/owl-dev/2012/08/14/1 -+ */ -+#if 0 && defined(HAVE_LIBC_ENABLE_SECURE) -+ { -+ /* See glibc/include/unistd.h */ -+ extern int __libc_enable_secure; -+ return __libc_enable_secure; -+ } -+#elif defined(HAVE_ISSETUGID) -+ /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */ -+ return issetugid (); -+#else -+ uid_t ruid, euid, suid; /* Real, effective and saved user ID's */ -+ gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */ -+ -+ static dbus_bool_t check_setuid_initialised; -+ static dbus_bool_t is_setuid; -+ -+ if (_DBUS_UNLIKELY (!check_setuid_initialised)) -+ { -+#ifdef HAVE_GETRESUID -+ if (getresuid (&ruid, &euid, &suid) != 0 || -+ getresgid (&rgid, &egid, &sgid) != 0) -+#endif /* HAVE_GETRESUID */ -+ { -+ suid = ruid = getuid (); -+ sgid = rgid = getgid (); -+ euid = geteuid (); -+ egid = getegid (); -+ } -+ -+ check_setuid_initialised = TRUE; -+ is_setuid = (ruid != euid || ruid != suid || -+ rgid != egid || rgid != sgid); -+ -+ } -+ return is_setuid; -+#endif -+} -+ - /* tests in dbus-sysdeps-util.c */ -diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c -index 397520a..bc4951b 100644 ---- a/dbus/dbus-sysdeps-win.c -+++ b/dbus/dbus-sysdeps-win.c -@@ -3632,6 +3632,12 @@ _dbus_path_is_absolute (const DBusString *filename) - return FALSE; - } - -+dbus_bool_t -+_dbus_check_setuid (void) -+{ -+ return FALSE; -+} -+ - /** @} end of sysdeps-win */ - /* tests in dbus-sysdeps-util.c */ - -diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c -index 861bfec..04fb8d7 100644 ---- a/dbus/dbus-sysdeps.c -+++ b/dbus/dbus-sysdeps.c -@@ -182,6 +182,11 @@ _dbus_setenv (const char *varname, - const char* - _dbus_getenv (const char *varname) - { -+ /* Don't respect any environment variables if the current process is -+ * setuid. This is the equivalent of glibc's __secure_getenv(). -+ */ -+ if (_dbus_check_setuid ()) -+ return NULL; - return getenv (varname); - } - -diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h -index 4052cda..eee9160 100644 ---- a/dbus/dbus-sysdeps.h -+++ b/dbus/dbus-sysdeps.h -@@ -87,6 +87,7 @@ typedef struct DBusPipe DBusPipe; - - void _dbus_abort (void) _DBUS_GNUC_NORETURN; - -+dbus_bool_t _dbus_check_setuid (void); - const char* _dbus_getenv (const char *varname); - dbus_bool_t _dbus_setenv (const char *varname, - const char *value); --- -1.7.11.4 - diff --git a/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch b/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch deleted file mode 100644 index e072b4b..0000000 --- a/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e1b83fb58eadfd02227673db9a7e2833d29b0c98 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 23 Apr 2012 00:32:43 +0200 -Subject: [PATCH] selinux: when dropping capabilities only include AUDIT caps - if we have them - -When we drop capabilities we shouldn't assume we can keep -CAP_AUDIT_WRITE unconditionally, since it will not be available when -running in containers. - -This patch only adds CAP_AUDIT_WRITE to the list of caps we keep if we -actually have it in the first place. - -This makes audit/selinux enabled D-Bus work in a Linux container. ---- - bus/selinux.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/bus/selinux.c b/bus/selinux.c -index 36287e9..1bfc791 100644 ---- a/bus/selinux.c -+++ b/bus/selinux.c -@@ -1053,8 +1053,9 @@ _dbus_change_to_daemon_user (const char *user, - int rc; - - capng_clear (CAPNG_SELECT_BOTH); -- capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, -- CAP_AUDIT_WRITE); -+ if (capng_have_capability (CAPNG_PERMITTED, CAP_AUDIT_WRITE)) -+ capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, -+ CAP_AUDIT_WRITE); - rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP); - if (rc) - { --- -1.7.10 - diff --git a/dbus-1.0.1-generate-xml-docs.patch b/dbus-1.0.1-generate-xml-docs.patch deleted file mode 100644 index 60598bc..0000000 --- a/dbus-1.0.1-generate-xml-docs.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- dbus-1.0.1/Doxyfile.in.generate-xml-docs 2006-11-25 23:42:59.000000000 -0500 -+++ dbus-1.0.1/Doxyfile.in 2006-11-25 23:43:12.000000000 -0500 -@@ -133,7 +133,7 @@ - #--------------------------------------------------------------------------- - # configuration options related to the XML output - #--------------------------------------------------------------------------- --GENERATE_XML = NO -+GENERATE_XML = YES - #--------------------------------------------------------------------------- - # Configuration options related to the preprocessor - #--------------------------------------------------------------------------- diff --git a/dbus.spec b/dbus.spec index ec88dd9..3edd3de 100644 --- a/dbus.spec +++ b/dbus.spec @@ -9,7 +9,7 @@ Summary: D-BUS message bus Name: dbus Epoch: 1 Version: 1.6.8 -Release: 2%{?dist} +Release: 3%{?dist} URL: http://www.freedesktop.org/software/dbus/ #VCS: git:git://git.freedesktop.org/git/dbus/dbus Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz @@ -33,7 +33,7 @@ Requires(post): systemd-units chkconfig Requires(preun): systemd-units Requires(postun): systemd-units Requires: libselinux >= %{libselinux_version} -Requires: dbus-libs = %{epoch}:%{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires(pre): /usr/sbin/useradd # Conflict with cups prior to configuration file change, so that the @@ -59,7 +59,7 @@ This package contains lowlevel libraries for accessing D-BUS. %package doc Summary: Developer documentation for D-BUS Group: Documentation -Requires: %name = %{epoch}:%{version}-%{release} +Requires: %{name} = %{epoch}:%{version}-%{release} BuildArch: noarch %description doc @@ -69,8 +69,7 @@ other supporting documentation such as the introspect dtd file. %package devel Summary: Development files for D-BUS Group: Development/Libraries -Requires: %name = %{epoch}:%{version}-%{release} -Requires: pkgconfig +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} %description devel This package contains libraries and header files needed for @@ -79,7 +78,7 @@ developing software that uses D-BUS. %package x11 Summary: X11-requiring add-ons for D-BUS Group: Development/Libraries -Requires: %name = %{epoch}:%{version}-%{release} +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} %description x11 D-BUS contains some tools that require Xlib to be installed, those are @@ -102,7 +101,7 @@ COMMON_ARGS="--enable-libaudit --enable-selinux=yes --with-init-scripts=redhat - # leave verbose mode so people can debug their apps but make sure to # turn it off on stable releases with --disable-verbose-mode %configure $COMMON_ARGS --disable-tests --disable-asserts --enable-doxygen-docs --enable-xml-docs --with-systemdsystemunitdir=/lib/systemd/system/ -make +make %{?_smp_mflags} V=1 %install rm -rf %{buildroot} @@ -201,7 +200,7 @@ fi %files libs %defattr(-,root,root,-) -/%{_lib}/*dbus-1*.so.* +/%{_lib}/libdbus-1.so.3* %files x11 %defattr(-,root,root) @@ -218,13 +217,20 @@ fi %files devel %defattr(-,root,root) -/%{_lib}/lib*.so -%dir %{_libdir}/dbus-1.0 +/%{_lib}/libdbus-1.so +%dir %{_libdir}/dbus-1.0/ %{_libdir}/dbus-1.0/include/ %{_libdir}/pkgconfig/dbus-1.pc -%{_includedir}/* +%{_includedir}/dbus-1.0/ %changelog +* Wed Nov 14 2012 Rex Dieter +- 1:1.6.8-3 +- %%build: verbose build, use %%_smp_mflags +- %%files: tighten up, use less globs +- tighten deps via %%_isa +- drop old/unused patches + * Wed Oct 3 2012 Bill Nottingham - 1:1.6.8-2 - Drop systemd-sysv-convert in trigger, and resulting dependency (#852822)