Compare commits

..

No commits in common. "c8" and "imports/c8s/dbus-1.12.8-13.el8" have entirely different histories.

9 changed files with 6 additions and 722 deletions

View File

@ -1,337 +0,0 @@
From 3a1b1e9a4010e581e2e940e61d37c4f617eb5eff Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 5 Jun 2023 17:56:33 +0100
Subject: [PATCH 1/3] monitor test: Log the messages that we monitored
This is helpful while debugging test failures.
Helps: dbus/dbus#457
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 8ee5d3e04420975107c27073b50f8758871a998b)
---
test/monitor.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/test/monitor.c b/test/monitor.c
index df5a7180..182110f8 100644
--- a/test/monitor.c
+++ b/test/monitor.c
@@ -196,6 +196,10 @@ _log_message (DBusMessage *m,
not_null (dbus_message_get_signature (m)));
g_test_message ("\terror name: %s",
not_null (dbus_message_get_error_name (m)));
+ g_test_message ("\tserial number: %u",
+ dbus_message_get_serial (m));
+ g_test_message ("\tin reply to: %u",
+ dbus_message_get_reply_serial (m));
if (strcmp ("s", dbus_message_get_signature (m)) == 0)
{
@@ -339,6 +343,9 @@ monitor_filter (DBusConnection *connection,
{
Fixture *f = user_data;
+ g_test_message ("Monitor received message:");
+ log_message (message);
+
g_assert_cmpstr (dbus_message_get_interface (message), !=,
"com.example.Tedious");
--
2.41.0
From 37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c Mon Sep 17 00:00:00 2001
From: hongjinghao <q1204531485@163.com>
Date: Mon, 5 Jun 2023 18:17:06 +0100
Subject: [PATCH 2/3] bus: Assign a serial number for messages from the driver
Normally, it's enough to rely on a message being given a serial number
by the DBusConnection just before it is actually sent. However, in the
rare case where the policy blocks the driver from sending a message
(due to a deny rule or the outgoing message quota being full), we need
to get a valid serial number sooner, so that we can copy it into the
DBUS_HEADER_FIELD_REPLY_SERIAL field (which is mandatory) in the error
message sent to monitors. Otherwise, the dbus-daemon will crash with
an assertion failure if at least one Monitoring client is attached,
because zero is not a valid serial number to copy.
This fixes a denial-of-service vulnerability: if a privileged user is
monitoring the well-known system bus using a Monitoring client like
dbus-monitor or `busctl monitor`, then an unprivileged user can cause
denial-of-service by triggering this crash. A mitigation for this
vulnerability is to avoid attaching Monitoring clients to the system
bus when they are not needed. If there are no Monitoring clients, then
the vulnerable code is not reached.
Co-authored-by: Simon McVittie <smcv@collabora.com>
Resolves: dbus/dbus#457
(cherry picked from commit b159849e031000d1dbc1ab876b5fc78a3ce9b534)
---
bus/connection.c | 15 +++++++++++++++
dbus/dbus-connection-internal.h | 2 ++
dbus/dbus-connection.c | 11 ++++++++++-
3 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/bus/connection.c b/bus/connection.c
index b3583433..215f0230 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -2350,6 +2350,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS))
return FALSE;
+ /* Make sure the message has a non-zero serial number, otherwise
+ * bus_transaction_capture_error_reply() will not be able to mock up
+ * a corresponding reply for it. Normally this would be delayed until
+ * the first time we actually send the message out from a
+ * connection, when the transaction is committed, but that's too late
+ * in this case.
+ */
+ if (dbus_message_get_serial (message) == 0)
+ {
+ dbus_uint32_t next_serial;
+
+ next_serial = _dbus_connection_get_next_client_serial (connection);
+ dbus_message_set_serial (message, next_serial);
+ }
+
if (bus_connection_is_active (connection))
{
if (!dbus_message_set_destination (message,
diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h
index 48357321..ba79b192 100644
--- a/dbus/dbus-connection-internal.h
+++ b/dbus/dbus-connection-internal.h
@@ -54,6 +54,8 @@ DBUS_PRIVATE_EXPORT
DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection);
DBUS_PRIVATE_EXPORT
void _dbus_connection_unref_unlocked (DBusConnection *connection);
+DBUS_PRIVATE_EXPORT
+dbus_uint32_t _dbus_connection_get_next_client_serial (DBusConnection *connection);
void _dbus_connection_queue_received_message_link (DBusConnection *connection,
DBusList *link);
dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection);
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
index c525b6dc..09cef278 100644
--- a/dbus/dbus-connection.c
+++ b/dbus/dbus-connection.c
@@ -1456,7 +1456,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection)
_dbus_connection_last_unref (connection);
}
-static dbus_uint32_t
+/**
+ * Allocate and return the next non-zero serial number for outgoing messages.
+ *
+ * This method is only valid to call from single-threaded code, such as
+ * the dbus-daemon, or with the connection lock held.
+ *
+ * @param connection the connection
+ * @returns A suitable serial number for the next message to be sent on the connection.
+ */
+dbus_uint32_t
_dbus_connection_get_next_client_serial (DBusConnection *connection)
{
dbus_uint32_t serial;
--
2.41.0
From 2c699f6ba9c162878c69d0728298c1ab7308db72 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 5 Jun 2023 18:51:22 +0100
Subject: [PATCH 3/3] monitor test: Reproduce dbus/dbus#457
The exact failure mode reported in dbus/dbus#457 is quite difficult
to achieve in a reliable way in a unit test, because we'd have to send
enough messages to a client to fill up its queue, then stop that client
from draining its queue, while still triggering a message that gets a
reply from the bus driver. However, we can trigger the same crash in a
slightly different way by not allowing the client to receive a
particular message. I chose NameAcquired.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 986611ad0f7f67a3693e5672cd66bc608c00b228)
---
.../valid-config-files/forbidding.conf.in | 3 +
test/monitor.c | 77 ++++++++++++++++---
2 files changed, 71 insertions(+), 9 deletions(-)
diff --git a/test/data/valid-config-files/forbidding.conf.in b/test/data/valid-config-files/forbidding.conf.in
index d145613c..58b3cc6a 100644
--- a/test/data/valid-config-files/forbidding.conf.in
+++ b/test/data/valid-config-files/forbidding.conf.in
@@ -24,5 +24,8 @@
<allow send_interface="com.example.CannotUnicast2" send_broadcast="true"/>
<deny receive_interface="com.example.CannotReceive"/>
+
+ <!-- Used to reproduce dbus#457 -->
+ <deny receive_interface="org.freedesktop.DBus" receive_member="NameAcquired"/>
</policy>
</busconfig>
diff --git a/test/monitor.c b/test/monitor.c
index 182110f8..42e0734d 100644
--- a/test/monitor.c
+++ b/test/monitor.c
@@ -155,6 +155,21 @@ static Config side_effects_config = {
TRUE
};
+static dbus_bool_t
+config_forbids_name_acquired_signal (const Config *config)
+{
+ if (config == NULL)
+ return FALSE;
+
+ if (config->config_file == NULL)
+ return FALSE;
+
+ if (strcmp (config->config_file, forbidding_config.config_file) == 0)
+ return TRUE;
+
+ return FALSE;
+}
+
static inline const char *
not_null2 (const char *x,
const char *fallback)
@@ -253,9 +268,6 @@ do { \
#define assert_name_acquired(m) \
do { \
- DBusError _e = DBUS_ERROR_INIT; \
- const char *_s; \
- \
g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \
==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_SIGNAL)); \
g_assert_cmpstr (dbus_message_get_sender (m), ==, DBUS_SERVICE_DBUS); \
@@ -265,7 +277,14 @@ do { \
g_assert_cmpstr (dbus_message_get_signature (m), ==, "s"); \
g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \
g_assert_cmpint (dbus_message_get_reply_serial (m), ==, 0); \
+} while (0)
+
+#define assert_unique_name_acquired(m) \
+do { \
+ DBusError _e = DBUS_ERROR_INIT; \
+ const char *_s; \
\
+ assert_name_acquired (m); \
dbus_message_get_args (m, &_e, \
DBUS_TYPE_STRING, &_s, \
DBUS_TYPE_INVALID); \
@@ -333,6 +352,21 @@ do { \
g_assert_cmpint (dbus_message_get_reply_serial (m), !=, 0); \
} while (0)
+/* forbidding.conf does not allow receiving NameAcquired, so if we are in
+ * that configuration, then dbus-daemon synthesizes an error reply to itself
+ * and sends that to monitors */
+#define expect_name_acquired_error(queue, in_reply_to) \
+do { \
+ DBusMessage *message; \
+ \
+ message = g_queue_pop_head (queue); \
+ assert_error_reply (message, DBUS_SERVICE_DBUS, DBUS_SERVICE_DBUS, \
+ DBUS_ERROR_ACCESS_DENIED); \
+ g_assert_cmpint (dbus_message_get_reply_serial (message), ==, \
+ dbus_message_get_serial (in_reply_to)); \
+ dbus_message_unref (message); \
+} while (0)
+
/* This is called after processing pending replies to our own method
* calls, but before anything else.
*/
@@ -797,6 +831,11 @@ test_become_monitor (Fixture *f,
test_assert_no_error (&f->e);
g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER);
+ /* If the policy forbids receiving NameAcquired, then we'll never
+ * receive it, so behave as though we had */
+ if (config_forbids_name_acquired_signal (f->config))
+ got_unique = got_a = got_b = got_c = TRUE;
+
while (!got_unique || !got_a || !got_b || !got_c)
{
if (g_queue_is_empty (&f->monitored))
@@ -1448,6 +1487,7 @@ test_dbus_daemon (Fixture *f,
{
DBusMessage *m;
int res;
+ size_t n_expected;
if (f->address == NULL)
return;
@@ -1463,7 +1503,12 @@ test_dbus_daemon (Fixture *f,
test_assert_no_error (&f->e);
g_assert_cmpint (res, ==, DBUS_RELEASE_NAME_REPLY_RELEASED);
- while (g_queue_get_length (&f->monitored) < 8)
+ n_expected = 8;
+
+ if (config_forbids_name_acquired_signal (context))
+ n_expected += 1;
+
+ while (g_queue_get_length (&f->monitored) < n_expected)
test_main_context_iterate (f->ctx, TRUE);
m = g_queue_pop_head (&f->monitored);
@@ -1476,10 +1521,12 @@ test_dbus_daemon (Fixture *f,
"NameOwnerChanged", "sss", NULL);
dbus_message_unref (m);
- /* FIXME: should we get this? */
m = g_queue_pop_head (&f->monitored);
- assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS,
- "NameAcquired", "s", f->sender_name);
+ assert_name_acquired (m);
+
+ if (config_forbids_name_acquired_signal (f->config))
+ expect_name_acquired_error (&f->monitored, m);
+
dbus_message_unref (m);
m = g_queue_pop_head (&f->monitored);
@@ -1701,8 +1748,14 @@ static void
expect_new_connection (Fixture *f)
{
DBusMessage *m;
+ size_t n_expected;
- while (g_queue_get_length (&f->monitored) < 4)
+ n_expected = 4;
+
+ if (config_forbids_name_acquired_signal (f->config))
+ n_expected += 1;
+
+ while (g_queue_get_length (&f->monitored) < n_expected)
test_main_context_iterate (f->ctx, TRUE);
m = g_queue_pop_head (&f->monitored);
@@ -1719,7 +1772,11 @@ expect_new_connection (Fixture *f)
dbus_message_unref (m);
m = g_queue_pop_head (&f->monitored);
- assert_name_acquired (m);
+ assert_unique_name_acquired (m);
+
+ if (config_forbids_name_acquired_signal (f->config))
+ expect_name_acquired_error (&f->monitored, m);
+
dbus_message_unref (m);
}
@@ -2044,6 +2101,8 @@ main (int argc,
setup, test_method_call, teardown);
g_test_add ("/monitor/forbidden-method", Fixture, &forbidding_config,
setup, test_forbidden_method_call, teardown);
+ g_test_add ("/monitor/forbidden-reply", Fixture, &forbidding_config,
+ setup, test_dbus_daemon, teardown);
g_test_add ("/monitor/dbus-daemon", Fixture, NULL,
setup, test_dbus_daemon, teardown);
g_test_add ("/monitor/selective", Fixture, &selective_config,
--
2.41.0

View File

@ -1,116 +0,0 @@
From 8f382ee405ec68850866298ba0574f12e261a6fa Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Tue, 13 Sep 2022 15:10:22 +0100
Subject: [PATCH] dbus-marshal-validate: Check brackets in signature nest
correctly
In debug builds with assertions enabled, a signature with incorrectly
nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result
in an assertion failure.
In production builds without assertions enabled, a signature with
incorrectly nested `()` and `{}` could potentially result in a crash
or incorrect message parsing, although we do not have a concrete example
of either of these failure modes.
Thanks: Evgeny Vereshchagin
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
Resolves: CVE-2022-42010
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 9d07424e9011e3bbe535e83043d335f3093d2916)
(cherry picked from commit 3e53a785dee8d1432156188a2c4260e4cbc78c4d)
---
dbus/dbus-marshal-validate.c | 38 +++++++++++++++++++++++++++++++++++-
1 file changed, 37 insertions(+), 1 deletion(-)
diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
index 4d492f3f3..ae68414dd 100644
--- a/dbus/dbus-marshal-validate.c
+++ b/dbus/dbus-marshal-validate.c
@@ -62,6 +62,8 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
int element_count;
DBusList *element_count_stack;
+ char opened_brackets[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2 + 1] = { '\0' };
+ char last_bracket;
result = DBUS_VALID;
element_count_stack = NULL;
@@ -93,6 +95,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
while (p != end)
{
+ _dbus_assert (struct_depth + dict_entry_depth >= 0);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth] == '\0');
+
switch (*p)
{
case DBUS_TYPE_BYTE:
@@ -136,6 +142,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
goto out;
}
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_STRUCT_BEGIN_CHAR;
break;
case DBUS_STRUCT_END_CHAR:
@@ -151,9 +161,20 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
goto out;
}
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
+
+ if (last_bracket != DBUS_STRUCT_BEGIN_CHAR)
+ {
+ result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
+ goto out;
+ }
+
_dbus_list_pop_last (&element_count_stack);
struct_depth -= 1;
+ opened_brackets[struct_depth + dict_entry_depth] = '\0';
break;
case DBUS_DICT_ENTRY_BEGIN_CHAR:
@@ -178,6 +199,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
goto out;
}
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_DICT_ENTRY_BEGIN_CHAR;
break;
case DBUS_DICT_ENTRY_END_CHAR:
@@ -186,8 +211,19 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
goto out;
}
-
+
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
+
+ if (last_bracket != DBUS_DICT_ENTRY_BEGIN_CHAR)
+ {
+ result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
+ goto out;
+ }
+
dict_entry_depth -= 1;
+ opened_brackets[struct_depth + dict_entry_depth] = '\0';
element_count =
_DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
--
GitLab

View File

@ -1,57 +0,0 @@
From 3b8a7aff228770f4f7b478db606b10cceacea875 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 12 Sep 2022 13:14:18 +0100
Subject: [PATCH] dbus-marshal-validate: Validate length of arrays of
fixed-length items
This fast-path previously did not check that the array was made up
of an integer number of items. This could lead to assertion failures
and out-of-bounds accesses during subsequent message processing (which
assumes that the message has already been validated), particularly after
the addition of _dbus_header_remove_unknown_fields(), which makes it
more likely that dbus-daemon will apply non-trivial edits to messages.
Thanks: Evgeny Vereshchagin
Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays"
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
Resolves: CVE-2022-42011
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 079bbf16186e87fb0157adf8951f19864bc2ed69)
(cherry picked from commit b9e6a7523085a2cfceaffca7ba1ab4251f12a984)
---
dbus/dbus-marshal-validate.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
index ae68414dd..7d0d6cf72 100644
--- a/dbus/dbus-marshal-validate.c
+++ b/dbus/dbus-marshal-validate.c
@@ -503,13 +503,24 @@ validate_body_helper (DBusTypeReader *reader,
*/
if (dbus_type_is_fixed (array_elem_type))
{
+ /* Note that fixed-size types all have sizes equal to
+ * their alignments, so this is really the item size. */
+ alignment = _dbus_type_get_alignment (array_elem_type);
+ _dbus_assert (alignment == 1 || alignment == 2 ||
+ alignment == 4 || alignment == 8);
+
+ /* Because the alignment is a power of 2, this is
+ * equivalent to: (claimed_len % alignment) != 0,
+ * but avoids slower integer division */
+ if ((claimed_len & (alignment - 1)) != 0)
+ return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
+
/* bools need to be handled differently, because they can
* have an invalid value
*/
if (array_elem_type == DBUS_TYPE_BOOLEAN)
{
dbus_uint32_t v;
- alignment = _dbus_type_get_alignment (array_elem_type);
while (p < array_end)
{
--
GitLab

View File

@ -1,73 +0,0 @@
From 51a5bbf9074855b0f4a353ed309938b196c13525 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 30 Sep 2022 13:46:31 +0100
Subject: [PATCH] dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed
When a D-Bus message includes attached file descriptors, the body of the
message contains unsigned 32-bit indexes pointing into an out-of-band
array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to
these indexes as "handles" for the associated fds (not to be confused
with a Windows HANDLE, which is a kernel object).
The assertion message removed by this commit is arguably correct up to
a point: fd-passing is only reasonable on a local machine, and no known
operating system allows processes of differing endianness even on a
multi-endian ARM or PowerPC CPU, so it makes little sense for the sender
to specify a byte-order that differs from the byte-order of the recipient.
However, this doesn't account for the fact that a malicious sender
doesn't have to restrict itself to only doing things that make sense.
On a system with untrusted local users, a message sender could crash
the system dbus-daemon (a denial of service) by sending a message in
the opposite endianness that contains handles to file descriptors.
Before this commit, if assertions are enabled, attempting to byteswap
a fd index would cleanly crash the message recipient with an assertion
failure. If assertions are disabled, attempting to byteswap a fd index
would silently do nothing without advancing the pointer p, causing the
message's type and the pointer into its contents to go out of sync, which
can result in a subsequent crash (the crash demonstrated by fuzzing was
a use-after-free, but other failure modes might be possible).
In principle we could resolve this by rejecting wrong-endianness messages
from a local sender, but it's actually simpler and less code to treat
wrong-endianness messages as valid and byteswap them.
Thanks: Evgeny Vereshchagin
Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds"
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
Resolves: CVE-2022-42012
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 236f16e444e88a984cf12b09225e0f8efa6c5b44)
(cherry picked from commit 3fb065b0752db1e298e4ada52cf4adc414f5e946)
---
dbus/dbus-marshal-byteswap.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/dbus/dbus-marshal-byteswap.c b/dbus/dbus-marshal-byteswap.c
index 27695aafb..7104e9c63 100644
--- a/dbus/dbus-marshal-byteswap.c
+++ b/dbus/dbus-marshal-byteswap.c
@@ -61,6 +61,7 @@ byteswap_body_helper (DBusTypeReader *reader,
case DBUS_TYPE_BOOLEAN:
case DBUS_TYPE_INT32:
case DBUS_TYPE_UINT32:
+ case DBUS_TYPE_UNIX_FD:
{
p = _DBUS_ALIGN_ADDRESS (p, 4);
*((dbus_uint32_t*)p) = DBUS_UINT32_SWAP_LE_BE (*((dbus_uint32_t*)p));
@@ -188,11 +189,6 @@ byteswap_body_helper (DBusTypeReader *reader,
}
break;
- case DBUS_TYPE_UNIX_FD:
- /* fds can only be passed on a local machine, so byte order must always match */
- _dbus_assert_not_reached("attempted to byteswap unix fds which makes no sense");
- break;
-
default:
_dbus_assert_not_reached ("invalid typecode in supposedly-validated signature");
break;
--
GitLab

View File

@ -1,30 +0,0 @@
#!/bin/bash
# This script ensures the dbus-daemon is killed when the session closes.
# It's used by SSH sessions that have X forwarding (since the X display
# may outlive the session in those cases)
[ $# != 1 ] && exit 1
exec >& /dev/null
MONITOR_READY_FILE=$(mktemp dbus-session-monitor.XXXXXX --tmpdir)
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
trap 'rm -f "${MONITOR_READY_FILE}"; rm -f "${DBUS_SESSION_ADDRESS_FILE}"; kill -TERM $1; kill -HUP $(jobs -p)' EXIT
export GVFS_DISABLE_FUSE=1
coproc SESSION_MONITOR (gio monitor -f "/run/systemd/sessions/${XDG_SESSION_ID}" "${MONITOR_READY_FILE}")
# Poll until the gio monitor command is actively monitoring
until
touch "${MONITOR_READY_FILE}"
read -t 0.5 -u ${SESSION_MONITOR[0]}
do
continue
done
# Block until the session is closed
while grep -q ^State=active <(loginctl show-session $XDG_SESSION_ID)
do
read -u ${SESSION_MONITOR[0]}
done

View File

@ -1,2 +0,0 @@
#Type Name ID GECOS Home directory Shell
u dbus 81 "System Message Bus" - -

View File

@ -1,24 +1,6 @@
# DBus session bus over SSH with X11 forwarding
if ( $?SSH_CONNECTION == 0 ) exit
if ( $?XDG_SESSION_ID == 0) exit
if ( $?DISPLAY == 0 ) exit
if ( $SHLVL > 1 ) exit
set DBUS_SESSIONS = "${XDG_RUNTIME_DIR}/dbus-1/sessions"
set DBUS_SESSION_ADDRESS_FILE = "${DBUS_SESSIONS}/${XDG_SESSION_ID}"
if ( -e "${DBUS_SESSION_ADDRESS_FILE}" ) then
setenv DBUS_SESSION_BUS_ADDRESS "`cat ${DBUS_SESSION_ADDRESS_FILE}`"
exit
endif
setenv GDK_BACKEND x11
eval `dbus-launch --csh-syntax`
if ( $?DBUS_SESSION_BUS_PID == 0 ) exit
mkdir -p "${DBUS_SESSIONS}"
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session $DBUS_SESSION_BUS_PID
eval `dbus-launch --auto-syntax --exit-with-x11`

View File

@ -1,25 +1,7 @@
# DBus session bus over SSH with X11 forwarding
[ -z "$SSH_CONNECTION" ] && return
[ -z "$XDG_SESSION_ID" ] && return
[ -z "$DISPLAY" ] && return
[ "${DISPLAY:0:1}" = ":" ] && return
[ "$SHLVL" -ne 1 ] && return
[ "$SHLVL" -gt 1 ] && return
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
if [ -e "${DBUS_SESSION_ADDRESS_FILE}" ]; then
export DBUS_SESSION_BUS_ADDRESS="$(cat ${DBUS_SESSION_ADDRESS_FILE})"
return
fi
export GDK_BACKEND=x11
eval `dbus-launch --sh-syntax`
[ -z "$DBUS_SESSION_BUS_PID" ] && return
mkdir -p "${DBUS_SESSIONS}"
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session "$DBUS_SESSION_BUS_PID"
GDK_BACKEND=x11; export GDK_BACKEND
eval $(dbus-launch --sh-syntax --exit-with-session)

View File

@ -19,7 +19,7 @@
Name: dbus
Epoch: 1
Version: 1.12.8
Release: 26%{?dist}
Release: 13%{?dist}
Summary: D-BUS message bus
Group: System Environment/Libraries
@ -32,8 +32,6 @@ Source0: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz
Source1: 00-start-message-bus.sh
Source2: ssh-x-forwarding.csh
Source3: ssh-x-forwarding.sh
Source4: dbus-kill-process-with-session
Source5: dbus-systemd-sysusers.conf
Patch0: 0001-tools-Use-Python3-for-GetAllMatchRules.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1725570
Patch1: dbus-1.12.8-fix-CVE-2019-12749.patch
@ -41,14 +39,6 @@ Patch1: dbus-1.12.8-fix-CVE-2019-12749.patch
Patch2: dbus-1.12.8-fix-CVE-2020-12049.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1839753
Patch3: dbus-1.12.8-fix-fd-limit-change.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133645
Patch4: dbus-1.20.8-CVE-2022-42010.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133639
Patch5: dbus-1.20.8-CVE-2022-42011.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133633
Patch6: dbus-1.20.8-CVE-2022-42012.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213400
Patch7: dbus-1.12.8-fix-CVE-2023-34969.patch
BuildRequires: autoconf-archive
BuildRequires: libtool
@ -97,7 +87,6 @@ per-user-login-session messaging facility.
Summary: D-BUS message bus configuration
Group: System Environment/Libraries
BuildArch: noarch
Requires: /usr/bin/systemctl
%description common
The %{name}-common package provides the configuration and setup files for D-Bus
@ -159,8 +148,6 @@ Summary: X11-requiring add-ons for D-BUS
Group: Development/Libraries
# The server package can be a different architecture.
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
# Used by SSH daemon helper script.
Requires: /usr/bin/gio
%description x11
D-BUS contains some tools that require Xlib to be installed, those are
@ -217,13 +204,9 @@ find %{buildroot} -name '*.la' -type f -delete
rm -rf %{buildroot}%{_libdir}/cmake
%endif
rm -f %{buildroot}%{_sysusersdir}/dbus.conf
install -Dp -m755 %{SOURCE1} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
install -Dp -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/ssh-x-forwarding.csh
install -p -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/profile.d/
install -Dp -m755 %{SOURCE4} %{buildroot}%{_libexecdir}/dbus-1/dbus-kill-process-with-session
install -Dp -m644 %{SOURCE5} %{buildroot}%{_sysusersdir}/dbus.conf
# Obsolete, but still widely used, for drop-in configuration snippets.
install --directory %{buildroot}%{_sysconfdir}/dbus-1/session.d
@ -406,7 +389,6 @@ popd
%files x11
%{_bindir}/dbus-launch
%{_libexecdir}/dbus-1/dbus-kill-process-with-session
%{_mandir}/man1/dbus-launch.1*
%{_sysconfdir}/profile.d/ssh-x-forwarding.*
%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
@ -422,55 +404,8 @@ popd
%{_libdir}/pkgconfig/dbus-1.pc
%{_includedir}/*
%changelog
* Mon Jun 19 2023 David King <amigadave@amigadave.com> - 1.12.8-26
- Fix CVE-2023-34969 (#2213400)
* Mon Apr 24 2023 Ray Strode <rstrode@redhat.com> - 1.12.8-25
- Ensure only one dbus-daemon is spawned for all shells sharing
a single connection.
Resolves: #2189201
* Wed Oct 19 2022 David King <dking@redhat.com> - 1:1.12.8-24
- Fix CVE-2022-42010 (#2133645)
- Fix CVE-2022-42011 (#2133639)
- Fix CVE-2022-42011 (#2133633)
* Tue Sep 06 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-23
- Address race for very short running sessions in SSH
session monitoring script.
Related: #2089362
* Tue Aug 09 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-22
- Use hangup signal instead of termination signal to
kill sesssion monitoring script to appeach tcsh.
Related: #2089362
* Mon Aug 08 2022 David King <dking@redhat.com> - 1:1.12.8-20
- Override sysusers configuration (#2090397)
* Thu Jun 16 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-19
- Ensure SSH session monitoring script is cleaned up when the
session exits.
Resolves: #2089362
* Mon Dec 06 2021 Ray Strode <rstrode@redhat.com> - 1.12.8-18
- Ensure session bus started for SSH sessions gets used by those
sessions.
Related: #1940067
* Mon Nov 08 2021 David King <dking@redhat.com> - 1:1.12.8-17
- Improve SSH session bus starting (#1940067)
* Thu Jun 10 2021 David King <dking@redhat.com> - 1:1.12.8-16
- Add Conflicts on older redhat-release versions (#1941642)
* Wed May 26 2021 David King <dking@redhat.com> - 1:1.12.8-15
- Packaging updates from Fedora (#1941642)
* Tue Apr 27 2021 David King <dking@redhat.com> - 1:1.12.8-14
- Fix dbus-launch call in sh snippet (#1940348)
* Tue Mar 23 2021 David King <dking@redhat.com> - 1:1.12.8-13
- Fix raising hard fd limit (#1839753)