Compare commits

..

No commits in common. "c9-beta" and "c8" have entirely different histories.
c9-beta ... c8

18 changed files with 672 additions and 287 deletions

View File

@ -1,2 +1 @@
f7fe130511aeeac40270af38d6892ed63392c7f6 SOURCES/dbus-1.12.20.tar.gz 8e50e46796e8297eaa633da3a61cdc79a500e34a SOURCES/dbus-1.12.8.tar.gz
dfffbf214650cd4600454f930c1ebd9919327a11 SOURCES/gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/dbus-1.12.20.tar.gz SOURCES/dbus-1.12.8.tar.gz
SOURCES/gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl793S8ACgkQ4FrhR4+B
TE8Cfg//Ysb9qT9xLUvCCHdmg+efz1DCks9W21MnZ9EN7qIx/mJPZhqpy9nbaHGy
xQl2hnYagPZXWy7ly8HpakvzYfjtyRMCd7570n/cMmVXTF5bnfOr1feScrNEEJPc
R6LreRPVDPdiKak1bF8VeVLpil89WrtU4xRzcpWxhZLlPiN1ebOSjEKtzaW4sDYB
KdLXLRqcVgdm44NZrTB/xic0hJrO6fhTqiJVx6Lc/CoE9FNO+/60/H2PYIWRedSm
bEx76RmUJEn1c/+wCyixmiTE0aEWGbKIsTR5mZmnw5BFI9SegQk7cD67kLvqMgpz
c+SMl0ivihTgcaH9jPKeg6fEvTTMkuxHQyMgYV5Rwoq0ukTgQ+b+/MjYa5OX0QqY
4YLDqNdgVfdNabxAeGvtNoDLwIHuveB151W9/ANTd420uqkWlCjzriEAjyYv8AJt
O53dQn6KGos8QmAKyF3dmKKZb7d2XfJLa0byHt84DeM0kAabq7P9ypf4YkbmqLCC
Eb8kiP8FbNYaQs9i1L2D4RXK8fnZA88aQVf7yBcILJBsQDI/plZuxmSzZLMBF3dw
SxhcGN3ArsoOqqqWnJt65Sxtt95vO9mpOvrHMB9iQWM3X2zVXh+Et8P2QY9HVhCp
Xmj3TH9Oc6OjBipqdR8OzdTtc7lnBwjuzMhw6g2S08ZQJovniOE=
=cwnZ
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,119 @@
From 47b1a4c41004bf494b87370987b222c934b19016 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 30 May 2019 12:53:03 +0100
Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server
owner
The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
of a shared home directory by having the server write a secret "cookie"
into a .dbus-keyrings subdirectory of the desired identity's home
directory with 0700 permissions, and having the client prove that it can
read the cookie. This never actually worked for non-malicious clients in
the case where server uid != client uid (unless the server and client
both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
Unix uid 0) because an unprivileged server would fail to write out the
cookie, and an unprivileged client would be unable to read the resulting
file owned by the server.
Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
is owned by the uid of the server (a side-effect of a check added to
harden our use of XDG_RUNTIME_DIR), further ruling out successful use
by a non-malicious client with a uid differing from the server's.
Joe Vennix of Apple Information Security discovered that the
implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
attack: a malicious client with write access to its own home directory
could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
read and write in unintended locations. In the worst case this could
result in the DBusServer reusing a cookie that is known to the
malicious client, and treating that cookie as evidence that a subsequent
client connection came from an attacker-chosen uid, allowing
authentication bypass.
This is mitigated by the fact that by default, the well-known system
dbus-daemon (since 2003) and the well-known session dbus-daemon (in
stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
at an early stage, before manipulating cookies. As a result, this
vulnerability only applies to:
* system or session dbus-daemons with non-standard configuration
* third-party dbus-daemon invocations such as at-spi2-core (although
in practice at-spi2-core also only accepts EXTERNAL by default)
* third-party uses of DBusServer such as the one in Upstart
Avoiding symlink attacks in a portable way is difficult, because APIs
like openat() and Linux /proc/self/fd are not universally available.
However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
a non-matching uid, we can solve this vulnerability in an easier way
without regressions, by rejecting it early (before looking at
~/.dbus-keyrings) whenever the requested identity doesn't match the
identity of the process hosting the DBusServer.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
Closes: CVE-2019-12749
---
dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 37d8d4c9..7390a9d5 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth,
DBusString tmp2;
dbus_bool_t retval = FALSE;
DBusError error = DBUS_ERROR_INIT;
+ DBusCredentials *myself = NULL;
_dbus_string_set_length (&auth->challenge, 0);
@@ -565,6 +566,34 @@ sha1_handle_first_client_response (DBusAuth *auth,
return FALSE;
}
+ myself = _dbus_credentials_new_from_current_process ();
+
+ if (myself == NULL)
+ goto out;
+
+ if (!_dbus_credentials_same_user (myself, auth->desired_identity))
+ {
+ /*
+ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the
+ * client is anyone other than the user owning the process
+ * containing the DBusServer: we probably aren't allowed to write
+ * to other users' home directories. Even if we can (for example
+ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we
+ * must not, because the other user controls their home directory,
+ * and could carry out symlink attacks to make us read from or
+ * write to unintended locations. It's difficult to avoid symlink
+ * attacks in a portable way, so we just don't try. This isn't a
+ * regression, because DBUS_COOKIE_SHA1 never worked for other
+ * users anyway.
+ */
+ _dbus_verbose ("%s: client tried to authenticate as \"%s\", "
+ "but that doesn't match this process",
+ DBUS_AUTH_NAME (auth),
+ _dbus_string_get_const_data (data));
+ retval = send_rejected (auth);
+ goto out;
+ }
+
/* we cache the keyring for speed, so here we drop it if it's the
* wrong one. FIXME caching the keyring here is useless since we use
* a different DBusAuth for every connection.
@@ -679,6 +708,9 @@ sha1_handle_first_client_response (DBusAuth *auth,
_dbus_string_zero (&tmp2);
_dbus_string_free (&tmp2);
+ if (myself != NULL)
+ _dbus_credentials_unref (myself);
+
return retval;
}
--
2.21.0

View File

@ -0,0 +1,74 @@
From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 16 Apr 2020 14:45:11 +0100
Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
MSG_CTRUNC indicates that we have received fewer fds that we should
have done because the buffer was too small, but we were treating it
as though it indicated that we received *no* fds. If we received any,
we still have to make sure we close them, otherwise they will be leaked.
On the system bus, if an attacker can induce us to leak fds in this
way, that's a local denial of service via resource exhaustion.
Reported-by: Kevin Backhouse, GitHub Security Lab
Fixes: dbus#294
Fixes: CVE-2020-12049
Fixes: GHSL-2020-057
---
dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
index b5fc24663..b176dae1a 100644
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
struct cmsghdr *cm;
dbus_bool_t found = FALSE;
- if (m.msg_flags & MSG_CTRUNC)
- {
- /* Hmm, apparently the control data was truncated. The bad
- thing is that we might have completely lost a couple of fds
- without chance to recover them. Hence let's treat this as a
- serious error. */
-
- errno = ENOSPC;
- _dbus_string_set_length (buffer, start);
- return -1;
- }
-
for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
{
@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
if (!found)
*n_fds = 0;
+ if (m.msg_flags & MSG_CTRUNC)
+ {
+ unsigned int i;
+
+ /* Hmm, apparently the control data was truncated. The bad
+ thing is that we might have completely lost a couple of fds
+ without chance to recover them. Hence let's treat this as a
+ serious error. */
+
+ /* We still need to close whatever fds we *did* receive,
+ * otherwise they'll never get closed. (CVE-2020-12049) */
+ for (i = 0; i < *n_fds; i++)
+ close (fds[i]);
+
+ *n_fds = 0;
+ errno = ENOSPC;
+ _dbus_string_set_length (buffer, start);
+ return -1;
+ }
+
/* put length back (doesn't actually realloc) */
_dbus_string_set_length (buffer, start + bytes_read);
--
GitLab

View File

@ -1,7 +1,50 @@
From b159849e031000d1dbc1ab876b5fc78a3ce9b534 Mon Sep 17 00:00:00 2001 From 3a1b1e9a4010e581e2e940e61d37c4f617eb5eff Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 5 Jun 2023 17:56:33 +0100
Subject: [PATCH 1/3] monitor test: Log the messages that we monitored
This is helpful while debugging test failures.
Helps: dbus/dbus#457
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 8ee5d3e04420975107c27073b50f8758871a998b)
---
test/monitor.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/test/monitor.c b/test/monitor.c
index df5a7180..182110f8 100644
--- a/test/monitor.c
+++ b/test/monitor.c
@@ -196,6 +196,10 @@ _log_message (DBusMessage *m,
not_null (dbus_message_get_signature (m)));
g_test_message ("\terror name: %s",
not_null (dbus_message_get_error_name (m)));
+ g_test_message ("\tserial number: %u",
+ dbus_message_get_serial (m));
+ g_test_message ("\tin reply to: %u",
+ dbus_message_get_reply_serial (m));
if (strcmp ("s", dbus_message_get_signature (m)) == 0)
{
@@ -339,6 +343,9 @@ monitor_filter (DBusConnection *connection,
{
Fixture *f = user_data;
+ g_test_message ("Monitor received message:");
+ log_message (message);
+
g_assert_cmpstr (dbus_message_get_interface (message), !=,
"com.example.Tedious");
--
2.41.0
From 37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c Mon Sep 17 00:00:00 2001
From: hongjinghao <q1204531485@163.com> From: hongjinghao <q1204531485@163.com>
Date: Mon, 5 Jun 2023 18:17:06 +0100 Date: Mon, 5 Jun 2023 18:17:06 +0100
Subject: [PATCH 1/2] bus: Assign a serial number for messages from the driver Subject: [PATCH 2/3] bus: Assign a serial number for messages from the driver
Normally, it's enough to rely on a message being given a serial number Normally, it's enough to rely on a message being given a serial number
by the DBusConnection just before it is actually sent. However, in the by the DBusConnection just before it is actually sent. However, in the
@ -23,6 +66,7 @@ the vulnerable code is not reached.
Co-authored-by: Simon McVittie <smcv@collabora.com> Co-authored-by: Simon McVittie <smcv@collabora.com>
Resolves: dbus/dbus#457 Resolves: dbus/dbus#457
(cherry picked from commit b159849e031000d1dbc1ab876b5fc78a3ce9b534)
--- ---
bus/connection.c | 15 +++++++++++++++ bus/connection.c | 15 +++++++++++++++
dbus/dbus-connection-internal.h | 2 ++ dbus/dbus-connection-internal.h | 2 ++
@ -30,10 +74,10 @@ Resolves: dbus/dbus#457
3 files changed, 27 insertions(+), 1 deletion(-) 3 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/bus/connection.c b/bus/connection.c diff --git a/bus/connection.c b/bus/connection.c
index a41b790b..4d46992c 100644 index b3583433..215f0230 100644
--- a/bus/connection.c --- a/bus/connection.c
+++ b/bus/connection.c +++ b/bus/connection.c
@@ -2376,6 +2376,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction, @@ -2350,6 +2350,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS)) if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS))
return FALSE; return FALSE;
@ -56,10 +100,10 @@ index a41b790b..4d46992c 100644
{ {
if (!dbus_message_set_destination (message, if (!dbus_message_set_destination (message,
diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h
index 912b546e..747e6e54 100644 index 48357321..ba79b192 100644
--- a/dbus/dbus-connection-internal.h --- a/dbus/dbus-connection-internal.h
+++ b/dbus/dbus-connection-internal.h +++ b/dbus/dbus-connection-internal.h
@@ -57,6 +57,8 @@ DBUS_PRIVATE_EXPORT @@ -54,6 +54,8 @@ DBUS_PRIVATE_EXPORT
DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection); DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection);
DBUS_PRIVATE_EXPORT DBUS_PRIVATE_EXPORT
void _dbus_connection_unref_unlocked (DBusConnection *connection); void _dbus_connection_unref_unlocked (DBusConnection *connection);
@ -69,10 +113,10 @@ index 912b546e..747e6e54 100644
DBusList *link); DBusList *link);
dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection); dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection);
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
index 105bdf4e..34380293 100644 index c525b6dc..09cef278 100644
--- a/dbus/dbus-connection.c --- a/dbus/dbus-connection.c
+++ b/dbus/dbus-connection.c +++ b/dbus/dbus-connection.c
@@ -1461,7 +1461,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection) @@ -1456,7 +1456,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection)
_dbus_connection_last_unref (connection); _dbus_connection_last_unref (connection);
} }
@ -91,13 +135,13 @@ index 105bdf4e..34380293 100644
{ {
dbus_uint32_t serial; dbus_uint32_t serial;
-- --
2.40.1 2.41.0
From 986611ad0f7f67a3693e5672cd66bc608c00b228 Mon Sep 17 00:00:00 2001 From 2c699f6ba9c162878c69d0728298c1ab7308db72 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com> From: Simon McVittie <smcv@collabora.com>
Date: Mon, 5 Jun 2023 18:51:22 +0100 Date: Mon, 5 Jun 2023 18:51:22 +0100
Subject: [PATCH 2/2] monitor test: Reproduce dbus/dbus#457 Subject: [PATCH 3/3] monitor test: Reproduce dbus/dbus#457
The exact failure mode reported in dbus/dbus#457 is quite difficult The exact failure mode reported in dbus/dbus#457 is quite difficult
to achieve in a reliable way in a unit test, because we'd have to send to achieve in a reliable way in a unit test, because we'd have to send
@ -108,6 +152,7 @@ slightly different way by not allowing the client to receive a
particular message. I chose NameAcquired. particular message. I chose NameAcquired.
Signed-off-by: Simon McVittie <smcv@collabora.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 986611ad0f7f67a3693e5672cd66bc608c00b228)
--- ---
.../valid-config-files/forbidding.conf.in | 3 + .../valid-config-files/forbidding.conf.in | 3 +
test/monitor.c | 77 ++++++++++++++++--- test/monitor.c | 77 ++++++++++++++++---
@ -127,7 +172,7 @@ index d145613c..58b3cc6a 100644
</policy> </policy>
</busconfig> </busconfig>
diff --git a/test/monitor.c b/test/monitor.c diff --git a/test/monitor.c b/test/monitor.c
index d5a54b00..846a980c 100644 index 182110f8..42e0734d 100644
--- a/test/monitor.c --- a/test/monitor.c
+++ b/test/monitor.c +++ b/test/monitor.c
@@ -155,6 +155,21 @@ static Config side_effects_config = { @@ -155,6 +155,21 @@ static Config side_effects_config = {
@ -199,7 +244,7 @@ index d5a54b00..846a980c 100644
/* This is called after processing pending replies to our own method /* This is called after processing pending replies to our own method
* calls, but before anything else. * calls, but before anything else.
*/ */
@@ -727,6 +761,11 @@ test_become_monitor (Fixture *f, @@ -797,6 +831,11 @@ test_become_monitor (Fixture *f,
test_assert_no_error (&f->e); test_assert_no_error (&f->e);
g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER); g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER);
@ -211,7 +256,7 @@ index d5a54b00..846a980c 100644
while (!got_unique || !got_a || !got_b || !got_c) while (!got_unique || !got_a || !got_b || !got_c)
{ {
if (g_queue_is_empty (&f->monitored)) if (g_queue_is_empty (&f->monitored))
@@ -1378,6 +1417,7 @@ test_dbus_daemon (Fixture *f, @@ -1448,6 +1487,7 @@ test_dbus_daemon (Fixture *f,
{ {
DBusMessage *m; DBusMessage *m;
int res; int res;
@ -219,7 +264,7 @@ index d5a54b00..846a980c 100644
if (f->address == NULL) if (f->address == NULL)
return; return;
@@ -1393,7 +1433,12 @@ test_dbus_daemon (Fixture *f, @@ -1463,7 +1503,12 @@ test_dbus_daemon (Fixture *f,
test_assert_no_error (&f->e); test_assert_no_error (&f->e);
g_assert_cmpint (res, ==, DBUS_RELEASE_NAME_REPLY_RELEASED); g_assert_cmpint (res, ==, DBUS_RELEASE_NAME_REPLY_RELEASED);
@ -233,7 +278,7 @@ index d5a54b00..846a980c 100644
test_main_context_iterate (f->ctx, TRUE); test_main_context_iterate (f->ctx, TRUE);
m = g_queue_pop_head (&f->monitored); m = g_queue_pop_head (&f->monitored);
@@ -1406,10 +1451,12 @@ test_dbus_daemon (Fixture *f, @@ -1476,10 +1521,12 @@ test_dbus_daemon (Fixture *f,
"NameOwnerChanged", "sss", NULL); "NameOwnerChanged", "sss", NULL);
dbus_message_unref (m); dbus_message_unref (m);
@ -249,7 +294,7 @@ index d5a54b00..846a980c 100644
dbus_message_unref (m); dbus_message_unref (m);
m = g_queue_pop_head (&f->monitored); m = g_queue_pop_head (&f->monitored);
@@ -1631,8 +1678,14 @@ static void @@ -1701,8 +1748,14 @@ static void
expect_new_connection (Fixture *f) expect_new_connection (Fixture *f)
{ {
DBusMessage *m; DBusMessage *m;
@ -265,7 +310,7 @@ index d5a54b00..846a980c 100644
test_main_context_iterate (f->ctx, TRUE); test_main_context_iterate (f->ctx, TRUE);
m = g_queue_pop_head (&f->monitored); m = g_queue_pop_head (&f->monitored);
@@ -1649,7 +1702,11 @@ expect_new_connection (Fixture *f) @@ -1719,7 +1772,11 @@ expect_new_connection (Fixture *f)
dbus_message_unref (m); dbus_message_unref (m);
m = g_queue_pop_head (&f->monitored); m = g_queue_pop_head (&f->monitored);
@ -278,7 +323,7 @@ index d5a54b00..846a980c 100644
dbus_message_unref (m); dbus_message_unref (m);
} }
@@ -1988,6 +2045,8 @@ main (int argc, @@ -2044,6 +2101,8 @@ main (int argc,
setup, test_method_call, teardown); setup, test_method_call, teardown);
g_test_add ("/monitor/forbidden-method", Fixture, &forbidding_config, g_test_add ("/monitor/forbidden-method", Fixture, &forbidding_config,
setup, test_forbidden_method_call, teardown); setup, test_forbidden_method_call, teardown);
@ -288,5 +333,5 @@ index d5a54b00..846a980c 100644
setup, test_dbus_daemon, teardown); setup, test_dbus_daemon, teardown);
g_test_add ("/monitor/selective", Fixture, &selective_config, g_test_add ("/monitor/selective", Fixture, &selective_config,
-- --
2.40.1 2.41.0

View File

@ -0,0 +1,201 @@
From 94bacc6955e563a7e698e53151a75323279a9f45 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 11 Mar 2019 09:03:39 +0000
Subject: [PATCH] bus: Try to raise soft fd limit to match hard limit
Linux systems have traditionally set the soft limit to 1024 and the hard
limit to 4096. Recent versions of systemd keep the soft fd limit at
1024 to avoid breaking programs that still use select(), but raise the
hard limit to 512*1024, while in recent Debian versions a complicated
interaction between components gives a soft limit of 1024 and a hard
limit of 1024*1024. If we can, we might as well elevate our soft limit
to match the hard limit, minimizing the chance that we will run out of
file descriptor slots.
Unlike the previous code to raise the hard and soft limits to at least
65536, we do this even if we don't have privileges: privileges are
unnecessary to raise the soft limit up to the hard limit.
If we *do* have privileges, we also continue to raise the hard and soft
limits to at least 65536 if they weren't already that high, making
it harder to carry out a denial of service attack on the system bus on
systems that use the traditional limit (CVE-2014-7824).
As was previously the case on the system bus, we'll drop the limits back
to our initial limits before we execute a subprocess for traditional
(non-systemd) activation, if enabled.
systemd activation doesn't involve us starting subprocesses at all,
so in both cases activated services will still inherit the same limits
they did previously.
This change also fixes a bug when the hard limit is very large but
the soft limit is not, for example seen as a regression when upgrading
to systemd >= 240 (Debian #928877). In such environments, dbus-daemon
would previously have changed its fd limit to 64K soft/64K hard. Because
this hard limit is less than its original hard limit, it was unable to
restore its original hard limit as intended when carrying out traditional
activation, leaving activated subprocesses with unintended limits (while
logging a warning).
Reviewed-by: Lennart Poettering <lennart@poettering.net>
[smcv: Correct a comment based on Lennart's review, reword commit message]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 7eacbfece70f16bb54d0f3ac51f87ae398759ef5)
[smcv: Mention that this also fixes Debian #928877]
---
bus/bus.c | 8 ++---
dbus/dbus-sysdeps-util-unix.c | 64 +++++++++++++++++++++--------------
dbus/dbus-sysdeps-util-win.c | 3 +-
dbus/dbus-sysdeps.h | 3 +-
4 files changed, 44 insertions(+), 34 deletions(-)
diff --git a/bus/bus.c b/bus/bus.c
index 30ce4e10..2ad8e789 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -693,11 +693,11 @@ raise_file_descriptor_limit (BusContext *context)
/* We used to compute a suitable rlimit based on the configured number
* of connections, but that breaks down as soon as we allow fd-passing,
* because each connection is allowed to pass 64 fds to us, and if
- * they all did, we'd hit kernel limits. We now hard-code 64k as a
- * good limit, like systemd does: that's enough to avoid DoS from
- * anything short of multiple uids conspiring against us.
+ * they all did, we'd hit kernel limits. We now hard-code a good
+ * limit that is enough to avoid DoS from anything short of multiple
+ * uids conspiring against us, much like systemd does.
*/
- if (!_dbus_rlimit_raise_fd_limit_if_privileged (65536, &error))
+ if (!_dbus_rlimit_raise_fd_limit (&error))
{
bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
"%s: %s", error.name, error.message);
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
index 2be5b779..7c4c3604 100644
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@@ -406,23 +406,15 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
return self;
}
+/* Enough fds that we shouldn't run out, even if several uids work
+ * together to carry out a denial-of-service attack. This happens to be
+ * the same number that systemd < 234 would normally use. */
+#define ENOUGH_FDS 65536
+
dbus_bool_t
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
- DBusError *error)
+_dbus_rlimit_raise_fd_limit (DBusError *error)
{
- struct rlimit lim;
-
- /* No point to doing this practically speaking
- * if we're not uid 0. We expect the system
- * bus to use this before we change UID, and
- * the session bus takes the Linux default,
- * currently 1024 for cur and 4096 for max.
- */
- if (getuid () != 0)
- {
- /* not an error, we're probably the session bus */
- return TRUE;
- }
+ struct rlimit old, lim;
if (getrlimit (RLIMIT_NOFILE, &lim) < 0)
{
@@ -431,22 +423,43 @@ _dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
return FALSE;
}
- if (lim.rlim_cur == RLIM_INFINITY || lim.rlim_cur >= desired)
+ old = lim;
+
+ if (getuid () == 0)
{
- /* not an error, everything is fine */
- return TRUE;
+ /* We are privileged, so raise the soft limit to at least
+ * ENOUGH_FDS, and the hard limit to at least the desired soft
+ * limit. This assumes we can exercise CAP_SYS_RESOURCE on Linux,
+ * or other OSs' equivalents. */
+ if (lim.rlim_cur != RLIM_INFINITY &&
+ lim.rlim_cur < ENOUGH_FDS)
+ lim.rlim_cur = ENOUGH_FDS;
+
+ if (lim.rlim_max != RLIM_INFINITY &&
+ lim.rlim_max < lim.rlim_cur)
+ lim.rlim_max = lim.rlim_cur;
}
- /* Ignore "maximum limit", assume we have the "superuser"
- * privileges. On Linux this is CAP_SYS_RESOURCE.
- */
- lim.rlim_cur = lim.rlim_max = desired;
+ /* Raise the soft limit to match the hard limit, which we can do even
+ * if we are unprivileged. In particular, systemd >= 240 will normally
+ * set rlim_cur to 1024 and rlim_max to 512*1024, recent Debian
+ * versions end up setting rlim_cur to 1024 and rlim_max to 1024*1024,
+ * and older and non-systemd Linux systems would typically set rlim_cur
+ * to 1024 and rlim_max to 4096. */
+ if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
+ lim.rlim_cur = lim.rlim_max;
+
+ /* Early-return if there is nothing to do. */
+ if (lim.rlim_max == old.rlim_max &&
+ lim.rlim_cur == old.rlim_cur)
+ return TRUE;
if (setrlimit (RLIMIT_NOFILE, &lim) < 0)
{
dbus_set_error (error, _dbus_error_from_errno (errno),
- "Failed to set fd limit to %u: %s",
- desired, _dbus_strerror (errno));
+ "Failed to set fd limit to %lu: %s",
+ (unsigned long) lim.rlim_cur,
+ _dbus_strerror (errno));
return FALSE;
}
@@ -485,8 +498,7 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
}
dbus_bool_t
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
- DBusError *error)
+_dbus_rlimit_raise_fd_limit (DBusError *error)
{
fd_limit_not_supported (error);
return FALSE;
diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c
index 1ef4ae6c..1c1d9f7d 100644
--- a/dbus/dbus-sysdeps-util-win.c
+++ b/dbus/dbus-sysdeps-util-win.c
@@ -273,8 +273,7 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
}
dbus_bool_t
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
- DBusError *error)
+_dbus_rlimit_raise_fd_limit (DBusError *error)
{
fd_limit_not_supported (error);
return FALSE;
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
index ef786ecc..0b9d7696 100644
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@@ -698,8 +698,7 @@ dbus_bool_t _dbus_replace_install_prefix (DBusString *path);
typedef struct DBusRLimit DBusRLimit;
DBusRLimit *_dbus_rlimit_save_fd_limit (DBusError *error);
-dbus_bool_t _dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
- DBusError *error);
+dbus_bool_t _dbus_rlimit_raise_fd_limit (DBusError *error);
dbus_bool_t _dbus_rlimit_restore_fd_limit (DBusRLimit *saved,
DBusError *error);
void _dbus_rlimit_free (DBusRLimit *lim);
--
GitLab

View File

@ -1,15 +0,0 @@
[Unit]
Description=D-Bus System Message Bus
Documentation=man:dbus-daemon(1)
Requires=dbus.socket
[Service]
ExecStart=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
ExecReload=/usr/bin/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
OOMScoreAdjust=-900
[Install]
# Make sure that services can still refer to this under the name of the
# old SysV script (messagebus).
Alias=dbus.service messagebus.service
WantedBy=multi-user.target

View File

@ -1,11 +0,0 @@
[Unit]
Description=D-Bus User Message Bus
Documentation=man:dbus-daemon(1)
Requires=dbus.socket
[Service]
ExecStart=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
ExecReload=/usr/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
[Install]
Alias=dbus.service

View File

@ -0,0 +1,30 @@
#!/bin/bash
# This script ensures the dbus-daemon is killed when the session closes.
# It's used by SSH sessions that have X forwarding (since the X display
# may outlive the session in those cases)
[ $# != 1 ] && exit 1
exec >& /dev/null
MONITOR_READY_FILE=$(mktemp dbus-session-monitor.XXXXXX --tmpdir)
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
trap 'rm -f "${MONITOR_READY_FILE}"; rm -f "${DBUS_SESSION_ADDRESS_FILE}"; kill -TERM $1; kill -HUP $(jobs -p)' EXIT
export GVFS_DISABLE_FUSE=1
coproc SESSION_MONITOR (gio monitor -f "/run/systemd/sessions/${XDG_SESSION_ID}" "${MONITOR_READY_FILE}")
# Poll until the gio monitor command is actively monitoring
until
touch "${MONITOR_READY_FILE}"
read -t 0.5 -u ${SESSION_MONITOR[0]}
do
continue
done
# Block until the session is closed
while grep -q ^State=active <(loginctl show-session $XDG_SESSION_ID)
do
read -u ${SESSION_MONITOR[0]}
done

View File

@ -1,8 +0,0 @@
[Unit]
Description=D-Bus System Message Bus Socket
[Socket]
ListenStream=/run/dbus/system_bus_socket
[Install]
WantedBy=sockets.target

View File

@ -1,9 +0,0 @@
[Unit]
Description=D-Bus User Message Bus Socket
[Socket]
ListenStream=%t/bus
ExecStartPost=-/usr/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=%t/bus
[Install]
WantedBy=sockets.target

View File

@ -0,0 +1,24 @@
# DBus session bus over SSH with X11 forwarding
if ( $?SSH_CONNECTION == 0 ) exit
if ( $?XDG_SESSION_ID == 0) exit
if ( $?DISPLAY == 0 ) exit
if ( $SHLVL > 1 ) exit
set DBUS_SESSIONS = "${XDG_RUNTIME_DIR}/dbus-1/sessions"
set DBUS_SESSION_ADDRESS_FILE = "${DBUS_SESSIONS}/${XDG_SESSION_ID}"
if ( -e "${DBUS_SESSION_ADDRESS_FILE}" ) then
setenv DBUS_SESSION_BUS_ADDRESS "`cat ${DBUS_SESSION_ADDRESS_FILE}`"
exit
endif
setenv GDK_BACKEND x11
eval `dbus-launch --csh-syntax`
if ( $?DBUS_SESSION_BUS_PID == 0 ) exit
mkdir -p "${DBUS_SESSIONS}"
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session $DBUS_SESSION_BUS_PID

View File

@ -0,0 +1,25 @@
# DBus session bus over SSH with X11 forwarding
[ -z "$SSH_CONNECTION" ] && return
[ -z "$XDG_SESSION_ID" ] && return
[ -z "$DISPLAY" ] && return
[ "${DISPLAY:0:1}" = ":" ] && return
[ "$SHLVL" -ne 1 ] && return
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
if [ -e "${DBUS_SESSION_ADDRESS_FILE}" ]; then
export DBUS_SESSION_BUS_ADDRESS="$(cat ${DBUS_SESSION_ADDRESS_FILE})"
return
fi
export GDK_BACKEND=x11
eval `dbus-launch --sh-syntax`
[ -z "$DBUS_SESSION_BUS_PID" ] && return
mkdir -p "${DBUS_SESSIONS}"
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session "$DBUS_SESSION_BUS_PID"

View File

@ -5,10 +5,6 @@
%global libselinux_version 2.0.86 %global libselinux_version 2.0.86
# fedora-release-30-0.2 and generic-release-0.1 added required presets to enable systemd-unit symlinks
%global fedora_release_version 30-0.2
%global generic_release_version 30-0.1
%global dbus_user_uid 81 %global dbus_user_uid 81
%global dbus_common_config_opts --enable-libaudit --enable-selinux=yes --with-system-socket=/run/dbus/system_bus_socket --with-dbus-user=dbus --libexecdir=/%{_libexecdir}/dbus-1 --enable-user-session --docdir=%{_pkgdocdir} --enable-installed-tests %global dbus_common_config_opts --enable-libaudit --enable-selinux=yes --with-system-socket=/run/dbus/system_bus_socket --with-dbus-user=dbus --libexecdir=/%{_libexecdir}/dbus-1 --enable-user-session --docdir=%{_pkgdocdir} --enable-installed-tests
@ -22,40 +18,41 @@
Name: dbus Name: dbus
Epoch: 1 Epoch: 1
Version: 1.12.20 Version: 1.12.8
Release: 8%{?dist} Release: 26%{?dist}
Summary: D-BUS message bus Summary: D-BUS message bus
Group: System Environment/Libraries
# The effective license of the majority of the package, including the shared # The effective license of the majority of the package, including the shared
# library, is "GPL-2+ or AFL-2.1". Certain utilities are "GPL-2+" only. # library, is "GPL-2+ or AFL-2.1". Certain utilities are "GPL-2+" only.
License: (GPLv2+ or AFL) and GPLv2+ License: (GPLv2+ or AFL) and GPLv2+
URL: http://www.freedesktop.org/Software/dbus/ URL: http://www.freedesktop.org/Software/dbus/
#VCS: git:git://git.freedesktop.org/git/dbus/dbus #VCS: git:git://git.freedesktop.org/git/dbus/dbus
Source0: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz Source0: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz
Source1: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz.asc Source1: 00-start-message-bus.sh
# gpg --keyserver keyring.debian.org --recv-keys 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F Source2: ssh-x-forwarding.csh
# gpg --export --export-options export-minimal > gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg Source3: ssh-x-forwarding.sh
Source2: gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg Source4: dbus-kill-process-with-session
Source3: 00-start-message-bus.sh Source5: dbus-systemd-sysusers.conf
Source4: dbus.socket
Source5: dbus-daemon.service
Source6: dbus.user.socket
Source7: dbus-daemon.user.service
Source8: dbus-systemd-sysusers.conf
Patch0: 0001-tools-Use-Python3-for-GetAllMatchRules.patch Patch0: 0001-tools-Use-Python3-for-GetAllMatchRules.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133647 # https://bugzilla.redhat.com/show_bug.cgi?id=1725570
Patch1: dbus-1.12.20-CVE-2022-42010.patch Patch1: dbus-1.12.8-fix-CVE-2019-12749.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133641 # https://bugzilla.redhat.com/show_bug.cgi?id=1851997
Patch2: dbus-1.12.20-CVE-2022-42011.patch Patch2: dbus-1.12.8-fix-CVE-2020-12049.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133635 # https://bugzilla.redhat.com/show_bug.cgi?id=1839753
Patch3: dbus-1.12.20-CVE-2022-42012.patch Patch3: dbus-1.12.8-fix-fd-limit-change.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213402 # https://bugzilla.redhat.com/show_bug.cgi?id=2133645
Patch4: dbus-1.12.20-CVE-2023-34969.patch Patch4: dbus-1.20.8-CVE-2022-42010.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133639
Patch5: dbus-1.20.8-CVE-2022-42011.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133633
Patch6: dbus-1.20.8-CVE-2022-42012.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213400
Patch7: dbus-1.12.8-fix-CVE-2023-34969.patch
BuildRequires: autoconf-archive BuildRequires: autoconf-archive
BuildRequires: libtool BuildRequires: libtool
BuildRequires: audit-libs-devel >= 0.9 BuildRequires: audit-libs-devel >= 0.9
BuildRequires: gnupg2
BuildRequires: libX11-devel BuildRequires: libX11-devel
BuildRequires: libcap-ng-devel BuildRequires: libcap-ng-devel
BuildRequires: pkgconfig(expat) BuildRequires: pkgconfig(expat)
@ -75,6 +72,7 @@ BuildRequires: cmake
%endif %endif
#For macroized scriptlets. #For macroized scriptlets.
%{?systemd_requires}
BuildRequires: systemd BuildRequires: systemd
# Note: These is only required for --with-tests; when bootstrapping, you can # Note: These is only required for --with-tests; when bootstrapping, you can
@ -87,10 +85,8 @@ BuildRequires: python3-gobject
%if %{with check} %if %{with check}
BuildRequires: /usr/bin/Xvfb BuildRequires: /usr/bin/Xvfb
%endif %endif
BuildRequires: make
# Since F30 the default implementation is dbus-broker over dbus-daemon Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
Requires: dbus-broker >= 16-4
%description %description
D-BUS is a system for sending messages between applications. It is D-BUS is a system for sending messages between applications. It is
@ -99,10 +95,8 @@ per-user-login-session messaging facility.
%package common %package common
Summary: D-BUS message bus configuration Summary: D-BUS message bus configuration
Group: System Environment/Libraries
BuildArch: noarch BuildArch: noarch
%{?systemd_requires}
Conflicts: fedora-release < %{fedora_release_version}
Conflicts: generic-release < %{generic_release_version}
Requires: /usr/bin/systemctl Requires: /usr/bin/systemctl
%description common %description common
@ -111,14 +105,12 @@ implementations to provide a System and User Message Bus.
%package daemon %package daemon
Summary: D-BUS message bus Summary: D-BUS message bus
%{?systemd_requires} Group: System Environment/Libraries
Conflicts: fedora-release < %{fedora_release_version} Requires(pre): /usr/sbin/useradd
Conflicts: generic-release < %{generic_release_version}
Requires: libselinux%{?_isa} >= %{libselinux_version} Requires: libselinux%{?_isa} >= %{libselinux_version}
Requires: dbus-common = %{epoch}:%{version}-%{release} Requires: dbus-common = %{epoch}:%{version}-%{release}
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: dbus-tools = %{epoch}:%{version}-%{release} Requires: dbus-tools = %{epoch}:%{version}-%{release}
Requires: /usr/bin/systemctl
%description daemon %description daemon
D-BUS is a system for sending messages between applications. It is D-BUS is a system for sending messages between applications. It is
@ -127,6 +119,7 @@ per-user-login-session messaging facility.
%package tools %package tools
Summary: D-BUS Tools and Utilities Summary: D-BUS Tools and Utilities
Group: Development/Libraries
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description tools %description tools
@ -135,22 +128,16 @@ the reference implementation.
%package libs %package libs
Summary: Libraries for accessing D-BUS Summary: Libraries for accessing D-BUS
Group: Development/Libraries
%description libs %description libs
This package contains lowlevel libraries for accessing D-BUS. This package contains lowlevel libraries for accessing D-BUS.
%package doc
Summary: Developer documentation for D-BUS
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
BuildArch: noarch
%description doc
This package contains developer documentation for D-Bus along with
other supporting documentation such as the introspect dtd file.
%package devel %package devel
Summary: Development files for D-BUS Summary: Development files for D-BUS
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release} Group: Development/Libraries
# The server package can be a different architecture.
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
# For xml directory ownership. # For xml directory ownership.
Requires: xml-common Requires: xml-common
@ -160,6 +147,7 @@ developing software that uses D-BUS.
%package tests %package tests
Summary: Tests for the %{name}-daemon package Summary: Tests for the %{name}-daemon package
Group: Development/Libraries
Requires: %{name}-daemon%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-daemon%{?_isa} = %{epoch}:%{version}-%{release}
%description tests %description tests
@ -168,8 +156,11 @@ the functionality of the installed %{name}-daemon package.
%package x11 %package x11
Summary: X11-requiring add-ons for D-BUS Summary: X11-requiring add-ons for D-BUS
Group: Development/Libraries
# The server package can be a different architecture. # The server package can be a different architecture.
Requires: %{name}-daemon = %{epoch}:%{version}-%{release} Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
# Used by SSH daemon helper script.
Requires: /usr/bin/gio
%description x11 %description x11
D-BUS contains some tools that require Xlib to be installed, those are D-BUS contains some tools that require Xlib to be installed, those are
@ -177,7 +168,6 @@ in this separate package so server systems need not install X.
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1 %autosetup -p1
@ -188,14 +178,14 @@ if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf --ve
# Call configure here (before the extra directories for the multiple builds # Call configure here (before the extra directories for the multiple builds
# have been created) to ensure that the hardening flag hack is applied to # have been created) to ensure that the hardening flag hack is applied to
# ltmain.sh # ltmain.sh
%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts %configure %{dbus_common_config_opts} --disable-doxygen-docs %--enable-ducktype-docs --enable-xml-docs --disable-asserts
make distclean make distclean
mkdir build mkdir build
pushd build pushd build
# See /usr/lib/rpm/macros # See /usr/lib/rpm/macros
%global _configure ../configure %global _configure ../configure
%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts %configure %{dbus_common_config_opts} --disable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts
make V=1 %{?_smp_mflags} make V=1 %{?_smp_mflags}
popd popd
@ -216,6 +206,10 @@ popd
# Delete python2 code # Delete python2 code
rm -f %{buildroot}/%{_pkgdocdir}/examples/GetAllMatchRules.py rm -f %{buildroot}/%{_pkgdocdir}/examples/GetAllMatchRules.py
# Delete docs
rm -f %{buildroot}/%{_pkgdocdir}/examples/*.conf
rm -f %{buildroot}/%{_datadir}/gtk-doc
find %{buildroot} -name '*.a' -type f -delete find %{buildroot} -name '*.a' -type f -delete
find %{buildroot} -name '*.la' -type f -delete find %{buildroot} -name '*.la' -type f -delete
@ -223,21 +217,13 @@ find %{buildroot} -name '*.la' -type f -delete
rm -rf %{buildroot}%{_libdir}/cmake rm -rf %{buildroot}%{_libdir}/cmake
%endif %endif
# Delete upstream units
rm -f %{buildroot}%{_unitdir}/dbus.{socket,service}
rm -f %{buildroot}%{_unitdir}/sockets.target.wants/dbus.socket
rm -f %{buildroot}%{_unitdir}/multi-user.target.wants/dbus.service
rm -f %{buildroot}%{_userunitdir}/dbus.{socket,service}
rm -f %{buildroot}%{_userunitdir}/sockets.target.wants/dbus.socket
rm -f %{buildroot}%{_sysusersdir}/dbus.conf rm -f %{buildroot}%{_sysusersdir}/dbus.conf
# Install downstream units install -Dp -m755 %{SOURCE1} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
install -Dp -m755 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh install -Dp -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/ssh-x-forwarding.csh
install -Dp -m644 %{SOURCE4} %{buildroot}%{_unitdir}/dbus.socket install -p -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/profile.d/
install -Dp -m644 %{SOURCE5} %{buildroot}%{_unitdir}/dbus-daemon.service install -Dp -m755 %{SOURCE4} %{buildroot}%{_libexecdir}/dbus-1/dbus-kill-process-with-session
install -Dp -m644 %{SOURCE6} %{buildroot}%{_userunitdir}/dbus.socket install -Dp -m644 %{SOURCE5} %{buildroot}%{_sysusersdir}/dbus.conf
install -Dp -m644 %{SOURCE7} %{buildroot}%{_userunitdir}/dbus-daemon.service
install -Dp -m644 %{SOURCE8} %{buildroot}%{_sysusersdir}/dbus.conf
# Obsolete, but still widely used, for drop-in configuration snippets. # Obsolete, but still widely used, for drop-in configuration snippets.
install --directory %{buildroot}%{_sysconfdir}/dbus-1/session.d install --directory %{buildroot}%{_sysconfdir}/dbus-1/session.d
@ -245,6 +231,11 @@ install --directory %{buildroot}%{_sysconfdir}/dbus-1/system.d
install --directory %{buildroot}%{_datadir}/dbus-1/interfaces install --directory %{buildroot}%{_datadir}/dbus-1/interfaces
# Make sure that when somebody asks for D-Bus under the name of the
# old SysV script, that he ends up with the standard dbus.service name
# now.
ln -s dbus.service %{buildroot}%{_unitdir}/messagebus.service
## %find_lang %{gettext_package} ## %find_lang %{gettext_package}
install --directory %{buildroot}/var/lib/dbus install --directory %{buildroot}/var/lib/dbus
@ -253,10 +244,6 @@ install --directory %{buildroot}/run/dbus
install -pm 644 -t %{buildroot}%{_pkgdocdir} \ install -pm 644 -t %{buildroot}%{_pkgdocdir} \
doc/introspect.dtd doc/introspect.xsl doc/system-activation.txt doc/introspect.dtd doc/introspect.xsl doc/system-activation.txt
# Make sure that the documentation shows up in Devhelp.
install --directory %{buildroot}%{_datadir}/gtk-doc/html
ln -s %{_pkgdocdir} %{buildroot}%{_datadir}/gtk-doc/html/dbus
# Shell wrapper for installed tests, modified from Debian package. # Shell wrapper for installed tests, modified from Debian package.
cat > dbus-run-installed-tests <<EOF cat > dbus-run-installed-tests <<EOF
#!/bin/sh #!/bin/sh
@ -316,39 +303,27 @@ popd
%pre daemon %pre daemon
%sysusers_create_compat %{SOURCE8} # Add the "dbus" user and group
/usr/sbin/groupadd -r -g %{dbus_user_uid} dbus 2>/dev/null || :
%post common /usr/sbin/useradd -c 'System message bus' -u %{dbus_user_uid} -g %{dbus_user_uid} \
%systemd_post dbus.socket -s /sbin/nologin -r -d '/' dbus 2> /dev/null || :
%systemd_user_post dbus.socket
%post daemon %post daemon
%systemd_post dbus-daemon.service %systemd_post dbus.service dbus.socket
%systemd_user_post dbus-daemon.service %systemd_user_post dbus.service dbus.socket
%preun common %post libs -p /sbin/ldconfig
%systemd_preun dbus.socket
%systemd_user_preun dbus.socket
%preun daemon %preun daemon
%systemd_preun dbus-daemon.service %systemd_preun dbus.service dbus.socket
%systemd_user_preun dbus-daemon.service %systemd_user_preun dbus.service dbus.socket
%postun common
%systemd_postun dbus.socket
%systemd_user_postun dbus.socket
%postun daemon %postun daemon
%systemd_postun dbus-daemon.service %systemd_postun dbus.service dbus.socket
%systemd_user_postun dbus-daemon.service %systemd_user_postun dbus.service dbus.socket
%triggerpostun common -- dbus-common < 1:1.12.10-4 %postun libs -p /sbin/ldconfig
systemctl --no-reload preset dbus.socket &>/dev/null || :
systemctl --no-reload --global preset dbus.socket &>/dev/null || :
%triggerpostun daemon -- dbus-daemon < 1:1.12.10-7
systemctl --no-reload preset dbus-daemon.service &>/dev/null || :
systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
%files %files
# The 'dbus' package is only retained for compatibility purposes. It will # The 'dbus' package is only retained for compatibility purposes. It will
@ -365,25 +340,19 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
%config %{_sysconfdir}/dbus-1/session.conf %config %{_sysconfdir}/dbus-1/session.conf
%config %{_sysconfdir}/dbus-1/system.conf %config %{_sysconfdir}/dbus-1/system.conf
%dir %{_datadir}/dbus-1 %dir %{_datadir}/dbus-1
%dir %{_datadir}/dbus-1/session.d
%dir %{_datadir}/dbus-1/system.d
%{_datadir}/dbus-1/session.conf %{_datadir}/dbus-1/session.conf
%{_datadir}/dbus-1/system.conf %{_datadir}/dbus-1/system.conf
%{_datadir}/dbus-1/services %{_datadir}/dbus-1/services
%{_datadir}/dbus-1/system-services %{_datadir}/dbus-1/system-services
%{_datadir}/dbus-1/interfaces %{_datadir}/dbus-1/interfaces
%{_sysusersdir}/dbus.conf %{_sysusersdir}/dbus.conf
%{_unitdir}/dbus.socket
%{_userunitdir}/dbus.socket
%files daemon %files daemon
# Strictly speaking, we could remove the COPYING from this subpackage and # Strictly speaking, we could remove the COPYING from this subpackage and
# just have it be in libs, because dbus Requires dbus-libs. # just have it be in libs, because dbus Requires dbus-libs.
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license COPYING %license COPYING
%doc AUTHORS ChangeLog CONTRIBUTING.md NEWS README %doc AUTHORS ChangeLog HACKING NEWS README
%exclude %{_pkgdocdir}/api
%exclude %{_pkgdocdir}/dbus.devhelp
%exclude %{_pkgdocdir}/diagram.* %exclude %{_pkgdocdir}/diagram.*
%exclude %{_pkgdocdir}/introspect.* %exclude %{_pkgdocdir}/introspect.*
%exclude %{_pkgdocdir}/system-activation.txt %exclude %{_pkgdocdir}/system-activation.txt
@ -404,8 +373,14 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
%attr(4750,root,dbus) %{_libexecdir}/dbus-1/dbus-daemon-launch-helper %attr(4750,root,dbus) %{_libexecdir}/dbus-1/dbus-daemon-launch-helper
%exclude %{_libexecdir}/dbus-1/dbus-run-installed-tests %exclude %{_libexecdir}/dbus-1/dbus-run-installed-tests
%{_tmpfilesdir}/dbus.conf %{_tmpfilesdir}/dbus.conf
%{_unitdir}/dbus-daemon.service %{_unitdir}/dbus.service
%{_userunitdir}/dbus-daemon.service %{_unitdir}/dbus.socket
%{_unitdir}/messagebus.service
%{_unitdir}/multi-user.target.wants/dbus.service
%{_unitdir}/sockets.target.wants/dbus.socket
%{_userunitdir}/dbus.service
%{_userunitdir}/dbus.socket
%{_userunitdir}/sockets.target.wants/dbus.socket
%files tools %files tools
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
@ -431,18 +406,11 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
%files x11 %files x11
%{_bindir}/dbus-launch %{_bindir}/dbus-launch
%{_libexecdir}/dbus-1/dbus-kill-process-with-session
%{_mandir}/man1/dbus-launch.1* %{_mandir}/man1/dbus-launch.1*
%{_sysconfdir}/profile.d/ssh-x-forwarding.*
%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh %{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
%files doc
%{_pkgdocdir}/*
%{_datadir}/gtk-doc
%exclude %{_pkgdocdir}/AUTHORS
%exclude %{_pkgdocdir}/ChangeLog
%exclude %{_pkgdocdir}/HACKING
%exclude %{_pkgdocdir}/NEWS
%exclude %{_pkgdocdir}/README
%files devel %files devel
%{_datadir}/xml/dbus-1 %{_datadir}/xml/dbus-1
%{_libdir}/lib*.so %{_libdir}/lib*.so
@ -454,124 +422,84 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
%{_libdir}/pkgconfig/dbus-1.pc %{_libdir}/pkgconfig/dbus-1.pc
%{_includedir}/* %{_includedir}/*
%changelog %changelog
* Mon Jun 12 2023 David King <amigadave@amigadave.com> - 1:1.12.20-8 * Mon Jun 19 2023 David King <amigadave@amigadave.com> - 1.12.8-26
- Fix CVE-2023-34969 (#2213402) - Fix CVE-2023-34969 (#2213400)
* Tue Oct 18 2022 David King <amigadave@amigadave.com> - 1:1.12.20-7 * Mon Apr 24 2023 Ray Strode <rstrode@redhat.com> - 1.12.8-25
- Fix CVE-2022-42010 (#2133647) - Ensure only one dbus-daemon is spawned for all shells sharing
- Fix CVE-2022-42011 (#2133641) a single connection.
- Fix CVE-2022-42012 (#2133635) Resolves: #2189201
* Wed Aug 17 2022 David King <amigadave@amigadave.com> - 1:1.12.20-6 * Wed Oct 19 2022 David King <dking@redhat.com> - 1:1.12.8-24
- Override upstream sysusers.d confguration (#2118226) - Fix CVE-2022-42010 (#2133645)
- Fix CVE-2022-42011 (#2133639)
- Fix CVE-2022-42011 (#2133633)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.12.20-5 * Tue Sep 06 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-23
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Address race for very short running sessions in SSH
Related: rhbz#1991688 session monitoring script.
Related: #2089362
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.12.20-4 * Tue Aug 09 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-22
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Use hangup signal instead of termination signal to
kill sesssion monitoring script to appeach tcsh.
Related: #2089362
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.20-3 * Mon Aug 08 2022 David King <dking@redhat.com> - 1:1.12.8-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Override sysusers configuration (#2090397)
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.20-2 * Thu Jun 16 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - Ensure SSH session monitoring script is cleaned up when the
session exits.
Resolves: #2089362
* Thu Jul 02 2020 David King <amigadave@amigadave.com> - 1:1.12.20-1 * Mon Dec 06 2021 Ray Strode <rstrode@redhat.com> - 1.12.8-18
- Update to 1.12.20 - Ensure session bus started for SSH sessions gets used by those
sessions.
Related: #1940067
* Tue Jun 02 2020 David King <amigadave@amigadave.com> - 1:1.12.18-1 * Mon Nov 08 2021 David King <dking@redhat.com> - 1:1.12.8-17
- Update to 1.12.18 - Improve SSH session bus starting (#1940067)
* Wed Feb 19 2020 David King <amigadave@amigadave.com> - 1:1.12.16-5 * Thu Jun 10 2021 David King <dking@redhat.com> - 1:1.12.8-16
- Verify GPG signature of sources - Add Conflicts on older redhat-release versions (#1941642)
- Improve permissions on ghosted /run/dbus
* Fri Jan 31 2020 David King <amigadave@amigadave.com> - 1:1.12.16-4 * Wed May 26 2021 David King <dking@redhat.com> - 1:1.12.8-15
- Update python2- to python3-gobject - Packaging updates from Fedora (#1941642)
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.16-4 * Tue Apr 27 2021 David King <dking@redhat.com> - 1:1.12.8-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Fix dbus-launch call in sh snippet (#1940348)
* Thu Aug 01 2019 David King <amigadave@amigadave.com> - 1:1.12.16-3 * Tue Mar 23 2021 David King <dking@redhat.com> - 1:1.12.8-13
- Ensure that patches are applied - Fix raising hard fd limit (#1839753)
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.16-2 * Mon Nov 23 2020 David King <dking@redhat.com> - 1:1.12.8-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - Install X11 SSH forwarding snippets (#1874282)
* Tue Jun 11 2019 David King <amigadave@amigadave.com> - 1:1.12.16-1 * Tue Jun 30 2020 David King <dking@redhat.com> - 1:1.12.8-11
- Update to 1.12.16 - Fix CVE-2020-12049 (#1851997)
* Fri May 17 2019 David King <amigadave@amigadave.com> - 1:1.12.14-1 * Mon Apr 06 2020 David King <dking@redhat.com> - 1:1.12.8-10
- Update to 1.12.14 - Improve permissions on ghosted /run/dbus (#1797833)
* Tue Apr 09 2019 David King <amigadave@amigadave.com> - 1:1.12.12-7 * Thu Aug 01 2019 David King <dking@redhat.com> - 1:1.12.8-9
- Improve user and group creation (#1698001) - Ensure that patches are applied (#1725570)
* Thu Apr 04 2019 David King <amigadave@amigadave.com> - 1:1.12.12-6 * Tue Jul 09 2019 David King <dking@redhat.com> - 1:1.12.8-8
- Own system.d and session.d directories (#1696385) - Fix CVE-2019-12749 (#1725570)
* Sun Mar 03 2019 Leigh Scott <leigh123linux@googlemail.com> - 1:1.12.12-5 * Wed Oct 24 2018 Martin Pitt <mpitt@redhat.com> - 1:1.12.8-7
- Fix f30 FTBFS - Fix useradd dependency of dbus-daemon rhbz#1634496
* Mon Feb 04 2019 Kalev Lember <klember@redhat.com> - 1:1.12.12-4 * Thu Oct 18 2018 Martin Pitt <mpitt@redhat.com>
- Update requires for pygobject3 -> python2-gobject rename - Drop unpublished -doc package to fix FTBFS rhbz#1640736
- Add dist-git smoketest rhbz#1625683
- Move dbus system user creation to correct package rhbz#1634496
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.12-3 * Sat Aug 11 2018 Troy Dawson <tdawson@redhat.com>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - BuildRequire python3-gobject instead of pygobject3
- Related: bug#1614611
* Fri Dec 14 2018 David King <amigadave@amigadave.com> - 1:1.12.12-2
- Change -devel subpackage to depend on -libs
* Tue Dec 04 2018 David King <amigadave@amigadave.com> - 1:1.12.12-1
- Update to 1.12.12
* Thu Nov 22 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-9
- Switch to dbus-broker as the default implementation
* Wed Nov 07 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:1.12.10-8
- Fix requirement on system-release
* Tue Nov 06 2018 Tom Gundersen <teg@jklm.no> - 1:1.12.10-7
- Fix the messagebus.service alias
* Mon Nov 05 2018 David King <amigadave@amigadave.com> - 1:1.12.10-6
- Add further Requires to subpackages
* Tue Oct 23 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-5
- Move useradd dependency to daemon subpackage
* Fri Oct 19 2018 David King <amigadave@amigadave.com> - 1:1.12.10-4
- Move user and group creation to daemon subpackage
- Move systemd to Requires of common subpackage (#1638910)
- Remove unnecessary ldconfig calls
* Fri Aug 31 2018 Tom Gundersen <teg@jklm.no> - 1:1.12.10-3
- Make sure presets are applied when upgrading from packages before the presets
existed
* Thu Aug 30 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-2
- Change 'system-release' dependency to 'fedora-release', since otherwise hard
version dependencies are ignored.
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-2
- Move generic units into 'dbus-common', so other dbus implementations can use
them as well.
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-1
- Add [Install] sections to unit files, rather than creating the symlinks
manually during the installation. This will pick up the systemd-presets
global to Fedora from the 'fedora-release' package.
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-1
- Provide custom systemd unit files to replace the upstream units. Also rename
the service to 'dbus-daemon.service', but provide an alias to 'dbus.service'.
* Fri Aug 03 2018 David King <amigadave@amigadave.com> - 1:1.12.10-1
- Update to 1.12.10
* Tue Jul 31 2018 Colin Walters <walters@verbum.org> - 1:1.12.8-5 * Tue Jul 31 2018 Colin Walters <walters@verbum.org> - 1:1.12.8-5
- More python3 - More python3