rpms/dbus
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c10s/dbus-1.14.10-5.el10
Branches Tags
rpms:c8
rpms:c9s
rpms:c10s
rpms:c9
rpms:c8-beta
rpms:c9-beta
rpms:c8s
rpms:imports/c10s/dbus-1.14.10-5.el10
rpms:imports/c10s/dbus-1.14.10-4.el10
rpms:imports/c8/dbus-1.12.8-26.el8
rpms:imports/c9/dbus-1.12.20-8.el9
rpms:imports/c8-beta/dbus-1.12.8-26.el8
rpms:imports/c9-beta/dbus-1.12.20-8.el9
rpms:imports/c9/dbus-1.12.20-7.el9_2.1
rpms:imports/c8/dbus-1.12.8-24.el8_8.1
rpms:imports/c8/dbus-1.12.8-24.el8
rpms:imports/c9-beta/dbus-1.12.20-7.el9_1
rpms:imports/c8-beta/dbus-1.12.8-24.el8
rpms:imports/c9/dbus-1.12.20-7.el9_1
rpms:imports/c8/dbus-1.12.8-23.el8_7.1
rpms:imports/c9/dbus-1.12.20-6.el9
rpms:imports/c8/dbus-1.12.8-23.el8
rpms:imports/c8s/dbus-1.12.8-24.el8
rpms:imports/c9-beta/dbus-1.12.20-6.el9
rpms:imports/c8-beta/dbus-1.12.8-22.el8
rpms:imports/c8s/dbus-1.12.8-23.el8
rpms:imports/c8s/dbus-1.12.8-22.el8
rpms:imports/c8/dbus-1.12.8-18.el8_6.1
rpms:imports/c8s/dbus-1.12.8-19.el8
rpms:imports/c8s/dbus-1.12.8-18.el8_6.1
rpms:imports/c9/dbus-1.12.20-5.el9
rpms:imports/c8/dbus-1.12.8-18.el8
rpms:imports/c8-beta/dbus-1.12.8-18.el8
rpms:imports/c9-beta/dbus-1.12.20-5.el9
rpms:imports/c8s/dbus-1.12.8-18.el8
rpms:imports/c8/dbus-1.12.8-14.el8
rpms:imports/c8-beta/dbus-1.12.8-14.el8
rpms:imports/c8-beta/dbus-1.12.8-12.el8
rpms:imports/c8-beta/dbus-1.12.8-11.el8
rpms:imports/c8-beta/dbus-1.12.8-9.el8
rpms:imports/c8-beta/dbus-1.12.8-7.el8
rpms:imports/c8s/dbus-1.12.8-14.el8
rpms:imports/c8s/dbus-1.12.8-13.el8
rpms:imports/c8s/dbus-1.12.8-12.el8
rpms:imports/c8s/dbus-1.12.8-11.el8
rpms:imports/c8s/dbus-1.12.8-10.el8
rpms:imports/c8/dbus-1.12.8-12.el8_4.2
rpms:imports/c8/dbus-1.12.8-12.el8_3
rpms:imports/c8/dbus-1.12.8-12.el8
rpms:imports/c8/dbus-1.12.8-11.el8
rpms:imports/c8/dbus-1.12.8-10.el8_2
...
compare: rpms:c8
Branches Tags
rpms:c9s
rpms:c10s
rpms:c8
rpms:c9
rpms:c8-beta
rpms:c9-beta
rpms:c8s
rpms:imports/c10s/dbus-1.14.10-5.el10
rpms:imports/c10s/dbus-1.14.10-4.el10
rpms:imports/c8/dbus-1.12.8-26.el8
rpms:imports/c9/dbus-1.12.20-8.el9
rpms:imports/c8-beta/dbus-1.12.8-26.el8
rpms:imports/c9-beta/dbus-1.12.20-8.el9
rpms:imports/c9/dbus-1.12.20-7.el9_2.1
rpms:imports/c8/dbus-1.12.8-24.el8_8.1
rpms:imports/c8/dbus-1.12.8-24.el8
rpms:imports/c9-beta/dbus-1.12.20-7.el9_1
rpms:imports/c8-beta/dbus-1.12.8-24.el8
rpms:imports/c9/dbus-1.12.20-7.el9_1
rpms:imports/c8/dbus-1.12.8-23.el8_7.1
rpms:imports/c9/dbus-1.12.20-6.el9
rpms:imports/c8/dbus-1.12.8-23.el8
rpms:imports/c8s/dbus-1.12.8-24.el8
rpms:imports/c9-beta/dbus-1.12.20-6.el9
rpms:imports/c8-beta/dbus-1.12.8-22.el8
rpms:imports/c8s/dbus-1.12.8-23.el8
rpms:imports/c8s/dbus-1.12.8-22.el8
rpms:imports/c8/dbus-1.12.8-18.el8_6.1
rpms:imports/c8s/dbus-1.12.8-19.el8
rpms:imports/c8s/dbus-1.12.8-18.el8_6.1
rpms:imports/c9/dbus-1.12.20-5.el9
rpms:imports/c8/dbus-1.12.8-18.el8
rpms:imports/c8-beta/dbus-1.12.8-18.el8
rpms:imports/c9-beta/dbus-1.12.20-5.el9
rpms:imports/c8s/dbus-1.12.8-18.el8
rpms:imports/c8/dbus-1.12.8-14.el8
rpms:imports/c8-beta/dbus-1.12.8-14.el8
rpms:imports/c8-beta/dbus-1.12.8-12.el8
rpms:imports/c8-beta/dbus-1.12.8-11.el8
rpms:imports/c8-beta/dbus-1.12.8-9.el8
rpms:imports/c8-beta/dbus-1.12.8-7.el8
rpms:imports/c8s/dbus-1.12.8-14.el8
rpms:imports/c8s/dbus-1.12.8-13.el8
rpms:imports/c8s/dbus-1.12.8-12.el8
rpms:imports/c8s/dbus-1.12.8-11.el8
rpms:imports/c8s/dbus-1.12.8-10.el8
rpms:imports/c8/dbus-1.12.8-12.el8_4.2
rpms:imports/c8/dbus-1.12.8-12.el8_3
rpms:imports/c8/dbus-1.12.8-12.el8
rpms:imports/c8/dbus-1.12.8-11.el8
rpms:imports/c8/dbus-1.12.8-10.el8_2

No commits in common. "imports/c10s/dbus-1.14.10-5.el10" and "c8" have entirely different histories.
imports/c1 ... c8

23 changed files with 1199 additions and 366 deletions
Show Stats Expand all files Collapse all files

1
.dbus.metadata Normal file
View File

@ -0,0 +1 @@
8e50e46796e8297eaa633da3a61cdc79a500e34a SOURCES/dbus-1.12.8.tar.gz

69
.gitignore vendored
View File

@ -1,68 +1 @@
/*.log
/dbus-*/
/*.src.rpm
/noarch/
/x86_64/
/dbus-1.3.2.885483.tar.gz
/dbus-1.4.0.tar.gz
/dbus-1.4.10.tar.gz
/dbus-1.4.20.tar.gz
/dbus-1.6.0.tar.gz
/dbus-1.6.6.tar.gz
/dbus-1.6.8.tar.gz
/dbus-1.6.12.tar.gz
/dbus-1.6.18.tar.gz
/dbus-1.8.4.tar.gz
/dbus-1.8.6.tar.gz
/dbus-1.8.12.tar.gz
/dbus-1.8.14.tar.gz
/dbus-1.8.16.tar.gz
/dubs-1.9.14.tar.gz
/dbus-1.9.16.tar.gz
/dbus-1.9.18.tar.gz
/dbus-1.9.20.tar.gz
/dbus-1.10.0.tar.gz
/dbus-1.10.2.tar.gz
/dbus-1.10.4.tar.gz
/dbus-1.10.6.tar.gz
/dbus-1.11.0.tar.gz
/dbus-1.11.2.tar.gz
/dbus-1.11.4.tar.gz
/dbus-1.11.6.tar.gz
/dbus-1.11.8.tar.gz
/dbus-1.11.10.tar.gz
/dbus-1.11.12.tar.gz
/dbus-1.11.14.tar.gz
/dbus-1.11.16.tar.gz
/dbus-1.11.18.tar.gz
/dbus-1.11.20.tar.gz
/dbus-1.11.22.tar.gz
/dbus-1.12.0.tar.gz
/dbus-1.12.8.tar.gz
/dbus-1.12.10.tar.gz
/dbus-1.12.12.tar.gz
/dbus-1.12.14.tar.gz
/dbus-1.12.16.tar.gz
/dbus-1.12.16.tar.gz.asc
/dbus-1.12.18.tar.gz
/dbus-1.12.18.tar.gz.asc
/dbus-1.12.20.tar.gz
/dbus-1.12.20.tar.gz.asc
/dbus-1.13.18.tar.xz
/dbus-1.13.18.tar.xz.asc
/dbus-1.13.20.tar.xz
/dbus-1.13.20.tar.xz.asc
/dbus-1.13.22.tar.xz
/dbus-1.13.22.tar.xz.asc
/dbus-1.14.0.tar.xz
/dbus-1.14.0.tar.xz.asc
/dbus-1.14.2.tar.xz
/dbus-1.14.2.tar.xz.asc
/dbus-1.14.4.tar.xz
/dbus-1.14.4.tar.xz.asc
/dbus-1.14.6.tar.xz
/dbus-1.14.6.tar.xz.asc
/dbus-1.14.8.tar.xz
/dbus-1.14.8.tar.xz.asc
/dbus-1.14.10.tar.xz
/dbus-1.14.10.tar.xz.asc
SOURCES/dbus-1.12.8.tar.gz

0
00-start-message-bus.sh → SOURCES/00-start-message-bus.sh
View File

0
0001-tools-Use-Python3-for-GetAllMatchRules.patch → SOURCES/0001-tools-Use-Python3-for-GetAllMatchRules.patch
View File

119
SOURCES/dbus-1.12.8-fix-CVE-2019-12749.patch Normal file
View File

@ -0,0 +1,119 @@
From 47b1a4c41004bf494b87370987b222c934b19016 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 30 May 2019 12:53:03 +0100
Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server
owner
The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
of a shared home directory by having the server write a secret "cookie"
into a .dbus-keyrings subdirectory of the desired identity's home
directory with 0700 permissions, and having the client prove that it can
read the cookie. This never actually worked for non-malicious clients in
the case where server uid != client uid (unless the server and client
both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
Unix uid 0) because an unprivileged server would fail to write out the
cookie, and an unprivileged client would be unable to read the resulting
file owned by the server.
Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
is owned by the uid of the server (a side-effect of a check added to
harden our use of XDG_RUNTIME_DIR), further ruling out successful use
by a non-malicious client with a uid differing from the server's.
Joe Vennix of Apple Information Security discovered that the
implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
attack: a malicious client with write access to its own home directory
could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
read and write in unintended locations. In the worst case this could
result in the DBusServer reusing a cookie that is known to the
malicious client, and treating that cookie as evidence that a subsequent
client connection came from an attacker-chosen uid, allowing
authentication bypass.
This is mitigated by the fact that by default, the well-known system
dbus-daemon (since 2003) and the well-known session dbus-daemon (in
stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
at an early stage, before manipulating cookies. As a result, this
vulnerability only applies to:
* system or session dbus-daemons with non-standard configuration
* third-party dbus-daemon invocations such as at-spi2-core (although
in practice at-spi2-core also only accepts EXTERNAL by default)
* third-party uses of DBusServer such as the one in Upstart
Avoiding symlink attacks in a portable way is difficult, because APIs
like openat() and Linux /proc/self/fd are not universally available.
However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
a non-matching uid, we can solve this vulnerability in an easier way
without regressions, by rejecting it early (before looking at
~/.dbus-keyrings) whenever the requested identity doesn't match the
identity of the process hosting the DBusServer.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
Closes: CVE-2019-12749
---
dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 37d8d4c9..7390a9d5 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth,
DBusString tmp2;
dbus_bool_t retval = FALSE;
DBusError error = DBUS_ERROR_INIT;
+ DBusCredentials *myself = NULL;
_dbus_string_set_length (&auth->challenge, 0);
@@ -565,6 +566,34 @@ sha1_handle_first_client_response (DBusAuth *auth,
return FALSE;
}
+ myself = _dbus_credentials_new_from_current_process ();
+
+ if (myself == NULL)
+ goto out;
+
+ if (!_dbus_credentials_same_user (myself, auth->desired_identity))
+ {
+ /*
+ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the
+ * client is anyone other than the user owning the process
+ * containing the DBusServer: we probably aren't allowed to write
+ * to other users' home directories. Even if we can (for example
+ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we
+ * must not, because the other user controls their home directory,
+ * and could carry out symlink attacks to make us read from or
+ * write to unintended locations. It's difficult to avoid symlink
+ * attacks in a portable way, so we just don't try. This isn't a
+ * regression, because DBUS_COOKIE_SHA1 never worked for other
+ * users anyway.
+ */
+ _dbus_verbose ("%s: client tried to authenticate as \"%s\", "
+ "but that doesn't match this process",
+ DBUS_AUTH_NAME (auth),
+ _dbus_string_get_const_data (data));
+ retval = send_rejected (auth);
+ goto out;
+ }
+
/* we cache the keyring for speed, so here we drop it if it's the
* wrong one. FIXME caching the keyring here is useless since we use
* a different DBusAuth for every connection.
@@ -679,6 +708,9 @@ sha1_handle_first_client_response (DBusAuth *auth,
_dbus_string_zero (&tmp2);
_dbus_string_free (&tmp2);
+ if (myself != NULL)
+ _dbus_credentials_unref (myself);
+
return retval;
}
--
2.21.0

74
SOURCES/dbus-1.12.8-fix-CVE-2020-12049.patch Normal file
View File

@ -0,0 +1,74 @@
From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 16 Apr 2020 14:45:11 +0100
Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
MSG_CTRUNC indicates that we have received fewer fds that we should
have done because the buffer was too small, but we were treating it
as though it indicated that we received *no* fds. If we received any,
we still have to make sure we close them, otherwise they will be leaked.
On the system bus, if an attacker can induce us to leak fds in this
way, that's a local denial of service via resource exhaustion.
Reported-by: Kevin Backhouse, GitHub Security Lab
Fixes: dbus#294
Fixes: CVE-2020-12049
Fixes: GHSL-2020-057
---
dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
index b5fc24663..b176dae1a 100644
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
struct cmsghdr *cm;
dbus_bool_t found = FALSE;
- if (m.msg_flags & MSG_CTRUNC)
- {
- /* Hmm, apparently the control data was truncated. The bad
- thing is that we might have completely lost a couple of fds
- without chance to recover them. Hence let's treat this as a
- serious error. */
-
- errno = ENOSPC;
- _dbus_string_set_length (buffer, start);
- return -1;
- }
-
for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
{
@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
if (!found)
*n_fds = 0;
+ if (m.msg_flags & MSG_CTRUNC)
+ {
+ unsigned int i;
+
+ /* Hmm, apparently the control data was truncated. The bad
+ thing is that we might have completely lost a couple of fds
+ without chance to recover them. Hence let's treat this as a
+ serious error. */
+
+ /* We still need to close whatever fds we *did* receive,
+ * otherwise they'll never get closed. (CVE-2020-12049) */
+ for (i = 0; i < *n_fds; i++)
+ close (fds[i]);
+
+ *n_fds = 0;
+ errno = ENOSPC;
+ _dbus_string_set_length (buffer, start);
+ return -1;
+ }
+
/* put length back (doesn't actually realloc) */
_dbus_string_set_length (buffer, start + bytes_read);
--
GitLab

337
SOURCES/dbus-1.12.8-fix-CVE-2023-34969.patch Normal file
View File

@ -0,0 +1,337 @@
From 3a1b1e9a4010e581e2e940e61d37c4f617eb5eff Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 5 Jun 2023 17:56:33 +0100
Subject: [PATCH 1/3] monitor test: Log the messages that we monitored
This is helpful while debugging test failures.
Helps: dbus/dbus#457
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 8ee5d3e04420975107c27073b50f8758871a998b)
---
test/monitor.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/test/monitor.c b/test/monitor.c
index df5a7180..182110f8 100644
--- a/test/monitor.c
+++ b/test/monitor.c
@@ -196,6 +196,10 @@ _log_message (DBusMessage *m,
not_null (dbus_message_get_signature (m)));
g_test_message ("\terror name: %s",
not_null (dbus_message_get_error_name (m)));
+ g_test_message ("\tserial number: %u",
+ dbus_message_get_serial (m));
+ g_test_message ("\tin reply to: %u",
+ dbus_message_get_reply_serial (m));
if (strcmp ("s", dbus_message_get_signature (m)) == 0)
{
@@ -339,6 +343,9 @@ monitor_filter (DBusConnection *connection,
{
Fixture *f = user_data;
+ g_test_message ("Monitor received message:");
+ log_message (message);
+
g_assert_cmpstr (dbus_message_get_interface (message), !=,
"com.example.Tedious");
--
2.41.0
From 37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c Mon Sep 17 00:00:00 2001
From: hongjinghao <q1204531485@163.com>
Date: Mon, 5 Jun 2023 18:17:06 +0100
Subject: [PATCH 2/3] bus: Assign a serial number for messages from the driver
Normally, it's enough to rely on a message being given a serial number
by the DBusConnection just before it is actually sent. However, in the
rare case where the policy blocks the driver from sending a message
(due to a deny rule or the outgoing message quota being full), we need
to get a valid serial number sooner, so that we can copy it into the
DBUS_HEADER_FIELD_REPLY_SERIAL field (which is mandatory) in the error
message sent to monitors. Otherwise, the dbus-daemon will crash with
an assertion failure if at least one Monitoring client is attached,
because zero is not a valid serial number to copy.
This fixes a denial-of-service vulnerability: if a privileged user is
monitoring the well-known system bus using a Monitoring client like
dbus-monitor or `busctl monitor`, then an unprivileged user can cause
denial-of-service by triggering this crash. A mitigation for this
vulnerability is to avoid attaching Monitoring clients to the system
bus when they are not needed. If there are no Monitoring clients, then
the vulnerable code is not reached.
Co-authored-by: Simon McVittie <smcv@collabora.com>
Resolves: dbus/dbus#457
(cherry picked from commit b159849e031000d1dbc1ab876b5fc78a3ce9b534)
---
bus/connection.c | 15 +++++++++++++++
dbus/dbus-connection-internal.h | 2 ++
dbus/dbus-connection.c | 11 ++++++++++-
3 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/bus/connection.c b/bus/connection.c
index b3583433..215f0230 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -2350,6 +2350,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS))
return FALSE;
+ /* Make sure the message has a non-zero serial number, otherwise
+ * bus_transaction_capture_error_reply() will not be able to mock up
+ * a corresponding reply for it. Normally this would be delayed until
+ * the first time we actually send the message out from a
+ * connection, when the transaction is committed, but that's too late
+ * in this case.
+ */
+ if (dbus_message_get_serial (message) == 0)
+ {
+ dbus_uint32_t next_serial;
+
+ next_serial = _dbus_connection_get_next_client_serial (connection);
+ dbus_message_set_serial (message, next_serial);
+ }
+
if (bus_connection_is_active (connection))
{
if (!dbus_message_set_destination (message,
diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h
index 48357321..ba79b192 100644
--- a/dbus/dbus-connection-internal.h
+++ b/dbus/dbus-connection-internal.h
@@ -54,6 +54,8 @@ DBUS_PRIVATE_EXPORT
DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection);
DBUS_PRIVATE_EXPORT
void _dbus_connection_unref_unlocked (DBusConnection *connection);
+DBUS_PRIVATE_EXPORT
+dbus_uint32_t _dbus_connection_get_next_client_serial (DBusConnection *connection);
void _dbus_connection_queue_received_message_link (DBusConnection *connection,
DBusList *link);
dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection);
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
index c525b6dc..09cef278 100644
--- a/dbus/dbus-connection.c
+++ b/dbus/dbus-connection.c
@@ -1456,7 +1456,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection)
_dbus_connection_last_unref (connection);
}
-static dbus_uint32_t
+/**
+ * Allocate and return the next non-zero serial number for outgoing messages.
+ *
+ * This method is only valid to call from single-threaded code, such as
+ * the dbus-daemon, or with the connection lock held.
+ *
+ * @param connection the connection
+ * @returns A suitable serial number for the next message to be sent on the connection.
+ */
+dbus_uint32_t
_dbus_connection_get_next_client_serial (DBusConnection *connection)
{
dbus_uint32_t serial;
--
2.41.0
From 2c699f6ba9c162878c69d0728298c1ab7308db72 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 5 Jun 2023 18:51:22 +0100
Subject: [PATCH 3/3] monitor test: Reproduce dbus/dbus#457
The exact failure mode reported in dbus/dbus#457 is quite difficult
to achieve in a reliable way in a unit test, because we'd have to send
enough messages to a client to fill up its queue, then stop that client
from draining its queue, while still triggering a message that gets a
reply from the bus driver. However, we can trigger the same crash in a
slightly different way by not allowing the client to receive a
particular message. I chose NameAcquired.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 986611ad0f7f67a3693e5672cd66bc608c00b228)
---
.../valid-config-files/forbidding.conf.in | 3 +
test/monitor.c | 77 ++++++++++++++++---
2 files changed, 71 insertions(+), 9 deletions(-)
diff --git a/test/data/valid-config-files/forbidding.conf.in b/test/data/valid-config-files/forbidding.conf.in
index d145613c..58b3cc6a 100644
--- a/test/data/valid-config-files/forbidding.conf.in
+++ b/test/data/valid-config-files/forbidding.conf.in
@@ -24,5 +24,8 @@
<allow send_interface="com.example.CannotUnicast2" send_broadcast="true"/>
<deny receive_interface="com.example.CannotReceive"/>
+
+ <!-- Used to reproduce dbus#457 -->
+ <deny receive_interface="org.freedesktop.DBus" receive_member="NameAcquired"/>
</policy>
</busconfig>
diff --git a/test/monitor.c b/test/monitor.c
index 182110f8..42e0734d 100644
--- a/test/monitor.c
+++ b/test/monitor.c
@@ -155,6 +155,21 @@ static Config side_effects_config = {
TRUE
};
+static dbus_bool_t
+config_forbids_name_acquired_signal (const Config *config)
+{
+ if (config == NULL)
+ return FALSE;
+
+ if (config->config_file == NULL)
+ return FALSE;
+
+ if (strcmp (config->config_file, forbidding_config.config_file) == 0)
+ return TRUE;
+
+ return FALSE;
+}
+
static inline const char *
not_null2 (const char *x,
const char *fallback)
@@ -253,9 +268,6 @@ do { \
#define assert_name_acquired(m) \
do { \
- DBusError _e = DBUS_ERROR_INIT; \
- const char *_s; \
- \
g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \
==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_SIGNAL)); \
g_assert_cmpstr (dbus_message_get_sender (m), ==, DBUS_SERVICE_DBUS); \
@@ -265,7 +277,14 @@ do { \
g_assert_cmpstr (dbus_message_get_signature (m), ==, "s"); \
g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \
g_assert_cmpint (dbus_message_get_reply_serial (m), ==, 0); \
+} while (0)
+
+#define assert_unique_name_acquired(m) \
+do { \
+ DBusError _e = DBUS_ERROR_INIT; \
+ const char *_s; \
\
+ assert_name_acquired (m); \
dbus_message_get_args (m, &_e, \
DBUS_TYPE_STRING, &_s, \
DBUS_TYPE_INVALID); \
@@ -333,6 +352,21 @@ do { \
g_assert_cmpint (dbus_message_get_reply_serial (m), !=, 0); \
} while (0)
+/* forbidding.conf does not allow receiving NameAcquired, so if we are in
+ * that configuration, then dbus-daemon synthesizes an error reply to itself
+ * and sends that to monitors */
+#define expect_name_acquired_error(queue, in_reply_to) \
+do { \
+ DBusMessage *message; \
+ \
+ message = g_queue_pop_head (queue); \
+ assert_error_reply (message, DBUS_SERVICE_DBUS, DBUS_SERVICE_DBUS, \
+ DBUS_ERROR_ACCESS_DENIED); \
+ g_assert_cmpint (dbus_message_get_reply_serial (message), ==, \
+ dbus_message_get_serial (in_reply_to)); \
+ dbus_message_unref (message); \
+} while (0)
+
/* This is called after processing pending replies to our own method
* calls, but before anything else.
*/
@@ -797,6 +831,11 @@ test_become_monitor (Fixture *f,
test_assert_no_error (&f->e);
g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER);
+ /* If the policy forbids receiving NameAcquired, then we'll never
+ * receive it, so behave as though we had */
+ if (config_forbids_name_acquired_signal (f->config))
+ got_unique = got_a = got_b = got_c = TRUE;
+
while (!got_unique || !got_a || !got_b || !got_c)
{
if (g_queue_is_empty (&f->monitored))
@@ -1448,6 +1487,7 @@ test_dbus_daemon (Fixture *f,
{
DBusMessage *m;
int res;
+ size_t n_expected;
if (f->address == NULL)
return;
@@ -1463,7 +1503,12 @@ test_dbus_daemon (Fixture *f,
test_assert_no_error (&f->e);
g_assert_cmpint (res, ==, DBUS_RELEASE_NAME_REPLY_RELEASED);
- while (g_queue_get_length (&f->monitored) < 8)
+ n_expected = 8;
+
+ if (config_forbids_name_acquired_signal (context))
+ n_expected += 1;
+
+ while (g_queue_get_length (&f->monitored) < n_expected)
test_main_context_iterate (f->ctx, TRUE);
m = g_queue_pop_head (&f->monitored);
@@ -1476,10 +1521,12 @@ test_dbus_daemon (Fixture *f,
"NameOwnerChanged", "sss", NULL);
dbus_message_unref (m);
- /* FIXME: should we get this? */
m = g_queue_pop_head (&f->monitored);
- assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS,
- "NameAcquired", "s", f->sender_name);
+ assert_name_acquired (m);
+
+ if (config_forbids_name_acquired_signal (f->config))
+ expect_name_acquired_error (&f->monitored, m);
+
dbus_message_unref (m);
m = g_queue_pop_head (&f->monitored);
@@ -1701,8 +1748,14 @@ static void
expect_new_connection (Fixture *f)
{
DBusMessage *m;
+ size_t n_expected;
- while (g_queue_get_length (&f->monitored) < 4)
+ n_expected = 4;
+
+ if (config_forbids_name_acquired_signal (f->config))
+ n_expected += 1;
+
+ while (g_queue_get_length (&f->monitored) < n_expected)
test_main_context_iterate (f->ctx, TRUE);
m = g_queue_pop_head (&f->monitored);
@@ -1719,7 +1772,11 @@ expect_new_connection (Fixture *f)
dbus_message_unref (m);
m = g_queue_pop_head (&f->monitored);
- assert_name_acquired (m);
+ assert_unique_name_acquired (m);
+
+ if (config_forbids_name_acquired_signal (f->config))
+ expect_name_acquired_error (&f->monitored, m);
+
dbus_message_unref (m);
}
@@ -2044,6 +2101,8 @@ main (int argc,
setup, test_method_call, teardown);
g_test_add ("/monitor/forbidden-method", Fixture, &forbidding_config,
setup, test_forbidden_method_call, teardown);
+ g_test_add ("/monitor/forbidden-reply", Fixture, &forbidding_config,
+ setup, test_dbus_daemon, teardown);
g_test_add ("/monitor/dbus-daemon", Fixture, NULL,
setup, test_dbus_daemon, teardown);
g_test_add ("/monitor/selective", Fixture, &selective_config,
--
2.41.0

201
SOURCES/dbus-1.12.8-fix-fd-limit-change.patch Normal file
View File

@ -0,0 +1,201 @@
From 94bacc6955e563a7e698e53151a75323279a9f45 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 11 Mar 2019 09:03:39 +0000
Subject: [PATCH] bus: Try to raise soft fd limit to match hard limit
Linux systems have traditionally set the soft limit to 1024 and the hard
limit to 4096. Recent versions of systemd keep the soft fd limit at
1024 to avoid breaking programs that still use select(), but raise the
hard limit to 512*1024, while in recent Debian versions a complicated
interaction between components gives a soft limit of 1024 and a hard
limit of 1024*1024. If we can, we might as well elevate our soft limit
to match the hard limit, minimizing the chance that we will run out of
file descriptor slots.
Unlike the previous code to raise the hard and soft limits to at least
65536, we do this even if we don't have privileges: privileges are
unnecessary to raise the soft limit up to the hard limit.
If we *do* have privileges, we also continue to raise the hard and soft
limits to at least 65536 if they weren't already that high, making
it harder to carry out a denial of service attack on the system bus on
systems that use the traditional limit (CVE-2014-7824).
As was previously the case on the system bus, we'll drop the limits back
to our initial limits before we execute a subprocess for traditional
(non-systemd) activation, if enabled.
systemd activation doesn't involve us starting subprocesses at all,
so in both cases activated services will still inherit the same limits
they did previously.
This change also fixes a bug when the hard limit is very large but
the soft limit is not, for example seen as a regression when upgrading
to systemd >= 240 (Debian #928877). In such environments, dbus-daemon
would previously have changed its fd limit to 64K soft/64K hard. Because
this hard limit is less than its original hard limit, it was unable to
restore its original hard limit as intended when carrying out traditional
activation, leaving activated subprocesses with unintended limits (while
logging a warning).
Reviewed-by: Lennart Poettering <lennart@poettering.net>
[smcv: Correct a comment based on Lennart's review, reword commit message]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 7eacbfece70f16bb54d0f3ac51f87ae398759ef5)
[smcv: Mention that this also fixes Debian #928877]
---
bus/bus.c | 8 ++---
dbus/dbus-sysdeps-util-unix.c | 64 +++++++++++++++++++++--------------
dbus/dbus-sysdeps-util-win.c | 3 +-
dbus/dbus-sysdeps.h | 3 +-
4 files changed, 44 insertions(+), 34 deletions(-)
diff --git a/bus/bus.c b/bus/bus.c
index 30ce4e10..2ad8e789 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -693,11 +693,11 @@ raise_file_descriptor_limit (BusContext *context)
/* We used to compute a suitable rlimit based on the configured number
* of connections, but that breaks down as soon as we allow fd-passing,
* because each connection is allowed to pass 64 fds to us, and if
- * they all did, we'd hit kernel limits. We now hard-code 64k as a
- * good limit, like systemd does: that's enough to avoid DoS from
- * anything short of multiple uids conspiring against us.
+ * they all did, we'd hit kernel limits. We now hard-code a good
+ * limit that is enough to avoid DoS from anything short of multiple
+ * uids conspiring against us, much like systemd does.
*/
- if (!_dbus_rlimit_raise_fd_limit_if_privileged (65536, &error))
+ if (!_dbus_rlimit_raise_fd_limit (&error))
{
bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
"%s: %s", error.name, error.message);
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
index 2be5b779..7c4c3604 100644
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@@ -406,23 +406,15 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
return self;
}
+/* Enough fds that we shouldn't run out, even if several uids work
+ * together to carry out a denial-of-service attack. This happens to be
+ * the same number that systemd < 234 would normally use. */
+#define ENOUGH_FDS 65536
+
dbus_bool_t
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
- DBusError *error)
+_dbus_rlimit_raise_fd_limit (DBusError *error)
{
- struct rlimit lim;
-
- /* No point to doing this practically speaking
- * if we're not uid 0. We expect the system
- * bus to use this before we change UID, and
- * the session bus takes the Linux default,
- * currently 1024 for cur and 4096 for max.
- */
- if (getuid () != 0)
- {
- /* not an error, we're probably the session bus */
- return TRUE;
- }
+ struct rlimit old, lim;
if (getrlimit (RLIMIT_NOFILE, &lim) < 0)
{
@@ -431,22 +423,43 @@ _dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
return FALSE;
}
- if (lim.rlim_cur == RLIM_INFINITY || lim.rlim_cur >= desired)
+ old = lim;
+
+ if (getuid () == 0)
{
- /* not an error, everything is fine */
- return TRUE;
+ /* We are privileged, so raise the soft limit to at least
+ * ENOUGH_FDS, and the hard limit to at least the desired soft
+ * limit. This assumes we can exercise CAP_SYS_RESOURCE on Linux,
+ * or other OSs' equivalents. */
+ if (lim.rlim_cur != RLIM_INFINITY &&
+ lim.rlim_cur < ENOUGH_FDS)
+ lim.rlim_cur = ENOUGH_FDS;
+
+ if (lim.rlim_max != RLIM_INFINITY &&
+ lim.rlim_max < lim.rlim_cur)
+ lim.rlim_max = lim.rlim_cur;
}
- /* Ignore "maximum limit", assume we have the "superuser"
- * privileges. On Linux this is CAP_SYS_RESOURCE.
- */
- lim.rlim_cur = lim.rlim_max = desired;
+ /* Raise the soft limit to match the hard limit, which we can do even
+ * if we are unprivileged. In particular, systemd >= 240 will normally
+ * set rlim_cur to 1024 and rlim_max to 512*1024, recent Debian
+ * versions end up setting rlim_cur to 1024 and rlim_max to 1024*1024,
+ * and older and non-systemd Linux systems would typically set rlim_cur
+ * to 1024 and rlim_max to 4096. */
+ if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
+ lim.rlim_cur = lim.rlim_max;
+
+ /* Early-return if there is nothing to do. */
+ if (lim.rlim_max == old.rlim_max &&
+ lim.rlim_cur == old.rlim_cur)
+ return TRUE;
if (setrlimit (RLIMIT_NOFILE, &lim) < 0)
{
dbus_set_error (error, _dbus_error_from_errno (errno),
- "Failed to set fd limit to %u: %s",
- desired, _dbus_strerror (errno));
+ "Failed to set fd limit to %lu: %s",
+ (unsigned long) lim.rlim_cur,
+ _dbus_strerror (errno));
return FALSE;
}
@@ -485,8 +498,7 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
}
dbus_bool_t
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
- DBusError *error)
+_dbus_rlimit_raise_fd_limit (DBusError *error)
{
fd_limit_not_supported (error);
return FALSE;
diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c
index 1ef4ae6c..1c1d9f7d 100644
--- a/dbus/dbus-sysdeps-util-win.c
+++ b/dbus/dbus-sysdeps-util-win.c
@@ -273,8 +273,7 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
}
dbus_bool_t
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
- DBusError *error)
+_dbus_rlimit_raise_fd_limit (DBusError *error)
{
fd_limit_not_supported (error);
return FALSE;
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
index ef786ecc..0b9d7696 100644
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@@ -698,8 +698,7 @@ dbus_bool_t _dbus_replace_install_prefix (DBusString *path);
typedef struct DBusRLimit DBusRLimit;
DBusRLimit *_dbus_rlimit_save_fd_limit (DBusError *error);
-dbus_bool_t _dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
- DBusError *error);
+dbus_bool_t _dbus_rlimit_raise_fd_limit (DBusError *error);
dbus_bool_t _dbus_rlimit_restore_fd_limit (DBusRLimit *saved,
DBusError *error);
void _dbus_rlimit_free (DBusRLimit *lim);
--
GitLab

116
SOURCES/dbus-1.20.8-CVE-2022-42010.patch Normal file
View File

@ -0,0 +1,116 @@
From 8f382ee405ec68850866298ba0574f12e261a6fa Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Tue, 13 Sep 2022 15:10:22 +0100
Subject: [PATCH] dbus-marshal-validate: Check brackets in signature nest
correctly
In debug builds with assertions enabled, a signature with incorrectly
nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result
in an assertion failure.
In production builds without assertions enabled, a signature with
incorrectly nested `()` and `{}` could potentially result in a crash
or incorrect message parsing, although we do not have a concrete example
of either of these failure modes.
Thanks: Evgeny Vereshchagin
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
Resolves: CVE-2022-42010
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 9d07424e9011e3bbe535e83043d335f3093d2916)
(cherry picked from commit 3e53a785dee8d1432156188a2c4260e4cbc78c4d)
---
dbus/dbus-marshal-validate.c | 38 +++++++++++++++++++++++++++++++++++-
1 file changed, 37 insertions(+), 1 deletion(-)
diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
index 4d492f3f3..ae68414dd 100644
--- a/dbus/dbus-marshal-validate.c
+++ b/dbus/dbus-marshal-validate.c
@@ -62,6 +62,8 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
int element_count;
DBusList *element_count_stack;
+ char opened_brackets[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2 + 1] = { '\0' };
+ char last_bracket;
result = DBUS_VALID;
element_count_stack = NULL;
@@ -93,6 +95,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
while (p != end)
{
+ _dbus_assert (struct_depth + dict_entry_depth >= 0);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth] == '\0');
+
switch (*p)
{
case DBUS_TYPE_BYTE:
@@ -136,6 +142,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
goto out;
}
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_STRUCT_BEGIN_CHAR;
break;
case DBUS_STRUCT_END_CHAR:
@@ -151,9 +161,20 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
goto out;
}
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
+
+ if (last_bracket != DBUS_STRUCT_BEGIN_CHAR)
+ {
+ result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED;
+ goto out;
+ }
+
_dbus_list_pop_last (&element_count_stack);
struct_depth -= 1;
+ opened_brackets[struct_depth + dict_entry_depth] = '\0';
break;
case DBUS_DICT_ENTRY_BEGIN_CHAR:
@@ -178,6 +199,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
goto out;
}
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0');
+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_DICT_ENTRY_BEGIN_CHAR;
break;
case DBUS_DICT_ENTRY_END_CHAR:
@@ -186,8 +211,19 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
goto out;
}
-
+
+ _dbus_assert (struct_depth + dict_entry_depth >= 1);
+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets));
+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1];
+
+ if (last_bracket != DBUS_DICT_ENTRY_BEGIN_CHAR)
+ {
+ result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED;
+ goto out;
+ }
+
dict_entry_depth -= 1;
+ opened_brackets[struct_depth + dict_entry_depth] = '\0';
element_count =
_DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack));
--
GitLab

57
SOURCES/dbus-1.20.8-CVE-2022-42011.patch Normal file
View File

@ -0,0 +1,57 @@
From 3b8a7aff228770f4f7b478db606b10cceacea875 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 12 Sep 2022 13:14:18 +0100
Subject: [PATCH] dbus-marshal-validate: Validate length of arrays of
fixed-length items
This fast-path previously did not check that the array was made up
of an integer number of items. This could lead to assertion failures
and out-of-bounds accesses during subsequent message processing (which
assumes that the message has already been validated), particularly after
the addition of _dbus_header_remove_unknown_fields(), which makes it
more likely that dbus-daemon will apply non-trivial edits to messages.
Thanks: Evgeny Vereshchagin
Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays"
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
Resolves: CVE-2022-42011
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 079bbf16186e87fb0157adf8951f19864bc2ed69)
(cherry picked from commit b9e6a7523085a2cfceaffca7ba1ab4251f12a984)
---
dbus/dbus-marshal-validate.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
index ae68414dd..7d0d6cf72 100644
--- a/dbus/dbus-marshal-validate.c
+++ b/dbus/dbus-marshal-validate.c
@@ -503,13 +503,24 @@ validate_body_helper (DBusTypeReader *reader,
*/
if (dbus_type_is_fixed (array_elem_type))
{
+ /* Note that fixed-size types all have sizes equal to
+ * their alignments, so this is really the item size. */
+ alignment = _dbus_type_get_alignment (array_elem_type);
+ _dbus_assert (alignment == 1 || alignment == 2 ||
+ alignment == 4 || alignment == 8);
+
+ /* Because the alignment is a power of 2, this is
+ * equivalent to: (claimed_len % alignment) != 0,
+ * but avoids slower integer division */
+ if ((claimed_len & (alignment - 1)) != 0)
+ return DBUS_INVALID_ARRAY_LENGTH_INCORRECT;
+
/* bools need to be handled differently, because they can
* have an invalid value
*/
if (array_elem_type == DBUS_TYPE_BOOLEAN)
{
dbus_uint32_t v;
- alignment = _dbus_type_get_alignment (array_elem_type);
while (p < array_end)
{
--
GitLab

73
SOURCES/dbus-1.20.8-CVE-2022-42012.patch Normal file
View File

@ -0,0 +1,73 @@
From 51a5bbf9074855b0f4a353ed309938b196c13525 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 30 Sep 2022 13:46:31 +0100
Subject: [PATCH] dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed
When a D-Bus message includes attached file descriptors, the body of the
message contains unsigned 32-bit indexes pointing into an out-of-band
array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to
these indexes as "handles" for the associated fds (not to be confused
with a Windows HANDLE, which is a kernel object).
The assertion message removed by this commit is arguably correct up to
a point: fd-passing is only reasonable on a local machine, and no known
operating system allows processes of differing endianness even on a
multi-endian ARM or PowerPC CPU, so it makes little sense for the sender
to specify a byte-order that differs from the byte-order of the recipient.
However, this doesn't account for the fact that a malicious sender
doesn't have to restrict itself to only doing things that make sense.
On a system with untrusted local users, a message sender could crash
the system dbus-daemon (a denial of service) by sending a message in
the opposite endianness that contains handles to file descriptors.
Before this commit, if assertions are enabled, attempting to byteswap
a fd index would cleanly crash the message recipient with an assertion
failure. If assertions are disabled, attempting to byteswap a fd index
would silently do nothing without advancing the pointer p, causing the
message's type and the pointer into its contents to go out of sync, which
can result in a subsequent crash (the crash demonstrated by fuzzing was
a use-after-free, but other failure modes might be possible).
In principle we could resolve this by rejecting wrong-endianness messages
from a local sender, but it's actually simpler and less code to treat
wrong-endianness messages as valid and byteswap them.
Thanks: Evgeny Vereshchagin
Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds"
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417
Resolves: CVE-2022-42012
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 236f16e444e88a984cf12b09225e0f8efa6c5b44)
(cherry picked from commit 3fb065b0752db1e298e4ada52cf4adc414f5e946)
---
dbus/dbus-marshal-byteswap.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/dbus/dbus-marshal-byteswap.c b/dbus/dbus-marshal-byteswap.c
index 27695aafb..7104e9c63 100644
--- a/dbus/dbus-marshal-byteswap.c
+++ b/dbus/dbus-marshal-byteswap.c
@@ -61,6 +61,7 @@ byteswap_body_helper (DBusTypeReader *reader,
case DBUS_TYPE_BOOLEAN:
case DBUS_TYPE_INT32:
case DBUS_TYPE_UINT32:
+ case DBUS_TYPE_UNIX_FD:
{
p = _DBUS_ALIGN_ADDRESS (p, 4);
*((dbus_uint32_t*)p) = DBUS_UINT32_SWAP_LE_BE (*((dbus_uint32_t*)p));
@@ -188,11 +189,6 @@ byteswap_body_helper (DBusTypeReader *reader,
}
break;
- case DBUS_TYPE_UNIX_FD:
- /* fds can only be passed on a local machine, so byte order must always match */
- _dbus_assert_not_reached("attempted to byteswap unix fds which makes no sense");
- break;
-
default:
_dbus_assert_not_reached ("invalid typecode in supposedly-validated signature");
break;
--
GitLab

30
SOURCES/dbus-kill-process-with-session Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# This script ensures the dbus-daemon is killed when the session closes.
# It's used by SSH sessions that have X forwarding (since the X display
# may outlive the session in those cases)
[ $# != 1 ] && exit 1
exec >& /dev/null
MONITOR_READY_FILE=$(mktemp dbus-session-monitor.XXXXXX --tmpdir)
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
trap 'rm -f "${MONITOR_READY_FILE}"; rm -f "${DBUS_SESSION_ADDRESS_FILE}"; kill -TERM $1; kill -HUP $(jobs -p)' EXIT
export GVFS_DISABLE_FUSE=1
coproc SESSION_MONITOR (gio monitor -f "/run/systemd/sessions/${XDG_SESSION_ID}" "${MONITOR_READY_FILE}")
# Poll until the gio monitor command is actively monitoring
until
touch "${MONITOR_READY_FILE}"
read -t 0.5 -u ${SESSION_MONITOR[0]}
do
continue
done
# Block until the session is closed
while grep -q ^State=active <(loginctl show-session $XDG_SESSION_ID)
do
read -u ${SESSION_MONITOR[0]}
done

0
dbus-systemd-sysusers.conf → SOURCES/dbus-systemd-sysusers.conf
View File

24
SOURCES/ssh-x-forwarding.csh Normal file
View File

@ -0,0 +1,24 @@
# DBus session bus over SSH with X11 forwarding
if ( $?SSH_CONNECTION == 0 ) exit
if ( $?XDG_SESSION_ID == 0) exit
if ( $?DISPLAY == 0 ) exit
if ( $SHLVL > 1 ) exit
set DBUS_SESSIONS = "${XDG_RUNTIME_DIR}/dbus-1/sessions"
set DBUS_SESSION_ADDRESS_FILE = "${DBUS_SESSIONS}/${XDG_SESSION_ID}"
if ( -e "${DBUS_SESSION_ADDRESS_FILE}" ) then
setenv DBUS_SESSION_BUS_ADDRESS "`cat ${DBUS_SESSION_ADDRESS_FILE}`"
exit
endif
setenv GDK_BACKEND x11
eval `dbus-launch --csh-syntax`
if ( $?DBUS_SESSION_BUS_PID == 0 ) exit
mkdir -p "${DBUS_SESSIONS}"
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session $DBUS_SESSION_BUS_PID

25
SOURCES/ssh-x-forwarding.sh Normal file
View File

@ -0,0 +1,25 @@
# DBus session bus over SSH with X11 forwarding
[ -z "$SSH_CONNECTION" ] && return
[ -z "$XDG_SESSION_ID" ] && return
[ -z "$DISPLAY" ] && return
[ "${DISPLAY:0:1}" = ":" ] && return
[ "$SHLVL" -ne 1 ] && return
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
if [ -e "${DBUS_SESSION_ADDRESS_FILE}" ]; then
export DBUS_SESSION_BUS_ADDRESS="$(cat ${DBUS_SESSION_ADDRESS_FILE})"
return
fi
export GDK_BACKEND=x11
eval `dbus-launch --sh-syntax`
[ -z "$DBUS_SESSION_BUS_PID" ] && return
mkdir -p "${DBUS_SESSIONS}"
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session "$DBUS_SESSION_BUS_PID"

388
dbus.spec → SPECS/dbus.spec
View File

@ -5,11 +5,9 @@
%global libselinux_version 2.0.86
# fedora-release-30-0.2 and generic-release-0.1 added required presets to enable systemd-unit symlinks
%global fedora_release_version 30-0.2
%global generic_release_version 30-0.1
%global dbus_user_uid 81
%global dbus_common_config_opts --enable-libaudit --enable-selinux=yes --with-system-socket=/run/dbus/system_bus_socket --with-dbus-user=dbus --libexecdir=/%{_libexecdir}/dbus-1 --runstatedir=/run --enable-user-session --docdir=%{_pkgdocdir} --enable-installed-tests
%global dbus_common_config_opts --enable-libaudit --enable-selinux=yes --with-system-socket=/run/dbus/system_bus_socket --with-dbus-user=dbus --libexecdir=/%{_libexecdir}/dbus-1 --enable-user-session --docdir=%{_pkgdocdir} --enable-installed-tests
# Allow extra dependencies required for some tests to be disabled.
%bcond_without tests
@ -20,31 +18,41 @@
Name: dbus
Epoch: 1
Version: 1.14.10
Release: 5%{?dist}
Version: 1.12.8
Release: 26%{?dist}
Summary: D-BUS message bus
Group: System Environment/Libraries
# The effective license of the majority of the package, including the shared
# library, is "GPL-2+ or AFL-2.1". Certain utilities are "GPL-2+" only.
License: (AFL-2.1 OR GPL-2.0-or-later) AND GPL-2.0-or-later
URL: https://www.freedesktop.org/wiki/Software/dbus/
Source0: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.xz
Source1: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.xz.asc
# gpg --keyserver keyring.debian.org --recv-keys 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
# gpg --export --export-options export-minimal > gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
Source2: gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
Source3: 00-start-message-bus.sh
Source4: dbus.socket
Source5: dbus-daemon.service
Source6: dbus.user.socket
Source7: dbus-daemon.user.service
Source8: dbus-systemd-sysusers.conf
License: (GPLv2+ or AFL) and GPLv2+
URL: http://www.freedesktop.org/Software/dbus/
#VCS: git:git://git.freedesktop.org/git/dbus/dbus
Source0: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz
Source1: 00-start-message-bus.sh
Source2: ssh-x-forwarding.csh
Source3: ssh-x-forwarding.sh
Source4: dbus-kill-process-with-session
Source5: dbus-systemd-sysusers.conf
Patch0: 0001-tools-Use-Python3-for-GetAllMatchRules.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1725570
Patch1: dbus-1.12.8-fix-CVE-2019-12749.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1851997
Patch2: dbus-1.12.8-fix-CVE-2020-12049.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1839753
Patch3: dbus-1.12.8-fix-fd-limit-change.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133645
Patch4: dbus-1.20.8-CVE-2022-42010.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133639
Patch5: dbus-1.20.8-CVE-2022-42011.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2133633
Patch6: dbus-1.20.8-CVE-2022-42012.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213400
Patch7: dbus-1.12.8-fix-CVE-2023-34969.patch
BuildRequires: autoconf-archive
BuildRequires: libtool
BuildRequires: audit-libs-devel >= 0.9
BuildRequires: gnupg2
BuildRequires: libX11-devel
BuildRequires: libcap-ng-devel
BuildRequires: pkgconfig(expat)
@ -64,6 +72,7 @@ BuildRequires: cmake
%endif
#For macroized scriptlets.
%{?systemd_requires}
BuildRequires: systemd
# Note: These is only required for --with-tests; when bootstrapping, you can
@ -76,10 +85,8 @@ BuildRequires: python3-gobject
%if %{with check}
BuildRequires: /usr/bin/Xvfb
%endif
BuildRequires: make
# Since F30 the default implementation is dbus-broker over dbus-daemon
Requires: dbus-broker >= 16-4
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
%description
D-BUS is a system for sending messages between applications. It is
@ -88,9 +95,9 @@ per-user-login-session messaging facility.
%package common
Summary: D-BUS message bus configuration
Group: System Environment/Libraries
BuildArch: noarch
Conflicts: fedora-release < %{fedora_release_version}
Conflicts: generic-release < %{generic_release_version}
Requires: /usr/bin/systemctl
%description common
The %{name}-common package provides the configuration and setup files for D-Bus
@ -98,13 +105,12 @@ implementations to provide a System and User Message Bus.
%package daemon
Summary: D-BUS message bus
Conflicts: fedora-release < %{fedora_release_version}
Conflicts: generic-release < %{generic_release_version}
Group: System Environment/Libraries
Requires(pre): /usr/sbin/useradd
Requires: libselinux%{?_isa} >= %{libselinux_version}
Requires: dbus-common = %{epoch}:%{version}-%{release}
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: dbus-tools = %{epoch}:%{version}-%{release}
%{?sysusers_requires_compat}
%description daemon
D-BUS is a system for sending messages between applications. It is
@ -113,6 +119,7 @@ per-user-login-session messaging facility.
%package tools
Summary: D-BUS Tools and Utilities
Group: Development/Libraries
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description tools
@ -121,22 +128,16 @@ the reference implementation.
%package libs
Summary: Libraries for accessing D-BUS
Group: Development/Libraries
%description libs
This package contains lowlevel libraries for accessing D-BUS.
%package doc
Summary: Developer documentation for D-BUS
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
BuildArch: noarch
%description doc
This package contains developer documentation for D-Bus along with
other supporting documentation such as the introspect dtd file.
%package devel
Summary: Development files for D-BUS
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release}
Group: Development/Libraries
# The server package can be a different architecture.
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
# For xml directory ownership.
Requires: xml-common
@ -146,6 +147,7 @@ developing software that uses D-BUS.
%package tests
Summary: Tests for the %{name}-daemon package
Group: Development/Libraries
Requires: %{name}-daemon%{?_isa} = %{epoch}:%{version}-%{release}
%description tests
@ -154,8 +156,11 @@ the functionality of the installed %{name}-daemon package.
%package x11
Summary: X11-requiring add-ons for D-BUS
Group: Development/Libraries
# The server package can be a different architecture.
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
# Used by SSH daemon helper script.
Requires: /usr/bin/gio
%description x11
D-BUS contains some tools that require Xlib to be installed, those are
@ -163,7 +168,6 @@ in this separate package so server systems need not install X.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1
@ -174,34 +178,38 @@ if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf --ve
# Call configure here (before the extra directories for the multiple builds
# have been created) to ensure that the hardening flag hack is applied to
# ltmain.sh
%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts
%configure %{dbus_common_config_opts} --disable-doxygen-docs %--enable-ducktype-docs --enable-xml-docs --disable-asserts
make distclean
mkdir build
pushd build
# See /usr/lib/rpm/macros
%global _configure ../configure
%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts
%make_build
%configure %{dbus_common_config_opts} --disable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts
make V=1 %{?_smp_mflags}
popd
%if %{with check}
mkdir build-check
pushd build-check
%configure %{dbus_common_config_opts} --enable-asserts --enable-verbose-mode --enable-tests
%make_build
make V=1 %{?_smp_mflags}
popd
%endif
%install
pushd build
%make_install
make install DESTDIR=%{buildroot} INSTALL="install -p"
popd
# Delete python2 code
rm -f %{buildroot}/%{_pkgdocdir}/examples/GetAllMatchRules.py
# Delete docs
rm -f %{buildroot}/%{_pkgdocdir}/examples/*.conf
rm -f %{buildroot}/%{_datadir}/gtk-doc
find %{buildroot} -name '*.a' -type f -delete
find %{buildroot} -name '*.la' -type f -delete
@ -209,21 +217,13 @@ find %{buildroot} -name '*.la' -type f -delete
rm -rf %{buildroot}%{_libdir}/cmake
%endif
# Delete upstream units
rm -f %{buildroot}%{_unitdir}/dbus.{socket,service}
rm -f %{buildroot}%{_unitdir}/sockets.target.wants/dbus.socket
rm -f %{buildroot}%{_unitdir}/multi-user.target.wants/dbus.service
rm -f %{buildroot}%{_userunitdir}/dbus.{socket,service}
rm -f %{buildroot}%{_userunitdir}/sockets.target.wants/dbus.socket
rm -f %{buildroot}%{_sysusersdir}/dbus.conf
# Install downstream units
install -Dp -m755 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
install -Dp -m644 %{SOURCE4} %{buildroot}%{_unitdir}/dbus.socket
install -Dp -m644 %{SOURCE5} %{buildroot}%{_unitdir}/dbus-daemon.service
install -Dp -m644 %{SOURCE6} %{buildroot}%{_userunitdir}/dbus.socket
install -Dp -m644 %{SOURCE7} %{buildroot}%{_userunitdir}/dbus-daemon.service
install -Dp -m644 %{SOURCE8} %{buildroot}%{_sysusersdir}/dbus.conf
install -Dp -m755 %{SOURCE1} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
install -Dp -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/ssh-x-forwarding.csh
install -p -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/profile.d/
install -Dp -m755 %{SOURCE4} %{buildroot}%{_libexecdir}/dbus-1/dbus-kill-process-with-session
install -Dp -m644 %{SOURCE5} %{buildroot}%{_sysusersdir}/dbus.conf
# Obsolete, but still widely used, for drop-in configuration snippets.
install --directory %{buildroot}%{_sysconfdir}/dbus-1/session.d
@ -231,6 +231,11 @@ install --directory %{buildroot}%{_sysconfdir}/dbus-1/system.d
install --directory %{buildroot}%{_datadir}/dbus-1/interfaces
# Make sure that when somebody asks for D-Bus under the name of the
# old SysV script, that he ends up with the standard dbus.service name
# now.
ln -s dbus.service %{buildroot}%{_unitdir}/messagebus.service
## %find_lang %{gettext_package}
install --directory %{buildroot}/var/lib/dbus
@ -239,10 +244,6 @@ install --directory %{buildroot}/run/dbus
install -pm 644 -t %{buildroot}%{_pkgdocdir} \
doc/introspect.dtd doc/introspect.xsl doc/system-activation.txt
# Make sure that the documentation shows up in Devhelp.
install --directory %{buildroot}%{_datadir}/gtk-doc/html
ln -s %{_pkgdocdir} %{buildroot}%{_datadir}/gtk-doc/html/dbus
# Shell wrapper for installed tests, modified from Debian package.
cat > dbus-run-installed-tests <<EOF
#!/bin/sh
@ -303,43 +304,26 @@ popd
%pre daemon
# Add the "dbus" user and group
%sysusers_create_compat %{SOURCE8}
%post common
%systemd_post dbus.socket
%systemd_user_post dbus.socket
/usr/sbin/groupadd -r -g %{dbus_user_uid} dbus 2>/dev/null || :
/usr/sbin/useradd -c 'System message bus' -u %{dbus_user_uid} -g %{dbus_user_uid} \
-s /sbin/nologin -r -d '/' dbus 2> /dev/null || :
%post daemon
%systemd_post dbus-daemon.service
%systemd_user_post dbus-daemon.service
%systemd_post dbus.service dbus.socket
%systemd_user_post dbus.service dbus.socket
%preun common
%systemd_preun dbus.socket
%systemd_user_preun dbus.socket
%post libs -p /sbin/ldconfig
%preun daemon
%systemd_preun dbus-daemon.service
%systemd_user_preun dbus-daemon.service
%postun common
%systemd_postun dbus.socket
%systemd_user_postun dbus.socket
%systemd_preun dbus.service dbus.socket
%systemd_user_preun dbus.service dbus.socket
%postun daemon
%systemd_postun dbus-daemon.service
%systemd_user_postun dbus-daemon.service
%systemd_postun dbus.service dbus.socket
%systemd_user_postun dbus.service dbus.socket
%triggerpostun common -- dbus-common < 1:1.12.10-4
if [ -x /usr/bin/systemctl ]; then
systemctl --no-reload preset dbus.socket &>/dev/null || :
systemctl --no-reload --global preset dbus.socket &>/dev/null || :
fi
%postun libs -p /sbin/ldconfig
%triggerpostun daemon -- dbus-daemon < 1:1.12.10-7
if [ -x /usr/bin/systemctl ]; then
systemctl --no-reload preset dbus-daemon.service &>/dev/null || :
systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
fi
%files
# The 'dbus' package is only retained for compatibility purposes. It will
@ -356,24 +340,19 @@ fi
%config %{_sysconfdir}/dbus-1/session.conf
%config %{_sysconfdir}/dbus-1/system.conf
%dir %{_datadir}/dbus-1
%dir %{_datadir}/dbus-1/session.d
%dir %{_datadir}/dbus-1/system.d
%{_datadir}/dbus-1/session.conf
%{_datadir}/dbus-1/system.conf
%{_datadir}/dbus-1/services
%{_datadir}/dbus-1/system-services
%{_datadir}/dbus-1/interfaces
%{_sysusersdir}/dbus.conf
%{_unitdir}/dbus.socket
%{_userunitdir}/dbus.socket
%files daemon
# Strictly speaking, we could remove the COPYING from this subpackage and
# just have it be in libs, because dbus Requires dbus-libs.
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc AUTHORS CONTRIBUTING.md NEWS README
%exclude %{_pkgdocdir}/api
%doc AUTHORS ChangeLog HACKING NEWS README
%exclude %{_pkgdocdir}/diagram.*
%exclude %{_pkgdocdir}/introspect.*
%exclude %{_pkgdocdir}/system-activation.txt
@ -394,8 +373,14 @@ fi
%attr(4750,root,dbus) %{_libexecdir}/dbus-1/dbus-daemon-launch-helper
%exclude %{_libexecdir}/dbus-1/dbus-run-installed-tests
%{_tmpfilesdir}/dbus.conf
%{_unitdir}/dbus-daemon.service
%{_userunitdir}/dbus-daemon.service
%{_unitdir}/dbus.service
%{_unitdir}/dbus.socket
%{_unitdir}/messagebus.service
%{_unitdir}/multi-user.target.wants/dbus.service
%{_unitdir}/sockets.target.wants/dbus.socket
%{_userunitdir}/dbus.service
%{_userunitdir}/dbus.socket
%{_userunitdir}/sockets.target.wants/dbus.socket
%files tools
%{!?_licensedir:%global license %%doc}
@ -421,13 +406,11 @@ fi
%files x11
%{_bindir}/dbus-launch
%{_libexecdir}/dbus-1/dbus-kill-process-with-session
%{_mandir}/man1/dbus-launch.1*
%{_sysconfdir}/profile.d/ssh-x-forwarding.*
%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
%files doc
%{_pkgdocdir}/*
%{_datadir}/gtk-doc
%files devel
%{_datadir}/xml/dbus-1
%{_libdir}/lib*.so
@ -439,173 +422,84 @@ fi
%{_libdir}/pkgconfig/dbus-1.pc
%{_includedir}/*
%changelog
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:1.14.10-5
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Jun 19 2023 David King <amigadave@amigadave.com> - 1.12.8-26
- Fix CVE-2023-34969 (#2213400)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:1.14.10-4
- Bump release for June 2024 mass rebuild
* Mon Apr 24 2023 Ray Strode <rstrode@redhat.com> - 1.12.8-25
- Ensure only one dbus-daemon is spawned for all shells sharing
a single connection.
Resolves: #2189201
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Oct 19 2022 David King <dking@redhat.com> - 1:1.12.8-24
- Fix CVE-2022-42010 (#2133645)
- Fix CVE-2022-42011 (#2133639)
- Fix CVE-2022-42011 (#2133633)
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Sep 06 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-23
- Address race for very short running sessions in SSH
session monitoring script.
Related: #2089362
* Fri Sep 01 2023 David King <amigadave@amigadave.com> - 1:1.14.10-1
- Update to 1.14.10
* Tue Aug 09 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-22
- Use hangup signal instead of termination signal to
kill sesssion monitoring script to appeach tcsh.
Related: #2089362
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Aug 08 2022 David King <dking@redhat.com> - 1:1.12.8-20
- Override sysusers configuration (#2090397)
* Tue Jun 06 2023 David King <amigadave@amigadave.com> - 1:1.14.8-1
- Update to 1.14.8
* Thu Jun 16 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-19
- Ensure SSH session monitoring script is cleaned up when the
session exits.
Resolves: #2089362
* Wed Feb 08 2023 David King <amigadave@amigadave.com> - 1:1.14.6-1
- Update to 1.14.6
* Mon Dec 06 2021 Ray Strode <rstrode@redhat.com> - 1.12.8-18
- Ensure session bus started for SSH sessions gets used by those
sessions.
Related: #1940067
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Nov 08 2021 David King <dking@redhat.com> - 1:1.12.8-17
- Improve SSH session bus starting (#1940067)
* Thu Oct 06 2022 David King <amigadave@amigadave.com> - 1:1.14.4-1
- Update to 1.14.4
* Thu Jun 10 2021 David King <dking@redhat.com> - 1:1.12.8-16
- Add Conflicts on older redhat-release versions (#1941642)
* Tue Sep 27 2022 David King <amigadave@amigadave.com> - 1:1.14.2-1
- Update to 1.14.2
* Wed May 26 2021 David King <dking@redhat.com> - 1:1.12.8-15
- Packaging updates from Fedora (#1941642)
* Mon Aug 22 2022 Debarshi Ray <rishi@fedoraproject.org> - 1:1.14.0-5
- Restore Requires(pre) through %%sysusers_requires_compat
* Tue Apr 27 2021 David King <dking@redhat.com> - 1:1.12.8-14
- Fix dbus-launch call in sh snippet (#1940348)
* Wed Aug 03 2022 Luca BRUNO <lucab@lucabruno.net> - 1:1.14.0-4
- Align sysusers.d configuration to Fedora user/group allocation (rhbz#2105177)
* Tue Mar 23 2021 David King <dking@redhat.com> - 1:1.12.8-13
- Fix raising hard fd limit (#1839753)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.14.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Nov 23 2020 David King <dking@redhat.com> - 1:1.12.8-12
- Install X11 SSH forwarding snippets (#1874282)
* Tue Jul 12 2022 David King <amigadave@amigadave.com> - 1:1.14.0-2
- Use sysusers.d snippet for user configuration (#2105177)
* Tue Jun 30 2020 David King <dking@redhat.com> - 1:1.12.8-11
- Fix CVE-2020-12049 (#1851997)
* Thu Mar 10 2022 David King <amigadave@amigadave.com> - 1:1.14.0-1
- Update to 1.14.0
* Mon Apr 06 2020 David King <dking@redhat.com> - 1:1.12.8-10
- Improve permissions on ghosted /run/dbus (#1797833)
* Thu Feb 24 2022 David King <amigadave@amigadave.com> - 1:1.13.22-1
- Update to 1.13.22
* Thu Aug 01 2019 David King <dking@redhat.com> - 1:1.12.8-9
- Ensure that patches are applied (#1725570)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.13.20-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Jul 09 2019 David King <dking@redhat.com> - 1:1.12.8-8
- Fix CVE-2019-12749 (#1725570)
* Tue Jan 04 2022 David King <amigadave@amigadave.com> - 1:1.13.20-2
- Explicitly specify runstatedir (#2036943)
* Wed Oct 24 2018 Martin Pitt <mpitt@redhat.com> - 1:1.12.8-7
- Fix useradd dependency of dbus-daemon rhbz#1634496
* Fri Dec 17 2021 David King <amigadave@amigadave.com> - 1:1.13.20-1
- Update to 1.13.20
* Thu Oct 18 2018 Martin Pitt <mpitt@redhat.com>
- Drop unpublished -doc package to fix FTBFS rhbz#1640736
- Add dist-git smoketest rhbz#1625683
- Move dbus system user creation to correct package rhbz#1634496
* Fri Oct 01 2021 Kalev Lember <klember@redhat.com> - 1:1.12.20-5
- Avoid systemd_requires as per updated packaging guidelines
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.20-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.20-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jul 02 2020 David King <amigadave@amigadave.com> - 1:1.12.20-1
- Update to 1.12.20
* Tue Jun 02 2020 David King <amigadave@amigadave.com> - 1:1.12.18-1
- Update to 1.12.18
* Wed Feb 19 2020 David King <amigadave@amigadave.com> - 1:1.12.16-5
- Verify GPG signature of sources
- Improve permissions on ghosted /run/dbus
* Fri Jan 31 2020 David King <amigadave@amigadave.com> - 1:1.12.16-4
- Update python2- to python3-gobject
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.16-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Aug 01 2019 David King <amigadave@amigadave.com> - 1:1.12.16-3
- Ensure that patches are applied
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jun 11 2019 David King <amigadave@amigadave.com> - 1:1.12.16-1
- Update to 1.12.16
* Fri May 17 2019 David King <amigadave@amigadave.com> - 1:1.12.14-1
- Update to 1.12.14
* Tue Apr 09 2019 David King <amigadave@amigadave.com> - 1:1.12.12-7
- Improve user and group creation (#1698001)
* Thu Apr 04 2019 David King <amigadave@amigadave.com> - 1:1.12.12-6
- Own system.d and session.d directories (#1696385)
* Sun Mar 03 2019 Leigh Scott <leigh123linux@googlemail.com> - 1:1.12.12-5
- Fix f30 FTBFS
* Mon Feb 04 2019 Kalev Lember <klember@redhat.com> - 1:1.12.12-4
- Update requires for pygobject3 -> python2-gobject rename
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Dec 14 2018 David King <amigadave@amigadave.com> - 1:1.12.12-2
- Change -devel subpackage to depend on -libs
* Tue Dec 04 2018 David King <amigadave@amigadave.com> - 1:1.12.12-1
- Update to 1.12.12
* Thu Nov 22 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-9
- Switch to dbus-broker as the default implementation
* Wed Nov 07 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:1.12.10-8
- Fix requirement on system-release
* Tue Nov 06 2018 Tom Gundersen <teg@jklm.no> - 1:1.12.10-7
- Fix the messagebus.service alias
* Mon Nov 05 2018 David King <amigadave@amigadave.com> - 1:1.12.10-6
- Add further Requires to subpackages
* Tue Oct 23 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-5
- Move useradd dependency to daemon subpackage
* Fri Oct 19 2018 David King <amigadave@amigadave.com> - 1:1.12.10-4
- Move user and group creation to daemon subpackage
- Move systemd to Requires of common subpackage (#1638910)
- Remove unnecessary ldconfig calls
* Fri Aug 31 2018 Tom Gundersen <teg@jklm.no> - 1:1.12.10-3
- Make sure presets are applied when upgrading from packages before the presets
existed
* Thu Aug 30 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-2
- Change 'system-release' dependency to 'fedora-release', since otherwise hard
version dependencies are ignored.
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-2
- Move generic units into 'dbus-common', so other dbus implementations can use
them as well.
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-1
- Add [Install] sections to unit files, rather than creating the symlinks
manually during the installation. This will pick up the systemd-presets
global to Fedora from the 'fedora-release' package.
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-1
- Provide custom systemd unit files to replace the upstream units. Also rename
the service to 'dbus-daemon.service', but provide an alias to 'dbus.service'.
* Fri Aug 03 2018 David King <amigadave@amigadave.com> - 1:1.12.10-1
- Update to 1.12.10
* Sat Aug 11 2018 Troy Dawson <tdawson@redhat.com>
- BuildRequire python3-gobject instead of pygobject3
- Related: bug#1614611
* Tue Jul 31 2018 Colin Walters <walters@verbum.org> - 1:1.12.8-5
- More python3

15
dbus-daemon.service
View File

@ -1,15 +0,0 @@
[Unit]
Description=D-Bus System Message Bus
Documentation=man:dbus-daemon(1)
Requires=dbus.socket
[Service]
ExecStart=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
ExecReload=/usr/bin/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
OOMScoreAdjust=-900
[Install]
# Make sure that services can still refer to this under the name of the
# old SysV script (messagebus).
Alias=dbus.service messagebus.service
WantedBy=multi-user.target

11
dbus-daemon.user.service
View File

@ -1,11 +0,0 @@
[Unit]
Description=D-Bus User Message Bus
Documentation=man:dbus-daemon(1)
Requires=dbus.socket
[Service]
ExecStart=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
ExecReload=/usr/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
[Install]
Alias=dbus.service

8
dbus.socket
View File

@ -1,8 +0,0 @@
[Unit]
Description=D-Bus System Message Bus Socket
[Socket]
ListenStream=/run/dbus/system_bus_socket
[Install]
WantedBy=sockets.target

9
dbus.user.socket
View File

@ -1,9 +0,0 @@
[Unit]
Description=D-Bus User Message Bus Socket
[Socket]
ListenStream=%t/bus
ExecStartPost=-/usr/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=%t/bus
[Install]
WantedBy=sockets.target

6
gating.yaml
View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

BIN
gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
View File

Binary file not shown.

2
sources
View File

@ -1,2 +0,0 @@
SHA512 (dbus-1.14.10.tar.xz) = 775b708326059692937acb69d4ce1a89e69878501166655b5d1b1628ac31b50dd53d979d93c84e57f95e90b15e25aa33893e51a7421d3537e9c2f02b1b91bfae
SHA512 (dbus-1.14.10.tar.xz.asc) = 2a646884150f31e50b1bf2238fe21377929ceb536691fb9ef06aee25737c1a5be5ca18d8bdd8a02fdf3b00681fd26509a3e6e62a49541ef5685d09499ba9d30b