diff --git a/backport-CVE-2022-42010.patch b/backport-CVE-2022-42010.patch deleted file mode 100644 index 7e63096ef7386d18b58e75405121d3714763c552..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-42010.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 9d07424e9011e3bbe535e83043d335f3093d2916 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Tue, 13 Sep 2022 15:10:22 +0100 -Subject: [PATCH] dbus-marshal-validate: Check brackets in signature nest - correctly - -In debug builds with assertions enabled, a signature with incorrectly -nested `()` and `{}`, for example `a{i(u}` or `(a{ii)}`, could result -in an assertion failure. - -In production builds without assertions enabled, a signature with -incorrectly nested `()` and `{}` could potentially result in a crash -or incorrect message parsing, although we do not have a concrete example -of either of these failure modes. - -Thanks: Evgeny Vereshchagin -Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418 -Resolves: CVE-2022-42010 -Signed-off-by: Simon McVittie ---- - dbus/dbus-marshal-validate.c | 38 +++++++++++++++++++++++++++++++++++- - 1 file changed, 37 insertions(+), 1 deletion(-) - -diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c -index 4d492f3f..ae68414d 100644 ---- a/dbus/dbus-marshal-validate.c -+++ b/dbus/dbus-marshal-validate.c -@@ -62,6 +62,8 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - - int element_count; - DBusList *element_count_stack; -+ char opened_brackets[DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2 + 1] = { '\0' }; -+ char last_bracket; - - result = DBUS_VALID; - element_count_stack = NULL; -@@ -93,6 +95,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - - while (p != end) - { -+ _dbus_assert (struct_depth + dict_entry_depth >= 0); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth] == '\0'); -+ - switch (*p) - { - case DBUS_TYPE_BYTE: -@@ -136,6 +142,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - goto out; - } - -+ _dbus_assert (struct_depth + dict_entry_depth >= 1); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0'); -+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_STRUCT_BEGIN_CHAR; - break; - - case DBUS_STRUCT_END_CHAR: -@@ -151,9 +161,20 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - goto out; - } - -+ _dbus_assert (struct_depth + dict_entry_depth >= 1); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1]; -+ -+ if (last_bracket != DBUS_STRUCT_BEGIN_CHAR) -+ { -+ result = DBUS_INVALID_STRUCT_ENDED_BUT_NOT_STARTED; -+ goto out; -+ } -+ - _dbus_list_pop_last (&element_count_stack); - - struct_depth -= 1; -+ opened_brackets[struct_depth + dict_entry_depth] = '\0'; - break; - - case DBUS_DICT_ENTRY_BEGIN_CHAR: -@@ -178,6 +199,10 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - goto out; - } - -+ _dbus_assert (struct_depth + dict_entry_depth >= 1); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ _dbus_assert (opened_brackets[struct_depth + dict_entry_depth - 1] == '\0'); -+ opened_brackets[struct_depth + dict_entry_depth - 1] = DBUS_DICT_ENTRY_BEGIN_CHAR; - break; - - case DBUS_DICT_ENTRY_END_CHAR: -@@ -186,8 +211,19 @@ _dbus_validate_signature_with_reason (const DBusString *type_str, - result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED; - goto out; - } -- -+ -+ _dbus_assert (struct_depth + dict_entry_depth >= 1); -+ _dbus_assert (struct_depth + dict_entry_depth < _DBUS_N_ELEMENTS (opened_brackets)); -+ last_bracket = opened_brackets[struct_depth + dict_entry_depth - 1]; -+ -+ if (last_bracket != DBUS_DICT_ENTRY_BEGIN_CHAR) -+ { -+ result = DBUS_INVALID_DICT_ENTRY_ENDED_BUT_NOT_STARTED; -+ goto out; -+ } -+ - dict_entry_depth -= 1; -+ opened_brackets[struct_depth + dict_entry_depth] = '\0'; - - element_count = - _DBUS_POINTER_TO_INT (_dbus_list_pop_last (&element_count_stack)); --- -2.33.0 - diff --git a/backport-CVE-2022-42011.patch b/backport-CVE-2022-42011.patch deleted file mode 100644 index e4497a0a2fb42a2bed51d10254e6a8d6bbded0aa..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-42011.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 079bbf16186e87fb0157adf8951f19864bc2ed69 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Mon, 12 Sep 2022 13:14:18 +0100 -Subject: [PATCH] dbus-marshal-validate: Validate length of arrays of - fixed-length items - -This fast-path previously did not check that the array was made up -of an integer number of items. This could lead to assertion failures -and out-of-bounds accesses during subsequent message processing (which -assumes that the message has already been validated), particularly after -the addition of _dbus_header_remove_unknown_fields(), which makes it -more likely that dbus-daemon will apply non-trivial edits to messages. - -Thanks: Evgeny Vereshchagin -Fixes: e61f13cf "Bug 18064 - more efficient validation for fixed-size type arrays" -Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413 -Resolves: CVE-2022-42011 -Signed-off-by: Simon McVittie ---- - dbus/dbus-marshal-validate.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c -index ae68414d..7d0d6cf7 100644 ---- a/dbus/dbus-marshal-validate.c -+++ b/dbus/dbus-marshal-validate.c -@@ -503,13 +503,24 @@ validate_body_helper (DBusTypeReader *reader, - */ - if (dbus_type_is_fixed (array_elem_type)) - { -+ /* Note that fixed-size types all have sizes equal to -+ * their alignments, so this is really the item size. */ -+ alignment = _dbus_type_get_alignment (array_elem_type); -+ _dbus_assert (alignment == 1 || alignment == 2 || -+ alignment == 4 || alignment == 8); -+ -+ /* Because the alignment is a power of 2, this is -+ * equivalent to: (claimed_len % alignment) != 0, -+ * but avoids slower integer division */ -+ if ((claimed_len & (alignment - 1)) != 0) -+ return DBUS_INVALID_ARRAY_LENGTH_INCORRECT; -+ - /* bools need to be handled differently, because they can - * have an invalid value - */ - if (array_elem_type == DBUS_TYPE_BOOLEAN) - { - dbus_uint32_t v; -- alignment = _dbus_type_get_alignment (array_elem_type); - - while (p < array_end) - { --- -2.33.0 - diff --git a/backport-CVE-2022-42012.patch b/backport-CVE-2022-42012.patch deleted file mode 100644 index 511e54d0c2e85dfa752424f9c317f0ed4cf5ecf7..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-42012.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 236f16e444e88a984cf12b09225e0f8efa6c5b44 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Fri, 30 Sep 2022 13:46:31 +0100 -Subject: [PATCH] dbus-marshal-byteswap: Byte-swap Unix fd indexes if needed - -When a D-Bus message includes attached file descriptors, the body of the -message contains unsigned 32-bit indexes pointing into an out-of-band -array of file descriptors. Some D-Bus APIs like GLib's GDBus refer to -these indexes as "handles" for the associated fds (not to be confused -with a Windows HANDLE, which is a kernel object). - -The assertion message removed by this commit is arguably correct up to -a point: fd-passing is only reasonable on a local machine, and no known -operating system allows processes of differing endianness even on a -multi-endian ARM or PowerPC CPU, so it makes little sense for the sender -to specify a byte-order that differs from the byte-order of the recipient. - -However, this doesn't account for the fact that a malicious sender -doesn't have to restrict itself to only doing things that make sense. -On a system with untrusted local users, a message sender could crash -the system dbus-daemon (a denial of service) by sending a message in -the opposite endianness that contains handles to file descriptors. - -Before this commit, if assertions are enabled, attempting to byteswap -a fd index would cleanly crash the message recipient with an assertion -failure. If assertions are disabled, attempting to byteswap a fd index -would silently do nothing without advancing the pointer p, causing the -message's type and the pointer into its contents to go out of sync, which -can result in a subsequent crash (the crash demonstrated by fuzzing was -a use-after-free, but other failure modes might be possible). - -In principle we could resolve this by rejecting wrong-endianness messages -from a local sender, but it's actually simpler and less code to treat -wrong-endianness messages as valid and byteswap them. - -Thanks: Evgeny Vereshchagin -Fixes: ba7daa60 "unix-fd: add basic marshalling code for unix fds" -Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/417 -Resolves: CVE-2022-42012 -Signed-off-by: Simon McVittie ---- - dbus/dbus-marshal-byteswap.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/dbus/dbus-marshal-byteswap.c b/dbus/dbus-marshal-byteswap.c -index e9de6f02..9dd1246f 100644 ---- a/dbus/dbus-marshal-byteswap.c -+++ b/dbus/dbus-marshal-byteswap.c -@@ -62,6 +62,7 @@ byteswap_body_helper (DBusTypeReader *reader, - case DBUS_TYPE_BOOLEAN: - case DBUS_TYPE_INT32: - case DBUS_TYPE_UINT32: -+ case DBUS_TYPE_UNIX_FD: - { - p = _DBUS_ALIGN_ADDRESS (p, 4); - *((dbus_uint32_t*)p) = DBUS_UINT32_SWAP_LE_BE (*((dbus_uint32_t*)p)); -@@ -192,11 +193,6 @@ byteswap_body_helper (DBusTypeReader *reader, - } - break; - -- case DBUS_TYPE_UNIX_FD: -- /* fds can only be passed on a local machine, so byte order must always match */ -- _dbus_assert_not_reached("attempted to byteswap unix fds which makes no sense"); -- break; -- - default: - _dbus_assert_not_reached ("invalid typecode in supposedly-validated signature"); - break; --- -2.33.0 - diff --git a/backport-CVE-2023-34969.patch b/backport-CVE-2023-34969.patch deleted file mode 100644 index 55958071778c8acf387a59b67c0fd57bb7d5841f..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-34969.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c Mon Sep 17 00:00:00 2001 -From: hongjinghao -Date: Mon, 5 Jun 2023 18:17:06 +0100 -Subject: [PATCH] bus: Assign a serial number for messages from the driver - -Normally, it's enough to rely on a message being given a serial number -by the DBusConnection just before it is actually sent. However, in the -rare case where the policy blocks the driver from sending a message -(due to a deny rule or the outgoing message quota being full), we need -to get a valid serial number sooner, so that we can copy it into the -DBUS_HEADER_FIELD_REPLY_SERIAL field (which is mandatory) in the error -message sent to monitors. Otherwise, the dbus-daemon will crash with -an assertion failure if at least one Monitoring client is attached, -because zero is not a valid serial number to copy. - -This fixes a denial-of-service vulnerability: if a privileged user is -monitoring the well-known system bus using a Monitoring client like -dbus-monitor or `busctl monitor`, then an unprivileged user can cause -denial-of-service by triggering this crash. A mitigation for this -vulnerability is to avoid attaching Monitoring clients to the system -bus when they are not needed. If there are no Monitoring clients, then -the vulnerable code is not reached. - -Co-authored-by: Simon McVittie -Resolves: dbus/dbus#457 -(cherry picked from commit b159849e031000d1dbc1ab876b5fc78a3ce9b534) ---- - bus/connection.c | 15 +++++++++++++++ - dbus/dbus-connection-internal.h | 2 ++ - dbus/dbus-connection.c | 11 ++++++++++- - 3 files changed, 27 insertions(+), 1 deletion(-) - -diff --git a/bus/connection.c b/bus/connection.c -index b3583433..215f0230 100644 ---- a/bus/connection.c -+++ b/bus/connection.c -@@ -2350,6 +2350,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS)) - return FALSE; - -+ /* Make sure the message has a non-zero serial number, otherwise -+ * bus_transaction_capture_error_reply() will not be able to mock up -+ * a corresponding reply for it. Normally this would be delayed until -+ * the first time we actually send the message out from a -+ * connection, when the transaction is committed, but that's too late -+ * in this case. -+ */ -+ if (dbus_message_get_serial (message) == 0) -+ { -+ dbus_uint32_t next_serial; -+ -+ next_serial = _dbus_connection_get_next_client_serial (connection); -+ dbus_message_set_serial (message, next_serial); -+ } -+ - if (bus_connection_is_active (connection)) - { - if (!dbus_message_set_destination (message, -diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h -index 48357321..ba79b192 100644 ---- a/dbus/dbus-connection-internal.h -+++ b/dbus/dbus-connection-internal.h -@@ -54,6 +54,8 @@ DBUS_PRIVATE_EXPORT - DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection); - DBUS_PRIVATE_EXPORT - void _dbus_connection_unref_unlocked (DBusConnection *connection); -+DBUS_PRIVATE_EXPORT -+dbus_uint32_t _dbus_connection_get_next_client_serial (DBusConnection *connection); - void _dbus_connection_queue_received_message_link (DBusConnection *connection, - DBusList *link); - dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection); -diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c -index c525b6dc..09cef278 100644 ---- a/dbus/dbus-connection.c -+++ b/dbus/dbus-connection.c -@@ -1456,7 +1456,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection) - _dbus_connection_last_unref (connection); - } - --static dbus_uint32_t -+/** -+ * Allocate and return the next non-zero serial number for outgoing messages. -+ * -+ * This method is only valid to call from single-threaded code, such as -+ * the dbus-daemon, or with the connection lock held. -+ * -+ * @param connection the connection -+ * @returns A suitable serial number for the next message to be sent on the connection. -+ */ -+dbus_uint32_t - _dbus_connection_get_next_client_serial (DBusConnection *connection) - { - dbus_uint32_t serial; --- -2.27.0 - diff --git a/backport-monitor-test-Log-the-messages-that-we-monitored.patch b/backport-monitor-test-Log-the-messages-that-we-monitored.patch deleted file mode 100644 index c109c89e4bbe8b43e94c66d251f75667abefc61c..0000000000000000000000000000000000000000 --- a/backport-monitor-test-Log-the-messages-that-we-monitored.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 3a1b1e9a4010e581e2e940e61d37c4f617eb5eff Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Mon, 5 Jun 2023 17:56:33 +0100 -Subject: [PATCH] monitor test: Log the messages that we monitored - -This is helpful while debugging test failures. - -Helps: dbus/dbus#457 -Signed-off-by: Simon McVittie -(cherry picked from commit 8ee5d3e04420975107c27073b50f8758871a998b) ---- - test/monitor.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/test/monitor.c b/test/monitor.c -index df5a7180..182110f8 100644 ---- a/test/monitor.c -+++ b/test/monitor.c -@@ -196,6 +196,10 @@ _log_message (DBusMessage *m, - not_null (dbus_message_get_signature (m))); - g_test_message ("\terror name: %s", - not_null (dbus_message_get_error_name (m))); -+ g_test_message ("\tserial number: %u", -+ dbus_message_get_serial (m)); -+ g_test_message ("\tin reply to: %u", -+ dbus_message_get_reply_serial (m)); - - if (strcmp ("s", dbus_message_get_signature (m)) == 0) - { -@@ -339,6 +343,9 @@ monitor_filter (DBusConnection *connection, - { - Fixture *f = user_data; - -+ g_test_message ("Monitor received message:"); -+ log_message (message); -+ - g_assert_cmpstr (dbus_message_get_interface (message), !=, - "com.example.Tedious"); - --- -2.27.0 - diff --git a/backport-monitor-test-Reproduce-dbus-dbus-457.patch b/backport-monitor-test-Reproduce-dbus-dbus-457.patch deleted file mode 100644 index 84ca608176bb6964bdd1db3a0ef125fb6f326ef7..0000000000000000000000000000000000000000 --- a/backport-monitor-test-Reproduce-dbus-dbus-457.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 2c699f6ba9c162878c69d0728298c1ab7308db72 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Mon, 5 Jun 2023 18:51:22 +0100 -Subject: [PATCH] monitor test: Reproduce dbus/dbus#457 - -The exact failure mode reported in dbus/dbus#457 is quite difficult -to achieve in a reliable way in a unit test, because we'd have to send -enough messages to a client to fill up its queue, then stop that client -from draining its queue, while still triggering a message that gets a -reply from the bus driver. However, we can trigger the same crash in a -slightly different way by not allowing the client to receive a -particular message. I chose NameAcquired. - -Signed-off-by: Simon McVittie -(cherry picked from commit 986611ad0f7f67a3693e5672cd66bc608c00b228) ---- - .../valid-config-files/forbidding.conf.in | 3 + - test/monitor.c | 77 ++++++++++++++++--- - 2 files changed, 71 insertions(+), 9 deletions(-) - -diff --git a/test/data/valid-config-files/forbidding.conf.in b/test/data/valid-config-files/forbidding.conf.in -index d145613c..58b3cc6a 100644 ---- a/test/data/valid-config-files/forbidding.conf.in -+++ b/test/data/valid-config-files/forbidding.conf.in -@@ -24,5 +24,8 @@ - - - -+ -+ -+ - - -diff --git a/test/monitor.c b/test/monitor.c -index 182110f8..42e0734d 100644 ---- a/test/monitor.c -+++ b/test/monitor.c -@@ -155,6 +155,21 @@ static Config side_effects_config = { - TRUE - }; - -+static dbus_bool_t -+config_forbids_name_acquired_signal (const Config *config) -+{ -+ if (config == NULL) -+ return FALSE; -+ -+ if (config->config_file == NULL) -+ return FALSE; -+ -+ if (strcmp (config->config_file, forbidding_config.config_file) == 0) -+ return TRUE; -+ -+ return FALSE; -+} -+ - static inline const char * - not_null2 (const char *x, - const char *fallback) -@@ -253,9 +268,6 @@ do { \ - - #define assert_name_acquired(m) \ - do { \ -- DBusError _e = DBUS_ERROR_INIT; \ -- const char *_s; \ -- \ - g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \ - ==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_SIGNAL)); \ - g_assert_cmpstr (dbus_message_get_sender (m), ==, DBUS_SERVICE_DBUS); \ -@@ -265,7 +277,14 @@ do { \ - g_assert_cmpstr (dbus_message_get_signature (m), ==, "s"); \ - g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \ - g_assert_cmpint (dbus_message_get_reply_serial (m), ==, 0); \ -+} while (0) -+ -+#define assert_unique_name_acquired(m) \ -+do { \ -+ DBusError _e = DBUS_ERROR_INIT; \ -+ const char *_s; \ - \ -+ assert_name_acquired (m); \ - dbus_message_get_args (m, &_e, \ - DBUS_TYPE_STRING, &_s, \ - DBUS_TYPE_INVALID); \ -@@ -333,6 +352,21 @@ do { \ - g_assert_cmpint (dbus_message_get_reply_serial (m), !=, 0); \ - } while (0) - -+/* forbidding.conf does not allow receiving NameAcquired, so if we are in -+ * that configuration, then dbus-daemon synthesizes an error reply to itself -+ * and sends that to monitors */ -+#define expect_name_acquired_error(queue, in_reply_to) \ -+do { \ -+ DBusMessage *message; \ -+ \ -+ message = g_queue_pop_head (queue); \ -+ assert_error_reply (message, DBUS_SERVICE_DBUS, DBUS_SERVICE_DBUS, \ -+ DBUS_ERROR_ACCESS_DENIED); \ -+ g_assert_cmpint (dbus_message_get_reply_serial (message), ==, \ -+ dbus_message_get_serial (in_reply_to)); \ -+ dbus_message_unref (message); \ -+} while (0) -+ - /* This is called after processing pending replies to our own method - * calls, but before anything else. - */ -@@ -797,6 +831,11 @@ test_become_monitor (Fixture *f, - test_assert_no_error (&f->e); - g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER); - -+ /* If the policy forbids receiving NameAcquired, then we'll never -+ * receive it, so behave as though we had */ -+ if (config_forbids_name_acquired_signal (f->config)) -+ got_unique = got_a = got_b = got_c = TRUE; -+ - while (!got_unique || !got_a || !got_b || !got_c) - { - if (g_queue_is_empty (&f->monitored)) -@@ -1448,6 +1487,7 @@ test_dbus_daemon (Fixture *f, - { - DBusMessage *m; - int res; -+ size_t n_expected; - - if (f->address == NULL) - return; -@@ -1463,7 +1503,12 @@ test_dbus_daemon (Fixture *f, - test_assert_no_error (&f->e); - g_assert_cmpint (res, ==, DBUS_RELEASE_NAME_REPLY_RELEASED); - -- while (g_queue_get_length (&f->monitored) < 8) -+ n_expected = 8; -+ -+ if (config_forbids_name_acquired_signal (context)) -+ n_expected += 1; -+ -+ while (g_queue_get_length (&f->monitored) < n_expected) - test_main_context_iterate (f->ctx, TRUE); - - m = g_queue_pop_head (&f->monitored); -@@ -1476,10 +1521,12 @@ test_dbus_daemon (Fixture *f, - "NameOwnerChanged", "sss", NULL); - dbus_message_unref (m); - -- /* FIXME: should we get this? */ - m = g_queue_pop_head (&f->monitored); -- assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS, -- "NameAcquired", "s", f->sender_name); -+ assert_name_acquired (m); -+ -+ if (config_forbids_name_acquired_signal (f->config)) -+ expect_name_acquired_error (&f->monitored, m); -+ - dbus_message_unref (m); - - m = g_queue_pop_head (&f->monitored); -@@ -1701,8 +1748,14 @@ static void - expect_new_connection (Fixture *f) - { - DBusMessage *m; -+ size_t n_expected; - -- while (g_queue_get_length (&f->monitored) < 4) -+ n_expected = 4; -+ -+ if (config_forbids_name_acquired_signal (f->config)) -+ n_expected += 1; -+ -+ while (g_queue_get_length (&f->monitored) < n_expected) - test_main_context_iterate (f->ctx, TRUE); - - m = g_queue_pop_head (&f->monitored); -@@ -1719,7 +1772,11 @@ expect_new_connection (Fixture *f) - dbus_message_unref (m); - - m = g_queue_pop_head (&f->monitored); -- assert_name_acquired (m); -+ assert_unique_name_acquired (m); -+ -+ if (config_forbids_name_acquired_signal (f->config)) -+ expect_name_acquired_error (&f->monitored, m); -+ - dbus_message_unref (m); - } - -@@ -2044,6 +2101,8 @@ main (int argc, - setup, test_method_call, teardown); - g_test_add ("/monitor/forbidden-method", Fixture, &forbidding_config, - setup, test_forbidden_method_call, teardown); -+ g_test_add ("/monitor/forbidden-reply", Fixture, &forbidding_config, -+ setup, test_dbus_daemon, teardown); - g_test_add ("/monitor/dbus-daemon", Fixture, NULL, - setup, test_dbus_daemon, teardown); - g_test_add ("/monitor/selective", Fixture, &selective_config, --- -2.27.0 - diff --git a/dbus-1.14.0.tar.xz b/dbus-1.14.0.tar.xz deleted file mode 100644 index dfde2794399d6809d81ace2959d29d4ca895c4a1..0000000000000000000000000000000000000000 Binary files a/dbus-1.14.0.tar.xz and /dev/null differ diff --git a/dbus-1.14.8.tar.xz b/dbus-1.14.8.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..64cda2ead83a6e301f11ade0024fb5d92bd36cee Binary files /dev/null and b/dbus-1.14.8.tar.xz differ diff --git a/dbus.spec b/dbus.spec index eb77f9438264857ef86e0bbdd9dae18e8209c68f..a07627488198c21d3b56eac59104517468cfca61 100644 --- a/dbus.spec +++ b/dbus.spec @@ -1,7 +1,7 @@ Name: dbus Epoch: 1 -Version: 1.14.0 -Release: 3 +Version: 1.14.8 +Release: 1 Summary: System Message Bus License: AFLv3.0 or GPLv2+ URL: http://www.freedesktop.org/Software/dbus/ @@ -11,13 +11,8 @@ Source1: 00-start-message-bus.sh Patch0001: bugfix-let-systemd-restart-dbus-when-the-it-enters-failed.patch Patch0002: print-load-average-when-activate-service-timeout.patch -Patch6000: backport-tools-Use-Python3-for-GetAllMatchRules.patch -Patch6001: backport-CVE-2022-42012.patch -Patch6002: backport-CVE-2022-42011.patch -Patch6003: backport-CVE-2022-42010.patch -Patch6004: backport-CVE-2023-34969.patch -Patch6005: backport-monitor-test-Log-the-messages-that-we-monitored.patch -Patch6006: backport-monitor-test-Reproduce-dbus-dbus-457.patch +Patch6001: backport-tools-Use-Python3-for-GetAllMatchRules.patch + BuildRequires: systemd-devel expat-devel libselinux-devel audit-libs-devel doxygen xmlto cmake BuildRequires: autoconf-archive libtool libX11-devel libcap-ng-devel libxslt @@ -229,6 +224,9 @@ fi %exclude %{_pkgdocdir}/README %changelog +* Fri Jul 14 2023 hongjinghao - 1:1.14.8-1 +- Update to 1.14.8 + * Fri Jun 9 2023 hongjinghao - 1:1.14.0-3 - fix CVE-2023-34969