diff options
| author |   Doug Goldstein <cardoe@gentoo.org> | 2008-10-06 18:28:01 +0000 |
|---|---|---|
| committer | Doug Goldstein <cardoe@gentoo.org> | 2008-10-06 18:28:01 +0000 |
| commit | ac092c03a3c5e713c6e8dc2c7d86e7f0ce98ce23 (patch) | |
| tree | de244b5516d11a60315d3ba2339eedd8fbf9e6a8 | |
| parent | Stable on sparc, bug #239851 (diff) | |
| download | gentoo-2-ac092c03a3c5e713c6e8dc2c7d86e7f0ce98ce23.tar.gz gentoo-2-ac092c03a3c5e713c6e8dc2c7d86e7f0ce98ce23.tar.bz2 gentoo-2-ac092c03a3c5e713c6e8dc2c7d86e7f0ce98ce23.zip | |
Fix potential DoS issue. fdo bug #17803. Gentoo bug #240308
(Portage version: 2.2_rc11/cvs/Linux 2.6.26-gentoo-r1 x86_64)
| -rw-r--r-- | sys-apps/dbus/ChangeLog | 9 | ||||
| -rw-r--r-- | sys-apps/dbus/dbus-1.2.3-r1.ebuild | 125 | ||||
| -rw-r--r-- | sys-apps/dbus/files/dbus-1.2.3-panic-from-dbus_signature_validate.patch | 32 |
3 files changed, 165 insertions, 1 deletions
diff --git a/sys-apps/dbus/ChangeLog b/sys-apps/dbus/ChangeLog index 0d59785cdde2..f53c2dc2982b 100644 --- a/sys-apps/dbus/ChangeLog +++ b/sys-apps/dbus/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-apps/dbus # Copyright 2000-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/dbus/ChangeLog,v 1.220 2008/10/06 00:55:51 steev Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/dbus/ChangeLog,v 1.221 2008/10/06 18:27:48 cardoe Exp $ + +*dbus-1.2.3-r1 (06 Oct 2008) + + 06 Oct 2008; Doug Goldstein <cardoe@gentoo.org> + +files/dbus-1.2.3-panic-from-dbus_signature_validate.patch, + +dbus-1.2.3-r1.ebuild: + Fix potential DoS issue. fdo bug #17803. Gentoo bug #240308 06 Oct 2008; <steev@gentoo.org> dbus-1.0.2-r2.ebuild, dbus-1.1.4.ebuild, dbus-1.1.20.ebuild, dbus-1.2.1.ebuild, dbus-1.2.3.ebuild: diff --git a/sys-apps/dbus/dbus-1.2.3-r1.ebuild b/sys-apps/dbus/dbus-1.2.3-r1.ebuild new file mode 100644 index 000000000000..65e4affffb80 --- /dev/null +++ b/sys-apps/dbus/dbus-1.2.3-r1.ebuild @@ -0,0 +1,125 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/dbus/dbus-1.2.3-r1.ebuild,v 1.1 2008/10/06 18:27:48 cardoe Exp $ + +inherit eutils multilib flag-o-matic + +DESCRIPTION="A message bus system, a simple way for applications to talk to each other" +HOMEPAGE="http://dbus.freedesktop.org/" +SRC_URI="http://dbus.freedesktop.org/releases/dbus/${P}.tar.gz" + +LICENSE="|| ( GPL-2 AFL-2.1 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="debug doc selinux X" + +RDEPEND="X? ( x11-libs/libXt x11-libs/libX11 ) + selinux? ( sys-libs/libselinux + sec-policy/selinux-dbus ) + >=dev-libs/expat-1.95.8 + !<sys-apps/dbus-0.91" +DEPEND="${RDEPEND} + dev-util/pkgconfig + doc? ( app-doc/doxygen + app-text/xmlto )" + +src_unpack() { + unpack ${A} + cd "${S}" + # Fix potential DoS issue. fdo bug #17803. Gentoo bug #240308 + epatch "${FILESDIR}"/${PN}-1.2.3-panic-from-dbus_signature_validate.patch +} + +src_compile() { + # so we can get backtraces from apps + append-flags -rdynamic + + local myconf="" + + hasq test ${FEATURES} && myconf="${myconf} --enable-tests=yes" + # libaudit is *only* used in DBus wrt SELinux support, so disable it, if + # not on an SELinux profile. + econf \ + $(use_with X x) \ + $(use_enable kernel_linux inotify) \ + $(use_enable kernel_FreeBSD kqueue) \ + $(use_enable selinux) \ + $(use_enable selinux libaudit) \ + $(use_enable debug verbose-mode) \ + $(use_enable debug asserts) \ + --with-xml=expat \ + --with-system-pid-file=/var/run/dbus.pid \ + --with-system-socket=/var/run/dbus/system_bus_socket \ + --with-session-socket-dir=/tmp \ + --with-dbus-user=messagebus \ + --localstatedir=/var \ + $(use_enable doc doxygen-docs) \ + --disable-xml-docs \ + ${myconf} \ + || die "econf failed" + + # after the compile, it uses a selinuxfs interface to + # check if the SELinux policy has the right support + use selinux && addwrite /selinux/access + + emake || die "make failed" +} + +src_test() { + DBUS_VERBOSE=1 make check || die "make check failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "make install failed" + + # initscript + newinitd "${FILESDIR}"/dbus.init-1.0 dbus + + # dbus X session script (#77504) + # turns out to only work for GDM. has been merged into other desktop + # (kdm and such scripts) + exeinto /etc/X11/xinit/xinitrc.d/ + doexe "${FILESDIR}"/30-dbus + + # needs to exist for the system socket + keepdir /var/run/dbus + # needs to exist for machine id + keepdir /var/lib/dbus + # needs to exist for dbus sessions to launch + + keepdir /usr/lib/dbus-1.0/services + keepdir /usr/share/dbus-1/services + keepdir /etc/dbus-1/system.d/ + keepdir /etc/dbus-1/session.d/ + + dodoc AUTHORS ChangeLog HACKING NEWS README doc/TODO + if use doc; then + dohtml doc/*html + fi +} + +pkg_preinst() { + enewgroup messagebus + enewuser messagebus -1 "-1" -1 messagebus +} + +pkg_postinst() { + elog "To start the D-Bus system-wide messagebus by default" + elog "you should add it to the default runlevel :" + elog "\`rc-update add dbus default\`" + elog + elog "Some applications require a session bus in addition to the system" + elog "bus. Please see \`man dbus-launch\` for more information." + elog + elog + ewarn "You MUST run 'revdep-rebuild' after emerging this package" + elog + ewarn "If you are currently running X with the hal useflag enabled" + ewarn "restarting the dbus service WILL restart X as well" + ebeep 5 + elog + ewarn "You must restart D-Bus \`/etc/init.d/dbus restart\` to run" + ewarn "the new version of the daemon. For many people, this means" + ewarn "exiting X as well." + +} diff --git a/sys-apps/dbus/files/dbus-1.2.3-panic-from-dbus_signature_validate.patch b/sys-apps/dbus/files/dbus-1.2.3-panic-from-dbus_signature_validate.patch new file mode 100644 index 000000000000..772da176822a --- /dev/null +++ b/sys-apps/dbus/files/dbus-1.2.3-panic-from-dbus_signature_validate.patch @@ -0,0 +1,32 @@ +From: Colin Walters <walters@verbum.org> +Date: Wed, 1 Oct 2008 17:49:48 +0000 (-0400) +Subject: Bug 17803: Panic from dbus_signature_validate +X-Git-Url: http://gitweb.freedesktop.org/?p=dbus/dbus.git;a=commitdiff;h=7b10b46c5c8658449783ce45f1273dd35c353bce + +Bug 17803: Panic from dbus_signature_validate + + * dbus/dbus-marshal-validate.c: Ensure we validate + a basic type before calling is_basic on it. + * dbus-marshal-validate-util.c: Test. +--- + +--- a/dbus/dbus-marshal-validate-util.c ++++ b/dbus/dbus-marshal-validate-util.c +@@ -228,6 +228,7 @@ _dbus_marshal_validate_test (void) + "123", + ".", + "(" ++ "a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */ + }; + + /* Signature with reason */ +--- a/dbus/dbus-marshal-validate.c ++++ b/dbus/dbus-marshal-validate.c +@@ -247,6 +247,7 @@ _dbus_validate_signature_with_reason (co + } + + if (last == DBUS_DICT_ENTRY_BEGIN_CHAR && ++ _dbus_type_is_valid (*p) && + !dbus_type_is_basic (*p)) + { + result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE; |