mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-apps/dbus: update to 1.10.32

Browse Source 
Update dbus to 1.10.32, mainly to address CVE-2020-35512.
It is based on commit 71a58ff8b6cebe8b9e8aeddaf93185ecb52bdb8c of
Gentoo.
This commit is contained in:
Dongsu Park 2021-05-10 14:14:05 +02:00
parent 7355cfb429
commit 5eb623c758
3 changed files with 27 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest vendored
View File

@ -1 +1 @@
DIST dbus-1.10.18.tar.gz 1986589 SHA256 6049ddd5f3f3e2618f615f1faeda0a115104423a7996b7aa73e2f36e38cc514a SHA512 726f97d0a2016f4f0625ba332e93e2d33bb16857cd35cb6c79da0f44fff297df948c3df62c31ffbec34713a7b85b3ff5b65f31517fe3511ddbd3bf18bd4748ed WHIRLPOOL ee164e1f6de80595fbfbcbad65d78dab4b91b5ec4e1ce88e1c4015f1c1b531f09796d54db163b2c2eceb3b92261f8a57852d2e0b29f71d9c65f9b91684433d9e
DIST dbus-1.10.32.tar.gz 2000784 BLAKE2B 490dfa33bf7e26d68e6dfb01c41a720623a28936fd635b8becbbb1dad6b58579fba2d7f75ed57ee0588c4a87ab9c0d07b0005f0ae7cf5b68df5e277cc6f8de07 SHA512 c0cdf99a72fe191ce45767121d67772854c6ec5df3939f2aec76b4ecc3905162d57548c2f02d8073b81c3b4d71277745b7aac8489c364064bd2cf723ce6bbbcd

47
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.10.18-r1.ebuild → sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.10.32.ebuild vendored
View File

@ -2,9 +2,9 @@
# Distributed under the terms of the GNU General Public License v2
EAPI=6
PYTHON_COMPAT=( python2_7 )
PYTHON_COMPAT=( python{2_7,3_{4,5,6}} )
inherit autotools eutils linux-info flag-o-matic python-any-r1 readme.gentoo-r1 systemd virtualx user multilib-minimal
inherit autotools ltprune linux-info flag-o-matic python-any-r1 readme.gentoo-r1 systemd virtualx user multilib-minimal
DESCRIPTION="A message bus system, a simple way for applications to talk to each other"
HOMEPAGE="https://dbus.freedesktop.org/"
@ -12,28 +12,25 @@ SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.gz"
LICENSE="|| ( AFL-2.1 GPL-2 )"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
IUSE="debug doc elogind selinux static-libs systemd test user-session X"
RESTRICT="test"
#RESTRICT="test"
REQUIRED_USE="?? ( elogind systemd )"
REQUIRED_USE="
?? ( elogind systemd )
test? ( debug )
"
CDEPEND="
>=dev-libs/expat-2
selinux? (
sys-libs/libselinux
)
selinux? ( sys-libs/libselinux )
elogind? ( sys-auth/elogind )
systemd? ( sys-apps/systemd:0= )
X? (
x11-libs/libX11
x11-libs/libXt
)
abi_x86_32? (
!<=app-emulation/emul-linux-x86-baselibs-20131008-r4
!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
)
"
DEPEND="${CDEPEND}
app-text/xmlto
@ -45,7 +42,9 @@ DEPEND="${CDEPEND}
${PYTHON_DEPS}
)
"
RDEPEND="${CDEPEND}"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-dbus )
"
DOC_CONTENTS="
Some applications require a session bus in addition to the system
@ -53,7 +52,11 @@ DOC_CONTENTS="
"
# out of sources build dir for make check
TBD=${WORKDIR}/${P}-tests-build
TBD="${WORKDIR}/${P}-tests-build"
PATCHES=(
"${FILESDIR}/${PN}-enable-elogind.patch"
)
pkg_setup() {
enewgroup messagebus
@ -74,13 +77,9 @@ src_prepare() {
-e '/"dispatch"/d' \
bus/test-main.c || die
eapply "${FILESDIR}/${PN}-enable-elogind.patch"
eapply "${FILESDIR}/CVE-2019-12749.patch"
default
eapply_user
# required for asneeded patch but also for bug 263909, cross-compile so
# don't remove eautoreconf
# required for bug 263909, cross-compile so don't remove eautoreconf
eautoreconf
}
@ -190,7 +189,7 @@ multilib_src_compile() {
}
src_test() {
DBUS_VERBOSE=1 Xemake -j1 -C "${TBD}" check
DBUS_VERBOSE=1 virtx emake -j1 -C "${TBD}" check
}
multilib_src_install() {
@ -232,6 +231,12 @@ multilib_src_install_all() {
pkg_postinst() {
readme.gentoo_print_elog
# Ensure unique id is generated and put it in /etc wrt #370451 but symlink
# for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse
# dependencies with hardcoded paths (although the known ones got fixed already)
dbus-uuidgen --ensure="${EROOT%/}"/etc/machine-id
ln -sf "${EPREFIX%/}"/etc/machine-id "${EROOT%/}"/var/lib/dbus/machine-id
if [[ ${CHOST} == *-darwin* ]]; then
local plist="org.freedesktop.dbus-session.plist"
elog

119
sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/CVE-2019-12749.patch vendored
View File

@ -1,119 +0,0 @@
From 47b1a4c41004bf494b87370987b222c934b19016 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 30 May 2019 12:53:03 +0100
Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server
owner
The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
of a shared home directory by having the server write a secret "cookie"
into a .dbus-keyrings subdirectory of the desired identity's home
directory with 0700 permissions, and having the client prove that it can
read the cookie. This never actually worked for non-malicious clients in
the case where server uid != client uid (unless the server and client
both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
Unix uid 0) because an unprivileged server would fail to write out the
cookie, and an unprivileged client would be unable to read the resulting
file owned by the server.
Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
is owned by the uid of the server (a side-effect of a check added to
harden our use of XDG_RUNTIME_DIR), further ruling out successful use
by a non-malicious client with a uid differing from the server's.
Joe Vennix of Apple Information Security discovered that the
implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
attack: a malicious client with write access to its own home directory
could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
read and write in unintended locations. In the worst case this could
result in the DBusServer reusing a cookie that is known to the
malicious client, and treating that cookie as evidence that a subsequent
client connection came from an attacker-chosen uid, allowing
authentication bypass.
This is mitigated by the fact that by default, the well-known system
dbus-daemon (since 2003) and the well-known session dbus-daemon (in
stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
at an early stage, before manipulating cookies. As a result, this
vulnerability only applies to:
* system or session dbus-daemons with non-standard configuration
* third-party dbus-daemon invocations such as at-spi2-core (although
in practice at-spi2-core also only accepts EXTERNAL by default)
* third-party uses of DBusServer such as the one in Upstart
Avoiding symlink attacks in a portable way is difficult, because APIs
like openat() and Linux /proc/self/fd are not universally available.
However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
a non-matching uid, we can solve this vulnerability in an easier way
without regressions, by rejecting it early (before looking at
~/.dbus-keyrings) whenever the requested identity doesn't match the
identity of the process hosting the DBusServer.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
Closes: CVE-2019-12749
---
dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
index 37d8d4c9..7390a9d5 100644
--- a/dbus/dbus-auth.c
+++ b/dbus/dbus-auth.c
@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth,
DBusString tmp2;
dbus_bool_t retval = FALSE;
DBusError error = DBUS_ERROR_INIT;
+ DBusCredentials *myself = NULL;
_dbus_string_set_length (&auth->challenge, 0);
@@ -565,6 +566,34 @@ sha1_handle_first_client_response (DBusAuth *auth,
return FALSE;
}
+ myself = _dbus_credentials_new_from_current_process ();
+
+ if (myself == NULL)
+ goto out;
+
+ if (!_dbus_credentials_same_user (myself, auth->desired_identity))
+ {
+ /*
+ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the
+ * client is anyone other than the user owning the process
+ * containing the DBusServer: we probably aren't allowed to write
+ * to other users' home directories. Even if we can (for example
+ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we
+ * must not, because the other user controls their home directory,
+ * and could carry out symlink attacks to make us read from or
+ * write to unintended locations. It's difficult to avoid symlink
+ * attacks in a portable way, so we just don't try. This isn't a
+ * regression, because DBUS_COOKIE_SHA1 never worked for other
+ * users anyway.
+ */
+ _dbus_verbose ("%s: client tried to authenticate as \"%s\", "
+ "but that doesn't match this process",
+ DBUS_AUTH_NAME (auth),
+ _dbus_string_get_const_data (data));
+ retval = send_rejected (auth);
+ goto out;
+ }
+
/* we cache the keyring for speed, so here we drop it if it's the
* wrong one. FIXME caching the keyring here is useless since we use
* a different DBusAuth for every connection.
@@ -679,6 +708,9 @@ sha1_handle_first_client_response (DBusAuth *auth,
_dbus_string_zero (&tmp2);
_dbus_string_free (&tmp2);
+ if (myself != NULL)
+ _dbus_credentials_unref (myself);
+
return retval;
}
--
2.21.0