diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/poky/meta/recipes-core/dbus | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/poky/meta/recipes-core/dbus')
-rw-r--r-- | external/poky/meta/recipes-core/dbus/dbus-glib_0.110.bb | 6 | ||||
-rw-r--r-- | external/poky/meta/recipes-core/dbus/dbus-test_1.12.16.bb (renamed from external/poky/meta/recipes-core/dbus/dbus-test_1.12.10.bb) | 23 | ||||
-rw-r--r-- | external/poky/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch | 127 | ||||
-rw-r--r-- | external/poky/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch | 78 | ||||
-rw-r--r-- | external/poky/meta/recipes-core/dbus/dbus/dbus-1.init | 4 | ||||
-rwxr-xr-x | external/poky/meta/recipes-core/dbus/dbus/run-ptest | 19 | ||||
-rw-r--r-- | external/poky/meta/recipes-core/dbus/dbus_1.12.16.bb (renamed from external/poky/meta/recipes-core/dbus/dbus_1.12.10.bb) | 22 |
7 files changed, 124 insertions, 155 deletions
diff --git a/external/poky/meta/recipes-core/dbus/dbus-glib_0.110.bb b/external/poky/meta/recipes-core/dbus/dbus-glib_0.110.bb index b7383bd2..0b45805c 100644 --- a/external/poky/meta/recipes-core/dbus/dbus-glib_0.110.bb +++ b/external/poky/meta/recipes-core/dbus/dbus-glib_0.110.bb @@ -1,8 +1,8 @@ SUMMARY = "High level language (GLib) binding for D-Bus" DESCRIPTION = "GLib bindings for the D-Bus message bus that integrate \ the D-Bus library with the GLib thread abstraction and main loop." -HOMEPAGE = "http://www.freedesktop.org/Software/dbus" -LICENSE = "AFL-2 | GPLv2+" +HOMEPAGE = "https://www.freedesktop.org/Software/dbus" +LICENSE = "AFL-2.1 | GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=cf5b3a2f7083750d504333114e738656 \ file://dbus/dbus-glib.h;beginline=7;endline=21;md5=7755c9d7abccd5dbd25a6a974538bb3c" SECTION = "base" @@ -10,7 +10,7 @@ SECTION = "base" DEPENDS = "expat glib-2.0 virtual/libintl dbus-glib-native dbus" DEPENDS_class-native = "glib-2.0-native dbus-native" -SRC_URI = "http://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-${PV}.tar.gz \ +SRC_URI = "https://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-${PV}.tar.gz \ file://no-examples.patch \ file://test-install-makefile.patch \ " diff --git a/external/poky/meta/recipes-core/dbus/dbus-test_1.12.10.bb b/external/poky/meta/recipes-core/dbus/dbus-test_1.12.16.bb index 25b93951..bea0e74e 100644 --- a/external/poky/meta/recipes-core/dbus/dbus-test_1.12.10.bb +++ b/external/poky/meta/recipes-core/dbus/dbus-test_1.12.16.bb @@ -1,13 +1,12 @@ SUMMARY = "D-Bus test package (for D-bus functionality testing only)" HOMEPAGE = "http://dbus.freedesktop.org" SECTION = "base" -LICENSE = "AFL-2 | GPLv2+" +LICENSE = "AFL-2.1 | GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" DEPENDS = "dbus glib-2.0" -RDEPENDS_${PN} += "make" RDEPENDS_${PN}-dev = "" SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ @@ -17,8 +16,8 @@ SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ " -SRC_URI[md5sum] = "c3e12b4206e2a7da39d7cc42567790ef" -SRC_URI[sha256sum] = "4b693d24976258c3f2fa9cc33ad9288c5fbfa7a16481dbd9a8a429f7aa8cdcf7" +SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" +SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" S="${WORKDIR}/dbus-${PV}" FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:" @@ -33,13 +32,14 @@ EXTRA_OECONF = "--enable-tests \ --enable-installed-tests \ --enable-checks \ --enable-asserts \ - --enable-verbose-mode \ --enable-largefile \ --disable-xml-docs \ --disable-doxygen-docs \ --disable-libaudit \ --with-dbus-test-dir=${PTEST_PATH} \ - ${EXTRA_OECONF_X}" + ${EXTRA_OECONF_X} \ + --enable-embedded-tests \ + " EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" @@ -50,6 +50,7 @@ PACKAGECONFIG_class-nativesdk = "" PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd" PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm" PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session" +PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,," do_install() { : @@ -58,12 +59,17 @@ do_install() { do_install_ptest() { install -d ${D}${PTEST_PATH}/test l="shell printf refs syslog marshal syntax corrupt dbus-daemon dbus-daemon-eavesdrop loopback relay \ - variant uid-permissions syntax spawn sd-activation names monitor message fdpass " + variant uid-permissions syntax spawn sd-activation names monitor message fdpass service shell-service" for i in $l; do install ${B}/test/.libs/test-$i ${D}${PTEST_PATH}/test; done l="bus bus-system bus-launch-helper" for i in $l; do install ${B}/bus/.libs/test-$i ${D}${PTEST_PATH}/test; done + install -d ${D}${PTEST_PATH}/bus + install ${B}/bus/.libs/dbus-daemon-launch-helper-test ${D}${PTEST_PATH}/bus + + install ${B}/test/test-segfault ${D}${PTEST_PATH}/test + cp -r ${B}/test/data ${D}${PTEST_PATH}/test install ${B}/dbus/.libs/test-dbus ${D}${PTEST_PATH}/test @@ -78,6 +84,7 @@ do_install_ptest() { sed -i -e 's;@PTEST_PATH@;${PTEST_PATH};g' ${D}${PTEST_PATH}/run-ptest } -RDEPENDS_${PN}-ptest += "bash" +RDEPENDS_${PN}-ptest += "bash make dbus" +RDEPENDS_${PN}-ptest_remove = "${PN}" PRIVATE_LIBS_${PN}-ptest = "libdbus-1.so.3" diff --git a/external/poky/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch b/external/poky/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch deleted file mode 100644 index 393c70ca..00000000 --- a/external/poky/meta/recipes-core/dbus/dbus/CVE-2019-12749.patch +++ /dev/null @@ -1,127 +0,0 @@ -From f0120c5d97a4cc1b659e86d38f2b1f646ca20ea3 Mon Sep 17 00:00:00 2001 -From: Simon McVittie <smcv@collabora.com> -Date: Thu, 30 May 2019 12:53:03 +0100 -Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server - owner - -The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership -of a shared home directory by having the server write a secret "cookie" -into a .dbus-keyrings subdirectory of the desired identity's home -directory with 0700 permissions, and having the client prove that it can -read the cookie. This never actually worked for non-malicious clients in -the case where server uid != client uid (unless the server and client -both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional -Unix uid 0) because an unprivileged server would fail to write out the -cookie, and an unprivileged client would be unable to read the resulting -file owned by the server. - -Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings -is owned by the uid of the server (a side-effect of a check added to -harden our use of XDG_RUNTIME_DIR), further ruling out successful use -by a non-malicious client with a uid differing from the server's. - -Joe Vennix of Apple Information Security discovered that the -implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link -attack: a malicious client with write access to its own home directory -could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to -read and write in unintended locations. In the worst case this could -result in the DBusServer reusing a cookie that is known to the -malicious client, and treating that cookie as evidence that a subsequent -client connection came from an attacker-chosen uid, allowing -authentication bypass. - -This is mitigated by the fact that by default, the well-known system -dbus-daemon (since 2003) and the well-known session dbus-daemon (in -stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL -authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1 -at an early stage, before manipulating cookies. As a result, this -vulnerability only applies to: - -* system or session dbus-daemons with non-standard configuration -* third-party dbus-daemon invocations such as at-spi2-core (although - in practice at-spi2-core also only accepts EXTERNAL by default) -* third-party uses of DBusServer such as the one in Upstart - -Avoiding symlink attacks in a portable way is difficult, because APIs -like openat() and Linux /proc/self/fd are not universally available. -However, because DBUS_COOKIE_SHA1 already doesn't work in practice for -a non-matching uid, we can solve this vulnerability in an easier way -without regressions, by rejecting it early (before looking at -~/.dbus-keyrings) whenever the requested identity doesn't match the -identity of the process hosting the DBusServer. - -Signed-off-by: Simon McVittie <smcv@collabora.com> -Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269 -Closes: CVE-2019-12749 - -Upstream-Status: Backport -[https://gitlab.freedesktop.org/dbus/dbus/commit -/47b1a4c41004bf494b87370987b222c934b19016] - -CVE: CVE-2019-12749 - -Signed-off-by: Kevin Weng <t-keweng@microsoft.com> ---- - dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++ - 1 file changed, 32 insertions(+) - -diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c -index 37d8d4c9..7390a9d5 100644 ---- a/dbus/dbus-auth.c -+++ b/dbus/dbus-auth.c -@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth, - DBusString tmp2; - dbus_bool_t retval = FALSE; - DBusError error = DBUS_ERROR_INIT; -+ DBusCredentials *myself = NULL; - - _dbus_string_set_length (&auth->challenge, 0); - -@@ -565,6 +566,34 @@ sha1_handle_first_client_response (DBusAuth *auth, - return FALSE; - } - -+ myself = _dbus_credentials_new_from_current_process (); -+ -+ if (myself == NULL) -+ goto out; -+ -+ if (!_dbus_credentials_same_user (myself, auth->desired_identity)) -+ { -+ /* -+ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the -+ * client is anyone other than the user owning the process -+ * containing the DBusServer: we probably aren't allowed to write -+ * to other users' home directories. Even if we can (for example -+ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we -+ * must not, because the other user controls their home directory, -+ * and could carry out symlink attacks to make us read from or -+ * write to unintended locations. It's difficult to avoid symlink -+ * attacks in a portable way, so we just don't try. This isn't a -+ * regression, because DBUS_COOKIE_SHA1 never worked for other -+ * users anyway. -+ */ -+ _dbus_verbose ("%s: client tried to authenticate as \"%s\", " -+ "but that doesn't match this process", -+ DBUS_AUTH_NAME (auth), -+ _dbus_string_get_const_data (data)); -+ retval = send_rejected (auth); -+ goto out; -+ } -+ - /* we cache the keyring for speed, so here we drop it if it's the - * wrong one. FIXME caching the keyring here is useless since we use - * a different DBusAuth for every connection. -@@ -679,6 +708,9 @@ sha1_handle_first_client_response (DBusAuth *auth, - _dbus_string_zero (&tmp2); - _dbus_string_free (&tmp2); - -+ if (myself != NULL) -+ _dbus_credentials_unref (myself); -+ - return retval; - } - --- -2.22.0 - diff --git a/external/poky/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/external/poky/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch new file mode 100644 index 00000000..ac7a4b7a --- /dev/null +++ b/external/poky/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch @@ -0,0 +1,78 @@ +From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001 +From: Simon McVittie <smcv@collabora.com> +Date: Thu, 16 Apr 2020 14:45:11 +0100 +Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive + +MSG_CTRUNC indicates that we have received fewer fds that we should +have done because the buffer was too small, but we were treating it +as though it indicated that we received *no* fds. If we received any, +we still have to make sure we close them, otherwise they will be leaked. + +On the system bus, if an attacker can induce us to leak fds in this +way, that's a local denial of service via resource exhaustion. + +Reported-by: Kevin Backhouse, GitHub Security Lab +Fixes: dbus#294 +Fixes: CVE-2020-12049 +Fixes: GHSL-2020-057 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63] +CVE: CVE-2020-12049 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------ + 1 file changed, 20 insertions(+), 12 deletions(-) + +diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c +index b5fc2466..b176dae1 100644 +--- a/dbus/dbus-sysdeps-unix.c ++++ b/dbus/dbus-sysdeps-unix.c +@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, + struct cmsghdr *cm; + dbus_bool_t found = FALSE; + +- if (m.msg_flags & MSG_CTRUNC) +- { +- /* Hmm, apparently the control data was truncated. The bad +- thing is that we might have completely lost a couple of fds +- without chance to recover them. Hence let's treat this as a +- serious error. */ +- +- errno = ENOSPC; +- _dbus_string_set_length (buffer, start); +- return -1; +- } +- + for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) + if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) + { +@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, + if (!found) + *n_fds = 0; + ++ if (m.msg_flags & MSG_CTRUNC) ++ { ++ unsigned int i; ++ ++ /* Hmm, apparently the control data was truncated. The bad ++ thing is that we might have completely lost a couple of fds ++ without chance to recover them. Hence let's treat this as a ++ serious error. */ ++ ++ /* We still need to close whatever fds we *did* receive, ++ * otherwise they'll never get closed. (CVE-2020-12049) */ ++ for (i = 0; i < *n_fds; i++) ++ close (fds[i]); ++ ++ *n_fds = 0; ++ errno = ENOSPC; ++ _dbus_string_set_length (buffer, start); ++ return -1; ++ } ++ + /* put length back (doesn't actually realloc) */ + _dbus_string_set_length (buffer, start + bytes_read); + +-- +2.25.1 + diff --git a/external/poky/meta/recipes-core/dbus/dbus/dbus-1.init b/external/poky/meta/recipes-core/dbus/dbus/dbus-1.init index 42c86297..90e167e5 100644 --- a/external/poky/meta/recipes-core/dbus/dbus/dbus-1.init +++ b/external/poky/meta/recipes-core/dbus/dbus/dbus-1.init @@ -21,8 +21,8 @@ DAEMON=@bindir@/dbus-daemon NAME=dbus -DAEMONUSER=messagebus # must match /etc/dbus-1/system.conf -PIDFILE=/var/run/messagebus.pid # must match /etc/dbus-1/system.conf +DAEMONUSER=messagebus # must match /usr/share/dbus-1/system.conf +PIDFILE=/var/run/dbus/pid # must match /usr/share/dbus-1/system.conf UUIDDIR=/var/lib/dbus DESC="system message bus" EVENTDIR=/etc/dbus-1/event.d diff --git a/external/poky/meta/recipes-core/dbus/dbus/run-ptest b/external/poky/meta/recipes-core/dbus/dbus/run-ptest index 353ba1e9..d3eec082 100755 --- a/external/poky/meta/recipes-core/dbus/dbus/run-ptest +++ b/external/poky/meta/recipes-core/dbus/dbus/run-ptest @@ -17,8 +17,19 @@ export LD_LIBRARY_PATH=@PTEST_PATH@/test/.libs files=`ls test/test-*` for i in $files - do - ./$i ./test/data >/dev/null - output - done +do + #these programs are used by testcase test-bus, don't run here + #additionally, test-names needs to be run under X + if [ $i = "test/test-service" ] \ + || [ $i = "test/test-shell-service" ] \ + || [ $i = "test/test-segfault" ] \ + || [ $i = "test/test-bus" ] \ + || [ $i = "test/test-names" ] + then + continue + fi + + ./$i ./test/data >/dev/null 2>&1 + output +done diff --git a/external/poky/meta/recipes-core/dbus/dbus_1.12.10.bb b/external/poky/meta/recipes-core/dbus/dbus_1.12.16.bb index d7ad1d8b..10d1b344 100644 --- a/external/poky/meta/recipes-core/dbus/dbus_1.12.10.bb +++ b/external/poky/meta/recipes-core/dbus/dbus_1.12.16.bb @@ -1,8 +1,8 @@ SUMMARY = "D-Bus message bus" DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed." -HOMEPAGE = "http://dbus.freedesktop.org" +HOMEPAGE = "https://dbus.freedesktop.org" SECTION = "base" -LICENSE = "AFL-2 | GPLv2+" +LICENSE = "AFL-2.1 | GPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \ file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c" DEPENDS = "expat virtual/libintl autoconf-archive" @@ -12,15 +12,15 @@ PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '', ALLOW_EMPTY_dbus-ptest = "1" RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest" -SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ +SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \ file://tmpdir.patch \ file://dbus-1.init \ file://clear-guid_from_server-if-send_negotiate_unix_f.patch \ - file://CVE-2019-12749.patch \ + file://CVE-2020-12049.patch \ " -SRC_URI[md5sum] = "c3e12b4206e2a7da39d7cc42567790ef" -SRC_URI[sha256sum] = "4b693d24976258c3f2fa9cc33ad9288c5fbfa7a16481dbd9a8a429f7aa8cdcf7" +SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890" +SRC_URI[sha256sum] = "54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80" inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even @@ -33,7 +33,6 @@ python __anonymous() { } USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "-r netdev" USERADD_PARAM_${PN} = "--system --home ${localstatedir}/lib/dbus \ --no-create-home --shell /bin/false \ --user-group messagebus" @@ -93,11 +92,13 @@ pkg_postinst_dbus() { fi } + EXTRA_OECONF = "--disable-tests \ --disable-xml-docs \ --disable-doxygen-docs \ --disable-libaudit \ --enable-largefile \ + --with-system-socket=/run/dbus/system_bus_socket \ " EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl" @@ -121,6 +122,9 @@ do_install() { install -d ${D}${sysconfdir}/init.d sed 's:@bindir@:${bindir}:' < ${WORKDIR}/dbus-1.init >${WORKDIR}/dbus-1.init.sh install -m 0755 ${WORKDIR}/dbus-1.init.sh ${D}${sysconfdir}/init.d/dbus-1 + install -d ${D}${sysconfdir}/default/volatiles + echo "d messagebus messagebus 0755 ${localstatedir}/run/dbus none" \ + > ${D}${sysconfdir}/default/volatiles/99_dbus fi if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then @@ -132,10 +136,6 @@ do_install() { ln -fs ../dbus.service ${D}${systemd_system_unitdir}/multi-user.target.wants/dbus.service fi - install -d ${D}${sysconfdir}/default/volatiles - echo "d messagebus messagebus 0755 ${localstatedir}/run/dbus none" \ - > ${D}${sysconfdir}/default/volatiles/99_dbus - mkdir -p ${D}${localstatedir}/lib/dbus |