Hello community, here is the log from the commit of package dbus-1 for openSUSE:Factory checked in at 2014-07-04 17:18:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dbus-1 (Old) and /work/SRC/openSUSE:Factory/.dbus-1.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "dbus-1" Changes: -------- --- /work/SRC/openSUSE:Factory/dbus-1/dbus-1-x11.changes 2014-06-18 08:37:43.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.dbus-1.new/dbus-1-x11.changes 2014-07-04 17:18:19.000000000 +0200 @@ -1,0 +2,21 @@ +Wed Jul 2 16:15:37 UTC 2014 - fstrba@suse.com + +- Update to 1.8.6: + + Security fixes: + - On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, + silently drop the message. This prevents an attack in which + a malicious client can make dbus-daemon disconnect a system + service, which is a local denial of service. + (bnc#885241 fdo#80163, CVE-2014-3532; Alban Crequy) + - Track remaining Unix file descriptors correctly when more + than one message in quick succession contains fds. This + prevents another attack in which a malicious client can make + dbus-daemon disconnect a system service. + (bnc#885241 fdo#79694, fd0#80469, CVE-2014-3533; Alejandro + Martínez Suárez, Simon McVittie, Alban Crequy) + + Other fixes: + - When dbus-launch --exit-with-session starts a dbus-daemon but + then cannot attach to a session, kill the dbus-daemon as + intended (fdo#74698, Роман Донченко) + +------------------------------------------------------------------- dbus-1.changes: same change Old: ---- dbus-1.8.4.tar.gz New: ---- dbus-1.8.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dbus-1-x11.spec ++++++ --- /var/tmp/diff_new_pack.KGvcZs/_old 2014-07-04 17:18:20.000000000 +0200 +++ /var/tmp/diff_new_pack.KGvcZs/_new 2014-07-04 17:18:20.000000000 +0200 @@ -46,7 +46,7 @@ BuildRequires: libexpat-devel BuildRequires: libtool BuildRequires: pkg-config -Version: 1.8.4 +Version: 1.8.6 Release: 0 # Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz dbus-1.spec: same change ++++++ dbus-1.8.4.tar.gz -> dbus-1.8.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dbus-1.8.4/NEWS new/dbus-1.8.6/NEWS --- old/dbus-1.8.4/NEWS 2014-06-05 15:52:21.000000000 +0200 +++ new/dbus-1.8.6/NEWS 2014-06-30 15:17:34.000000000 +0200 @@ -1,3 +1,27 @@ +D-Bus 1.8.6 (2014-06-02) +== + +Security fixes: + +• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop + the message. This prevents an attack in which a malicious client can + make dbus-daemon disconnect a system service, which is a local + denial of service. + (fd.o #80163, CVE-2014-3532; Alban Crequy) + +• Track remaining Unix file descriptors correctly when more than one + message in quick succession contains fds. This prevents another attack + in which a malicious client can make dbus-daemon disconnect a system + service. + (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, + Simon McVittie, Alban Crequy) + +Other fixes: + +• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot + attach to a session, kill the dbus-daemon as intended + (fd.o #74698, Роман Донченко) + D-Bus 1.8.4 (2014-06-10) == diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dbus-1.8.4/configure new/dbus-1.8.6/configure --- old/dbus-1.8.4/configure 2014-06-05 15:56:49.000000000 +0200 +++ new/dbus-1.8.6/configure 2014-06-30 15:20:50.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for dbus 1.8.4. +# Generated by GNU Autoconf 2.69 for dbus 1.8.6. # # Report bugs to https://bugs.freedesktop.org/enter_bug.cgi?product=dbus. # @@ -591,8 +591,8 @@ # Identity of this package. PACKAGE_NAME='dbus' PACKAGE_TARNAME='dbus' -PACKAGE_VERSION='1.8.4' -PACKAGE_STRING='dbus 1.8.4' +PACKAGE_VERSION='1.8.6' +PACKAGE_STRING='dbus 1.8.6' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=dbus' PACKAGE_URL='' @@ -1512,7 +1512,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dbus 1.8.4 to adapt to many kinds of systems. +\`configure' configures dbus 1.8.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1586,7 +1586,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dbus 1.8.4:";; + short | recursive ) echo "Configuration of dbus 1.8.6:";; esac cat <<\_ACEOF @@ -1783,7 +1783,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -dbus configure 1.8.4 +dbus configure 1.8.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2502,7 +2502,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dbus $as_me 1.8.4, which was +It was created by dbus $as_me 1.8.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3442,7 +3442,7 @@ # Define the identity of the package. PACKAGE='dbus' - VERSION='1.8.4' + VERSION='1.8.6' cat >>confdefs.h <<_ACEOF @@ -3742,7 +3742,7 @@ ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=5 +LT_REVISION=6 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has @@ -3755,8 +3755,8 @@ DBUS_MAJOR_VERSION=1 DBUS_MINOR_VERSION=8 -DBUS_MICRO_VERSION=4 -DBUS_VERSION=1.8.4 +DBUS_MICRO_VERSION=6 +DBUS_VERSION=1.8.6 @@ -23266,7 +23266,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by dbus $as_me 1.8.4, which was +This file was extended by dbus $as_me 1.8.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23332,7 +23332,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -dbus config.status 1.8.4 +dbus config.status 1.8.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dbus-1.8.4/configure.ac new/dbus-1.8.6/configure.ac --- old/dbus-1.8.4/configure.ac 2014-06-05 15:53:52.000000000 +0200 +++ new/dbus-1.8.6/configure.ac 2014-06-30 15:17:56.000000000 +0200 @@ -3,7 +3,7 @@ m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [8]) -m4_define([dbus_micro_version], [4]) +m4_define([dbus_micro_version], [6]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=5 +LT_REVISION=6 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dbus-1.8.4/dbus/dbus-message.c new/dbus-1.8.6/dbus/dbus-message.c --- old/dbus-1.8.4/dbus/dbus-message.c 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.6/dbus/dbus-message.c 2014-06-11 13:24:39.000000000 +0200 @@ -4204,7 +4204,7 @@ message->n_unix_fds_allocated = message->n_unix_fds = n_unix_fds; loader->n_unix_fds -= n_unix_fds; - memmove(loader->unix_fds + n_unix_fds, loader->unix_fds, loader->n_unix_fds); + memmove (loader->unix_fds, loader->unix_fds + n_unix_fds, loader->n_unix_fds * sizeof (loader->unix_fds[0])); } else message->unix_fds = NULL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dbus-1.8.4/dbus/dbus-sysdeps.c new/dbus-1.8.6/dbus/dbus-sysdeps.c --- old/dbus-1.8.4/dbus/dbus-sysdeps.c 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.6/dbus/dbus-sysdeps.c 2014-06-30 15:08:47.000000000 +0200 @@ -762,6 +762,20 @@ } /** + * See if errno is ETOOMANYREFS + * @returns #TRUE if errno == ETOOMANYREFS + */ +dbus_bool_t +_dbus_get_is_errno_etoomanyrefs (void) +{ +#ifdef ETOOMANYREFS + return errno == ETOOMANYREFS; +#else + return FALSE; +#endif +} + +/** * Get error message from errno * @returns _dbus_strerror(errno) */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dbus-1.8.4/dbus/dbus-sysdeps.h new/dbus-1.8.6/dbus/dbus-sysdeps.h --- old/dbus-1.8.4/dbus/dbus-sysdeps.h 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.6/dbus/dbus-sysdeps.h 2014-06-30 15:08:47.000000000 +0200 @@ -384,6 +384,7 @@ dbus_bool_t _dbus_get_is_errno_enomem (void); dbus_bool_t _dbus_get_is_errno_eintr (void); dbus_bool_t _dbus_get_is_errno_epipe (void); +dbus_bool_t _dbus_get_is_errno_etoomanyrefs (void); const char* _dbus_strerror_from_errno (void); void _dbus_disable_sigpipe (void); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dbus-1.8.4/dbus/dbus-transport-socket.c new/dbus-1.8.6/dbus/dbus-transport-socket.c --- old/dbus-1.8.4/dbus/dbus-transport-socket.c 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.6/dbus/dbus-transport-socket.c 2014-06-30 15:08:47.000000000 +0200 @@ -645,12 +645,44 @@ { /* EINTR already handled for us */ - /* For some discussion of why we also ignore EPIPE here, see + /* If the other end closed the socket with close() or shutdown(), we + * receive EPIPE here but we must not close the socket yet: there + * might still be some data to read. See: * http://lists.freedesktop.org/archives/dbus/2008-March/009526.html */ if (_dbus_get_is_errno_eagain_or_ewouldblock () || _dbus_get_is_errno_epipe ()) goto out; + + /* Since Linux commit 25888e (from 2.6.37-rc4, Nov 2010), sendmsg() + * on Unix sockets returns -1 errno=ETOOMANYREFS when the passfd + * mechanism (SCM_RIGHTS) is used recursively with a recursion level + * of maximum 4. The kernel does not have an API to check whether + * the passed fds can be forwarded and it can change asynchronously. + * See: + * https://bugs.freedesktop.org/show_bug.cgi?id=80163 + */ + + else if (_dbus_get_is_errno_etoomanyrefs ()) + { + /* We only send fds in the first byte of the message. + * ETOOMANYREFS cannot happen after. + */ + _dbus_assert (socket_transport->message_bytes_written == 0); + + _dbus_verbose (" discard message of %d bytes due to ETOOMANYREFS\n", + total_bytes_to_write); + + socket_transport->message_bytes_written = 0; + _dbus_string_set_length (&socket_transport->encoded_outgoing, 0); + _dbus_string_compact (&socket_transport->encoded_outgoing, 2048); + + /* The message was not actually sent but it needs to be removed + * from the outgoing queue + */ + _dbus_connection_message_sent_unlocked (transport->connection, + message); + } else { _dbus_verbose ("Error writing to remote app: %s\n", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dbus-1.8.4/tools/dbus-launch.c new/dbus-1.8.6/tools/dbus-launch.c --- old/dbus-1.8.4/tools/dbus-launch.c 2014-04-30 20:11:08.000000000 +0200 +++ new/dbus-1.8.6/tools/dbus-launch.c 2014-06-11 12:37:40.000000000 +0200 @@ -536,7 +536,7 @@ if (tty_fd < 0 && x_fd < 0) { fprintf (stderr, "No terminal on standard input and no X display; cannot attach message bus to session lifetime\n"); - exit (1); + kill_bus_and_exit (1); } while (TRUE) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org