mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 05:18:07 -05:00
gnu: dbus: Fix CVE-2020-12049.
* gnu/packages/patches/dbus-CVE-2020-12049.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/glib.scm (dbus/fixed): New variable. (dbus)[replacement]: New field.
This commit is contained in:
parent
395659d86d
commit
9a46e0dd84
3 changed files with 69 additions and 0 deletions
|
@ -855,6 +855,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/datefudge-gettimeofday.patch \
|
||||
%D%/packages/patches/dbacl-include-locale.h.patch \
|
||||
%D%/packages/patches/dbus-helper-search-path.patch \
|
||||
%D%/packages/patches/dbus-CVE-2020-12049.patch \
|
||||
%D%/packages/patches/dbus-c++-gcc-compat.patch \
|
||||
%D%/packages/patches/dbus-c++-threading-mutex.patch \
|
||||
%D%/packages/patches/dconf-meson-0.52.patch \
|
||||
|
|
|
@ -88,6 +88,7 @@ (define dbus
|
|||
(package
|
||||
(name "dbus")
|
||||
(version "1.12.16")
|
||||
(replacement dbus/fixed)
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
|
@ -164,6 +165,15 @@ (define dbus
|
|||
shared NFS home directories.")
|
||||
(license license:gpl2+))) ; or Academic Free License 2.1
|
||||
|
||||
;; Replacement package to fix CVE-2020-12049.
|
||||
(define dbus/fixed
|
||||
(package
|
||||
(inherit dbus)
|
||||
(source (origin
|
||||
(inherit (package-source dbus))
|
||||
(patches (append (search-patches "dbus-CVE-2020-12049.patch")
|
||||
(origin-patches (package-source dbus))))))))
|
||||
|
||||
(define glib
|
||||
(package
|
||||
(name "glib")
|
||||
|
|
58
gnu/packages/patches/dbus-CVE-2020-12049.patch
Normal file
58
gnu/packages/patches/dbus-CVE-2020-12049.patch
Normal file
|
@ -0,0 +1,58 @@
|
|||
Fix CVE-2020-12049:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12049
|
||||
https://lists.freedesktop.org/archives/ftp-release/2020-June/000753.html
|
||||
|
||||
Taken from upstream:
|
||||
|
||||
https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5
|
||||
|
||||
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
|
||||
--- a/dbus/dbus-sysdeps-unix.c
|
||||
+++ b/dbus/dbus-sysdeps-unix.c
|
||||
@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
|
||||
struct cmsghdr *cm;
|
||||
dbus_bool_t found = FALSE;
|
||||
|
||||
- if (m.msg_flags & MSG_CTRUNC)
|
||||
- {
|
||||
- /* Hmm, apparently the control data was truncated. The bad
|
||||
- thing is that we might have completely lost a couple of fds
|
||||
- without chance to recover them. Hence let's treat this as a
|
||||
- serious error. */
|
||||
-
|
||||
- errno = ENOSPC;
|
||||
- _dbus_string_set_length (buffer, start);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
|
||||
if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
|
||||
{
|
||||
@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
|
||||
if (!found)
|
||||
*n_fds = 0;
|
||||
|
||||
+ if (m.msg_flags & MSG_CTRUNC)
|
||||
+ {
|
||||
+ unsigned int i;
|
||||
+
|
||||
+ /* Hmm, apparently the control data was truncated. The bad
|
||||
+ thing is that we might have completely lost a couple of fds
|
||||
+ without chance to recover them. Hence let's treat this as a
|
||||
+ serious error. */
|
||||
+
|
||||
+ /* We still need to close whatever fds we *did* receive,
|
||||
+ * otherwise they'll never get closed. (CVE-2020-12049) */
|
||||
+ for (i = 0; i < *n_fds; i++)
|
||||
+ close (fds[i]);
|
||||
+
|
||||
+ *n_fds = 0;
|
||||
+ errno = ENOSPC;
|
||||
+ _dbus_string_set_length (buffer, start);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
/* put length back (doesn't actually realloc) */
|
||||
_dbus_string_set_length (buffer, start + bytes_read);
|
||||
|
Loading…
Reference in a new issue