From 0ed344edaca120482de1b1d482276088f2d08000 Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Wed, 13 Dec 2006 01:31:16 +0000 Subject: [PATCH] Backported security fix for CVE-2006-6107 to 0.6x series Package-Manager: portage-2.1.2_rc3-r4 --- sys-apps/dbus/ChangeLog | 8 +- sys-apps/dbus/Manifest | 25 ++- sys-apps/dbus/dbus-0.62-r2.ebuild | 153 ++++++++++++++++++ .../dbus-0.62-match-rule-security-fix.patch | 13 ++ sys-apps/dbus/files/digest-dbus-0.62-r2 | 3 + 5 files changed, 194 insertions(+), 8 deletions(-) create mode 100644 sys-apps/dbus/dbus-0.62-r2.ebuild create mode 100644 sys-apps/dbus/files/dbus-0.62-match-rule-security-fix.patch create mode 100644 sys-apps/dbus/files/digest-dbus-0.62-r2 diff --git a/sys-apps/dbus/ChangeLog b/sys-apps/dbus/ChangeLog index 1dccf0ff561a..658786c7089f 100644 --- a/sys-apps/dbus/ChangeLog +++ b/sys-apps/dbus/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-apps/dbus # Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/dbus/ChangeLog,v 1.160 2006/12/13 00:36:10 cardoe Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/dbus/ChangeLog,v 1.161 2006/12/13 01:31:16 cardoe Exp $ + +*dbus-0.62-r2 (13 Dec 2006) + + 13 Dec 2006; Doug Goldstein + +files/dbus-0.62-match-rule-security-fix.patch, +dbus-0.62-r2.ebuild: + Backported security fix for CVE-2006-6107 to 0.6x series 13 Dec 2006; Doug Goldstein dbus-0.62-r1.ebuild: re-adding ~mips to dbus-0.62-r1 diff --git a/sys-apps/dbus/Manifest b/sys-apps/dbus/Manifest index 8d3520812662..c6ad94d55ad7 100644 --- a/sys-apps/dbus/Manifest +++ b/sys-apps/dbus/Manifest @@ -33,6 +33,10 @@ AUX dbus-0.61-qt-disabling.patch 501 RMD160 a7c1af95cc8dd455387eefad00fa90d86015 MD5 1d1c73d8eea0a6f4ffe70c8091409ad0 files/dbus-0.61-qt-disabling.patch 501 RMD160 a7c1af95cc8dd455387eefad00fa90d86015bbda files/dbus-0.61-qt-disabling.patch 501 SHA256 acfd9f175223cb2679d37b941cae9d54adbd494be3c0f4f7be7e004c0bd02a20 files/dbus-0.61-qt-disabling.patch 501 +AUX dbus-0.62-match-rule-security-fix.patch 483 RMD160 d22dacf8206c818e74d46397af3ef15834199a04 SHA1 e58e601b7f2a10c74e9bcedec7d7271f274e68e4 SHA256 8cd72800cc190df683a59a4586523f1e8a393744f24d930ba776799e6741b346 +MD5 00651662a23f7856287e1f2133adc66b files/dbus-0.62-match-rule-security-fix.patch 483 +RMD160 d22dacf8206c818e74d46397af3ef15834199a04 files/dbus-0.62-match-rule-security-fix.patch 483 +SHA256 8cd72800cc190df683a59a4586523f1e8a393744f24d930ba776799e6741b346 files/dbus-0.62-match-rule-security-fix.patch 483 AUX dbus-1.0.1-fixfilecreation.patch 474 RMD160 63e1a6737519773dc85b64098577a97bae7ef6cc SHA1 a4748d3db24f425bd8ed2409bf225d01ced11640 SHA256 183ec284a385b3ef724abbcebd10e42765d81212d23e269c473fb3772f9ab2a3 MD5 c2cbbace7965e670bb95daa896dcfee2 files/dbus-1.0.1-fixfilecreation.patch 474 RMD160 63e1a6737519773dc85b64098577a97bae7ef6cc files/dbus-1.0.1-fixfilecreation.patch 474 @@ -56,14 +60,18 @@ EBUILD dbus-0.62-r1.ebuild 4113 RMD160 dcfe9edde4898a0d81a766e0015e1208a1efd33c MD5 7d100eb89c958fb6a40d4e8bc9a4c745 dbus-0.62-r1.ebuild 4113 RMD160 dcfe9edde4898a0d81a766e0015e1208a1efd33c dbus-0.62-r1.ebuild 4113 SHA256 f5174b7cd13d34b8269707c4df1293c89c1eb816c400d2734cbf467d03c06e84 dbus-0.62-r1.ebuild 4113 +EBUILD dbus-0.62-r2.ebuild 4224 RMD160 f6c6325d90e3a7a307b2034e887f32f005fe6406 SHA1 af13fb1af8bf3c9cd522ee7a6e69be0034efee46 SHA256 1e41d4e20a462c8c258a8050896cef9a458af5e181cd3f814e530f91386539db +MD5 47e8c9156aaa8a6e33b938b78e80ad29 dbus-0.62-r2.ebuild 4224 +RMD160 f6c6325d90e3a7a307b2034e887f32f005fe6406 dbus-0.62-r2.ebuild 4224 +SHA256 1e41d4e20a462c8c258a8050896cef9a458af5e181cd3f814e530f91386539db dbus-0.62-r2.ebuild 4224 EBUILD dbus-1.0.2.ebuild 3257 RMD160 7b2d76da9c9b81cd80888dfd2e1fc0e864eff1f3 SHA1 f203f6dec6cc38fc7e8f9108888abba8b45c71d2 SHA256 d85bbe398560717ff5084988a9d221f3312a0f27add486a1ca135a0a53488fbb MD5 dbdbba227110346cc114e43b9cecd046 dbus-1.0.2.ebuild 3257 RMD160 7b2d76da9c9b81cd80888dfd2e1fc0e864eff1f3 dbus-1.0.2.ebuild 3257 SHA256 d85bbe398560717ff5084988a9d221f3312a0f27add486a1ca135a0a53488fbb dbus-1.0.2.ebuild 3257 -MISC ChangeLog 24096 RMD160 2066716ca13edf83449d7fce4028896498a3a79d SHA1 2a0aef6339064bd13678601f7286e81eefa22d5a SHA256 9b09899e9f04c09a1dd4efe910bc2ee6872232ac905c0bc464f33f47e12001a8 -MD5 7c18aac5f43266abbe99f6345fad7bee ChangeLog 24096 -RMD160 2066716ca13edf83449d7fce4028896498a3a79d ChangeLog 24096 -SHA256 9b09899e9f04c09a1dd4efe910bc2ee6872232ac905c0bc464f33f47e12001a8 ChangeLog 24096 +MISC ChangeLog 24307 RMD160 9ca2355231fe9bb6ef73250e4fee105bf9dbddcb SHA1 4fbd661d79dd3c1b3c631005384e9d0cae4adbac SHA256 bbbda7281c36bf22e980ee306e049ad951cfbf7e438188d3adf8989a590b1a73 +MD5 ee9cbe14652e29c8c11653039b042713 ChangeLog 24307 +RMD160 9ca2355231fe9bb6ef73250e4fee105bf9dbddcb ChangeLog 24307 +SHA256 bbbda7281c36bf22e980ee306e049ad951cfbf7e438188d3adf8989a590b1a73 ChangeLog 24307 MISC metadata.xml 222 RMD160 cd880923dd3bbe29d863c21fdcc56700006a2bcc SHA1 d2b55bed5d827913edafe6777b37d03c352d9adf SHA256 3b1bdb4611693b7a059584a994f3760dce2f37a048d4c2c55c1756e17519e1cf MD5 d854e952b3179d33b2ece377ce9980f3 metadata.xml 222 RMD160 cd880923dd3bbe29d863c21fdcc56700006a2bcc metadata.xml 222 @@ -74,13 +82,16 @@ SHA256 8ee10bf68b294a8eef518926360a7b538fa9dda198e47b1d9f6367b6de0cdbcd files/di MD5 e00700223b4c2566d3c5b60371b524ff files/digest-dbus-0.62-r1 232 RMD160 020d50c35dbd8578464f56119db955bfb811d61c files/digest-dbus-0.62-r1 232 SHA256 b249fe2b3ac0467d861e39cc171543bac5f489ec77b22ccf68b9ef09a8c68bbe files/digest-dbus-0.62-r1 232 +MD5 e00700223b4c2566d3c5b60371b524ff files/digest-dbus-0.62-r2 232 +RMD160 020d50c35dbd8578464f56119db955bfb811d61c files/digest-dbus-0.62-r2 232 +SHA256 b249fe2b3ac0467d861e39cc171543bac5f489ec77b22ccf68b9ef09a8c68bbe files/digest-dbus-0.62-r2 232 MD5 497fe5e3a5dfd951a073118e2de14adb files/digest-dbus-1.0.2 235 RMD160 a4e31868ed956d2fcdcd55cc71c7758d9d2bda8c files/digest-dbus-1.0.2 235 SHA256 f398ccc18d90f59f55f826046878cb5dd08b0b1abe1c5fd016b6dacb54891b88 files/digest-dbus-1.0.2 235 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) -iD8DBQFFf1LwoeSe8B0zEfwRAnGYAJ41XrW5KFaBMB7UvT6AJqtntjgnlgCdEIXe -ENS1U91y9BgLhAq98XSLBxY= -=b3Hv +iD8DBQFFf1gQoeSe8B0zEfwRAk9jAJ9R5FUN+svir73WzT8KHXBMoQa9kQCfbxWr +o98OuyVyXVpOvAeUSAbTKwM= +=01NM -----END PGP SIGNATURE----- diff --git a/sys-apps/dbus/dbus-0.62-r2.ebuild b/sys-apps/dbus/dbus-0.62-r2.ebuild new file mode 100644 index 000000000000..9b4fde038839 --- /dev/null +++ b/sys-apps/dbus/dbus-0.62-r2.ebuild @@ -0,0 +1,153 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/dbus/dbus-0.62-r2.ebuild,v 1.1 2006/12/13 01:31:16 cardoe Exp $ + +WANT_AUTOCONF=2.5 +inherit eutils mono python multilib debug qt3 autotools flag-o-matic + +DESCRIPTION="A message bus system, a simple way for applications to talk to each other" +HOMEPAGE="http://dbus.freedesktop.org/" +SRC_URI="http://dbus.freedesktop.org/releases/${P}.tar.gz" + +SLOT="0" +LICENSE="|| ( GPL-2 AFL-2.1 )" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="doc gtk mono python qt3 qt4 selinux X" + +RDEPEND=">=dev-libs/glib-2.6 + X? ( || ( ( x11-libs/libXt x11-libs/libX11 ) virtual/x11 ) ) + gtk? ( >=x11-libs/gtk+-2.6 ) + mono? ( >=dev-lang/mono-0.95 ) + python? ( >=dev-lang/python-2.4 >=dev-python/pyrex-0.9.3-r2 ) + qt3? ( $(qt_min_version 3.3) ) + qt4? ( =x11-libs/qt-4.1* ) + selinux? ( sys-libs/libselinux ) + >=dev-libs/expat-1.95.8" + +DEPEND="${RDEPEND} + dev-util/pkgconfig + doc? ( app-doc/doxygen + app-text/xmlto + mono? ( >=dev-util/monodoc-1.1.10 ) )" + +pkg_setup() { + PKG_CONFIG_PATH="${QTDIR}/lib/pkgconfig" + filter-flags -fstack-protector-all +} + +src_unpack() { + unpack ${A} + cd "${S}" + + #fix mono-tools depend + epatch "${FILESDIR}"/${PN}-0.61-mono-tools-update.diff + + #fix security issue in rule matching + epatch "${FILESDIR}"/${PN}-0.62-match-rule-security-fix.patch + + eautoreconf +} + +src_compile() { + local myconf="" + + # Only enable mono-docs if both mono and doc is defined + use mono && myconf="${myconf} $(use_enable doc mono-docs)" + + hasq test ${FEATURES} && myconf="${myconf} --enable-tests=yes" + + if use qt3; then + myconf="${myconf} --enable-qt3=${QTDIR} --with-qt3-moc=${QTDIR}/bin/moc " + else + myconf="${myconf} --disable-qt3 --without-qt3-moc" + fi + + if use qt4; then + myconf="${myconf} --enable-qt --with-qt-moc=/usr/bin/moc" + else + myconf="${myconf} --disable-qt --without-qt-moc" + fi + + econf \ + $(use_with X x) \ + $(use_enable gtk) \ + $(use_enable python) \ + $(use_enable mono) \ + $(use_enable kernel_linux dnotify) \ + --disable-gcj \ + $(use_enable selinux) \ + $(use_enable debug verbose-mode) \ + $(use_enable debug asserts) \ + --enable-glib \ + --with-xml=expat \ + --with-system-pid-file=/var/run/dbus.pid \ + --with-system-socket=/var/run/dbus/system_bus_socket \ + --with-session-socket-dir=/tmp \ + --with-dbus-user=messagebus \ + --localstatedir=/var \ + $(use_enable doc doxygen-docs) \ + --disable-xml-docs \ + ${myconf} \ + || die "econf failed" + + # Don't build the mono examples, they require gtk-sharp + touch ${S}/mono/example/{bus-listener,echo-{server,client}}.exe + + # after the compile, it uses a selinuxfs interface to + # check if the SELinux policy has the right support + use selinux && addwrite /selinux/access + + emake || die "make failed" +} + +src_test() { + DBUS_VERBOSE=1 make check || die "make check failed" +} + +src_install() { + make DESTDIR="${D}" install || die "make install failed" + + # initscript + newinitd "${FILESDIR}"/dbus.init-0.61 dbus + + # dbus X session script (#77504) + # FIXME : turns out to only work for GDM, better solution needed + exeinto /etc/X11/xinit/xinitrc.d/ + doexe "${FILESDIR}"/30-dbus + + # needs to exist for the system socket + keepdir /var/run/dbus + + keepdir /usr/lib/dbus-1.0/services + keepdir /usr/share/dbus-1/services + + dodoc AUTHORS ChangeLog HACKING NEWS README doc/TODO + if use doc; then + dohtml doc/*html + fi +} + +pkg_preinst() { + enewgroup messagebus || die "Problem adding messagebus group" + enewuser messagebus -1 "-1" -1 messagebus || die "Problem adding messagebus user" +} + +pkg_postrm() { + if [ -d "${ROOT}"/usr/lib/python*/site-packages/dbus ]; then + python_mod_cleanup "${ROOT}"/usr/lib/python*/site-packages/dbus + fi +} + +pkg_postinst() { + if [ -d "${ROOT}"/usr/lib/python*/site-packages/dbus ]; then + python_mod_optimize "${ROOT}"/usr/lib/python*/site-packages/dbus + fi + + einfo "To start the DBUS system-wide messagebus by default" + einfo "you should add it to the default runlevel :" + einfo "\`rc-update add dbus default\`" + echo + einfo "Currently have it installed and running?" + einfo "Run etc-update and then run the following:" + einfo "\`/etc/init.d/dbus reload\`" +} diff --git a/sys-apps/dbus/files/dbus-0.62-match-rule-security-fix.patch b/sys-apps/dbus/files/dbus-0.62-match-rule-security-fix.patch new file mode 100644 index 000000000000..125daab99aaf --- /dev/null +++ b/sys-apps/dbus/files/dbus-0.62-match-rule-security-fix.patch @@ -0,0 +1,13 @@ +diff -pur 0.61-osso23/bus/signals.c 0.61-osso23.new/bus/signals.c +--- 0.61-osso23/bus/signals.c 2006-11-23 16:46:52.589602192 +0200 ++++ 0.61-osso23.new/bus/signals.c 2006-11-23 16:49:28.873843376 +0200 +@@ -1067,6 +1067,9 @@ match_rule_equal (BusMatchRule *a, + if (a->flags != b->flags) + return FALSE; + ++ if (a->matches_go_to != b->matches_go_to) ++ return FALSE; ++ + if ((a->flags & BUS_MATCH_MESSAGE_TYPE) && + a->message_type != b->message_type) + return FALSE; diff --git a/sys-apps/dbus/files/digest-dbus-0.62-r2 b/sys-apps/dbus/files/digest-dbus-0.62-r2 new file mode 100644 index 000000000000..34d498e01b3c --- /dev/null +++ b/sys-apps/dbus/files/digest-dbus-0.62-r2 @@ -0,0 +1,3 @@ +MD5 ba7692f63d0e9f1ef06703dff56cb650 dbus-0.62.tar.gz 1737361 +RMD160 d653b25726ec96eb324761ebf9efb4a50d1590c0 dbus-0.62.tar.gz 1737361 +SHA256 884cc2083add655df57acc7bb144c61e9beeabf08ef76fa86929a58d7bc96707 dbus-0.62.tar.gz 1737361 -- 2.26.2