Hello community, here is the log from the commit of package dbus-1 for openSUSE:Factory checked in at 2014-09-17 21:23:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dbus-1 (Old) and /work/SRC/openSUSE:Factory/.dbus-1.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dbus-1" Changes: -------- --- /work/SRC/openSUSE:Factory/dbus-1/dbus-1-x11.changes 2014-07-27 08:25:39.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.dbus-1.new/dbus-1-x11.changes 2014-09-17 21:23:50.000000000 +0200 @@ -1,0 +2,46 @@ +Tue Sep 16 16:21:06 UTC 2014 - [email protected] + +- Update to 1.8.8: + + Security fixes: + - Do not accept an extra fd in the padding of a cmsg message, + which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635, + fdo#83622, bnc#896453; Simon McVittie) + - Reduce default for maximum Unix file descriptors passed per + message from 1024 to 16, preventing a uid with the default maximum + number of connections from exhausting the system bus' file + descriptors under Linux's default rlimit. Distributors or system + administrators with a more restrictive fd limit may wish to reduce + these limits further. + Additionally, on Linux this prevents a second denial of service + in which the dbus-daemon can be made to exceed the maximum number + of fds per sendmsg() and disconnect the process that would have + received them. (CVE-2014-3636, fdo#82820, bnc#896453; Alban Crequy) + - Disconnect connections that still have a fd pending unmarshalling + after a new configurable limit, pending_fd_timeout (defaulting to + 150 seconds), removing the possibility of creating an abusive + connection that cannot be disconnected by setting up a circular + reference to a connection's file descriptor. (CVE-2014-3637, + fdo#80559, bnc#896453; Alban Crequy) + - Reduce default for maximum pending replies per connection from + 8192 to 128, mitigating an algorithmic complexity + denial-of-service attack (CVE-2014-3638, fdo#81053, bnc#896453; + Alban Crequy) + - Reduce default for authentication timeout on the system bus from + 30 seconds to 5 seconds, avoiding denial of service by using up + all unauthenticated connection slots; and when all unauthenticated + connection slots are used up, make new connection attempts block + instead of disconnecting them. (CVE-2014-3639, fdo#80919, + bnc#896453; Alban Crequy) + + Other fixes: + - Check for libsystemd from systemd >= 209, falling back to the + older separate libraries if not found (Umut Tezduyar Lindskog, + Simon McVittie) + - On Linux, use prctl() to disable core dumps from a test executable + that deliberately raises SIGSEGV to test dbus-daemon's handling + of that condition (fdo#83772, Simon McVittie) + - Fix compilation with --enable-stats (fdo#81043, Gentoo #507232; + Alban Crequy) + - Improve documentation for running tests on Windows (fdo#41252, + Ralf Habacker) + +------------------------------------------------------------------- @@ -19 +65 @@ - - On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, + - On Linux >= 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, dbus-1.changes: same change Old: ---- dbus-1.8.6.tar.gz New: ---- dbus-1.8.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dbus-1-x11.spec ++++++ --- /var/tmp/diff_new_pack.LfTtZy/_old 2014-09-17 21:23:51.000000000 +0200 +++ /var/tmp/diff_new_pack.LfTtZy/_new 2014-09-17 21:23:51.000000000 +0200 @@ -46,7 +46,7 @@ BuildRequires: libexpat-devel BuildRequires: libtool BuildRequires: pkg-config -Version: 1.8.6 +Version: 1.8.8 Release: 0 # Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz dbus-1.spec: same change ++++++ dbus-1.8.6.tar.gz -> dbus-1.8.8.tar.gz ++++++ ++++ 1909 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/NEWS new/dbus-1.8.8/NEWS --- old/dbus-1.8.6/NEWS 2014-06-30 15:17:34.000000000 +0200 +++ new/dbus-1.8.8/NEWS 2014-09-15 13:42:33.000000000 +0200 @@ -1,3 +1,60 @@ +D-Bus 1.8.8 (2014-09-16) +== + +The "smashy smashy egg man" release. + +Security fixes: + +• Do not accept an extra fd in the padding of a cmsg message, which + could lead to a 4-byte heap buffer overrun. + (CVE-2014-3635, fd.o #83622; Simon McVittie) + +• Reduce default for maximum Unix file descriptors passed per message + from 1024 to 16, preventing a uid with the default maximum number of + connections from exhausting the system bus' file descriptors under + Linux's default rlimit. Distributors or system administrators with a + more restrictive fd limit may wish to reduce these limits further. + + Additionally, on Linux this prevents a second denial of service + in which the dbus-daemon can be made to exceed the maximum number + of fds per sendmsg() and disconnect the process that would have + received them. + (CVE-2014-3636, fd.o #82820; Alban Crequy) + +• Disconnect connections that still have a fd pending unmarshalling after + a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), + removing the possibility of creating an abusive connection that cannot be + disconnected by setting up a circular reference to a connection's + file descriptor. + (CVE-2014-3637, fd.o #80559; Alban Crequy) + +• Reduce default for maximum pending replies per connection from 8192 to 128, + mitigating an algorithmic complexity denial-of-service attack + (CVE-2014-3638, fd.o #81053; Alban Crequy) + +• Reduce default for authentication timeout on the system bus from + 30 seconds to 5 seconds, avoiding denial of service by using up + all unauthenticated connection slots; and when all unauthenticated + connection slots are used up, make new connection attempts block + instead of disconnecting them. + (CVE-2014-3639, fd.o #80919; Alban Crequy) + +Other fixes: + +• Check for libsystemd from systemd >= 209, falling back to + the older separate libraries if not found (Umut Tezduyar Lindskog, + Simon McVittie) + +• On Linux, use prctl() to disable core dumps from a test executable + that deliberately raises SIGSEGV to test dbus-daemon's handling + of that condition (fd.o #83772, Simon McVittie) + +• Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232; + Alban Crequy) + +• Improve documentation for running tests on Windows (fd.o #41252, + Ralf Habacker) + D-Bus 1.8.6 (2014-06-02) == diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/README.win new/dbus-1.8.8/README.win --- old/dbus-1.8.6/README.win 2014-01-25 13:39:24.000000000 +0100 +++ new/dbus-1.8.8/README.win 2014-09-09 20:51:47.000000000 +0200 @@ -13,7 +13,7 @@ Supported compilers ------------------- -On windows Microsoft Visual Studio 2010 (Express and professional variants) +On windows Microsoft Visual Studio 2010 (Express and professional variants) and mingw-w64|32 are known to work. Building @@ -30,14 +30,19 @@ Tests ----- + - run complete test suite + make check + or + ctest [-V] + - dbus library check - bin\test-dbus.exe <build-root>\test\data + ctest [-V] -R test-dbus - bus daemon check - bin\test-bus.exe <build-root>\test\data + ctest [-V] -R test-bus - check available names - bin\test_names.exe + ctest [-V] -R test-names - check if dbus-daemon is accessable bin\dbus-send.exe --session --type=method_call --print-reply --dest=org.freedesktop.DBus / org.freedesktop.DBus.ListNames method return sender=org.freedesktop.DBus -> dest=:1.4 array [ string "org.freedesktop.DBus"string ":1.4"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/bus/bus.c new/dbus-1.8.8/bus/bus.c --- old/dbus-1.8.6/bus/bus.c 2014-01-25 13:39:24.000000000 +0100 +++ new/dbus-1.8.8/bus/bus.c 2014-09-15 13:29:28.000000000 +0200 @@ -39,6 +39,7 @@ #include <dbus/dbus-hash.h> #include <dbus/dbus-credentials.h> #include <dbus/dbus-internals.h> +#include <dbus/dbus-server-protected.h> #ifdef DBUS_CYGWIN #include <signal.h> @@ -68,6 +69,7 @@ unsigned int keep_umask : 1; unsigned int allow_anonymous : 1; unsigned int systemd_activation : 1; + dbus_bool_t watches_enabled; }; static dbus_int32_t server_data_slot = -1; @@ -758,6 +760,8 @@ goto failed; } + context->watches_enabled = TRUE; + context->registry = bus_registry_new (context); if (context->registry == NULL) { @@ -1237,6 +1241,12 @@ } int +bus_context_get_pending_fd_timeout (BusContext *context) +{ + return context->limits.pending_fd_timeout; +} + +int bus_context_get_max_completed_connections (BusContext *context) { return context->limits.max_completed_connections; @@ -1658,3 +1668,36 @@ _dbus_verbose ("security policy allowing message\n"); return TRUE; } + +void +bus_context_check_all_watches (BusContext *context) +{ + DBusList *link; + dbus_bool_t enabled = TRUE; + + if (bus_connections_get_n_incomplete (context->connections) >= + bus_context_get_max_incomplete_connections (context)) + { + enabled = FALSE; + } + + if (context->watches_enabled == enabled) + return; + + context->watches_enabled = enabled; + + for (link = _dbus_list_get_first_link (&context->servers); + link != NULL; + link = _dbus_list_get_next_link (&context->servers, link)) + { + /* A BusContext might contains several DBusServer (if there are + * several <listen> configuration items) and a DBusServer might + * contain several DBusWatch in its DBusWatchList (if getaddrinfo + * returns several addresses on a dual IPv4-IPv6 stack or if + * systemd passes several fds). + * We want to enable/disable them all. + */ + DBusServer *server = link->data; + _dbus_server_toggle_all_watches (server, enabled); + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/bus/bus.h new/dbus-1.8.8/bus/bus.h --- old/dbus-1.8.6/bus/bus.h 2014-01-25 13:39:24.000000000 +0100 +++ new/dbus-1.8.8/bus/bus.h 2014-09-15 13:29:28.000000000 +0200 @@ -54,6 +54,7 @@ long max_message_unix_fds; /**< Max number of unix fds of a single message*/ int activation_timeout; /**< How long to wait for an activation to time out */ int auth_timeout; /**< How long to wait for an authentication to time out */ + int pending_fd_timeout; /**< How long to wait for a D-Bus message with a fd to time out */ int max_completed_connections; /**< Max number of authorized connections */ int max_incomplete_connections; /**< Max number of incomplete connections */ int max_connections_per_user; /**< Max number of connections auth'd as same user */ @@ -106,6 +107,7 @@ DBusError *error); int bus_context_get_activation_timeout (BusContext *context); int bus_context_get_auth_timeout (BusContext *context); +int bus_context_get_pending_fd_timeout (BusContext *context); int bus_context_get_max_completed_connections (BusContext *context); int bus_context_get_max_incomplete_connections (BusContext *context); int bus_context_get_max_connections_per_user (BusContext *context); @@ -125,5 +127,6 @@ DBusConnection *proposed_recipient, DBusMessage *message, DBusError *error); +void bus_context_check_all_watches (BusContext *context); #endif /* BUS_BUS_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/bus/config-parser.c new/dbus-1.8.8/bus/config-parser.c --- old/dbus-1.8.6/bus/config-parser.c 2014-01-25 13:39:24.000000000 +0100 +++ new/dbus-1.8.8/bus/config-parser.c 2014-09-15 13:29:28.000000000 +0200 @@ -438,7 +438,12 @@ * and legitimate auth will fail. If interactive auth (ask user for * password) is allowed, then potentially it has to be quite long. */ - parser->limits.auth_timeout = 30000; /* 30 seconds */ + parser->limits.auth_timeout = 5000; /* 5 seconds */ + + /* Do not allow a fd to stay forever in dbus-daemon + * https://bugs.freedesktop.org/show_bug.cgi?id=80559 + */ + parser->limits.pending_fd_timeout = 150000; /* 2.5 minutes */ parser->limits.max_incomplete_connections = 64; parser->limits.max_connections_per_user = 256; @@ -467,7 +472,7 @@ /* this is effectively a limit on message queue size for messages * that require a reply */ - parser->limits.max_replies_per_connection = 1024*8; + parser->limits.max_replies_per_connection = 128; } parser->refcount = 1; @@ -1902,6 +1907,12 @@ must_be_int = TRUE; parser->limits.auth_timeout = value; } + else if (strcmp (name, "pending_fd_timeout") == 0) + { + must_be_positive = TRUE; + must_be_int = TRUE; + parser->limits.pending_fd_timeout = value; + } else if (strcmp (name, "reply_timeout") == 0) { must_be_positive = TRUE; @@ -3108,6 +3119,7 @@ || a->max_message_unix_fds == b->max_message_unix_fds || a->activation_timeout == b->activation_timeout || a->auth_timeout == b->auth_timeout + || a->pending_fd_timeout == b->pending_fd_timeout || a->max_completed_connections == b->max_completed_connections || a->max_incomplete_connections == b->max_incomplete_connections || a->max_connections_per_user == b->max_connections_per_user diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/bus/connection.c new/dbus-1.8.8/bus/connection.c --- old/dbus-1.8.6/bus/connection.c 2014-01-25 13:39:24.000000000 +0100 +++ new/dbus-1.8.8/bus/connection.c 2014-09-15 13:30:32.000000000 +0200 @@ -33,6 +33,7 @@ #include <dbus/dbus-list.h> #include <dbus/dbus-hash.h> #include <dbus/dbus-timeout.h> +#include <dbus/dbus-connection-internal.h> /* Trim executed commands to this length; we want to keep logs readable */ #define MAX_LOG_COMMAND_LEN 50 @@ -102,6 +103,8 @@ int peak_match_rules; int peak_bus_names; #endif + int n_pending_unix_fds; + DBusTimeout *pending_unix_fds_timeout; } BusConnectionData; static dbus_bool_t bus_pending_reply_expired (BusExpireList *list, @@ -268,6 +271,15 @@ dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL); + + if (d->pending_unix_fds_timeout) + { + _dbus_loop_remove_timeout (bus_context_get_loop (d->connections->context), + d->pending_unix_fds_timeout); + _dbus_timeout_unref (d->pending_unix_fds_timeout); + } + d->pending_unix_fds_timeout = NULL; + _dbus_connection_set_pending_fds_function (connection, NULL, NULL); bus_connection_remove_transactions (connection); @@ -293,6 +305,10 @@ _dbus_list_remove_link (&d->connections->incomplete, d->link_in_connection_list); d->link_in_connection_list = NULL; d->connections->n_incomplete -= 1; + + /* If we have dropped below the max. number of incomplete + * connections, start accept()ing again */ + bus_context_check_all_watches (d->connections->context); } _dbus_assert (d->connections->n_incomplete >= 0); @@ -588,6 +604,42 @@ return FALSE; } +static void +check_pending_fds_cb (DBusConnection *connection) +{ + BusConnectionData *d = BUS_CONNECTION_DATA (connection); + int n_pending_unix_fds_old = d->n_pending_unix_fds; + int n_pending_unix_fds_new; + + n_pending_unix_fds_new = _dbus_connection_get_pending_fds_count (connection); + + _dbus_verbose ("Pending fds count changed on connection %p: %d -> %d\n", + connection, n_pending_unix_fds_old, n_pending_unix_fds_new); + + if (n_pending_unix_fds_old == 0 && n_pending_unix_fds_new > 0) + { + _dbus_timeout_set_interval (d->pending_unix_fds_timeout, + bus_context_get_pending_fd_timeout (d->connections->context)); + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, TRUE); + } + + if (n_pending_unix_fds_old > 0 && n_pending_unix_fds_new == 0) + { + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, FALSE); + } + + + d->n_pending_unix_fds = n_pending_unix_fds_new; +} + +static dbus_bool_t +pending_unix_fds_timeout_cb (void *data) +{ + DBusConnection *connection = data; + dbus_connection_close (connection); + return TRUE; +} + dbus_bool_t bus_connections_setup_connection (BusConnections *connections, DBusConnection *connection) @@ -683,36 +735,38 @@ } } + /* Setup pending fds timeout (see #80559) */ + d->pending_unix_fds_timeout = _dbus_timeout_new (100, /* irrelevant */ + pending_unix_fds_timeout_cb, + connection, NULL); + if (d->pending_unix_fds_timeout == NULL) + goto out; + + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, FALSE); + if (!_dbus_loop_add_timeout (bus_context_get_loop (connections->context), + d->pending_unix_fds_timeout)) + goto out; + + _dbus_connection_set_pending_fds_function (connection, + (DBusPendingFdsChangeFunction) check_pending_fds_cb, + connection); + _dbus_list_append_link (&connections->incomplete, d->link_in_connection_list); connections->n_incomplete += 1; dbus_connection_ref (connection); - /* Note that we might disconnect ourselves here, but it only takes - * effect on return to the main loop. We call this to free up - * expired connections if possible, and to queue the timeout for our - * own expiration. - */ bus_connections_expire_incomplete (connections); - /* And we might also disconnect ourselves here, but again it - * only takes effect on return to main loop. - */ - if (connections->n_incomplete > - bus_context_get_max_incomplete_connections (connections->context)) - { - _dbus_verbose ("Number of incomplete connections exceeds max, dropping oldest one\n"); - - _dbus_assert (connections->incomplete != NULL); - /* Disconnect the oldest unauthenticated connection. FIXME - * would it be more secure to drop a *random* connection? This - * algorithm seems to mean that if someone can create new - * connections quickly enough, they can keep anyone else from - * completing authentication. But random may or may not really - * help with that, a more elaborate solution might be required. - */ - dbus_connection_close (connections->incomplete->data); - } + /* The listening socket is removed from the main loop, + * i.e. does not accept(), while n_incomplete is at its + * maximum value; so we shouldn't get here in that case */ + _dbus_assert (connections->n_incomplete <= + bus_context_get_max_incomplete_connections (connections->context)); + + /* If we have the maximum number of incomplete connections, + * stop accept()ing any more, to avert a DoS. See fd.o #80919 */ + bus_context_check_all_watches (d->connections->context); retval = TRUE; @@ -744,6 +798,13 @@ dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL); + if (d->pending_unix_fds_timeout) + _dbus_timeout_unref (d->pending_unix_fds_timeout); + + d->pending_unix_fds_timeout = NULL; + + _dbus_connection_set_pending_fds_function (connection, NULL, NULL); + if (d->link_in_connection_list != NULL) { _dbus_assert (d->link_in_connection_list->next == NULL); @@ -1419,6 +1480,10 @@ _dbus_assert (d->connections->n_incomplete >= 0); _dbus_assert (d->connections->n_completed > 0); + /* If we have dropped below the max. number of incomplete + * connections, start accept()ing again */ + bus_context_check_all_watches (d->connections->context); + /* See if we can remove the timeout */ bus_connections_expire_incomplete (d->connections); @@ -2348,7 +2413,6 @@ return TRUE; } -#ifdef DBUS_ENABLE_STATS int bus_connections_get_n_active (BusConnections *connections) { @@ -2361,6 +2425,7 @@ return connections->n_incomplete; } +#ifdef DBUS_ENABLE_STATS int bus_connections_get_total_match_rules (BusConnections *connections) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/bus/connection.h new/dbus-1.8.8/bus/connection.h --- old/dbus-1.8.6/bus/connection.h 2014-01-25 13:39:24.000000000 +0100 +++ new/dbus-1.8.8/bus/connection.h 2014-09-15 13:28:36.000000000 +0200 @@ -139,9 +139,10 @@ void *data, DBusFreeFunction free_data_function); -/* called by stats.c, only present if DBUS_ENABLE_STATS */ int bus_connections_get_n_active (BusConnections *connections); int bus_connections_get_n_incomplete (BusConnections *connections); + +/* called by stats.c, only present if DBUS_ENABLE_STATS */ int bus_connections_get_total_match_rules (BusConnections *connections); int bus_connections_get_peak_match_rules (BusConnections *connections); int bus_connections_get_peak_match_rules_per_conn (BusConnections *connections); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/bus/session.conf.in new/dbus-1.8.8/bus/session.conf.in --- old/dbus-1.8.6/bus/session.conf.in 2014-01-25 13:39:24.000000000 +0100 +++ new/dbus-1.8.8/bus/session.conf.in 2014-09-15 13:29:28.000000000 +0200 @@ -49,9 +49,11 @@ <limit name="max_outgoing_bytes">1000000000</limit> <limit name="max_outgoing_unix_fds">250000000</limit> <limit name="max_message_size">1000000000</limit> - <limit name="max_message_unix_fds">@DEFAULT_MESSAGE_UNIX_FDS@</limit> + <!-- We do not override max_message_unix_fds here since the in-kernel + limit is also relatively low --> <limit name="service_start_timeout">120000</limit> <limit name="auth_timeout">240000</limit> + <limit name="pending_fd_timeout">150000</limit> <limit name="max_completed_connections">100000</limit> <limit name="max_incomplete_connections">10000</limit> <limit name="max_connections_per_user">100000</limit> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/bus/stats.c new/dbus-1.8.8/bus/stats.c --- old/dbus-1.8.6/bus/stats.c 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/bus/stats.c 2014-09-04 16:42:01.000000000 +0200 @@ -40,6 +40,7 @@ DBusMessage *message, DBusError *error) { + BusContext *context; BusConnections *connections; DBusMessage *reply = NULL; DBusMessageIter iter, arr_iter; @@ -48,7 +49,8 @@ _DBUS_ASSERT_ERROR_IS_CLEAR (error); - connections = bus_context_get_connections (transaction->context); + context = bus_transaction_get_context (transaction); + connections = bus_context_get_connections (context); reply = _dbus_asv_new_method_return (message, &iter, &arr_iter); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/cmake/CMakeLists.txt new/dbus-1.8.8/cmake/CMakeLists.txt --- old/dbus-1.8.6/cmake/CMakeLists.txt 2014-03-03 16:41:30.000000000 +0100 +++ new/dbus-1.8.8/cmake/CMakeLists.txt 2014-09-15 13:27:24.000000000 +0200 @@ -417,10 +417,6 @@ set (DBUS_USER ) -# In Autotools this has a different default on QNX, but there seems little -# point in replicating that here; if you're on an unusual Unix, use Autotools. -set (DEFAULT_MESSAGE_UNIX_FDS 1024) - # This won't work on Windows. It's not meant to - the system bus is # meaningless on Windows anyway. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/cmake/config.h.cmake new/dbus-1.8.8/cmake/config.h.cmake --- old/dbus-1.8.6/cmake/config.h.cmake 2014-03-03 16:41:30.000000000 +0100 +++ new/dbus-1.8.8/cmake/config.h.cmake 2014-09-15 13:27:24.000000000 +0200 @@ -82,8 +82,6 @@ # define DBUS_ENABLE_X11_AUTOLAUNCH 1 #endif -#define DBUS_DEFAULT_MESSAGE_UNIX_FDS @DEFAULT_MESSAGE_UNIX_FDS@ - #define _DBUS_VA_COPY_ASSIGN(a1,a2) { a1 = a2; } #cmakedefine DBUS_VA_COPY_FUNC diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/config.h.in new/dbus-1.8.8/config.h.in --- old/dbus-1.8.6/config.h.in 2014-06-30 15:24:27.000000000 +0200 +++ new/dbus-1.8.8/config.h.in 2014-09-15 13:47:02.000000000 +0200 @@ -39,9 +39,6 @@ /* Directory for installing DBUS data files */ #undef DBUS_DATADIR -/* Default for dbus_connection_get_max_message_unix_fds() */ -#undef DBUS_DEFAULT_MESSAGE_UNIX_FDS - /* Disable assertion checking */ #undef DBUS_DISABLE_ASSERT @@ -269,6 +266,12 @@ /* Have POSIX function getpwnam_r */ #undef HAVE_POSIX_GETPWNAM_R +/* Define to 1 if you have the `prctl' function. */ +#undef HAVE_PRCTL + +/* Define to 1 if you have the `raise' function. */ +#undef HAVE_RAISE + /* SELinux support */ #undef HAVE_SELINUX @@ -317,6 +320,9 @@ /* Define to 1 if you have the <sys/inotify.h> header file. */ #undef HAVE_SYS_INOTIFY_H +/* Define to 1 if you have the <sys/prctl.h> header file. */ +#undef HAVE_SYS_PRCTL_H + /* Define to 1 if you have the <sys/resource.h> header file. */ #undef HAVE_SYS_RESOURCE_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/configure.ac new/dbus-1.8.8/configure.ac --- old/dbus-1.8.6/configure.ac 2014-06-30 15:17:56.000000000 +0200 +++ new/dbus-1.8.8/configure.ac 2014-09-15 13:42:50.000000000 +0200 @@ -3,7 +3,7 @@ m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [8]) -m4_define([dbus_micro_version], [6]) +m4_define([dbus_micro_version], [8]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=6 +LT_REVISION=7 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has @@ -598,6 +598,10 @@ AC_CHECK_DECLS([LOG_PERROR], [], [], [[#include <syslog.h>]]) fi +# For test-segfault.c +AC_CHECK_HEADERS_ONCE([sys/prctl.h]) +AC_CHECK_FUNCS_ONCE([prctl raise]) + #### Check for broken poll; taken from Glib's configure AC_MSG_CHECKING([for broken poll]) @@ -1143,10 +1147,13 @@ if test x$enable_systemd = xno ; then have_systemd=no; else - PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32], - have_systemd=yes, - have_systemd=no) + PKG_CHECK_MODULES([SYSTEMD], + [libsystemd >= 209], + [have_systemd=yes], + [PKG_CHECK_MODULES([SYSTEMD], + [libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32], + [have_systemd=yes], + [have_systemd=no])]) fi if test x$have_systemd = xyes; then @@ -1235,17 +1242,6 @@ AC_DEFINE([WITH_VALGRIND], [1], [Define to add Valgrind instrumentation]) fi -# Determine maximum number of Unix fds which may be passed -AS_CASE([$host_os], - [*qnx*], - [DEFAULT_MESSAGE_UNIX_FDS=256], - [*], - [DEFAULT_MESSAGE_UNIX_FDS=1024]) -AC_DEFINE_UNQUOTED([DBUS_DEFAULT_MESSAGE_UNIX_FDS], - [$DEFAULT_MESSAGE_UNIX_FDS], - [Default for dbus_connection_get_max_message_unix_fds()]) -AC_SUBST([DEFAULT_MESSAGE_UNIX_FDS]) - #### Set up final flags LIBDBUS_LIBS="$THREAD_LIBS $NETWORK_libs" AC_SUBST([LIBDBUS_LIBS]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-connection-internal.h new/dbus-1.8.8/dbus/dbus-connection-internal.h --- old/dbus-1.8.6/dbus/dbus-connection-internal.h 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-connection-internal.h 2014-09-15 13:30:29.000000000 +0200 @@ -44,6 +44,8 @@ /** default timeout value when waiting for a message reply, 25 seconds */ #define _DBUS_DEFAULT_TIMEOUT_VALUE (25 * 1000) +typedef void (* DBusPendingFdsChangeFunction) (void *data); + void _dbus_connection_lock (DBusConnection *connection); void _dbus_connection_unlock (DBusConnection *connection); DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection); @@ -100,6 +102,10 @@ DBusMutex **io_path_mutex_loc, DBusCondVar **dispatch_cond_loc, DBusCondVar **io_path_cond_loc); +int _dbus_connection_get_pending_fds_count (DBusConnection *connection); +void _dbus_connection_set_pending_fds_function (DBusConnection *connection, + DBusPendingFdsChangeFunction callback, + void *data); /* if DBUS_ENABLE_STATS */ void _dbus_connection_get_stats (DBusConnection *connection, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-connection.c new/dbus-1.8.8/dbus/dbus-connection.c --- old/dbus-1.8.6/dbus/dbus-connection.c 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-connection.c 2014-09-15 13:30:29.000000000 +0200 @@ -2549,6 +2549,33 @@ dbus_pending_call_unref (pending); } +/** + * Return how many file descriptors are pending in the loader + * + * @param connection the connection + */ +int +_dbus_connection_get_pending_fds_count (DBusConnection *connection) +{ + return _dbus_transport_get_pending_fds_count (connection->transport); +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param connection the connection + * @param callback the callback + */ +void +_dbus_connection_set_pending_fds_function (DBusConnection *connection, + DBusPendingFdsChangeFunction callback, + void *data) +{ + _dbus_transport_set_pending_fds_function (connection->transport, + callback, data); +} + /** @} */ /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-internals.h new/dbus-1.8.8/dbus/dbus-internals.h --- old/dbus-1.8.6/dbus/dbus-internals.h 2014-04-28 15:59:29.000000000 +0200 +++ new/dbus-1.8.8/dbus/dbus-internals.h 2014-09-15 13:31:02.000000000 +0200 @@ -371,7 +371,7 @@ #define _DBUS_PASTE(a, b) _DBUS_PASTE2 (a, b) #define _DBUS_STATIC_ASSERT(expr) \ typedef struct { char _assertion[(expr) ? 1 : -1]; } \ - _DBUS_PASTE (_DBUS_STATIC_ASSERT_, __LINE__) + _DBUS_PASTE (_DBUS_STATIC_ASSERT_, __LINE__) _DBUS_GNUC_UNUSED DBUS_END_DECLS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-macros.h new/dbus-1.8.8/dbus/dbus-macros.h --- old/dbus-1.8.6/dbus/dbus-macros.h 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-macros.h 2014-09-15 13:31:02.000000000 +0200 @@ -69,9 +69,12 @@ __attribute__((__format__ (__printf__, format_idx, arg_idx))) #define _DBUS_GNUC_NORETURN \ __attribute__((__noreturn__)) +#define _DBUS_GNUC_UNUSED \ + __attribute__((__unused__)) #else /* !__GNUC__ */ #define _DBUS_GNUC_PRINTF( format_idx, arg_idx ) #define _DBUS_GNUC_NORETURN +#define _DBUS_GNUC_UNUSED #endif /* !__GNUC__ */ #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-message-internal.h new/dbus-1.8.8/dbus/dbus-message-internal.h --- old/dbus-1.8.6/dbus/dbus-message-internal.h 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-message-internal.h 2014-09-15 13:30:29.000000000 +0200 @@ -96,6 +96,10 @@ void _dbus_message_loader_set_max_message_unix_fds(DBusMessageLoader *loader, long n); long _dbus_message_loader_get_max_message_unix_fds(DBusMessageLoader *loader); +int _dbus_message_loader_get_pending_fds_count (DBusMessageLoader *loader); +void _dbus_message_loader_set_pending_fds_function (DBusMessageLoader *loader, + void (* callback) (void *), + void *data); typedef struct DBusInitialFDs DBusInitialFDs; DBusInitialFDs *_dbus_check_fdleaks_enter (void); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-message-private.h new/dbus-1.8.8/dbus/dbus-message-private.h --- old/dbus-1.8.6/dbus/dbus-message-private.h 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-message-private.h 2014-09-15 13:30:29.000000000 +0200 @@ -80,6 +80,8 @@ int *unix_fds; /**< File descriptors that have been read from the transport but not yet been handed to any message. Array will be allocated at first use. */ unsigned n_unix_fds_allocated; /**< Number of file descriptors this array has space for */ unsigned n_unix_fds; /**< Number of valid file descriptors in array */ + void (* unix_fds_change) (void *); /**< Notify when the pending fds change */ + void *unix_fds_change_data; #endif }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-message.c new/dbus-1.8.8/dbus/dbus-message.c --- old/dbus-1.8.6/dbus/dbus-message.c 2014-06-11 13:24:39.000000000 +0200 +++ new/dbus-1.8.8/dbus/dbus-message.c 2014-09-15 13:30:29.000000000 +0200 @@ -35,6 +35,7 @@ #include "dbus-list.h" #include "dbus-threads-internal.h" #ifdef HAVE_UNIX_FD_PASSING +#include "dbus-sysdeps.h" #include "dbus-sysdeps-unix.h" #endif @@ -4058,6 +4059,9 @@ loader->n_unix_fds += n_fds; loader->unix_fds_outstanding = FALSE; + + if (n_fds && loader->unix_fds_change) + loader->unix_fds_change (loader->unix_fds_change_data); #else _dbus_assert_not_reached("Platform doesn't support unix fd passing"); #endif @@ -4205,6 +4209,9 @@ message->n_unix_fds_allocated = message->n_unix_fds = n_unix_fds; loader->n_unix_fds -= n_unix_fds; memmove (loader->unix_fds, loader->unix_fds + n_unix_fds, loader->n_unix_fds * sizeof (loader->unix_fds[0])); + + if (loader->unix_fds_change) + loader->unix_fds_change (loader->unix_fds_change_data); } else message->unix_fds = NULL; @@ -4498,6 +4505,40 @@ return loader->max_message_unix_fds; } +/** + * Return how many file descriptors are pending in the loader + * + * @param loader the loader + */ +int +_dbus_message_loader_get_pending_fds_count (DBusMessageLoader *loader) +{ +#ifdef HAVE_UNIX_FD_PASSING + return loader->n_unix_fds; +#else + return 0; +#endif +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param loader the loader + * @param callback the callback + * @param data the data for the callback + */ +void +_dbus_message_loader_set_pending_fds_function (DBusMessageLoader *loader, + void (* callback) (void *), + void *data) +{ +#ifdef HAVE_UNIX_FD_PASSING + loader->unix_fds_change = callback; + loader->unix_fds_change_data = data; +#endif +} + static DBusDataSlotAllocator slot_allocator = _DBUS_DATA_SLOT_ALLOCATOR_INIT (_DBUS_LOCK_NAME (message_slots)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-server-protected.h new/dbus-1.8.8/dbus/dbus-server-protected.h --- old/dbus-1.8.6/dbus/dbus-server-protected.h 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-server-protected.h 2014-09-15 13:28:36.000000000 +0200 @@ -99,9 +99,8 @@ DBusWatch *watch); void _dbus_server_remove_watch (DBusServer *server, DBusWatch *watch); -void _dbus_server_toggle_watch (DBusServer *server, - DBusWatch *watch, - dbus_bool_t enabled); +void _dbus_server_toggle_all_watches (DBusServer *server, + dbus_bool_t enabled); dbus_bool_t _dbus_server_add_timeout (DBusServer *server, DBusTimeout *timeout); void _dbus_server_remove_timeout (DBusServer *server, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-server.c new/dbus-1.8.8/dbus/dbus-server.c --- old/dbus-1.8.6/dbus/dbus-server.c 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-server.c 2014-09-15 13:28:36.000000000 +0200 @@ -312,26 +312,17 @@ } /** - * Toggles a watch and notifies app via server's - * DBusWatchToggledFunction if available. It's an error to call this - * function on a watch that was not previously added. + * Toggles all watch and notifies app via server's + * DBusWatchToggledFunction if available. * * @param server the server. - * @param watch the watch to toggle. * @param enabled whether to enable or disable */ void -_dbus_server_toggle_watch (DBusServer *server, - DBusWatch *watch, - dbus_bool_t enabled) +_dbus_server_toggle_all_watches (DBusServer *server, + dbus_bool_t enabled) { - _dbus_assert (watch != NULL); - - HAVE_LOCK_CHECK (server); - protected_change_watch (server, watch, - NULL, NULL, - _dbus_watch_list_toggle_watch, - enabled); + _dbus_watch_list_toggle_all_watches (server->watches, enabled); } /** Function to be called in protected_change_timeout() with refcount held */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-sysdeps-unix.c new/dbus-1.8.8/dbus/dbus-sysdeps-unix.c --- old/dbus-1.8.6/dbus/dbus-sysdeps-unix.c 2014-04-28 15:59:54.000000000 +0200 +++ new/dbus-1.8.8/dbus/dbus-sysdeps-unix.c 2014-09-15 13:31:12.000000000 +0200 @@ -320,6 +320,12 @@ m.msg_control = alloca(m.msg_controllen); memset(m.msg_control, 0, m.msg_controllen); + /* Do not include the padding at the end when we tell the kernel + * how much we're willing to receive. This avoids getting + * the padding filled with additional fds that we weren't expecting, + * if a (potentially malicious) sender included them. (fd.o #83622) */ + m.msg_controllen = CMSG_LEN (*n_fds * sizeof(int)); + again: bytes_read = recvmsg(fd, &m, 0 @@ -359,18 +365,49 @@ for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) { - unsigned i; - - _dbus_assert(cm->cmsg_len <= CMSG_LEN(*n_fds * sizeof(int))); - *n_fds = (cm->cmsg_len - CMSG_LEN(0)) / sizeof(int); + size_t i; + int *payload = (int *) CMSG_DATA (cm); + size_t payload_len_bytes = (cm->cmsg_len - CMSG_LEN (0)); + size_t payload_len_fds = payload_len_bytes / sizeof (int); + size_t fds_to_use; + + /* Every non-negative int fits in a size_t without truncation, + * and we already know that *n_fds is non-negative, so + * casting (size_t) *n_fds is OK */ + _DBUS_STATIC_ASSERT (sizeof (size_t) >= sizeof (int)); + + if (_DBUS_LIKELY (payload_len_fds <= (size_t) *n_fds)) + { + /* The fds in the payload will fit in our buffer */ + fds_to_use = payload_len_fds; + } + else + { + /* Too many fds in the payload. This shouldn't happen + * any more because we're setting m.msg_controllen to + * the exact number we can accept, but be safe and + * truncate. */ + fds_to_use = (size_t) *n_fds; + + /* Close the excess fds to avoid DoS: if they stayed open, + * someone could send us an extra fd per message + * and we'd eventually run out. */ + for (i = fds_to_use; i < payload_len_fds; i++) + { + close (payload[i]); + } + } - memcpy(fds, CMSG_DATA(cm), *n_fds * sizeof(int)); + memcpy (fds, payload, fds_to_use * sizeof (int)); found = TRUE; + /* This cannot overflow because we have chosen fds_to_use + * to be <= *n_fds */ + *n_fds = (int) fds_to_use; /* Linux doesn't tell us whether MSG_CMSG_CLOEXEC actually worked, hence we need to go through this list and set CLOEXEC everywhere in any case */ - for (i = 0; i < *n_fds; i++) + for (i = 0; i < fds_to_use; i++) _dbus_fd_set_close_on_exec(fds[i]); break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-sysdeps.h new/dbus-1.8.8/dbus/dbus-sysdeps.h --- old/dbus-1.8.6/dbus/dbus-sysdeps.h 2014-06-30 15:08:47.000000000 +0200 +++ new/dbus-1.8.8/dbus/dbus-sysdeps.h 2014-09-15 13:27:24.000000000 +0200 @@ -558,6 +558,14 @@ const char * _dbus_replace_install_prefix (const char *configure_time_path); +/* Do not set this too high: it is a denial-of-service risk. + * See <https://bugs.freedesktop.org/show_bug.cgi?id=82820> + * + * (This needs to be in the non-Unix-specific header so that + * the config-parser can use it.) + */ +#define DBUS_DEFAULT_MESSAGE_UNIX_FDS 16 + /** @} */ DBUS_END_DECLS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-transport.c new/dbus-1.8.8/dbus/dbus-transport.c --- old/dbus-1.8.6/dbus/dbus-transport.c 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-transport.c 2014-09-15 13:30:29.000000000 +0200 @@ -1512,6 +1512,33 @@ transport->allow_anonymous = value != FALSE; } +/** + * Return how many file descriptors are pending in the loader + * + * @param transport the transport + */ +int +_dbus_transport_get_pending_fds_count (DBusTransport *transport) +{ + return _dbus_message_loader_get_pending_fds_count (transport->loader); +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param transport the transport + * @param callback the callback + */ +void +_dbus_transport_set_pending_fds_function (DBusTransport *transport, + void (* callback) (void *), + void *data) +{ + _dbus_message_loader_set_pending_fds_function (transport->loader, + callback, data); +} + #ifdef DBUS_ENABLE_STATS void _dbus_transport_get_stats (DBusTransport *transport, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-transport.h new/dbus-1.8.8/dbus/dbus-transport.h --- old/dbus-1.8.6/dbus/dbus-transport.h 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-transport.h 2014-09-15 13:30:29.000000000 +0200 @@ -97,6 +97,10 @@ const char **mechanisms); void _dbus_transport_set_allow_anonymous (DBusTransport *transport, dbus_bool_t value); +int _dbus_transport_get_pending_fds_count (DBusTransport *transport); +void _dbus_transport_set_pending_fds_function (DBusTransport *transport, + void (* callback) (void *), + void *data); /* if DBUS_ENABLE_STATS */ void _dbus_transport_get_stats (DBusTransport *transport, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-watch.c new/dbus-1.8.8/dbus/dbus-watch.c --- old/dbus-1.8.6/dbus/dbus-watch.c 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-watch.c 2014-09-15 13:28:36.000000000 +0200 @@ -455,6 +455,27 @@ } /** + * Sets all watches to the given enabled state, invoking the + * application's DBusWatchToggledFunction if appropriate. + * + * @param watch_list the watch list. + * @param enabled #TRUE to enable + */ +void +_dbus_watch_list_toggle_all_watches (DBusWatchList *watch_list, + dbus_bool_t enabled) +{ + DBusList *link; + + for (link = _dbus_list_get_first_link (&watch_list->watches); + link != NULL; + link = _dbus_list_get_next_link (&watch_list->watches, link)) + { + _dbus_watch_list_toggle_watch (watch_list, link->data, enabled); + } +} + +/** * Sets the handler for the watch. * * @todo this function only exists because of the weird diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/dbus/dbus-watch.h new/dbus-1.8.8/dbus/dbus-watch.h --- old/dbus-1.8.6/dbus/dbus-watch.h 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/dbus/dbus-watch.h 2014-09-15 13:28:36.000000000 +0200 @@ -76,6 +76,8 @@ void _dbus_watch_list_toggle_watch (DBusWatchList *watch_list, DBusWatch *watch, dbus_bool_t enabled); +void _dbus_watch_list_toggle_all_watches (DBusWatchList *watch_list, + dbus_bool_t enabled); dbus_bool_t _dbus_watch_get_enabled (DBusWatch *watch); dbus_bool_t _dbus_watch_get_oom_last_time (DBusWatch *watch); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/doc/dbus-daemon.1.xml.in new/dbus-1.8.8/doc/dbus-daemon.1.xml.in --- old/dbus-1.8.6/doc/dbus-daemon.1.xml.in 2014-01-25 13:39:25.000000000 +0100 +++ new/dbus-1.8.8/doc/dbus-daemon.1.xml.in 2014-09-15 13:29:28.000000000 +0200 @@ -528,6 +528,10 @@ "auth_timeout" : milliseconds (thousandths) a connection is given to authenticate + "pending_fd_timeout" : milliseconds (thousandths) a + fd is given to be transmitted to + dbus-daemon before disconnecting the + connection "max_completed_connections" : max number of authenticated connections "max_incomplete_connections" : max number of unauthenticated connections diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.8.6/test/test-segfault.c new/dbus-1.8.8/test/test-segfault.c --- old/dbus-1.8.6/test/test-segfault.c 2014-01-25 13:39:26.000000000 +0100 +++ new/dbus-1.8.8/test/test-segfault.c 2014-09-15 13:26:23.000000000 +0200 @@ -9,18 +9,34 @@ #include <sys/resource.h> #endif +#ifdef HAVE_SYS_PRCTL_H +#include <sys/prctl.h> +#endif + int main (int argc, char **argv) { char *p; #if HAVE_SETRLIMIT + /* No core dumps please, we know we crashed. */ struct rlimit r = { 0, }; getrlimit (RLIMIT_CORE, &r); r.rlim_cur = 0; setrlimit (RLIMIT_CORE, &r); - +#endif + +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* Really, no core dumps please. On Linux, if core_pattern is + * set to a pipe (for abrt/apport/corekeeper/etc.), RLIMIT_CORE of 0 + * is ignored (deliberately, so people can debug init(8) and other + * early stuff); but Linux has PR_SET_DUMPABLE, so we can avoid core + * dumps anyway. */ + prctl (PR_SET_DUMPABLE, 0, 0, 0, 0); +#endif + +#ifdef HAVE_RAISE raise (SIGSEGV); #endif p = NULL; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
