Hello community, here is the log from the commit of package dbus-1 for openSUSE:Factory checked in at 2018-09-03 10:32:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dbus-1 (Old) and /work/SRC/openSUSE:Factory/.dbus-1.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dbus-1" Mon Sep 3 10:32:36 2018 rev:152 rq:631640 version:1.12.10 Changes: -------- --- /work/SRC/openSUSE:Factory/dbus-1/dbus-1-x11.changes 2018-04-11 13:47:57.953237560 +0200 +++ /work/SRC/openSUSE:Factory/.dbus-1.new/dbus-1-x11.changes 2018-09-03 10:32:37.544286696 +0200 @@ -1,0 +2,32 @@ +Wed Aug 22 10:40:43 UTC 2018 - [email protected] +- Update to 1.12.10 + * Changelog for 1.12.10 + • Prevent reading up to 3 bytes beyond the end of a truncated message. + This could in principle be an information leak or denial of service + on the system bus, but is not believed to be exploitable to crash + the system bus or leak interesting information in practice. + (fd.o #107332, Simon McVittie) + • Fix build with gcc 8 -Werror=cast-function-type + (fd.o #107349, Simon McVittie) + • Fix warning from gcc 8 about suspicious use of strncpy() when + populating struct sockaddr_un (fd.o #107350, Simon McVittie) + • Fix a minor memory leak when a DBusServer listens on a new address + (fd.o #107194, Simon McVittie) + • Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer + runs out of memory (fd.o #107194, Simon McVittie) + • Don't use misleading errno-derived error names if getaddrinfo() or + getnameinfo() fails with a code other than EAI_SYSTEM + (fd.o #106395, Simon McVittie) + • Skip tests that require working TCP if we are in a container environment + where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie) + * Changelog for 1.12.8 + • The Devhelp documentation index is now in version 2 format + (fd.o #106186, Simon McVittie) + • Give the dbus-daemon man page some scarier warnings about + <allow_anonymous/> and non-local TCP, which are insecure and should + not be used, particularly for the standard system and session buses + (fd.o #106004, Simon McVittie) + • Fix installation of Ducktype documentation with newer yelp-build + versions (fd.o #106171, Simon McVittie) + +------------------------------------------------------------------- @@ -2988 +3019,0 @@ - dbus-1.changes: same change Old: ---- dbus-1.12.6.tar.gz New: ---- dbus-1.12.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dbus-1-x11.spec ++++++ --- /var/tmp/diff_new_pack.KKKFnr/_old 2018-09-03 10:32:38.448289019 +0200 +++ /var/tmp/diff_new_pack.KKKFnr/_new 2018-09-03 10:32:38.452289030 +0200 @@ -23,7 +23,7 @@ %endif %bcond_without selinux Name: dbus-1-x11 -Version: 1.12.6 +Version: 1.12.10 Release: 0 Summary: D-Bus Message Bus System License: GPL-2.0-or-later OR AFL-2.1 ++++++ dbus-1.spec ++++++ --- /var/tmp/diff_new_pack.KKKFnr/_old 2018-09-03 10:32:38.476289091 +0200 +++ /var/tmp/diff_new_pack.KKKFnr/_new 2018-09-03 10:32:38.484289112 +0200 @@ -26,7 +26,7 @@ %endif %bcond_without selinux Name: dbus-1 -Version: 1.12.6 +Version: 1.12.10 Release: 0 Summary: D-Bus Message Bus System License: GPL-2.0-or-later OR AFL-2.1 @@ -302,7 +302,6 @@ %{_bindir}/dbus-monitor %{_bindir}/dbus-run-session %{_bindir}/dbus-send -%{_bindir}/dbus-send %{_bindir}/dbus-test-tool %{_bindir}/dbus-update-activation-environment %{_bindir}/dbus-uuidgen @@ -391,7 +390,7 @@ %doc %{_datadir}/doc/dbus/dbus-monitor.1.html %doc %{_datadir}/doc/dbus/dbus-send.1.html %doc %{_datadir}/doc/dbus/dbus-uuidgen.1.html -%doc %{_datadir}/doc/dbus/dbus.devhelp +%doc %{_datadir}/doc/dbus/dbus.devhelp2 %doc %{_datadir}/doc/dbus/dbus-test-tool.1.html %doc %{_datadir}/doc/dbus/dbus-update-activation-environment.1.html %doc %{_datadir}/doc/dbus/examples/GetAllMatchRules.py ++++++ dbus-1.12.6.tar.gz -> dbus-1.12.10.tar.gz ++++++ ++++ 2297 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/NEWS new/dbus-1.12.10/NEWS --- old/dbus-1.12.6/NEWS 2018-03-01 18:41:37.000000000 +0100 +++ new/dbus-1.12.10/NEWS 2018-08-02 20:27:01.000000000 +0200 @@ -1,3 +1,55 @@ +dbus 1.12.10 (2018-08-02) +========================= + +The “beam deflection” release. + +Fixes: + +• Prevent reading up to 3 bytes beyond the end of a truncated message. + This could in principle be an information leak or denial of service + on the system bus, but is not believed to be exploitable to crash + the system bus or leak interesting information in practice. + (fd.o #107332, Simon McVittie) + +• Fix build with gcc 8 -Werror=cast-function-type + (fd.o #107349, Simon McVittie) + +• Fix warning from gcc 8 about suspicious use of strncpy() when + populating struct sockaddr_un (fd.o #107350, Simon McVittie) + +• Fix a minor memory leak when a DBusServer listens on a new address + (fd.o #107194, Simon McVittie) + +• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer + runs out of memory (fd.o #107194, Simon McVittie) + +• Don't use misleading errno-derived error names if getaddrinfo() or + getnameinfo() fails with a code other than EAI_SYSTEM + (fd.o #106395, Simon McVittie) + +• Skip tests that require working TCP if we are in a container environment + where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie) + +dbus 1.12.8 (2018-04-30) +======================== + +The “golden super-velociraptor” release. + +Enhancements: + +• The Devhelp documentation index is now in version 2 format + (fd.o #106186, Simon McVittie) + +• Give the dbus-daemon man page some scarier warnings about + <allow_anonymous/> and non-local TCP, which are insecure and should + not be used, particularly for the standard system and session buses + (fd.o #106004, Simon McVittie) + +Fixes: + +• Fix installation of Ducktype documentation with newer yelp-build + versions (fd.o #106171, Simon McVittie) + dbus 1.12.6 (2018-03-01) ======================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/configure.ac new/dbus-1.12.10/configure.ac --- old/dbus-1.12.6/configure.ac 2018-02-23 11:42:06.000000000 +0100 +++ new/dbus-1.12.10/configure.ac 2018-08-02 20:34:11.000000000 +0200 @@ -3,7 +3,7 @@ m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [12]) -m4_define([dbus_micro_version], [6]) +m4_define([dbus_micro_version], [10]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -42,7 +42,7 @@ ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=6 +LT_REVISION=8 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has @@ -330,10 +330,14 @@ dnl branch dnl - missing field initializers being 0 is a C feature, not a bug dnl - unused-parameter is to make writing callbacks less annoying +dnl - cast-function-type is for the +dnl foreach(list, (DBusForeachFunction) free, NULL) idiom which would +dnl be too intrusive to replace in a stable branch DISABLE_WARNINGS="$DISABLE_WARNINGS -Wno-deprecated-declarations -Wno-missing-field-initializers - -Wno-unused-parameter" + -Wno-unused-parameter + -Wno-cast-function-type" if test x$enable_asserts = xno; then AC_DEFINE(DBUS_DISABLE_ASSERT,1,[Disable assertion checking]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/dbus/dbus-marshal-validate.c new/dbus-1.12.10/dbus/dbus-marshal-validate.c --- old/dbus-1.12.6/dbus/dbus-marshal-validate.c 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.10/dbus/dbus-marshal-validate.c 2018-08-02 20:21:35.000000000 +0200 @@ -358,8 +358,13 @@ if (current_type == DBUS_TYPE_BOOLEAN) { - dbus_uint32_t v = _dbus_unpack_uint32 (byte_order, - p); + dbus_uint32_t v; + + if (p + 4 > end) + return DBUS_INVALID_NOT_ENOUGH_DATA; + + v = _dbus_unpack_uint32 (byte_order, p); + if (!(v == 0 || v == 1)) return DBUS_INVALID_BOOLEAN_NOT_ZERO_OR_ONE; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/dbus/dbus-nonce.c new/dbus-1.12.10/dbus/dbus-nonce.c --- old/dbus-1.12.6/dbus/dbus-nonce.c 2017-11-24 14:19:04.000000000 +0100 +++ new/dbus-1.12.10/dbus/dbus-nonce.c 2018-08-02 18:16:04.000000000 +0200 @@ -367,7 +367,7 @@ return TRUE; on_error: - if (use_subdir) + if (use_subdir && _dbus_string_get_length (&noncefile->dir) != 0) _dbus_delete_directory (&noncefile->dir, NULL); _dbus_string_free (&noncefile->dir); _dbus_string_free (&noncefile->path); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/dbus/dbus-server.c new/dbus-1.12.10/dbus/dbus-server.c --- old/dbus-1.12.6/dbus/dbus-server.c 2017-11-24 14:16:30.000000000 +0100 +++ new/dbus-1.12.10/dbus/dbus-server.c 2018-08-02 18:13:02.000000000 +0200 @@ -680,6 +680,7 @@ } else { + dbus_error_free (&first_connect_error); _DBUS_ASSERT_ERROR_IS_CLEAR (error); return server; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/dbus/dbus-sysdeps-unix.c new/dbus-1.12.10/dbus/dbus-sysdeps-unix.c --- old/dbus-1.12.6/dbus/dbus-sysdeps-unix.c 2017-11-24 14:42:27.000000000 +0100 +++ new/dbus-1.12.10/dbus/dbus-sysdeps-unix.c 2018-08-02 18:13:02.000000000 +0200 @@ -913,6 +913,7 @@ int fd; size_t path_len; struct sockaddr_un addr; + _DBUS_STATIC_ASSERT (sizeof (addr.sun_path) > _DBUS_MAX_SUN_PATH_LENGTH); _DBUS_ASSERT_ERROR_IS_CLEAR (error); @@ -945,7 +946,7 @@ return -1; } - strncpy (&addr.sun_path[1], path, path_len); + strncpy (&addr.sun_path[1], path, sizeof (addr.sun_path) - 2); /* _dbus_verbose_bytes (addr.sun_path, sizeof (addr.sun_path)); */ #else /* !__linux__ */ dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, @@ -964,7 +965,7 @@ return -1; } - strncpy (addr.sun_path, path, path_len); + strncpy (addr.sun_path, path, sizeof (addr.sun_path) - 1); } if (connect (fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0) @@ -1115,6 +1116,7 @@ int listen_fd; struct sockaddr_un addr; size_t path_len; + _DBUS_STATIC_ASSERT (sizeof (addr.sun_path) > _DBUS_MAX_SUN_PATH_LENGTH); _DBUS_ASSERT_ERROR_IS_CLEAR (error); @@ -1149,7 +1151,7 @@ return -1; } - strncpy (&addr.sun_path[1], path, path_len); + strncpy (&addr.sun_path[1], path, sizeof (addr.sun_path) - 2); /* _dbus_verbose_bytes (addr.sun_path, sizeof (addr.sun_path)); */ #else /* !__linux__ */ dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, @@ -1186,7 +1188,7 @@ return -1; } - strncpy (addr.sun_path, path, path_len); + strncpy (addr.sun_path, path, sizeof (addr.sun_path) - 1); } if (bind (listen_fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0) @@ -1320,6 +1322,56 @@ #endif } +/* Convert an error code from getaddrinfo() or getnameinfo() into + * a D-Bus error name. */ +static const char * +_dbus_error_from_gai (int gai_res, + int saved_errno) +{ + switch (gai_res) + { +#ifdef EAI_FAMILY + case EAI_FAMILY: + /* ai_family not supported (at all) */ + return DBUS_ERROR_NOT_SUPPORTED; +#endif + +#ifdef EAI_SOCKTYPE + case EAI_SOCKTYPE: + /* ai_socktype not supported (at all) */ + return DBUS_ERROR_NOT_SUPPORTED; +#endif + +#ifdef EAI_MEMORY + case EAI_MEMORY: + /* Out of memory */ + return DBUS_ERROR_NO_MEMORY; +#endif + +#ifdef EAI_SYSTEM + case EAI_SYSTEM: + /* Unspecified system error, details in errno */ + return _dbus_error_from_errno (saved_errno); +#endif + + case 0: + /* It succeeded, but we didn't get any addresses? */ + return DBUS_ERROR_FAILED; + + /* EAI_AGAIN: Transient failure */ + /* EAI_BADFLAGS: invalid ai_flags (programming error) */ + /* EAI_FAIL: Non-recoverable failure */ + /* EAI_NODATA: host exists but has no addresses */ + /* EAI_NONAME: host does not exist */ + /* EAI_OVERFLOW: argument buffer overflow */ + /* EAI_SERVICE: service not available for specified socket + * type (we should never see this because we use numeric + * ports) */ + default: + return DBUS_ERROR_FAILED; + } +} + /** * Creates a socket and connects to a socket at the given host * and port. The connection fd is returned, and is set up as @@ -1379,7 +1431,7 @@ if ((res = getaddrinfo(host, port, &hints, &ai)) != 0) { dbus_set_error (error, - _dbus_error_from_errno (errno), + _dbus_error_from_gai (res, errno), "Failed to lookup host/port: \"%s:%s\": %s (%d)", host, port, gai_strerror(res), res); return _dbus_socket_get_invalid (); @@ -1501,7 +1553,7 @@ if ((res = getaddrinfo(host, port, &hints, &ai)) != 0 || !ai) { dbus_set_error (error, - _dbus_error_from_errno (errno), + _dbus_error_from_gai (res, errno), "Failed to lookup host/port: \"%s:%s\": %s (%d)", host ? host : "*", port, gai_strerror(res), res); goto failed; @@ -1601,16 +1653,26 @@ addrlen = sizeof(addr); result = getsockname(fd, (struct sockaddr*) &addr, &addrlen); - if (result == -1 || - (res = getnameinfo ((struct sockaddr*)&addr, addrlen, NULL, 0, + if (result == -1) + { + saved_errno = errno; + dbus_set_error (error, _dbus_error_from_errno (saved_errno), + "Failed to retrieve socket name for \"%s:%s\": %s", + host ? host : "*", port, _dbus_strerror (saved_errno)); + goto failed; + } + + if ((res = getnameinfo ((struct sockaddr*)&addr, addrlen, NULL, 0, portbuf, sizeof(portbuf), NI_NUMERICHOST | NI_NUMERICSERV)) != 0) { - dbus_set_error (error, _dbus_error_from_errno (errno), + saved_errno = errno; + dbus_set_error (error, _dbus_error_from_gai (res, saved_errno), "Failed to resolve port \"%s:%s\": %s (%d)", host ? host : "*", port, gai_strerror(res), res); goto failed; } + if (!_dbus_string_append(retport, portbuf)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/doc/Makefile.am new/dbus-1.12.10/doc/Makefile.am --- old/dbus-1.12.6/doc/Makefile.am 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.10/doc/Makefile.am 2018-04-27 19:18:24.000000000 +0200 @@ -57,6 +57,7 @@ YELP_STATIC_HTML = \ yelp.js \ C.css \ + highlight.pack.js \ jquery.js \ jquery.syntax.js \ jquery.syntax.brush.html.js \ @@ -97,14 +98,14 @@ @touch $@ if DBUS_HAVE_XSLTPROC -html_DATA += dbus.devhelp +html_DATA += dbus.devhelp2 -dbus.devhelp: $(srcdir)/doxygen_to_devhelp.xsl doxygen.stamp +dbus.devhelp2: $(srcdir)/doxygen_to_devhelp.xsl doxygen.stamp $(XSLTPROC) -o $@ $< api/xml/index.xml endif if DBUS_DUCKTYPE_DOCS_ENABLED -html_DATA += $(YELP_HTML) $(YELP_STATIC_HTML) +html_DATA += $(YELP_HTML) %.page: %.duck $(DUCKTYPE) -o $@ $< @@ -118,12 +119,21 @@ install-data-local:: doxygen.stamp $(MKDIR_P) $(DESTDIR)$(apidir) $(INSTALL_DATA) api/html/* $(DESTDIR)$(apidir) +if DBUS_DUCKTYPE_DOCS_ENABLED + $(AM_V_at)for x in $(YELP_STATIC_HTML); do \ + if test -e "$$x"; then \ + $(INSTALL_DATA) "$$x" $(DESTDIR)$(htmldir); \ + fi; \ + done +endif uninstall-local:: rm -f $(DESTDIR)$(apidir)/*.html rm -f $(DESTDIR)$(apidir)/*.png rm -f $(DESTDIR)$(apidir)/*.css rm -f $(DESTDIR)$(apidir)/*.js + rm -f $(DESTDIR)$(htmldir)/*.css + rm -f $(DESTDIR)$(htmldir)/*.js rm -f $(DESTDIR)$(htmldir)/*.html rm -f $(DESTDIR)$(docdir)/*.txt rm -f $(DESTDIR)$(htmldir)/*.png @@ -141,7 +151,7 @@ $(top_srcdir)/COPYING \ $(top_srcdir)/ChangeLog -dbus-docs: $(STATIC_DOCS) $(dist_dtd_DATA) $(MAN_XML_FILES) $(dist_doc_DATA) $(dist_html_DATA) $(MAN_HTML_FILES) $(BONUS_FILES) doxygen.stamp $(XMLTO_HTML) $(YELP_HTML) $(YELP_STATIC_HTML) +dbus-docs: $(STATIC_DOCS) $(dist_dtd_DATA) $(MAN_XML_FILES) $(dist_doc_DATA) $(dist_html_DATA) $(MAN_HTML_FILES) $(BONUS_FILES) doxygen.stamp $(XMLTO_HTML) $(YELP_HTML) $(AM_V_at)rm -rf $@ [email protected] $(AM_V_GEN)$(MKDIR_P) [email protected]/api $(AM_V_at)cd $(srcdir) && cp $(STATIC_DOCS) @abs_builddir@/[email protected] @@ -150,7 +160,11 @@ $(AM_V_at)cd $(srcdir) && cp $(STATIC_HTML) @abs_builddir@/[email protected] $(AM_V_at)cp $(XMLTO_HTML) @abs_builddir@/[email protected] $(AM_V_at)cp $(YELP_HTML) @abs_builddir@/[email protected] - $(AM_V_at)cp $(YELP_STATIC_HTML) @abs_builddir@/[email protected] + $(AM_V_at)for x in $(YELP_STATIC_HTML); do \ + if test -e "$$x"; then \ + cp "$$x" @abs_builddir@/[email protected]; \ + fi; \ + done $(AM_V_at)cp $(MAN_HTML_FILES) @abs_builddir@/[email protected] $(AM_V_at)cp $(MAN_XML_FILES) @abs_builddir@/[email protected] $(AM_V_at)cp $(BONUS_FILES) @abs_builddir@/[email protected] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/doc/dbus-daemon.1.xml.in new/dbus-1.12.10/doc/dbus-daemon.1.xml.in --- old/dbus-1.12.6/doc/dbus-daemon.1.xml.in 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.10/doc/dbus-daemon.1.xml.in 2018-04-25 17:49:38.000000000 +0200 @@ -148,8 +148,10 @@ <varlistentry> <term><option>--address[=ADDRESS]</option></term> <listitem> -<para>Set the address to listen on. This option overrides the address -configured in the configuration file.</para> + <para>Set the address to listen on. This option overrides the address + configured in the configuration file via the + <literal><listen></literal> directive. + See the documentation of that directive for more details.</para> </listitem> </varlistentry> <varlistentry> @@ -384,6 +386,13 @@ effect unless the ANONYMOUS mechanism has also been enabled using the <emphasis remap='I'><auth></emphasis> element, described below.</para> +<para>Using this directive in the configuration of the well-known + system bus or the well-known session bus will make that bus insecure + and should never be done. Similarly, on custom bus types, using this + directive will usually make the custom bus insecure, unless its + configuration has been specifically designed to prevent anonymous + users from causing damage or escalating privileges.</para> + <itemizedlist remap='TP'> <listitem><para><emphasis remap='I'><listen></emphasis></para></listitem> @@ -395,6 +404,47 @@ address is in the standard D-Bus format that contains a transport name plus possible parameters/options.</para> +<para>On platforms other than Windows, <literal>unix</literal>-based + transports (<literal>unix</literal>, <literal>systemd</literal>, + <literal>launchd</literal>) are the default for both the well-known + system bus and the well-known session bus, and are strongly + recommended.</para> + +<para> + On Windows, <literal>unix</literal>-based transports are not available, + so TCP-based transports must be used. + Similar to remote X11, the <literal>tcp</literal> and + <literal>nonce-tcp</literal> transports have no integrity or + confidentiality protection, so they should normally only be + used across the local loopback interface, for example using an + address like <literal>tcp:host=127.0.0.1</literal> or + <literal>nonce-tcp:host=localhost</literal>. In particular, + configuring the well-known system bus or the well-known session + bus to listen on a non-loopback TCP address is insecure. +</para> +<para> + Developers are sometimes tempted to use remote TCP as a debugging + tool. However, if this functionality is left enabled in finished + products, the result will be dangerously insecure. Instead of + using remote TCP, developers should <ulink + url="https://lists.freedesktop.org/archives/dbus/2018-April/017447.html"; + >relay connections via Secure Shell or a similar protocol</ulink>. + <!-- TODO: Ideally someone would write a more formal guide to + remote D-Bus debugging, and we could link to that instead --> +</para> +<para> + Remote TCP connections were historically sometimes used to share + a single session bus between login sessions of the same user on + different machines within a trusted local area network, in + conjunction with unencrypted remote X11, a NFS-shared home + directory and NIS (YP) authentication. This is insecure against + an attacker on the same LAN and should be considered strongly + deprecated; more specifically, it is insecure in the same ways + and for the same reasons as unencrypted remote X11 and NFSv2/NFSv3. + The D-Bus maintainers + recommend using a separate session bus per (user, machine) pair, + only accessible from within that machine. +</para> <para>Example: <listen>unix:path=/tmp/foo</listen></para> @@ -454,6 +504,10 @@ <auth> elements, all the listed mechanisms are allowed. The order in which mechanisms are listed is not meaningful.</para> +<para>On non-Windows operating systems, allowing only the + <literal>EXTERNAL</literal> authentication + mechanism is strongly recommended. This is the default for the + well-known system bus and for the well-known session bus.</para> <para>Example: <auth>EXTERNAL</auth></para> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/doc/doxygen_to_devhelp.xsl new/dbus-1.12.10/doc/doxygen_to_devhelp.xsl --- old/dbus-1.12.6/doc/doxygen_to_devhelp.xsl 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.10/doc/doxygen_to_devhelp.xsl 2018-04-23 18:46:01.000000000 +0200 @@ -10,7 +10,13 @@ <xsl:template match="/"> <book title="D-Bus: A system for interprocess communication" name="dbus" - link="dbus-tutorial.html"> + link="{$prefix}/api/index.html" + xmlns="http://www.devhelp.net/book"; + version="2" + online="https://dbus.freedesktop.org/doc/"; + author="D-Bus contributors" + language="c" + > <chapters> <sub name="Tutorial" link="{$prefix}dbus-tutorial.html"/> <sub name="FAQ" link="{$prefix}dbus-faq.html"/> @@ -32,7 +38,7 @@ <xsl:param name="link"><xsl:value-of select="$before"/>.html#<xsl:value-of select="$after"/></xsl:param> <xsl:if test="starts-with($name,'dbus') or starts-with($name, 'DBus')"> <xsl:if test="starts-with($refid,'group__') and contains($refid, '_1')"> - <function name="{$name}" link="{$prefix}api/{$link}"/> + <keyword xmlns="http://www.devhelp.net/book"; type="function" name="{$name}" link="{$prefix}api/{$link}"/> </xsl:if> </xsl:if> </xsl:template> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/test/corrupt.c new/dbus-1.12.10/test/corrupt.c --- old/dbus-1.12.6/test/corrupt.c 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.10/test/corrupt.c 2018-06-04 18:56:05.000000000 +0200 @@ -36,6 +36,7 @@ typedef struct { DBusError e; TestMainContext *ctx; + gboolean skip; DBusServer *server; DBusConnection *server_conn; @@ -85,6 +86,14 @@ dbus_error_init (&f->e); g_queue_init (&f->client_messages); + if ((g_str_has_prefix (addr, "tcp:") || + g_str_has_prefix (addr, "nonce-tcp:")) && + !test_check_tcp_works ()) + { + f->skip = TRUE; + return; + } + f->server = dbus_server_listen (addr, &f->e); assert_no_error (&f->e); g_assert (f->server != NULL); @@ -101,6 +110,9 @@ dbus_bool_t have_mem; char *address = NULL; + if (f->skip) + return; + g_assert (f->server_conn == NULL); address = dbus_server_get_address (f->server); @@ -129,6 +141,9 @@ dbus_uint32_t serial; DBusMessage *outgoing, *incoming; + if (f->skip) + return; + test_connect (f, addr); outgoing = dbus_message_new_signal ("/com/example/Hello", @@ -213,6 +228,9 @@ int fd; DBusMessage *incoming; + if (f->skip) + return; + test_message (f, addr); dbus_connection_flush (f->server_conn); @@ -277,6 +295,9 @@ DBusMessage *message; dbus_bool_t mem; + if (f->skip) + return; + test_message (f, addr); message = dbus_message_new_signal ("/", "a.b", "c"); @@ -395,5 +416,10 @@ g_test_add ("/corrupt/byte-order/tcp", Fixture, "tcp:host=127.0.0.1", setup, test_byte_order, teardown); +#ifdef DBUS_UNIX + g_test_add ("/corrupt/byte-order/unix", Fixture, "unix:tmpdir=/tmp", setup, + test_byte_order, teardown); +#endif + return g_test_run (); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/test/fdpass.c new/dbus-1.12.10/test/fdpass.c --- old/dbus-1.12.6/test/fdpass.c 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.10/test/fdpass.c 2018-06-04 18:56:05.000000000 +0200 @@ -79,6 +79,7 @@ typedef struct { TestMainContext *ctx; DBusError e; + gboolean skip; DBusServer *server; @@ -172,6 +173,9 @@ { char *address; + if (f->skip) + return; + g_assert (f->left_server_conn == NULL); g_assert (f->right_server_conn == NULL); @@ -251,6 +255,14 @@ dbus_error_init (&f->e); g_queue_init (&f->messages); + if ((g_str_has_prefix (address, "tcp:") || + g_str_has_prefix (address, "nonce-tcp:")) && + !test_check_tcp_works ()) + { + f->skip = TRUE; + return; + } + f->server = dbus_server_listen (address, &f->e); assert_no_error (&f->e); g_assert (f->server != NULL); @@ -289,6 +301,9 @@ test_unsupported (Fixture *f, gconstpointer data) { + if (f->skip) + return; + test_connect (f, FALSE); if (dbus_connection_can_send_type (f->left_client_conn, @@ -321,6 +336,9 @@ struct stat stat_before; struct stat stat_after; + if (f->skip) + return; + test_connect (f, TRUE); outgoing = dbus_message_new_signal ("/com/example/Hello", @@ -403,6 +421,9 @@ DBusMessage *outgoing, *incoming; int i; + if (f->skip) + return; + test_connect (f, TRUE); outgoing = dbus_message_new_signal ("/com/example/Hello", @@ -461,6 +482,9 @@ DBusMessage *outgoing; unsigned int i; + if (f->skip) + return; + test_connect (f, TRUE); outgoing = dbus_message_new_signal ("/com/example/Hello", @@ -513,6 +537,12 @@ DBusString buffer; int fds[TOO_MANY_FDS]; int done; +#ifdef HAVE_GETRLIMIT + struct rlimit lim; +#endif + + if (f->skip) + return; /* This test deliberately pushes up against OS limits, so skip it * if we don't have enough fds. 4 times the maximum per message @@ -520,8 +550,6 @@ * we actually send, the copy that we potentially receive, and some * spare capacity for everything else. */ #ifdef HAVE_GETRLIMIT - struct rlimit lim; - if (getrlimit (RLIMIT_NOFILE, &lim) == 0) { if (lim.rlim_cur != RLIM_INFINITY && @@ -643,6 +671,9 @@ DBusMessage *outgoing[SOME_MESSAGES]; dbus_uint32_t serial; + if (f->skip) + return; + test_connect (f, TRUE); for (j = 0; j < SOME_MESSAGES; j++) @@ -715,6 +746,9 @@ DBusMessage *outgoing; int i; + if (f->skip) + return; + test_connect (f, TRUE); dbus_connection_set_max_message_unix_fds (f->left_server_conn, 7); dbus_connection_set_max_message_unix_fds (f->right_server_conn, 7); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/test/internals/refs.c new/dbus-1.12.10/test/internals/refs.c --- old/dbus-1.12.6/test/internals/refs.c 2018-02-08 15:07:21.000000000 +0100 +++ new/dbus-1.12.10/test/internals/refs.c 2018-06-04 18:56:04.000000000 +0200 @@ -223,7 +223,12 @@ dbus_error_init (&f->e); +#ifdef DBUS_UNIX + f->server = dbus_server_listen ("unix:tmpdir=/tmp", &f->e); +#else f->server = dbus_server_listen ("tcp:host=127.0.0.1", &f->e); +#endif + assert_no_error (&f->e); g_assert (f->server != NULL); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/test/internals/server-oom.c new/dbus-1.12.10/test/internals/server-oom.c --- old/dbus-1.12.6/test/internals/server-oom.c 2017-11-24 14:48:05.000000000 +0100 +++ new/dbus-1.12.10/test/internals/server-oom.c 2018-06-04 18:56:05.000000000 +0200 @@ -38,30 +38,14 @@ /* Return TRUE if the right thing happens, but the right thing might include * OOM. */ static dbus_bool_t -test_new_tcp (void *user_data) +test_new_server (void *user_data) { + const char *listen_address = user_data; DBusError error = DBUS_ERROR_INIT; DBusServer *server = NULL; - dbus_bool_t use_nonce = FALSE; - const char *bind = "localhost"; - const char *family = NULL; dbus_bool_t result = FALSE; - if (user_data != NULL) - { - if (strcmp (user_data, "nonce") == 0) - use_nonce = TRUE; - - if (strcmp (user_data, "star") == 0) - bind = "*"; - - if (strcmp (user_data, "v4") == 0) - family = "ipv4"; - } - - server = _dbus_server_new_for_tcp_socket ("localhost", bind, - "0", family, &error, - use_nonce); + server = dbus_server_listen (listen_address, &error); if (server == NULL) goto out; @@ -100,6 +84,11 @@ { const OOMTestCase *test = data; + if ((g_str_has_prefix (test->data, "tcp:") || + g_str_has_prefix (test->data, "nonce-tcp:")) && + !test_check_tcp_works ()) + return; + if (!_dbus_test_oom_handling (test->name, test->function, (void *) test->data)) { @@ -136,10 +125,13 @@ test_init (&argc, &argv); test_cases_to_free = g_queue_new (); - add_oom_test ("/server/new-tcp", test_new_tcp, NULL); - add_oom_test ("/server/new-nonce-tcp", test_new_tcp, "nonce"); - add_oom_test ("/server/new-tcp-star", test_new_tcp, "star"); - add_oom_test ("/server/new-tcp-v4", test_new_tcp, "v4"); + add_oom_test ("/server/new-tcp", test_new_server, "tcp:host=127.0.0.1,bind=127.0.0.1"); + add_oom_test ("/server/new-nonce-tcp", test_new_server, "nonce-tcp:host=127.0.0.1,bind=127.0.0.1"); + add_oom_test ("/server/new-tcp-star", test_new_server, "tcp:host=127.0.0.1,bind=*"); + add_oom_test ("/server/new-tcp-v4", test_new_server, "tcp:host=127.0.0.1,bind=127.0.0.1,family=ipv4"); +#ifdef DBUS_UNIX + add_oom_test ("/server/unix", test_new_server, "unix:tmpdir=/tmp"); +#endif ret = g_test_run (); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/test/loopback.c new/dbus-1.12.10/test/loopback.c --- old/dbus-1.12.6/test/loopback.c 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.10/test/loopback.c 2018-06-04 18:56:05.000000000 +0200 @@ -40,6 +40,7 @@ typedef struct { TestMainContext *ctx; DBusError e; + gboolean skip; DBusServer *server; DBusConnection *server_conn; @@ -97,6 +98,14 @@ dbus_error_init (&f->e); g_queue_init (&f->server_messages); + if ((g_str_has_prefix (addr, "tcp:") || + g_str_has_prefix (addr, "nonce-tcp:")) && + !test_check_tcp_works ()) + { + f->skip = TRUE; + return; + } + f->server = dbus_server_listen (addr, &f->e); assert_no_error (&f->e); g_assert (f->server != NULL); @@ -124,6 +133,9 @@ setup (f, addr); + if (f->skip) + return; + listening_at = dbus_server_get_address (f->server); g_test_message ("listening at %s", listening_at); g_assert (g_str_has_prefix (listening_at, "unix:path=")); @@ -146,6 +158,9 @@ setup (f, addr); + if (f->skip) + return; + listening_at = dbus_server_get_address (f->server); g_test_message ("listening at %s", listening_at); /* we have fallen back to something in /tmp, either abstract or not */ @@ -166,6 +181,9 @@ int n_entries; dbus_bool_t ok; + if (f->skip) + return; + g_assert (f->server_conn == NULL); address = dbus_server_get_address (f->server); @@ -266,13 +284,17 @@ gconstpointer addr G_GNUC_UNUSED) { DBusMessage *incoming; - char *address = dbus_server_get_address (f->server); + char *address; gchar *guid; + if (f->skip) + return; + g_test_bug ("39720"); g_assert (f->server_conn == NULL); + address = dbus_server_get_address (f->server); g_assert (strstr (address, "guid=") != NULL); guid = strstr (address, "guid="); g_assert_cmpuint (strlen (guid), >=, 5 + 32); @@ -328,6 +350,9 @@ dbus_uint32_t serial; DBusMessage *outgoing, *incoming; + if (f->skip) + return; + test_connect (f, addr); outgoing = dbus_message_new_signal ("/com/example/Hello", @@ -439,6 +464,9 @@ g_test_add ("/message/nonce-tcp", Fixture, "nonce-tcp:host=127.0.0.1", setup, test_message, teardown); + g_test_add ("/message/bad-guid/tcp", Fixture, "tcp:host=127.0.0.1", setup, + test_bad_guid, teardown); + #ifdef DBUS_UNIX g_test_add ("/connect/unix/tmpdir", Fixture, "unix:tmpdir=/tmp", setup, test_connect, teardown); @@ -455,10 +483,10 @@ g_test_add ("/connect/unix/no-runtime", Fixture, "unix:runtime=yes;unix:tmpdir=/tmp", setup_no_runtime, test_connect, teardown_no_runtime); -#endif - g_test_add ("/message/bad-guid", Fixture, "tcp:host=127.0.0.1", setup, + g_test_add ("/message/bad-guid/unix", Fixture, "unix:tmpdir=/tmp", setup, test_bad_guid, teardown); +#endif return g_test_run (); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/test/relay.c new/dbus-1.12.10/test/relay.c --- old/dbus-1.12.6/test/relay.c 2018-02-08 15:07:21.000000000 +0100 +++ new/dbus-1.12.10/test/relay.c 2018-06-04 18:56:05.000000000 +0200 @@ -46,6 +46,7 @@ typedef struct { TestMainContext *ctx; DBusError e; + gboolean skip; DBusServer *server; @@ -120,7 +121,7 @@ static void setup (Fixture *f, - gconstpointer data G_GNUC_UNUSED) + gconstpointer address) { test_timeout_reset (1); @@ -128,7 +129,15 @@ dbus_error_init (&f->e); g_queue_init (&f->messages); - f->server = dbus_server_listen ("tcp:host=127.0.0.1", &f->e); + if ((g_str_has_prefix (address, "tcp:") || + g_str_has_prefix (address, "nonce-tcp:")) && + !test_check_tcp_works ()) + { + f->skip = TRUE; + return; + } + + f->server = dbus_server_listen (address, &f->e); assert_no_error (&f->e); g_assert (f->server != NULL); @@ -144,6 +153,9 @@ dbus_bool_t have_mem; char *address; + if (f->skip) + return; + g_assert (f->left_server_conn == NULL); g_assert (f->right_server_conn == NULL); @@ -205,6 +217,9 @@ { DBusMessage *incoming; + if (f->skip) + return; + test_connect (f, data); send_one (f, "First"); @@ -237,6 +252,9 @@ DBusMessage *incoming; guint i; + if (f->skip) + return; + test_connect (f, data); /* This was an attempt to reproduce fd.o #34393. It didn't work. */ @@ -321,12 +339,21 @@ { test_init (&argc, &argv); - g_test_add ("/connect", Fixture, NULL, setup, + g_test_add ("/connect/tcp", Fixture, "tcp:host=127.0.0.1", setup, + test_connect, teardown); + g_test_add ("/relay/tcp", Fixture, "tcp:host=127.0.0.1", setup, + test_relay, teardown); + g_test_add ("/limit/tcp", Fixture, "tcp:host=127.0.0.1", setup, + test_limit, teardown); + +#ifdef DBUS_UNIX + g_test_add ("/connect/unix", Fixture, "unix:tmpdir=/tmp", setup, test_connect, teardown); - g_test_add ("/relay", Fixture, NULL, setup, + g_test_add ("/relay/unix", Fixture, "unix:tmpdir=/tmp", setup, test_relay, teardown); - g_test_add ("/limit", Fixture, NULL, setup, + g_test_add ("/limit/unix", Fixture, "unix:tmpdir=/tmp", setup, test_limit, teardown); +#endif return g_test_run (); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/test/test-utils-glib.c new/dbus-1.12.10/test/test-utils-glib.c --- old/dbus-1.12.6/test/test-utils-glib.c 2018-02-08 15:07:21.000000000 +0100 +++ new/dbus-1.12.10/test/test-utils-glib.c 2018-06-04 18:56:24.000000000 +0200 @@ -34,8 +34,10 @@ # include <io.h> # include <windows.h> #else +# include <netdb.h> # include <signal.h> # include <unistd.h> +# include <sys/socket.h> # include <sys/types.h> # include <pwd.h> #endif @@ -645,3 +647,58 @@ g_strerror (saved_errno)); } } + +gboolean +test_check_tcp_works (void) +{ +#ifdef DBUS_UNIX + /* In pathological container environments, we might not have a + * working 127.0.0.1 */ + int res; + struct addrinfo *addrs = NULL; + struct addrinfo hints; + int saved_errno; + + _DBUS_ZERO (hints); +#ifdef AI_ADDRCONFIG + hints.ai_flags |= AI_ADDRCONFIG; +#endif + hints.ai_flags = AI_ADDRCONFIG; + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + res = getaddrinfo ("127.0.0.1", "0", &hints, &addrs); + saved_errno = errno; + + if (res != 0) + { + const gchar *system_message; + gchar *skip_message; + +#ifdef EAI_SYSTEM + if (res == EAI_SYSTEM) + system_message = g_strerror (saved_errno); + else +#endif + system_message = gai_strerror (res); + + skip_message = g_strdup_printf ("Name resolution does not work here: " + "getaddrinfo(\"127.0.0.1\", \"0\", " + "{flags=ADDRCONFIG, family=INET," + "socktype=STREAM, protocol=TCP}): " + "%s", + system_message); + g_test_skip (skip_message); + free (skip_message); + } + + if (addrs != NULL) + freeaddrinfo (addrs); + + return (res == 0); +#else + /* Assume that on Windows, TCP always works */ + return TRUE; +#endif +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.6/test/test-utils-glib.h new/dbus-1.12.10/test/test-utils-glib.h --- old/dbus-1.12.6/test/test-utils-glib.h 2018-02-08 15:07:21.000000000 +0100 +++ new/dbus-1.12.10/test/test-utils-glib.h 2018-06-04 18:56:05.000000000 +0200 @@ -106,4 +106,6 @@ } #endif +gboolean test_check_tcp_works (void); + #endif
