pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q4]: pkgsrc/sysutils/dbus pullup ticket #2627,#2631 - requ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/bd222e878d00
branches: pkgsrc-2008Q4
changeset: 552224:bd222e878d00
user: rtr <rtr%pkgsrc.org@localhost>
date: Sun Jan 11 05:55:56 2009 +0000
description:
pullup ticket #2627,#2631 - requested by wiz,he
dbus: update for security and build fix
revisions pulled up:
pkgsrc/sysutils/dbus/Makefile 1.40,1.41,1.42
pkgsrc/sysutils/dbus/distinfo 1.32,1.33
pkgsrc/sysutils/dbus/patches/patch-aa 1.10
pkgsrc/sysutils/dbus/patches/patch-ab 1.17
pkgsrc/sysutils/dbus/patches/patch-ad 1.5
Module Name: pkgsrc
Committed By: wiz
Date: Wed Jan 7 19:11:36 UTC 2009
Modified Files:
pkgsrc/sysutils/dbus: Makefile distinfo
pkgsrc/sysutils/dbus/patches: patch-aa
Added Files:
pkgsrc/sysutils/dbus/patches: patch-ad
Log Message:
Update to 1.2.4.2 on the "permissive" branch.
This addresses the security problem CVE-2008-4311. For more
details, read
http://lists.freedesktop.org/archives/dbus/2008-December/010769.html
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Fri Jan 9 21:47:33 UTC 2009
Modified Files:
pkgsrc/sysutils/dbus: Makefile distinfo
pkgsrc/sysutils/dbus/patches: patch-ab
Log Message:
Update from version 1.2.4.2 to version 1.2.4.2nb1.
Log Message:
Update from version 1.2.4.2 to version 1.2.4.2nb1.
Pkgsrc changes:
o Modify one of the patches with a patch reported as part of
PR#40347 to make this package build on NetBSD 4.0 and probably
earlier versions as well. Many thanks to Hasso Tepper for the
patch.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Fri Jan 9 21:54:15 UTC 2009
Modified Files:
pkgsrc/sysutils/dbus: Makefile
Log Message:
Update from version 1.2.4.2nb1 to 1.2.4.2nb2.
Pkgsrc changes:
o Add BUILDLINK_TRANSFORM settings which deactivate -fPIE and -pie
in the compiler invocation. The configure script of this package
checks to see if gcc accepts those options, and uses them if it
does. However, apparently that does not mean that we universally
will be able to run the resulting executables -- on NetBSD/4.0
macppc the run-time linker says
"Unsupported relocation type 6 in non-PLT relocations"
Tested that the dbus-daemon executable remains runnable on both i386
and that it is so now on macppc.
Thanks to jmcneill@ and joerg@ for hints leading to this fix.
diffstat:
sysutils/dbus/Makefile | 11 +++-
sysutils/dbus/distinfo | 13 +++--
sysutils/dbus/patches/patch-aa | 10 ++--
sysutils/dbus/patches/patch-ab | 96 +++++++++++++++++++++++++++++++++++------
sysutils/dbus/patches/patch-ad | 14 ++++++
5 files changed, 116 insertions(+), 28 deletions(-)
diffs (255 lines):
diff -r 76952a7a3e72 -r bd222e878d00 sysutils/dbus/Makefile
--- a/sysutils/dbus/Makefile Fri Jan 09 10:51:08 2009 +0000
+++ b/sysutils/dbus/Makefile Sun Jan 11 05:55:56 2009 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.38 2008/11/23 01:40:26 jmcneill Exp $
+# $NetBSD: Makefile,v 1.38.2.1 2009/01/11 05:55:56 rtr Exp $
-DISTNAME= dbus-1.2.4
-PKGREVISION= 3
+DISTNAME= dbus-1.2.4.2permissive
+PKGNAME= dbus-1.2.4.2
+PKGREVISION= 2
CATEGORIES= sysutils
MASTER_SITES= http://dbus.freedesktop.org/releases/dbus/
@@ -94,6 +95,10 @@
FILES_SUBST+= DBUS_GROUP=${DBUS_GROUP}
BUILDLINK_TRANSFORM+= rm:-Wl,--gc-sections
+# Package tries to use these if gcc accepts them, but that doesn't
+# mean that we universally can *run* the executables
+BUILDLINK_TRANSFORM+= rm:-fPIE
+BUILDLINK_TRANSFORM+= rm:-pie
.include "options.mk"
diff -r 76952a7a3e72 -r bd222e878d00 sysutils/dbus/distinfo
--- a/sysutils/dbus/distinfo Fri Jan 09 10:51:08 2009 +0000
+++ b/sysutils/dbus/distinfo Sun Jan 11 05:55:56 2009 +0000
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.30 2008/11/23 01:40:26 jmcneill Exp $
+$NetBSD: distinfo,v 1.30.2.1 2009/01/11 05:55:56 rtr Exp $
-SHA1 (dbus-1.2.4.tar.gz) = 913d796b79802b6ee6ca2b0ef59c670f3fd79774
-RMD160 (dbus-1.2.4.tar.gz) = 0441eb8b668ed70250e484b02fe6a83c05c9a088
-Size (dbus-1.2.4.tar.gz) = 1564370 bytes
-SHA1 (patch-aa) = 2486dfe8a9c80cf10e099ce20f60d14de84e8adb
-SHA1 (patch-ab) = c6718fa46bf4befab0d7cd1c7d698b81922f7021
+SHA1 (dbus-1.2.4.2permissive.tar.gz) = eefcff01a368717f3a3516ae97856a224930fe70
+RMD160 (dbus-1.2.4.2permissive.tar.gz) = 21db1a10f33e7b9f86d06e7b33ae43b97674ec6b
+Size (dbus-1.2.4.2permissive.tar.gz) = 1574034 bytes
+SHA1 (patch-aa) = fd7cc2e11e15e13885e882e8de51e17af8a63d70
+SHA1 (patch-ab) = b2761914edfe2c7666c5412abf79c5d7b87a2006
SHA1 (patch-ac) = afec419973f339e846dc109866148529f80998b3
+SHA1 (patch-ad) = d537acca7285868ef8f6e8dee3a20717b1e5b4b2
SHA1 (patch-ag) = 999071b782982c12329025ea8e393bfed940b654
SHA1 (patch-ai) = a45bd8d29955e9c14a4d8b3f44b42242d70c1cd8
SHA1 (patch-ak) = 56c0a917e770b8d6ffc37ec7ab8beb631dd8ef72
diff -r 76952a7a3e72 -r bd222e878d00 sysutils/dbus/patches/patch-aa
--- a/sysutils/dbus/patches/patch-aa Fri Jan 09 10:51:08 2009 +0000
+++ b/sysutils/dbus/patches/patch-aa Sun Jan 11 05:55:56 2009 +0000
@@ -1,9 +1,9 @@
-$NetBSD: patch-aa,v 1.9 2008/11/21 21:27:36 wiz Exp $
+$NetBSD: patch-aa,v 1.9.2.1 2009/01/11 05:55:56 rtr Exp $
---- bus/Makefile.in.orig 2008-10-06 21:20:15.000000000 +0000
+--- bus/Makefile.in.orig 2008-12-18 21:47:13.000000000 +0100
+++ bus/Makefile.in
-@@ -412,9 +412,10 @@ target_os = @target_os@
- target_vendor = @target_vendor@
+@@ -415,9 +415,10 @@ target_vendor = @target_vendor@
+ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-configdir = $(sysconfdir)/dbus-1
@@ -15,7 +15,7 @@
-DDAEMON_NAME=\"dbus-daemon\" -DDBUS_COMPILATION
EFENCE =
-@@ -1291,16 +1292,13 @@ install-data-hook:
+@@ -1294,16 +1295,13 @@ install-data-hook:
chmod 755 $(DESTDIR)$(DBUS_DAEMONDIR); \
fi
$(INSTALL_PROGRAM) dbus-daemon $(DESTDIR)$(DBUS_DAEMONDIR)
diff -r 76952a7a3e72 -r bd222e878d00 sysutils/dbus/patches/patch-ab
--- a/sysutils/dbus/patches/patch-ab Fri Jan 09 10:51:08 2009 +0000
+++ b/sysutils/dbus/patches/patch-ab Sun Jan 11 05:55:56 2009 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-ab,v 1.15 2008/11/23 01:40:26 jmcneill Exp $
+$NetBSD: patch-ab,v 1.15.2.1 2009/01/11 05:55:56 rtr Exp $
---- dbus/dbus-sysdeps-unix.c.orig 2008-10-06 17:14:50.000000000 -0400
-+++ dbus/dbus-sysdeps-unix.c
+--- dbus/dbus-sysdeps-unix.c.orig 2008-12-18 22:35:53 +0200
++++ dbus/dbus-sysdeps-unix.c 2009-01-09 13:49:43 +0200
@@ -23,6 +23,7 @@
*/
@@ -73,8 +73,45 @@
/* NOOP just to make sure only one codepath is used
* and to prefer CMSGCRED
*/
-@@ -1138,6 +1172,9 @@ _dbus_read_credentials_socket (int
- struct cmsgcred cred;
+@@ -1041,9 +1075,9 @@ write_credentials_byte (int
+ int bytes_written;
+ char buf[1] = { '\0' };
+ #if defined(HAVE_CMSGCRED)
+- struct {
++ union {
+ struct cmsghdr hdr;
+- struct cmsgcred cred;
++ char cred[CMSG_SPACE (sizeof (struct cmsgcred))];
+ } cmsg;
+ struct iovec iov;
+ struct msghdr msg;
+@@ -1054,10 +1088,10 @@ write_credentials_byte (int
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+
+- msg.msg_control = &cmsg;
+- msg.msg_controllen = sizeof (cmsg);
++ msg.msg_control = (caddr_t) &cmsg;
++ msg.msg_controllen = CMSG_SPACE (sizeof (struct cmsgcred));
+ memset (&cmsg, 0, sizeof (cmsg));
+- cmsg.hdr.cmsg_len = sizeof (cmsg);
++ cmsg.hdr.cmsg_len = CMSG_LEN (sizeof (struct cmsgcred));
+ cmsg.hdr.cmsg_level = SOL_SOCKET;
+ cmsg.hdr.cmsg_type = SCM_CREDS;
+ #endif
+@@ -1129,15 +1163,15 @@ _dbus_read_credentials_socket (int
+ dbus_pid_t pid_read;
+ int bytes_read;
+
+- uid_read = DBUS_UID_UNSET;
+- pid_read = DBUS_PID_UNSET;
+-
+ #ifdef HAVE_CMSGCRED
+- struct {
++ union {
+ struct cmsghdr hdr;
+- struct cmsgcred cred;
++ char cred[CMSG_SPACE (sizeof (struct cmsgcred))];
} cmsg;
+#elif defined(LOCAL_PEEREID)
@@ -83,28 +120,59 @@
#elif defined(LOCAL_CREDS)
struct {
struct cmsghdr hdr;
-@@ -1170,7 +1207,7 @@ _dbus_read_credentials_socket (int
+@@ -1145,6 +1179,9 @@ _dbus_read_credentials_socket (int
+ } cmsg;
+ #endif
+
++ uid_read = DBUS_UID_UNSET;
++ pid_read = DBUS_PID_UNSET;
++
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+ /* The POSIX spec certainly doesn't promise this, but
+@@ -1170,11 +1207,16 @@ _dbus_read_credentials_socket (int
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
-#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)
+#if (defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)) && !defined(LOCAL_PEEREID)
memset (&cmsg, 0, sizeof (cmsg));
++#ifdef HAVE_CMSGCRED
++ msg.msg_control = (caddr_t) &cmsg;
++ msg.msg_controllen = CMSG_SPACE (sizeof (struct cmsgcred));
++#else /* defined(LOCAL_CREDS) */
msg.msg_control = &cmsg;
msg.msg_controllen = sizeof (cmsg);
-@@ -1210,7 +1247,7 @@ _dbus_read_credentials_socket (int
+ #endif
++#endif
+
+ again:
+ bytes_read = recvmsg (client_fd, &msg, 0);
+@@ -1210,8 +1252,12 @@ _dbus_read_credentials_socket (int
return FALSE;
}
-#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)
+#if (defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS)) && !defined(LOCAL_PEEREID)
++#ifdef HAVE_CMSGCRED
++ if (cmsg.hdr.cmsg_len < CMSG_LEN (sizeof (struct cmsgcred)) || cmsg.hdr.cmsg_type != SCM_CREDS)
++#else /* defined(LOCAL_CREDS) */
if (cmsg.hdr.cmsg_len < sizeof (cmsg) || cmsg.hdr.cmsg_type != SCM_CREDS)
++#endif
{
dbus_set_error (error, DBUS_ERROR_FAILED,
-@@ -1240,6 +1277,16 @@ _dbus_read_credentials_socket (int
+ "Message from recvmsg() was not SCM_CREDS");
+@@ -1238,8 +1284,21 @@ _dbus_read_credentials_socket (int
+ cr_len, (int) sizeof (cr), _dbus_strerror (errno));
+ }
#elif defined(HAVE_CMSGCRED)
- pid_read = cmsg.cred.cmcred_pid;
- uid_read = cmsg.cred.cmcred_euid;
+- pid_read = cmsg.cred.cmcred_pid;
+- uid_read = cmsg.cred.cmcred_euid;
++ struct cmsgcred *cred;
++
++ cred = (struct cmsgcred *) CMSG_DATA (&cmsg);
++ pid_read = cred->cmcred_pid;
++ uid_read = cred->cmcred_euid;
+#elif defined(LOCAL_PEEREID)
+ if (dbus_nb_getpeereid(client_fd, &sockpid, &sockuid, &sockgid) == TRUE)
+ {
@@ -118,7 +186,7 @@
#elif defined(LOCAL_CREDS)
pid_read = DBUS_PID_UNSET;
uid_read = cmsg.cred.sc_uid;
-@@ -1301,7 +1348,7 @@ _dbus_read_credentials_socket (int
+@@ -1301,7 +1360,7 @@ _dbus_read_credentials_socket (int
}
if (ucred != NULL)
ucred_free (ucred);
@@ -127,7 +195,7 @@
_dbus_verbose ("Socket credentials not supported on this OS\n");
#endif
}
-@@ -1826,7 +1873,26 @@ _dbus_parse_uid (const DBusString *
+@@ -1826,7 +1885,26 @@ _dbus_parse_uid (const DBusString *
return TRUE;
}
@@ -154,7 +222,7 @@
_DBUS_DEFINE_GLOBAL_LOCK (atomic);
#if DBUS_USE_ATOMIC_INT_486_COND
-@@ -1891,6 +1957,7 @@ _dbus_atomic_dec (DBusAtomic *atomic)
+@@ -1891,6 +1969,7 @@ _dbus_atomic_dec (DBusAtomic *atomic)
return res;
#endif
}
@@ -162,7 +230,7 @@
#ifdef DBUS_BUILD_TESTS
/** Gets our GID
-@@ -2793,8 +2860,18 @@ int
+@@ -2792,8 +2871,18 @@ int
_dbus_printf_string_upper_bound (const char *format,
va_list args)
{
diff -r 76952a7a3e72 -r bd222e878d00 sysutils/dbus/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/dbus/patches/patch-ad Sun Jan 11 05:55:56 2009 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-ad,v 1.4.6.1 2009/01/11 05:55:56 rtr Exp $
+
+for openlog(), already reported upstream
+
+--- dbus/dbus-sysdeps-util-unix.c.orig 2008-12-18 21:39:04.000000000 +0100
++++ dbus/dbus-sysdeps-util-unix.c
+@@ -43,6 +43,7 @@
+ #include <sys/socket.h>
+ #include <dirent.h>
+ #include <sys/un.h>
++#include <syslog.h>
+ #ifdef HAVE_LIBAUDIT
+ #include <sys/prctl.h>
+ #include <sys/capability.h>
Home |
Main Index |
Thread Index |
Old Index