diff options
| author | Simon McVittie <smcv@debian.org> | 2014-11-24 13:55:13 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2014-11-24 13:55:13 +0000 |
| commit | 1b37584d187d2fb0b0d4e4a181bc5629904f6729 (patch) | |
| tree | 7abf57016f3009d34fe6b401f295519bfe57cf60 | |
| parent | bb0014ed4fd584d9f2d5d55948f624b97097e91b (diff) | |
| parent | 4ad8b86eff14185ac6c005343261387f058c89e7 (diff) | |
| download | dbus-1b37584d187d2fb0b0d4e4a181bc5629904f6729.tar.gz | |
Merge tag 'upstream/1.9.4' into experimental
Upstream version 1.9.4
| -rw-r--r-- | HACKING | 5 | ||||
| -rw-r--r-- | NEWS | 29 | ||||
| -rw-r--r-- | README | 19 | ||||
| -rw-r--r-- | bus/activation.c | 2 | ||||
| -rw-r--r-- | bus/bus.c | 6 | ||||
| -rw-r--r-- | bus/config-parser.c | 2 | ||||
| -rw-r--r-- | bus/connection.c | 8 | ||||
| -rwxr-xr-x | configure | 26 | ||||
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | dbus/dbus-sysdeps-util-unix.c | 3 | ||||
| -rw-r--r-- | dbus/dbus-sysdeps-util-win.c | 1 | ||||
| -rw-r--r-- | dbus/dbus-sysdeps.h | 1 | ||||
| -rw-r--r-- | test/internals/syslog.c | 4 |
13 files changed, 89 insertions, 21 deletions
@@ -11,6 +11,11 @@ of patches, etc. should go there. Security === +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". + Most of D-Bus is security sensitive. Guidelines related to that: - avoid memcpy(), sprintf(), strlen(), snprintf, strlcat(), @@ -1,3 +1,32 @@ +D-Bus 1.9.4 (2014-11-24) +== + +The “extra-sturdy caramel” release. + +Fixes: + +• Partially revert the CVE-2014-3639 patch by increasing the default + authentication timeout on the system bus from 5 seconds back to 30 + seconds, since this has been reported to cause boot regressions for + some users, mostly with parallel boot (systemd) on slower hardware. + + On fast systems where local users are considered particularly hostile, + administrators can return to the 5 second timeout (or any other value + in milliseconds) by saving this as /etc/dbus-1/system-local.conf: + + <busconfig> + <limit name="auth_timeout">5000</limit> + </busconfig> + + (fd.o #86431, Simon McVittie) + +• Add a message in syslog/the Journal when the auth_timeout is exceeded + (fd.o #86431, Simon McVittie) + +• Send back an AccessDenied error if the addressed recipient is not allowed + to receive a message (and in builds with assertions enabled, don't + assert under the same conditions). (fd.o #86194, Jacek Bukarewicz) + D-Bus 1.9.2 (2014-11-10) == @@ -29,6 +29,25 @@ If your use-case isn't one of these, D-Bus may still be useful, but only by accident; so you should evaluate carefully whether D-Bus makes sense for your project. +Security +== + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group" (you might need to "Show +Advanced Fields" to have that option). + +On Unix systems, the system bus (dbus-daemon --system) is designed +to be a security boundary between users with different privileges. + +On Unix systems, the session bus (dbus-daemon --session) is designed +to be used by a single user, and only accessible by that user. + +We do not currently consider D-Bus on Windows to be security-supported, +and we do not recommend allowing untrusted users to access Windows +D-Bus via TCP. + Note: low-level API vs. high-level binding APIs === diff --git a/bus/activation.c b/bus/activation.c index ffedf4c5..9610c04b 100644 --- a/bus/activation.c +++ b/bus/activation.c @@ -1704,7 +1704,7 @@ child_setup (void *user_data) { /* unfortunately we don't actually know the service name here */ bus_context_log (activation->context, - DBUS_SYSTEM_LOG_INFO, + DBUS_SYSTEM_LOG_WARNING, "Failed to reset fd limit before activating " "service: %s: %s", error.name, error.message); @@ -671,7 +671,7 @@ raise_file_descriptor_limit (BusContext *context) if (context->initial_fd_limit == NULL) { - bus_context_log (context, DBUS_SYSTEM_LOG_INFO, + bus_context_log (context, DBUS_SYSTEM_LOG_WARNING, "%s: %s", error.name, error.message); dbus_error_free (&error); return; @@ -686,7 +686,7 @@ raise_file_descriptor_limit (BusContext *context) */ if (!_dbus_rlimit_raise_fd_limit_if_privileged (65536, &error)) { - bus_context_log (context, DBUS_SYSTEM_LOG_INFO, + bus_context_log (context, DBUS_SYSTEM_LOG_WARNING, "%s: %s", error.name, error.message); dbus_error_free (&error); return; @@ -1660,7 +1660,7 @@ bus_context_check_security_policy (BusContext *context, complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "Rejected receive message", toggles, message, sender, proposed_recipient, requested_reply, - (addressed_recipient == proposed_recipient), NULL); + (addressed_recipient == proposed_recipient), error); _dbus_verbose ("security policy disallowing message due to recipient policy\n"); return FALSE; } diff --git a/bus/config-parser.c b/bus/config-parser.c index 7bc9c019..ee2d4e7d 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -438,7 +438,7 @@ bus_config_parser_new (const DBusString *basedir, * and legitimate auth will fail. If interactive auth (ask user for * password) is allowed, then potentially it has to be quite long. */ - parser->limits.auth_timeout = 5000; /* 5 seconds */ + parser->limits.auth_timeout = 30000; /* 30 seconds */ /* Do not allow a fd to stay forever in dbus-daemon * https://bugs.freedesktop.org/show_bug.cgi?id=80559 diff --git a/bus/connection.c b/bus/connection.c index 0df8a3a8..f278e619 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -860,6 +860,14 @@ bus_connections_expire_incomplete (BusConnections *connections) if (elapsed >= (double) auth_timeout) { + /* Unfortunately, we can't identify the connection: it doesn't + * have a unique name yet, we don't know its uid/pid yet, + * and so on. */ + bus_context_log (connections->context, DBUS_SYSTEM_LOG_WARNING, + "Connection has not authenticated soon enough, closing it " + "(auth_timeout=%dms, elapsed: %.0fms)", + auth_timeout, elapsed); + _dbus_verbose ("Timing out authentication for connection %p\n", connection); dbus_connection_close (connection); } @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for dbus 1.9.2. +# Generated by GNU Autoconf 2.69 for dbus 1.9.4. # # Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=dbus>. # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='dbus' PACKAGE_TARNAME='dbus' -PACKAGE_VERSION='1.9.2' -PACKAGE_STRING='dbus 1.9.2' +PACKAGE_VERSION='1.9.4' +PACKAGE_STRING='dbus 1.9.4' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=dbus' PACKAGE_URL='' @@ -1514,7 +1514,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dbus 1.9.2 to adapt to many kinds of systems. +\`configure' configures dbus 1.9.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1588,7 +1588,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dbus 1.9.2:";; + short | recursive ) echo "Configuration of dbus 1.9.4:";; esac cat <<\_ACEOF @@ -1785,7 +1785,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -dbus configure 1.9.2 +dbus configure 1.9.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2561,7 +2561,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dbus $as_me 1.9.2, which was +It was created by dbus $as_me 1.9.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3504,7 +3504,7 @@ fi # Define the identity of the package. PACKAGE='dbus' - VERSION='1.9.2' + VERSION='1.9.4' cat >>confdefs.h <<_ACEOF @@ -3804,7 +3804,7 @@ LT_CURRENT=13 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=0 +LT_REVISION=1 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has @@ -3817,8 +3817,8 @@ LT_AGE=10 DBUS_MAJOR_VERSION=1 DBUS_MINOR_VERSION=9 -DBUS_MICRO_VERSION=2 -DBUS_VERSION=1.9.2 +DBUS_MICRO_VERSION=4 +DBUS_VERSION=1.9.4 @@ -23545,7 +23545,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by dbus $as_me 1.9.2, which was +This file was extended by dbus $as_me 1.9.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23611,7 +23611,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -dbus config.status 1.9.2 +dbus config.status 1.9.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index d903be12..52255c7d 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [9]) -m4_define([dbus_micro_version], [2]) +m4_define([dbus_micro_version], [4]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ LT_CURRENT=13 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=0 +LT_REVISION=1 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 15465d32..9b724cc9 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -572,6 +572,9 @@ _dbus_system_logv (DBusSystemLogSeverity severity, const char *msg, va_list args case DBUS_SYSTEM_LOG_INFO: flags = LOG_DAEMON | LOG_NOTICE; break; + case DBUS_SYSTEM_LOG_WARNING: + flags = LOG_DAEMON | LOG_WARNING; + break; case DBUS_SYSTEM_LOG_SECURITY: flags = LOG_AUTH | LOG_NOTICE; break; diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c index 2125f608..bda22837 100644 --- a/dbus/dbus-sysdeps-util-win.c +++ b/dbus/dbus-sysdeps-util-win.c @@ -339,6 +339,7 @@ _dbus_system_logv (DBusSystemLogSeverity severity, const char *msg, va_list args switch(severity) { case DBUS_SYSTEM_LOG_INFO: s = "info"; break; + case DBUS_SYSTEM_LOG_WARNING: s = "warning"; break; case DBUS_SYSTEM_LOG_SECURITY: s = "security"; break; case DBUS_SYSTEM_LOG_FATAL: s = "fatal"; break; } diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index 09b98e11..181d9af8 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -452,6 +452,7 @@ void _dbus_init_system_log (dbus_bool_t is_daemon); typedef enum { DBUS_SYSTEM_LOG_INFO, + DBUS_SYSTEM_LOG_WARNING, DBUS_SYSTEM_LOG_SECURITY, DBUS_SYSTEM_LOG_FATAL } DBusSystemLogSeverity; diff --git a/test/internals/syslog.c b/test/internals/syslog.c index 7e0eae79..80a0cebb 100644 --- a/test/internals/syslog.c +++ b/test/internals/syslog.c @@ -68,16 +68,18 @@ test_syslog (Fixture *f, { _dbus_init_system_log (FALSE); _dbus_system_log (DBUS_SYSTEM_LOG_INFO, MESSAGE "%d", 42); + _dbus_system_log (DBUS_SYSTEM_LOG_WARNING, MESSAGE "%d", 45); _dbus_system_log (DBUS_SYSTEM_LOG_SECURITY, MESSAGE "%d", 666); exit (0); } g_test_trap_assert_passed (); - g_test_trap_assert_stderr ("*" MESSAGE "42\n*" MESSAGE "666\n*"); + g_test_trap_assert_stderr ("*" MESSAGE "42\n*" MESSAGE "45\n*" MESSAGE "666\n*"); #endif /* manual test (this is the best we can do on Windows) */ _dbus_init_system_log (FALSE); _dbus_system_log (DBUS_SYSTEM_LOG_INFO, MESSAGE "%d", 42); + _dbus_system_log (DBUS_SYSTEM_LOG_WARNING, MESSAGE "%d", 45); _dbus_system_log (DBUS_SYSTEM_LOG_SECURITY, MESSAGE "%d", 666); } |