From e43c954015d881061d36afe6d1315517c90aeb43 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sat, 29 Sep 2012 13:12:16 +0100 Subject: Imported Upstream version 1.6.8 --- NEWS | 12 ++++++++++++ config.h.in | 6 ------ configure | 26 ++++++++++++------------ configure.ac | 4 ++-- dbus/dbus-keyring.c | 6 ------ dbus/dbus-sysdeps-unix.c | 6 ------ dbus/dbus-sysdeps.c | 6 ------ doc/dbus-faq.html | 48 ++++++++++++++++++++++----------------------- doc/dbus-specification.html | 36 +++++++++++++++++----------------- doc/dbus-test-plan.html | 4 ++-- 10 files changed, 71 insertions(+), 83 deletions(-) diff --git a/NEWS b/NEWS index ae87020c..02fa1457 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,15 @@ +D-Bus 1.6.8 (2012-09-28) +== + +The "Fix one thing, break another" release. + +• Follow up to CVE-2012-3524: The additional hardening + work to use __secure_getenv() as a followup to bug #52202 + broke certain configurations of gnome-keyring. Given + the difficulty of making this work without extensive + changes to gnome-keyring, use of __secure_getenv() is + deferred. + D-Bus 1.6.6 (2012-09-28) == diff --git a/config.h.in b/config.h.in index 3b3c297e..b939bebb 100644 --- a/config.h.in +++ b/config.h.in @@ -260,9 +260,6 @@ /* Have POSIX function getpwnam_r */ #undef HAVE_POSIX_GETPWNAM_R -/* Define to 1 if you have the `secure_getenv' function. */ -#undef HAVE_SECURE_GETENV - /* SELinux support */ #undef HAVE_SELINUX @@ -353,9 +350,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_WSPIAPI_H -/* Define to 1 if you have the `__secure_getenv' function. */ -#undef HAVE___SECURE_GETENV - /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #undef LT_OBJDIR diff --git a/configure b/configure index 437f6f92..ad2cc81c 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for dbus 1.6.6. +# Generated by GNU Autoconf 2.68 for dbus 1.6.8. # # Report bugs to . # @@ -571,8 +571,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='dbus' PACKAGE_TARNAME='dbus' -PACKAGE_VERSION='1.6.6' -PACKAGE_STRING='dbus 1.6.6' +PACKAGE_VERSION='1.6.8' +PACKAGE_STRING='dbus 1.6.8' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=dbus' PACKAGE_URL='' @@ -1509,7 +1509,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dbus 1.6.6 to adapt to many kinds of systems. +\`configure' configures dbus 1.6.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1583,7 +1583,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dbus 1.6.6:";; + short | recursive ) echo "Configuration of dbus 1.6.8:";; esac cat <<\_ACEOF @@ -1781,7 +1781,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -dbus configure 1.6.6 +dbus configure 1.6.8 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2495,7 +2495,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dbus $as_me 1.6.6, which was +It was created by dbus $as_me 1.6.8, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3387,7 +3387,7 @@ fi # Define the identity of the package. PACKAGE='dbus' - VERSION='1.6.6' + VERSION='1.6.8' cat >>confdefs.h <<_ACEOF @@ -3612,8 +3612,8 @@ LT_AGE=7 DBUS_MAJOR_VERSION=1 DBUS_MINOR_VERSION=6 -DBUS_MICRO_VERSION=6 -DBUS_VERSION=1.6.6 +DBUS_MICRO_VERSION=8 +DBUS_VERSION=1.6.8 @@ -18546,7 +18546,7 @@ fi fi -for ac_func in vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid secure_getenv __secure_getenv +for ac_func in vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -23173,7 +23173,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by dbus $as_me 1.6.6, which was +This file was extended by dbus $as_me 1.6.8, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23239,7 +23239,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -dbus config.status 1.6.6 +dbus config.status 1.6.8 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 4cdb71b8..24fcc9e7 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [6]) -m4_define([dbus_micro_version], [6]) +m4_define([dbus_micro_version], [8]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -596,7 +596,7 @@ AC_DEFINE_UNQUOTED([DBUS_USE_SYNC], [$have_sync], [Use the gcc __sync extension] AC_SEARCH_LIBS(socket,[socket network]) AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) -AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid secure_getenv __secure_getenv ) +AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid) AC_CHECK_HEADERS([syslog.h]) if test "x$ac_cv_header_syslog_h" = "xyes"; then diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c index 2516bc34..3b9ce315 100644 --- a/dbus/dbus-keyring.c +++ b/dbus/dbus-keyring.c @@ -718,12 +718,6 @@ _dbus_keyring_new_for_credentials (DBusCredentials *credentials, _DBUS_ASSERT_ERROR_IS_CLEAR (error); - if (_dbus_getenv ("HOME") == NULL) - { - dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, - "Unable to create DBus keyring with no $HOME"); - return FALSE; - } if (_dbus_check_setuid ()) { dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 6fa5bcb6..b4ecc96e 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -3434,12 +3434,6 @@ _dbus_get_autolaunch_address (const char *scope, DBusString uuid; dbus_bool_t retval; - if (_dbus_getenv ("PATH") == NULL) - { - dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, - "Unable to autolaunch when PATH is unset"); - return FALSE; - } if (_dbus_check_setuid ()) { dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED, diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index 976c7e4b..04fb8d76 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -182,18 +182,12 @@ _dbus_setenv (const char *varname, const char* _dbus_getenv (const char *varname) { -#if defined(HAVE_SECURE_GETENV) - return secure_getenv (varname); -#elif defined(HAVE___SECURE_GETENV) - return __secure_getenv (varname); -#else /* Don't respect any environment variables if the current process is * setuid. This is the equivalent of glibc's __secure_getenv(). */ if (_dbus_check_setuid ()) return NULL; return getenv (varname); -#endif } /** diff --git a/doc/dbus-faq.html b/doc/dbus-faq.html index 19ac3115..c42e1b2f 100644 --- a/doc/dbus-faq.html +++ b/doc/dbus-faq.html @@ -1,13 +1,13 @@ D-Bus FAQ

D-Bus FAQ

Havoc Pennington

Red Hat, Inc.


    
-   

David A Wheeler

Version 0.3


Version 0.3


1. What is D-Bus? -
2. +
2. Is D-Bus stable/finished? -
3. +
3. How is the reference implementation licensed? Can I use it in proprietary applications? -
4. +
4. What is the difference between a bus name, and object path, and an interface?
5. @@ -39,9 +39,9 @@ How does D-Bus differ from [yet more IPC mechanisms]?
18. Which IPC mechanism should I use? -
19. +
19. How can I submit a bug or patch? -

1.

+

1.

What is D-Bus?

This is probably best answered by reading the D-Bus tutorial or @@ -52,7 +52,7 @@ Phrased differently, D-Bus is 1) an interprocess communication (IPC) system and 2) some higher-level structure (lifecycle tracking, service activation, security policy) provided by two bus daemons, one systemwide and one per-user-session. -

2.

+

2.

Is D-Bus stable/finished?

The low-level library "libdbus" and the protocol specification are considered @@ -62,7 +62,7 @@ have their own release schedules and degree of maturity, not linked to the low-level library and bus daemon release. Check the project page for the binding you're considering to understand that project's policies. -

3.

+

3.

How is the reference implementation licensed? Can I use it in proprietary applications?

@@ -77,7 +77,7 @@ use D-Bus. If you're going to sue, you have to stop using the software. Read the licenses to determine their meaning, this FAQ entry is not intended to change the meaning or terms of the licenses. -

4.

+

4.

What is the difference between a bus name, and object path, and an interface?

@@ -107,7 +107,7 @@ interfaces, such as org.freedesktop.DBus.Introspectable, org.freedesktop.BasicTextField, org.kde.RichTextDocument. -

5.

+

5.

What is a "service"?

A service is a program that can be launched by the bus daemon @@ -120,7 +120,7 @@ In the D-Bus docs we try to use "service" only when talking about programs the bus knows how to launch, i.e. a service always has a .service file. -

6.

+

6.

Is D-Bus a "component system"?

It helps to keep these concepts separate in your mind: @@ -170,7 +170,7 @@ from component/object systems, though perhaps a "plugin" tends to be a bundle of objects with a user-visible name and can be downloaded/packaged as a unit. -

7.

+

7.

How fast is the D-Bus reference implementation?

Of course it depends a bit on what you're doing. @@ -198,7 +198,7 @@ enable asynchronous communication and avoid round trips. This is frequently a more important performance issue than throughput. -

8.

+

8.

How large is the D-Bus reference implementation?

A production build (with assertions, unit tests, and verbose logging @@ -207,7 +207,7 @@ A much, much smaller implementation would be possible by omitting out of memory handling, hardcoding a main loop (or always using blocking I/O), skipping validation, and otherwise simplifying things. -

9.

+

9.

How does D-Bus differ from other interprocess communication or networking protocols?

@@ -240,7 +240,7 @@ Note: the D-Bus mailing list subscribers are very much not interested in debating which IPC system is the One True System. So if you want to discuss that, please use another forum. -

10.

+

10.

How does D-Bus differ from CORBA?

Start by reading Q: 9. @@ -292,7 +292,7 @@

On a more trivial note, D-Bus involves substantially fewer acronyms than CORBA. -

11.

+

11.

How does D-Bus differ from XML-RPC and SOAP?

Start by reading Q: 9. @@ -311,7 +311,7 @@ supports lifecycle tracking of other applications connected to the bus. With XML-RPC and SOAP, typically each method call exists in isolation and has its own HTTP connection. -

12.

+

12.

How does D-Bus differ from DCE?

Start by reading Q: 9. @@ -324,7 +324,7 @@ a distributed time service. As the name implies, DCE is intended for use in a large, multi-computer distributed application. D-Bus would not be well-suited for this. -

13.

+

13.

How does D-Bus differ from DCOM and COM?

Start by reading Q: 9. @@ -334,7 +334,7 @@

DCOM (distributed COM) is a Windows IPC system designed for use with the COM object system. It's similar in some ways to DCE and CORBA. -

14.

+

14.

How does D-Bus differ from ZeroC's Internet Communications Engine (Ice)

Start by reading Q: 9. @@ -344,7 +344,7 @@ on the level of SOAP or CORBA than D-Bus. Ice has a "dual-license" business around it; i.e. you can use it under the GPL, or pay for a proprietary license. -

15.

+

15.

How does D-Bus differ from Inter-Client Exchange (ICE)?

ICE @@ -362,7 +362,7 @@ DCOP and XSMP are the only two widely-used applications of ICE, and both could in principle be replaced by D-Bus. (Though whether GNOME and KDE will bother is an open question.) -

16.

+

16.

How does D-Bus differ from DCOP?

Start by reading Q: 9. @@ -389,14 +389,14 @@ DCOP's implementation to use D-Bus internally (so that GNOME and KDE would end up using exactly the same bus). See the KDE mailing list archives for some of these discussions. -

17.

+

17.

How does D-Bus differ from [yet more IPC mechanisms]?

Start by reading Q: 9.

There are countless uses of network sockets in the world. MBUS, Sun ONC/RPC, Jabber/XMPP, SIP, are some we can think of quickly. -

18.

+

18.

Which IPC mechanism should I use?

Start by reading Q: 9. @@ -427,7 +427,7 @@ to search the list archives is probably to use an Internet engine such as Google. On Google, include "site:freedesktop.org" in your search. -

19.

+

19.

How can I submit a bug or patch?

The D-Bus web site diff --git a/doc/dbus-specification.html b/doc/dbus-specification.html index 55a1db73..f42243fc 100644 --- a/doc/dbus-specification.html +++ b/doc/dbus-specification.html @@ -16,7 +16,7 @@ and system services on Unix; document the systemd transport

Revision 0.1829 July 2011smcv
define eavesdropping, unicast, broadcast; add eavesdrop match keyword; promote type system to a top-level section
Revision 0.171 June 2011smcv/davidz
define ObjectManager; reserve extra pseudo-type-codes used by GVariant
Revision 0.1611 April 2011
add path_namespace, arg0namespace; argNpath matches object - paths
Revision 0.153 November 2010
Revision 0.1412 May 2010
Revision 0.1323 Dezember 2009
Revision 0.127 November, 2006
Revision 0.116 February 2005
Revision 0.1028 January 2005
Revision 0.97 Januar 2005
Revision 0.806 September 2003
First released document.


Introduction

+ paths

Revision 0.153 November 2010
Revision 0.1412 May 2010
Revision 0.1323 Dezember 2009
Revision 0.127 November, 2006
Revision 0.116 February 2005
Revision 0.1028 January 2005
Revision 0.97 Januar 2005
Revision 0.806 September 2003
First released document.

Introduction

D-Bus is a system for low-latency, low-overhead, easy to use interprocess communication (IPC). In more detail:

  • @@ -1006,14 +1006,14 @@ commands may be introduced both before, and after authentication, i.e. both before and after the OK command.

Authentication examples

-

Figure 1. Example of successful magic cookie authentication

+        

Figure 1. Example of successful magic cookie authentication

             (MAGIC_COOKIE is a made up mechanism)
 
             C: AUTH MAGIC_COOKIE 3138363935333137393635383634
             S: OK 1234deadbeef
             C: BEGIN
           


-

Figure 2. Example of finding out mechanisms then picking one

+        

Figure 2. Example of finding out mechanisms then picking one

             C: AUTH
             S: REJECTED KERBEROS_V4 SKEY
             C: AUTH SKEY 7ab83f32ee
@@ -1022,14 +1022,14 @@
             S: OK 1234deadbeef
             C: BEGIN
           


-

Figure 3. Example of client sends unknown command then falls back to regular auth

+        

Figure 3. Example of client sends unknown command then falls back to regular auth

             C: FOOBAR
             S: ERROR
             C: AUTH MAGIC_COOKIE 3736343435313230333039
             S: OK 1234deadbeef
             C: BEGIN
           


-

Figure 4. Example of server doesn't support initial auth mechanism

+        

Figure 4. Example of server doesn't support initial auth mechanism

             C: AUTH MAGIC_COOKIE 3736343435313230333039
             S: REJECTED KERBEROS_V4 SKEY
             C: AUTH SKEY 7ab83f32ee
@@ -1038,7 +1038,7 @@
             S: OK 1234deadbeef
             C: BEGIN
           


-

Figure 5. Example of wrong password or the like followed by successful retry

+        

Figure 5. Example of wrong password or the like followed by successful retry

             C: AUTH MAGIC_COOKIE 3736343435313230333039
             S: REJECTED KERBEROS_V4 SKEY
             C: AUTH SKEY 7ab83f32ee
@@ -1051,7 +1051,7 @@
             S: OK 1234deadbeef
             C: BEGIN
           


-

Figure 6. Example of skey cancelled and restarted

+        

Figure 6. Example of skey cancelled and restarted

             C: AUTH MAGIC_COOKIE 3736343435313230333039
             S: REJECTED KERBEROS_V4 SKEY
             C: AUTH SKEY 7ab83f32ee
@@ -1064,7 +1064,7 @@
             S: OK 1234deadbeef
             C: BEGIN
           


-

Figure 7. Example of successful magic cookie authentication with successful negotiation of Unix FD passing

+        

Figure 7. Example of successful magic cookie authentication with successful negotiation of Unix FD passing

             (MAGIC_COOKIE is a made up mechanism)
 
             C: AUTH MAGIC_COOKIE 3138363935333137393635383634
@@ -1073,7 +1073,7 @@
             S: AGREE_UNIX_FD
             C: BEGIN
           


-

Figure 8. Example of successful magic cookie authentication with unsuccessful negotiation of Unix FD passing

+        

Figure 8. Example of successful magic cookie authentication with unsuccessful negotiation of Unix FD passing

             (MAGIC_COOKIE is a made up mechanism)
 
             C: AUTH MAGIC_COOKIE 3138363935333137393635383634
@@ -1351,7 +1351,7 @@
                 fails, the lock fails. Servers should retry for a reasonable
                 period of time, then they may choose to delete an existing lock
                 to keep users from having to manually delete a stale
-                lock. [1]
+                lock. [1]
               

  • Once the lockfile has been created, the server loads the cookie file. It should then delete any cookies that are old (the @@ -2400,7 +2400,7 @@

    • General syntax

    • Comment format

    -

    Figure 9. Example service description file

    +        

    Figure 9. Example service description file

                 # Sample service description file
                 [D-BUS Service]
                 Names=org.freedesktop.ConfigurationDatabase;org.gnome.GConf;
    @@ -2570,7 +2570,7 @@
                 allowing another process to set the selection between the
                 verification and the setting (e.g., by using XGrabServer /
                 XungrabServer).
    -          

    +

    On Unix systems, the session bus should search for .service files in $XDG_DATA_DIRS/dbus-1/services as defined by the @@ -2600,7 +2600,7 @@ variable. If that variable is not set, applications should try to connect to the well-known address unix:path=/var/run/dbus/system_bus_socket. - [2] + [2]

    On Unix systems, the system bus should default to searching for .service files in @@ -2610,7 +2610,7 @@ of precedence. It may also search other implementation-specific locations, but should not vary these locations based on environment variables. - [3] + [3]

    Software packages should install their system .service files to their configured @@ -2802,7 +2802,7 @@ There is also a per-machine ID, described in the section called “org.freedesktop.DBus.Peer and returned by org.freedesktop.DBus.Peer.GetMachineId(). For a desktop session bus, the bus ID can be used as a way to uniquely identify a user's session. -

    Glossary

    +

  • Glossary

    This glossary defines some of the terms used in this specification.

    Bus Name

    The message bus maintains an association between names and @@ -2883,14 +2883,14 @@ message bus. This name will never change owner, and will be unique (never reused during the lifetime of the message bus). It will begin with a ':' character. -



    [1] Lockfiles are used instead of real file +



    [1] Lockfiles are used instead of real file locking fcntl() because real locking implementations are still flaky on network - filesystems.

    [2] + filesystems.

    [2] The D-Bus reference implementation actually honors the $(localstatedir) configure option for this address, on both client and server side. -

    [3] +

    [3] The system bus is security-sensitive and is typically executed by an init system with a clean environment. Its launch helper process is particularly security-sensitive, and specifically diff --git a/doc/dbus-test-plan.html b/doc/dbus-test-plan.html index 41285315..377a3bf2 100644 --- a/doc/dbus-test-plan.html +++ b/doc/dbus-test-plan.html @@ -38,7 +38,7 @@ Message Builder. The message builder can take a serialized message in string-form and convert it into a raw character string which can then be loaded by the message loader. -

    Figure 1. Example of a message in string form

    +      

    Figure 1. Example of a message in string form

               # Standard org.freedesktop.DBus.Hello message
     
               VALID_HEADER
    @@ -75,7 +75,7 @@
             can read authentication sequences from a file and play them
             back to a dummy server and client to make sure that
             authentication is working according to the specification.
    -      

    Figure 2. Example of an authentication script

    +      

    Figure 2. Example of an authentication script

               ## this tests a successful auth of type EXTERNAL
               
               SERVER
    -- 
    cgit v1.2.3