diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/glib.scm | 9 | ||||
-rw-r--r-- | gnu/packages/patches/dbus-CVE-2020-12049.patch | 58 |
3 files changed, 4 insertions, 64 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 3282394eec..4924c932c6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -895,7 +895,6 @@ dist_patch_DATA = \ %D%/packages/patches/datefudge-gettimeofday.patch \ %D%/packages/patches/dbacl-include-locale.h.patch \ %D%/packages/patches/dbus-helper-search-path.patch \ - %D%/packages/patches/dbus-CVE-2020-12049.patch \ %D%/packages/patches/dbus-c++-gcc-compat.patch \ %D%/packages/patches/dbus-c++-threading-mutex.patch \ %D%/packages/patches/dbxfs-remove-sentry-sdk.patch \ diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 3f5dd936d2..606802e7de 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -89,17 +89,16 @@ (define dbus (package (name "dbus") - (version "1.12.16") + (version "1.13.18") (source (origin (method url-fetch) (uri (string-append "https://dbus.freedesktop.org/releases/dbus/dbus-" - version ".tar.gz")) + version ".tar.xz")) (sha256 (base32 - "107ckxaff1cv4q6kmfdi2fb1nlsv03312a7kf6lb4biglhpjv8jl")) - (patches (search-patches "dbus-CVE-2020-12049.patch" - "dbus-helper-search-path.patch")))) + "0ki5yih89kvygiqf3qb7qfzcrw4fvilxj1b9w1y91arlbv1gay40")) + (patches (search-patches "dbus-helper-search-path.patch")))) (build-system gnu-build-system) (arguments '(#:configure-flags diff --git a/gnu/packages/patches/dbus-CVE-2020-12049.patch b/gnu/packages/patches/dbus-CVE-2020-12049.patch deleted file mode 100644 index 71280144a1..0000000000 --- a/gnu/packages/patches/dbus-CVE-2020-12049.patch +++ /dev/null @@ -1,58 +0,0 @@ -Fix CVE-2020-12049: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12049 -https://lists.freedesktop.org/archives/ftp-release/2020-June/000753.html - -Taken from upstream: - -https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5 - -diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c ---- a/dbus/dbus-sysdeps-unix.c -+++ b/dbus/dbus-sysdeps-unix.c -@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - struct cmsghdr *cm; - dbus_bool_t found = FALSE; - -- if (m.msg_flags & MSG_CTRUNC) -- { -- /* Hmm, apparently the control data was truncated. The bad -- thing is that we might have completely lost a couple of fds -- without chance to recover them. Hence let's treat this as a -- serious error. */ -- -- errno = ENOSPC; -- _dbus_string_set_length (buffer, start); -- return -1; -- } -- - for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) - if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) - { -@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - if (!found) - *n_fds = 0; - -+ if (m.msg_flags & MSG_CTRUNC) -+ { -+ unsigned int i; -+ -+ /* Hmm, apparently the control data was truncated. The bad -+ thing is that we might have completely lost a couple of fds -+ without chance to recover them. Hence let's treat this as a -+ serious error. */ -+ -+ /* We still need to close whatever fds we *did* receive, -+ * otherwise they'll never get closed. (CVE-2020-12049) */ -+ for (i = 0; i < *n_fds; i++) -+ close (fds[i]); -+ -+ *n_fds = 0; -+ errno = ENOSPC; -+ _dbus_string_set_length (buffer, start); -+ return -1; -+ } -+ - /* put length back (doesn't actually realloc) */ - _dbus_string_set_length (buffer, start + bytes_read); - |