fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-03-07 06:20:30 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'dbus-1.8'

Browse source 
Conflicts:
	NEWS
	configure.ac
This commit is contained in:
Simon McVittie 2014-06-10 18:36:00 +01:00
commit a261ec6695
5 changed files with 36 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
NEWS
View file

@ -35,6 +35,17 @@ Fixes:
• in Unix with X11, avoid giving dbus-launch a misleading argv[0]
in ps(1) (fd.o #69716, Chengwei Yang)
D-Bus 1.8.4 (2014-06-10)
==
Security fix:
• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service
flaw in dbus-daemon, part of the reference implementation of D-Bus.
Additionally, in highly unusual environments the same flaw could lead to
a side channel between processes that should not be able to communicate.
(CVE-2014-3477, fd.o #78979)
D-Bus 1.8.2 (2014-04-30)
==

27
bus/activation.c
View file

@ -1162,14 +1162,11 @@ bus_activation_service_created (BusActivation *activation,
dbus_bool_t
bus_activation_send_pending_auto_activation_messages (BusActivation *activation,
BusService *service,
BusTransaction *transaction,
DBusError *error)
BusTransaction *transaction)
{
BusPendingActivation *pending_activation;
DBusList *link;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
/* Check if it's a pending activation */
pending_activation = _dbus_hash_table_lookup_string (activation->pending_activations,
bus_service_get_name (service));
@ -1186,6 +1183,9 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
if (entry->auto_activation && (entry->connection == NULL || dbus_connection_get_is_connected (entry->connection)))
{
DBusConnection *addressed_recipient;
DBusError error;
dbus_error_init (&error);
addressed_recipient = bus_service_get_primary_owners_connection (service);
@ -1193,8 +1193,22 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
if (!bus_dispatch_matches (transaction,
entry->connection,
addressed_recipient,
entry->activation_message, error))
goto error;
entry->activation_message, &error))
{
/* If permission is denied, we just want to return the error
* to the original method invoker; in particular, we don't
* want to make the RequestName call fail with that error
* (see fd.o #78979, CVE-2014-3477). */
if (!bus_transaction_send_error_reply (transaction, entry->connection,
&error, entry->activation_message))
{
bus_connection_send_oom_error (entry->connection,
entry->activation_message);
}
link = next;
continue;
}
}
link = next;
@ -1203,7 +1217,6 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation
if (!add_restore_pending_to_transaction (transaction, pending_activation))
{
_dbus_verbose ("Could not add cancel hook to transaction to revert removing pending activation\n");
BUS_SET_OOM (error);
goto error;
}

3
bus/activation.h
View file

@ -62,8 +62,7 @@ dbus_bool_t dbus_activation_systemd_failure (BusActivation *activation,
dbus_bool_t bus_activation_send_pending_auto_activation_messages (BusActivation *activation,
BusService *service,
BusTransaction *transaction,
DBusError *error);
BusTransaction *transaction);
#endif /* BUS_ACTIVATION_H */

5
bus/services.c
View file

@ -588,8 +588,9 @@ bus_registry_acquire_service (BusRegistry *registry,
activation = bus_context_get_activation (registry->context);
retval = bus_activation_send_pending_auto_activation_messages (activation,
service,
transaction,
error);
transaction);
if (!retval)
BUS_SET_OOM (error);
out:
return retval;

2
configure.ac
View file

@ -38,7 +38,7 @@ LT_CURRENT=11
## increment any time the source changes; set to
## 0 if you increment CURRENT
LT_REVISION=4
LT_REVISION=5
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has