From 2f8f4d619b16b134671521c2b4aea3a94fb47848 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 27 Jul 2017 13:57:19 +0100 Subject: [PATCH 1/4] 1.10.22 --- NEWS | 4 +++- configure.ac | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 0c2547d0..195a6cd6 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ -D-Bus 1.10.22 (UNRELEASED) +D-Bus 1.10.22 (2017-07-27) == +The “roof terrace” release. + Fixes: • dbus_message_iter_append_basic() no longer leaks memory if it fails to diff --git a/configure.ac b/configure.ac index e819611a..1fabddd1 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [10]) -m4_define([dbus_micro_version], [21]) +m4_define([dbus_micro_version], [22]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -38,7 +38,7 @@ LT_CURRENT=17 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=12 +LT_REVISION=13 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has From b825751505ca17fa4a9cdc65b5d0a6ec3a04f2d1 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 27 Jul 2017 21:55:32 +0100 Subject: [PATCH 2/4] Start 1.10.24 Signed-off-by: Simon McVittie --- NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 195a6cd6..bef6193c 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ +D-Bus 1.10.24 (UNRELEASED) +== + +... + D-Bus 1.10.22 (2017-07-27) == diff --git a/configure.ac b/configure.ac index 1fabddd1..52da11fb 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [10]) -m4_define([dbus_micro_version], [22]) +m4_define([dbus_micro_version], [23]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) From 1252dc1d1f465b8ab6b36ff7252e395e66a040cf Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 21 Jul 2017 10:46:39 +0100 Subject: [PATCH 3/4] config-loader-expat: Tell Expat not to defend against hash collisions By default, Expat uses cryptographic-quality random numbers as a salt for its hash algorithm, and since 2.2.1 it gets them from the getrandom syscall on Linux. That syscall refuses to return any entropy until the kernel's CSPRNG (random pool) has been initialized. Unfortunately, this can take as long as 40 seconds on embedded devices with few entropy sources, which is too long: if the system dbus-daemon blocks for that length of time, important D-Bus clients like systemd and systemd-logind time out and fail to connect to it. We're parsing small configuration files here, and we trust them completely, so we don't need to defend against hash collisions: nobody is going to be crafting them to cause pathological performance. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858 Signed-off-by: Simon McVittie Tested-by: Christopher Hewitt Reviewed-by: Philip Withnall --- bus/config-loader-expat.c | 14 ++++++++++++++ configure.ac | 8 ++++++++ 2 files changed, 22 insertions(+) diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c index b571fda3..27cbe2d0 100644 --- a/bus/config-loader-expat.c +++ b/bus/config-loader-expat.c @@ -203,6 +203,20 @@ bus_config_load (const DBusString *file, goto failed; } + /* We do not need protection against hash collisions (CVE-2012-0876) + * because we are only parsing trusted XML; and if we let Expat block + * waiting for the CSPRNG to be initialized, as it does by default to + * defeat CVE-2012-0876, it can cause timeouts during early boot on + * entropy-starved embedded devices. + * + * TODO: When Expat gets a more explicit API for this than + * XML_SetHashSalt, check for that too, and use it preferentially. + * https://github.com/libexpat/libexpat/issues/91 */ +#if defined(HAVE_XML_SETHASHSALT) + /* Any nonzero number will do. https://xkcd.com/221/ */ + XML_SetHashSalt (expat, 4); +#endif + if (!_dbus_string_get_dirname (file, &dirname)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); diff --git a/configure.ac b/configure.ac index 52da11fb..c4022ed7 100644 --- a/configure.ac +++ b/configure.ac @@ -938,6 +938,14 @@ XML_CFLAGS= AC_SUBST([XML_CFLAGS]) AC_SUBST([XML_LIBS]) +save_cflags="$CFLAGS" +save_libs="$LIBS" +CFLAGS="$CFLAGS $XML_CFLAGS" +LIBS="$LIBS $XML_LIBS" +AC_CHECK_FUNCS([XML_SetHashSalt]) +CFLAGS="$save_cflags" +LIBS="$save_libs" + # Thread lib detection AC_ARG_VAR([THREAD_LIBS]) save_libs="$LIBS" From 3cf2d6a1ca43253e5be916b8cfa30fd9ba1a2ef0 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 28 Jul 2017 11:21:07 +0100 Subject: [PATCH 4/4] NEWS for #101858 --- NEWS | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index bef6193c..37fcd421 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,16 @@ D-Bus 1.10.24 (UNRELEASED) == -... +Fixes: + +• When parsing dbus-daemon configuration, tell Expat not to use + cryptographic-quality entropy as a salt for its hash tables: we trust + the configuration files, so we are not concerned about algorithmic + complexity attacks via hash table collisions. This prevents + dbus-daemon --system from holding up the boot process (and causing + early-boot system services like systemd, logind, networkd to time + out) on entropy-starved embedded systems. + (fd.o #101858, Simon McVittie) D-Bus 1.10.22 (2017-07-27) ==