diff --git a/backport-dbus-socket-set-msgheader-controllen-size-using-the-.patch b/backport-dbus-socket-set-msgheader-controllen-size-using-the-.patch new file mode 100644 index 0000000..33ce167 --- /dev/null +++ b/backport-dbus-socket-set-msgheader-controllen-size-using-the-.patch @@ -0,0 +1,32 @@ +From 743db9327bf8223dba59b1b666ba547a14e18afb Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Tue, 4 Apr 2023 01:58:02 +0100 +Subject: [PATCH] dbus/socket: set msgheader controllen size using the right + macro + +Use CMSG_SPACE to set the size of msg_controllen when sending FDs. +CMSG_LEN was used implicicly before, which for 1 FD is 20 bytes, +while CMSG_SPACE is 24 bytes. + +Signed-off-by: Luca Boccassi +Signed-off-by: David Rheinsberg +--- + src/dbus/socket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dbus/socket.c b/src/dbus/socket.c +index d429588..85eedda 100644 +--- a/src/dbus/socket.c ++++ b/src/dbus/socket.c +@@ -806,7 +806,7 @@ static int socket_dispatch_write(Socket *socket) { + buffer->message->fds && + socket_buffer_is_uncomsumed(buffer)) { + msg->msg_control = buffer->message->fds->cmsg; +- msg->msg_controllen = buffer->message->fds->cmsg->cmsg_len; ++ msg->msg_controllen = fdlist_size(buffer->message->fds); + } else { + msg->msg_control = NULL; + msg->msg_controllen = 0; +-- +2.33.0 + diff --git a/backport-launch-config-avoid-expat.h-in-header.patch b/backport-launch-config-avoid-expat.h-in-header.patch new file mode 100644 index 0000000..6aaf79a --- /dev/null +++ b/backport-launch-config-avoid-expat.h-in-header.patch @@ -0,0 +1,42 @@ +From c2f07184beddb26d7e62c4c32d6503ad47830152 Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Wed, 5 Jul 2023 09:41:11 +0200 +Subject: [PATCH] launch/config: avoid expat.h in header + +To reduce exposure of expat, avoid it in config.h. The only definition +we use can be easily forward-declared, and thus we can completely +contain expat in config.c. + +Signed-off-by: David Rheinsberg +--- + src/launch/config.h | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/launch/config.h b/src/launch/config.h +index c36819d..881974a 100644 +--- a/src/launch/config.h ++++ b/src/launch/config.h +@@ -6,9 +6,10 @@ + + #include + #include +-#include + #include + ++struct XML_ParserStruct; ++ + typedef struct ConfigPath ConfigPath; + typedef struct ConfigNode ConfigNode; + typedef struct ConfigParser ConfigParser; +@@ -218,7 +219,7 @@ struct ConfigRoot { + } + + struct ConfigParser { +- XML_Parser xml; ++ struct XML_ParserStruct *xml; + + struct ConfigState { + NSSCache *nss; +-- +2.33.0 + diff --git a/backport-launch-config-use-AT_RANDOM-for-XML-hash-salt.patch b/backport-launch-config-use-AT_RANDOM-for-XML-hash-salt.patch new file mode 100644 index 0000000..1a20bb2 --- /dev/null +++ b/backport-launch-config-use-AT_RANDOM-for-XML-hash-salt.patch @@ -0,0 +1,73 @@ +This fixes an issue where libexpat might read from `/dev/urandom` and +thus block until the entropy pool is initialized. This hidden +dependency is very hard to debug. Instead, we require the service +launcher to delay startup until suitable entropy is available. This +explicit dependency is much easier to manage, debug, and control. + +Reported-by: Stefan Agner +Signed-off-by: David Rheinsberg +--- + src/launch/config.c | 17 +++++++++++++++++ + src/launch/config.h | 1 + + 2 files changed, 18 insertions(+) + +diff --git a/src/launch/config.c b/src/launch/config.c +index 85521bd..4a6a11e 100644 +--- a/src/launch/config.c ++++ b/src/launch/config.c +@@ -6,6 +6,7 @@ + #include + #include + #include ++#include + #include "dbus/protocol.h" + #include "launch/config.h" + #include "launch/nss-cache.h" +@@ -1216,9 +1217,24 @@ static void config_parser_blob_fn(void *userdata, const XML_Char *data, int n_da + * config_parser_init() - XXX + */ + void config_parser_init(ConfigParser *parser) { ++ void *random; ++ + *parser = (ConfigParser)CONFIG_PARSER_NULL(*parser); + + parser->xml = XML_ParserCreate(NULL); ++ ++ /* ++ * The hash-tables of libexpat require a reliable random seed. ++ * Depending on libexpat compilation flags, this might end up using ++ * `/dev/urandom` and thus block until random-initialization is ++ * finished. We avoid this hidden dependency and instead use the ++ * entropy provided via `AT_RANDOM`. Hence, entropy availability is ++ * tightly coupled to process startup, and it is the job of the ++ * service manager to order processes accordingly. ++ */ ++ random = (void *)getauxval(AT_RANDOM); ++ assert(random); ++ memcpy(&parser->salt, random, sizeof(parser->salt)); + } + + /** +@@ -1262,6 +1278,7 @@ static int config_parser_include(ConfigParser *parser, ConfigRoot *root, ConfigN + } + + XML_ParserReset(parser->xml, NULL); ++ XML_SetHashSalt(parser->xml, parser->salt); + XML_SetUserData(parser->xml, &parser->state); + XML_SetElementHandler(parser->xml, config_parser_begin_fn, config_parser_end_fn); + XML_SetCharacterDataHandler(parser->xml, config_parser_blob_fn); +diff --git a/src/launch/config.h b/src/launch/config.h +index 4c8df18..8ae9be6 100644 +--- a/src/launch/config.h ++++ b/src/launch/config.h +@@ -216,6 +216,7 @@ struct ConfigRoot { + + struct ConfigParser { + struct XML_ParserStruct *xml; ++ unsigned long salt; + + struct ConfigState { + NSSCache *nss; +-- +2.33.0 + diff --git a/backport-util-fdlist-add-helper-to-return-list-size.patch b/backport-util-fdlist-add-helper-to-return-list-size.patch new file mode 100644 index 0000000..f76836c --- /dev/null +++ b/backport-util-fdlist-add-helper-to-return-list-size.patch @@ -0,0 +1,33 @@ +From b0096d204afcd5fd096ec35a8f7ab113bcc5ab95 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Tue, 4 Apr 2023 13:36:46 +0100 +Subject: [PATCH] util/fdlist: add helper to return list size + +Provide a new helper to return the space occupied by a full FDList. This +includes trailing padding and is required for cmsg-based transactions. + +Signed-off-by: Luca Boccassi +(fix commit message) +Signed-off-by: David Rheinsberg +--- + src/util/fdlist.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/util/fdlist.h b/src/util/fdlist.h +index 33ff73c..233ffc0 100644 +--- a/src/util/fdlist.h ++++ b/src/util/fdlist.h +@@ -33,6 +33,10 @@ static inline size_t fdlist_count(FDList *list) { + return list ? (list->cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int) : 0; + } + ++static inline size_t fdlist_size(FDList *list) { ++ return list ? CMSG_SPACE(fdlist_count(list) * sizeof(int)) : 0; ++} ++ + static inline int fdlist_get(FDList *list, size_t index) { + return index < fdlist_count(list) ? fdlist_data(list)[index] : -1; + } +-- +2.33.0 + diff --git a/backport-util-selinux-follow-permissive-mode.patch b/backport-util-selinux-follow-permissive-mode.patch new file mode 100644 index 0000000..3f921e9 --- /dev/null +++ b/backport-util-selinux-follow-permissive-mode.patch @@ -0,0 +1,39 @@ +From 01a500868f3343489c8b4af08e0e352874bdb04e Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Mon, 12 Jun 2023 12:09:12 +0200 +Subject: [PATCH] util/selinux: follow permissive mode + +Make sure to follow the rules of enforcing/permissive mode and avoid +operation denials in permissive mode. + +Reported-by: Daan De Meyer +Signed-off-by: David Rheinsberg +--- + src/util/selinux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/util/selinux.c b/src/util/selinux.c +index 4b61ec7..a72cc0a 100644 +--- a/src/util/selinux.c ++++ b/src/util/selinux.c +@@ -242,7 +242,7 @@ int bus_selinux_check_own(BusSELinuxRegistry *registry, + "dbus", + "acquire_svc", + NULL); +- if (r < 0) { ++ if (r < 0 && bus_selinux_is_enforcing()) { + /* + * Treat unknown contexts (possibly due to policy reload) + * as access denied. +@@ -289,7 +289,7 @@ int bus_selinux_check_send(BusSELinuxRegistry *registry, + "dbus", + "send_msg", + NULL); +- if (r < 0) { ++ if (r < 0 && bus_selinux_is_enforcing()) { + /* + * Treat unknown contexts (possibly due to policy reload) + * as access denied. +-- +2.33.0 + diff --git a/backport-util-selinux-provide-helper-to-check-enforcing-mode.patch b/backport-util-selinux-provide-helper-to-check-enforcing-mode.patch new file mode 100644 index 0000000..95ef45f --- /dev/null +++ b/backport-util-selinux-provide-helper-to-check-enforcing-mode.patch @@ -0,0 +1,72 @@ +From df23f09376386fbdefb4bcc049c1c81a9a893baf Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Mon, 12 Jun 2023 12:04:47 +0200 +Subject: [PATCH] util/selinux: provide helper to check enforcing mode + +Add a new helper to check the selinux enforcing mode. This will be used +in follow-ups to avoid AVC denials in permissive mode. + +Signed-off-by: David Rheinsberg +--- + src/util/selinux-fallback.c | 4 ++++ + src/util/selinux.c | 16 ++++++++++++++++ + src/util/selinux.h | 1 + + 3 files changed, 21 insertions(+) + +diff --git a/src/util/selinux-fallback.c b/src/util/selinux-fallback.c +index ec4d458..0654a07 100644 +--- a/src/util/selinux-fallback.c ++++ b/src/util/selinux-fallback.c +@@ -16,6 +16,10 @@ bool bus_selinux_is_enabled(void) { + return false; + } + ++bool bus_selinux_is_enforcing(void) { ++ return false; ++} ++ + const char *bus_selinux_policy_root(void) { + return NULL; + } +diff --git a/src/util/selinux.c b/src/util/selinux.c +index f8b4c8a..4b61ec7 100644 +--- a/src/util/selinux.c ++++ b/src/util/selinux.c +@@ -38,6 +38,22 @@ bool bus_selinux_is_enabled(void) { + return is_selinux_enabled(); + } + ++/** ++ * bus_selinux_is_enforcing() - checks if SELinux is in enforcing mode ++ * ++ * If selinux is not enabled or otherwise unavailable, this will return true. ++ * That is, this will only return false, if selinux is enabled and in ++ * permissive mode. ++ * ++ * Returns: true if SELinux is in enforcing mode, false otherwise. ++ */ ++bool bus_selinux_is_enforcing(void) { ++ if (bus_selinux_status_open) ++ return selinux_status_getenforce() != 0; ++ else ++ return security_getenforce() != 0; ++} ++ + /** + * bus_selinux_policy_root() - the root directory where the current SELinux policy can be found + * +diff --git a/src/util/selinux.h b/src/util/selinux.h +index 9a71e90..435c8a8 100644 +--- a/src/util/selinux.h ++++ b/src/util/selinux.h +@@ -16,6 +16,7 @@ enum { + }; + + bool bus_selinux_is_enabled(void); ++bool bus_selinux_is_enforcing(void); + const char *bus_selinux_policy_root(void); + + int bus_selinux_registry_new(BusSELinuxRegistry **registryp, const char *fallback_context); +-- +2.33.0 + diff --git a/backport-util-selinux-try-opening-the-status-page.patch b/backport-util-selinux-try-opening-the-status-page.patch new file mode 100644 index 0000000..b80b8cf --- /dev/null +++ b/backport-util-selinux-try-opening-the-status-page.patch @@ -0,0 +1,68 @@ +Subject: [PATCH] util/selinux: try opening the status page + +Try opening the selinux status page for faster access to selinux status +values. If running on older kernels without the status page, simply +avoid using it. + +Signed-off-by: David Rheinsberg +--- + src/util/selinux.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/src/util/selinux.c b/src/util/selinux.c +index 0264ea7..ea6af75 100644 +--- a/src/util/selinux.c ++++ b/src/util/selinux.c +@@ -27,6 +27,7 @@ struct BusSELinuxName { + typedef struct BusSELinuxName BusSELinuxName; + + static bool bus_selinux_avc_open; ++static bool bus_selinux_status_open; + + /** bus_selinux_is_enabled() - checks if SELinux is currently enabled + * +@@ -360,6 +361,29 @@ int bus_selinux_init_global(void) { + bus_selinux_avc_open = true; + } + ++ if (!bus_selinux_status_open) { ++ r = selinux_status_open(0); ++ if (r == 0) { ++ /* ++ * The status page was successfully opened and can now ++ * be used for faster selinux status-checks. ++ */ ++ bus_selinux_status_open = true; ++ } else if (r > 0) { ++ /* ++ * >0 indicates success but with the netlink-fallback. ++ * We didn't request the netlink-fallback, so close the ++ * status-page again and treat it as unavailable. ++ */ ++ selinux_status_close(); ++ } else { ++ /* ++ * If the status page could not be opened, treat it as ++ * unavailable and use the slower fallback functions. ++ */ ++ } ++ } ++ + selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)bus_selinux_log); + + /* XXX: set audit callback to get more metadata in the audit log? */ +@@ -378,6 +402,11 @@ void bus_selinux_deinit_global(void) { + if (!is_selinux_enabled()) + return; + ++ if (bus_selinux_status_open) { ++ selinux_status_close(); ++ bus_selinux_status_open = false; ++ } ++ + if (bus_selinux_avc_open) { + avc_destroy(); + bus_selinux_avc_open = false; +-- +2.33.0 + diff --git a/dbus-broker.spec b/dbus-broker.spec index 4d4a890..088ef1d 100644 --- a/dbus-broker.spec +++ b/dbus-broker.spec @@ -1,6 +1,6 @@ Name: dbus-broker Version: 29 -Release: 7 +Release: 8 Summary: Linux D-Bus Message Broker License: Apache License 2.0 URL: https://github.com/bus1/dbus-broker @@ -11,6 +11,13 @@ Patch0002: backport-CVE-2022-31212.patch Patch0003: enable-dbus-broker-to-reexecute.patch Patch0004: add-unit-test-for-dbus-broker.patch Patch0005: backport-bus-peer-fix-catching-OOM-when-linking-match-rules.patch +Patch0006: backport-dbus-socket-set-msgheader-controllen-size-using-the-.patch +Patch0007: backport-launch-config-avoid-expat.h-in-header.patch +Patch0008: backport-util-fdlist-add-helper-to-return-list-size.patch +Patch0009: backport-util-selinux-follow-permissive-mode.patch +Patch0010: backport-util-selinux-provide-helper-to-check-enforcing-mode.patch +Patch0011: backport-util-selinux-try-opening-the-status-page.patch +Patch0012: backport-launch-config-use-AT_RANDOM-for-XML-hash-salt.patch BuildRequires: cmake gcc glibc-devel meson python-docutils dbus BuildRequires: pkgconfig(expat) pkgconfig(libsystemd) pkgconfig(libselinux) @@ -88,6 +95,9 @@ fi %{_userunitdir}/dbus-broker.service %changelog +* Wed Aug 9 2023 hongjinghao - 29-8 +- sync patches from dbus-broker community + * Sun Jun 25 2023 hongjinghao - 29-7 - sync patches from dbus-broker community