Bug#630520: pu: package dbus/1.2.24-4+squeeze1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#630520: pu: package dbus/1.2.24-4+squeeze1
From: Simon McVittie <smcv@debian.org>
Date: Tue, 14 Jun 2011 20:02:26 +0100
Message-id: <[🔎] 20110614190226.GA30808@reptile.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 630520@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

The security team have indicated that CVE-2011-2200 (Bug #629938, a local
DoS) will not be fixed in a DSA. Here's a proposed patch for a stable update,
already tested on a squeeze laptop. OK to upload?

Thanks,
    S

diffstat for dbus-1.2.24 dbus-1.2.24

 changelog                                     |    8 ++++
 control                                       |    4 +-
 patches/13-629938-_dbus_header_byteswap.patch |   46 ++++++++++++++++++++++++++
 patches/series                                |    1 
 4 files changed, 57 insertions(+), 2 deletions(-)

diff -Nru dbus-1.2.24/debian/changelog dbus-1.2.24/debian/changelog
--- dbus-1.2.24/debian/changelog	2010-12-21 17:46:17.000000000 +0000
+++ dbus-1.2.24/debian/changelog	2011-06-14 19:45:07.000000000 +0100
@@ -1,3 +1,11 @@
+dbus (1.2.24-4+squeeze1) stable; urgency=low
+
+  * Update Vcs-* control fields to reflect the move to git
+  * Apply patch to fix upstream bug fd.o #38120, which is a local DoS for
+    system services (Closes: #629938)
+
+ -- Simon McVittie <smcv@debian.org>  Tue, 14 Jun 2011 19:45:00 +0100
+
 dbus (1.2.24-4) unstable; urgency=high
 
   * debian/patches/12-CVE-2010-4352-reject-deeply-nested-variants.patch
diff -Nru dbus-1.2.24/debian/control dbus-1.2.24/debian/control
--- dbus-1.2.24/debian/control	2010-12-21 17:32:03.000000000 +0000
+++ dbus-1.2.24/debian/control	2011-06-12 12:31:16.000000000 +0100
@@ -17,8 +17,8 @@
                libx11-dev,
                libselinux1-dev [linux-any]
 Standards-Version: 3.9.0
-Vcs-Svn: svn://svn.debian.org/pkg-utopia/packages/unstable/dbus/
-Vcs-Browser: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/dbus/
+Vcs-Git: git://anonscm.debian.org/pkg-utopia/dbus.git
+Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-utopia/dbus.git
 Homepage: http://dbus.freedesktop.org/
 
 Package: dbus
diff -Nru dbus-1.2.24/debian/patches/13-629938-_dbus_header_byteswap.patch dbus-1.2.24/debian/patches/13-629938-_dbus_header_byteswap.patch
--- dbus-1.2.24/debian/patches/13-629938-_dbus_header_byteswap.patch	1970-01-01 01:00:00.000000000 +0100
+++ dbus-1.2.24/debian/patches/13-629938-_dbus_header_byteswap.patch	2011-06-12 12:43:20.000000000 +0100
@@ -0,0 +1,46 @@
+From: Simon McVittie <simon.mcvittie@collabora.co.uk>
+Date: Thu, 9 Jun 2011 17:52:10 +0100
+Subject: [PATCH] _dbus_header_byteswap: change the first byte of the message,
+ not just the struct member
+
+This has been wrong approximately forever, for instance see:
+http://lists.freedesktop.org/archives/dbus/2007-March/007357.html
+
+This prevents a local DoS, in which users can disconnect a system service
+from the system bus by sending a non-native-endian message to it.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38120
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938
+Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
+Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?id=c3223ba6
+Applied-upstream: 1.4.12, commit:c3223ba6c401ba81df1305851312a47c485e6cd7
+Applied-upstream: 1.2.28, commit:6519a1f77c61d753d4c97efd6e15630eb275336e
+---
+ dbus/dbus-marshal-header.c |    6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/dbus/dbus-marshal-header.c b/dbus/dbus-marshal-header.c
+index 3f31d7a..a6c9b80 100644
+--- a/dbus/dbus-marshal-header.c
++++ b/dbus/dbus-marshal-header.c
+@@ -1468,14 +1468,20 @@ void
+ _dbus_header_byteswap (DBusHeader *header,
+                        int         new_order)
+ {
++  unsigned char byte_order;
++
+   if (header->byte_order == new_order)
+     return;
+ 
++  byte_order = _dbus_string_get_byte (&header->data, BYTE_ORDER_OFFSET);
++  _dbus_assert (header->byte_order == byte_order);
++
+   _dbus_marshal_byteswap (&_dbus_header_signature_str,
+                           0, header->byte_order,
+                           new_order,
+                           &header->data, 0);
+ 
++  _dbus_string_set_byte (&header->data, BYTE_ORDER_OFFSET, new_order);
+   header->byte_order = new_order;
+ }
+ 
diff -Nru dbus-1.2.24/debian/patches/series dbus-1.2.24/debian/patches/series
--- dbus-1.2.24/debian/patches/series	2010-12-21 17:34:52.000000000 +0000
+++ dbus-1.2.24/debian/patches/series	2011-06-12 12:51:34.000000000 +0100
@@ -3,3 +3,4 @@
 10_dbus-1.0.1-generate-xml-docs.patch
 11-589662-reload-kqueue.patch
 12-CVE-2010-4352-reject-deeply-nested-variants.patch
+13-629938-_dbus_header_byteswap.patch

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#630520: pu: package dbus/1.2.24-4+squeeze1
  - From: Simon McVittie <smcv@debian.org>
- Bug#630520: pu: package dbus/1.2.24-4+squeeze1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#623148: pu: package webkit/1.2.7-0+squeeze2
Next by Date: Bug#630511: transition gnutls26
Previous by thread: Processed: Re: Bug#623148: pu: package webkit/1.2.7-0+squeeze2
Next by thread: Bug#630520: pu: package dbus/1.2.24-4+squeeze1
Index(es):
- Date
- Thread