head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q2:1.1.0.16 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.14 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.12 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.10 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.8 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.6 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.4 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2012.08.01.17.52.21; author drochner; state dead; branches; next 1.1; 1.1 date 2010.12.29.10.49.21; author tron; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2010.12.29.10.49.21; author sbd; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2010.12.30.03.37.22; author sbd; state Exp; branches; next ; desc @@ 1.2 log @update to 1.6.4 this is a step of two major branches, to much to list here pkgsrc notes: -I've left out our NETBSD_ATOMIC_OPS patch because it is very invasive and gcc intrinsics are hopefully good enough -A workaround for non-standard behavior of vsnprintf has been added upstream, for HPUX as the comment says. We had a patch for __hpux||__sgi which is removed now - the sgi case should be checked. @ text @$NetBSD: patch-CVE-2010-4352-2,v 1.1 2010/12/29 10:49:21 tron Exp $ Fix for CVE-2010-4352 taken from here: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=5042c1e5e6df31700215c9dc0618634911b0c9f5 --- dbus/dbus-message-factory.c.orig 2009-05-06 18:26:48.000000000 +0100 +++ dbus/dbus-message-factory.c 2010-12-29 10:35:49.000000000 +0000 @@@@ -333,6 +333,53 @@@@ return message; } +static DBusMessage* +message_with_nesting_levels (int levels) +{ + DBusMessage *message; + dbus_int32_t v_INT32; + DBusMessageIter *parents; + DBusMessageIter *children; + int i; + + /* If levels is higher it breaks sig_refcount in DBusMessageRealIter + * in dbus-message.c, this assert is just to help you know you need + * to fix that if you hit it + */ + _dbus_assert (levels < 256); + + parents = dbus_new(DBusMessageIter, levels + 1); + children = dbus_new(DBusMessageIter, levels + 1); + + v_INT32 = 42; + message = simple_method_call (); + + i = 0; + dbus_message_iter_init_append (message, &parents[i]); + while (i < levels) + { + dbus_message_iter_open_container (&parents[i], DBUS_TYPE_VARIANT, + i == (levels - 1) ? + DBUS_TYPE_INT32_AS_STRING : + DBUS_TYPE_VARIANT_AS_STRING, + &children[i]); + ++i; + parents[i] = children[i-1]; + } + --i; + dbus_message_iter_append_basic (&children[i], DBUS_TYPE_INT32, &v_INT32); + while (i >= 0) + { + dbus_message_iter_close_container (&parents[i], &children[i]); + --i; + } + + dbus_free(parents); + dbus_free(children); + + return message; +} + static dbus_bool_t generate_special (DBusMessageDataIter *iter, DBusString *data, @@@@ -735,6 +782,24 @@@@ *expected_validity = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS; } + else if (item_seq == 20) + { + /* 64 levels of nesting is OK */ + message = message_with_nesting_levels(64); + + generate_from_message (data, expected_validity, message); + + *expected_validity = DBUS_VALID; + } + else if (item_seq == 21) + { + /* 65 levels of nesting is not OK */ + message = message_with_nesting_levels(65); + + generate_from_message (data, expected_validity, message); + + *expected_validity = DBUS_INVALID_NESTED_TOO_DEEPLY; + } else { return FALSE; @ 1.1 log @Add fix for vulnerability reported in CVE-2010-4352 (SA42580) taken from the "dbus" GIT repository. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2010-4352-2 was added on branch pkgsrc-2010Q3 on 2010-12-30 03:37:22 +0000 @ text @d1 87 @ 1.1.2.2 log @Pullup ticket #3313 - requested by tron Security patch for "sysutils/dbus" Revisions pulled up: - sysutils/dbus/Makefile 1.50 - sysutils/dbus/distinfo 1.36 - sysutils/dbus/patches/patch-CVE-2010-4352-1 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-2 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-3 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-4 1.1 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Wed Dec 29 10:49:21 UTC 2010 Modified Files: pkgsrc/sysutils/dbus: Makefile distinfo Added Files: pkgsrc/sysutils/dbus/patches: patch-CVE-2010-4352-1 patch-CVE-2010-4352-2 patch-CVE-2010-4352-3 patch-CVE-2010-4352-4 Log Message: Add fix for vulnerability reported in CVE-2010-4352 (SA42580) taken from the "dbus" GIT repository. @ text @a0 87 $NetBSD: patch-CVE-2010-4352-2,v 1.1 2010/12/29 10:49:21 tron Exp $ Fix for CVE-2010-4352 taken from here: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=5042c1e5e6df31700215c9dc0618634911b0c9f5 --- dbus/dbus-message-factory.c.orig 2009-05-06 18:26:48.000000000 +0100 +++ dbus/dbus-message-factory.c 2010-12-29 10:35:49.000000000 +0000 @@@@ -333,6 +333,53 @@@@ return message; } +static DBusMessage* +message_with_nesting_levels (int levels) +{ + DBusMessage *message; + dbus_int32_t v_INT32; + DBusMessageIter *parents; + DBusMessageIter *children; + int i; + + /* If levels is higher it breaks sig_refcount in DBusMessageRealIter + * in dbus-message.c, this assert is just to help you know you need + * to fix that if you hit it + */ + _dbus_assert (levels < 256); + + parents = dbus_new(DBusMessageIter, levels + 1); + children = dbus_new(DBusMessageIter, levels + 1); + + v_INT32 = 42; + message = simple_method_call (); + + i = 0; + dbus_message_iter_init_append (message, &parents[i]); + while (i < levels) + { + dbus_message_iter_open_container (&parents[i], DBUS_TYPE_VARIANT, + i == (levels - 1) ? + DBUS_TYPE_INT32_AS_STRING : + DBUS_TYPE_VARIANT_AS_STRING, + &children[i]); + ++i; + parents[i] = children[i-1]; + } + --i; + dbus_message_iter_append_basic (&children[i], DBUS_TYPE_INT32, &v_INT32); + while (i >= 0) + { + dbus_message_iter_close_container (&parents[i], &children[i]); + --i; + } + + dbus_free(parents); + dbus_free(children); + + return message; +} + static dbus_bool_t generate_special (DBusMessageDataIter *iter, DBusString *data, @@@@ -735,6 +782,24 @@@@ *expected_validity = DBUS_INVALID_DICT_ENTRY_HAS_NO_FIELDS; } + else if (item_seq == 20) + { + /* 64 levels of nesting is OK */ + message = message_with_nesting_levels(64); + + generate_from_message (data, expected_validity, message); + + *expected_validity = DBUS_VALID; + } + else if (item_seq == 21) + { + /* 65 levels of nesting is not OK */ + message = message_with_nesting_levels(65); + + generate_from_message (data, expected_validity, message); + + *expected_validity = DBUS_INVALID_NESTED_TOO_DEEPLY; + } else { return FALSE; @