--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package dbus. This new upstream release fixes a couple
of symlink attacks in rare code paths, which could be argued to be
security vulnerabilities by someone sufficiently pedantic (I'm going
to raise this with the security team, but I suspect they will not
consider it worth doing a stable update).
I would like to track the dbus-1.10 branch in stretch-as-stable,
as I have for dbus-1.8 in jessie. I am an upstream dbus maintainer,
and I plan to continue to produce minimal upstream stable releases.
I plan to release dbus 1.12.0 at some point in the near future (during
or soon after the stretch freeze), at which point 1.10.x will go from
"bug fixes only" to "security fixes only".
unblock dbus/1.10.16-1
Thanks,
S
-- System Information:
Debian Release: 9.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'),
(500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for dbus-1.10.14 dbus-1.10.16
Makefile.in | 2 +-
NEWS | 34 ++++++++++++++++++++++++++++++++++
bus/activation.c | 20 +++++---------------
configure | 26 +++++++++++++-------------
configure.ac | 4 ++--
dbus/dbus-keyring.c | 2 +-
dbus/dbus-sysdeps-unix.c | 31 ++++++++++++++++++++++++++++++-
dbus/dbus-sysdeps-win.c | 31 ++++++++++++++++++++++++++++++-
dbus/dbus-sysdeps.h | 3 +++
debian/changelog | 9 +++++++++
doc/Makefile.in | 2 +-
11 files changed, 129 insertions(+), 35 deletions(-)
diff -Nru dbus-1.10.14/bus/activation.c dbus-1.10.16/bus/activation.c
--- dbus-1.10.14/bus/activation.c 2016-11-28 15:50:28.000000000 +0000
+++ dbus-1.10.16/bus/activation.c 2017-02-16 13:46:23.000000000 +0000
@@ -2436,21 +2436,8 @@
static dbus_bool_t
init_service_reload_test (DBusString *dir)
{
- DBusStat stat_buf;
-
- if (!_dbus_stat (dir, &stat_buf, NULL))
- {
- if (!_dbus_create_directory (dir, NULL))
- return FALSE;
- }
- else
- {
- if (!test_remove_directory (dir))
- return FALSE;
-
- if (!_dbus_create_directory (dir, NULL))
- return FALSE;
- }
+ if (!_dbus_create_directory (dir, NULL))
+ return FALSE;
/* Create one initial file */
if (!test_create_service_file (dir, SERVICE_FILE_1, SERVICE_NAME_1, "exec-1"))
@@ -2638,6 +2625,9 @@
/* Do nothing? */
}
+ if (!cleanup_service_reload_test (&directory))
+ goto out;
+
/* Do OOM tests */
if (!init_service_reload_test (&directory))
_dbus_assert_not_reached ("could not initiate service reload test");
diff -Nru dbus-1.10.14/configure dbus-1.10.16/configure
--- dbus-1.10.14/configure 2016-11-28 18:48:55.000000000 +0000
+++ dbus-1.10.16/configure 2017-02-16 13:47:19.000000000 +0000
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for dbus 1.10.14.
+# Generated by GNU Autoconf 2.69 for dbus 1.10.16.
#
# Report bugs to <https://bugs.freedesktop.org/enter_bug.cgi?product=dbus>.
#
@@ -591,8 +591,8 @@
# Identity of this package.
PACKAGE_NAME='dbus'
PACKAGE_TARNAME='dbus'
-PACKAGE_VERSION='1.10.14'
-PACKAGE_STRING='dbus 1.10.14'
+PACKAGE_VERSION='1.10.16'
+PACKAGE_STRING='dbus 1.10.16'
PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=dbus'
PACKAGE_URL=''
@@ -1553,7 +1553,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures dbus 1.10.14 to adapt to many kinds of systems.
+\`configure' configures dbus 1.10.16 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1628,7 +1628,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of dbus 1.10.14:";;
+ short | recursive ) echo "Configuration of dbus 1.10.16:";;
esac
cat <<\_ACEOF
@@ -1841,7 +1841,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-dbus configure 1.10.14
+dbus configure 1.10.16
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2617,7 +2617,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by dbus $as_me 1.10.14, which was
+It was created by dbus $as_me 1.10.16, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3560,7 +3560,7 @@
# Define the identity of the package.
PACKAGE='dbus'
- VERSION='1.10.14'
+ VERSION='1.10.16'
cat >>confdefs.h <<_ACEOF
@@ -3860,7 +3860,7 @@
## increment any time the source changes; set to
## 0 if you increment CURRENT
-LT_REVISION=9
+LT_REVISION=10
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has
@@ -3875,8 +3875,8 @@
DBUS_MAJOR_VERSION=1
DBUS_MINOR_VERSION=10
-DBUS_MICRO_VERSION=14
-DBUS_VERSION=1.10.14
+DBUS_MICRO_VERSION=16
+DBUS_VERSION=1.10.16
@@ -24925,7 +24925,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by dbus $as_me 1.10.14, which was
+This file was extended by dbus $as_me 1.10.16, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -24991,7 +24991,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-dbus config.status 1.10.14
+dbus config.status 1.10.16
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru dbus-1.10.14/configure.ac dbus-1.10.16/configure.ac
--- dbus-1.10.14/configure.ac 2016-11-28 18:48:37.000000000 +0000
+++ dbus-1.10.16/configure.ac 2017-02-16 13:46:56.000000000 +0000
@@ -3,7 +3,7 @@
m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [10])
-m4_define([dbus_micro_version], [14])
+m4_define([dbus_micro_version], [16])
m4_define([dbus_version],
[dbus_major_version.dbus_minor_version.dbus_micro_version])
AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
@@ -38,7 +38,7 @@
## increment any time the source changes; set to
## 0 if you increment CURRENT
-LT_REVISION=9
+LT_REVISION=10
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has
diff -Nru dbus-1.10.14/dbus/dbus-keyring.c dbus-1.10.16/dbus/dbus-keyring.c
--- dbus-1.10.14/dbus/dbus-keyring.c 2016-11-28 15:50:28.000000000 +0000
+++ dbus-1.10.16/dbus/dbus-keyring.c 2017-02-16 13:46:23.000000000 +0000
@@ -807,7 +807,7 @@
* unless someone else manages to create it
*/
dbus_error_init (&tmp_error);
- if (!_dbus_create_directory (&keyring->directory,
+ if (!_dbus_ensure_directory (&keyring->directory,
&tmp_error))
{
_dbus_verbose ("Creating keyring directory: %s\n",
diff -Nru dbus-1.10.14/dbus/dbus-sysdeps.h dbus-1.10.16/dbus/dbus-sysdeps.h
--- dbus-1.10.14/dbus/dbus-sysdeps.h 2016-11-28 15:50:28.000000000 +0000
+++ dbus-1.10.16/dbus/dbus-sysdeps.h 2017-02-16 13:46:23.000000000 +0000
@@ -421,6 +421,9 @@
dbus_bool_t _dbus_create_directory (const DBusString *filename,
DBusError *error);
DBUS_PRIVATE_EXPORT
+dbus_bool_t _dbus_ensure_directory (const DBusString *filename,
+ DBusError *error);
+DBUS_PRIVATE_EXPORT
dbus_bool_t _dbus_delete_directory (const DBusString *filename,
DBusError *error);
diff -Nru dbus-1.10.14/dbus/dbus-sysdeps-unix.c dbus-1.10.16/dbus/dbus-sysdeps-unix.c
--- dbus-1.10.14/dbus/dbus-sysdeps-unix.c 2016-11-28 15:50:28.000000000 +0000
+++ dbus-1.10.16/dbus/dbus-sysdeps-unix.c 2017-02-16 13:46:23.000000000 +0000
@@ -2953,7 +2953,7 @@
* @returns #TRUE on success
*/
dbus_bool_t
-_dbus_create_directory (const DBusString *filename,
+_dbus_ensure_directory (const DBusString *filename,
DBusError *error)
{
const char *filename_c;
@@ -2970,6 +2970,35 @@
dbus_set_error (error, DBUS_ERROR_FAILED,
"Failed to create directory %s: %s\n",
filename_c, _dbus_strerror (errno));
+ return FALSE;
+ }
+ else
+ return TRUE;
+}
+
+/**
+ * Creates a directory. Unlike _dbus_ensure_directory(), this only succeeds
+ * if the directory is genuinely newly-created.
+ *
+ * @param filename directory filename
+ * @param error initialized error object
+ * @returns #TRUE on success
+ */
+dbus_bool_t
+_dbus_create_directory (const DBusString *filename,
+ DBusError *error)
+{
+ const char *filename_c;
+
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+ filename_c = _dbus_string_get_const_data (filename);
+
+ if (mkdir (filename_c, 0700) < 0)
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "Failed to create directory %s: %s\n",
+ filename_c, _dbus_strerror (errno));
return FALSE;
}
else
diff -Nru dbus-1.10.14/dbus/dbus-sysdeps-win.c dbus-1.10.16/dbus/dbus-sysdeps-win.c
--- dbus-1.10.14/dbus/dbus-sysdeps-win.c 2016-11-28 15:50:28.000000000 +0000
+++ dbus-1.10.16/dbus/dbus-sysdeps-win.c 2017-02-16 13:46:23.000000000 +0000
@@ -2224,6 +2224,35 @@
}
/**
+ * Creates a directory. Unlike _dbus_ensure_directory(), this only succeeds
+ * if the directory is genuinely newly-created.
+ *
+ * @param filename directory filename
+ * @param error initialized error object
+ * @returns #TRUE on success
+ */
+dbus_bool_t
+_dbus_create_directory (const DBusString *filename,
+ DBusError *error)
+{
+ const char *filename_c;
+
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+ filename_c = _dbus_string_get_const_data (filename);
+
+ if (!CreateDirectoryA (filename_c, NULL))
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "Failed to create directory %s: %s\n",
+ filename_c, _dbus_strerror_from_errno ());
+ return FALSE;
+ }
+ else
+ return TRUE;
+}
+
+/**
* Creates a directory; succeeds if the directory
* is created or already existed.
*
@@ -2232,7 +2261,7 @@
* @returns #TRUE on success
*/
dbus_bool_t
-_dbus_create_directory (const DBusString *filename,
+_dbus_ensure_directory (const DBusString *filename,
DBusError *error)
{
const char *filename_c;
diff -Nru dbus-1.10.14/debian/changelog dbus-1.10.16/debian/changelog
--- dbus-1.10.14/debian/changelog 2016-11-28 21:58:04.000000000 +0000
+++ dbus-1.10.16/debian/changelog 2017-02-16 14:21:41.000000000 +0000
@@ -1,3 +1,12 @@
+dbus (1.10.16-1) unstable; urgency=medium
+
+ * New upstream release
+ - Contains a security fix for a potential symlink attack in the
+ nonce-tcp transport. That transport is not normally used (or
+ recommended) on Unix.
+
+ -- Simon McVittie <s...@debian.org> Thu, 16 Feb 2017 14:21:41 +0000
+
dbus (1.10.14-1) unstable; urgency=medium
* New upstream release
diff -Nru dbus-1.10.14/doc/Makefile.in dbus-1.10.16/doc/Makefile.in
--- dbus-1.10.14/doc/Makefile.in 2016-11-28 18:48:56.000000000 +0000
+++ dbus-1.10.16/doc/Makefile.in 2017-02-16 13:47:18.000000000 +0000
@@ -723,8 +723,8 @@
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-@DBUS_DOXYGEN_DOCS_ENABLED_FALSE@uninstall-local:
@DBUS_DOXYGEN_DOCS_ENABLED_FALSE@install-data-local:
+@DBUS_DOXYGEN_DOCS_ENABLED_FALSE@uninstall-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
diff -Nru dbus-1.10.14/Makefile.in dbus-1.10.16/Makefile.in
--- dbus-1.10.14/Makefile.in 2016-11-28 18:48:55.000000000 +0000
+++ dbus-1.10.16/Makefile.in 2017-02-16 13:47:18.000000000 +0000
@@ -234,7 +234,7 @@
$(top_srcdir)/bus/systemd-user/dbus.service.in \
$(top_srcdir)/bus/systemd-user/dbus.socket.in AUTHORS COPYING \
ChangeLog INSTALL NEWS README build-aux/compile \
- build-aux/config.guess build-aux/config.sub build-aux/depcomp \
+ build-aux/config.guess build-aux/config.sub \
build-aux/install-sh build-aux/ltmain.sh build-aux/missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
diff -Nru dbus-1.10.14/NEWS dbus-1.10.16/NEWS
--- dbus-1.10.14/NEWS 2016-11-28 18:48:37.000000000 +0000
+++ dbus-1.10.16/NEWS 2017-02-16 14:11:55.000000000 +0000
@@ -1,3 +1,37 @@
+D-Bus 1.10.16 (2017-02-16)
+==
+
+The “super digging powers” release.
+
+The fixes in this release are arguably security fixes, but if they
+affect you, please take this opportunity to rethink how you are
+configuring dbus.
+
+Enhancements:
+
+• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
+ stable and Debian testing in addition to the older Ubuntu that is
+ the default (fd.o #98889, Simon McVittie)
+
+Fixes:
+
+• Prevent symlink attacks in the nonce-tcp transport on Unix that could
+ allow an attacker to overwrite a file named "nonce", in a directory
+ that the user running dbus-daemon can write, with a random value
+ known only to the user running dbus-daemon. This is unlikely to be
+ exploitable in practice, particularly since the nonce-tcp transport
+ is really only useful on Windows.
+
+ On Unix systems we strongly recommend using only the unix: and systemd:
+ transports, together with EXTERNAL authentication. These are the only
+ transports and authentication mechanisms enabled by default,
+
+ (fd.o #99828, Simon McVittie)
+
+• Avoid symlink attacks in the "embedded tests", which are not enabled
+ by default and should never be enabled in production builds of dbus.
+ (fd.o #99828, Simon McVittie)
+
D-Bus 1.10.14 (2016-11-28)
==
--- End Message ---
