[oe-commits] org.oe.dev dbus 1.0.1: apply patch to fix CVE-2006-6107

koen commit openembedded-commits at lists.openembedded.org
Thu Dec 14 13:35:28 UTC 2006 

dbus 1.0.1: apply patch to fix CVE-2006-6107

Author: koen at openembedded.org
Branch: org.openembedded.dev
Revision: 8ed5d1634e5cf85d56285543499643908effdede
ViewMTN: http://monotone.openembedded.org/revision.psp?id=8ed5d1634e5cf85d56285543499643908effdede
Files:
1
packages/dbus/dbus-1.0.1/dbus-exploit-fix.patch
packages/dbus/dbus_1.0.1.bb
Diffs:

#
# mt diff -rab4307bb43ca98194d8a249af907fb7532555b92 -r8ed5d1634e5cf85d56285543499643908effdede
#
# 
# 
# add_file "packages/dbus/dbus-1.0.1/dbus-exploit-fix.patch"
#  content [2c52ca724f0c399dff9f2e7f08e6a29660239109]
# 
# patch "packages/dbus/dbus_1.0.1.bb"
#  from [6ed19ca20d60c52cb6cc1d84d8d604df92d23261]
#    to [dfd25c7f8e0c631187fe501de4591b6a17750938]
# 
============================================================
--- packages/dbus/dbus-1.0.1/dbus-exploit-fix.patch	2c52ca724f0c399dff9f2e7f08e6a29660239109
+++ packages/dbus/dbus-1.0.1/dbus-exploit-fix.patch	2c52ca724f0c399dff9f2e7f08e6a29660239109
@@ -0,0 +1,21 @@
+https://bugs.freedesktop.org/show_bug.cgi?id=9142
+
+[..] the use case was the following. There
+are three processes A, B, and C. All of them add the same match (same value). A
+is started first, then B, and lastly C. Now, B and C are closed: if B is closed
+before C, A's match is removed; but if C is closed before B, A's match is not
+removed (no buggy behaviour). (B and C call dbus_bus_remove_match on exit.)
+
+diff -pur 0.61-osso23/bus/signals.c 0.61-osso23.new/bus/signals.c
+--- 0.61-osso23/bus/signals.c	2006-11-23 16:46:52.589602192 +0200
++++ 0.61-osso23.new/bus/signals.c	2006-11-23 16:49:28.873843376 +0200
+@@ -1067,6 +1067,9 @@ match_rule_equal (BusMatchRule *a,
+   if (a->flags != b->flags)
+     return FALSE;
+ 
++  if (a->matches_go_to != b->matches_go_to)
++    return FALSE;
++
+   if ((a->flags & BUS_MATCH_MESSAGE_TYPE) &&
+       a->message_type != b->message_type)
+     return FALSE;
============================================================
--- packages/dbus/dbus_1.0.1.bb	6ed19ca20d60c52cb6cc1d84d8d604df92d23261
+++ packages/dbus/dbus_1.0.1.bb	dfd25c7f8e0c631187fe501de4591b6a17750938
@@ -1,3 +1,5 @@ require dbus.inc
 require dbus.inc
 
+SRC_URI += "file://dbus-exploit-fix.patch;patch=1"
+
+PR = "r2"
-PR = "r1"

More information about the Openembedded-commits mailing list