From 33358666f4f4301b0aa8404de7352410843a4b27 Mon Sep 17 00:00:00 2001 From: David King Date: Nov 27 2014 20:57:44 +0000 Subject: Update to 1.6.28 - Fixes CVE-2014-3635 (fd.o#83622) - Fixes CVE-2014-3636 (fd.o#82820) - Fixes CVE-2014-3637 (fd.o#80559) - Fixes CVE-2014-3638 (fd.o#81053) - Fixes CVE-2014-3639 (fd.o#80919) - Fixes CVE-2014-7824 (fd.o#85105) - Fixes CVE-2014-7824 (fd.o#85105) - Fixes CVE-2014-3477 (fd.o#78979) - Fixes CVE-2014-3532 (fd.o#80163) - Fixes CVE-2014-3533 (fd.o#80469) --- diff --git a/.gitignore b/.gitignore index 4489cbc..f388415 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ /dbus-1.6.6.tar.gz /dbus-1.6.8.tar.gz /dbus-1.6.12.tar.gz +/dbus-1.6.28.tar.gz diff --git a/0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch b/0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch deleted file mode 100644 index b97c9dc..0000000 --- a/0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch +++ /dev/null @@ -1,57 +0,0 @@ -From fc600b6a8f0dec5642b45c1026dee24c9adb9bc2 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Wed, 4 Sep 2013 17:53:23 +0100 -Subject: [PATCH] _dbus_babysitter_unref: avoid infinite loop if waitpid() - returns EINTR - -If waitpid() failed with EINTR, we'd go back for another go, but -because ret is nonzero, we'd skip the waitpid() and just keep looping. - -Also avoid an unnecessary "goto" in favour of a proper loop, to make it -more clearly correct. - -Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68945 -Reviewed-by: Colin Walters ---- - dbus/dbus-spawn.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/dbus/dbus-spawn.c b/dbus/dbus-spawn.c -index ef00801..6e42f55 100644 ---- a/dbus/dbus-spawn.c -+++ b/dbus/dbus-spawn.c -@@ -304,23 +304,26 @@ _dbus_babysitter_unref (DBusBabysitter *sitter) - - /* If we couldn't reap the child then kill it, and - * try again - */ - if (ret == 0) - kill (sitter->sitter_pid, SIGKILL); - -- again: - if (ret == 0) -- ret = waitpid (sitter->sitter_pid, &status, 0); -+ { -+ do -+ { -+ ret = waitpid (sitter->sitter_pid, &status, 0); -+ } -+ while (_DBUS_UNLIKELY (ret < 0 && errno == EINTR)); -+ } - - if (ret < 0) - { -- if (errno == EINTR) -- goto again; -- else if (errno == ECHILD) -+ if (errno == ECHILD) - _dbus_warn ("Babysitter process not available to be reaped; should not happen\n"); - else - _dbus_warn ("Unexpected error %d in waitpid() for babysitter: %s\n", - errno, _dbus_strerror (errno)); - } - else - { --- -1.8.3.1 - diff --git a/dbus.spec b/dbus.spec index 8dc670d..d10cbf7 100644 --- a/dbus.spec +++ b/dbus.spec @@ -12,8 +12,8 @@ Summary: D-BUS message bus Name: dbus Epoch: 1 -Version: 1.6.12 -Release: 2%{?dist} +Version: 1.6.28 +Release: 1%{?dist} URL: http://www.freedesktop.org/software/dbus/ #VCS: git:git://git.freedesktop.org/git/dbus/dbus Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz @@ -42,8 +42,6 @@ Requires(pre): /usr/sbin/useradd # FIXME this should be upstreamed; need --daemon-bindir=/bin and --bindir=/usr/bin or something? Patch0: bindir.patch -# fdo#68945; fixed in dbus >= 1.6.14 -Patch1: 0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch %description D-BUS is a system for sending messages between applications. It is @@ -93,7 +91,6 @@ in this separate package so server systems need not install X. /bin/chmod 0644 COPYING ChangeLog NEWS %patch0 -p1 -b .bindir -%patch1 -p1 -b .loop %build if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf -v -f -i; fi @@ -228,6 +225,19 @@ fi %{_includedir}/* %changelog +* Thu Nov 27 2014 David King - 1:1.6.28-1 +- Update to 1.6.28 +- Fixes CVE-2014-3635 (fd.o#83622) +- Fixes CVE-2014-3636 (fd.o#82820) +- Fixes CVE-2014-3637 (fd.o#80559) +- Fixes CVE-2014-3638 (fd.o#81053) +- Fixes CVE-2014-3639 (fd.o#80919) +- Fixes CVE-2014-7824 (fd.o#85105) +- Fixes CVE-2014-3477 (fd.o#78979) +- Fixes CVE-2014-3532 (fd.o#80163) +- Fixes CVE-2014-3533 (fd.o#80469) +- Resolves #1115636 + * Mon Nov 11 2013 Dan Williams - 1:1.6.12-2 - Fix fdo#68945; infinite loop in _dbus_babysitter_unref() diff --git a/sources b/sources index 260dc42..84c47b4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a70edc50524f258eaf5c9a9994ed8748 dbus-1.6.12.tar.gz +80935a10a64620f1d0bded39735430a6 dbus-1.6.28.tar.gz