diff options
| author | Maxim Cournoyer <[email protected]> | 2022-01-25 22:07:13 -0500 |
|---|---|---|
| committer | Maxim Cournoyer <[email protected]> | 2022-01-25 22:07:13 -0500 |
| commit | 1a5302435ff0d2822b823f5a6fe01faa7a85c629 (patch) | |
| tree | ac7810c88b560532f22d2bab2e59609cd7305c21 /gnu/packages/patches/dbus-CVE-2020-12049.patch | |
| parent | 3ff2ac4980dacf10087e4b42bd9fbc490591900c (diff) | |
| parent | 070b8a893febd6e7d8b2b7c8c4dcebacf7845aa9 (diff) | |
Merge branch 'master' into staging.
With "conflicts" solved (all in favor of master except git) in:
gnu/local.mk
gnu/packages/databases.scm
gnu/packages/glib.scm
gnu/packages/gnome.scm
gnu/packages/gnupg.scm
gnu/packages/gnuzilla.scm
gnu/packages/graphics.scm
gnu/packages/gstreamer.scm
gnu/packages/gtk.scm
gnu/packages/linux.scm
gnu/packages/machine-learning.scm
gnu/packages/networking.scm
gnu/packages/polkit.scm
gnu/packages/pulseaudio.scm
gnu/packages/rpc.scm
gnu/packages/rust.scm
gnu/packages/version-control.scm
gnu/packages/w3m.scm
Diffstat (limited to 'gnu/packages/patches/dbus-CVE-2020-12049.patch')
| -rw-r--r-- | gnu/packages/patches/dbus-CVE-2020-12049.patch | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/gnu/packages/patches/dbus-CVE-2020-12049.patch b/gnu/packages/patches/dbus-CVE-2020-12049.patch deleted file mode 100644 index 71280144a1..0000000000 --- a/gnu/packages/patches/dbus-CVE-2020-12049.patch +++ /dev/null @@ -1,58 +0,0 @@ -Fix CVE-2020-12049: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12049 -https://lists.freedesktop.org/archives/ftp-release/2020-June/000753.html - -Taken from upstream: - -https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5 - -diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c ---- a/dbus/dbus-sysdeps-unix.c -+++ b/dbus/dbus-sysdeps-unix.c -@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - struct cmsghdr *cm; - dbus_bool_t found = FALSE; - -- if (m.msg_flags & MSG_CTRUNC) -- { -- /* Hmm, apparently the control data was truncated. The bad -- thing is that we might have completely lost a couple of fds -- without chance to recover them. Hence let's treat this as a -- serious error. */ -- -- errno = ENOSPC; -- _dbus_string_set_length (buffer, start); -- return -1; -- } -- - for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) - if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) - { -@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, - if (!found) - *n_fds = 0; - -+ if (m.msg_flags & MSG_CTRUNC) -+ { -+ unsigned int i; -+ -+ /* Hmm, apparently the control data was truncated. The bad -+ thing is that we might have completely lost a couple of fds -+ without chance to recover them. Hence let's treat this as a -+ serious error. */ -+ -+ /* We still need to close whatever fds we *did* receive, -+ * otherwise they'll never get closed. (CVE-2020-12049) */ -+ for (i = 0; i < *n_fds; i++) -+ close (fds[i]); -+ -+ *n_fds = 0; -+ errno = ENOSPC; -+ _dbus_string_set_length (buffer, start); -+ return -1; -+ } -+ - /* put length back (doesn't actually realloc) */ - _dbus_string_set_length (buffer, start + bytes_read); - |