From d3a04ac3fc03e67d60177061a270a8747a96b071 Mon Sep 17 00:00:00 2001 From: basebuilder_pel7ppc64lebuilder0 Date: Mon, 9 Sep 2019 10:58:27 +0200 Subject: [PATCH] dbus patch updates Signed-off-by: basebuilder_pel7ppc64lebuilder0 --- ...aise-fd-limits-before-dropping-privs.patch | 6 +- ....10.22-reduce-session-conf-fd-limits.patch | 7 +- SOURCES/dbus-1.10.24-dbus-launch-chdir.patch | 125 +++++++++--------- ...dbus-1.10.24-dbus-send-man-page-typo.patch | 5 +- SOURCES/dbus-1.10.24-mls-listnames.patch | 30 ++--- ...process-ok-message-dispatch-test-fix.patch | 7 +- ...12-avoid-selinux-context-translation.patch | 15 ++- 7 files changed, 100 insertions(+), 95 deletions(-) diff --git a/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch b/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch index 5d20dd03..4da2379d 100644 --- a/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch +++ b/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch @@ -22,7 +22,7 @@ index a6f8db47..4b922a89 100644 + raise_file_descriptor_limit (context); + if (!_dbus_change_to_daemon_user (context->user, error)) - { - _DBUS_ASSERT_ERROR_IS_SET (error); --- + { + _DBUS_ASSERT_ERROR_IS_SET (error); +-- 2.14.3 diff --git a/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch b/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch index f95d3059..16edb9b2 100644 --- a/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch +++ b/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch @@ -13,15 +13,16 @@ index affa7f1d..294a051d 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -69,8 +69,8 @@ - 120000 + 120000 240000 150000 -- 100000 +- 100000 - 10000 + 900 + 92 100000 10000 50000 --- +-- 2.13.5 + diff --git a/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch b/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch index 19cec178..adafa1a2 100644 --- a/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch +++ b/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch @@ -33,14 +33,14 @@ index f788e677..da2b2c1f 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -870,63 +870,72 @@ bus_context_new (const DBusString *config_file, - + context->matchmaker = bus_matchmaker_new (); if (context->matchmaker == NULL) { BUS_SET_OOM (error); goto failed; } - + /* check user before we fork */ if (context->user != NULL) { @@ -52,21 +52,21 @@ index f788e677..da2b2c1f 100644 goto failed; } } - + /* Now become a daemon if appropriate and write out pid file in any case */ { DBusString u; - + if (context->pidfile) _dbus_string_init_const (&u, context->pidfile); - + if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) || (flags & BUS_CONTEXT_FLAG_FORK_ALWAYS)) { + const char *working_dir = NULL; + _dbus_verbose ("Forking and becoming daemon\n"); - + + if (context->type != NULL && strcmp (context->type, "session") == 0) + working_dir = _dbus_getenv ("HOME"); + @@ -86,7 +86,7 @@ index f788e677..da2b2c1f 100644 else { _dbus_verbose ("Fork not requested\n"); - + /* Need to write PID file and to PID pipe for ourselves, * not for the child process. This is a no-op if the pidfile * is NULL and print_pid_pipe is NULL. @@ -101,7 +101,7 @@ index f788e677..da2b2c1f 100644 } } } - + if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) && !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) _dbus_pipe_close (print_pid_pipe, NULL); @@ -113,29 +113,29 @@ index 9b724cc9..30bb1441 100644 #include #include #include - + #ifdef HAVE_SYSLOG_H #include #endif - + #ifdef HAVE_SYS_SYSLIMITS_H #include #endif - + #ifdef HAVE_SYSTEMD #include #endif - + #ifndef O_BINARY #define O_BINARY 0 #endif - + /** * @addtogroup DBusInternalsUtils * @{ */ - - + + /** * Does the chdir, fork, setsid, etc. to become a daemon process. * @@ -156,9 +156,9 @@ index 9b724cc9..30bb1441 100644 const char *s; pid_t child_pid; int dev_null_fd; - + _dbus_verbose ("Becoming a daemon...\n"); - + - _dbus_verbose ("chdir to /\n"); - if (chdir ("/") < 0) + _dbus_verbose ("chdir to %s\n", working_dir); @@ -169,7 +169,7 @@ index 9b724cc9..30bb1441 100644 + "Could not chdir() to working directory (%s)", working_dir); return FALSE; } - + _dbus_verbose ("forking...\n"); switch ((child_pid = fork ())) { @@ -179,21 +179,21 @@ index 9b724cc9..30bb1441 100644 "Failed to fork daemon: %s", _dbus_strerror (errno)); return FALSE; break; - + case 0: _dbus_verbose ("in child, closing std file descriptors\n"); - + /* silently ignore failures here, if someone * doesn't have /dev/null we may as well try * to continue anyhow */ - + dev_null_fd = open ("/dev/null", O_RDWR); if (dev_null_fd >= 0) { dup2 (dev_null_fd, 0); dup2 (dev_null_fd, 1); - + s = _dbus_getenv ("DBUS_DEBUG_OUTPUT"); if (s == NULL || *s == '\0') dup2 (dev_null_fd, 2); @@ -203,7 +203,7 @@ index 3b754dbf..bfc1cb90 100644 +++ b/dbus/dbus-sysdeps-util-win.c @@ -27,67 +27,69 @@ #define STRSAFE_NO_DEPRECATE - + #include "dbus-sysdeps.h" #include "dbus-internals.h" #include "dbus-protocol.h" @@ -213,21 +213,21 @@ index 3b754dbf..bfc1cb90 100644 #include "dbus-sockets-win.h" #include "dbus-memory.h" #include "dbus-pipe.h" - + #include #include #if HAVE_ERRNO_H #include #endif #include // WSA error codes - + #ifndef DBUS_WINCE #include #include #include #endif - - + + /** * Does the chdir, fork, setsid, etc. to become a daemon process. * @@ -249,7 +249,7 @@ index 3b754dbf..bfc1cb90 100644 "Cannot daemonize on Windows"); return FALSE; } - + /** * Creates a file containing the process ID. * @@ -268,17 +268,17 @@ index 3b754dbf..bfc1cb90 100644 char pidstr[20]; int total; int bytes_to_write; - + _DBUS_ASSERT_ERROR_IS_CLEAR (error); - + diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index 0ee45c97..e569b545 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -498,60 +498,61 @@ int _dbus_printf_string_upper_bound (const char *format, va_list args); - - + + /** * Portable struct with stat() results */ @@ -293,7 +293,7 @@ index 0ee45c97..e569b545 100644 unsigned long mtime; /**< Modify time */ unsigned long ctime; /**< Creation time */ } DBusStat; - + dbus_bool_t _dbus_stat (const DBusString *filename, DBusStat *statbuf, DBusError *error); @@ -302,40 +302,40 @@ index 0ee45c97..e569b545 100644 DBusSocket *fd2, dbus_bool_t blocking, DBusError *error); - + void _dbus_print_backtrace (void); - + dbus_bool_t _dbus_become_daemon (const DBusString *pidfile, + const char *working_dir, DBusPipe *print_pid_pipe, DBusError *error, dbus_bool_t keep_umask); - + dbus_bool_t _dbus_verify_daemon_user (const char *user); dbus_bool_t _dbus_change_to_daemon_user (const char *user, DBusError *error); - + dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, DBusPipe *print_pid_pipe, dbus_pid_t pid_to_write, DBusError *error); - + dbus_bool_t _dbus_command_for_pid (unsigned long pid, DBusString *str, int max_len, DBusError *error); - + /** A UNIX signal handler */ typedef void (* DBusSignalHandler) (int sig); - + void _dbus_set_signal_handler (int sig, DBusSignalHandler handler); - + dbus_bool_t _dbus_user_at_console (const char *username, DBusError *error); - + void _dbus_init_system_log (dbus_bool_t is_daemon); - + typedef enum { diff --git a/doc/dbus-launch.1.xml.in b/doc/dbus-launch.1.xml.in index 5135d9ca..606c65be 100644 @@ -358,8 +358,8 @@ index 5135d9ca..606c65be 100644 - - + + DESCRIPTION The dbus-launch command is used to start a session bus instance of dbus-daemon from a shell script. @@ -367,11 +367,11 @@ index 5135d9ca..606c65be 100644 scripts. Unlike the daemon itself, dbus-launch exits, so backticks or the $() construct can be used to read information from dbus-launch. - + With no arguments, dbus-launch will launch a session bus instance and print the address and PID of that instance to standard output. - + +If the environment variable HOME is set, it is used as the current +working directory. Otherwise, the root directory (/) is +used. @@ -381,17 +381,17 @@ index 5135d9ca..606c65be 100644 variables so the specified program can find the bus, and then execute the specified program, with the specified arguments. See below for examples. - + If you launch a program, dbus-launch will not print the information about the new bus to standard output. - + When dbus-launch prints bus information to standard output, by default it is in a simple key-value pairs format. However, you may request several alternate syntaxes using the --sh-syntax, --csh-syntax, --binary-syntax, or --auto-syntax options. Several of these cause dbus-launch to emit shell code to set up the environment. - + With the --auto-syntax option, dbus-launch looks at the value of the SHELL environment variable to determine which shell syntax should be used. If SHELL ends in "csh", then csh-compatible code is @@ -400,11 +400,11 @@ index 5135d9ca..606c65be 100644 --sh-syntax for Bourne syntax, or --csh-syntax for csh syntax. In scripts, it's more robust to avoid --auto-syntax and you hopefully know which shell your script is written in. - - + + See http://www.freedesktop.org/software/dbus/ for more information about D-Bus. See also the man page for dbus-daemon. - + diff --git a/tools/dbus-launch.c b/tools/dbus-launch.c index 80e4a241..a956684c 100644 @@ -422,13 +422,13 @@ index 80e4a241..a956684c 100644 else if (FD_ISSET (tty_fd, &err_set)) { verbose ("TTY has error condition\n"); - + kill_bus_and_exit (0); } } } } - + static void babysit (int exit_with_session, pid_t child_pid, @@ -437,10 +437,10 @@ index 80e4a241..a956684c 100644 int ret; int dev_null_fd; const char *s; - + verbose ("babysitting, exit_with_session = %d, child_pid = %ld, read_bus_pid_fd = %d\n", exit_with_session, (long) child_pid, read_bus_pid_fd); - + - /* We chdir ("/") since we are persistent and daemon-like, and fork - * again so dbus-launch can reap the parent. However, we don't - * setsid() or close fd 0 because the idea is to remain attached @@ -453,7 +453,7 @@ index 80e4a241..a956684c 100644 + * remain attached to the tty and the X server in order to kill the + * message bus when the session ends. */ - + - if (chdir ("/") < 0) + s = getenv ("HOME"); + @@ -468,7 +468,7 @@ index 80e4a241..a956684c 100644 + s, strerror (errno)); exit (1); } - + /* Close stdout/stderr so we don't block an "eval" or otherwise * lock up. stdout is still chaining through to dbus-launch * and in turn to the parent shell. @@ -490,11 +490,12 @@ index 80e4a241..a956684c 100644 strerror (errno)); /* continue, why not */ } - + ret = fork (); - + if (ret < 0) { fprintf (stderr, "fork() failed in babysitter: %s\n", --- +-- 2.17.1 + diff --git a/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch b/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch index 5f572883..7d3724bb 100644 --- a/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch +++ b/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch @@ -20,7 +20,8 @@ index 67b6dfd2..271435ca 100644 -<type> ::= string | int16 | uint 16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath +<type> ::= string | int16 | uint16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath - + D-Bus supports more types than these, but dbus-send currently --- +-- 2.13.6 + diff --git a/SOURCES/dbus-1.10.24-mls-listnames.patch b/SOURCES/dbus-1.10.24-mls-listnames.patch index 0fe80640..54fb08f6 100644 --- a/SOURCES/dbus-1.10.24-mls-listnames.patch +++ b/SOURCES/dbus-1.10.24-mls-listnames.patch @@ -10,11 +10,11 @@ diff -urN dbus-1.10.24.old/bus/driver.c dbus-1.10.24/bus/driver.c +#endif DBusMessageIter iter; DBusMessageIter sub; - + @@ -601,9 +604,58 @@ } } - + +#ifdef HAVE_SELINUX + mls_enabled = bus_selinux_mls_enabled (); +#endif @@ -76,16 +76,16 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c @@ -61,6 +61,9 @@ /* Store the value telling us if SELinux is enabled in the kernel. */ static dbus_bool_t selinux_enabled = FALSE; - + +/* Store the value telling us if SELinux with MLS is enabled in the kernel. */ +static dbus_bool_t selinux_mls_enabled = FALSE; + /* Store an avc_entry_ref to speed AVC decisions. */ static struct avc_entry_ref aeref; - + @@ -273,6 +276,20 @@ } - + /** + * Return whether or not SELinux with MLS support is enabled; must be + * called after bus_selinux_init. @@ -106,7 +106,7 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c dbus_bool_t @@ -292,6 +309,16 @@ } - + selinux_enabled = r != 0; + + r = is_selinux_mls_enabled (); @@ -126,11 +126,11 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c /* security dbus class constants */ #define SECCLASS_DBUS 1 +#define SECCLASS_CONTEXT 2 - + /* dbus's per access vector constants */ #define DBUS__ACQUIRE_SVC 1 #define DBUS__SEND_MSG 2 - + +#define CONTEXT__CONTAINS 1 + #ifdef HAVE_SELINUX @@ -142,7 +142,7 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c #endif /* HAVE_SELINUX */ @@ -734,6 +765,102 @@ #endif /* HAVE_SELINUX */ - + /** + * Check if SELinux security controls allow one connection to determine the + * name of the other, taking into account MLS considerations. @@ -249,20 +249,20 @@ diff -urN dbus-1.10.24.old/bus/selinux.h dbus-1.10.24/bus/selinux.h +++ dbus-1.10.24/bus/selinux.h 2018-02-13 10:15:09.573439444 +0000 @@ -32,6 +32,7 @@ void bus_selinux_shutdown (void); - + dbus_bool_t bus_selinux_enabled (void); +dbus_bool_t bus_selinux_mls_enabled (void); - + void bus_selinux_id_ref (BusSELinuxID *sid); void bus_selinux_id_unref (BusSELinuxID *sid); @@ -54,6 +55,10 @@ - const char *service_name, - DBusError *error); - + const char *service_name, + DBusError *error); + +dbus_bool_t bus_selinux_allows_name (DBusConnection *source, + DBusConnection *destination, + DBusError *error); + dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, DBusConnection *proposed_recipient, - const char *msgtype, /* Supplementary audit data */ + const char *msgtype, /* Supplementary audit data */ diff --git a/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch b/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch index b04a3e7b..5f0ef18b 100644 --- a/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch +++ b/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch @@ -27,7 +27,7 @@ index d2c37a7..dd6e61d 100644 +++ b/dbus/dbus-auth.c @@ -1572,7 +1572,15 @@ process_ok(DBusAuth *auth, _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server)); - + if (auth->unix_fd_possible) - return send_negotiate_unix_fd(auth); + { @@ -39,8 +39,9 @@ index d2c37a7..dd6e61d 100644 + + return TRUE; + } - + _dbus_verbose("Not negotiating unix fd passing, since not possible\n"); return send_begin (auth); --- +-- 2.2.1 + diff --git a/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch b/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch index 60d0cc3e..51949543 100644 --- a/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch +++ b/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch @@ -21,7 +21,7 @@ index 2fb4a8b..13361aa 100644 @@ -412,14 +412,14 @@ bus_selinux_full_init (void) bus_context = NULL; bus_sid = SECSID_WILD; - + - if (getcon (&bus_context) < 0) + if (getcon_raw (&bus_context) < 0) { @@ -29,7 +29,7 @@ index 2fb4a8b..13361aa 100644 _dbus_strerror (errno)); return FALSE; } - + - if (avc_context_to_sid (bus_context, &bus_sid) < 0) + if (avc_context_to_sid_raw (bus_context, &bus_sid) < 0) { @@ -38,7 +38,7 @@ index 2fb4a8b..13361aa 100644 @@ -713,7 +713,7 @@ bus_selinux_append_context (DBusMessage *message, #ifdef HAVE_SELINUX char *context; - + - if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0) + if (avc_sid_to_context_raw (SELINUX_SID_FROM_BUS (sid), &context) < 0) { @@ -47,20 +47,21 @@ index 2fb4a8b..13361aa 100644 @@ -766,7 +766,7 @@ bus_connection_read_selinux_context (DBusConnection *connection, return FALSE; } - + - if (getpeercon (fd, con) < 0) + if (getpeercon_raw (fd, con) < 0) { _dbus_verbose ("Error getting context of socket peer: %s\n", _dbus_strerror (errno)); @@ -901,7 +901,7 @@ bus_selinux_init_connection_id (DBusConnection *connection, - + _dbus_verbose ("Converting context to SID to store on connection\n"); - + - if (avc_context_to_sid (con, &sid) < 0) + if (avc_context_to_sid_raw (con, &sid) < 0) { if (errno == ENOMEM) BUS_SET_OOM (error); --- +-- 2.7.4 +