From 066d27181e9a797ad9f8fc43b49fc9a10ff2f707 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 3 Mar 2019 13:42:34 +0000 Subject: gentoo resync : 03.03.2019 --- sys-apps/systemd/Manifest | 3 +- ...e-receive-an-invalid-dbus-message-ignore-.patch | 54 ---------------------- sys-apps/systemd/systemd-239-r4.ebuild | 2 +- 3 files changed, 2 insertions(+), 57 deletions(-) delete mode 100644 sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch (limited to 'sys-apps/systemd') diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest index a430d1528795..effd70448300 100644 --- a/sys-apps/systemd/Manifest +++ b/sys-apps/systemd/Manifest @@ -2,7 +2,6 @@ AUX 239-debug-extra.patch 1641 BLAKE2B 37dae0aa6fb95be3f6b7ad5647ddc7e6e7cf6654e AUX CVE-2019-6454.patch 6017 BLAKE2B 8feefe11f44e4136c5fcf87160197bfbc0557d5097bc12275411887005bed1fe56a532d114e2e49527a7f35016a6b5fc04cb1086b33445402ace21eb880c02e9 SHA512 ff84ae9a043f17fd78c7fc499fe532c4d3b46dbe34f24c8289c209a026c1eda20de3ba46b67c8a5b14e9889e6362a4fb2097d550e6bcdb5182455fc569e23224 AUX CVE-2019-6454/0001-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch 1848 BLAKE2B 348c35881ce039f92d8fc8dc8c87af2efa95696afbe79ad8fc4e01129524bdf28b529ab86ec611d08446e589176c0678018d94d8c5fc068c65ab4eb429746cf9 SHA512 693afe328ebc20d34cbf07c632a8da90ee293147e793a599a4d2aac6f757738bfab93048a2f8ed6e68d16f865e9b4112e737c692ad01c7d4946f8c430714161d AUX CVE-2019-6454/0002-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch 6660 BLAKE2B 45acb2595245a5cbd10c2a9c7ffa2db0c4bd5b03ef8dc25eb51fc35dd51a49b3acd18bf4cf8db7f639e7a4e61592f3ce0bcb031bf27b0bf3ae6fc96c74445f77 SHA512 7c082ab4effc36543bab08700b84a3ccddfba5d5e87b324d6b935d75f5debb7a5f7be1c2e21208e8d1715f5d40619c8f775629acdde40d3c7b2f406b5c6d9460 -AUX CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch 1990 BLAKE2B 6ceae3c7abe20206dd4840080c2849bc22528a012d6639ae38778a538a991bb1557a8ed19772fe8101a2b3398577455302681f9f64288dc264c1ce9d2330cbdb SHA512 3433f3cad2cfadcf2975283c81aa42791d0286b2ba75f203673ee7447dddc6f279ef9113e6a08718e92570dcb941eb456f0ab09f534c85b9ef5766cd41cf74e5 AUX gentoo-Dont-enable-audit-by-default.patch 1027 BLAKE2B 9193a409db4e5c1dec6f6b66ee6e0a4cc1ada49d41ab758c788cf12534fffb67bd7370b8558a6af56572d7f2b73cf47db255fef105e56362c15f0a426f80b256 SHA512 44e512d8bbadbc5714192896a3ba262e460af034846e4e9b9832b4143fff772e2734e655316fd88d1ef386509bd234c195dce2087348f220836b3bf4f26790e0 AUX gentoo-generator-path-r1.patch 1037 BLAKE2B 5eb80521a6726c9b4693f9b0f56d3e68fca1a49f5f5eb5a1576329d30c93d2fe7c121920099d74962eacf7ed1d3747250f103a57e4be246320a99871521a3b6a SHA512 1b0d1c2f96cb4aa95adfa5940efaeb2bd940110720399358317906d21d08b0caf625474980e101bba001afd626f8ad64367b09b40bec0b2d46b977021c4adfc5 AUX gentoo-generator-path.patch 1046 BLAKE2B 648d1fff6874135267647ff6ffb52ddd9e991af64fb2b41909246c173e55709c49edd6e47245d566457ba9f55bf6d758ed837ff740f58004f2790b5565f8e462 SHA512 e9999afbf4d2d8a9e828d81dd0b54e2c2ba556e9778a4954dac3da885a15bc6dcc718f7e119c352eb2efd090e410735395ec20ce2eb3c84a481570bc8b5f66b3 @@ -20,7 +19,7 @@ DIST systemd-241-rc2.tar.gz 7619504 BLAKE2B 610940b3141d36a0534cf477d303eb681f41 DIST systemd-241.tar.gz 7640538 BLAKE2B 69d7196fee0d0ad06ea8d7c78b0299cc17517ecce3ca4c0b1181a3fbb13bc2627629156785051e2ff427dcc21414f7a078724c6409ebaa431618e4799ebcd50a SHA512 a7757574590e8aa37e1291ea0b2c5eb03a8d8062fe9462fa5b0bf50830c933e2b301d106c70d904f94afc0aa8e43a8acfd11926dfa25b1b89174580e491e545e EBUILD systemd-239-r2.ebuild 13285 BLAKE2B 7e7f55aea8c3d5670867a775c4941f1ed07fbdf26e6be8d11124a43bc6bd1352a4773578f93e797907c2b37c81564c2876f1e7d7d4ffa998f481c57bdbd825be SHA512 de7011bc15bcdd0080204a003fde07e62c093b7bdf2ce49df6e2359fb513a1d996efacba53bb1152b077a5513d494eb7a19ab2cc637c1e2470f08525b67cb0f2 EBUILD systemd-239-r3.ebuild 13285 BLAKE2B 831b7d2cd265398238077505749e0b8b474403275862409cb9fe27e7c3c8e05be48b855a96c8de6f5816b0691dbd94e99287bc04d65120f57479a38df2f07721 SHA512 3743f5b6d52b9306bb581c35d10f18e2c1cdcd2af95f465712d17f35af29aaea1715ad668c49317e83db78e4346ad5651f885e5a2156f728276ec13fb08a1345 -EBUILD systemd-239-r4.ebuild 13326 BLAKE2B 7af4a38c9a5a7622da93c5942314a5dad674b724ed13d1816e195aef8456335366ce6ecf9332d8a0ddc30a3eec4faaceef14261e7c31c5917eb9e91ab90322a3 SHA512 fb733cefe1f6b793101786f8a2a8866b2cf52cab93b01f4188b51411e6c63ec5ce7cb794a148d7736f1f3ee37d85c1c9b21204d75ad53e888101d5998a66a3ae +EBUILD systemd-239-r4.ebuild 13322 BLAKE2B a37500a64669ddb1e685df43ecdd6314de994f48c84e706d3896ecc072e1c0e949d0b4ff3b1d334e01fc2b1153e9a822a81ce4db4e9e2770b26ec3ce41c765ff SHA512 f997d80218675de2eab951ef576a7560586e2ea91facb6e678bd92ca20631a848c52c4ff32828f27d7122ba4624d6fba2d99c597be0e60b406c84e6e4b828db1 EBUILD systemd-240-r3.ebuild 13371 BLAKE2B bc86925f04294fee6c9c53ac2e793338b34d8dd1b51c1bca1daa222440b35670a98d062a4059568ef43a010acb2746a467b54abccd465fb9e910453c590b800e SHA512 91d64b30469a5c54355c887c3f7ee12906f7f297ecfd0804116f753db6d8d4f8d7249ee589185b6cba3708ecc27a91c616f48811f32662b25930727e367f5ba6 EBUILD systemd-240-r4.ebuild 13371 BLAKE2B 5f6cb24820ba54d2ea130c890eedfa67d326565d6972fffa5a0c395d6de37c2d338879ad9b33153a4810ddf115d837104519b93e46f9c5e9c2c15d256dd7522d SHA512 9511413346e3e6d36ca141253315b5071635834b55d0892901657cf319afa62dd4169dddf861ebff0564156e812b3ef5e53d61d07ac54aa0c76afff7bcba219b EBUILD systemd-241-r1.ebuild 13564 BLAKE2B 972ed3c9f1ab6c6420193b34f4629cd2b3cd15ee917fc04c2620835fb7d73b78b82ed25319204c26cd1dddfae6978cd688d9a26eea542e6365a808f97aa4bdb2 SHA512 ffa17abc62197ec7ce8342a50feaed31f543c43b2c444ff786d793906bdd89ac5edb9d4b568199aa9a0c7bb27a5f5cfdfda0df9f79dc44b6f3b676954a7d090a diff --git a/sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch b/sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch deleted file mode 100644 index cc03893a588d..000000000000 --- a/sys-apps/systemd/files/CVE-2019-6454/0003-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 8d3cea620ab661897fb485ece7332a9073c1783d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 13 Feb 2019 16:51:22 +0100 -Subject: [PATCH 3/3] sd-bus: if we receive an invalid dbus message, ignore and - proceeed - -dbus-daemon might have a slightly different idea of what a valid msg is -than us (for example regarding valid msg and field sizes). Let's hence -try to proceed if we can and thus drop messages rather than fail the -connection if we fail to validate a message. - -Hopefully the differences in what is considered valid are not visible -for real-life usecases, but are specific to exploit attempts only. ---- - src/libsystemd/sd-bus/bus-socket.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c -index 30d6455b6f..441b4a816f 100644 ---- a/src/libsystemd/sd-bus/bus-socket.c -+++ b/src/libsystemd/sd-bus/bus-socket.c -@@ -1072,7 +1072,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) { - } - - static int bus_socket_make_message(sd_bus *bus, size_t size) { -- sd_bus_message *t; -+ sd_bus_message *t = NULL; - void *b; - int r; - -@@ -1097,7 +1097,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) { - bus->fds, bus->n_fds, - NULL, - &t); -- if (r < 0) { -+ if (r == -EBADMSG) -+ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description)); -+ else if (r < 0) { - free(b); - return r; - } -@@ -1108,7 +1110,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) { - bus->fds = NULL; - bus->n_fds = 0; - -- bus->rqueue[bus->rqueue_size++] = t; -+ if (t) -+ bus->rqueue[bus->rqueue_size++] = t; - - return 1; - } --- -2.20.1 - diff --git a/sys-apps/systemd/systemd-239-r4.ebuild b/sys-apps/systemd/systemd-239-r4.ebuild index 5671a5ed37ca..4e505f9c9ee1 100644 --- a/sys-apps/systemd/systemd-239-r4.ebuild +++ b/sys-apps/systemd/systemd-239-r4.ebuild @@ -9,7 +9,7 @@ if [[ ${PV} == 9999 ]]; then else SRC_URI="https://github.com/systemd/systemd/archive/v${PV}/${P}.tar.gz https://dev.gentoo.org/~floppym/dist/${P}-patches-2.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc x86" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ia64 ~mips ppc ppc64 sparc x86" fi PYTHON_COMPAT=( python{3_4,3_5,3_6,3_7} ) -- cgit v1.2.3