rpms/dbus/F-10 0001-Bug-17803-Fix-both-test-case-and-validation-logic.patch, NONE, 1.1 dbus.spec, 1.156, 1.157
Colin Walters
walters at fedoraproject.org
Thu May 7 21:05:43 UTC 2009
Author: walters
Update of /cvs/pkgs/rpms/dbus/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3787
Modified Files:
dbus.spec
Added Files:
0001-Bug-17803-Fix-both-test-case-and-validation-logic.patch
Log Message:
* Thu May 07 2009 Colin Walters <walters at verbum.org> - 1.2.4-3
- Add patch for CVE-2009-1189
0001-Bug-17803-Fix-both-test-case-and-validation-logic.patch:
--- NEW FILE 0001-Bug-17803-Fix-both-test-case-and-validation-logic.patch ---
>From a61803cdb3c4166e10e9e33e4c39aeca0163a96c Mon Sep 17 00:00:00 2001
From: Colin Walters <walters at verbum.org>
Date: Wed, 1 Apr 2009 12:02:00 -0400
Subject: [PATCH] Bug 17803 - Fix both test case and validation logic
The previous commit had errors in both the test case and
the validation logic. The test case was missing a trailing
comma before the previous one, so we weren't testing the
signature we thought we were.
The validation logic was wrong because if the type was not valid,
we'd drop through the entire if clause, and thus skip returning
an error code, and accept the signature.
---
dbus/dbus-marshal-validate-util.c | 2 +-
dbus/dbus-marshal-validate.c | 13 +++++++------
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/dbus/dbus-marshal-validate-util.c b/dbus/dbus-marshal-validate-util.c
index 5365d6d..ac901c3 100644
--- a/dbus/dbus-marshal-validate-util.c
+++ b/dbus/dbus-marshal-validate-util.c
@@ -227,7 +227,7 @@ _dbus_marshal_validate_test (void)
"not a valid signature",
"123",
".",
- "("
+ "(",
"a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */
};
diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
index 35998cb..ee95548 100644
--- a/dbus/dbus-marshal-validate.c
+++ b/dbus/dbus-marshal-validate.c
@@ -246,14 +246,15 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
}
}
- if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
- _dbus_type_is_valid (*p) &&
- !dbus_type_is_basic (*p))
+ if (last == DBUS_DICT_ENTRY_BEGIN_CHAR)
{
- result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
- goto out;
+ if (!(_dbus_type_is_valid (*p) && dbus_type_is_basic (*p)))
+ {
+ result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
+ goto out;
+ }
}
-
+
last = *p;
++p;
}
--
1.6.0.6
Index: dbus.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dbus/F-10/dbus.spec,v
retrieving revision 1.156
retrieving revision 1.157
diff -u -p -r1.156 -r1.157
--- dbus.spec 13 Dec 2008 02:32:01 -0000 1.156
+++ dbus.spec 7 May 2009 21:05:13 -0000 1.157
@@ -9,7 +9,7 @@ Summary: D-BUS message bus
Name: dbus
Epoch: 1
Version: 1.2.4
-Release: 2%{?dist}
+Release: 3%{?dist}
URL: http://www.freedesktop.org/software/dbus/
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
Source1: doxygen_to_devhelp.xsl
@@ -42,6 +42,8 @@ Patch0: start-early.patch
Patch1: dbus-1.0.1-generate-xml-docs.patch
Patch6: dbus-1.2.1-increase-timeout.patch
+Patch10: 0001-Bug-17803-Fix-both-test-case-and-validation-logic.patch
+
%description
D-BUS is a system for sending messages between applications. It is
used both for the system-wide message bus service, and as a
@@ -96,6 +98,8 @@ in this separate package so server syste
%patch1 -p1 -b .generate-xml-docs
%patch6 -p1 -b .increase-timeout
+%patch10 -p1 -b .cve-2009-1189
+
autoreconf -f -i
%build
@@ -226,6 +230,9 @@ fi
%{_includedir}/*
%changelog
+* Thu May 07 2009 Colin Walters <walters at verbum.org> - 1.2.4-3
+- Add patch for CVE-2009-1189
+
* Fri Dec 12 2008 Colin Walters <walters at redhat.com> - 1.2.4-2
- Revert to 1.2.4, add epoch
Too many things broke with this, it looks like there's no way
More information about the fedora-extras-commits
mailing list