mirror of
https://github.com/openwrt/packages.git
synced 2025-12-23 16:44:31 +04:00
3932357ffb
Bump glib2 to 2.74.7 which fixes CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665 and on top of that backport CVE-2024-34397 fix from Debian Bookworm glib2 package 2.74.6-2+deb12u2. While at it refresh the patches so they apply cleanly. References: https://security-tracker.debian.org/tracker/source-package/glib2.0 Fixes: CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2024-34397 Signed-off-by: Petr Štetiar <ynezz@true.cz>
80 lines
2.6 KiB
Diff
80 lines
2.6 KiB
Diff
From: Simon McVittie <smcv@collabora.com>
|
|
Date: Fri, 8 Mar 2024 19:44:03 +0000
|
|
Subject: tests: Add a test-case for what happens if a unique name doesn't
|
|
exist
|
|
|
|
On GNOME/glib#3268 there was some concern about whether this would
|
|
allow an attacker to send signals and have them be matched to a
|
|
GDBusProxy in this situation, but it seems that was a false alarm.
|
|
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
Origin: upstream, https://gitlab.gnome.org/GNOME/glib/-/issues/3268
|
|
---
|
|
gio/tests/gdbus-subscribe.c | 48 +++++++++++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 48 insertions(+)
|
|
|
|
--- a/gio/tests/gdbus-subscribe.c
|
|
+++ b/gio/tests/gdbus-subscribe.c
|
|
@@ -358,6 +358,53 @@ static const TestPlan plan_limit_by_uniq
|
|
},
|
|
};
|
|
|
|
+static const TestPlan plan_nonexistent_unique_name =
|
|
+{
|
|
+ .description = "A subscription via a unique name that doesn't exist "
|
|
+ "accepts no messages",
|
|
+ .steps = {
|
|
+ {
|
|
+ /* Subscriber wants to receive signals from service */
|
|
+ .action = TEST_ACTION_SUBSCRIBE,
|
|
+ .u.subscribe = {
|
|
+ /* This relies on the implementation detail that the dbus-daemon
|
|
+ * (and presumably other bus implementations) never actually generates
|
|
+ * a unique name in this format */
|
|
+ .string_sender = ":0.this.had.better.not.exist",
|
|
+ .path = EXAMPLE_PATH,
|
|
+ .iface = EXAMPLE_INTERFACE,
|
|
+ },
|
|
+ },
|
|
+ {
|
|
+ /* Attacker wants to trick subscriber into thinking that service
|
|
+ * sent a signal */
|
|
+ .action = TEST_ACTION_EMIT_SIGNAL,
|
|
+ .u.signal = {
|
|
+ .sender = TEST_CONN_ATTACKER,
|
|
+ .path = EXAMPLE_PATH,
|
|
+ .iface = EXAMPLE_INTERFACE,
|
|
+ .member = FOO_SIGNAL,
|
|
+ .received_by_conn = 0,
|
|
+ .received_by_proxy = 0
|
|
+ },
|
|
+ },
|
|
+ {
|
|
+ /* Attacker tries harder, by sending a signal unicast directly to
|
|
+ * the subscriber */
|
|
+ .action = TEST_ACTION_EMIT_SIGNAL,
|
|
+ .u.signal = {
|
|
+ .sender = TEST_CONN_ATTACKER,
|
|
+ .unicast_to = TEST_CONN_SUBSCRIBER,
|
|
+ .path = EXAMPLE_PATH,
|
|
+ .iface = EXAMPLE_INTERFACE,
|
|
+ .member = FOO_SIGNAL,
|
|
+ .received_by_conn = 0,
|
|
+ .received_by_proxy = 0
|
|
+ },
|
|
+ },
|
|
+ },
|
|
+};
|
|
+
|
|
static const TestPlan plan_limit_by_well_known_name =
|
|
{
|
|
.description = "A subscription via a well-known name only accepts messages "
|
|
@@ -1051,6 +1098,7 @@ main (int argc,
|
|
ADD_SUBSCRIBE_TEST (broadcast_from_anyone);
|
|
ADD_SUBSCRIBE_TEST (match_twice);
|
|
ADD_SUBSCRIBE_TEST (limit_by_unique_name);
|
|
+ ADD_SUBSCRIBE_TEST (nonexistent_unique_name);
|
|
ADD_SUBSCRIBE_TEST (limit_by_well_known_name);
|
|
|
|
return g_test_run();
|