openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-23 16:44:31 +04:00
Code Issues Packages Projects Releases Wiki Activity
Files
ac9eddc49f1f29f7798c89bffd523d014780ff08
packages/libs/glib2/patches/118-CVE-2024-34397-gdbusconnection-Allow-name-owners-to-have-the-syntax-of-a.patch
Petr Štetiar 3932357ffb glib2: update to 2.74.7 to fix several CVEs 
Bump glib2 to 2.74.7 which fixes CVE-2023-29499, CVE-2023-32611,
CVE-2023-32636, CVE-2023-32643, CVE-2023-32665 and on top of that
backport CVE-2024-34397 fix from Debian Bookworm glib2 package
2.74.6-2+deb12u2. While at it refresh the patches so they apply cleanly.

References: https://security-tracker.debian.org/tracker/source-package/glib2.0
Fixes: CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2024-34397
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2024-09-05 13:27:51 +02:00

48 lines
2.1 KiB
Diff
Raw Blame History

From: Simon McVittie <smcv@debian.org>
Date: Wed, 8 May 2024 10:09:40 +0100
Subject: gdbusconnection: Allow name owners to have the syntax of a
well-known name
In a D-Bus-Specification-compliant message bus, the owner of a well-known
name is a unique name. However, ibus has its own small implementation
of a message bus (src/ibusbus.c) in which org.freedesktop.IBus is
special-cased to also have itself as its owner (like org.freedesktop.DBus
on a standard message bus), and connects to that bus with the
G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION flag. The ability to do
this regressed when CVE-2024-34397 was fixed.
Relax the checks to allow the owner of a well-known name to be any valid
D-Bus name, even if it is not syntactically a unique name.
Bug: https://gitlab.gnome.org/GNOME/glib/-/issues/3353
Bug-Debian: https://bugs.debian.org/1070730
Bug-Debian: https://bugs.debian.org/1070736
Bug-Debian: https://bugs.debian.org/1070743
Bug-Debian: https://bugs.debian.org/1070745
Signed-off-by: Simon McVittie <smcv@debian.org>
Forwarded: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4053
---
gio/gdbusconnection.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/gio/gdbusconnection.c
+++ b/gio/gdbusconnection.c
@@ -2393,7 +2393,7 @@ name_watcher_deliver_name_owner_changed_
/* Our caller already checked this */
g_assert (g_strcmp0 (name_watcher->arg0, name) == 0);
- if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_unique_name (new_owner)))
+ if (G_LIKELY (new_owner[0] == '\0' || g_dbus_is_name (new_owner)))
name_watcher_set_name_owner_unlocked (name_watcher, new_owner);
else
g_warning ("Received NameOwnerChanged signal with invalid owner \"%s\" for \"%s\"",
@@ -2445,7 +2445,7 @@ name_watcher_deliver_get_name_owner_repl
g_variant_get (body, "(&s)", &new_owner);
- if (G_LIKELY (g_dbus_is_unique_name (new_owner)))
+ if (G_LIKELY (g_dbus_is_name (new_owner)))
name_watcher_set_name_owner_unlocked (name_watcher, new_owner);
else
g_warning ("Received GetNameOwner reply with invalid owner \"%s\" for \"%s\"",
Reference in New Issue View Git Blame Copy Permalink