[Pkg-utopia-maintainers] Bug#593249: [CVE 2010-1172] future unblock: dbus-glib/0.88-2
Simon McVittie
smcv at debian.org
Mon Aug 16 16:50:15 UTC 2010
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: freeze-exception
Tags: security
Colin Walters has released dbus-glib 0.88, with a security fix for system-bus
services that use dbus-glib (CVE 2010-1172,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592753, Red Hat #585394,
LP #616517).
The diffstat is somewhat intimidating, but I believe that taking all of 0.88
is a better option for squeeze than backporting the security fix to 0.86,
because:
- the majority of the changes are the single commit that adds the security fix
- the majority of the *other* changes are also targeted bugfixes
- the security fix adds ABI (to let system services tell dbus-glib which
properties they intended to export), so it's a mini-transition already
The potentially-vulnerable services can be approximated as those that install
a file in /etc/dbus-1/system.d and depend on dbus-glib. Fedora people have
already checked several system-bus services; see the bug.
After uploading the version with the security fix, system services that are
vulnerable will need rebuilding against it. The new version of
dbus-binding-tool should arrange for the right data structures to appear,
without source changes.
I'm not investigating lenny at this stage; I suspect this will be hard to fix
there. I've uploaded dbus-glib 0.88-1 to experimental while awaiting release
team feedback.
diffstat for the security fix (commit 510bdcd63ae4e58), excluding the tests:
dbus/dbus-binding-tool-glib.c | 53 ++++++--
dbus/dbus-glib.h | 2 +
dbus/dbus-gobject.c | 293 +++++++++++++++++++++++++++++++++++------
3 files changed, 293 insertions(+), 55 deletions(-)
diffstat for the unrelated upstream changes, excluding tests and examples:
.gitignore | 12 +++
configure.ac | 4 +-
dbus/dbus-gidl.h | 2 +-
dbus/dbus-glib.h | 6 +-
dbus/dbus-gobject.c | 52 ++++++++++----
dbus/dbus-gproxy.c | 9 +--
dbus/dbus-gtype-specialized.c | 129 ++++++++++++++++++++++++++++++++++
dbus/dbus-gtype-specialized.h | 2 +
doc/reference/dbus-glib-sections.txt | 10 +++
9 files changed, 202 insertions(+), 24 deletions(-)
Summary of the unrelated changes:
- new feature: dbus_g_value_build_g_variant(), a new function which doesn't
alter any existing code (it does add a GLib 2.24 dependency, but squeeze
already has that)
- fix for a use-after-free in dbus-gproxy.c when cancelling calls
- fix for a use-after-free in dbus-gobject.c when "shadow properties" are used
- fix for a libdbus warning if an unregistered error is raised
- allow the same object path to be used twice if the connection is different
- rename arguments called "interface" to "iface" to be nice to Windows
- documentation fixes in dbus-gproxy.c, dbus-gobject.c, dbus-glib-sections.txt
- disabling one of the tests on Windows
- build-system fixes for some tests and examples
Diffs attached:
- 086-to-before-security.diff are the unrelated changes
- security.diff is the actual security fix
- the only change after that is to bump the version to 0.88 in configure.ac
- debian.diff is the diff for the debian directory, from squeeze's 0.86-1 to
experimental's 0.88-1
- I request approval to upload the same changes to sid, and hence squeeze
Regards,
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 086-to-before-security.diff
Type: text/x-diff
Size: 42795 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100816/579d48d1/attachment-0003.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: security.diff
Type: text/x-diff
Size: 42981 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100816/579d48d1/attachment-0004.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debian.diff
Type: text/x-diff
Size: 4510 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100816/579d48d1/attachment-0005.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 793 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100816/579d48d1/attachment-0001.pgp>
More information about the Pkg-utopia-maintainers
mailing list