dbus 1.0.1: apply patch to fix CVE-2006-6107

2 files changed, 24 insertions, 1 deletions

diff --git a/packages/dbus/dbus-1.0.1/dbus-exploit-fix.patch b/packages/dbus/dbus-1.0.1/dbus-exploit-fix.patch
new file mode 100644
index 0000000000..7d36dbdf22
--- /dev/null
+++ b/packages/dbus/dbus-1.0.1/dbus-exploit-fix.patch
@@ -0,0 +1,21 @@
+https://bugs.freedesktop.org/show_bug.cgi?id=9142
+
+[..] the use case was the following. There
+are three processes A, B, and C. All of them add the same match (same value). A
+is started first, then B, and lastly C. Now, B and C are closed: if B is closed
+before C, A's match is removed; but if C is closed before B, A's match is not
+removed (no buggy behaviour). (B and C call dbus_bus_remove_match on exit.)
+
+diff -pur 0.61-osso23/bus/signals.c 0.61-osso23.new/bus/signals.c
+--- 0.61-osso23/bus/signals.c	2006-11-23 16:46:52.589602192 +0200
++++ 0.61-osso23.new/bus/signals.c	2006-11-23 16:49:28.873843376 +0200
+@@ -1067,6 +1067,9 @@ match_rule_equal (BusMatchRule *a,
+   if (a->flags != b->flags)
+     return FALSE;
+ 
++  if (a->matches_go_to != b->matches_go_to)
++    return FALSE;
++
+   if ((a->flags & BUS_MATCH_MESSAGE_TYPE) &&
+       a->message_type != b->message_type)
+     return FALSE;
diff --git a/packages/dbus/dbus_1.0.1.bb b/packages/dbus/dbus_1.0.1.bb
index 0198fa62c8..f04e9c4a40 100644
--- a/packages/dbus/dbus_1.0.1.bb
+++ b/packages/dbus/dbus_1.0.1.bb
@@ -1,3 +1,5 @@
 require dbus.inc
 
-PR = "r1"
+SRC_URI += "file://dbus-exploit-fix.patch;patch=1"
+
+PR = "r2"