[Pkg-utopia-maintainers] Bug#593249: [CVE 2010-1172] future unblock: dbus-glib/0.88-2

Simon McVittie smcv at debian.org
Mon Aug 16 16:50:15 UTC 2010 

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: freeze-exception
Tags: security

Colin Walters has released dbus-glib 0.88, with a security fix for system-bus
services that use dbus-glib (CVE 2010-1172,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592753, Red Hat #585394,
LP #616517).

The diffstat is somewhat intimidating, but I believe that taking all of 0.88
is a better option for squeeze than backporting the security fix to 0.86,
because:

- the majority of the changes are the single commit that adds the security fix
- the majority of the *other* changes are also targeted bugfixes
- the security fix adds ABI (to let system services tell dbus-glib which
  properties they intended to export), so it's a mini-transition already

The potentially-vulnerable services can be approximated as those that install
a file in /etc/dbus-1/system.d and depend on dbus-glib. Fedora people have
already checked several system-bus services; see the bug.

After uploading the version with the security fix, system services that are
vulnerable will need rebuilding against it. The new version of
dbus-binding-tool should arrange for the right data structures to appear,
without source changes.

I'm not investigating lenny at this stage; I suspect this will be hard to fix
there. I've uploaded dbus-glib 0.88-1 to experimental while awaiting release
team feedback.

diffstat for the security fix (commit 510bdcd63ae4e58), excluding the tests:
 dbus/dbus-binding-tool-glib.c |   53 ++++++--
 dbus/dbus-glib.h              |    2 +
 dbus/dbus-gobject.c           |  293 +++++++++++++++++++++++++++++++++++------
 3 files changed, 293 insertions(+), 55 deletions(-)

diffstat for the unrelated upstream changes, excluding tests and examples:
 .gitignore                           |   12 +++
 configure.ac                         |    4 +-
 dbus/dbus-gidl.h                     |    2 +-
 dbus/dbus-glib.h                     |    6 +-
 dbus/dbus-gobject.c                  |   52 ++++++++++----
 dbus/dbus-gproxy.c                   |    9 +--
 dbus/dbus-gtype-specialized.c        |  129 ++++++++++++++++++++++++++++++++++
 dbus/dbus-gtype-specialized.h        |    2 +
 doc/reference/dbus-glib-sections.txt |   10 +++
 9 files changed, 202 insertions(+), 24 deletions(-)

Summary of the unrelated changes:
- new feature: dbus_g_value_build_g_variant(), a new function which doesn't
  alter any existing code (it does add a GLib 2.24 dependency, but squeeze
  already has that)
- fix for a use-after-free in dbus-gproxy.c when cancelling calls
- fix for a use-after-free in dbus-gobject.c when "shadow properties" are used
- fix for a libdbus warning if an unregistered error is raised
- allow the same object path to be used twice if the connection is different
- rename arguments called "interface" to "iface" to be nice to Windows
- documentation fixes in dbus-gproxy.c, dbus-gobject.c, dbus-glib-sections.txt
- disabling one of the tests on Windows
- build-system fixes for some tests and examples

Diffs attached:
- 086-to-before-security.diff are the unrelated changes
- security.diff is the actual security fix
- the only change after that is to bump the version to 0.88 in configure.ac
- debian.diff is the diff for the debian directory, from squeeze's 0.86-1 to
  experimental's 0.88-1
- I request approval to upload the same changes to sid, and hence squeeze

Regards,
    Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 086-to-before-security.diff
Type: text/x-diff
Size: 42795 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100816/579d48d1/attachment-0003.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: security.diff
Type: text/x-diff
Size: 42981 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100816/579d48d1/attachment-0004.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debian.diff
Type: text/x-diff
Size: 4510 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100816/579d48d1/attachment-0005.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 793 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20100816/579d48d1/attachment-0001.pgp>

More information about the Pkg-utopia-maintainers mailing list