dbus: add upstream patch to avoid blocking at boot time

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

3 files changed, 80 insertions, 0 deletions

diff --git a/patches/dbus-1.10.22/0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch b/patches/dbus-1.10.22/0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch
new file mode 100644
index 000000000..5289f720f
--- /dev/null
+++ b/patches/dbus-1.10.22/0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch
@@ -0,0 +1,74 @@
+From: Simon McVittie <smcv@debian.org>
+Date: Fri, 21 Jul 2017 10:46:39 +0100
+Subject: [PATCH] config-loader-expat: Tell Expat not to defend against hash
+ collisions
+
+By default, Expat uses cryptographic-quality random numbers as a salt for
+its hash algorithm, and since 2.2.1 it gets them from the getrandom
+syscall on Linux. That syscall refuses to return any entropy until the
+kernel's CSPRNG (random pool) has been initialized. Unfortunately, this
+can take as long as 40 seconds on embedded devices with few entropy
+sources, which is too long: if the system dbus-daemon blocks for that
+length of time, important D-Bus clients like systemd and systemd-logind
+time out and fail to connect to it.
+
+We're parsing small configuration files here, and we trust them
+completely, so we don't need to defend against hash collisions: nobody
+is going to be crafting them to cause pathological performance.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858
+Signed-off-by: Simon McVittie <smcv@debian.org>
+Tested-by: Christopher Hewitt <hewitt@ieee.org>
+Reviewed-by: Philip Withnall <withnall@endlessm.com>
+
+Upstream commit 1252dc1d1f465b8ab6b36ff7252e395e66a040cf
+Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
+---
+ bus/config-loader-expat.c | 14 ++++++++++++++
+ configure.ac              |  8 ++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c
+index b571fda3181f..27cbe2d090a0 100644
+--- a/bus/config-loader-expat.c
++++ b/bus/config-loader-expat.c
+@@ -203,6 +203,20 @@ bus_config_load (const DBusString      *file,
+       goto failed;
+     }
+ 
++  /* We do not need protection against hash collisions (CVE-2012-0876)
++   * because we are only parsing trusted XML; and if we let Expat block
++   * waiting for the CSPRNG to be initialized, as it does by default to
++   * defeat CVE-2012-0876, it can cause timeouts during early boot on
++   * entropy-starved embedded devices.
++   *
++   * TODO: When Expat gets a more explicit API for this than
++   * XML_SetHashSalt, check for that too, and use it preferentially.
++   * https://github.com/libexpat/libexpat/issues/91 */
++#if defined(HAVE_XML_SETHASHSALT)
++  /* Any nonzero number will do. https://xkcd.com/221/ */
++  XML_SetHashSalt (expat, 4);
++#endif
++
+   if (!_dbus_string_get_dirname (file, &dirname))
+     {
+       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+diff --git a/configure.ac b/configure.ac
+index 1fabddd190a4..4e9c1de7bafc 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -938,6 +938,14 @@ XML_CFLAGS=
+ AC_SUBST([XML_CFLAGS])
+ AC_SUBST([XML_LIBS])
+ 
++save_cflags="$CFLAGS"
++save_libs="$LIBS"
++CFLAGS="$CFLAGS $XML_CFLAGS"
++LIBS="$LIBS $XML_LIBS"
++AC_CHECK_FUNCS([XML_SetHashSalt])
++CFLAGS="$save_cflags"
++LIBS="$save_libs"
++
+ # Thread lib detection
+ AC_ARG_VAR([THREAD_LIBS])
+ save_libs="$LIBS"
diff --git a/patches/dbus-1.10.22/autogen.sh b/patches/dbus-1.10.22/autogen.sh
new file mode 120000
index 000000000..9f8a4cb7d
--- /dev/null
+++ b/patches/dbus-1.10.22/autogen.sh
@@ -0,0 +1 @@
+../autogen.sh
\ No newline at end of file
diff --git a/patches/dbus-1.10.22/series b/patches/dbus-1.10.22/series
new file mode 100644
index 000000000..5883e2956
--- /dev/null
+++ b/patches/dbus-1.10.22/series
@@ -0,0 +1,5 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+#tag:upstream --start-number 10
+0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch
+# 0ea4df42f11d73dba6bd33a9d510501c  - git-ptx-patches magic