diff options
author | Clemens Gruber <clemens.gruber@pqgruber.com> | 2017-09-01 18:39:13 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2017-09-05 08:08:11 +0200 |
commit | fc622325543f26d0076ee4337583dd136a2e297a (patch) | |
tree | b707c0bcc96349e09af748208bf991e6bb3e5caf /patches | |
parent | fb2abb22ade0f5aafb0dcd21b70daeb3c568aae8 (diff) | |
download | ptxdist-fc622325543f26d0076ee4337583dd136a2e297a.tar.gz ptxdist-fc622325543f26d0076ee4337583dd136a2e297a.tar.xz |
dbus: add upstream patch to avoid blocking at boot time
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'patches')
-rw-r--r-- | patches/dbus-1.10.22/0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch | 74 | ||||
l--------- | patches/dbus-1.10.22/autogen.sh | 1 | ||||
-rw-r--r-- | patches/dbus-1.10.22/series | 5 |
3 files changed, 80 insertions, 0 deletions
diff --git a/patches/dbus-1.10.22/0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch b/patches/dbus-1.10.22/0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch new file mode 100644 index 000000000..5289f720f --- /dev/null +++ b/patches/dbus-1.10.22/0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch @@ -0,0 +1,74 @@ +From: Simon McVittie <smcv@debian.org> +Date: Fri, 21 Jul 2017 10:46:39 +0100 +Subject: [PATCH] config-loader-expat: Tell Expat not to defend against hash + collisions + +By default, Expat uses cryptographic-quality random numbers as a salt for +its hash algorithm, and since 2.2.1 it gets them from the getrandom +syscall on Linux. That syscall refuses to return any entropy until the +kernel's CSPRNG (random pool) has been initialized. Unfortunately, this +can take as long as 40 seconds on embedded devices with few entropy +sources, which is too long: if the system dbus-daemon blocks for that +length of time, important D-Bus clients like systemd and systemd-logind +time out and fail to connect to it. + +We're parsing small configuration files here, and we trust them +completely, so we don't need to defend against hash collisions: nobody +is going to be crafting them to cause pathological performance. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858 +Signed-off-by: Simon McVittie <smcv@debian.org> +Tested-by: Christopher Hewitt <hewitt@ieee.org> +Reviewed-by: Philip Withnall <withnall@endlessm.com> + +Upstream commit 1252dc1d1f465b8ab6b36ff7252e395e66a040cf +Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com> +--- + bus/config-loader-expat.c | 14 ++++++++++++++ + configure.ac | 8 ++++++++ + 2 files changed, 22 insertions(+) + +diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c +index b571fda3181f..27cbe2d090a0 100644 +--- a/bus/config-loader-expat.c ++++ b/bus/config-loader-expat.c +@@ -203,6 +203,20 @@ bus_config_load (const DBusString *file, + goto failed; + } + ++ /* We do not need protection against hash collisions (CVE-2012-0876) ++ * because we are only parsing trusted XML; and if we let Expat block ++ * waiting for the CSPRNG to be initialized, as it does by default to ++ * defeat CVE-2012-0876, it can cause timeouts during early boot on ++ * entropy-starved embedded devices. ++ * ++ * TODO: When Expat gets a more explicit API for this than ++ * XML_SetHashSalt, check for that too, and use it preferentially. ++ * https://github.com/libexpat/libexpat/issues/91 */ ++#if defined(HAVE_XML_SETHASHSALT) ++ /* Any nonzero number will do. https://xkcd.com/221/ */ ++ XML_SetHashSalt (expat, 4); ++#endif ++ + if (!_dbus_string_get_dirname (file, &dirname)) + { + dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); +diff --git a/configure.ac b/configure.ac +index 1fabddd190a4..4e9c1de7bafc 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -938,6 +938,14 @@ XML_CFLAGS= + AC_SUBST([XML_CFLAGS]) + AC_SUBST([XML_LIBS]) + ++save_cflags="$CFLAGS" ++save_libs="$LIBS" ++CFLAGS="$CFLAGS $XML_CFLAGS" ++LIBS="$LIBS $XML_LIBS" ++AC_CHECK_FUNCS([XML_SetHashSalt]) ++CFLAGS="$save_cflags" ++LIBS="$save_libs" ++ + # Thread lib detection + AC_ARG_VAR([THREAD_LIBS]) + save_libs="$LIBS" diff --git a/patches/dbus-1.10.22/autogen.sh b/patches/dbus-1.10.22/autogen.sh new file mode 120000 index 000000000..9f8a4cb7d --- /dev/null +++ b/patches/dbus-1.10.22/autogen.sh @@ -0,0 +1 @@ +../autogen.sh
\ No newline at end of file diff --git a/patches/dbus-1.10.22/series b/patches/dbus-1.10.22/series new file mode 100644 index 000000000..5883e2956 --- /dev/null +++ b/patches/dbus-1.10.22/series @@ -0,0 +1,5 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +#tag:upstream --start-number 10 +0010-config-loader-expat-Tell-Expat-not-to-defend-against.patch +# 0ea4df42f11d73dba6bd33a9d510501c - git-ptx-patches magic |