debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #00520
[Bug 2061155] Autopkgtest regression report (dbus-broker/35-2ubuntu0.1)
All autopkgtests for the newly accepted dbus-broker (35-2ubuntu0.1) for noble have finished running.
The following regressions have been reported in tests triggered by the package:
network-manager/1.46.0-1ubuntu2.2 (s390x)
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].
https://people.canonical.com/~ubuntu-archive/proposed-
migration/noble/update_excuses.html#dbus-broker
[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions
Thank you!
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to dbus-broker in Ubuntu.
https://bugs.launchpad.net/bugs/2061155
Title:
Use-after-close vulnerability in dbus-broker 35. Please upgrade
package to 36
Status in dbus-broker package in Ubuntu:
Fix Released
Status in dbus-broker source package in Noble:
Fix Committed
Status in dbus-broker source package in Oracular:
Fix Released
Status in dbus-broker source package in Plucky:
Fix Released
Status in dbus-broker source package in Questing:
Fix Released
Bug description:
[Original Description/Impact]
Per https://github.com/bus1/dbus-broker/releases/tag/v36 :
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 36:
* Fix possible file-descriptor use-after-close, which can lead to
broker termination or disclosure of internal file-desciptors to
clients.
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: dbus-broker 35-2
ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1
Uname: Linux 6.8.0-22-generic x86_64
ApportVersion: 2.28.0-0ubuntu1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Fri Apr 12 11:24:50 2024
InstallationDate: Installed on 2024-04-08 (4 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240407.2)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: dbus-broker
UpgradeStatus: No upgrade log present (probably fresh install)
This is a potential issue, that hasn't been demonstrated in practice,
but it would be good to fix it in the noble LTS release anyway, just
in case. The fix has been out and in multiple Ubuntu releases
including Oracular and Plucky, and no issues have been reported.
[Test Plan]
Build and install the patched dbus-broker in a container and check
that it doesn't break:
Noble:
root@localhost:/tmp# apt install ./dbus-broker_35-2ubuntu0.1_amd64.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'dbus-broker' instead of './dbus-broker_35-2ubuntu0.1_amd64.deb'
The following NEW packages will be installed:
dbus-broker
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/169 kB of archives.
After this operation, 430 kB of additional disk space will be used.
Get:1 /tmp/dbus-broker_35-2ubuntu0.1_amd64.deb dbus-broker amd64 35-2ubuntu0.1 [169 kB]
Selecting previously unselected package dbus-broker.
(Reading database ... 27500 files and directories currently installed.)
Preparing to unpack .../dbus-broker_35-2ubuntu0.1_amd64.deb ...
Unpacking dbus-broker (35-2ubuntu0.1) ...
Setting up dbus-broker (35-2ubuntu0.1) ...
Replacing the running dbus-daemon with dbus-broker requires a reboot:
please reboot the system when convenient.
Created symlink /etc/systemd/user/dbus.service → /usr/lib/systemd/user/dbus-broker.service.
Created symlink /etc/systemd/system/dbus.service → /usr/lib/systemd/system/dbus-broker.service.
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for systemd (255.4-1ubuntu8) ...
root@localhost:/tmp# systemctl daemon-reload
root@localhost:/tmp# systemctl restart dbus-broker
root@localhost:/tmp# systemctl status dbus-broker
● dbus-broker.service - D-Bus System Message Bus
Loaded: loaded (/usr/lib/systemd/system/dbus-broker.service; enabled; preset: enabled)
Active: active (running) since Tue 2025-05-06 15:00:08 BST; 3s ago
TriggeredBy: ● dbus.socket
Docs: man:dbus-broker-launch(1)
Main PID: 2458 (dbus-broker-lau)
Tasks: 2 (limit: 66786)
Memory: 1.3M (peak: 2.1M)
CPU: 10ms
CGroup: /system.slice/dbus-broker.service
├─2458 /usr/bin/dbus-broker-launch --scope system --audit
└─2459 dbus-broker --log 4 --controller 9 --machine-id b70250626e354e8481fe3ed01e2a769f --max-bytes 5368>
May 06 15:00:08 localhost systemd[1]: Starting dbus-broker.service - D-Bus System Message Bus...
May 06 15:00:08 localhost dbus-broker-launch[2458]: Kernel is missing AppArmor DBus support.
May 06 15:00:08 localhost systemd[1]: Started dbus-broker.service - D-Bus System Message Bus.
May 06 15:00:08 localhost dbus-broker-launch[2458]: Ready
root@localhost:/tmp# cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/";
SUPPORT_URL="https://help.ubuntu.com/";
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/";
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy";
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo
[Where problems could occur]
File descriptor handling is pretty central to D-Bus, so if a problem
occurred there the system functionality would degrade and probably
stop working entirely, as clients would no longer be able to
successfully pass FDs via D-Bus messages, which is relied upon heavily
by components such as systemd.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2061155/+subscriptions
