[Buildroot] [PATCH/2017.02.x 2/2] dbus: add upstream patch to fix startup hang with with expat >= 2.2.1

Yann E. MORIN yann.morin.1998 at free.fr
Sun Aug 13 12:56:06 UTC 2017 

Sébastien, All,

On 2017-08-10 15:47 +0200, Sébastien Szymanski spake thusly:
> From: Marcus Hoffmann <m.hoffmann at cartelsol.com>
> After c0ad6ded018ffbc33f7f5 expat: security bump to version 2.2.1
> the system can hang on startup under certain circumstances.
> 
> This happens when:
>   * we use systemd as init system
>   * the random nonblocking pool takes a while to initialize
>     * this apparently doesn't happen on qemu, so this would not have
>       been caught by the runtime testing infrastructure
>     * it also doesn't seem to happen when network booting
> 
> For a more detailed description of the bug see here:
> https://bugs.freedesktop.org/show_bug.cgi?id=101858
> 
> The patch should be in next dbus version 1.10.24

In the meantime. expat 2.2.3 has been released, which contrains (amongst
other interesting stuff) commit 55839b633 (xmlparse.c: Read /dev/urandom
if non-blocking getrandom failed), which ought to fix the boot delay.

So, maybe it is beter to bumnpt expat instead, no? Or at least, backport
that one commit.

Or did I miss something?

Regards,
Yann E. MORIN.

> Set DBUS_AUTORECONF = YES because configure.ac is changed.
> 
> Signed-off-by: Marcus Hoffmann <m.hoffmann at cartelsol.com>
> [Arnout: add upstream commit sha + Marcus's Sob to the patch]
> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
> 
> (cherry picked from commit 5a5e76381f8b000baa09c902ca89d45725c47f04)
> Signed-off-by: Sébastien Szymanski <sebastien.szymanski at armadeus.com>
> ---
>  ...er-expat-Tell-Expat-not-to-defend-against.patch | 78 ++++++++++++++++++++++
>  package/dbus/dbus.mk                               |  3 +
>  2 files changed, 81 insertions(+)
>  create mode 100644 package/dbus/0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
> 
> diff --git a/package/dbus/0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch b/package/dbus/0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
> new file mode 100644
> index 0000000..fd9e01d
> --- /dev/null
> +++ b/package/dbus/0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
> @@ -0,0 +1,78 @@
> +From 1252dc1d1f465b8ab6b36ff7252e395e66a040cf Mon Sep 17 00:00:00 2001
> +From: Simon McVittie <smcv at debian.org>
> +Date: Fri, 21 Jul 2017 10:46:39 +0100
> +Subject: [PATCH 1/2] config-loader-expat: Tell Expat not to defend against
> + hash collisions
> +
> +By default, Expat uses cryptographic-quality random numbers as a salt for
> +its hash algorithm, and since 2.2.1 it gets them from the getrandom
> +syscall on Linux. That syscall refuses to return any entropy until the
> +kernel's CSPRNG (random pool) has been initialized. Unfortunately, this
> +can take as long as 40 seconds on embedded devices with few entropy
> +sources, which is too long: if the system dbus-daemon blocks for that
> +length of time, important D-Bus clients like systemd and systemd-logind
> +time out and fail to connect to it.
> +
> +We're parsing small configuration files here, and we trust them
> +completely, so we don't need to defend against hash collisions: nobody
> +is going to be crafting them to cause pathological performance.
> +
> +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101858
> +Signed-off-by: Simon McVittie <smcv at debian.org>
> +Tested-by: Christopher Hewitt <hewitt at ieee.org>
> +Reviewed-by: Philip Withnall <withnall at endlessm.com>
> +
> +Upstream commit 1252dc1d1f465b8ab6b36ff7252e395e66a040cf
> +Signed-off-by: Marcus Hoffmann <m.hoffmann at cartelsol.com>
> +---
> + bus/config-loader-expat.c | 14 ++++++++++++++
> + configure.ac              |  8 ++++++++
> + 2 files changed, 22 insertions(+)
> +
> +diff --git a/bus/config-loader-expat.c b/bus/config-loader-expat.c
> +index b571fda3..27cbe2d0 100644
> +--- a/bus/config-loader-expat.c
> ++++ b/bus/config-loader-expat.c
> +@@ -203,6 +203,20 @@ bus_config_load (const DBusString      *file,
> +       goto failed;
> +     }
> + 
> ++  /* We do not need protection against hash collisions (CVE-2012-0876)
> ++   * because we are only parsing trusted XML; and if we let Expat block
> ++   * waiting for the CSPRNG to be initialized, as it does by default to
> ++   * defeat CVE-2012-0876, it can cause timeouts during early boot on
> ++   * entropy-starved embedded devices.
> ++   *
> ++   * TODO: When Expat gets a more explicit API for this than
> ++   * XML_SetHashSalt, check for that too, and use it preferentially.
> ++   * https://github.com/libexpat/libexpat/issues/91 */
> ++#if defined(HAVE_XML_SETHASHSALT)
> ++  /* Any nonzero number will do. https://xkcd.com/221/ */
> ++  XML_SetHashSalt (expat, 4);
> ++#endif
> ++
> +   if (!_dbus_string_get_dirname (file, &dirname))
> +     {
> +       dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
> +diff --git a/configure.ac b/configure.ac
> +index 52da11fb..c4022ed7 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -938,6 +938,14 @@ XML_CFLAGS=
> + AC_SUBST([XML_CFLAGS])
> + AC_SUBST([XML_LIBS])
> + 
> ++save_cflags="$CFLAGS"
> ++save_libs="$LIBS"
> ++CFLAGS="$CFLAGS $XML_CFLAGS"
> ++LIBS="$LIBS $XML_LIBS"
> ++AC_CHECK_FUNCS([XML_SetHashSalt])
> ++CFLAGS="$save_cflags"
> ++LIBS="$save_libs"
> ++
> + # Thread lib detection
> + AC_ARG_VAR([THREAD_LIBS])
> + save_libs="$LIBS"
> +-- 
> +2.11.0
> +
> diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk
> index e05fbff..f2974f2 100644
> --- a/package/dbus/dbus.mk
> +++ b/package/dbus/dbus.mk
> @@ -6,6 +6,9 @@
>  
>  DBUS_VERSION = 1.10.22
>  DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
> +
> +# 0001-config-loader-expat-Tell-Expat-not-to-defend-against.patch
> +DBUS_AUTORECONF = YES
>  DBUS_LICENSE = AFLv2.1 or GPLv2+ (library, tools), GPLv2+ (tools)
>  DBUS_LICENSE_FILES = COPYING
>  DBUS_INSTALL_STAGING = YES
> -- 
> 2.7.3
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

More information about the buildroot mailing list