File dbus-cve-2012-3524-1.patch of Package dbus-1.openSUSE_Evergreen_11.4

diff -urN a/configure.in b/configure.in
--- a/configure.in	2012-10-10 14:58:28.730004766 +0200
+++ b/configure.in	2012-10-10 14:59:41.953329840 +0200
@@ -469,7 +469,7 @@
 AC_SEARCH_LIBS(socket,[socket network])
 AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)])
 
-AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull)
+AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull __secure_getenv)
 
 #### Check for broken poll; taken from Glib's configure
 
diff -urN a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c
--- a/dbus/dbus-keyring.c	2012-10-10 14:58:28.716005104 +0200
+++ b/dbus/dbus-keyring.c	2012-10-10 14:59:41.953329840 +0200
@@ -717,6 +717,13 @@
   DBusCredentials *our_credentials;
   
   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+  if (_dbus_check_setuid ())
+    {
+      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+                            "Unable to create DBus keyring when setuid");
+      return NULL;
+    }
   
   keyring = NULL;
   error_set = FALSE;
diff -urN a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c
--- a/dbus/dbus-sysdeps.c	2012-10-10 14:58:28.721004987 +0200
+++ b/dbus/dbus-sysdeps.c	2012-10-10 14:59:41.956329829 +0200
@@ -182,6 +182,11 @@
 const char*
 _dbus_getenv (const char *varname)
 {  
+  /* Don't respect any environment variables if the current process is
+   * setuid.  This is the equivalent of glibc's __secure_getenv().
+   */
+  if (_dbus_check_setuid ())
+    return NULL;
   return getenv (varname);
 }
 
diff -urN a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
--- a/dbus/dbus-sysdeps.h	2012-10-10 14:58:28.716005104 +0200
+++ b/dbus/dbus-sysdeps.h	2012-10-10 14:59:41.957329848 +0200
@@ -83,6 +83,7 @@
 
 void _dbus_abort (void) _DBUS_GNUC_NORETURN;
 
+dbus_bool_t _dbus_check_setuid (void);
 const char* _dbus_getenv (const char *varname);
 dbus_bool_t _dbus_setenv (const char *varname,
 			  const char *value);
diff -urN a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
--- a/dbus/dbus-sysdeps-unix.c	2012-10-10 14:58:28.726004853 +0200
+++ b/dbus/dbus-sysdeps-unix.c	2012-10-10 14:59:41.957329848 +0200
@@ -3251,6 +3251,13 @@
   DBusString uuid;
   dbus_bool_t retval;
 
+  if (_dbus_check_setuid ())
+    {
+      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+                            "Unable to autolaunch when setuid");
+      return FALSE;
+    }
+
   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
   retval = FALSE;
 
@@ -3339,6 +3346,13 @@
 
   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
 
+  if (_dbus_check_setuid ())
+    {
+      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+                            "Unable to find launchd socket when setuid");
+      return FALSE;
+    }
+
   i = 0;
   argv[i] = "launchctl";
   ++i;
@@ -3379,6 +3393,13 @@
   dbus_bool_t valid_socket;
   DBusString socket_path;
 
+  if (_dbus_check_setuid ())
+    {
+      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+                            "Unable to find launchd socket when setuid");
+      return FALSE;
+    }
+
   if (!_dbus_string_init (&socket_path))
     {
       _DBUS_SET_OOM (error);
@@ -3831,4 +3852,57 @@
   return configure_time_path;
 }
 
+/**
+ * **NOTE**: If you modify this function, please also consider making
+ * the corresponding change in GLib.  See
+ * glib/gutils.c:g_check_setuid().
+ *
+ * Returns TRUE if the current process was executed as setuid (or an
+ * equivalent __libc_enable_secure is available).  See:
+ * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html
+ */
+dbus_bool_t
+_dbus_check_setuid (void)
+{
+  /* TODO: get __libc_enable_secure exported from glibc.
+   * See http://www.openwall.com/lists/owl-dev/2012/08/14/1
+   */
+#if 0 && defined(HAVE_LIBC_ENABLE_SECURE)
+  {
+    /* See glibc/include/unistd.h */
+    extern int __libc_enable_secure;
+    return __libc_enable_secure;
+  }
+#elif defined(HAVE_ISSETUGID)
+  /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */
+  return issetugid ();
+#else
+  uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
+  gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
+
+  static dbus_bool_t check_setuid_initialised;
+  static dbus_bool_t is_setuid;
+
+  if (_DBUS_UNLIKELY (!check_setuid_initialised))
+    {
+#ifdef HAVE_GETRESUID
+      if (getresuid (&ruid, &euid, &suid) != 0 ||
+          getresgid (&rgid, &egid, &sgid) != 0)
+#endif /* HAVE_GETRESUID */
+        {
+          suid = ruid = getuid ();
+          sgid = rgid = getgid ();
+          euid = geteuid ();
+          egid = getegid ();
+        }
+
+      check_setuid_initialised = TRUE;
+      is_setuid = (ruid != euid || ruid != suid ||
+                   rgid != egid || rgid != sgid);
+
+    }
+  return is_setuid;
+#endif
+}
+
 /* tests in dbus-sysdeps-util.c */
diff -urN a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c
--- a/dbus/dbus-sysdeps-win.c	2012-10-10 14:58:28.721004987 +0200
+++ b/dbus/dbus-sysdeps-win.c	2012-10-10 14:59:41.959329902 +0200
@@ -3564,6 +3564,12 @@
   return TRUE;
 }
 
+dbus_bool_t
+_dbus_check_setuid (void)
+{
+  return FALSE;
+}
+
 /** @} end of sysdeps-win */
 /* tests in dbus-sysdeps-util.c */