[rpms/ibus] autotool: Added DBus filtering

[Takao Fujiwara <tfujiwar@redhat.com>]

A new commit has been pushed.

Repo   : rpms/ibus
Branch : autotool
Commit : e52a5b5d19eac91eb9369648a74c9afd25106e88
Author : Takao Fujiwara <tfujiwar@redhat.com>
Date   : 2018-01-17T18:23:10+09:00
Stats  : +178/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/ibus/c/e52a5b5d19eac91eb9369648a74c9afd25106e88?branch=autotool

Log:
Added DBus filtering

---
diff --git a/ibus-HEAD.patch b/ibus-HEAD.patch
index e69de29..b0d7216 100644
--- a/ibus-HEAD.patch
+++ b/ibus-HEAD.patch
@@ -0,0 +1,172 @@
+From bfe57d20e9d39d52428e95e493d9af0bd034a82f Mon Sep 17 00:00:00 2001
+From: fujiwarat <takao.fujiwara1@gmail.com>
+Date: Mon, 15 Jan 2018 14:44:07 +0900
+Subject: [PATCH] Added DBus filtering against malware
+
+The proposal prevents non-ower of the GDBusConnection from accessing
+DBus methods against malicious usages.
+
+BUG=https://github.com/ibus/ibus/issues/1955
+
+Review URL: https://codereview.appspot.com/335380043
+---
+ bus/inputcontext.c     | 24 +++++++++++++++++++++++-
+ src/ibusengine.c       | 18 +++++++++++++++++-
+ src/ibuspanelservice.c | 14 +++++++++++++-
+ 3 files changed, 53 insertions(+), 3 deletions(-)
+
+diff --git a/bus/inputcontext.c b/bus/inputcontext.c
+index d8be9e3f..4f2ecafc 100644
+--- a/bus/inputcontext.c
++++ b/bus/inputcontext.c
+@@ -2,7 +2,7 @@
+ /* vim:set et sts=4: */
+ /* ibus - The Input Bus
+  * Copyright (C) 2008-2014 Peng Huang <shawn.p.huang@gmail.com>
+- * Copyright (C) 2015-2017 Takao Fujiwara <takao.fujiwara1@gmail.com>
++ * Copyright (C) 2015-2018 Takao Fujiwara <takao.fujiwara1@gmail.com>
+  * Copyright (C) 2008-2016 Red Hat, Inc.
+  *
+  * This library is free software; you can redistribute it and/or
+@@ -1148,6 +1148,20 @@ _ic_set_surrounding_text (BusInputContext       *context,
+     g_dbus_method_invocation_return_value (invocation, NULL);
+ }
+ 
++/*
++ * Since IBusService is inherited by IBusImpl, this method cannot be
++ * applied to IBusServiceClass.method_call() directly but can be in
++ * each child class.method_call().
++ */
++static gboolean
++bus_input_context_service_authorized_method (IBusService     *service,
++                                             GDBusConnection *connection)
++{
++    if (ibus_service_get_connection (service) == connection)
++        return TRUE;
++    return FALSE;
++}
++
+ /**
+  * bus_input_context_service_method_call:
+  *
+@@ -1197,6 +1211,10 @@ bus_input_context_service_method_call (IBusService            *service,
+     };
+ 
+     gint i;
++
++    if (!bus_input_context_service_authorized_method (service, connection))
++        return;
++
+     for (i = 0; i < G_N_ELEMENTS (methods); i++) {
+         if (g_strcmp0 (method_name, methods[i].method_name) == 0) {
+             methods[i].method_callback ((BusInputContext *)service, parameters, invocation);
+@@ -1270,6 +1288,9 @@ bus_input_context_service_set_property (IBusService     *service,
+                                   error);
+     }
+ 
++    if (!bus_input_context_service_authorized_method (service, connection))
++        return FALSE;
++
+     if (g_strcmp0 (property_name, "ContentType") == 0) {
+         BusInputContext *context = (BusInputContext *) service;
+         _ic_set_content_type (context, value);
+@@ -1279,6 +1300,7 @@ bus_input_context_service_set_property (IBusService     *service,
+     g_return_val_if_reached (FALSE);
+ }
+ 
++
+ gboolean
+ bus_input_context_has_focus (BusInputContext *context)
+ {
+diff --git a/src/ibusengine.c b/src/ibusengine.c
+index b2a8022a..da648d11 100644
+--- a/src/ibusengine.c
++++ b/src/ibusengine.c
+@@ -2,7 +2,8 @@
+ /* vim:set et sts=4: */
+ /* ibus - The Input Bus
+  * Copyright (C) 2008-2013 Peng Huang <shawn.p.huang@gmail.com>
+- * Copyright (C) 2008-2013 Red Hat, Inc.
++ * Copyright (C) 2018 Takao Fujiwara <takao.fujiwara1@gmail.com>
++ * Copyright (C) 2008-2018 Red Hat, Inc.
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -851,6 +852,15 @@ ibus_engine_get_property (IBusEngine *engine,
+     }
+ }
+ 
++static gboolean
++ibus_engine_service_authorized_method (IBusService     *service,
++                                       GDBusConnection *connection)
++{
++    if (ibus_service_get_connection (service) == connection)
++        return TRUE;
++    return FALSE;
++}
++
+ static void
+ ibus_engine_service_method_call (IBusService           *service,
+                                  GDBusConnection       *connection,
+@@ -876,6 +886,9 @@ ibus_engine_service_method_call (IBusService           *service,
+         return;
+     }
+ 
++    if (!ibus_engine_service_authorized_method (service, connection))
++        return;
++
+     if (g_strcmp0 (method_name, "ProcessKeyEvent") == 0) {
+         guint keyval, keycode, state;
+         gboolean retval = FALSE;
+@@ -1085,6 +1098,9 @@ ibus_engine_service_set_property (IBusService        *service,
+                                   error);
+     }
+ 
++    if (!ibus_engine_service_authorized_method (service, connection))
++        return FALSE;
++
+     if (g_strcmp0 (property_name, "ContentType") == 0) {
+         guint purpose = 0;
+         guint hints = 0;
+diff --git a/src/ibuspanelservice.c b/src/ibuspanelservice.c
+index 468aa324..33949fa1 100644
+--- a/src/ibuspanelservice.c
++++ b/src/ibuspanelservice.c
+@@ -3,7 +3,7 @@
+ /* ibus - The Input Bus
+  * Copyright (c) 2009-2014 Google Inc. All rights reserved.
+  * Copyright (C) 2010-2014 Peng Huang <shawn.p.huang@gmail.com>
+- * Copyright (C) 2017 Takao Fujiwara <takao.fujiwara1@gmail.com>
++ * Copyright (C) 2017-2018 Takao Fujiwara <takao.fujiwara1@gmail.com>
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -936,6 +936,15 @@ _g_object_unref_if_floating (gpointer instance)
+         g_object_unref (instance);
+ }
+ 
++static gboolean
++ibus_panel_service_service_authorized_method (IBusService     *service,
++                                              GDBusConnection *connection)
++{
++    if (ibus_service_get_connection (service) == connection)
++        return TRUE;
++    return FALSE;
++}
++
+ static void
+ ibus_panel_service_service_method_call (IBusService           *service,
+                                         GDBusConnection       *connection,
+@@ -961,6 +970,9 @@ ibus_panel_service_service_method_call (IBusService           *service,
+         return;
+     }
+ 
++    if (!ibus_panel_service_service_authorized_method (service, connection))
++        return;
++
+     if (g_strcmp0 (method_name, "UpdatePreeditText") == 0) {
+         GVariant *variant = NULL;
+         guint cursor = 0;
+-- 
+2.14.3
+

diff --git a/ibus.spec b/ibus.spec
index eba2bec..47bf127 100644
--- a/ibus.spec
+++ b/ibus.spec
@@ -36,7 +36,7 @@
 
 Name:           ibus
 Version:        1.5.17
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Intelligent Input Bus for Linux OS
 License:        LGPLv2+
 Group:          System Environment/Libraries
@@ -47,6 +47,7 @@ Source2:        %{name}.conf.5
 # Will remove the annotation tarball once the rpm is available on Fedora
 # Upstreamed patches.
 # Patch0:         %%{name}-HEAD.patch
+Patch0:         %{name}-HEAD.patch
 # Under testing #1349148 #1385349 #1350291 #1406699 #1432252
 Patch1:         %{name}-1385349-segv-bus-proxy.patch
 %if %with_emoji_harfbuzz
@@ -246,6 +247,7 @@ The ibus-devel-docs package contains developer documentation for IBus
 %prep
 %setup -q
 # %%patch0 -p1
+%patch0 -p1
 # cp client/gtk2/ibusimcontext.c client/gtk3/ibusimcontext.c ||
 %patch1 -p1 -z .segv
 %if %with_emoji_harfbuzz
@@ -475,6 +477,9 @@ gtk-query-immodules-3.0-%{__isa_bits} --update-cache &> /dev/null || :
 %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Wed Jan 17 2018 Takao Fujiwara <tfujiwar@redhat.com> - 1.5.17-4
+- Added DBus filtering
+
 * Sat Jan 06 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.5.17-3
 - Remove obsolete scriptlets