r18223 - in /desktop/unstable/system-tools-backends/debian: changelog patches/05_cve_2008_4311.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Sat Jan 10 16:05:06 UTC 2009
Author: joss
Date: Sat Jan 10 16:05:05 2009
New Revision: 18223
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=18223
Log:
05_cve_2008_4311.patch: new patch by Simon McVittie. Specify
permissions with send_destination instead of send_interface. Makes
backends work with the dbus packages fixing CVE-2008-4311.
Closes: #510744.
Added:
desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch
Modified:
desktop/unstable/system-tools-backends/debian/changelog
desktop/unstable/system-tools-backends/debian/patches/series
Modified: desktop/unstable/system-tools-backends/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/changelog?rev=18223&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/changelog (original)
+++ desktop/unstable/system-tools-backends/debian/changelog Sat Jan 10 16:05:05 2009
@@ -1,9 +1,16 @@
-system-tools-backends (2.6.0-3) UNRELEASED; urgency=low
-
+system-tools-backends (2.6.0-2lenny1) unstable; urgency=low
+
+ [ Loic Minier ]
* Don't rm_conffile /etc/dbus-1/event.d/70system-tools-backends during first
configuration.
- -- Loic Minier <lool at dooz.org> Fri, 28 Nov 2008 20:29:44 +0100
+ [ Josselin Mouette ]
+ * 05_cve_2008_4311.patch: new patch by Simon McVittie. Specify
+ permissions with send_destination instead of send_interface. Makes
+ backends work with the dbus packages fixing CVE-2008-4311.
+ Closes: #510744.
+
+ -- Josselin Mouette <joss at debian.org> Sat, 10 Jan 2009 16:50:01 +0100
system-tools-backends (2.6.0-2) unstable; urgency=medium
Added: desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch?rev=18223&op=file
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch (added)
+++ desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch Sat Jan 10 16:05:05 2009
@@ -1,0 +1,44 @@
+commit fd648907e46017d46c367f59c62d0b0395830903
+Author: Simon McVittie <http://smcv.pseudorandom.co.uk/>
+Date: 2009-01-04 19:35:51 +0000
+
+ Allow root to send messages to all the system tools backends, so they work even when CVE-2008-4311 has been fixed.
+
+ Also disallow normal user access by destination, not by interface (fd.o #18961).
+
+diff --git a/system-tools-backends.conf b/system-tools-backends.conf
+index 00d6d58..537ef73 100644
+--- a/system-tools-backends.conf
++++ b/system-tools-backends.conf
+@@ -23,8 +23,8 @@
+ -->
+
+ <!-- configuration modules can't be accessed directly... -->
+- <deny send_interface="org.freedesktop.SystemToolsBackends"/>
+- <deny send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
++ <deny send_destination="org.freedesktop.SystemToolsBackends"/>
++ <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
+ <deny send_destination="org.freedesktop.SystemToolsBackends"/>
+ </policy>
+
+@@ -47,9 +47,18 @@
+
+ <!-- be able to speak to configuration modules,
+ so any message to them has to go through the dispatcher -->
+- <allow send_interface="org.freedesktop.SystemToolsBackends"/>
+- <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
+ <allow send_destination="org.freedesktop.SystemToolsBackends"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.HostsConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.IfacesConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.NFSConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.NTPConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.ServicesConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.SMBConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.TimeConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.UserConfig"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends.UsersConfig"/>
+ </policy>
+ <policy group="stb-admin">
+ <!-- be able to speak to the dispatcher -->
Modified: desktop/unstable/system-tools-backends/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/system-tools-backends/debian/patches/series?rev=18223&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/series (original)
+++ desktop/unstable/system-tools-backends/debian/patches/series Sat Jan 10 16:05:05 2009
@@ -2,5 +2,6 @@
02ubuntu_chmod_network_interfaces_when_using_key.patch
03_default_permissions.patch
04_correct_perl_command.patch
+05_cve_2008_4311.patch
07_dont_symlink_localtime.patch
60_fix-permissions-of-pid-file.patch
More information about the pkg-gnome-commits
mailing list