[Pkg-utopia-commits] r2472 - in /packages/etch/dbus/debian: changelog patches/CVE-2008-0595.patch

biebl at users.alioth.debian.org biebl at users.alioth.debian.org
Thu Oct 23 22:50:51 UTC 2008 

Author: biebl
Date: Thu Oct 23 22:50:50 2008
New Revision: 2472

URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2472
Log:
Import security update by Moritz Muehlenhoff which fixes CVE-2008-0595

Added:
    packages/etch/dbus/debian/patches/CVE-2008-0595.patch
Modified:
    packages/etch/dbus/debian/changelog

Modified: packages/etch/dbus/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/dbus/debian/changelog?rev=2472&op=diff
==============================================================================
--- packages/etch/dbus/debian/changelog (original)
+++ packages/etch/dbus/debian/changelog Thu Oct 23 22:50:50 2008
@@ -1,3 +1,9 @@
+dbus (1.0.2-1+etch1) stable-security; urgency=high
+
+  * Fix CVE-2008-0595
+
+ -- Moritz Muehlenhoff <jmm at debian.org>  Sun, 22 Jun 2008 08:05:45 +0000
+
 dbus (1.0.2-1) unstable; urgency=high
 
   * New upstream release:

Added: packages/etch/dbus/debian/patches/CVE-2008-0595.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/dbus/debian/patches/CVE-2008-0595.patch?rev=2472&op=file
==============================================================================
--- packages/etch/dbus/debian/patches/CVE-2008-0595.patch (added)
+++ packages/etch/dbus/debian/patches/CVE-2008-0595.patch Thu Oct 23 22:50:50 2008
@@ -1,0 +1,50 @@
+diff --git a/bus/policy.c b/bus/policy.c
+index 383b2b1..caa544e 100644
+--- a/bus/policy.c
++++ dbus-1.0.2/bus/policy.c
+@@ -942,9 +942,19 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
+       
+       if (rule->d.send.interface != NULL)
+         {
+-          if (dbus_message_get_interface (message) != NULL &&
+-              strcmp (dbus_message_get_interface (message),
+-                      rule->d.send.interface) != 0)
++          /* The interface is optional in messages. For allow rules, if the message
++           * has no interface we want to skip the rule (and thus not allow);
++           * for deny rules, if the message has no interface we want to use the
++           * rule (and thus deny).
++           */
++          dbus_bool_t no_interface;
++
++          no_interface = dbus_message_get_interface (message) == NULL;
++          
++          if ((no_interface && rule->allow) ||
++              (!no_interface && 
++               strcmp (dbus_message_get_interface (message),
++                       rule->d.send.interface) != 0))
+             {
+               _dbus_verbose ("  (policy) skipping rule for different interface\n");
+               continue;
+@@ -1128,9 +1138,19 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+       
+       if (rule->d.receive.interface != NULL)
+         {
+-          if (dbus_message_get_interface (message) != NULL &&
+-              strcmp (dbus_message_get_interface (message),
+-                      rule->d.receive.interface) != 0)
++          /* The interface is optional in messages. For allow rules, if the message
++           * has no interface we want to skip the rule (and thus not allow);
++           * for deny rules, if the message has no interface we want to use the
++           * rule (and thus deny).
++           */
++          dbus_bool_t no_interface;
++
++          no_interface = dbus_message_get_interface (message) == NULL;
++          
++          if ((no_interface && rule->allow) ||
++              (!no_interface &&
++               strcmp (dbus_message_get_interface (message),
++                       rule->d.receive.interface) != 0))
+             {
+               _dbus_verbose ("  (policy) skipping rule for different interface\n");
+               continue;

More information about the Pkg-utopia-commits mailing list