r18961 - in /desktop/experimental/system-tools-backends/debian: changelog patches/05_cve_2008_4311.patch patches/series

joss at users.alioth.debian.org joss at users.alioth.debian.org
Wed Mar 11 20:39:35 UTC 2009 

Author: joss
Date: Wed Mar 11 20:39:34 2009
New Revision: 18961

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=18961
Log:
05_cve_2008_4311.patch: new patch, based on the patch by Simon 
McVittie for the lenny Branch. Specify permissions with 
send_destination instead of send_interface. Makes backends work with 
the dbus packages fixing CVE-2008-4311. Closes: #510744.

Added:
    desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch   (contents, props changed)
      - copied, changed from r18894, desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch
Modified:
    desktop/experimental/system-tools-backends/debian/changelog
    desktop/experimental/system-tools-backends/debian/patches/series

Modified: desktop/experimental/system-tools-backends/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/system-tools-backends/debian/changelog?rev=18961&op=diff
==============================================================================
--- desktop/experimental/system-tools-backends/debian/changelog (original)
+++ desktop/experimental/system-tools-backends/debian/changelog Wed Mar 11 20:39:34 2009
@@ -1,3 +1,12 @@
+system-tools-backends (2.6.0-4) UNRELEASED; urgency=low
+
+  * 05_cve_2008_4311.patch: new patch, based on the patch by Simon 
+    McVittie for the lenny Branch. Specify permissions with 
+    send_destination instead of send_interface. Makes backends work with 
+    the dbus packages fixing CVE-2008-4311. Closes: #510744.
+
+ -- Josselin Mouette <joss at debian.org>  Wed, 11 Mar 2009 21:37:45 +0100
+
 system-tools-backends (2.6.0-3) experimental; urgency=low
 
   [ Loic Minier ]

Copied: desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch (from r18894, desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch)
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch?rev=18961&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch (original)
+++ desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch Wed Mar 11 20:39:34 2009
@@ -1,33 +1,38 @@
-commit fd648907e46017d46c367f59c62d0b0395830903
-Author: Simon McVittie <http://smcv.pseudorandom.co.uk/>
-Date:   2009-01-04 19:35:51 +0000
+Allow root to send messages to all the system tools backends, so they 
+work even when CVE-2008-4311 has been fixed.
+    
+Also disallow normal user access by destination, not by interface (fd.o 
+#18961).
 
-    Allow root to send messages to all the system tools backends, so they work even when CVE-2008-4311 has been fixed.
-    
-    Also disallow normal user access by destination, not by interface (fd.o #18961).
+Original patch by Simon McVittie, updated for the PolicyKit version by 
+Josselin Mouette with advice from Colin Walters.
 
-diff --git a/system-tools-backends.conf b/system-tools-backends.conf
-index 00d6d58..537ef73 100644
---- a/system-tools-backends.conf
-+++ b/system-tools-backends.conf
-@@ -23,8 +23,8 @@
+Index: system-tools-backends-2.6.0/system-tools-backends.conf
+===================================================================
+--- system-tools-backends-2.6.0.orig/system-tools-backends.conf	2009-03-11 20:34:56.808949291 +0100
++++ system-tools-backends-2.6.0/system-tools-backends.conf	2009-03-11 21:36:07.512895323 +0100
+@@ -22,12 +22,8 @@
+     <allow send_interface="org.freedesktop.SystemToolsBackends.Platform" send_member="getPlatform"/>
      -->
  
-     <!-- configuration modules can't be accessed directly... -->
+-    <!-- configuration modules can't be accessed directly... -->
 -    <deny send_interface="org.freedesktop.SystemToolsBackends"/>
 -    <deny send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
-+    <deny send_destination="org.freedesktop.SystemToolsBackends"/>
-+    <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
-     <deny send_destination="org.freedesktop.SystemToolsBackends"/>
+-
+-    <!-- ...so petitions go through the dispatcher instead -->
+-    <allow send_destination="org.freedesktop.SystemToolsBackends"/>
++    <!-- Only allow talking to the dispatcher -->
++    <allow send_destination="org.freedesktop.SystemToolsBackends" send_interface="org.freedesktop.SystemToolsBackends"/>
    </policy>
  
-@@ -47,9 +47,18 @@
+   <policy user="0">
+@@ -49,7 +45,17 @@
  
      <!-- be able to speak to configuration modules,
           so any message to them has to go through the dispatcher -->
 -    <allow send_interface="org.freedesktop.SystemToolsBackends"/>
 -    <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
-     <allow send_destination="org.freedesktop.SystemToolsBackends"/>
++    <allow send_destination="org.freedesktop.SystemToolsBackends"/>
 +    <allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
 +    <allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/>
 +    <allow send_destination="org.freedesktop.SystemToolsBackends.HostsConfig"/>
@@ -40,5 +45,4 @@
 +    <allow send_destination="org.freedesktop.SystemToolsBackends.UserConfig"/>
 +    <allow send_destination="org.freedesktop.SystemToolsBackends.UsersConfig"/>
    </policy>
-   <policy group="stb-admin">
-     <!-- be able to speak to the dispatcher -->
+ </busconfig>

Propchange: desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch
------------------------------------------------------------------------------
    svn:mergeinfo = 

Modified: desktop/experimental/system-tools-backends/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/system-tools-backends/debian/patches/series?rev=18961&op=diff
==============================================================================
--- desktop/experimental/system-tools-backends/debian/patches/series (original)
+++ desktop/experimental/system-tools-backends/debian/patches/series Wed Mar 11 20:39:34 2009
@@ -1,5 +1,6 @@
 01_debian_4.0.patch
 02ubuntu_chmod_network_interfaces_when_using_key.patch
 04_correct_perl_command.patch
+05_cve_2008_4311.patch
 07_dont_symlink_localtime.patch
 60_fix-permissions-of-pid-file.patch

More information about the pkg-gnome-commits mailing list