r18961 - in /desktop/experimental/system-tools-backends/debian: changelog patches/05_cve_2008_4311.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Wed Mar 11 20:39:35 UTC 2009
Author: joss
Date: Wed Mar 11 20:39:34 2009
New Revision: 18961
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=18961
Log:
05_cve_2008_4311.patch: new patch, based on the patch by Simon
McVittie for the lenny Branch. Specify permissions with
send_destination instead of send_interface. Makes backends work with
the dbus packages fixing CVE-2008-4311. Closes: #510744.
Added:
desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch (contents, props changed)
- copied, changed from r18894, desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch
Modified:
desktop/experimental/system-tools-backends/debian/changelog
desktop/experimental/system-tools-backends/debian/patches/series
Modified: desktop/experimental/system-tools-backends/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/system-tools-backends/debian/changelog?rev=18961&op=diff
==============================================================================
--- desktop/experimental/system-tools-backends/debian/changelog (original)
+++ desktop/experimental/system-tools-backends/debian/changelog Wed Mar 11 20:39:34 2009
@@ -1,3 +1,12 @@
+system-tools-backends (2.6.0-4) UNRELEASED; urgency=low
+
+ * 05_cve_2008_4311.patch: new patch, based on the patch by Simon
+ McVittie for the lenny Branch. Specify permissions with
+ send_destination instead of send_interface. Makes backends work with
+ the dbus packages fixing CVE-2008-4311. Closes: #510744.
+
+ -- Josselin Mouette <joss at debian.org> Wed, 11 Mar 2009 21:37:45 +0100
+
system-tools-backends (2.6.0-3) experimental; urgency=low
[ Loic Minier ]
Copied: desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch (from r18894, desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch)
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch?rev=18961&op=diff
==============================================================================
--- desktop/unstable/system-tools-backends/debian/patches/05_cve_2008_4311.patch (original)
+++ desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch Wed Mar 11 20:39:34 2009
@@ -1,33 +1,38 @@
-commit fd648907e46017d46c367f59c62d0b0395830903
-Author: Simon McVittie <http://smcv.pseudorandom.co.uk/>
-Date: 2009-01-04 19:35:51 +0000
+Allow root to send messages to all the system tools backends, so they
+work even when CVE-2008-4311 has been fixed.
+
+Also disallow normal user access by destination, not by interface (fd.o
+#18961).
- Allow root to send messages to all the system tools backends, so they work even when CVE-2008-4311 has been fixed.
-
- Also disallow normal user access by destination, not by interface (fd.o #18961).
+Original patch by Simon McVittie, updated for the PolicyKit version by
+Josselin Mouette with advice from Colin Walters.
-diff --git a/system-tools-backends.conf b/system-tools-backends.conf
-index 00d6d58..537ef73 100644
---- a/system-tools-backends.conf
-+++ b/system-tools-backends.conf
-@@ -23,8 +23,8 @@
+Index: system-tools-backends-2.6.0/system-tools-backends.conf
+===================================================================
+--- system-tools-backends-2.6.0.orig/system-tools-backends.conf 2009-03-11 20:34:56.808949291 +0100
++++ system-tools-backends-2.6.0/system-tools-backends.conf 2009-03-11 21:36:07.512895323 +0100
+@@ -22,12 +22,8 @@
+ <allow send_interface="org.freedesktop.SystemToolsBackends.Platform" send_member="getPlatform"/>
-->
- <!-- configuration modules can't be accessed directly... -->
+- <!-- configuration modules can't be accessed directly... -->
- <deny send_interface="org.freedesktop.SystemToolsBackends"/>
- <deny send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
-+ <deny send_destination="org.freedesktop.SystemToolsBackends"/>
-+ <deny send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
- <deny send_destination="org.freedesktop.SystemToolsBackends"/>
+-
+- <!-- ...so petitions go through the dispatcher instead -->
+- <allow send_destination="org.freedesktop.SystemToolsBackends"/>
++ <!-- Only allow talking to the dispatcher -->
++ <allow send_destination="org.freedesktop.SystemToolsBackends" send_interface="org.freedesktop.SystemToolsBackends"/>
</policy>
-@@ -47,9 +47,18 @@
+ <policy user="0">
+@@ -49,7 +45,17 @@
<!-- be able to speak to configuration modules,
so any message to them has to go through the dispatcher -->
- <allow send_interface="org.freedesktop.SystemToolsBackends"/>
- <allow send_interface="org.freedesktop.SystemToolsBackends.Platform"/>
- <allow send_destination="org.freedesktop.SystemToolsBackends"/>
++ <allow send_destination="org.freedesktop.SystemToolsBackends"/>
+ <allow send_destination="org.freedesktop.SystemToolsBackends.Platform"/>
+ <allow send_destination="org.freedesktop.SystemToolsBackends.GroupsConfig"/>
+ <allow send_destination="org.freedesktop.SystemToolsBackends.HostsConfig"/>
@@ -40,5 +45,4 @@
+ <allow send_destination="org.freedesktop.SystemToolsBackends.UserConfig"/>
+ <allow send_destination="org.freedesktop.SystemToolsBackends.UsersConfig"/>
</policy>
- <policy group="stb-admin">
- <!-- be able to speak to the dispatcher -->
+ </busconfig>
Propchange: desktop/experimental/system-tools-backends/debian/patches/05_cve_2008_4311.patch
------------------------------------------------------------------------------
svn:mergeinfo =
Modified: desktop/experimental/system-tools-backends/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/experimental/system-tools-backends/debian/patches/series?rev=18961&op=diff
==============================================================================
--- desktop/experimental/system-tools-backends/debian/patches/series (original)
+++ desktop/experimental/system-tools-backends/debian/patches/series Wed Mar 11 20:39:34 2009
@@ -1,5 +1,6 @@
01_debian_4.0.patch
02ubuntu_chmod_network_interfaces_when_using_key.patch
04_correct_perl_command.patch
+05_cve_2008_4311.patch
07_dont_symlink_localtime.patch
60_fix-permissions-of-pid-file.patch
More information about the pkg-gnome-commits
mailing list