[Pkg-utopia-commits] r2472 - in /packages/etch/dbus/debian: changelog patches/CVE-2008-0595.patch
biebl at users.alioth.debian.org
biebl at users.alioth.debian.org
Thu Oct 23 22:50:51 UTC 2008
Author: biebl
Date: Thu Oct 23 22:50:50 2008
New Revision: 2472
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2472
Log:
Import security update by Moritz Muehlenhoff which fixes CVE-2008-0595
Added:
packages/etch/dbus/debian/patches/CVE-2008-0595.patch
Modified:
packages/etch/dbus/debian/changelog
Modified: packages/etch/dbus/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/dbus/debian/changelog?rev=2472&op=diff
==============================================================================
--- packages/etch/dbus/debian/changelog (original)
+++ packages/etch/dbus/debian/changelog Thu Oct 23 22:50:50 2008
@@ -1,3 +1,9 @@
+dbus (1.0.2-1+etch1) stable-security; urgency=high
+
+ * Fix CVE-2008-0595
+
+ -- Moritz Muehlenhoff <jmm at debian.org> Sun, 22 Jun 2008 08:05:45 +0000
+
dbus (1.0.2-1) unstable; urgency=high
* New upstream release:
Added: packages/etch/dbus/debian/patches/CVE-2008-0595.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/dbus/debian/patches/CVE-2008-0595.patch?rev=2472&op=file
==============================================================================
--- packages/etch/dbus/debian/patches/CVE-2008-0595.patch (added)
+++ packages/etch/dbus/debian/patches/CVE-2008-0595.patch Thu Oct 23 22:50:50 2008
@@ -1,0 +1,50 @@
+diff --git a/bus/policy.c b/bus/policy.c
+index 383b2b1..caa544e 100644
+--- a/bus/policy.c
++++ dbus-1.0.2/bus/policy.c
+@@ -942,9 +942,19 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
+
+ if (rule->d.send.interface != NULL)
+ {
+- if (dbus_message_get_interface (message) != NULL &&
+- strcmp (dbus_message_get_interface (message),
+- rule->d.send.interface) != 0)
++ /* The interface is optional in messages. For allow rules, if the message
++ * has no interface we want to skip the rule (and thus not allow);
++ * for deny rules, if the message has no interface we want to use the
++ * rule (and thus deny).
++ */
++ dbus_bool_t no_interface;
++
++ no_interface = dbus_message_get_interface (message) == NULL;
++
++ if ((no_interface && rule->allow) ||
++ (!no_interface &&
++ strcmp (dbus_message_get_interface (message),
++ rule->d.send.interface) != 0))
+ {
+ _dbus_verbose (" (policy) skipping rule for different interface\n");
+ continue;
+@@ -1128,9 +1138,19 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
+
+ if (rule->d.receive.interface != NULL)
+ {
+- if (dbus_message_get_interface (message) != NULL &&
+- strcmp (dbus_message_get_interface (message),
+- rule->d.receive.interface) != 0)
++ /* The interface is optional in messages. For allow rules, if the message
++ * has no interface we want to skip the rule (and thus not allow);
++ * for deny rules, if the message has no interface we want to use the
++ * rule (and thus deny).
++ */
++ dbus_bool_t no_interface;
++
++ no_interface = dbus_message_get_interface (message) == NULL;
++
++ if ((no_interface && rule->allow) ||
++ (!no_interface &&
++ strcmp (dbus_message_get_interface (message),
++ rule->d.receive.interface) != 0))
+ {
+ _dbus_verbose (" (policy) skipping rule for different interface\n");
+ continue;
More information about the Pkg-utopia-commits
mailing list