[Pkg-utopia-commits] r2703 - in /packages/unstable/consolekit/debian: changelog patches/05-dbus_policy.patch
smcv at users.alioth.debian.org
smcv at users.alioth.debian.org
Tue Jan 6 02:44:46 UTC 2009
Author: smcv
Date: Tue Jan 6 02:44:44 2009
New Revision: 2703
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2703
Log:
* debian/patches/05-dbus_policy.patch: patch from
Colin Walters so ConsoleKit introspection and SetIdleHint still work
after CVE-2008-4311 is fixed in dbus-daemon. (Closes: #510645)
* Urgency high for bugfix that blocks CVE-2008-4311 upload.
Added:
packages/unstable/consolekit/debian/patches/05-dbus_policy.patch
Modified:
packages/unstable/consolekit/debian/changelog
Modified: packages/unstable/consolekit/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/consolekit/debian/changelog?rev=2703&op=diff
==============================================================================
--- packages/unstable/consolekit/debian/changelog (original)
+++ packages/unstable/consolekit/debian/changelog Tue Jan 6 02:44:44 2009
@@ -1,7 +1,14 @@
-consolekit (0.2.10-4) UNRELEASED; urgency=low
+consolekit (0.2.10-4) UNRELEASED; urgency=high
+ [ Michael Biebl ]
* debian/watch
- Check for both .gz and .bz2 tarballs.
+
+ [ Simon McVittie ]
+ * debian/patches/05-dbus_policy.patch: patch from
+ Colin Walters so ConsoleKit introspection and SetIdleHint still work
+ after CVE-2008-4311 is fixed in dbus-daemon. (Closes: #510645)
+ * Urgency high for bugfix that blocks CVE-2008-4311 upload.
-- Michael Biebl <biebl at debian.org> Fri, 05 Dec 2008 01:47:19 +0100
Added: packages/unstable/consolekit/debian/patches/05-dbus_policy.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/consolekit/debian/patches/05-dbus_policy.patch?rev=2703&op=file
==============================================================================
--- packages/unstable/consolekit/debian/patches/05-dbus_policy.patch (added)
+++ packages/unstable/consolekit/debian/patches/05-dbus_policy.patch Tue Jan 6 02:44:44 2009
@@ -1,0 +1,187 @@
+Patch from Colin Walters for http://bugs.freedesktop.org/show_bug.cgi?id=19020.
+
+He writes:
+> This patch is relatively conservative; it adds send_destination= to all the
+> rules (as is very important, see
+> https://bugs.freedesktop.org/show_bug.cgi?id=18961).
+>
+> It also adds SetIdleHint into the default allow. From the source it looks that
+> that method implementation checks the caller.
+>
+> Please review.
+>
+> Also an open question - do all the methods verify their caller? In that case
+> the policy file can be *much* simpler; see:
+> http://lists.freedesktop.org/archives/dbus/2008-December/010717.html
+
+--- data/ConsoleKit.conf 2008-04-19 01:39:49.000000000 -0400
++++ /home/walters/ConsoleKit.conf.in 2008-12-11 14:05:46.000000000 -0500
+@@ -8,88 +8,128 @@
+ <allow own="org.freedesktop.ConsoleKit"/>
+
+ <!-- Allow all methods on interfaces -->
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Seat"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"/>
++ <allow send_destination="org.freedesktop.ConsoleKit"/>
+ </policy>
+
+ <!-- Deny all and then allow some methods on interfaces -->
+ <policy context="default">
+- <deny send_interface="org.freedesktop.ConsoleKit.Manager"/>
+- <deny send_interface="org.freedesktop.ConsoleKit.Seat"/>
+- <deny send_interface="org.freedesktop.ConsoleKit.Session"/>
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.DBus.Introspectable"/>
++ <deny send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"/>
++ <deny send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Seat"/>
++ <deny send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"/>
+ <deny send_destination="org.freedesktop.ConsoleKit"
+ send_interface="org.freedesktop.DBus.Properties" />
+
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="Restart"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="Stop"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="OpenSession"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="CloseSession"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetSeats"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetSessionForCookie"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetSessionForUnixProcess"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetCurrentSession"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetSessionsForUnixUser"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetSessionsForUser"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetSystemIdleHint"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetSystemIdleSinceHint"/>
+
+- <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Seat"
+ send_member="GetId"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Seat"
+ send_member="GetSessions"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Seat"
+ send_member="GetDevices"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Seat"
+ send_member="GetActiveSession"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Seat"
+ send_member="CanActivateSessions"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Seat"
+ send_member="ActivateSession"/>
+
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetId"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetSeatId"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetLoginSessionId"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetSessionType"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetUser"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetUnixUser"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetX11Display"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetX11DisplayDevice"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetDisplayDevice"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetRemoteHostName"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="IsActive"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="IsLocal"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetCreationTime"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="Activate"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetIdleHint"/>
+- <allow send_interface="org.freedesktop.ConsoleKit.Session"
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
++ send_member="SetIdleHint"/>
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Session"
+ send_member="GetIdleSinceHint"/>
+ </policy>
+
More information about the Pkg-utopia-commits
mailing list