[Pkg-utopia-commits] r2706 - in /packages/unstable/hal/debian: ./ patches/
sjoerd at users.alioth.debian.org
sjoerd at users.alioth.debian.org
Wed Jan 7 00:01:27 UTC 2009
Author: sjoerd
Date: Wed Jan 7 00:01:26 2009
New Revision: 2706
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2706
Log:
* debian/pacthes/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch
- Added. Add send_destination to all rules using send_interface in the
D-Bus config
* debian/pacthes/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch
- Added. Always allow D-Bus introspection
* debian/pacthes/73-Let-root-call-any-hal-method.patch
- Added. Allow the root user to use any HAL method. Needed to make
NetworkManager and powersaved work properly.
* debian/pacthes/74-powerdev.patch
- Added. Allow users in the powerdev group to clal methods on the CPUFreq,
WakeOnLan and Dockstation interface
* Thanks to Simon McVittie for preparing and testing the patches
Added:
packages/unstable/hal/debian/patches/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch
packages/unstable/hal/debian/patches/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch
packages/unstable/hal/debian/patches/73-Let-root-call-any-hal-method.patch
packages/unstable/hal/debian/patches/74-powerdev.patch
Modified:
packages/unstable/hal/debian/changelog
Modified: packages/unstable/hal/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/changelog?rev=2706&op=diff
==============================================================================
--- packages/unstable/hal/debian/changelog (original)
+++ packages/unstable/hal/debian/changelog Wed Jan 7 00:01:26 2009
@@ -1,3 +1,20 @@
+hal (0.5.11-7) UNRELEASED; urgency=low
+
+ * debian/pacthes/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch
+ - Added. Add send_destination to all rules using send_interface in the
+ D-Bus config
+ * debian/pacthes/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch
+ - Added. Always allow D-Bus introspection
+ * debian/pacthes/73-Let-root-call-any-hal-method.patch
+ - Added. Allow the root user to use any HAL method. Needed to make
+ NetworkManager and powersaved work properly.
+ * debian/pacthes/74-powerdev.patch
+ - Added. Allow users in the powerdev group to clal methods on the CPUFreq,
+ WakeOnLan and Dockstation interface
+ * Thanks to Simon McVittie for preparing and testing the patches
+
+ -- Sjoerd Simons <sjoerd at debian.org> Tue, 06 Jan 2009 23:55:01 +0000
+
hal (0.5.11-6) unstable; urgency=low
* debian/patches/56_revert_ntfs_locale_mount_option.patch
Added: packages/unstable/hal/debian/patches/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/patches/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch?rev=2706&op=file
==============================================================================
--- packages/unstable/hal/debian/patches/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch (added)
+++ packages/unstable/hal/debian/patches/71-hal.conf.in-qualify-all-send_interface-.-with-s.patch Wed Jan 7 00:01:26 2009
@@ -1,0 +1,129 @@
+From 38d3d2276ad6cc99819595dc0bb3948dbb048313 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv at debian.org>
+Date: Sun, 4 Jan 2009 17:47:29 +0000
+Subject: [PATCH] hal.conf.in: qualify all send_interface="..." with send_destination="...Hal"
+
+D-Bus tracking bug for non-deterministic allow/deny for messages with no
+interface: http://bugs.freedesktop.org/show_bug.cgi?id=18961
+---
+ hal.conf.in | 78 +++++++++++++++++++++++++++++++++++++++-------------------
+ 1 files changed, 52 insertions(+), 26 deletions(-)
+
+diff --git a/hal.conf.in b/hal.conf.in
+index 90590a7..ebef3fe 100644
+--- a/hal.conf.in
++++ b/hal.conf.in
+@@ -16,17 +16,23 @@
+
+ <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->
+ <policy context="default">
+- <allow send_interface="org.freedesktop.Hal.Manager"/>
+- <allow send_interface="org.freedesktop.Hal.Device"/>
++ <allow send_interface="org.freedesktop.Hal.Manager"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device"
++ send_destination="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Manager"
+ receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device"
+ receive_sender="org.freedesktop.Hal"/>
+
+- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+- <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
++ <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.Volume"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"
++ send_destination="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
+ receive_sender="org.freedesktop.Hal"/>
+ <allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
+@@ -40,40 +46,60 @@
+ <!-- Default policy for the exported interfaces; if PolicyKit is not used
+ for access control you will need to modify this -->
+ <policy context="default">
+- <deny send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+- <deny send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
+- <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+- <deny send_interface="org.freedesktop.Hal.Device.Volume"/>
+- <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
++ <deny send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
++ send_destination="org.freedesktop.Hal"/>
++ <deny send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
++ send_destination="org.freedesktop.Hal"/>
++ <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"
++ send_destination="org.freedesktop.Hal"/>
++ <deny send_interface="org.freedesktop.Hal.Device.Volume"
++ send_destination="org.freedesktop.Hal"/>
++ <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"
++ send_destination="org.freedesktop.Hal"/>
+ </policy>
+
+ <!-- This will not work if consolekit is not enabled -->
+ <policy at_console="true">
+- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+- <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
+- <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
++ <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.Volume"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"
++ send_destination="org.freedesktop.Hal"/>
+ </policy>
+
+ <!-- Debian groups policies -->
+ <policy group="powerdev">
+- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+- <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
+- <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
++ <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
++ send_destination="org.freedesktop.Hal"/>
+ </policy>
+ <policy group="plugdev">
+- <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
++ <allow send_interface="org.freedesktop.Hal.Device.Volume"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"
++ send_destination="org.freedesktop.Hal"/>
+ </policy>
+
+ <!-- You can change this to a more suitable user, or make per-group -->
+ <policy user="root">
+- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
+- <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
+- <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
++ <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.Volume"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"
++ send_destination="org.freedesktop.Hal"/>
+ </policy>
+
+ </busconfig>
+--
+1.5.6.5
+
Added: packages/unstable/hal/debian/patches/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/patches/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch?rev=2706&op=file
==============================================================================
--- packages/unstable/hal/debian/patches/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch (added)
+++ packages/unstable/hal/debian/patches/72-Allow-anyone-to-introspect-the-hal-daemon-even-with.patch Wed Jan 7 00:01:26 2009
@@ -1,0 +1,27 @@
+From de7455197130955d8d58e1127f06412aaaaf3c7b Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv at debian.org>
+Date: Sun, 4 Jan 2009 17:50:48 +0000
+Subject: [PATCH] Allow anyone to introspect the hal daemon, even with CVE-2008-4311 fixed
+
+Part of Colin's patch from
+<https://bugs.freedesktop.org/attachment.cgi?id=21326>
+---
+ hal.conf.in | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/hal.conf.in b/hal.conf.in
+index ebef3fe..cf2bcb5 100644
+--- a/hal.conf.in
++++ b/hal.conf.in
+@@ -16,6 +16,8 @@
+
+ <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->
+ <policy context="default">
++ <allow send_interface="org.freedesktop.DBus.Introspectable"
++ send_destination="org.freedesktop.Hal"/>
+ <allow send_interface="org.freedesktop.Hal.Manager"
+ send_destination="org.freedesktop.Hal"/>
+ <allow send_interface="org.freedesktop.Hal.Device"
+--
+1.5.6.5
+
Added: packages/unstable/hal/debian/patches/73-Let-root-call-any-hal-method.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/patches/73-Let-root-call-any-hal-method.patch?rev=2706&op=file
==============================================================================
--- packages/unstable/hal/debian/patches/73-Let-root-call-any-hal-method.patch (added)
+++ packages/unstable/hal/debian/patches/73-Let-root-call-any-hal-method.patch Wed Jan 7 00:01:26 2009
@@ -1,0 +1,43 @@
+From b95b7e53f9d8f6014ceba9e2ebecb9a306cd1a4c Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv at debian.org>
+Date: Sun, 4 Jan 2009 17:53:27 +0000
+Subject: [PATCH] Let root call any hal method
+
+This matches reasonable expectations about root, and allows (for
+instance) NetworkManager to access the KillSwitch interface and
+powersaved to access the CPUFreq interface.
+---
+ hal.conf.in | 16 +++++-----------
+ 1 files changed, 5 insertions(+), 11 deletions(-)
+
+diff --git a/hal.conf.in b/hal.conf.in
+index cf2bcb5..8fc21c2 100644
+--- a/hal.conf.in
++++ b/hal.conf.in
+@@ -90,18 +90,12 @@
+ send_destination="org.freedesktop.Hal"/>
+ </policy>
+
+- <!-- You can change this to a more suitable user, or make per-group -->
++ <!-- Allow root to call any method, for instance:
++ * NetworkManager access to KillSwitch interface
++ * powersaved access to CPUFreq interface
++ -->
+ <policy user="root">
+- <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
+- send_destination="org.freedesktop.Hal"/>
+- <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"
+- send_destination="org.freedesktop.Hal"/>
+- <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
+- send_destination="org.freedesktop.Hal"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume"
+- send_destination="org.freedesktop.Hal"/>
+- <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"
+- send_destination="org.freedesktop.Hal"/>
++ <allow send_destination="org.freedesktop.Hal"/>
+ </policy>
+
+ </busconfig>
+--
+1.5.6.5
+
Added: packages/unstable/hal/debian/patches/74-powerdev.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/hal/debian/patches/74-powerdev.patch?rev=2706&op=file
==============================================================================
--- packages/unstable/hal/debian/patches/74-powerdev.patch (added)
+++ packages/unstable/hal/debian/patches/74-powerdev.patch Wed Jan 7 00:01:26 2009
@@ -1,0 +1,26 @@
+commit f16e4f82f33a759583622bf7aafb36828027c3ac
+Author: Simon McVittie <smcv at debian.org>
+Date: 2009-01-04 20:10:44 +0000
+
+ hal.conf.in: allow powerdev group to modify cpufreq, and use the DockingStation and WakeOnLan interfaces
+
+ The first is needed for gnome-power-manager, and the others seem
+ reasonably in-scope for powerdev.
+
+diff --git a/hal.conf.in b/hal.conf.in
+index 8fc21c2..7692587 100644
+--- a/hal.conf.in
++++ b/hal.conf.in
+@@ -82,6 +82,12 @@
+ send_destination="org.freedesktop.Hal"/>
+ <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"
+ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.CPUFreq"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.WakeOnLan"
++ send_destination="org.freedesktop.Hal"/>
++ <allow send_interface="org.freedesktop.Hal.Device.DockStation"
++ send_destination="org.freedesktop.Hal"/>
+ </policy>
+ <policy group="plugdev">
+ <allow send_interface="org.freedesktop.Hal.Device.Volume"
More information about the Pkg-utopia-commits
mailing list