[Pkg-utopia-commits] r3434 - in /packages/unstable/network-manager-applet/debian: changelog patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch patches/series
biebl at users.alioth.debian.org
biebl at users.alioth.debian.org
Sat Jan 23 01:29:12 UTC 2010
Author: biebl
Date: Sat Jan 23 01:29:12 2010
New Revision: 3434
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=3434
Log:
* debian/patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch
- Fix potential leakage of secrets onto the system bus. (Closes: #563371)
Patch backported from upstream Git.
Fixes: CVE-2009-4145
Added:
packages/unstable/network-manager-applet/debian/patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch
Modified:
packages/unstable/network-manager-applet/debian/changelog
packages/unstable/network-manager-applet/debian/patches/series
Modified: packages/unstable/network-manager-applet/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/network-manager-applet/debian/changelog?rev=3434&op=diff
==============================================================================
--- packages/unstable/network-manager-applet/debian/changelog (original)
+++ packages/unstable/network-manager-applet/debian/changelog Sat Jan 23 01:29:12 2010
@@ -3,6 +3,10 @@
* debian/control
- Bump Build-Depends on libdbus-glib-1-dev to (>= 0.74).
- Bump Build-Depends on libgtk2.0-dev to (>= 2.14).
+ * debian/patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch
+ - Fix potential leakage of secrets onto the system bus. (Closes: #563371)
+ Patch backported from upstream Git.
+ Fixes: CVE-2009-4145
-- Michael Biebl <biebl at debian.org> Fri, 22 Jan 2010 23:33:06 +0100
Added: packages/unstable/network-manager-applet/debian/patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/network-manager-applet/debian/patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch?rev=3434&op=file
==============================================================================
--- packages/unstable/network-manager-applet/debian/patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch (added)
+++ packages/unstable/network-manager-applet/debian/patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch Sat Jan 23 01:29:12 2010
@@ -1,0 +1,234 @@
+From 319ded688b630731f1a17395023a175c23a662c3 Mon Sep 17 00:00:00 2001
+From: Michael Biebl <biebl at debian.org>
+Date: Sat, 23 Jan 2010 02:17:55 +0100
+Subject: [PATCH 1/2] editor: prevent any registration of objects on the system bus
+
+D-Bus access-control is name-based; so requests for a specific name
+are allowed/denied based on the rules in /etc/dbus-1/system.d. But
+apparently apps still get a non-named service on the bus, and if we
+register *any* object even though we don't have a named service,
+dbus and dbus-glib will happily proxy signals. Since the connection
+editor shouldn't ever expose anything having to do with connections
+on any bus, make sure that's the case.
+
+applet: fix dbus connection refcounting after 8627880e07c8345f69ed639325280c7f62a8f894
+
+core: ensure user connection scope after 8627880e07c8345f69ed639325280c7f62a8f894
+
+Previously the scope would only have been set when the connection was exported
+but since the connection editor shouldn't ever export connections, the scope
+has to be set manually. Without this fix the editor will be confused as to
+the scope of connections and will try to add a connection instead of updating
+it.
+---
+ src/applet.c | 6 +---
+ src/connection-editor/nm-connection-list.c | 2 +-
+ src/gconf-helpers/nma-gconf-connection.c | 18 +++-------
+ src/gconf-helpers/nma-gconf-settings.c | 54 +++++++++++++++++++++------
+ src/gconf-helpers/nma-gconf-settings.h | 2 +-
+ 5 files changed, 50 insertions(+), 32 deletions(-)
+
+diff --git a/src/applet.c b/src/applet.c
+index a149f1c..ecb220b 100644
+--- a/src/applet.c
++++ b/src/applet.c
+@@ -2665,15 +2665,11 @@ constructor (GType type,
+
+ applet->dbus_settings = (NMDBusSettings *) nm_dbus_settings_system_new (applet_dbus_manager_get_connection (dbus_mgr));
+
+- applet->gconf_settings = nma_gconf_settings_new ();
++ applet->gconf_settings = nma_gconf_settings_new (applet_dbus_manager_get_connection (dbus_mgr));
+ g_signal_connect (applet->gconf_settings, "new-secrets-requested",
+ G_CALLBACK (applet_settings_new_secrets_requested_cb),
+ applet);
+
+- dbus_g_connection_register_g_object (applet_dbus_manager_get_connection (dbus_mgr),
+- NM_DBUS_PATH_SETTINGS,
+- G_OBJECT (applet->gconf_settings));
+-
+ /* Start our DBus service */
+ if (!applet_dbus_manager_start_service (dbus_mgr)) {
+ g_object_unref (applet);
+diff --git a/src/connection-editor/nm-connection-list.c b/src/connection-editor/nm-connection-list.c
+index cd3b252..cd4b375 100644
+--- a/src/connection-editor/nm-connection-list.c
++++ b/src/connection-editor/nm-connection-list.c
+@@ -1781,7 +1781,7 @@ nm_connection_list_new (GType def_type)
+ G_CALLBACK (connection_added),
+ list);
+
+- list->gconf_settings = nma_gconf_settings_new ();
++ list->gconf_settings = nma_gconf_settings_new (NULL);
+ g_signal_connect (list->gconf_settings, "new-connection",
+ G_CALLBACK (connection_added),
+ list);
+diff --git a/src/gconf-helpers/nma-gconf-connection.c b/src/gconf-helpers/nma-gconf-connection.c
+index 504595f..a5b65c2 100644
+--- a/src/gconf-helpers/nma-gconf-connection.c
++++ b/src/gconf-helpers/nma-gconf-connection.c
+@@ -91,6 +91,11 @@ nma_gconf_connection_new_from_connection (GConfClient *client,
+ g_return_val_if_fail (conf_dir != NULL, NULL);
+ g_return_val_if_fail (NM_IS_CONNECTION (connection), NULL);
+
++ /* Ensure the connection is user-scope since only user-scope connections
++ * will be wrapped by an NMAGConfConnection.
++ */
++ nm_connection_set_scope (connection, NM_CONNECTION_SCOPE_USER);
++
+ return (NMAGConfConnection *) g_object_new (NMA_TYPE_GCONF_CONNECTION,
+ NMA_GCONF_CONNECTION_CLIENT, client,
+ NMA_GCONF_CONNECTION_DIR, conf_dir,
+@@ -490,7 +495,6 @@ constructor (GType type,
+ GObject *object;
+ NMAGConfConnectionPrivate *priv;
+ NMConnection *connection;
+- DBusGConnection *bus;
+ GError *error = NULL;
+
+ object = G_OBJECT_CLASS (nma_gconf_connection_parent_class)->constructor (type, n_construct_params, construct_params);
+@@ -525,18 +529,6 @@ constructor (GType type,
+
+ fill_vpn_user_name (connection);
+
+- bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
+- if (!bus) {
+- nm_warning ("Could not get the system bus: %s", error->message);
+- g_error_free (error);
+- goto err;
+- }
+-
+- nm_exported_connection_register_object (NM_EXPORTED_CONNECTION (object),
+- NM_CONNECTION_SCOPE_USER,
+- bus);
+- dbus_g_connection_unref (bus);
+-
+ return object;
+
+ err:
+diff --git a/src/gconf-helpers/nma-gconf-settings.c b/src/gconf-helpers/nma-gconf-settings.c
+index 895cf59..344b92b 100644
+--- a/src/gconf-helpers/nma-gconf-settings.c
++++ b/src/gconf-helpers/nma-gconf-settings.c
+@@ -24,6 +24,7 @@
+ #include "gconf-helpers.h"
+ #include "nma-marshal.h"
+ #include "nm-utils.h"
++#include <NetworkManager.h>
+
+ G_DEFINE_TYPE (NMAGConfSettings, nma_gconf_settings, NM_TYPE_SETTINGS)
+
+@@ -36,6 +37,8 @@ typedef struct {
+ guint read_connections_id;
+ GHashTable *pending_changes;
+
++ DBusGConnection *bus;
++
+ gboolean disposed;
+ } NMAGConfSettingsPrivate;
+
+@@ -49,9 +52,22 @@ static guint signals[LAST_SIGNAL] = { 0 };
+
+
+ NMAGConfSettings *
+-nma_gconf_settings_new (void)
++nma_gconf_settings_new (DBusGConnection *bus)
+ {
+- return (NMAGConfSettings *) g_object_new (NMA_TYPE_GCONF_SETTINGS, NULL);
++ NMAGConfSettings *self;
++ NMAGConfSettingsPrivate *priv;
++
++ self = (NMAGConfSettings *) g_object_new (NMA_TYPE_GCONF_SETTINGS, NULL);
++ if (!self)
++ return NULL;
++
++ priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self);
++ if (bus) {
++ priv->bus = dbus_g_connection_ref (bus);
++ dbus_g_connection_register_g_object (bus, NM_DBUS_PATH_SETTINGS, G_OBJECT (self));
++ }
++
++ return self;
+ }
+
+ static void
+@@ -91,16 +107,23 @@ add_connection_real (NMAGConfSettings *self, NMAGConfConnection *connection)
+ {
+ NMAGConfSettingsPrivate *priv = NMA_GCONF_SETTINGS_GET_PRIVATE (self);
+
+- if (connection) {
+- priv->connections = g_slist_prepend (priv->connections, connection);
+- g_signal_connect (connection, "new-secrets-requested",
+- G_CALLBACK (connection_new_secrets_requested_cb),
+- self);
++ g_return_if_fail (connection != NULL);
++
++ priv->connections = g_slist_prepend (priv->connections, connection);
++ g_signal_connect (connection, "new-secrets-requested",
++ G_CALLBACK (connection_new_secrets_requested_cb),
++ self);
+
+- g_signal_connect (connection, "removed", G_CALLBACK (connection_removed), self);
+- nm_settings_signal_new_connection (NM_SETTINGS (self),
+- NM_EXPORTED_CONNECTION (connection));
++ g_signal_connect (connection, "removed", G_CALLBACK (connection_removed), self);
++
++ /* Export the connection over dbus if requested */
++ if (priv->bus) {
++ nm_exported_connection_register_object (NM_EXPORTED_CONNECTION (connection),
++ NM_CONNECTION_SCOPE_USER,
++ priv->bus);
+ }
++
++ nm_settings_signal_new_connection (NM_SETTINGS (self), NM_EXPORTED_CONNECTION (connection));
+ }
+
+ NMAGConfConnection *
+@@ -231,8 +254,11 @@ read_connections (NMAGConfSettings *settings)
+
+ for (iter = dir_list; iter; iter = iter->next) {
+ char *dir = (char *) iter->data;
++ NMAGConfConnection *connection;
+
+- add_connection_real (settings, nma_gconf_connection_new (priv->client, dir));
++ connection = nma_gconf_connection_new (priv->client, dir);
++ if (connection)
++ add_connection_real (settings, connection);
+ g_free (dir);
+ }
+
+@@ -289,7 +315,8 @@ connection_changes_done (gpointer data)
+ if (!connection) {
+ /* New connection */
+ connection = nma_gconf_connection_new (priv->client, info->path);
+- add_connection_real (info->settings, connection);
++ if (connection)
++ add_connection_real (info->settings, connection);
+ } else {
+ if (gconf_client_dir_exists (priv->client, info->path, NULL)) {
+ /* Updated connection */
+@@ -405,6 +432,9 @@ dispose (GObject *object)
+
+ priv->disposed = TRUE;
+
++ if (priv->bus)
++ dbus_g_connection_unref (priv->bus);
++
+ g_hash_table_destroy (priv->pending_changes);
+
+ if (priv->read_connections_id) {
+diff --git a/src/gconf-helpers/nma-gconf-settings.h b/src/gconf-helpers/nma-gconf-settings.h
+index 38c4f70..ad69987 100644
+--- a/src/gconf-helpers/nma-gconf-settings.h
++++ b/src/gconf-helpers/nma-gconf-settings.h
+@@ -53,7 +53,7 @@ typedef struct {
+
+ GType nma_gconf_settings_get_type (void);
+
+-NMAGConfSettings *nma_gconf_settings_new (void);
++NMAGConfSettings *nma_gconf_settings_new (DBusGConnection *bus);
+
+ NMAGConfConnection *nma_gconf_settings_add_connection (NMAGConfSettings *self,
+ NMConnection *connection);
+--
+1.6.6
+
Modified: packages/unstable/network-manager-applet/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/network-manager-applet/debian/patches/series?rev=3434&op=diff
==============================================================================
--- packages/unstable/network-manager-applet/debian/patches/series (original)
+++ packages/unstable/network-manager-applet/debian/patches/series Sat Jan 23 01:29:12 2010
@@ -1,2 +1,3 @@
01-dbus_access_nm_applet.patch
+02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch
04-autostart.patch
More information about the Pkg-utopia-commits
mailing list