rpms/dbus/F-8 dbus-fix-for-cve-2008-0595.patch, NONE, 1.1 dbus.spec, 1.132, 1.133
David Zeuthen (davidz)
fedora-extras-commits at redhat.com
Thu Feb 28 04:33:25 UTC 2008
- Previous message (by thread): rpms/man-pages-ko/F-8 Man_Page_Copyright, NONE, 1.1 man-pages-ko.spec, 1.16, 1.17
- Next message (by thread): rpms/selinux-policy/devel booleans-targeted.conf, 1.37, 1.38 policy-20071130.patch, 1.81, 1.82 selinux-policy.spec, 1.619, 1.620
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: davidz
Update of /cvs/pkgs/rpms/dbus/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6147
Modified Files:
dbus.spec
Added Files:
dbus-fix-for-cve-2008-0595.patch
Log Message:
* Wed Feb 27 2008 David Zeuthen <davidz at redhat.com> - 1.1.2-9%{?dist}
- CVE-2008-0595
dbus-fix-for-cve-2008-0595.patch:
--- NEW FILE dbus-fix-for-cve-2008-0595.patch ---
diff --git a/bus/policy.c b/bus/policy.c
index 383b2b1..caa544e 100644
--- a/bus/policy.c
+++ b/bus/policy.c
@@ -942,9 +942,19 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
if (rule->d.send.interface != NULL)
{
- if (dbus_message_get_interface (message) != NULL &&
- strcmp (dbus_message_get_interface (message),
- rule->d.send.interface) != 0)
+ /* The interface is optional in messages. For allow rules, if the message
+ * has no interface we want to skip the rule (and thus not allow);
+ * for deny rules, if the message has no interface we want to use the
+ * rule (and thus deny).
+ */
+ dbus_bool_t no_interface;
+
+ no_interface = dbus_message_get_interface (message) == NULL;
+
+ if ((no_interface && rule->allow) ||
+ (!no_interface &&
+ strcmp (dbus_message_get_interface (message),
+ rule->d.send.interface) != 0))
{
_dbus_verbose (" (policy) skipping rule for different interface\n");
continue;
@@ -1128,9 +1138,19 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
if (rule->d.receive.interface != NULL)
{
- if (dbus_message_get_interface (message) != NULL &&
- strcmp (dbus_message_get_interface (message),
- rule->d.receive.interface) != 0)
+ /* The interface is optional in messages. For allow rules, if the message
+ * has no interface we want to skip the rule (and thus not allow);
+ * for deny rules, if the message has no interface we want to use the
+ * rule (and thus deny).
+ */
+ dbus_bool_t no_interface;
+
+ no_interface = dbus_message_get_interface (message) == NULL;
+
+ if ((no_interface && rule->allow) ||
+ (!no_interface &&
+ strcmp (dbus_message_get_interface (message),
+ rule->d.receive.interface) != 0))
{
_dbus_verbose (" (policy) skipping rule for different interface\n");
continue;
Index: dbus.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dbus/F-8/dbus.spec,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- dbus.spec 25 Oct 2007 18:06:48 -0000 1.132
+++ dbus.spec 28 Feb 2008 04:32:49 -0000 1.133
@@ -8,7 +8,7 @@
Summary: D-BUS message bus
Name: dbus
Version: 1.1.2
-Release: 8%{?dist}
+Release: 9%{?dist}
URL: http://www.freedesktop.org/software/dbus/
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
Source1: doxygen_to_devhelp.xsl
@@ -43,6 +43,8 @@
Patch4: dbus-1.1.2-no-abort.patch
# from upstream git
Patch5: dbus-pie.patch
+# CVE-2008-0595
+Patch6: dbus-fix-for-cve-2008-0595.patch
%description
@@ -89,6 +91,7 @@
%patch3 -p1 -b .audit-user
%patch4 -p1 -b .abort
%patch5 -p1 -b .pie
+%patch6 -p1 -b .cve-2008-0595
autoreconf -f -i
@@ -208,6 +211,9 @@
%{_datadir}/devhelp/books/dbus
%changelog
+* Wed Feb 27 2008 David Zeuthen <davidz at redhat.com> - 1.1.2-9%{?dist}
+- CVE-2008-0595
+
* Thu Oct 25 2007 Bill Nottingham <notting at redhat.com> - 1.1.2-8
- have -libs obsolete older versions of the main package so that yum upgrades work
- Previous message (by thread): rpms/man-pages-ko/F-8 Man_Page_Copyright, NONE, 1.1 man-pages-ko.spec, 1.16, 1.17
- Next message (by thread): rpms/selinux-policy/devel booleans-targeted.conf, 1.37, 1.38 policy-20071130.patch, 1.81, 1.82 selinux-policy.spec, 1.619, 1.620
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list