rpms/dbus/F-7 dbus-fix-for-cve-2008-0595.patch, NONE, 1.1 dbus.spec, 1.120, 1.121
David Zeuthen (davidz)
fedora-extras-commits at redhat.com
Thu Feb 28 04:37:16 UTC 2008
- Previous message (by thread): rpms/selinux-policy/devel booleans-targeted.conf, 1.37, 1.38 policy-20071130.patch, 1.81, 1.82 selinux-policy.spec, 1.619, 1.620
- Next message (by thread): rpms/qalculate-kde/devel qalculate-kde-cln12.patch, NONE, 1.1 qalculate-kde.spec, 1.18, 1.19
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: davidz
Update of /cvs/pkgs/rpms/dbus/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6335
Modified Files:
dbus.spec
Added Files:
dbus-fix-for-cve-2008-0595.patch
Log Message:
* Wed Feb 27 2008 David Zeuthen <davidz at redhat.com> - 1.0.2-7%{?dist}
- CVE-2008-0595
dbus-fix-for-cve-2008-0595.patch:
--- NEW FILE dbus-fix-for-cve-2008-0595.patch ---
diff --git a/bus/policy.c b/bus/policy.c
index 383b2b1..caa544e 100644
--- a/bus/policy.c
+++ b/bus/policy.c
@@ -942,9 +942,19 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
if (rule->d.send.interface != NULL)
{
- if (dbus_message_get_interface (message) != NULL &&
- strcmp (dbus_message_get_interface (message),
- rule->d.send.interface) != 0)
+ /* The interface is optional in messages. For allow rules, if the message
+ * has no interface we want to skip the rule (and thus not allow);
+ * for deny rules, if the message has no interface we want to use the
+ * rule (and thus deny).
+ */
+ dbus_bool_t no_interface;
+
+ no_interface = dbus_message_get_interface (message) == NULL;
+
+ if ((no_interface && rule->allow) ||
+ (!no_interface &&
+ strcmp (dbus_message_get_interface (message),
+ rule->d.send.interface) != 0))
{
_dbus_verbose (" (policy) skipping rule for different interface\n");
continue;
@@ -1128,9 +1138,19 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
if (rule->d.receive.interface != NULL)
{
- if (dbus_message_get_interface (message) != NULL &&
- strcmp (dbus_message_get_interface (message),
- rule->d.receive.interface) != 0)
+ /* The interface is optional in messages. For allow rules, if the message
+ * has no interface we want to skip the rule (and thus not allow);
+ * for deny rules, if the message has no interface we want to use the
+ * rule (and thus deny).
+ */
+ dbus_bool_t no_interface;
+
+ no_interface = dbus_message_get_interface (message) == NULL;
+
+ if ((no_interface && rule->allow) ||
+ (!no_interface &&
+ strcmp (dbus_message_get_interface (message),
+ rule->d.receive.interface) != 0))
{
_dbus_verbose (" (policy) skipping rule for different interface\n");
continue;
Index: dbus.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dbus/F-7/dbus.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- dbus.spec 22 Jun 2007 19:37:39 -0000 1.120
+++ dbus.spec 28 Feb 2008 04:36:23 -0000 1.121
@@ -8,7 +8,7 @@
Summary: D-BUS message bus
Name: dbus
Version: 1.0.2
-Release: 6%{?dist}
+Release: 7%{?dist}
URL: http://www.freedesktop.org/software/dbus/
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
Source1: doxygen_to_devhelp.xsl
@@ -37,6 +37,8 @@
Patch2: dbus-0.92-audit-system.patch
Patch4: dbus-1.0.1-generate-xml-docs.patch
Patch5: dbus-1.0.2-selinux.patch
+# CVE-2008-0595
+Patch6: dbus-fix-for-cve-2008-0595.patch
%description
@@ -73,6 +75,7 @@
%patch2 -p1 -b .audit_system
%patch4 -p1 -b .generate-xml-docs
%patch5 -p1 -b .selinux-send-to-audit
+%patch6 -p1 -b .cve-2008-0595
autoreconf -f -i
@@ -189,6 +192,9 @@
%{_datadir}/devhelp/books/dbus
%changelog
+* Wed Feb 27 2008 David Zeuthen <davidz at redhat.com> - 1.0.2-7%{?dist}
+- CVE-2008-0595
+
* Fri Jun 22 2007 Matthias Clasen <mclasen at redhat.com> - 1.0.2-6
- Don't require libxml-python needlessly (#245300)
- Previous message (by thread): rpms/selinux-policy/devel booleans-targeted.conf, 1.37, 1.38 policy-20071130.patch, 1.81, 1.82 selinux-policy.spec, 1.619, 1.620
- Next message (by thread): rpms/qalculate-kde/devel qalculate-kde-cln12.patch, NONE, 1.1 qalculate-kde.spec, 1.18, 1.19
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list