From 23bfa29101351080153d4e6540d3f94b423ac0c7 Mon Sep 17 00:00:00 2001
From: Michael Biebl <biebl@debian.org>
Date: Wed, 7 Jan 2009 17:58:29 +0100
Subject: Imported Debian patch 0.2.10-4

---
 debian/changelog                    |  16 +++
 debian/control                      |   4 +-
 debian/patches/05-dbus_policy.patch | 188 ++++++++++++++++++++++++++++++++++++
 debian/patches/series               |   1 +
 debian/watch                        |   2 +-
 5 files changed, 208 insertions(+), 3 deletions(-)
 create mode 100644 debian/patches/05-dbus_policy.patch

diff --git a/debian/changelog b/debian/changelog
index 972f507..159a560 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+consolekit (0.2.10-4) unstable; urgency=high
+
+  [ Michael Biebl ]
+  * debian/watch
+    - Check for both .gz and .bz2 tarballs.
+  * debian/control
+    - Add ${misc:Depends} to libck-connector-dev.
+
+  [ Simon McVittie ]
+  * debian/patches/05-dbus_policy.patch: patch from
+    Colin Walters so ConsoleKit introspection and SetIdleHint still work
+    after CVE-2008-4311 is fixed in dbus-daemon. (Closes: #510645)
+  * Urgency high for bugfix that blocks CVE-2008-4311 upload.
+
+ -- Michael Biebl <biebl@debian.org>  Wed, 07 Jan 2009 17:58:29 +0100
+
 consolekit (0.2.10-3) unstable; urgency=low
 
   * debian/patches/04-defer_daemonizing.patch
diff --git a/debian/control b/debian/control
index 7f6f3ee..26554b3 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: admin
 Priority: optional
 Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
 Uploaders: Michael Biebl <biebl@debian.org>
-Build-Depends: cdbs, debhelper (>= 5), autotools-dev, pkg-config, ,quilt, libdbus-glib-1-dev (>= 0.30), libglib2.0-dev (>= 2.7.0), libx11-dev (>= 1.0.0), xmlto, libpam0g-dev, zlib1g-dev
+Build-Depends: cdbs, debhelper (>= 5), autotools-dev, pkg-config, quilt, libdbus-glib-1-dev (>= 0.30), libglib2.0-dev (>= 2.7.0), libx11-dev (>= 1.0.0), xmlto, libpam0g-dev, zlib1g-dev
 Standards-Version: 3.8.0
 Vcs-Svn: svn://svn.debian.org/svn/pkg-utopia/packages/unstable/consolekit
 Vcs-Browser: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/consolekit
@@ -38,7 +38,7 @@ Description: ConsoleKit libraries
 Package: libck-connector-dev
 Section: libdevel
 Architecture: any
-Depends: libck-connector0 (= ${binary:Version}), libdbus-1-dev
+Depends: libck-connector0 (= ${binary:Version}), ${misc:Depends}, libdbus-1-dev
 Description: ConsoleKit development files
  ConsoleKit is a system daemon for tracking what users are logged
  into the system and how they interact with the computer (e.g.
diff --git a/debian/patches/05-dbus_policy.patch b/debian/patches/05-dbus_policy.patch
new file mode 100644
index 0000000..b6e035a
--- /dev/null
+++ b/debian/patches/05-dbus_policy.patch
@@ -0,0 +1,188 @@
+Patch from Colin Walters for http://bugs.freedesktop.org/show_bug.cgi?id=19020,
+adapted to apply to Debian's ConsoleKit.
+
+He writes:
+> This patch is relatively conservative; it adds send_destination= to all the
+> rules (as is very important, see
+> https://bugs.freedesktop.org/show_bug.cgi?id=18961).
+>
+> It also adds SetIdleHint into the default allow.  From the source it looks that
+> that method implementation checks the caller.
+>
+> Please review.  
+>
+> Also an open question - do all the methods verify their caller?  In that case
+> the policy file can be *much* simpler; see:
+> http://lists.freedesktop.org/archives/dbus/2008-December/010717.html
+
+--- a/data/ConsoleKit.conf	2009-01-06 02:59:15.000000000 +0000
++++ b/data/ConsoleKit.conf	2009-01-06 03:04:38.000000000 +0000
+@@ -8,89 +8,129 @@
+     <allow own="org.freedesktop.ConsoleKit"/>
+ 
+     <!-- Allow all methods on interfaces -->
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Seat"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"/>
++    <allow send_destination="org.freedesktop.ConsoleKit"/>
+   </policy>
+ 
+   <!-- Deny all and then allow some methods on interfaces -->
+   <policy context="default">
+-    <deny send_interface="org.freedesktop.ConsoleKit.Manager"/>
+-    <deny send_interface="org.freedesktop.ConsoleKit.Seat"/>
+-    <deny send_interface="org.freedesktop.ConsoleKit.Session"/>
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.DBus.Introspectable"/>
++    <deny send_destination="org.freedesktop.ConsoleKit"
++          send_interface="org.freedesktop.ConsoleKit.Manager"/>
++    <deny send_destination="org.freedesktop.ConsoleKit"
++          send_interface="org.freedesktop.ConsoleKit.Seat"/>
++    <deny send_destination="org.freedesktop.ConsoleKit"
++          send_interface="org.freedesktop.ConsoleKit.Session"/>
+     <deny send_destination="org.freedesktop.ConsoleKit"
+           send_interface="org.freedesktop.DBus.Properties" />
+ 
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="OpenSession"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="CloseSession"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="GetSeats"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="GetSessionForCookie"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="GetSessionForUnixProcess"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="GetCurrentSession"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="GetSessionsForUnixUser"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="GetSessionsForUser"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="GetSystemIdleHint"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="GetSystemIdleSinceHint"/>
+ 
+-    <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Seat"
+            send_member="GetId"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Seat"
+            send_member="GetSessions"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Seat"
+            send_member="GetDevices"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Seat"
+            send_member="GetActiveSession"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Seat"
+            send_member="CanActivateSessions"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Seat"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Seat"
+            send_member="ActivateSession"/>
+ 
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetId"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetSeatId"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetSessionType"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetUser"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetUnixUser"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetX11Display"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetX11DisplayDevice"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetDisplayDevice"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetRemoteHostName"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="IsActive"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="IsLocal"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetCreationTime"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="Activate"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetIdleHint"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Session"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
+            send_member="GetIdleSinceHint"/>
++
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Session"
++           send_member="SetIdleHint"/>
+   </policy>
+ 
+   <policy user="root">
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="Restart"/>
+-    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
++    <allow send_destination="org.freedesktop.ConsoleKit"
++           send_interface="org.freedesktop.ConsoleKit.Manager"
+            send_member="Stop"/>
+   </policy>
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 1cc71fa..49b0066 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 02-exit_with_dbus.patch
 03-cleanup_console_tags.patch
 04-defer_daemonizing.patch
+05-dbus_policy.patch
diff --git a/debian/watch b/debian/watch
index 20767cb..de38d13 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,2 +1,2 @@
 version=3
-http://people.freedesktop.org/~mccann/dist/ConsoleKit-(.*)\.tar\.gz
+http://people.freedesktop.org/~mccann/dist/ConsoleKit-(.*)\.tar\.(gz|bz2)
-- 
cgit v1.2.3