add a patch from upstream to fix a possible security bypass

(CVE-2008-0595), bump PKGREVISION
author: drochner <drochner@pkgsrc.org> 2008-03-02 13:21:07 +0000
committer: drochner <drochner@pkgsrc.org> 2008-03-02 13:21:07 +0000
commit: 453631b3b6e1c9e2c2ea0ddc6687f230b623ffb5 (patch)
tree: 0a7fdcc1f1b17a33ff87950efaaa6a6c40c7d72b /sysutils/dbus/patches
parent: 84ac12e874d6f5e98e476c7fe4f59af61897ad49 (diff)
download: pkgsrc-453631b3b6e1c9e2c2ea0ddc6687f230b623ffb5.tar.gz
1 files changed, 50 insertions, 0 deletions
diff --git a/sysutils/dbus/patches/patch-ah b/sysutils/dbus/patches/patch-ah
new file mode 100644
index 00000000000..a180258b98a
--- /dev/null
+++ b/sysutils/dbus/patches/patch-ah
@@ -0,0 +1,50 @@
+$NetBSD: patch-ah,v 1.1 2008/03/02 13:21:07 drochner Exp $
+
+--- bus/policy.c.orig	2006-12-11 20:21:22.000000000 +0100
++++ bus/policy.c
+@@ -931,9 +931,19 @@ bus_client_policy_check_can_send (BusCli
+       
+       if (rule->d.send.interface != NULL)
+         {
+-          if (dbus_message_get_interface (message) != NULL &&
+-              strcmp (dbus_message_get_interface (message),
+-                      rule->d.send.interface) != 0)
++          /* The interface is optional in messages. For allow rules, if the message
++           * has no interface we want to skip the rule (and thus not allow);
++           * for deny rules, if the message has no interface we want to use the
++           * rule (and thus deny).
++           */
++          dbus_bool_t no_interface;
++
++          no_interface = dbus_message_get_interface (message) == NULL;
++          
++          if ((no_interface && rule->allow) ||
++              (!no_interface && 
++               strcmp (dbus_message_get_interface (message),
++                       rule->d.send.interface) != 0))
+             {
+               _dbus_verbose ("  (policy) skipping rule for different interface\n");
+               continue;
+@@ -1117,9 +1127,19 @@ bus_client_policy_check_can_receive (Bus
+       
+       if (rule->d.receive.interface != NULL)
+         {
+-          if (dbus_message_get_interface (message) != NULL &&
+-              strcmp (dbus_message_get_interface (message),
+-                      rule->d.receive.interface) != 0)
++          /* The interface is optional in messages. For allow rules, if the message
++           * has no interface we want to skip the rule (and thus not allow);
++           * for deny rules, if the message has no interface we want to use the
++           * rule (and thus deny).
++           */
++          dbus_bool_t no_interface;
++
++          no_interface = dbus_message_get_interface (message) == NULL;
++          
++          if ((no_interface && rule->allow) ||
++              (!no_interface &&
++               strcmp (dbus_message_get_interface (message),
++                       rule->d.receive.interface) != 0))
+             {
+               _dbus_verbose ("  (policy) skipping rule for different interface\n");
+               continue;
author	drochner <drochner@pkgsrc.org>	2008-03-02 13:21:07 +0000
committer	drochner <drochner@pkgsrc.org>	2008-03-02 13:21:07 +0000
commit	453631b3b6e1c9e2c2ea0ddc6687f230b623ffb5 (patch)
tree	0a7fdcc1f1b17a33ff87950efaaa6a6c40c7d72b /sysutils/dbus/patches
parent	84ac12e874d6f5e98e476c7fe4f59af61897ad49 (diff)
download	pkgsrc-453631b3b6e1c9e2c2ea0ddc6687f230b623ffb5.tar.gz