From 4a5698219ea68f976340d312635ba9bd245d4504 Mon Sep 17 00:00:00 2001 From: drochner Date: Sun, 2 Mar 2008 13:21:07 +0000 Subject: add a patch from upstream to fix a possible security bypass (CVE-2008-0595), bump PKGREVISION --- sysutils/dbus/Makefile | 4 ++-- sysutils/dbus/distinfo | 3 ++- sysutils/dbus/patches/patch-ah | 50 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 sysutils/dbus/patches/patch-ah diff --git a/sysutils/dbus/Makefile b/sysutils/dbus/Makefile index 2d7f67d17de..d97ac37453f 100644 --- a/sysutils/dbus/Makefile +++ b/sysutils/dbus/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.26 2008/02/08 23:15:16 bjs Exp $ +# $NetBSD: Makefile,v 1.27 2008/03/02 13:21:07 drochner Exp $ # DISTNAME= dbus-1.0.2 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= sysutils MASTER_SITES= http://dbus.freedesktop.org/releases/dbus/ diff --git a/sysutils/dbus/distinfo b/sysutils/dbus/distinfo index ef2e4475146..5fcfacff2dc 100644 --- a/sysutils/dbus/distinfo +++ b/sysutils/dbus/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.19 2008/02/21 01:42:13 tnn Exp $ +$NetBSD: distinfo,v 1.20 2008/03/02 13:21:07 drochner Exp $ SHA1 (dbus-1.0.2.tar.gz) = 2870efd6ea0b5b0d14e52195f560238a74bb1e0e RMD160 (dbus-1.0.2.tar.gz) = d5eddfb058c4c026d4a9f091ad90abcc6e54861a @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 71c903a268e8ece66c39f48937c9544b7c82d1b3 SHA1 (patch-ab) = 2fce79e3114fa5f345094e61d2513a9eb232c57a SHA1 (patch-ac) = eae0564535d36cb0082dd2e66d74fea808800d4e SHA1 (patch-ag) = 469993db97a74da50c61449454c02c8a7c69e7bd +SHA1 (patch-ah) = db8ce2de1f1f9aa06804eacb9a7f264eb3187f36 diff --git a/sysutils/dbus/patches/patch-ah b/sysutils/dbus/patches/patch-ah new file mode 100644 index 00000000000..a180258b98a --- /dev/null +++ b/sysutils/dbus/patches/patch-ah @@ -0,0 +1,50 @@ +$NetBSD: patch-ah,v 1.1 2008/03/02 13:21:07 drochner Exp $ + +--- bus/policy.c.orig 2006-12-11 20:21:22.000000000 +0100 ++++ bus/policy.c +@@ -931,9 +931,19 @@ bus_client_policy_check_can_send (BusCli + + if (rule->d.send.interface != NULL) + { +- if (dbus_message_get_interface (message) != NULL && +- strcmp (dbus_message_get_interface (message), +- rule->d.send.interface) != 0) ++ /* The interface is optional in messages. For allow rules, if the message ++ * has no interface we want to skip the rule (and thus not allow); ++ * for deny rules, if the message has no interface we want to use the ++ * rule (and thus deny). ++ */ ++ dbus_bool_t no_interface; ++ ++ no_interface = dbus_message_get_interface (message) == NULL; ++ ++ if ((no_interface && rule->allow) || ++ (!no_interface && ++ strcmp (dbus_message_get_interface (message), ++ rule->d.send.interface) != 0)) + { + _dbus_verbose (" (policy) skipping rule for different interface\n"); + continue; +@@ -1117,9 +1127,19 @@ bus_client_policy_check_can_receive (Bus + + if (rule->d.receive.interface != NULL) + { +- if (dbus_message_get_interface (message) != NULL && +- strcmp (dbus_message_get_interface (message), +- rule->d.receive.interface) != 0) ++ /* The interface is optional in messages. For allow rules, if the message ++ * has no interface we want to skip the rule (and thus not allow); ++ * for deny rules, if the message has no interface we want to use the ++ * rule (and thus deny). ++ */ ++ dbus_bool_t no_interface; ++ ++ no_interface = dbus_message_get_interface (message) == NULL; ++ ++ if ((no_interface && rule->allow) || ++ (!no_interface && ++ strcmp (dbus_message_get_interface (message), ++ rule->d.receive.interface) != 0)) + { + _dbus_verbose (" (policy) skipping rule for different interface\n"); + continue; -- cgit v1.2.3