Mailinglist Archive: yast-commit (819 mails)

< Previous Next >
[yast-commit] r55003 - in /trunk/core: VERSION dbus/SCR_service/org.opensuse.yast.SCR.conf.in package/yast2-core.changes
  • From: mvidner@xxxxxxxxxxxxxxxx
  • Date: Mon, 26 Jan 2009 13:00:41 -0000
  • Message-id: <E1LRR4z-0000Vs-55@xxxxxxxxxxxxxxxx>
Author: mvidner
Date: Mon Jan 26 14:00:40 2009
New Revision: 55003

URL: http://svn.opensuse.org/viewcvs/yast?rev=55003&view=rev
Log:
Fixed the D-Bus access policy (bnc#468390, CVE-2008-4311).

Modified:
trunk/core/VERSION
trunk/core/dbus/SCR_service/org.opensuse.yast.SCR.conf.in
trunk/core/package/yast2-core.changes

Modified: trunk/core/VERSION
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/VERSION?rev=55003&r1=55002&r2=55003&view=diff
==============================================================================
--- trunk/core/VERSION (original)
+++ trunk/core/VERSION Mon Jan 26 14:00:40 2009
@@ -1 +1 @@
-2.18.1
+2.18.2

Modified: trunk/core/dbus/SCR_service/org.opensuse.yast.SCR.conf.in
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/dbus/SCR_service/org.opensuse.yast.SCR.conf.in?rev=55003&r1=55002&r2=55003&view=diff
==============================================================================
--- trunk/core/dbus/SCR_service/org.opensuse.yast.SCR.conf.in (original)
+++ trunk/core/dbus/SCR_service/org.opensuse.yast.SCR.conf.in Mon Jan 26
14:00:40 2009
@@ -1,11 +1,20 @@
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration
1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
+<!--
+ Rationale:
+ http://lists.opensuse.org/opensuse-packaging/2009-01/msg00132.html
+ https://bugzilla.novell.com/show_bug.cgi?id=468390
+-->
<policy user="root">
<allow own="org.opensuse.yast.SCR"/>
- <allow send_interface="org.opensuse.yast.SCR.Methods"/>
+ <allow send_destination="org.opensuse.yast.SCR"/>
</policy>
<policy context="default">
- <deny own="org.opensuse.yast.SCR"/>
- <@ACCESS_MODE@ send_interface="org.opensuse.yast.SCR.Methods"/>
+ <!-- allowed iff compiled with PolicyKit -->
+ <@ACCESS_MODE@ send_destination="org.opensuse.yast.SCR"
+ send_interface="org.opensuse.yast.SCR.Methods"/>
+ <!-- introspection is allowed -->
+ <allow send_destination="org.opensuse.yast.SCR"
+ send_interface="org.freedesktop.DBus.Introspectable" />
</policy>
</busconfig>

Modified: trunk/core/package/yast2-core.changes
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/core/package/yast2-core.changes?rev=55003&r1=55002&r2=55003&view=diff
==============================================================================
--- trunk/core/package/yast2-core.changes (original)
+++ trunk/core/package/yast2-core.changes Mon Jan 26 14:00:40 2009
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Mon Jan 26 14:00:31 CET 2009 - mvidner@xxxxxxx
+
+- Fixed the D-Bus access policy (bnc#468390, CVE-2008-4311).
+- 2.18.2
+
+-------------------------------------------------------------------
Thu Jan 08 19:01:01 CET 2009 - aschnell@xxxxxxx

- added namespace multiset with 1. some list function, 2. some new

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages