/[gentoo-x86]/net-misc/networkmanager/files/networkmanager-0.8.1-CVE-2010-1172.patch
Gentoo

Contents of /net-misc/networkmanager/files/networkmanager-0.8.1-CVE-2010-1172.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Tue Aug 23 23:17:09 2011 UTC (2 years, 7 months ago) by nirbheek
Branch: MAIN
CVS Tags: HEAD
Changes since 1.1: +0 -0 lines
FILE REMOVED
Bump for the 0.9.0 release, go forth and test. Also, remove old ebuilds and unused patches.

(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)

1 From 92babdb658109cab5cdf9fc0280264ef0715f37d Mon Sep 17 00:00:00 2001
2 From: Dan Williams <dcbw@redhat.com>
3 Date: Wed, 11 Aug 2010 20:40:25 +0000
4 Subject: core: work around dbus-glib property access bug (CVE-2010-1172) (rh #585394)
5
6 More info:
7 https://bugzilla.redhat.com/show_bug.cgi?id=585394
8 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1172
9
10 dbus-glib was not properly enforcing the 'access' permissions on
11 object properties exported using its API. There were 2 specific bugs:
12
13 1) dbus-glib did not enforce the introspection read/write property
14 permissions, so if the GObject property definition allowed write
15 access (which is sometimes desirable), D-Bus clients could modify
16 that value even if the introspection said it was read-only
17
18 2) dbus-glib was not filtering out GObject properties that were
19 not listed in the introspection XML. Thus, if the GObject defined
20 more properties than were listed in the introspection XML (which is
21 also often useful, and NM uses this quite a bit) those properties
22 would also be exposed to D-Bus clients.
23
24 To fix this completely, you need to:
25
26 1) get dbus-glib master when the patch is commited, OR grab the
27 patch from https://bugzilla.redhat.com/show_bug.cgi?id=585394 and
28 build a new dbus-glib
29
30 2) rebuild NetworkManager against the new dbus-glib
31 ---
32 diff --git a/configure.ac b/configure.ac
33 index e1b9347..3217734 100644
34 --- a/configure.ac
35 +++ b/configure.ac
36 @@ -203,6 +203,12 @@ dnl
37 AC_CHECK_LIB([dl], [dladdr], LIBDL="-ldl", LIBDL="")
38 AC_SUBST(LIBDL)
39
40 +dnl
41 +dnl Checks for new dbus-glib property access function
42 +dnl
43 +AC_CHECK_LIB([dbus-glib-1], [dbus_glib_global_set_disable_legacy_property_access], ac_have_dg_prop="1", ac_have_dg_prop="0")
44 +AC_DEFINE_UNQUOTED(HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS, $ac_have_dg_prop, [Define if you have a dbus-glib with dbus_glib_global_set_disable_legacy_property_access()])
45 +
46 PKG_CHECK_MODULES(DBUS, dbus-1 >= 1.1 dbus-glib-1 >= 0.75)
47 AC_SUBST(DBUS_CFLAGS)
48 AC_SUBST(DBUS_LIBS)
49 diff --git a/src/main.c b/src/main.c
50 index c2fb58b..aea2eef 100644
51 --- a/src/main.c
52 +++ b/src/main.c
53 @@ -19,10 +19,7 @@
54 * Copyright (C) 2005 - 2008 Novell, Inc.
55 */
56
57 -#ifdef HAVE_CONFIG_H
58 -# include <config.h>
59 -#endif
60 -
61 +#include <config.h>
62 #include <glib.h>
63 #include <dbus/dbus.h>
64 #include <dbus/dbus-glib-lowlevel.h>
65 @@ -627,6 +624,17 @@ main (int argc, char *argv[])
66 g_thread_init (NULL);
67 dbus_g_thread_init ();
68
69 +#ifndef HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS
70 +#error HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS not defined
71 +#endif
72 +
73 +#if HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS
74 + /* Ensure that non-exported properties don't leak out, and that the
75 + * introspection 'access' permissions are respected.
76 + */
77 + dbus_glib_global_set_disable_legacy_property_access ();
78 +#endif
79 +
80 setup_signals ();
81
82 nm_logging_start (become_daemon);
83 diff --git a/src/nm-wifi-ap.c b/src/nm-wifi-ap.c
84 index 8a7e4e8..7770b8b 100644
85 --- a/src/nm-wifi-ap.c
86 +++ b/src/nm-wifi-ap.c
87 @@ -153,6 +153,8 @@ set_property (GObject *object, guint prop_id,
88 case PROP_STRENGTH:
89 nm_ap_set_strength (ap, g_value_get_char (value));
90 break;
91 + case PROP_HW_ADDRESS:
92 + break;
93 default:
94 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
95 break;
96 @@ -242,7 +244,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
97 NM_802_11_AP_FLAGS_NONE,
98 NM_802_11_AP_FLAGS_PRIVACY,
99 NM_802_11_AP_FLAGS_NONE,
100 - G_PARAM_READWRITE));
101 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
102
103 g_object_class_install_property
104 (object_class, PROP_WPA_FLAGS,
105 @@ -252,7 +254,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
106 NM_802_11_AP_SEC_NONE,
107 all_sec_flags,
108 NM_802_11_AP_SEC_NONE,
109 - G_PARAM_READWRITE));
110 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
111
112 g_object_class_install_property
113 (object_class, PROP_RSN_FLAGS,
114 @@ -262,7 +264,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
115 NM_802_11_AP_SEC_NONE,
116 all_sec_flags,
117 NM_802_11_AP_SEC_NONE,
118 - G_PARAM_READWRITE));
119 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
120
121 g_object_class_install_property
122 (object_class, PROP_SSID,
123 @@ -270,7 +272,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
124 "SSID",
125 "SSID",
126 DBUS_TYPE_G_UCHAR_ARRAY,
127 - G_PARAM_READWRITE));
128 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
129
130 g_object_class_install_property
131 (object_class, PROP_FREQUENCY,
132 @@ -278,7 +280,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
133 "Frequency",
134 "Frequency",
135 0, 10000, 0,
136 - G_PARAM_READWRITE));
137 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
138
139 g_object_class_install_property
140 (object_class, PROP_HW_ADDRESS,
141 @@ -286,7 +288,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
142 "MAC Address",
143 "Hardware MAC address",
144 NULL,
145 - G_PARAM_READABLE));
146 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
147
148 g_object_class_install_property
149 (object_class, PROP_MODE,
150 @@ -294,7 +296,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
151 "Mode",
152 "Mode",
153 NM_802_11_MODE_ADHOC, NM_802_11_MODE_INFRA, NM_802_11_MODE_INFRA,
154 - G_PARAM_READWRITE));
155 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
156
157 g_object_class_install_property
158 (object_class, PROP_MAX_BITRATE,
159 @@ -302,7 +304,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
160 "Max Bitrate",
161 "Max Bitrate",
162 0, G_MAXUINT16, 0,
163 - G_PARAM_READWRITE));
164 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
165
166 g_object_class_install_property
167 (object_class, PROP_STRENGTH,
168 @@ -310,7 +312,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class)
169 "Strength",
170 "Strength",
171 G_MININT8, G_MAXINT8, 0,
172 - G_PARAM_READWRITE));
173 + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
174
175 /* Signals */
176 signals[PROPERTIES_CHANGED] =
177 --

  ViewVC Help
Powered by ViewVC 1.1.20