diff options
Diffstat (limited to 'net-misc/networkmanager/files/networkmanager-0.8.1-CVE-2010-1172.patch')
| -rw-r--r-- | net-misc/networkmanager/files/networkmanager-0.8.1-CVE-2010-1172.patch | 177 |
1 files changed, 0 insertions, 177 deletions
diff --git a/net-misc/networkmanager/files/networkmanager-0.8.1-CVE-2010-1172.patch b/net-misc/networkmanager/files/networkmanager-0.8.1-CVE-2010-1172.patch deleted file mode 100644 index 321be0e..0000000 --- a/net-misc/networkmanager/files/networkmanager-0.8.1-CVE-2010-1172.patch +++ /dev/null @@ -1,177 +0,0 @@ -From 92babdb658109cab5cdf9fc0280264ef0715f37d Mon Sep 17 00:00:00 2001 -From: Dan Williams <dcbw@redhat.com> -Date: Wed, 11 Aug 2010 20:40:25 +0000 -Subject: core: work around dbus-glib property access bug (CVE-2010-1172) (rh #585394) - -More info: -https://bugzilla.redhat.com/show_bug.cgi?id=585394 -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1172 - -dbus-glib was not properly enforcing the 'access' permissions on -object properties exported using its API. There were 2 specific bugs: - -1) dbus-glib did not enforce the introspection read/write property -permissions, so if the GObject property definition allowed write -access (which is sometimes desirable), D-Bus clients could modify -that value even if the introspection said it was read-only - -2) dbus-glib was not filtering out GObject properties that were -not listed in the introspection XML. Thus, if the GObject defined -more properties than were listed in the introspection XML (which is -also often useful, and NM uses this quite a bit) those properties -would also be exposed to D-Bus clients. - -To fix this completely, you need to: - -1) get dbus-glib master when the patch is commited, OR grab the -patch from https://bugzilla.redhat.com/show_bug.cgi?id=585394 and -build a new dbus-glib - -2) rebuild NetworkManager against the new dbus-glib ---- -diff --git a/configure.ac b/configure.ac -index e1b9347..3217734 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -203,6 +203,12 @@ dnl - AC_CHECK_LIB([dl], [dladdr], LIBDL="-ldl", LIBDL="") - AC_SUBST(LIBDL) - -+dnl -+dnl Checks for new dbus-glib property access function -+dnl -+AC_CHECK_LIB([dbus-glib-1], [dbus_glib_global_set_disable_legacy_property_access], ac_have_dg_prop="1", ac_have_dg_prop="0") -+AC_DEFINE_UNQUOTED(HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS, $ac_have_dg_prop, [Define if you have a dbus-glib with dbus_glib_global_set_disable_legacy_property_access()]) -+ - PKG_CHECK_MODULES(DBUS, dbus-1 >= 1.1 dbus-glib-1 >= 0.75) - AC_SUBST(DBUS_CFLAGS) - AC_SUBST(DBUS_LIBS) -diff --git a/src/main.c b/src/main.c -index c2fb58b..aea2eef 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -19,10 +19,7 @@ - * Copyright (C) 2005 - 2008 Novell, Inc. - */ - --#ifdef HAVE_CONFIG_H --# include <config.h> --#endif -- -+#include <config.h> - #include <glib.h> - #include <dbus/dbus.h> - #include <dbus/dbus-glib-lowlevel.h> -@@ -627,6 +624,17 @@ main (int argc, char *argv[]) - g_thread_init (NULL); - dbus_g_thread_init (); - -+#ifndef HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS -+#error HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS not defined -+#endif -+ -+#if HAVE_DBUS_GLIB_DISABLE_LEGACY_PROP_ACCESS -+ /* Ensure that non-exported properties don't leak out, and that the -+ * introspection 'access' permissions are respected. -+ */ -+ dbus_glib_global_set_disable_legacy_property_access (); -+#endif -+ - setup_signals (); - - nm_logging_start (become_daemon); -diff --git a/src/nm-wifi-ap.c b/src/nm-wifi-ap.c -index 8a7e4e8..7770b8b 100644 ---- a/src/nm-wifi-ap.c -+++ b/src/nm-wifi-ap.c -@@ -153,6 +153,8 @@ set_property (GObject *object, guint prop_id, - case PROP_STRENGTH: - nm_ap_set_strength (ap, g_value_get_char (value)); - break; -+ case PROP_HW_ADDRESS: -+ break; - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); - break; -@@ -242,7 +244,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - NM_802_11_AP_FLAGS_NONE, - NM_802_11_AP_FLAGS_PRIVACY, - NM_802_11_AP_FLAGS_NONE, -- G_PARAM_READWRITE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property - (object_class, PROP_WPA_FLAGS, -@@ -252,7 +254,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - NM_802_11_AP_SEC_NONE, - all_sec_flags, - NM_802_11_AP_SEC_NONE, -- G_PARAM_READWRITE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property - (object_class, PROP_RSN_FLAGS, -@@ -262,7 +264,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - NM_802_11_AP_SEC_NONE, - all_sec_flags, - NM_802_11_AP_SEC_NONE, -- G_PARAM_READWRITE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property - (object_class, PROP_SSID, -@@ -270,7 +272,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - "SSID", - "SSID", - DBUS_TYPE_G_UCHAR_ARRAY, -- G_PARAM_READWRITE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property - (object_class, PROP_FREQUENCY, -@@ -278,7 +280,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - "Frequency", - "Frequency", - 0, 10000, 0, -- G_PARAM_READWRITE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property - (object_class, PROP_HW_ADDRESS, -@@ -286,7 +288,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - "MAC Address", - "Hardware MAC address", - NULL, -- G_PARAM_READABLE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property - (object_class, PROP_MODE, -@@ -294,7 +296,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - "Mode", - "Mode", - NM_802_11_MODE_ADHOC, NM_802_11_MODE_INFRA, NM_802_11_MODE_INFRA, -- G_PARAM_READWRITE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property - (object_class, PROP_MAX_BITRATE, -@@ -302,7 +304,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - "Max Bitrate", - "Max Bitrate", - 0, G_MAXUINT16, 0, -- G_PARAM_READWRITE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - g_object_class_install_property - (object_class, PROP_STRENGTH, -@@ -310,7 +312,7 @@ nm_ap_class_init (NMAccessPointClass *ap_class) - "Strength", - "Strength", - G_MININT8, G_MAXINT8, 0, -- G_PARAM_READWRITE)); -+ G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); - - /* Signals */ - signals[PROPERTIES_CHANGED] = --- |