rpms/dbus/devel dbus-libcap.patch,1.1,1.2
Matthias Clasen
mclasen at fedoraproject.org
Wed Jan 13 01:02:20 UTC 2010
- Previous message: rpms/tsocks/devel import.log, NONE, 1.1 tsocks.spec, NONE, 1.1 tsocks_documentation_update.patch, NONE, 1.1 tsocks_fix_lib_path.patch, NONE, 1.1 tsocks_remove_static_lib.patch, NONE, 1.1 tsocks_script_validation_error.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/tsocks/F-12 import.log, NONE, 1.1 tsocks.spec, NONE, 1.1 tsocks_documentation_update.patch, NONE, 1.1 tsocks_fix_lib_path.patch, NONE, 1.1 tsocks_remove_static_lib.patch, NONE, 1.1 tsocks_script_validation_error.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mclasen
Update of /cvs/pkgs/rpms/dbus/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19375
Modified Files:
dbus-libcap.patch
Log Message:
grr, fix patch
dbus-libcap.patch:
bus/selinux.c | 71 +++++++++++++++++++++++++++++++++++++++
bus/selinux.h | 2 +
configure.in | 3 -
dbus/dbus-sysdeps-util-unix.c | 75 ------------------------------------------
dbus/dbus-sysdeps.h | 2 -
5 files changed, 74 insertions(+), 79 deletions(-)
Index: dbus-libcap.patch
===================================================================
RCS file: /cvs/pkgs/rpms/dbus/devel/dbus-libcap.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- dbus-libcap.patch 13 Jan 2010 00:52:45 -0000 1.1
+++ dbus-libcap.patch 13 Jan 2010 01:02:20 -0000 1.2
@@ -1,378 +1,202 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-<html>
- <head>
- <title>Access Denied</title>
- <meta name="verify-v1" content="1hLjVPyIYh2cX7CL+s5A0k6pKt2FRq7/FSQ/cqGi9J8="/>
- <meta name="y_key" content="1cdf458efae704ba">
+--- dbus-1.2.16.orig/bus/selinux.c 2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/bus/selinux.c 2009-11-01 11:30:45.000000000 -0500
+@@ -1015,3 +1015,74 @@ bus_selinux_shutdown (void)
+ #endif /* HAVE_SELINUX */
+ }
+
++/**
++ * Changes the user and group the bus is running as.
++ *
++ * @param user the user to become
++ * @param error return location for errors
++ * @returns #FALSE on failure
++ */
++dbus_bool_t
++_dbus_change_to_daemon_user (const char *user,
++ DBusError *error)
++{
++ dbus_uid_t uid;
++ dbus_gid_t gid;
++ DBusString u;
++
++ _dbus_string_init_const (&u, user);
++
++ if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid))
++ {
++ dbus_set_error (error, DBUS_ERROR_FAILED,
++ "User '%s' does not appear to exist?",
++ user);
++ return FALSE;
++ }
++
++#ifdef HAVE_LIBAUDIT
++ /* If we were root */
++ if (_dbus_geteuid () == 0)
++ {
++ int rc;
++
++ capng_clear(CAPNG_SELECT_BOTH);
++ capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
++ CAP_AUDIT_WRITE);
++ rc = capng_change_id(uid, gid, 0);
++ if (rc)
++ {
++ switch (rc) {
++ default:
++ dbus_set_error (error, DBUS_ERROR_FAILED,
++ "Failed to drop capabilities: %s\n",
++ _dbus_strerror (errno));
++ break;
++ case -4:
++ dbus_set_error (error, _dbus_error_from_errno (errno),
++ "Failed to set GID to %lu: %s", gid,
++ _dbus_strerror (errno));
++ break;
++ case -5:
++ _dbus_warn ("Failed to drop supplementary groups: %s\n",
++ _dbus_strerror (errno));
++ break;
++ case -6:
++ dbus_set_error (error, _dbus_error_from_errno (errno),
++ "Failed to set UID to %lu: %s", uid,
++ _dbus_strerror (errno));
++ break;
++ case -7:
++ dbus_set_error (error, _dbus_error_from_errno (errno),
++ "Failed to unset keep-capabilities: %s\n",
++ _dbus_strerror (errno));
++ break;
++ }
++ return FALSE;
++ }
++ }
++#endif /* HAVE_LIBAUDIT */
++
++ return TRUE;
++}
++
+--- dbus-1.2.16.orig/bus/selinux.h 2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/bus/selinux.h 2009-11-01 11:33:15.000000000 -0500
+@@ -68,5 +68,7 @@ BusSELinuxID* bus_selinux_init_connectio
+
+
+ void bus_selinux_audit_init(void);
++dbus_bool_t _dbus_change_to_daemon_user (const char *user,
++ DBusError *error);
+
+ #endif /* BUS_SELINUX_H */
+--- dbus-1.2.16.orig/configure.in 2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/configure.in 2009-11-01 11:30:45.000000000 -0500
+@@ -852,8 +852,7 @@ fi
+ AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+
+ if test x$have_libaudit = xyes ; then
+- SELINUX_LIBS="$SELINUX_LIBS -laudit"
+- LIBS="-lcap-ng $LIBS"
++ SELINUX_LIBS="$SELINUX_LIBS -laudit -lcap-ng"
+ AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
+ fi
+
+--- dbus-1.2.16.orig/dbus/dbus-sysdeps.h 2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/dbus/dbus-sysdeps.h 2009-11-01 11:33:08.000000000 -0500
+@@ -418,8 +418,6 @@ dbus_bool_t _dbus_become_daemon (const
+ dbus_bool_t keep_umask);
+
+ dbus_bool_t _dbus_verify_daemon_user (const char *user);
+-dbus_bool_t _dbus_change_to_daemon_user (const char *user,
+- DBusError *error);
+
+ dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile,
+ DBusPipe *print_pid_pipe,
+--- dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c 2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c 2009-11-01 11:30:45.000000000 -0500
+@@ -45,10 +45,6 @@
+ #include <sys/un.h>
+ #include <syslog.h>
+ #include <syslog.h>
+-#ifdef HAVE_LIBAUDIT
+-#include <cap-ng.h>
+-#include <libaudit.h>
+-#endif /* HAVE_LIBAUDIT */
+
+ #ifdef HAVE_SYS_SYSLIMITS_H
+ #include <sys/syslimits.h>
+@@ -308,77 +304,6 @@ _dbus_verify_daemon_user (const char *us
+ return _dbus_get_user_id_and_primary_group (&u, NULL, NULL);
+ }
+
+-/**
+- * Changes the user and group the bus is running as.
+- *
+- * @param user the user to become
+- * @param error return location for errors
+- * @returns #FALSE on failure
+- */
+-dbus_bool_t
+-_dbus_change_to_daemon_user (const char *user,
+- DBusError *error)
+-{
+- dbus_uid_t uid;
+- dbus_gid_t gid;
+- DBusString u;
+-
+- _dbus_string_init_const (&u, user);
+-
+- if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid))
+- {
+- dbus_set_error (error, DBUS_ERROR_FAILED,
+- "User '%s' does not appear to exist?",
+- user);
+- return FALSE;
+- }
+-
+-#ifdef HAVE_LIBAUDIT
+- /* If we were root */
+- if (_dbus_geteuid () == 0)
+- {
+- int rc;
+-
+- capng_clear(CAPNG_SELECT_BOTH);
+- capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+- CAP_AUDIT_WRITE);
+- rc = capng_change_id(uid, gid, 0);
+- if (rc)
+- {
+- switch (rc) {
+- default:
+- dbus_set_error (error, DBUS_ERROR_FAILED,
+- "Failed to drop capabilities: %s\n",
+- _dbus_strerror (errno));
+- break;
+- case -4:
+- dbus_set_error (error, _dbus_error_from_errno (errno),
+- "Failed to set GID to %lu: %s", gid,
+- _dbus_strerror (errno));
+- break;
+- case -5:
+- _dbus_warn ("Failed to drop supplementary groups: %s\n",
+- _dbus_strerror (errno));
+- break;
+- case -6:
+- dbus_set_error (error, _dbus_error_from_errno (errno),
+- "Failed to set UID to %lu: %s", uid,
+- _dbus_strerror (errno));
+- break;
+- case -7:
+- dbus_set_error (error, _dbus_error_from_errno (errno),
+- "Failed to unset keep-capabilities: %s\n",
+- _dbus_strerror (errno));
+- break;
+- }
+- return FALSE;
+- }
+- }
+-#endif /* HAVE_LIBAUDIT */
+-
+- return TRUE;
+-}
+-
+ void
+ _dbus_init_system_log (void)
+ {
-
-<link rel="Top" href="https://bugzilla.redhat.com/">
-
-
-
-
-
- <link href="skins/standard/global.css"
- rel="stylesheet"
- type="text/css">
- <!--[if lte IE 7]>
-
- <link href="skins/standard/IE-fixes.css"
- rel="stylesheet"
- type="text/css">
- <![endif]-->
-
-
- <link href="skins/standard/global.css"
- rel="alternate stylesheet"
- title="Classic"
- type="text/css">
- <!--[if lte IE 7]>
-
- <link href="skins/standard/IE-fixes.css"
- rel="alternate stylesheet"
- title="Classic"
- type="text/css">
- <![endif]-->
-
-
-
- <link href="skins/contrib/Dusk/global.css"
- rel="alternate stylesheet"
- title="Dusk"
- type="text/css">
- <!--[if lte IE 7]>
-
- <link href="skins/contrib/Dusk/IE-fixes.css"
- rel="alternate stylesheet"
- title="Dusk"
- type="text/css">
- <![endif]-->
-
- <link href="skins/contrib/RedHat/global.css"
- rel="stylesheet"
- title="RedHat"
- type="text/css">
- <!--[if lte IE 7]>
-
- <link href="skins/contrib/RedHat/IE-fixes.css"
- rel="stylesheet"
- title="RedHat"
- type="text/css">
- <![endif]-->
-
-
-
-
- <link href="skins/custom/global.css" rel="stylesheet" type="text/css">
- <!--[if lte IE 7]>
-
- <link href="skins/custom/IE-fixes.css"
- rel="stylesheet"
- type="text/css">
- <![endif]-->
-
-
-
- <script src="js/cookies.js" type="text/javascript" language="JavaScript"></script>
-
- <script src="js/yui/yahoo-dom-event.js" type="text/javascript"></script>
- <script src="js/global.js" type="text/javascript"></script>
- <script type="text/javascript">
- <!--
- YAHOO.namespace('bugzilla');
- if (YAHOO.env.ua.gecko) {
- YAHOO.util.Event._simpleRemove(window, "unload",
- YAHOO.util.Event._unload);
- }
-
- var BUGZILLA = {
- param: {
- cookiepath: '\/'
- }
- };
- // -->
- </script>
-
-
- <script type="text/javascript">
- // REDHAT EXTENSION 441550
- // Set use_ajax for use in the js files
- var use_ajax = '1';
- // REDHAT EXTENSION 426374
- // Server URL is set here since we cannot access Param('sslbase')
- // in the js/ files.
- var server_url = 'https://bugzilla.redhat.com/xmlrpc.cgi';
- </script>
-
-
-
-
- <link rel="search" type="application/opensearchdescription+xml"
- title="Red Hat Bugzilla" href="./search_plugin.cgi">
- <link rel="shortcut icon" href="images/favicon.ico" >
- </head>
-
-
-
-
- <body onload="
- setcookie('Bugzilla_javascript',1,1,'/','bugzilla.redhat.com',0);"
- class="bugzilla-redhat-com">
-
-
-
-<div id="header">
-<div id="banner">
- </div>
-
-<table border="0" cellspacing="0" cellpadding="0" id="titles">
-<tr>
- <td id="title">
- <p>Red Hat Bugzilla – Access Denied</p>
- </td>
-
-
-</tr>
-</table>
-<ul class="links">
- <li><a href="./">Home</a></li>
- <li><span class="separator">| </span><a href="enter_bug.cgi">New</a></li>
- <li><span class="separator">| </span><a href="query.cgi">Search</a></li>
- <li><span class="separator">| </span><a href="browse.cgi">Browse</a></li>
-
- <li class="form">
- <span class="separator">| </span>
- <form action="buglist.cgi" method="get"
- onsubmit="if (this.quicksearch.value == '')
- { alert('Please enter one or more search terms first.');
- return false; } return true;">
- <input class="txt" type="text" id="quicksearch_top" name="quicksearch">
- <input class="btn" type="submit" value="Search"
- id="find_top"></form></li>
-
- <li><span class="separator">| </span><a href="report.cgi">Reports</a></li>
-
- <li>
- <span class="separator">| </span>
- <a href="request.cgi">Requests</a></li>
-
-
-
- <li id="new_account_container_top">
- <span class="separator">| </span>
- <a href="createaccount.cgi">New Account</a>
- </li>
-
- <li id="mini_login_container_top">
- <span class="separator">| </span>
- <a id="login_link_top" href="?GoAheadAndLogIn=1"
- onclick="return show_mini_login_form('_top')">Log In</a>
- <form action="https://bugzilla.redhat.com/attachment.cgi?id=383281&action=diff" method="POST"
- class="mini_login bz_default_hidden"
- id="mini_login_top"
- onsubmit="return check_mini_login_fields( '_top' );"
- >
- <input id="Bugzilla_login_top"
- class="bz_login"
- name="Bugzilla_login"
- onfocus="mini_login_on_focus('_top')"
- >
- <input class="bz_password"
- id="Bugzilla_password_top"
- name="Bugzilla_password"
- type="password"
- >
- <input class="bz_password bz_default_hidden bz_mini_login_help" type="text"
- id="Bugzilla_password_dummy_top" value="password"
- onfocus="mini_login_on_focus('_top')"
- >
- <input type="submit" name="GoAheadAndLogIn" value="Log in"
- id="log_in_top">
- <script type="text/javascript">
- mini_login_constants = {
- "login" : "login",
- "warning" : "You must set the login and password before logging in."
- };
-
- if (YAHOO.env.ua.gecko || YAHOO.env.ua.ie || YAHOO.env.ua.opera) {
- YAHOO.util.Event.onDOMReady(function() {
- init_mini_login_form('_top');
- });
- }
- else {
- YAHOO.util.Event.on(window, 'load', function () {
- window.setTimeout(function() {
- init_mini_login_form('_top');
- }, 200);
- });
- }
- </script>
- <a href="#" onclick="return hide_mini_login_form('_top')">[x]</a>
- </form>
-</li>
-<li id="forgot_container_top">
- <span class="separator">| </span>
- <a id="forgot_link_top" href="?GoAheadAndLogIn=1#forgot"
- onclick="return show_forgot_form('_top')">Forgot Password</a>
- <form action="token.cgi" method="post" id="forgot_form_top"
- class="mini_forgot bz_default_hidden">
- <label>Login: <input type="text" name="loginname" size="20"></label>
- <input id="forgot_button_top" value="Reset Password"
- type="submit">
- <input type="hidden" name="a" value="reqpw">
- <a href="#" onclick="return hide_forgot_form('_top')">[x]</a>
- </form>
-</li>
-</ul>
-
-</div>
-
-<div id="bugzilla-body">
-<div id="docslinks">
- <h2>Related documentation</h2>
- <ul><li>
- <a href="/docs/en/html/myaccount.html">Creating an account</a>
- </li>
- </ul>
- </div>
-
-<table cellpadding="20">
- <tr>
- <td id="error_msg" class="throw_error">
- You are not authorized to access bug #554785.
- To see this bug, you must
- first <a href="show_bug.cgi?id=554785&GoAheadAndLogIn=1">log
- in to an account</a> with the appropriate permissions.
-
- </td>
- </tr>
-</table>
-
-
-
-
-<p>
- Please press <b>Back</b> and try again.
-</p>
-
-
-
-</div>
-
-
-
-<div id="footer">
- <div class="intro"></div>
-
-
-
-
-<ul id="useful-links">
- <li id="links-actions"><ul class="links">
- <li><a href="./">Home</a></li>
- <li><span class="separator">| </span><a href="enter_bug.cgi">New</a></li>
- <li><span class="separator">| </span><a href="query.cgi">Search</a></li>
- <li><span class="separator">| </span><a href="browse.cgi">Browse</a></li>
-
- <li class="form">
- <span class="separator">| </span>
- <form action="buglist.cgi" method="get"
- onsubmit="if (this.quicksearch.value == '')
- { alert('Please enter one or more search terms first.');
- return false; } return true;">
- <input class="txt" type="text" id="quicksearch_bottom" name="quicksearch">
- <input class="btn" type="submit" value="Search"
- id="find_bottom"></form></li>
-
- <li><span class="separator">| </span><a href="report.cgi">Reports</a></li>
-
- <li>
- <span class="separator">| </span>
- <a href="request.cgi">Requests</a></li>
-
-
-
- <li id="new_account_container_bottom">
- <span class="separator">| </span>
- <a href="createaccount.cgi">New Account</a>
- </li>
-
- <li id="mini_login_container_bottom">
- <span class="separator">| </span>
- <a id="login_link_bottom" href="?GoAheadAndLogIn=1"
- onclick="return show_mini_login_form('_bottom')">Log In</a>
- <form action="https://bugzilla.redhat.com/attachment.cgi?id=383281&action=diff" method="POST"
- class="mini_login bz_default_hidden"
- id="mini_login_bottom"
- onsubmit="return check_mini_login_fields( '_bottom' );"
- >
- <input id="Bugzilla_login_bottom"
- class="bz_login"
- name="Bugzilla_login"
- onfocus="mini_login_on_focus('_bottom')"
- >
- <input class="bz_password"
- id="Bugzilla_password_bottom"
- name="Bugzilla_password"
- type="password"
- >
- <input class="bz_password bz_default_hidden bz_mini_login_help" type="text"
- id="Bugzilla_password_dummy_bottom" value="password"
- onfocus="mini_login_on_focus('_bottom')"
- >
- <input type="submit" name="GoAheadAndLogIn" value="Log in"
- id="log_in_bottom">
- <script type="text/javascript">
- mini_login_constants = {
- "login" : "login",
- "warning" : "You must set the login and password before logging in."
- };
-
- if (YAHOO.env.ua.gecko || YAHOO.env.ua.ie || YAHOO.env.ua.opera) {
- YAHOO.util.Event.onDOMReady(function() {
- init_mini_login_form('_bottom');
- });
- }
- else {
- YAHOO.util.Event.on(window, 'load', function () {
- window.setTimeout(function() {
- init_mini_login_form('_bottom');
- }, 200);
- });
- }
- </script>
- <a href="#" onclick="return hide_mini_login_form('_bottom')">[x]</a>
- </form>
-</li>
-<li id="forgot_container_bottom">
- <span class="separator">| </span>
- <a id="forgot_link_bottom" href="?GoAheadAndLogIn=1#forgot"
- onclick="return show_forgot_form('_bottom')">Forgot Password</a>
- <form action="token.cgi" method="post" id="forgot_form_bottom"
- class="mini_forgot bz_default_hidden">
- <label>Login: <input type="text" name="loginname" size="20"></label>
- <input id="forgot_button_bottom" value="Reset Password"
- type="submit">
- <input type="hidden" name="a" value="reqpw">
- <a href="#" onclick="return hide_forgot_form('_bottom')">[x]</a>
- </form>
-</li>
-</ul>
- </li>
-
-
-
-
-
-
-
-
-</ul>
-
- <div class="outro"></div>
-</div>
-
-</body>
-</html>
\ No newline at end of file
- Previous message: rpms/tsocks/devel import.log, NONE, 1.1 tsocks.spec, NONE, 1.1 tsocks_documentation_update.patch, NONE, 1.1 tsocks_fix_lib_path.patch, NONE, 1.1 tsocks_remove_static_lib.patch, NONE, 1.1 tsocks_script_validation_error.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/tsocks/F-12 import.log, NONE, 1.1 tsocks.spec, NONE, 1.1 tsocks_documentation_update.patch, NONE, 1.1 tsocks_fix_lib_path.patch, NONE, 1.1 tsocks_remove_static_lib.patch, NONE, 1.1 tsocks_script_validation_error.patch, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list