diff --git a/SOURCES/bz2028351-fix-dbus-policy-restrictions.patch b/SOURCES/bz2028351-fix-dbus-policy-restrictions.patch new file mode 100644 index 0000000..7df76e0 --- /dev/null +++ b/SOURCES/bz2028351-fix-dbus-policy-restrictions.patch @@ -0,0 +1,41 @@ +From 763eaa49343acdda5ff359012e8cc49c9ffc8e81 Mon Sep 17 00:00:00 2001 +From: Vincent Bernat +Date: Tue, 23 Nov 2021 06:50:59 +0100 +Subject: [PATCH] dbus: fix policy to not be overly broad + +The DBus policy did not restrict the message destination, allowing any +user to inspect and manipulate any property. + +Signed-off-by: Vincent Bernat +--- + keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf +index 2b78a575..b5ced608 100644 +--- a/keepalived/dbus/org.keepalived.Vrrp1.conf ++++ b/keepalived/dbus/org.keepalived.Vrrp1.conf +@@ -3,12 +3,15 @@ + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> + + +- +- ++ ++ + + +- +- +- ++ ++ ++ + + +-- +2.33.1 + diff --git a/SPECS/keepalived.spec b/SPECS/keepalived.spec index 58e29d8..1aee3e2 100644 --- a/SPECS/keepalived.spec +++ b/SPECS/keepalived.spec @@ -10,13 +10,15 @@ Name: keepalived Summary: High Availability monitor built upon LVS, VRRP and service pollers Version: 2.2.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ URL: http://www.keepalived.org/ Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz Source1: keepalived.service +Patch1: bz2028351-fix-dbus-policy-restrictions.patch + Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -56,6 +58,7 @@ infrastructures. %prep %setup -q +%patch1 -p1 %build %configure \ @@ -105,6 +108,9 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived %{_mandir}/man8/keepalived.8* %changelog +* Mon Feb 21 2022 Ryan O'Hara - 2.2.4-2 +- Fix DBus policy restrictions (#2028351, CVE-2021-44225) + * Mon Aug 23 2021 Ryan O'Hara - 2.2.4-1 - Update to 2.2.4 (#1968596)