import keepalived-2.2.4-2.el9
This commit is contained in:
parent
0cc12aec83
commit
faa66c3673
41
SOURCES/bz2028351-fix-dbus-policy-restrictions.patch
Normal file
41
SOURCES/bz2028351-fix-dbus-policy-restrictions.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 763eaa49343acdda5ff359012e8cc49c9ffc8e81 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vincent Bernat <vincent@bernat.ch>
|
||||||
|
Date: Tue, 23 Nov 2021 06:50:59 +0100
|
||||||
|
Subject: [PATCH] dbus: fix policy to not be overly broad
|
||||||
|
|
||||||
|
The DBus policy did not restrict the message destination, allowing any
|
||||||
|
user to inspect and manipulate any property.
|
||||||
|
|
||||||
|
Signed-off-by: Vincent Bernat <vincent@bernat.ch>
|
||||||
|
---
|
||||||
|
keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
|
||||||
|
1 file changed, 8 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
|
||||||
|
index 2b78a575..b5ced608 100644
|
||||||
|
--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
|
||||||
|
+++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
|
||||||
|
@@ -3,12 +3,15 @@
|
||||||
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||||
|
<busconfig>
|
||||||
|
<policy user="root">
|
||||||
|
- <allow own="org.keepalived.Vrrp1"/>
|
||||||
|
- <allow send_destination="org.keepalived.Vrrp1"/>
|
||||||
|
+ <allow own="org.keepalived.Vrrp1" />
|
||||||
|
+ <allow send_destination="org.keepalived.Vrrp1" />
|
||||||
|
</policy>
|
||||||
|
<policy context="default">
|
||||||
|
- <allow send_interface="org.freedesktop.DBus.Introspectable" />
|
||||||
|
- <allow send_interface="org.freedesktop.DBus.Peer" />
|
||||||
|
- <allow send_interface="org.freedesktop.DBus.Properties" />
|
||||||
|
+ <allow send_destination="org.keepalived.Vrrp1"
|
||||||
|
+ send_interface="org.freedesktop.DBus.Introspectable" />
|
||||||
|
+ <allow send_destination="org.keepalived.Vrrp1"
|
||||||
|
+ send_interface="org.freedesktop.DBus.Peer" />
|
||||||
|
+ <allow send_destination="org.keepalived.Vrrp1"
|
||||||
|
+ send_interface="org.freedesktop.DBus.Properties" />
|
||||||
|
</policy>
|
||||||
|
</busconfig>
|
||||||
|
--
|
||||||
|
2.33.1
|
||||||
|
|
@ -10,13 +10,15 @@
|
|||||||
Name: keepalived
|
Name: keepalived
|
||||||
Summary: High Availability monitor built upon LVS, VRRP and service pollers
|
Summary: High Availability monitor built upon LVS, VRRP and service pollers
|
||||||
Version: 2.2.4
|
Version: 2.2.4
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://www.keepalived.org/
|
URL: http://www.keepalived.org/
|
||||||
|
|
||||||
Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
|
Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
|
||||||
Source1: keepalived.service
|
Source1: keepalived.service
|
||||||
|
|
||||||
|
Patch1: bz2028351-fix-dbus-policy-restrictions.patch
|
||||||
|
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
@ -56,6 +58,7 @@ infrastructures.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
@ -105,6 +108,9 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
|
|||||||
%{_mandir}/man8/keepalived.8*
|
%{_mandir}/man8/keepalived.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 21 2022 Ryan O'Hara <rohara@redhat.com> - 2.2.4-2
|
||||||
|
- Fix DBus policy restrictions (#2028351, CVE-2021-44225)
|
||||||
|
|
||||||
* Mon Aug 23 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.4-1
|
* Mon Aug 23 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.4-1
|
||||||
- Update to 2.2.4 (#1968596)
|
- Update to 2.2.4 (#1968596)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user