usbguard/CVE-2019-25058-5.patch

From 23c44b90ff9a49eb6bc91210b6668519ad421865 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 6 Feb 2022 01:19:08 +0100
Subject: [PATCH] dbus: Add missing action policies

---
 src/DBus/org.usbguard.policy | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/DBus/org.usbguard.policy b/src/DBus/org.usbguard.policy
index e326c5a..4fc33c5 100644
--- a/src/DBus/org.usbguard.policy
+++ b/src/DBus/org.usbguard.policy
@@ -33,6 +33,15 @@
     </defaults>
   </action>
 
+  <action id="org.usbguard.Devices.applyDevicePolicy"
+    <description>Apply a policy to a device in USBGuard</description>
+    <message>Prevents applying a policy to a device in USBGuard</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin</allow_active>
+    </defaults>
+  </action>
+
   <action id="org.usbguard.Devices.listDevices">
     <description>List all USB devices recognized by the USBGuard deaemon</description>
     <message>Prevents listing USB devices recognized by the USBGuard daemon</message>
@@ -41,5 +50,23 @@
       <allow_active>auth_self_keep</allow_active>
     </defaults>
   </action>
+
+  <action id="org.usbguard1.getParameter">
+    <description>Get the value of a runtime parameter</description>
+    <message>Prevents getting values of runtime USBGuard parameters</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_self_keep</allow_active>
+    </defaults>
+  </action>
+
+  <action id="org.usbguard1.setParameter">
+    <description>Set the value of a runtime parameter</description>
+    <message>Prevents setting values of runtime USBGuard parameters</message>
+    <defaults>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin</allow_active>
+    </defaults>
+  </action>
 </policyconfig>
 
-- 
2.23.0
Fix CVE-2019-25058 2022-03-07 17:36:22 +08:00			`From 23c44b90ff9a49eb6bc91210b6668519ad421865 Mon Sep 17 00:00:00 2001`
			`From: Sebastian Pipping <sebastian@pipping.org>`
			`Date: Sun, 6 Feb 2022 01:19:08 +0100`
			`Subject: [PATCH] dbus: Add missing action policies`

			`---`
			`src/DBus/org.usbguard.policy \| 27 +++++++++++++++++++++++++++`
			`1 file changed, 27 insertions(+)`

			`diff --git a/src/DBus/org.usbguard.policy b/src/DBus/org.usbguard.policy`
			`index e326c5a..4fc33c5 100644`
			`--- a/src/DBus/org.usbguard.policy`
			`+++ b/src/DBus/org.usbguard.policy`
			`@@ -33,6 +33,15 @@`
			`</defaults>`
			`</action>`

			`+ <action id="org.usbguard.Devices.applyDevicePolicy"`
			`+ <description>Apply a policy to a device in USBGuard</description>`
			`+ <message>Prevents applying a policy to a device in USBGuard</message>`
			`+ <defaults>`
			`+ <allow_inactive>no</allow_inactive>`
			`+ <allow_active>auth_admin</allow_active>`
			`+ </defaults>`
			`+ </action>`
			`+`
			`<action id="org.usbguard.Devices.listDevices">`
			`<description>List all USB devices recognized by the USBGuard deaemon</description>`
			`<message>Prevents listing USB devices recognized by the USBGuard daemon</message>`
			`@@ -41,5 +50,23 @@`
			`<allow_active>auth_self_keep</allow_active>`
			`</defaults>`
			`</action>`
			`+`
			`+ <action id="org.usbguard1.getParameter">`
			`+ <description>Get the value of a runtime parameter</description>`
			`+ <message>Prevents getting values of runtime USBGuard parameters</message>`
			`+ <defaults>`
			`+ <allow_inactive>no</allow_inactive>`
			`+ <allow_active>auth_self_keep</allow_active>`
			`+ </defaults>`
			`+ </action>`
			`+`
			`+ <action id="org.usbguard1.setParameter">`
			`+ <description>Set the value of a runtime parameter</description>`
			`+ <message>Prevents setting values of runtime USBGuard parameters</message>`
			`+ <defaults>`
			`+ <allow_inactive>no</allow_inactive>`
			`+ <allow_active>auth_admin</allow_active>`
			`+ </defaults>`
			`+ </action>`
			`</policyconfig>`

			`--`
			`2.23.0`