From 47102d40dfc76491abd905d041d1807639638be2 Mon Sep 17 00:00:00 2001
From: Ryan O'Hara <rohara@redhat.com>
Date: Dec 14 2021 16:13:13 +0000
Subject: Fix dbus policy (#2027158, CVE-2021-44225)


---

diff --git a/bz2027158-fix-dbus-policy.patch b/bz2027158-fix-dbus-policy.patch
new file mode 100644
index 0000000..29d1fc5
--- /dev/null
+++ b/bz2027158-fix-dbus-policy.patch
@@ -0,0 +1,41 @@
+From 7977fec0be89ae6fe87405b3f8da2f0b5e415e3d Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <vincent@bernat.ch>
+Date: Tue, 23 Nov 2021 06:50:59 +0100
+Subject: [PATCH] dbus: fix policy to not be overly broad
+
+The DBus policy did not restrict the message destination, allowing any
+user to inspect and manipulate any property.
+
+Signed-off-by: Vincent Bernat <vincent@bernat.ch>
+---
+ keepalived/dbus/org.keepalived.Vrrp1.conf | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/keepalived/dbus/org.keepalived.Vrrp1.conf b/keepalived/dbus/org.keepalived.Vrrp1.conf
+index 2b78a575..b5ced608 100644
+--- a/keepalived/dbus/org.keepalived.Vrrp1.conf
++++ b/keepalived/dbus/org.keepalived.Vrrp1.conf
+@@ -3,12 +3,15 @@
+  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+ <busconfig>
+ 	<policy user="root">
+-		<allow own="org.keepalived.Vrrp1"/>
+-		<allow send_destination="org.keepalived.Vrrp1"/>
++		<allow own="org.keepalived.Vrrp1" />
++		<allow send_destination="org.keepalived.Vrrp1" />
+ 	</policy>
+ 	<policy context="default">
+-		<allow send_interface="org.freedesktop.DBus.Introspectable" />
+-		<allow send_interface="org.freedesktop.DBus.Peer" />
+-		<allow send_interface="org.freedesktop.DBus.Properties" />
++		<allow send_destination="org.keepalived.Vrrp1"
++		       send_interface="org.freedesktop.DBus.Introspectable" />
++		<allow send_destination="org.keepalived.Vrrp1"
++		       send_interface="org.freedesktop.DBus.Peer" />
++		<allow send_destination="org.keepalived.Vrrp1"
++		       send_interface="org.freedesktop.DBus.Properties" />
+ 	</policy>
+ </busconfig>
+-- 
+2.33.1
+
diff --git a/keepalived.spec b/keepalived.spec
index 13597f8..8b27078 100644
--- a/keepalived.spec
+++ b/keepalived.spec
@@ -10,13 +10,15 @@
 Name: keepalived
 Summary: High Availability monitor built upon LVS, VRRP and service pollers
 Version: 2.2.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://www.keepalived.org/
 
 Source0: http://www.keepalived.org/software/keepalived-%{version}.tar.gz
 Source1: keepalived.service
 
+Patch1: bz2027158-fix-dbus-policy.patch
+
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -56,6 +58,7 @@ infrastructures.
 
 %prep
 %setup -q
+%patch1 -p1
 
 %build
 %configure \
@@ -105,6 +108,9 @@ mkdir -p %{buildroot}%{_libexecdir}/keepalived
 %{_mandir}/man8/keepalived.8*
 
 %changelog
+* Tue Dec 14 2021 Ryan O'Hara <rohara@redhat.com> - 2.2.4-4
+- Fix dbus policy (#2027158, CVE-2021-44225)
+
 * Sat Nov 27 2021 Kevin Fenzi <kevin@scrye.com> - 2.2.4-3
 - Rebuild for new libnftnl