1 files changed, 32 insertions, 0 deletions

diff --git a/debian/patches/shared-bus-util-drop-trusted-annotation-from-bus_open_sys.patch b/debian/patches/shared-bus-util-drop-trusted-annotation-from-bus_open_sys.patch
new file mode 100644
index 0000000..bd736b6
--- /dev/null
+++ b/debian/patches/shared-bus-util-drop-trusted-annotation-from-bus_open_sys.patch
@@ -0,0 +1,32 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 27 Aug 2019 19:00:34 +0200
+Subject: shared/bus-util: drop trusted annotation from
+ bus_open_system_watch_bind_with_description()
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1746057
+
+This only affects systemd-resolved. bus_open_system_watch_bind_with_description()
+is also used in timesyncd, but it has no methods, only read-only properties, and
+in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does
+polkit checks.
+
+(cherry picked from commit 35e528018f315798d3bffcb592b32a0d8f5162bd)
+---
+ src/shared/bus-util.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
+index cbcf698..9d31fba 100644
+--- a/src/shared/bus-util.c
++++ b/src/shared/bus-util.c
+@@ -1696,10 +1696,6 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri
+         if (r < 0)
+                 return r;
+ 
+-        r = sd_bus_set_trusted(bus, true);
+-        if (r < 0)
+-                return r;
+-
+         r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS);
+         if (r < 0)
+                 return r;