[pkgsrc/pkgsrc-2021Q4]: pkgsrc/security/polkit Pullup ticket #6579 - requeste...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/pkgsrc-2021Q4]: pkgsrc/security/polkit Pullup ticket #6579 - requeste...
From: bsiegert <bsiegert%pkgsrc.org@localhost>
Date: Sun, 06 Feb 2022 20:23:38 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3e0d9e6f5f0d
branches:  pkgsrc-2021Q4
changeset: 373122:3e0d9e6f5f0d
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sun Feb 06 19:13:51 2022 +0000

description:
Pullup ticket #6579 - requested by khorben
security/polkit: security fix

Revisions pulled up:
- security/polkit/Makefile                                      1.39
- security/polkit/distinfo                                      1.18
- security/polkit/patches/patch-src_programs_pkcheck.c          1.1
- security/polkit/patches/patch-src_programs_pkexec.c           1.3

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Tue Jan 25 19:40:46 UTC 2022

   Modified Files:
        pkgsrc/security/polkit: Makefile distinfo
        pkgsrc/security/polkit/patches: patch-src_programs_pkexec.c
   Added Files:
        pkgsrc/security/polkit/patches: patch-src_programs_pkcheck.c

   Log Message:
   polkit: fix CVE-2021-4034

   Bump PKGREVISION.

diffstat:

 security/polkit/Makefile                             |   4 +-
 security/polkit/distinfo                             |   5 +-
 security/polkit/patches/patch-src_programs_pkcheck.c |  19 ++++++
 security/polkit/patches/patch-src_programs_pkexec.c  |  60 ++++++++++++++++++-
 4 files changed, 79 insertions(+), 9 deletions(-)

diffs (132 lines):

diff -r 60bdc4d759b5 -r 3e0d9e6f5f0d security/polkit/Makefile
--- a/security/polkit/Makefile  Sun Feb 06 19:11:23 2022 +0000
+++ b/security/polkit/Makefile  Sun Feb 06 19:13:51 2022 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.38 2021/12/08 16:02:35 adam Exp $
+# $NetBSD: Makefile,v 1.38.2.1 2022/02/06 19:13:51 bsiegert Exp $
 
 DISTNAME=      polkit-0.120
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    security
 MASTER_SITES=  http://www.freedesktop.org/software/polkit/releases/
 
diff -r 60bdc4d759b5 -r 3e0d9e6f5f0d security/polkit/distinfo
--- a/security/polkit/distinfo  Sun Feb 06 19:11:23 2022 +0000
+++ b/security/polkit/distinfo  Sun Feb 06 19:13:51 2022 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2021/11/01 10:20:48 wiz Exp $
+$NetBSD: distinfo,v 1.17.2.1 2022/02/06 19:13:51 bsiegert Exp $
 
 BLAKE2s (polkit-0.120.tar.gz) = d13513e4e4d643bb1f3581fe3c58d467c8f26cd33711034accee42a1546c9781
 SHA512 (polkit-0.120.tar.gz) = db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
@@ -13,7 +13,8 @@
 SHA1 (patch-src_polkitbackend_polkitbackendinteractiveauthority.c) = dd91b4e74e6c39f24e0f5a9b3150fdac12899cb5
 SHA1 (patch-src_polkitbackend_polkitbackendjsauthority.cpp) = 432a3d7d082ba6e596ba164d91408fc521b84422
 SHA1 (patch-src_polkitbackend_polkitd.c) = b8e11b40e2b171d4f030eb4c4cbc6fdc7a96b2c2
-SHA1 (patch-src_programs_pkexec.c) = bfc0414c7a943c8e8b8412566a2519198eab8abd
+SHA1 (patch-src_programs_pkcheck.c) = 3dd53a15f6741b883447be4d5ccd6e86fd6b6be0
+SHA1 (patch-src_programs_pkexec.c) = c373d8e7eac1107fe056a82510fee85c4c97ea57
 SHA1 (patch-src_programs_pkttyagent.c) = 2c249b61501a1ad2c077bc83fd497e45f2db69a8
 SHA1 (patch-test_mocklibc_src_grp.c) = 435ff94fd4c7f5511d74d03839fad453dd841633
 SHA1 (patch-test_mocklibc_src_netdb.c) = 0fe71068a6261d5e2c8874f2b4507e7e3c002526
diff -r 60bdc4d759b5 -r 3e0d9e6f5f0d security/polkit/patches/patch-src_programs_pkcheck.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/polkit/patches/patch-src_programs_pkcheck.c      Sun Feb 06 19:13:51 2022 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_programs_pkcheck.c,v 1.1.2.2 2022/02/06 19:13:51 bsiegert Exp $
+
+Fix for CVE-2021-4034.
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+
+--- src/programs/pkcheck.c.orig        2018-05-31 11:52:53.000000000 +0000
++++ src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+   local_agent_handle = NULL;
+   ret = 126;
+ 
++  if (argc < 1)
++    {
++      exit(126);
++    }
++
+   /* Disable remote file access from GIO. */
+   setenv ("GIO_USE_VFS", "local", 1);
+ 
diff -r 60bdc4d759b5 -r 3e0d9e6f5f0d security/polkit/patches/patch-src_programs_pkexec.c
--- a/security/polkit/patches/patch-src_programs_pkexec.c       Sun Feb 06 19:11:23 2022 +0000
+++ b/security/polkit/patches/patch-src_programs_pkexec.c       Sun Feb 06 19:13:51 2022 +0000
@@ -1,10 +1,14 @@
-$NetBSD: patch-src_programs_pkexec.c,v 1.2 2016/06/18 12:16:23 youri Exp $
+$NetBSD: patch-src_programs_pkexec.c,v 1.2.46.1 2022/02/06 19:13:51 bsiegert Exp $
 
-Avoid conflict with SunOS function.
+gfdwalk: Avoid conflict with SunOS function.
 
---- src/programs/pkexec.c.orig 2015-06-18 20:20:50.000000000 +0000
+rest:
+Fix for CVE-2021-4034.
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+
+--- src/programs/pkexec.c.orig 2018-05-31 11:52:53.000000000 +0000
 +++ src/programs/pkexec.c
-@@ -247,7 +247,7 @@ set_close_on_exec (gint     fd,
+@@ -245,7 +245,7 @@ set_close_on_exec (gint     fd,
  }
  
  static gboolean
@@ -13,7 +17,53 @@
          gpointer   user_data)
  {
    gint fd;
-@@ -922,7 +922,7 @@ main (int argc, char *argv[])
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+   pid_t pid_of_caller;
+   gpointer local_agent_handle;
+ 
++
++  /*
++   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++   */
++  if (argc<1)
++    {
++      exit(127);
++    }
++
+   ret = 127;
+   authority = NULL;
+   subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+ 
+       path = g_strdup (pwstruct.pw_shell);
+       if (!path)
+-      {
++        {
+           g_printerr ("No shell configured or error retrieving pw_shell\n");
+           goto out;
+-      }
++        }
+       /* If you change this, be sure to change the if (!command_line)
+        case below too */
+       command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+           goto out;
+         }
+       g_free (path);
+-      argv[n] = path = s;
++      path = s;
++
++      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++       */
++      if (argv[n] != NULL)
++      {
++        argv[n] = path;
++      }
+     }
+   if (access (path, F_OK) != 0)
+     {
+@@ -918,7 +935,7 @@ main (int argc, char *argv[])
      }
  
    /* set close_on_exec on all file descriptors except stdin, stdout, stderr */

Prev by Date: [pkgsrc/pkgsrc-2021Q4]: pkgsrc/doc #6577 and #6579
Next by Date: [pkgsrc/pkgsrc-2021Q4]: pkgsrc/doc cvs commit: warning: file `doc/CHANGES-pkg...
Previous by Thread: [pkgsrc/pkgsrc-2021Q4]: pkgsrc/doc #6577 and #6579
Next by Thread: [pkgsrc/pkgsrc-2021Q4]: pkgsrc/doc cvs commit: warning: file `doc/CHANGES-pkg...
Indexes:

Home | Main Index | Thread Index | Old Index