pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/polkit
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jan 25 19:40:46 UTC 2022
Modified Files:
pkgsrc/security/polkit: Makefile distinfo
pkgsrc/security/polkit/patches: patch-src_programs_pkexec.c
Added Files:
pkgsrc/security/polkit/patches: patch-src_programs_pkcheck.c
Log Message:
polkit: fix CVE-2021-4034
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/security/polkit/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/polkit/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/polkit/patches/patch-src_programs_pkcheck.c
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/polkit/Makefile
diff -u pkgsrc/security/polkit/Makefile:1.38 pkgsrc/security/polkit/Makefile:1.39
--- pkgsrc/security/polkit/Makefile:1.38 Wed Dec 8 16:02:35 2021
+++ pkgsrc/security/polkit/Makefile Tue Jan 25 19:40:46 2022
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.38 2021/12/08 16:02:35 adam Exp $
+# $NetBSD: Makefile,v 1.39 2022/01/25 19:40:46 wiz Exp $
DISTNAME= polkit-0.120
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= security
MASTER_SITES= http://www.freedesktop.org/software/polkit/releases/
Index: pkgsrc/security/polkit/distinfo
diff -u pkgsrc/security/polkit/distinfo:1.17 pkgsrc/security/polkit/distinfo:1.18
--- pkgsrc/security/polkit/distinfo:1.17 Mon Nov 1 10:20:48 2021
+++ pkgsrc/security/polkit/distinfo Tue Jan 25 19:40:46 2022
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2021/11/01 10:20:48 wiz Exp $
+$NetBSD: distinfo,v 1.18 2022/01/25 19:40:46 wiz Exp $
BLAKE2s (polkit-0.120.tar.gz) = d13513e4e4d643bb1f3581fe3c58d467c8f26cd33711034accee42a1546c9781
SHA512 (polkit-0.120.tar.gz) = db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
@@ -13,7 +13,8 @@ SHA1 (patch-src_polkitbackend_polkitback
SHA1 (patch-src_polkitbackend_polkitbackendinteractiveauthority.c) = dd91b4e74e6c39f24e0f5a9b3150fdac12899cb5
SHA1 (patch-src_polkitbackend_polkitbackendjsauthority.cpp) = 432a3d7d082ba6e596ba164d91408fc521b84422
SHA1 (patch-src_polkitbackend_polkitd.c) = b8e11b40e2b171d4f030eb4c4cbc6fdc7a96b2c2
-SHA1 (patch-src_programs_pkexec.c) = bfc0414c7a943c8e8b8412566a2519198eab8abd
+SHA1 (patch-src_programs_pkcheck.c) = 3dd53a15f6741b883447be4d5ccd6e86fd6b6be0
+SHA1 (patch-src_programs_pkexec.c) = c373d8e7eac1107fe056a82510fee85c4c97ea57
SHA1 (patch-src_programs_pkttyagent.c) = 2c249b61501a1ad2c077bc83fd497e45f2db69a8
SHA1 (patch-test_mocklibc_src_grp.c) = 435ff94fd4c7f5511d74d03839fad453dd841633
SHA1 (patch-test_mocklibc_src_netdb.c) = 0fe71068a6261d5e2c8874f2b4507e7e3c002526
Index: pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c
diff -u pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c:1.2 pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c:1.3
--- pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c:1.2 Sat Jun 18 12:16:23 2016
+++ pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c Tue Jan 25 19:40:46 2022
@@ -1,10 +1,14 @@
-$NetBSD: patch-src_programs_pkexec.c,v 1.2 2016/06/18 12:16:23 youri Exp $
+$NetBSD: patch-src_programs_pkexec.c,v 1.3 2022/01/25 19:40:46 wiz Exp $
-Avoid conflict with SunOS function.
+gfdwalk: Avoid conflict with SunOS function.
---- src/programs/pkexec.c.orig 2015-06-18 20:20:50.000000000 +0000
+rest:
+Fix for CVE-2021-4034.
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+
+--- src/programs/pkexec.c.orig 2018-05-31 11:52:53.000000000 +0000
+++ src/programs/pkexec.c
-@@ -247,7 +247,7 @@ set_close_on_exec (gint fd,
+@@ -245,7 +245,7 @@ set_close_on_exec (gint fd,
}
static gboolean
@@ -13,7 +17,53 @@ Avoid conflict with SunOS function.
gpointer user_data)
{
gint fd;
-@@ -922,7 +922,7 @@ main (int argc, char *argv[])
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+ pid_t pid_of_caller;
+ gpointer local_agent_handle;
+
++
++ /*
++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++ */
++ if (argc<1)
++ {
++ exit(127);
++ }
++
+ ret = 127;
+ authority = NULL;
+ subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+
+ path = g_strdup (pwstruct.pw_shell);
+ if (!path)
+- {
++ {
+ g_printerr ("No shell configured or error retrieving pw_shell\n");
+ goto out;
+- }
++ }
+ /* If you change this, be sure to change the if (!command_line)
+ case below too */
+ command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+ goto out;
+ }
+ g_free (path);
+- argv[n] = path = s;
++ path = s;
++
++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++ */
++ if (argv[n] != NULL)
++ {
++ argv[n] = path;
++ }
+ }
+ if (access (path, F_OK) != 0)
+ {
+@@ -918,7 +935,7 @@ main (int argc, char *argv[])
}
/* set close_on_exec on all file descriptors except stdin, stdout, stderr */
Added files:
Index: pkgsrc/security/polkit/patches/patch-src_programs_pkcheck.c
diff -u /dev/null pkgsrc/security/polkit/patches/patch-src_programs_pkcheck.c:1.1
--- /dev/null Tue Jan 25 19:40:46 2022
+++ pkgsrc/security/polkit/patches/patch-src_programs_pkcheck.c Tue Jan 25 19:40:46 2022
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_programs_pkcheck.c,v 1.1 2022/01/25 19:40:46 wiz Exp $
+
+Fix for CVE-2021-4034.
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+
+--- src/programs/pkcheck.c.orig 2018-05-31 11:52:53.000000000 +0000
++++ src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+ local_agent_handle = NULL;
+ ret = 126;
+
++ if (argc < 1)
++ {
++ exit(126);
++ }
++
+ /* Disable remote file access from GIO. */
+ setenv ("GIO_USE_VFS", "local", 1);
+
Home |
Main Index |
Thread Index |
Old Index