diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2022-02-06 19:13:51 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2022-02-06 19:13:51 +0000 |
commit | 0a80cbec851990599c43041e8364619c0e1224b8 (patch) | |
tree | 79f66ab67cfc1ba7c107c4e83c91f5d751827ec9 | |
parent | 7c91b8a28963c8d3b88b888fe424e6d4bcd3b622 (diff) | |
download | pkgsrc-0a80cbec851990599c43041e8364619c0e1224b8.tar.gz |
Pullup ticket #6579 - requested by khorben
security/polkit: security fix
Revisions pulled up:
- security/polkit/Makefile 1.39
- security/polkit/distinfo 1.18
- security/polkit/patches/patch-src_programs_pkcheck.c 1.1
- security/polkit/patches/patch-src_programs_pkexec.c 1.3
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jan 25 19:40:46 UTC 2022
Modified Files:
pkgsrc/security/polkit: Makefile distinfo
pkgsrc/security/polkit/patches: patch-src_programs_pkexec.c
Added Files:
pkgsrc/security/polkit/patches: patch-src_programs_pkcheck.c
Log Message:
polkit: fix CVE-2021-4034
Bump PKGREVISION.
-rw-r--r-- | security/polkit/Makefile | 4 | ||||
-rw-r--r-- | security/polkit/distinfo | 5 | ||||
-rw-r--r-- | security/polkit/patches/patch-src_programs_pkcheck.c | 19 | ||||
-rw-r--r-- | security/polkit/patches/patch-src_programs_pkexec.c | 60 |
4 files changed, 79 insertions, 9 deletions
diff --git a/security/polkit/Makefile b/security/polkit/Makefile index 7a5a7a3bd28..12bc4fab6da 100644 --- a/security/polkit/Makefile +++ b/security/polkit/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.38 2021/12/08 16:02:35 adam Exp $ +# $NetBSD: Makefile,v 1.38.2.1 2022/02/06 19:13:51 bsiegert Exp $ DISTNAME= polkit-0.120 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security MASTER_SITES= http://www.freedesktop.org/software/polkit/releases/ diff --git a/security/polkit/distinfo b/security/polkit/distinfo index d13e452213f..46cdf711502 100644 --- a/security/polkit/distinfo +++ b/security/polkit/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.17 2021/11/01 10:20:48 wiz Exp $ +$NetBSD: distinfo,v 1.17.2.1 2022/02/06 19:13:51 bsiegert Exp $ BLAKE2s (polkit-0.120.tar.gz) = d13513e4e4d643bb1f3581fe3c58d467c8f26cd33711034accee42a1546c9781 SHA512 (polkit-0.120.tar.gz) = db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46 @@ -13,7 +13,8 @@ SHA1 (patch-src_polkitbackend_polkitbackendduktapeauthority.c) = a80ba55ecd4726f SHA1 (patch-src_polkitbackend_polkitbackendinteractiveauthority.c) = dd91b4e74e6c39f24e0f5a9b3150fdac12899cb5 SHA1 (patch-src_polkitbackend_polkitbackendjsauthority.cpp) = 432a3d7d082ba6e596ba164d91408fc521b84422 SHA1 (patch-src_polkitbackend_polkitd.c) = b8e11b40e2b171d4f030eb4c4cbc6fdc7a96b2c2 -SHA1 (patch-src_programs_pkexec.c) = bfc0414c7a943c8e8b8412566a2519198eab8abd +SHA1 (patch-src_programs_pkcheck.c) = 3dd53a15f6741b883447be4d5ccd6e86fd6b6be0 +SHA1 (patch-src_programs_pkexec.c) = c373d8e7eac1107fe056a82510fee85c4c97ea57 SHA1 (patch-src_programs_pkttyagent.c) = 2c249b61501a1ad2c077bc83fd497e45f2db69a8 SHA1 (patch-test_mocklibc_src_grp.c) = 435ff94fd4c7f5511d74d03839fad453dd841633 SHA1 (patch-test_mocklibc_src_netdb.c) = 0fe71068a6261d5e2c8874f2b4507e7e3c002526 diff --git a/security/polkit/patches/patch-src_programs_pkcheck.c b/security/polkit/patches/patch-src_programs_pkcheck.c new file mode 100644 index 00000000000..9a68e14c4e5 --- /dev/null +++ b/security/polkit/patches/patch-src_programs_pkcheck.c @@ -0,0 +1,19 @@ +$NetBSD: patch-src_programs_pkcheck.c,v 1.1.2.2 2022/02/06 19:13:51 bsiegert Exp $ + +Fix for CVE-2021-4034. +https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 + +--- src/programs/pkcheck.c.orig 2018-05-31 11:52:53.000000000 +0000 ++++ src/programs/pkcheck.c +@@ -363,6 +363,11 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ if (argc < 1) ++ { ++ exit(126); ++ } ++ + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + diff --git a/security/polkit/patches/patch-src_programs_pkexec.c b/security/polkit/patches/patch-src_programs_pkexec.c index d853c3ff39f..29169a50a30 100644 --- a/security/polkit/patches/patch-src_programs_pkexec.c +++ b/security/polkit/patches/patch-src_programs_pkexec.c @@ -1,10 +1,14 @@ -$NetBSD: patch-src_programs_pkexec.c,v 1.2 2016/06/18 12:16:23 youri Exp $ +$NetBSD: patch-src_programs_pkexec.c,v 1.2.46.1 2022/02/06 19:13:51 bsiegert Exp $ -Avoid conflict with SunOS function. +gfdwalk: Avoid conflict with SunOS function. ---- src/programs/pkexec.c.orig 2015-06-18 20:20:50.000000000 +0000 +rest: +Fix for CVE-2021-4034. +https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 + +--- src/programs/pkexec.c.orig 2018-05-31 11:52:53.000000000 +0000 +++ src/programs/pkexec.c -@@ -247,7 +247,7 @@ set_close_on_exec (gint fd, +@@ -245,7 +245,7 @@ set_close_on_exec (gint fd, } static gboolean @@ -13,7 +17,53 @@ Avoid conflict with SunOS function. gpointer user_data) { gint fd; -@@ -922,7 +922,7 @@ main (int argc, char *argv[]) +@@ -488,6 +488,15 @@ main (int argc, char *argv[]) + pid_t pid_of_caller; + gpointer local_agent_handle; + ++ ++ /* ++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. ++ */ ++ if (argc<1) ++ { ++ exit(127); ++ } ++ + ret = 127; + authority = NULL; + subject = NULL; +@@ -614,10 +623,10 @@ main (int argc, char *argv[]) + + path = g_strdup (pwstruct.pw_shell); + if (!path) +- { ++ { + g_printerr ("No shell configured or error retrieving pw_shell\n"); + goto out; +- } ++ } + /* If you change this, be sure to change the if (!command_line) + case below too */ + command_line = g_strdup (path); +@@ -636,7 +645,15 @@ main (int argc, char *argv[]) + goto out; + } + g_free (path); +- argv[n] = path = s; ++ path = s; ++ ++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. ++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination ++ */ ++ if (argv[n] != NULL) ++ { ++ argv[n] = path; ++ } + } + if (access (path, F_OK) != 0) + { +@@ -918,7 +935,7 @@ main (int argc, char *argv[]) } /* set close_on_exec on all file descriptors except stdin, stdout, stderr */ |