pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/polkit polkit: fix CVE-2021-4034
details: https://anonhg.NetBSD.org/pkgsrc/rev/7691b4a8b5e9
branches: trunk
changeset: 372507:7691b4a8b5e9
user: wiz <wiz%pkgsrc.org@localhost>
date: Tue Jan 25 19:40:46 2022 +0000
description:
polkit: fix CVE-2021-4034
Bump PKGREVISION.
diffstat:
security/polkit/Makefile | 4 +-
security/polkit/distinfo | 5 +-
security/polkit/patches/patch-src_programs_pkcheck.c | 19 ++++++
security/polkit/patches/patch-src_programs_pkexec.c | 60 ++++++++++++++++++-
4 files changed, 79 insertions(+), 9 deletions(-)
diffs (132 lines):
diff -r e44ebf381b9a -r 7691b4a8b5e9 security/polkit/Makefile
--- a/security/polkit/Makefile Tue Jan 25 19:40:02 2022 +0000
+++ b/security/polkit/Makefile Tue Jan 25 19:40:46 2022 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.38 2021/12/08 16:02:35 adam Exp $
+# $NetBSD: Makefile,v 1.39 2022/01/25 19:40:46 wiz Exp $
DISTNAME= polkit-0.120
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= security
MASTER_SITES= http://www.freedesktop.org/software/polkit/releases/
diff -r e44ebf381b9a -r 7691b4a8b5e9 security/polkit/distinfo
--- a/security/polkit/distinfo Tue Jan 25 19:40:02 2022 +0000
+++ b/security/polkit/distinfo Tue Jan 25 19:40:46 2022 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2021/11/01 10:20:48 wiz Exp $
+$NetBSD: distinfo,v 1.18 2022/01/25 19:40:46 wiz Exp $
BLAKE2s (polkit-0.120.tar.gz) = d13513e4e4d643bb1f3581fe3c58d467c8f26cd33711034accee42a1546c9781
SHA512 (polkit-0.120.tar.gz) = db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
@@ -13,7 +13,8 @@
SHA1 (patch-src_polkitbackend_polkitbackendinteractiveauthority.c) = dd91b4e74e6c39f24e0f5a9b3150fdac12899cb5
SHA1 (patch-src_polkitbackend_polkitbackendjsauthority.cpp) = 432a3d7d082ba6e596ba164d91408fc521b84422
SHA1 (patch-src_polkitbackend_polkitd.c) = b8e11b40e2b171d4f030eb4c4cbc6fdc7a96b2c2
-SHA1 (patch-src_programs_pkexec.c) = bfc0414c7a943c8e8b8412566a2519198eab8abd
+SHA1 (patch-src_programs_pkcheck.c) = 3dd53a15f6741b883447be4d5ccd6e86fd6b6be0
+SHA1 (patch-src_programs_pkexec.c) = c373d8e7eac1107fe056a82510fee85c4c97ea57
SHA1 (patch-src_programs_pkttyagent.c) = 2c249b61501a1ad2c077bc83fd497e45f2db69a8
SHA1 (patch-test_mocklibc_src_grp.c) = 435ff94fd4c7f5511d74d03839fad453dd841633
SHA1 (patch-test_mocklibc_src_netdb.c) = 0fe71068a6261d5e2c8874f2b4507e7e3c002526
diff -r e44ebf381b9a -r 7691b4a8b5e9 security/polkit/patches/patch-src_programs_pkcheck.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/polkit/patches/patch-src_programs_pkcheck.c Tue Jan 25 19:40:46 2022 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_programs_pkcheck.c,v 1.1 2022/01/25 19:40:46 wiz Exp $
+
+Fix for CVE-2021-4034.
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+
+--- src/programs/pkcheck.c.orig 2018-05-31 11:52:53.000000000 +0000
++++ src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+ local_agent_handle = NULL;
+ ret = 126;
+
++ if (argc < 1)
++ {
++ exit(126);
++ }
++
+ /* Disable remote file access from GIO. */
+ setenv ("GIO_USE_VFS", "local", 1);
+
diff -r e44ebf381b9a -r 7691b4a8b5e9 security/polkit/patches/patch-src_programs_pkexec.c
--- a/security/polkit/patches/patch-src_programs_pkexec.c Tue Jan 25 19:40:02 2022 +0000
+++ b/security/polkit/patches/patch-src_programs_pkexec.c Tue Jan 25 19:40:46 2022 +0000
@@ -1,10 +1,14 @@
-$NetBSD: patch-src_programs_pkexec.c,v 1.2 2016/06/18 12:16:23 youri Exp $
+$NetBSD: patch-src_programs_pkexec.c,v 1.3 2022/01/25 19:40:46 wiz Exp $
-Avoid conflict with SunOS function.
+gfdwalk: Avoid conflict with SunOS function.
---- src/programs/pkexec.c.orig 2015-06-18 20:20:50.000000000 +0000
+rest:
+Fix for CVE-2021-4034.
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+
+--- src/programs/pkexec.c.orig 2018-05-31 11:52:53.000000000 +0000
+++ src/programs/pkexec.c
-@@ -247,7 +247,7 @@ set_close_on_exec (gint fd,
+@@ -245,7 +245,7 @@ set_close_on_exec (gint fd,
}
static gboolean
@@ -13,7 +17,53 @@
gpointer user_data)
{
gint fd;
-@@ -922,7 +922,7 @@ main (int argc, char *argv[])
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+ pid_t pid_of_caller;
+ gpointer local_agent_handle;
+
++
++ /*
++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++ */
++ if (argc<1)
++ {
++ exit(127);
++ }
++
+ ret = 127;
+ authority = NULL;
+ subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+
+ path = g_strdup (pwstruct.pw_shell);
+ if (!path)
+- {
++ {
+ g_printerr ("No shell configured or error retrieving pw_shell\n");
+ goto out;
+- }
++ }
+ /* If you change this, be sure to change the if (!command_line)
+ case below too */
+ command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+ goto out;
+ }
+ g_free (path);
+- argv[n] = path = s;
++ path = s;
++
++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++ */
++ if (argv[n] != NULL)
++ {
++ argv[n] = path;
++ }
+ }
+ if (access (path, F_OK) != 0)
+ {
+@@ -918,7 +935,7 @@ main (int argc, char *argv[])
}
/* set close_on_exec on all file descriptors except stdin, stdout, stderr */
Home |
Main Index |
Thread Index |
Old Index