CVS commit: [pkgsrc-2021Q4] pkgsrc/security/polkit

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2021Q4] pkgsrc/security/polkit
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Sun, 6 Feb 2022 19:13:51 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sun Feb  6 19:13:51 UTC 2022

Modified Files:
        pkgsrc/security/polkit [pkgsrc-2021Q4]: Makefile distinfo
        pkgsrc/security/polkit/patches [pkgsrc-2021Q4]:
            patch-src_programs_pkexec.c
Added Files:
        pkgsrc/security/polkit/patches [pkgsrc-2021Q4]:
            patch-src_programs_pkcheck.c

Log Message:
Pullup ticket #6579 - requested by khorben
security/polkit: security fix

Revisions pulled up:
- security/polkit/Makefile                                      1.39
- security/polkit/distinfo                                      1.18
- security/polkit/patches/patch-src_programs_pkcheck.c          1.1
- security/polkit/patches/patch-src_programs_pkexec.c           1.3

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Tue Jan 25 19:40:46 UTC 2022

   Modified Files:
        pkgsrc/security/polkit: Makefile distinfo
        pkgsrc/security/polkit/patches: patch-src_programs_pkexec.c
   Added Files:
        pkgsrc/security/polkit/patches: patch-src_programs_pkcheck.c

   Log Message:
   polkit: fix CVE-2021-4034

   Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.38.2.1 pkgsrc/security/polkit/Makefile
cvs rdiff -u -r1.17 -r1.17.2.1 pkgsrc/security/polkit/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/security/polkit/patches/patch-src_programs_pkcheck.c
cvs rdiff -u -r1.2 -r1.2.46.1 \
    pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/polkit/Makefile
diff -u pkgsrc/security/polkit/Makefile:1.38 pkgsrc/security/polkit/Makefile:1.38.2.1
--- pkgsrc/security/polkit/Makefile:1.38        Wed Dec  8 16:02:35 2021
+++ pkgsrc/security/polkit/Makefile     Sun Feb  6 19:13:51 2022
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.38 2021/12/08 16:02:35 adam Exp $
+# $NetBSD: Makefile,v 1.38.2.1 2022/02/06 19:13:51 bsiegert Exp $
 
 DISTNAME=      polkit-0.120
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    security
 MASTER_SITES=  http://www.freedesktop.org/software/polkit/releases/
 

Index: pkgsrc/security/polkit/distinfo
diff -u pkgsrc/security/polkit/distinfo:1.17 pkgsrc/security/polkit/distinfo:1.17.2.1
--- pkgsrc/security/polkit/distinfo:1.17        Mon Nov  1 10:20:48 2021
+++ pkgsrc/security/polkit/distinfo     Sun Feb  6 19:13:51 2022
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2021/11/01 10:20:48 wiz Exp $
+$NetBSD: distinfo,v 1.17.2.1 2022/02/06 19:13:51 bsiegert Exp $
 
 BLAKE2s (polkit-0.120.tar.gz) = d13513e4e4d643bb1f3581fe3c58d467c8f26cd33711034accee42a1546c9781
 SHA512 (polkit-0.120.tar.gz) = db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
@@ -13,7 +13,8 @@ SHA1 (patch-src_polkitbackend_polkitback
 SHA1 (patch-src_polkitbackend_polkitbackendinteractiveauthority.c) = dd91b4e74e6c39f24e0f5a9b3150fdac12899cb5
 SHA1 (patch-src_polkitbackend_polkitbackendjsauthority.cpp) = 432a3d7d082ba6e596ba164d91408fc521b84422
 SHA1 (patch-src_polkitbackend_polkitd.c) = b8e11b40e2b171d4f030eb4c4cbc6fdc7a96b2c2
-SHA1 (patch-src_programs_pkexec.c) = bfc0414c7a943c8e8b8412566a2519198eab8abd
+SHA1 (patch-src_programs_pkcheck.c) = 3dd53a15f6741b883447be4d5ccd6e86fd6b6be0
+SHA1 (patch-src_programs_pkexec.c) = c373d8e7eac1107fe056a82510fee85c4c97ea57
 SHA1 (patch-src_programs_pkttyagent.c) = 2c249b61501a1ad2c077bc83fd497e45f2db69a8
 SHA1 (patch-test_mocklibc_src_grp.c) = 435ff94fd4c7f5511d74d03839fad453dd841633
 SHA1 (patch-test_mocklibc_src_netdb.c) = 0fe71068a6261d5e2c8874f2b4507e7e3c002526

Index: pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c
diff -u pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c:1.2 pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c:1.2.46.1
--- pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c:1.2      Sat Jun 18 12:16:23 2016
+++ pkgsrc/security/polkit/patches/patch-src_programs_pkexec.c  Sun Feb  6 19:13:51 2022
@@ -1,10 +1,14 @@
-$NetBSD: patch-src_programs_pkexec.c,v 1.2 2016/06/18 12:16:23 youri Exp $
+$NetBSD: patch-src_programs_pkexec.c,v 1.2.46.1 2022/02/06 19:13:51 bsiegert Exp $
 
-Avoid conflict with SunOS function.
+gfdwalk: Avoid conflict with SunOS function.
 
---- src/programs/pkexec.c.orig 2015-06-18 20:20:50.000000000 +0000
+rest:
+Fix for CVE-2021-4034.
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+
+--- src/programs/pkexec.c.orig 2018-05-31 11:52:53.000000000 +0000
 +++ src/programs/pkexec.c
-@@ -247,7 +247,7 @@ set_close_on_exec (gint     fd,
+@@ -245,7 +245,7 @@ set_close_on_exec (gint     fd,
  }
  
  static gboolean
@@ -13,7 +17,53 @@ Avoid conflict with SunOS function.
          gpointer   user_data)
  {
    gint fd;
-@@ -922,7 +922,7 @@ main (int argc, char *argv[])
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+   pid_t pid_of_caller;
+   gpointer local_agent_handle;
+ 
++
++  /*
++   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++   */
++  if (argc<1)
++    {
++      exit(127);
++    }
++
+   ret = 127;
+   authority = NULL;
+   subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+ 
+       path = g_strdup (pwstruct.pw_shell);
+       if (!path)
+-      {
++        {
+           g_printerr ("No shell configured or error retrieving pw_shell\n");
+           goto out;
+-      }
++        }
+       /* If you change this, be sure to change the if (!command_line)
+        case below too */
+       command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+           goto out;
+         }
+       g_free (path);
+-      argv[n] = path = s;
++      path = s;
++
++      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++       */
++      if (argv[n] != NULL)
++      {
++        argv[n] = path;
++      }
+     }
+   if (access (path, F_OK) != 0)
+     {
+@@ -918,7 +935,7 @@ main (int argc, char *argv[])
      }
  
    /* set close_on_exec on all file descriptors except stdin, stdout, stderr */

Added files:

Index: pkgsrc/security/polkit/patches/patch-src_programs_pkcheck.c
diff -u /dev/null pkgsrc/security/polkit/patches/patch-src_programs_pkcheck.c:1.1.2.2
--- /dev/null   Sun Feb  6 19:13:51 2022
+++ pkgsrc/security/polkit/patches/patch-src_programs_pkcheck.c Sun Feb  6 19:13:51 2022
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_programs_pkcheck.c,v 1.1.2.2 2022/02/06 19:13:51 bsiegert Exp $
+
+Fix for CVE-2021-4034.
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+
+--- src/programs/pkcheck.c.orig        2018-05-31 11:52:53.000000000 +0000
++++ src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+   local_agent_handle = NULL;
+   ret = 126;
+ 
++  if (argc < 1)
++    {
++      exit(126);
++    }
++
+   /* Disable remote file access from GIO. */
+   setenv ("GIO_USE_VFS", "local", 1);
+

Prev by Date: CVS commit: [pkgsrc-2021Q4] pkgsrc/net/samba4
Next by Date: CVS commit: [pkgsrc-2021Q4] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2021Q4] pkgsrc/net/samba4
Next by Thread: CVS commit: [pkgsrc-2021Q4] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index