packages/polkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2021-3560

Browse Source
This commit is contained in:
panxiaohe 2021-06-15 11:34:39 +08:00
parent 9b5ed8f464
commit 72577fdeb0
2 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
backport-CVE-2021-3560.patch Normal file
View File

@ -0,0 +1,27 @@
From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
From: Jan Rybar <jrybar@redhat.com>
Date: Wed, 2 Jun 2021 15:43:38 +0200
Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
initial values returned if error caught
---
src/polkit/polkitsystembusname.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
index 8daa12c..8ed1363 100644
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
g_main_context_iteration (tmp_context, TRUE);
+ if (data.caught_error)
+ goto out;
+
if (out_uid)
*out_uid = data.uid;
if (out_pid)
--
GitLab

8
polkit.spec
View File

@ -1,6 +1,6 @@
Name: polkit Name: polkit
Version: 0.116 Version: 0.116
Release: 6 Release: 7
Summary: Define and Handle authorizations tool Summary: Define and Handle authorizations tool
License: LGPLv2+ and Apache 2.0 License: LGPLv2+ and Apache 2.0
URL: http://www.freedesktop.org/wiki/Software/polkit URL: http://www.freedesktop.org/wiki/Software/polkit
@ -8,7 +8,8 @@ Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
Source2: 10-shutdown.rules Source2: 10-shutdown.rules
Patch9000: modify-admin-authorization-from-wheel-group-to-root.patch Patch0: modify-admin-authorization-from-wheel-group-to-root.patch
Patch1: backport-CVE-2021-3560.patch
BuildRequires: gcc-c++ glib2-devel >= 2.30.0 expat-devel pam-devel gtk-doc intltool BuildRequires: gcc-c++ glib2-devel >= 2.30.0 expat-devel pam-devel gtk-doc intltool
BuildRequires: gobject-introspection-devel systemd systemd-devel pkgconfig(mozjs-60) BuildRequires: gobject-introspection-devel systemd systemd-devel pkgconfig(mozjs-60)
@ -127,6 +128,9 @@ exit 0
%{_datadir}/man/man8/* %{_datadir}/man/man8/*
%changelog %changelog
* Tue Jun 15 2021 panxiaohe <panxiaohe@huawei.com> - 0.116-7
- Fix CVE-2021-3560
* Tue Feb 9 2021 Steven Y.Gui <steven_ygui@163.com> - 0.116-6 * Tue Feb 9 2021 Steven Y.Gui <steven_ygui@163.com> - 0.116-6
- Rebuild with new version number - Rebuild with new version number