summaryrefslogtreecommitdiff
path: root/sys-auth/polkit/files
diff options
context:
space:
mode:
Diffstat (limited to 'sys-auth/polkit/files')
-rw-r--r--sys-auth/polkit/files/polkit-0.115-elogind.patch28
-rw-r--r--sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch29
-rw-r--r--sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch72
-rw-r--r--sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch78
4 files changed, 0 insertions, 207 deletions
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch
deleted file mode 100644
index 93d672015db4..000000000000
--- a/sys-auth/polkit/files/polkit-0.115-elogind.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
-From: Rasmus Thomsen <cogitri@exherbo.org>
-Date: Wed, 11 Apr 2018 13:14:14 +0200
-Subject: [PATCH] configure: fix elogind support
-
-HAVE_LIBSYSTEMD is used to determine which source files to use.
-We have to check if either have_libsystemd or have_libelogind is
-true, as both of these need the source files which are used when
-HAVE_LIBSYSTEMD is true.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 36df239..da47ecb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
-
- AC_SUBST(LIBSYSTEMD_CFLAGS)
- AC_SUBST(LIBSYSTEMD_LIBS)
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
-
- dnl ---------------------------------------------------------------------------
- dnl - systemd unit / service files
---
-2.17.0
diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
deleted file mode 100644
index 9c3ce20cf574..000000000000
--- a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://bugs.gentoo.org/794052
-
-From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Wed, 2 Jun 2021 15:43:38 +0200
-Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
-
-initial values returned if error caught
----
- src/polkit/polkitsystembusname.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
-index 8daa12c..8ed1363 100644
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
- g_main_context_iteration (tmp_context, TRUE);
-
-+ if (data.caught_error)
-+ goto out;
-+
- if (out_uid)
- *out_uid = data.uid;
- if (out_pid)
---
-GitLab
-
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
deleted file mode 100644
index 22bb71d14204..000000000000
--- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
-https://bugs.gentoo.org/832057
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
-
-From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Tue, 25 Jan 2022 17:21:46 +0000
-Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
-
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -363,6 +363,11 @@ main (int argc, char *argv[])
- local_agent_handle = NULL;
- ret = 126;
-
-+ if (argc < 1)
-+ {
-+ exit(126);
-+ }
-+
- /* Disable remote file access from GIO. */
- setenv ("GIO_USE_VFS", "local", 1);
-
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -488,6 +488,15 @@ main (int argc, char *argv[])
- pid_t pid_of_caller;
- gpointer local_agent_handle;
-
-+
-+ /*
-+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
-+ */
-+ if (argc<1)
-+ {
-+ exit(127);
-+ }
-+
- ret = 127;
- authority = NULL;
- subject = NULL;
-@@ -614,10 +623,10 @@ main (int argc, char *argv[])
-
- path = g_strdup (pwstruct.pw_shell);
- if (!path)
-- {
-+ {
- g_printerr ("No shell configured or error retrieving pw_shell\n");
- goto out;
-- }
-+ }
- /* If you change this, be sure to change the if (!command_line)
- case below too */
- command_line = g_strdup (path);
-@@ -636,7 +645,15 @@ main (int argc, char *argv[])
- goto out;
- }
- g_free (path);
-- argv[n] = path = s;
-+ path = s;
-+
-+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
-+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
-+ */
-+ if (argv[n] != NULL)
-+ {
-+ argv[n] = path;
-+ }
- }
- if (access (path, F_OK) != 0)
- {
-GitLab
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
deleted file mode 100644
index a82ce25cae03..000000000000
--- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
-https://bugs.gentoo.org/833574
-
-From: Jan Rybar <jrybar@redhat.com>
-Date: Mon, 21 Feb 2022 08:29:05 +0000
-Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix
-
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -62,6 +62,10 @@ enum
- PROP_NAME,
- };
-
-+
-+guint8 dbus_call_respond_fails; // has to be global because of callback
-+
-+
- static void subject_iface_init (PolkitSubjectIface *subject_iface);
-
- G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
-@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
- if (!v)
- {
- data->caught_error = TRUE;
-+ dbus_call_respond_fails += 1;
- }
- else
- {
-@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- tmp_context = g_main_context_new ();
- g_main_context_push_thread_default (tmp_context);
-
-+ dbus_call_respond_fails = 0;
-+
- /* Do two async calls as it's basically as fast as one sync call.
- */
- g_dbus_connection_call (connection,
-@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- on_retrieved_unix_uid_pid,
- &data);
-
-- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
-- g_main_context_iteration (tmp_context, TRUE);
-+ while (TRUE)
-+ {
-+ /* If one dbus call returns error, we must wait until the other call
-+ * calls _call_finish(), otherwise fd leak is possible.
-+ * Resolves: GHSL-2021-077
-+ */
-
-- if (data.caught_error)
-- goto out;
-+ if ( (dbus_call_respond_fails > 1) )
-+ {
-+ // we got two faults, we can leave
-+ goto out;
-+ }
-+
-+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
-+ {
-+ // we got one fault and the other call finally finished, we can leave
-+ goto out;
-+ }
-+
-+ if ( !(data.retrieved_uid && data.retrieved_pid) )
-+ {
-+ g_main_context_iteration (tmp_context, TRUE);
-+ }
-+ else
-+ {
-+ break;
-+ }
-+ }
-
- if (out_uid)
- *out_uid = data.uid;
-GitLab
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 17:54:35 +0000