Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package polkit for openSUSE:Factory checked in at 2026-03-28 20:12:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polkit (Old) and /work/SRC/openSUSE:Factory/.polkit.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit" Sat Mar 28 20:12:26 2026 rev:99 rq:1343216 version:127 Changes: -------- --- /work/SRC/openSUSE:Factory/polkit/polkit.changes 2026-01-22 15:12:17.953541874 +0100 +++ /work/SRC/openSUSE:Factory/.polkit.new.8177/polkit.changes 2026-03-28 20:12:36.899600148 +0100 @@ -1,0 +2,6 @@ +Fri Mar 27 14:19:04 UTC 2026 - Marcus Meissner <[email protected]> + +- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859) + polkit-fix-oom-cookie-read.patch + +------------------------------------------------------------------- @@ -18,0 +25,2 @@ +- CVE-2025-7519: Fixed that a XML policy file with a large number of + nested elements may lead to crash (bsc#1246472) @@ -22,0 +31 @@ +- removed 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch: upstream New: ---- polkit-fix-oom-cookie-read.patch ----------(New B)---------- New:- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859) polkit-fix-oom-cookie-read.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit.spec ++++++ --- /var/tmp/diff_new_pack.jHDsLl/_old 2026-03-28 20:12:37.479624086 +0100 +++ /var/tmp/diff_new_pack.jHDsLl/_new 2026-03-28 20:12:37.483624251 +0100 @@ -48,6 +48,9 @@ # PATCH-FIX-OPENSUSE polkit-adjust-libexec-path.patch -- Adjust path to polkit-agent-helper-1 (bsc#1180474) Patch4: polkit-adjust-libexec-path.patch +# PATCH-FIX-OPENSUSE polkit-fix-oom-cookie-read.patch -- bsc#1260859 ... use a limited getline buffer to avoid endless reads +Patch5: polkit-fix-oom-cookie-read.patch + BuildRequires: gcc-c++ BuildRequires: gettext-devel BuildRequires: gtk-doc ++++++ polkit-fix-oom-cookie-read.patch ++++++ Index: polkit-127/src/polkitagent/polkitagenthelperprivate.c =================================================================== --- polkit-127.orig/src/polkitagent/polkitagenthelperprivate.c +++ polkit-127/src/polkitagent/polkitagenthelperprivate.c @@ -48,6 +48,7 @@ _polkit_clearenv (void) char * read_cookie (int argc, char **argv) { + char buf[200]; /* As part of CVE-2015-4625, we started passing the cookie * on standard input, to ensure it's not visible to other * processes. However, to ensure that things continue @@ -59,19 +60,18 @@ read_cookie (int argc, char **argv) return strdup (argv[2]); else { - char *ret = NULL; - size_t n = 0; + char *ret = buf; + size_t n = sizeof(buf); ssize_t r = getline (&ret, &n, stdin); if (r == -1) { if (!feof (stdin)) perror ("getline"); - free (ret); return NULL; } else { - g_strchomp (ret); + g_strchomp (strdup(ret)); return ret; } }
