Hello community, here is the log from the commit of package rtkit for openSUSE:13.1 checked in at 2013-09-29 17:52:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/rtkit (Old) and /work/SRC/openSUSE:13.1/.rtkit.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rtkit" Changes: -------- --- /work/SRC/openSUSE:13.1/rtkit/rtkit.changes 2013-09-23 11:08:08.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.rtkit.new/rtkit.changes 2013-09-29 17:52:09.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Sep 27 22:21:16 UTC 2013 - [email protected] + +- Add rtkit-bnc836939.patch + Fix bnc#836939 - use of insecure polkit DBUS API. CVE-2013-4326 + +------------------------------------------------------------------- New: ---- rtkit-bnc836939.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rtkit.spec ++++++ --- /var/tmp/diff_new_pack.8my34t/_old 2013-09-29 17:52:09.000000000 +0200 +++ /var/tmp/diff_new_pack.8my34t/_new 2013-09-29 17:52:09.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package rtkit # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -39,6 +39,8 @@ %define has_systemd 1 %endif Patch0: rtkit-use-system-sd-daemon.patch +# PATCH-FIX-UPSTREAM rtkit-bnc836939.patch [email protected] -- use of insecure polkit DBUS API +Patch1: rtkit-bnc836939.patch %description RealtimeKit is a D-Bus system service that changes the @@ -50,6 +52,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build autoreconf -fiv ++++++ rtkit-bnc836939.patch ++++++ commit 88d4082ef6caf6b071d749dca1c50e7edde914cc Author: Colin Walters <[email protected]> Date: Thu Aug 22 16:05:22 2013 -0400 Pass uid of caller to polkit Otherwise, we force polkit to look up the uid itself in /proc, which is racy if they execve() a setuid binary. diff --git a/rtkit-daemon.c b/rtkit-daemon.c index 2ebe673..3ecc1f7 100644 --- a/rtkit-daemon.c +++ b/rtkit-daemon.c @@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process DBusMessage *m = NULL, *r = NULL; const char *unix_process = "unix-process"; const char *pid = "pid"; + const char *uid = "uid"; const char *start_time = "start-time"; const char *cancel_id = ""; uint32_t flags = 0; uint32_t pid_u32 = p->pid; - uint64_t start_time_u64 = p->starttime; + uint32_t uid_u32 = (uint32_t)u->uid; DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant; + uint64_t start_time_u64 = p->starttime; int ret; dbus_bool_t authorized = FALSE; @@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant)); assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict)); + assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict)); + assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid)); + assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant)); + assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32)); + assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant)); + assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict)); + assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array)); assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct)); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
