commit polkit for openSUSE:Factory

Thu, 27 Jan 2022 14:16:53 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package polkit for openSUSE:Factory checked 
in at 2022-01-27 23:16:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/polkit (Old)
 and      /work/SRC/openSUSE:Factory/.polkit.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "polkit"

Thu Jan 27 23:16:25 2022 rev:80 rq:949264 version:0.120

Changes:
--------
--- /work/SRC/openSUSE:Factory/polkit/polkit.changes    2021-12-12 
00:56:10.494525272 +0100
+++ /work/SRC/openSUSE:Factory/.polkit.new.1898/polkit.changes  2022-01-27 
23:16:41.795090219 +0100
@@ -1,0 +2,12 @@
+Wed Jan 26 11:44:35 UTC 2022 - Fabian Vogt <[email protected]>
+
+- Switch from mozjs to duktape:
+  * Add duktape-support.patch
+
+-------------------------------------------------------------------
+Tue Jan 25 18:15:16 UTC 2022 - Marcus Meissner <[email protected]>
+
+- Fixed pkexec Local Privilege Escalation aka pwnkit (CVE-2021-4034 
bsc#1194568)
+  CVE-2021-4034-pkexec-fix.patch
+
+-------------------------------------------------------------------

New:
----
  CVE-2021-4034-pkexec-fix.patch
  duktape-support.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ polkit.spec ++++++
--- /var/tmp/diff_new_pack.r5IVWh/_old  2022-01-27 23:16:42.479085494 +0100
+++ /var/tmp/diff_new_pack.r5IVWh/_new  2022-01-27 23:16:42.487085438 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package polkit
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -38,6 +38,10 @@
 Patch3:         polkit-keyinit.patch
 # adjust path to polkit-agent-helper-1 (bsc#1180474)
 Patch4:         polkit-adjust-libexec-path.patch
+# PATCH-FIX-UPSTREAM CVE-2021-4034-pkexec-fix.patch meissner@ -- bsc#1194568 
VUL-0: CVE-2021-4034: polkit: pkexec Local Privilege Escalation aka pwnkit
+Patch5:         CVE-2021-4034-pkexec-fix.patch
+# PATCH-FIX-UPSTREAM 
https://gitlab.freedesktop.org/polkit/polkit/-/commit/c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2.patch,
 without .gitlab-ci.yml (not in the tarball)
+Patch6:         duktape-support.patch
 BuildRequires:  gcc-c++
 BuildRequires:  gtk-doc
 BuildRequires:  intltool
@@ -48,11 +52,11 @@
 BuildRequires:  pkgconfig
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  sysuser-tools
+BuildRequires:  pkgconfig(duktape) >= 2.2.0
 BuildRequires:  pkgconfig(gio-unix-2.0) >= 2.32.0
 BuildRequires:  pkgconfig(gmodule-2.0) >= 2.32.0
 BuildRequires:  pkgconfig(gobject-introspection-1.0) >= 0.6.2
 BuildRequires:  pkgconfig(libsystemd)
-BuildRequires:  pkgconfig(mozjs-78)
 BuildRequires:  pkgconfig(systemd)
 # gtk-doc drags indirectyly ruby in for one of the helpers. This in turn 
causes a build cycle.
 #!BuildIgnore:  ruby
@@ -146,6 +150,7 @@
        --enable-introspection \
        --enable-examples \
        --enable-libsystemd-login \
+       --with-duktape \
        %{nil}
 %make_build libprivdir=%{_libexecdir}/polkit-1
 %sysusers_generate_pre %{SOURCE3} polkit system-user-polkitd.conf

++++++ CVE-2021-4034-pkexec-fix.patch ++++++
--- a/src/programs/pkcheck.c    
+++ a/src/programs/pkcheck.c    
@@ -363,6 +363,12 @@ main (int argc, char *argv[])
   local_agent_handle = NULL;
   ret = 126;
 
+  if (argc < 1)
+    {
+      help();
+      exit(1);
+    }
+
   /* Disable remote file access from GIO. */
   setenv ("GIO_USE_VFS", "local", 1);
 
--- a/src/programs/pkexec.c     
+++ a/src/programs/pkexec.c     
@@ -488,6 +488,17 @@ main (int argc, char *argv[])
   pid_t pid_of_caller;
   gpointer local_agent_handle;
 
+
+  /*
+   * If 'pkexec' is called wrong, just show help and bail out.
+   */
+  if (argc<1)
+    {
+      clearenv();
+      usage(argc, argv);
+      exit(1);
+    }
+
   ret = 127;
   authority = NULL;
   subject = NULL;
@@ -614,10 +625,10 @@ main (int argc, char *argv[])
 
       path = g_strdup (pwstruct.pw_shell);
       if (!path)
-       {
+        {
           g_printerr ("No shell configured or error retrieving pw_shell\n");
           goto out;
-       }
+        }
       /* If you change this, be sure to change the if (!command_line)
         case below too */
       command_line = g_strdup (path);
@@ -636,7 +647,15 @@ main (int argc, char *argv[])
           goto out;
         }
       g_free (path);
-      argv[n] = path = s;
+      path = s;
+
+      /* argc<2 and pkexec runs just shell, argv is guaranteed to be 
null-terminated.
+       * /-less shell shouldn't happen, but let's be defensive and don't write 
to null-termination
+       */
+      if (argv[n] != NULL)
+      {
+        argv[n] = path;
+      }
     }
   if (access (path, F_OK) != 0)
     {

++++++ duktape-support.patch ++++++
++++ 3450 lines (skipped)

Reply via email to