packages/PackageKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-16121

Browse Source
This commit is contained in:
yangcheng1203 2021-09-28 11:26:07 +08:00
parent 24b809cdbe
commit 88dd8b658d
2 changed files with 149 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
PackageKit.spec
View File

@ -1,6 +1,6 @@
Name: PackageKit Name: PackageKit
Version: 1.1.12 Version: 1.1.12
Release: 9 Release: 10
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Summary: Package management service Summary: Package management service
URL: https://www.freedesktop.org/software/PackageKit/ URL: https://www.freedesktop.org/software/PackageKit/
@ -24,6 +24,8 @@ Patch5: 0001-Do-not-trigger-an-inotity-event-when-the-AppStream-X.patch
# modify support URL # modify support URL
Patch6: 0001-PackageKit-modify-support-URL.patch Patch6: 0001-PackageKit-modify-support-URL.patch
Patch6000: backport-CVE-2020-16121.patch
BuildRequires: glib2-devel xmlto gtk-doc sqlite-devel polkit-devel libtool gtk2-devel gtk3-devel docbook-utils BuildRequires: glib2-devel xmlto gtk-doc sqlite-devel polkit-devel libtool gtk2-devel gtk3-devel docbook-utils
BuildRequires: gnome-doc-utils intltool gettext vala gstreamer1-devel gstreamer1-plugins-base-devel pango-devel BuildRequires: gnome-doc-utils intltool gettext vala gstreamer1-devel gstreamer1-plugins-base-devel pango-devel
BuildRequires: fontconfig-devel libappstream-glib-devel libdnf-devel systemd-devel gobject-introspection-devel bash-completion BuildRequires: fontconfig-devel libappstream-glib-devel libdnf-devel systemd-devel gobject-introspection-devel bash-completion
@ -172,6 +174,12 @@ systemctl disable packagekit-offline-update.service > /dev/null 2>&1 || :
%config(noreplace) %{_sysconfdir}/PackageKit/CommandNotFound.conf %config(noreplace) %{_sysconfdir}/PackageKit/CommandNotFound.conf
%changelog %changelog
* Tue Sep 28 2021 yangcheng <yangcheng87@huawei.com> - 1.1.12-10
- Type:CVE
- ID:cve-2020-16121
- SUG:NA
- DESC:fix CVE-2020-16121
* Tue Mar 10 2020 chengguipeng <chengguipeng1@huawei.com> - 1.1.12-9 * Tue Mar 10 2020 chengguipeng <chengguipeng1@huawei.com> - 1.1.12-9
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA

140
backport-CVE-2020-16121.patch Normal file
View File

@ -0,0 +1,140 @@
From e916b584d8d0f3feb835fe3793f01271a301240d Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 22 Sep 2020 14:12:12 +0200
Subject: [PATCH 2/2] Information disclosure in InstallFiles, GetFilesLocal and
GetDetailsLocal
These functions revealed existence and content type of files, which
allows a non-root user to check existence and content type of any
file on the system, regardless of permission, as the checks are
performed as root.
A correct fix would move those checks into the client, and pass an
fd to the daemon. Here we just hide which failure it is, which we
would need to do anyway, but don't provide an improved version as
that's out of scope for a security issue and requires changes the
reverse dependencies using those functions.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1888887
---
src/pk-transaction.c | 48 ++++++++++++++++----------------------------
1 file changed, 17 insertions(+), 31 deletions(-)
diff --git a/src/pk-transaction.c b/src/pk-transaction.c
index 76e9965..0880fbf 100644
--- a/src/pk-transaction.c
+++ b/src/pk-transaction.c
@@ -3038,7 +3038,7 @@ pk_transaction_get_details_local (PkTransaction *transaction,
g_set_error (&error,
PK_TRANSACTION_ERROR,
PK_TRANSACTION_ERROR_NO_SUCH_FILE,
- "No such file %s", full_paths[i]);
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
@@ -3049,9 +3049,8 @@ pk_transaction_get_details_local (PkTransaction *transaction,
if (content_type == NULL) {
g_set_error (&error,
PK_TRANSACTION_ERROR,
- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
- "Failed to get content type for file %s",
- full_paths[i]);
+ PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
@@ -3061,9 +3060,8 @@ pk_transaction_get_details_local (PkTransaction *transaction,
if (!ret) {
g_set_error (&error,
PK_TRANSACTION_ERROR,
- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
- "MIME type '%s' not supported %s",
- content_type, full_paths[i]);
+ PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
@@ -3139,7 +3137,7 @@ pk_transaction_get_files_local (PkTransaction *transaction,
g_set_error (&error,
PK_TRANSACTION_ERROR,
PK_TRANSACTION_ERROR_NO_SUCH_FILE,
- "No such file %s", full_paths[i]);
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
@@ -3150,9 +3148,8 @@ pk_transaction_get_files_local (PkTransaction *transaction,
if (content_type == NULL) {
g_set_error (&error,
PK_TRANSACTION_ERROR,
- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
- "Failed to get content type for file %s",
- full_paths[i]);
+ PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
@@ -3162,9 +3159,8 @@ pk_transaction_get_files_local (PkTransaction *transaction,
if (!ret) {
g_set_error (&error,
PK_TRANSACTION_ERROR,
- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
- "MIME type '%s' not supported %s",
- content_type, full_paths[i]);
+ PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
@@ -3667,7 +3663,7 @@ pk_transaction_install_files (PkTransaction *transaction,
g_set_error (&error,
PK_TRANSACTION_ERROR,
PK_TRANSACTION_ERROR_NO_SUCH_FILE,
- "No such file %s", full_paths[i]);
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
@@ -3677,9 +3673,8 @@ pk_transaction_install_files (PkTransaction *transaction,
if (content_type == NULL) {
g_set_error (&error,
PK_TRANSACTION_ERROR,
- PK_TRANSACTION_ERROR_NOT_SUPPORTED,
- "Failed to get content type for file %s",
- full_paths[i]);
+ PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
@@ -3687,19 +3682,10 @@ pk_transaction_install_files (PkTransaction *transaction,
/* supported content type? */
ret = pk_transaction_is_supported_content_type (transaction, content_type);
if (!ret) {
- if (g_strcmp0 ("application/x-app-package", content_type) == 0 ||
- g_str_has_suffix (full_paths[i], ".ipk") == TRUE) {
- g_set_error (&error,
- PK_TRANSACTION_ERROR,
- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
- "Listaller is required to install %s", full_paths[i]);
- } else {
- g_set_error (&error,
- PK_TRANSACTION_ERROR,
- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED,
- "MIME type '%s' not supported %s",
- content_type, full_paths[i]);
- }
+ g_set_error (&error,
+ PK_TRANSACTION_ERROR,
+ PK_TRANSACTION_ERROR_NO_SUCH_FILE,
+ "No such file %s, or unknown or unsupported content type", full_paths[i]);
pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR);
goto out;
}
--
2.27.0