packages/polkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!14 Fix CVE-2021-3560

Browse Source 
From: @panxh_purple
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2021-06-15 07:51:59 +00:00 committed by Gitee
commit be4d9ffc05
2 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
backport-CVE-2021-3560.patch Normal file
View File

@ -0,0 +1,27 @@
From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
From: Jan Rybar <jrybar@redhat.com>
Date: Wed, 2 Jun 2021 15:43:38 +0200
Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
initial values returned if error caught
---
src/polkit/polkitsystembusname.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
index 8daa12c..8ed1363 100644
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
g_main_context_iteration (tmp_context, TRUE);
+ if (data.caught_error)
+ goto out;
+
if (out_uid)
*out_uid = data.uid;
if (out_pid)
--
GitLab

8
polkit.spec
View File

@ -1,13 +1,14 @@
Name: polkit Name: polkit
Version: 0.118 Version: 0.118
Release: 1 Release: 2
Summary: Define and Handle authorizations tool Summary: Define and Handle authorizations tool
License: LGPLv2+ License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
Patch1: modify-admin-authorization-from-wheel-group-to-root.patch Patch0: modify-admin-authorization-from-wheel-group-to-root.patch
Patch1: backport-CVE-2021-3560.patch
BuildRequires: gcc-c++ glib2-devel >= 2.30.0 expat-devel pam-devel gtk-doc intltool BuildRequires: gcc-c++ glib2-devel >= 2.30.0 expat-devel pam-devel gtk-doc intltool
BuildRequires: gobject-introspection-devel systemd systemd-devel pkgconfig(mozjs-78) BuildRequires: gobject-introspection-devel systemd systemd-devel pkgconfig(mozjs-78)
@ -124,6 +125,9 @@ exit 0
%{_datadir}/man/man8/* %{_datadir}/man/man8/*
%changelog %changelog
* Tue Jun 15 2021 panxiaohe <panxiaohe@huawei.com> - 0.118-2
- Fix CVE-2021-3560
* Thu Jan 21 2021 yixiangzhike <zhangxingliang3@huawei.com> - 0.118-1 * Thu Jan 21 2021 yixiangzhike <zhangxingliang3@huawei.com> - 0.118-1
- update to 0.118 - update to 0.118