diff options
Diffstat (limited to 'source/l/polkit')
| -rw-r--r-- | source/l/polkit/CVE-2021-4115.patch | 71 | ||||
| -rwxr-xr-x | source/l/polkit/polkit.SlackBuild | 3 |
2 files changed, 73 insertions, 1 deletions
diff --git a/source/l/polkit/CVE-2021-4115.patch b/source/l/polkit/CVE-2021-4115.patch new file mode 100644 index 00000000..3cb55819 --- /dev/null +++ b/source/l/polkit/CVE-2021-4115.patch @@ -0,0 +1,71 @@ +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8ed1363..2fbf5f1 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -62,6 +62,10 @@ enum + PROP_NAME, + }; + ++ ++guint8 dbus_call_respond_fails; // has to be global because of callback ++ ++ + static void subject_iface_init (PolkitSubjectIface *subject_iface); + + G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, +@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, + if (!v) + { + data->caught_error = TRUE; ++ dbus_call_respond_fails += 1; + } + else + { +@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + ++ dbus_call_respond_fails = 0; ++ + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, +@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + on_retrieved_unix_uid_pid, + &data); + +- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) +- g_main_context_iteration (tmp_context, TRUE); ++ while (TRUE) ++ { ++ /* If one dbus call returns error, we must wait until the other call ++ * calls _call_finish(), otherwise fd leak is possible. ++ * Resolves: GHSL-2021-077 ++ */ + +- if (data.caught_error) +- goto out; ++ if ( (dbus_call_respond_fails > 1) ) ++ { ++ // we got two faults, we can leave ++ goto out; ++ } ++ ++ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) ++ { ++ // we got one fault and the other call finally finished, we can leave ++ goto out; ++ } ++ ++ if ( !(data.retrieved_uid && data.retrieved_pid) ) ++ { ++ g_main_context_iteration (tmp_context, TRUE); ++ } ++ else ++ { ++ break; ++ } ++ } + + if (out_uid) + *out_uid = data.uid; diff --git a/source/l/polkit/polkit.SlackBuild b/source/l/polkit/polkit.SlackBuild index 13e1f948..74949650 100755 --- a/source/l/polkit/polkit.SlackBuild +++ b/source/l/polkit/polkit.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=polkit VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -82,6 +82,7 @@ find . \ zcat $CWD/dont-set-wheel-group-as-admin.diff.gz | patch -p1 --verbose || exit 1 zcat $CWD/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch.gz | patch -p1 --verbose || exit 1 +zcat $CWD/CVE-2021-4115.patch.gz | patch -p1 --verbose || exit 1 # https://gitlab.freedesktop.org/polkit/polkit/-/issues/29 zcat $CWD/0001-configure-fix-elogind-support.patch.gz | patch -p1 || exit 1 |