summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/polkit-CVE-2021-3560.patch21
-rw-r--r--gnu/packages/polkit.scm8
3 files changed, 30 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 0599df8968..42c5ee0d31 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1555,6 +1555,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/plib-CVE-2011-4620.patch		\
   %D%/packages/patches/plib-CVE-2012-4552.patch		\
   %D%/packages/patches/plotutils-spline-test.patch		\
+  %D%/packages/patches/polkit-CVE-2021-3560.patch		\
   %D%/packages/patches/portaudio-audacity-compat.patch		\
   %D%/packages/patches/portmidi-modular-build.patch		\
   %D%/packages/patches/postgresql-disable-resolve_symlinks.patch	\
diff --git a/gnu/packages/patches/polkit-CVE-2021-3560.patch b/gnu/packages/patches/polkit-CVE-2021-3560.patch
new file mode 100644
index 0000000000..9aa0373fda
--- /dev/null
+++ b/gnu/packages/patches/polkit-CVE-2021-3560.patch
@@ -0,0 +1,21 @@
+This patch fixes CVE-2021-3560, "local privilege escalation using
+polkit_system_bus_name_get_creds_sync()":
+
+  https://www.openwall.com/lists/oss-security/2021/06/03/1
+
+Patch from <https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a>.
+
+diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
+index 8daa12cb9093c1d765c7b83654a2b8d0d382378e..8ed13631508dd96624898df90ee2ece4dcf3e1e5 100644
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
+   while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+     g_main_context_iteration (tmp_context, TRUE);
+ 
++  if (data.caught_error)
++    goto out;
++
+   if (out_uid)
+     *out_uid = data.uid;
+   if (out_pid)
diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm
index d868aceec2..40aa523b23 100644
--- a/gnu/packages/polkit.scm
+++ b/gnu/packages/polkit.scm
@@ -44,6 +44,7 @@
   (package
     (name "polkit")
     (version "0.116")
+    (replacement polkit/fixed)
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -135,6 +136,13 @@ making process with respect to granting access to privileged operations
 for unprivileged applications.")
     (license lgpl2.0+)))
 
+(define polkit/fixed
+  (package
+    (inherit polkit)
+    (source (origin
+              (inherit (package-source polkit))
+              (patches (search-patches "polkit-CVE-2021-3560.patch"))))))
+
 (define-public polkit-qt
   (package
     (name "polkit-qt")
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-20 02:48:14 +0000