From e151f94467250c87bfeb22b5ac41f20d296bd579 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Fri, 8 Oct 2021 11:56:47 -0400 Subject: gnu: polkit: Update to 0.120 and ungraft. * gnu/packages/polkit.scm (polkit): Update to 0.120. [origin]: Update URL and remove libsystemd-login substitution. Remove replacement. [inputs]: Update mozjs-60 to mozjs-78. [native-inputs]: Add libxslt and docbook-xsl for manpage generation. [phases]{fix-manpage-generation}: New phase. (polkit/fixed): Delete package. * gnu/packages/patches/polkit-CVE-2021-3560.patch: Delete file. * gnu/local.mk: De-register it. Co-authored-by: Morgan Smith --- gnu/packages/patches/polkit-CVE-2021-3560.patch | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 gnu/packages/patches/polkit-CVE-2021-3560.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/polkit-CVE-2021-3560.patch b/gnu/packages/patches/polkit-CVE-2021-3560.patch deleted file mode 100644 index 9aa0373fda..0000000000 --- a/gnu/packages/patches/polkit-CVE-2021-3560.patch +++ /dev/null @@ -1,21 +0,0 @@ -This patch fixes CVE-2021-3560, "local privilege escalation using -polkit_system_bus_name_get_creds_sync()": - - https://www.openwall.com/lists/oss-security/2021/06/03/1 - -Patch from . - -diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c -index 8daa12cb9093c1d765c7b83654a2b8d0d382378e..8ed13631508dd96624898df90ee2ece4dcf3e1e5 100644 ---- a/src/polkit/polkitsystembusname.c -+++ b/src/polkit/polkitsystembusname.c -@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus - while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) - g_main_context_iteration (tmp_context, TRUE); - -+ if (data.caught_error) -+ goto out; -+ - if (out_uid) - *out_uid = data.uid; - if (out_pid) -- cgit 1.4.1