import polkit-0.115-6.el8
This commit is contained in:
commit
287de109d8
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
SOURCES/polkit-0.115.tar.gz
|
1
.polkit.metadata
Normal file
1
.polkit.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
208b7e44fcf0f515d067d37307af9ea1419eb305 SOURCES/polkit-0.115.tar.gz
|
291
SOURCES/polkit-0.115-CVE-2018-19788.patch
Normal file
291
SOURCES/polkit-0.115-CVE-2018-19788.patch
Normal file
@ -0,0 +1,291 @@
|
|||||||
|
diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
|
||||||
|
index c57a1aaacbb13c4e4297dd812cf5904f2f427b03..309f68918895e0f8b547f8c06f89c6fb1326fe20 100644
|
||||||
|
--- a/src/polkit/polkitunixgroup.c
|
||||||
|
+++ b/src/polkit/polkitunixgroup.c
|
||||||
|
@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
|
||||||
|
static void
|
||||||
|
polkit_unix_group_init (PolkitUnixGroup *unix_group)
|
||||||
|
{
|
||||||
|
+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
|
||||||
|
GParamSpec *pspec)
|
||||||
|
{
|
||||||
|
PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
|
||||||
|
+ gint val;
|
||||||
|
|
||||||
|
switch (prop_id)
|
||||||
|
{
|
||||||
|
case PROP_GID:
|
||||||
|
- unix_group->gid = g_value_get_int (value);
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ unix_group->gid = val;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
|
||||||
|
g_param_spec_int ("gid",
|
||||||
|
"Group ID",
|
||||||
|
"The UNIX group ID",
|
||||||
|
- 0,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
- 0,
|
||||||
|
+ -1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
G_PARAM_READWRITE |
|
||||||
|
G_PARAM_STATIC_NAME |
|
||||||
|
@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
polkit_unix_group_set_gid (PolkitUnixGroup *group,
|
||||||
|
- gint gid)
|
||||||
|
+ gint gid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
|
||||||
|
+ g_return_if_fail (gid != -1);
|
||||||
|
group->gid = gid;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
|
||||||
|
PolkitIdentity *
|
||||||
|
polkit_unix_group_new (gint gid)
|
||||||
|
{
|
||||||
|
+ g_return_val_if_fail (gid != -1, NULL);
|
||||||
|
+
|
||||||
|
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
|
||||||
|
"gid", gid,
|
||||||
|
NULL));
|
||||||
|
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
|
||||||
|
index 972b7776825d5ccf677ed12ed620fc0c52352547..b02b25894ad120d88ea21d4c96ac8dca1821fcf2 100644
|
||||||
|
--- a/src/polkit/polkitunixprocess.c
|
||||||
|
+++ b/src/polkit/polkitunixprocess.c
|
||||||
|
@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
|
||||||
|
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
|
||||||
|
- case PROP_UID:
|
||||||
|
- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
|
||||||
|
+ case PROP_UID: {
|
||||||
|
+ gint val;
|
||||||
|
+
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ polkit_unix_process_set_uid (unix_process, val);
|
||||||
|
break;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
case PROP_START_TIME:
|
||||||
|
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
|
||||||
|
@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
|
||||||
|
g_param_spec_int ("uid",
|
||||||
|
"User ID",
|
||||||
|
"The UNIX user ID",
|
||||||
|
- -1,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
-1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
|
||||||
|
gint uid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
|
||||||
|
- g_return_if_fail (uid >= -1);
|
||||||
|
process->uid = uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
|
||||||
|
index 8bfd3a1fb05ddb56adebd097569a9977b7b922f3..234a6976c573ac65200ee08228cd50111f0c769b 100644
|
||||||
|
--- a/src/polkit/polkitunixuser.c
|
||||||
|
+++ b/src/polkit/polkitunixuser.c
|
||||||
|
@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
|
||||||
|
static void
|
||||||
|
polkit_unix_user_init (PolkitUnixUser *unix_user)
|
||||||
|
{
|
||||||
|
+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
|
||||||
|
unix_user->name = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
|
||||||
|
GParamSpec *pspec)
|
||||||
|
{
|
||||||
|
PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
|
||||||
|
+ gint val;
|
||||||
|
|
||||||
|
switch (prop_id)
|
||||||
|
{
|
||||||
|
case PROP_UID:
|
||||||
|
- unix_user->uid = g_value_get_int (value);
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ unix_user->uid = val;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
|
||||||
|
g_param_spec_int ("uid",
|
||||||
|
"User ID",
|
||||||
|
"The UNIX user ID",
|
||||||
|
- 0,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
- 0,
|
||||||
|
+ -1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
G_PARAM_READWRITE |
|
||||||
|
G_PARAM_STATIC_NAME |
|
||||||
|
@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
|
||||||
|
gint uid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_USER (user));
|
||||||
|
+ g_return_if_fail (uid != -1);
|
||||||
|
user->uid = uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
|
||||||
|
PolkitIdentity *
|
||||||
|
polkit_unix_user_new (gint uid)
|
||||||
|
{
|
||||||
|
+ g_return_val_if_fail (uid != -1, NULL);
|
||||||
|
+
|
||||||
|
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
|
||||||
|
"uid", uid,
|
||||||
|
NULL));
|
||||||
|
diff --git a/test/data/etc/group b/test/data/etc/group
|
||||||
|
index 12ef328b21b346ee3828ce3aaf15cca83858bd1d..b9acab97211fdf7db521dc0939b2dcfc2c9e350b 100644
|
||||||
|
--- a/test/data/etc/group
|
||||||
|
+++ b/test/data/etc/group
|
||||||
|
@@ -5,3 +5,4 @@ john:x:500:
|
||||||
|
jane:x:501:
|
||||||
|
sally:x:502:
|
||||||
|
henry:x:503:
|
||||||
|
+highuid2:x:4000000000:
|
||||||
|
diff --git a/test/data/etc/passwd b/test/data/etc/passwd
|
||||||
|
index 8544febcd8b1720e5577dfb3f0672a6fef29e701..5cf14a5620259f79806192ca935fee84a29ac96d 100644
|
||||||
|
--- a/test/data/etc/passwd
|
||||||
|
+++ b/test/data/etc/passwd
|
||||||
|
@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
|
||||||
|
jane:x:501:501:Jane Smith:/home/jane:/bin/bash
|
||||||
|
sally:x:502:502:Sally Derp:/home/sally:/bin/bash
|
||||||
|
henry:x:503:503:Henry Herp:/home/henry:/bin/bash
|
||||||
|
+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
|
||||||
|
+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
|
||||||
|
diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
index 446e62291b7fe4c5bacdceb1045350af1a9dc245..98bf062a08cb11fddb7df95d0bcdec1b1ac3587d 100644
|
||||||
|
--- a/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
+polkit.addRule(function(action, subject) {
|
||||||
|
+ if (action.id == "net.company.john_action") {
|
||||||
|
+ if (subject.user == "john") {
|
||||||
|
+ return polkit.Result.YES;
|
||||||
|
+ } else {
|
||||||
|
+ return polkit.Result.NO;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+});
|
||||||
|
+
|
||||||
|
+polkit.addRule(function(action, subject) {
|
||||||
|
+ if (action.id == "net.company.highuid2_action") {
|
||||||
|
+ if (subject.user == "highuid2") {
|
||||||
|
+ return polkit.Result.YES;
|
||||||
|
+ } else {
|
||||||
|
+ return polkit.Result.NO;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+});
|
||||||
|
+
|
||||||
|
+
|
||||||
|
// ---------------------------------------------------------------------
|
||||||
|
// variables
|
||||||
|
|
||||||
|
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
index b484a26600dbde074ee7d8491f88624fdc83c39c..71aad23e2f5d1a7b15e138f23e6581a31498bad6 100644
|
||||||
|
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
|
||||||
|
NULL,
|
||||||
|
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
},
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid22)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid21)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid24)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:2147483648",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid23)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:4000000000",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* john is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "john_action",
|
||||||
|
+ "net.company.john_action",
|
||||||
|
+ "unix-user:john",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* only john is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "jane_action",
|
||||||
|
+ "net.company.john_action",
|
||||||
|
+ "unix-user:jane",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "highuid2_action",
|
||||||
|
+ "net.company.highuid2_action",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* only highuid2 is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "highuid1_action",
|
||||||
|
+ "net.company.highuid2_action",
|
||||||
|
+ "unix-user:highuid1",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
};
|
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */
|
||||||
|
|
185
SOURCES/polkit-0.115-CVE-2019-6133.patch
Normal file
185
SOURCES/polkit-0.115-CVE-2019-6133.patch
Normal file
@ -0,0 +1,185 @@
|
|||||||
|
From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Colin Walters <walters@verbum.org>
|
||||||
|
Date: Fri, 4 Jan 2019 14:24:48 -0500
|
||||||
|
Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary
|
||||||
|
authorizations
|
||||||
|
|
||||||
|
It turns out that the combination of `(pid, start time)` is not
|
||||||
|
enough to be unique. For temporary authorizations, we can avoid
|
||||||
|
separate users racing on pid reuse by simply comparing the uid.
|
||||||
|
|
||||||
|
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
|
||||||
|
|
||||||
|
And the above original email report is included in full in a new comment.
|
||||||
|
|
||||||
|
Reported-by: Jann Horn <jannh@google.com>
|
||||||
|
|
||||||
|
Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
|
||||||
|
---
|
||||||
|
src/polkit/polkitsubject.c | 2 +
|
||||||
|
src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++-
|
||||||
|
.../polkitbackendinteractiveauthority.c | 39 +++++++++-
|
||||||
|
3 files changed, 110 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
|
||||||
|
index d4c1182..ccabd0a 100644
|
||||||
|
--- a/src/polkit/polkitsubject.c
|
||||||
|
+++ b/src/polkit/polkitsubject.c
|
||||||
|
@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject)
|
||||||
|
* @b: A #PolkitSubject.
|
||||||
|
*
|
||||||
|
* Checks if @a and @b are equal, ie. represent the same subject.
|
||||||
|
+ * However, avoid calling polkit_subject_equal() to compare two processes;
|
||||||
|
+ * for more information see the `PolkitUnixProcess` documentation.
|
||||||
|
*
|
||||||
|
* This function can be used in e.g. g_hash_table_new().
|
||||||
|
*
|
||||||
|
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
|
||||||
|
index b02b258..78d7251 100644
|
||||||
|
--- a/src/polkit/polkitunixprocess.c
|
||||||
|
+++ b/src/polkit/polkitunixprocess.c
|
||||||
|
@@ -51,7 +51,10 @@
|
||||||
|
* @title: PolkitUnixProcess
|
||||||
|
* @short_description: Unix processs
|
||||||
|
*
|
||||||
|
- * An object for representing a UNIX process.
|
||||||
|
+ * An object for representing a UNIX process. NOTE: This object as
|
||||||
|
+ * designed is now known broken; a mechanism to exploit a delay in
|
||||||
|
+ * start time in the Linux kernel was identified. Avoid
|
||||||
|
+ * calling polkit_subject_equal() to compare two processes.
|
||||||
|
*
|
||||||
|
* To uniquely identify processes, both the process id and the start
|
||||||
|
* time of the process (a monotonic increasing value representing the
|
||||||
|
@@ -66,6 +69,72 @@
|
||||||
|
* polkit_unix_process_new_for_owner() with trusted data.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75
|
||||||
|
+
|
||||||
|
+ But quoting the original email in full here to ensure it's preserved:
|
||||||
|
+
|
||||||
|
+ From: Jann Horn <jannh@google.com>
|
||||||
|
+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork
|
||||||
|
+ Date: Wednesday, October 10, 2018 5:34 PM
|
||||||
|
+
|
||||||
|
+When a (non-root) user attempts to e.g. control systemd units in the system
|
||||||
|
+instance from an active session over DBus, the access is gated by a polkit
|
||||||
|
+policy that requires "auth_admin_keep" auth. This results in an auth prompt
|
||||||
|
+being shown to the user, asking the user to confirm the action by entering the
|
||||||
|
+password of an administrator account.
|
||||||
|
+
|
||||||
|
+After the action has been confirmed, the auth decision for "auth_admin_keep" is
|
||||||
|
+cached for up to five minutes. Subject to some restrictions, similar actions can
|
||||||
|
+then be performed in this timespan without requiring re-auth:
|
||||||
|
+
|
||||||
|
+ - The PID of the DBus client requesting the new action must match the PID of
|
||||||
|
+ the DBus client requesting the old action (based on SO_PEERCRED information
|
||||||
|
+ forwarded by the DBus daemon).
|
||||||
|
+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22)
|
||||||
|
+ must not have changed. The granularity of this timestamp is in the
|
||||||
|
+ millisecond range.
|
||||||
|
+ - polkit polls every two seconds whether a process with the expected start time
|
||||||
|
+ still exists. If not, the temporary auth entry is purged.
|
||||||
|
+
|
||||||
|
+Without the start time check, this would obviously be buggy because an attacker
|
||||||
|
+could simply wait for the legitimate client to disappear, then create a new
|
||||||
|
+client with the same PID.
|
||||||
|
+
|
||||||
|
+Unfortunately, the start time check is bypassable because fork() is not atomic.
|
||||||
|
+Looking at the source code of copy_process() in the kernel:
|
||||||
|
+
|
||||||
|
+ p->start_time = ktime_get_ns();
|
||||||
|
+ p->real_start_time = ktime_get_boot_ns();
|
||||||
|
+ [...]
|
||||||
|
+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls);
|
||||||
|
+ if (retval)
|
||||||
|
+ goto bad_fork_cleanup_io;
|
||||||
|
+
|
||||||
|
+ if (pid != &init_struct_pid) {
|
||||||
|
+ pid = alloc_pid(p->nsproxy->pid_ns_for_children);
|
||||||
|
+ if (IS_ERR(pid)) {
|
||||||
|
+ retval = PTR_ERR(pid);
|
||||||
|
+ goto bad_fork_cleanup_thread;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+The ktime_get_boot_ns() call is where the "start time" of the process is
|
||||||
|
+recorded. The alloc_pid() call is where a free PID is allocated. In between
|
||||||
|
+these, some time passes; and because the copy_thread_tls() call between them can
|
||||||
|
+access userspace memory when sys_clone() is invoked through the 32-bit syscall
|
||||||
|
+entry point, an attacker can even stall the kernel arbitrarily long at this
|
||||||
|
+point (by supplying a pointer into userspace memory that is associated with a
|
||||||
|
+userfaultfd or is backed by a custom FUSE filesystem).
|
||||||
|
+
|
||||||
|
+This means that an attacker can immediately call sys_clone() when the victim
|
||||||
|
+process is created, often resulting in a process that has the exact same start
|
||||||
|
+time reported in procfs; and then the attacker can delay the alloc_pid() call
|
||||||
|
+until after the victim process has died and the PID assignment has cycled
|
||||||
|
+around. This results in an attacker process that polkit can't distinguish from
|
||||||
|
+the victim process.
|
||||||
|
+*/
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* PolkitUnixProcess:
|
||||||
|
*
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
index a1630b9..80e8141 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store)
|
||||||
|
g_free (store);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* See the comment at the top of polkitunixprocess.c */
|
||||||
|
+static gboolean
|
||||||
|
+subject_equal_for_authz (PolkitSubject *a,
|
||||||
|
+ PolkitSubject *b)
|
||||||
|
+{
|
||||||
|
+ if (!polkit_subject_equal (a, b))
|
||||||
|
+ return FALSE;
|
||||||
|
+
|
||||||
|
+ /* Now special case unix processes, as we want to protect against
|
||||||
|
+ * pid reuse by including the UID.
|
||||||
|
+ */
|
||||||
|
+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) {
|
||||||
|
+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a;
|
||||||
|
+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a);
|
||||||
|
+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b;
|
||||||
|
+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b);
|
||||||
|
+
|
||||||
|
+ if (uid_a != -1 && uid_b != -1)
|
||||||
|
+ {
|
||||||
|
+ if (uid_a == uid_b)
|
||||||
|
+ {
|
||||||
|
+ return TRUE;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n",
|
||||||
|
+ polkit_unix_process_get_pid (ap),
|
||||||
|
+ uid_a, uid_b);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ /* Fall through; one of the uids is unset so we can't reliably compare */
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return TRUE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static gboolean
|
||||||
|
temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store,
|
||||||
|
PolkitSubject *subject,
|
||||||
|
@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
|
||||||
|
TemporaryAuthorization *authorization = l->data;
|
||||||
|
|
||||||
|
if (strcmp (action_id, authorization->action_id) == 0 &&
|
||||||
|
- polkit_subject_equal (subject_to_use, authorization->subject))
|
||||||
|
+ subject_equal_for_authz (subject_to_use, authorization->subject))
|
||||||
|
{
|
||||||
|
ret = TRUE;
|
||||||
|
if (out_tmp_authz_id != NULL)
|
||||||
|
--
|
||||||
|
2.19.2
|
||||||
|
|
60
SOURCES/polkit-0.115-bus-conn-msg-ssh.patch
Normal file
60
SOURCES/polkit-0.115-bus-conn-msg-ssh.patch
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
From 0ce0a7b3298d7b0fd5ce8c6775bcef9b0caf1bdb Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Herrmann <dh.herrmann@gmail.com>
|
||||||
|
Date: Wed, 4 Jul 2018 13:51:24 +0200
|
||||||
|
Subject: [PATCH] polkitagent: suppress disconnect messages
|
||||||
|
|
||||||
|
The polkitagent may be used by pkexec and friends. These might very
|
||||||
|
well survive until very late during system shutdown. Hence, a
|
||||||
|
disconnect of polkitd during runtime might be expected [1].
|
||||||
|
|
||||||
|
This patch silences the disconnect/reconnect messages and turns them
|
||||||
|
into debug messages. This only affects the polkit-agent, it does not
|
||||||
|
affect the polkit-daemon implementation.
|
||||||
|
|
||||||
|
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1249627
|
||||||
|
---
|
||||||
|
src/polkitagent/polkitagentlistener.c | 12 ++++++------
|
||||||
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c
|
||||||
|
index debd1bb..1c8b666 100644
|
||||||
|
--- a/src/polkitagent/polkitagentlistener.c
|
||||||
|
+++ b/src/polkitagent/polkitagentlistener.c
|
||||||
|
@@ -178,10 +178,10 @@ on_notify_authority_owner (GObject *object,
|
||||||
|
owner = polkit_authority_get_owner (server->authority);
|
||||||
|
if (owner == NULL)
|
||||||
|
{
|
||||||
|
- g_printerr ("PolicyKit daemon disconnected from the bus.\n");
|
||||||
|
+ g_debug ("PolicyKit daemon disconnected from the bus.\n");
|
||||||
|
|
||||||
|
if (server->is_registered)
|
||||||
|
- g_printerr ("We are no longer a registered authentication agent.\n");
|
||||||
|
+ g_debug ("We are no longer a registered authentication agent.\n");
|
||||||
|
|
||||||
|
server->is_registered = FALSE;
|
||||||
|
}
|
||||||
|
@@ -192,17 +192,17 @@ on_notify_authority_owner (GObject *object,
|
||||||
|
{
|
||||||
|
GError *error;
|
||||||
|
|
||||||
|
- g_printerr ("PolicyKit daemon reconnected to bus.\n");
|
||||||
|
- g_printerr ("Attempting to re-register as an authentication agent.\n");
|
||||||
|
+ g_debug ("PolicyKit daemon reconnected to bus.\n");
|
||||||
|
+ g_debug ("Attempting to re-register as an authentication agent.\n");
|
||||||
|
|
||||||
|
error = NULL;
|
||||||
|
if (server_register (server, &error))
|
||||||
|
{
|
||||||
|
- g_printerr ("We are now a registered authentication agent.\n");
|
||||||
|
+ g_debug ("We are now a registered authentication agent.\n");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- g_printerr ("Failed to register as an authentication agent: %s\n", error->message);
|
||||||
|
+ g_debug ("Failed to register as an authentication agent: %s\n", error->message);
|
||||||
|
g_error_free (error);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.18.0
|
||||||
|
|
13
SOURCES/polkit-0.115-pkttyagent-auth-errmsg-debug.patch
Normal file
13
SOURCES/polkit-0.115-pkttyagent-auth-errmsg-debug.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
|
||||||
|
--- ./src/programs/pkttyagent.c.ori 2018-08-01 15:51:28.495910434 +0200
|
||||||
|
+++ ./src/programs/pkttyagent.c 2018-08-02 15:51:45.126311197 +0200
|
||||||
|
@@ -150,7 +150,8 @@ main (int argc, char *argv[])
|
||||||
|
authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
|
||||||
|
if (authority == NULL)
|
||||||
|
{
|
||||||
|
- g_printerr ("Error getting authority: %s (%s, %d)\n",
|
||||||
|
+ g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n");
|
||||||
|
+ g_debug ("Error getting authority: %s (%s, %d)\n",
|
||||||
|
error->message, g_quark_to_string (error->domain), error->code);
|
||||||
|
g_error_free (error);
|
||||||
|
ret = 127;
|
11
SOURCES/polkit-0.115-polkitagentlistener-res-leak.patch
Normal file
11
SOURCES/polkit-0.115-polkitagentlistener-res-leak.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -up ./src/polkitagent/polkitagentlistener.c.ori ./src/polkitagent/polkitagentlistener.c
|
||||||
|
--- ./src/polkitagent/polkitagentlistener.c.ori 2018-08-10 14:58:58.555475169 +0200
|
||||||
|
+++ ./src/polkitagent/polkitagentlistener.c 2018-08-10 14:59:15.900396570 +0200
|
||||||
|
@@ -439,6 +439,7 @@ polkit_agent_listener_register_with_opti
|
||||||
|
server->thread_initialization_error = NULL;
|
||||||
|
g_thread_join (server->thread);
|
||||||
|
server_free (server);
|
||||||
|
+ server = NULL;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
13
SOURCES/polkit-0.115-spawning-zombie-processes.patch
Normal file
13
SOURCES/polkit-0.115-spawning-zombie-processes.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up ./src/polkitbackend/polkitbackendjsauthority.cpp.ori ./src/polkitbackend/polkitbackendjsauthority.cpp
|
||||||
|
--- ./src/polkitbackend/polkitbackendjsauthority.cpp.ori 2018-04-03 22:57:57.000000000 +0200
|
||||||
|
+++ ./src/polkitbackend/polkitbackendjsauthority.cpp 2018-08-14 16:47:48.416993302 +0200
|
||||||
|
@@ -1595,7 +1595,8 @@ utils_spawn_data_free (UtilsSpawnData *d
|
||||||
|
(GSourceFunc) utils_child_watch_from_release_cb,
|
||||||
|
source,
|
||||||
|
(GDestroyNotify) g_source_destroy);
|
||||||
|
- g_source_attach (source, data->main_context);
|
||||||
|
+ /* attach source to the global default main context */
|
||||||
|
+ g_source_attach (source, NULL);
|
||||||
|
g_source_unref (source);
|
||||||
|
data->child_pid = 0;
|
||||||
|
}
|
6
SOURCES/polkit-0.115.tar.gz.sign
Normal file
6
SOURCES/polkit-0.115.tar.gz.sign
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iF0EABECAB0WIQTBl22e2Rp0WcvOUxRaM/Zgs4R53wUCW0S8UgAKCRBaM/Zgs4R5
|
||||||
|
3wNmAJ9YYc3MgbepSXr0mqWdiL93TmYMvwCeNf1e4EGsqndw9DP3CbpICMN7gV0=
|
||||||
|
=mAps
|
||||||
|
-----END PGP SIGNATURE-----
|
569
SPECS/polkit.spec
Normal file
569
SPECS/polkit.spec
Normal file
@ -0,0 +1,569 @@
|
|||||||
|
# Only enable if using patches that touches configure.ac,
|
||||||
|
# Makefile.am or other build system related files
|
||||||
|
#
|
||||||
|
#define enable_autoreconf 1
|
||||||
|
|
||||||
|
Summary: An authorization framework
|
||||||
|
Name: polkit
|
||||||
|
Version: 0.115
|
||||||
|
Release: 6%{?dist}
|
||||||
|
License: LGPLv2+
|
||||||
|
URL: http://www.freedesktop.org/wiki/Software/polkit
|
||||||
|
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||||
|
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
|
||||||
|
Group: System Environment/Libraries
|
||||||
|
|
||||||
|
|
||||||
|
Patch1: polkit-0.115-bus-conn-msg-ssh.patch
|
||||||
|
Patch2: polkit-0.115-pkttyagent-auth-errmsg-debug.patch
|
||||||
|
Patch3: polkit-0.115-polkitagentlistener-res-leak.patch
|
||||||
|
Patch4: polkit-0.115-spawning-zombie-processes.patch
|
||||||
|
Patch5: polkit-0.115-CVE-2018-19788.patch
|
||||||
|
Patch6: polkit-0.115-CVE-2019-6133.patch
|
||||||
|
|
||||||
|
|
||||||
|
BuildRequires: gcc-c++
|
||||||
|
BuildRequires: glib2-devel >= 2.30.0
|
||||||
|
BuildRequires: expat-devel
|
||||||
|
BuildRequires: pam-devel
|
||||||
|
BuildRequires: gtk-doc
|
||||||
|
BuildRequires: intltool
|
||||||
|
BuildRequires: gobject-introspection-devel
|
||||||
|
BuildRequires: systemd, systemd-devel
|
||||||
|
BuildRequires: pkgconfig(mozjs-52)
|
||||||
|
BuildRequires: git
|
||||||
|
|
||||||
|
%if 0%{?enable_autoreconf}
|
||||||
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake
|
||||||
|
BuildRequires: libtool
|
||||||
|
%endif
|
||||||
|
|
||||||
|
Requires: dbus, polkit-pkla-compat
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
Requires(pre): shadow-utils
|
||||||
|
Requires(post): /sbin/ldconfig, systemd
|
||||||
|
Requires(preun): systemd
|
||||||
|
Requires(postun): /sbin/ldconfig, systemd
|
||||||
|
|
||||||
|
Obsoletes: PolicyKit <= 0.10
|
||||||
|
Provides: PolicyKit = 0.11
|
||||||
|
|
||||||
|
# polkit saw some API/ABI changes from 0.96 to 0.97 so require a
|
||||||
|
# sufficiently new polkit-gnome package
|
||||||
|
Conflicts: polkit-gnome < 0.97
|
||||||
|
|
||||||
|
Obsoletes: polkit-desktop-policy < 0.103
|
||||||
|
Provides: polkit-desktop-policy = 0.103
|
||||||
|
|
||||||
|
Obsoletes: polkit-js-engine < 0.110-4
|
||||||
|
Provides: polkit-js-engine = %{version}-%{release}
|
||||||
|
|
||||||
|
# when -libs was split out, handle multilib upgrade path -- rex
|
||||||
|
Obsoletes: polkit < 0.113-3
|
||||||
|
|
||||||
|
%description
|
||||||
|
polkit is a toolkit for defining and handling authorizations. It is
|
||||||
|
used for allowing unprivileged processes to speak to privileged
|
||||||
|
processes.
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development files for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: %name-docs = %{version}-%{release}
|
||||||
|
Requires: glib2-devel
|
||||||
|
Obsoletes: PolicyKit-devel <= 0.10
|
||||||
|
Provides: PolicyKit-devel = 0.11
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
Development files for polkit.
|
||||||
|
|
||||||
|
%package docs
|
||||||
|
Summary: Development documentation for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
|
Requires: %name-devel = %{version}-%{release}
|
||||||
|
Obsoletes: PolicyKit-docs <= 0.10
|
||||||
|
Provides: PolicyKit-docs = 0.11
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description docs
|
||||||
|
Development documentation for polkit.
|
||||||
|
|
||||||
|
%package libs
|
||||||
|
Summary: Libraries for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
|
|
||||||
|
%description libs
|
||||||
|
Libraries files for polkit.
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -S git
|
||||||
|
|
||||||
|
%build
|
||||||
|
%if 0%{?enable_autoreconf}
|
||||||
|
autoreconf -i
|
||||||
|
%endif
|
||||||
|
# we can't use _hardened_build here, see
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
|
||||||
|
export CFLAGS='-fPIC %optflags'
|
||||||
|
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
|
||||||
|
%configure --enable-gtk-doc \
|
||||||
|
--disable-static \
|
||||||
|
--enable-introspection \
|
||||||
|
--disable-examples \
|
||||||
|
--enable-libsystemd-login=yes --with-mozjs=mozjs-17.0
|
||||||
|
make V=1
|
||||||
|
|
||||||
|
%install
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
||||||
|
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
|
||||||
|
%find_lang polkit-1
|
||||||
|
|
||||||
|
%pre
|
||||||
|
getent group polkitd >/dev/null || groupadd -r polkitd
|
||||||
|
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
%post
|
||||||
|
# The implied (systemctl preset) will fail and complain, but the macro hides
|
||||||
|
# and ignores the fact. This is in fact what we want, polkit.service does not
|
||||||
|
# have an [Install] section and it is always started on demand.
|
||||||
|
%systemd_post polkit.service
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%systemd_preun polkit.service
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%systemd_postun_with_restart polkit.service
|
||||||
|
|
||||||
|
%files -f polkit-1.lang
|
||||||
|
%doc COPYING NEWS README
|
||||||
|
%{_datadir}/man/man1/*
|
||||||
|
%{_datadir}/man/man8/*
|
||||||
|
%{_datadir}/dbus-1/system-services/*
|
||||||
|
%{_unitdir}/polkit.service
|
||||||
|
%dir %{_datadir}/polkit-1/
|
||||||
|
%dir %{_datadir}/polkit-1/actions
|
||||||
|
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
|
||||||
|
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
|
||||||
|
%dir %{_sysconfdir}/polkit-1
|
||||||
|
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
|
||||||
|
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
|
||||||
|
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
|
||||||
|
%{_sysconfdir}/pam.d/polkit-1
|
||||||
|
%{_bindir}/pkaction
|
||||||
|
%{_bindir}/pkcheck
|
||||||
|
%{_bindir}/pkttyagent
|
||||||
|
%dir %{_prefix}/lib/polkit-1
|
||||||
|
%{_prefix}/lib/polkit-1/polkitd
|
||||||
|
|
||||||
|
# see upstream docs for why these permissions are necessary
|
||||||
|
%attr(4755,root,root) %{_bindir}/pkexec
|
||||||
|
%attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%{_libdir}/lib*.so
|
||||||
|
%{_libdir}/pkgconfig/*.pc
|
||||||
|
%{_datadir}/gir-1.0/*.gir
|
||||||
|
%{_includedir}/*
|
||||||
|
%{_datadir}/gettext/its/polkit.its
|
||||||
|
%{_datadir}/gettext/its/polkit.loc
|
||||||
|
|
||||||
|
%files docs
|
||||||
|
%{_datadir}/gtk-doc
|
||||||
|
|
||||||
|
%post libs -p /sbin/ldconfig
|
||||||
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%files libs
|
||||||
|
%{_libdir}/lib*.so.*
|
||||||
|
%{_libdir}/girepository-1.0/*.typelib
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Jan 21 2019 Jan Rybar <jrybar@redhat.com> - 0.115-6
|
||||||
|
- Fix of CVE-2019-6133, PID reuse via slow fork
|
||||||
|
- Resolves: rhbz#1667778
|
||||||
|
|
||||||
|
* Thu Dec 06 2018 Jan Rybar <jrybar@redhat.com> - 0.115-5
|
||||||
|
- Fix of CVE-2018-19788, priv escalation with high UIDs
|
||||||
|
- Resolves: rhbz#1656378
|
||||||
|
|
||||||
|
* Thu Aug 16 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
|
||||||
|
- Spawned zombie subprocesses not reaped
|
||||||
|
- Resolves: rhbz#1616282
|
||||||
|
|
||||||
|
* Fri Aug 10 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
|
||||||
|
- Resource leak found by static analyzer
|
||||||
|
- Resolves: rhbz#1602661
|
||||||
|
|
||||||
|
* Tue Aug 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-2
|
||||||
|
- Error message about getting authority is too elaborate (forward of #1342855)
|
||||||
|
- Bus disconnection report moved to debug mode (forward of #1249627)
|
||||||
|
|
||||||
|
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
|
||||||
|
- Update to 0.115 (CVE-2018-1116)
|
||||||
|
|
||||||
|
* Tue Apr 03 2018 Ray Strode <rstrode@redhat.com> - 0.114-1
|
||||||
|
- Update to 0.114
|
||||||
|
|
||||||
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-16
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-15
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-14
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Apr 13 2017 Richard Hughes <rhughes@redhat.com> - 0.113-13
|
||||||
|
- Add the its files from upstream.
|
||||||
|
|
||||||
|
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-12
|
||||||
|
- Fix a memory leak in PolkitPermission.
|
||||||
|
Patch by Rui Matos <tiagomatos@gmail.com>
|
||||||
|
Resolves: #1433915
|
||||||
|
|
||||||
|
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-11
|
||||||
|
- Revert back to the state in 0.113-7, undoing the untested changes.
|
||||||
|
|
||||||
|
* Tue Apr 4 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.113-10
|
||||||
|
- Move to an upstream snapshot, rebase patches
|
||||||
|
|
||||||
|
* Fri Mar 31 2017 Rex Dieter <rdieter@fedoraproject.org> - 0.113-9
|
||||||
|
- restore Provides: polkit-desktop-policy polkit-js-engine
|
||||||
|
|
||||||
|
* Thu Mar 30 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.113-8
|
||||||
|
- Use %%license, license needs to be in -libs as it's the only guaranteed installed package
|
||||||
|
- Move to mozjs38
|
||||||
|
- Other upstream fixes
|
||||||
|
- Spec cleanups
|
||||||
|
|
||||||
|
* Mon Feb 13 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-7
|
||||||
|
- Fix memory leaks when calling authentication agents
|
||||||
|
Resolves: #1380166
|
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 14 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-4
|
||||||
|
- Bump the Obsoletes: to < 0.113-3 to account for the non-split 0.113-2.fc21
|
||||||
|
Resolves: #1243004
|
||||||
|
|
||||||
|
* Sun Jul 12 2015 Rex Dieter <rdieter@fedoraproject.org> 0.113-3
|
||||||
|
- Obsoletes: polkit < 0.112-8 (handle multilib upgrade path)
|
||||||
|
|
||||||
|
* Fri Jul 10 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-2
|
||||||
|
- Add a fully versioned dependency from polkit to polkit-libs
|
||||||
|
Resolves: #1241759
|
||||||
|
- Require polkit-libs, not polkit, in polkit-devel
|
||||||
|
|
||||||
|
* Thu Jul 2 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-1
|
||||||
|
- Update to polkit-0.113 (CVE-2015-3218, CVE-2015-3255, CVE-2015-3256,
|
||||||
|
CVE-2015-4625)
|
||||||
|
Resolves: #910262, #1175061, #1177930, #1194391, #1228739, #1233810
|
||||||
|
|
||||||
|
* Fri Jun 19 2015 Miloslav Trmač <mitr@redhat.com> - 0.112-11
|
||||||
|
- Add BuildRequires: systemd so that %%{_unitdir} is defined, to fix the build.
|
||||||
|
|
||||||
|
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-10
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Jan 25 2015 Rex Dieter <rdieter@fedoraproject.org> - 0.112-9
|
||||||
|
- polkit doesn't release reference counters of GVariant data (#1180886)
|
||||||
|
- fix ldconfig scriptlets (move to -libs subpkg)
|
||||||
|
|
||||||
|
* Sat Nov 08 2014 Colin Walters <walters@redhat.com> - 0.112-8
|
||||||
|
- Split separate -libs package, so that NetworkManager can just depend on
|
||||||
|
that, without dragging in the daemon (as well as libmozjs17). This
|
||||||
|
allows the creation of more minimal systems that want programs like NM,
|
||||||
|
but do not need the configurability of the daemon; it would be ok if only
|
||||||
|
root is authorized.
|
||||||
|
|
||||||
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 22 2014 Kalev Lember <kalevlember@gmail.com> - 0.112-6
|
||||||
|
- Rebuilt for gobject-introspection 1.41.4
|
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jun 5 2014 Kay Sievers <kay@redhat.com> - 0.112-4
|
||||||
|
- backport upstream D-Bus "user bus" changes
|
||||||
|
|
||||||
|
* Mon Feb 10 2014 Miloslav Trmač <mitr@redhat.com> - 0.112-3
|
||||||
|
- Fix a PolkitAgentSession race condition
|
||||||
|
Resolves: #1063193
|
||||||
|
|
||||||
|
* Sat Dec 7 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-2
|
||||||
|
- Workaround pam_systemd setting broken XDG_RUNTIME_DIR
|
||||||
|
Resolves: #1033774
|
||||||
|
- Always use mozjs-17.0 even if js-devel is installed
|
||||||
|
|
||||||
|
* Wed Sep 18 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-1
|
||||||
|
- Update to polkit-0.112
|
||||||
|
- Resolves: #1009538, CVE-2013-4288
|
||||||
|
|
||||||
|
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.111-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed May 29 2013 Tomas Bzatek <tbzatek@redhat.com> - 0.111-2
|
||||||
|
- Fix a race on PolkitSubject type registration (#866718)
|
||||||
|
|
||||||
|
* Wed May 15 2013 Miloslav Trmač <mitr@redhat.com> - 0.111-1
|
||||||
|
- Update to polkit-0.111
|
||||||
|
Resolves: #917888
|
||||||
|
- Use SpiderMonkey from mozjs17 instead of js
|
||||||
|
- Ship the signature in the srpm
|
||||||
|
- Try to preserve timestamps in (make install)
|
||||||
|
|
||||||
|
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4
|
||||||
|
- Shut up rpmlint about Summary:
|
||||||
|
- Build with V=1
|
||||||
|
- Use %%{_unitdir} instead of hard-coding the path
|
||||||
|
- Use the new systemd macros, primarily to run (systemctl daemon-reload)
|
||||||
|
Resolves: #857382
|
||||||
|
|
||||||
|
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4
|
||||||
|
- Make the JavaScript engine mandatory. The polkit-js-engine package has been
|
||||||
|
removed, main polkit package Provides:polkit-js-engine for compatibility.
|
||||||
|
- Add Requires: polkit-pkla-compat
|
||||||
|
Resolves: #908808
|
||||||
|
|
||||||
|
* Wed Feb 13 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-3
|
||||||
|
- Don't ship pk-example-frobnicate in the "live" configuration
|
||||||
|
Resolves: #878112
|
||||||
|
|
||||||
|
* Fri Feb 8 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-2
|
||||||
|
- Own %%{_docdir}/polkit-js-engine-*
|
||||||
|
Resolves: #907668
|
||||||
|
|
||||||
|
* Wed Jan 9 2013 David Zeuthen <davidz@redhat.com> - 0.110-1%{?dist}
|
||||||
|
- Update to upstream release 0.110
|
||||||
|
|
||||||
|
* Mon Jan 7 2013 Matthias Clasen <mclasen@redhat.com> - 0.109-2%{?dist}
|
||||||
|
- Build with pie and stuff
|
||||||
|
|
||||||
|
* Wed Dec 19 2012 David Zeuthen <davidz@redhat.com> 0.109-1%{?dist}
|
||||||
|
- Update to upstream release 0.109
|
||||||
|
- Drop upstreamed patches
|
||||||
|
|
||||||
|
* Thu Nov 15 2012 David Zeuthen <davidz@redhat.com> 0.108-3%{?dist}
|
||||||
|
- Attempt to open the correct libmozjs185 library, otherwise polkit
|
||||||
|
authz rules will not work unless js-devel is installed (fdo #57146)
|
||||||
|
|
||||||
|
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-2%{?dist}
|
||||||
|
- Include gmodule-2.0 to avoid build error
|
||||||
|
|
||||||
|
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-1%{?dist}
|
||||||
|
- Update to upstream release 0.108
|
||||||
|
- Drop upstreamed patches
|
||||||
|
- This release dynamically loads the JavaScript interpreter and can
|
||||||
|
cope with it not being available. In this case, polkit authorization
|
||||||
|
rules are not processed and the defaults for an action - as defined
|
||||||
|
in its .policy file - are used for authorization decisions.
|
||||||
|
- Add new meta-package, polkit-js-engine, that pulls in the required
|
||||||
|
JavaScript bits to make polkit authorization rules work. The default
|
||||||
|
install - not the minimal install - should include this package
|
||||||
|
|
||||||
|
* Wed Oct 10 2012 Adam Jackson <ajax@redhat.com> 0.107-4
|
||||||
|
- Don't crash if initializing the server object fails
|
||||||
|
|
||||||
|
* Tue Sep 18 2012 David Zeuthen <davidz@redhat.com> 0.107-3%{?dist}
|
||||||
|
- Authenticate as root if e.g. the wheel group is empty (#834494)
|
||||||
|
|
||||||
|
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.107-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 11 2012 David Zeuthen <davidz@redhat.com> 0.107-1%{?dist}
|
||||||
|
- Update to upstream release 0.107
|
||||||
|
|
||||||
|
* Fri Jun 29 2012 David Zeuthen <davidz@redhat.com> 0.106-2%{?dist}
|
||||||
|
- Add forgotten Requires(pre): shadow-utils
|
||||||
|
|
||||||
|
* Thu Jun 07 2012 David Zeuthen <davidz@redhat.com> 0.106-1%{?dist}
|
||||||
|
- Update to upstream release 0.106
|
||||||
|
- Authorizations are no longer controlled by .pkla files - from now
|
||||||
|
on, use the new .rules files described in the polkit(8) man page
|
||||||
|
|
||||||
|
* Tue Apr 24 2012 David Zeuthen <davidz@redhat.com> 0.105-1%{?dist}
|
||||||
|
- Update to upstream release 0.105
|
||||||
|
- Nuke patches that are now upstream
|
||||||
|
- Change 'PolicyKit' to 'polkit' in summary and descriptions
|
||||||
|
|
||||||
|
* Thu Mar 08 2012 David Zeuthen <davidz@redhat.com> 0.104-6%{?dist}
|
||||||
|
- Don't leak file descriptors (bgo #671486)
|
||||||
|
|
||||||
|
* Mon Feb 13 2012 Matthias Clasen <mclasen@redhat.com> - 0.104-5%{?dist}
|
||||||
|
- Make the -docs subpackage noarch
|
||||||
|
|
||||||
|
* Mon Feb 06 2012 David Zeuthen <davidz@redhat.com> 0.104-4%{?dist}
|
||||||
|
- Set error if we cannot obtain a PolkitUnixSession for a given PID (#787222)
|
||||||
|
|
||||||
|
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.104-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-2%{?dist}
|
||||||
|
- Nuke the ConsoleKit run-time requirement
|
||||||
|
|
||||||
|
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-1%{?dist}
|
||||||
|
- Update to upstream release 0.104
|
||||||
|
- Force usage of systemd (instead of ConsoleKit) for session tracking
|
||||||
|
|
||||||
|
* Tue Dec 06 2011 David Zeuthen <davidz@redhat.com> 0.103-1%{?dist}
|
||||||
|
- Update to upstream release 0.103
|
||||||
|
- Drop upstreamed patch
|
||||||
|
- Drop Fedora-specific policy, it is now upstream (fdo #41008)
|
||||||
|
|
||||||
|
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.102-3
|
||||||
|
- Rebuilt for glibc bug#747377
|
||||||
|
|
||||||
|
* Tue Oct 18 2011 David Zeuthen <davidz@redhat.com> 0.102-2%{?dist}
|
||||||
|
- Add patch to neuter the annoying systemd behavior where stdout/stderr
|
||||||
|
is sent to the system logs
|
||||||
|
|
||||||
|
* Thu Aug 04 2011 David Zeuthen <davidz@redhat.com> 0.102-1
|
||||||
|
- Update to 0.102 release
|
||||||
|
|
||||||
|
* Fri May 13 2011 Bastien Nocera <bnocera@redhat.com> 0.101-7
|
||||||
|
- Allow setting the pretty hostname without a password for wheel,
|
||||||
|
change matches systemd in git
|
||||||
|
|
||||||
|
* Mon May 2 2011 Matthias Clasen <mclasen@redhat.com> - 0.101-6
|
||||||
|
- Update the action id of the datetime mechanism
|
||||||
|
|
||||||
|
* Tue Apr 19 2011 David Zeuthen <davidz@redhat.com> - 0.101-5
|
||||||
|
- CVE-2011-1485 (#697951)
|
||||||
|
|
||||||
|
* Tue Mar 22 2011 Kevin Kofler <Kevin@tigcc.ticalc.org> - 0.101-4
|
||||||
|
- Also allow org.kde.kcontrol.kcmclock.save without password for wheel
|
||||||
|
|
||||||
|
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-3
|
||||||
|
- Fix typo in pkla file (thanks notting)
|
||||||
|
|
||||||
|
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
|
||||||
|
- Nuke desktop_admin_r and desktop_user_r groups - just use the
|
||||||
|
wheel group instead (#688363)
|
||||||
|
- Update the set of configuration directives that gives users
|
||||||
|
in the wheel group extra privileges
|
||||||
|
|
||||||
|
* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
|
||||||
|
- New upstream version
|
||||||
|
|
||||||
|
* Mon Feb 21 2011 David Zeuthen <davidz@redhat.com> - 0.100-1
|
||||||
|
- New upstream version
|
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.98-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 28 2011 Matthias Clasen <mclasen@redhat.com> - 0.98-6
|
||||||
|
- Own /usr/libexec/polkit-1
|
||||||
|
|
||||||
|
* Fri Nov 12 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-5
|
||||||
|
- Enable introspection
|
||||||
|
|
||||||
|
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-4
|
||||||
|
- Fix #629515 in a way that doesn't require autoreconf
|
||||||
|
|
||||||
|
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-2
|
||||||
|
- Include polkitagentenumtypes.h (#629515)
|
||||||
|
|
||||||
|
* Mon Aug 23 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-1
|
||||||
|
- Update to upstream release 0.98
|
||||||
|
- Co-own /usr/share/gtk-doc (#604410)
|
||||||
|
|
||||||
|
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-5
|
||||||
|
- Rebuid to work around bodhi limitations
|
||||||
|
|
||||||
|
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-4
|
||||||
|
- Fix a ConsoleKit interaction bug
|
||||||
|
|
||||||
|
* Fri Aug 13 2010 David Zeuthen <davidz@redhat.com> - 0.97-3
|
||||||
|
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257)
|
||||||
|
- Require GLib >= 2.25.12 instead of 2.25.11
|
||||||
|
- Ensure polkit-gnome packages earlier than 0.97 are not used with
|
||||||
|
these packages
|
||||||
|
|
||||||
|
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-2
|
||||||
|
- Rebuild
|
||||||
|
|
||||||
|
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-1
|
||||||
|
- Update to 0.97. This release contains a port from EggDBus to the
|
||||||
|
GDBus code available in recent GLib releases.
|
||||||
|
|
||||||
|
* Fri Jan 15 2010 David Zeuthen <davidz@redhat.com> - 0.96-1
|
||||||
|
- Update to 0.96
|
||||||
|
- Disable introspection support for the time being
|
||||||
|
|
||||||
|
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-2
|
||||||
|
- Rebuild
|
||||||
|
|
||||||
|
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-1
|
||||||
|
- Update to 0.95
|
||||||
|
- Drop upstreamed patches
|
||||||
|
|
||||||
|
* Tue Oct 20 2009 Matthias Clasen <mclasen@redhat.com> - 0.95-0.git20090913.3
|
||||||
|
- Fix a typo in pklocalauthority(8)
|
||||||
|
|
||||||
|
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.2
|
||||||
|
- Refine how Obsolete: is used and also add Provides: (thanks Jesse
|
||||||
|
Keating and nim-nim)
|
||||||
|
|
||||||
|
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.1
|
||||||
|
- Add bugfix for polkit_unix_process_new_full() (thanks Bastien Nocera)
|
||||||
|
- Obsolete old PolicyKit packages
|
||||||
|
|
||||||
|
* Sun Sep 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913
|
||||||
|
- Update to git snapshot
|
||||||
|
- Drop upstreamed patches
|
||||||
|
- Turn on GObject introspection
|
||||||
|
- Don't delete desktop_admin_r and desktop_user_r groups when
|
||||||
|
uninstalling polkit-desktop-policy
|
||||||
|
|
||||||
|
* Fri Sep 11 2009 David Zeuthen <davidz@redhat.com> - 0.94-4
|
||||||
|
- Add some patches from git master
|
||||||
|
- Sort pkaction(1) output
|
||||||
|
- Bug 23867 – UnixProcess vs. SystemBusName aliasing
|
||||||
|
|
||||||
|
* Thu Aug 13 2009 David Zeuthen <davidz@redhat.com> - 0.94-3
|
||||||
|
- Add desktop_admin_r and desktop_user_r groups along with a first cut
|
||||||
|
of default authorizations for users in these groups.
|
||||||
|
|
||||||
|
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-2
|
||||||
|
- Disable GObject Introspection for now as it breaks the build
|
||||||
|
|
||||||
|
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-1
|
||||||
|
- Update to upstream release 0.94
|
||||||
|
|
||||||
|
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.93-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-2
|
||||||
|
- Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-1
|
||||||
|
- Update to 0.93
|
||||||
|
|
||||||
|
* Tue Jun 09 2009 David Zeuthen <davidz@redhat.com> - 0.92-3
|
||||||
|
- Don't make docs noarch (I *heart* multilib)
|
||||||
|
- Change license to LGPLv2+
|
||||||
|
|
||||||
|
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-2
|
||||||
|
- Rebuild
|
||||||
|
|
||||||
|
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-1
|
||||||
|
- Update to 0.92 release
|
||||||
|
|
||||||
|
* Wed May 27 2009 David Zeuthen <davidz@redhat.com> - 0.92-0.git20090527
|
||||||
|
- Update to 0.92 snapshot
|
||||||
|
|
||||||
|
* Mon Feb 9 2009 David Zeuthen <davidz@redhat.com> - 0.91-1
|
||||||
|
- Initial spec file.
|
Loading…
Reference in New Issue
Block a user