diff --git a/cve-2026-4897-getline-overflow.patch b/cve-2026-4897-getline-overflow.patch index f3dfa98..70e0a87 100644 --- a/cve-2026-4897-getline-overflow.patch +++ b/cve-2026-4897-getline-overflow.patch @@ -8,8 +8,8 @@ Pavel Kohout, Aisle Research Signed-off-by: Jan Rybar jrybar@redhat.com --- - src/polkitagent/polkitagenthelperprivate.c | 23 +++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) + src/polkitagent/polkitagenthelperprivate.c | 20 +++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 35bca85..7e4f94e 100644 @@ -23,7 +23,7 @@ index 35bca85..7e4f94e 100644 #include #ifndef HAVE_CLEARENV -@@ -59,21 +60,25 @@ read_cookie (int argc, char **argv) +@@ -59,21 +60,22 @@ read_cookie (int argc, char **argv) return strdup (argv[2]); else { @@ -46,10 +46,7 @@ index 35bca85..7e4f94e 100644 { - g_strchomp (ret); - return ret; -+ /* Cookie too long - drain remaining input and reject */ -+ int c; -+ while ((c = getchar ()) != '\n' && c != EOF) -+ ; ++ /* Cookie too long - reject */ + errno = EOVERFLOW; + return NULL; } diff --git a/polkit.spec b/polkit.spec index 65ec430..7ad630b 100644 --- a/polkit.spec +++ b/polkit.spec @@ -4,7 +4,7 @@ Summary: An authorization framework Name: polkit Version: 125 -Release: 5%{?dist} +Release: 6%{?dist} License: LGPL-2.0-or-later URL: https://github.com/polkit-org/polkit Source0: https://github.com/polkit-org/polkit/archive/refs/tags/%{version}.tar.gz @@ -165,6 +165,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la %{_libdir}/girepository-1.0/*.typelib %changelog +* Wed May 13 2026 Jan Rybar - 125-6 +- fix DoS issue introduced by previous fix +- Resolves: CVE-2026-4897 + * Tue May 12 2026 Jan Rybar - 125-5 - CVE-2026-4897: getline() string overflow via unsanitized input - Resolves: CVE-2026-4897