From 617c950a8c15ef7be940cbe4c1822cfa6d966cc9 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 16 May 2023 06:17:51 +0000 Subject: [PATCH] import polkit-0.115-15.el8 --- ...t-0.115-tty-flags-restore-if-changed.patch | 77 +++++++++++++++++++ SPECS/polkit.spec | 13 ++-- 2 files changed, 84 insertions(+), 6 deletions(-) create mode 100644 SOURCES/polkit-0.115-tty-flags-restore-if-changed.patch diff --git a/SOURCES/polkit-0.115-tty-flags-restore-if-changed.patch b/SOURCES/polkit-0.115-tty-flags-restore-if-changed.patch new file mode 100644 index 0000000..9feb5bc --- /dev/null +++ b/SOURCES/polkit-0.115-tty-flags-restore-if-changed.patch @@ -0,0 +1,77 @@ +diff -up ./src/polkitagent/polkitagenttextlistener.c.ori ./src/polkitagent/polkitagenttextlistener.c +--- ./src/polkitagent/polkitagenttextlistener.c.ori 2018-05-31 13:52:23.000000000 +0200 ++++ ./src/polkitagent/polkitagenttextlistener.c 2022-10-21 17:21:11.227665209 +0200 +@@ -121,6 +121,12 @@ polkit_agent_text_listener_class_init (P + listener_class = POLKIT_AGENT_LISTENER_CLASS (klass); + listener_class->initiate_authentication = polkit_agent_text_listener_initiate_authentication; + listener_class->initiate_authentication_finish = polkit_agent_text_listener_initiate_authentication_finish; ++ ++ g_signal_new("tty_attrs_changed", ++ G_TYPE_FROM_CLASS(gobject_class), ++ G_SIGNAL_RUN_LAST | G_SIGNAL_NO_RECURSE | G_SIGNAL_NO_HOOKS, ++ 0, NULL, NULL, NULL, ++ G_TYPE_NONE, 1, G_TYPE_BOOLEAN); + } + + /** +@@ -268,6 +274,7 @@ on_request (PolkitAgentSession *session, + * the problem. + */ + ++ g_signal_emit_by_name(listener, "tty_attrs_changed", TRUE); + tcgetattr (fileno (listener->tty), &ts); + ots = ts; + ts.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); +@@ -296,6 +303,7 @@ on_request (PolkitAgentSession *session, + } + } + tcsetattr (fileno (listener->tty), TCSAFLUSH, &ots); ++ g_signal_emit_by_name(listener, "tty_attrs_changed", FALSE); + putc ('\n', listener->tty); + + polkit_agent_session_response (session, str->str); +diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c +--- ./src/programs/pkttyagent.c.ori 2020-01-28 14:16:32.000000000 +0100 ++++ ./src/programs/pkttyagent.c 2022-10-21 16:56:12.449760361 +0200 +@@ -34,6 +34,7 @@ + + + static volatile sig_atomic_t tty_flags_saved; ++static volatile sig_atomic_t tty_flags_changed; + struct termios ts; + FILE *tty = NULL; + struct sigaction savesigterm, savesigint, savesigtstp; +@@ -54,7 +55,7 @@ static void tty_handler(int signal) + break; + } + +- if (tty_flags_saved) ++ if (tty_flags_saved && tty_flags_changed) + { + tcsetattr (fileno (tty), TCSADRAIN, &ts); + } +@@ -63,6 +64,14 @@ static void tty_handler(int signal) + } + + ++static void tty_attrs_changed(PolkitAgentListener *listener G_GNUC_UNUSED, ++ gboolean changed, ++ gpointer user_data G_GNUC_UNUSED) ++{ ++ tty_flags_changed = changed; ++} ++ ++ + int + main (int argc, char *argv[]) + { +@@ -221,6 +230,9 @@ main (int argc, char *argv[]) + ret = 127; + goto out; + } ++ g_signal_connect(G_OBJECT(listener), "tty_attrs_changed", ++ G_CALLBACK(tty_attrs_changed), NULL); ++ + local_agent_handle = polkit_agent_listener_register_with_options (listener, + POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD, + subject, diff --git a/SPECS/polkit.spec b/SPECS/polkit.spec index 8da3b11..5b9c530 100644 --- a/SPECS/polkit.spec +++ b/SPECS/polkit.spec @@ -6,7 +6,7 @@ Summary: An authorization framework Name: polkit Version: 0.115 -Release: 13%{?dist}.2 +Release: 15%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/polkit Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz @@ -28,6 +28,7 @@ Patch11: polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch Patch12: polkit-0.115-CVE-2021-3560.patch Patch13: polkit-0.115-CVE-2021-4034.patch Patch14: polkit-0.115-CVE-2021-4115.patch +Patch15: polkit-0.115-tty-flags-restore-if-changed.patch BuildRequires: gcc-c++ @@ -193,15 +194,15 @@ exit 0 %{_libdir}/girepository-1.0/*.typelib %changelog -* Tue Feb 16 2022 Jan Rybar - 0.115-13.el8_5.2 -- necessary version bump due to build versioning -- Resolves: CVE-2021-4115 +* Tue Nov 08 2022 Jan Rybar - 0.115-15 +- pkttyagent gets stopped if killed in the background +- Resolves: rhbz#2128989 -* Tue Feb 15 2022 Jan Rybar - 0.115-12.el8_5.2 +* Tue Feb 15 2022 Jan Rybar - 0.115-14 - file descriptor exhaustion (GHSL-2021-077) - Resolves: CVE-2021-4115 -* Fri Dec 03 2021 Jan Rybar - 0.115-12.el8_5.1 +* Fri Dec 03 2021 Jan Rybar - 0.115-13 - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034