diff --git a/.gitignore b/.gitignore index 8688a6c..7087b34 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,5 @@ polkit-0.98.tar.gz /polkit-0.114.tar.gz.sign /polkit-0.115.tar.gz /polkit-0.115.tar.gz.sign +/polkit-0.116.tar.gz +/polkit-0.116.tar.gz.sign diff --git a/0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch b/0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch deleted file mode 100644 index b51807a..0000000 --- a/0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Fri, 4 Jan 2019 14:24:48 -0500 -Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary - authorizations - -It turns out that the combination of `(pid, start time)` is not -enough to be unique. For temporary authorizations, we can avoid -separate users racing on pid reuse by simply comparing the uid. - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 - -And the above original email report is included in full in a new comment. - -Reported-by: Jann Horn - -Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75 ---- - src/polkit/polkitsubject.c | 2 + - src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++- - .../polkitbackendinteractiveauthority.c | 39 +++++++++- - 3 files changed, 110 insertions(+), 2 deletions(-) - -diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c -index d4c1182..ccabd0a 100644 ---- a/src/polkit/polkitsubject.c -+++ b/src/polkit/polkitsubject.c -@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) - * @b: A #PolkitSubject. - * - * Checks if @a and @b are equal, ie. represent the same subject. -+ * However, avoid calling polkit_subject_equal() to compare two processes; -+ * for more information see the `PolkitUnixProcess` documentation. - * - * This function can be used in e.g. g_hash_table_new(). - * -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index b02b258..78d7251 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -51,7 +51,10 @@ - * @title: PolkitUnixProcess - * @short_description: Unix processs - * -- * An object for representing a UNIX process. -+ * An object for representing a UNIX process. NOTE: This object as -+ * designed is now known broken; a mechanism to exploit a delay in -+ * start time in the Linux kernel was identified. Avoid -+ * calling polkit_subject_equal() to compare two processes. - * - * To uniquely identify processes, both the process id and the start - * time of the process (a monotonic increasing value representing the -@@ -66,6 +69,72 @@ - * polkit_unix_process_new_for_owner() with trusted data. - */ - -+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 -+ -+ But quoting the original email in full here to ensure it's preserved: -+ -+ From: Jann Horn -+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork -+ Date: Wednesday, October 10, 2018 5:34 PM -+ -+When a (non-root) user attempts to e.g. control systemd units in the system -+instance from an active session over DBus, the access is gated by a polkit -+policy that requires "auth_admin_keep" auth. This results in an auth prompt -+being shown to the user, asking the user to confirm the action by entering the -+password of an administrator account. -+ -+After the action has been confirmed, the auth decision for "auth_admin_keep" is -+cached for up to five minutes. Subject to some restrictions, similar actions can -+then be performed in this timespan without requiring re-auth: -+ -+ - The PID of the DBus client requesting the new action must match the PID of -+ the DBus client requesting the old action (based on SO_PEERCRED information -+ forwarded by the DBus daemon). -+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) -+ must not have changed. The granularity of this timestamp is in the -+ millisecond range. -+ - polkit polls every two seconds whether a process with the expected start time -+ still exists. If not, the temporary auth entry is purged. -+ -+Without the start time check, this would obviously be buggy because an attacker -+could simply wait for the legitimate client to disappear, then create a new -+client with the same PID. -+ -+Unfortunately, the start time check is bypassable because fork() is not atomic. -+Looking at the source code of copy_process() in the kernel: -+ -+ p->start_time = ktime_get_ns(); -+ p->real_start_time = ktime_get_boot_ns(); -+ [...] -+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); -+ if (retval) -+ goto bad_fork_cleanup_io; -+ -+ if (pid != &init_struct_pid) { -+ pid = alloc_pid(p->nsproxy->pid_ns_for_children); -+ if (IS_ERR(pid)) { -+ retval = PTR_ERR(pid); -+ goto bad_fork_cleanup_thread; -+ } -+ } -+ -+The ktime_get_boot_ns() call is where the "start time" of the process is -+recorded. The alloc_pid() call is where a free PID is allocated. In between -+these, some time passes; and because the copy_thread_tls() call between them can -+access userspace memory when sys_clone() is invoked through the 32-bit syscall -+entry point, an attacker can even stall the kernel arbitrarily long at this -+point (by supplying a pointer into userspace memory that is associated with a -+userfaultfd or is backed by a custom FUSE filesystem). -+ -+This means that an attacker can immediately call sys_clone() when the victim -+process is created, often resulting in a process that has the exact same start -+time reported in procfs; and then the attacker can delay the alloc_pid() call -+until after the victim process has died and the PID assignment has cycled -+around. This results in an attacker process that polkit can't distinguish from -+the victim process. -+*/ -+ -+ - /** - * PolkitUnixProcess: - * -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index a1630b9..80e8141 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) - g_free (store); - } - -+/* See the comment at the top of polkitunixprocess.c */ -+static gboolean -+subject_equal_for_authz (PolkitSubject *a, -+ PolkitSubject *b) -+{ -+ if (!polkit_subject_equal (a, b)) -+ return FALSE; -+ -+ /* Now special case unix processes, as we want to protect against -+ * pid reuse by including the UID. -+ */ -+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { -+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a; -+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); -+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b; -+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); -+ -+ if (uid_a != -1 && uid_b != -1) -+ { -+ if (uid_a == uid_b) -+ { -+ return TRUE; -+ } -+ else -+ { -+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n", -+ polkit_unix_process_get_pid (ap), -+ uid_a, uid_b); -+ return FALSE; -+ } -+ } -+ /* Fall through; one of the uids is unset so we can't reliably compare */ -+ } -+ -+ return TRUE; -+} -+ - static gboolean - temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, - PolkitSubject *subject, -@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st - TemporaryAuthorization *authorization = l->data; - - if (strcmp (action_id, authorization->action_id) == 0 && -- polkit_subject_equal (subject_to_use, authorization->subject)) -+ subject_equal_for_authz (subject_to_use, authorization->subject)) - { - ret = TRUE; - if (out_tmp_authz_id != NULL) --- -2.19.2 - diff --git a/Allow-uid-of-1-for-a-PolkitUnixProcess.patch b/Allow-uid-of-1-for-a-PolkitUnixProcess.patch deleted file mode 100644 index e4ac170..0000000 --- a/Allow-uid-of-1-for-a-PolkitUnixProcess.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 783ec80ec1b4d8f1dc20a2a41dfaddbc1c3f5ab2 Mon Sep 17 00:00:00 2001 -From: Matthew Leeds -Date: Tue, 11 Dec 2018 12:04:26 -0800 -Subject: [PATCH] Allow uid of -1 for a PolkitUnixProcess - -Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and -PolkitUnixProcess to allow negative values for their uid/gid properties, -since these are values above INT_MAX which wrap around but are still -valid, with the exception of -1 which is not valid. However, -PolkitUnixProcess allows a uid of -1 to be passed to -polkit_unix_process_new_for_owner() which means polkit is expected to -figure out the uid on its own (this happens in the _constructed -function). So this commit removes the check in -polkit_unix_process_set_property() so that new_for_owner() can be used -as documented without producing a critical error message. - -This does not affect the protection against CVE-2018-19788 which is -based on creating a user with a UID up to but not including 4294967295 -(-1). ---- - src/polkit/polkitunixprocess.c | 9 ++------- - 1 file changed, 2 insertions(+), 7 deletions(-) - -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index 78d7251..289a82e 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -228,14 +228,9 @@ polkit_unix_process_set_property (GObject *object, - polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); - break; - -- case PROP_UID: { -- gint val; -- -- val = g_value_get_int (value); -- g_return_if_fail (val != -1); -- polkit_unix_process_set_uid (unix_process, val); -+ case PROP_UID: -+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); - break; -- } - - case PROP_START_TIME: - polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); --- -2.14.5 - diff --git a/CVE-2018-19788.patch b/CVE-2018-19788.patch deleted file mode 100644 index 932975c..0000000 --- a/CVE-2018-19788.patch +++ /dev/null @@ -1,291 +0,0 @@ -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index c57a1aaacbb13c4e4297dd812cf5904f2f427b03..309f68918895e0f8b547f8c06f89c6fb1326fe20 100644 ---- a/src/polkit/polkitunixgroup.c -+++ b/src/polkit/polkitunixgroup.c -@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, - static void - polkit_unix_group_init (PolkitUnixGroup *unix_group) - { -+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ - } - - static void -@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); -+ gint val; - - switch (prop_id) - { - case PROP_GID: -- unix_group->gid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_group->gid = val; - break; - - default: -@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) - g_param_spec_int ("gid", - "Group ID", - "The UNIX group ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) - */ - void - polkit_unix_group_set_gid (PolkitUnixGroup *group, -- gint gid) -+ gint gid) - { - g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); -+ g_return_if_fail (gid != -1); - group->gid = gid; - } - -@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, - PolkitIdentity * - polkit_unix_group_new (gint gid) - { -+ g_return_val_if_fail (gid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, - "gid", gid, - NULL)); -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index 972b7776825d5ccf677ed12ed620fc0c52352547..b02b25894ad120d88ea21d4c96ac8dca1821fcf2 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, - polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); - break; - -- case PROP_UID: -- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); -+ case PROP_UID: { -+ gint val; -+ -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ polkit_unix_process_set_uid (unix_process, val); - break; -+ } - - case PROP_START_TIME: - polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- -1, -+ G_MININT, - G_MAXINT, - -1, - G_PARAM_CONSTRUCT | -@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); -- g_return_if_fail (uid >= -1); - process->uid = uid; - } - -diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c -index 8bfd3a1fb05ddb56adebd097569a9977b7b922f3..234a6976c573ac65200ee08228cd50111f0c769b 100644 ---- a/src/polkit/polkitunixuser.c -+++ b/src/polkit/polkitunixuser.c -@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, - static void - polkit_unix_user_init (PolkitUnixUser *unix_user) - { -+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ - unix_user->name = NULL; - } - -@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); -+ gint val; - - switch (prop_id) - { - case PROP_UID: -- unix_user->uid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_user->uid = val; - break; - - default: -@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_USER (user)); -+ g_return_if_fail (uid != -1); - user->uid = uid; - } - -@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - PolkitIdentity * - polkit_unix_user_new (gint uid) - { -+ g_return_val_if_fail (uid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, - "uid", uid, - NULL)); -diff --git a/test/data/etc/group b/test/data/etc/group -index 12ef328b21b346ee3828ce3aaf15cca83858bd1d..b9acab97211fdf7db521dc0939b2dcfc2c9e350b 100644 ---- a/test/data/etc/group -+++ b/test/data/etc/group -@@ -5,3 +5,4 @@ john:x:500: - jane:x:501: - sally:x:502: - henry:x:503: -+highuid2:x:4000000000: -diff --git a/test/data/etc/passwd b/test/data/etc/passwd -index 8544febcd8b1720e5577dfb3f0672a6fef29e701..5cf14a5620259f79806192ca935fee84a29ac96d 100644 ---- a/test/data/etc/passwd -+++ b/test/data/etc/passwd -@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash - jane:x:501:501:Jane Smith:/home/jane:/bin/bash - sally:x:502:502:Sally Derp:/home/sally:/bin/bash - henry:x:503:503:Henry Herp:/home/henry:/bin/bash -+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin -+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin -diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules -index 446e62291b7fe4c5bacdceb1045350af1a9dc245..98bf062a08cb11fddb7df95d0bcdec1b1ac3587d 100644 ---- a/test/data/etc/polkit-1/rules.d/10-testing.rules -+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules -@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) { - } - }); - -+polkit.addRule(function(action, subject) { -+ if (action.id == "net.company.john_action") { -+ if (subject.user == "john") { -+ return polkit.Result.YES; -+ } else { -+ return polkit.Result.NO; -+ } -+ } -+}); -+ -+polkit.addRule(function(action, subject) { -+ if (action.id == "net.company.highuid2_action") { -+ if (subject.user == "highuid2") { -+ return polkit.Result.YES; -+ } else { -+ return polkit.Result.NO; -+ } -+ } -+}); -+ -+ - // --------------------------------------------------------------------- - // variables - -diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index b484a26600dbde074ee7d8491f88624fdc83c39c..71aad23e2f5d1a7b15e138f23e6581a31498bad6 100644 ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = { - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - }, -+ -+ { -+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid22)", -+ "net.company.group.only_group_users", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid21)", -+ "net.company.group.only_group_users", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid24)", -+ "net.company.group.only_group_users", -+ "unix-user:2147483648", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid23)", -+ "net.company.group.only_group_users", -+ "unix-user:4000000000", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* john is authorized to do this, see 10-testing.rules */ -+ "john_action", -+ "net.company.john_action", -+ "unix-user:john", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, -+ }, -+ -+ { -+ /* only john is authorized to do this, see 10-testing.rules */ -+ "jane_action", -+ "net.company.john_action", -+ "unix-user:jane", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is authorized to do this, see 10-testing.rules */ -+ "highuid2_action", -+ "net.company.highuid2_action", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, -+ }, -+ -+ { -+ /* only highuid2 is authorized to do this, see 10-testing.rules */ -+ "highuid1_action", -+ "net.company.highuid2_action", -+ "unix-user:highuid1", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, - }; - - /* ---------------------------------------------------------------------------------------------------- */ - diff --git a/bus-conn-msg-ssh.patch b/bus-conn-msg-ssh.patch deleted file mode 100644 index f2dcb1a..0000000 --- a/bus-conn-msg-ssh.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 0ce0a7b3298d7b0fd5ce8c6775bcef9b0caf1bdb Mon Sep 17 00:00:00 2001 -From: David Herrmann -Date: Wed, 4 Jul 2018 13:51:24 +0200 -Subject: [PATCH] polkitagent: suppress disconnect messages - -The polkitagent may be used by pkexec and friends. These might very -well survive until very late during system shutdown. Hence, a -disconnect of polkitd during runtime might be expected [1]. - -This patch silences the disconnect/reconnect messages and turns them -into debug messages. This only affects the polkit-agent, it does not -affect the polkit-daemon implementation. - -[1] https://bugzilla.redhat.com/show_bug.cgi?id=1249627 ---- - src/polkitagent/polkitagentlistener.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c -index debd1bb..1c8b666 100644 ---- a/src/polkitagent/polkitagentlistener.c -+++ b/src/polkitagent/polkitagentlistener.c -@@ -178,10 +178,10 @@ on_notify_authority_owner (GObject *object, - owner = polkit_authority_get_owner (server->authority); - if (owner == NULL) - { -- g_printerr ("PolicyKit daemon disconnected from the bus.\n"); -+ g_debug ("PolicyKit daemon disconnected from the bus.\n"); - - if (server->is_registered) -- g_printerr ("We are no longer a registered authentication agent.\n"); -+ g_debug ("We are no longer a registered authentication agent.\n"); - - server->is_registered = FALSE; - } -@@ -192,17 +192,17 @@ on_notify_authority_owner (GObject *object, - { - GError *error; - -- g_printerr ("PolicyKit daemon reconnected to bus.\n"); -- g_printerr ("Attempting to re-register as an authentication agent.\n"); -+ g_debug ("PolicyKit daemon reconnected to bus.\n"); -+ g_debug ("Attempting to re-register as an authentication agent.\n"); - - error = NULL; - if (server_register (server, &error)) - { -- g_printerr ("We are now a registered authentication agent.\n"); -+ g_debug ("We are now a registered authentication agent.\n"); - } - else - { -- g_printerr ("Failed to register as an authentication agent: %s\n", error->message); -+ g_debug ("Failed to register as an authentication agent: %s\n", error->message); - g_error_free (error); - } - } --- -2.18.0 - diff --git a/pkttyagent-rescue-target-error-msg.patch b/pkttyagent-rescue-target-error-msg.patch deleted file mode 100644 index 0b66c49..0000000 --- a/pkttyagent-rescue-target-error-msg.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c ---- ./src/programs/pkttyagent.c.ori 2018-08-01 15:51:28.495910434 +0200 -+++ ./src/programs/pkttyagent.c 2018-08-02 15:51:45.126311197 +0200 -@@ -150,7 +150,8 @@ main (int argc, char *argv[]) - authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); - if (authority == NULL) - { -- g_printerr ("Error getting authority: %s (%s, %d)\n", -+ g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); -+ g_debug ("Error getting authority: %s (%s, %d)\n", - error->message, g_quark_to_string (error->domain), error->code); - g_error_free (error); - ret = 127; diff --git a/polkit-mozjs60.patch b/polkit-mozjs60.patch deleted file mode 100644 index ead6402..0000000 --- a/polkit-mozjs60.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 7a784410e9308a0886381a1f1cc8908d40015c45 Mon Sep 17 00:00:00 2001 -From: Emmanuele Bassi -Date: Fri, 31 Aug 2018 13:32:16 +0100 -Subject: [PATCH 1/2] Depend on mozjs-60 - -This is the new ESR version of the Mozilla JS engine, superceding -mozjs-52. ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index bfa87dd..1939aba 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) - AC_SUBST(GLIB_CFLAGS) - AC_SUBST(GLIB_LIBS) - --PKG_CHECK_MODULES(LIBJS, [mozjs-52]) -+PKG_CHECK_MODULES(LIBJS, [mozjs-60]) - - AC_SUBST(LIBJS_CFLAGS) - AC_SUBST(LIBJS_CXXFLAGS) --- -2.18.1 - - -From 32bec643480a913d5c06c10bd1ca11a98e013a92 Mon Sep 17 00:00:00 2001 -From: Emmanuele Bassi -Date: Fri, 31 Aug 2018 13:33:20 +0100 -Subject: [PATCH 2/2] Port the JS authority to mozjs-60 - -API changes in mozjs that need to be reflected in the JS authority: - - - the JS::CompileOptions constructor and the JS::CompartmentOptions - do not allow setting a JS version any more - - - do not use NULL comparisons for C++ objects - - - the resize() method for a vector has a return value that needs - to be handled - - - JSClassOps has different fields ---- - .../polkitbackendjsauthority.cpp | 65 +++++++++---------- - 1 file changed, 32 insertions(+), 33 deletions(-) - -diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 7602714..984a0f0 100644 ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC - /* ---------------------------------------------------------------------------------------------------- */ - - static const struct JSClassOps js_global_class_ops = { -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL -+ nullptr, // addProperty -+ nullptr, // deleteProperty -+ nullptr, // enumerate -+ nullptr, // newEnumerate -+ nullptr, // resolve -+ nullptr, // mayResolve -+ nullptr, // finalize -+ nullptr, // call -+ nullptr, // hasInstance -+ nullptr, // construct -+ JS_GlobalObjectTraceHook - }; - - static JSClass js_global_class = { -@@ -172,18 +171,17 @@ static JSClass js_global_class = { - - /* ---------------------------------------------------------------------------------------------------- */ - static const struct JSClassOps js_polkit_class_ops = { -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL -+ nullptr, // addProperty -+ nullptr, // deleteProperty -+ nullptr, // enumerate -+ nullptr, // newEnumerate -+ nullptr, // resolve -+ nullptr, // mayResolve -+ nullptr, // finalize -+ nullptr, // call -+ nullptr, // hasInstance -+ nullptr, // construct -+ nullptr // trace - }; - - static JSClass js_polkit_class = { -@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object) - - { - JS::CompartmentOptions compart_opts; -- compart_opts.behaviors().setVersion(JSVERSION_LATEST); -+ - JS::RootedObject global(authority->priv->cx); - - authority->priv->js_global = new JS::Heap (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts)); - - global = authority->priv->js_global->get (); -- -- if (global == NULL) -+ if (!global) - goto fail; - - authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global); - -- if (authority->priv->ac == NULL) -+ if (!authority->priv->ac) - goto fail; - - if (!JS_InitStandardClasses (authority->priv->cx, global)) -@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object) - - polkit = authority->priv->js_polkit->get (); - -- if (polkit == NULL) -+ if (!polkit) - goto fail; - - if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE)) -@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object) - js_polkit_functions)) - goto fail; - -- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); -+ JS::CompileOptions options(authority->priv->cx); - JS::RootedValue rval(authority->priv->cx); - if (!JS::Evaluate (authority->priv->cx, - options, -@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority, - JS::AutoValueVector elems(authority->priv->cx); - guint n; - -- elems.resize(value->len); -+ if (!elems.resize(value->len)) -+ g_error ("Unable to resize vector"); -+ - for (n = 0; n < value->len; n++) - { - const char *c_string = (const char *) g_ptr_array_index(value, n); -@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority, - GError **error) - { - gboolean ret = FALSE; -- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); -+ JS::CompileOptions options(authority->priv->cx); - const char *src; - JS::RootedObject obj(authority->priv->cx); - pid_t pid; -@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority, - GError **error) - { - gboolean ret = FALSE; -- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); -+ JS::CompileOptions options(authority->priv->cx); - const char *src; - JS::RootedObject obj(authority->priv->cx); - gchar **keys; --- -2.18.1 - diff --git a/polkit.spec b/polkit.spec index c4183ee..05d9a06 100644 --- a/polkit.spec +++ b/polkit.spec @@ -5,24 +5,13 @@ Summary: An authorization framework Name: polkit -Version: 0.115 -Release: 11%{?dist} +Version: 0.116 +Release: 1%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/polkit Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign -Patch1: polkitagentlistener-freed-server-returned.patch -Patch2: pkttyagent-rescue-target-error-msg.patch -Patch3: bus-conn-msg-ssh.patch -Patch4: spawning-zombie-processes.patch -Patch5: CVE-2018-19788.patch -Patch6: 0001-backend-Compare-PolkitUnixProcess-uids-for-temporary.patch -Patch7: Allow-uid-of-1-for-a-PolkitUnixProcess.patch -# https://gitlab.freedesktop.org/polkit/polkit/merge_requests/4 -Patch8: polkit-mozjs60.patch -Patch9: tty-echo-disabled-on-sigint.patch - BuildRequires: gcc-c++ BuildRequires: glib2-devel >= 2.30.0 BuildRequires: expat-devel @@ -185,6 +174,9 @@ exit 0 %{_libdir}/girepository-1.0/*.typelib %changelog +* Thu May 02 2019 Pete Walter - 0.116-1 +- Update to 0.116 + * Thu Feb 14 2019 Jan Rybar - 0.115-11 - pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM diff --git a/polkitagentlistener-freed-server-returned.patch b/polkitagentlistener-freed-server-returned.patch deleted file mode 100644 index 92b08c1..0000000 --- a/polkitagentlistener-freed-server-returned.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up ./src/polkitagent/polkitagentlistener.c.ori ./src/polkitagent/polkitagentlistener.c ---- ./src/polkitagent/polkitagentlistener.c.ori 2018-07-20 13:57:11.435302272 +0200 -+++ ./src/polkitagent/polkitagentlistener.c 2018-07-20 13:57:30.427321200 +0200 -@@ -439,6 +439,7 @@ polkit_agent_listener_register_with_opti - server->thread_initialization_error = NULL; - g_thread_join (server->thread); - server_free (server); -+ server = NULL; - goto out; - } - } diff --git a/sources b/sources index af8aecb..ba9a399 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (polkit-0.115.tar.gz) = 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc -SHA512 (polkit-0.115.tar.gz.sign) = 4bca532119c7da3939dd63f031e2059c14392bd142b4de3733f76d7589a917471735e8ac157946a7f2f051c6748e70291f8484f9aa481b7feb326d3484d715cd +SHA512 (polkit-0.116.tar.gz) = b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5 +SHA512 (polkit-0.116.tar.gz.sign) = f3721461d3ddfdcd9b22458ebce54f42a6db763d684b2369d961430bd4000eed0a610d2df361a54e2d3b2c5656fbd94f48ce5a0bc071e4641667b80d998bb730 diff --git a/spawning-zombie-processes.patch b/spawning-zombie-processes.patch deleted file mode 100644 index 9cb1bf7..0000000 --- a/spawning-zombie-processes.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up ./src/polkitbackend/polkitbackendjsauthority.cpp.ori ./src/polkitbackend/polkitbackendjsauthority.cpp ---- ./src/polkitbackend/polkitbackendjsauthority.cpp.ori 2018-04-03 22:57:57.000000000 +0200 -+++ ./src/polkitbackend/polkitbackendjsauthority.cpp 2018-08-14 16:47:48.416993302 +0200 -@@ -1595,7 +1595,8 @@ utils_spawn_data_free (UtilsSpawnData *d - (GSourceFunc) utils_child_watch_from_release_cb, - source, - (GDestroyNotify) g_source_destroy); -- g_source_attach (source, data->main_context); -+ /* attach source to the global default main context */ -+ g_source_attach (source, NULL); - g_source_unref (source); - data->child_pid = 0; - } diff --git a/tty-echo-disabled-on-sigint.patch b/tty-echo-disabled-on-sigint.patch deleted file mode 100644 index 9c5eca9..0000000 --- a/tty-echo-disabled-on-sigint.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c -index 3f324b8..3c8d502 100644 ---- a/src/programs/pkttyagent.c -+++ b/src/programs/pkttyagent.c -@@ -25,11 +25,44 @@ - - #include - #include -+#include -+#include - #include - #include - #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE - #include - -+ -+static volatile sig_atomic_t tty_flags_saved; -+struct termios ts; -+FILE *tty = NULL; -+struct sigaction savesigterm, savesigint, savesigtstp; -+ -+ -+static void tty_handler(int signal) -+{ -+ switch (signal) -+ { -+ case SIGTERM: -+ sigaction (SIGTERM, &savesigterm, NULL); -+ break; -+ case SIGINT: -+ sigaction (SIGINT, &savesigint, NULL); -+ break; -+ case SIGTSTP: -+ sigaction (SIGTSTP, &savesigtstp, NULL); -+ break; -+ } -+ -+ if (tty_flags_saved) -+ { -+ tcsetattr (fileno (tty), TCSAFLUSH, &ts); -+ } -+ -+ kill(getpid(), signal); -+} -+ -+ - int - main (int argc, char *argv[]) - { -@@ -74,6 +107,8 @@ main (int argc, char *argv[]) - GMainLoop *loop = NULL; - guint ret = 126; - GVariantBuilder builder; -+ struct sigaction sa; -+ const char *tty_name = NULL; - - /* Disable remote file access from GIO. */ - setenv ("GIO_USE_VFS", "local", 1); -@@ -212,6 +247,27 @@ main (int argc, char *argv[]) - } - } - -+/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), -+ but due to threading the handlers cannot take care of the signal there. -+ Though if controlling terminal cannot be found, the world won't stop spinning. -+*/ -+ tty_name = ctermid(NULL); -+ if (tty_name != NULL) -+ { -+ tty = fopen(tty_name, "r+"); -+ } -+ -+ if (tty != NULL && !tcgetattr (fileno (tty), &ts)) -+ { -+ tty_flags_saved = TRUE; -+ } -+ -+ memset (&sa, 0, sizeof (sa)); -+ sa.sa_handler = &tty_handler; -+ sigaction (SIGTERM, &sa, &savesigterm); -+ sigaction (SIGINT, &sa, &savesigint); -+ sigaction (SIGTSTP, &sa, &savesigtstp); -+ - loop = g_main_loop_new (NULL, FALSE); - g_main_loop_run (loop); -