import polkit-0.115-11.el8
This commit is contained in:
parent
287de109d8
commit
caac13d300
20
SOURCES/polkit-0.115-allow-uid-of-1.patch
Normal file
20
SOURCES/polkit-0.115-allow-uid-of-1.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff -up ./src/polkit/polkitunixprocess.c.ori ./src/polkit/polkitunixprocess.c
|
||||
--- ./src/polkit/polkitunixprocess.c.ori 2019-02-06 16:47:23.460666237 +0100
|
||||
+++ ./src/polkit/polkitunixprocess.c 2019-02-06 16:47:43.846573792 +0100
|
||||
@@ -211,14 +211,9 @@ polkit_unix_process_set_property (GObjec
|
||||
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
|
||||
break;
|
||||
|
||||
- case PROP_UID: {
|
||||
- gint val;
|
||||
-
|
||||
- val = g_value_get_int (value);
|
||||
- g_return_if_fail (val != -1);
|
||||
- polkit_unix_process_set_uid (unix_process, val);
|
||||
+ case PROP_UID:
|
||||
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
|
||||
break;
|
||||
- }
|
||||
|
||||
case PROP_START_TIME:
|
||||
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
|
19
SOURCES/polkit-0.115-jsauthority-memleak.patch
Normal file
19
SOURCES/polkit-0.115-jsauthority-memleak.patch
Normal file
@ -0,0 +1,19 @@
|
||||
commit 28e3a6653d8c3777b07e0128a0d97d46e586e311
|
||||
Author: Jan Rybar <jrybar@redhat.com>
|
||||
Date: Tue Oct 8 13:28:18 2019 +0000
|
||||
|
||||
jsauthority: Fix two minor memory leaks
|
||||
|
||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
index 9b752d1..e97b8aa 100644
|
||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
@@ -567,6 +567,8 @@ polkit_backend_js_authority_finalize (GObject *object)
|
||||
g_strfreev (authority->priv->rules_dirs);
|
||||
|
||||
delete authority->priv->ac;
|
||||
+ delete authority->priv->js_global;
|
||||
+ delete authority->priv->js_polkit;
|
||||
|
||||
JS_DestroyContext (authority->priv->cx);
|
||||
/* JS_ShutDown (); */
|
148
SOURCES/polkit-0.115-move-to-mozjs60.patch
Normal file
148
SOURCES/polkit-0.115-move-to-mozjs60.patch
Normal file
@ -0,0 +1,148 @@
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 5c37e481147466fd5a3a0a6b814f20fd2fe6bce8..5cedb4eca980f050fb5855ab577e93100adf8fec 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
||||
AC_SUBST(GLIB_CFLAGS)
|
||||
AC_SUBST(GLIB_LIBS)
|
||||
|
||||
-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
|
||||
+PKG_CHECK_MODULES(LIBJS, [mozjs-60])
|
||||
|
||||
AC_SUBST(LIBJS_CFLAGS)
|
||||
AC_SUBST(LIBJS_CXXFLAGS)
|
||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
index 76027149d4dfdc54064be48a3aeafeec8326a67b..984a0f0e579d51c09117f4e495b0c3fdc46fe61b 100644
|
||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
|
||||
/* ---------------------------------------------------------------------------------------------------- */
|
||||
|
||||
static const struct JSClassOps js_global_class_ops = {
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL
|
||||
+ nullptr, // addProperty
|
||||
+ nullptr, // deleteProperty
|
||||
+ nullptr, // enumerate
|
||||
+ nullptr, // newEnumerate
|
||||
+ nullptr, // resolve
|
||||
+ nullptr, // mayResolve
|
||||
+ nullptr, // finalize
|
||||
+ nullptr, // call
|
||||
+ nullptr, // hasInstance
|
||||
+ nullptr, // construct
|
||||
+ JS_GlobalObjectTraceHook
|
||||
};
|
||||
|
||||
static JSClass js_global_class = {
|
||||
@@ -172,18 +171,17 @@ static JSClass js_global_class = {
|
||||
|
||||
/* ---------------------------------------------------------------------------------------------------- */
|
||||
static const struct JSClassOps js_polkit_class_ops = {
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL,
|
||||
- NULL
|
||||
+ nullptr, // addProperty
|
||||
+ nullptr, // deleteProperty
|
||||
+ nullptr, // enumerate
|
||||
+ nullptr, // newEnumerate
|
||||
+ nullptr, // resolve
|
||||
+ nullptr, // mayResolve
|
||||
+ nullptr, // finalize
|
||||
+ nullptr, // call
|
||||
+ nullptr, // hasInstance
|
||||
+ nullptr, // construct
|
||||
+ nullptr // trace
|
||||
};
|
||||
|
||||
static JSClass js_polkit_class = {
|
||||
@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
|
||||
|
||||
{
|
||||
JS::CompartmentOptions compart_opts;
|
||||
- compart_opts.behaviors().setVersion(JSVERSION_LATEST);
|
||||
+
|
||||
JS::RootedObject global(authority->priv->cx);
|
||||
|
||||
authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
|
||||
|
||||
global = authority->priv->js_global->get ();
|
||||
-
|
||||
- if (global == NULL)
|
||||
+ if (!global)
|
||||
goto fail;
|
||||
|
||||
authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
|
||||
|
||||
- if (authority->priv->ac == NULL)
|
||||
+ if (!authority->priv->ac)
|
||||
goto fail;
|
||||
|
||||
if (!JS_InitStandardClasses (authority->priv->cx, global))
|
||||
@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
|
||||
|
||||
polkit = authority->priv->js_polkit->get ();
|
||||
|
||||
- if (polkit == NULL)
|
||||
+ if (!polkit)
|
||||
goto fail;
|
||||
|
||||
if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
|
||||
@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
|
||||
js_polkit_functions))
|
||||
goto fail;
|
||||
|
||||
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
|
||||
+ JS::CompileOptions options(authority->priv->cx);
|
||||
JS::RootedValue rval(authority->priv->cx);
|
||||
if (!JS::Evaluate (authority->priv->cx,
|
||||
options,
|
||||
@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority,
|
||||
JS::AutoValueVector elems(authority->priv->cx);
|
||||
guint n;
|
||||
|
||||
- elems.resize(value->len);
|
||||
+ if (!elems.resize(value->len))
|
||||
+ g_error ("Unable to resize vector");
|
||||
+
|
||||
for (n = 0; n < value->len; n++)
|
||||
{
|
||||
const char *c_string = (const char *) g_ptr_array_index(value, n);
|
||||
@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
|
||||
GError **error)
|
||||
{
|
||||
gboolean ret = FALSE;
|
||||
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
|
||||
+ JS::CompileOptions options(authority->priv->cx);
|
||||
const char *src;
|
||||
JS::RootedObject obj(authority->priv->cx);
|
||||
pid_t pid;
|
||||
@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
|
||||
GError **error)
|
||||
{
|
||||
gboolean ret = FALSE;
|
||||
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
|
||||
+ JS::CompileOptions options(authority->priv->cx);
|
||||
const char *src;
|
||||
JS::RootedObject obj(authority->priv->cx);
|
||||
gchar **keys;
|
||||
|
12
SOURCES/polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
Normal file
12
SOURCES/polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
|
||||
--- ./src/programs/pkttyagent.c.ori 2019-09-27 14:14:35.096310576 +0200
|
||||
+++ ./src/programs/pkttyagent.c 2019-09-27 14:14:56.988586737 +0200
|
||||
@@ -55,7 +55,7 @@ static void tty_handler(int signal)
|
||||
|
||||
if (tty_flags_saved)
|
||||
{
|
||||
- tcsetattr (fileno (tty), TCSAFLUSH, &ts);
|
||||
+ tcsetattr (fileno (tty), TCSADRAIN, &ts);
|
||||
}
|
||||
|
||||
kill(getpid(), signal);
|
94
SOURCES/polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
Normal file
94
SOURCES/polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
Normal file
@ -0,0 +1,94 @@
|
||||
commit bfb722bbe5a503095cc7e860f282b142f5aa75f1
|
||||
Author: Jan Rybar <jrybar@redhat.com>
|
||||
Date: Fri Mar 15 16:07:53 2019 +0000
|
||||
|
||||
pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
|
||||
|
||||
If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there.
|
||||
|
||||
diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
|
||||
index 3f324b8..3c8d502 100644
|
||||
--- a/src/programs/pkttyagent.c
|
||||
+++ b/src/programs/pkttyagent.c
|
||||
@@ -25,11 +25,44 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
+#include <signal.h>
|
||||
+#include <termios.h>
|
||||
#include <glib/gi18n.h>
|
||||
#include <polkit/polkit.h>
|
||||
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
|
||||
#include <polkitagent/polkitagent.h>
|
||||
|
||||
+
|
||||
+static volatile sig_atomic_t tty_flags_saved;
|
||||
+struct termios ts;
|
||||
+FILE *tty = NULL;
|
||||
+struct sigaction savesigterm, savesigint, savesigtstp;
|
||||
+
|
||||
+
|
||||
+static void tty_handler(int signal)
|
||||
+{
|
||||
+ switch (signal)
|
||||
+ {
|
||||
+ case SIGTERM:
|
||||
+ sigaction (SIGTERM, &savesigterm, NULL);
|
||||
+ break;
|
||||
+ case SIGINT:
|
||||
+ sigaction (SIGINT, &savesigint, NULL);
|
||||
+ break;
|
||||
+ case SIGTSTP:
|
||||
+ sigaction (SIGTSTP, &savesigtstp, NULL);
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if (tty_flags_saved)
|
||||
+ {
|
||||
+ tcsetattr (fileno (tty), TCSAFLUSH, &ts);
|
||||
+ }
|
||||
+
|
||||
+ kill(getpid(), signal);
|
||||
+}
|
||||
+
|
||||
+
|
||||
int
|
||||
main (int argc, char *argv[])
|
||||
{
|
||||
@@ -74,6 +107,8 @@ main (int argc, char *argv[])
|
||||
GMainLoop *loop = NULL;
|
||||
guint ret = 126;
|
||||
GVariantBuilder builder;
|
||||
+ struct sigaction sa;
|
||||
+ const char *tty_name = NULL;
|
||||
|
||||
/* Disable remote file access from GIO. */
|
||||
setenv ("GIO_USE_VFS", "local", 1);
|
||||
@@ -212,6 +247,27 @@ main (int argc, char *argv[])
|
||||
}
|
||||
}
|
||||
|
||||
+/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(),
|
||||
+ but due to threading the handlers cannot take care of the signal there.
|
||||
+ Though if controlling terminal cannot be found, the world won't stop spinning.
|
||||
+*/
|
||||
+ tty_name = ctermid(NULL);
|
||||
+ if (tty_name != NULL)
|
||||
+ {
|
||||
+ tty = fopen(tty_name, "r+");
|
||||
+ }
|
||||
+
|
||||
+ if (tty != NULL && !tcgetattr (fileno (tty), &ts))
|
||||
+ {
|
||||
+ tty_flags_saved = TRUE;
|
||||
+ }
|
||||
+
|
||||
+ memset (&sa, 0, sizeof (sa));
|
||||
+ sa.sa_handler = &tty_handler;
|
||||
+ sigaction (SIGTERM, &sa, &savesigterm);
|
||||
+ sigaction (SIGINT, &sa, &savesigint);
|
||||
+ sigaction (SIGTSTP, &sa, &savesigtstp);
|
||||
+
|
||||
loop = g_main_loop_new (NULL, FALSE);
|
||||
g_main_loop_run (loop);
|
||||
|
@ -1,12 +1,12 @@
|
||||
# Only enable if using patches that touches configure.ac,
|
||||
# Makefile.am or other build system related files
|
||||
#
|
||||
#define enable_autoreconf 1
|
||||
%define enable_autoreconf 1
|
||||
|
||||
Summary: An authorization framework
|
||||
Name: polkit
|
||||
Version: 0.115
|
||||
Release: 6%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: http://www.freedesktop.org/wiki/Software/polkit
|
||||
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||
@ -20,6 +20,11 @@ Patch3: polkit-0.115-polkitagentlistener-res-leak.patch
|
||||
Patch4: polkit-0.115-spawning-zombie-processes.patch
|
||||
Patch5: polkit-0.115-CVE-2018-19788.patch
|
||||
Patch6: polkit-0.115-CVE-2019-6133.patch
|
||||
Patch7: polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
|
||||
Patch8: polkit-0.115-allow-uid-of-1.patch
|
||||
Patch9: polkit-0.115-move-to-mozjs60.patch
|
||||
Patch10: polkit-0.115-jsauthority-memleak.patch
|
||||
Patch11: polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
|
||||
|
||||
|
||||
BuildRequires: gcc-c++
|
||||
@ -30,7 +35,7 @@ BuildRequires: gtk-doc
|
||||
BuildRequires: intltool
|
||||
BuildRequires: gobject-introspection-devel
|
||||
BuildRequires: systemd, systemd-devel
|
||||
BuildRequires: pkgconfig(mozjs-52)
|
||||
BuildRequires: pkgconfig(mozjs-60)
|
||||
BuildRequires: git
|
||||
|
||||
%if 0%{?enable_autoreconf}
|
||||
@ -114,7 +119,7 @@ export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
|
||||
--disable-static \
|
||||
--enable-introspection \
|
||||
--disable-examples \
|
||||
--enable-libsystemd-login=yes --with-mozjs=mozjs-17.0
|
||||
--enable-libsystemd-login=yes
|
||||
make V=1
|
||||
|
||||
%install
|
||||
@ -185,6 +190,28 @@ exit 0
|
||||
%{_libdir}/girepository-1.0/*.typelib
|
||||
|
||||
%changelog
|
||||
* Mon Nov 04 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
|
||||
- pkttyagent: resetting terminal erases rest of input line
|
||||
- Resolves: rhbz#1757853
|
||||
|
||||
* Tue Oct 29 2019 Jan Rybar <jrybar@redhat.com> - 0.115-10
|
||||
- Fix of jasuthority memleak
|
||||
- Resolves: rhbz#1745918
|
||||
|
||||
* Tue Sep 10 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
|
||||
- Rebuild to reflect mozjs60 s390 abi change
|
||||
- Related: rhbz#1746889
|
||||
|
||||
* Thu Jun 13 2019 Jan Rybar <jrybar@redhat.com> - 0.115-8
|
||||
- Backport changing dependency to mozjs60
|
||||
- Resolves: rhbz#1729416
|
||||
|
||||
* Thu Jun 13 2019 Jan Rybar <jrybar@redhat.com> - 0.115-7
|
||||
- pkttyagent: polkit-agent-helper-1 timeout leaves tty echo disabled
|
||||
- Mitigation of regression caused by fix of CVE-2018-19788
|
||||
- Resolves: rhbz#1693781
|
||||
- Resolves: rhbz#1693814
|
||||
|
||||
* Mon Jan 21 2019 Jan Rybar <jrybar@redhat.com> - 0.115-6
|
||||
- Fix of CVE-2019-6133, PID reuse via slow fork
|
||||
- Resolves: rhbz#1667778
|
||||
|
Loading…
Reference in New Issue
Block a user