summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Goldstein <cardoe@gentoo.org>2013-09-19 16:07:41 +0000
committerDoug Goldstein <cardoe@gentoo.org>2013-09-19 16:07:41 +0000
commit7e1708b0a078ba36e73c2851de9f336ab448ebfb (patch)
tree3d0cef646e1e3c09815b6f9073420b9c753255f9 /sys-auth/polkit
parentgnu_andrew never wanted to be a proxied maintainer for this package and has a... (diff)
downloadgentoo-2-7e1708b0a078ba36e73c2851de9f336ab448ebfb.tar.gz
gentoo-2-7e1708b0a078ba36e73c2851de9f336ab448ebfb.tar.bz2
gentoo-2-7e1708b0a078ba36e73c2851de9f336ab448ebfb.zip
Bump for CVE-2013-4288
(Portage version: 2.2.1/cvs/Linux x86_64, signed Manifest commit with key D7DFA8D318FA9AEF!)
Diffstat (limited to 'sys-auth/polkit')
-rw-r--r--sys-auth/polkit/ChangeLog8
-rw-r--r--sys-auth/polkit/files/polkit-0.110-CVE-2013-4288.patch113
-rw-r--r--sys-auth/polkit/polkit-0.110-r1.ebuild108
3 files changed, 228 insertions, 1 deletions
diff --git a/sys-auth/polkit/ChangeLog b/sys-auth/polkit/ChangeLog
index 7afab09007f8..91ec967436e5 100644
--- a/sys-auth/polkit/ChangeLog
+++ b/sys-auth/polkit/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for sys-auth/polkit
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.147 2013/09/19 15:47:54 cardoe Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.148 2013/09/19 16:07:41 cardoe Exp $
+
+*polkit-0.110-r1 (19 Sep 2013)
+
+ 19 Sep 2013; Doug Goldstein <cardoe@gentoo.org>
+ +files/polkit-0.110-CVE-2013-4288.patch, +polkit-0.110-r1.ebuild:
+ Bump for CVE-2013-4288
*polkit-0.112 (19 Sep 2013)
diff --git a/sys-auth/polkit/files/polkit-0.110-CVE-2013-4288.patch b/sys-auth/polkit/files/polkit-0.110-CVE-2013-4288.patch
new file mode 100644
index 000000000000..af2d7f276046
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.110-CVE-2013-4288.patch
@@ -0,0 +1,113 @@
+commit c3502abf72c0c098adb40d7e362e94f93844a6b1
+Author: Colin Walters <walters@verbum.org>
+Date: Mon Aug 19 12:16:11 2013 -0400
+
+ pkcheck: Support --process=pid,start-time,uid syntax too
+
+ The uid is a new addition; this allows callers such as libvirt to
+ close a race condition in reading the uid of the process talking to
+ them. They can read it via getsockopt(SO_PEERCRED) or equivalent,
+ rather than having pkcheck look at /proc later after the fact.
+
+ Programs which invoke pkcheck but need to know beforehand (i.e. at
+ compile time) whether or not it supports passing the uid can
+ use:
+
+ pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
+ test x$pkcheck_supports_uid = xyes
+ (cherry picked from commit 3968411b0c7ba193f9b9276ec911692aec248608)
+
+ Conflicts:
+ src/programs/pkcheck.c
+
+diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
+index c39677d..5c4c620 100644
+--- a/data/polkit-gobject-1.pc.in
++++ b/data/polkit-gobject-1.pc.in
+@@ -11,3 +11,6 @@ Version: @VERSION@
+ Libs: -L${libdir} -lpolkit-gobject-1
+ Cflags: -I${includedir}/polkit-1
+ Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
++# Programs using pkcheck can use this to determine
++# whether or not it can be passed a uid.
++pkcheck_supports_uid=true
+diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml
+index fc54054..c856ca4 100644
+--- a/docs/man/pkcheck.xml
++++ b/docs/man/pkcheck.xml
+@@ -55,6 +55,9 @@
+ <arg choice="plain">
+ <replaceable>pid,pid-start-time</replaceable>
+ </arg>
++ <arg choice="plain">
++ <replaceable>pid,pid-start-time,uid</replaceable>
++ </arg>
+ </group>
+ </arg>
+ <arg choice="plain">
+@@ -90,7 +93,7 @@
+ <title>DESCRIPTION</title>
+ <para>
+ <command>pkcheck</command> is used to check whether a process, specified by
+- either <option>--process</option> or <option>--system-bus-name</option>,
++ either <option>--process</option> (see below) or <option>--system-bus-name</option>,
+ is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
+ option can be used zero or more times to pass details about <replaceable>action</replaceable>.
+ If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
+@@ -160,15 +163,23 @@ KEY3=VALUE3
+ <refsect1 id="pkcheck-notes">
+ <title>NOTES</title>
+ <para>
+- Since process identifiers can be recycled, the caller should always use
+- <replaceable>pid,pid-start-time</replaceable> to specify the process
+- to check for authorization when using the <option>--process</option> option.
+- The value of <replaceable>pid-start-time</replaceable>
+- can be determined by consulting e.g. the
++ Do not use either the bare <replaceable>pid</replaceable> or
++ <replaceable>pid,start-time</replaceable> syntax forms for
++ <option>--process</option>. There are race conditions in both.
++ New code should always use
++ <replaceable>pid,pid-start-time,uid</replaceable>. The value of
++ <replaceable>start-time</replaceable> can be determined by
++ consulting e.g. the
+ <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+- file system depending on the operating system. If only <replaceable>pid</replaceable>
+- is passed to the <option>--process</option> option, then <command>pkcheck</command>
+- will look up the start time itself but note that this may be racy.
++ file system depending on the operating system. If fewer than 3
++ arguments are passed, <command>pkcheck</command> will attempt to
++ look up them up internally, but note that this may be racy.
++ </para>
++ <para>
++ If your program is a daemon with e.g. a custom Unix domain
++ socket, you should determine the <replaceable>uid</replaceable>
++ parameter via operating system mechanisms such as
++ <literal>PEERCRED</literal>.
+ </para>
+ </refsect1>
+
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index 719a36c..057e926 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -372,6 +372,7 @@ main (int argc, char *argv[])
+ else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0)
+ {
+ gint pid;
++ guint uid;
+ guint64 pid_start_time;
+
+ n++;
+@@ -381,7 +382,11 @@ main (int argc, char *argv[])
+ goto out;
+ }
+
+- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3)
++ {
++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid);
++ }
++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
+ {
+ subject = polkit_unix_process_new_full (pid, pid_start_time);
+ }
diff --git a/sys-auth/polkit/polkit-0.110-r1.ebuild b/sys-auth/polkit/polkit-0.110-r1.ebuild
new file mode 100644
index 000000000000..22cc715317de
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.110-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/polkit-0.110-r1.ebuild,v 1.1 2013/09/19 16:07:41 cardoe Exp $
+
+EAPI=5
+inherit eutils multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="examples gtk +introspection kde nls pam selinux systemd"
+
+RDEPEND="=dev-lang/spidermonkey-1.8.5*[-debug]
+ >=dev-libs/glib-2.32
+ >=dev-libs/expat-2:=
+ introspection? ( >=dev-libs/gobject-introspection-1 )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ selinux? ( sec-policy/selinux-policykit )
+ systemd? ( sys-apps/systemd )"
+DEPEND="${RDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/intltool
+ virtual/pkgconfig"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ lxde-base/lxpolkit
+ ) )
+ kde? ( sys-auth/polkit-kde-agent )
+ !systemd? ( sys-auth/consolekit[policykit] )"
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ epatch "${FILESDIR}"/polkit-0.110-CVE-2013-4288.patch
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --enable-man-pages \
+ --disable-gtk-doc \
+ $(use_enable systemd libsystemd-login) \
+ $(use_enable introspection) \
+ --disable-examples \
+ $(use_enable nls) \
+ --with-mozjs=mozjs185 \
+ "$(systemd_with_unitdir)" \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ --with-os-type=gentoo
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest'
+ local m='mr'
+ pax-mark ${m} ${f}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ dodoc docs/TODO HACKING NEWS README
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ prune_libtool_files
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}