diff options
| -rw-r--r-- | meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch | 33 | ||||
| -rw-r--r-- | meta-oe/recipes-extended/polkit/polkit_0.116.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch b/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch new file mode 100644 index 0000000000..76308ffdb9 --- /dev/null +++ b/meta-oe/recipes-extended/polkit/polkit/CVE-2021-3560.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jan Rybar <jrybar@redhat.com> | ||
| 3 | Date: Wed, 2 Jun 2021 15:43:38 +0200 | ||
| 4 | Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit | ||
| 5 | |||
| 6 | initial values returned if error caught | ||
| 7 | |||
| 8 | CVE: CVE-2021-3560 | ||
| 9 | |||
| 10 | Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81] | ||
| 11 | |||
| 12 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
| 13 | --- | ||
| 14 | src/polkit/polkitsystembusname.c | 3 +++ | ||
| 15 | 1 file changed, 3 insertions(+) | ||
| 16 | |||
| 17 | diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c | ||
| 18 | index 8daa12c..8ed1363 100644 | ||
| 19 | --- a/src/polkit/polkitsystembusname.c | ||
| 20 | +++ b/src/polkit/polkitsystembusname.c | ||
| 21 | @@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus | ||
| 22 | while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) | ||
| 23 | g_main_context_iteration (tmp_context, TRUE); | ||
| 24 | |||
| 25 | + if (data.caught_error) | ||
| 26 | + goto out; | ||
| 27 | + | ||
| 28 | if (out_uid) | ||
| 29 | *out_uid = data.uid; | ||
| 30 | if (out_pid) | ||
| 31 | -- | ||
| 32 | 2.29.2 | ||
| 33 | |||
diff --git a/meta-oe/recipes-extended/polkit/polkit_0.116.bb b/meta-oe/recipes-extended/polkit/polkit_0.116.bb index aceb68699d..ac48cf6c26 100644 --- a/meta-oe/recipes-extended/polkit/polkit_0.116.bb +++ b/meta-oe/recipes-extended/polkit/polkit_0.116.bb | |||
| @@ -25,6 +25,7 @@ PAM_SRC_URI = "file://polkit-1_pam.patch" | |||
| 25 | SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ | 25 | SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ |
| 26 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | 26 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ |
| 27 | file://0003-make-netgroup-support-optional.patch \ | 27 | file://0003-make-netgroup-support-optional.patch \ |
| 28 | file://CVE-2021-3560.patch \ | ||
| 28 | file://CVE-2021-4034.patch \ | 29 | file://CVE-2021-4034.patch \ |
| 29 | file://0001-GHSL-2021-074-authentication-bypass-vulnerability-in.patch \ | 30 | file://0001-GHSL-2021-074-authentication-bypass-vulnerability-in.patch \ |
| 30 | file://CVE-2021-4115.patch \ | 31 | file://CVE-2021-4115.patch \ |
