Page MenuHomeSolus
Files F10844005

D13356.id32670.diff
No OneTemporary
Actions

D13356.id32670.diff
View Options

diff --git a/abi_libs b/abi_libs
--- a/abi_libs
+++ b/abi_libs
@@ -1,9 +1,2 @@
libpolkit-agent-1.so.0
libpolkit-gobject-1.so.0
-pk-example-frobnicate
-pkaction
-pkcheck
-pkexec
-pkttyagent
-polkit-agent-helper-1
-polkitd
diff --git a/abi_symbols b/abi_symbols
--- a/abi_symbols
+++ b/abi_symbols
@@ -160,91 +160,3 @@
libpolkit-gobject-1.so.0:polkit_unix_user_new
libpolkit-gobject-1.so.0:polkit_unix_user_new_for_name
libpolkit-gobject-1.so.0:polkit_unix_user_set_uid
-pk-example-frobnicate:_IO_stdin_used
-pk-example-frobnicate:__bss_start
-pk-example-frobnicate:__data_start
-pk-example-frobnicate:_edata
-pk-example-frobnicate:_end
-pk-example-frobnicate:_start
-pk-example-frobnicate:main
-pkaction:_IO_stdin_used
-pkaction:__bss_start
-pkaction:__data_start
-pkaction:_edata
-pkaction:_end
-pkaction:_start
-pkaction:main
-pkcheck:_IO_stdin_used
-pkcheck:__bss_start
-pkcheck:__data_start
-pkcheck:_edata
-pkcheck:_end
-pkcheck:_start
-pkcheck:main
-pkexec:_IO_stdin_used
-pkexec:__bss_start
-pkexec:__data_start
-pkexec:_edata
-pkexec:_end
-pkexec:_start
-pkexec:main
-pkttyagent:_IO_stdin_used
-pkttyagent:__bss_start
-pkttyagent:__data_start
-pkttyagent:_edata
-pkttyagent:_end
-pkttyagent:_start
-pkttyagent:main
-polkit-agent-helper-1:_IO_stdin_used
-polkit-agent-helper-1:__bss_start
-polkit-agent-helper-1:__data_start
-polkit-agent-helper-1:_edata
-polkit-agent-helper-1:_end
-polkit-agent-helper-1:_polkit_clearenv
-polkit-agent-helper-1:_start
-polkit-agent-helper-1:flush_and_wait
-polkit-agent-helper-1:main
-polkit-agent-helper-1:read_cookie
-polkit-agent-helper-1:send_dbus_message
-polkitd:_IO_stdin_used
-polkitd:__bss_start
-polkitd:__data_start
-polkitd:_edata
-polkitd:_end
-polkitd:_start
-polkitd:main
-polkitd:policy_file_free
-polkitd:policy_file_new_from_path
-polkitd:policy_file_test
-polkitd:polkit_backend_action_pool_get_action
-polkitd:polkit_backend_action_pool_get_all_actions
-polkitd:polkit_backend_action_pool_get_type
-polkitd:polkit_backend_action_pool_new
-polkitd:polkit_backend_authority_authentication_agent_response
-polkitd:polkit_backend_authority_check_authorization
-polkitd:polkit_backend_authority_check_authorization_finish
-polkitd:polkit_backend_authority_enumerate_actions
-polkitd:polkit_backend_authority_enumerate_temporary_authorizations
-polkitd:polkit_backend_authority_get
-polkitd:polkit_backend_authority_get_features
-polkitd:polkit_backend_authority_get_name
-polkitd:polkit_backend_authority_get_type
-polkitd:polkit_backend_authority_get_version
-polkitd:polkit_backend_authority_log
-polkitd:polkit_backend_authority_register
-polkitd:polkit_backend_authority_register_authentication_agent
-polkitd:polkit_backend_authority_revoke_temporary_authorization_by_id
-polkitd:polkit_backend_authority_revoke_temporary_authorizations
-polkitd:polkit_backend_authority_unregister
-polkitd:polkit_backend_authority_unregister_authentication_agent
-polkitd:polkit_backend_interactive_authority_check_authorization_sync
-polkitd:polkit_backend_interactive_authority_get_admin_identities
-polkitd:polkit_backend_interactive_authority_get_type
-polkitd:polkit_backend_keyfile_authority_get_type
-polkitd:polkit_backend_session_monitor_get_session_for_subject
-polkitd:polkit_backend_session_monitor_get_sessions
-polkitd:polkit_backend_session_monitor_get_type
-polkitd:polkit_backend_session_monitor_get_user_for_subject
-polkitd:polkit_backend_session_monitor_is_session_active
-polkitd:polkit_backend_session_monitor_is_session_local
-polkitd:polkit_backend_session_monitor_new
diff --git a/abi_used_libs b/abi_used_libs
--- a/abi_used_libs
+++ b/abi_used_libs
@@ -1,4 +1,5 @@
libc.so.6
+libduktape.so.207
libexpat.so.1
libgio-2.0.so.0
libglib-2.0.so.0
diff --git a/abi_used_symbols b/abi_used_symbols
--- a/abi_used_symbols
+++ b/abi_used_symbols
@@ -10,6 +10,7 @@
libc.so.6:calloc
libc.so.6:chdir
libc.so.6:clearenv
+libc.so.6:clock_gettime
libc.so.6:close
libc.so.6:closelog
libc.so.6:ctermid
@@ -19,17 +20,15 @@
libc.so.6:execv
libc.so.6:exit
libc.so.6:fclose
-libc.so.6:fcntl
+libc.so.6:fcntl64
libc.so.6:fdatasync
libc.so.6:feof
libc.so.6:fflush
libc.so.6:fgets
libc.so.6:fileno
-libc.so.6:fopen
+libc.so.6:fopen64
libc.so.6:fputc
-libc.so.6:fputs
libc.so.6:free
-libc.so.6:fwrite
libc.so.6:get_current_dir_name
libc.so.6:getc
libc.so.6:getegid
@@ -52,10 +51,23 @@
libc.so.6:kill
libc.so.6:localtime
libc.so.6:memset
-libc.so.6:open
+libc.so.6:open64
libc.so.6:openlog
libc.so.6:perror
libc.so.6:prctl
+libc.so.6:pthread_cancel
+libc.so.6:pthread_cond_destroy
+libc.so.6:pthread_cond_init
+libc.so.6:pthread_cond_signal
+libc.so.6:pthread_cond_timedwait
+libc.so.6:pthread_condattr_destroy
+libc.so.6:pthread_condattr_init
+libc.so.6:pthread_condattr_setclock
+libc.so.6:pthread_create
+libc.so.6:pthread_join
+libc.so.6:pthread_mutex_lock
+libc.so.6:pthread_mutex_unlock
+libc.so.6:pthread_setcanceltype
libc.so.6:putc
libc.so.6:putenv
libc.so.6:setbuf
@@ -65,7 +77,11 @@
libc.so.6:setnetgrent
libc.so.6:setregid
libc.so.6:setreuid
-libc.so.6:stat
+libc.so.6:sigaction
+libc.so.6:sigaddset
+libc.so.6:sigemptyset
+libc.so.6:sleep
+libc.so.6:stat64
libc.so.6:stderr
libc.so.6:stdin
libc.so.6:stdout
@@ -85,6 +101,32 @@
libc.so.6:ttyname
libc.so.6:usleep
libc.so.6:waitpid
+libduktape.so.207:duk_call_prop
+libduktape.so.207:duk_create_heap
+libduktape.so.207:duk_destroy_heap
+libduktape.so.207:duk_error_raw
+libduktape.so.207:duk_eval_raw
+libduktape.so.207:duk_get_global_string
+libduktape.so.207:duk_get_length
+libduktape.so.207:duk_get_prop_index
+libduktape.so.207:duk_is_array
+libduktape.so.207:duk_is_null
+libduktape.so.207:duk_new
+libduktape.so.207:duk_pcall_prop
+libduktape.so.207:duk_pop
+libduktape.so.207:duk_push_array
+libduktape.so.207:duk_push_boolean
+libduktape.so.207:duk_push_global_object
+libduktape.so.207:duk_push_int
+libduktape.so.207:duk_push_object
+libduktape.so.207:duk_push_string
+libduktape.so.207:duk_put_function_list
+libduktape.so.207:duk_put_prop_index
+libduktape.so.207:duk_put_prop_string
+libduktape.so.207:duk_require_string
+libduktape.so.207:duk_safe_to_lstring
+libduktape.so.207:duk_set_top
+libduktape.so.207:duk_to_string
libexpat.so.1:XML_ErrorString
libexpat.so.1:XML_GetCurrentLineNumber
libexpat.so.1:XML_GetErrorCode
@@ -110,6 +152,7 @@
libgio-2.0.so.0:g_cancellable_disconnect
libgio-2.0.so.0:g_cancellable_get_type
libgio-2.0.so.0:g_cancellable_new
+libgio-2.0.so.0:g_cancellable_set_error_if_cancelled
libgio-2.0.so.0:g_dbus_connection_call
libgio-2.0.so.0:g_dbus_connection_call_finish
libgio-2.0.so.0:g_dbus_connection_call_sync
@@ -167,12 +210,13 @@
libgio-2.0.so.0:g_simple_async_result_set_error
libgio-2.0.so.0:g_simple_async_result_set_from_error
libgio-2.0.so.0:g_simple_async_result_set_op_res_gpointer
+libgio-2.0.so.0:g_simple_async_result_take_error
libgio-2.0.so.0:g_unix_output_stream_new
-libglib-2.0.so.0:g_ascii_strdown
libglib-2.0.so.0:g_ascii_strtoull
libglib-2.0.so.0:g_ascii_table
libglib-2.0.so.0:g_assertion_message_expr
libglib-2.0.so.0:g_build_filename
+libglib-2.0.so.0:g_child_watch_source_new
libglib-2.0.so.0:g_clear_error
libglib-2.0.so.0:g_dgettext
libglib-2.0.so.0:g_dir_close
@@ -205,18 +249,13 @@
libglib-2.0.so.0:g_hash_table_remove_all
libglib-2.0.so.0:g_hash_table_unref
libglib-2.0.so.0:g_intern_static_string
+libglib-2.0.so.0:g_io_channel_read_chars
libglib-2.0.so.0:g_io_channel_read_line
+libglib-2.0.so.0:g_io_channel_read_to_end
+libglib-2.0.so.0:g_io_channel_set_flags
libglib-2.0.so.0:g_io_channel_unix_new
libglib-2.0.so.0:g_io_channel_unref
libglib-2.0.so.0:g_io_create_watch
-libglib-2.0.so.0:g_key_file_get_boolean
-libglib-2.0.so.0:g_key_file_get_string
-libglib-2.0.so.0:g_key_file_get_string_list
-libglib-2.0.so.0:g_key_file_has_group
-libglib-2.0.so.0:g_key_file_has_key
-libglib-2.0.so.0:g_key_file_load_from_file
-libglib-2.0.so.0:g_key_file_new
-libglib-2.0.so.0:g_key_file_unref
libglib-2.0.so.0:g_list_append
libglib-2.0.so.0:g_list_concat
libglib-2.0.so.0:g_list_copy
@@ -236,6 +275,7 @@
libglib-2.0.so.0:g_main_context_new
libglib-2.0.so.0:g_main_context_pop_thread_default
libglib-2.0.so.0:g_main_context_push_thread_default
+libglib-2.0.so.0:g_main_context_ref
libglib-2.0.so.0:g_main_context_unref
libglib-2.0.so.0:g_main_loop_new
libglib-2.0.so.0:g_main_loop_quit
@@ -270,6 +310,8 @@
libglib-2.0.so.0:g_set_error
libglib-2.0.so.0:g_set_prgname
libglib-2.0.so.0:g_setenv
+libglib-2.0.so.0:g_slice_alloc
+libglib-2.0.so.0:g_slice_free1
libglib-2.0.so.0:g_snprintf
libglib-2.0.so.0:g_source_add_poll
libglib-2.0.so.0:g_source_attach
@@ -277,6 +319,7 @@
libglib-2.0.so.0:g_source_new
libglib-2.0.so.0:g_source_remove
libglib-2.0.so.0:g_source_set_callback
+libglib-2.0.so.0:g_source_set_priority
libglib-2.0.so.0:g_source_unref
libglib-2.0.so.0:g_spawn_async_with_pipes
libglib-2.0.so.0:g_str_equal
@@ -295,6 +338,7 @@
libglib-2.0.so.0:g_strescape
libglib-2.0.so.0:g_strfreev
libglib-2.0.so.0:g_string_append
+libglib-2.0.so.0:g_string_append_len
libglib-2.0.so.0:g_string_append_printf
libglib-2.0.so.0:g_string_free
libglib-2.0.so.0:g_string_insert_c
@@ -304,11 +348,12 @@
libglib-2.0.so.0:g_strndup
libglib-2.0.so.0:g_strsplit
libglib-2.0.so.0:g_strv_length
-libglib-2.0.so.0:g_thread_create
libglib-2.0.so.0:g_thread_join
+libglib-2.0.so.0:g_thread_try_new
libglib-2.0.so.0:g_thread_yield
libglib-2.0.so.0:g_timeout_add
libglib-2.0.so.0:g_timeout_add_seconds
+libglib-2.0.so.0:g_timeout_source_new_seconds
libglib-2.0.so.0:g_unix_signal_add
libglib-2.0.so.0:g_variant_builder_add
libglib-2.0.so.0:g_variant_builder_add_value
@@ -351,11 +396,13 @@
libgobject-2.0.so.0:g_object_ref
libgobject-2.0.so.0:g_object_unref
libgobject-2.0.so.0:g_object_weak_ref
+libgobject-2.0.so.0:g_param_spec_boolean
libgobject-2.0.so.0:g_param_spec_boxed
libgobject-2.0.so.0:g_param_spec_flags
libgobject-2.0.so.0:g_param_spec_int
libgobject-2.0.so.0:g_param_spec_object
libgobject-2.0.so.0:g_param_spec_string
+libgobject-2.0.so.0:g_param_spec_uint
libgobject-2.0.so.0:g_param_spec_uint64
libgobject-2.0.so.0:g_signal_connect_data
libgobject-2.0.so.0:g_signal_emit
@@ -369,8 +416,8 @@
libgobject-2.0.so.0:g_type_check_instance_cast
libgobject-2.0.so.0:g_type_check_instance_is_a
libgobject-2.0.so.0:g_type_class_add_private
+libgobject-2.0.so.0:g_type_class_adjust_private_offset
libgobject-2.0.so.0:g_type_class_peek_parent
-libgobject-2.0.so.0:g_type_init
libgobject-2.0.so.0:g_type_instance_get_private
libgobject-2.0.so.0:g_type_interface_add_prerequisite
libgobject-2.0.so.0:g_type_interface_peek
@@ -381,14 +428,18 @@
libgobject-2.0.so.0:g_value_dup_boxed
libgobject-2.0.so.0:g_value_dup_object
libgobject-2.0.so.0:g_value_dup_string
+libgobject-2.0.so.0:g_value_get_boolean
libgobject-2.0.so.0:g_value_get_int
libgobject-2.0.so.0:g_value_get_string
+libgobject-2.0.so.0:g_value_get_uint
libgobject-2.0.so.0:g_value_get_uint64
libgobject-2.0.so.0:g_value_peek_pointer
+libgobject-2.0.so.0:g_value_set_boolean
libgobject-2.0.so.0:g_value_set_flags
libgobject-2.0.so.0:g_value_set_int
libgobject-2.0.so.0:g_value_set_object
libgobject-2.0.so.0:g_value_set_string
+libgobject-2.0.so.0:g_value_set_uint
libgobject-2.0.so.0:g_value_set_uint64
libgobject-2.0.so.0:g_value_take_string
libpam.so.0:pam_acct_mgmt
diff --git a/files/0003-data-Use-modern-stateless-dbus-system.d-directory.patch b/files/0003-data-Use-modern-stateless-dbus-system.d-directory.patch
deleted file mode 100644
--- a/files/0003-data-Use-modern-stateless-dbus-system.d-directory.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 69fb14be4b9234ae11fb0162090c6be618ed5168 Mon Sep 17 00:00:00 2001
-From: Ikey Doherty <ikey@solus-project.com>
-Date: Thu, 19 Oct 2017 17:41:50 +0100
-Subject: [PATCH 3/3] data: Use modern stateless dbus `system.d` directory
-
-Signed-off-by: Ikey Doherty <ikey@solus-project.com>
----
- data/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/data/Makefile.am b/data/Makefile.am
-index fe0f1d5..f2b27ed 100644
---- a/data/Makefile.am
-+++ b/data/Makefile.am
-@@ -15,7 +15,7 @@ $(service_DATA): $(service_in_files) Makefile
-
- # ----------------------------------------------------------------------------------------------------
-
--dbusconfdir = $(sysconfdir)/dbus-1/system.d
-+dbusconfdir = $(datadir)/dbus-1/system.d
- dbusconf_in_files = org.freedesktop.PolicyKit1.conf.in
- dbusconf_DATA = $(dbusconf_in_files:.conf.in=.conf)
-
---
-2.14.2
-
diff --git a/files/in-systemd-we-trust.patch b/files/in-systemd-we-trust.patch
deleted file mode 100644
--- a/files/in-systemd-we-trust.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 5ca36d7..8a66dc3 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -163,26 +163,6 @@ if test "$enable_libsystemd_login" != "no"; then
- fi
- fi
-
--AS_IF([test "x$cross_compiling" != "xyes" ], [
-- AS_IF([test "$have_libsystemd" = "yes"], [
-- AS_IF([test ! -d /sys/fs/cgroup/systemd/ ], [
-- AS_IF([test "$enable_libsystemd_login" = "yes"], [
-- AC_MSG_WARN([libsystemd requested but system does not appear to be using systemd])
-- ], [
-- AC_MSG_ERROR([libsystemd autoconfigured, but system does not appear to use systemd])
-- ])
-- ])
-- ], [
-- AS_IF([test -d /sys/fs/cgroup/systemd/ ], [
-- AS_IF([test "$enable_libsystemd_login" = "no" ], [
-- AC_MSG_WARN([ConsoleKit requested but system appears to use systemd])
-- ], [
-- AC_MSG_ERROR([ConsoleKit autoconfigured, but systemd is in use (missing libsystemd or libsystemd-login pkg-config?)])
-- ])
-- ])
-- ])
--])
--
- AC_SUBST(LIBSYSTEMD_CFLAGS)
- AC_SUBST(LIBSYSTEMD_LIBS)
- AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
diff --git a/files/security/CVE-2018-1116.patch b/files/security/CVE-2018-1116.patch
deleted file mode 100644
--- a/files/security/CVE-2018-1116.patch
+++ /dev/null
@@ -1,576 +0,0 @@
-From bc7ffad53643a9c80231fc41f5582d6a8931c32c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
-Date: Mon, 25 Jun 2018 19:24:06 +0200
-Subject: Fix CVE-2018-1116: Trusting client-supplied UID
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-As part of CVE-2013-4288, the D-Bus clients were allowed (and
-encouraged) to submit the UID of the subject of authorization checks
-to avoid races against UID changes (notably using executables
-set-UID to root).
-
-However, that also allowed any client to submit an arbitrary UID, and
-that could be used to bypass "can only ask about / affect the same UID"
-checks in CheckAuthorization / RegisterAuthenticationAgent /
-UnregisterAuthenticationAgent. This allowed an attacker:
-
-- With CheckAuthorization, to cause the registered authentication
- agent in victim's session to pop up a dialog, or to determine whether
- the victim currently has a temporary authorization to perform an
- operation.
-
- (In principle, the attacker can also determine whether JavaScript
- rules allow the victim process to perform an operation; however,
- usually rules base their decisions on information determined from
- the supplied UID, so the attacker usually won't learn anything new.)
-
-- With RegisterAuthenticationAgent, to prevent the victim's
- authentication agent to work (for a specific victim process),
- or to learn about which operations requiring authorization
- the victim is attempting.
-
-To fix this, expose internal _polkit_unix_process_get_owner() /
-obsolete polkit_unix_process_get_owner() as a private
-polkit_unix_process_get_racy_uid__() (being more explicit about the
-dangers on relying on it), and use it in
-polkit_backend_session_monitor_get_user_for_subject() to return
-a boolean indicating whether the subject UID may be caller-chosen.
-
-Then, in the permission checks that require the subject to be
-equal to the caller, fail on caller-chosen UIDs (and continue
-through the pre-existing code paths which allow root, or root-designated
-server processes, to ask about arbitrary subjects.)
-
-Signed-off-by: Miloslav Trmač <mitr@redhat.com>
----
- src/polkit/polkitprivate.h | 2 +
- src/polkit/polkitunixprocess.c | 61 ++++++++++++++++++----
- .../polkitbackendinteractiveauthority.c | 39 +++++++++-----
- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++--
- src/polkitbackend/polkitbackendsessionmonitor.c | 40 ++++++++++++--
- src/polkitbackend/polkitbackendsessionmonitor.h | 1 +
- 6 files changed, 148 insertions(+), 33 deletions(-)
-
-diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h
-index 9f07063..c80142d 100644
---- a/src/polkit/polkitprivate.h
-+++ b/src/polkit/polkitprivate.h
-@@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action
- GVariant *polkit_subject_to_gvariant (PolkitSubject *subject);
- GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity);
-
-+gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error);
-+
- PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error);
- PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error);
-
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index d4ebf50..972b777 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -56,6 +56,14 @@
- * To uniquely identify processes, both the process id and the start
- * time of the process (a monotonic increasing value representing the
- * time since the kernel was started) is used.
-+ *
-+ * NOTE: This object stores, and provides access to, the real UID of the
-+ * process. That value can change over time (with set*uid*(2) and exec*(2)).
-+ * Checks whether an operation is allowed need to take care to use the UID
-+ * value as of the time when the operation was made (or, following the open()
-+ * privilege check model, when the connection making the operation possible
-+ * was initiated). That is usually done by initializing this with
-+ * polkit_unix_process_new_for_owner() with trusted data.
- */
-
- /**
-@@ -90,9 +98,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface);
- static guint64 get_start_time_for_pid (gint pid,
- GError **error);
-
--static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process,
-- GError **error);
--
- #if defined(HAVE_FREEBSD) || defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- static gboolean get_kinfo_proc (gint pid,
- #if defined(HAVE_NETBSD)
-@@ -182,7 +187,7 @@ polkit_unix_process_constructed (GObject *object)
- {
- GError *error;
- error = NULL;
-- process->uid = _polkit_unix_process_get_owner (process, &error);
-+ process->uid = polkit_unix_process_get_racy_uid__ (process, &error);
- if (error != NULL)
- {
- process->uid = -1;
-@@ -271,6 +276,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
- * Gets the user id for @process. Note that this is the real user-id,
- * not the effective user-id.
- *
-+ * NOTE: The UID may change over time, so the returned value may not match the
-+ * current state of the underlying process; or the UID may have been set by
-+ * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(),
-+ * in which case it may not correspond to the actual UID of the referenced
-+ * process at all (at any point in time).
-+ *
- * Returns: The user id for @process or -1 if unknown.
- */
- gint
-@@ -708,13 +719,20 @@ out:
- return start_time;
- }
-
--static gint
--_polkit_unix_process_get_owner (PolkitUnixProcess *process,
-- GError **error)
-+/*
-+ * Private: Return the "current" UID. Note that this is inherently racy,
-+ * and the value may already be obsolete by the time this function returns;
-+ * this function only guarantees that the UID was valid at some point during
-+ * its execution.
-+ */
-+gint
-+polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process,
-+ GError **error)
- {
- gint result;
- gchar *contents;
- gchar **lines;
-+ guint64 start_time;
- #if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD)
- struct kinfo_proc p;
- #elif defined(HAVE_NETBSD)
-@@ -722,6 +740,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process,
- #else
- gchar filename[64];
- guint n;
-+ GError *local_error;
- #endif
-
- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
-@@ -745,8 +764,10 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process,
-
- #if defined(HAVE_FREEBSD)
- result = p.ki_uid;
-+ start_time = (guint64) p.ki_start.tv_sec;
- #else
- result = p.p_uid;
-+ start_time = (guint64) p.p_ustart_sec;
- #endif
- #else
-
-@@ -781,17 +802,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process,
- else
- {
- result = real_uid;
-- goto out;
-+ goto found;
- }
- }
--
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Didn't find any line starting with `Uid:' in file %s",
- filename);
-+ goto out;
-+
-+found:
-+ /* The UID and start time are, sadly, not available in a single file. So,
-+ * read the UID first, and then the start time; if the start time is the same
-+ * before and after reading the UID, it couldn't have changed.
-+ */
-+ local_error = NULL;
-+ start_time = get_start_time_for_pid (process->pid, &local_error);
-+ if (local_error != NULL)
-+ {
-+ g_propagate_error (error, local_error);
-+ goto out;
-+ }
- #endif
-
-+ if (process->start_time != start_time)
-+ {
-+ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
-+ "process with PID %d has been replaced", process->pid);
-+ goto out;
-+ }
-+
- out:
- g_strfreev (lines);
- g_free (contents);
-@@ -810,5 +851,5 @@ gint
- polkit_unix_process_get_owner (PolkitUnixProcess *process,
- GError **error)
- {
-- return _polkit_unix_process_get_owner (process, error);
-+ return polkit_unix_process_get_racy_uid__ (process, error);
- }
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 1cd60d3..cb6fdab 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -575,7 +575,7 @@ log_result (PolkitBackendInteractiveAuthority *authority,
- if (polkit_authorization_result_get_is_authorized (result))
- log_result_str = "ALLOWING";
-
-- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL);
-+ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL);
-
- subject_str = polkit_subject_to_string (subject);
-
-@@ -847,6 +847,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority
- gchar *subject_str;
- PolkitIdentity *user_of_caller;
- PolkitIdentity *user_of_subject;
-+ gboolean user_of_subject_matches;
- gchar *user_of_caller_str;
- gchar *user_of_subject_str;
- PolkitAuthorizationResult *result;
-@@ -892,7 +893,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority
- action_id);
-
- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
-- caller,
-+ caller, NULL,
- &error);
- if (error != NULL)
- {
-@@ -907,7 +908,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority
- g_debug (" user of caller is %s", user_of_caller_str);
-
- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
-- subject,
-+ subject, &user_of_subject_matches,
- &error);
- if (error != NULL)
- {
-@@ -937,7 +938,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority
- * We only allow this if, and only if,
- *
- * - processes may check for another process owned by the *same* user but not
-- * if details are passed (otherwise you'd be able to spoof the dialog)
-+ * if details are passed (otherwise you'd be able to spoof the dialog);
-+ * the caller supplies the user_of_subject value, so we additionally
-+ * require it to match at least at one point in time (via
-+ * user_of_subject_matches).
- *
- * - processes running as uid 0 may check anything and pass any details
- *
-@@ -945,7 +949,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority
- * then any uid referenced by that annotation is also allowed to check
- * to check anything and pass any details
- */
-- if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details)
-+ if (!user_of_subject_matches
-+ || !polkit_identity_equal (user_of_caller, user_of_subject)
-+ || has_details)
- {
- if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller))
- {
-@@ -1110,9 +1116,10 @@ check_authorization_sync (PolkitBackendAuthority *authority,
- goto out;
- }
-
-- /* every subject has a user */
-+ /* every subject has a user; this is supplied by the client, so we rely
-+ * on the caller to validate its acceptability. */
- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
-- subject,
-+ subject, NULL,
- error);
- if (user_of_subject == NULL)
- goto out;
-@@ -2480,6 +2487,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- PolkitSubject *session_for_caller;
- PolkitIdentity *user_of_caller;
- PolkitIdentity *user_of_subject;
-+ gboolean user_of_subject_matches;
- AuthenticationAgent *agent;
- gboolean ret;
- gchar *caller_cmdline;
-@@ -2532,7 +2540,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- goto out;
- }
-
-- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL);
-+ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL);
- if (user_of_caller == NULL)
- {
- g_set_error (error,
-@@ -2541,7 +2549,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- "Cannot determine user of caller");
- goto out;
- }
-- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL);
-+ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL);
- if (user_of_subject == NULL)
- {
- g_set_error (error,
-@@ -2550,7 +2558,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- "Cannot determine user of subject");
- goto out;
- }
-- if (!polkit_identity_equal (user_of_caller, user_of_subject))
-+ if (!user_of_subject_matches
-+ || !polkit_identity_equal (user_of_caller, user_of_subject))
- {
- if (identity_is_root_user (user_of_caller))
- {
-@@ -2643,6 +2652,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack
- PolkitSubject *session_for_caller;
- PolkitIdentity *user_of_caller;
- PolkitIdentity *user_of_subject;
-+ gboolean user_of_subject_matches;
- AuthenticationAgent *agent;
- gboolean ret;
- gchar *scope_str;
-@@ -2691,7 +2701,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack
- goto out;
- }
-
-- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL);
-+ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL);
- if (user_of_caller == NULL)
- {
- g_set_error (error,
-@@ -2700,7 +2710,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack
- "Cannot determine user of caller");
- goto out;
- }
-- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL);
-+ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL);
- if (user_of_subject == NULL)
- {
- g_set_error (error,
-@@ -2709,7 +2719,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack
- "Cannot determine user of subject");
- goto out;
- }
-- if (!polkit_identity_equal (user_of_caller, user_of_subject))
-+ if (!user_of_subject_matches
-+ || !polkit_identity_equal (user_of_caller, user_of_subject))
- {
- if (identity_is_root_user (user_of_caller))
- {
-@@ -2819,7 +2830,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken
- identity_str);
-
- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
-- caller,
-+ caller, NULL,
- error);
- if (user_of_caller == NULL)
- goto out;
-diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
-index 2a6c739..b00cdbd 100644
---- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
-+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
-@@ -29,6 +29,7 @@
- #include <stdlib.h>
-
- #include <polkit/polkit.h>
-+#include <polkit/polkitprivate.h>
- #include "polkitbackendsessionmonitor.h"
-
- /* <internal>
-@@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito
- * polkit_backend_session_monitor_get_user:
- * @monitor: A #PolkitBackendSessionMonitor.
- * @subject: A #PolkitSubject.
-+ * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state.
- * @error: Return location for error.
- *
- * Gets the user corresponding to @subject or %NULL if no user exists.
- *
-+ * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may
-+ * come from e.g. a D-Bus client), so it may not correspond to the actual UID
-+ * of the referenced process (at any point in time). This is indicated by
-+ * setting @result_matches to %FALSE; the caller may reject such subjects or
-+ * require additional privileges. @result_matches == %TRUE only indicates that
-+ * the UID matched the underlying process at ONE point in time, it may not match
-+ * later.
-+ *
- * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref().
- */
- PolkitIdentity *
- polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor,
- PolkitSubject *subject,
-+ gboolean *result_matches,
- GError **error)
- {
- PolkitIdentity *ret;
-- guint32 uid;
-+ gboolean matches;
-
- ret = NULL;
-+ matches = FALSE;
-
- if (POLKIT_IS_UNIX_PROCESS (subject))
- {
-- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
-- if ((gint) uid == -1)
-+ gint subject_uid, current_uid;
-+ GError *local_error;
-+
-+ subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
-+ if (subject_uid == -1)
- {
- g_set_error (error,
- POLKIT_ERROR,
-@@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
- "Unix process subject does not have uid set");
- goto out;
- }
-- ret = polkit_unix_user_new (uid);
-+ local_error = NULL;
-+ current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error);
-+ if (local_error != NULL)
-+ {
-+ g_propagate_error (error, local_error);
-+ goto out;
-+ }
-+ ret = polkit_unix_user_new (subject_uid);
-+ matches = (subject_uid == current_uid);
- }
- else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
- {
- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
-+ matches = TRUE;
- }
- else if (POLKIT_IS_UNIX_SESSION (subject))
- {
-+ uid_t uid;
-
- if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
- {
-@@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
- }
-
- ret = polkit_unix_user_new (uid);
-+ matches = TRUE;
- }
-
- out:
-+ if (result_matches != NULL)
-+ {
-+ *result_matches = matches;
-+ }
- return ret;
- }
-
-diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c
-index e1a9ab3..ed30755 100644
---- a/src/polkitbackend/polkitbackendsessionmonitor.c
-+++ b/src/polkitbackend/polkitbackendsessionmonitor.c
-@@ -27,6 +27,7 @@
- #include <glib/gstdio.h>
-
- #include <polkit/polkit.h>
-+#include <polkit/polkitprivate.h>
- #include "polkitbackendsessionmonitor.h"
-
- #define CKDB_PATH "/var/run/ConsoleKit/database"
-@@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito
- * polkit_backend_session_monitor_get_user:
- * @monitor: A #PolkitBackendSessionMonitor.
- * @subject: A #PolkitSubject.
-+ * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state.
- * @error: Return location for error.
- *
- * Gets the user corresponding to @subject or %NULL if no user exists.
- *
-+ * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may
-+ * come from e.g. a D-Bus client), so it may not correspond to the actual UID
-+ * of the referenced process (at any point in time). This is indicated by
-+ * setting @result_matches to %FALSE; the caller may reject such subjects or
-+ * require additional privileges. @result_matches == %TRUE only indicates that
-+ * the UID matched the underlying process at ONE point in time, it may not match
-+ * later.
-+ *
- * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref().
- */
- PolkitIdentity *
- polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor,
- PolkitSubject *subject,
-+ gboolean *result_matches,
- GError **error)
- {
- PolkitIdentity *ret;
-+ gboolean matches;
- GError *local_error;
-- gchar *group;
-- guint32 uid;
-
- ret = NULL;
-+ matches = FALSE;
-
- if (POLKIT_IS_UNIX_PROCESS (subject))
- {
-- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
-- if ((gint) uid == -1)
-+ gint subject_uid, current_uid;
-+
-+ subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
-+ if (subject_uid == -1)
- {
- g_set_error (error,
- POLKIT_ERROR,
-@@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
- "Unix process subject does not have uid set");
- goto out;
- }
-- ret = polkit_unix_user_new (uid);
-+ local_error = NULL;
-+ current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error);
-+ if (local_error != NULL)
-+ {
-+ g_propagate_error (error, local_error);
-+ goto out;
-+ }
-+ ret = polkit_unix_user_new (subject_uid);
-+ matches = (subject_uid == current_uid);
- }
- else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
- {
- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
-+ matches = TRUE;
- }
- else if (POLKIT_IS_UNIX_SESSION (subject))
- {
-+ gint uid;
-+ gchar *group;
-+
- if (!ensure_database (monitor, error))
- {
- g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": ");
-@@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
- g_free (group);
-
- ret = polkit_unix_user_new (uid);
-+ matches = TRUE;
- }
-
- out:
-+ if (result_matches != NULL)
-+ {
-+ *result_matches = matches;
-+ }
- return ret;
- }
-
-diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h
-index 8f8a2ca..3972326 100644
---- a/src/polkitbackend/polkitbackendsessionmonitor.h
-+++ b/src/polkitbackend/polkitbackendsessionmonitor.h
-@@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit
-
- PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor,
- PolkitSubject *subject,
-+ gboolean *result_matches,
- GError **error);
-
- PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor,
---
-cgit v1.1
diff --git a/files/security/CVE-2018-19788.patch b/files/security/CVE-2018-19788.patch
deleted file mode 100644
--- a/files/security/CVE-2018-19788.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 3 Dec 2018 10:28:58 +0100
-Subject: [PATCH] Allow negative uids/gids in PolkitUnixUser and Group objects
-
-(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
-there should be no users with such number, see
-https://systemd.io/UIDS-GIDS#special-linux-uids.
-
-(uid_t) -1 is used as the default value in class initialization.
-
-When a user or group above INT32_MAX is created, the numeric uid or
-gid wraps around to negative when the value is assigned to gint, and
-polkit gets confused. Let's accept such gids, except for -1.
-
-A nicer fix would be to change the underlying type to e.g. uint32 to
-not have negative values. But this cannot be done without breaking the
-API, so likely new functions will have to be added (a
-polkit_unix_user_new variant that takes a unsigned, and the same for
-_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
-require a bigger patch.
-
-Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
----
- src/polkit/polkitunixgroup.c | 15 +++++++++++----
- src/polkit/polkitunixprocess.c | 12 ++++++++----
- src/polkit/polkitunixuser.c | 13 ++++++++++---
- 3 files changed, 29 insertions(+), 11 deletions(-)
-
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
-index c57a1aa..309f689 100644
---- a/src/polkit/polkitunixgroup.c
-+++ b/src/polkit/polkitunixgroup.c
-@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
- static void
- polkit_unix_group_init (PolkitUnixGroup *unix_group)
- {
-+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
- }
-
- static void
-@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
- GParamSpec *pspec)
- {
- PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
-+ gint val;
-
- switch (prop_id)
- {
- case PROP_GID:
-- unix_group->gid = g_value_get_int (value);
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val != -1);
-+ unix_group->gid = val;
- break;
-
- default:
-@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
- g_param_spec_int ("gid",
- "Group ID",
- "The UNIX group ID",
-- 0,
-+ G_MININT,
- G_MAXINT,
-- 0,
-+ -1,
- G_PARAM_CONSTRUCT |
- G_PARAM_READWRITE |
- G_PARAM_STATIC_NAME |
-@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
- */
- void
- polkit_unix_group_set_gid (PolkitUnixGroup *group,
-- gint gid)
-+ gint gid)
- {
- g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
-+ g_return_if_fail (gid != -1);
- group->gid = gid;
- }
-
-@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
- PolkitIdentity *
- polkit_unix_group_new (gint gid)
- {
-+ g_return_val_if_fail (gid != -1, NULL);
-+
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
- "gid", gid,
- NULL));
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index 972b777..b02b258 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
- polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
- break;
-
-- case PROP_UID:
-- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
-+ case PROP_UID: {
-+ gint val;
-+
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val != -1);
-+ polkit_unix_process_set_uid (unix_process, val);
- break;
-+ }
-
- case PROP_START_TIME:
- polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
-@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
- g_param_spec_int ("uid",
- "User ID",
- "The UNIX user ID",
-- -1,
-+ G_MININT,
- G_MAXINT,
- -1,
- G_PARAM_CONSTRUCT |
-@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
- gint uid)
- {
- g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
-- g_return_if_fail (uid >= -1);
- process->uid = uid;
- }
-
-diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
-index 8bfd3a1..234a697 100644
---- a/src/polkit/polkitunixuser.c
-+++ b/src/polkit/polkitunixuser.c
-@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
- static void
- polkit_unix_user_init (PolkitUnixUser *unix_user)
- {
-+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
- unix_user->name = NULL;
- }
-
-@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
- GParamSpec *pspec)
- {
- PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
-+ gint val;
-
- switch (prop_id)
- {
- case PROP_UID:
-- unix_user->uid = g_value_get_int (value);
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val != -1);
-+ unix_user->uid = val;
- break;
-
- default:
-@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
- g_param_spec_int ("uid",
- "User ID",
- "The UNIX user ID",
-- 0,
-+ G_MININT,
- G_MAXINT,
-- 0,
-+ -1,
- G_PARAM_CONSTRUCT |
- G_PARAM_READWRITE |
- G_PARAM_STATIC_NAME |
-@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
- gint uid)
- {
- g_return_if_fail (POLKIT_IS_UNIX_USER (user));
-+ g_return_if_fail (uid != -1);
- user->uid = uid;
- }
-
-@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
- PolkitIdentity *
- polkit_unix_user_new (gint uid)
- {
-+ g_return_val_if_fail (uid != -1, NULL);
-+
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
- "uid", uid,
- NULL));
---
-GitLab
-
diff --git a/files/security/CVE-2019-6133.patch b/files/security/CVE-2019-6133.patch
deleted file mode 100644
--- a/files/security/CVE-2019-6133.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Fri, 4 Jan 2019 14:24:48 -0500
-Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary
- authorizations
-
-It turns out that the combination of `(pid, start time)` is not
-enough to be unique. For temporary authorizations, we can avoid
-separate users racing on pid reuse by simply comparing the uid.
-
-https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
-
-And the above original email report is included in full in a new comment.
-
-Reported-by: Jann Horn <jannh@google.com>
-
-Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
----
- src/polkit/polkitsubject.c | 2 +
- src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++-
- .../polkitbackendinteractiveauthority.c | 39 +++++++++-
- 3 files changed, 110 insertions(+), 2 deletions(-)
-
-diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
-index d4c1182..ccabd0a 100644
---- a/src/polkit/polkitsubject.c
-+++ b/src/polkit/polkitsubject.c
-@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject)
- * @b: A #PolkitSubject.
- *
- * Checks if @a and @b are equal, ie. represent the same subject.
-+ * However, avoid calling polkit_subject_equal() to compare two processes;
-+ * for more information see the `PolkitUnixProcess` documentation.
- *
- * This function can be used in e.g. g_hash_table_new().
- *
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index b02b258..78d7251 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -51,7 +51,10 @@
- * @title: PolkitUnixProcess
- * @short_description: Unix processs
- *
-- * An object for representing a UNIX process.
-+ * An object for representing a UNIX process. NOTE: This object as
-+ * designed is now known broken; a mechanism to exploit a delay in
-+ * start time in the Linux kernel was identified. Avoid
-+ * calling polkit_subject_equal() to compare two processes.
- *
- * To uniquely identify processes, both the process id and the start
- * time of the process (a monotonic increasing value representing the
-@@ -66,6 +69,72 @@
- * polkit_unix_process_new_for_owner() with trusted data.
- */
-
-+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75
-+
-+ But quoting the original email in full here to ensure it's preserved:
-+
-+ From: Jann Horn <jannh@google.com>
-+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork
-+ Date: Wednesday, October 10, 2018 5:34 PM
-+
-+When a (non-root) user attempts to e.g. control systemd units in the system
-+instance from an active session over DBus, the access is gated by a polkit
-+policy that requires "auth_admin_keep" auth. This results in an auth prompt
-+being shown to the user, asking the user to confirm the action by entering the
-+password of an administrator account.
-+
-+After the action has been confirmed, the auth decision for "auth_admin_keep" is
-+cached for up to five minutes. Subject to some restrictions, similar actions can
-+then be performed in this timespan without requiring re-auth:
-+
-+ - The PID of the DBus client requesting the new action must match the PID of
-+ the DBus client requesting the old action (based on SO_PEERCRED information
-+ forwarded by the DBus daemon).
-+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22)
-+ must not have changed. The granularity of this timestamp is in the
-+ millisecond range.
-+ - polkit polls every two seconds whether a process with the expected start time
-+ still exists. If not, the temporary auth entry is purged.
-+
-+Without the start time check, this would obviously be buggy because an attacker
-+could simply wait for the legitimate client to disappear, then create a new
-+client with the same PID.
-+
-+Unfortunately, the start time check is bypassable because fork() is not atomic.
-+Looking at the source code of copy_process() in the kernel:
-+
-+ p->start_time = ktime_get_ns();
-+ p->real_start_time = ktime_get_boot_ns();
-+ [...]
-+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls);
-+ if (retval)
-+ goto bad_fork_cleanup_io;
-+
-+ if (pid != &init_struct_pid) {
-+ pid = alloc_pid(p->nsproxy->pid_ns_for_children);
-+ if (IS_ERR(pid)) {
-+ retval = PTR_ERR(pid);
-+ goto bad_fork_cleanup_thread;
-+ }
-+ }
-+
-+The ktime_get_boot_ns() call is where the "start time" of the process is
-+recorded. The alloc_pid() call is where a free PID is allocated. In between
-+these, some time passes; and because the copy_thread_tls() call between them can
-+access userspace memory when sys_clone() is invoked through the 32-bit syscall
-+entry point, an attacker can even stall the kernel arbitrarily long at this
-+point (by supplying a pointer into userspace memory that is associated with a
-+userfaultfd or is backed by a custom FUSE filesystem).
-+
-+This means that an attacker can immediately call sys_clone() when the victim
-+process is created, often resulting in a process that has the exact same start
-+time reported in procfs; and then the attacker can delay the alloc_pid() call
-+until after the victim process has died and the PID assignment has cycled
-+around. This results in an attacker process that polkit can't distinguish from
-+the victim process.
-+*/
-+
-+
- /**
- * PolkitUnixProcess:
- *
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index a1630b9..80e8141 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store)
- g_free (store);
- }
-
-+/* See the comment at the top of polkitunixprocess.c */
-+static gboolean
-+subject_equal_for_authz (PolkitSubject *a,
-+ PolkitSubject *b)
-+{
-+ if (!polkit_subject_equal (a, b))
-+ return FALSE;
-+
-+ /* Now special case unix processes, as we want to protect against
-+ * pid reuse by including the UID.
-+ */
-+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) {
-+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a;
-+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a);
-+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b;
-+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b);
-+
-+ if (uid_a != -1 && uid_b != -1)
-+ {
-+ if (uid_a == uid_b)
-+ {
-+ return TRUE;
-+ }
-+ else
-+ {
-+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n",
-+ polkit_unix_process_get_pid (ap),
-+ uid_a, uid_b);
-+ return FALSE;
-+ }
-+ }
-+ /* Fall through; one of the uids is unset so we can't reliably compare */
-+ }
-+
-+ return TRUE;
-+}
-+
- static gboolean
- temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store,
- PolkitSubject *subject,
-@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
- TemporaryAuthorization *authorization = l->data;
-
- if (strcmp (action_id, authorization->action_id) == 0 &&
-- polkit_subject_equal (subject_to_use, authorization->subject))
-+ subject_equal_for_authz (subject_to_use, authorization->subject))
- {
- ret = TRUE;
- if (out_tmp_authz_id != NULL)
---
-GitLab
-
diff --git a/files/security/CVE-2021-3560.patch b/files/security/CVE-2021-3560.patch
deleted file mode 100644
--- a/files/security/CVE-2021-3560.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Wed, 2 Jun 2021 15:43:38 +0200
-Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
-
-initial values returned if error caught
----
- src/polkit/polkitsystembusname.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
-index 8daa12c..8ed1363 100644
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
- g_main_context_iteration (tmp_context, TRUE);
-
-+ if (data.caught_error)
-+ goto out;
-+
- if (out_uid)
- *out_uid = data.uid;
- if (out_pid)
---
-GitLab
-
diff --git a/files/security/CVE-2021-4034.patch b/files/security/CVE-2021-4034.patch
deleted file mode 100644
--- a/files/security/CVE-2021-4034.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
-index f1bb4e13f7dbfb0c06eff7b5ded07d2a7a75cd44..768525cd4ff0540103d0e42c5aba265cdc43dec4 100644
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -363,6 +363,11 @@ main (int argc, char *argv[])
- local_agent_handle = NULL;
- ret = 126;
-
-+ if (argc < 1)
-+ {
-+ exit(126);
-+ }
-+
- /* Disable remote file access from GIO. */
- setenv ("GIO_USE_VFS", "local", 1);
-
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 7698c5c2fff8a6116f32f62a0fd1598739fc3c27..84e5ef69b1eb7a175f311ce6dbf9a07b15aa167d 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -488,6 +488,15 @@ main (int argc, char *argv[])
- pid_t pid_of_caller;
- gpointer local_agent_handle;
-
-+
-+ /*
-+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
-+ */
-+ if (argc<1)
-+ {
-+ exit(127);
-+ }
-+
- ret = 127;
- authority = NULL;
- subject = NULL;
-@@ -614,10 +623,10 @@ main (int argc, char *argv[])
-
- path = g_strdup (pwstruct.pw_shell);
- if (!path)
-- {
-+ {
- g_printerr ("No shell configured or error retrieving pw_shell\n");
- goto out;
-- }
-+ }
- /* If you change this, be sure to change the if (!command_line)
- case below too */
- command_line = g_strdup (path);
-@@ -636,7 +645,15 @@ main (int argc, char *argv[])
- goto out;
- }
- g_free (path);
-- argv[n] = path = s;
-+ path = s;
-+
-+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
-+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
-+ */
-+ if (argv[n] != NULL)
-+ {
-+ argv[n] = path;
-+ }
- }
- if (access (path, F_OK) != 0)
- {
diff --git a/files/series b/files/series
--- a/files/series
+++ b/files/series
@@ -1,9 +1,2 @@
0001-Change-the-default-admin-group-to-sudo.patch
0001-pkexec-Support-a-stateless-configuration.patch
-0003-data-Use-modern-stateless-dbus-system.d-directory.patch
-in-systemd-we-trust.patch
-security/CVE-2018-1116.patch
-security/CVE-2018-19788.patch
-security/CVE-2019-6133.patch
-security/CVE-2021-3560.patch
-security/CVE-2021-4034.patch
diff --git a/package.yml b/package.yml
--- a/package.yml
+++ b/package.yml
@@ -1,8 +1,8 @@
name : polkit
-version : 0.113
-release : 25
+version : 121
+release : 26
source :
- - git|https://github.com/ikeydoherty/polkit-no-script.git : 5bcb1c1f9f678d950c44eccba81db36fddb09efc
+ - https://www.freedesktop.org/software/polkit/releases/polkit-121.tar.gz : 9dc7ae341a797c994a5a36da21963f0c5c8e3e5a1780ccc2a5f52e7be01affaa
homepage : http://www.freedesktop.org/wiki/Software/polkit
license :
- GPL-2.0-or-later
@@ -14,30 +14,27 @@
polkit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications. See the polkit(8) manual page for more detailed information.
builddeps :
- docbook-xml
+ - pkgconfig(duktape)
- pkgconfig(expat)
- pkgconfig(gtk-doc)
- pkgconfig(udev)
+ # tests:
+ # - python-dbusmock
+ # - python3-dbus
setup : |
# Patch the tree to be usable.
%apply_patches
- export NOCONFIGURE=1
-
- %autogen --disable-static \
- --libexecdir=%libdir%/polkit-1 \
- --with-os-type=Solus \
- --enable-libsystemd-login=yes \
- --enable-introspection=yes \
- --enable-gtk-doc \
- --enable-gtk-doc-html \
- --with-wheel-group=sudo \
- --with-backend=keyfile \
- --disable-test
- # TODO: Make test suite work again!
+ %meson_configure -Dos_type=redhat \
+ -Dsession_tracking=libsystemd-login \
+ -Dexamples=true \
+ -Dman=true \
+ -Dgtk_doc=true \
+ -Dtests=true
build : |
- %make
+ %ninja_build
install : |
- %make_install
+ %ninja_install
# systemd can hook up users + stuff for us.
install -D -m 00644 $pkgfiles/polkit.sysusers $installdir/%libdir%/sysusers.d/polkit.conf
@@ -46,3 +43,6 @@
# Make pam work goodly.
rm -rf $installdir/etc/pam.d
install -Dm00644 $pkgfiles/pam.d/polkit-1 $installdir/usr/share/defaults/etc/pam.d/polkit-1
+# check : |
+# export LD_PRELOAD=""
+# meson test -C solusBuildDir --print-errorlogs -t 3
diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml
--- a/pspec_x86_64.xml
+++ b/pspec_x86_64.xml
@@ -3,8 +3,8 @@
<Name>polkit</Name>
<Homepage>http://www.freedesktop.org/wiki/Software/polkit</Homepage>
<Packager>
- <Name>F. von Gellhorn</Name>
- <Email>flinux@vongellhorn.ch</Email>
+ <Name>Reilly Brogan</Name>
+ <Email>solus@reillybrogan.com</Email>
</Packager>
<License>GPL-2.0-or-later</License>
<PartOf>system.base</PartOf>
@@ -20,7 +20,6 @@
</Description>
<PartOf>system.base</PartOf>
<Files>
- <Path fileType="config">/etc/polkit-1/rules.d/50-default.keyrules</Path>
<Path fileType="config">/etc/polkit-1/rules.d/50-default.rules</Path>
<Path fileType="executable">/usr/bin/pk-example-frobnicate</Path>
<Path fileType="executable">/usr/bin/pkaction</Path>
@@ -51,8 +50,13 @@
<Path fileType="localedata">/usr/share/locale/hr/LC_MESSAGES/polkit-1.mo</Path>
<Path fileType="localedata">/usr/share/locale/hu/LC_MESSAGES/polkit-1.mo</Path>
<Path fileType="localedata">/usr/share/locale/id/LC_MESSAGES/polkit-1.mo</Path>
+ <Path fileType="localedata">/usr/share/locale/it/LC_MESSAGES/polkit-1.mo</Path>
+ <Path fileType="localedata">/usr/share/locale/nl/LC_MESSAGES/polkit-1.mo</Path>
+ <Path fileType="localedata">/usr/share/locale/nn/LC_MESSAGES/polkit-1.mo</Path>
<Path fileType="localedata">/usr/share/locale/pl/LC_MESSAGES/polkit-1.mo</Path>
+ <Path fileType="localedata">/usr/share/locale/pt/LC_MESSAGES/polkit-1.mo</Path>
<Path fileType="localedata">/usr/share/locale/pt_BR/LC_MESSAGES/polkit-1.mo</Path>
+ <Path fileType="localedata">/usr/share/locale/ro/LC_MESSAGES/polkit-1.mo</Path>
<Path fileType="localedata">/usr/share/locale/sk/LC_MESSAGES/polkit-1.mo</Path>
<Path fileType="localedata">/usr/share/locale/sv/LC_MESSAGES/polkit-1.mo</Path>
<Path fileType="localedata">/usr/share/locale/tr/LC_MESSAGES/polkit-1.mo</Path>
@@ -67,6 +71,7 @@
<Path fileType="man">/usr/share/man/man8/polkitd.8</Path>
<Path fileType="data">/usr/share/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy</Path>
<Path fileType="data">/usr/share/polkit-1/actions/org.freedesktop.policykit.policy</Path>
+ <Path fileType="data">/usr/share/polkit-1/policyconfig-1.dtd</Path>
<Path fileType="data">/usr/share/polkit-1/rules.d</Path>
</Files>
</Package>
@@ -77,7 +82,7 @@
</Description>
<PartOf>system.devel</PartOf>
<RuntimeDependencies>
- <Dependency release="25">polkit</Dependency>
+ <Dependency release="26">polkit</Dependency>
</RuntimeDependencies>
<Files>
<Path fileType="header">/usr/include/polkit-1/polkit/polkit.h</Path>
@@ -180,12 +185,12 @@
</Files>
</Package>
<History>
- <Update release="25">
- <Date>2022-03-26</Date>
- <Version>0.113</Version>
+ <Update release="26">
+ <Date>2022-07-16</Date>
+ <Version>121</Version>
<Comment>Packaging update</Comment>
- <Name>F. von Gellhorn</Name>
- <Email>flinux@vongellhorn.ch</Email>
+ <Name>Reilly Brogan</Name>
+ <Email>solus@reillybrogan.com</Email>
</Update>
</History>
</PISI>
\ No newline at end of file

File Metadata

Mime Type
text/plain
Expires
Jun 11 2023, 7:51 PM (8 w, 2 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5814983
Default Alt Text
D13356.id32670.diff (63 KB)

Event Timeline

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.