diff --git a/srcpkgs/polkit-elogind/patches/CVE-2018-19788.patch b/srcpkgs/polkit-elogind/patches/CVE-2018-19788.patch new file mode 100644 index 0000000000..c7c125a50c --- /dev/null +++ b/srcpkgs/polkit-elogind/patches/CVE-2018-19788.patch @@ -0,0 +1,150 @@ +--- src/polkit/polkitunixgroup.c ++++ src/polkit/polkitunixgroup.c +@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, + static void + polkit_unix_group_init (PolkitUnixGroup *unix_group) + { ++ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ + } + + static void +@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); ++ gint val; + + switch (prop_id) + { + case PROP_GID: +- unix_group->gid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_group->gid = val; + break; + + default: +@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) + g_param_spec_int ("gid", + "Group ID", + "The UNIX group ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) + */ + void + polkit_unix_group_set_gid (PolkitUnixGroup *group, +- gint gid) ++ gint gid) + { + g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); ++ g_return_if_fail (gid != -1); + group->gid = gid; + } + +@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, + PolkitIdentity * + polkit_unix_group_new (gint gid) + { ++ g_return_val_if_fail (gid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, + "gid", gid, + NULL)); +--- src/polkit/polkitunixprocess.c ++++ src/polkit/polkitunixprocess.c +@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: +- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ case PROP_UID: { ++ gint val; ++ ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ polkit_unix_process_set_uid (unix_process, val); + break; ++ } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); +@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- -1, ++ G_MININT, + G_MAXINT, + -1, + G_PARAM_CONSTRUCT | +@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); +- g_return_if_fail (uid >= -1); + process->uid = uid; + } + +--- src/polkit/polkitunixuser.c ++++ src/polkit/polkitunixuser.c +@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, + static void + polkit_unix_user_init (PolkitUnixUser *unix_user) + { ++ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ + unix_user->name = NULL; + } + +@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); ++ gint val; + + switch (prop_id) + { + case PROP_UID: +- unix_user->uid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_user->uid = val; + break; + + default: +@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_USER (user)); ++ g_return_if_fail (uid != -1); + user->uid = uid; + } + +@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + PolkitIdentity * + polkit_unix_user_new (gint uid) + { ++ g_return_val_if_fail (uid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, + "uid", uid, + NULL)); diff --git a/srcpkgs/polkit-elogind/template b/srcpkgs/polkit-elogind/template index a10160d696..582b5cde56 100644 --- a/srcpkgs/polkit-elogind/template +++ b/srcpkgs/polkit-elogind/template @@ -1,27 +1,26 @@ # Template file for 'polkit-elogind' pkgname=polkit-elogind version=0.115 -revision=2 +revision=3 wrksrc="polkit-${version}" build_style=gnu-configure configure_args="$(vopt_enable gir introspection) --disable-static --with-authfw=pam --with-os-type=void --with-mozjs=mozjs-52.0" -hostmakedepends="automake libtool gettext-devel git glib-devel - gobject-introspection gtk-doc intltool pkg-config" -makedepends="elogind-devel libglib-devel mozjs52-devel pam-devel" -system_accounts="polkitd" -short_desc="Authorization Toolkit" -maintainer="Enno Boland " -license="GPL-2.0-or-later" -homepage="http://www.freedesktop.org/wiki/Software/polkit" -distfiles="${FREEDESKTOP_SITE}/polkit/releases/polkit-${version}.tar.gz" -checksum=2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131 -provides="polkit-${version}_${revision}" -replaces="polkit>=0" - make_dirs=" /etc/polkit-1/rules.d 0700 polkitd polkitd /usr/share/polkit-1/rules.d 0700 polkitd polkitd" +hostmakedepends="automake libtool gettext-devel git glib-devel + gobject-introspection gtk-doc intltool pkg-config" +makedepends="elogind-devel libglib-devel mozjs52-devel pam-devel" +short_desc="Authorization Toolkit" +maintainer="Enno Boland " +license="GPL-2.0-or-later" +homepage="https://www.freedesktop.org/wiki/Software/polkit" +distfiles="${FREEDESKTOP_SITE}/polkit/releases/polkit-${version}.tar.gz" +checksum=2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131 +system_accounts="polkitd" +provides="polkit-${version}_${revision}" +replaces="polkit>=0" # Package build options build_options="gir"