From ecb1aaf56545a0e160ce9f0536d2ad15b9acb859 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 09 2023 05:31:06 +0000 Subject: import polkit-0.117-11.el9 --- diff --git a/SOURCES/tty-restore-flags-if-changed.patch b/SOURCES/tty-restore-flags-if-changed.patch new file mode 100644 index 0000000..9feb5bc --- /dev/null +++ b/SOURCES/tty-restore-flags-if-changed.patch @@ -0,0 +1,77 @@ +diff -up ./src/polkitagent/polkitagenttextlistener.c.ori ./src/polkitagent/polkitagenttextlistener.c +--- ./src/polkitagent/polkitagenttextlistener.c.ori 2018-05-31 13:52:23.000000000 +0200 ++++ ./src/polkitagent/polkitagenttextlistener.c 2022-10-21 17:21:11.227665209 +0200 +@@ -121,6 +121,12 @@ polkit_agent_text_listener_class_init (P + listener_class = POLKIT_AGENT_LISTENER_CLASS (klass); + listener_class->initiate_authentication = polkit_agent_text_listener_initiate_authentication; + listener_class->initiate_authentication_finish = polkit_agent_text_listener_initiate_authentication_finish; ++ ++ g_signal_new("tty_attrs_changed", ++ G_TYPE_FROM_CLASS(gobject_class), ++ G_SIGNAL_RUN_LAST | G_SIGNAL_NO_RECURSE | G_SIGNAL_NO_HOOKS, ++ 0, NULL, NULL, NULL, ++ G_TYPE_NONE, 1, G_TYPE_BOOLEAN); + } + + /** +@@ -268,6 +274,7 @@ on_request (PolkitAgentSession *session, + * the problem. + */ + ++ g_signal_emit_by_name(listener, "tty_attrs_changed", TRUE); + tcgetattr (fileno (listener->tty), &ts); + ots = ts; + ts.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); +@@ -296,6 +303,7 @@ on_request (PolkitAgentSession *session, + } + } + tcsetattr (fileno (listener->tty), TCSAFLUSH, &ots); ++ g_signal_emit_by_name(listener, "tty_attrs_changed", FALSE); + putc ('\n', listener->tty); + + polkit_agent_session_response (session, str->str); +diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c +--- ./src/programs/pkttyagent.c.ori 2020-01-28 14:16:32.000000000 +0100 ++++ ./src/programs/pkttyagent.c 2022-10-21 16:56:12.449760361 +0200 +@@ -34,6 +34,7 @@ + + + static volatile sig_atomic_t tty_flags_saved; ++static volatile sig_atomic_t tty_flags_changed; + struct termios ts; + FILE *tty = NULL; + struct sigaction savesigterm, savesigint, savesigtstp; +@@ -54,7 +55,7 @@ static void tty_handler(int signal) + break; + } + +- if (tty_flags_saved) ++ if (tty_flags_saved && tty_flags_changed) + { + tcsetattr (fileno (tty), TCSADRAIN, &ts); + } +@@ -63,6 +64,14 @@ static void tty_handler(int signal) + } + + ++static void tty_attrs_changed(PolkitAgentListener *listener G_GNUC_UNUSED, ++ gboolean changed, ++ gpointer user_data G_GNUC_UNUSED) ++{ ++ tty_flags_changed = changed; ++} ++ ++ + int + main (int argc, char *argv[]) + { +@@ -221,6 +230,9 @@ main (int argc, char *argv[]) + ret = 127; + goto out; + } ++ g_signal_connect(G_OBJECT(listener), "tty_attrs_changed", ++ G_CALLBACK(tty_attrs_changed), NULL); ++ + local_agent_handle = polkit_agent_listener_register_with_options (listener, + POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD, + subject, diff --git a/SPECS/polkit.spec b/SPECS/polkit.spec index 77bee96..b7ca5d9 100644 --- a/SPECS/polkit.spec +++ b/SPECS/polkit.spec @@ -22,7 +22,7 @@ Summary: An authorization framework Name: polkit Version: 0.117 -Release: 10%{?dist} +Release: 11%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/polkit Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz @@ -32,6 +32,7 @@ Patch1001: mozjs78.patch Patch1002: CVE-2021-3560.patch Patch1003: CVE-2021-4034.patch Patch1004: CVE-2021-4115.patch +Patch1005: tty-restore-flags-if-changed.patch %if 0%{?bundled_mozjs} Source2: https://ftp.mozilla.org/pub/firefox/releases/%{mozjs_version}esr/source/firefox-%{mozjs_version}esr.source.tar.xz @@ -179,6 +180,7 @@ Libraries files for polkit. %patch1002 -p1 %patch1003 -p1 %patch1004 -p1 +%patch1005 -p1 %if 0%{?bundled_mozjs} # Extract mozjs archive @@ -385,9 +387,13 @@ exit 0 %endif %changelog -* Fri Mar 11 2022 Jan Rybar - 0.117-10 -- patch application spec file fix -- Resolves: CVE-2021-4115 +* Fri Dec 02 2022 Jan Rybar - 0.117-11 +- backport: restore tty only if changed +- Resolves: rhbz#2150310 + +* Mon Mar 07 2022 Jan Rybar - 0.117-10 +- fixed CVE-2021-4115 patch application +- Resolves: rhbz#2062644 * Wed Feb 16 2022 Jan Rybar - 0.117-9 - file descriptor exhaustion (GHSL-2021-077)