From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id IOtZE1suv2CVRAAAgWs5BA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 08 Jun 2021 10:46:19 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id qA+KDlsuv2D2bwAAB5/wlQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 08 Jun 2021 08:46:19 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 9AA15A5AE
	for <larch@yhetil.org>; Tue,  8 Jun 2021 10:46:18 +0200 (CEST)
Received: from localhost ([::1]:33250 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1lqXNJ-0003QW-Am
	for larch@yhetil.org; Tue, 08 Jun 2021 04:46:17 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:38734)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lqXN8-0003Pm-Tx
 for guix-patches@gnu.org; Tue, 08 Jun 2021 04:46:07 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:45811)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lqXN4-00017O-RD
 for guix-patches@gnu.org; Tue, 08 Jun 2021 04:46:06 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1lqXN4-0003o8-L4
 for guix-patches@gnu.org; Tue, 08 Jun 2021 04:46:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#48915] [PATCH] gnu: polkit: Graft a replacement for
 CVE-2021-3560.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 08 Jun 2021 08:46:02 +0000
Resent-Message-ID: <handler.48915.B.162314192314569@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 48915
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 48915@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.162314192314569
 (code B ref -1); Tue, 08 Jun 2021 08:46:02 +0000
Received: (at submit) by debbugs.gnu.org; 8 Jun 2021 08:45:23 +0000
Received: from localhost ([127.0.0.1]:57357 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1lqXMR-0003mv-Cd
 for submit@debbugs.gnu.org; Tue, 08 Jun 2021 04:45:23 -0400
Received: from lists.gnu.org ([209.51.188.17]:48342)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1lqXMP-0003mm-4s
 for submit@debbugs.gnu.org; Tue, 08 Jun 2021 04:45:22 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:38584)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1lqXMO-0002sQ-S9
 for guix-patches@gnu.org; Tue, 08 Jun 2021 04:45:20 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:54024)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1lqXMO-0000dJ-JF; Tue, 08 Jun 2021 04:45:20 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=60814 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1lqXMO-0003m9-AG; Tue, 08 Jun 2021 04:45:20 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue,  8 Jun 2021 10:45:12 +0200
Message-Id: <20210608084512.29608-1-ludo@gnu.org>
X-Mailer: git-send-email 2.31.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1623141978;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=BrScqDca1MY81GS9Eqc4Gcaw+z+RXC7PG+/0sQKZTjE=;
	b=laDKDNXQHyBAZINxkH8gvARyoFTzK2nQcAmZ4Pt70FNB0TfSvh8lLh3yavWLpyCI3uFPSg
	BWd8gPUZM95PtYZ1IJ213ffpMeyks4SbkM+unDqQbms9rCFMEhvRJIXPMmIxVG/z5aBu6C
	J5mEdPf35dbcYIVkkZULL1Ha+AzZwCT38QsP+dqGivuYZpSzN1kt7gej2DAF+GL/kRF8Qp
	HT/v/5T72/d3Ipw/xjbBA6N6x7OyAym0tJ3PTWyEjx/3emYJbd+4uN+/2ynzcp2MYM5vMK
	yCjEtedTEXxiTueTkhqqQEyeLF0wGzn9LLbZwyiMkgbzs0M+toqAc4lkhH4EPg==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1623141978; a=rsa-sha256; cv=none;
	b=cIaZcYh/LcfLsdgTVFc1h5S/MYwu3cy08K/B7T0WiCvqtcDSl6zCkoUjG/ACrd6Zs7xjPV
	pgH3CLWwEIdhmx7RTN8B+0Z3LGtarbYU05oVonyLan8i1yPtHX+86p66xAPdptxIyRFZfu
	mt0R+c/Xj9cmyeRwtmmysdF14paoYXeKwWTrvkZL8Z4IH/i5mYfFSxV39B0F/mk+gZSQk0
	Pxl0oMrmSbf6COp83hlz2MirRRD1hXYqrT1ru09bbnIkDeryPzlcB+AdkPzPjgX8GbD6by
	MGIrEshglqgLSBVJMs1jVr6Kqxg7wj7l6dFbQBRppuJQFRQSMeb7S9fzgdeWzg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Spam-Score: 2.08
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Queue-Id: 9AA15A5AE
X-Spam-Score: 2.08
X-Migadu-Scanner: scn1.migadu.com
X-TUID: cgsx87NUPb9J

* gnu/packages/patches/polkit-CVE-2021-3560.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/polkit.scm (polkit/fixed): New variable.
(polkit)[replacement]: New field.
---
 gnu/local.mk                                  |  1 +
 .../patches/polkit-CVE-2021-3560.patch        | 21 +++++++++++++++++++
 gnu/packages/polkit.scm                       |  9 ++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 gnu/packages/patches/polkit-CVE-2021-3560.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 0599df8968..42c5ee0d31 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1555,6 +1555,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/plib-CVE-2011-4620.patch		\
   %D%/packages/patches/plib-CVE-2012-4552.patch		\
   %D%/packages/patches/plotutils-spline-test.patch		\
+  %D%/packages/patches/polkit-CVE-2021-3560.patch		\
   %D%/packages/patches/portaudio-audacity-compat.patch		\
   %D%/packages/patches/portmidi-modular-build.patch		\
   %D%/packages/patches/postgresql-disable-resolve_symlinks.patch	\
diff --git a/gnu/packages/patches/polkit-CVE-2021-3560.patch b/gnu/packages/patches/polkit-CVE-2021-3560.patch
new file mode 100644
index 0000000000..9aa0373fda
--- /dev/null
+++ b/gnu/packages/patches/polkit-CVE-2021-3560.patch
@@ -0,0 +1,21 @@
+This patch fixes CVE-2021-3560, "local privilege escalation using
+polkit_system_bus_name_get_creds_sync()":
+
+  https://www.openwall.com/lists/oss-security/2021/06/03/1
+
+Patch from <https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a>.
+
+diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
+index 8daa12cb9093c1d765c7b83654a2b8d0d382378e..8ed13631508dd96624898df90ee2ece4dcf3e1e5 100644
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
+   while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+     g_main_context_iteration (tmp_context, TRUE);
+ 
++  if (data.caught_error)
++    goto out;
++
+   if (out_uid)
+     *out_uid = data.uid;
+   if (out_pid)
diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm
index d868aceec2..fcd8633b7a 100644
--- a/gnu/packages/polkit.scm
+++ b/gnu/packages/polkit.scm
@@ -44,6 +44,7 @@
   (package
     (name "polkit")
     (version "0.116")
+    (replacement polkit/fixed)
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -135,6 +136,14 @@ making process with respect to granting access to privileged operations
 for unprivileged applications.")
     (license lgpl2.0+)))
 
+(define-public polkit/fixed
+  (package
+    (inherit polkit)
+    (version "0.11A")                             ;0.116 + patch
+    (source (origin
+              (inherit (package-source polkit))
+              (patches (search-patches "polkit-CVE-2021-3560.patch"))))))
+
 (define-public polkit-qt
   (package
     (name "polkit-qt")
-- 
2.31.1