Bump for CVE-2013-4288

(Portage version: 2.2.1/cvs/Linux x86_64, signed Manifest commit with key D7DFA8D318FA9AEF!)

3 files changed, 228 insertions, 1 deletions

diff --git a/sys-auth/polkit/ChangeLog b/sys-auth/polkit/ChangeLog
index 7afab09007f8..91ec967436e5 100644
--- a/sys-auth/polkit/ChangeLog
+++ b/sys-auth/polkit/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-auth/polkit
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.147 2013/09/19 15:47:54 cardoe Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.148 2013/09/19 16:07:41 cardoe Exp $
+
+*polkit-0.110-r1 (19 Sep 2013)
+
+  19 Sep 2013; Doug Goldstein <cardoe@gentoo.org>
+  +files/polkit-0.110-CVE-2013-4288.patch, +polkit-0.110-r1.ebuild:
+  Bump for CVE-2013-4288
 
 *polkit-0.112 (19 Sep 2013)
 
diff --git a/sys-auth/polkit/files/polkit-0.110-CVE-2013-4288.patch b/sys-auth/polkit/files/polkit-0.110-CVE-2013-4288.patch
new file mode 100644
index 000000000000..af2d7f276046
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.110-CVE-2013-4288.patch
@@ -0,0 +1,113 @@
+commit c3502abf72c0c098adb40d7e362e94f93844a6b1
+Author: Colin Walters <walters@verbum.org>
+Date:   Mon Aug 19 12:16:11 2013 -0400
+
+    pkcheck: Support --process=pid,start-time,uid syntax too
+    
+    The uid is a new addition; this allows callers such as libvirt to
+    close a race condition in reading the uid of the process talking to
+    them.  They can read it via getsockopt(SO_PEERCRED) or equivalent,
+    rather than having pkcheck look at /proc later after the fact.
+    
+    Programs which invoke pkcheck but need to know beforehand (i.e.  at
+    compile time) whether or not it supports passing the uid can
+    use:
+    
+    pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
+    test x$pkcheck_supports_uid = xyes
+    (cherry picked from commit 3968411b0c7ba193f9b9276ec911692aec248608)
+    
+    Conflicts:
+    	src/programs/pkcheck.c
+
+diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
+index c39677d..5c4c620 100644
+--- a/data/polkit-gobject-1.pc.in
++++ b/data/polkit-gobject-1.pc.in
+@@ -11,3 +11,6 @@ Version: @VERSION@
+ Libs: -L${libdir} -lpolkit-gobject-1
+ Cflags: -I${includedir}/polkit-1
+ Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
++# Programs using pkcheck can use this to determine
++# whether or not it can be passed a uid.
++pkcheck_supports_uid=true
+diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml
+index fc54054..c856ca4 100644
+--- a/docs/man/pkcheck.xml
++++ b/docs/man/pkcheck.xml
+@@ -55,6 +55,9 @@
+             <arg choice="plain">
+               <replaceable>pid,pid-start-time</replaceable>
+             </arg>
++            <arg choice="plain">
++              <replaceable>pid,pid-start-time,uid</replaceable>
++            </arg>
+           </group>
+         </arg>
+         <arg choice="plain">
+@@ -90,7 +93,7 @@
+     <title>DESCRIPTION</title>
+     <para>
+       <command>pkcheck</command> is used to check whether a process, specified by
+-      either <option>--process</option> or <option>--system-bus-name</option>,
++      either <option>--process</option> (see below) or <option>--system-bus-name</option>,
+       is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
+       option can be used zero or more times to pass details about <replaceable>action</replaceable>.
+       If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
+@@ -160,15 +163,23 @@ KEY3=VALUE3
+   <refsect1 id="pkcheck-notes">
+     <title>NOTES</title>
+     <para>
+-      Since process identifiers can be recycled, the caller should always use
+-      <replaceable>pid,pid-start-time</replaceable> to specify the process
+-      to check for authorization when using the <option>--process</option> option.
+-      The value of <replaceable>pid-start-time</replaceable>
+-      can be determined by consulting e.g. the
++      Do not use either the bare <replaceable>pid</replaceable> or
++      <replaceable>pid,start-time</replaceable> syntax forms for
++      <option>--process</option>.  There are race conditions in both.
++      New code should always use
++      <replaceable>pid,pid-start-time,uid</replaceable>.  The value of
++      <replaceable>start-time</replaceable> can be determined by
++      consulting e.g. the
+       <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+-      file system depending on the operating system. If only <replaceable>pid</replaceable>
+-      is passed to the <option>--process</option> option, then <command>pkcheck</command>
+-      will look up the start time itself but note that this may be racy.
++      file system depending on the operating system.  If fewer than 3
++      arguments are passed, <command>pkcheck</command> will attempt to
++      look up them up internally, but note that this may be racy.
++    </para>
++    <para>
++      If your program is a daemon with e.g. a custom Unix domain
++      socket, you should determine the <replaceable>uid</replaceable>
++      parameter via operating system mechanisms such as
++      <literal>PEERCRED</literal>.
+     </para>
+   </refsect1>
+ 
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index 719a36c..057e926 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -372,6 +372,7 @@ main (int argc, char *argv[])
+       else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0)
+         {
+           gint pid;
++	  guint uid;
+           guint64 pid_start_time;
+ 
+           n++;
+@@ -381,7 +382,11 @@ main (int argc, char *argv[])
+               goto out;
+             }
+ 
+-          if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
++          if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3)
++            {
++              subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid);
++            }
++          else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
+             {
+               subject = polkit_unix_process_new_full (pid, pid_start_time);
+             }
diff --git a/sys-auth/polkit/polkit-0.110-r1.ebuild b/sys-auth/polkit/polkit-0.110-r1.ebuild
new file mode 100644
index 000000000000..22cc715317de
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.110-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/polkit-0.110-r1.ebuild,v 1.1 2013/09/19 16:07:41 cardoe Exp $
+
+EAPI=5
+inherit eutils multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="examples gtk +introspection kde nls pam selinux systemd"
+
+RDEPEND="=dev-lang/spidermonkey-1.8.5*[-debug]
+	>=dev-libs/glib-2.32
+	>=dev-libs/expat-2:=
+	introspection? ( >=dev-libs/gobject-introspection-1 )
+	pam? (
+		sys-auth/pambase
+		virtual/pam
+		)
+	selinux? ( sec-policy/selinux-policykit )
+	systemd? ( sys-apps/systemd )"
+DEPEND="${RDEPEND}
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt
+	dev-util/intltool
+	virtual/pkgconfig"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		lxde-base/lxpolkit
+		) )
+	kde? ( sys-auth/polkit-kde-agent )
+	!systemd? ( sys-auth/consolekit[policykit] )"
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+	local u=polkitd
+	local g=polkitd
+	local h=/var/lib/polkit-1
+
+	enewgroup ${g}
+	enewuser ${u} -1 -1 ${h} ${g}
+	esethome ${u} ${h}
+}
+
+src_prepare() {
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+	epatch "${FILESDIR}"/polkit-0.110-CVE-2013-4288.patch
+}
+
+src_configure() {
+	econf \
+		--localstatedir="${EPREFIX}"/var \
+		--disable-static \
+		--enable-man-pages \
+		--disable-gtk-doc \
+		$(use_enable systemd libsystemd-login) \
+		$(use_enable introspection) \
+		--disable-examples \
+		$(use_enable nls) \
+		--with-mozjs=mozjs185 \
+		"$(systemd_with_unitdir)" \
+		--with-authfw=$(usex pam pam shadow) \
+		$(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+		--with-os-type=gentoo
+}
+
+src_compile() {
+	default
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest'
+	local m='mr'
+	pax-mark ${m} ${f}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	dodoc docs/TODO HACKING NEWS README
+
+	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+	diropts -m0700 -o polkitd -g polkitd
+	keepdir /var/lib/polkit-1
+
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		doins src/examples/{*.c,*.policy*}
+	fi
+
+	prune_libtool_files
+}
+
+pkg_postinst() {
+	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}