[meego-commits] 5711: Changes to MeeGo:1.0:Core:Update:Testing/polkit

Thu Jul 15 02:06:13 UTC 2010

Hi,
I have made the following changes to polkit in project MeeGo:1.0:Core:Update:Testing. Please review and accept ASAP.

Thank You,
Yan Yin

[This message was auto-generated]

---

Request #5711:

  submit:   home:yyin2:branches:MeeGo:1.0:Core:Update:Testing/polkit(r4)(cleanup) -> MeeGo:1.0:Core:Update:Testing/polkit


Message:
    Fix bug number format in changes file

State:   new          2010-07-14T14:00:58 yyin2
Comment: None



changes files:
--------------

--- polkit.changes
+++ polkit.changes
@@ -0,0 +1,3 @@
+* Tue Jul 13 2010 Yan Yin <yan.yin at intel.com> - 0.95_git20090913
+- Fix BMC# 2182: CVE-2010-0750: import 0002-Fix-Bug-26982-pkexec-information-disclosure-vulnerability.patch
+

new:
----
  0002-Fix-Bug-26982-pkexec-information-disclosure-vulnerability.patch

spec files:
-----------
--- polkit.spec
+++ polkit.spec
@@ -25,6 +25,7 @@
 Provides: PolicyKit = 0.11
 
 Patch0: 0001-Fix-process-start-time-when-using-polkit_unix_proces.patch
+Patch1: 0002-Fix-Bug-26982-pkexec-information-disclosure-vulnerability.patch
 
 %description
 PolicyKit is a toolkit for defining and handling authorizations.
@@ -69,6 +70,7 @@
 %prep
 %setup -q -n %{name}-0.95
 %patch0 -p1
+%patch1 -p1
 
 %build
 %configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --enable-introspection --enable-examples

other changes:
--------------

++++++ 0002-Fix-Bug-26982-pkexec-information-disclosure-vulnerability.patch (new)
--- 0002-Fix-Bug-26982-pkexec-information-disclosure-vulnerability.patch
+++ 0002-Fix-Bug-26982-pkexec-information-disclosure-vulnerability.patch
+diff -urpN polkit-0.95/src/programs/pkexec.c polkit-0.95.patched/src/programs/pkexec.c
+--- polkit-0.95/src/programs/pkexec.c	2009-09-14 01:55:09.000000000 +0800
++++ polkit-0.95.patched/src/programs/pkexec.c	2010-07-13 15:25:39.920785353 +0800
+@@ -201,7 +201,6 @@ main (int argc, char *argv[])
+   gchar *opt_user;
+   pid_t pid_of_caller;
+   uid_t uid_of_caller;
+-  struct stat statbuf;
+ 
+   ret = 127;
+   authority = NULL;
+@@ -296,9 +295,9 @@ main (int argc, char *argv[])
+       g_free (path);
+       argv[n] = path = s;
+     }
+-  if (stat (path, &statbuf) != 0)
++  if (access (path, F_OK) != 0)
+     {
+-      g_printerr ("Error getting information about %s: %s\n", path, g_strerror (errno));
++      g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
+       goto out;
+     }
+   command_line = g_strjoinv (" ", argv + n);

