From nobody Fri Jun 04 18:30:28 2021
X-Original-To: desktop@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 58B0ADF3832
	for <desktop@mlmmj.nyi.freebsd.org>; Fri,  4 Jun 2021 18:30:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4FxWXh1xmWz4ZPg
	for <desktop@FreeBSD.org>; Fri,  4 Jun 2021 18:30:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2C81A22283
	for <desktop@FreeBSD.org>; Fri,  4 Jun 2021 18:30:28 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 154IUSRq051238
	for <desktop@FreeBSD.org>; Fri, 4 Jun 2021 18:30:28 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from bugzilla@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 154IUSG2051237
	for desktop@FreeBSD.org; Fri, 4 Jun 2021 18:30:28 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: desktop@FreeBSD.org
Subject: [Bug 256405] sysutils/polkit: Update to 0.119
Date: Fri, 04 Jun 2021 18:30:28 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: patch
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: commit-hook@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: desktop@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback+
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-256405-39348-JmAxKAu3BA@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-256405-39348@https.bugs.freebsd.org/bugzilla/>
References: <bug-256405-39348@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Using and improving FreeBSD on the desktop <freebsd-desktop.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-desktop
List-Help: <mailto:freebsd-desktop+help@freebsd.org>
List-Post: <mailto:freebsd-desktop@freebsd.org>
List-Subscribe: <mailto:freebsd-desktop+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-desktop+unsubscribe@freebsd.org>
Sender: owner-freebsd-desktop@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256405

--- Comment #3 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=3D0958ffc12c9c0bba44f9a1adc0ca517=
3d7cd8bf9

commit 0958ffc12c9c0bba44f9a1adc0ca5173d7cd8bf9
Author:     Tobias C. Berner <tcberner@FreeBSD.org>
AuthorDate: 2021-06-04 18:27:49 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-06-04 18:29:52 +0000

    security/vuxml: document vulnerability in sysutils/polkit

    Cedric Buissart reports:

            The function `polkit_system_bus_name_get_creds_sync` is used to=
 get
the
            uid and pid of the process requesting the action. It does this =
by
            sending the unique bus name of the requesting process, which is
            typically something like ":1.96", to `dbus-daemon`. These unique
names
            are assigned and managed by `dbus-daemon` and cannot be forged,=
 so
this
            is a good way to check the privileges of the requesting process.

            The vulnerability happens when the requesting process disconnec=
ts
from
            `dbus-daemon` just before the call to
            `polkit_system_bus_name_get_creds_sync` starts. In this scenari=
o,
the
            unique bus name is no longer valid, so `dbus-daemon` sends back=
 an
error
            reply. This error case is handled in
            `polkit_system_bus_name_get_creds_sync` by setting the value of=
 the
            `error` parameter, but it still returns `TRUE`, rather than
`FALSE`.
            This behavior means that all callers of
            `polkit_system_bus_name_get_creds_sync` need to carefully check
whether
            an error was set. If the calling function forgets to check for
errors
            then it will think that the uid of the requesting process is 0
(because
            the `AsyncGetBusNameCredsData` struct is zero initialized). In
other
            words, it will think that the action was requested by a root
process,
            and will therefore allow it.

    PR:             256405
    Security:       CVE-2021-3560 polkit

 security/vuxml/vuln.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++=
++
 1 file changed, 47 insertions(+)

--=20
You are receiving this mail because:
You are the assignee for the bug.=