From 2b235a01193c02ad20ba6e0cc3b384632e2f9ea0 Mon Sep 17 00:00:00 2001 From: yangcheng1203 Date: Tue, 28 Sep 2021 11:26:07 +0800 Subject: [PATCH] fix CVE-2020-16121 (cherry picked from commit 88dd8b658def287bed9e051f1d0616c7caca1258) --- PackageKit.spec | 10 ++- backport-CVE-2020-16121.patch | 140 ++++++++++++++++++++++++++++++++++ 2 files changed, 149 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2020-16121.patch diff --git a/PackageKit.spec b/PackageKit.spec index 8e00155..fc38e8d 100644 --- a/PackageKit.spec +++ b/PackageKit.spec @@ -1,6 +1,6 @@ Name: PackageKit Version: 1.1.12 -Release: 9 +Release: 10 License: GPLv2+ and LGPLv2+ Summary: Package management service URL: https://www.freedesktop.org/software/PackageKit/ @@ -24,6 +24,8 @@ Patch5: 0001-Do-not-trigger-an-inotity-event-when-the-AppStream-X.patch # modify support URL Patch6: 0001-PackageKit-modify-support-URL.patch +Patch6000: backport-CVE-2020-16121.patch + BuildRequires: glib2-devel xmlto gtk-doc sqlite-devel polkit-devel libtool gtk2-devel gtk3-devel docbook-utils BuildRequires: gnome-doc-utils intltool gettext vala gstreamer1-devel gstreamer1-plugins-base-devel pango-devel BuildRequires: fontconfig-devel libappstream-glib-devel libdnf-devel systemd-devel gobject-introspection-devel bash-completion @@ -172,6 +174,12 @@ systemctl disable packagekit-offline-update.service > /dev/null 2>&1 || : %config(noreplace) %{_sysconfdir}/PackageKit/CommandNotFound.conf %changelog +* Tue Sep 28 2021 yangcheng - 1.1.12-10 +- Type:CVE +- ID:cve-2020-16121 +- SUG:NA +- DESC:fix CVE-2020-16121 + * Tue Mar 10 2020 chengguipeng - 1.1.12-9 - Type:bugfix - ID:NA diff --git a/backport-CVE-2020-16121.patch b/backport-CVE-2020-16121.patch new file mode 100644 index 0000000..164daf2 --- /dev/null +++ b/backport-CVE-2020-16121.patch @@ -0,0 +1,140 @@ +From e916b584d8d0f3feb835fe3793f01271a301240d Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Tue, 22 Sep 2020 14:12:12 +0200 +Subject: [PATCH 2/2] Information disclosure in InstallFiles, GetFilesLocal and + GetDetailsLocal + +These functions revealed existence and content type of files, which +allows a non-root user to check existence and content type of any +file on the system, regardless of permission, as the checks are +performed as root. + +A correct fix would move those checks into the client, and pass an +fd to the daemon. Here we just hide which failure it is, which we +would need to do anyway, but don't provide an improved version as +that's out of scope for a security issue and requires changes the +reverse dependencies using those functions. + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1888887 +--- + src/pk-transaction.c | 48 ++++++++++++++++---------------------------- + 1 file changed, 17 insertions(+), 31 deletions(-) + +diff --git a/src/pk-transaction.c b/src/pk-transaction.c +index 76e9965..0880fbf 100644 +--- a/src/pk-transaction.c ++++ b/src/pk-transaction.c +@@ -3038,7 +3038,7 @@ pk_transaction_get_details_local (PkTransaction *transaction, + g_set_error (&error, + PK_TRANSACTION_ERROR, + PK_TRANSACTION_ERROR_NO_SUCH_FILE, +- "No such file %s", full_paths[i]); ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +@@ -3049,9 +3049,8 @@ pk_transaction_get_details_local (PkTransaction *transaction, + if (content_type == NULL) { + g_set_error (&error, + PK_TRANSACTION_ERROR, +- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED, +- "Failed to get content type for file %s", +- full_paths[i]); ++ PK_TRANSACTION_ERROR_NO_SUCH_FILE, ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +@@ -3061,9 +3060,8 @@ pk_transaction_get_details_local (PkTransaction *transaction, + if (!ret) { + g_set_error (&error, + PK_TRANSACTION_ERROR, +- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED, +- "MIME type '%s' not supported %s", +- content_type, full_paths[i]); ++ PK_TRANSACTION_ERROR_NO_SUCH_FILE, ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +@@ -3139,7 +3137,7 @@ pk_transaction_get_files_local (PkTransaction *transaction, + g_set_error (&error, + PK_TRANSACTION_ERROR, + PK_TRANSACTION_ERROR_NO_SUCH_FILE, +- "No such file %s", full_paths[i]); ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +@@ -3150,9 +3148,8 @@ pk_transaction_get_files_local (PkTransaction *transaction, + if (content_type == NULL) { + g_set_error (&error, + PK_TRANSACTION_ERROR, +- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED, +- "Failed to get content type for file %s", +- full_paths[i]); ++ PK_TRANSACTION_ERROR_NO_SUCH_FILE, ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +@@ -3162,9 +3159,8 @@ pk_transaction_get_files_local (PkTransaction *transaction, + if (!ret) { + g_set_error (&error, + PK_TRANSACTION_ERROR, +- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED, +- "MIME type '%s' not supported %s", +- content_type, full_paths[i]); ++ PK_TRANSACTION_ERROR_NO_SUCH_FILE, ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +@@ -3667,7 +3663,7 @@ pk_transaction_install_files (PkTransaction *transaction, + g_set_error (&error, + PK_TRANSACTION_ERROR, + PK_TRANSACTION_ERROR_NO_SUCH_FILE, +- "No such file %s", full_paths[i]); ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +@@ -3677,9 +3673,8 @@ pk_transaction_install_files (PkTransaction *transaction, + if (content_type == NULL) { + g_set_error (&error, + PK_TRANSACTION_ERROR, +- PK_TRANSACTION_ERROR_NOT_SUPPORTED, +- "Failed to get content type for file %s", +- full_paths[i]); ++ PK_TRANSACTION_ERROR_NO_SUCH_FILE, ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +@@ -3687,19 +3682,10 @@ pk_transaction_install_files (PkTransaction *transaction, + /* supported content type? */ + ret = pk_transaction_is_supported_content_type (transaction, content_type); + if (!ret) { +- if (g_strcmp0 ("application/x-app-package", content_type) == 0 || +- g_str_has_suffix (full_paths[i], ".ipk") == TRUE) { +- g_set_error (&error, +- PK_TRANSACTION_ERROR, +- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED, +- "Listaller is required to install %s", full_paths[i]); +- } else { +- g_set_error (&error, +- PK_TRANSACTION_ERROR, +- PK_TRANSACTION_ERROR_MIME_TYPE_NOT_SUPPORTED, +- "MIME type '%s' not supported %s", +- content_type, full_paths[i]); +- } ++ g_set_error (&error, ++ PK_TRANSACTION_ERROR, ++ PK_TRANSACTION_ERROR_NO_SUCH_FILE, ++ "No such file %s, or unknown or unsupported content type", full_paths[i]); + pk_transaction_set_state (transaction, PK_TRANSACTION_STATE_ERROR); + goto out; + } +-- +2.27.0 + -- Gitee