diff --git a/backport-CVE-2025-7519.patch b/backport-CVE-2025-7519.patch new file mode 100644 index 0000000000000000000000000000000000000000..afd77da704039fee8cfe87f71ee0da8e4abae349 --- /dev/null +++ b/backport-CVE-2025-7519.patch @@ -0,0 +1,27 @@ +From 107d3801361b9f9084f78710178e683391f1d245 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Fri, 6 Jun 2025 13:25:55 +0200 +Subject: [PATCH] Nested .policy files cause xml parsing overflow leading to + crash + +--- + src/polkitbackend/polkitbackendactionpool.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index 43f89cb9..f4acca9d 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -739,6 +739,12 @@ _start (void *data, const char *el, const char **attr) + guint num_attr; + ParserData *pd = data; + ++ if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) ++ { ++ g_warning ("XML parsing reached max depth?"); ++ goto error; ++ } ++ + for (num_attr = 0; attr[num_attr] != NULL; num_attr++) + ; + diff --git a/polkit.spec b/polkit.spec index 8dfcc3cc288817b2dc6e4ece474548829fb24cf5..b2e9652842149eeb121e153dd2d28b2a26103fe3 100644 --- a/polkit.spec +++ b/polkit.spec @@ -1,12 +1,13 @@ Name: polkit Version: 125 -Release: 1 +Release: 2 Summary: Define and Handle authorizations tool License: LGPL-2.0-or-later URL: https://polkit.pages.freedesktop.org/polkit/ Source0: https://github.com/polkit-org/polkit/archive/refs/tags/%{version}.tar.gz Patch0: modify-admin-authorization-from-wheel-group-to-root.patch +Patch1: backport-CVE-2025-7519.patch BuildRequires: meson >= 0.63.0 BuildRequires: pkgconfig(dbus-1) @@ -132,6 +133,9 @@ exit 0 %{_mandir}/man?/* %changelog +* Mon Jul 28 2025 yanglongkang - 125-2 +- fix CVE-2025-7519 + * Wed Aug 21 2024 Funda Wang - 125-1 - update to 125