From b3c9623830f7356520a6a607ef12f989fe241341 Mon Sep 17 00:00:00 2001
From: markeryang <yanglongkang@h-partners.com>
Date: Mon, 28 Jul 2025 06:47:24 +0000
Subject: [PATCH] fix CVE-2025-7519

---
 backport-CVE-2025-7519.patch | 27 +++++++++++++++++++++++++++
 polkit.spec                  |  6 +++++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-7519.patch

diff --git a/backport-CVE-2025-7519.patch b/backport-CVE-2025-7519.patch
new file mode 100644
index 0000000..afd77da
--- /dev/null
+++ b/backport-CVE-2025-7519.patch
@@ -0,0 +1,27 @@
+From 107d3801361b9f9084f78710178e683391f1d245 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Fri, 6 Jun 2025 13:25:55 +0200
+Subject: [PATCH] Nested .policy files cause xml parsing overflow leading to
+ crash
+
+---
+ src/polkitbackend/polkitbackendactionpool.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
+index 43f89cb9..f4acca9d 100644
+--- a/src/polkitbackend/polkitbackendactionpool.c
++++ b/src/polkitbackend/polkitbackendactionpool.c
+@@ -739,6 +739,12 @@ _start (void *data, const char *el, const char **attr)
+   guint num_attr;
+   ParserData *pd = data;
+ 
++  if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH)
++    {
++      g_warning ("XML parsing reached max depth?");
++      goto error;
++    }
++
+   for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
+     ;
+ 
diff --git a/polkit.spec b/polkit.spec
index 1981994..943ed31 100644
--- a/polkit.spec
+++ b/polkit.spec
@@ -1,6 +1,6 @@
 Name:             polkit
 Version:          0.116
-Release:          10
+Release:          11
 Summary:          Define and Handle authorizations tool
 License:          LGPLv2+ and Apache 2.0
 URL:              http://www.freedesktop.org/wiki/Software/polkit
@@ -14,6 +14,7 @@ Patch2:           Port-JavaScript-authority-to-mozjs-68.patch
 Patch3:           Port-polkit-to-mozjs78.patch
 Patch4:           backport-CVE-2021-4034.patch
 Patch5:           backport-CVE-2021-4115-GHSL-2021-077-fix.patch
+Patch6:           backport-CVE-2025-7519.patch
 
 BuildRequires:    gcc-c++ glib2-devel >= 2.30.0 expat-devel pam-devel gtk-doc intltool
 BuildRequires:    gobject-introspection-devel systemd systemd-devel pkgconfig(mozjs-78)
@@ -132,6 +133,9 @@ exit 0
 %{_datadir}/man/man8/*
 
 %changelog
+* Mon Jul 28 2025 yanglongkang <yanglongkang@h-partners.com> - 0.116-11
+- fix CVE-2025-7519
+
 * Sat Mar 5 2022 panxiaohe <panxh.life@foxmail.com> - 0.116-10
 - Fix CVE-2021-4115
 
-- 
Gitee