From e08de9f367e03f88dc4b30e64fc66fd2ab1fb6e2 Mon Sep 17 00:00:00 2001 From: markeryang Date: Mon, 28 Jul 2025 06:33:37 +0000 Subject: [PATCH] fix CVE-2025-7519 (cherry picked from commit a3111c5eed0700907504e88cba56324d2b9d13af) --- backport-CVE-2025-7519.patch | 27 +++++++++++++++++++++++++++ polkit.spec | 6 +++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-7519.patch diff --git a/backport-CVE-2025-7519.patch b/backport-CVE-2025-7519.patch new file mode 100644 index 0000000..afd77da --- /dev/null +++ b/backport-CVE-2025-7519.patch @@ -0,0 +1,27 @@ +From 107d3801361b9f9084f78710178e683391f1d245 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Fri, 6 Jun 2025 13:25:55 +0200 +Subject: [PATCH] Nested .policy files cause xml parsing overflow leading to + crash + +--- + src/polkitbackend/polkitbackendactionpool.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index 43f89cb9..f4acca9d 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -739,6 +739,12 @@ _start (void *data, const char *el, const char **attr) + guint num_attr; + ParserData *pd = data; + ++ if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) ++ { ++ g_warning ("XML parsing reached max depth?"); ++ goto error; ++ } ++ + for (num_attr = 0; attr[num_attr] != NULL; num_attr++) + ; + diff --git a/polkit.spec b/polkit.spec index 8848ae2..c847a76 100644 --- a/polkit.spec +++ b/polkit.spec @@ -1,6 +1,6 @@ Name: polkit Version: 0.120 -Release: 10 +Release: 11 Summary: Define and Handle authorizations tool License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/polkit @@ -14,6 +14,7 @@ Patch3: backport-Added-support-for-duktape-as-JS-engine.patch Patch4: backport-build-Add-fallback-looking-for-duktape-s-library-and.patch Patch5: fix-core-dump-problem.patch Patch6: backport-polkitd-fix-zombie-not-reaped-when-js-spawned-proces.patch +Patch7: backport-CVE-2025-7519.patch BuildRequires: gcc-c++ glib2-devel >= 2.30.0 expat-devel pam-devel gtk-doc intltool BuildRequires: gobject-introspection-devel systemd systemd-devel @@ -131,6 +132,9 @@ exit 0 %{_datadir}/man/man8/* %changelog +* Mon Jul 28 2025 yanglongkang - 0.120-11 +- fix CVE-2025-7519 + * Wed Jul 16 2025 shechenglong - 0.120-10 - fix zombie not reaped when js spawned process timed out -- Gitee