From 6d7ab17023dc57bf86e78bd3c98b0ba05e1040f6 Mon Sep 17 00:00:00 2001
From: Joe Slater <joe.slater@windriver.com>
Date: Mon, 7 Feb 2022 13:21:38 -0500
Subject: [PATCH] polkit: fix CVE-2021-4034 polkit privilege escalation

pkexec always assumes there is at least one argument, which can be
exploited by crafting the environment and calling it with no
arguments.  No specific exploit has been published.

Update to polkit-0.112-26.el7_9.1.

== testing ==
We just want to see if pkexec stills works.
build and install an iso, then

$ sudo pkexec --user puppet id
Password:      # enter sysadmin password
uid=52(puppet) gid=52(puppet) groups=52(puppet)
$
====

Closes-bug: 1960087
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Change-Id: I267e29d90e75dc772e17f0b5866850b4bb5ac3d2
---
 centos-mirror-tools/config/centos/distro/rpms_centos.lst | 6 +++---
 centos-mirror-tools/config/centos/flock/rpms_centos.lst  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/centos-mirror-tools/config/centos/distro/rpms_centos.lst b/centos-mirror-tools/config/centos/distro/rpms_centos.lst
index c78ca15e..35511fa0 100644
--- a/centos-mirror-tools/config/centos/distro/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/distro/rpms_centos.lst
@@ -717,9 +717,9 @@ pixman-0.34.0-1.el7.x86_64.rpm
 pixman-devel-0.34.0-1.el7.x86_64.rpm
 # pkgconfig-0.27.1-4.el7.x86_64.rpm provided by mock
 po4a-0.44-10.el7.noarch.rpm
-polkit-0.112-26.el7.x86_64.rpm
-polkit-devel-0.112-26.el7.x86_64.rpm
-polkit-docs-0.112-26.el7.noarch.rpm
+polkit-0.112-26.el7_9.1.x86_64.rpm
+polkit-devel-0.112-26.el7_9.1.x86_64.rpm
+polkit-docs-0.112-26.el7_9.1.noarch.rpm
 polkit-pkla-compat-0.1-4.el7.x86_64.rpm
 poppler-0.26.5-20.el7.x86_64.rpm
 poppler-data-0.4.6-3.el7.noarch.rpm
diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
index 3d266240..64b11926 100644
--- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
@@ -713,7 +713,7 @@ plexus-interpolation-1.15-8.el7.noarch.rpm
 plexus-sec-dispatcher-1.4-13.el7.noarch.rpm
 plexus-utils-3.0.9-9.el7.noarch.rpm
 pm-utils-1.4.1-27.el7.x86_64.rpm
-polkit-0.112-26.el7.x86_64.rpm
+polkit-0.112-26.el7_9.1.x86_64.rpm
 polkit-pkla-compat-0.1-4.el7.x86_64.rpm
 # popt-1.13-16.el7.x86_64.rpm provided by mock
 popt-devel-1.13-16.el7.x86_64.rpm