community/networkmanager-elogind: add mitigation for CVE-2021-20297

2 files changed, 24 insertions, 3 deletions

diff --git a/community/networkmanager-elogind/APKBUILD b/community/networkmanager-elogind/APKBUILD
index 00a35e63e8c..958aeef2d27 100644
--- a/community/networkmanager-elogind/APKBUILD
+++ b/community/networkmanager-elogind/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: Rasmus Thomsen <oss@cogitri.dev>
 pkgname=networkmanager-elogind
 pkgver=1.26.6
-pkgrel=0
+pkgrel=1
 pkgdesc="Network Management daemon (with elogind hibernation support)"
 url="https://wiki.gnome.org/Projects/NetworkManager"
 arch="all !mips !mips64 !s390x" # polkit
@@ -57,6 +57,7 @@ source="$pkgname-$pkgver.tar.xz::https://download.gnome.org/sources/NetworkManag
 	musl-no-drand.patch
 	py3.patch
 	reallocarray.patch
+	CVE-2021-20297.patch
 	"
 options="!check" # fail to compile on musl
 provides="networkmanager"
@@ -65,6 +66,10 @@ install_if="networkmanager elogind"
 
 builddir="$srcdir"/NetworkManager-$pkgver
 
+# secfixes:
+#   1.26.6-r1:
+#     - CVE-2021-20297
+
 build() {
 	abuild-meson \
 		-Dsystemdsystemunitdir=no \
@@ -144,7 +149,8 @@ bashcomp() {
 
 	amove usr/share/bash-completion
 }
-sha512sums="f43869473bf625be270e3781a77310a877a8e945df08a6f9e668bb66fe173615e990fd9b3011c1c7b3aa23a9007db99c2f06c67f1185f7547771a816b06caf64  networkmanager-elogind-1.26.6.tar.xz
+sha512sums="
+f43869473bf625be270e3781a77310a877a8e945df08a6f9e668bb66fe173615e990fd9b3011c1c7b3aa23a9007db99c2f06c67f1185f7547771a816b06caf64  networkmanager-elogind-1.26.6.tar.xz
 0f79016bf717dea43830962f524deae8d1cedc274376e40bd912ebe63208c5b1c3b7a5aa14379da19020c587dbd5588df2f0066ca1540070a226983a43e4159b  networkmanager.conf
 5ac6d11b588c479de9c7e1fef79ed0a2c04dc159a2173636a6a77a2867c839cc1609860756109e9e794f23a02238a6d94834d8fb6fcb81a6be3ef1dbf4a34e6f  networkmanager.initd
 9820ed2ead0af689644842de57657bb10330a1eaff0e85b21ae9913f55e399e47d8b41b0a12956f30de80272b4424c6e55f33acbc88e156879003a260bf576f6  networkmanager.rules
@@ -156,4 +162,6 @@ b5cd94928ca3ba1fb71aec28d9ff66f319f6d23131e02c90f1dfbfaf16c537935228a9981c95f29f
 634377674691b52da80ca4c445a727d39cd40269f7deef0d3ccc1e1041cc262e8bc1423200e9a2b0cf1804e9950059ebbbc827f1200c6a97c58bc76080a6d6d2  musl-compar.patch
 342fb3eef0e7057b6d8f1a00687af17dc633387d8a25d475e3e9c8de5712221eec8ada634a189e3458dcbb12b20625b99b552acda3927b5baa61b960ce5740eb  musl-no-drand.patch
 8f7bb0128881cd281f4f9b2335d9788cde715d9fc29c295bad234b97a2df9e5ed99061da4806702d9ab8aa163711ffa283e82216ea8d714bb54d2b37aa2607cb  py3.patch
-423c97e0c08c53959f94c6e4de6388a0295b57f2d6404dca748bde82985e3eb25d1061ecb29ef7b568aa292b0169478c85f3c350206c34aafaa2ee99c4a6dc5f  reallocarray.patch"
+423c97e0c08c53959f94c6e4de6388a0295b57f2d6404dca748bde82985e3eb25d1061ecb29ef7b568aa292b0169478c85f3c350206c34aafaa2ee99c4a6dc5f  reallocarray.patch
+a59bf394d643e6570991e93c466c012a968415e27d9614ea26826d701a79a5e0b0a4acc6b4307caf6a48e381e4980cdca7518666cf340ee91ec20157305660af  CVE-2021-20297.patch
+"
diff --git a/community/networkmanager-elogind/CVE-2021-20297.patch b/community/networkmanager-elogind/CVE-2021-20297.patch
new file mode 100644
index 00000000000..5906c2a5346
--- /dev/null
+++ b/community/networkmanager-elogind/CVE-2021-20297.patch
@@ -0,0 +1,13 @@
+diff -urN NetworkManager-1.26.6.orig/src/nm-core-utils.c NetworkManager-1.26.6/src/nm-core-utils.c
+--- NetworkManager-1.26.6.orig/src/nm-core-utils.c	2021-06-03 14:10:00.375398397 -0600
++++ NetworkManager-1.26.6/src/nm-core-utils.c	2021-06-03 14:10:35.298882064 -0600
+@@ -1759,7 +1759,8 @@
+ 
+ 		_pattern_parse (patterns[i], &p, &is_inverted, &is_mandatory);
+ 
+-		match = (fnmatch (p, str, 0) == 0);
++		match = (fnmatch (p, str ?: "", 0) == 0);
++
+ 		if (is_inverted)
+ 			match = !match;
+