* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2016-01-03 16:51 Jory Pratt
0 siblings, 0 replies; 7+ messages in thread
From: Jory Pratt @ 2016-01-03 16:51 UTC (permalink / raw
To: gentoo-commits
commit: 7ca67b391cdbbcb243af5c0b046bedeef40cbdca
Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 3 16:47:41 2016 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sun Jan 3 16:47:41 2016 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=7ca67b39
sys-auth/polkit - update netgroup support patch for ~arch
...lkit-0.113-make-netgroup-support-optional.patch | 130 +++++++++++++++++++++
sys-auth/polkit/polkit-0.113.ebuild | 117 +++++++++++++++++++
2 files changed, 247 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.113-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.113-make-netgroup-support-optional.patch
new file mode 100644
index 0000000..232cc31
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.113-make-netgroup-support-optional.patch
@@ -0,0 +1,130 @@
+--- polkit-0.113/configure.ac
++++ polkit-0.113-optional-netgroup/configure.ac
+@@ -158,7 +158,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXP
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync getnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+--- polkit-0.113/src/polkitbackend/init.js
++++ polkit-0.113-optional-netgroup/src/polkitbackend/init.js
+@@ -29,7 +29,10 @@ function Subject() {
+ };
+
+ this.isInNetGroup = function(netGroup) {
+- return polkit._userIsInNetGroup(this.user, netGroup);
++ if (polkit._userIsInNetGroup)
++ return polkit._userIsInNetGroup(this.user, netGroup);
++ else
++ return false;
+ };
+
+ this.toString = function() {
+--- polkit-0.113/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ polkit-0.113-optional-netgroup/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2214,6 +2214,7 @@ get_users_in_group (PolkitIdentity
+ return ret;
+ }
+
++#ifdef HAVE_GETNETGRENT
+ static GList *
+ get_users_in_net_group (PolkitIdentity *group,
+ gboolean include_root)
+@@ -2269,6 +2270,7 @@ get_users_in_net_group (PolkitIdentity
+ endnetgrent ();
+ return ret;
+ }
++#endif
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+@@ -2355,10 +2357,12 @@ authentication_agent_initiate_challenge
+ {
+ user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
+ }
++#ifdef HAVE_GETNETGRENT
+ else if (POLKIT_IS_UNIX_NETGROUP (identity))
+ {
+ user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
+ }
++#endif
+ else
+ {
+ g_warning ("Unsupported identity");
+--- polkit-0.113/src/polkitbackend/polkitbackendjsauthority.c
++++ polkit-0.113-optional-netgroup/src/polkitbackend/polkitbackendjsauthority.c
+@@ -189,13 +189,16 @@ static JSClass js_polkit_class = {
+
+ static JSBool js_polkit_log (JSContext *cx, unsigned argc, jsval *vp);
+ static JSBool js_polkit_spawn (JSContext *cx, unsigned argc, jsval *vp);
++#ifdef HAVE_GETNETGRENT
+ static JSBool js_polkit_user_is_in_netgroup (JSContext *cx, unsigned argc, jsval *vp);
+-
++#endif
+ static JSFunctionSpec js_polkit_functions[] =
+ {
+ JS_FS("log", js_polkit_log, 0, 0),
+ JS_FS("spawn", js_polkit_spawn, 0, 0),
++#ifdef HAVE_GETNETGRENT
+ JS_FS("_userIsInNetGroup", js_polkit_user_is_in_netgroup, 0, 0),
++#endif
+ JS_FS_END
+ };
+
+@@ -1498,7 +1501,7 @@ js_polkit_spawn (JSContext *cx,
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+-
++#ifdef HAVE_GETNETGRENT
+ static JSBool
+ js_polkit_user_is_in_netgroup (JSContext *cx,
+ unsigned argc,
+@@ -1535,7 +1538,7 @@ js_polkit_user_is_in_netgroup (JSContext
+ out:
+ return ret;
+ }
+-
++#endif
+
+
+ /* ---------------------------------------------------------------------------------------------------- */
+--- polkit-0.113/test/polkitbackend/test-polkitbackendjsauthority.c
++++ polkit-0.113-optional-netgroup/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_GETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
+@@ -258,7 +260,7 @@ static const RulesTestCase rules_test_ca
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+-
++#if HAVE_GETNETGRENT
+ /* check netgroup membership */
+ {
+ /* john is a member of netgroup 'foo', see test/etc/netgroup */
+@@ -276,7 +278,7 @@ static const RulesTestCase rules_test_ca
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+-
++#endif
+ /* spawning */
+ {
+ "spawning_non_existing_helper",
+
diff --git a/sys-auth/polkit/polkit-0.113.ebuild b/sys-auth/polkit/polkit-0.113.ebuild
new file mode 100644
index 0000000..f43fe61
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.113.ebuild
@@ -0,0 +1,117 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils multilib pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
+IUSE="examples gtk +introspection jit kde nls pam selinux systemd test"
+
+CDEPEND="
+ dev-lang/spidermonkey:0/mozjs185[-debug]
+ >=dev-libs/glib-2.32:2
+ >=dev-libs/expat-2:=
+ introspection? ( >=dev-libs/gobject-introspection-1:= )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ lxde-base/lxpolkit
+ ) )
+ kde? ( || (
+ kde-plasma/polkit-kde-agent
+ sys-auth/polkit-kde-agent
+ ) )
+ !systemd? ( sys-auth/consolekit[policykit] )
+"
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${PN}-0.113-make-netgroup-support-optional.patch
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --enable-man-pages \
+ --disable-gtk-doc \
+ $(use_enable systemd libsystemd-login) \
+ $(use_enable introspection) \
+ --disable-examples \
+ $(use_enable nls) \
+ --with-mozjs=mozjs185 \
+ "$(systemd_with_unitdir)" \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ $(use_enable test) \
+ --with-os-type=gentoo
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ dodoc docs/TODO HACKING NEWS README
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ prune_libtool_files
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2017-02-23 3:29 Aric Belsito
0 siblings, 0 replies; 7+ messages in thread
From: Aric Belsito @ 2017-02-23 3:29 UTC (permalink / raw
To: gentoo-commits
commit: fb42c05d1344fa7b9650a2d2ad3e317d69821a69
Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Thu Feb 23 03:29:03 2017 +0000
Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Thu Feb 23 03:29:03 2017 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=fb42c05d
sys-auth/polkit: version bump to 0.113-r2
remove 0.112-r99 (no longer in tree)
sys-auth/polkit/Manifest | 9 +-
sys-auth/polkit/files/polkit-0.113-elogind.patch | 160 +++++++++++++++++++++
.../polkit-make-netgroup-support-optional.patch | 86 -----------
sys-auth/polkit/metadata.xml | 1 +
...kit-0.112-r99.ebuild => polkit-0.113-r2.ebuild} | 99 +++++++------
sys-auth/polkit/polkit-0.113.ebuild | 8 +-
6 files changed, 225 insertions(+), 138 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 8645889..943dbd2 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,7 +1,6 @@
+AUX polkit-0.113-elogind.patch 5611 SHA256 e53293e21eb9ece8bea7a90e2dd440f176af185470de33a3859b9a1274413e9a SHA512 27d863690b51c7520488c7924dc24c83b0b8ebc2d0285b62a249227a7993b93c1ba526d3c9dd0aaa4d0d979ff5aac7dea8001b21a1f10236249a38a7b92c3be4 WHIRLPOOL 14dd9439136b0f17392a998d9b7f16435468ae66f91012185e67e6b56a1e6a3ec4b1bbfbe210949f31c0912cef046559a446c1d3f1939c82726604f55871b45c
AUX polkit-0.113-make-netgroup-support-optional.patch 4099 SHA256 eba507f6bb0edaa0a0a4c48147543b5ba0d37faa6f672bc20b854b5f09eb7588 SHA512 91b4dcc2cad4954763b5f405504c88e3b339054c21121a586472f9b4d1d4db53e0719794628482e1b9bade0e0d3cbd882fafb402c626fdcd4aa716a7480f4f68 WHIRLPOOL 8419ff003e2629215500a8bbde4152cefddc57c080a77aa9962de8cac33686866dbc1d67a2d1e89c8ecb066c1e72b24967d65426bcf88a45ce8d627b69056488
-AUX polkit-make-netgroup-support-optional.patch 2818 SHA256 840f295f8c99005938a501e696080136bcea6696a2e0abfe4c5f0f1e46a079a0 SHA512 90ad57cdbdfcd706b1443b596eb2aa849e73e56d6c25c72683270a8f71d5e8c0144c9fa39e4267928531b1b7bf1870ab29cb6f19981ef1621419da7540d8ccbb WHIRLPOOL c68e260ce7fa65001fe0a4fcff97ebff9c447cad7d6fb8a564ebfb13e27b5c6e09be6b8f30a56cd1a3fcd0efe4346c6736e75004fd4aaeb1163209ad61eb77b7
-DIST polkit-0.112.tar.gz 1429240 SHA256 d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 SHA512 e4ad1bd287b38e5650cb94b1897a959b2ceaa6c19b4478ba872eacb13b58758fd42f6ab1718976162d823d850cd5c99b3ccadf1b57d75dea7790101422029d5f WHIRLPOOL af5dd0a17b7356302b0319e80565d6ac916128dfc85b6e2711147f3de86651f11fe8d08f3d6067d7abd24e263be92403f9d8f46935ba93db571e386a603a038a
DIST polkit-0.113.tar.gz 1448865 SHA256 e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9 WHIRLPOOL 106db7e6085a4ce49da44929138671eff2fd6007c80533518abe2d91ede9242b1e3cd0a1801190eeac5d4d5c1e978a30a18e47a6b604497b38853fa60c935a81
-EBUILD polkit-0.112-r99.ebuild 3316 SHA256 5e2f2cd52b93b5524d2c65e0b3dfde9cb976c5026b6ec9fc0b790e4fa902a96f SHA512 bc8fd3695cb4ce01a350e8f41161c90ab913c6740f20207546f37da2c9f6ad68de7e3cf0aaa889ada403205392cd2d5b238c9276aae59dd8df2bed691d645d06 WHIRLPOOL f3bdbe97a68e7552129b16318fa75618d85241c7bf6f91209e90cabb0776cb09018240f2ed016ce16df18cdd250fd4410fb698cfd5b29369a1851b424c265218
-EBUILD polkit-0.113.ebuild 2755 SHA256 0636e5b6b17b4ecfe655f3547e64c3eb9d1b1067c8858ff2dc00d749ed81e878 SHA512 8b665cb3618b51d0e59b18c7eeb0e8b4d440348d2a6da1bd46dc851c58f2d154e457ba85f1502e63ac286262fb4a7b3a35ec1f0c47a8402e4ce9d3f673d7ca45 WHIRLPOOL 72476a771d0d9974ec7f104c7b721a5f454989bb7ba73f8d5ca804bb79bbd5e75198421ffb44d05b05ff57fa1b1ab15cf2e7687d5f244b15965e218a85037114
-MISC metadata.xml 368 SHA256 6534d248e3385826f0d340734e1242c15261786e32db74d12499062ecbf2bddc SHA512 c7c83834285eb494682f56460e5a494a368dff4e9c9dbcfe7ad367a403e812dd64f0bbbf49b26f8f9e8f83c3c40ddeaf7489c8e632a0149e0be056be04aa031d WHIRLPOOL 90d3f192e593775dc409984aedf177315af40991781d84f080e3f0864d0107c7320c76fcdd48ca2a5d5c2415650c0b1dcceeb9026f0b4409a10741a77daf5880
+EBUILD polkit-0.113-r2.ebuild 3384 SHA256 19dc6fa1d23c3a537af57bd2151437ab34a36e63c8e532bcdc23a5d5f176e834 SHA512 4d266140ea3102c818c016299a37bbae6108e4cedcc80d762349d8237cd656754b49d836c84e940f58666305305dcf43eae0f57f34630b41de9ab2d8e1aa641d WHIRLPOOL b6a1f44e03f2dbcca44093d71208f577c9b499ac3d3fba14bff976ede213b1ce959a4acb7f2a6394fa22cbbb6a705ee83df99a1dd5c4aadc5b3e3f01e21bbb1f
+EBUILD polkit-0.113.ebuild 2795 SHA256 164fdfad89e3b304220fa5a4171b0d2a784d499b22eaafbb6bd6e5b0154690a8 SHA512 ab4e1b89e42c56af10b8209e9b51359875021b37f9a9367f9321e4fd314daf9a2c7be40be3cb2c9c9ced0891a6e7abd7cbb4ae682a477f6866a211a5af51103f WHIRLPOOL 276f771c6d0270e6734febaef7b1cc01e3f4cf71a6081dbfc281264e9e4ba30a54c9daf759156b9f560673fed9e2c381d4a73e4c20457425aead322c3c216cf9
+MISC metadata.xml 493 SHA256 868f4f8f3c8593e0f1441e5e36944b3386cda4eac8d0986ab3b390d53106b71f SHA512 9c7b199d1a3b1193beb4d01e52d5e90d81821aa6df6785482da7ee37c0ca777c12095f160bc997c77d0089429c2e338cf75d0a46836416736178cd661ffa80f5 WHIRLPOOL 8ef937efdf5e1c41e16cd908fe3c13b05f33751c5c5a1d4eeab833641db31fc0808ec7bfd6b364a5db55812108b78346da03bd75baf50adaba24ec7f1920d60f
diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch
new file mode 100644
index 0000000..fb142c6
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch
@@ -0,0 +1,160 @@
+--- a/configure.ac 2016-11-03 20:16:02.842071344 +0100
++++ b/configure.ac 2016-11-03 20:15:34.612071850 +0100
+@@ -183,11 +183,12 @@
+
+ AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"])
+
+-dnl ---------------------------------------------------------------------------
+-dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking
+-dnl ---------------------------------------------------------------------------
++dnl -----------------------------------------------------------------------------------
++dnl - Select wether to use libsystemd-login, elogind or ConsoleKit for session tracking
++dnl -----------------------------------------------------------------------------------
+
+ have_libsystemd=no
++have_elogind=no
+ SESSION_TRACKING=ConsoleKit
+
+ AC_ARG_ENABLE([libsystemd-login],
+@@ -220,6 +221,29 @@
+ fi
+ fi
+ fi
++
++AC_ARG_ENABLE([libelogind],
++ [AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])],
++ [enable_libelogind=$enableval],
++ [enable_libelogind=auto])
++if test "$enable_libelogind" != "no"; then
++ PKG_CHECK_MODULES([LIBELOGIND],
++ [libelogind],
++ [have_libelogind=yes],
++ [have_libelogind=no])
++ if test "$have_libelogind" = "yes"; then
++ SESSION_TRACKING=libelogind
++ AC_DEFINE([HAVE_LIBELOGIND], 1, [Define to 1 if libelogind is available])
++ save_LIBS=$LIBS
++ LIBS=$LIBELOGIND_LIBS
++ AC_CHECK_FUNCS(sd_uid_get_display)
++ LIBS=$save_LIBS
++ else
++ if test "$enable_libelogind" = "yes"; then
++ AC_MSG_ERROR([libelogind support requested but libelogind not found])
++ fi
++ fi
++fi
+
+ AS_IF([test "x$cross_compiling" != "xyes" ], [
+ AS_IF([test "$have_libsystemd" = "yes"], [
+@@ -245,6 +245,10 @@
+ AC_SUBST(LIBSYSTEMD_LIBS)
+ AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
+
++AC_SUBST(LIBELOGIND_CFLAGS)
++AC_SUBST(LIBELOGIND_LIBS)
++AM_CONDITIONAL(HAVE_LIBELOGIND, [test "$have_libelogind" = "yes"], [Using libelogind])
++
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+ dnl ---------------------------------------------------------------------------
+--- a/src/polkitbackend/Makefile.am 2016-11-04 04:40:46.930116006 +0100
++++ b/src/polkitbackend/Makefile.am 2016-11-04 04:42:14.586114436 +0100
+@@ -42,21 +42,28 @@
+ libpolkit_backend_1_la_SOURCES += \
+ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c
+ else
++if HAVE_LIBELOGIND
++libpolkit_backend_1_la_SOURCES += \
++ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c
++else
+ libpolkit_backend_1_la_SOURCES += \
+ polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c
+ endif
++endif
+
+ libpolkit_backend_1_la_CFLAGS = \
+ -D_POLKIT_COMPILATION \
+ -D_POLKIT_BACKEND_COMPILATION \
+ $(GLIB_CFLAGS) \
+ $(LIBSYSTEMD_CFLAGS) \
++ $(LIBELOGIND_CFLAGS) \
+ $(LIBJS_CFLAGS) \
+ $(NULL)
+
+ libpolkit_backend_1_la_LIBADD = \
+ $(GLIB_LIBS) \
+ $(LIBSYSTEMD_LIBS) \
++ $(LIBELOGIND_LIBS) \
+ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \
+ $(EXPAT_LIBS) \
+ $(LIBJS_LIBS) \
+--- a/src/polkit/Makefile.am 2016-11-04 04:41:02.756115723 +0100
++++ b/src/polkit/Makefile.am 2016-11-04 04:42:49.428113812 +0100
+@@ -85,19 +85,26 @@
+ libpolkit_gobject_1_la_SOURCES += \
+ polkitunixsession-systemd.c polkitunixsession.h
+ else
++if HAVE_LIBELOGIND
++libpolkit_gobject_1_la_SOURCES += \
++ polkitunixsession-systemd.c polkitunixsession.h
++else
+ libpolkit_gobject_1_la_SOURCES += \
+ polkitunixsession.c polkitunixsession.h
+ endif
++endif
+
+ libpolkit_gobject_1_la_CFLAGS = \
+ -D_POLKIT_COMPILATION \
+ $(GLIB_CFLAGS) \
+ $(LIBSYSTEMD_CFLAGS) \
++ $(LIBELOGIND_CFLAGS) \
+ $(NULL)
+
+ libpolkit_gobject_1_la_LIBADD = \
+ $(GLIB_LIBS) \
+ $(LIBSYSTEMD_LIBS) \
++ $(LIBELOGIND_LIBS) \
+ $(NULL)
+
+ libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
+--- a/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:29.650112018 +0100
++++ b/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:58.283111505 +0100
+@@ -39,6 +39,10 @@
+ #include <systemd/sd-login.h>
+ #endif /* HAVE_LIBSYSTEMD */
+
++#ifdef HAVE_LIBELOGIND
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBELOGIND */
++
+ #include <jsapi.h>
+
+ #include "initjs.h" /* init.js */
+--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:44:29.650112018 +0100
++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:46:52.718109455 +0100
+@@ -25,7 +25,11 @@
+ #include <grp.h>
+ #include <string.h>
+ #include <glib/gstdio.h>
++#ifdef HAVE_LIBSYSTEMD
+ #include <systemd/sd-login.h>
++#else
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBSYSTEMD versus HAVE_LIBELOGIND */
+ #include <stdlib.h>
+
+ #include <polkit/polkit.h>
+--- a/src/polkit/polkitunixsession-systemd.c 2016-11-04 04:44:29.651112017 +0100
++++ b/src/polkit/polkitunixsession-systemd.c 2016-11-04 04:47:07.160109197 +0100
+@@ -30,7 +30,11 @@
+ #include "polkiterror.h"
+ #include "polkitprivate.h"
+
++#ifdef HAVE_LIBSYSTEMD
+ #include <systemd/sd-login.h>
++#else
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBSYSTEMD versus HAVE_ELOGIND */
+
+ /**
+ * SECTION:polkitunixsession
diff --git a/sys-auth/polkit/files/polkit-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-make-netgroup-support-optional.patch
deleted file mode 100644
index 07efd0e..0000000
--- a/sys-auth/polkit/files/polkit-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 4bb6d90..8d30a95 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -158,7 +158,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv)
-+AC_CHECK_FUNCS(clearenv getnetgrent innetgr)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 3bd2f0b..9d2ec61 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2103,6 +2103,7 @@ get_users_in_group (PolkitIdentity *group,
- return ret;
- }
-
-+#if defined HAVE_GETNETGRENT
- static GList *
- get_users_in_net_group (PolkitIdentity *group,
- gboolean include_root)
-@@ -2154,6 +2155,7 @@ get_users_in_net_group (PolkitIdentity *group,
- endnetgrent ();
- return ret;
- }
-+#endif
-
- /* ---------------------------------------------------------------------------------------------------- */
-
-@@ -2243,10 +2245,12 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
- {
- user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
- }
-+#if defined HAVE_GETNETGRENT
- else if (POLKIT_IS_UNIX_NETGROUP (identity))
- {
- user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
- }
-+#endif
- else
- {
- g_warning ("Unsupported identity");
-diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
-index bc2fe22..b84c110 100644
---- a/src/polkitbackend/polkitbackendjsauthority.c
-+++ b/src/polkitbackend/polkitbackendjsauthority.c
-@@ -29,6 +29,7 @@
- #include <glib/gstdio.h>
- #include <locale.h>
- #include <glib/gi18n-lib.h>
-+#include <sys/wait.h>
-
- #include <polkit/polkit.h>
- #include "polkitbackendjsauthority.h"
-@@ -1450,13 +1451,16 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- JSBool ret = JS_FALSE;
- JSString *user_str;
- JSString *netgroup_str;
-- char *user;
-- char *netgroup;
- JSBool is_in_netgroup = JS_FALSE;
-
- if (!JS_ConvertArguments (cx, argc, JS_ARGV (cx, vp), "SS", &user_str, &netgroup_str))
- goto out;
-
-+#if defined(HAVE_INNETGR)
-+ {
-+ char *user;
-+ char *netgroup;
-+
- user = JS_EncodeString (cx, user_str);
- netgroup = JS_EncodeString (cx, netgroup_str);
-
-@@ -1470,6 +1474,8 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS_free (cx, netgroup);
- JS_free (cx, user);
-+ }
-+#endif
-
- ret = JS_TRUE;
-
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index cc3a0b4..348a315 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -5,6 +5,7 @@
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
+ <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
</use>
</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.112-r99.ebuild b/sys-auth/polkit/polkit-0.113-r2.ebuild
similarity index 50%
rename from sys-auth/polkit/polkit-0.112-r99.ebuild
rename to sys-auth/polkit/polkit-0.113-r2.ebuild
index 5ba1efe..9528e04 100644
--- a/sys-auth/polkit/polkit-0.112-r99.ebuild
+++ b/sys-auth/polkit/polkit-0.113-r2.ebuild
@@ -1,51 +1,61 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
-EAPI=5
-inherit eutils autotools multilib pam pax-utils systemd user
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
-SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
LICENSE="LGPL-2"
SLOT="0"
-KEYWORDS="amd64 arm ~mips ppc x86"
-IUSE="examples gtk +introspection jit kde nls pam selinux systemd"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
CDEPEND="
- ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
- hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
- mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] )
- !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) )
- >=dev-libs/glib-2.32
- >=dev-libs/expat-2:=
- introspection? ( >=dev-libs/gobject-introspection-1 )
+ dev-lang/spidermonkey:0/mozjs185[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ introspection? ( dev-libs/gobject-introspection )
pam? (
sys-auth/pambase
virtual/pam
- )
- systemd? ( sys-apps/systemd:0= )"
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
DEPEND="${CDEPEND}
app-text/docbook-xml-dtd:4.1.2
app-text/docbook-xsl-stylesheets
dev-libs/libxslt
+ dev-util/gtk-doc-am
dev-util/intltool
- virtual/pkgconfig"
+ sys-devel/gettext
+ virtual/pkgconfig
+"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-policykit )
"
PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- lxde-base/lxpolkit
- ) )
+ gtk? ( >=gnome-extra/polkit-gnome-0.105 )
kde? ( || (
kde-plasma/polkit-kde-agent
sys-auth/polkit-kde-agent
- ) )
- !systemd? ( sys-auth/consolekit[policykit] )"
+ ) )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ "${FILESDIR}"/${P}-elogind.patch
+ "${FILESDIR}"/${P}-make-netgroup-support-optional.patch
+)
QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkit-agent-helper-1
@@ -62,25 +72,38 @@ pkg_setup() {
}
src_prepare() {
+ default
+
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
- epatch "${FILESDIR}"/${PN}-make-netgroup-support-optional.patch
- eautoreconf || die
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
}
src_configure() {
+ xdg_environment_reset
+
econf \
--localstatedir="${EPREFIX}"/var \
--disable-static \
--enable-man-pages \
--disable-gtk-doc \
- $(use_enable systemd libsystemd-login) \
- $(use_enable introspection) \
--disable-examples \
+ --with-mozjs=mozjs185 \
+ $(use_enable elogind libelogind) \
+ $(use_enable introspection) \
$(use_enable nls) \
- $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \
- "$(systemd_with_unitdir)" \
- --with-authfw=$(usex pam pam shadow) \
$(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use_enable systemd libsystemd-login) \
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+ $(use_enable test) \
--with-os-type=gentoo
}
@@ -88,21 +111,11 @@ src_compile() {
default
# Required for polkitd on hardened/PaX due to spidermonkey's JIT
- local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest'
- local m=''
- # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910
- has_version 'dev-lang/spidermonkey:17[jit]' && m='m'
- # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags
- use hppa && m='mr'
- use ia64 && m='mr'
- use mips && m='mr'
- [ -n "$m" ] && pax-mark ${m} ${f}
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
}
src_install() {
- emake DESTDIR="${D}" install
-
- dodoc docs/TODO HACKING NEWS README
+ default
fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
@@ -114,7 +127,7 @@ src_install() {
doins src/examples/{*.c,*.policy*}
fi
- prune_libtool_files
+ find "${D}" -name '*.la' -delete || die
}
pkg_postinst() {
diff --git a/sys-auth/polkit/polkit-0.113.ebuild b/sys-auth/polkit/polkit-0.113.ebuild
index e567fce..f064559 100644
--- a/sys-auth/polkit/polkit-0.113.ebuild
+++ b/sys-auth/polkit/polkit-0.113.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
@@ -6,12 +6,12 @@ EAPI=5
inherit eutils multilib pam pax-utils systemd user
DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
-SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
LICENSE="LGPL-2"
SLOT="0"
-KEYWORDS="amd64 arm ~mips ppc x86"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
IUSE="examples gtk +introspection jit kde nls pam selinux systemd test"
CDEPEND="
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2018-12-02 18:03 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2018-12-02 18:03 UTC (permalink / raw
To: gentoo-commits
commit: 01006f554aa646ac1ef275753c3d28123d217b68
Author: S. Lockwood-Childs <sjl <AT> vctlabs <DOT> com>
AuthorDate: Mon Nov 26 10:33:01 2018 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Dec 2 18:03:14 2018 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=01006f55
sys-auth/polkit: bump version to 0.115
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 +
sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 ++++
...lkit-0.115-make-netgroup-support-optional.patch | 129 +++++++++++++++++++
sys-auth/polkit/polkit-0.115-r1.ebuild | 141 +++++++++++++++++++++
4 files changed, 299 insertions(+)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 39836f8..3883c90 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1 +1,2 @@
DIST polkit-0.113.tar.gz 1448865 BLAKE2B 93cb6abf03d0de193e9f64b953bee40faf3bd07cf6f86beb4f84edd740dedc0bcf7a1ffd6b3a1a816e5adad0ee59536dacae3d991add4c4965cc6a98566b7470 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9
+DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1 SHA512 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch
new file mode 100644
index 0000000..93d6720
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-elogind.patch
@@ -0,0 +1,28 @@
+From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
+From: Rasmus Thomsen <cogitri@exherbo.org>
+Date: Wed, 11 Apr 2018 13:14:14 +0200
+Subject: [PATCH] configure: fix elogind support
+
+HAVE_LIBSYSTEMD is used to determine which source files to use.
+We have to check if either have_libsystemd or have_libelogind is
+true, as both of these need the source files which are used when
+HAVE_LIBSYSTEMD is true.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 36df239..da47ecb 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
+
+ AC_SUBST(LIBSYSTEMD_CFLAGS)
+ AC_SUBST(LIBSYSTEMD_LIBS)
+-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
+
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+--
+2.17.0
diff --git a/sys-auth/polkit/files/polkit-0.115-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.115-make-netgroup-support-optional.patch
new file mode 100644
index 0000000..0a8f886
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-make-netgroup-support-optional.patch
@@ -0,0 +1,129 @@
+--- polkit-0.115/configure.ac
++++ polkit-0.115-optional-netgroup/configure.ac
+@@ -158,7 +158,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXP
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync getnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+--- polkit-0.115/src/polkitbackend/init.js
++++ polkit-0.115-optional-netgroup/src/polkitbackend/init.js
+@@ -29,7 +29,10 @@ function Subject() {
+ };
+
+ this.isInNetGroup = function(netGroup) {
+- return polkit._userIsInNetGroup(this.user, netGroup);
++ if (polkit._userIsInNetGroup)
++ return polkit._userIsInNetGroup(this.user, netGroup);
++ else
++ return false;
+ };
+
+ this.toString = function() {
+--- polkit-0.115/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ polkit-0.115-optional-netgroup/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2214,6 +2214,7 @@ get_users_in_group (PolkitIdentity
+ return ret;
+ }
+
++#ifdef HAVE_GETNETGRENT
+ static GList *
+ get_users_in_net_group (PolkitIdentity *group,
+ gboolean include_root)
+@@ -2269,6 +2270,7 @@ get_users_in_net_group (PolkitIdentity
+ endnetgrent ();
+ return ret;
+ }
++#endif
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+@@ -2355,10 +2357,12 @@ authentication_agent_initiate_challenge
+ {
+ user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
+ }
++#ifdef HAVE_GETNETGRENT
+ else if (POLKIT_IS_UNIX_NETGROUP (identity))
+ {
+ user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
+ }
++#endif
+ else
+ {
+ g_warning ("Unsupported identity");
+--- polkit-0.115/src/polkitbackend/polkitbackendjsauthority.cpp
++++ polkit-0.115-optional-netgroup/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -194,13 +194,16 @@
+
+ static bool js_polkit_log (JSContext *cx, unsigned argc, JS::Value *vp);
+ static bool js_polkit_spawn (JSContext *cx, unsigned argc, JS::Value *vp);
++#ifdef HAVE_GETNETGRENT
+ static bool js_polkit_user_is_in_netgroup (JSContext *cx, unsigned argc, JS::Value *vp);
+-
++#endif
+ static JSFunctionSpec js_polkit_functions[] =
+ {
+ JS_FN("log", js_polkit_log, 0, 0),
+ JS_FN("spawn", js_polkit_spawn, 0, 0),
++#ifdef HAVE_GETNETGRENT
+ JS_FN("_userIsInNetGroup", js_polkit_user_is_in_netgroup, 0, 0),
++#endif
+ JS_FS_END
+ };
+
+@@ -1486,6 +1489,7 @@
+ /* ---------------------------------------------------------------------------------------------------- */
+
+
++#ifdef HAVE_GETNETGRENT
+ static bool
+ js_polkit_user_is_in_netgroup (JSContext *cx,
+ unsigned argc,
+@@ -1523,7 +1523,7 @@
+
+ return ret;
+ }
+-
++#endif
+
+
+ /* ---------------------------------------------------------------------------------------------------- */
+--- polkit-0.115/test/polkitbackend/test-polkitbackendjsauthority.c
++++ polkit-0.115-optional-netgroup/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_GETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
+@@ -258,7 +260,7 @@ static const RulesTestCase rules_test_ca
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+-
++#if HAVE_GETNETGRENT
+ /* check netgroup membership */
+ {
+ /* john is a member of netgroup 'foo', see test/etc/netgroup */
+@@ -276,7 +278,7 @@ static const RulesTestCase rules_test_ca
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+-
++#endif
+ /* spawning */
+ {
+ "spawning_non_existing_helper",
+
diff --git a/sys-auth/polkit/polkit-0.115-r1.ebuild b/sys-auth/polkit/polkit-0.115-r1.ebuild
new file mode 100644
index 0000000..1aaaf77
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r1.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+ dev-lang/spidermonkey:52[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ introspection? ( dev-libs/gobject-introspection )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ "${FILESDIR}"/${P}-elogind.patch # bug 660880
+ "${FILESDIR}"/${P}-make-netgroup-support-optional.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2019-04-28 21:55 Jory Pratt
0 siblings, 0 replies; 7+ messages in thread
From: Jory Pratt @ 2019-04-28 21:55 UTC (permalink / raw
To: gentoo-commits
commit: 0b221c4343840a141621811e896da9f4fa359869
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 28 21:55:50 2019 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sun Apr 28 21:55:50 2019 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=0b221c43
sys-auth/polkit: sync with tree, update netgroup patch
Package-Manager: Portage-2.3.65, Repoman-2.3.12
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 +
...lkit-0.116-make-netgroup-support-optional.patch | 155 +++++++++++++++++++++
sys-auth/polkit/metadata.xml | 5 +-
sys-auth/polkit/polkit-0.116.ebuild | 143 +++++++++++++++++++
4 files changed, 302 insertions(+), 2 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 3883c90..9a71461 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,2 +1,3 @@
DIST polkit-0.113.tar.gz 1448865 BLAKE2B 93cb6abf03d0de193e9f64b953bee40faf3bd07cf6f86beb4f84edd740dedc0bcf7a1ffd6b3a1a816e5adad0ee59536dacae3d991add4c4965cc6a98566b7470 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9
DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1 SHA512 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc
+DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional.patch
new file mode 100644
index 0000000..0b4b698
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional.patch
@@ -0,0 +1,155 @@
+From 6a46ff1b969a7109c6f5f25ebabaa943bbd5bdaf Mon Sep 17 00:00:00 2001
+From:
+Date: Sun, 28 Apr 2019 16:46:26 -0500
+Subject: [PATCH] make netgroup support optional
+
+---
+ configure.ac | 2 +-
+ src/polkitbackend/init.js | 5 ++++-
+ src/polkitbackend/polkitbackendinteractiveauthority.c | 4 ++++
+ src/polkitbackend/polkitbackendjsauthority.cpp | 8 ++++++--
+ test/polkitbackend/test-polkitbackendjsauthority.c | 6 ++++--
+ 5 files changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5cedb4e..88ce2a6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync getnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkitbackend/init.js b/src/polkitbackend/init.js
+index 79c80b6..2065cff 100644
+--- a/src/polkitbackend/init.js
++++ b/src/polkitbackend/init.js
+@@ -29,7 +29,10 @@ function Subject() {
+ };
+
+ this.isInNetGroup = function(netGroup) {
+- return polkit._userIsInNetGroup(this.user, netGroup);
++ if (polkit._userIsInNetGroup)
++ return polkit._userIsInNetGroup(this.user, netGroup);
++ else
++ return false;
+ };
+
+ this.toString = function() {
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 056d9a8..559cd06 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2225,6 +2225,7 @@ get_users_in_group (PolkitIdentity *group,
+ return ret;
+ }
+
++#ifdef HAVE_GETNETGRENT
+ static GList *
+ get_users_in_net_group (PolkitIdentity *group,
+ gboolean include_root)
+@@ -2284,6 +2285,7 @@ get_users_in_net_group (PolkitIdentity *group,
+ endnetgrent ();
+ return ret;
+ }
++#endif
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+@@ -2369,10 +2371,12 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ {
+ user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
+ }
++#ifdef HAVE_GETNETGRENT
+ else if (POLKIT_IS_UNIX_NETGROUP (identity))
+ {
+ user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
+ }
++#endif
+ else
+ {
+ g_warning ("Unsupported identity");
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 9b752d1..dcff711 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -192,13 +192,17 @@ static JSClass js_polkit_class = {
+
+ static bool js_polkit_log (JSContext *cx, unsigned argc, JS::Value *vp);
+ static bool js_polkit_spawn (JSContext *cx, unsigned argc, JS::Value *vp);
++#ifdef HAVE_GETNETGRENT
+ static bool js_polkit_user_is_in_netgroup (JSContext *cx, unsigned argc, JS::Value *vp);
++#endif
+
+ static JSFunctionSpec js_polkit_functions[] =
+ {
+ JS_FN("log", js_polkit_log, 0, 0),
+ JS_FN("spawn", js_polkit_spawn, 0, 0),
++#ifdef HAVE_GETNETGRENT
+ JS_FN("_userIsInNetGroup", js_polkit_user_is_in_netgroup, 0, 0),
++#endif
+ JS_FS_END
+ };
+
+@@ -1488,7 +1492,7 @@ js_polkit_spawn (JSContext *cx,
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+-
++#ifdef HAVE_GETNETGRENT
+ static bool
+ js_polkit_user_is_in_netgroup (JSContext *cx,
+ unsigned argc,
+@@ -1526,7 +1530,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ return ret;
+ }
+-
++#endif
+
+
+ /* ---------------------------------------------------------------------------------------------------- */
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index 71aad23..2b2a5d4 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_GETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
+@@ -266,7 +268,7 @@ static const RulesTestCase rules_test_cases[] = {
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+-
++#if HAVE_GETNETGRENT
+ /* check netgroup membership */
+ {
+ /* john is a member of netgroup 'foo', see test/etc/netgroup */
+@@ -284,7 +286,7 @@ static const RulesTestCase rules_test_cases[] = {
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+-
++#endif
+ /* spawning */
+ {
+ "spawning_non_existing_helper",
+--
+2.21.0
+
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index 348a315..c60e1e3 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -5,7 +5,8 @@
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
- <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
- <flag name="systemd">Use <pkg>sys-apps/systemd</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
+ <flag name="consolekit">Use <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
+ <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag>
+ <flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
</use>
</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.116.ebuild b/sys-auth/polkit/polkit-0.116.ebuild
new file mode 100644
index 0000000..3cdf6ba
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.116.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="^^ ( consolekit elogind systemd )"
+
+BDEPEND="
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:60[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ consolekit? ( sys-auth/consolekit[policykit] )
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+
+ "${FILESDIR}"/polkit-0.116-make-netgroup-support-optional.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2020-09-17 15:19 Jory Pratt
0 siblings, 0 replies; 7+ messages in thread
From: Jory Pratt @ 2020-09-17 15:19 UTC (permalink / raw
To: gentoo-commits
commit: b690de43759b5869bfc3af925094a0485d323b41
Author: stefson <herrtimson <AT> yahoo <DOT> de>
AuthorDate: Wed Sep 9 07:18:15 2020 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Thu Sep 17 15:19:14 2020 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=b690de43
sys-auth/polkit: add upstream fix for mozjs-78
taken from upstream: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/64
Keywords are dropped, to allow testing for others.
Signed-off-by: Steffen Kuhn <nielson2 <AT> yandex.com>
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-auth/polkit/files/polkit-0.117-mozjs-78.patch | 104 ++++++++++++++++
sys-auth/polkit/polkit-0.117-r1.ebuild | 138 ++++++++++++++++++++++
2 files changed, 242 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.117-mozjs-78.patch b/sys-auth/polkit/files/polkit-0.117-mozjs-78.patch
new file mode 100644
index 0000000..f64a7bf
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.117-mozjs-78.patch
@@ -0,0 +1,104 @@
+From 3e1d61868fa8bfc586099302e931433270e5d17d Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Tue, 25 Aug 2020 16:38:34 +0000
+Subject: [PATCH] Port polkit to mozjs78
+
+---
+ configure.ac | 4 ++--
+ src/polkitbackend/polkitbackendjsauthority.cpp | 15 ++++++---------
+ 2 files changed, 8 insertions(+), 11 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index eea70fc7..c4569f10 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -34,7 +34,7 @@ AC_PROG_LN_S
+ AC_SYS_LARGEFILE
+ AM_PROG_CC_C_O
+ AC_PROG_CXX
+-AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
++AX_CXX_COMPILE_STDCXX([17], [], [mandatory])
+
+ # Taken from dbus
+ AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
+@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
+-PKG_CHECK_MODULES(LIBJS, [mozjs-68])
++PKG_CHECK_MODULES(LIBJS, [mozjs-78])
+
+ AC_SUBST(LIBJS_CFLAGS)
+ AC_SUBST(LIBJS_CXXFLAGS)
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 25bd1f93..ca171083 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -49,6 +49,7 @@
+ #include <js/Realm.h>
+ #include <js/SourceText.h>
+ #include <js/Warnings.h>
++#include <js/Array.h>
+ #include <jsapi.h>
+
+ #include "initjs.h" /* init.js */
+@@ -367,7 +368,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
+ static void
+ reload_scripts (PolkitBackendJsAuthority *authority)
+ {
+- JS::AutoValueArray<1> args(authority->priv->cx);
++ JS::RootedValueArray<1> args(authority->priv->cx);
+ JS::RootedValue rval(authority->priv->cx);
+
+ JS::RootedObject js_polkit(authority->priv->cx, authority->priv->js_polkit->get ());
+@@ -482,10 +483,6 @@ polkit_backend_js_authority_constructed (GObject *object)
+ if (!JS::InitSelfHostedCode (authority->priv->cx))
+ goto fail;
+
+- JS::ContextOptionsRef (authority->priv->cx)
+- .setIon (TRUE)
+- .setBaseline (TRUE)
+- .setAsmJS (TRUE);
+ JS::SetWarningReporter(authority->priv->cx, report_error);
+ JS_SetContextPrivate (authority->priv->cx, authority);
+
+@@ -720,7 +717,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
+ elems[n].setNull ();
+ }
+
+- JS::RootedObject array_object(authority->priv->cx, JS_NewArrayObject (authority->priv->cx, elems));
++ JS::RootedObject array_object(authority->priv->cx, JS::NewArrayObject (authority->priv->cx, elems));
+
+ value_jsval = JS::ObjectValue (*array_object);
+ JS_SetProperty (authority->priv->cx, obj, name, value_jsval);
+@@ -1114,7 +1111,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
+ {
+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
+ GList *ret = NULL;
+- JS::AutoValueArray<2> args(authority->priv->cx);
++ JS::RootedValueArray<2> args(authority->priv->cx);
+ JS::RootedValue rval(authority->priv->cx);
+ guint n;
+ GError *error = NULL;
+@@ -1218,7 +1215,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
+ {
+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
+ PolkitImplicitAuthorization ret = implicit;
+- JS::AutoValueArray<2> args(authority->priv->cx);
++ JS::RootedValueArray<2> args(authority->priv->cx);
+ JS::RootedValue rval(authority->priv->cx);
+ GError *error = NULL;
+ JS::RootedString ret_jsstr (authority->priv->cx);
+@@ -1409,7 +1406,7 @@ js_polkit_spawn (JSContext *cx,
+ JS::CallArgs args = JS::CallArgsFromVp (js_argc, vp);
+ array_object = &args[0].toObject();
+
+- if (!JS_GetArrayLength (cx, array_object, &array_len))
++ if (!JS::GetArrayLength (cx, array_object, &array_len))
+ {
+ JS_ReportErrorUTF8 (cx, "Failed to get array length");
+ goto out;
+--
+GitLab
+
+
diff --git a/sys-auth/polkit/polkit-0.117-r1.ebuild b/sys-auth/polkit/polkit-0.117-r1.ebuild
new file mode 100644
index 0000000..4adbf55
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.117-r1.ebuild
@@ -0,0 +1,138 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+#KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 x86"
+IUSE="consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( consolekit elogind systemd )"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:78[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ consolekit? ( sys-auth/consolekit[policykit] )
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+
+ # https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/64
+ "${FILESDIR}"/polkit-0.117-mozjs-78.patch
+
+ # locally rebased patch
+ "${FILESDIR}"/polkit-0.116-make-netgroup-support-optional-2.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-01-26 13:37 Jory Pratt
0 siblings, 0 replies; 7+ messages in thread
From: Jory Pratt @ 2022-01-26 13:37 UTC (permalink / raw
To: gentoo-commits
commit: 7b63ecc28ba29ecf67bf377328ad2534a0a9968e
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 26 13:37:13 2022 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed Jan 26 13:37:39 2022 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=7b63ecc2
sys-auth/polkit: meson fix, security bump
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-auth/polkit/Manifest | 2 -
sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 ---
...it-0.116-make-netgroup-support-optional-1.patch | 248 ---------------------
...it-0.116-make-netgroup-support-optional-2.patch | 219 ------------------
.../polkit/files/polkit-0.120-CVE-2021-4043.patch | 72 ++++++
sys-auth/polkit/files/polkit-0.120-meson.patch | 42 ++++
sys-auth/polkit/metadata.xml | 1 -
sys-auth/polkit/polkit-0.119-r2.ebuild | 141 ------------
...lkit-0.120-r1.ebuild => polkit-0.120-r2.ebuild} | 12 +-
9 files changed, 121 insertions(+), 644 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 14c82431..1125d650 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,4 +1,2 @@
-DIST polkit-0.118-duktape.patch 50144 BLAKE2B 83be77ed93596bd44306b8e5b677497c6e4dab3a16626a32849abb3d91b527ad1e3a1436dcd7389ca5794ea1d7efaa3d5acc950f868fcda85b4bab75ad54205a SHA512 dec31b81678a5436ddeef633d668c735d3c7128d6b5fb7b5dda2d06e8cf40ce9093813e9fbc8870475321d6fcdef3395bf3dd0db7ed214f0f45b19bf47c8a867
-DIST polkit-0.119.tar.gz 1387409 BLAKE2B aeb605598393d1cab40f7c77954008a0392600584c5fe8cc9acaa0e122418ee48b9cce0b6839189ea415277ff0ae4dbd5b7c71cb910aa349dcaf7e1f3f70ef06 SHA512 0260fb15da1c4c1f429e8223260981e64e297f1be8ced42f6910f09ea6581b8205aca06c9c601eb4a128acba2f468de0223118f96862ba769f95721894cf1578
DIST polkit-0.120-duktape-1.patch 127886 BLAKE2B 5ae791538ff576c01340a8eee197c0da580cf8a5afd5d0ba54526191edf68c16811debed981c540fcf2ad6fbf0d13f66c71c8ccd32560fda2f39aeb86cd15349 SHA512 bd3fb95a2e4151646859fef031f463fabd8c02bd24024f8269a74c171d70f8fc33de055193b2a0fb0c40fc459f01ec9a546cfdf1c90ef096ba8e5135d08be4a7
DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch
deleted file mode 100644
index 93d67201..00000000
--- a/sys-auth/polkit/files/polkit-0.115-elogind.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
-From: Rasmus Thomsen <cogitri@exherbo.org>
-Date: Wed, 11 Apr 2018 13:14:14 +0200
-Subject: [PATCH] configure: fix elogind support
-
-HAVE_LIBSYSTEMD is used to determine which source files to use.
-We have to check if either have_libsystemd or have_libelogind is
-true, as both of these need the source files which are used when
-HAVE_LIBSYSTEMD is true.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 36df239..da47ecb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
-
- AC_SUBST(LIBSYSTEMD_CFLAGS)
- AC_SUBST(LIBSYSTEMD_LIBS)
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
-
- dnl ---------------------------------------------------------------------------
- dnl - systemd unit / service files
---
-2.17.0
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
deleted file mode 100644
index 84f07f98..00000000
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-From 71e5409c931f8e69ef7e782d1c396c335a4c3f76 Mon Sep 17 00:00:00 2001
-From: A. Wilcox <AWilcox@Wilcox-Tech.com>
-Date: Mon, 20 May 2019 20:24:42 -0500
-Subject: [PATCH] On at least Linux/musl and Linux/uclibc, netgroup
-support is not available. PolKit fails to compile on these systems
-for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work. If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Closes polkit/polkit#14.
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
----
- configure.ac | 2 +-
- src/polkit/polkitidentity.c | 16 ++++++++++++++++
- src/polkit/polkitunixnetgroup.c | 3 +++
- .../polkitbackendinteractiveauthority.c | 14 ++++++++------
- src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++
- test/polkit/polkitidentitytest.c | 9 ++++++++-
- test/polkit/polkitunixnetgrouptest.c | 3 +++
- .../test-polkitbackendjsauthority.c | 2 ++
- 8 files changed, 43 insertions(+), 8 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5cedb4e..87aa0ad 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f..10e9c17 100644
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
-index 8a2b369..83f8d4a 100644
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8..36c2f3d 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 9b752d1..09b2878 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS_free (cx, netgroup);
- JS_free (cx, user);
-+#endif
-
- ret = true;
-
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
-index e91967b..e829aaa 100644
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1..e3352eb 100644
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index 71aad23..fdd28f3 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
---
-2.21.0
-
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
deleted file mode 100644
index aef30ef6..00000000
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 4809dc9..d1ea325 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f..793f17d 100644
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
-+
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
-index 8a2b369..83f8d4a 100644
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8..36c2f3d 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 1d91103..366cbdf 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- {
- is_in_netgroup = true;
- }
-+#endif
-
- ret = true;
-
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
-index e91967b..e829aaa 100644
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1..e3352eb 100644
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index 71aad23..fdd28f3 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
new file mode 100644
index 00000000..22bb71d1
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
@@ -0,0 +1,72 @@
+https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+https://bugs.gentoo.org/832057
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
+
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Tue, 25 Jan 2022 17:21:46 +0000
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
+
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+ local_agent_handle = NULL;
+ ret = 126;
+
++ if (argc < 1)
++ {
++ exit(126);
++ }
++
+ /* Disable remote file access from GIO. */
+ setenv ("GIO_USE_VFS", "local", 1);
+
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+ pid_t pid_of_caller;
+ gpointer local_agent_handle;
+
++
++ /*
++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++ */
++ if (argc<1)
++ {
++ exit(127);
++ }
++
+ ret = 127;
+ authority = NULL;
+ subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+
+ path = g_strdup (pwstruct.pw_shell);
+ if (!path)
+- {
++ {
+ g_printerr ("No shell configured or error retrieving pw_shell\n");
+ goto out;
+- }
++ }
+ /* If you change this, be sure to change the if (!command_line)
+ case below too */
+ command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+ goto out;
+ }
+ g_free (path);
+- argv[n] = path = s;
++ path = s;
++
++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++ */
++ if (argv[n] != NULL)
++ {
++ argv[n] = path;
++ }
+ }
+ if (access (path, F_OK) != 0)
+ {
+GitLab
diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch
new file mode 100644
index 00000000..5e144688
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-meson.patch
@@ -0,0 +1,42 @@
+From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Mon, 25 Oct 2021 20:21:27 +0100
+Subject: [PATCH] Don't pass positional parameters to i18n.merge_file
+
+These were always ignored, and Meson 0.60.0 disallowed them.
+
+Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160
+Reference: https://github.com/mesonbuild/meson/pull/9445
+Signed-off-by: Simon McVittie <smcv@debian.org>
+---
+ actions/meson.build | 1 -
+ src/examples/meson.build | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/actions/meson.build b/actions/meson.build
+index 2abaaf3..1e3f370 100644
+--- a/actions/meson.build
++++ b/actions/meson.build
+@@ -1,7 +1,6 @@
+ policy = 'org.freedesktop.policykit.policy'
+
+ i18n.merge_file(
+- policy,
+ input: policy + '.in',
+ output: '@BASENAME@',
+ po_dir: po_dir,
+diff --git a/src/examples/meson.build b/src/examples/meson.build
+index c6305ab..8c18de5 100644
+--- a/src/examples/meson.build
++++ b/src/examples/meson.build
+@@ -1,7 +1,6 @@
+ policy = 'org.freedesktop.policykit.examples.pkexec.policy'
+
+ i18n.merge_file(
+- policy,
+ input: policy + '.in',
+ output: '@BASENAME@',
+ po_dir: po_dir,
+--
+GitLab
+
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index f23bd9f8..23b3540b 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -6,7 +6,6 @@
</maintainer>
<use>
<flag name="duktape">Use<pkg>dev-lang/duktape</pkg> for javascript engine</flag>
- <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
</use>
</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.119-r2.ebuild b/sys-auth/polkit/polkit-0.119-r2.ebuild
deleted file mode 100644
index 32f1c305..00000000
--- a/sys-auth/polkit/polkit-0.119-r2.ebuild
+++ /dev/null
@@ -1,141 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz
- https://dev.gentoo.org/~anarchy/dist/polkit-0.118-duktape.patch"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~mips ppc64 x86"
-IUSE="duktape elogind examples gtk +introspection kde nls pam selinux systemd test"
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="^^ ( elogind systemd )"
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- dev-util/gtk-doc-am
- dev-util/intltool
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- duktape? ( dev-lang/duktape )
- !duktape? ( dev-lang/spidermonkey:78[-debug] )
- dev-libs/glib:2
- dev-libs/expat
- elogind? ( sys-auth/elogind )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-PATCHES=(
- "${DISTDIR}"/${PN}-0.118-duktape.patch
- "${FILESDIR}"/${PN}-0.115-elogind.patch # bug 660880
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
-)
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-src_prepare() {
- default
-
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
- -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
- docs/polkit/Makefile.in || die
-
- # disable broken test - bug #624022
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
-
- # Fix cross-building, bug #590764, elogind patch, bug #598615
- eautoreconf
-}
-
-src_configure() {
- xdg_environment_reset
-
- local myeconfargs=(
- --localstatedir="${EPREFIX}"/var
- --disable-static
- --enable-man-pages
- --disable-gtk-doc
- --disable-examples
- $(use_enable elogind libelogind)
- $(use_enable introspection)
- $(use_enable nls)
- $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
- --with-authfw=$(usex pam pam shadow)
- $(use_enable systemd libsystemd-login)
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
- $(use_enable test)
- --with-os-type=gentoo
- )
-
- if use duktape; then
- myeconfargs+=( --with-duktape )
- fi
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- default
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- default
-
- if use examples; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-
- find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
diff --git a/sys-auth/polkit/polkit-0.120-r1.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild
similarity index 89%
rename from sys-auth/polkit/polkit-0.120-r1.ebuild
rename to sys-auth/polkit/polkit-0.120-r2.ebuild
index a75f950a..24b53b1f 100644
--- a/sys-auth/polkit/polkit-0.120-r1.ebuild
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -56,11 +56,6 @@ PDEPEND="
kde? ( kde-plasma/polkit-kde-agent )
"
-PATCHES=(
- "${DISTDIR}"/${PN}-0.120-duktape-1.patch
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
-)
-
DOCS=( docs/TODO HACKING NEWS README )
QA_MULTILIB_PATHS="
@@ -68,6 +63,12 @@ QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkitd"
src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/polkit-0.120-meson.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+ "${DISTDIR}"/${PN}-0.120-duktape-1.patch
+ "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+ )
default
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
@@ -114,6 +115,7 @@ src_install() {
# meson does not install required files with SUID bit. See
# https://bugs.gentoo.org/816393
# Remove the following lines once this has been fixed by upstream
+ # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
fperms u+s /usr/bin/pkexec
fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
}
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-02-23 15:59 Jory Pratt
0 siblings, 0 replies; 7+ messages in thread
From: Jory Pratt @ 2022-02-23 15:59 UTC (permalink / raw
To: gentoo-commits
commit: 3fa32295616a9ffef5bbea9c8568367b080a520f
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 23 15:58:58 2022 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed Feb 23 15:59:23 2022 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=3fa32295
sys-auth/polkit: sync with ::gentoo
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
.../polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 +++++++++++++
sys-auth/polkit/polkit-0.120-r3.ebuild | 128 +++++++++++++++++++++
2 files changed, 206 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
new file mode 100644
index 00000000..a82ce25c
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
@@ -0,0 +1,78 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
+https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
+https://bugs.gentoo.org/833574
+
+From: Jan Rybar <jrybar@redhat.com>
+Date: Mon, 21 Feb 2022 08:29:05 +0000
+Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix
+
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -62,6 +62,10 @@ enum
+ PROP_NAME,
+ };
+
++
++guint8 dbus_call_respond_fails; // has to be global because of callback
++
++
+ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+
+ G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
+@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
+ if (!v)
+ {
+ data->caught_error = TRUE;
++ dbus_call_respond_fails += 1;
+ }
+ else
+ {
+@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
+ tmp_context = g_main_context_new ();
+ g_main_context_push_thread_default (tmp_context);
+
++ dbus_call_respond_fails = 0;
++
+ /* Do two async calls as it's basically as fast as one sync call.
+ */
+ g_dbus_connection_call (connection,
+@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
+ on_retrieved_unix_uid_pid,
+ &data);
+
+- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+- g_main_context_iteration (tmp_context, TRUE);
++ while (TRUE)
++ {
++ /* If one dbus call returns error, we must wait until the other call
++ * calls _call_finish(), otherwise fd leak is possible.
++ * Resolves: GHSL-2021-077
++ */
+
+- if (data.caught_error)
+- goto out;
++ if ( (dbus_call_respond_fails > 1) )
++ {
++ // we got two faults, we can leave
++ goto out;
++ }
++
++ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
++ {
++ // we got one fault and the other call finally finished, we can leave
++ goto out;
++ }
++
++ if ( !(data.retrieved_uid && data.retrieved_pid) )
++ {
++ g_main_context_iteration (tmp_context, TRUE);
++ }
++ else
++ {
++ break;
++ }
++ }
+
+ if (out_uid)
+ *out_uid = data.uid;
+GitLab
diff --git a/sys-auth/polkit/polkit-0.120-r3.ebuild b/sys-auth/polkit/polkit-0.120-r3.ebuild
new file mode 100644
index 00000000..b4a58c38
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120-r3.ebuild
@@ -0,0 +1,128 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz
+ https://dev.gentoo.org/~anarchy/dist/polkit-0.120-duktape-1.patch"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm ~arm64 ~mips ~ppc64 ~x86"
+IUSE="duktape examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ duktape? ( dev-lang/duktape )
+ !duktape? ( dev-lang/spidermonkey:78[-debug] )
+ dev-libs/glib:2
+ dev-libs/expat
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/polkit-0.120-meson.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4115.patch"
+ "${DISTDIR}"/${PN}-0.120-duktape-1.patch
+ "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+ )
+
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ -Djs_engine="$(usex duktape duktape mozjs)"
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+
+ # meson does not install required files with SUID bit. See
+ # https://bugs.gentoo.org/816393
+ # Remove the following lines once this has been fixed by upstream
+ # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
+ fperms u+s /usr/bin/pkexec
+ fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-02-23 15:59 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-26 13:37 [gentoo-commits] proj/musl:master commit in: sys-auth/polkit/, sys-auth/polkit/files/ Jory Pratt
-- strict thread matches above, loose matches on Subject: below --
2022-02-23 15:59 Jory Pratt
2020-09-17 15:19 Jory Pratt
2019-04-28 21:55 Jory Pratt
2018-12-02 18:03 Anthony G. Basile
2017-02-23 3:29 Aric Belsito
2016-01-03 16:51 Jory Pratt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox