* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2017-01-14 19:26 Andreas Sturmlechner
0 siblings, 0 replies; 16+ messages in thread
From: Andreas Sturmlechner @ 2017-01-14 19:26 UTC (permalink / raw
To: gentoo-commits
commit: 7ffb5079b8c109223cfeb4519abb84a6c5516293
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 14 12:24:15 2017 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Jan 14 19:25:03 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ffb5079
sys-auth/polkit: Add USE=elogind, bump to EAPI 6
Gentoo-bug: 598615
Drop non-existent lxde-base/lxpolkit from PDEPEND
Package-Manager: portage-2.3.0
sys-auth/polkit/files/polkit-0.113-elogind.patch | 160 +++++++++++++++++++++++
sys-auth/polkit/metadata.xml | 1 +
sys-auth/polkit/polkit-0.113-r2.ebuild | 133 +++++++++++++++++++
3 files changed, 294 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch
new file mode 100644
index 00000000..fb142c6
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch
@@ -0,0 +1,160 @@
+--- a/configure.ac 2016-11-03 20:16:02.842071344 +0100
++++ b/configure.ac 2016-11-03 20:15:34.612071850 +0100
+@@ -183,11 +183,12 @@
+
+ AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"])
+
+-dnl ---------------------------------------------------------------------------
+-dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking
+-dnl ---------------------------------------------------------------------------
++dnl -----------------------------------------------------------------------------------
++dnl - Select wether to use libsystemd-login, elogind or ConsoleKit for session tracking
++dnl -----------------------------------------------------------------------------------
+
+ have_libsystemd=no
++have_elogind=no
+ SESSION_TRACKING=ConsoleKit
+
+ AC_ARG_ENABLE([libsystemd-login],
+@@ -220,6 +221,29 @@
+ fi
+ fi
+ fi
++
++AC_ARG_ENABLE([libelogind],
++ [AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])],
++ [enable_libelogind=$enableval],
++ [enable_libelogind=auto])
++if test "$enable_libelogind" != "no"; then
++ PKG_CHECK_MODULES([LIBELOGIND],
++ [libelogind],
++ [have_libelogind=yes],
++ [have_libelogind=no])
++ if test "$have_libelogind" = "yes"; then
++ SESSION_TRACKING=libelogind
++ AC_DEFINE([HAVE_LIBELOGIND], 1, [Define to 1 if libelogind is available])
++ save_LIBS=$LIBS
++ LIBS=$LIBELOGIND_LIBS
++ AC_CHECK_FUNCS(sd_uid_get_display)
++ LIBS=$save_LIBS
++ else
++ if test "$enable_libelogind" = "yes"; then
++ AC_MSG_ERROR([libelogind support requested but libelogind not found])
++ fi
++ fi
++fi
+
+ AS_IF([test "x$cross_compiling" != "xyes" ], [
+ AS_IF([test "$have_libsystemd" = "yes"], [
+@@ -245,6 +245,10 @@
+ AC_SUBST(LIBSYSTEMD_LIBS)
+ AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
+
++AC_SUBST(LIBELOGIND_CFLAGS)
++AC_SUBST(LIBELOGIND_LIBS)
++AM_CONDITIONAL(HAVE_LIBELOGIND, [test "$have_libelogind" = "yes"], [Using libelogind])
++
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+ dnl ---------------------------------------------------------------------------
+--- a/src/polkitbackend/Makefile.am 2016-11-04 04:40:46.930116006 +0100
++++ b/src/polkitbackend/Makefile.am 2016-11-04 04:42:14.586114436 +0100
+@@ -42,21 +42,28 @@
+ libpolkit_backend_1_la_SOURCES += \
+ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c
+ else
++if HAVE_LIBELOGIND
++libpolkit_backend_1_la_SOURCES += \
++ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c
++else
+ libpolkit_backend_1_la_SOURCES += \
+ polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c
+ endif
++endif
+
+ libpolkit_backend_1_la_CFLAGS = \
+ -D_POLKIT_COMPILATION \
+ -D_POLKIT_BACKEND_COMPILATION \
+ $(GLIB_CFLAGS) \
+ $(LIBSYSTEMD_CFLAGS) \
++ $(LIBELOGIND_CFLAGS) \
+ $(LIBJS_CFLAGS) \
+ $(NULL)
+
+ libpolkit_backend_1_la_LIBADD = \
+ $(GLIB_LIBS) \
+ $(LIBSYSTEMD_LIBS) \
++ $(LIBELOGIND_LIBS) \
+ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \
+ $(EXPAT_LIBS) \
+ $(LIBJS_LIBS) \
+--- a/src/polkit/Makefile.am 2016-11-04 04:41:02.756115723 +0100
++++ b/src/polkit/Makefile.am 2016-11-04 04:42:49.428113812 +0100
+@@ -85,19 +85,26 @@
+ libpolkit_gobject_1_la_SOURCES += \
+ polkitunixsession-systemd.c polkitunixsession.h
+ else
++if HAVE_LIBELOGIND
++libpolkit_gobject_1_la_SOURCES += \
++ polkitunixsession-systemd.c polkitunixsession.h
++else
+ libpolkit_gobject_1_la_SOURCES += \
+ polkitunixsession.c polkitunixsession.h
+ endif
++endif
+
+ libpolkit_gobject_1_la_CFLAGS = \
+ -D_POLKIT_COMPILATION \
+ $(GLIB_CFLAGS) \
+ $(LIBSYSTEMD_CFLAGS) \
++ $(LIBELOGIND_CFLAGS) \
+ $(NULL)
+
+ libpolkit_gobject_1_la_LIBADD = \
+ $(GLIB_LIBS) \
+ $(LIBSYSTEMD_LIBS) \
++ $(LIBELOGIND_LIBS) \
+ $(NULL)
+
+ libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
+--- a/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:29.650112018 +0100
++++ b/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:58.283111505 +0100
+@@ -39,6 +39,10 @@
+ #include <systemd/sd-login.h>
+ #endif /* HAVE_LIBSYSTEMD */
+
++#ifdef HAVE_LIBELOGIND
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBELOGIND */
++
+ #include <jsapi.h>
+
+ #include "initjs.h" /* init.js */
+--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:44:29.650112018 +0100
++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:46:52.718109455 +0100
+@@ -25,7 +25,11 @@
+ #include <grp.h>
+ #include <string.h>
+ #include <glib/gstdio.h>
++#ifdef HAVE_LIBSYSTEMD
+ #include <systemd/sd-login.h>
++#else
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBSYSTEMD versus HAVE_LIBELOGIND */
+ #include <stdlib.h>
+
+ #include <polkit/polkit.h>
+--- a/src/polkit/polkitunixsession-systemd.c 2016-11-04 04:44:29.651112017 +0100
++++ b/src/polkit/polkitunixsession-systemd.c 2016-11-04 04:47:07.160109197 +0100
+@@ -30,7 +30,11 @@
+ #include "polkiterror.h"
+ #include "polkitprivate.h"
+
++#ifdef HAVE_LIBSYSTEMD
+ #include <systemd/sd-login.h>
++#else
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBSYSTEMD versus HAVE_ELOGIND */
+
+ /**
+ * SECTION:polkitunixsession
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index cc3a0b4..348a315 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -5,6 +5,7 @@
<email>freedesktop-bugs@gentoo.org</email>
</maintainer>
<use>
+ <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
</use>
</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.113-r2.ebuild b/sys-auth/polkit/polkit-0.113-r2.ebuild
new file mode 100644
index 00000000..4ec829a
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.113-r2.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+ dev-lang/spidermonkey:0/mozjs185[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ introspection? ( dev-libs/gobject-introspection )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/libxslt
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( >=gnome-extra/polkit-gnome-0.105 )
+ kde? ( || (
+ kde-plasma/polkit-kde-agent
+ sys-auth/polkit-kde-agent
+ ) )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=( "${FILESDIR}"/${P}-elogind.patch )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ econf \
+ --localstatedir="${EPREFIX}"/var \
+ --disable-static \
+ --enable-man-pages \
+ --disable-gtk-doc \
+ --disable-examples \
+ --with-mozjs=mozjs185 \
+ $(use_enable elogind libelogind) \
+ $(use_enable introspection) \
+ $(use_enable nls) \
+ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+ --with-authfw=$(usex pam pam shadow) \
+ $(use_enable systemd libsystemd-login) \
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+ $(use_enable test) \
+ --with-os-type=gentoo
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ find "${D}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2017-06-27 12:04 Michael Palimaka
0 siblings, 0 replies; 16+ messages in thread
From: Michael Palimaka @ 2017-06-27 12:04 UTC (permalink / raw
To: gentoo-commits
commit: 487ef5103ed45a49310282d483c41f0dcf6638e2
Author: Sven Eden <yamakuzure <AT> gmx <DOT> net>
AuthorDate: Tue Jun 27 12:03:40 2017 +0000
Commit: Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Tue Jun 27 12:04:19 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=487ef510
sys-auth/polkit: improve elogind patch
Gentoo-bug: 622800
Package-Manager: Portage-2.3.6, Repoman-2.3.2
sys-auth/polkit/files/polkit-0.113-elogind.patch | 22 ++++++++++++++++++++--
...lkit-0.113-r2.ebuild => polkit-0.113-r3.ebuild} | 0
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch
index fb142c65ce6..c822e00d24a 100644
--- a/sys-auth/polkit/files/polkit-0.113-elogind.patch
+++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch
@@ -117,8 +117,8 @@
$(NULL)
libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
---- a/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:29.650112018 +0100
-+++ b/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:58.283111505 +0100
+--- a/src/polkitbackend/polkitbackendjsauthority.c 2017-06-27 09:22:03.375841040 +0200
++++ b/src/polkitbackend/polkitbackendjsauthority.c 2017-06-27 09:25:33.815845141 +0200
@@ -39,6 +39,10 @@
#include <systemd/sd-login.h>
#endif /* HAVE_LIBSYSTEMD */
@@ -130,6 +130,24 @@
#include <jsapi.h>
#include "initjs.h" /* init.js */
+@@ -793,7 +797,7 @@
+ g_assert_not_reached ();
+ }
+
+-#ifdef HAVE_LIBSYSTEMD
++#if defined(HAVE_LIBSYSTEMD) || defined(HAVE_LIBELOGIND)
+ if (sd_pid_get_session (pid, &session_str) == 0)
+ {
+ if (sd_session_get_seat (session_str, &seat_str) == 0)
+@@ -801,7 +805,7 @@
+ /* do nothing */
+ }
+ }
+-#endif /* HAVE_LIBSYSTEMD */
++#endif /* HAVE_LIBSYSTEMD or HAVE_LIBELOGIND */
+
+ g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
+ uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject));
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:44:29.650112018 +0100
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:46:52.718109455 +0100
@@ -25,7 +25,11 @@
diff --git a/sys-auth/polkit/polkit-0.113-r2.ebuild b/sys-auth/polkit/polkit-0.113-r3.ebuild
similarity index 100%
rename from sys-auth/polkit/polkit-0.113-r2.ebuild
rename to sys-auth/polkit/polkit-0.113-r3.ebuild
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2018-08-08 20:45 Andreas Sturmlechner
0 siblings, 0 replies; 16+ messages in thread
From: Andreas Sturmlechner @ 2018-08-08 20:45 UTC (permalink / raw
To: gentoo-commits
commit: 796d413851084fa37559c1806e436cb8bdfce936
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 8 19:55:48 2018 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Wed Aug 8 20:45:29 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=796d4138
sys-auth/polkit: Fix configure with elogind
See also: https://bugs.freedesktop.org/show_bug.cgi?id=105989
Closes: https://bugs.gentoo.org/660880
Closes: https://bugs.gentoo.org/662338
Package-Manager: Portage-2.3.45, Repoman-2.3.10
sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 +++++
sys-auth/polkit/polkit-0.115-r1.ebuild | 137 +++++++++++++++++++++++
2 files changed, 165 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch
new file mode 100644
index 00000000000..93d672015db
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-elogind.patch
@@ -0,0 +1,28 @@
+From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
+From: Rasmus Thomsen <cogitri@exherbo.org>
+Date: Wed, 11 Apr 2018 13:14:14 +0200
+Subject: [PATCH] configure: fix elogind support
+
+HAVE_LIBSYSTEMD is used to determine which source files to use.
+We have to check if either have_libsystemd or have_libelogind is
+true, as both of these need the source files which are used when
+HAVE_LIBSYSTEMD is true.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 36df239..da47ecb 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
+
+ AC_SUBST(LIBSYSTEMD_CFLAGS)
+ AC_SUBST(LIBSYSTEMD_LIBS)
+-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
+
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+--
+2.17.0
diff --git a/sys-auth/polkit/polkit-0.115-r1.ebuild b/sys-auth/polkit/polkit-0.115-r1.ebuild
new file mode 100644
index 00000000000..f07c7ca222e
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r1.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+ dev-lang/spidermonkey:52[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ introspection? ( dev-libs/gobject-introspection )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=( "${FILESDIR}"/${P}-elogind.patch ) # bug 660880
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2019-03-26 8:58 Lars Wendler
0 siblings, 0 replies; 16+ messages in thread
From: Lars Wendler @ 2019-03-26 8:58 UTC (permalink / raw
To: gentoo-commits
commit: 3593d9638f4876e8540afb40012856ebe6d257b5
Author: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache <DOT> Org>
AuthorDate: Mon Mar 25 00:49:59 2019 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Mar 26 08:58:40 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3593d963
sys-auth/polkit: Use dev-lang/spidermonkey:60.
Port to EAPI="7".
Improve HOMEPAGE.
Fixes: https://bugs.gentoo.org/681692
Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org>
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
.../files/polkit-0.115-spidermonkey-60.patch | 180 +++++++++++++++++++++
sys-auth/polkit/polkit-0.115-r4.ebuild | 143 ++++++++++++++++
2 files changed, 323 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
new file mode 100644
index 00000000000..8a4510ad205
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
@@ -0,0 +1,180 @@
+From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi <ebassi@gnome.org>
+Date: Fri, 31 Aug 2018 13:32:16 +0100
+Subject: [PATCH] Depend on mozjs-60
+
+This is the new ESR version of the Mozilla JS engine, superceding
+mozjs-52.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5c37e48..5cedb4e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
+-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
++PKG_CHECK_MODULES(LIBJS, [mozjs-60])
+
+ AC_SUBST(LIBJS_CFLAGS)
+ AC_SUBST(LIBJS_CXXFLAGS)
+
+
+From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi <ebassi@gnome.org>
+Date: Fri, 31 Aug 2018 13:33:20 +0100
+Subject: [PATCH] Port the JS authority to mozjs-60
+
+API changes in mozjs that need to be reflected in the JS authority:
+
+ - the JS::CompileOptions constructor and the JS::CompartmentOptions
+ do not allow setting a JS version any more
+
+ - do not use NULL comparisons for C++ objects
+
+ - the resize() method for a vector has a return value that needs
+ to be handled
+
+ - JSClassOps has different fields
+---
+ .../polkitbackendjsauthority.cpp | 65 +++++++++----------
+ 1 file changed, 32 insertions(+), 33 deletions(-)
+
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 7602714..984a0f0 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ static const struct JSClassOps js_global_class_ops = {
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL
++ nullptr, // addProperty
++ nullptr, // deleteProperty
++ nullptr, // enumerate
++ nullptr, // newEnumerate
++ nullptr, // resolve
++ nullptr, // mayResolve
++ nullptr, // finalize
++ nullptr, // call
++ nullptr, // hasInstance
++ nullptr, // construct
++ JS_GlobalObjectTraceHook
+ };
+
+ static JSClass js_global_class = {
+@@ -172,18 +171,17 @@ static JSClass js_global_class = {
+
+ /* ---------------------------------------------------------------------------------------------------- */
+ static const struct JSClassOps js_polkit_class_ops = {
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL
++ nullptr, // addProperty
++ nullptr, // deleteProperty
++ nullptr, // enumerate
++ nullptr, // newEnumerate
++ nullptr, // resolve
++ nullptr, // mayResolve
++ nullptr, // finalize
++ nullptr, // call
++ nullptr, // hasInstance
++ nullptr, // construct
++ nullptr // trace
+ };
+
+ static JSClass js_polkit_class = {
+@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
+
+ {
+ JS::CompartmentOptions compart_opts;
+- compart_opts.behaviors().setVersion(JSVERSION_LATEST);
++
+ JS::RootedObject global(authority->priv->cx);
+
+ authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
+
+ global = authority->priv->js_global->get ();
+-
+- if (global == NULL)
++ if (!global)
+ goto fail;
+
+ authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
+
+- if (authority->priv->ac == NULL)
++ if (!authority->priv->ac)
+ goto fail;
+
+ if (!JS_InitStandardClasses (authority->priv->cx, global))
+@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
+
+ polkit = authority->priv->js_polkit->get ();
+
+- if (polkit == NULL)
++ if (!polkit)
+ goto fail;
+
+ if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
+@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
+ js_polkit_functions))
+ goto fail;
+
+- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++ JS::CompileOptions options(authority->priv->cx);
+ JS::RootedValue rval(authority->priv->cx);
+ if (!JS::Evaluate (authority->priv->cx,
+ options,
+@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority,
+ JS::AutoValueVector elems(authority->priv->cx);
+ guint n;
+
+- elems.resize(value->len);
++ if (!elems.resize(value->len))
++ g_error ("Unable to resize vector");
++
+ for (n = 0; n < value->len; n++)
+ {
+ const char *c_string = (const char *) g_ptr_array_index(value, n);
+@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
+ GError **error)
+ {
+ gboolean ret = FALSE;
+- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++ JS::CompileOptions options(authority->priv->cx);
+ const char *src;
+ JS::RootedObject obj(authority->priv->cx);
+ pid_t pid;
+@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
+ GError **error)
+ {
+ gboolean ret = FALSE;
+- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++ JS::CompileOptions options(authority->priv->cx);
+ const char *src;
+ JS::RootedObject obj(authority->priv->cx);
+ gchar **keys;
diff --git a/sys-auth/polkit/polkit-0.115-r4.ebuild b/sys-auth/polkit/polkit-0.115-r4.ebuild
new file mode 100644
index 00000000000..ecc024a27d3
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r4.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+BDEPEND="
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:60[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+ "${FILESDIR}"/CVE-2018-19788.patch
+ "${FILESDIR}"/polkit-0.115-spidermonkey-60.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+ diropts -m0700 -o polkitd -g polkitd
+ keepdir /var/lib/polkit-1
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}/examples
+ doins src/examples/{*.c,*.policy*}
+ fi
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2020-10-04 16:07 Andreas Sturmlechner
0 siblings, 0 replies; 16+ messages in thread
From: Andreas Sturmlechner @ 2020-10-04 16:07 UTC (permalink / raw
To: gentoo-commits
commit: 1bed18530dc535caec4a9fbfe2f9c4de9ac3d730
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 4 15:58:22 2020 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sun Oct 4 15:58:22 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bed1853
sys-auth/polkit: Cleanup vulnerable 0.115-r4
Bug: https://bugs.gentoo.org/717712
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 -
sys-auth/polkit/files/CVE-2018-19788.patch | 339 ---------------------
.../files/polkit-0.115-spidermonkey-60.patch | 180 -----------
sys-auth/polkit/polkit-0.115-r4.ebuild | 144 ---------
4 files changed, 664 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 22da4a92e24..c1e90f0d5ca 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,4 +1,3 @@
-DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1 SHA512 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc
DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5
DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
DIST polkit-0.118.tar.gz 1556765 BLAKE2B d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119 SHA512 3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e
diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch b/sys-auth/polkit/files/CVE-2018-19788.patch
deleted file mode 100644
index 97e3608a12b..00000000000
--- a/sys-auth/polkit/files/CVE-2018-19788.patch
+++ /dev/null
@@ -1,339 +0,0 @@
-From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 3 Dec 2018 10:28:58 +0100
-Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group
- objects
-
-(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
-there should be no users with such number, see
-https://systemd.io/UIDS-GIDS#special-linux-uids.
-
-(uid_t) -1 is used as the default value in class initialization.
-
-When a user or group above INT32_MAX is created, the numeric uid or
-gid wraps around to negative when the value is assigned to gint, and
-polkit gets confused. Let's accept such gids, except for -1.
-
-A nicer fix would be to change the underlying type to e.g. uint32 to
-not have negative values. But this cannot be done without breaking the
-API, so likely new functions will have to be added (a
-polkit_unix_user_new variant that takes a unsigned, and the same for
-_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
-require a bigger patch.
-
-Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
----
- src/polkit/polkitunixgroup.c | 15 +++++++++++----
- src/polkit/polkitunixprocess.c | 12 ++++++++----
- src/polkit/polkitunixuser.c | 13 ++++++++++---
- 3 files changed, 29 insertions(+), 11 deletions(-)
-
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
-index c57a1aa..309f689 100644
---- a/src/polkit/polkitunixgroup.c
-+++ b/src/polkit/polkitunixgroup.c
-@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
- static void
- polkit_unix_group_init (PolkitUnixGroup *unix_group)
- {
-+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
- }
-
- static void
-@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
- GParamSpec *pspec)
- {
- PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
-+ gint val;
-
- switch (prop_id)
- {
- case PROP_GID:
-- unix_group->gid = g_value_get_int (value);
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val != -1);
-+ unix_group->gid = val;
- break;
-
- default:
-@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
- g_param_spec_int ("gid",
- "Group ID",
- "The UNIX group ID",
-- 0,
-+ G_MININT,
- G_MAXINT,
-- 0,
-+ -1,
- G_PARAM_CONSTRUCT |
- G_PARAM_READWRITE |
- G_PARAM_STATIC_NAME |
-@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
- */
- void
- polkit_unix_group_set_gid (PolkitUnixGroup *group,
-- gint gid)
-+ gint gid)
- {
- g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
-+ g_return_if_fail (gid != -1);
- group->gid = gid;
- }
-
-@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
- PolkitIdentity *
- polkit_unix_group_new (gint gid)
- {
-+ g_return_val_if_fail (gid != -1, NULL);
-+
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
- "gid", gid,
- NULL));
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index 972b777..b02b258 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
- polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
- break;
-
-- case PROP_UID:
-- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
-+ case PROP_UID: {
-+ gint val;
-+
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val != -1);
-+ polkit_unix_process_set_uid (unix_process, val);
- break;
-+ }
-
- case PROP_START_TIME:
- polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
-@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
- g_param_spec_int ("uid",
- "User ID",
- "The UNIX user ID",
-- -1,
-+ G_MININT,
- G_MAXINT,
- -1,
- G_PARAM_CONSTRUCT |
-@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
- gint uid)
- {
- g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
-- g_return_if_fail (uid >= -1);
- process->uid = uid;
- }
-
-diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
-index 8bfd3a1..234a697 100644
---- a/src/polkit/polkitunixuser.c
-+++ b/src/polkit/polkitunixuser.c
-@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
- static void
- polkit_unix_user_init (PolkitUnixUser *unix_user)
- {
-+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
- unix_user->name = NULL;
- }
-
-@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
- GParamSpec *pspec)
- {
- PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
-+ gint val;
-
- switch (prop_id)
- {
- case PROP_UID:
-- unix_user->uid = g_value_get_int (value);
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val != -1);
-+ unix_user->uid = val;
- break;
-
- default:
-@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
- g_param_spec_int ("uid",
- "User ID",
- "The UNIX user ID",
-- 0,
-+ G_MININT,
- G_MAXINT,
-- 0,
-+ -1,
- G_PARAM_CONSTRUCT |
- G_PARAM_READWRITE |
- G_PARAM_STATIC_NAME |
-@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
- gint uid)
- {
- g_return_if_fail (POLKIT_IS_UNIX_USER (user));
-+ g_return_if_fail (uid != -1);
- user->uid = uid;
- }
-
-@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
- PolkitIdentity *
- polkit_unix_user_new (gint uid)
- {
-+ g_return_val_if_fail (uid != -1, NULL);
-+
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
- "uid", uid,
- NULL));
---
-2.18.1
-
-
-From b534a10727455409acd54018a9c91000e7626126 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 3 Dec 2018 11:20:34 +0100
-Subject: [PATCH 2/2] tests: add tests for high uids
-
----
- test/data/etc/group | 1 +
- test/data/etc/passwd | 2 +
- .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++
- .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++
- 4 files changed, 96 insertions(+)
-
-diff --git a/test/data/etc/group b/test/data/etc/group
-index 12ef328..b9acab9 100644
---- a/test/data/etc/group
-+++ b/test/data/etc/group
-@@ -5,3 +5,4 @@ john:x:500:
- jane:x:501:
- sally:x:502:
- henry:x:503:
-+highuid2:x:4000000000:
-diff --git a/test/data/etc/passwd b/test/data/etc/passwd
-index 8544feb..5cf14a5 100644
---- a/test/data/etc/passwd
-+++ b/test/data/etc/passwd
-@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
- jane:x:501:501:Jane Smith:/home/jane:/bin/bash
- sally:x:502:502:Sally Derp:/home/sally:/bin/bash
- henry:x:503:503:Henry Herp:/home/henry:/bin/bash
-+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
-+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
-diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
-index 446e622..98bf062 100644
---- a/test/data/etc/polkit-1/rules.d/10-testing.rules
-+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
-@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
- }
- });
-
-+polkit.addRule(function(action, subject) {
-+ if (action.id == "net.company.john_action") {
-+ if (subject.user == "john") {
-+ return polkit.Result.YES;
-+ } else {
-+ return polkit.Result.NO;
-+ }
-+ }
-+});
-+
-+polkit.addRule(function(action, subject) {
-+ if (action.id == "net.company.highuid2_action") {
-+ if (subject.user == "highuid2") {
-+ return polkit.Result.YES;
-+ } else {
-+ return polkit.Result.NO;
-+ }
-+ }
-+});
-+
-+
- // ---------------------------------------------------------------------
- // variables
-
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index b484a26..71aad23 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
- NULL,
- POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
- },
-+
-+ {
-+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
-+ "group_membership_with_non_member(highuid22)",
-+ "net.company.group.only_group_users",
-+ "unix-user:highuid2",
-+ NULL,
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+ },
-+
-+ {
-+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
-+ "group_membership_with_non_member(highuid21)",
-+ "net.company.group.only_group_users",
-+ "unix-user:highuid2",
-+ NULL,
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+ },
-+
-+ {
-+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
-+ "group_membership_with_non_member(highuid24)",
-+ "net.company.group.only_group_users",
-+ "unix-user:2147483648",
-+ NULL,
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+ },
-+
-+ {
-+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
-+ "group_membership_with_non_member(highuid23)",
-+ "net.company.group.only_group_users",
-+ "unix-user:4000000000",
-+ NULL,
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+ },
-+
-+ {
-+ /* john is authorized to do this, see 10-testing.rules */
-+ "john_action",
-+ "net.company.john_action",
-+ "unix-user:john",
-+ NULL,
-+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
-+ },
-+
-+ {
-+ /* only john is authorized to do this, see 10-testing.rules */
-+ "jane_action",
-+ "net.company.john_action",
-+ "unix-user:jane",
-+ NULL,
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+ },
-+
-+ {
-+ /* highuid2 is authorized to do this, see 10-testing.rules */
-+ "highuid2_action",
-+ "net.company.highuid2_action",
-+ "unix-user:highuid2",
-+ NULL,
-+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
-+ },
-+
-+ {
-+ /* only highuid2 is authorized to do this, see 10-testing.rules */
-+ "highuid1_action",
-+ "net.company.highuid2_action",
-+ "unix-user:highuid1",
-+ NULL,
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+ },
- };
-
- /* ---------------------------------------------------------------------------------------------------- */
---
-2.18.1
-
diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
deleted file mode 100644
index 8a4510ad205..00000000000
--- a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001
-From: Emmanuele Bassi <ebassi@gnome.org>
-Date: Fri, 31 Aug 2018 13:32:16 +0100
-Subject: [PATCH] Depend on mozjs-60
-
-This is the new ESR version of the Mozilla JS engine, superceding
-mozjs-52.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5c37e48..5cedb4e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
- AC_SUBST(GLIB_CFLAGS)
- AC_SUBST(GLIB_LIBS)
-
--PKG_CHECK_MODULES(LIBJS, [mozjs-52])
-+PKG_CHECK_MODULES(LIBJS, [mozjs-60])
-
- AC_SUBST(LIBJS_CFLAGS)
- AC_SUBST(LIBJS_CXXFLAGS)
-
-
-From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001
-From: Emmanuele Bassi <ebassi@gnome.org>
-Date: Fri, 31 Aug 2018 13:33:20 +0100
-Subject: [PATCH] Port the JS authority to mozjs-60
-
-API changes in mozjs that need to be reflected in the JS authority:
-
- - the JS::CompileOptions constructor and the JS::CompartmentOptions
- do not allow setting a JS version any more
-
- - do not use NULL comparisons for C++ objects
-
- - the resize() method for a vector has a return value that needs
- to be handled
-
- - JSClassOps has different fields
----
- .../polkitbackendjsauthority.cpp | 65 +++++++++----------
- 1 file changed, 32 insertions(+), 33 deletions(-)
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 7602714..984a0f0 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
- /* ---------------------------------------------------------------------------------------------------- */
-
- static const struct JSClassOps js_global_class_ops = {
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL
-+ nullptr, // addProperty
-+ nullptr, // deleteProperty
-+ nullptr, // enumerate
-+ nullptr, // newEnumerate
-+ nullptr, // resolve
-+ nullptr, // mayResolve
-+ nullptr, // finalize
-+ nullptr, // call
-+ nullptr, // hasInstance
-+ nullptr, // construct
-+ JS_GlobalObjectTraceHook
- };
-
- static JSClass js_global_class = {
-@@ -172,18 +171,17 @@ static JSClass js_global_class = {
-
- /* ---------------------------------------------------------------------------------------------------- */
- static const struct JSClassOps js_polkit_class_ops = {
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL,
-- NULL
-+ nullptr, // addProperty
-+ nullptr, // deleteProperty
-+ nullptr, // enumerate
-+ nullptr, // newEnumerate
-+ nullptr, // resolve
-+ nullptr, // mayResolve
-+ nullptr, // finalize
-+ nullptr, // call
-+ nullptr, // hasInstance
-+ nullptr, // construct
-+ nullptr // trace
- };
-
- static JSClass js_polkit_class = {
-@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
-
- {
- JS::CompartmentOptions compart_opts;
-- compart_opts.behaviors().setVersion(JSVERSION_LATEST);
-+
- JS::RootedObject global(authority->priv->cx);
-
- authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
-
- global = authority->priv->js_global->get ();
--
-- if (global == NULL)
-+ if (!global)
- goto fail;
-
- authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
-
-- if (authority->priv->ac == NULL)
-+ if (!authority->priv->ac)
- goto fail;
-
- if (!JS_InitStandardClasses (authority->priv->cx, global))
-@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
-
- polkit = authority->priv->js_polkit->get ();
-
-- if (polkit == NULL)
-+ if (!polkit)
- goto fail;
-
- if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
-@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
- js_polkit_functions))
- goto fail;
-
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
-+ JS::CompileOptions options(authority->priv->cx);
- JS::RootedValue rval(authority->priv->cx);
- if (!JS::Evaluate (authority->priv->cx,
- options,
-@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority,
- JS::AutoValueVector elems(authority->priv->cx);
- guint n;
-
-- elems.resize(value->len);
-+ if (!elems.resize(value->len))
-+ g_error ("Unable to resize vector");
-+
- for (n = 0; n < value->len; n++)
- {
- const char *c_string = (const char *) g_ptr_array_index(value, n);
-@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
- GError **error)
- {
- gboolean ret = FALSE;
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
-+ JS::CompileOptions options(authority->priv->cx);
- const char *src;
- JS::RootedObject obj(authority->priv->cx);
- pid_t pid;
-@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
- GError **error)
- {
- gboolean ret = FALSE;
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
-+ JS::CompileOptions options(authority->priv->cx);
- const char *src;
- JS::RootedObject obj(authority->priv->cx);
- gchar **keys;
diff --git a/sys-auth/polkit/polkit-0.115-r4.ebuild b/sys-auth/polkit/polkit-0.115-r4.ebuild
deleted file mode 100644
index 675bff79710..00000000000
--- a/sys-auth/polkit/polkit-0.115-r4.ebuild
+++ /dev/null
@@ -1,144 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam pax-utils systemd user xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
-IUSE="consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test"
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="^^ ( consolekit elogind systemd )"
-
-BDEPEND="
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- dev-util/gtk-doc-am
- dev-util/intltool
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- dev-lang/spidermonkey:60[-debug]
- dev-libs/glib:2
- dev-libs/expat
- elogind? ( sys-auth/elogind )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- systemd? ( sys-apps/systemd:0=[policykit] )
-"
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- consolekit? ( sys-auth/consolekit[policykit] )
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-PATCHES=(
- # bug 660880
- "${FILESDIR}"/polkit-0.115-elogind.patch
- "${FILESDIR}"/CVE-2018-19788.patch
- "${FILESDIR}"/polkit-0.115-spidermonkey-60.patch
-)
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-pkg_setup() {
- local u=polkitd
- local g=polkitd
- local h=/var/lib/polkit-1
-
- enewgroup ${g}
- enewuser ${u} -1 -1 ${h} ${g}
- esethome ${u} ${h}
-}
-
-src_prepare() {
- default
-
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
- -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
- docs/polkit/Makefile.in || die
-
- # disable broken test - bug #624022
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
-
- # Fix cross-building, bug #590764, elogind patch, bug #598615
- eautoreconf
-}
-
-src_configure() {
- xdg_environment_reset
-
- local myeconfargs=(
- --localstatedir="${EPREFIX}"/var
- --disable-static
- --enable-man-pages
- --disable-gtk-doc
- --disable-examples
- $(use_enable elogind libelogind)
- $(use_enable introspection)
- $(use_enable nls)
- $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
- --with-authfw=$(usex pam pam shadow)
- $(use_enable systemd libsystemd-login)
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
- $(use_enable test)
- --with-os-type=gentoo
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- default
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- default
-
- fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
-
- diropts -m0700 -o polkitd -g polkitd
- keepdir /var/lib/polkit-1
-
- if use examples; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
- chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
-}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-01-25 17:26 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-01-25 17:26 UTC (permalink / raw
To: gentoo-commits
commit: d0e16d6fb24423388c5acd74e5f0b9856af08f08
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 25 17:25:25 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jan 25 17:25:54 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0e16d6f
sys-auth/polkit: fix CVE-2021-4043
Bug: https://bugs.gentoo.org/832057
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../polkit/files/polkit-0.120-CVE-2021-4043.patch | 72 +++++++++++++
sys-auth/polkit/polkit-0.120-r2.ebuild | 120 +++++++++++++++++++++
2 files changed, 192 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
new file mode 100644
index 000000000000..22bb71d14204
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
@@ -0,0 +1,72 @@
+https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+https://bugs.gentoo.org/832057
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
+
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Tue, 25 Jan 2022 17:21:46 +0000
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
+
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+ local_agent_handle = NULL;
+ ret = 126;
+
++ if (argc < 1)
++ {
++ exit(126);
++ }
++
+ /* Disable remote file access from GIO. */
+ setenv ("GIO_USE_VFS", "local", 1);
+
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+ pid_t pid_of_caller;
+ gpointer local_agent_handle;
+
++
++ /*
++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++ */
++ if (argc<1)
++ {
++ exit(127);
++ }
++
+ ret = 127;
+ authority = NULL;
+ subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+
+ path = g_strdup (pwstruct.pw_shell);
+ if (!path)
+- {
++ {
+ g_printerr ("No shell configured or error retrieving pw_shell\n");
+ goto out;
+- }
++ }
+ /* If you change this, be sure to change the if (!command_line)
+ case below too */
+ command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+ goto out;
+ }
+ g_free (path);
+- argv[n] = path = s;
++ path = s;
++
++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++ */
++ if (argv[n] != NULL)
++ {
++ argv[n] = path;
++ }
+ }
+ if (access (path, F_OK) != 0)
+ {
+GitLab
diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild
new file mode 100644
index 000000000000..6af327e19f2f
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc64 ~riscv ~s390 ~x86"
+IUSE="examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:78[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/polkit-0.120-meson.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+ )
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+
+ # meson does not install required files with SUID bit. See
+ # https://bugs.gentoo.org/816393
+ # Remove the following lines once this has been fixed by upstream
+ fperms u+s /usr/bin/pkexec
+ fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-01-26 0:51 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-01-26 0:51 UTC (permalink / raw
To: gentoo-commits
commit: 77e50819c7c7c22dee5ee6b2e7538b3cfff789af
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 26 00:50:34 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 26 00:51:00 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77e50819
sys-auth/polkit: backport CVE-2021-3560, CVE-2021-4043 patches to 0.117
Needed for non-Rust arches like sparc.
(Most users are on 0.120 and already fixed in previous commits.)
Bug: https://bugs.gentoo.org/794052
Bug: https://bugs.gentoo.org/832057
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../polkit/files/polkit-0.117-CVE-2021-3560.patch | 29 +++++
sys-auth/polkit/polkit-0.117-r3.ebuild | 136 +++++++++++++++++++++
2 files changed, 165 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
new file mode 100644
index 000000000000..9c3ce20cf574
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
@@ -0,0 +1,29 @@
+https://bugs.gentoo.org/794052
+
+From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Wed, 2 Jun 2021 15:43:38 +0200
+Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
+
+initial values returned if error caught
+---
+ src/polkit/polkitsystembusname.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
+index 8daa12c..8ed1363 100644
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
+ while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+ g_main_context_iteration (tmp_context, TRUE);
+
++ if (data.caught_error)
++ goto out;
++
+ if (out_uid)
+ *out_uid = data.uid;
+ if (out_pid)
+--
+GitLab
+
diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild
new file mode 100644
index 000000000000..6dab5cf577c0
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.117-r3.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( elogind systemd )"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:68[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+
+ "${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
+ "${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}"/var
+ --disable-static
+ --enable-man-pages
+ --disable-gtk-doc
+ --disable-examples
+ $(use_enable elogind libelogind)
+ $(use_enable introspection)
+ $(use_enable nls)
+ $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+ --with-authfw=$(usex pam pam shadow)
+ $(use_enable systemd libsystemd-login)
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(use_enable test)
+ --with-os-type=gentoo
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+ default
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ default
+
+ if use examples; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+
+ find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-01-27 19:50 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-01-27 19:50 UTC (permalink / raw
To: gentoo-commits
commit: 943593956c04c5c2b1f1c679d5b3f36428d1173a
Author: Mathieu Tortuyaux <mtortuyaux <AT> microsoft <DOT> com>
AuthorDate: Thu Jan 27 09:31:48 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jan 27 19:50:27 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94359395
sys-auth/polkit: fix CVE id
Nit-pick to avoid confusion.
Bug: https://bugs.gentoo.org/832057
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Mathieu Tortuyaux <mtortuyaux <AT> microsoft.com>
Closes: https://github.com/gentoo/gentoo/pull/23980
Signed-off-by: Sam James <sam <AT> gentoo.org>
...olkit-0.120-CVE-2021-4043.patch => polkit-0.120-CVE-2021-4034.patch} | 0
sys-auth/polkit/polkit-0.117-r3.ebuild | 2 +-
sys-auth/polkit/polkit-0.120-r2.ebuild | 2 +-
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
similarity index 100%
rename from sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
rename to sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild
index a486ee25b894..33e09e40e512 100644
--- a/sys-auth/polkit/polkit-0.117-r3.ebuild
+++ b/sys-auth/polkit/polkit-0.117-r3.ebuild
@@ -62,7 +62,7 @@ PATCHES=(
"${FILESDIR}"/polkit-0.115-elogind.patch
"${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
- "${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch
+ "${FILESDIR}"/polkit-0.120-CVE-2021-4034.patch
)
QA_MULTILIB_PATHS="
diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild
index 4d864ecfd564..952906f5d88e 100644
--- a/sys-auth/polkit/polkit-0.120-r2.ebuild
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -63,7 +63,7 @@ QA_MULTILIB_PATHS="
src_prepare() {
local PATCHES=(
"${FILESDIR}/polkit-0.120-meson.patch"
- "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4034.patch"
)
default
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-02-20 0:43 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-02-20 0:43 UTC (permalink / raw
To: gentoo-commits
commit: cca21561571e00e88f434ad94a9cde6851fab244
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 20 00:42:58 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 20 00:42:58 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cca21561
sys-auth/polkit: add musl patch to 0.120_p20220127
Pulled in from ::musl.
Closes: https://bugs.gentoo.org/833753
Bug: https://bugs.gentoo.org/561672
Signed-off-by: Sam James <sam <AT> gentoo.org>
...lkit-0.118-make-netgroup-support-optional.patch | 228 +++++++++++++++++++++
sys-auth/polkit/polkit-0.120_p20220127.ebuild | 3 +
2 files changed, 231 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
new file mode 100644
index 000000000000..b11250fd3992
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
@@ -0,0 +1,228 @@
+Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
+
+https://bugs.gentoo.org/833753
+https://bugs.gentoo.org/561672
+https://bugs.freedesktop.org/show_bug.cgi?id=50145
+https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
+
+Patch has been rebased a bit since but keeping original headers.
+
+From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 11 Jul 2018 04:54:26 -0500
+Subject: [PATCH] make netgroup support optional
+
+On at least Linux/musl and Linux/uclibc, netgroup support is not
+available. PolKit fails to compile on these systems for that reason.
+
+This change makes netgroup support conditional on the presence of the
+setnetgrent(3) function which is required for the support to work. If
+that function is not available on the system, an error will be returned
+to the administrator if unix-netgroup: is specified in configuration.
+
+Fixes bug 50145.
+
+Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
+--- a/configure.ac
++++ b/configure.ac
+@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
+ }
+ else if (g_str_has_prefix (str, "unix-netgroup:"))
+ {
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine ('%s')",
++ str);
++#else
+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+ }
+
+ if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ const char *name;
+
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine");
++ goto out;
++#else
++
+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+ if (v == NULL)
+ {
+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ name = g_variant_get_string (v, NULL);
+ ret = polkit_unix_netgroup_new (name);
+ g_variant_unref (v);
++#endif
+ }
+ else
+ {
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++ g_assert_not_reached();
++#endif
+ g_return_val_if_fail (name != NULL, NULL);
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+ "name", name,
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
+ GList *ret;
+
+ ret = NULL;
++#ifdef HAVE_SETNETGRENT
+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+ if (setnetgrent (name) == 0)
+ {
+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+ goto out;
+ }
+-#else
++# else
+ setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+
+ for (;;)
+ {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+ const char *hostname, *username, *domainname;
+-#else
++# else
+ char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
+ PolkitIdentity *user;
+ GError *error = NULL;
+
+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
+
+ out:
+ endnetgrent ();
++#endif /* HAVE_SETNETGRENT */
+ return ret;
+ }
+
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+
++#ifdef HAVE_SETNETGRENT
+ JS::RootedString usrstr (authority->priv->cx);
+ usrstr = args[0].toString();
+ user = JS_EncodeStringToUTF8 (cx, usrstr);
+@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+ {
+ is_in_netgroup = true;
+ }
++#endif
+
+ ret = true;
+
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+ {"unix-group:root", "unix-group:jane", FALSE},
+ {"unix-group:jane", "unix-group:jane", TRUE},
+
++#ifdef HAVE_SETNETGRENT
+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+
+ {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+ {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+
+ {NULL},
+ };
+@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+
++#ifdef HAVE_SETNETGRENT
+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++#endif
+
+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+
+ add_comparison_tests ();
+
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <string.h>
+@@ -69,7 +70,9 @@ int
+ main (int argc, char *argv[])
+ {
+ g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+ return g_test_run ();
+ }
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_SETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
diff --git a/sys-auth/polkit/polkit-0.120_p20220127.ebuild b/sys-auth/polkit/polkit-0.120_p20220127.ebuild
index c92d740a4cb2..5a56448ed7cb 100644
--- a/sys-auth/polkit/polkit-0.120_p20220127.ebuild
+++ b/sys-auth/polkit/polkit-0.120_p20220127.ebuild
@@ -69,6 +69,9 @@ QA_MULTILIB_PATHS="
src_prepare() {
local PATCHES=(
+ # musl
+ "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+ # Pending upstream
"${FILESDIR}"/${PN}-0.120-meson.patch
)
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-02-22 6:12 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-02-22 6:12 UTC (permalink / raw
To: gentoo-commits
commit: ef7e6d556aac8790982a70acbd5d40130faa2346
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 22 06:11:04 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb 22 06:12:35 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef7e6d55
sys-auth/polkit: patch CVE-2021-4115
- Add as patch to 0.120-r3 (new) to be immediately stabilised
- Additionally bump to 0.120_p20220221 (only difference from
last snapshot is a test timeout fix + this CVE-2021-4115 patch)
but we'll hold off on stabling that given we only added the previous
snapshot a few days ago.
Bug: https://bugs.gentoo.org/833574
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 +
.../polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 +++++++++++++
sys-auth/polkit/polkit-0.120-r3.ebuild | 123 ++++++++++++++++++++
sys-auth/polkit/polkit-0.120_p20220221.ebuild | 126 +++++++++++++++++++++
4 files changed, 328 insertions(+)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 8ff4f745515e..754b065bc059 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1,4 @@
DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
DIST polkit-0.120_p20220127.tar.bz2 733965 BLAKE2B 839a66799df870c36ea3788f68aea355ab99cf8aa0227ee633ee1155822663ce4671de4e9b041274345c1f62fbdf0405754ed1f3c7cf2a8855974854dc126e55 SHA512 67f2c1c7cd69767d578ccba2b94398eb6fcb348a77a4092c3517895190f095caee95ed491c8cff2827e287f4541cf83fefbefca1a0099d7e52bee6f825bbbd4f
+DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
new file mode 100644
index 000000000000..a82ce25cae03
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
@@ -0,0 +1,78 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
+https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
+https://bugs.gentoo.org/833574
+
+From: Jan Rybar <jrybar@redhat.com>
+Date: Mon, 21 Feb 2022 08:29:05 +0000
+Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix
+
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -62,6 +62,10 @@ enum
+ PROP_NAME,
+ };
+
++
++guint8 dbus_call_respond_fails; // has to be global because of callback
++
++
+ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+
+ G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
+@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
+ if (!v)
+ {
+ data->caught_error = TRUE;
++ dbus_call_respond_fails += 1;
+ }
+ else
+ {
+@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
+ tmp_context = g_main_context_new ();
+ g_main_context_push_thread_default (tmp_context);
+
++ dbus_call_respond_fails = 0;
++
+ /* Do two async calls as it's basically as fast as one sync call.
+ */
+ g_dbus_connection_call (connection,
+@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
+ on_retrieved_unix_uid_pid,
+ &data);
+
+- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+- g_main_context_iteration (tmp_context, TRUE);
++ while (TRUE)
++ {
++ /* If one dbus call returns error, we must wait until the other call
++ * calls _call_finish(), otherwise fd leak is possible.
++ * Resolves: GHSL-2021-077
++ */
+
+- if (data.caught_error)
+- goto out;
++ if ( (dbus_call_respond_fails > 1) )
++ {
++ // we got two faults, we can leave
++ goto out;
++ }
++
++ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
++ {
++ // we got one fault and the other call finally finished, we can leave
++ goto out;
++ }
++
++ if ( !(data.retrieved_uid && data.retrieved_pid) )
++ {
++ g_main_context_iteration (tmp_context, TRUE);
++ }
++ else
++ {
++ break;
++ }
++ }
+
+ if (out_uid)
+ *out_uid = data.uid;
+GitLab
diff --git a/sys-auth/polkit/polkit-0.120-r3.ebuild b/sys-auth/polkit/polkit-0.120-r3.ebuild
new file mode 100644
index 000000000000..368a79374d83
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120-r3.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc64 ~riscv ~s390 ~x86"
+IUSE="examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:78[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/polkit-0.120-meson.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4034.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4115.patch"
+ )
+
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+
+ # meson does not install required files with SUID bit. See
+ # https://bugs.gentoo.org/816393
+ # Remove the following lines once this has been fixed by upstream
+ # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
+ fperms u+s /usr/bin/pkexec
+ fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
diff --git a/sys-auth/polkit/polkit-0.120_p20220221.ebuild b/sys-auth/polkit/polkit-0.120_p20220221.ebuild
new file mode 100644
index 000000000000..d3980d9768ad
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120_p20220221.ebuild
@@ -0,0 +1,126 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ MY_COMMIT="b10a1bdb697045db40774f2a9a8c58ae5c7189c3"
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86"
+IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-libs/glib:2
+ dev-libs/expat
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:91[-debug] )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ local PATCHES=(
+ # musl
+ "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+ # Pending upstream
+ "${FILESDIR}"/${PN}-0.120-meson.patch
+ )
+
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ diropts -m 0700 -o polkitd
+ keepdir /usr/share/polkit-1/rules.d
+}
+
+pkg_postinst() {
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-05-15 22:12 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-05-15 22:12 UTC (permalink / raw
To: gentoo-commits
commit: 76caeda5c0ae4a7045d321f32ef95e31722434dd
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun May 15 05:17:19 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun May 15 22:09:39 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76caeda5
sys-auth/polkit: drop 0.117-r3, 0.120-r3
Bug: https://bugs.gentoo.org/794052
Bug: https://bugs.gentoo.org/833574
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/Manifest | 2 -
sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 ---
.../polkit/files/polkit-0.117-CVE-2021-3560.patch | 29 ---
...lkit-0.118-make-netgroup-support-optional.patch | 248 ---------------------
.../polkit/files/polkit-0.120-CVE-2021-4034.patch | 72 ------
.../polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 -------
sys-auth/polkit/metadata.xml | 1 -
sys-auth/polkit/polkit-0.117-r3.ebuild | 136 -----------
sys-auth/polkit/polkit-0.120-r3.ebuild | 123 ----------
9 files changed, 717 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 36f72ccb57f8..1131b5984975 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,4 +1,2 @@
-DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
-DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch
deleted file mode 100644
index 93d672015db4..000000000000
--- a/sys-auth/polkit/files/polkit-0.115-elogind.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
-From: Rasmus Thomsen <cogitri@exherbo.org>
-Date: Wed, 11 Apr 2018 13:14:14 +0200
-Subject: [PATCH] configure: fix elogind support
-
-HAVE_LIBSYSTEMD is used to determine which source files to use.
-We have to check if either have_libsystemd or have_libelogind is
-true, as both of these need the source files which are used when
-HAVE_LIBSYSTEMD is true.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 36df239..da47ecb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
-
- AC_SUBST(LIBSYSTEMD_CFLAGS)
- AC_SUBST(LIBSYSTEMD_LIBS)
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
-
- dnl ---------------------------------------------------------------------------
- dnl - systemd unit / service files
---
-2.17.0
diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
deleted file mode 100644
index 9c3ce20cf574..000000000000
--- a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://bugs.gentoo.org/794052
-
-From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Wed, 2 Jun 2021 15:43:38 +0200
-Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
-
-initial values returned if error caught
----
- src/polkit/polkitsystembusname.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
-index 8daa12c..8ed1363 100644
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
- g_main_context_iteration (tmp_context, TRUE);
-
-+ if (data.caught_error)
-+ goto out;
-+
- if (out_uid)
- *out_uid = data.uid;
- if (out_pid)
---
-GitLab
-
diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
deleted file mode 100644
index 8810e70b7378..000000000000
--- a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
-
-https://bugs.gentoo.org/833753
-https://bugs.gentoo.org/561672
-https://bugs.freedesktop.org/show_bug.cgi?id=50145
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
-
-Patch has been rebased a bit since but keeping original headers.
-
-From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Wed, 11 Jul 2018 04:54:26 -0500
-Subject: [PATCH] make netgroup support optional
-
-On at least Linux/musl and Linux/uclibc, netgroup support is not
-available. PolKit fails to compile on these systems for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work. If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
---- a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
-+
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- {
- is_in_netgroup = true;
- }
-+#endif
-
- ret = true;
-
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
---- a/src/polkitbackend/polkitbackendduktapeauthority.c
-+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
-@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
-
- user = duk_require_string (cx, 0);
- netgroup = duk_require_string (cx, 1);
--
-+#ifdef HAVE_SETNETGRENT
- if (innetgr (netgroup,
- NULL, /* host */
- user,
-@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
- {
- is_in_netgroup = TRUE;
- }
--
-+#endif
- duk_push_boolean (cx, is_in_netgroup);
- return 1;
- }
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
deleted file mode 100644
index 22bb71d14204..000000000000
--- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
-https://bugs.gentoo.org/832057
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
-
-From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Tue, 25 Jan 2022 17:21:46 +0000
-Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
-
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -363,6 +363,11 @@ main (int argc, char *argv[])
- local_agent_handle = NULL;
- ret = 126;
-
-+ if (argc < 1)
-+ {
-+ exit(126);
-+ }
-+
- /* Disable remote file access from GIO. */
- setenv ("GIO_USE_VFS", "local", 1);
-
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -488,6 +488,15 @@ main (int argc, char *argv[])
- pid_t pid_of_caller;
- gpointer local_agent_handle;
-
-+
-+ /*
-+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
-+ */
-+ if (argc<1)
-+ {
-+ exit(127);
-+ }
-+
- ret = 127;
- authority = NULL;
- subject = NULL;
-@@ -614,10 +623,10 @@ main (int argc, char *argv[])
-
- path = g_strdup (pwstruct.pw_shell);
- if (!path)
-- {
-+ {
- g_printerr ("No shell configured or error retrieving pw_shell\n");
- goto out;
-- }
-+ }
- /* If you change this, be sure to change the if (!command_line)
- case below too */
- command_line = g_strdup (path);
-@@ -636,7 +645,15 @@ main (int argc, char *argv[])
- goto out;
- }
- g_free (path);
-- argv[n] = path = s;
-+ path = s;
-+
-+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
-+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
-+ */
-+ if (argv[n] != NULL)
-+ {
-+ argv[n] = path;
-+ }
- }
- if (access (path, F_OK) != 0)
- {
-GitLab
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
deleted file mode 100644
index a82ce25cae03..000000000000
--- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
-https://bugs.gentoo.org/833574
-
-From: Jan Rybar <jrybar@redhat.com>
-Date: Mon, 21 Feb 2022 08:29:05 +0000
-Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix
-
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -62,6 +62,10 @@ enum
- PROP_NAME,
- };
-
-+
-+guint8 dbus_call_respond_fails; // has to be global because of callback
-+
-+
- static void subject_iface_init (PolkitSubjectIface *subject_iface);
-
- G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
-@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
- if (!v)
- {
- data->caught_error = TRUE;
-+ dbus_call_respond_fails += 1;
- }
- else
- {
-@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- tmp_context = g_main_context_new ();
- g_main_context_push_thread_default (tmp_context);
-
-+ dbus_call_respond_fails = 0;
-+
- /* Do two async calls as it's basically as fast as one sync call.
- */
- g_dbus_connection_call (connection,
-@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
- on_retrieved_unix_uid_pid,
- &data);
-
-- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
-- g_main_context_iteration (tmp_context, TRUE);
-+ while (TRUE)
-+ {
-+ /* If one dbus call returns error, we must wait until the other call
-+ * calls _call_finish(), otherwise fd leak is possible.
-+ * Resolves: GHSL-2021-077
-+ */
-
-- if (data.caught_error)
-- goto out;
-+ if ( (dbus_call_respond_fails > 1) )
-+ {
-+ // we got two faults, we can leave
-+ goto out;
-+ }
-+
-+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
-+ {
-+ // we got one fault and the other call finally finished, we can leave
-+ goto out;
-+ }
-+
-+ if ( !(data.retrieved_uid && data.retrieved_pid) )
-+ {
-+ g_main_context_iteration (tmp_context, TRUE);
-+ }
-+ else
-+ {
-+ break;
-+ }
-+ }
-
- if (out_uid)
- *out_uid = data.uid;
-GitLab
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index e93e97eb38ac..4e902cca885e 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -6,7 +6,6 @@
</maintainer>
<use>
<flag name="duktape">Use <pkg>dev-lang/duktape</pkg> instead of <pkg>dev-lang/spidermonkey</pkg> as JavaScript engine</flag>
- <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
</use>
</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild
deleted file mode 100644
index 650af02e7fab..000000000000
--- a/sys-auth/polkit/polkit-0.117-r3.ebuild
+++ /dev/null
@@ -1,136 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ~ppc64 sparc ~x86"
-IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test"
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="^^ ( elogind systemd )"
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- dev-util/gtk-doc-am
- dev-util/intltool
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- dev-lang/spidermonkey:68[-debug]
- dev-libs/glib:2
- dev-libs/expat
- elogind? ( sys-auth/elogind )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-PATCHES=(
- # bug 660880
- "${FILESDIR}"/polkit-0.115-elogind.patch
-
- "${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
- "${FILESDIR}"/polkit-0.120-CVE-2021-4034.patch
-)
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-src_prepare() {
- default
-
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
- -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
- docs/polkit/Makefile.in || die
-
- # disable broken test - bug #624022
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
-
- # Fix cross-building, bug #590764, elogind patch, bug #598615
- eautoreconf
-}
-
-src_configure() {
- xdg_environment_reset
-
- local myeconfargs=(
- --localstatedir="${EPREFIX}"/var
- --disable-static
- --enable-man-pages
- --disable-gtk-doc
- --disable-examples
- $(use_enable elogind libelogind)
- $(use_enable introspection)
- $(use_enable nls)
- $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
- --with-authfw=$(usex pam pam shadow)
- $(use_enable systemd libsystemd-login)
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
- $(use_enable test)
- --with-os-type=gentoo
- )
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- default
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- default
-
- if use examples; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-
- find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
diff --git a/sys-auth/polkit/polkit-0.120-r3.ebuild b/sys-auth/polkit/polkit-0.120-r3.ebuild
deleted file mode 100644
index 8d65989915e6..000000000000
--- a/sys-auth/polkit/polkit-0.120-r3.ebuild
+++ /dev/null
@@ -1,123 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit meson pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~mips ppc64 ~riscv x86"
-IUSE="examples gtk +introspection kde pam selinux systemd test"
-#RESTRICT="!test? ( test )"
-# Tests currently don't work with meson. See
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-RESTRICT="test"
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- dev-lang/spidermonkey:78[-debug]
- dev-libs/glib:2
- dev-libs/expat
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
- !systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/polkit-0.120-meson.patch"
- "${FILESDIR}/polkit-0.120-CVE-2021-4034.patch"
- "${FILESDIR}/polkit-0.120-CVE-2021-4115.patch"
- )
-
- default
-
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-}
-
-src_configure() {
- xdg_environment_reset
-
- local emesonargs=(
- --localstatedir="${EPREFIX}"/var
- -Dauthfw="$(usex pam pam shadow)"
- -Dexamples=false
- -Dgtk_doc=false
- -Dman=true
- -Dos_type=gentoo
- -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
- -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
- $(meson_use introspection)
- $(meson_use test tests)
- $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
- )
- meson_src_configure
-}
-
-src_compile() {
- meson_src_compile
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- meson_src_install
-
- if use examples ; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-
- # meson does not install required files with SUID bit. See
- # https://bugs.gentoo.org/816393
- # Remove the following lines once this has been fixed by upstream
- # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
- fperms u+s /usr/bin/pkexec
- fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-10-15 23:51 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-10-15 23:51 UTC (permalink / raw
To: gentoo-commits
commit: a44b0d4acf34b4a5bbd33c642b674dafe5a42aec
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 15 23:51:03 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Oct 15 23:51:03 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a44b0d4a
sys-auth/polkit: drop versions
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/Manifest | 2 -
...lkit-0.118-make-netgroup-support-optional.patch | 248 ---------------------
sys-auth/polkit/files/polkit-0.120-meson.patch | 42 ----
.../files/polkit-0.120_p20220221-pkexec-suid.patch | 67 ------
sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild | 129 -----------
sys-auth/polkit/polkit-0.120_p20220221.ebuild | 126 -----------
sys-auth/polkit/polkit-0.120_p20220509.ebuild | 146 ------------
7 files changed, 760 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index e635b78c0256..9f7fb1747d8e 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1 @@
-DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
-DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f
DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624
diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
deleted file mode 100644
index 8810e70b7378..000000000000
--- a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
-
-https://bugs.gentoo.org/833753
-https://bugs.gentoo.org/561672
-https://bugs.freedesktop.org/show_bug.cgi?id=50145
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
-
-Patch has been rebased a bit since but keeping original headers.
-
-From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Wed, 11 Jul 2018 04:54:26 -0500
-Subject: [PATCH] make netgroup support optional
-
-On at least Linux/musl and Linux/uclibc, netgroup support is not
-available. PolKit fails to compile on these systems for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work. If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
---- a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
-+
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- {
- is_in_netgroup = true;
- }
-+#endif
-
- ret = true;
-
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhollen@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
---- a/src/polkitbackend/polkitbackendduktapeauthority.c
-+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
-@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
-
- user = duk_require_string (cx, 0);
- netgroup = duk_require_string (cx, 1);
--
-+#ifdef HAVE_SETNETGRENT
- if (innetgr (netgroup,
- NULL, /* host */
- user,
-@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
- {
- is_in_netgroup = TRUE;
- }
--
-+#endif
- duk_push_boolean (cx, is_in_netgroup);
- return 1;
- }
diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch
deleted file mode 100644
index 5e144688d374..000000000000
--- a/sys-auth/polkit/files/polkit-0.120-meson.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001
-From: Simon McVittie <smcv@debian.org>
-Date: Mon, 25 Oct 2021 20:21:27 +0100
-Subject: [PATCH] Don't pass positional parameters to i18n.merge_file
-
-These were always ignored, and Meson 0.60.0 disallowed them.
-
-Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160
-Reference: https://github.com/mesonbuild/meson/pull/9445
-Signed-off-by: Simon McVittie <smcv@debian.org>
----
- actions/meson.build | 1 -
- src/examples/meson.build | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/actions/meson.build b/actions/meson.build
-index 2abaaf3..1e3f370 100644
---- a/actions/meson.build
-+++ b/actions/meson.build
-@@ -1,7 +1,6 @@
- policy = 'org.freedesktop.policykit.policy'
-
- i18n.merge_file(
-- policy,
- input: policy + '.in',
- output: '@BASENAME@',
- po_dir: po_dir,
-diff --git a/src/examples/meson.build b/src/examples/meson.build
-index c6305ab..8c18de5 100644
---- a/src/examples/meson.build
-+++ b/src/examples/meson.build
-@@ -1,7 +1,6 @@
- policy = 'org.freedesktop.policykit.examples.pkexec.policy'
-
- i18n.merge_file(
-- policy,
- input: policy + '.in',
- output: '@BASENAME@',
- po_dir: po_dir,
---
-GitLab
-
diff --git a/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch b/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch
deleted file mode 100644
index 959656b158a1..000000000000
--- a/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/7d4b52c4d71c46049d87a0775de695ea914f3f1b
-https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/113
-https://bugs.gentoo.org/827884
-
-From: Matt Turner <mattst88@gmail.com>
-Date: Tue, 3 May 2022 12:54:37 +0000
-Subject: [PATCH] pkexec: Allow --version and --help even if not setuid root
-
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -514,27 +514,6 @@ main (int argc, char *argv[])
- /* Disable remote file access from GIO. */
- setenv ("GIO_USE_VFS", "local", 1);
-
-- /* check for correct invocation */
-- if (geteuid () != 0)
-- {
-- g_printerr ("pkexec must be setuid root\n");
-- goto out;
-- }
--
-- original_user_name = g_strdup (g_get_user_name ());
-- if (original_user_name == NULL)
-- {
-- g_printerr ("Error getting user name.\n");
-- goto out;
-- }
--
-- if ((original_cwd = g_get_current_dir ()) == NULL)
-- {
-- g_printerr ("Error getting cwd: %s\n",
-- g_strerror (errno));
-- goto out;
-- }
--
- /* First process options and find the command-line to invoke. Avoid using fancy library routines
- * that depend on environtment variables since we haven't cleared the environment just yet.
- */
-@@ -595,6 +574,27 @@ main (int argc, char *argv[])
- goto out;
- }
-
-+ /* check for correct invocation */
-+ if (geteuid () != 0)
-+ {
-+ g_printerr ("pkexec must be setuid root\n");
-+ goto out;
-+ }
-+
-+ original_user_name = g_strdup (g_get_user_name ());
-+ if (original_user_name == NULL)
-+ {
-+ g_printerr ("Error getting user name.\n");
-+ goto out;
-+ }
-+
-+ if ((original_cwd = g_get_current_dir ()) == NULL)
-+ {
-+ g_printerr ("Error getting cwd: %s\n",
-+ g_strerror (errno));
-+ goto out;
-+ }
-+
- if (opt_user == NULL)
- opt_user = g_strdup ("root");
-
-GitLab
diff --git a/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild b/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild
deleted file mode 100644
index a1b8221ce450..000000000000
--- a/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit meson pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-if [[ ${PV} == *_p* ]] ; then
- MY_COMMIT="b10a1bdb697045db40774f2a9a8c58ae5c7189c3"
- SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
- S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
- SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
-#RESTRICT="!test? ( test )"
-# Tests currently don't work with meson. See
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-RESTRICT="test"
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- dev-libs/glib:2
- dev-libs/expat
- duktape? ( dev-lang/duktape:= )
- !duktape? ( dev-lang/spidermonkey:91[-debug] )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
- !systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-src_prepare() {
- local PATCHES=(
- # musl
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
- # In next release
- "${FILESDIR}"/${P}-pkexec-suid.patch
-
- # Pending upstream
- "${FILESDIR}"/${PN}-0.120-meson.patch
- )
-
- default
-
- # bug #401513
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
- xdg_environment_reset
-
- local emesonargs=(
- --localstatedir="${EPREFIX}"/var
- -Dauthfw="$(usex pam pam shadow)"
- -Dexamples=false
- -Dgtk_doc=false
- -Dman=true
- -Dos_type=gentoo
- -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
- -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
- -Djs_engine=$(usex duktape duktape mozjs)
- $(meson_use introspection)
- $(meson_use test tests)
- $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
- )
- meson_src_configure
-}
-
-src_compile() {
- meson_src_compile
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- meson_src_install
-
- if use examples ; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
diff --git a/sys-auth/polkit/polkit-0.120_p20220221.ebuild b/sys-auth/polkit/polkit-0.120_p20220221.ebuild
deleted file mode 100644
index 5ad724dcf86d..000000000000
--- a/sys-auth/polkit/polkit-0.120_p20220221.ebuild
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit meson pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-if [[ ${PV} == *_p* ]] ; then
- MY_COMMIT="b10a1bdb697045db40774f2a9a8c58ae5c7189c3"
- SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
- S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
- SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
-#RESTRICT="!test? ( test )"
-# Tests currently don't work with meson. See
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-RESTRICT="test"
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- dev-libs/glib:2
- dev-libs/expat
- duktape? ( dev-lang/duktape:= )
- !duktape? ( dev-lang/spidermonkey:91[-debug] )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
- !systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-src_prepare() {
- local PATCHES=(
- # musl
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
- # Pending upstream
- "${FILESDIR}"/${PN}-0.120-meson.patch
- )
-
- default
-
- # bug #401513
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
- xdg_environment_reset
-
- local emesonargs=(
- --localstatedir="${EPREFIX}"/var
- -Dauthfw="$(usex pam pam shadow)"
- -Dexamples=false
- -Dgtk_doc=false
- -Dman=true
- -Dos_type=gentoo
- -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
- -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
- -Djs_engine=$(usex duktape duktape mozjs)
- $(meson_use introspection)
- $(meson_use test tests)
- $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
- )
- meson_src_configure
-}
-
-src_compile() {
- meson_src_compile
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- meson_src_install
-
- if use examples ; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
diff --git a/sys-auth/polkit/polkit-0.120_p20220509.ebuild b/sys-auth/polkit/polkit-0.120_p20220509.ebuild
deleted file mode 100644
index 0fedd4058792..000000000000
--- a/sys-auth/polkit/polkit-0.120_p20220509.ebuild
+++ /dev/null
@@ -1,146 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-inherit meson pam pax-utils python-any-r1 systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-if [[ ${PV} == *_p* ]] ; then
- # Upstream don't make releases very often. Test snapshots throughly
- # and review commits, but don't shy away if there's useful stuff there
- # we want.
- MY_COMMIT="c5c6b784221b9dc054548c15e94719c4e961a7f2"
- SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
-
- S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
- SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
-if [[ ${PV} == *_p* ]] ; then
- RESTRICT="!test? ( test )"
-else
- # Tests currently don't work with meson in the dist tarballs. See
- # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
- RESTRICT="test"
-fi
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
- test? (
- $(python_gen_any_dep '
- dev-python/dbus-python[${PYTHON_USEDEP}]
- dev-python/python-dbusmock[${PYTHON_USEDEP}]
- ')
- )
-"
-DEPEND="
- dev-libs/glib:2
- dev-libs/expat
- duktape? ( dev-lang/duktape:= )
- !duktape? ( dev-lang/spidermonkey:91[-debug] )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
- !systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING.md NEWS.md README.md )
-
-QA_MULTILIB_PATHS="usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-python_check_deps() {
- python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
- python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
- use test && python-any-r1_pkg_setup
-}
-
-src_prepare() {
- local PATCHES=(
- # musl
- "${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch
- )
-
- default
-
- # bug #401513
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
- xdg_environment_reset
-
- local emesonargs=(
- --localstatedir="${EPREFIX}"/var
- -Dauthfw="$(usex pam pam shadow)"
- -Dexamples=false
- -Dgtk_doc=false
- -Dman=true
- -Dos_type=gentoo
- -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
- -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
- -Djs_engine=$(usex duktape duktape mozjs)
- $(meson_use introspection)
- $(meson_use test tests)
- $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
- )
- meson_src_configure
-}
-
-src_compile() {
- meson_src_compile
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- meson_src_install
-
- if use examples ; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2024-01-19 5:39 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-01-19 5:39 UTC (permalink / raw
To: gentoo-commits
commit: d2f4032e1407982df7aa87b3e97bb2b7623e511b
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 19 05:38:36 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 19 05:39:01 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2f4032e
sys-auth/polkit: add 124
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/Manifest | 1 +
sys-auth/polkit/files/polkit-124-systemd.patch | 50 ++++++++
sys-auth/polkit/polkit-124.ebuild | 161 +++++++++++++++++++++++++
3 files changed, 212 insertions(+)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index f4ec97d2f7df..6827b9281360 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,2 +1,3 @@
DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26
DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
+DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc
diff --git a/sys-auth/polkit/files/polkit-124-systemd.patch b/sys-auth/polkit/files/polkit-124-systemd.patch
new file mode 100644
index 000000000000..e9b10e99e5da
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-systemd.patch
@@ -0,0 +1,50 @@
+https://github.com/polkit-org/polkit/pull/417
+
+From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Thu, 18 Jan 2024 15:07:32 +0000
+Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is
+ specified
+
+When 'systemdsystemunitdir' is specified as an option the systemd_dep
+variable is not defined, but the sysusers.d directory lookup uses it,
+causing a build failure:
+
+dh_auto_configure -- \
+ -Dexamples=false \
+ -Dintrospection=true \
+ -Dman=true \
+ -Dsystemdsystemunitdir=/usr/lib/systemd/system \
+ -Dtests=true \
+ -Dgtk_doc=true -Dsession_tracking=libsystemd-login
+ cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login
+The Meson build system
+Version: 1.3.1
+Source dir: /builds/bluca/polkit/debian/output/source_dir
+Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu
+Build type: native build
+Project name: polkit
+Project version: 124
+
+<...>
+
+Run-time dependency libsystemd found: YES 255
+Checking for function "sd_uid_get_display" with dependency libsystemd: YES
+Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES
+../meson.build:222:37: ERROR: Unknown variable "systemd_dep".
+
+Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34
+--- a/meson.build
++++ b/meson.build
+@@ -212,9 +212,9 @@ if enable_logind
+ config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
+
+ # systemd unit / service files
++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+ systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
+ if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
+- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
+ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
+ endif
+
diff --git a/sys-auth/polkit/polkit-124.ebuild b/sys-auth/polkit/polkit-124.ebuild
new file mode 100644
index 000000000000..1b576a7af2d7
--- /dev/null
+++ b/sys-auth/polkit/polkit-124.ebuild
@@ -0,0 +1,161 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ # Upstream don't make releases very often. Test snapshots throughly
+ # and review commits, but don't shy away if there's useful stuff there
+ # we want.
+ MY_COMMIT=""
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
+RESTRICT="!test? ( test ) test"
+
+# This seems to be fixed with 121?
+#if [[ ${PV} == *_p* ]] ; then
+# RESTRICT="!test? ( test )"
+#else
+# # Tests currently don't work with meson in the dist tarballs. See
+# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+# RESTRICT="test"
+#fi
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
+ test? (
+ $(python_gen_any_dep '
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
+ ')
+ )
+"
+DEPEND="
+ >=dev-libs/glib-2.32:2
+ dev-libs/expat
+ daemon? (
+ duktape? ( dev-lang/duktape:= )
+ !duktape? ( dev-lang/spidermonkey:115[-debug] )
+ )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="
+ ${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-124-systemd.patch
+)
+
+python_check_deps() {
+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=$(usex duktape duktape mozjs)
+ $(meson_use !daemon libs-only)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
+}
+
+pkg_postinst() {
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
+}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2024-01-19 6:36 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-01-19 6:36 UTC (permalink / raw
To: gentoo-commits
commit: e94da7f8dae815704fe1c371688feb045db9eb16
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 19 06:35:27 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 19 06:35:27 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e94da7f8
sys-auth/polkit: fix non-systemd build, don't install redundant sysusers file
No need for our own sysusers file as acct-user/polkitd already installs one.
Closes: https://bugs.gentoo.org/922458
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../polkit/files/polkit-124-systemd-fixup.patch | 26 ++++++++++++++++++++++
.../{polkit-124.ebuild => polkit-124-r1.ebuild} | 4 ++++
2 files changed, 30 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-124-systemd-fixup.patch b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
new file mode 100644
index 000000000000..fceb33d31afd
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/922458
+https://github.com/polkit-org/polkit/pull/417/files#r1458416421
+--- a/meson.build
++++ b/meson.build
+@@ -212,11 +212,14 @@ if enable_logind
+ config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
+
+ # systemd unit / service files
+- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+ systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
+- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
+- # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
+- systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
++ if session_tracking == 'libsystemd-login'
++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
++
++ if systemd_systemdsystemunitdir == ''
++ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
++ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
++ endif
+ endif
+
+ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d')
+--
+2.43.0
+
diff --git a/sys-auth/polkit/polkit-124.ebuild b/sys-auth/polkit/polkit-124-r1.ebuild
similarity index 96%
rename from sys-auth/polkit/polkit-124.ebuild
rename to sys-auth/polkit/polkit-124-r1.ebuild
index 1b576a7af2d7..d5ae6fcf9f54 100644
--- a/sys-auth/polkit/polkit-124.ebuild
+++ b/sys-auth/polkit/polkit-124-r1.ebuild
@@ -91,6 +91,7 @@ QA_MULTILIB_PATHS="
PATCHES=(
"${FILESDIR}"/${PN}-124-systemd.patch
+ "${FILESDIR}"/${PN}-124-systemd-fixup.patch
)
python_check_deps() {
@@ -140,6 +141,9 @@ src_compile() {
src_install() {
meson_src_install
+ # acct-user/polkitd installs its own (albeit with a different filename)
+ rm -rf "${ED}"/usr/lib/sysusers.d || die
+
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2024-05-03 12:16 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-05-03 12:16 UTC (permalink / raw
To: gentoo-commits
commit: 1521587bb323049922809b7756705792564041a7
Author: Kostadin Shishmanov <kocelfc <AT> tutanota <DOT> com>
AuthorDate: Fri May 3 11:37:06 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 3 12:12:54 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1521587b
sys-auth/polkit: fix tests
Reenable tests with FEATURES="test" and backport test build error fix
for C99 compilers.
Bug: https://bugs.gentoo.org/925440
Signed-off-by: Kostadin Shishmanov <kocelfc <AT> tutanota.com>
Closes: https://github.com/gentoo/gentoo/pull/36527
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/files/polkit-124-c99-fixes.patch | 111 +++++++++++++++++++++++
sys-auth/polkit/polkit-124-r1.ebuild | 13 +--
2 files changed, 113 insertions(+), 11 deletions(-)
diff --git a/sys-auth/polkit/files/polkit-124-c99-fixes.patch b/sys-auth/polkit/files/polkit-124-c99-fixes.patch
new file mode 100644
index 000000000000..00d3cbbd2664
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-c99-fixes.patch
@@ -0,0 +1,111 @@
+https://bugs.gentoo.org/925440
+https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5
+
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Fri, 8 Mar 2024 14:04:33 +0100
+Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file
+ where it is used
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes build error with GCC >= 14 and clang >= 17,
+failing on:
+```
+../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration]
+ 25 | print_indent(stream, indent);
+ | ^~~~~~~~~~~~
+```
+
+Closes: #6
+---
+ subprojects/mocklibc.wrap | 2 +
+ .../packagefiles/mocklibc-print-indent.diff | 68 +++++++++++++++++++
+ 2 files changed, 70 insertions(+)
+ create mode 100644 subprojects/packagefiles/mocklibc-print-indent.diff
+
+diff --git a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap
+index af82298..539ee83 100644
+--- a/subprojects/mocklibc.wrap
++++ b/subprojects/mocklibc.wrap
+@@ -8,3 +8,5 @@ source_hash = b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120
+ patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip
+ patch_filename = mocklibc-1.0-2-wrap.zip
+ patch_hash = 0280f96a2eeb3c023e5acf4e00cef03d362868218d4a85347ea45137c0ef6c56
++
++diff_files = mocklibc-print-indent.diff
+diff --git a/subprojects/packagefiles/mocklibc-print-indent.diff b/subprojects/packagefiles/mocklibc-print-indent.diff
+new file mode 100644
+index 0000000..d8b2029
+--- /dev/null
++++ b/subprojects/packagefiles/mocklibc-print-indent.diff
+@@ -0,0 +1,68 @@
++From: Vincent Mihalkovic <vmihalko@redhat.com>
++Date: Fri, 8 Mar 2024 14:04:33 +0100
++Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file
++ where it is used
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++This fixes build error with GCC >= 14 and clang >= 17,
++failing on:
++```
++../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration]
++ 25 | print_indent(stream, indent);
++ | ^~~~~~~~~~~~
++```
++
++Closes: #6
++---
++ src/netgroup-debug.c | 11 +++++++++++
++ src/netgroup.c | 11 -----------
++ 2 files changed, 11 insertions(+), 11 deletions(-)
++
++diff --git a/src/netgroup-debug.c b/src/netgroup-debug.c
++index 81d6e72..46e5b25 100644
++--- a/src/netgroup-debug.c
+++++ b/src/netgroup-debug.c
++@@ -21,6 +21,17 @@
++ #include <stdio.h>
++ #include <stdlib.h>
++
+++/**
+++ * Print a varaible indentation to the stream.
+++ * @param stream Stream to print to
+++ * @param indent Number of indents to use
+++ */
+++static void print_indent(FILE *stream, unsigned int indent) {
+++ int i;
+++ for (i = 0; i < indent; i++)
+++ fprintf(stream, " ");
+++}
+++
++ void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent) {
++ print_indent(stream, indent);
++
++diff --git a/src/netgroup.c b/src/netgroup.c
++index 06a8a89..e16e451 100644
++--- a/src/netgroup.c
+++++ b/src/netgroup.c
++@@ -71,17 +71,6 @@ static char *parser_copy_word(char **cur) {
++ return result;
++ }
++
++-/**
++- * Print a varaible indentation to the stream.
++- * @param stream Stream to print to
++- * @param indent Number of indents to use
++- */
++-void print_indent(FILE *stream, unsigned int indent) {
++- int i;
++- for (i = 0; i < indent; i++)
++- fprintf(stream, " ");
++-}
++-
++ /**
++ * Connect entries with 'child' type to their child entries.
++ * @param headentry Head of list of entries that need to be connected
++--
++2.43.0
+--
diff --git a/sys-auth/polkit/polkit-124-r1.ebuild b/sys-auth/polkit/polkit-124-r1.ebuild
index d5ae6fcf9f54..4d3b917273a7 100644
--- a/sys-auth/polkit/polkit-124-r1.ebuild
+++ b/sys-auth/polkit/polkit-124-r1.ebuild
@@ -24,17 +24,7 @@ LICENSE="LGPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
-RESTRICT="!test? ( test ) test"
-
-# This seems to be fixed with 121?
-#if [[ ${PV} == *_p* ]] ; then
-# RESTRICT="!test? ( test )"
-#else
-# # Tests currently don't work with meson in the dist tarballs. See
-# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-# RESTRICT="test"
-#fi
+RESTRICT="!test? ( test )"
BDEPEND="
acct-user/polkitd
@@ -92,6 +82,7 @@ QA_MULTILIB_PATHS="
PATCHES=(
"${FILESDIR}"/${PN}-124-systemd.patch
"${FILESDIR}"/${PN}-124-systemd-fixup.patch
+ "${FILESDIR}"/${PN}-124-c99-fixes.patch
)
python_check_deps() {
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2024-09-01 9:26 Sam James
0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-09-01 9:26 UTC (permalink / raw
To: gentoo-commits
commit: 876a5e69fe11b38c85839fd3906d4c5fca3f4a03
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 1 09:24:33 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep 1 09:24:33 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=876a5e69
sys-auth/polkit: fix musl build
Closes: https://bugs.gentoo.org/938874
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-auth/polkit/files/polkit-125-musl.patch | 34 +++++++++++++++++++++++++++++
sys-auth/polkit/polkit-125.ebuild | 4 ++++
2 files changed, 38 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-125-musl.patch b/sys-auth/polkit/files/polkit-125-musl.patch
new file mode 100644
index 000000000000..ee0a444c919e
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-125-musl.patch
@@ -0,0 +1,34 @@
+https://github.com/polkit-org/polkit/commit/13bea3e08f924002a6a5c2f275d4bf1588fc3d02
+
+From 13bea3e08f924002a6a5c2f275d4bf1588fc3d02 Mon Sep 17 00:00:00 2001
+From: Sertonix <sertonix@posteo.net>
+Date: Sun, 11 Aug 2024 00:26:51 +0200
+Subject: [PATCH] Fix missing arguments with HAVE_PTHREAD_CONDATTR_SETCLOCK
+
+Fixes <64f5e4dda52> Add syslog-style log levels support
+--- a/src/polkitbackend/polkitbackendduktapeauthority.c
++++ b/src/polkitbackend/polkitbackendduktapeauthority.c
+@@ -767,12 +767,14 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
+ #ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK
+ if ((pthread_err = pthread_condattr_init(&attr))) {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ LOG_LEVEL_ERROR,
+ "Error initializing condition variable attributes: %s",
+ strerror(pthread_err));
+ return FALSE;
+ }
+ if ((pthread_err = pthread_condattr_setclock(&attr, PK_CLOCK))) {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ LOG_LEVEL_ERROR,
+ "Error setting condition variable attributes: %s",
+ strerror(pthread_err));
+ goto err_clean_condattr;
+@@ -780,6 +782,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
+ /* Init again, with needed attr */
+ if ((pthread_err = pthread_cond_init(&ctx->cond, &attr))) {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++ LOG_LEVEL_ERROR,
+ "Error initializing condition variable: %s",
+ strerror(pthread_err));
+ goto err_clean_condattr;
+
diff --git a/sys-auth/polkit/polkit-125.ebuild b/sys-auth/polkit/polkit-125.ebuild
index 53939dcb72eb..fa58387359d1 100644
--- a/sys-auth/polkit/polkit-125.ebuild
+++ b/sys-auth/polkit/polkit-125.ebuild
@@ -80,6 +80,10 @@ QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkitd
"
+PATCHES=(
+ "${FILESDIR}"/${P}-musl.patch
+)
+
python_check_deps() {
python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
^ permalink raw reply related [flat|nested] 16+ messages in thread
end of thread, other threads:[~2024-09-01 9:26 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-03 12:16 [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-09-01 9:26 Sam James
2024-01-19 6:36 Sam James
2024-01-19 5:39 Sam James
2022-10-15 23:51 Sam James
2022-05-15 22:12 Sam James
2022-02-22 6:12 Sam James
2022-02-20 0:43 Sam James
2022-01-27 19:50 Sam James
2022-01-26 0:51 Sam James
2022-01-25 17:26 Sam James
2020-10-04 16:07 Andreas Sturmlechner
2019-03-26 8:58 Lars Wendler
2018-08-08 20:45 Andreas Sturmlechner
2017-06-27 12:04 Michael Palimaka
2017-01-14 19:26 Andreas Sturmlechner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox