public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2017-01-14 19:26 Andreas Sturmlechner
  0 siblings, 0 replies; 16+ messages in thread
From: Andreas Sturmlechner @ 2017-01-14 19:26 UTC (permalink / raw
  To: gentoo-commits

commit:     7ffb5079b8c109223cfeb4519abb84a6c5516293
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 14 12:24:15 2017 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sat Jan 14 19:25:03 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ffb5079

sys-auth/polkit: Add USE=elogind, bump to EAPI 6

Gentoo-bug: 598615

Drop non-existent lxde-base/lxpolkit from PDEPEND

Package-Manager: portage-2.3.0

 sys-auth/polkit/files/polkit-0.113-elogind.patch | 160 +++++++++++++++++++++++
 sys-auth/polkit/metadata.xml                     |   1 +
 sys-auth/polkit/polkit-0.113-r2.ebuild           | 133 +++++++++++++++++++
 3 files changed, 294 insertions(+)

diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch
new file mode 100644
index 00000000..fb142c6
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch
@@ -0,0 +1,160 @@
+--- a/configure.ac	2016-11-03 20:16:02.842071344 +0100
++++ b/configure.ac	2016-11-03 20:15:34.612071850 +0100
+@@ -183,11 +183,12 @@
+ 
+ AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"])
+ 
+-dnl ---------------------------------------------------------------------------
+-dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking
+-dnl ---------------------------------------------------------------------------
++dnl -----------------------------------------------------------------------------------
++dnl - Select wether to use libsystemd-login, elogind or ConsoleKit for session tracking
++dnl -----------------------------------------------------------------------------------
+ 
+ have_libsystemd=no
++have_elogind=no
+ SESSION_TRACKING=ConsoleKit
+ 
+ AC_ARG_ENABLE([libsystemd-login],
+@@ -220,6 +221,29 @@
+     fi
+   fi
+ fi
++
++AC_ARG_ENABLE([libelogind],
++              [AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])],
++              [enable_libelogind=$enableval],
++              [enable_libelogind=auto])
++if test "$enable_libelogind" != "no"; then
++  PKG_CHECK_MODULES([LIBELOGIND],
++    [libelogind],
++    [have_libelogind=yes],
++    [have_libelogind=no])
++  if test "$have_libelogind" = "yes"; then
++    SESSION_TRACKING=libelogind
++    AC_DEFINE([HAVE_LIBELOGIND], 1, [Define to 1 if libelogind is available])
++    save_LIBS=$LIBS
++    LIBS=$LIBELOGIND_LIBS
++    AC_CHECK_FUNCS(sd_uid_get_display)
++    LIBS=$save_LIBS
++  else
++    if test "$enable_libelogind" = "yes"; then
++      AC_MSG_ERROR([libelogind support requested but libelogind not found])
++    fi
++  fi
++fi
+ 
+ AS_IF([test "x$cross_compiling" != "xyes" ], [
+   AS_IF([test "$have_libsystemd" = "yes"], [
+@@ -245,6 +245,10 @@
+ AC_SUBST(LIBSYSTEMD_LIBS)
+ AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
+ 
++AC_SUBST(LIBELOGIND_CFLAGS)
++AC_SUBST(LIBELOGIND_LIBS)
++AM_CONDITIONAL(HAVE_LIBELOGIND, [test "$have_libelogind" = "yes"], [Using libelogind])
++
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+ dnl ---------------------------------------------------------------------------
+--- a/src/polkitbackend/Makefile.am	2016-11-04 04:40:46.930116006 +0100
++++ b/src/polkitbackend/Makefile.am	2016-11-04 04:42:14.586114436 +0100
+@@ -42,21 +42,28 @@
+ libpolkit_backend_1_la_SOURCES += \
+ 	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor-systemd.c
+ else
++if HAVE_LIBELOGIND
++libpolkit_backend_1_la_SOURCES += \
++	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor-systemd.c
++else
+ libpolkit_backend_1_la_SOURCES += \
+ 	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor.c
+ endif
++endif
+ 
+ libpolkit_backend_1_la_CFLAGS =                                        	\
+         -D_POLKIT_COMPILATION                                  		\
+         -D_POLKIT_BACKEND_COMPILATION                                  	\
+         $(GLIB_CFLAGS)							\
+ 	$(LIBSYSTEMD_CFLAGS)						\
++	$(LIBELOGIND_CFLAGS)						\
+ 	$(LIBJS_CFLAGS)							\
+         $(NULL)
+ 
+ libpolkit_backend_1_la_LIBADD =                               		\
+         $(GLIB_LIBS)							\
+ 	$(LIBSYSTEMD_LIBS)						\
++	$(LIBELOGIND_LIBS)						\
+ 	$(top_builddir)/src/polkit/libpolkit-gobject-1.la		\
+ 	$(EXPAT_LIBS)							\
+ 	$(LIBJS_LIBS)							\
+--- a/src/polkit/Makefile.am	2016-11-04 04:41:02.756115723 +0100
++++ b/src/polkit/Makefile.am	2016-11-04 04:42:49.428113812 +0100
+@@ -85,19 +85,26 @@
+ libpolkit_gobject_1_la_SOURCES += \
+ 	polkitunixsession-systemd.c		polkitunixsession.h
+ else
++if HAVE_LIBELOGIND
++libpolkit_gobject_1_la_SOURCES += \
++	polkitunixsession-systemd.c		polkitunixsession.h
++else
+ libpolkit_gobject_1_la_SOURCES += \
+ 	polkitunixsession.c			polkitunixsession.h
+ endif
++endif
+ 
+ libpolkit_gobject_1_la_CFLAGS =                                        	\
+         -D_POLKIT_COMPILATION                                  		\
+         $(GLIB_CFLAGS)							\
+ 	$(LIBSYSTEMD_CFLAGS)						\
++	$(LIBELOGIND_CFLAGS)						\
+         $(NULL)
+ 
+ libpolkit_gobject_1_la_LIBADD =                               		\
+         $(GLIB_LIBS)							\
+ 	$(LIBSYSTEMD_LIBS)						\
++	$(LIBELOGIND_LIBS)						\
+         $(NULL)
+ 
+ libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
+--- a/src/polkitbackend/polkitbackendjsauthority.c	2016-11-04 04:44:29.650112018 +0100
++++ b/src/polkitbackend/polkitbackendjsauthority.c	2016-11-04 04:44:58.283111505 +0100
+@@ -39,6 +39,10 @@
+ #include <systemd/sd-login.h>
+ #endif /* HAVE_LIBSYSTEMD */
+ 
++#ifdef HAVE_LIBELOGIND
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBELOGIND */
++
+ #include <jsapi.h>
+ 
+ #include "initjs.h" /* init.js */
+--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c	2016-11-04 04:44:29.650112018 +0100
++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c	2016-11-04 04:46:52.718109455 +0100
+@@ -25,7 +25,11 @@
+ #include <grp.h>
+ #include <string.h>
+ #include <glib/gstdio.h>
++#ifdef HAVE_LIBSYSTEMD
+ #include <systemd/sd-login.h>
++#else
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBSYSTEMD versus HAVE_LIBELOGIND */
+ #include <stdlib.h>
+ 
+ #include <polkit/polkit.h>
+--- a/src/polkit/polkitunixsession-systemd.c	2016-11-04 04:44:29.651112017 +0100
++++ b/src/polkit/polkitunixsession-systemd.c	2016-11-04 04:47:07.160109197 +0100
+@@ -30,7 +30,11 @@
+ #include "polkiterror.h"
+ #include "polkitprivate.h"
+ 
++#ifdef HAVE_LIBSYSTEMD
+ #include <systemd/sd-login.h>
++#else
++#include <elogind/sd-login.h>
++#endif /* HAVE_LIBSYSTEMD versus HAVE_ELOGIND */
+ 
+ /**
+  * SECTION:polkitunixsession

diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index cc3a0b4..348a315 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -5,6 +5,7 @@
 		<email>freedesktop-bugs@gentoo.org</email>
 	</maintainer>
 	<use>
+		<flag name="elogind">Use <pkg>sys-auth/elogind</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
 		<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> instead of <pkg>sys-auth/consolekit</pkg> for session tracking</flag>
 	</use>
 </pkgmetadata>

diff --git a/sys-auth/polkit/polkit-0.113-r2.ebuild b/sys-auth/polkit/polkit-0.113-r2.ebuild
new file mode 100644
index 00000000..4ec829a
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.113-r2.ebuild
@@ -0,0 +1,133 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+	dev-lang/spidermonkey:0/mozjs185[-debug]
+	dev-libs/glib:2
+	dev-libs/expat
+	elogind? ( sys-auth/elogind )
+	introspection? ( dev-libs/gobject-introspection )
+	pam? (
+		sys-auth/pambase
+		virtual/pam
+	)
+	systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt
+	dev-util/gtk-doc-am
+	dev-util/intltool
+	sys-devel/gettext
+	virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( >=gnome-extra/polkit-gnome-0.105 )
+	kde? ( || (
+		kde-plasma/polkit-kde-agent
+		sys-auth/polkit-kde-agent
+	) )
+	!systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=( "${FILESDIR}"/${P}-elogind.patch )
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+	local u=polkitd
+	local g=polkitd
+	local h=/var/lib/polkit-1
+
+	enewgroup ${g}
+	enewuser ${u} -1 -1 ${h} ${g}
+	esethome ${u} ${h}
+}
+
+src_prepare() {
+	default
+
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+	# Workaround upstream hack around standard gtk-doc behavior, bug #552170
+	sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+		-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+		-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+		docs/polkit/Makefile.in || die
+
+	# Fix cross-building, bug #590764, elogind patch, bug #598615
+	eautoreconf
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	econf \
+		--localstatedir="${EPREFIX}"/var \
+		--disable-static \
+		--enable-man-pages \
+		--disable-gtk-doc \
+		--disable-examples \
+		--with-mozjs=mozjs185 \
+		$(use_enable elogind libelogind) \
+		$(use_enable introspection) \
+		$(use_enable nls) \
+		$(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \
+		--with-authfw=$(usex pam pam shadow) \
+		$(use_enable systemd libsystemd-login) \
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+		$(use_enable test) \
+		--with-os-type=gentoo
+}
+
+src_compile() {
+	default
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	default
+
+	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+	diropts -m0700 -o polkitd -g polkitd
+	keepdir /var/lib/polkit-1
+
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		doins src/examples/{*.c,*.policy*}
+	fi
+
+	find "${D}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2017-06-27 12:04 Michael Palimaka
  0 siblings, 0 replies; 16+ messages in thread
From: Michael Palimaka @ 2017-06-27 12:04 UTC (permalink / raw
  To: gentoo-commits

commit:     487ef5103ed45a49310282d483c41f0dcf6638e2
Author:     Sven Eden <yamakuzure <AT> gmx <DOT> net>
AuthorDate: Tue Jun 27 12:03:40 2017 +0000
Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Tue Jun 27 12:04:19 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=487ef510

sys-auth/polkit: improve elogind patch

Gentoo-bug: 622800
Package-Manager: Portage-2.3.6, Repoman-2.3.2

 sys-auth/polkit/files/polkit-0.113-elogind.patch   | 22 ++++++++++++++++++++--
 ...lkit-0.113-r2.ebuild => polkit-0.113-r3.ebuild} |  0
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch
index fb142c65ce6..c822e00d24a 100644
--- a/sys-auth/polkit/files/polkit-0.113-elogind.patch
+++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch
@@ -117,8 +117,8 @@
          $(NULL)
  
  libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
---- a/src/polkitbackend/polkitbackendjsauthority.c	2016-11-04 04:44:29.650112018 +0100
-+++ b/src/polkitbackend/polkitbackendjsauthority.c	2016-11-04 04:44:58.283111505 +0100
+--- a/src/polkitbackend/polkitbackendjsauthority.c	2017-06-27 09:22:03.375841040 +0200
++++ b/src/polkitbackend/polkitbackendjsauthority.c	2017-06-27 09:25:33.815845141 +0200
 @@ -39,6 +39,10 @@
  #include <systemd/sd-login.h>
  #endif /* HAVE_LIBSYSTEMD */
@@ -130,6 +130,24 @@
  #include <jsapi.h>
  
  #include "initjs.h" /* init.js */
+@@ -793,7 +797,7 @@
+       g_assert_not_reached ();
+     }
+ 
+-#ifdef HAVE_LIBSYSTEMD
++#if defined(HAVE_LIBSYSTEMD) || defined(HAVE_LIBELOGIND)
+   if (sd_pid_get_session (pid, &session_str) == 0)
+     {
+       if (sd_session_get_seat (session_str, &seat_str) == 0)
+@@ -801,7 +805,7 @@
+           /* do nothing */
+         }
+     }
+-#endif /* HAVE_LIBSYSTEMD */
++#endif /* HAVE_LIBSYSTEMD or HAVE_LIBELOGIND */
+ 
+   g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
+   uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject));
 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c	2016-11-04 04:44:29.650112018 +0100
 +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c	2016-11-04 04:46:52.718109455 +0100
 @@ -25,7 +25,11 @@

diff --git a/sys-auth/polkit/polkit-0.113-r2.ebuild b/sys-auth/polkit/polkit-0.113-r3.ebuild
similarity index 100%
rename from sys-auth/polkit/polkit-0.113-r2.ebuild
rename to sys-auth/polkit/polkit-0.113-r3.ebuild


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2018-08-08 20:45 Andreas Sturmlechner
  0 siblings, 0 replies; 16+ messages in thread
From: Andreas Sturmlechner @ 2018-08-08 20:45 UTC (permalink / raw
  To: gentoo-commits

commit:     796d413851084fa37559c1806e436cb8bdfce936
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  8 19:55:48 2018 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Wed Aug  8 20:45:29 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=796d4138

sys-auth/polkit: Fix configure with elogind

See also: https://bugs.freedesktop.org/show_bug.cgi?id=105989
Closes: https://bugs.gentoo.org/660880
Closes: https://bugs.gentoo.org/662338
Package-Manager: Portage-2.3.45, Repoman-2.3.10

 sys-auth/polkit/files/polkit-0.115-elogind.patch |  28 +++++
 sys-auth/polkit/polkit-0.115-r1.ebuild           | 137 +++++++++++++++++++++++
 2 files changed, 165 insertions(+)

diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch
new file mode 100644
index 00000000000..93d672015db
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-elogind.patch
@@ -0,0 +1,28 @@
+From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
+From: Rasmus Thomsen <cogitri@exherbo.org>
+Date: Wed, 11 Apr 2018 13:14:14 +0200
+Subject: [PATCH] configure: fix elogind support
+
+HAVE_LIBSYSTEMD is used to determine which source files to use.
+We have to check if either have_libsystemd or have_libelogind is
+true, as both of these need the source files which are used when
+HAVE_LIBSYSTEMD is true.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 36df239..da47ecb 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
+ 
+ AC_SUBST(LIBSYSTEMD_CFLAGS)
+ AC_SUBST(LIBSYSTEMD_LIBS)
+-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
+ 
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+-- 
+2.17.0

diff --git a/sys-auth/polkit/polkit-0.115-r1.ebuild b/sys-auth/polkit/polkit-0.115-r1.ebuild
new file mode 100644
index 00000000000..f07c7ca222e
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r1.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+	dev-lang/spidermonkey:52[-debug]
+	dev-libs/glib:2
+	dev-libs/expat
+	elogind? ( sys-auth/elogind )
+	introspection? ( dev-libs/gobject-introspection )
+	pam? (
+		sys-auth/pambase
+		virtual/pam
+	)
+	systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/gtk-doc-am
+	dev-util/intltool
+	sys-devel/gettext
+	virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+	!systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=( "${FILESDIR}"/${P}-elogind.patch ) # bug 660880
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+	local u=polkitd
+	local g=polkitd
+	local h=/var/lib/polkit-1
+
+	enewgroup ${g}
+	enewuser ${u} -1 -1 ${h} ${g}
+	esethome ${u} ${h}
+}
+
+src_prepare() {
+	default
+
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+	# Workaround upstream hack around standard gtk-doc behavior, bug #552170
+	sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+		-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+		-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+		docs/polkit/Makefile.in || die
+
+	# disable broken test - bug #624022
+	sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+	# Fix cross-building, bug #590764, elogind patch, bug #598615
+	eautoreconf
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}"/var
+		--disable-static
+		--enable-man-pages
+		--disable-gtk-doc
+		--disable-examples
+		$(use_enable elogind libelogind)
+		$(use_enable introspection)
+		$(use_enable nls)
+		$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+		--with-authfw=$(usex pam pam shadow)
+		$(use_enable systemd libsystemd-login)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+		$(use_enable test)
+		--with-os-type=gentoo
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	default
+
+	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+	diropts -m0700 -o polkitd -g polkitd
+	keepdir /var/lib/polkit-1
+
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		doins src/examples/{*.c,*.policy*}
+	fi
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2019-03-26  8:58 Lars Wendler
  0 siblings, 0 replies; 16+ messages in thread
From: Lars Wendler @ 2019-03-26  8:58 UTC (permalink / raw
  To: gentoo-commits

commit:     3593d9638f4876e8540afb40012856ebe6d257b5
Author:     Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache <DOT> Org>
AuthorDate: Mon Mar 25 00:49:59 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Mar 26 08:58:40 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3593d963

sys-auth/polkit: Use dev-lang/spidermonkey:60.

Port to EAPI="7".
Improve HOMEPAGE.

Fixes: https://bugs.gentoo.org/681692
Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever <AT> Apache.Org>
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 .../files/polkit-0.115-spidermonkey-60.patch       | 180 +++++++++++++++++++++
 sys-auth/polkit/polkit-0.115-r4.ebuild             | 143 ++++++++++++++++
 2 files changed, 323 insertions(+)

diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
new file mode 100644
index 00000000000..8a4510ad205
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
@@ -0,0 +1,180 @@
+From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi <ebassi@gnome.org>
+Date: Fri, 31 Aug 2018 13:32:16 +0100
+Subject: [PATCH] Depend on mozjs-60
+
+This is the new ESR version of the Mozilla JS engine, superceding
+mozjs-52.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5c37e48..5cedb4e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+ 
+-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
++PKG_CHECK_MODULES(LIBJS, [mozjs-60])
+ 
+ AC_SUBST(LIBJS_CFLAGS)
+ AC_SUBST(LIBJS_CXXFLAGS)
+
+
+From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi <ebassi@gnome.org>
+Date: Fri, 31 Aug 2018 13:33:20 +0100
+Subject: [PATCH] Port the JS authority to mozjs-60
+
+API changes in mozjs that need to be reflected in the JS authority:
+
+ - the JS::CompileOptions constructor and the JS::CompartmentOptions
+   do not allow setting a JS version any more
+
+ - do not use NULL comparisons for C++ objects
+
+ - the resize() method for a vector has a return value that needs
+   to be handled
+
+ - JSClassOps has different fields
+---
+ .../polkitbackendjsauthority.cpp              | 65 +++++++++----------
+ 1 file changed, 32 insertions(+), 33 deletions(-)
+
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 7602714..984a0f0 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
+ static const struct JSClassOps js_global_class_ops = {
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL
++  nullptr,  // addProperty
++  nullptr,  // deleteProperty
++  nullptr,  // enumerate
++  nullptr,  // newEnumerate
++  nullptr,  // resolve
++  nullptr,  // mayResolve
++  nullptr,  // finalize
++  nullptr,  // call
++  nullptr,  // hasInstance
++  nullptr,  // construct
++  JS_GlobalObjectTraceHook
+ };
+ 
+ static JSClass js_global_class = {
+@@ -172,18 +171,17 @@ static JSClass js_global_class = {
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+ static const struct JSClassOps js_polkit_class_ops = {
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL,
+-  NULL
++  nullptr,  // addProperty
++  nullptr,  // deleteProperty
++  nullptr,  // enumerate
++  nullptr,  // newEnumerate
++  nullptr,  // resolve
++  nullptr,  // mayResolve
++  nullptr,  // finalize
++  nullptr,  // call
++  nullptr,  // hasInstance
++  nullptr,  // construct
++  nullptr   // trace
+ };
+ 
+ static JSClass js_polkit_class = {
+@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
+ 
+   {
+     JS::CompartmentOptions compart_opts;
+-    compart_opts.behaviors().setVersion(JSVERSION_LATEST);
++
+     JS::RootedObject global(authority->priv->cx);
+ 
+     authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
+ 
+     global = authority->priv->js_global->get ();
+-
+-    if (global == NULL)
++    if (!global)
+       goto fail;
+ 
+     authority->priv->ac = new JSAutoCompartment(authority->priv->cx,  global);
+ 
+-    if (authority->priv->ac == NULL)
++    if (!authority->priv->ac)
+       goto fail;
+ 
+     if (!JS_InitStandardClasses (authority->priv->cx, global))
+@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
+ 
+     polkit = authority->priv->js_polkit->get ();
+ 
+-    if (polkit == NULL)
++    if (!polkit)
+       goto fail;
+ 
+     if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
+@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
+                              js_polkit_functions))
+       goto fail;
+ 
+-    JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++    JS::CompileOptions options(authority->priv->cx);
+     JS::RootedValue rval(authority->priv->cx);
+     if (!JS::Evaluate (authority->priv->cx,
+                        options,
+@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority  *authority,
+   JS::AutoValueVector elems(authority->priv->cx);
+   guint n;
+ 
+-  elems.resize(value->len);
++  if (!elems.resize(value->len))
++    g_error ("Unable to resize vector");
++
+   for (n = 0; n < value->len; n++)
+     {
+       const char *c_string = (const char *) g_ptr_array_index(value, n);
+@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority  *authority,
+                   GError                   **error)
+ {
+   gboolean ret = FALSE;
+-  JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++  JS::CompileOptions options(authority->priv->cx);
+   const char *src;
+   JS::RootedObject obj(authority->priv->cx);
+   pid_t pid;
+@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority  *authority,
+                              GError                   **error)
+ {
+   gboolean ret = FALSE;
+-  JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
++  JS::CompileOptions options(authority->priv->cx);
+   const char *src;
+   JS::RootedObject obj(authority->priv->cx);
+   gchar **keys;

diff --git a/sys-auth/polkit/polkit-0.115-r4.ebuild b/sys-auth/polkit/polkit-0.115-r4.ebuild
new file mode 100644
index 00000000000..ecc024a27d3
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r4.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+BDEPEND="
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/glib-utils
+	dev-util/gtk-doc-am
+	dev-util/intltool
+	sys-devel/gettext
+	virtual/pkgconfig
+	introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+	dev-lang/spidermonkey:60[-debug]
+	dev-libs/glib:2
+	dev-libs/expat
+	elogind? ( sys-auth/elogind )
+	pam? (
+		sys-auth/pambase
+		virtual/pam
+	)
+	systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+	!systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+	# bug 660880
+	"${FILESDIR}"/polkit-0.115-elogind.patch
+	"${FILESDIR}"/CVE-2018-19788.patch
+	"${FILESDIR}"/polkit-0.115-spidermonkey-60.patch
+)
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+	local u=polkitd
+	local g=polkitd
+	local h=/var/lib/polkit-1
+
+	enewgroup ${g}
+	enewuser ${u} -1 -1 ${h} ${g}
+	esethome ${u} ${h}
+}
+
+src_prepare() {
+	default
+
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+	# Workaround upstream hack around standard gtk-doc behavior, bug #552170
+	sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+		-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+		-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+		docs/polkit/Makefile.in || die
+
+	# disable broken test - bug #624022
+	sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+	# Fix cross-building, bug #590764, elogind patch, bug #598615
+	eautoreconf
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}"/var
+		--disable-static
+		--enable-man-pages
+		--disable-gtk-doc
+		--disable-examples
+		$(use_enable elogind libelogind)
+		$(use_enable introspection)
+		$(use_enable nls)
+		$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+		--with-authfw=$(usex pam pam shadow)
+		$(use_enable systemd libsystemd-login)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+		$(use_enable test)
+		--with-os-type=gentoo
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	default
+
+	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+	diropts -m0700 -o polkitd -g polkitd
+	keepdir /var/lib/polkit-1
+
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		doins src/examples/{*.c,*.policy*}
+	fi
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2020-10-04 16:07 Andreas Sturmlechner
  0 siblings, 0 replies; 16+ messages in thread
From: Andreas Sturmlechner @ 2020-10-04 16:07 UTC (permalink / raw
  To: gentoo-commits

commit:     1bed18530dc535caec4a9fbfe2f9c4de9ac3d730
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Sun Oct  4 15:58:22 2020 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Sun Oct  4 15:58:22 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bed1853

sys-auth/polkit: Cleanup vulnerable 0.115-r4

Bug: https://bugs.gentoo.org/717712
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 sys-auth/polkit/Manifest                           |   1 -
 sys-auth/polkit/files/CVE-2018-19788.patch         | 339 ---------------------
 .../files/polkit-0.115-spidermonkey-60.patch       | 180 -----------
 sys-auth/polkit/polkit-0.115-r4.ebuild             | 144 ---------
 4 files changed, 664 deletions(-)

diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 22da4a92e24..c1e90f0d5ca 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,4 +1,3 @@
-DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1 SHA512 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc
 DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5
 DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
 DIST polkit-0.118.tar.gz 1556765 BLAKE2B d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119 SHA512 3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e

diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch b/sys-auth/polkit/files/CVE-2018-19788.patch
deleted file mode 100644
index 97e3608a12b..00000000000
--- a/sys-auth/polkit/files/CVE-2018-19788.patch
+++ /dev/null
@@ -1,339 +0,0 @@
-From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 3 Dec 2018 10:28:58 +0100
-Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group
- objects
-
-(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
-there should be no users with such number, see
-https://systemd.io/UIDS-GIDS#special-linux-uids.
-
-(uid_t) -1 is used as the default value in class initialization.
-
-When a user or group above INT32_MAX is created, the numeric uid or
-gid wraps around to negative when the value is assigned to gint, and
-polkit gets confused. Let's accept such gids, except for -1.
-
-A nicer fix would be to change the underlying type to e.g. uint32 to
-not have negative values. But this cannot be done without breaking the
-API, so likely new functions will have to be added (a
-polkit_unix_user_new variant that takes a unsigned, and the same for
-_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
-require a bigger patch.
-
-Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
----
- src/polkit/polkitunixgroup.c   | 15 +++++++++++----
- src/polkit/polkitunixprocess.c | 12 ++++++++----
- src/polkit/polkitunixuser.c    | 13 ++++++++++---
- 3 files changed, 29 insertions(+), 11 deletions(-)
-
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
-index c57a1aa..309f689 100644
---- a/src/polkit/polkitunixgroup.c
-+++ b/src/polkit/polkitunixgroup.c
-@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
- static void
- polkit_unix_group_init (PolkitUnixGroup *unix_group)
- {
-+  unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
- }
- 
- static void
-@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject      *object,
-                                GParamSpec   *pspec)
- {
-   PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
-+  gint val;
- 
-   switch (prop_id)
-     {
-     case PROP_GID:
--      unix_group->gid = g_value_get_int (value);
-+      val = g_value_get_int (value);
-+      g_return_if_fail (val != -1);
-+      unix_group->gid = val;
-       break;
- 
-     default:
-@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
-                                    g_param_spec_int ("gid",
-                                                      "Group ID",
-                                                      "The UNIX group ID",
--                                                     0,
-+                                                     G_MININT,
-                                                      G_MAXINT,
--                                                     0,
-+                                                     -1,
-                                                      G_PARAM_CONSTRUCT |
-                                                      G_PARAM_READWRITE |
-                                                      G_PARAM_STATIC_NAME |
-@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
-  */
- void
- polkit_unix_group_set_gid (PolkitUnixGroup *group,
--                          gint gid)
-+                           gint gid)
- {
-   g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
-+  g_return_if_fail (gid != -1);
-   group->gid = gid;
- }
- 
-@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
- PolkitIdentity *
- polkit_unix_group_new (gint gid)
- {
-+  g_return_val_if_fail (gid != -1, NULL);
-+
-   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
-                                        "gid", gid,
-                                        NULL));
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index 972b777..b02b258 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject      *object,
-       polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
-       break;
- 
--    case PROP_UID:
--      polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
-+    case PROP_UID: {
-+      gint val;
-+
-+      val = g_value_get_int (value);
-+      g_return_if_fail (val != -1);
-+      polkit_unix_process_set_uid (unix_process, val);
-       break;
-+    }
- 
-     case PROP_START_TIME:
-       polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
-@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
-                                    g_param_spec_int ("uid",
-                                                      "User ID",
-                                                      "The UNIX user ID",
--                                                     -1,
-+                                                     G_MININT,
-                                                      G_MAXINT,
-                                                      -1,
-                                                      G_PARAM_CONSTRUCT |
-@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
-                              gint               uid)
- {
-   g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
--  g_return_if_fail (uid >= -1);
-   process->uid = uid;
- }
- 
-diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
-index 8bfd3a1..234a697 100644
---- a/src/polkit/polkitunixuser.c
-+++ b/src/polkit/polkitunixuser.c
-@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
- static void
- polkit_unix_user_init (PolkitUnixUser *unix_user)
- {
-+  unix_user->uid = -1;  /* (uid_t) -1 is not a valid UID under Linux */
-   unix_user->name = NULL;
- }
- 
-@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject      *object,
-                                GParamSpec   *pspec)
- {
-   PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
-+  gint val;
- 
-   switch (prop_id)
-     {
-     case PROP_UID:
--      unix_user->uid = g_value_get_int (value);
-+      val = g_value_get_int (value);
-+      g_return_if_fail (val != -1);
-+      unix_user->uid = val;
-       break;
- 
-     default:
-@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
-                                    g_param_spec_int ("uid",
-                                                      "User ID",
-                                                      "The UNIX user ID",
--                                                     0,
-+                                                     G_MININT,
-                                                      G_MAXINT,
--                                                     0,
-+                                                     -1,
-                                                      G_PARAM_CONSTRUCT |
-                                                      G_PARAM_READWRITE |
-                                                      G_PARAM_STATIC_NAME |
-@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
-                           gint uid)
- {
-   g_return_if_fail (POLKIT_IS_UNIX_USER (user));
-+  g_return_if_fail (uid != -1);
-   user->uid = uid;
- }
- 
-@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
- PolkitIdentity *
- polkit_unix_user_new (gint uid)
- {
-+  g_return_val_if_fail (uid != -1, NULL);
-+
-   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
-                                         "uid", uid,
-                                         NULL));
--- 
-2.18.1
-
-
-From b534a10727455409acd54018a9c91000e7626126 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 3 Dec 2018 11:20:34 +0100
-Subject: [PATCH 2/2] tests: add tests for high uids
-
----
- test/data/etc/group                           |  1 +
- test/data/etc/passwd                          |  2 +
- .../etc/polkit-1/rules.d/10-testing.rules     | 21 ++++++
- .../test-polkitbackendjsauthority.c           | 72 +++++++++++++++++++
- 4 files changed, 96 insertions(+)
-
-diff --git a/test/data/etc/group b/test/data/etc/group
-index 12ef328..b9acab9 100644
---- a/test/data/etc/group
-+++ b/test/data/etc/group
-@@ -5,3 +5,4 @@ john:x:500:
- jane:x:501:
- sally:x:502:
- henry:x:503:
-+highuid2:x:4000000000:
-diff --git a/test/data/etc/passwd b/test/data/etc/passwd
-index 8544feb..5cf14a5 100644
---- a/test/data/etc/passwd
-+++ b/test/data/etc/passwd
-@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
- jane:x:501:501:Jane Smith:/home/jane:/bin/bash
- sally:x:502:502:Sally Derp:/home/sally:/bin/bash
- henry:x:503:503:Henry Herp:/home/henry:/bin/bash
-+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
-+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
-diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
-index 446e622..98bf062 100644
---- a/test/data/etc/polkit-1/rules.d/10-testing.rules
-+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
-@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
-     }
- });
- 
-+polkit.addRule(function(action, subject) {
-+    if (action.id == "net.company.john_action") {
-+        if (subject.user == "john") {
-+            return polkit.Result.YES;
-+        } else {
-+            return polkit.Result.NO;
-+        }
-+    }
-+});
-+
-+polkit.addRule(function(action, subject) {
-+    if (action.id == "net.company.highuid2_action") {
-+        if (subject.user == "highuid2") {
-+            return polkit.Result.YES;
-+        } else {
-+            return polkit.Result.NO;
-+        }
-+    }
-+});
-+
-+
- // ---------------------------------------------------------------------
- // variables
- 
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index b484a26..71aad23 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
-     NULL,
-     POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
-   },
-+
-+  {
-+    /* highuid1 is not a member of group 'users', see test/data/etc/group */
-+    "group_membership_with_non_member(highuid22)",
-+    "net.company.group.only_group_users",
-+    "unix-user:highuid2",
-+    NULL,
-+    POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+  },
-+
-+  {
-+    /* highuid2 is not a member of group 'users', see test/data/etc/group */
-+    "group_membership_with_non_member(highuid21)",
-+    "net.company.group.only_group_users",
-+    "unix-user:highuid2",
-+    NULL,
-+    POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+  },
-+
-+  {
-+    /* highuid1 is not a member of group 'users', see test/data/etc/group */
-+    "group_membership_with_non_member(highuid24)",
-+    "net.company.group.only_group_users",
-+    "unix-user:2147483648",
-+    NULL,
-+    POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+  },
-+
-+  {
-+    /* highuid2 is not a member of group 'users', see test/data/etc/group */
-+    "group_membership_with_non_member(highuid23)",
-+    "net.company.group.only_group_users",
-+    "unix-user:4000000000",
-+    NULL,
-+    POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+  },
-+
-+  {
-+    /* john is authorized to do this, see 10-testing.rules */
-+    "john_action",
-+    "net.company.john_action",
-+    "unix-user:john",
-+    NULL,
-+    POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
-+  },
-+
-+  {
-+    /* only john is authorized to do this, see 10-testing.rules */
-+    "jane_action",
-+    "net.company.john_action",
-+    "unix-user:jane",
-+    NULL,
-+    POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+  },
-+
-+  {
-+    /* highuid2 is authorized to do this, see 10-testing.rules */
-+    "highuid2_action",
-+    "net.company.highuid2_action",
-+    "unix-user:highuid2",
-+    NULL,
-+    POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
-+  },
-+
-+  {
-+    /* only highuid2 is authorized to do this, see 10-testing.rules */
-+    "highuid1_action",
-+    "net.company.highuid2_action",
-+    "unix-user:highuid1",
-+    NULL,
-+    POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
-+  },
- };
- 
- /* ---------------------------------------------------------------------------------------------------- */
--- 
-2.18.1
-

diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
deleted file mode 100644
index 8a4510ad205..00000000000
--- a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001
-From: Emmanuele Bassi <ebassi@gnome.org>
-Date: Fri, 31 Aug 2018 13:32:16 +0100
-Subject: [PATCH] Depend on mozjs-60
-
-This is the new ESR version of the Mozilla JS engine, superceding
-mozjs-52.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5c37e48..5cedb4e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
- AC_SUBST(GLIB_CFLAGS)
- AC_SUBST(GLIB_LIBS)
- 
--PKG_CHECK_MODULES(LIBJS, [mozjs-52])
-+PKG_CHECK_MODULES(LIBJS, [mozjs-60])
- 
- AC_SUBST(LIBJS_CFLAGS)
- AC_SUBST(LIBJS_CXXFLAGS)
-
-
-From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001
-From: Emmanuele Bassi <ebassi@gnome.org>
-Date: Fri, 31 Aug 2018 13:33:20 +0100
-Subject: [PATCH] Port the JS authority to mozjs-60
-
-API changes in mozjs that need to be reflected in the JS authority:
-
- - the JS::CompileOptions constructor and the JS::CompartmentOptions
-   do not allow setting a JS version any more
-
- - do not use NULL comparisons for C++ objects
-
- - the resize() method for a vector has a return value that needs
-   to be handled
-
- - JSClassOps has different fields
----
- .../polkitbackendjsauthority.cpp              | 65 +++++++++----------
- 1 file changed, 32 insertions(+), 33 deletions(-)
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 7602714..984a0f0 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
- /* ---------------------------------------------------------------------------------------------------- */
- 
- static const struct JSClassOps js_global_class_ops = {
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL
-+  nullptr,  // addProperty
-+  nullptr,  // deleteProperty
-+  nullptr,  // enumerate
-+  nullptr,  // newEnumerate
-+  nullptr,  // resolve
-+  nullptr,  // mayResolve
-+  nullptr,  // finalize
-+  nullptr,  // call
-+  nullptr,  // hasInstance
-+  nullptr,  // construct
-+  JS_GlobalObjectTraceHook
- };
- 
- static JSClass js_global_class = {
-@@ -172,18 +171,17 @@ static JSClass js_global_class = {
- 
- /* ---------------------------------------------------------------------------------------------------- */
- static const struct JSClassOps js_polkit_class_ops = {
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL,
--  NULL
-+  nullptr,  // addProperty
-+  nullptr,  // deleteProperty
-+  nullptr,  // enumerate
-+  nullptr,  // newEnumerate
-+  nullptr,  // resolve
-+  nullptr,  // mayResolve
-+  nullptr,  // finalize
-+  nullptr,  // call
-+  nullptr,  // hasInstance
-+  nullptr,  // construct
-+  nullptr   // trace
- };
- 
- static JSClass js_polkit_class = {
-@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
- 
-   {
-     JS::CompartmentOptions compart_opts;
--    compart_opts.behaviors().setVersion(JSVERSION_LATEST);
-+
-     JS::RootedObject global(authority->priv->cx);
- 
-     authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
- 
-     global = authority->priv->js_global->get ();
--
--    if (global == NULL)
-+    if (!global)
-       goto fail;
- 
-     authority->priv->ac = new JSAutoCompartment(authority->priv->cx,  global);
- 
--    if (authority->priv->ac == NULL)
-+    if (!authority->priv->ac)
-       goto fail;
- 
-     if (!JS_InitStandardClasses (authority->priv->cx, global))
-@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
- 
-     polkit = authority->priv->js_polkit->get ();
- 
--    if (polkit == NULL)
-+    if (!polkit)
-       goto fail;
- 
-     if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
-@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
-                              js_polkit_functions))
-       goto fail;
- 
--    JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
-+    JS::CompileOptions options(authority->priv->cx);
-     JS::RootedValue rval(authority->priv->cx);
-     if (!JS::Evaluate (authority->priv->cx,
-                        options,
-@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority  *authority,
-   JS::AutoValueVector elems(authority->priv->cx);
-   guint n;
- 
--  elems.resize(value->len);
-+  if (!elems.resize(value->len))
-+    g_error ("Unable to resize vector");
-+
-   for (n = 0; n < value->len; n++)
-     {
-       const char *c_string = (const char *) g_ptr_array_index(value, n);
-@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority  *authority,
-                   GError                   **error)
- {
-   gboolean ret = FALSE;
--  JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
-+  JS::CompileOptions options(authority->priv->cx);
-   const char *src;
-   JS::RootedObject obj(authority->priv->cx);
-   pid_t pid;
-@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority  *authority,
-                              GError                   **error)
- {
-   gboolean ret = FALSE;
--  JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
-+  JS::CompileOptions options(authority->priv->cx);
-   const char *src;
-   JS::RootedObject obj(authority->priv->cx);
-   gchar **keys;

diff --git a/sys-auth/polkit/polkit-0.115-r4.ebuild b/sys-auth/polkit/polkit-0.115-r4.ebuild
deleted file mode 100644
index 675bff79710..00000000000
--- a/sys-auth/polkit/polkit-0.115-r4.ebuild
+++ /dev/null
@@ -1,144 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam pax-utils systemd user xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
-IUSE="consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test"
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="^^ ( consolekit elogind systemd )"
-
-BDEPEND="
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	dev-util/gtk-doc-am
-	dev-util/intltool
-	sys-devel/gettext
-	virtual/pkgconfig
-	introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
-	dev-lang/spidermonkey:60[-debug]
-	dev-libs/glib:2
-	dev-libs/expat
-	elogind? ( sys-auth/elogind )
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	systemd? ( sys-apps/systemd:0=[policykit] )
-"
-RDEPEND="${DEPEND}
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	consolekit? ( sys-auth/consolekit[policykit] )
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-PATCHES=(
-	# bug 660880
-	"${FILESDIR}"/polkit-0.115-elogind.patch
-	"${FILESDIR}"/CVE-2018-19788.patch
-	"${FILESDIR}"/polkit-0.115-spidermonkey-60.patch
-)
-
-QA_MULTILIB_PATHS="
-	usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd"
-
-pkg_setup() {
-	local u=polkitd
-	local g=polkitd
-	local h=/var/lib/polkit-1
-
-	enewgroup ${g}
-	enewuser ${u} -1 -1 ${h} ${g}
-	esethome ${u} ${h}
-}
-
-src_prepare() {
-	default
-
-	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-
-	# Workaround upstream hack around standard gtk-doc behavior, bug #552170
-	sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
-		-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
-		-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
-		docs/polkit/Makefile.in || die
-
-	# disable broken test - bug #624022
-	sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
-
-	# Fix cross-building, bug #590764, elogind patch, bug #598615
-	eautoreconf
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local myeconfargs=(
-		--localstatedir="${EPREFIX}"/var
-		--disable-static
-		--enable-man-pages
-		--disable-gtk-doc
-		--disable-examples
-		$(use_enable elogind libelogind)
-		$(use_enable introspection)
-		$(use_enable nls)
-		$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
-		--with-authfw=$(usex pam pam shadow)
-		$(use_enable systemd libsystemd-login)
-		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
-		$(use_enable test)
-		--with-os-type=gentoo
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	default
-
-	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
-
-	diropts -m0700 -o polkitd -g polkitd
-	keepdir /var/lib/polkit-1
-
-	if use examples; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
-	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
-}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-01-25 17:26 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-01-25 17:26 UTC (permalink / raw
  To: gentoo-commits

commit:     d0e16d6fb24423388c5acd74e5f0b9856af08f08
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 25 17:25:25 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jan 25 17:25:54 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0e16d6f

sys-auth/polkit: fix CVE-2021-4043

Bug: https://bugs.gentoo.org/832057
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../polkit/files/polkit-0.120-CVE-2021-4043.patch  |  72 +++++++++++++
 sys-auth/polkit/polkit-0.120-r2.ebuild             | 120 +++++++++++++++++++++
 2 files changed, 192 insertions(+)

diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
new file mode 100644
index 000000000000..22bb71d14204
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
@@ -0,0 +1,72 @@
+https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+https://bugs.gentoo.org/832057
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
+
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Tue, 25 Jan 2022 17:21:46 +0000
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
+
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+   local_agent_handle = NULL;
+   ret = 126;
+ 
++  if (argc < 1)
++    {
++      exit(126);
++    }
++
+   /* Disable remote file access from GIO. */
+   setenv ("GIO_USE_VFS", "local", 1);
+ 
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+   pid_t pid_of_caller;
+   gpointer local_agent_handle;
+ 
++
++  /*
++   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++   */
++  if (argc<1)
++    {
++      exit(127);
++    }
++
+   ret = 127;
+   authority = NULL;
+   subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+ 
+       path = g_strdup (pwstruct.pw_shell);
+       if (!path)
+-	{
++        {
+           g_printerr ("No shell configured or error retrieving pw_shell\n");
+           goto out;
+-	}
++        }
+       /* If you change this, be sure to change the if (!command_line)
+ 	 case below too */
+       command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+           goto out;
+         }
+       g_free (path);
+-      argv[n] = path = s;
++      path = s;
++
++      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++       */
++      if (argv[n] != NULL)
++      {
++        argv[n] = path;
++      }
+     }
+   if (access (path, F_OK) != 0)
+     {
+GitLab

diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild
new file mode 100644
index 000000000000..6af327e19f2f
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc64 ~riscv ~s390 ~x86"
+IUSE="examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+#   https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+	acct-user/polkitd
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/glib
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/glib-utils
+	sys-devel/gettext
+	virtual/pkgconfig
+	introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+	dev-lang/spidermonkey:78[-debug]
+	dev-libs/glib:2
+	dev-libs/expat
+	pam? (
+		sys-auth/pambase
+		sys-libs/pam
+	)
+	!pam? ( virtual/libcrypt:= )
+	systemd? ( sys-apps/systemd:0=[policykit] )
+	!systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+	acct-user/polkitd
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/polkit-0.120-meson.patch"
+		"${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+	)
+	default
+
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local emesonargs=(
+		--localstatedir="${EPREFIX}"/var
+		-Dauthfw="$(usex pam pam shadow)"
+		-Dexamples=false
+		-Dgtk_doc=false
+		-Dman=true
+		-Dos_type=gentoo
+		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+		$(meson_use introspection)
+		$(meson_use test tests)
+		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+	)
+	meson_src_configure
+}
+
+src_compile() {
+	meson_src_compile
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	meson_src_install
+
+	if use examples ; then
+		docinto examples
+		dodoc src/examples/{*.c,*.policy*}
+	fi
+
+	diropts -m 0700 -o polkitd
+	keepdir /usr/share/polkit-1/rules.d
+
+	# meson does not install required files with SUID bit. See
+	#  https://bugs.gentoo.org/816393
+	# Remove the following lines once this has been fixed by upstream
+	fperms u+s /usr/bin/pkexec
+	fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
+}
+
+pkg_postinst() {
+	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-01-26  0:51 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-01-26  0:51 UTC (permalink / raw
  To: gentoo-commits

commit:     77e50819c7c7c22dee5ee6b2e7538b3cfff789af
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 26 00:50:34 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 26 00:51:00 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77e50819

sys-auth/polkit: backport CVE-2021-3560, CVE-2021-4043 patches to 0.117

Needed for non-Rust arches like sparc.

(Most users are on 0.120 and already fixed in previous commits.)

Bug: https://bugs.gentoo.org/794052
Bug: https://bugs.gentoo.org/832057
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../polkit/files/polkit-0.117-CVE-2021-3560.patch  |  29 +++++
 sys-auth/polkit/polkit-0.117-r3.ebuild             | 136 +++++++++++++++++++++
 2 files changed, 165 insertions(+)

diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
new file mode 100644
index 000000000000..9c3ce20cf574
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
@@ -0,0 +1,29 @@
+https://bugs.gentoo.org/794052
+
+From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Wed, 2 Jun 2021 15:43:38 +0200
+Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
+
+initial values returned if error caught
+---
+ src/polkit/polkitsystembusname.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
+index 8daa12c..8ed1363 100644
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
+   while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+     g_main_context_iteration (tmp_context, TRUE);
+ 
++  if (data.caught_error)
++    goto out;
++
+   if (out_uid)
+     *out_uid = data.uid;
+   if (out_pid)
+-- 
+GitLab
+

diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild
new file mode 100644
index 000000000000..6dab5cf577c0
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.117-r3.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( elogind systemd )"
+
+BDEPEND="
+	acct-user/polkitd
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/glib
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/glib-utils
+	dev-util/gtk-doc-am
+	dev-util/intltool
+	sys-devel/gettext
+	virtual/pkgconfig
+	introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+	dev-lang/spidermonkey:68[-debug]
+	dev-libs/glib:2
+	dev-libs/expat
+	elogind? ( sys-auth/elogind )
+	pam? (
+		sys-auth/pambase
+		sys-libs/pam
+	)
+	!pam? ( virtual/libcrypt:= )
+	systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+	acct-user/polkitd
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+	# bug 660880
+	"${FILESDIR}"/polkit-0.115-elogind.patch
+
+	"${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
+	"${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch
+)
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+	default
+
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+
+	# Workaround upstream hack around standard gtk-doc behavior, bug #552170
+	sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+		-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
+		-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+		docs/polkit/Makefile.in || die
+
+	# disable broken test - bug #624022
+	sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+	# Fix cross-building, bug #590764, elogind patch, bug #598615
+	eautoreconf
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}"/var
+		--disable-static
+		--enable-man-pages
+		--disable-gtk-doc
+		--disable-examples
+		$(use_enable elogind libelogind)
+		$(use_enable introspection)
+		$(use_enable nls)
+		$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
+		--with-authfw=$(usex pam pam shadow)
+		$(use_enable systemd libsystemd-login)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+		$(use_enable test)
+		--with-os-type=gentoo
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	default
+
+	if use examples; then
+		docinto examples
+		dodoc src/examples/{*.c,*.policy*}
+	fi
+
+	diropts -m 0700 -o polkitd
+	keepdir /usr/share/polkit-1/rules.d
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-01-27 19:50 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-01-27 19:50 UTC (permalink / raw
  To: gentoo-commits

commit:     943593956c04c5c2b1f1c679d5b3f36428d1173a
Author:     Mathieu Tortuyaux <mtortuyaux <AT> microsoft <DOT> com>
AuthorDate: Thu Jan 27 09:31:48 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jan 27 19:50:27 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94359395

sys-auth/polkit: fix CVE id

Nit-pick to avoid confusion.

Bug: https://bugs.gentoo.org/832057
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Mathieu Tortuyaux <mtortuyaux <AT> microsoft.com>
Closes: https://github.com/gentoo/gentoo/pull/23980
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...olkit-0.120-CVE-2021-4043.patch => polkit-0.120-CVE-2021-4034.patch} | 0
 sys-auth/polkit/polkit-0.117-r3.ebuild                                  | 2 +-
 sys-auth/polkit/polkit-0.120-r2.ebuild                                  | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
similarity index 100%
rename from sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
rename to sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch

diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild
index a486ee25b894..33e09e40e512 100644
--- a/sys-auth/polkit/polkit-0.117-r3.ebuild
+++ b/sys-auth/polkit/polkit-0.117-r3.ebuild
@@ -62,7 +62,7 @@ PATCHES=(
 	"${FILESDIR}"/polkit-0.115-elogind.patch
 
 	"${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
-	"${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch
+	"${FILESDIR}"/polkit-0.120-CVE-2021-4034.patch
 )
 
 QA_MULTILIB_PATHS="

diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild
index 4d864ecfd564..952906f5d88e 100644
--- a/sys-auth/polkit/polkit-0.120-r2.ebuild
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -63,7 +63,7 @@ QA_MULTILIB_PATHS="
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/polkit-0.120-meson.patch"
-		"${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+		"${FILESDIR}/polkit-0.120-CVE-2021-4034.patch"
 	)
 	default
 


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-02-20  0:43 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-02-20  0:43 UTC (permalink / raw
  To: gentoo-commits

commit:     cca21561571e00e88f434ad94a9cde6851fab244
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 20 00:42:58 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 20 00:42:58 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cca21561

sys-auth/polkit: add musl patch to 0.120_p20220127

Pulled in from ::musl.

Closes: https://bugs.gentoo.org/833753
Bug: https://bugs.gentoo.org/561672
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...lkit-0.118-make-netgroup-support-optional.patch | 228 +++++++++++++++++++++
 sys-auth/polkit/polkit-0.120_p20220127.ebuild      |   3 +
 2 files changed, 231 insertions(+)

diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
new file mode 100644
index 000000000000..b11250fd3992
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
@@ -0,0 +1,228 @@
+Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
+
+https://bugs.gentoo.org/833753
+https://bugs.gentoo.org/561672
+https://bugs.freedesktop.org/show_bug.cgi?id=50145
+https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
+
+Patch has been rebased a bit since but keeping original headers.
+
+From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 11 Jul 2018 04:54:26 -0500
+Subject: [PATCH] make netgroup support optional
+
+On at least Linux/musl and Linux/uclibc, netgroup support is not
+available.  PolKit fails to compile on these systems for that reason.
+
+This change makes netgroup support conditional on the presence of the
+setnetgrent(3) function which is required for the support to work.  If
+that function is not available on the system, an error will be returned
+to the administrator if unix-netgroup: is specified in configuration.
+
+Fixes bug 50145.
+
+Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
+--- a/configure.ac
++++ b/configure.ac
+@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+ 
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+ 
+ if test "x$GCC" = "xyes"; then
+   LDFLAGS="-Wl,--as-needed $LDFLAGS"
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
+     }
+   else if (g_str_has_prefix (str, "unix-netgroup:"))
+     {
++#ifndef HAVE_SETNETGRENT
++      g_set_error (error,
++                   POLKIT_ERROR,
++                   POLKIT_ERROR_FAILED,
++                   "Netgroups are not available on this machine ('%s')",
++                   str);
++#else
+       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+     }
+ 
+   if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
+       GVariant *v;
+       const char *name;
+ 
++#ifndef HAVE_SETNETGRENT
++      g_set_error (error,
++                   POLKIT_ERROR,
++                   POLKIT_ERROR_FAILED,
++                   "Netgroups are not available on this machine");
++      goto out;
++#else
++
+       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+       if (v == NULL)
+         {
+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
+       name = g_variant_get_string (v, NULL);
+       ret = polkit_unix_netgroup_new (name);
+       g_variant_unref (v);
++#endif
+     }
+   else
+     {
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++  g_assert_not_reached();
++#endif
+   g_return_val_if_fail (name != NULL, NULL);
+   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+                                        "name", name,
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
+   GList *ret;
+ 
+   ret = NULL;
++#ifdef HAVE_SETNETGRENT
+   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+ 
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+   if (setnetgrent (name) == 0)
+     {
+       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+       goto out;
+     }
+-#else
++# else
+   setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+ 
+   for (;;)
+     {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+       const char *hostname, *username, *domainname;
+-#else
++# else
+       char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
+       PolkitIdentity *user;
+       GError *error = NULL;
+ 
+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
+ 
+  out:
+   endnetgrent ();
++#endif /* HAVE_SETNETGRENT */
+   return ret;
+ }
+ 
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+ 
+   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+ 
++#ifdef HAVE_SETNETGRENT
+   JS::RootedString usrstr (authority->priv->cx);
+   usrstr = args[0].toString();
+   user = JS_EncodeStringToUTF8 (cx, usrstr);
+@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
+     {
+       is_in_netgroup =  true;
+     }
++#endif
+ 
+   ret = true;
+ 
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -19,6 +19,7 @@
+  * Author: Nikki VonHollen <vonhollen@google.com>
+  */
+ 
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+   {"unix-group:root", "unix-group:jane", FALSE},
+   {"unix-group:jane", "unix-group:jane", TRUE},
+ 
++#ifdef HAVE_SETNETGRENT
+   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+ 
+   {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+   {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+ 
+   {NULL},
+ };
+@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+ 
++#ifdef HAVE_SETNETGRENT
+   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++#endif
+ 
+   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+-  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+ 
+   add_comparison_tests ();
+ 
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -19,6 +19,7 @@
+  * Author: Nikki VonHollen <vonhollen@google.com>
+  */
+ 
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <string.h>
+@@ -69,7 +70,9 @@ int
+ main (int argc, char *argv[])
+ {
+   g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+   return g_test_run ();
+ }
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+         "unix-group:users"
+       }
+     },
++#ifdef HAVE_SETNETGRENT
+     {
+       "net.company.action3",
+       {
+         "unix-netgroup:foo"
+       }
+     },
++#endif
+   };
+   guint n;
+ 

diff --git a/sys-auth/polkit/polkit-0.120_p20220127.ebuild b/sys-auth/polkit/polkit-0.120_p20220127.ebuild
index c92d740a4cb2..5a56448ed7cb 100644
--- a/sys-auth/polkit/polkit-0.120_p20220127.ebuild
+++ b/sys-auth/polkit/polkit-0.120_p20220127.ebuild
@@ -69,6 +69,9 @@ QA_MULTILIB_PATHS="
 
 src_prepare() {
 	local PATCHES=(
+		# musl
+		"${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+		# Pending upstream
 		"${FILESDIR}"/${PN}-0.120-meson.patch
 	)
 


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-02-22  6:12 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-02-22  6:12 UTC (permalink / raw
  To: gentoo-commits

commit:     ef7e6d556aac8790982a70acbd5d40130faa2346
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 22 06:11:04 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb 22 06:12:35 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef7e6d55

sys-auth/polkit: patch CVE-2021-4115

- Add as patch to 0.120-r3 (new) to be immediately stabilised
- Additionally bump to 0.120_p20220221 (only difference from
  last snapshot is a test timeout fix + this CVE-2021-4115 patch)
  but we'll hold off on stabling that given we only added the previous
  snapshot a few days ago.

Bug: https://bugs.gentoo.org/833574
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-auth/polkit/Manifest                           |   1 +
 .../polkit/files/polkit-0.120-CVE-2021-4115.patch  |  78 +++++++++++++
 sys-auth/polkit/polkit-0.120-r3.ebuild             | 123 ++++++++++++++++++++
 sys-auth/polkit/polkit-0.120_p20220221.ebuild      | 126 +++++++++++++++++++++
 4 files changed, 328 insertions(+)

diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 8ff4f745515e..754b065bc059 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1,4 @@
 DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
 DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
 DIST polkit-0.120_p20220127.tar.bz2 733965 BLAKE2B 839a66799df870c36ea3788f68aea355ab99cf8aa0227ee633ee1155822663ce4671de4e9b041274345c1f62fbdf0405754ed1f3c7cf2a8855974854dc126e55 SHA512 67f2c1c7cd69767d578ccba2b94398eb6fcb348a77a4092c3517895190f095caee95ed491c8cff2827e287f4541cf83fefbefca1a0099d7e52bee6f825bbbd4f
+DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f

diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
new file mode 100644
index 000000000000..a82ce25cae03
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
@@ -0,0 +1,78 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
+https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
+https://bugs.gentoo.org/833574
+
+From: Jan Rybar <jrybar@redhat.com>
+Date: Mon, 21 Feb 2022 08:29:05 +0000
+Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix
+
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -62,6 +62,10 @@ enum
+   PROP_NAME,
+ };
+ 
++
++guint8 dbus_call_respond_fails;      // has to be global because of callback
++
++
+ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+ 
+ G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
+@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject              *src,
+   if (!v)
+     {
+       data->caught_error = TRUE;
++      dbus_call_respond_fails += 1;
+     }
+   else
+     {
+@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
+   tmp_context = g_main_context_new ();
+   g_main_context_push_thread_default (tmp_context);
+ 
++  dbus_call_respond_fails = 0;
++
+   /* Do two async calls as it's basically as fast as one sync call.
+    */
+   g_dbus_connection_call (connection,
+@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
+ 			  on_retrieved_unix_uid_pid,
+ 			  &data);
+ 
+-  while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+-    g_main_context_iteration (tmp_context, TRUE);
++  while (TRUE)
++  {
++    /* If one dbus call returns error, we must wait until the other call
++     * calls _call_finish(), otherwise fd leak is possible.
++     * Resolves: GHSL-2021-077
++    */
+ 
+-  if (data.caught_error)
+-    goto out;
++    if ( (dbus_call_respond_fails > 1) )
++    {
++      // we got two faults, we can leave
++      goto out;
++    }
++
++    if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
++    {
++      // we got one fault and the other call finally finished, we can leave
++      goto out;
++    }
++
++    if ( !(data.retrieved_uid && data.retrieved_pid) )
++    {
++      g_main_context_iteration (tmp_context, TRUE);
++    }
++    else
++    {
++      break;
++    }
++  }
+ 
+   if (out_uid)
+     *out_uid = data.uid;
+GitLab

diff --git a/sys-auth/polkit/polkit-0.120-r3.ebuild b/sys-auth/polkit/polkit-0.120-r3.ebuild
new file mode 100644
index 000000000000..368a79374d83
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120-r3.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc64 ~riscv ~s390 ~x86"
+IUSE="examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+#   https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+	acct-user/polkitd
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/glib
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/glib-utils
+	sys-devel/gettext
+	virtual/pkgconfig
+	introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+	dev-lang/spidermonkey:78[-debug]
+	dev-libs/glib:2
+	dev-libs/expat
+	pam? (
+		sys-auth/pambase
+		sys-libs/pam
+	)
+	!pam? ( virtual/libcrypt:= )
+	systemd? ( sys-apps/systemd:0=[policykit] )
+	!systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+	acct-user/polkitd
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/polkit-0.120-meson.patch"
+		"${FILESDIR}/polkit-0.120-CVE-2021-4034.patch"
+		"${FILESDIR}/polkit-0.120-CVE-2021-4115.patch"
+	)
+
+	default
+
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local emesonargs=(
+		--localstatedir="${EPREFIX}"/var
+		-Dauthfw="$(usex pam pam shadow)"
+		-Dexamples=false
+		-Dgtk_doc=false
+		-Dman=true
+		-Dos_type=gentoo
+		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+		$(meson_use introspection)
+		$(meson_use test tests)
+		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+	)
+	meson_src_configure
+}
+
+src_compile() {
+	meson_src_compile
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	meson_src_install
+
+	if use examples ; then
+		docinto examples
+		dodoc src/examples/{*.c,*.policy*}
+	fi
+
+	diropts -m 0700 -o polkitd
+	keepdir /usr/share/polkit-1/rules.d
+
+	# meson does not install required files with SUID bit. See
+	#  https://bugs.gentoo.org/816393
+	# Remove the following lines once this has been fixed by upstream
+	# (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
+	fperms u+s /usr/bin/pkexec
+	fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
+}
+
+pkg_postinst() {
+	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}

diff --git a/sys-auth/polkit/polkit-0.120_p20220221.ebuild b/sys-auth/polkit/polkit-0.120_p20220221.ebuild
new file mode 100644
index 000000000000..d3980d9768ad
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120_p20220221.ebuild
@@ -0,0 +1,126 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+	MY_COMMIT="b10a1bdb697045db40774f2a9a8c58ae5c7189c3"
+	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+	S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+	SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86"
+IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+#   https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+	acct-user/polkitd
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/glib
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/glib-utils
+	sys-devel/gettext
+	virtual/pkgconfig
+	introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+	dev-libs/glib:2
+	dev-libs/expat
+	duktape? ( dev-lang/duktape:= )
+	!duktape? ( dev-lang/spidermonkey:91[-debug] )
+	pam? (
+		sys-auth/pambase
+		sys-libs/pam
+	)
+	!pam? ( virtual/libcrypt:= )
+	systemd? ( sys-apps/systemd:0=[policykit] )
+	!systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+	acct-user/polkitd
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+	local PATCHES=(
+		# musl
+		"${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+		# Pending upstream
+		"${FILESDIR}"/${PN}-0.120-meson.patch
+	)
+
+	default
+
+	# bug #401513
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local emesonargs=(
+		--localstatedir="${EPREFIX}"/var
+		-Dauthfw="$(usex pam pam shadow)"
+		-Dexamples=false
+		-Dgtk_doc=false
+		-Dman=true
+		-Dos_type=gentoo
+		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+		-Djs_engine=$(usex duktape duktape mozjs)
+		$(meson_use introspection)
+		$(meson_use test tests)
+		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+	)
+	meson_src_configure
+}
+
+src_compile() {
+	meson_src_compile
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	meson_src_install
+
+	if use examples ; then
+		docinto examples
+		dodoc src/examples/{*.c,*.policy*}
+	fi
+
+	diropts -m 0700 -o polkitd
+	keepdir /usr/share/polkit-1/rules.d
+}
+
+pkg_postinst() {
+	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-05-15 22:12 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-05-15 22:12 UTC (permalink / raw
  To: gentoo-commits

commit:     76caeda5c0ae4a7045d321f32ef95e31722434dd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun May 15 05:17:19 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun May 15 22:09:39 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76caeda5

sys-auth/polkit: drop 0.117-r3, 0.120-r3

Bug: https://bugs.gentoo.org/794052
Bug: https://bugs.gentoo.org/833574
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-auth/polkit/Manifest                           |   2 -
 sys-auth/polkit/files/polkit-0.115-elogind.patch   |  28 ---
 .../polkit/files/polkit-0.117-CVE-2021-3560.patch  |  29 ---
 ...lkit-0.118-make-netgroup-support-optional.patch | 248 ---------------------
 .../polkit/files/polkit-0.120-CVE-2021-4034.patch  |  72 ------
 .../polkit/files/polkit-0.120-CVE-2021-4115.patch  |  78 -------
 sys-auth/polkit/metadata.xml                       |   1 -
 sys-auth/polkit/polkit-0.117-r3.ebuild             | 136 -----------
 sys-auth/polkit/polkit-0.120-r3.ebuild             | 123 ----------
 9 files changed, 717 deletions(-)

diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 36f72ccb57f8..1131b5984975 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,4 +1,2 @@
-DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
-DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
 DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
 DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f

diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch
deleted file mode 100644
index 93d672015db4..000000000000
--- a/sys-auth/polkit/files/polkit-0.115-elogind.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
-From: Rasmus Thomsen <cogitri@exherbo.org>
-Date: Wed, 11 Apr 2018 13:14:14 +0200
-Subject: [PATCH] configure: fix elogind support
-
-HAVE_LIBSYSTEMD is used to determine which source files to use.
-We have to check if either have_libsystemd or have_libelogind is
-true, as both of these need the source files which are used when
-HAVE_LIBSYSTEMD is true.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 36df239..da47ecb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
- 
- AC_SUBST(LIBSYSTEMD_CFLAGS)
- AC_SUBST(LIBSYSTEMD_LIBS)
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
- 
- dnl ---------------------------------------------------------------------------
- dnl - systemd unit / service files
--- 
-2.17.0

diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
deleted file mode 100644
index 9c3ce20cf574..000000000000
--- a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-https://bugs.gentoo.org/794052
-
-From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Wed, 2 Jun 2021 15:43:38 +0200
-Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
-
-initial values returned if error caught
----
- src/polkit/polkitsystembusname.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
-index 8daa12c..8ed1363 100644
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
-   while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
-     g_main_context_iteration (tmp_context, TRUE);
- 
-+  if (data.caught_error)
-+    goto out;
-+
-   if (out_uid)
-     *out_uid = data.uid;
-   if (out_pid)
--- 
-GitLab
-

diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
deleted file mode 100644
index 8810e70b7378..000000000000
--- a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
-
-https://bugs.gentoo.org/833753
-https://bugs.gentoo.org/561672
-https://bugs.freedesktop.org/show_bug.cgi?id=50145
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
-
-Patch has been rebased a bit since but keeping original headers.
-
-From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Wed, 11 Jul 2018 04:54:26 -0500
-Subject: [PATCH] make netgroup support optional
-
-On at least Linux/musl and Linux/uclibc, netgroup support is not
-available.  PolKit fails to compile on these systems for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work.  If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
---- a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
- 
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
- 
- if test "x$GCC" = "xyes"; then
-   LDFLAGS="-Wl,--as-needed $LDFLAGS"
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
-     }
-   else if (g_str_has_prefix (str, "unix-netgroup:"))
-     {
-+#ifndef HAVE_SETNETGRENT
-+      g_set_error (error,
-+                   POLKIT_ERROR,
-+                   POLKIT_ERROR_FAILED,
-+                   "Netgroups are not available on this machine ('%s')",
-+                   str);
-+#else
-       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
-     }
- 
-   if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
-       GVariant *v;
-       const char *name;
- 
-+#ifndef HAVE_SETNETGRENT
-+      g_set_error (error,
-+                   POLKIT_ERROR,
-+                   POLKIT_ERROR_FAILED,
-+                   "Netgroups are not available on this machine");
-+      goto out;
-+#else
-+
-       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
-       if (v == NULL)
-         {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
-       name = g_variant_get_string (v, NULL);
-       ret = polkit_unix_netgroup_new (name);
-       g_variant_unref (v);
-+#endif
-     }
-   else
-     {
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+  g_assert_not_reached();
-+#endif
-   g_return_val_if_fail (name != NULL, NULL);
-   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
-                                        "name", name,
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
-   GList *ret;
- 
-   ret = NULL;
-+#ifdef HAVE_SETNETGRENT
-   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
- 
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
-   if (setnetgrent (name) == 0)
-     {
-       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
-       goto out;
-     }
--#else
-+# else
-   setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
- 
-   for (;;)
-     {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-       const char *hostname, *username, *domainname;
--#else
-+# else
-       char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
-       PolkitIdentity *user;
-       GError *error = NULL;
- 
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
- 
-  out:
-   endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
-   return ret;
- }
- 
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
- 
-   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
- 
-+#ifdef HAVE_SETNETGRENT
-   JS::RootedString usrstr (authority->priv->cx);
-   usrstr = args[0].toString();
-   user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
-     {
-       is_in_netgroup =  true;
-     }
-+#endif
- 
-   ret = true;
- 
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
-   {"unix-group:root", "unix-group:jane", FALSE},
-   {"unix-group:jane", "unix-group:jane", TRUE},
- 
-+#ifdef HAVE_SETNETGRENT
-   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
-   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
- 
-   {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
-   {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
- 
-   {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
-   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
-   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
- 
-+#ifdef HAVE_SETNETGRENT
-   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
- 
-   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
-   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
--  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
- 
-   add_comparison_tests ();
- 
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
-   g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
-   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
-   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
-   return g_test_run ();
- }
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
-         "unix-group:users"
-       }
-     },
-+#ifdef HAVE_SETNETGRENT
-     {
-       "net.company.action3",
-       {
-         "unix-netgroup:foo"
-       }
-     },
-+#endif
-   };
-   guint n;
- 
---- a/src/polkitbackend/polkitbackendduktapeauthority.c
-+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
-@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
-
-   user = duk_require_string (cx, 0);
-   netgroup = duk_require_string (cx, 1);
--
-+#ifdef HAVE_SETNETGRENT
-   if (innetgr (netgroup,
-                NULL,  /* host */
-                user,
-@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
-     {
-       is_in_netgroup = TRUE;
-     }
--
-+#endif
-   duk_push_boolean (cx, is_in_netgroup);
-   return 1;
- }

diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
deleted file mode 100644
index 22bb71d14204..000000000000
--- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
-https://bugs.gentoo.org/832057
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
-
-From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Tue, 25 Jan 2022 17:21:46 +0000
-Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
-
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -363,6 +363,11 @@ main (int argc, char *argv[])
-   local_agent_handle = NULL;
-   ret = 126;
- 
-+  if (argc < 1)
-+    {
-+      exit(126);
-+    }
-+
-   /* Disable remote file access from GIO. */
-   setenv ("GIO_USE_VFS", "local", 1);
- 
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -488,6 +488,15 @@ main (int argc, char *argv[])
-   pid_t pid_of_caller;
-   gpointer local_agent_handle;
- 
-+
-+  /*
-+   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
-+   */
-+  if (argc<1)
-+    {
-+      exit(127);
-+    }
-+
-   ret = 127;
-   authority = NULL;
-   subject = NULL;
-@@ -614,10 +623,10 @@ main (int argc, char *argv[])
- 
-       path = g_strdup (pwstruct.pw_shell);
-       if (!path)
--	{
-+        {
-           g_printerr ("No shell configured or error retrieving pw_shell\n");
-           goto out;
--	}
-+        }
-       /* If you change this, be sure to change the if (!command_line)
- 	 case below too */
-       command_line = g_strdup (path);
-@@ -636,7 +645,15 @@ main (int argc, char *argv[])
-           goto out;
-         }
-       g_free (path);
--      argv[n] = path = s;
-+      path = s;
-+
-+      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
-+       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
-+       */
-+      if (argv[n] != NULL)
-+      {
-+        argv[n] = path;
-+      }
-     }
-   if (access (path, F_OK) != 0)
-     {
-GitLab

diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
deleted file mode 100644
index a82ce25cae03..000000000000
--- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
-https://bugs.gentoo.org/833574
-
-From: Jan Rybar <jrybar@redhat.com>
-Date: Mon, 21 Feb 2022 08:29:05 +0000
-Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix
-
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -62,6 +62,10 @@ enum
-   PROP_NAME,
- };
- 
-+
-+guint8 dbus_call_respond_fails;      // has to be global because of callback
-+
-+
- static void subject_iface_init (PolkitSubjectIface *subject_iface);
- 
- G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
-@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject              *src,
-   if (!v)
-     {
-       data->caught_error = TRUE;
-+      dbus_call_respond_fails += 1;
-     }
-   else
-     {
-@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
-   tmp_context = g_main_context_new ();
-   g_main_context_push_thread_default (tmp_context);
- 
-+  dbus_call_respond_fails = 0;
-+
-   /* Do two async calls as it's basically as fast as one sync call.
-    */
-   g_dbus_connection_call (connection,
-@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
- 			  on_retrieved_unix_uid_pid,
- 			  &data);
- 
--  while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
--    g_main_context_iteration (tmp_context, TRUE);
-+  while (TRUE)
-+  {
-+    /* If one dbus call returns error, we must wait until the other call
-+     * calls _call_finish(), otherwise fd leak is possible.
-+     * Resolves: GHSL-2021-077
-+    */
- 
--  if (data.caught_error)
--    goto out;
-+    if ( (dbus_call_respond_fails > 1) )
-+    {
-+      // we got two faults, we can leave
-+      goto out;
-+    }
-+
-+    if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
-+    {
-+      // we got one fault and the other call finally finished, we can leave
-+      goto out;
-+    }
-+
-+    if ( !(data.retrieved_uid && data.retrieved_pid) )
-+    {
-+      g_main_context_iteration (tmp_context, TRUE);
-+    }
-+    else
-+    {
-+      break;
-+    }
-+  }
- 
-   if (out_uid)
-     *out_uid = data.uid;
-GitLab

diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index e93e97eb38ac..4e902cca885e 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -6,7 +6,6 @@
 	</maintainer>
 	<use>
 		<flag name="duktape">Use <pkg>dev-lang/duktape</pkg> instead of <pkg>dev-lang/spidermonkey</pkg> as JavaScript engine</flag>
-		<flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag>
 		<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
 	</use>
 </pkgmetadata>

diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild
deleted file mode 100644
index 650af02e7fab..000000000000
--- a/sys-auth/polkit/polkit-0.117-r3.ebuild
+++ /dev/null
@@ -1,136 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ~ppc64 sparc ~x86"
-IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test"
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="^^ ( elogind systemd )"
-
-BDEPEND="
-	acct-user/polkitd
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	dev-libs/glib
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	dev-util/gtk-doc-am
-	dev-util/intltool
-	sys-devel/gettext
-	virtual/pkgconfig
-	introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
-	dev-lang/spidermonkey:68[-debug]
-	dev-libs/glib:2
-	dev-libs/expat
-	elogind? ( sys-auth/elogind )
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	!pam? ( virtual/libcrypt:= )
-	systemd? ( sys-apps/systemd:0=[policykit] )
-"
-RDEPEND="${DEPEND}
-	acct-user/polkitd
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-PATCHES=(
-	# bug 660880
-	"${FILESDIR}"/polkit-0.115-elogind.patch
-
-	"${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
-	"${FILESDIR}"/polkit-0.120-CVE-2021-4034.patch
-)
-
-QA_MULTILIB_PATHS="
-	usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd"
-
-src_prepare() {
-	default
-
-	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-
-	# Workaround upstream hack around standard gtk-doc behavior, bug #552170
-	sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
-		-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
-		-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
-		docs/polkit/Makefile.in || die
-
-	# disable broken test - bug #624022
-	sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
-
-	# Fix cross-building, bug #590764, elogind patch, bug #598615
-	eautoreconf
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local myeconfargs=(
-		--localstatedir="${EPREFIX}"/var
-		--disable-static
-		--enable-man-pages
-		--disable-gtk-doc
-		--disable-examples
-		$(use_enable elogind libelogind)
-		$(use_enable introspection)
-		$(use_enable nls)
-		$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
-		--with-authfw=$(usex pam pam shadow)
-		$(use_enable systemd libsystemd-login)
-		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
-		$(use_enable test)
-		--with-os-type=gentoo
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	default
-
-	if use examples; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	diropts -m 0700 -o polkitd
-	keepdir /usr/share/polkit-1/rules.d
-
-	find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
-	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}

diff --git a/sys-auth/polkit/polkit-0.120-r3.ebuild b/sys-auth/polkit/polkit-0.120-r3.ebuild
deleted file mode 100644
index 8d65989915e6..000000000000
--- a/sys-auth/polkit/polkit-0.120-r3.ebuild
+++ /dev/null
@@ -1,123 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit meson pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~mips ppc64 ~riscv x86"
-IUSE="examples gtk +introspection kde pam selinux systemd test"
-#RESTRICT="!test? ( test )"
-# Tests currently don't work with meson. See
-#   https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-RESTRICT="test"
-
-BDEPEND="
-	acct-user/polkitd
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	dev-libs/glib
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	sys-devel/gettext
-	virtual/pkgconfig
-	introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
-	dev-lang/spidermonkey:78[-debug]
-	dev-libs/glib:2
-	dev-libs/expat
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	!pam? ( virtual/libcrypt:= )
-	systemd? ( sys-apps/systemd:0=[policykit] )
-	!systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
-	acct-user/polkitd
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-QA_MULTILIB_PATHS="
-	usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd"
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/polkit-0.120-meson.patch"
-		"${FILESDIR}/polkit-0.120-CVE-2021-4034.patch"
-		"${FILESDIR}/polkit-0.120-CVE-2021-4115.patch"
-	)
-
-	default
-
-	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local emesonargs=(
-		--localstatedir="${EPREFIX}"/var
-		-Dauthfw="$(usex pam pam shadow)"
-		-Dexamples=false
-		-Dgtk_doc=false
-		-Dman=true
-		-Dos_type=gentoo
-		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-		$(meson_use introspection)
-		$(meson_use test tests)
-		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
-	)
-	meson_src_configure
-}
-
-src_compile() {
-	meson_src_compile
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	meson_src_install
-
-	if use examples ; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	diropts -m 0700 -o polkitd
-	keepdir /usr/share/polkit-1/rules.d
-
-	# meson does not install required files with SUID bit. See
-	#  https://bugs.gentoo.org/816393
-	# Remove the following lines once this has been fixed by upstream
-	# (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
-	fperms u+s /usr/bin/pkexec
-	fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
-}
-
-pkg_postinst() {
-	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2022-10-15 23:51 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2022-10-15 23:51 UTC (permalink / raw
  To: gentoo-commits

commit:     a44b0d4acf34b4a5bbd33c642b674dafe5a42aec
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 15 23:51:03 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Oct 15 23:51:03 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a44b0d4a

sys-auth/polkit: drop versions

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-auth/polkit/Manifest                           |   2 -
 ...lkit-0.118-make-netgroup-support-optional.patch | 248 ---------------------
 sys-auth/polkit/files/polkit-0.120-meson.patch     |  42 ----
 .../files/polkit-0.120_p20220221-pkexec-suid.patch |  67 ------
 sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild   | 129 -----------
 sys-auth/polkit/polkit-0.120_p20220221.ebuild      | 126 -----------
 sys-auth/polkit/polkit-0.120_p20220509.ebuild      | 146 ------------
 7 files changed, 760 deletions(-)

diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index e635b78c0256..9f7fb1747d8e 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1 @@
-DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
-DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f
 DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624

diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
deleted file mode 100644
index 8810e70b7378..000000000000
--- a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
-
-https://bugs.gentoo.org/833753
-https://bugs.gentoo.org/561672
-https://bugs.freedesktop.org/show_bug.cgi?id=50145
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
-
-Patch has been rebased a bit since but keeping original headers.
-
-From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Wed, 11 Jul 2018 04:54:26 -0500
-Subject: [PATCH] make netgroup support optional
-
-On at least Linux/musl and Linux/uclibc, netgroup support is not
-available.  PolKit fails to compile on these systems for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work.  If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
---- a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
- 
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
- 
- if test "x$GCC" = "xyes"; then
-   LDFLAGS="-Wl,--as-needed $LDFLAGS"
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
-     }
-   else if (g_str_has_prefix (str, "unix-netgroup:"))
-     {
-+#ifndef HAVE_SETNETGRENT
-+      g_set_error (error,
-+                   POLKIT_ERROR,
-+                   POLKIT_ERROR_FAILED,
-+                   "Netgroups are not available on this machine ('%s')",
-+                   str);
-+#else
-       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
-     }
- 
-   if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
-       GVariant *v;
-       const char *name;
- 
-+#ifndef HAVE_SETNETGRENT
-+      g_set_error (error,
-+                   POLKIT_ERROR,
-+                   POLKIT_ERROR_FAILED,
-+                   "Netgroups are not available on this machine");
-+      goto out;
-+#else
-+
-       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
-       if (v == NULL)
-         {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
-       name = g_variant_get_string (v, NULL);
-       ret = polkit_unix_netgroup_new (name);
-       g_variant_unref (v);
-+#endif
-     }
-   else
-     {
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+  g_assert_not_reached();
-+#endif
-   g_return_val_if_fail (name != NULL, NULL);
-   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
-                                        "name", name,
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
-   GList *ret;
- 
-   ret = NULL;
-+#ifdef HAVE_SETNETGRENT
-   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
- 
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
-   if (setnetgrent (name) == 0)
-     {
-       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
-       goto out;
-     }
--#else
-+# else
-   setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
- 
-   for (;;)
-     {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-       const char *hostname, *username, *domainname;
--#else
-+# else
-       char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
-       PolkitIdentity *user;
-       GError *error = NULL;
- 
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
- 
-  out:
-   endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
-   return ret;
- }
- 
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
- 
-   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
- 
-+#ifdef HAVE_SETNETGRENT
-   JS::RootedString usrstr (authority->priv->cx);
-   usrstr = args[0].toString();
-   user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
-     {
-       is_in_netgroup =  true;
-     }
-+#endif
- 
-   ret = true;
- 
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
-   {"unix-group:root", "unix-group:jane", FALSE},
-   {"unix-group:jane", "unix-group:jane", TRUE},
- 
-+#ifdef HAVE_SETNETGRENT
-   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
-   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
- 
-   {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
-   {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
- 
-   {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
-   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
-   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
- 
-+#ifdef HAVE_SETNETGRENT
-   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
- 
-   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
-   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
--  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
- 
-   add_comparison_tests ();
- 
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
-   g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
-   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
-   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
-   return g_test_run ();
- }
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
-         "unix-group:users"
-       }
-     },
-+#ifdef HAVE_SETNETGRENT
-     {
-       "net.company.action3",
-       {
-         "unix-netgroup:foo"
-       }
-     },
-+#endif
-   };
-   guint n;
- 
---- a/src/polkitbackend/polkitbackendduktapeauthority.c
-+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
-@@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
-
-   user = duk_require_string (cx, 0);
-   netgroup = duk_require_string (cx, 1);
--
-+#ifdef HAVE_SETNETGRENT
-   if (innetgr (netgroup,
-                NULL,  /* host */
-                user,
-@@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
-     {
-       is_in_netgroup = TRUE;
-     }
--
-+#endif
-   duk_push_boolean (cx, is_in_netgroup);
-   return 1;
- }

diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch
deleted file mode 100644
index 5e144688d374..000000000000
--- a/sys-auth/polkit/files/polkit-0.120-meson.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001
-From: Simon McVittie <smcv@debian.org>
-Date: Mon, 25 Oct 2021 20:21:27 +0100
-Subject: [PATCH] Don't pass positional parameters to i18n.merge_file
-
-These were always ignored, and Meson 0.60.0 disallowed them.
-
-Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160
-Reference: https://github.com/mesonbuild/meson/pull/9445
-Signed-off-by: Simon McVittie <smcv@debian.org>
----
- actions/meson.build      | 1 -
- src/examples/meson.build | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/actions/meson.build b/actions/meson.build
-index 2abaaf3..1e3f370 100644
---- a/actions/meson.build
-+++ b/actions/meson.build
-@@ -1,7 +1,6 @@
- policy = 'org.freedesktop.policykit.policy'
- 
- i18n.merge_file(
--  policy,
-   input: policy + '.in',
-   output: '@BASENAME@',
-   po_dir: po_dir,
-diff --git a/src/examples/meson.build b/src/examples/meson.build
-index c6305ab..8c18de5 100644
---- a/src/examples/meson.build
-+++ b/src/examples/meson.build
-@@ -1,7 +1,6 @@
- policy = 'org.freedesktop.policykit.examples.pkexec.policy'
- 
- i18n.merge_file(
--  policy,
-   input: policy + '.in',
-   output: '@BASENAME@',
-   po_dir: po_dir,
--- 
-GitLab
-

diff --git a/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch b/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch
deleted file mode 100644
index 959656b158a1..000000000000
--- a/sys-auth/polkit/files/polkit-0.120_p20220221-pkexec-suid.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-https://gitlab.freedesktop.org/polkit/polkit/-/commit/7d4b52c4d71c46049d87a0775de695ea914f3f1b
-https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/113
-https://bugs.gentoo.org/827884
-
-From: Matt Turner <mattst88@gmail.com>
-Date: Tue, 3 May 2022 12:54:37 +0000
-Subject: [PATCH] pkexec: Allow --version and --help even if not setuid root
-
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -514,27 +514,6 @@ main (int argc, char *argv[])
-   /* Disable remote file access from GIO. */
-   setenv ("GIO_USE_VFS", "local", 1);
- 
--  /* check for correct invocation */
--  if (geteuid () != 0)
--    {
--      g_printerr ("pkexec must be setuid root\n");
--      goto out;
--    }
--
--  original_user_name = g_strdup (g_get_user_name ());
--  if (original_user_name == NULL)
--    {
--      g_printerr ("Error getting user name.\n");
--      goto out;
--    }
--
--  if ((original_cwd = g_get_current_dir ()) == NULL)
--    {
--      g_printerr ("Error getting cwd: %s\n",
--                  g_strerror (errno));
--      goto out;
--    }
--
-   /* First process options and find the command-line to invoke. Avoid using fancy library routines
-    * that depend on environtment variables since we haven't cleared the environment just yet.
-    */
-@@ -595,6 +574,27 @@ main (int argc, char *argv[])
-       goto out;
-     }
- 
-+  /* check for correct invocation */
-+  if (geteuid () != 0)
-+    {
-+      g_printerr ("pkexec must be setuid root\n");
-+      goto out;
-+    }
-+
-+  original_user_name = g_strdup (g_get_user_name ());
-+  if (original_user_name == NULL)
-+    {
-+      g_printerr ("Error getting user name.\n");
-+      goto out;
-+    }
-+
-+  if ((original_cwd = g_get_current_dir ()) == NULL)
-+    {
-+      g_printerr ("Error getting cwd: %s\n",
-+                  g_strerror (errno));
-+      goto out;
-+    }
-+
-   if (opt_user == NULL)
-     opt_user = g_strdup ("root");
- 
-GitLab

diff --git a/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild b/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild
deleted file mode 100644
index a1b8221ce450..000000000000
--- a/sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild
+++ /dev/null
@@ -1,129 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit meson pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-if [[ ${PV} == *_p* ]] ; then
-	MY_COMMIT="b10a1bdb697045db40774f2a9a8c58ae5c7189c3"
-	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
-	S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
-	SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
-#RESTRICT="!test? ( test )"
-# Tests currently don't work with meson. See
-#   https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-RESTRICT="test"
-
-BDEPEND="
-	acct-user/polkitd
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	dev-libs/glib
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	sys-devel/gettext
-	virtual/pkgconfig
-	introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
-	dev-libs/glib:2
-	dev-libs/expat
-	duktape? ( dev-lang/duktape:= )
-	!duktape? ( dev-lang/spidermonkey:91[-debug] )
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	!pam? ( virtual/libcrypt:= )
-	systemd? ( sys-apps/systemd:0=[policykit] )
-	!systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
-	acct-user/polkitd
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-QA_MULTILIB_PATHS="
-	usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd"
-
-src_prepare() {
-	local PATCHES=(
-		# musl
-		"${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
-		# In next release
-		"${FILESDIR}"/${P}-pkexec-suid.patch
-
-		# Pending upstream
-		"${FILESDIR}"/${PN}-0.120-meson.patch
-	)
-
-	default
-
-	# bug #401513
-	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local emesonargs=(
-		--localstatedir="${EPREFIX}"/var
-		-Dauthfw="$(usex pam pam shadow)"
-		-Dexamples=false
-		-Dgtk_doc=false
-		-Dman=true
-		-Dos_type=gentoo
-		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-		-Djs_engine=$(usex duktape duktape mozjs)
-		$(meson_use introspection)
-		$(meson_use test tests)
-		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
-	)
-	meson_src_configure
-}
-
-src_compile() {
-	meson_src_compile
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	meson_src_install
-
-	if use examples ; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	diropts -m 0700 -o polkitd
-	keepdir /usr/share/polkit-1/rules.d
-}
-
-pkg_postinst() {
-	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}

diff --git a/sys-auth/polkit/polkit-0.120_p20220221.ebuild b/sys-auth/polkit/polkit-0.120_p20220221.ebuild
deleted file mode 100644
index 5ad724dcf86d..000000000000
--- a/sys-auth/polkit/polkit-0.120_p20220221.ebuild
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit meson pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-if [[ ${PV} == *_p* ]] ; then
-	MY_COMMIT="b10a1bdb697045db40774f2a9a8c58ae5c7189c3"
-	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
-	S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
-	SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
-#RESTRICT="!test? ( test )"
-# Tests currently don't work with meson. See
-#   https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-RESTRICT="test"
-
-BDEPEND="
-	acct-user/polkitd
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	dev-libs/glib
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	sys-devel/gettext
-	virtual/pkgconfig
-	introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
-	dev-libs/glib:2
-	dev-libs/expat
-	duktape? ( dev-lang/duktape:= )
-	!duktape? ( dev-lang/spidermonkey:91[-debug] )
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	!pam? ( virtual/libcrypt:= )
-	systemd? ( sys-apps/systemd:0=[policykit] )
-	!systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
-	acct-user/polkitd
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-QA_MULTILIB_PATHS="
-	usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd"
-
-src_prepare() {
-	local PATCHES=(
-		# musl
-		"${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
-		# Pending upstream
-		"${FILESDIR}"/${PN}-0.120-meson.patch
-	)
-
-	default
-
-	# bug #401513
-	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local emesonargs=(
-		--localstatedir="${EPREFIX}"/var
-		-Dauthfw="$(usex pam pam shadow)"
-		-Dexamples=false
-		-Dgtk_doc=false
-		-Dman=true
-		-Dos_type=gentoo
-		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-		-Djs_engine=$(usex duktape duktape mozjs)
-		$(meson_use introspection)
-		$(meson_use test tests)
-		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
-	)
-	meson_src_configure
-}
-
-src_compile() {
-	meson_src_compile
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	meson_src_install
-
-	if use examples ; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	diropts -m 0700 -o polkitd
-	keepdir /usr/share/polkit-1/rules.d
-}
-
-pkg_postinst() {
-	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}

diff --git a/sys-auth/polkit/polkit-0.120_p20220509.ebuild b/sys-auth/polkit/polkit-0.120_p20220509.ebuild
deleted file mode 100644
index 0fedd4058792..000000000000
--- a/sys-auth/polkit/polkit-0.120_p20220509.ebuild
+++ /dev/null
@@ -1,146 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-inherit meson pam pax-utils python-any-r1 systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-if [[ ${PV} == *_p* ]] ; then
-	# Upstream don't make releases very often. Test snapshots throughly
-	# and review commits, but don't shy away if there's useful stuff there
-	# we want.
-	MY_COMMIT="c5c6b784221b9dc054548c15e94719c4e961a7f2"
-	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
-
-	S="${WORKDIR}"/${PN}-${MY_COMMIT}
-else
-	SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
-fi
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="+duktape examples gtk +introspection kde pam selinux systemd test"
-if [[ ${PV} == *_p* ]] ; then
-	RESTRICT="!test? ( test )"
-else
-	# Tests currently don't work with meson in the dist tarballs. See
-	#  https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-	RESTRICT="test"
-fi
-
-BDEPEND="
-	acct-user/polkitd
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	dev-libs/glib
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	sys-devel/gettext
-	virtual/pkgconfig
-	introspection? ( dev-libs/gobject-introspection )
-	test? (
-		$(python_gen_any_dep '
-			dev-python/dbus-python[${PYTHON_USEDEP}]
-			dev-python/python-dbusmock[${PYTHON_USEDEP}]
-		')
-	)
-"
-DEPEND="
-	dev-libs/glib:2
-	dev-libs/expat
-	duktape? ( dev-lang/duktape:= )
-	!duktape? ( dev-lang/spidermonkey:91[-debug] )
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	!pam? ( virtual/libcrypt:= )
-	systemd? ( sys-apps/systemd:0=[policykit] )
-	!systemd? ( sys-auth/elogind )
-"
-RDEPEND="${DEPEND}
-	acct-user/polkitd
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING.md NEWS.md README.md )
-
-QA_MULTILIB_PATHS="usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd"
-
-python_check_deps() {
-	python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
-	python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
-}
-
-pkg_setup() {
-	use test && python-any-r1_pkg_setup
-}
-
-src_prepare() {
-	local PATCHES=(
-		# musl
-		"${FILESDIR}"/${PN}-0.120_p20220509-make-netgroup-support-optional.patch
-	)
-
-	default
-
-	# bug #401513
-	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local emesonargs=(
-		--localstatedir="${EPREFIX}"/var
-		-Dauthfw="$(usex pam pam shadow)"
-		-Dexamples=false
-		-Dgtk_doc=false
-		-Dman=true
-		-Dos_type=gentoo
-		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
-		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
-		-Djs_engine=$(usex duktape duktape mozjs)
-		$(meson_use introspection)
-		$(meson_use test tests)
-		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
-	)
-	meson_src_configure
-}
-
-src_compile() {
-	meson_src_compile
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	meson_src_install
-
-	if use examples ; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	diropts -m 0700 -o polkitd
-	keepdir /usr/share/polkit-1/rules.d
-}
-
-pkg_postinst() {
-	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2024-01-19  5:39 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-01-19  5:39 UTC (permalink / raw
  To: gentoo-commits

commit:     d2f4032e1407982df7aa87b3e97bb2b7623e511b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 19 05:38:36 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 19 05:39:01 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2f4032e

sys-auth/polkit: add 124

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-auth/polkit/Manifest                       |   1 +
 sys-auth/polkit/files/polkit-124-systemd.patch |  50 ++++++++
 sys-auth/polkit/polkit-124.ebuild              | 161 +++++++++++++++++++++++++
 3 files changed, 212 insertions(+)

diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index f4ec97d2f7df..6827b9281360 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,2 +1,3 @@
 DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26
 DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
+DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc

diff --git a/sys-auth/polkit/files/polkit-124-systemd.patch b/sys-auth/polkit/files/polkit-124-systemd.patch
new file mode 100644
index 000000000000..e9b10e99e5da
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-systemd.patch
@@ -0,0 +1,50 @@
+https://github.com/polkit-org/polkit/pull/417
+
+From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Thu, 18 Jan 2024 15:07:32 +0000
+Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is
+ specified
+
+When 'systemdsystemunitdir' is specified as an option the systemd_dep
+variable is not defined, but the sysusers.d directory lookup uses it,
+causing a build failure:
+
+dh_auto_configure -- \
+	-Dexamples=false \
+	-Dintrospection=true \
+	-Dman=true \
+	-Dsystemdsystemunitdir=/usr/lib/systemd/system \
+	-Dtests=true \
+	-Dgtk_doc=true -Dsession_tracking=libsystemd-login
+	cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login
+The Meson build system
+Version: 1.3.1
+Source dir: /builds/bluca/polkit/debian/output/source_dir
+Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu
+Build type: native build
+Project name: polkit
+Project version: 124
+
+<...>
+
+Run-time dependency libsystemd found: YES 255
+Checking for function "sd_uid_get_display" with dependency libsystemd: YES
+Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES
+../meson.build:222:37: ERROR: Unknown variable "systemd_dep".
+
+Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34
+--- a/meson.build
++++ b/meson.build
+@@ -212,9 +212,9 @@ if enable_logind
+   config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
+ 
+   # systemd unit / service files
++  systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+   systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
+   if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
+-    systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+     # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
+     systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
+   endif
+

diff --git a/sys-auth/polkit/polkit-124.ebuild b/sys-auth/polkit/polkit-124.ebuild
new file mode 100644
index 000000000000..1b576a7af2d7
--- /dev/null
+++ b/sys-auth/polkit/polkit-124.ebuild
@@ -0,0 +1,161 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
+if [[ ${PV} == *_p* ]] ; then
+	# Upstream don't make releases very often. Test snapshots throughly
+	# and review commits, but don't shy away if there's useful stuff there
+	# we want.
+	MY_COMMIT=""
+	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+
+	S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+	SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
+RESTRICT="!test? ( test ) test"
+
+# This seems to be fixed with 121?
+#if [[ ${PV} == *_p* ]] ; then
+#	RESTRICT="!test? ( test )"
+#else
+#	# Tests currently don't work with meson in the dist tarballs. See
+#	#  https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+#	RESTRICT="test"
+#fi
+
+BDEPEND="
+	acct-user/polkitd
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/glib
+	dev-libs/gobject-introspection-common
+	dev-libs/libxslt
+	dev-util/glib-utils
+	sys-devel/gettext
+	virtual/pkgconfig
+	introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
+	test? (
+		$(python_gen_any_dep '
+			dev-python/dbus-python[${PYTHON_USEDEP}]
+			dev-python/python-dbusmock[${PYTHON_USEDEP}]
+		')
+	)
+"
+DEPEND="
+	>=dev-libs/glib-2.32:2
+	dev-libs/expat
+	daemon? (
+		duktape? ( dev-lang/duktape:= )
+		!duktape? ( dev-lang/spidermonkey:115[-debug] )
+	)
+	pam? (
+		sys-auth/pambase
+		sys-libs/pam
+	)
+	!pam? ( virtual/libcrypt:= )
+	systemd? ( sys-apps/systemd:0=[policykit] )
+	!systemd? ( sys-auth/elogind )
+"
+RDEPEND="
+	${DEPEND}
+	acct-user/polkitd
+	selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		>=lxde-base/lxsession-0.5.2
+	) )
+	kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+	usr/lib/polkit-1/polkit-agent-helper-1
+	usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-124-systemd.patch
+)
+
+python_check_deps() {
+	python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+	python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# bug #401513
+	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+	xdg_environment_reset
+
+	local emesonargs=(
+		--localstatedir="${EPREFIX}"/var
+		-Dauthfw="$(usex pam pam shadow)"
+		-Dexamples=false
+		-Dgtk_doc=false
+		-Dman=true
+		-Dos_type=gentoo
+		-Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+		-Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+		-Djs_engine=$(usex duktape duktape mozjs)
+		$(meson_use !daemon libs-only)
+		$(meson_use introspection)
+		$(meson_use test tests)
+		$(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+	)
+	meson_src_configure
+}
+
+src_compile() {
+	meson_src_compile
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+	meson_src_install
+
+	if use examples ; then
+		docinto examples
+		dodoc src/examples/{*.c,*.policy*}
+	fi
+
+	if use daemon; then
+		if [[ ${EUID} == 0 ]]; then
+			diropts -m 0700 -o polkitd
+		fi
+		keepdir /etc/polkit-1/rules.d
+	fi
+}
+
+pkg_postinst() {
+	if use daemon && [[ ${EUID} == 0 ]]; then
+		chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+		chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	fi
+}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2024-01-19  6:36 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-01-19  6:36 UTC (permalink / raw
  To: gentoo-commits

commit:     e94da7f8dae815704fe1c371688feb045db9eb16
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 19 06:35:27 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan 19 06:35:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e94da7f8

sys-auth/polkit: fix non-systemd build, don't install redundant sysusers file

No need for our own sysusers file as acct-user/polkitd already installs one.

Closes: https://bugs.gentoo.org/922458
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../polkit/files/polkit-124-systemd-fixup.patch    | 26 ++++++++++++++++++++++
 .../{polkit-124.ebuild => polkit-124-r1.ebuild}    |  4 ++++
 2 files changed, 30 insertions(+)

diff --git a/sys-auth/polkit/files/polkit-124-systemd-fixup.patch b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
new file mode 100644
index 000000000000..fceb33d31afd
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/922458
+https://github.com/polkit-org/polkit/pull/417/files#r1458416421
+--- a/meson.build
++++ b/meson.build
+@@ -212,11 +212,14 @@ if enable_logind
+   config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
+ 
+   # systemd unit / service files
+-  systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
+   systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
+-  if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login'
+-    # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
+-    systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
++  if session_tracking == 'libsystemd-login'
++    systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it')
++
++    if systemd_systemdsystemunitdir == ''
++      # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used
++      systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
++    endif
+   endif
+ 
+   systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d')
+-- 
+2.43.0
+

diff --git a/sys-auth/polkit/polkit-124.ebuild b/sys-auth/polkit/polkit-124-r1.ebuild
similarity index 96%
rename from sys-auth/polkit/polkit-124.ebuild
rename to sys-auth/polkit/polkit-124-r1.ebuild
index 1b576a7af2d7..d5ae6fcf9f54 100644
--- a/sys-auth/polkit/polkit-124.ebuild
+++ b/sys-auth/polkit/polkit-124-r1.ebuild
@@ -91,6 +91,7 @@ QA_MULTILIB_PATHS="
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-124-systemd.patch
+	"${FILESDIR}"/${PN}-124-systemd-fixup.patch
 )
 
 python_check_deps() {
@@ -140,6 +141,9 @@ src_compile() {
 src_install() {
 	meson_src_install
 
+	# acct-user/polkitd installs its own (albeit with a different filename)
+	rm -rf "${ED}"/usr/lib/sysusers.d || die
+
 	if use examples ; then
 		docinto examples
 		dodoc src/examples/{*.c,*.policy*}


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2024-05-03 12:16 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-05-03 12:16 UTC (permalink / raw
  To: gentoo-commits

commit:     1521587bb323049922809b7756705792564041a7
Author:     Kostadin Shishmanov <kocelfc <AT> tutanota <DOT> com>
AuthorDate: Fri May  3 11:37:06 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May  3 12:12:54 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1521587b

sys-auth/polkit: fix tests

Reenable tests with FEATURES="test" and backport test build error fix
for C99 compilers.

Bug: https://bugs.gentoo.org/925440
Signed-off-by: Kostadin Shishmanov <kocelfc <AT> tutanota.com>
Closes: https://github.com/gentoo/gentoo/pull/36527
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-auth/polkit/files/polkit-124-c99-fixes.patch | 111 +++++++++++++++++++++++
 sys-auth/polkit/polkit-124-r1.ebuild             |  13 +--
 2 files changed, 113 insertions(+), 11 deletions(-)

diff --git a/sys-auth/polkit/files/polkit-124-c99-fixes.patch b/sys-auth/polkit/files/polkit-124-c99-fixes.patch
new file mode 100644
index 000000000000..00d3cbbd2664
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-c99-fixes.patch
@@ -0,0 +1,111 @@
+https://bugs.gentoo.org/925440
+https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5
+
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Fri, 8 Mar 2024 14:04:33 +0100
+Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file
+ where it is used
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes build error with GCC >= 14 and clang >= 17,
+failing on:
+```
+../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration]
+   25 |   print_indent(stream, indent);
+      |   ^~~~~~~~~~~~
+```
+
+Closes: #6
+---
+ subprojects/mocklibc.wrap                     |  2 +
+ .../packagefiles/mocklibc-print-indent.diff   | 68 +++++++++++++++++++
+ 2 files changed, 70 insertions(+)
+ create mode 100644 subprojects/packagefiles/mocklibc-print-indent.diff
+
+diff --git a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap
+index af82298..539ee83 100644
+--- a/subprojects/mocklibc.wrap
++++ b/subprojects/mocklibc.wrap
+@@ -8,3 +8,5 @@ source_hash = b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120
+ patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip
+ patch_filename = mocklibc-1.0-2-wrap.zip
+ patch_hash = 0280f96a2eeb3c023e5acf4e00cef03d362868218d4a85347ea45137c0ef6c56
++
++diff_files = mocklibc-print-indent.diff
+diff --git a/subprojects/packagefiles/mocklibc-print-indent.diff b/subprojects/packagefiles/mocklibc-print-indent.diff
+new file mode 100644
+index 0000000..d8b2029
+--- /dev/null
++++ b/subprojects/packagefiles/mocklibc-print-indent.diff
+@@ -0,0 +1,68 @@
++From: Vincent Mihalkovic <vmihalko@redhat.com>
++Date: Fri, 8 Mar 2024 14:04:33 +0100
++Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file
++ where it is used
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++This fixes build error with GCC >= 14 and clang >= 17,
++failing on:
++```
++../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration]
++   25 |   print_indent(stream, indent);
++      |   ^~~~~~~~~~~~
++```
++
++Closes: #6
++---
++ src/netgroup-debug.c | 11 +++++++++++
++ src/netgroup.c       | 11 -----------
++ 2 files changed, 11 insertions(+), 11 deletions(-)
++
++diff --git a/src/netgroup-debug.c b/src/netgroup-debug.c
++index 81d6e72..46e5b25 100644
++--- a/src/netgroup-debug.c
+++++ b/src/netgroup-debug.c
++@@ -21,6 +21,17 @@
++ #include <stdio.h>
++ #include <stdlib.h>
++
+++/**
+++ * Print a varaible indentation to the stream.
+++ * @param stream Stream to print to
+++ * @param indent Number of indents to use
+++ */
+++static void print_indent(FILE *stream, unsigned int indent) {
+++  int i;
+++  for (i = 0; i < indent; i++)
+++    fprintf(stream, "  ");
+++}
+++
++ void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent) {
++   print_indent(stream, indent);
++
++diff --git a/src/netgroup.c b/src/netgroup.c
++index 06a8a89..e16e451 100644
++--- a/src/netgroup.c
+++++ b/src/netgroup.c
++@@ -71,17 +71,6 @@ static char *parser_copy_word(char **cur) {
++   return result;
++ }
++
++-/**
++- * Print a varaible indentation to the stream.
++- * @param stream Stream to print to
++- * @param indent Number of indents to use
++- */
++-void print_indent(FILE *stream, unsigned int indent) {
++-  int i;
++-  for (i = 0; i < indent; i++)
++-    fprintf(stream, "  ");
++-}
++-
++ /**
++  * Connect entries with 'child' type to their child entries.
++  * @param headentry Head of list of entries that need to be connected
++--
++2.43.0
+--

diff --git a/sys-auth/polkit/polkit-124-r1.ebuild b/sys-auth/polkit/polkit-124-r1.ebuild
index d5ae6fcf9f54..4d3b917273a7 100644
--- a/sys-auth/polkit/polkit-124-r1.ebuild
+++ b/sys-auth/polkit/polkit-124-r1.ebuild
@@ -24,17 +24,7 @@ LICENSE="LGPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
 IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test"
-# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
-RESTRICT="!test? ( test ) test"
-
-# This seems to be fixed with 121?
-#if [[ ${PV} == *_p* ]] ; then
-#	RESTRICT="!test? ( test )"
-#else
-#	# Tests currently don't work with meson in the dist tarballs. See
-#	#  https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
-#	RESTRICT="test"
-#fi
+RESTRICT="!test? ( test )"
 
 BDEPEND="
 	acct-user/polkitd
@@ -92,6 +82,7 @@ QA_MULTILIB_PATHS="
 PATCHES=(
 	"${FILESDIR}"/${PN}-124-systemd.patch
 	"${FILESDIR}"/${PN}-124-systemd-fixup.patch
+	"${FILESDIR}"/${PN}-124-c99-fixes.patch
 )
 
 python_check_deps() {


^ permalink raw reply related	[flat|nested] 16+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
@ 2024-09-01  9:26 Sam James
  0 siblings, 0 replies; 16+ messages in thread
From: Sam James @ 2024-09-01  9:26 UTC (permalink / raw
  To: gentoo-commits

commit:     876a5e69fe11b38c85839fd3906d4c5fca3f4a03
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  1 09:24:33 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Sep  1 09:24:33 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=876a5e69

sys-auth/polkit: fix musl build

Closes: https://bugs.gentoo.org/938874
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-auth/polkit/files/polkit-125-musl.patch | 34 +++++++++++++++++++++++++++++
 sys-auth/polkit/polkit-125.ebuild           |  4 ++++
 2 files changed, 38 insertions(+)

diff --git a/sys-auth/polkit/files/polkit-125-musl.patch b/sys-auth/polkit/files/polkit-125-musl.patch
new file mode 100644
index 000000000000..ee0a444c919e
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-125-musl.patch
@@ -0,0 +1,34 @@
+https://github.com/polkit-org/polkit/commit/13bea3e08f924002a6a5c2f275d4bf1588fc3d02
+
+From 13bea3e08f924002a6a5c2f275d4bf1588fc3d02 Mon Sep 17 00:00:00 2001
+From: Sertonix <sertonix@posteo.net>
+Date: Sun, 11 Aug 2024 00:26:51 +0200
+Subject: [PATCH] Fix missing arguments with HAVE_PTHREAD_CONDATTR_SETCLOCK
+
+Fixes <64f5e4dda52> Add syslog-style log levels support
+--- a/src/polkitbackend/polkitbackendduktapeauthority.c
++++ b/src/polkitbackend/polkitbackendduktapeauthority.c
+@@ -767,12 +767,14 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
+ #ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK
+   if ((pthread_err = pthread_condattr_init(&attr))) {
+     polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++                                  LOG_LEVEL_ERROR,
+                                   "Error initializing condition variable attributes: %s",
+                                   strerror(pthread_err));
+     return FALSE;
+   }
+   if ((pthread_err = pthread_condattr_setclock(&attr, PK_CLOCK))) {
+     polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++                                  LOG_LEVEL_ERROR,
+                                   "Error setting condition variable attributes: %s",
+                                   strerror(pthread_err));
+     goto err_clean_condattr;
+@@ -780,6 +782,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
+   /* Init again, with needed attr */
+   if ((pthread_err = pthread_cond_init(&ctx->cond, &attr))) {
+     polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
++                                  LOG_LEVEL_ERROR,
+                                   "Error initializing condition variable: %s",
+                                   strerror(pthread_err));
+     goto err_clean_condattr;
+

diff --git a/sys-auth/polkit/polkit-125.ebuild b/sys-auth/polkit/polkit-125.ebuild
index 53939dcb72eb..fa58387359d1 100644
--- a/sys-auth/polkit/polkit-125.ebuild
+++ b/sys-auth/polkit/polkit-125.ebuild
@@ -80,6 +80,10 @@ QA_MULTILIB_PATHS="
 	usr/lib/polkit-1/polkitd
 "
 
+PATCHES=(
+	"${FILESDIR}"/${P}-musl.patch
+)
+
 python_check_deps() {
 	python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
 	python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"


^ permalink raw reply related	[flat|nested] 16+ messages in thread

end of thread, other threads:[~2024-09-01  9:26 UTC | newest]

Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-01  9:26 [gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/ Sam James
  -- strict thread matches above, loose matches on Subject: below --
2024-05-03 12:16 Sam James
2024-01-19  6:36 Sam James
2024-01-19  5:39 Sam James
2022-10-15 23:51 Sam James
2022-05-15 22:12 Sam James
2022-02-22  6:12 Sam James
2022-02-20  0:43 Sam James
2022-01-27 19:50 Sam James
2022-01-26  0:51 Sam James
2022-01-25 17:26 Sam James
2020-10-04 16:07 Andreas Sturmlechner
2019-03-26  8:58 Lars Wendler
2018-08-08 20:45 Andreas Sturmlechner
2017-06-27 12:04 Michael Palimaka
2017-01-14 19:26 Andreas Sturmlechner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox