1 |
commit: 1bed18530dc535caec4a9fbfe2f9c4de9ac3d730 |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Oct 4 15:58:22 2020 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Oct 4 15:58:22 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bed1853 |
7 |
|
8 |
sys-auth/polkit: Cleanup vulnerable 0.115-r4 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/717712 |
11 |
Package-Manager: Portage-3.0.8, Repoman-3.0.1 |
12 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
13 |
|
14 |
sys-auth/polkit/Manifest | 1 - |
15 |
sys-auth/polkit/files/CVE-2018-19788.patch | 339 --------------------- |
16 |
.../files/polkit-0.115-spidermonkey-60.patch | 180 ----------- |
17 |
sys-auth/polkit/polkit-0.115-r4.ebuild | 144 --------- |
18 |
4 files changed, 664 deletions(-) |
19 |
|
20 |
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest |
21 |
index 22da4a92e24..c1e90f0d5ca 100644 |
22 |
--- a/sys-auth/polkit/Manifest |
23 |
+++ b/sys-auth/polkit/Manifest |
24 |
@@ -1,4 +1,3 @@ |
25 |
-DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1 SHA512 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc |
26 |
DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5 |
27 |
DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70 |
28 |
DIST polkit-0.118.tar.gz 1556765 BLAKE2B d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119 SHA512 3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e |
29 |
|
30 |
diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch b/sys-auth/polkit/files/CVE-2018-19788.patch |
31 |
deleted file mode 100644 |
32 |
index 97e3608a12b..00000000000 |
33 |
--- a/sys-auth/polkit/files/CVE-2018-19788.patch |
34 |
+++ /dev/null |
35 |
@@ -1,339 +0,0 @@ |
36 |
-From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001 |
37 |
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
38 |
-Date: Mon, 3 Dec 2018 10:28:58 +0100 |
39 |
-Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group |
40 |
- objects |
41 |
- |
42 |
-(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since |
43 |
-there should be no users with such number, see |
44 |
-https://systemd.io/UIDS-GIDS#special-linux-uids. |
45 |
- |
46 |
-(uid_t) -1 is used as the default value in class initialization. |
47 |
- |
48 |
-When a user or group above INT32_MAX is created, the numeric uid or |
49 |
-gid wraps around to negative when the value is assigned to gint, and |
50 |
-polkit gets confused. Let's accept such gids, except for -1. |
51 |
- |
52 |
-A nicer fix would be to change the underlying type to e.g. uint32 to |
53 |
-not have negative values. But this cannot be done without breaking the |
54 |
-API, so likely new functions will have to be added (a |
55 |
-polkit_unix_user_new variant that takes a unsigned, and the same for |
56 |
-_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will |
57 |
-require a bigger patch. |
58 |
- |
59 |
-Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. |
60 |
---- |
61 |
- src/polkit/polkitunixgroup.c | 15 +++++++++++---- |
62 |
- src/polkit/polkitunixprocess.c | 12 ++++++++---- |
63 |
- src/polkit/polkitunixuser.c | 13 ++++++++++--- |
64 |
- 3 files changed, 29 insertions(+), 11 deletions(-) |
65 |
- |
66 |
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c |
67 |
-index c57a1aa..309f689 100644 |
68 |
---- a/src/polkit/polkitunixgroup.c |
69 |
-+++ b/src/polkit/polkitunixgroup.c |
70 |
-@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, |
71 |
- static void |
72 |
- polkit_unix_group_init (PolkitUnixGroup *unix_group) |
73 |
- { |
74 |
-+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ |
75 |
- } |
76 |
- |
77 |
- static void |
78 |
-@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, |
79 |
- GParamSpec *pspec) |
80 |
- { |
81 |
- PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); |
82 |
-+ gint val; |
83 |
- |
84 |
- switch (prop_id) |
85 |
- { |
86 |
- case PROP_GID: |
87 |
-- unix_group->gid = g_value_get_int (value); |
88 |
-+ val = g_value_get_int (value); |
89 |
-+ g_return_if_fail (val != -1); |
90 |
-+ unix_group->gid = val; |
91 |
- break; |
92 |
- |
93 |
- default: |
94 |
-@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) |
95 |
- g_param_spec_int ("gid", |
96 |
- "Group ID", |
97 |
- "The UNIX group ID", |
98 |
-- 0, |
99 |
-+ G_MININT, |
100 |
- G_MAXINT, |
101 |
-- 0, |
102 |
-+ -1, |
103 |
- G_PARAM_CONSTRUCT | |
104 |
- G_PARAM_READWRITE | |
105 |
- G_PARAM_STATIC_NAME | |
106 |
-@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) |
107 |
- */ |
108 |
- void |
109 |
- polkit_unix_group_set_gid (PolkitUnixGroup *group, |
110 |
-- gint gid) |
111 |
-+ gint gid) |
112 |
- { |
113 |
- g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); |
114 |
-+ g_return_if_fail (gid != -1); |
115 |
- group->gid = gid; |
116 |
- } |
117 |
- |
118 |
-@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, |
119 |
- PolkitIdentity * |
120 |
- polkit_unix_group_new (gint gid) |
121 |
- { |
122 |
-+ g_return_val_if_fail (gid != -1, NULL); |
123 |
-+ |
124 |
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, |
125 |
- "gid", gid, |
126 |
- NULL)); |
127 |
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c |
128 |
-index 972b777..b02b258 100644 |
129 |
---- a/src/polkit/polkitunixprocess.c |
130 |
-+++ b/src/polkit/polkitunixprocess.c |
131 |
-@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, |
132 |
- polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); |
133 |
- break; |
134 |
- |
135 |
-- case PROP_UID: |
136 |
-- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); |
137 |
-+ case PROP_UID: { |
138 |
-+ gint val; |
139 |
-+ |
140 |
-+ val = g_value_get_int (value); |
141 |
-+ g_return_if_fail (val != -1); |
142 |
-+ polkit_unix_process_set_uid (unix_process, val); |
143 |
- break; |
144 |
-+ } |
145 |
- |
146 |
- case PROP_START_TIME: |
147 |
- polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); |
148 |
-@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) |
149 |
- g_param_spec_int ("uid", |
150 |
- "User ID", |
151 |
- "The UNIX user ID", |
152 |
-- -1, |
153 |
-+ G_MININT, |
154 |
- G_MAXINT, |
155 |
- -1, |
156 |
- G_PARAM_CONSTRUCT | |
157 |
-@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, |
158 |
- gint uid) |
159 |
- { |
160 |
- g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); |
161 |
-- g_return_if_fail (uid >= -1); |
162 |
- process->uid = uid; |
163 |
- } |
164 |
- |
165 |
-diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c |
166 |
-index 8bfd3a1..234a697 100644 |
167 |
---- a/src/polkit/polkitunixuser.c |
168 |
-+++ b/src/polkit/polkitunixuser.c |
169 |
-@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, |
170 |
- static void |
171 |
- polkit_unix_user_init (PolkitUnixUser *unix_user) |
172 |
- { |
173 |
-+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ |
174 |
- unix_user->name = NULL; |
175 |
- } |
176 |
- |
177 |
-@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, |
178 |
- GParamSpec *pspec) |
179 |
- { |
180 |
- PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); |
181 |
-+ gint val; |
182 |
- |
183 |
- switch (prop_id) |
184 |
- { |
185 |
- case PROP_UID: |
186 |
-- unix_user->uid = g_value_get_int (value); |
187 |
-+ val = g_value_get_int (value); |
188 |
-+ g_return_if_fail (val != -1); |
189 |
-+ unix_user->uid = val; |
190 |
- break; |
191 |
- |
192 |
- default: |
193 |
-@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) |
194 |
- g_param_spec_int ("uid", |
195 |
- "User ID", |
196 |
- "The UNIX user ID", |
197 |
-- 0, |
198 |
-+ G_MININT, |
199 |
- G_MAXINT, |
200 |
-- 0, |
201 |
-+ -1, |
202 |
- G_PARAM_CONSTRUCT | |
203 |
- G_PARAM_READWRITE | |
204 |
- G_PARAM_STATIC_NAME | |
205 |
-@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, |
206 |
- gint uid) |
207 |
- { |
208 |
- g_return_if_fail (POLKIT_IS_UNIX_USER (user)); |
209 |
-+ g_return_if_fail (uid != -1); |
210 |
- user->uid = uid; |
211 |
- } |
212 |
- |
213 |
-@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, |
214 |
- PolkitIdentity * |
215 |
- polkit_unix_user_new (gint uid) |
216 |
- { |
217 |
-+ g_return_val_if_fail (uid != -1, NULL); |
218 |
-+ |
219 |
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, |
220 |
- "uid", uid, |
221 |
- NULL)); |
222 |
--- |
223 |
-2.18.1 |
224 |
- |
225 |
- |
226 |
-From b534a10727455409acd54018a9c91000e7626126 Mon Sep 17 00:00:00 2001 |
227 |
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
228 |
-Date: Mon, 3 Dec 2018 11:20:34 +0100 |
229 |
-Subject: [PATCH 2/2] tests: add tests for high uids |
230 |
- |
231 |
---- |
232 |
- test/data/etc/group | 1 + |
233 |
- test/data/etc/passwd | 2 + |
234 |
- .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++ |
235 |
- .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++ |
236 |
- 4 files changed, 96 insertions(+) |
237 |
- |
238 |
-diff --git a/test/data/etc/group b/test/data/etc/group |
239 |
-index 12ef328..b9acab9 100644 |
240 |
---- a/test/data/etc/group |
241 |
-+++ b/test/data/etc/group |
242 |
-@@ -5,3 +5,4 @@ john:x:500: |
243 |
- jane:x:501: |
244 |
- sally:x:502: |
245 |
- henry:x:503: |
246 |
-+highuid2:x:4000000000: |
247 |
-diff --git a/test/data/etc/passwd b/test/data/etc/passwd |
248 |
-index 8544feb..5cf14a5 100644 |
249 |
---- a/test/data/etc/passwd |
250 |
-+++ b/test/data/etc/passwd |
251 |
-@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash |
252 |
- jane:x:501:501:Jane Smith:/home/jane:/bin/bash |
253 |
- sally:x:502:502:Sally Derp:/home/sally:/bin/bash |
254 |
- henry:x:503:503:Henry Herp:/home/henry:/bin/bash |
255 |
-+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin |
256 |
-+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin |
257 |
-diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules |
258 |
-index 446e622..98bf062 100644 |
259 |
---- a/test/data/etc/polkit-1/rules.d/10-testing.rules |
260 |
-+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules |
261 |
-@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) { |
262 |
- } |
263 |
- }); |
264 |
- |
265 |
-+polkit.addRule(function(action, subject) { |
266 |
-+ if (action.id == "net.company.john_action") { |
267 |
-+ if (subject.user == "john") { |
268 |
-+ return polkit.Result.YES; |
269 |
-+ } else { |
270 |
-+ return polkit.Result.NO; |
271 |
-+ } |
272 |
-+ } |
273 |
-+}); |
274 |
-+ |
275 |
-+polkit.addRule(function(action, subject) { |
276 |
-+ if (action.id == "net.company.highuid2_action") { |
277 |
-+ if (subject.user == "highuid2") { |
278 |
-+ return polkit.Result.YES; |
279 |
-+ } else { |
280 |
-+ return polkit.Result.NO; |
281 |
-+ } |
282 |
-+ } |
283 |
-+}); |
284 |
-+ |
285 |
-+ |
286 |
- // --------------------------------------------------------------------- |
287 |
- // variables |
288 |
- |
289 |
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c |
290 |
-index b484a26..71aad23 100644 |
291 |
---- a/test/polkitbackend/test-polkitbackendjsauthority.c |
292 |
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c |
293 |
-@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = { |
294 |
- NULL, |
295 |
- POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, |
296 |
- }, |
297 |
-+ |
298 |
-+ { |
299 |
-+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ |
300 |
-+ "group_membership_with_non_member(highuid22)", |
301 |
-+ "net.company.group.only_group_users", |
302 |
-+ "unix-user:highuid2", |
303 |
-+ NULL, |
304 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
305 |
-+ }, |
306 |
-+ |
307 |
-+ { |
308 |
-+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ |
309 |
-+ "group_membership_with_non_member(highuid21)", |
310 |
-+ "net.company.group.only_group_users", |
311 |
-+ "unix-user:highuid2", |
312 |
-+ NULL, |
313 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
314 |
-+ }, |
315 |
-+ |
316 |
-+ { |
317 |
-+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ |
318 |
-+ "group_membership_with_non_member(highuid24)", |
319 |
-+ "net.company.group.only_group_users", |
320 |
-+ "unix-user:2147483648", |
321 |
-+ NULL, |
322 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
323 |
-+ }, |
324 |
-+ |
325 |
-+ { |
326 |
-+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ |
327 |
-+ "group_membership_with_non_member(highuid23)", |
328 |
-+ "net.company.group.only_group_users", |
329 |
-+ "unix-user:4000000000", |
330 |
-+ NULL, |
331 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
332 |
-+ }, |
333 |
-+ |
334 |
-+ { |
335 |
-+ /* john is authorized to do this, see 10-testing.rules */ |
336 |
-+ "john_action", |
337 |
-+ "net.company.john_action", |
338 |
-+ "unix-user:john", |
339 |
-+ NULL, |
340 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, |
341 |
-+ }, |
342 |
-+ |
343 |
-+ { |
344 |
-+ /* only john is authorized to do this, see 10-testing.rules */ |
345 |
-+ "jane_action", |
346 |
-+ "net.company.john_action", |
347 |
-+ "unix-user:jane", |
348 |
-+ NULL, |
349 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
350 |
-+ }, |
351 |
-+ |
352 |
-+ { |
353 |
-+ /* highuid2 is authorized to do this, see 10-testing.rules */ |
354 |
-+ "highuid2_action", |
355 |
-+ "net.company.highuid2_action", |
356 |
-+ "unix-user:highuid2", |
357 |
-+ NULL, |
358 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, |
359 |
-+ }, |
360 |
-+ |
361 |
-+ { |
362 |
-+ /* only highuid2 is authorized to do this, see 10-testing.rules */ |
363 |
-+ "highuid1_action", |
364 |
-+ "net.company.highuid2_action", |
365 |
-+ "unix-user:highuid1", |
366 |
-+ NULL, |
367 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
368 |
-+ }, |
369 |
- }; |
370 |
- |
371 |
- /* ---------------------------------------------------------------------------------------------------- */ |
372 |
--- |
373 |
-2.18.1 |
374 |
- |
375 |
|
376 |
diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch |
377 |
deleted file mode 100644 |
378 |
index 8a4510ad205..00000000000 |
379 |
--- a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch |
380 |
+++ /dev/null |
381 |
@@ -1,180 +0,0 @@ |
382 |
-From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001 |
383 |
-From: Emmanuele Bassi <ebassi@×××××.org> |
384 |
-Date: Fri, 31 Aug 2018 13:32:16 +0100 |
385 |
-Subject: [PATCH] Depend on mozjs-60 |
386 |
- |
387 |
-This is the new ESR version of the Mozilla JS engine, superceding |
388 |
-mozjs-52. |
389 |
---- |
390 |
- configure.ac | 2 +- |
391 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
392 |
- |
393 |
-diff --git a/configure.ac b/configure.ac |
394 |
-index 5c37e48..5cedb4e 100644 |
395 |
---- a/configure.ac |
396 |
-+++ b/configure.ac |
397 |
-@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) |
398 |
- AC_SUBST(GLIB_CFLAGS) |
399 |
- AC_SUBST(GLIB_LIBS) |
400 |
- |
401 |
--PKG_CHECK_MODULES(LIBJS, [mozjs-52]) |
402 |
-+PKG_CHECK_MODULES(LIBJS, [mozjs-60]) |
403 |
- |
404 |
- AC_SUBST(LIBJS_CFLAGS) |
405 |
- AC_SUBST(LIBJS_CXXFLAGS) |
406 |
- |
407 |
- |
408 |
-From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001 |
409 |
-From: Emmanuele Bassi <ebassi@×××××.org> |
410 |
-Date: Fri, 31 Aug 2018 13:33:20 +0100 |
411 |
-Subject: [PATCH] Port the JS authority to mozjs-60 |
412 |
- |
413 |
-API changes in mozjs that need to be reflected in the JS authority: |
414 |
- |
415 |
- - the JS::CompileOptions constructor and the JS::CompartmentOptions |
416 |
- do not allow setting a JS version any more |
417 |
- |
418 |
- - do not use NULL comparisons for C++ objects |
419 |
- |
420 |
- - the resize() method for a vector has a return value that needs |
421 |
- to be handled |
422 |
- |
423 |
- - JSClassOps has different fields |
424 |
---- |
425 |
- .../polkitbackendjsauthority.cpp | 65 +++++++++---------- |
426 |
- 1 file changed, 32 insertions(+), 33 deletions(-) |
427 |
- |
428 |
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp |
429 |
-index 7602714..984a0f0 100644 |
430 |
---- a/src/polkitbackend/polkitbackendjsauthority.cpp |
431 |
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp |
432 |
-@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC |
433 |
- /* ---------------------------------------------------------------------------------------------------- */ |
434 |
- |
435 |
- static const struct JSClassOps js_global_class_ops = { |
436 |
-- NULL, |
437 |
-- NULL, |
438 |
-- NULL, |
439 |
-- NULL, |
440 |
-- NULL, |
441 |
-- NULL, |
442 |
-- NULL, |
443 |
-- NULL, |
444 |
-- NULL, |
445 |
-- NULL, |
446 |
-- NULL, |
447 |
-- NULL |
448 |
-+ nullptr, // addProperty |
449 |
-+ nullptr, // deleteProperty |
450 |
-+ nullptr, // enumerate |
451 |
-+ nullptr, // newEnumerate |
452 |
-+ nullptr, // resolve |
453 |
-+ nullptr, // mayResolve |
454 |
-+ nullptr, // finalize |
455 |
-+ nullptr, // call |
456 |
-+ nullptr, // hasInstance |
457 |
-+ nullptr, // construct |
458 |
-+ JS_GlobalObjectTraceHook |
459 |
- }; |
460 |
- |
461 |
- static JSClass js_global_class = { |
462 |
-@@ -172,18 +171,17 @@ static JSClass js_global_class = { |
463 |
- |
464 |
- /* ---------------------------------------------------------------------------------------------------- */ |
465 |
- static const struct JSClassOps js_polkit_class_ops = { |
466 |
-- NULL, |
467 |
-- NULL, |
468 |
-- NULL, |
469 |
-- NULL, |
470 |
-- NULL, |
471 |
-- NULL, |
472 |
-- NULL, |
473 |
-- NULL, |
474 |
-- NULL, |
475 |
-- NULL, |
476 |
-- NULL, |
477 |
-- NULL |
478 |
-+ nullptr, // addProperty |
479 |
-+ nullptr, // deleteProperty |
480 |
-+ nullptr, // enumerate |
481 |
-+ nullptr, // newEnumerate |
482 |
-+ nullptr, // resolve |
483 |
-+ nullptr, // mayResolve |
484 |
-+ nullptr, // finalize |
485 |
-+ nullptr, // call |
486 |
-+ nullptr, // hasInstance |
487 |
-+ nullptr, // construct |
488 |
-+ nullptr // trace |
489 |
- }; |
490 |
- |
491 |
- static JSClass js_polkit_class = { |
492 |
-@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object) |
493 |
- |
494 |
- { |
495 |
- JS::CompartmentOptions compart_opts; |
496 |
-- compart_opts.behaviors().setVersion(JSVERSION_LATEST); |
497 |
-+ |
498 |
- JS::RootedObject global(authority->priv->cx); |
499 |
- |
500 |
- authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts)); |
501 |
- |
502 |
- global = authority->priv->js_global->get (); |
503 |
-- |
504 |
-- if (global == NULL) |
505 |
-+ if (!global) |
506 |
- goto fail; |
507 |
- |
508 |
- authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global); |
509 |
- |
510 |
-- if (authority->priv->ac == NULL) |
511 |
-+ if (!authority->priv->ac) |
512 |
- goto fail; |
513 |
- |
514 |
- if (!JS_InitStandardClasses (authority->priv->cx, global)) |
515 |
-@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object) |
516 |
- |
517 |
- polkit = authority->priv->js_polkit->get (); |
518 |
- |
519 |
-- if (polkit == NULL) |
520 |
-+ if (!polkit) |
521 |
- goto fail; |
522 |
- |
523 |
- if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE)) |
524 |
-@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object) |
525 |
- js_polkit_functions)) |
526 |
- goto fail; |
527 |
- |
528 |
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); |
529 |
-+ JS::CompileOptions options(authority->priv->cx); |
530 |
- JS::RootedValue rval(authority->priv->cx); |
531 |
- if (!JS::Evaluate (authority->priv->cx, |
532 |
- options, |
533 |
-@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority, |
534 |
- JS::AutoValueVector elems(authority->priv->cx); |
535 |
- guint n; |
536 |
- |
537 |
-- elems.resize(value->len); |
538 |
-+ if (!elems.resize(value->len)) |
539 |
-+ g_error ("Unable to resize vector"); |
540 |
-+ |
541 |
- for (n = 0; n < value->len; n++) |
542 |
- { |
543 |
- const char *c_string = (const char *) g_ptr_array_index(value, n); |
544 |
-@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority, |
545 |
- GError **error) |
546 |
- { |
547 |
- gboolean ret = FALSE; |
548 |
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); |
549 |
-+ JS::CompileOptions options(authority->priv->cx); |
550 |
- const char *src; |
551 |
- JS::RootedObject obj(authority->priv->cx); |
552 |
- pid_t pid; |
553 |
-@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority, |
554 |
- GError **error) |
555 |
- { |
556 |
- gboolean ret = FALSE; |
557 |
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); |
558 |
-+ JS::CompileOptions options(authority->priv->cx); |
559 |
- const char *src; |
560 |
- JS::RootedObject obj(authority->priv->cx); |
561 |
- gchar **keys; |
562 |
|
563 |
diff --git a/sys-auth/polkit/polkit-0.115-r4.ebuild b/sys-auth/polkit/polkit-0.115-r4.ebuild |
564 |
deleted file mode 100644 |
565 |
index 675bff79710..00000000000 |
566 |
--- a/sys-auth/polkit/polkit-0.115-r4.ebuild |
567 |
+++ /dev/null |
568 |
@@ -1,144 +0,0 @@ |
569 |
-# Copyright 1999-2020 Gentoo Authors |
570 |
-# Distributed under the terms of the GNU General Public License v2 |
571 |
- |
572 |
-EAPI=7 |
573 |
- |
574 |
-inherit autotools pam pax-utils systemd user xdg-utils |
575 |
- |
576 |
-DESCRIPTION="Policy framework for controlling privileges for system-wide services" |
577 |
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" |
578 |
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" |
579 |
- |
580 |
-LICENSE="LGPL-2" |
581 |
-SLOT="0" |
582 |
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 s390 sparc x86" |
583 |
-IUSE="consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test" |
584 |
-RESTRICT="!test? ( test )" |
585 |
- |
586 |
-REQUIRED_USE="^^ ( consolekit elogind systemd )" |
587 |
- |
588 |
-BDEPEND=" |
589 |
- app-text/docbook-xml-dtd:4.1.2 |
590 |
- app-text/docbook-xsl-stylesheets |
591 |
- dev-libs/gobject-introspection-common |
592 |
- dev-libs/libxslt |
593 |
- dev-util/glib-utils |
594 |
- dev-util/gtk-doc-am |
595 |
- dev-util/intltool |
596 |
- sys-devel/gettext |
597 |
- virtual/pkgconfig |
598 |
- introspection? ( dev-libs/gobject-introspection ) |
599 |
-" |
600 |
-DEPEND=" |
601 |
- dev-lang/spidermonkey:60[-debug] |
602 |
- dev-libs/glib:2 |
603 |
- dev-libs/expat |
604 |
- elogind? ( sys-auth/elogind ) |
605 |
- pam? ( |
606 |
- sys-auth/pambase |
607 |
- sys-libs/pam |
608 |
- ) |
609 |
- systemd? ( sys-apps/systemd:0=[policykit] ) |
610 |
-" |
611 |
-RDEPEND="${DEPEND} |
612 |
- selinux? ( sec-policy/selinux-policykit ) |
613 |
-" |
614 |
-PDEPEND=" |
615 |
- consolekit? ( sys-auth/consolekit[policykit] ) |
616 |
- gtk? ( || ( |
617 |
- >=gnome-extra/polkit-gnome-0.105 |
618 |
- >=lxde-base/lxsession-0.5.2 |
619 |
- ) ) |
620 |
- kde? ( kde-plasma/polkit-kde-agent ) |
621 |
-" |
622 |
- |
623 |
-DOCS=( docs/TODO HACKING NEWS README ) |
624 |
- |
625 |
-PATCHES=( |
626 |
- # bug 660880 |
627 |
- "${FILESDIR}"/polkit-0.115-elogind.patch |
628 |
- "${FILESDIR}"/CVE-2018-19788.patch |
629 |
- "${FILESDIR}"/polkit-0.115-spidermonkey-60.patch |
630 |
-) |
631 |
- |
632 |
-QA_MULTILIB_PATHS=" |
633 |
- usr/lib/polkit-1/polkit-agent-helper-1 |
634 |
- usr/lib/polkit-1/polkitd" |
635 |
- |
636 |
-pkg_setup() { |
637 |
- local u=polkitd |
638 |
- local g=polkitd |
639 |
- local h=/var/lib/polkit-1 |
640 |
- |
641 |
- enewgroup ${g} |
642 |
- enewuser ${u} -1 -1 ${h} ${g} |
643 |
- esethome ${u} ${h} |
644 |
-} |
645 |
- |
646 |
-src_prepare() { |
647 |
- default |
648 |
- |
649 |
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 |
650 |
- |
651 |
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170 |
652 |
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \ |
653 |
- -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \ |
654 |
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \ |
655 |
- docs/polkit/Makefile.in || die |
656 |
- |
657 |
- # disable broken test - bug #624022 |
658 |
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die |
659 |
- |
660 |
- # Fix cross-building, bug #590764, elogind patch, bug #598615 |
661 |
- eautoreconf |
662 |
-} |
663 |
- |
664 |
-src_configure() { |
665 |
- xdg_environment_reset |
666 |
- |
667 |
- local myeconfargs=( |
668 |
- --localstatedir="${EPREFIX}"/var |
669 |
- --disable-static |
670 |
- --enable-man-pages |
671 |
- --disable-gtk-doc |
672 |
- --disable-examples |
673 |
- $(use_enable elogind libelogind) |
674 |
- $(use_enable introspection) |
675 |
- $(use_enable nls) |
676 |
- $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '') |
677 |
- --with-authfw=$(usex pam pam shadow) |
678 |
- $(use_enable systemd libsystemd-login) |
679 |
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" |
680 |
- $(use_enable test) |
681 |
- --with-os-type=gentoo |
682 |
- ) |
683 |
- econf "${myeconfargs[@]}" |
684 |
-} |
685 |
- |
686 |
-src_compile() { |
687 |
- default |
688 |
- |
689 |
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT |
690 |
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest |
691 |
-} |
692 |
- |
693 |
-src_install() { |
694 |
- default |
695 |
- |
696 |
- fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d |
697 |
- |
698 |
- diropts -m0700 -o polkitd -g polkitd |
699 |
- keepdir /var/lib/polkit-1 |
700 |
- |
701 |
- if use examples; then |
702 |
- docinto examples |
703 |
- dodoc src/examples/{*.c,*.policy*} |
704 |
- fi |
705 |
- |
706 |
- find "${ED}" -name '*.la' -delete || die |
707 |
-} |
708 |
- |
709 |
-pkg_postinst() { |
710 |
- chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d |
711 |
- chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1 |
712 |
-} |