| 1 |
commit: 1bed18530dc535caec4a9fbfe2f9c4de9ac3d730 |
| 2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Oct 4 15:58:22 2020 +0000 |
| 4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Oct 4 15:58:22 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bed1853 |
| 7 |
|
| 8 |
sys-auth/polkit: Cleanup vulnerable 0.115-r4 |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/717712 |
| 11 |
Package-Manager: Portage-3.0.8, Repoman-3.0.1 |
| 12 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
| 13 |
|
| 14 |
sys-auth/polkit/Manifest | 1 - |
| 15 |
sys-auth/polkit/files/CVE-2018-19788.patch | 339 --------------------- |
| 16 |
.../files/polkit-0.115-spidermonkey-60.patch | 180 ----------- |
| 17 |
sys-auth/polkit/polkit-0.115-r4.ebuild | 144 --------- |
| 18 |
4 files changed, 664 deletions(-) |
| 19 |
|
| 20 |
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest |
| 21 |
index 22da4a92e24..c1e90f0d5ca 100644 |
| 22 |
--- a/sys-auth/polkit/Manifest |
| 23 |
+++ b/sys-auth/polkit/Manifest |
| 24 |
@@ -1,4 +1,3 @@ |
| 25 |
-DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1 SHA512 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc |
| 26 |
DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5 |
| 27 |
DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70 |
| 28 |
DIST polkit-0.118.tar.gz 1556765 BLAKE2B d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119 SHA512 3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e |
| 29 |
|
| 30 |
diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch b/sys-auth/polkit/files/CVE-2018-19788.patch |
| 31 |
deleted file mode 100644 |
| 32 |
index 97e3608a12b..00000000000 |
| 33 |
--- a/sys-auth/polkit/files/CVE-2018-19788.patch |
| 34 |
+++ /dev/null |
| 35 |
@@ -1,339 +0,0 @@ |
| 36 |
-From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001 |
| 37 |
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
| 38 |
-Date: Mon, 3 Dec 2018 10:28:58 +0100 |
| 39 |
-Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group |
| 40 |
- objects |
| 41 |
- |
| 42 |
-(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since |
| 43 |
-there should be no users with such number, see |
| 44 |
-https://systemd.io/UIDS-GIDS#special-linux-uids. |
| 45 |
- |
| 46 |
-(uid_t) -1 is used as the default value in class initialization. |
| 47 |
- |
| 48 |
-When a user or group above INT32_MAX is created, the numeric uid or |
| 49 |
-gid wraps around to negative when the value is assigned to gint, and |
| 50 |
-polkit gets confused. Let's accept such gids, except for -1. |
| 51 |
- |
| 52 |
-A nicer fix would be to change the underlying type to e.g. uint32 to |
| 53 |
-not have negative values. But this cannot be done without breaking the |
| 54 |
-API, so likely new functions will have to be added (a |
| 55 |
-polkit_unix_user_new variant that takes a unsigned, and the same for |
| 56 |
-_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will |
| 57 |
-require a bigger patch. |
| 58 |
- |
| 59 |
-Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. |
| 60 |
---- |
| 61 |
- src/polkit/polkitunixgroup.c | 15 +++++++++++---- |
| 62 |
- src/polkit/polkitunixprocess.c | 12 ++++++++---- |
| 63 |
- src/polkit/polkitunixuser.c | 13 ++++++++++--- |
| 64 |
- 3 files changed, 29 insertions(+), 11 deletions(-) |
| 65 |
- |
| 66 |
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c |
| 67 |
-index c57a1aa..309f689 100644 |
| 68 |
---- a/src/polkit/polkitunixgroup.c |
| 69 |
-+++ b/src/polkit/polkitunixgroup.c |
| 70 |
-@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, |
| 71 |
- static void |
| 72 |
- polkit_unix_group_init (PolkitUnixGroup *unix_group) |
| 73 |
- { |
| 74 |
-+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ |
| 75 |
- } |
| 76 |
- |
| 77 |
- static void |
| 78 |
-@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, |
| 79 |
- GParamSpec *pspec) |
| 80 |
- { |
| 81 |
- PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); |
| 82 |
-+ gint val; |
| 83 |
- |
| 84 |
- switch (prop_id) |
| 85 |
- { |
| 86 |
- case PROP_GID: |
| 87 |
-- unix_group->gid = g_value_get_int (value); |
| 88 |
-+ val = g_value_get_int (value); |
| 89 |
-+ g_return_if_fail (val != -1); |
| 90 |
-+ unix_group->gid = val; |
| 91 |
- break; |
| 92 |
- |
| 93 |
- default: |
| 94 |
-@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) |
| 95 |
- g_param_spec_int ("gid", |
| 96 |
- "Group ID", |
| 97 |
- "The UNIX group ID", |
| 98 |
-- 0, |
| 99 |
-+ G_MININT, |
| 100 |
- G_MAXINT, |
| 101 |
-- 0, |
| 102 |
-+ -1, |
| 103 |
- G_PARAM_CONSTRUCT | |
| 104 |
- G_PARAM_READWRITE | |
| 105 |
- G_PARAM_STATIC_NAME | |
| 106 |
-@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) |
| 107 |
- */ |
| 108 |
- void |
| 109 |
- polkit_unix_group_set_gid (PolkitUnixGroup *group, |
| 110 |
-- gint gid) |
| 111 |
-+ gint gid) |
| 112 |
- { |
| 113 |
- g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); |
| 114 |
-+ g_return_if_fail (gid != -1); |
| 115 |
- group->gid = gid; |
| 116 |
- } |
| 117 |
- |
| 118 |
-@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, |
| 119 |
- PolkitIdentity * |
| 120 |
- polkit_unix_group_new (gint gid) |
| 121 |
- { |
| 122 |
-+ g_return_val_if_fail (gid != -1, NULL); |
| 123 |
-+ |
| 124 |
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, |
| 125 |
- "gid", gid, |
| 126 |
- NULL)); |
| 127 |
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c |
| 128 |
-index 972b777..b02b258 100644 |
| 129 |
---- a/src/polkit/polkitunixprocess.c |
| 130 |
-+++ b/src/polkit/polkitunixprocess.c |
| 131 |
-@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, |
| 132 |
- polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); |
| 133 |
- break; |
| 134 |
- |
| 135 |
-- case PROP_UID: |
| 136 |
-- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); |
| 137 |
-+ case PROP_UID: { |
| 138 |
-+ gint val; |
| 139 |
-+ |
| 140 |
-+ val = g_value_get_int (value); |
| 141 |
-+ g_return_if_fail (val != -1); |
| 142 |
-+ polkit_unix_process_set_uid (unix_process, val); |
| 143 |
- break; |
| 144 |
-+ } |
| 145 |
- |
| 146 |
- case PROP_START_TIME: |
| 147 |
- polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); |
| 148 |
-@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) |
| 149 |
- g_param_spec_int ("uid", |
| 150 |
- "User ID", |
| 151 |
- "The UNIX user ID", |
| 152 |
-- -1, |
| 153 |
-+ G_MININT, |
| 154 |
- G_MAXINT, |
| 155 |
- -1, |
| 156 |
- G_PARAM_CONSTRUCT | |
| 157 |
-@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, |
| 158 |
- gint uid) |
| 159 |
- { |
| 160 |
- g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); |
| 161 |
-- g_return_if_fail (uid >= -1); |
| 162 |
- process->uid = uid; |
| 163 |
- } |
| 164 |
- |
| 165 |
-diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c |
| 166 |
-index 8bfd3a1..234a697 100644 |
| 167 |
---- a/src/polkit/polkitunixuser.c |
| 168 |
-+++ b/src/polkit/polkitunixuser.c |
| 169 |
-@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, |
| 170 |
- static void |
| 171 |
- polkit_unix_user_init (PolkitUnixUser *unix_user) |
| 172 |
- { |
| 173 |
-+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ |
| 174 |
- unix_user->name = NULL; |
| 175 |
- } |
| 176 |
- |
| 177 |
-@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, |
| 178 |
- GParamSpec *pspec) |
| 179 |
- { |
| 180 |
- PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); |
| 181 |
-+ gint val; |
| 182 |
- |
| 183 |
- switch (prop_id) |
| 184 |
- { |
| 185 |
- case PROP_UID: |
| 186 |
-- unix_user->uid = g_value_get_int (value); |
| 187 |
-+ val = g_value_get_int (value); |
| 188 |
-+ g_return_if_fail (val != -1); |
| 189 |
-+ unix_user->uid = val; |
| 190 |
- break; |
| 191 |
- |
| 192 |
- default: |
| 193 |
-@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) |
| 194 |
- g_param_spec_int ("uid", |
| 195 |
- "User ID", |
| 196 |
- "The UNIX user ID", |
| 197 |
-- 0, |
| 198 |
-+ G_MININT, |
| 199 |
- G_MAXINT, |
| 200 |
-- 0, |
| 201 |
-+ -1, |
| 202 |
- G_PARAM_CONSTRUCT | |
| 203 |
- G_PARAM_READWRITE | |
| 204 |
- G_PARAM_STATIC_NAME | |
| 205 |
-@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, |
| 206 |
- gint uid) |
| 207 |
- { |
| 208 |
- g_return_if_fail (POLKIT_IS_UNIX_USER (user)); |
| 209 |
-+ g_return_if_fail (uid != -1); |
| 210 |
- user->uid = uid; |
| 211 |
- } |
| 212 |
- |
| 213 |
-@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, |
| 214 |
- PolkitIdentity * |
| 215 |
- polkit_unix_user_new (gint uid) |
| 216 |
- { |
| 217 |
-+ g_return_val_if_fail (uid != -1, NULL); |
| 218 |
-+ |
| 219 |
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, |
| 220 |
- "uid", uid, |
| 221 |
- NULL)); |
| 222 |
--- |
| 223 |
-2.18.1 |
| 224 |
- |
| 225 |
- |
| 226 |
-From b534a10727455409acd54018a9c91000e7626126 Mon Sep 17 00:00:00 2001 |
| 227 |
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@××××××.pl> |
| 228 |
-Date: Mon, 3 Dec 2018 11:20:34 +0100 |
| 229 |
-Subject: [PATCH 2/2] tests: add tests for high uids |
| 230 |
- |
| 231 |
---- |
| 232 |
- test/data/etc/group | 1 + |
| 233 |
- test/data/etc/passwd | 2 + |
| 234 |
- .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++ |
| 235 |
- .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++ |
| 236 |
- 4 files changed, 96 insertions(+) |
| 237 |
- |
| 238 |
-diff --git a/test/data/etc/group b/test/data/etc/group |
| 239 |
-index 12ef328..b9acab9 100644 |
| 240 |
---- a/test/data/etc/group |
| 241 |
-+++ b/test/data/etc/group |
| 242 |
-@@ -5,3 +5,4 @@ john:x:500: |
| 243 |
- jane:x:501: |
| 244 |
- sally:x:502: |
| 245 |
- henry:x:503: |
| 246 |
-+highuid2:x:4000000000: |
| 247 |
-diff --git a/test/data/etc/passwd b/test/data/etc/passwd |
| 248 |
-index 8544feb..5cf14a5 100644 |
| 249 |
---- a/test/data/etc/passwd |
| 250 |
-+++ b/test/data/etc/passwd |
| 251 |
-@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash |
| 252 |
- jane:x:501:501:Jane Smith:/home/jane:/bin/bash |
| 253 |
- sally:x:502:502:Sally Derp:/home/sally:/bin/bash |
| 254 |
- henry:x:503:503:Henry Herp:/home/henry:/bin/bash |
| 255 |
-+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin |
| 256 |
-+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin |
| 257 |
-diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules |
| 258 |
-index 446e622..98bf062 100644 |
| 259 |
---- a/test/data/etc/polkit-1/rules.d/10-testing.rules |
| 260 |
-+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules |
| 261 |
-@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) { |
| 262 |
- } |
| 263 |
- }); |
| 264 |
- |
| 265 |
-+polkit.addRule(function(action, subject) { |
| 266 |
-+ if (action.id == "net.company.john_action") { |
| 267 |
-+ if (subject.user == "john") { |
| 268 |
-+ return polkit.Result.YES; |
| 269 |
-+ } else { |
| 270 |
-+ return polkit.Result.NO; |
| 271 |
-+ } |
| 272 |
-+ } |
| 273 |
-+}); |
| 274 |
-+ |
| 275 |
-+polkit.addRule(function(action, subject) { |
| 276 |
-+ if (action.id == "net.company.highuid2_action") { |
| 277 |
-+ if (subject.user == "highuid2") { |
| 278 |
-+ return polkit.Result.YES; |
| 279 |
-+ } else { |
| 280 |
-+ return polkit.Result.NO; |
| 281 |
-+ } |
| 282 |
-+ } |
| 283 |
-+}); |
| 284 |
-+ |
| 285 |
-+ |
| 286 |
- // --------------------------------------------------------------------- |
| 287 |
- // variables |
| 288 |
- |
| 289 |
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 290 |
-index b484a26..71aad23 100644 |
| 291 |
---- a/test/polkitbackend/test-polkitbackendjsauthority.c |
| 292 |
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 293 |
-@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = { |
| 294 |
- NULL, |
| 295 |
- POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, |
| 296 |
- }, |
| 297 |
-+ |
| 298 |
-+ { |
| 299 |
-+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ |
| 300 |
-+ "group_membership_with_non_member(highuid22)", |
| 301 |
-+ "net.company.group.only_group_users", |
| 302 |
-+ "unix-user:highuid2", |
| 303 |
-+ NULL, |
| 304 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
| 305 |
-+ }, |
| 306 |
-+ |
| 307 |
-+ { |
| 308 |
-+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ |
| 309 |
-+ "group_membership_with_non_member(highuid21)", |
| 310 |
-+ "net.company.group.only_group_users", |
| 311 |
-+ "unix-user:highuid2", |
| 312 |
-+ NULL, |
| 313 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
| 314 |
-+ }, |
| 315 |
-+ |
| 316 |
-+ { |
| 317 |
-+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ |
| 318 |
-+ "group_membership_with_non_member(highuid24)", |
| 319 |
-+ "net.company.group.only_group_users", |
| 320 |
-+ "unix-user:2147483648", |
| 321 |
-+ NULL, |
| 322 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
| 323 |
-+ }, |
| 324 |
-+ |
| 325 |
-+ { |
| 326 |
-+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ |
| 327 |
-+ "group_membership_with_non_member(highuid23)", |
| 328 |
-+ "net.company.group.only_group_users", |
| 329 |
-+ "unix-user:4000000000", |
| 330 |
-+ NULL, |
| 331 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
| 332 |
-+ }, |
| 333 |
-+ |
| 334 |
-+ { |
| 335 |
-+ /* john is authorized to do this, see 10-testing.rules */ |
| 336 |
-+ "john_action", |
| 337 |
-+ "net.company.john_action", |
| 338 |
-+ "unix-user:john", |
| 339 |
-+ NULL, |
| 340 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, |
| 341 |
-+ }, |
| 342 |
-+ |
| 343 |
-+ { |
| 344 |
-+ /* only john is authorized to do this, see 10-testing.rules */ |
| 345 |
-+ "jane_action", |
| 346 |
-+ "net.company.john_action", |
| 347 |
-+ "unix-user:jane", |
| 348 |
-+ NULL, |
| 349 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
| 350 |
-+ }, |
| 351 |
-+ |
| 352 |
-+ { |
| 353 |
-+ /* highuid2 is authorized to do this, see 10-testing.rules */ |
| 354 |
-+ "highuid2_action", |
| 355 |
-+ "net.company.highuid2_action", |
| 356 |
-+ "unix-user:highuid2", |
| 357 |
-+ NULL, |
| 358 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, |
| 359 |
-+ }, |
| 360 |
-+ |
| 361 |
-+ { |
| 362 |
-+ /* only highuid2 is authorized to do this, see 10-testing.rules */ |
| 363 |
-+ "highuid1_action", |
| 364 |
-+ "net.company.highuid2_action", |
| 365 |
-+ "unix-user:highuid1", |
| 366 |
-+ NULL, |
| 367 |
-+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, |
| 368 |
-+ }, |
| 369 |
- }; |
| 370 |
- |
| 371 |
- /* ---------------------------------------------------------------------------------------------------- */ |
| 372 |
--- |
| 373 |
-2.18.1 |
| 374 |
- |
| 375 |
|
| 376 |
diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch |
| 377 |
deleted file mode 100644 |
| 378 |
index 8a4510ad205..00000000000 |
| 379 |
--- a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch |
| 380 |
+++ /dev/null |
| 381 |
@@ -1,180 +0,0 @@ |
| 382 |
-From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001 |
| 383 |
-From: Emmanuele Bassi <ebassi@×××××.org> |
| 384 |
-Date: Fri, 31 Aug 2018 13:32:16 +0100 |
| 385 |
-Subject: [PATCH] Depend on mozjs-60 |
| 386 |
- |
| 387 |
-This is the new ESR version of the Mozilla JS engine, superceding |
| 388 |
-mozjs-52. |
| 389 |
---- |
| 390 |
- configure.ac | 2 +- |
| 391 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
| 392 |
- |
| 393 |
-diff --git a/configure.ac b/configure.ac |
| 394 |
-index 5c37e48..5cedb4e 100644 |
| 395 |
---- a/configure.ac |
| 396 |
-+++ b/configure.ac |
| 397 |
-@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) |
| 398 |
- AC_SUBST(GLIB_CFLAGS) |
| 399 |
- AC_SUBST(GLIB_LIBS) |
| 400 |
- |
| 401 |
--PKG_CHECK_MODULES(LIBJS, [mozjs-52]) |
| 402 |
-+PKG_CHECK_MODULES(LIBJS, [mozjs-60]) |
| 403 |
- |
| 404 |
- AC_SUBST(LIBJS_CFLAGS) |
| 405 |
- AC_SUBST(LIBJS_CXXFLAGS) |
| 406 |
- |
| 407 |
- |
| 408 |
-From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001 |
| 409 |
-From: Emmanuele Bassi <ebassi@×××××.org> |
| 410 |
-Date: Fri, 31 Aug 2018 13:33:20 +0100 |
| 411 |
-Subject: [PATCH] Port the JS authority to mozjs-60 |
| 412 |
- |
| 413 |
-API changes in mozjs that need to be reflected in the JS authority: |
| 414 |
- |
| 415 |
- - the JS::CompileOptions constructor and the JS::CompartmentOptions |
| 416 |
- do not allow setting a JS version any more |
| 417 |
- |
| 418 |
- - do not use NULL comparisons for C++ objects |
| 419 |
- |
| 420 |
- - the resize() method for a vector has a return value that needs |
| 421 |
- to be handled |
| 422 |
- |
| 423 |
- - JSClassOps has different fields |
| 424 |
---- |
| 425 |
- .../polkitbackendjsauthority.cpp | 65 +++++++++---------- |
| 426 |
- 1 file changed, 32 insertions(+), 33 deletions(-) |
| 427 |
- |
| 428 |
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 429 |
-index 7602714..984a0f0 100644 |
| 430 |
---- a/src/polkitbackend/polkitbackendjsauthority.cpp |
| 431 |
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 432 |
-@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC |
| 433 |
- /* ---------------------------------------------------------------------------------------------------- */ |
| 434 |
- |
| 435 |
- static const struct JSClassOps js_global_class_ops = { |
| 436 |
-- NULL, |
| 437 |
-- NULL, |
| 438 |
-- NULL, |
| 439 |
-- NULL, |
| 440 |
-- NULL, |
| 441 |
-- NULL, |
| 442 |
-- NULL, |
| 443 |
-- NULL, |
| 444 |
-- NULL, |
| 445 |
-- NULL, |
| 446 |
-- NULL, |
| 447 |
-- NULL |
| 448 |
-+ nullptr, // addProperty |
| 449 |
-+ nullptr, // deleteProperty |
| 450 |
-+ nullptr, // enumerate |
| 451 |
-+ nullptr, // newEnumerate |
| 452 |
-+ nullptr, // resolve |
| 453 |
-+ nullptr, // mayResolve |
| 454 |
-+ nullptr, // finalize |
| 455 |
-+ nullptr, // call |
| 456 |
-+ nullptr, // hasInstance |
| 457 |
-+ nullptr, // construct |
| 458 |
-+ JS_GlobalObjectTraceHook |
| 459 |
- }; |
| 460 |
- |
| 461 |
- static JSClass js_global_class = { |
| 462 |
-@@ -172,18 +171,17 @@ static JSClass js_global_class = { |
| 463 |
- |
| 464 |
- /* ---------------------------------------------------------------------------------------------------- */ |
| 465 |
- static const struct JSClassOps js_polkit_class_ops = { |
| 466 |
-- NULL, |
| 467 |
-- NULL, |
| 468 |
-- NULL, |
| 469 |
-- NULL, |
| 470 |
-- NULL, |
| 471 |
-- NULL, |
| 472 |
-- NULL, |
| 473 |
-- NULL, |
| 474 |
-- NULL, |
| 475 |
-- NULL, |
| 476 |
-- NULL, |
| 477 |
-- NULL |
| 478 |
-+ nullptr, // addProperty |
| 479 |
-+ nullptr, // deleteProperty |
| 480 |
-+ nullptr, // enumerate |
| 481 |
-+ nullptr, // newEnumerate |
| 482 |
-+ nullptr, // resolve |
| 483 |
-+ nullptr, // mayResolve |
| 484 |
-+ nullptr, // finalize |
| 485 |
-+ nullptr, // call |
| 486 |
-+ nullptr, // hasInstance |
| 487 |
-+ nullptr, // construct |
| 488 |
-+ nullptr // trace |
| 489 |
- }; |
| 490 |
- |
| 491 |
- static JSClass js_polkit_class = { |
| 492 |
-@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object) |
| 493 |
- |
| 494 |
- { |
| 495 |
- JS::CompartmentOptions compart_opts; |
| 496 |
-- compart_opts.behaviors().setVersion(JSVERSION_LATEST); |
| 497 |
-+ |
| 498 |
- JS::RootedObject global(authority->priv->cx); |
| 499 |
- |
| 500 |
- authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts)); |
| 501 |
- |
| 502 |
- global = authority->priv->js_global->get (); |
| 503 |
-- |
| 504 |
-- if (global == NULL) |
| 505 |
-+ if (!global) |
| 506 |
- goto fail; |
| 507 |
- |
| 508 |
- authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global); |
| 509 |
- |
| 510 |
-- if (authority->priv->ac == NULL) |
| 511 |
-+ if (!authority->priv->ac) |
| 512 |
- goto fail; |
| 513 |
- |
| 514 |
- if (!JS_InitStandardClasses (authority->priv->cx, global)) |
| 515 |
-@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object) |
| 516 |
- |
| 517 |
- polkit = authority->priv->js_polkit->get (); |
| 518 |
- |
| 519 |
-- if (polkit == NULL) |
| 520 |
-+ if (!polkit) |
| 521 |
- goto fail; |
| 522 |
- |
| 523 |
- if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE)) |
| 524 |
-@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object) |
| 525 |
- js_polkit_functions)) |
| 526 |
- goto fail; |
| 527 |
- |
| 528 |
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); |
| 529 |
-+ JS::CompileOptions options(authority->priv->cx); |
| 530 |
- JS::RootedValue rval(authority->priv->cx); |
| 531 |
- if (!JS::Evaluate (authority->priv->cx, |
| 532 |
- options, |
| 533 |
-@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority, |
| 534 |
- JS::AutoValueVector elems(authority->priv->cx); |
| 535 |
- guint n; |
| 536 |
- |
| 537 |
-- elems.resize(value->len); |
| 538 |
-+ if (!elems.resize(value->len)) |
| 539 |
-+ g_error ("Unable to resize vector"); |
| 540 |
-+ |
| 541 |
- for (n = 0; n < value->len; n++) |
| 542 |
- { |
| 543 |
- const char *c_string = (const char *) g_ptr_array_index(value, n); |
| 544 |
-@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority, |
| 545 |
- GError **error) |
| 546 |
- { |
| 547 |
- gboolean ret = FALSE; |
| 548 |
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); |
| 549 |
-+ JS::CompileOptions options(authority->priv->cx); |
| 550 |
- const char *src; |
| 551 |
- JS::RootedObject obj(authority->priv->cx); |
| 552 |
- pid_t pid; |
| 553 |
-@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority, |
| 554 |
- GError **error) |
| 555 |
- { |
| 556 |
- gboolean ret = FALSE; |
| 557 |
-- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); |
| 558 |
-+ JS::CompileOptions options(authority->priv->cx); |
| 559 |
- const char *src; |
| 560 |
- JS::RootedObject obj(authority->priv->cx); |
| 561 |
- gchar **keys; |
| 562 |
|
| 563 |
diff --git a/sys-auth/polkit/polkit-0.115-r4.ebuild b/sys-auth/polkit/polkit-0.115-r4.ebuild |
| 564 |
deleted file mode 100644 |
| 565 |
index 675bff79710..00000000000 |
| 566 |
--- a/sys-auth/polkit/polkit-0.115-r4.ebuild |
| 567 |
+++ /dev/null |
| 568 |
@@ -1,144 +0,0 @@ |
| 569 |
-# Copyright 1999-2020 Gentoo Authors |
| 570 |
-# Distributed under the terms of the GNU General Public License v2 |
| 571 |
- |
| 572 |
-EAPI=7 |
| 573 |
- |
| 574 |
-inherit autotools pam pax-utils systemd user xdg-utils |
| 575 |
- |
| 576 |
-DESCRIPTION="Policy framework for controlling privileges for system-wide services" |
| 577 |
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" |
| 578 |
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" |
| 579 |
- |
| 580 |
-LICENSE="LGPL-2" |
| 581 |
-SLOT="0" |
| 582 |
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 s390 sparc x86" |
| 583 |
-IUSE="consolekit elogind examples gtk +introspection jit kde nls pam selinux systemd test" |
| 584 |
-RESTRICT="!test? ( test )" |
| 585 |
- |
| 586 |
-REQUIRED_USE="^^ ( consolekit elogind systemd )" |
| 587 |
- |
| 588 |
-BDEPEND=" |
| 589 |
- app-text/docbook-xml-dtd:4.1.2 |
| 590 |
- app-text/docbook-xsl-stylesheets |
| 591 |
- dev-libs/gobject-introspection-common |
| 592 |
- dev-libs/libxslt |
| 593 |
- dev-util/glib-utils |
| 594 |
- dev-util/gtk-doc-am |
| 595 |
- dev-util/intltool |
| 596 |
- sys-devel/gettext |
| 597 |
- virtual/pkgconfig |
| 598 |
- introspection? ( dev-libs/gobject-introspection ) |
| 599 |
-" |
| 600 |
-DEPEND=" |
| 601 |
- dev-lang/spidermonkey:60[-debug] |
| 602 |
- dev-libs/glib:2 |
| 603 |
- dev-libs/expat |
| 604 |
- elogind? ( sys-auth/elogind ) |
| 605 |
- pam? ( |
| 606 |
- sys-auth/pambase |
| 607 |
- sys-libs/pam |
| 608 |
- ) |
| 609 |
- systemd? ( sys-apps/systemd:0=[policykit] ) |
| 610 |
-" |
| 611 |
-RDEPEND="${DEPEND} |
| 612 |
- selinux? ( sec-policy/selinux-policykit ) |
| 613 |
-" |
| 614 |
-PDEPEND=" |
| 615 |
- consolekit? ( sys-auth/consolekit[policykit] ) |
| 616 |
- gtk? ( || ( |
| 617 |
- >=gnome-extra/polkit-gnome-0.105 |
| 618 |
- >=lxde-base/lxsession-0.5.2 |
| 619 |
- ) ) |
| 620 |
- kde? ( kde-plasma/polkit-kde-agent ) |
| 621 |
-" |
| 622 |
- |
| 623 |
-DOCS=( docs/TODO HACKING NEWS README ) |
| 624 |
- |
| 625 |
-PATCHES=( |
| 626 |
- # bug 660880 |
| 627 |
- "${FILESDIR}"/polkit-0.115-elogind.patch |
| 628 |
- "${FILESDIR}"/CVE-2018-19788.patch |
| 629 |
- "${FILESDIR}"/polkit-0.115-spidermonkey-60.patch |
| 630 |
-) |
| 631 |
- |
| 632 |
-QA_MULTILIB_PATHS=" |
| 633 |
- usr/lib/polkit-1/polkit-agent-helper-1 |
| 634 |
- usr/lib/polkit-1/polkitd" |
| 635 |
- |
| 636 |
-pkg_setup() { |
| 637 |
- local u=polkitd |
| 638 |
- local g=polkitd |
| 639 |
- local h=/var/lib/polkit-1 |
| 640 |
- |
| 641 |
- enewgroup ${g} |
| 642 |
- enewuser ${u} -1 -1 ${h} ${g} |
| 643 |
- esethome ${u} ${h} |
| 644 |
-} |
| 645 |
- |
| 646 |
-src_prepare() { |
| 647 |
- default |
| 648 |
- |
| 649 |
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 |
| 650 |
- |
| 651 |
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170 |
| 652 |
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \ |
| 653 |
- -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \ |
| 654 |
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \ |
| 655 |
- docs/polkit/Makefile.in || die |
| 656 |
- |
| 657 |
- # disable broken test - bug #624022 |
| 658 |
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die |
| 659 |
- |
| 660 |
- # Fix cross-building, bug #590764, elogind patch, bug #598615 |
| 661 |
- eautoreconf |
| 662 |
-} |
| 663 |
- |
| 664 |
-src_configure() { |
| 665 |
- xdg_environment_reset |
| 666 |
- |
| 667 |
- local myeconfargs=( |
| 668 |
- --localstatedir="${EPREFIX}"/var |
| 669 |
- --disable-static |
| 670 |
- --enable-man-pages |
| 671 |
- --disable-gtk-doc |
| 672 |
- --disable-examples |
| 673 |
- $(use_enable elogind libelogind) |
| 674 |
- $(use_enable introspection) |
| 675 |
- $(use_enable nls) |
| 676 |
- $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '') |
| 677 |
- --with-authfw=$(usex pam pam shadow) |
| 678 |
- $(use_enable systemd libsystemd-login) |
| 679 |
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" |
| 680 |
- $(use_enable test) |
| 681 |
- --with-os-type=gentoo |
| 682 |
- ) |
| 683 |
- econf "${myeconfargs[@]}" |
| 684 |
-} |
| 685 |
- |
| 686 |
-src_compile() { |
| 687 |
- default |
| 688 |
- |
| 689 |
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT |
| 690 |
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest |
| 691 |
-} |
| 692 |
- |
| 693 |
-src_install() { |
| 694 |
- default |
| 695 |
- |
| 696 |
- fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d |
| 697 |
- |
| 698 |
- diropts -m0700 -o polkitd -g polkitd |
| 699 |
- keepdir /var/lib/polkit-1 |
| 700 |
- |
| 701 |
- if use examples; then |
| 702 |
- docinto examples |
| 703 |
- dodoc src/examples/{*.c,*.policy*} |
| 704 |
- fi |
| 705 |
- |
| 706 |
- find "${ED}" -name '*.la' -delete || die |
| 707 |
-} |
| 708 |
- |
| 709 |
-pkg_postinst() { |
| 710 |
- chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d |
| 711 |
- chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1 |
| 712 |
-} |
Archives