1 |
commit: 7b63ecc28ba29ecf67bf377328ad2534a0a9968e |
2 |
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jan 26 13:37:13 2022 +0000 |
4 |
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jan 26 13:37:39 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=7b63ecc2 |
7 |
|
8 |
sys-auth/polkit: meson fix, security bump |
9 |
|
10 |
Package-Manager: Portage-3.0.30, Repoman-3.0.3 |
11 |
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org> |
12 |
|
13 |
sys-auth/polkit/Manifest | 2 - |
14 |
sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 --- |
15 |
...it-0.116-make-netgroup-support-optional-1.patch | 248 --------------------- |
16 |
...it-0.116-make-netgroup-support-optional-2.patch | 219 ------------------ |
17 |
.../polkit/files/polkit-0.120-CVE-2021-4043.patch | 72 ++++++ |
18 |
sys-auth/polkit/files/polkit-0.120-meson.patch | 42 ++++ |
19 |
sys-auth/polkit/metadata.xml | 1 - |
20 |
sys-auth/polkit/polkit-0.119-r2.ebuild | 141 ------------ |
21 |
...lkit-0.120-r1.ebuild => polkit-0.120-r2.ebuild} | 12 +- |
22 |
9 files changed, 121 insertions(+), 644 deletions(-) |
23 |
|
24 |
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest |
25 |
index 14c82431..1125d650 100644 |
26 |
--- a/sys-auth/polkit/Manifest |
27 |
+++ b/sys-auth/polkit/Manifest |
28 |
@@ -1,4 +1,2 @@ |
29 |
-DIST polkit-0.118-duktape.patch 50144 BLAKE2B 83be77ed93596bd44306b8e5b677497c6e4dab3a16626a32849abb3d91b527ad1e3a1436dcd7389ca5794ea1d7efaa3d5acc950f868fcda85b4bab75ad54205a SHA512 dec31b81678a5436ddeef633d668c735d3c7128d6b5fb7b5dda2d06e8cf40ce9093813e9fbc8870475321d6fcdef3395bf3dd0db7ed214f0f45b19bf47c8a867 |
30 |
-DIST polkit-0.119.tar.gz 1387409 BLAKE2B aeb605598393d1cab40f7c77954008a0392600584c5fe8cc9acaa0e122418ee48b9cce0b6839189ea415277ff0ae4dbd5b7c71cb910aa349dcaf7e1f3f70ef06 SHA512 0260fb15da1c4c1f429e8223260981e64e297f1be8ced42f6910f09ea6581b8205aca06c9c601eb4a128acba2f468de0223118f96862ba769f95721894cf1578 |
31 |
DIST polkit-0.120-duktape-1.patch 127886 BLAKE2B 5ae791538ff576c01340a8eee197c0da580cf8a5afd5d0ba54526191edf68c16811debed981c540fcf2ad6fbf0d13f66c71c8ccd32560fda2f39aeb86cd15349 SHA512 bd3fb95a2e4151646859fef031f463fabd8c02bd24024f8269a74c171d70f8fc33de055193b2a0fb0c40fc459f01ec9a546cfdf1c90ef096ba8e5135d08be4a7 |
32 |
DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46 |
33 |
|
34 |
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch |
35 |
deleted file mode 100644 |
36 |
index 93d67201..00000000 |
37 |
--- a/sys-auth/polkit/files/polkit-0.115-elogind.patch |
38 |
+++ /dev/null |
39 |
@@ -1,28 +0,0 @@ |
40 |
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001 |
41 |
-From: Rasmus Thomsen <cogitri@×××××××.org> |
42 |
-Date: Wed, 11 Apr 2018 13:14:14 +0200 |
43 |
-Subject: [PATCH] configure: fix elogind support |
44 |
- |
45 |
-HAVE_LIBSYSTEMD is used to determine which source files to use. |
46 |
-We have to check if either have_libsystemd or have_libelogind is |
47 |
-true, as both of these need the source files which are used when |
48 |
-HAVE_LIBSYSTEMD is true. |
49 |
---- |
50 |
- configure.ac | 2 +- |
51 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
52 |
- |
53 |
-diff --git a/configure.ac b/configure.ac |
54 |
-index 36df239..da47ecb 100644 |
55 |
---- a/configure.ac |
56 |
-+++ b/configure.ac |
57 |
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [ |
58 |
- |
59 |
- AC_SUBST(LIBSYSTEMD_CFLAGS) |
60 |
- AC_SUBST(LIBSYSTEMD_LIBS) |
61 |
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) |
62 |
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd]) |
63 |
- |
64 |
- dnl --------------------------------------------------------------------------- |
65 |
- dnl - systemd unit / service files |
66 |
--- |
67 |
-2.17.0 |
68 |
|
69 |
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch |
70 |
deleted file mode 100644 |
71 |
index 84f07f98..00000000 |
72 |
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch |
73 |
+++ /dev/null |
74 |
@@ -1,248 +0,0 @@ |
75 |
-From 71e5409c931f8e69ef7e782d1c396c335a4c3f76 Mon Sep 17 00:00:00 2001 |
76 |
-From: A. Wilcox <AWilcox@×××××××××××.com> |
77 |
-Date: Mon, 20 May 2019 20:24:42 -0500 |
78 |
-Subject: [PATCH] On at least Linux/musl and Linux/uclibc, netgroup |
79 |
-support is not available. PolKit fails to compile on these systems |
80 |
-for that reason. |
81 |
- |
82 |
-This change makes netgroup support conditional on the presence of the |
83 |
-setnetgrent(3) function which is required for the support to work. If |
84 |
-that function is not available on the system, an error will be returned |
85 |
-to the administrator if unix-netgroup: is specified in configuration. |
86 |
- |
87 |
-Fixes bug 50145. |
88 |
- |
89 |
-Closes polkit/polkit#14. |
90 |
-Signed-off-by: A. Wilcox <AWilcox@×××××××××××.com> |
91 |
---- |
92 |
- configure.ac | 2 +- |
93 |
- src/polkit/polkitidentity.c | 16 ++++++++++++++++ |
94 |
- src/polkit/polkitunixnetgroup.c | 3 +++ |
95 |
- .../polkitbackendinteractiveauthority.c | 14 ++++++++------ |
96 |
- src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ |
97 |
- test/polkit/polkitidentitytest.c | 9 ++++++++- |
98 |
- test/polkit/polkitunixnetgrouptest.c | 3 +++ |
99 |
- .../test-polkitbackendjsauthority.c | 2 ++ |
100 |
- 8 files changed, 43 insertions(+), 8 deletions(-) |
101 |
- |
102 |
-diff --git a/configure.ac b/configure.ac |
103 |
-index 5cedb4e..87aa0ad 100644 |
104 |
---- a/configure.ac |
105 |
-+++ b/configure.ac |
106 |
-@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], |
107 |
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) |
108 |
- AC_SUBST(EXPAT_LIBS) |
109 |
- |
110 |
--AC_CHECK_FUNCS(clearenv fdatasync) |
111 |
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) |
112 |
- |
113 |
- if test "x$GCC" = "xyes"; then |
114 |
- LDFLAGS="-Wl,--as-needed $LDFLAGS" |
115 |
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c |
116 |
-index 3aa1f7f..10e9c17 100644 |
117 |
---- a/src/polkit/polkitidentity.c |
118 |
-+++ b/src/polkit/polkitidentity.c |
119 |
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, |
120 |
- } |
121 |
- else if (g_str_has_prefix (str, "unix-netgroup:")) |
122 |
- { |
123 |
-+#ifndef HAVE_SETNETGRENT |
124 |
-+ g_set_error (error, |
125 |
-+ POLKIT_ERROR, |
126 |
-+ POLKIT_ERROR_FAILED, |
127 |
-+ "Netgroups are not available on this machine ('%s')", |
128 |
-+ str); |
129 |
-+#else |
130 |
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); |
131 |
-+#endif |
132 |
- } |
133 |
- |
134 |
- if (identity == NULL && (error != NULL && *error == NULL)) |
135 |
-@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
136 |
- GVariant *v; |
137 |
- const char *name; |
138 |
- |
139 |
-+#ifndef HAVE_SETNETGRENT |
140 |
-+ g_set_error (error, |
141 |
-+ POLKIT_ERROR, |
142 |
-+ POLKIT_ERROR_FAILED, |
143 |
-+ "Netgroups are not available on this machine"); |
144 |
-+ goto out; |
145 |
-+#else |
146 |
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); |
147 |
- if (v == NULL) |
148 |
- { |
149 |
-@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
150 |
- name = g_variant_get_string (v, NULL); |
151 |
- ret = polkit_unix_netgroup_new (name); |
152 |
- g_variant_unref (v); |
153 |
-+#endif |
154 |
- } |
155 |
- else |
156 |
- { |
157 |
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c |
158 |
-index 8a2b369..83f8d4a 100644 |
159 |
---- a/src/polkit/polkitunixnetgroup.c |
160 |
-+++ b/src/polkit/polkitunixnetgroup.c |
161 |
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, |
162 |
- PolkitIdentity * |
163 |
- polkit_unix_netgroup_new (const gchar *name) |
164 |
- { |
165 |
-+#ifndef HAVE_SETNETGRENT |
166 |
-+ g_assert_not_reached(); |
167 |
-+#endif |
168 |
- g_return_val_if_fail (name != NULL, NULL); |
169 |
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, |
170 |
- "name", name, |
171 |
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
172 |
-index 056d9a8..36c2f3d 100644 |
173 |
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
174 |
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
175 |
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, |
176 |
- GList *ret; |
177 |
- |
178 |
- ret = NULL; |
179 |
-+#ifdef HAVE_SETNETGRENT |
180 |
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); |
181 |
- |
182 |
--#ifdef HAVE_SETNETGRENT_RETURN |
183 |
-+# ifdef HAVE_SETNETGRENT_RETURN |
184 |
- if (setnetgrent (name) == 0) |
185 |
- { |
186 |
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); |
187 |
- goto out; |
188 |
- } |
189 |
--#else |
190 |
-+# else |
191 |
- setnetgrent (name); |
192 |
--#endif |
193 |
-+# endif /* HAVE_SETNETGRENT_RETURN */ |
194 |
- |
195 |
- for (;;) |
196 |
- { |
197 |
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
198 |
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
199 |
- const char *hostname, *username, *domainname; |
200 |
--#else |
201 |
-+# else |
202 |
- char *hostname, *username, *domainname; |
203 |
--#endif |
204 |
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ |
205 |
- PolkitIdentity *user; |
206 |
- GError *error = NULL; |
207 |
- |
208 |
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, |
209 |
- |
210 |
- out: |
211 |
- endnetgrent (); |
212 |
-+#endif /* HAVE_SETNETGRENT */ |
213 |
- return ret; |
214 |
- } |
215 |
- |
216 |
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp |
217 |
-index 9b752d1..09b2878 100644 |
218 |
---- a/src/polkitbackend/polkitbackendjsauthority.cpp |
219 |
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp |
220 |
-@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
221 |
- |
222 |
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp); |
223 |
- |
224 |
-+#ifdef HAVE_SETNETGRENT |
225 |
- JS::RootedString usrstr (authority->priv->cx); |
226 |
- usrstr = args[0].toString(); |
227 |
- user = JS_EncodeStringToUTF8 (cx, usrstr); |
228 |
-@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
229 |
- |
230 |
- JS_free (cx, netgroup); |
231 |
- JS_free (cx, user); |
232 |
-+#endif |
233 |
- |
234 |
- ret = true; |
235 |
- |
236 |
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c |
237 |
-index e91967b..e829aaa 100644 |
238 |
---- a/test/polkit/polkitidentitytest.c |
239 |
-+++ b/test/polkit/polkitidentitytest.c |
240 |
-@@ -19,6 +19,7 @@ |
241 |
- * Author: Nikki VonHollen <vonhollen@××××××.com> |
242 |
- */ |
243 |
- |
244 |
-+#include "config.h" |
245 |
- #include "glib.h" |
246 |
- #include <polkit/polkit.h> |
247 |
- #include <polkit/polkitprivate.h> |
248 |
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { |
249 |
- {"unix-group:root", "unix-group:jane", FALSE}, |
250 |
- {"unix-group:jane", "unix-group:jane", TRUE}, |
251 |
- |
252 |
-+#ifdef HAVE_SETNETGRENT |
253 |
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, |
254 |
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, |
255 |
-+#endif |
256 |
- |
257 |
- {"unix-user:root", "unix-group:root", FALSE}, |
258 |
-+#ifdef HAVE_SETNETGRENT |
259 |
- {"unix-user:jane", "unix-netgroup:foo", FALSE}, |
260 |
-+#endif |
261 |
- |
262 |
- {NULL}, |
263 |
- }; |
264 |
-@@ -181,11 +186,13 @@ main (int argc, char *argv[]) |
265 |
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); |
266 |
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); |
267 |
- |
268 |
-+#ifdef HAVE_SETNETGRENT |
269 |
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); |
270 |
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
271 |
-+#endif |
272 |
- |
273 |
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); |
274 |
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); |
275 |
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
276 |
- |
277 |
- add_comparison_tests (); |
278 |
- |
279 |
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c |
280 |
-index 3701ba1..e3352eb 100644 |
281 |
---- a/test/polkit/polkitunixnetgrouptest.c |
282 |
-+++ b/test/polkit/polkitunixnetgrouptest.c |
283 |
-@@ -19,6 +19,7 @@ |
284 |
- * Author: Nikki VonHollen <vonhollen@××××××.com> |
285 |
- */ |
286 |
- |
287 |
-+#include "config.h" |
288 |
- #include "glib.h" |
289 |
- #include <polkit/polkit.h> |
290 |
- #include <string.h> |
291 |
-@@ -69,7 +70,9 @@ int |
292 |
- main (int argc, char *argv[]) |
293 |
- { |
294 |
- g_test_init (&argc, &argv, NULL); |
295 |
-+#ifdef HAVE_SETNETGRENT |
296 |
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new); |
297 |
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); |
298 |
-+#endif |
299 |
- return g_test_run (); |
300 |
- } |
301 |
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c |
302 |
-index 71aad23..fdd28f3 100644 |
303 |
---- a/test/polkitbackend/test-polkitbackendjsauthority.c |
304 |
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c |
305 |
-@@ -137,12 +137,14 @@ test_get_admin_identities (void) |
306 |
- "unix-group:users" |
307 |
- } |
308 |
- }, |
309 |
-+#ifdef HAVE_SETNETGRENT |
310 |
- { |
311 |
- "net.company.action3", |
312 |
- { |
313 |
- "unix-netgroup:foo" |
314 |
- } |
315 |
- }, |
316 |
-+#endif |
317 |
- }; |
318 |
- guint n; |
319 |
- |
320 |
--- |
321 |
-2.21.0 |
322 |
- |
323 |
|
324 |
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch |
325 |
deleted file mode 100644 |
326 |
index aef30ef6..00000000 |
327 |
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch |
328 |
+++ /dev/null |
329 |
@@ -1,219 +0,0 @@ |
330 |
-diff --git a/configure.ac b/configure.ac |
331 |
-index 4809dc9..d1ea325 100644 |
332 |
---- a/configure.ac |
333 |
-+++ b/configure.ac |
334 |
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], |
335 |
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) |
336 |
- AC_SUBST(EXPAT_LIBS) |
337 |
- |
338 |
--AC_CHECK_FUNCS(clearenv fdatasync) |
339 |
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) |
340 |
- |
341 |
- if test "x$GCC" = "xyes"; then |
342 |
- LDFLAGS="-Wl,--as-needed $LDFLAGS" |
343 |
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c |
344 |
-index 3aa1f7f..793f17d 100644 |
345 |
---- a/src/polkit/polkitidentity.c |
346 |
-+++ b/src/polkit/polkitidentity.c |
347 |
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, |
348 |
- } |
349 |
- else if (g_str_has_prefix (str, "unix-netgroup:")) |
350 |
- { |
351 |
-+#ifndef HAVE_SETNETGRENT |
352 |
-+ g_set_error (error, |
353 |
-+ POLKIT_ERROR, |
354 |
-+ POLKIT_ERROR_FAILED, |
355 |
-+ "Netgroups are not available on this machine ('%s')", |
356 |
-+ str); |
357 |
-+#else |
358 |
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); |
359 |
-+#endif |
360 |
- } |
361 |
- |
362 |
- if (identity == NULL && (error != NULL && *error == NULL)) |
363 |
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
364 |
- GVariant *v; |
365 |
- const char *name; |
366 |
- |
367 |
-+#ifndef HAVE_SETNETGRENT |
368 |
-+ g_set_error (error, |
369 |
-+ POLKIT_ERROR, |
370 |
-+ POLKIT_ERROR_FAILED, |
371 |
-+ "Netgroups are not available on this machine"); |
372 |
-+ goto out; |
373 |
-+#else |
374 |
-+ |
375 |
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); |
376 |
- if (v == NULL) |
377 |
- { |
378 |
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
379 |
- name = g_variant_get_string (v, NULL); |
380 |
- ret = polkit_unix_netgroup_new (name); |
381 |
- g_variant_unref (v); |
382 |
-+#endif |
383 |
- } |
384 |
- else |
385 |
- { |
386 |
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c |
387 |
-index 8a2b369..83f8d4a 100644 |
388 |
---- a/src/polkit/polkitunixnetgroup.c |
389 |
-+++ b/src/polkit/polkitunixnetgroup.c |
390 |
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, |
391 |
- PolkitIdentity * |
392 |
- polkit_unix_netgroup_new (const gchar *name) |
393 |
- { |
394 |
-+#ifndef HAVE_SETNETGRENT |
395 |
-+ g_assert_not_reached(); |
396 |
-+#endif |
397 |
- g_return_val_if_fail (name != NULL, NULL); |
398 |
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, |
399 |
- "name", name, |
400 |
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
401 |
-index 056d9a8..36c2f3d 100644 |
402 |
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
403 |
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
404 |
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, |
405 |
- GList *ret; |
406 |
- |
407 |
- ret = NULL; |
408 |
-+#ifdef HAVE_SETNETGRENT |
409 |
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); |
410 |
- |
411 |
--#ifdef HAVE_SETNETGRENT_RETURN |
412 |
-+# ifdef HAVE_SETNETGRENT_RETURN |
413 |
- if (setnetgrent (name) == 0) |
414 |
- { |
415 |
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); |
416 |
- goto out; |
417 |
- } |
418 |
--#else |
419 |
-+# else |
420 |
- setnetgrent (name); |
421 |
--#endif |
422 |
-+# endif /* HAVE_SETNETGRENT_RETURN */ |
423 |
- |
424 |
- for (;;) |
425 |
- { |
426 |
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
427 |
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
428 |
- const char *hostname, *username, *domainname; |
429 |
--#else |
430 |
-+# else |
431 |
- char *hostname, *username, *domainname; |
432 |
--#endif |
433 |
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ |
434 |
- PolkitIdentity *user; |
435 |
- GError *error = NULL; |
436 |
- |
437 |
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, |
438 |
- |
439 |
- out: |
440 |
- endnetgrent (); |
441 |
-+#endif /* HAVE_SETNETGRENT */ |
442 |
- return ret; |
443 |
- } |
444 |
- |
445 |
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp |
446 |
-index 1d91103..366cbdf 100644 |
447 |
---- a/src/polkitbackend/polkitbackendjsauthority.cpp |
448 |
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp |
449 |
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
450 |
- |
451 |
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp); |
452 |
- |
453 |
-+#ifdef HAVE_SETNETGRENT |
454 |
- JS::RootedString usrstr (authority->priv->cx); |
455 |
- usrstr = args[0].toString(); |
456 |
- user = JS_EncodeStringToUTF8 (cx, usrstr); |
457 |
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
458 |
- { |
459 |
- is_in_netgroup = true; |
460 |
- } |
461 |
-+#endif |
462 |
- |
463 |
- ret = true; |
464 |
- |
465 |
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c |
466 |
-index e91967b..e829aaa 100644 |
467 |
---- a/test/polkit/polkitidentitytest.c |
468 |
-+++ b/test/polkit/polkitidentitytest.c |
469 |
-@@ -19,6 +19,7 @@ |
470 |
- * Author: Nikki VonHollen <vonhollen@××××××.com> |
471 |
- */ |
472 |
- |
473 |
-+#include "config.h" |
474 |
- #include "glib.h" |
475 |
- #include <polkit/polkit.h> |
476 |
- #include <polkit/polkitprivate.h> |
477 |
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { |
478 |
- {"unix-group:root", "unix-group:jane", FALSE}, |
479 |
- {"unix-group:jane", "unix-group:jane", TRUE}, |
480 |
- |
481 |
-+#ifdef HAVE_SETNETGRENT |
482 |
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, |
483 |
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, |
484 |
-+#endif |
485 |
- |
486 |
- {"unix-user:root", "unix-group:root", FALSE}, |
487 |
-+#ifdef HAVE_SETNETGRENT |
488 |
- {"unix-user:jane", "unix-netgroup:foo", FALSE}, |
489 |
-+#endif |
490 |
- |
491 |
- {NULL}, |
492 |
- }; |
493 |
-@@ -181,11 +186,13 @@ main (int argc, char *argv[]) |
494 |
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); |
495 |
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); |
496 |
- |
497 |
-+#ifdef HAVE_SETNETGRENT |
498 |
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); |
499 |
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
500 |
-+#endif |
501 |
- |
502 |
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); |
503 |
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); |
504 |
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
505 |
- |
506 |
- add_comparison_tests (); |
507 |
- |
508 |
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c |
509 |
-index 3701ba1..e3352eb 100644 |
510 |
---- a/test/polkit/polkitunixnetgrouptest.c |
511 |
-+++ b/test/polkit/polkitunixnetgrouptest.c |
512 |
-@@ -19,6 +19,7 @@ |
513 |
- * Author: Nikki VonHollen <vonhollen@××××××.com> |
514 |
- */ |
515 |
- |
516 |
-+#include "config.h" |
517 |
- #include "glib.h" |
518 |
- #include <polkit/polkit.h> |
519 |
- #include <string.h> |
520 |
-@@ -69,7 +70,9 @@ int |
521 |
- main (int argc, char *argv[]) |
522 |
- { |
523 |
- g_test_init (&argc, &argv, NULL); |
524 |
-+#ifdef HAVE_SETNETGRENT |
525 |
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new); |
526 |
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); |
527 |
-+#endif |
528 |
- return g_test_run (); |
529 |
- } |
530 |
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c |
531 |
-index 71aad23..fdd28f3 100644 |
532 |
---- a/test/polkitbackend/test-polkitbackendjsauthority.c |
533 |
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c |
534 |
-@@ -137,12 +137,14 @@ test_get_admin_identities (void) |
535 |
- "unix-group:users" |
536 |
- } |
537 |
- }, |
538 |
-+#ifdef HAVE_SETNETGRENT |
539 |
- { |
540 |
- "net.company.action3", |
541 |
- { |
542 |
- "unix-netgroup:foo" |
543 |
- } |
544 |
- }, |
545 |
-+#endif |
546 |
- }; |
547 |
- guint n; |
548 |
- |
549 |
|
550 |
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch |
551 |
new file mode 100644 |
552 |
index 00000000..22bb71d1 |
553 |
--- /dev/null |
554 |
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch |
555 |
@@ -0,0 +1,72 @@ |
556 |
+https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt |
557 |
+https://bugs.gentoo.org/832057 |
558 |
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch |
559 |
+ |
560 |
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001 |
561 |
+From: Jan Rybar <jrybar@××××××.com> |
562 |
+Date: Tue, 25 Jan 2022 17:21:46 +0000 |
563 |
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034) |
564 |
+ |
565 |
+--- a/src/programs/pkcheck.c |
566 |
++++ b/src/programs/pkcheck.c |
567 |
+@@ -363,6 +363,11 @@ main (int argc, char *argv[]) |
568 |
+ local_agent_handle = NULL; |
569 |
+ ret = 126; |
570 |
+ |
571 |
++ if (argc < 1) |
572 |
++ { |
573 |
++ exit(126); |
574 |
++ } |
575 |
++ |
576 |
+ /* Disable remote file access from GIO. */ |
577 |
+ setenv ("GIO_USE_VFS", "local", 1); |
578 |
+ |
579 |
+--- a/src/programs/pkexec.c |
580 |
++++ b/src/programs/pkexec.c |
581 |
+@@ -488,6 +488,15 @@ main (int argc, char *argv[]) |
582 |
+ pid_t pid_of_caller; |
583 |
+ gpointer local_agent_handle; |
584 |
+ |
585 |
++ |
586 |
++ /* |
587 |
++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. |
588 |
++ */ |
589 |
++ if (argc<1) |
590 |
++ { |
591 |
++ exit(127); |
592 |
++ } |
593 |
++ |
594 |
+ ret = 127; |
595 |
+ authority = NULL; |
596 |
+ subject = NULL; |
597 |
+@@ -614,10 +623,10 @@ main (int argc, char *argv[]) |
598 |
+ |
599 |
+ path = g_strdup (pwstruct.pw_shell); |
600 |
+ if (!path) |
601 |
+- { |
602 |
++ { |
603 |
+ g_printerr ("No shell configured or error retrieving pw_shell\n"); |
604 |
+ goto out; |
605 |
+- } |
606 |
++ } |
607 |
+ /* If you change this, be sure to change the if (!command_line) |
608 |
+ case below too */ |
609 |
+ command_line = g_strdup (path); |
610 |
+@@ -636,7 +645,15 @@ main (int argc, char *argv[]) |
611 |
+ goto out; |
612 |
+ } |
613 |
+ g_free (path); |
614 |
+- argv[n] = path = s; |
615 |
++ path = s; |
616 |
++ |
617 |
++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. |
618 |
++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination |
619 |
++ */ |
620 |
++ if (argv[n] != NULL) |
621 |
++ { |
622 |
++ argv[n] = path; |
623 |
++ } |
624 |
+ } |
625 |
+ if (access (path, F_OK) != 0) |
626 |
+ { |
627 |
+GitLab |
628 |
|
629 |
diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch |
630 |
new file mode 100644 |
631 |
index 00000000..5e144688 |
632 |
--- /dev/null |
633 |
+++ b/sys-auth/polkit/files/polkit-0.120-meson.patch |
634 |
@@ -0,0 +1,42 @@ |
635 |
+From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001 |
636 |
+From: Simon McVittie <smcv@××××××.org> |
637 |
+Date: Mon, 25 Oct 2021 20:21:27 +0100 |
638 |
+Subject: [PATCH] Don't pass positional parameters to i18n.merge_file |
639 |
+ |
640 |
+These were always ignored, and Meson 0.60.0 disallowed them. |
641 |
+ |
642 |
+Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160 |
643 |
+Reference: https://github.com/mesonbuild/meson/pull/9445 |
644 |
+Signed-off-by: Simon McVittie <smcv@××××××.org> |
645 |
+--- |
646 |
+ actions/meson.build | 1 - |
647 |
+ src/examples/meson.build | 1 - |
648 |
+ 2 files changed, 2 deletions(-) |
649 |
+ |
650 |
+diff --git a/actions/meson.build b/actions/meson.build |
651 |
+index 2abaaf3..1e3f370 100644 |
652 |
+--- a/actions/meson.build |
653 |
++++ b/actions/meson.build |
654 |
+@@ -1,7 +1,6 @@ |
655 |
+ policy = 'org.freedesktop.policykit.policy' |
656 |
+ |
657 |
+ i18n.merge_file( |
658 |
+- policy, |
659 |
+ input: policy + '.in', |
660 |
+ output: '@BASENAME@', |
661 |
+ po_dir: po_dir, |
662 |
+diff --git a/src/examples/meson.build b/src/examples/meson.build |
663 |
+index c6305ab..8c18de5 100644 |
664 |
+--- a/src/examples/meson.build |
665 |
++++ b/src/examples/meson.build |
666 |
+@@ -1,7 +1,6 @@ |
667 |
+ policy = 'org.freedesktop.policykit.examples.pkexec.policy' |
668 |
+ |
669 |
+ i18n.merge_file( |
670 |
+- policy, |
671 |
+ input: policy + '.in', |
672 |
+ output: '@BASENAME@', |
673 |
+ po_dir: po_dir, |
674 |
+-- |
675 |
+GitLab |
676 |
+ |
677 |
|
678 |
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml |
679 |
index f23bd9f8..23b3540b 100644 |
680 |
--- a/sys-auth/polkit/metadata.xml |
681 |
+++ b/sys-auth/polkit/metadata.xml |
682 |
@@ -6,7 +6,6 @@ |
683 |
</maintainer> |
684 |
<use> |
685 |
<flag name="duktape">Use<pkg>dev-lang/duktape</pkg> for javascript engine</flag> |
686 |
- <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag> |
687 |
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag> |
688 |
</use> |
689 |
</pkgmetadata> |
690 |
|
691 |
diff --git a/sys-auth/polkit/polkit-0.119-r2.ebuild b/sys-auth/polkit/polkit-0.119-r2.ebuild |
692 |
deleted file mode 100644 |
693 |
index 32f1c305..00000000 |
694 |
--- a/sys-auth/polkit/polkit-0.119-r2.ebuild |
695 |
+++ /dev/null |
696 |
@@ -1,141 +0,0 @@ |
697 |
-# Copyright 1999-2021 Gentoo Authors |
698 |
-# Distributed under the terms of the GNU General Public License v2 |
699 |
- |
700 |
-EAPI=7 |
701 |
- |
702 |
-inherit autotools pam pax-utils systemd xdg-utils |
703 |
- |
704 |
-DESCRIPTION="Policy framework for controlling privileges for system-wide services" |
705 |
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" |
706 |
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz |
707 |
- https://dev.gentoo.org/~anarchy/dist/polkit-0.118-duktape.patch" |
708 |
- |
709 |
-LICENSE="LGPL-2" |
710 |
-SLOT="0" |
711 |
-KEYWORDS="amd64 arm arm64 ~mips ppc64 x86" |
712 |
-IUSE="duktape elogind examples gtk +introspection kde nls pam selinux systemd test" |
713 |
-RESTRICT="!test? ( test )" |
714 |
- |
715 |
-REQUIRED_USE="^^ ( elogind systemd )" |
716 |
- |
717 |
-BDEPEND=" |
718 |
- acct-user/polkitd |
719 |
- app-text/docbook-xml-dtd:4.1.2 |
720 |
- app-text/docbook-xsl-stylesheets |
721 |
- dev-libs/glib |
722 |
- dev-libs/gobject-introspection-common |
723 |
- dev-libs/libxslt |
724 |
- dev-util/glib-utils |
725 |
- dev-util/gtk-doc-am |
726 |
- dev-util/intltool |
727 |
- sys-devel/gettext |
728 |
- virtual/pkgconfig |
729 |
- introspection? ( dev-libs/gobject-introspection ) |
730 |
-" |
731 |
-DEPEND=" |
732 |
- duktape? ( dev-lang/duktape ) |
733 |
- !duktape? ( dev-lang/spidermonkey:78[-debug] ) |
734 |
- dev-libs/glib:2 |
735 |
- dev-libs/expat |
736 |
- elogind? ( sys-auth/elogind ) |
737 |
- pam? ( |
738 |
- sys-auth/pambase |
739 |
- sys-libs/pam |
740 |
- ) |
741 |
- !pam? ( virtual/libcrypt:= ) |
742 |
- systemd? ( sys-apps/systemd:0=[policykit] ) |
743 |
-" |
744 |
-RDEPEND="${DEPEND} |
745 |
- acct-user/polkitd |
746 |
- selinux? ( sec-policy/selinux-policykit ) |
747 |
-" |
748 |
-PDEPEND=" |
749 |
- gtk? ( || ( |
750 |
- >=gnome-extra/polkit-gnome-0.105 |
751 |
- >=lxde-base/lxsession-0.5.2 |
752 |
- ) ) |
753 |
- kde? ( kde-plasma/polkit-kde-agent ) |
754 |
-" |
755 |
- |
756 |
-DOCS=( docs/TODO HACKING NEWS README ) |
757 |
- |
758 |
-PATCHES=( |
759 |
- "${DISTDIR}"/${PN}-0.118-duktape.patch |
760 |
- "${FILESDIR}"/${PN}-0.115-elogind.patch # bug 660880 |
761 |
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch |
762 |
-) |
763 |
- |
764 |
-QA_MULTILIB_PATHS=" |
765 |
- usr/lib/polkit-1/polkit-agent-helper-1 |
766 |
- usr/lib/polkit-1/polkitd" |
767 |
- |
768 |
-src_prepare() { |
769 |
- default |
770 |
- |
771 |
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 |
772 |
- |
773 |
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170 |
774 |
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \ |
775 |
- -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \ |
776 |
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \ |
777 |
- docs/polkit/Makefile.in || die |
778 |
- |
779 |
- # disable broken test - bug #624022 |
780 |
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die |
781 |
- |
782 |
- # Fix cross-building, bug #590764, elogind patch, bug #598615 |
783 |
- eautoreconf |
784 |
-} |
785 |
- |
786 |
-src_configure() { |
787 |
- xdg_environment_reset |
788 |
- |
789 |
- local myeconfargs=( |
790 |
- --localstatedir="${EPREFIX}"/var |
791 |
- --disable-static |
792 |
- --enable-man-pages |
793 |
- --disable-gtk-doc |
794 |
- --disable-examples |
795 |
- $(use_enable elogind libelogind) |
796 |
- $(use_enable introspection) |
797 |
- $(use_enable nls) |
798 |
- $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '') |
799 |
- --with-authfw=$(usex pam pam shadow) |
800 |
- $(use_enable systemd libsystemd-login) |
801 |
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" |
802 |
- $(use_enable test) |
803 |
- --with-os-type=gentoo |
804 |
- ) |
805 |
- |
806 |
- if use duktape; then |
807 |
- myeconfargs+=( --with-duktape ) |
808 |
- fi |
809 |
- |
810 |
- econf "${myeconfargs[@]}" |
811 |
-} |
812 |
- |
813 |
-src_compile() { |
814 |
- default |
815 |
- |
816 |
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT |
817 |
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest |
818 |
-} |
819 |
- |
820 |
-src_install() { |
821 |
- default |
822 |
- |
823 |
- if use examples; then |
824 |
- docinto examples |
825 |
- dodoc src/examples/{*.c,*.policy*} |
826 |
- fi |
827 |
- |
828 |
- diropts -m 0700 -o polkitd |
829 |
- keepdir /usr/share/polkit-1/rules.d |
830 |
- |
831 |
- find "${ED}" -name '*.la' -delete || die |
832 |
-} |
833 |
- |
834 |
-pkg_postinst() { |
835 |
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d |
836 |
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d |
837 |
-} |
838 |
|
839 |
diff --git a/sys-auth/polkit/polkit-0.120-r1.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild |
840 |
similarity index 89% |
841 |
rename from sys-auth/polkit/polkit-0.120-r1.ebuild |
842 |
rename to sys-auth/polkit/polkit-0.120-r2.ebuild |
843 |
index a75f950a..24b53b1f 100644 |
844 |
--- a/sys-auth/polkit/polkit-0.120-r1.ebuild |
845 |
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild |
846 |
@@ -56,11 +56,6 @@ PDEPEND=" |
847 |
kde? ( kde-plasma/polkit-kde-agent ) |
848 |
" |
849 |
|
850 |
-PATCHES=( |
851 |
- "${DISTDIR}"/${PN}-0.120-duktape-1.patch |
852 |
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch |
853 |
-) |
854 |
- |
855 |
DOCS=( docs/TODO HACKING NEWS README ) |
856 |
|
857 |
QA_MULTILIB_PATHS=" |
858 |
@@ -68,6 +63,12 @@ QA_MULTILIB_PATHS=" |
859 |
usr/lib/polkit-1/polkitd" |
860 |
|
861 |
src_prepare() { |
862 |
+ local PATCHES=( |
863 |
+ "${FILESDIR}/polkit-0.120-meson.patch" |
864 |
+ "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch" |
865 |
+ "${DISTDIR}"/${PN}-0.120-duktape-1.patch |
866 |
+ "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch |
867 |
+ ) |
868 |
default |
869 |
|
870 |
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 |
871 |
@@ -114,6 +115,7 @@ src_install() { |
872 |
# meson does not install required files with SUID bit. See |
873 |
# https://bugs.gentoo.org/816393 |
874 |
# Remove the following lines once this has been fixed by upstream |
875 |
+ # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8) |
876 |
fperms u+s /usr/bin/pkexec |
877 |
fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1 |
878 |
} |