| 1 |
commit: 7b63ecc28ba29ecf67bf377328ad2534a0a9968e |
| 2 |
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed Jan 26 13:37:13 2022 +0000 |
| 4 |
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Jan 26 13:37:39 2022 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=7b63ecc2 |
| 7 |
|
| 8 |
sys-auth/polkit: meson fix, security bump |
| 9 |
|
| 10 |
Package-Manager: Portage-3.0.30, Repoman-3.0.3 |
| 11 |
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org> |
| 12 |
|
| 13 |
sys-auth/polkit/Manifest | 2 - |
| 14 |
sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 --- |
| 15 |
...it-0.116-make-netgroup-support-optional-1.patch | 248 --------------------- |
| 16 |
...it-0.116-make-netgroup-support-optional-2.patch | 219 ------------------ |
| 17 |
.../polkit/files/polkit-0.120-CVE-2021-4043.patch | 72 ++++++ |
| 18 |
sys-auth/polkit/files/polkit-0.120-meson.patch | 42 ++++ |
| 19 |
sys-auth/polkit/metadata.xml | 1 - |
| 20 |
sys-auth/polkit/polkit-0.119-r2.ebuild | 141 ------------ |
| 21 |
...lkit-0.120-r1.ebuild => polkit-0.120-r2.ebuild} | 12 +- |
| 22 |
9 files changed, 121 insertions(+), 644 deletions(-) |
| 23 |
|
| 24 |
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest |
| 25 |
index 14c82431..1125d650 100644 |
| 26 |
--- a/sys-auth/polkit/Manifest |
| 27 |
+++ b/sys-auth/polkit/Manifest |
| 28 |
@@ -1,4 +1,2 @@ |
| 29 |
-DIST polkit-0.118-duktape.patch 50144 BLAKE2B 83be77ed93596bd44306b8e5b677497c6e4dab3a16626a32849abb3d91b527ad1e3a1436dcd7389ca5794ea1d7efaa3d5acc950f868fcda85b4bab75ad54205a SHA512 dec31b81678a5436ddeef633d668c735d3c7128d6b5fb7b5dda2d06e8cf40ce9093813e9fbc8870475321d6fcdef3395bf3dd0db7ed214f0f45b19bf47c8a867 |
| 30 |
-DIST polkit-0.119.tar.gz 1387409 BLAKE2B aeb605598393d1cab40f7c77954008a0392600584c5fe8cc9acaa0e122418ee48b9cce0b6839189ea415277ff0ae4dbd5b7c71cb910aa349dcaf7e1f3f70ef06 SHA512 0260fb15da1c4c1f429e8223260981e64e297f1be8ced42f6910f09ea6581b8205aca06c9c601eb4a128acba2f468de0223118f96862ba769f95721894cf1578 |
| 31 |
DIST polkit-0.120-duktape-1.patch 127886 BLAKE2B 5ae791538ff576c01340a8eee197c0da580cf8a5afd5d0ba54526191edf68c16811debed981c540fcf2ad6fbf0d13f66c71c8ccd32560fda2f39aeb86cd15349 SHA512 bd3fb95a2e4151646859fef031f463fabd8c02bd24024f8269a74c171d70f8fc33de055193b2a0fb0c40fc459f01ec9a546cfdf1c90ef096ba8e5135d08be4a7 |
| 32 |
DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46 |
| 33 |
|
| 34 |
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch |
| 35 |
deleted file mode 100644 |
| 36 |
index 93d67201..00000000 |
| 37 |
--- a/sys-auth/polkit/files/polkit-0.115-elogind.patch |
| 38 |
+++ /dev/null |
| 39 |
@@ -1,28 +0,0 @@ |
| 40 |
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001 |
| 41 |
-From: Rasmus Thomsen <cogitri@×××××××.org> |
| 42 |
-Date: Wed, 11 Apr 2018 13:14:14 +0200 |
| 43 |
-Subject: [PATCH] configure: fix elogind support |
| 44 |
- |
| 45 |
-HAVE_LIBSYSTEMD is used to determine which source files to use. |
| 46 |
-We have to check if either have_libsystemd or have_libelogind is |
| 47 |
-true, as both of these need the source files which are used when |
| 48 |
-HAVE_LIBSYSTEMD is true. |
| 49 |
---- |
| 50 |
- configure.ac | 2 +- |
| 51 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
| 52 |
- |
| 53 |
-diff --git a/configure.ac b/configure.ac |
| 54 |
-index 36df239..da47ecb 100644 |
| 55 |
---- a/configure.ac |
| 56 |
-+++ b/configure.ac |
| 57 |
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [ |
| 58 |
- |
| 59 |
- AC_SUBST(LIBSYSTEMD_CFLAGS) |
| 60 |
- AC_SUBST(LIBSYSTEMD_LIBS) |
| 61 |
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) |
| 62 |
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd]) |
| 63 |
- |
| 64 |
- dnl --------------------------------------------------------------------------- |
| 65 |
- dnl - systemd unit / service files |
| 66 |
--- |
| 67 |
-2.17.0 |
| 68 |
|
| 69 |
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch |
| 70 |
deleted file mode 100644 |
| 71 |
index 84f07f98..00000000 |
| 72 |
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch |
| 73 |
+++ /dev/null |
| 74 |
@@ -1,248 +0,0 @@ |
| 75 |
-From 71e5409c931f8e69ef7e782d1c396c335a4c3f76 Mon Sep 17 00:00:00 2001 |
| 76 |
-From: A. Wilcox <AWilcox@×××××××××××.com> |
| 77 |
-Date: Mon, 20 May 2019 20:24:42 -0500 |
| 78 |
-Subject: [PATCH] On at least Linux/musl and Linux/uclibc, netgroup |
| 79 |
-support is not available. PolKit fails to compile on these systems |
| 80 |
-for that reason. |
| 81 |
- |
| 82 |
-This change makes netgroup support conditional on the presence of the |
| 83 |
-setnetgrent(3) function which is required for the support to work. If |
| 84 |
-that function is not available on the system, an error will be returned |
| 85 |
-to the administrator if unix-netgroup: is specified in configuration. |
| 86 |
- |
| 87 |
-Fixes bug 50145. |
| 88 |
- |
| 89 |
-Closes polkit/polkit#14. |
| 90 |
-Signed-off-by: A. Wilcox <AWilcox@×××××××××××.com> |
| 91 |
---- |
| 92 |
- configure.ac | 2 +- |
| 93 |
- src/polkit/polkitidentity.c | 16 ++++++++++++++++ |
| 94 |
- src/polkit/polkitunixnetgroup.c | 3 +++ |
| 95 |
- .../polkitbackendinteractiveauthority.c | 14 ++++++++------ |
| 96 |
- src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ |
| 97 |
- test/polkit/polkitidentitytest.c | 9 ++++++++- |
| 98 |
- test/polkit/polkitunixnetgrouptest.c | 3 +++ |
| 99 |
- .../test-polkitbackendjsauthority.c | 2 ++ |
| 100 |
- 8 files changed, 43 insertions(+), 8 deletions(-) |
| 101 |
- |
| 102 |
-diff --git a/configure.ac b/configure.ac |
| 103 |
-index 5cedb4e..87aa0ad 100644 |
| 104 |
---- a/configure.ac |
| 105 |
-+++ b/configure.ac |
| 106 |
-@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], |
| 107 |
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) |
| 108 |
- AC_SUBST(EXPAT_LIBS) |
| 109 |
- |
| 110 |
--AC_CHECK_FUNCS(clearenv fdatasync) |
| 111 |
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) |
| 112 |
- |
| 113 |
- if test "x$GCC" = "xyes"; then |
| 114 |
- LDFLAGS="-Wl,--as-needed $LDFLAGS" |
| 115 |
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c |
| 116 |
-index 3aa1f7f..10e9c17 100644 |
| 117 |
---- a/src/polkit/polkitidentity.c |
| 118 |
-+++ b/src/polkit/polkitidentity.c |
| 119 |
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, |
| 120 |
- } |
| 121 |
- else if (g_str_has_prefix (str, "unix-netgroup:")) |
| 122 |
- { |
| 123 |
-+#ifndef HAVE_SETNETGRENT |
| 124 |
-+ g_set_error (error, |
| 125 |
-+ POLKIT_ERROR, |
| 126 |
-+ POLKIT_ERROR_FAILED, |
| 127 |
-+ "Netgroups are not available on this machine ('%s')", |
| 128 |
-+ str); |
| 129 |
-+#else |
| 130 |
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); |
| 131 |
-+#endif |
| 132 |
- } |
| 133 |
- |
| 134 |
- if (identity == NULL && (error != NULL && *error == NULL)) |
| 135 |
-@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
| 136 |
- GVariant *v; |
| 137 |
- const char *name; |
| 138 |
- |
| 139 |
-+#ifndef HAVE_SETNETGRENT |
| 140 |
-+ g_set_error (error, |
| 141 |
-+ POLKIT_ERROR, |
| 142 |
-+ POLKIT_ERROR_FAILED, |
| 143 |
-+ "Netgroups are not available on this machine"); |
| 144 |
-+ goto out; |
| 145 |
-+#else |
| 146 |
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); |
| 147 |
- if (v == NULL) |
| 148 |
- { |
| 149 |
-@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
| 150 |
- name = g_variant_get_string (v, NULL); |
| 151 |
- ret = polkit_unix_netgroup_new (name); |
| 152 |
- g_variant_unref (v); |
| 153 |
-+#endif |
| 154 |
- } |
| 155 |
- else |
| 156 |
- { |
| 157 |
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c |
| 158 |
-index 8a2b369..83f8d4a 100644 |
| 159 |
---- a/src/polkit/polkitunixnetgroup.c |
| 160 |
-+++ b/src/polkit/polkitunixnetgroup.c |
| 161 |
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, |
| 162 |
- PolkitIdentity * |
| 163 |
- polkit_unix_netgroup_new (const gchar *name) |
| 164 |
- { |
| 165 |
-+#ifndef HAVE_SETNETGRENT |
| 166 |
-+ g_assert_not_reached(); |
| 167 |
-+#endif |
| 168 |
- g_return_val_if_fail (name != NULL, NULL); |
| 169 |
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, |
| 170 |
- "name", name, |
| 171 |
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 172 |
-index 056d9a8..36c2f3d 100644 |
| 173 |
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 174 |
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 175 |
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, |
| 176 |
- GList *ret; |
| 177 |
- |
| 178 |
- ret = NULL; |
| 179 |
-+#ifdef HAVE_SETNETGRENT |
| 180 |
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); |
| 181 |
- |
| 182 |
--#ifdef HAVE_SETNETGRENT_RETURN |
| 183 |
-+# ifdef HAVE_SETNETGRENT_RETURN |
| 184 |
- if (setnetgrent (name) == 0) |
| 185 |
- { |
| 186 |
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); |
| 187 |
- goto out; |
| 188 |
- } |
| 189 |
--#else |
| 190 |
-+# else |
| 191 |
- setnetgrent (name); |
| 192 |
--#endif |
| 193 |
-+# endif /* HAVE_SETNETGRENT_RETURN */ |
| 194 |
- |
| 195 |
- for (;;) |
| 196 |
- { |
| 197 |
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
| 198 |
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
| 199 |
- const char *hostname, *username, *domainname; |
| 200 |
--#else |
| 201 |
-+# else |
| 202 |
- char *hostname, *username, *domainname; |
| 203 |
--#endif |
| 204 |
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ |
| 205 |
- PolkitIdentity *user; |
| 206 |
- GError *error = NULL; |
| 207 |
- |
| 208 |
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, |
| 209 |
- |
| 210 |
- out: |
| 211 |
- endnetgrent (); |
| 212 |
-+#endif /* HAVE_SETNETGRENT */ |
| 213 |
- return ret; |
| 214 |
- } |
| 215 |
- |
| 216 |
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 217 |
-index 9b752d1..09b2878 100644 |
| 218 |
---- a/src/polkitbackend/polkitbackendjsauthority.cpp |
| 219 |
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 220 |
-@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
| 221 |
- |
| 222 |
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp); |
| 223 |
- |
| 224 |
-+#ifdef HAVE_SETNETGRENT |
| 225 |
- JS::RootedString usrstr (authority->priv->cx); |
| 226 |
- usrstr = args[0].toString(); |
| 227 |
- user = JS_EncodeStringToUTF8 (cx, usrstr); |
| 228 |
-@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
| 229 |
- |
| 230 |
- JS_free (cx, netgroup); |
| 231 |
- JS_free (cx, user); |
| 232 |
-+#endif |
| 233 |
- |
| 234 |
- ret = true; |
| 235 |
- |
| 236 |
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c |
| 237 |
-index e91967b..e829aaa 100644 |
| 238 |
---- a/test/polkit/polkitidentitytest.c |
| 239 |
-+++ b/test/polkit/polkitidentitytest.c |
| 240 |
-@@ -19,6 +19,7 @@ |
| 241 |
- * Author: Nikki VonHollen <vonhollen@××××××.com> |
| 242 |
- */ |
| 243 |
- |
| 244 |
-+#include "config.h" |
| 245 |
- #include "glib.h" |
| 246 |
- #include <polkit/polkit.h> |
| 247 |
- #include <polkit/polkitprivate.h> |
| 248 |
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { |
| 249 |
- {"unix-group:root", "unix-group:jane", FALSE}, |
| 250 |
- {"unix-group:jane", "unix-group:jane", TRUE}, |
| 251 |
- |
| 252 |
-+#ifdef HAVE_SETNETGRENT |
| 253 |
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, |
| 254 |
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, |
| 255 |
-+#endif |
| 256 |
- |
| 257 |
- {"unix-user:root", "unix-group:root", FALSE}, |
| 258 |
-+#ifdef HAVE_SETNETGRENT |
| 259 |
- {"unix-user:jane", "unix-netgroup:foo", FALSE}, |
| 260 |
-+#endif |
| 261 |
- |
| 262 |
- {NULL}, |
| 263 |
- }; |
| 264 |
-@@ -181,11 +186,13 @@ main (int argc, char *argv[]) |
| 265 |
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); |
| 266 |
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); |
| 267 |
- |
| 268 |
-+#ifdef HAVE_SETNETGRENT |
| 269 |
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); |
| 270 |
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
| 271 |
-+#endif |
| 272 |
- |
| 273 |
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); |
| 274 |
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); |
| 275 |
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
| 276 |
- |
| 277 |
- add_comparison_tests (); |
| 278 |
- |
| 279 |
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c |
| 280 |
-index 3701ba1..e3352eb 100644 |
| 281 |
---- a/test/polkit/polkitunixnetgrouptest.c |
| 282 |
-+++ b/test/polkit/polkitunixnetgrouptest.c |
| 283 |
-@@ -19,6 +19,7 @@ |
| 284 |
- * Author: Nikki VonHollen <vonhollen@××××××.com> |
| 285 |
- */ |
| 286 |
- |
| 287 |
-+#include "config.h" |
| 288 |
- #include "glib.h" |
| 289 |
- #include <polkit/polkit.h> |
| 290 |
- #include <string.h> |
| 291 |
-@@ -69,7 +70,9 @@ int |
| 292 |
- main (int argc, char *argv[]) |
| 293 |
- { |
| 294 |
- g_test_init (&argc, &argv, NULL); |
| 295 |
-+#ifdef HAVE_SETNETGRENT |
| 296 |
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new); |
| 297 |
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); |
| 298 |
-+#endif |
| 299 |
- return g_test_run (); |
| 300 |
- } |
| 301 |
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 302 |
-index 71aad23..fdd28f3 100644 |
| 303 |
---- a/test/polkitbackend/test-polkitbackendjsauthority.c |
| 304 |
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 305 |
-@@ -137,12 +137,14 @@ test_get_admin_identities (void) |
| 306 |
- "unix-group:users" |
| 307 |
- } |
| 308 |
- }, |
| 309 |
-+#ifdef HAVE_SETNETGRENT |
| 310 |
- { |
| 311 |
- "net.company.action3", |
| 312 |
- { |
| 313 |
- "unix-netgroup:foo" |
| 314 |
- } |
| 315 |
- }, |
| 316 |
-+#endif |
| 317 |
- }; |
| 318 |
- guint n; |
| 319 |
- |
| 320 |
--- |
| 321 |
-2.21.0 |
| 322 |
- |
| 323 |
|
| 324 |
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch |
| 325 |
deleted file mode 100644 |
| 326 |
index aef30ef6..00000000 |
| 327 |
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch |
| 328 |
+++ /dev/null |
| 329 |
@@ -1,219 +0,0 @@ |
| 330 |
-diff --git a/configure.ac b/configure.ac |
| 331 |
-index 4809dc9..d1ea325 100644 |
| 332 |
---- a/configure.ac |
| 333 |
-+++ b/configure.ac |
| 334 |
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], |
| 335 |
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) |
| 336 |
- AC_SUBST(EXPAT_LIBS) |
| 337 |
- |
| 338 |
--AC_CHECK_FUNCS(clearenv fdatasync) |
| 339 |
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) |
| 340 |
- |
| 341 |
- if test "x$GCC" = "xyes"; then |
| 342 |
- LDFLAGS="-Wl,--as-needed $LDFLAGS" |
| 343 |
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c |
| 344 |
-index 3aa1f7f..793f17d 100644 |
| 345 |
---- a/src/polkit/polkitidentity.c |
| 346 |
-+++ b/src/polkit/polkitidentity.c |
| 347 |
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, |
| 348 |
- } |
| 349 |
- else if (g_str_has_prefix (str, "unix-netgroup:")) |
| 350 |
- { |
| 351 |
-+#ifndef HAVE_SETNETGRENT |
| 352 |
-+ g_set_error (error, |
| 353 |
-+ POLKIT_ERROR, |
| 354 |
-+ POLKIT_ERROR_FAILED, |
| 355 |
-+ "Netgroups are not available on this machine ('%s')", |
| 356 |
-+ str); |
| 357 |
-+#else |
| 358 |
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); |
| 359 |
-+#endif |
| 360 |
- } |
| 361 |
- |
| 362 |
- if (identity == NULL && (error != NULL && *error == NULL)) |
| 363 |
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
| 364 |
- GVariant *v; |
| 365 |
- const char *name; |
| 366 |
- |
| 367 |
-+#ifndef HAVE_SETNETGRENT |
| 368 |
-+ g_set_error (error, |
| 369 |
-+ POLKIT_ERROR, |
| 370 |
-+ POLKIT_ERROR_FAILED, |
| 371 |
-+ "Netgroups are not available on this machine"); |
| 372 |
-+ goto out; |
| 373 |
-+#else |
| 374 |
-+ |
| 375 |
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); |
| 376 |
- if (v == NULL) |
| 377 |
- { |
| 378 |
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
| 379 |
- name = g_variant_get_string (v, NULL); |
| 380 |
- ret = polkit_unix_netgroup_new (name); |
| 381 |
- g_variant_unref (v); |
| 382 |
-+#endif |
| 383 |
- } |
| 384 |
- else |
| 385 |
- { |
| 386 |
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c |
| 387 |
-index 8a2b369..83f8d4a 100644 |
| 388 |
---- a/src/polkit/polkitunixnetgroup.c |
| 389 |
-+++ b/src/polkit/polkitunixnetgroup.c |
| 390 |
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, |
| 391 |
- PolkitIdentity * |
| 392 |
- polkit_unix_netgroup_new (const gchar *name) |
| 393 |
- { |
| 394 |
-+#ifndef HAVE_SETNETGRENT |
| 395 |
-+ g_assert_not_reached(); |
| 396 |
-+#endif |
| 397 |
- g_return_val_if_fail (name != NULL, NULL); |
| 398 |
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, |
| 399 |
- "name", name, |
| 400 |
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 401 |
-index 056d9a8..36c2f3d 100644 |
| 402 |
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 403 |
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 404 |
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, |
| 405 |
- GList *ret; |
| 406 |
- |
| 407 |
- ret = NULL; |
| 408 |
-+#ifdef HAVE_SETNETGRENT |
| 409 |
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); |
| 410 |
- |
| 411 |
--#ifdef HAVE_SETNETGRENT_RETURN |
| 412 |
-+# ifdef HAVE_SETNETGRENT_RETURN |
| 413 |
- if (setnetgrent (name) == 0) |
| 414 |
- { |
| 415 |
- g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); |
| 416 |
- goto out; |
| 417 |
- } |
| 418 |
--#else |
| 419 |
-+# else |
| 420 |
- setnetgrent (name); |
| 421 |
--#endif |
| 422 |
-+# endif /* HAVE_SETNETGRENT_RETURN */ |
| 423 |
- |
| 424 |
- for (;;) |
| 425 |
- { |
| 426 |
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
| 427 |
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
| 428 |
- const char *hostname, *username, *domainname; |
| 429 |
--#else |
| 430 |
-+# else |
| 431 |
- char *hostname, *username, *domainname; |
| 432 |
--#endif |
| 433 |
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ |
| 434 |
- PolkitIdentity *user; |
| 435 |
- GError *error = NULL; |
| 436 |
- |
| 437 |
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, |
| 438 |
- |
| 439 |
- out: |
| 440 |
- endnetgrent (); |
| 441 |
-+#endif /* HAVE_SETNETGRENT */ |
| 442 |
- return ret; |
| 443 |
- } |
| 444 |
- |
| 445 |
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 446 |
-index 1d91103..366cbdf 100644 |
| 447 |
---- a/src/polkitbackend/polkitbackendjsauthority.cpp |
| 448 |
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 449 |
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
| 450 |
- |
| 451 |
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp); |
| 452 |
- |
| 453 |
-+#ifdef HAVE_SETNETGRENT |
| 454 |
- JS::RootedString usrstr (authority->priv->cx); |
| 455 |
- usrstr = args[0].toString(); |
| 456 |
- user = JS_EncodeStringToUTF8 (cx, usrstr); |
| 457 |
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
| 458 |
- { |
| 459 |
- is_in_netgroup = true; |
| 460 |
- } |
| 461 |
-+#endif |
| 462 |
- |
| 463 |
- ret = true; |
| 464 |
- |
| 465 |
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c |
| 466 |
-index e91967b..e829aaa 100644 |
| 467 |
---- a/test/polkit/polkitidentitytest.c |
| 468 |
-+++ b/test/polkit/polkitidentitytest.c |
| 469 |
-@@ -19,6 +19,7 @@ |
| 470 |
- * Author: Nikki VonHollen <vonhollen@××××××.com> |
| 471 |
- */ |
| 472 |
- |
| 473 |
-+#include "config.h" |
| 474 |
- #include "glib.h" |
| 475 |
- #include <polkit/polkit.h> |
| 476 |
- #include <polkit/polkitprivate.h> |
| 477 |
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { |
| 478 |
- {"unix-group:root", "unix-group:jane", FALSE}, |
| 479 |
- {"unix-group:jane", "unix-group:jane", TRUE}, |
| 480 |
- |
| 481 |
-+#ifdef HAVE_SETNETGRENT |
| 482 |
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, |
| 483 |
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, |
| 484 |
-+#endif |
| 485 |
- |
| 486 |
- {"unix-user:root", "unix-group:root", FALSE}, |
| 487 |
-+#ifdef HAVE_SETNETGRENT |
| 488 |
- {"unix-user:jane", "unix-netgroup:foo", FALSE}, |
| 489 |
-+#endif |
| 490 |
- |
| 491 |
- {NULL}, |
| 492 |
- }; |
| 493 |
-@@ -181,11 +186,13 @@ main (int argc, char *argv[]) |
| 494 |
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); |
| 495 |
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); |
| 496 |
- |
| 497 |
-+#ifdef HAVE_SETNETGRENT |
| 498 |
- g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); |
| 499 |
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
| 500 |
-+#endif |
| 501 |
- |
| 502 |
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); |
| 503 |
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); |
| 504 |
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
| 505 |
- |
| 506 |
- add_comparison_tests (); |
| 507 |
- |
| 508 |
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c |
| 509 |
-index 3701ba1..e3352eb 100644 |
| 510 |
---- a/test/polkit/polkitunixnetgrouptest.c |
| 511 |
-+++ b/test/polkit/polkitunixnetgrouptest.c |
| 512 |
-@@ -19,6 +19,7 @@ |
| 513 |
- * Author: Nikki VonHollen <vonhollen@××××××.com> |
| 514 |
- */ |
| 515 |
- |
| 516 |
-+#include "config.h" |
| 517 |
- #include "glib.h" |
| 518 |
- #include <polkit/polkit.h> |
| 519 |
- #include <string.h> |
| 520 |
-@@ -69,7 +70,9 @@ int |
| 521 |
- main (int argc, char *argv[]) |
| 522 |
- { |
| 523 |
- g_test_init (&argc, &argv, NULL); |
| 524 |
-+#ifdef HAVE_SETNETGRENT |
| 525 |
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new); |
| 526 |
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); |
| 527 |
-+#endif |
| 528 |
- return g_test_run (); |
| 529 |
- } |
| 530 |
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 531 |
-index 71aad23..fdd28f3 100644 |
| 532 |
---- a/test/polkitbackend/test-polkitbackendjsauthority.c |
| 533 |
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 534 |
-@@ -137,12 +137,14 @@ test_get_admin_identities (void) |
| 535 |
- "unix-group:users" |
| 536 |
- } |
| 537 |
- }, |
| 538 |
-+#ifdef HAVE_SETNETGRENT |
| 539 |
- { |
| 540 |
- "net.company.action3", |
| 541 |
- { |
| 542 |
- "unix-netgroup:foo" |
| 543 |
- } |
| 544 |
- }, |
| 545 |
-+#endif |
| 546 |
- }; |
| 547 |
- guint n; |
| 548 |
- |
| 549 |
|
| 550 |
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch |
| 551 |
new file mode 100644 |
| 552 |
index 00000000..22bb71d1 |
| 553 |
--- /dev/null |
| 554 |
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch |
| 555 |
@@ -0,0 +1,72 @@ |
| 556 |
+https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt |
| 557 |
+https://bugs.gentoo.org/832057 |
| 558 |
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch |
| 559 |
+ |
| 560 |
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001 |
| 561 |
+From: Jan Rybar <jrybar@××××××.com> |
| 562 |
+Date: Tue, 25 Jan 2022 17:21:46 +0000 |
| 563 |
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034) |
| 564 |
+ |
| 565 |
+--- a/src/programs/pkcheck.c |
| 566 |
++++ b/src/programs/pkcheck.c |
| 567 |
+@@ -363,6 +363,11 @@ main (int argc, char *argv[]) |
| 568 |
+ local_agent_handle = NULL; |
| 569 |
+ ret = 126; |
| 570 |
+ |
| 571 |
++ if (argc < 1) |
| 572 |
++ { |
| 573 |
++ exit(126); |
| 574 |
++ } |
| 575 |
++ |
| 576 |
+ /* Disable remote file access from GIO. */ |
| 577 |
+ setenv ("GIO_USE_VFS", "local", 1); |
| 578 |
+ |
| 579 |
+--- a/src/programs/pkexec.c |
| 580 |
++++ b/src/programs/pkexec.c |
| 581 |
+@@ -488,6 +488,15 @@ main (int argc, char *argv[]) |
| 582 |
+ pid_t pid_of_caller; |
| 583 |
+ gpointer local_agent_handle; |
| 584 |
+ |
| 585 |
++ |
| 586 |
++ /* |
| 587 |
++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. |
| 588 |
++ */ |
| 589 |
++ if (argc<1) |
| 590 |
++ { |
| 591 |
++ exit(127); |
| 592 |
++ } |
| 593 |
++ |
| 594 |
+ ret = 127; |
| 595 |
+ authority = NULL; |
| 596 |
+ subject = NULL; |
| 597 |
+@@ -614,10 +623,10 @@ main (int argc, char *argv[]) |
| 598 |
+ |
| 599 |
+ path = g_strdup (pwstruct.pw_shell); |
| 600 |
+ if (!path) |
| 601 |
+- { |
| 602 |
++ { |
| 603 |
+ g_printerr ("No shell configured or error retrieving pw_shell\n"); |
| 604 |
+ goto out; |
| 605 |
+- } |
| 606 |
++ } |
| 607 |
+ /* If you change this, be sure to change the if (!command_line) |
| 608 |
+ case below too */ |
| 609 |
+ command_line = g_strdup (path); |
| 610 |
+@@ -636,7 +645,15 @@ main (int argc, char *argv[]) |
| 611 |
+ goto out; |
| 612 |
+ } |
| 613 |
+ g_free (path); |
| 614 |
+- argv[n] = path = s; |
| 615 |
++ path = s; |
| 616 |
++ |
| 617 |
++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. |
| 618 |
++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination |
| 619 |
++ */ |
| 620 |
++ if (argv[n] != NULL) |
| 621 |
++ { |
| 622 |
++ argv[n] = path; |
| 623 |
++ } |
| 624 |
+ } |
| 625 |
+ if (access (path, F_OK) != 0) |
| 626 |
+ { |
| 627 |
+GitLab |
| 628 |
|
| 629 |
diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch |
| 630 |
new file mode 100644 |
| 631 |
index 00000000..5e144688 |
| 632 |
--- /dev/null |
| 633 |
+++ b/sys-auth/polkit/files/polkit-0.120-meson.patch |
| 634 |
@@ -0,0 +1,42 @@ |
| 635 |
+From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001 |
| 636 |
+From: Simon McVittie <smcv@××××××.org> |
| 637 |
+Date: Mon, 25 Oct 2021 20:21:27 +0100 |
| 638 |
+Subject: [PATCH] Don't pass positional parameters to i18n.merge_file |
| 639 |
+ |
| 640 |
+These were always ignored, and Meson 0.60.0 disallowed them. |
| 641 |
+ |
| 642 |
+Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160 |
| 643 |
+Reference: https://github.com/mesonbuild/meson/pull/9445 |
| 644 |
+Signed-off-by: Simon McVittie <smcv@××××××.org> |
| 645 |
+--- |
| 646 |
+ actions/meson.build | 1 - |
| 647 |
+ src/examples/meson.build | 1 - |
| 648 |
+ 2 files changed, 2 deletions(-) |
| 649 |
+ |
| 650 |
+diff --git a/actions/meson.build b/actions/meson.build |
| 651 |
+index 2abaaf3..1e3f370 100644 |
| 652 |
+--- a/actions/meson.build |
| 653 |
++++ b/actions/meson.build |
| 654 |
+@@ -1,7 +1,6 @@ |
| 655 |
+ policy = 'org.freedesktop.policykit.policy' |
| 656 |
+ |
| 657 |
+ i18n.merge_file( |
| 658 |
+- policy, |
| 659 |
+ input: policy + '.in', |
| 660 |
+ output: '@BASENAME@', |
| 661 |
+ po_dir: po_dir, |
| 662 |
+diff --git a/src/examples/meson.build b/src/examples/meson.build |
| 663 |
+index c6305ab..8c18de5 100644 |
| 664 |
+--- a/src/examples/meson.build |
| 665 |
++++ b/src/examples/meson.build |
| 666 |
+@@ -1,7 +1,6 @@ |
| 667 |
+ policy = 'org.freedesktop.policykit.examples.pkexec.policy' |
| 668 |
+ |
| 669 |
+ i18n.merge_file( |
| 670 |
+- policy, |
| 671 |
+ input: policy + '.in', |
| 672 |
+ output: '@BASENAME@', |
| 673 |
+ po_dir: po_dir, |
| 674 |
+-- |
| 675 |
+GitLab |
| 676 |
+ |
| 677 |
|
| 678 |
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml |
| 679 |
index f23bd9f8..23b3540b 100644 |
| 680 |
--- a/sys-auth/polkit/metadata.xml |
| 681 |
+++ b/sys-auth/polkit/metadata.xml |
| 682 |
@@ -6,7 +6,6 @@ |
| 683 |
</maintainer> |
| 684 |
<use> |
| 685 |
<flag name="duktape">Use<pkg>dev-lang/duktape</pkg> for javascript engine</flag> |
| 686 |
- <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag> |
| 687 |
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag> |
| 688 |
</use> |
| 689 |
</pkgmetadata> |
| 690 |
|
| 691 |
diff --git a/sys-auth/polkit/polkit-0.119-r2.ebuild b/sys-auth/polkit/polkit-0.119-r2.ebuild |
| 692 |
deleted file mode 100644 |
| 693 |
index 32f1c305..00000000 |
| 694 |
--- a/sys-auth/polkit/polkit-0.119-r2.ebuild |
| 695 |
+++ /dev/null |
| 696 |
@@ -1,141 +0,0 @@ |
| 697 |
-# Copyright 1999-2021 Gentoo Authors |
| 698 |
-# Distributed under the terms of the GNU General Public License v2 |
| 699 |
- |
| 700 |
-EAPI=7 |
| 701 |
- |
| 702 |
-inherit autotools pam pax-utils systemd xdg-utils |
| 703 |
- |
| 704 |
-DESCRIPTION="Policy framework for controlling privileges for system-wide services" |
| 705 |
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" |
| 706 |
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz |
| 707 |
- https://dev.gentoo.org/~anarchy/dist/polkit-0.118-duktape.patch" |
| 708 |
- |
| 709 |
-LICENSE="LGPL-2" |
| 710 |
-SLOT="0" |
| 711 |
-KEYWORDS="amd64 arm arm64 ~mips ppc64 x86" |
| 712 |
-IUSE="duktape elogind examples gtk +introspection kde nls pam selinux systemd test" |
| 713 |
-RESTRICT="!test? ( test )" |
| 714 |
- |
| 715 |
-REQUIRED_USE="^^ ( elogind systemd )" |
| 716 |
- |
| 717 |
-BDEPEND=" |
| 718 |
- acct-user/polkitd |
| 719 |
- app-text/docbook-xml-dtd:4.1.2 |
| 720 |
- app-text/docbook-xsl-stylesheets |
| 721 |
- dev-libs/glib |
| 722 |
- dev-libs/gobject-introspection-common |
| 723 |
- dev-libs/libxslt |
| 724 |
- dev-util/glib-utils |
| 725 |
- dev-util/gtk-doc-am |
| 726 |
- dev-util/intltool |
| 727 |
- sys-devel/gettext |
| 728 |
- virtual/pkgconfig |
| 729 |
- introspection? ( dev-libs/gobject-introspection ) |
| 730 |
-" |
| 731 |
-DEPEND=" |
| 732 |
- duktape? ( dev-lang/duktape ) |
| 733 |
- !duktape? ( dev-lang/spidermonkey:78[-debug] ) |
| 734 |
- dev-libs/glib:2 |
| 735 |
- dev-libs/expat |
| 736 |
- elogind? ( sys-auth/elogind ) |
| 737 |
- pam? ( |
| 738 |
- sys-auth/pambase |
| 739 |
- sys-libs/pam |
| 740 |
- ) |
| 741 |
- !pam? ( virtual/libcrypt:= ) |
| 742 |
- systemd? ( sys-apps/systemd:0=[policykit] ) |
| 743 |
-" |
| 744 |
-RDEPEND="${DEPEND} |
| 745 |
- acct-user/polkitd |
| 746 |
- selinux? ( sec-policy/selinux-policykit ) |
| 747 |
-" |
| 748 |
-PDEPEND=" |
| 749 |
- gtk? ( || ( |
| 750 |
- >=gnome-extra/polkit-gnome-0.105 |
| 751 |
- >=lxde-base/lxsession-0.5.2 |
| 752 |
- ) ) |
| 753 |
- kde? ( kde-plasma/polkit-kde-agent ) |
| 754 |
-" |
| 755 |
- |
| 756 |
-DOCS=( docs/TODO HACKING NEWS README ) |
| 757 |
- |
| 758 |
-PATCHES=( |
| 759 |
- "${DISTDIR}"/${PN}-0.118-duktape.patch |
| 760 |
- "${FILESDIR}"/${PN}-0.115-elogind.patch # bug 660880 |
| 761 |
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch |
| 762 |
-) |
| 763 |
- |
| 764 |
-QA_MULTILIB_PATHS=" |
| 765 |
- usr/lib/polkit-1/polkit-agent-helper-1 |
| 766 |
- usr/lib/polkit-1/polkitd" |
| 767 |
- |
| 768 |
-src_prepare() { |
| 769 |
- default |
| 770 |
- |
| 771 |
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 |
| 772 |
- |
| 773 |
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170 |
| 774 |
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \ |
| 775 |
- -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \ |
| 776 |
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \ |
| 777 |
- docs/polkit/Makefile.in || die |
| 778 |
- |
| 779 |
- # disable broken test - bug #624022 |
| 780 |
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die |
| 781 |
- |
| 782 |
- # Fix cross-building, bug #590764, elogind patch, bug #598615 |
| 783 |
- eautoreconf |
| 784 |
-} |
| 785 |
- |
| 786 |
-src_configure() { |
| 787 |
- xdg_environment_reset |
| 788 |
- |
| 789 |
- local myeconfargs=( |
| 790 |
- --localstatedir="${EPREFIX}"/var |
| 791 |
- --disable-static |
| 792 |
- --enable-man-pages |
| 793 |
- --disable-gtk-doc |
| 794 |
- --disable-examples |
| 795 |
- $(use_enable elogind libelogind) |
| 796 |
- $(use_enable introspection) |
| 797 |
- $(use_enable nls) |
| 798 |
- $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '') |
| 799 |
- --with-authfw=$(usex pam pam shadow) |
| 800 |
- $(use_enable systemd libsystemd-login) |
| 801 |
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" |
| 802 |
- $(use_enable test) |
| 803 |
- --with-os-type=gentoo |
| 804 |
- ) |
| 805 |
- |
| 806 |
- if use duktape; then |
| 807 |
- myeconfargs+=( --with-duktape ) |
| 808 |
- fi |
| 809 |
- |
| 810 |
- econf "${myeconfargs[@]}" |
| 811 |
-} |
| 812 |
- |
| 813 |
-src_compile() { |
| 814 |
- default |
| 815 |
- |
| 816 |
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT |
| 817 |
- pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest |
| 818 |
-} |
| 819 |
- |
| 820 |
-src_install() { |
| 821 |
- default |
| 822 |
- |
| 823 |
- if use examples; then |
| 824 |
- docinto examples |
| 825 |
- dodoc src/examples/{*.c,*.policy*} |
| 826 |
- fi |
| 827 |
- |
| 828 |
- diropts -m 0700 -o polkitd |
| 829 |
- keepdir /usr/share/polkit-1/rules.d |
| 830 |
- |
| 831 |
- find "${ED}" -name '*.la' -delete || die |
| 832 |
-} |
| 833 |
- |
| 834 |
-pkg_postinst() { |
| 835 |
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d |
| 836 |
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d |
| 837 |
-} |
| 838 |
|
| 839 |
diff --git a/sys-auth/polkit/polkit-0.120-r1.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild |
| 840 |
similarity index 89% |
| 841 |
rename from sys-auth/polkit/polkit-0.120-r1.ebuild |
| 842 |
rename to sys-auth/polkit/polkit-0.120-r2.ebuild |
| 843 |
index a75f950a..24b53b1f 100644 |
| 844 |
--- a/sys-auth/polkit/polkit-0.120-r1.ebuild |
| 845 |
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild |
| 846 |
@@ -56,11 +56,6 @@ PDEPEND=" |
| 847 |
kde? ( kde-plasma/polkit-kde-agent ) |
| 848 |
" |
| 849 |
|
| 850 |
-PATCHES=( |
| 851 |
- "${DISTDIR}"/${PN}-0.120-duktape-1.patch |
| 852 |
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch |
| 853 |
-) |
| 854 |
- |
| 855 |
DOCS=( docs/TODO HACKING NEWS README ) |
| 856 |
|
| 857 |
QA_MULTILIB_PATHS=" |
| 858 |
@@ -68,6 +63,12 @@ QA_MULTILIB_PATHS=" |
| 859 |
usr/lib/polkit-1/polkitd" |
| 860 |
|
| 861 |
src_prepare() { |
| 862 |
+ local PATCHES=( |
| 863 |
+ "${FILESDIR}/polkit-0.120-meson.patch" |
| 864 |
+ "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch" |
| 865 |
+ "${DISTDIR}"/${PN}-0.120-duktape-1.patch |
| 866 |
+ "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch |
| 867 |
+ ) |
| 868 |
default |
| 869 |
|
| 870 |
sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 |
| 871 |
@@ -114,6 +115,7 @@ src_install() { |
| 872 |
# meson does not install required files with SUID bit. See |
| 873 |
# https://bugs.gentoo.org/816393 |
| 874 |
# Remove the following lines once this has been fixed by upstream |
| 875 |
+ # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8) |
| 876 |
fperms u+s /usr/bin/pkexec |
| 877 |
fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1 |
| 878 |
} |
Archives