| 1 |
commit: 39260d199cae8fef3dbb66db4b37377e92378f99 |
| 2 |
Author: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Jan 2 10:14:00 2016 +0000 |
| 4 |
Commit: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Jan 2 10:14:00 2016 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39260d19 |
| 7 |
|
| 8 |
sys-auth/polkit: drop old revision, bug #555666 |
| 9 |
|
| 10 |
Package-Manager: portage-2.2.26 |
| 11 |
|
| 12 |
sys-auth/polkit/Manifest | 1 - |
| 13 |
...dle-invalid-object-paths-in-RegisterAuthe.patch | 106 ------------------ |
| 14 |
sys-auth/polkit/polkit-0.112-r3.ebuild | 122 --------------------- |
| 15 |
3 files changed, 229 deletions(-) |
| 16 |
|
| 17 |
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest |
| 18 |
index 2add7c3..6b6923d 100644 |
| 19 |
--- a/sys-auth/polkit/Manifest |
| 20 |
+++ b/sys-auth/polkit/Manifest |
| 21 |
@@ -1,2 +1 @@ |
| 22 |
-DIST polkit-0.112.tar.gz 1429240 SHA256 d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 SHA512 e4ad1bd287b38e5650cb94b1897a959b2ceaa6c19b4478ba872eacb13b58758fd42f6ab1718976162d823d850cd5c99b3ccadf1b57d75dea7790101422029d5f WHIRLPOOL af5dd0a17b7356302b0319e80565d6ac916128dfc85b6e2711147f3de86651f11fe8d08f3d6067d7abd24e263be92403f9d8f46935ba93db571e386a603a038a |
| 23 |
DIST polkit-0.113.tar.gz 1448865 SHA256 e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9 WHIRLPOOL 106db7e6085a4ce49da44929138671eff2fd6007c80533518abe2d91ede9242b1e3cd0a1801190eeac5d4d5c1e978a30a18e47a6b604497b38853fa60c935a81 |
| 24 |
|
| 25 |
diff --git a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch |
| 26 |
deleted file mode 100644 |
| 27 |
index 5ceb2de..0000000 |
| 28 |
--- a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch |
| 29 |
+++ /dev/null |
| 30 |
@@ -1,106 +0,0 @@ |
| 31 |
-From 9e074421d5623b6962dc66994d519012b40334b9 Mon Sep 17 00:00:00 2001 |
| 32 |
-From: Colin Walters <walters@××××××.org> |
| 33 |
-Date: Sat, 30 May 2015 09:06:23 -0400 |
| 34 |
-Subject: [PATCH] backend: Handle invalid object paths in |
| 35 |
- RegisterAuthenticationAgent |
| 36 |
- |
| 37 |
-Properly propagate the error, otherwise we dereference a `NULL` |
| 38 |
-pointer. This is a local, authenticated DoS. |
| 39 |
- |
| 40 |
-Reported-by: Tavis Ormandy <taviso@××××××.com> |
| 41 |
-Signed-off-by: Colin Walters <walters@××××××.org> |
| 42 |
---- |
| 43 |
- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- |
| 44 |
- 1 file changed, 30 insertions(+), 23 deletions(-) |
| 45 |
- |
| 46 |
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 47 |
-index 59028d5..f45fdf1 100644 |
| 48 |
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 49 |
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 50 |
-@@ -1551,36 +1551,42 @@ authentication_agent_new (PolkitSubject *scope, |
| 51 |
- const gchar *unique_system_bus_name, |
| 52 |
- const gchar *locale, |
| 53 |
- const gchar *object_path, |
| 54 |
-- GVariant *registration_options) |
| 55 |
-+ GVariant *registration_options, |
| 56 |
-+ GError **error) |
| 57 |
- { |
| 58 |
- AuthenticationAgent *agent; |
| 59 |
-- GError *error; |
| 60 |
-+ GDBusProxy *proxy; |
| 61 |
- |
| 62 |
-- agent = g_new0 (AuthenticationAgent, 1); |
| 63 |
-+ if (!g_variant_is_object_path (object_path)) |
| 64 |
-+ { |
| 65 |
-+ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, |
| 66 |
-+ "Invalid object path '%s'", object_path); |
| 67 |
-+ return NULL; |
| 68 |
-+ } |
| 69 |
-+ |
| 70 |
-+ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, |
| 71 |
-+ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | |
| 72 |
-+ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, |
| 73 |
-+ NULL, /* GDBusInterfaceInfo* */ |
| 74 |
-+ unique_system_bus_name, |
| 75 |
-+ object_path, |
| 76 |
-+ "org.freedesktop.PolicyKit1.AuthenticationAgent", |
| 77 |
-+ NULL, /* GCancellable* */ |
| 78 |
-+ error); |
| 79 |
-+ if (proxy == NULL) |
| 80 |
-+ { |
| 81 |
-+ g_prefix_error (error, "Failed to construct proxy for agent: " ); |
| 82 |
-+ return NULL; |
| 83 |
-+ } |
| 84 |
- |
| 85 |
-+ agent = g_new0 (AuthenticationAgent, 1); |
| 86 |
- agent->ref_count = 1; |
| 87 |
- agent->scope = g_object_ref (scope); |
| 88 |
- agent->object_path = g_strdup (object_path); |
| 89 |
- agent->unique_system_bus_name = g_strdup (unique_system_bus_name); |
| 90 |
- agent->locale = g_strdup (locale); |
| 91 |
- agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; |
| 92 |
-- |
| 93 |
-- error = NULL; |
| 94 |
-- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, |
| 95 |
-- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | |
| 96 |
-- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, |
| 97 |
-- NULL, /* GDBusInterfaceInfo* */ |
| 98 |
-- agent->unique_system_bus_name, |
| 99 |
-- agent->object_path, |
| 100 |
-- "org.freedesktop.PolicyKit1.AuthenticationAgent", |
| 101 |
-- NULL, /* GCancellable* */ |
| 102 |
-- &error); |
| 103 |
-- if (agent->proxy == NULL) |
| 104 |
-- { |
| 105 |
-- g_warning ("Error constructing proxy for agent: %s", error->message); |
| 106 |
-- g_error_free (error); |
| 107 |
-- /* TODO: Make authentication_agent_new() return NULL and set a GError */ |
| 108 |
-- } |
| 109 |
-+ agent->proxy = proxy; |
| 110 |
- |
| 111 |
- return agent; |
| 112 |
- } |
| 113 |
-@@ -2383,8 +2389,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken |
| 114 |
- caller_cmdline = NULL; |
| 115 |
- agent = NULL; |
| 116 |
- |
| 117 |
-- /* TODO: validate that object path is well-formed */ |
| 118 |
-- |
| 119 |
- interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); |
| 120 |
- priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); |
| 121 |
- |
| 122 |
-@@ -2471,7 +2475,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken |
| 123 |
- polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), |
| 124 |
- locale, |
| 125 |
- object_path, |
| 126 |
-- options); |
| 127 |
-+ options, |
| 128 |
-+ error); |
| 129 |
-+ if (!agent) |
| 130 |
-+ goto out; |
| 131 |
- |
| 132 |
- g_hash_table_insert (priv->hash_scope_to_authentication_agent, |
| 133 |
- g_object_ref (subject), |
| 134 |
--- |
| 135 |
-1.8.3.1 |
| 136 |
- |
| 137 |
|
| 138 |
diff --git a/sys-auth/polkit/polkit-0.112-r3.ebuild b/sys-auth/polkit/polkit-0.112-r3.ebuild |
| 139 |
deleted file mode 100644 |
| 140 |
index 873670c..0000000 |
| 141 |
--- a/sys-auth/polkit/polkit-0.112-r3.ebuild |
| 142 |
+++ /dev/null |
| 143 |
@@ -1,122 +0,0 @@ |
| 144 |
-# Copyright 1999-2015 Gentoo Foundation |
| 145 |
-# Distributed under the terms of the GNU General Public License v2 |
| 146 |
-# $Id$ |
| 147 |
- |
| 148 |
-EAPI=5 |
| 149 |
-inherit eutils multilib pam pax-utils systemd user |
| 150 |
- |
| 151 |
-DESCRIPTION="Policy framework for controlling privileges for system-wide services" |
| 152 |
-HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit" |
| 153 |
-SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" |
| 154 |
- |
| 155 |
-LICENSE="LGPL-2" |
| 156 |
-SLOT="0" |
| 157 |
-KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86" |
| 158 |
-IUSE="examples gtk +introspection jit kde nls pam selinux systemd" |
| 159 |
- |
| 160 |
-CDEPEND=" |
| 161 |
- ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) |
| 162 |
- hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) |
| 163 |
- mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) |
| 164 |
- !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) ) |
| 165 |
- >=dev-libs/glib-2.32 |
| 166 |
- >=dev-libs/expat-2:= |
| 167 |
- introspection? ( >=dev-libs/gobject-introspection-1 ) |
| 168 |
- pam? ( |
| 169 |
- sys-auth/pambase |
| 170 |
- virtual/pam |
| 171 |
- ) |
| 172 |
- systemd? ( sys-apps/systemd:0= )" |
| 173 |
-DEPEND="${CDEPEND} |
| 174 |
- app-text/docbook-xml-dtd:4.1.2 |
| 175 |
- app-text/docbook-xsl-stylesheets |
| 176 |
- dev-libs/libxslt |
| 177 |
- dev-util/intltool |
| 178 |
- virtual/pkgconfig" |
| 179 |
-RDEPEND="${CDEPEND} |
| 180 |
- selinux? ( sec-policy/selinux-policykit ) |
| 181 |
-" |
| 182 |
-PDEPEND=" |
| 183 |
- gtk? ( || ( |
| 184 |
- >=gnome-extra/polkit-gnome-0.105 |
| 185 |
- lxde-base/lxpolkit |
| 186 |
- ) ) |
| 187 |
- kde? ( || ( |
| 188 |
- kde-plasma/polkit-kde-agent |
| 189 |
- sys-auth/polkit-kde-agent |
| 190 |
- ) ) |
| 191 |
- !systemd? ( sys-auth/consolekit[policykit] )" |
| 192 |
- |
| 193 |
-QA_MULTILIB_PATHS=" |
| 194 |
- usr/lib/polkit-1/polkit-agent-helper-1 |
| 195 |
- usr/lib/polkit-1/polkitd" |
| 196 |
- |
| 197 |
-pkg_setup() { |
| 198 |
- local u=polkitd |
| 199 |
- local g=polkitd |
| 200 |
- local h=/var/lib/polkit-1 |
| 201 |
- |
| 202 |
- enewgroup ${g} |
| 203 |
- enewuser ${u} -1 -1 ${h} ${g} |
| 204 |
- esethome ${u} ${h} |
| 205 |
-} |
| 206 |
- |
| 207 |
-src_prepare() { |
| 208 |
- epatch "${FILESDIR}/${PN}-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch" # bug 551316 |
| 209 |
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 |
| 210 |
-} |
| 211 |
- |
| 212 |
-src_configure() { |
| 213 |
- econf \ |
| 214 |
- --localstatedir="${EPREFIX}"/var \ |
| 215 |
- --disable-static \ |
| 216 |
- --enable-man-pages \ |
| 217 |
- --disable-gtk-doc \ |
| 218 |
- $(use_enable systemd libsystemd-login) \ |
| 219 |
- $(use_enable introspection) \ |
| 220 |
- --disable-examples \ |
| 221 |
- $(use_enable nls) \ |
| 222 |
- $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \ |
| 223 |
- "$(systemd_with_unitdir)" \ |
| 224 |
- --with-authfw=$(usex pam pam shadow) \ |
| 225 |
- $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \ |
| 226 |
- --with-os-type=gentoo |
| 227 |
-} |
| 228 |
- |
| 229 |
-src_compile() { |
| 230 |
- default |
| 231 |
- |
| 232 |
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT |
| 233 |
- local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest' |
| 234 |
- local m='' |
| 235 |
- # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910 |
| 236 |
- has_version 'dev-lang/spidermonkey:17[jit]' && m='m' |
| 237 |
- # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags |
| 238 |
- use hppa && m='mr' |
| 239 |
- use ia64 && m='mr' |
| 240 |
- use mips && m='mr' |
| 241 |
- [ -n "$m" ] && pax-mark ${m} ${f} |
| 242 |
-} |
| 243 |
- |
| 244 |
-src_install() { |
| 245 |
- emake DESTDIR="${D}" install |
| 246 |
- |
| 247 |
- dodoc docs/TODO HACKING NEWS README |
| 248 |
- |
| 249 |
- fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d |
| 250 |
- |
| 251 |
- diropts -m0700 -o polkitd -g polkitd |
| 252 |
- keepdir /var/lib/polkit-1 |
| 253 |
- |
| 254 |
- if use examples; then |
| 255 |
- insinto /usr/share/doc/${PF}/examples |
| 256 |
- doins src/examples/{*.c,*.policy*} |
| 257 |
- fi |
| 258 |
- |
| 259 |
- prune_libtool_files |
| 260 |
-} |
| 261 |
- |
| 262 |
-pkg_postinst() { |
| 263 |
- chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d |
| 264 |
- chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1 |
| 265 |
-} |
Archives