1 |
commit: 39260d199cae8fef3dbb66db4b37377e92378f99 |
2 |
Author: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jan 2 10:14:00 2016 +0000 |
4 |
Commit: Gilles Dartiguelongue <eva <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jan 2 10:14:00 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39260d19 |
7 |
|
8 |
sys-auth/polkit: drop old revision, bug #555666 |
9 |
|
10 |
Package-Manager: portage-2.2.26 |
11 |
|
12 |
sys-auth/polkit/Manifest | 1 - |
13 |
...dle-invalid-object-paths-in-RegisterAuthe.patch | 106 ------------------ |
14 |
sys-auth/polkit/polkit-0.112-r3.ebuild | 122 --------------------- |
15 |
3 files changed, 229 deletions(-) |
16 |
|
17 |
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest |
18 |
index 2add7c3..6b6923d 100644 |
19 |
--- a/sys-auth/polkit/Manifest |
20 |
+++ b/sys-auth/polkit/Manifest |
21 |
@@ -1,2 +1 @@ |
22 |
-DIST polkit-0.112.tar.gz 1429240 SHA256 d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 SHA512 e4ad1bd287b38e5650cb94b1897a959b2ceaa6c19b4478ba872eacb13b58758fd42f6ab1718976162d823d850cd5c99b3ccadf1b57d75dea7790101422029d5f WHIRLPOOL af5dd0a17b7356302b0319e80565d6ac916128dfc85b6e2711147f3de86651f11fe8d08f3d6067d7abd24e263be92403f9d8f46935ba93db571e386a603a038a |
23 |
DIST polkit-0.113.tar.gz 1448865 SHA256 e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9 WHIRLPOOL 106db7e6085a4ce49da44929138671eff2fd6007c80533518abe2d91ede9242b1e3cd0a1801190eeac5d4d5c1e978a30a18e47a6b604497b38853fa60c935a81 |
24 |
|
25 |
diff --git a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch |
26 |
deleted file mode 100644 |
27 |
index 5ceb2de..0000000 |
28 |
--- a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch |
29 |
+++ /dev/null |
30 |
@@ -1,106 +0,0 @@ |
31 |
-From 9e074421d5623b6962dc66994d519012b40334b9 Mon Sep 17 00:00:00 2001 |
32 |
-From: Colin Walters <walters@××××××.org> |
33 |
-Date: Sat, 30 May 2015 09:06:23 -0400 |
34 |
-Subject: [PATCH] backend: Handle invalid object paths in |
35 |
- RegisterAuthenticationAgent |
36 |
- |
37 |
-Properly propagate the error, otherwise we dereference a `NULL` |
38 |
-pointer. This is a local, authenticated DoS. |
39 |
- |
40 |
-Reported-by: Tavis Ormandy <taviso@××××××.com> |
41 |
-Signed-off-by: Colin Walters <walters@××××××.org> |
42 |
---- |
43 |
- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- |
44 |
- 1 file changed, 30 insertions(+), 23 deletions(-) |
45 |
- |
46 |
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
47 |
-index 59028d5..f45fdf1 100644 |
48 |
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
49 |
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
50 |
-@@ -1551,36 +1551,42 @@ authentication_agent_new (PolkitSubject *scope, |
51 |
- const gchar *unique_system_bus_name, |
52 |
- const gchar *locale, |
53 |
- const gchar *object_path, |
54 |
-- GVariant *registration_options) |
55 |
-+ GVariant *registration_options, |
56 |
-+ GError **error) |
57 |
- { |
58 |
- AuthenticationAgent *agent; |
59 |
-- GError *error; |
60 |
-+ GDBusProxy *proxy; |
61 |
- |
62 |
-- agent = g_new0 (AuthenticationAgent, 1); |
63 |
-+ if (!g_variant_is_object_path (object_path)) |
64 |
-+ { |
65 |
-+ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, |
66 |
-+ "Invalid object path '%s'", object_path); |
67 |
-+ return NULL; |
68 |
-+ } |
69 |
-+ |
70 |
-+ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, |
71 |
-+ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | |
72 |
-+ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, |
73 |
-+ NULL, /* GDBusInterfaceInfo* */ |
74 |
-+ unique_system_bus_name, |
75 |
-+ object_path, |
76 |
-+ "org.freedesktop.PolicyKit1.AuthenticationAgent", |
77 |
-+ NULL, /* GCancellable* */ |
78 |
-+ error); |
79 |
-+ if (proxy == NULL) |
80 |
-+ { |
81 |
-+ g_prefix_error (error, "Failed to construct proxy for agent: " ); |
82 |
-+ return NULL; |
83 |
-+ } |
84 |
- |
85 |
-+ agent = g_new0 (AuthenticationAgent, 1); |
86 |
- agent->ref_count = 1; |
87 |
- agent->scope = g_object_ref (scope); |
88 |
- agent->object_path = g_strdup (object_path); |
89 |
- agent->unique_system_bus_name = g_strdup (unique_system_bus_name); |
90 |
- agent->locale = g_strdup (locale); |
91 |
- agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; |
92 |
-- |
93 |
-- error = NULL; |
94 |
-- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, |
95 |
-- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | |
96 |
-- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, |
97 |
-- NULL, /* GDBusInterfaceInfo* */ |
98 |
-- agent->unique_system_bus_name, |
99 |
-- agent->object_path, |
100 |
-- "org.freedesktop.PolicyKit1.AuthenticationAgent", |
101 |
-- NULL, /* GCancellable* */ |
102 |
-- &error); |
103 |
-- if (agent->proxy == NULL) |
104 |
-- { |
105 |
-- g_warning ("Error constructing proxy for agent: %s", error->message); |
106 |
-- g_error_free (error); |
107 |
-- /* TODO: Make authentication_agent_new() return NULL and set a GError */ |
108 |
-- } |
109 |
-+ agent->proxy = proxy; |
110 |
- |
111 |
- return agent; |
112 |
- } |
113 |
-@@ -2383,8 +2389,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken |
114 |
- caller_cmdline = NULL; |
115 |
- agent = NULL; |
116 |
- |
117 |
-- /* TODO: validate that object path is well-formed */ |
118 |
-- |
119 |
- interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); |
120 |
- priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); |
121 |
- |
122 |
-@@ -2471,7 +2475,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken |
123 |
- polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), |
124 |
- locale, |
125 |
- object_path, |
126 |
-- options); |
127 |
-+ options, |
128 |
-+ error); |
129 |
-+ if (!agent) |
130 |
-+ goto out; |
131 |
- |
132 |
- g_hash_table_insert (priv->hash_scope_to_authentication_agent, |
133 |
- g_object_ref (subject), |
134 |
--- |
135 |
-1.8.3.1 |
136 |
- |
137 |
|
138 |
diff --git a/sys-auth/polkit/polkit-0.112-r3.ebuild b/sys-auth/polkit/polkit-0.112-r3.ebuild |
139 |
deleted file mode 100644 |
140 |
index 873670c..0000000 |
141 |
--- a/sys-auth/polkit/polkit-0.112-r3.ebuild |
142 |
+++ /dev/null |
143 |
@@ -1,122 +0,0 @@ |
144 |
-# Copyright 1999-2015 Gentoo Foundation |
145 |
-# Distributed under the terms of the GNU General Public License v2 |
146 |
-# $Id$ |
147 |
- |
148 |
-EAPI=5 |
149 |
-inherit eutils multilib pam pax-utils systemd user |
150 |
- |
151 |
-DESCRIPTION="Policy framework for controlling privileges for system-wide services" |
152 |
-HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit" |
153 |
-SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" |
154 |
- |
155 |
-LICENSE="LGPL-2" |
156 |
-SLOT="0" |
157 |
-KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86" |
158 |
-IUSE="examples gtk +introspection jit kde nls pam selinux systemd" |
159 |
- |
160 |
-CDEPEND=" |
161 |
- ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) |
162 |
- hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) |
163 |
- mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) |
164 |
- !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) ) |
165 |
- >=dev-libs/glib-2.32 |
166 |
- >=dev-libs/expat-2:= |
167 |
- introspection? ( >=dev-libs/gobject-introspection-1 ) |
168 |
- pam? ( |
169 |
- sys-auth/pambase |
170 |
- virtual/pam |
171 |
- ) |
172 |
- systemd? ( sys-apps/systemd:0= )" |
173 |
-DEPEND="${CDEPEND} |
174 |
- app-text/docbook-xml-dtd:4.1.2 |
175 |
- app-text/docbook-xsl-stylesheets |
176 |
- dev-libs/libxslt |
177 |
- dev-util/intltool |
178 |
- virtual/pkgconfig" |
179 |
-RDEPEND="${CDEPEND} |
180 |
- selinux? ( sec-policy/selinux-policykit ) |
181 |
-" |
182 |
-PDEPEND=" |
183 |
- gtk? ( || ( |
184 |
- >=gnome-extra/polkit-gnome-0.105 |
185 |
- lxde-base/lxpolkit |
186 |
- ) ) |
187 |
- kde? ( || ( |
188 |
- kde-plasma/polkit-kde-agent |
189 |
- sys-auth/polkit-kde-agent |
190 |
- ) ) |
191 |
- !systemd? ( sys-auth/consolekit[policykit] )" |
192 |
- |
193 |
-QA_MULTILIB_PATHS=" |
194 |
- usr/lib/polkit-1/polkit-agent-helper-1 |
195 |
- usr/lib/polkit-1/polkitd" |
196 |
- |
197 |
-pkg_setup() { |
198 |
- local u=polkitd |
199 |
- local g=polkitd |
200 |
- local h=/var/lib/polkit-1 |
201 |
- |
202 |
- enewgroup ${g} |
203 |
- enewuser ${u} -1 -1 ${h} ${g} |
204 |
- esethome ${u} ${h} |
205 |
-} |
206 |
- |
207 |
-src_prepare() { |
208 |
- epatch "${FILESDIR}/${PN}-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch" # bug 551316 |
209 |
- sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 |
210 |
-} |
211 |
- |
212 |
-src_configure() { |
213 |
- econf \ |
214 |
- --localstatedir="${EPREFIX}"/var \ |
215 |
- --disable-static \ |
216 |
- --enable-man-pages \ |
217 |
- --disable-gtk-doc \ |
218 |
- $(use_enable systemd libsystemd-login) \ |
219 |
- $(use_enable introspection) \ |
220 |
- --disable-examples \ |
221 |
- $(use_enable nls) \ |
222 |
- $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \ |
223 |
- "$(systemd_with_unitdir)" \ |
224 |
- --with-authfw=$(usex pam pam shadow) \ |
225 |
- $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \ |
226 |
- --with-os-type=gentoo |
227 |
-} |
228 |
- |
229 |
-src_compile() { |
230 |
- default |
231 |
- |
232 |
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT |
233 |
- local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest' |
234 |
- local m='' |
235 |
- # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910 |
236 |
- has_version 'dev-lang/spidermonkey:17[jit]' && m='m' |
237 |
- # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags |
238 |
- use hppa && m='mr' |
239 |
- use ia64 && m='mr' |
240 |
- use mips && m='mr' |
241 |
- [ -n "$m" ] && pax-mark ${m} ${f} |
242 |
-} |
243 |
- |
244 |
-src_install() { |
245 |
- emake DESTDIR="${D}" install |
246 |
- |
247 |
- dodoc docs/TODO HACKING NEWS README |
248 |
- |
249 |
- fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d |
250 |
- |
251 |
- diropts -m0700 -o polkitd -g polkitd |
252 |
- keepdir /var/lib/polkit-1 |
253 |
- |
254 |
- if use examples; then |
255 |
- insinto /usr/share/doc/${PF}/examples |
256 |
- doins src/examples/{*.c,*.policy*} |
257 |
- fi |
258 |
- |
259 |
- prune_libtool_files |
260 |
-} |
261 |
- |
262 |
-pkg_postinst() { |
263 |
- chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d |
264 |
- chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1 |
265 |
-} |