Date: Tuesday, October 4, 2016 @ 18:50:12 Author: heftig Revision: 277708
0.11+6+g417bb7d-1 Modified: rtkit/trunk/PKGBUILD Deleted: rtkit/trunk/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch rtkit/trunk/libsystemd.patch rtkit/trunk/systemd205.patch --------------------------------------------------+ 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch | 48 ----------------- PKGBUILD | 35 ++++++------ libsystemd.patch | 57 --------------------- systemd205.patch | 16 ----- 4 files changed, 17 insertions(+), 139 deletions(-) Deleted: 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch =================================================================== --- 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2016-10-04 18:37:09 UTC (rev 277707) +++ 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch 2016-10-04 18:50:12 UTC (rev 277708) @@ -1,48 +0,0 @@ -From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001 -From: Colin Walters <[email protected]> -Date: Thu, 22 Aug 2013 16:05:22 -0400 -Subject: [PATCH] [SECURITY] Pass uid of caller to polkit - -Otherwise, we force polkit to look up the uid itself in /proc, which -is racy if they execve() a setuid binary. ---- - rtkit-daemon.c | 11 ++++++++++- - 1 files changed, 10 insertions(+), 1 deletions(-) - -diff --git a/rtkit-daemon.c b/rtkit-daemon.c -index 2ebe673..3ecc1f7 100644 ---- a/rtkit-daemon.c -+++ b/rtkit-daemon.c -@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process - DBusMessage *m = NULL, *r = NULL; - const char *unix_process = "unix-process"; - const char *pid = "pid"; -+ const char *uid = "uid"; - const char *start_time = "start-time"; - const char *cancel_id = ""; - uint32_t flags = 0; - uint32_t pid_u32 = p->pid; -- uint64_t start_time_u64 = p->starttime; -+ uint32_t uid_u32 = (uint32_t)u->uid; - DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant; -+ uint64_t start_time_u64 = p->starttime; - int ret; - dbus_bool_t authorized = FALSE; - -@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process - assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant)); - assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict)); - -+ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict)); -+ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid)); -+ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant)); -+ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32)); -+ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant)); -+ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict)); -+ - assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array)); - assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct)); - --- -1.7.1 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-10-04 18:37:09 UTC (rev 277707) +++ PKGBUILD 2016-10-04 18:50:12 UTC (rev 277708) @@ -3,32 +3,31 @@ # Contributor: Corrado Primier <[email protected]> pkgname=rtkit -pkgver=0.11 -pkgrel=5 +pkgver=0.11+6+g417bb7d +pkgrel=1 pkgdesc="Realtime Policy and Watchdog Daemon" arch=(i686 x86_64) -url="http://git.0pointer.de/?p=rtkit.git"; -license=(GPL 'custom:BSD') +url="https://github.com/heftig/rtkit"; +license=(GPL3 'custom:BSD') depends=(dbus polkit systemd) +makedepends=(git) install=rtkit.install -source=(http://0pointer.de/public/$pkgname-$pkgver.tar.xz - libsystemd.patch systemd205.patch - 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch) -md5sums=('a96c33b9827de66033d2311f82d79a5d' - '35089c0a284005f4abcf45168415857e' - '95195a70551057aca833da6bdbf2e35b' - '70df212cba2a6366ff960b60d55858d3') +_commit=417bb7d79b39ebf7dc799f2b4da62e3996b65542 # master +source=("git+https://github.com/heftig/rtkit#commit=$_commit";) +sha256sums=('SKIP') +pkgver() { + cd $pkgname + git describe --tags | sed 's/^v//;s/-/+/g' +} + prepare() { - cd $pkgname-$pkgver - patch -Np1 -i ../libsystemd.patch - patch -Np1 -i ../systemd205.patch - patch -Np1 -i ../0001-SECURITY-Pass-uid-of-caller-to-polkit.patch - autoreconf -fi + cd $pkgname + ./autogen.sh } build() { - cd $pkgname-$pkgver + cd $pkgname ./configure \ --prefix=/usr \ --sbindir=/usr/bin \ @@ -41,7 +40,7 @@ } package() { - cd $pkgname-$pkgver + cd $pkgname make DESTDIR="$pkgdir" install install -Dm644 org.freedesktop.RealtimeKit1.xml \ Deleted: libsystemd.patch =================================================================== --- libsystemd.patch 2016-10-04 18:37:09 UTC (rev 277707) +++ libsystemd.patch 2016-10-04 18:50:12 UTC (rev 277708) @@ -1,57 +0,0 @@ -diff -u -r rtkit-0.11/configure.ac rtkit-0.11-sd/configure.ac ---- rtkit-0.11/configure.ac 2012-05-15 15:25:40.000000000 +0200 -+++ rtkit-0.11-sd/configure.ac 2013-05-13 08:12:17.616825455 +0200 -@@ -115,6 +115,7 @@ - AC_SEARCH_LIBS([cap_init], [cap]) - - PKG_CHECK_MODULES(DBUS, dbus-1) -+PKG_CHECK_MODULES(LIBSYSTEMD_DAEMON, libsystemd-daemon) - - AC_ARG_WITH([systemdsystemunitdir], - AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), -diff -u -r rtkit-0.11/Makefile.am rtkit-0.11-sd/Makefile.am ---- rtkit-0.11/Makefile.am 2012-05-15 15:38:05.000000000 +0200 -+++ rtkit-0.11-sd/Makefile.am 2013-05-13 08:12:18.086822253 +0200 -@@ -56,13 +56,14 @@ - endif - - rtkit_daemon_SOURCES = \ -- rtkit-daemon.c rtkit.h \ -- sd-daemon.c sd-daemon.h -+ rtkit-daemon.c rtkit.h - rtkit_daemon_LDADD = \ -- $(DBUS_LIBS) -+ $(DBUS_LIBS) \ -+ $(LIBSYSTEMD_DAEMON_LIBS) - rtkit_daemon_CFLAGS = \ - $(AM_CFLAGS) \ -- $(DBUS_CFLAGS) -+ $(DBUS_CFLAGS) \ -+ $(LIBSYSTEMD_DAEMON_CFLAGS) - - rtkitctl_SOURCES = \ - rtkitctl.c rtkit.h -@@ -93,7 +94,3 @@ - - DISTCHECK_CONFIGURE_FLAGS = \ - --with-systemdsystemunitdir=$$dc_install_base/$(systemdsystemunitdir) -- --update-systemd: -- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/libsystemd-daemon/sd-daemon.c > sd-daemon.c -- curl http://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-daemon.h > sd-daemon.h -diff -u -r rtkit-0.11/rtkit-daemon.c rtkit-0.11-sd/rtkit-daemon.c ---- rtkit-0.11/rtkit-daemon.c 2012-05-15 15:25:40.000000000 +0200 -+++ rtkit-0.11-sd/rtkit-daemon.c 2013-05-13 08:13:07.933149359 +0200 -@@ -50,9 +50,9 @@ - #include <dirent.h> - #include <syslog.h> - #include <grp.h> -+#include <systemd/sd-daemon.h> - - #include "rtkit.h" --#include "sd-daemon.h" - - #ifndef __linux__ - #error "This stuff only works on Linux!" -Only in rtkit-0.11: sd-daemon.c -Only in rtkit-0.11: sd-daemon.h Deleted: systemd205.patch =================================================================== --- systemd205.patch 2016-10-04 18:37:09 UTC (rev 277707) +++ systemd205.patch 2016-10-04 18:50:12 UTC (rev 277708) @@ -1,16 +0,0 @@ -diff -u -r rtkit-0.11/rtkit-daemon.service.in rtkit-0.11-sd205/rtkit-daemon.service.in ---- rtkit-0.11/rtkit-daemon.service.in 2012-05-15 15:25:40.000000000 +0200 -+++ rtkit-0.11-sd205/rtkit-daemon.service.in 2013-07-25 10:27:37.790884664 +0200 -@@ -24,12 +24,7 @@ - BusName=org.freedesktop.RealtimeKit1 - NotifyAccess=main - CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CHROOT CAP_SETGID CAP_SETUID --PrivateTmp=yes - PrivateNetwork=yes - --# Work around the fact that the Linux currently doesn't assign any RT --# budget to CPU control groups that have none configured explicitly --ControlGroup=cpu:/ -- - [Install] - WantedBy=graphical.target
