perfinion 15/06/06 08:52:19 Modified: ChangeLog Added: polkit-0.112-r3.ebuild Log: fix bug 551316 CVE-2015-3218: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0x7EF137EC935B0EAF)
Revision Changes Path 1.193 sys-auth/polkit/ChangeLog file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/polkit/ChangeLog?rev=1.193&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/polkit/ChangeLog?rev=1.193&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/polkit/ChangeLog?r1=1.192&r2=1.193 Index: ChangeLog =================================================================== RCS file: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v retrieving revision 1.192 retrieving revision 1.193 diff -u -r1.192 -r1.193 --- ChangeLog 3 Mar 2015 09:56:07 -0000 1.192 +++ ChangeLog 6 Jun 2015 08:52:19 -0000 1.193 @@ -1,6 +1,14 @@ # ChangeLog for sys-auth/polkit # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.192 2015/03/03 09:56:07 dlan Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.193 2015/06/06 08:52:19 perfinion Exp $ + +*polkit-0.112-r3 (06 Jun 2015) + + 06 Jun 2015; Jason Zaman <[email protected]> +files/polkit-0.112-0001-backe + nd-Handle-invalid-object-paths-in-RegisterAuthe.patch, + +polkit-0.112-r3.ebuild: + fix bug 551316 CVE-2015-3218: crash authentication_agent_new with invalid + object path in RegisterAuthenticationAgent 03 Mar 2015; Yixun Lan <[email protected]> polkit-0.110.ebuild: add arm64 support, tested on A53 board 1.1 sys-auth/polkit/polkit-0.112-r3.ebuild file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/polkit/polkit-0.112-r3.ebuild?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/polkit/polkit-0.112-r3.ebuild?rev=1.1&content-type=text/plain Index: polkit-0.112-r3.ebuild =================================================================== # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/polkit-0.112-r3.ebuild,v 1.1 2015/06/06 08:52:19 perfinion Exp $ EAPI=5 inherit eutils multilib pam pax-utils systemd user DESCRIPTION="Policy framework for controlling privileges for system-wide services" HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"; SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"; LICENSE="LGPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" IUSE="examples gtk +introspection jit kde nls pam selinux systemd" CDEPEND=" ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) ) >=dev-libs/glib-2.32 >=dev-libs/expat-2:= introspection? ( >=dev-libs/gobject-introspection-1 ) pam? ( sys-auth/pambase virtual/pam ) systemd? ( sys-apps/systemd:0= )" DEPEND="${CDEPEND} app-text/docbook-xml-dtd:4.1.2 app-text/docbook-xsl-stylesheets dev-libs/libxslt dev-util/intltool virtual/pkgconfig" RDEPEND="${CDEPEND} selinux? ( sec-policy/selinux-policykit ) " PDEPEND=" gtk? ( || ( >=gnome-extra/polkit-gnome-0.105 lxde-base/lxpolkit ) ) kde? ( || ( kde-plasma/polkit-kde-agent sys-auth/polkit-kde-agent ) ) !systemd? ( sys-auth/consolekit[policykit] )" QA_MULTILIB_PATHS=" usr/lib/polkit-1/polkit-agent-helper-1 usr/lib/polkit-1/polkitd" pkg_setup() { local u=polkitd local g=polkitd local h=/var/lib/polkit-1 enewgroup ${g} enewuser ${u} -1 -1 ${h} ${g} esethome ${u} ${h} } src_prepare() { epatch "${FILESDIR}/${PN}-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch" # bug 551316 sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 } src_configure() { econf \ --localstatedir="${EPREFIX}"/var \ --disable-static \ --enable-man-pages \ --disable-gtk-doc \ $(use_enable systemd libsystemd-login) \ $(use_enable introspection) \ --disable-examples \ $(use_enable nls) \ $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \ "$(systemd_with_unitdir)" \ --with-authfw=$(usex pam pam shadow) \ $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \ --with-os-type=gentoo } src_compile() { default # Required for polkitd on hardened/PaX due to spidermonkey's JIT local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest' local m='' # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910 has_version 'dev-lang/spidermonkey:17[jit]' && m='m' # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags use hppa && m='mr' use ia64 && m='mr' use mips && m='mr' [ -n "$m" ] && pax-mark ${m} ${f} } src_install() { emake DESTDIR="${D}" install dodoc docs/TODO HACKING NEWS README fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d diropts -m0700 -o polkitd -g polkitd keepdir /var/lib/polkit-1 if use examples; then insinto /usr/share/doc/${PF}/examples doins src/examples/{*.c,*.policy*} fi prune_libtool_files } pkg_postinst() { chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1 }
