commit: 7b63ecc28ba29ecf67bf377328ad2534a0a9968e
Author: Jory Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 26 13:37:13 2022 +0000
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Wed Jan 26 13:37:39 2022 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=7b63ecc2
sys-auth/polkit: meson fix, security bump
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Jory Pratt <anarchy <AT> gentoo.org>
sys-auth/polkit/Manifest | 2 -
sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 ---
...it-0.116-make-netgroup-support-optional-1.patch | 248 ---------------------
...it-0.116-make-netgroup-support-optional-2.patch | 219 ------------------
.../polkit/files/polkit-0.120-CVE-2021-4043.patch | 72 ++++++
sys-auth/polkit/files/polkit-0.120-meson.patch | 42 ++++
sys-auth/polkit/metadata.xml | 1 -
sys-auth/polkit/polkit-0.119-r2.ebuild | 141 ------------
...lkit-0.120-r1.ebuild => polkit-0.120-r2.ebuild} | 12 +-
9 files changed, 121 insertions(+), 644 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 14c82431..1125d650 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,4 +1,2 @@
-DIST polkit-0.118-duktape.patch 50144 BLAKE2B
83be77ed93596bd44306b8e5b677497c6e4dab3a16626a32849abb3d91b527ad1e3a1436dcd7389ca5794ea1d7efaa3d5acc950f868fcda85b4bab75ad54205a
SHA512
dec31b81678a5436ddeef633d668c735d3c7128d6b5fb7b5dda2d06e8cf40ce9093813e9fbc8870475321d6fcdef3395bf3dd0db7ed214f0f45b19bf47c8a867
-DIST polkit-0.119.tar.gz 1387409 BLAKE2B
aeb605598393d1cab40f7c77954008a0392600584c5fe8cc9acaa0e122418ee48b9cce0b6839189ea415277ff0ae4dbd5b7c71cb910aa349dcaf7e1f3f70ef06
SHA512
0260fb15da1c4c1f429e8223260981e64e297f1be8ced42f6910f09ea6581b8205aca06c9c601eb4a128acba2f468de0223118f96862ba769f95721894cf1578
DIST polkit-0.120-duktape-1.patch 127886 BLAKE2B
5ae791538ff576c01340a8eee197c0da580cf8a5afd5d0ba54526191edf68c16811debed981c540fcf2ad6fbf0d13f66c71c8ccd32560fda2f39aeb86cd15349
SHA512
bd3fb95a2e4151646859fef031f463fabd8c02bd24024f8269a74c171d70f8fc33de055193b2a0fb0c40fc459f01ec9a546cfdf1c90ef096ba8e5135d08be4a7
DIST polkit-0.120.tar.gz 1626659 BLAKE2B
745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9
SHA512
db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch
b/sys-auth/polkit/files/polkit-0.115-elogind.patch
deleted file mode 100644
index 93d67201..00000000
--- a/sys-auth/polkit/files/polkit-0.115-elogind.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
-From: Rasmus Thomsen <cogi...@exherbo.org>
-Date: Wed, 11 Apr 2018 13:14:14 +0200
-Subject: [PATCH] configure: fix elogind support
-
-HAVE_LIBSYSTEMD is used to determine which source files to use.
-We have to check if either have_libsystemd or have_libelogind is
-true, as both of these need the source files which are used when
-HAVE_LIBSYSTEMD is true.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 36df239..da47ecb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
-
- AC_SUBST(LIBSYSTEMD_CFLAGS)
- AC_SUBST(LIBSYSTEMD_LIBS)
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using
libsystemd])
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test
"$have_libelogind" = "yes" ], [Using libsystemd])
-
- dnl
---------------------------------------------------------------------------
- dnl - systemd unit / service files
---
-2.17.0
diff --git
a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
deleted file mode 100644
index 84f07f98..00000000
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-From 71e5409c931f8e69ef7e782d1c396c335a4c3f76 Mon Sep 17 00:00:00 2001
-From: A. Wilcox <awil...@wilcox-tech.com>
-Date: Mon, 20 May 2019 20:24:42 -0500
-Subject: [PATCH] On at least Linux/musl and Linux/uclibc, netgroup
-support is not available. PolKit fails to compile on these systems
-for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work. If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Closes polkit/polkit#14.
-Signed-off-by: A. Wilcox <awil...@wilcox-tech.com>
----
- configure.ac | 2 +-
- src/polkit/polkitidentity.c | 16 ++++++++++++++++
- src/polkit/polkitunixnetgroup.c | 3 +++
- .../polkitbackendinteractiveauthority.c | 14 ++++++++------
- src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++
- test/polkit/polkitidentitytest.c | 9 ++++++++-
- test/polkit/polkitunixnetgrouptest.c | 3 +++
- .../test-polkitbackendjsauthority.c | 2 ++
- 8 files changed, 43 insertions(+), 8 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5cedb4e..87aa0ad 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f..10e9c17 100644
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
-index 8a2b369..83f8d4a 100644
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c
b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8..36c2f3d 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity
*group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name,
g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity
*group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp
b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 9b752d1..09b2878 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS_free (cx, netgroup);
- JS_free (cx, user);
-+#endif
-
- ret = true;
-
-diff --git a/test/polkit/polkitidentitytest.c
b/test/polkit/polkitidentitytest.c
-index e91967b..e829aaa 100644
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhol...@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane",
test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users",
test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string",
"unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant",
"unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root",
test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root",
test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant",
"unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
-diff --git a/test/polkit/polkitunixnetgrouptest.c
b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1..e3352eb 100644
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhol...@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c
b/test/polkitbackend/test-polkitbackendjsauthority.c
-index 71aad23..fdd28f3 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
---
-2.21.0
-
diff --git
a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
deleted file mode 100644
index aef30ef6..00000000
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 4809dc9..d1ea325 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f..793f17d 100644
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
-+
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret = polkit_unix_netgroup_new (name);
- g_variant_unref (v);
-+#endif
- }
- else
- {
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
-index 8a2b369..83f8d4a 100644
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_assert_not_reached();
-+#endif
- g_return_val_if_fail (name != NULL, NULL);
- return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
- "name", name,
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c
b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8..36c2f3d 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity
*group,
- GList *ret;
-
- ret = NULL;
-+#ifdef HAVE_SETNETGRENT
- name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
- if (setnetgrent (name) == 0)
- {
- g_warning ("Error looking up net group with name %s: %s", name,
g_strerror (errno));
- goto out;
- }
--#else
-+# else
- setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
-
- for (;;)
- {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
- const char *hostname, *username, *domainname;
--#else
-+# else
- char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
- PolkitIdentity *user;
- GError *error = NULL;
-
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity
*group,
-
- out:
- endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
- return ret;
- }
-
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp
b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 1d91103..366cbdf 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-
- JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-
-+#ifdef HAVE_SETNETGRENT
- JS::RootedString usrstr (authority->priv->cx);
- usrstr = args[0].toString();
- user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
- {
- is_in_netgroup = true;
- }
-+#endif
-
- ret = true;
-
-diff --git a/test/polkit/polkitidentitytest.c
b/test/polkit/polkitidentitytest.c
-index e91967b..e829aaa 100644
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhol...@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
- {"unix-group:root", "unix-group:jane", FALSE},
- {"unix-group:jane", "unix-group:jane", TRUE},
-
-+#ifdef HAVE_SETNETGRENT
- {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
- {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
-
- {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
- {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
-
- {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
- g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane",
test_string);
- g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users",
test_string);
-
-+#ifdef HAVE_SETNETGRENT
- g_test_add_data_func ("/PolkitIdentity/netgroup_string",
"unix-netgroup:foo", test_string);
-+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant",
"unix-netgroup:foo", test_gvariant);
-+#endif
-
- g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root",
test_gvariant);
- g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root",
test_gvariant);
-- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant",
"unix-netgroup:foo", test_gvariant);
-
- add_comparison_tests ();
-
-diff --git a/test/polkit/polkitunixnetgrouptest.c
b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1..e3352eb 100644
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
- * Author: Nikki VonHollen <vonhol...@google.com>
- */
-
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
- g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
- g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
- g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
- return g_test_run ();
- }
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c
b/test/polkitbackend/test-polkitbackendjsauthority.c
-index 71aad23..fdd28f3 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
- "unix-group:users"
- }
- },
-+#ifdef HAVE_SETNETGRENT
- {
- "net.company.action3",
- {
- "unix-netgroup:foo"
- }
- },
-+#endif
- };
- guint n;
-
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
new file mode 100644
index 00000000..22bb71d1
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
@@ -0,0 +1,72 @@
+https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+https://bugs.gentoo.org/832057
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
+
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jry...@redhat.com>
+Date: Tue, 25 Jan 2022 17:21:46 +0000
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
+
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+ local_agent_handle = NULL;
+ ret = 126;
+
++ if (argc < 1)
++ {
++ exit(126);
++ }
++
+ /* Disable remote file access from GIO. */
+ setenv ("GIO_USE_VFS", "local", 1);
+
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+ pid_t pid_of_caller;
+ gpointer local_agent_handle;
+
++
++ /*
++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't
be nice, just bail out.
++ */
++ if (argc<1)
++ {
++ exit(127);
++ }
++
+ ret = 127;
+ authority = NULL;
+ subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+
+ path = g_strdup (pwstruct.pw_shell);
+ if (!path)
+- {
++ {
+ g_printerr ("No shell configured or error retrieving pw_shell\n");
+ goto out;
+- }
++ }
+ /* If you change this, be sure to change the if (!command_line)
+ case below too */
+ command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+ goto out;
+ }
+ g_free (path);
+- argv[n] = path = s;
++ path = s;
++
++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be
null-terminated.
++ * /-less shell shouldn't happen, but let's be defensive and don't
write to null-termination
++ */
++ if (argv[n] != NULL)
++ {
++ argv[n] = path;
++ }
+ }
+ if (access (path, F_OK) != 0)
+ {
+GitLab
diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch
b/sys-auth/polkit/files/polkit-0.120-meson.patch
new file mode 100644
index 00000000..5e144688
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-meson.patch
@@ -0,0 +1,42 @@
+From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <s...@debian.org>
+Date: Mon, 25 Oct 2021 20:21:27 +0100
+Subject: [PATCH] Don't pass positional parameters to i18n.merge_file
+
+These were always ignored, and Meson 0.60.0 disallowed them.
+
+Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160
+Reference: https://github.com/mesonbuild/meson/pull/9445
+Signed-off-by: Simon McVittie <s...@debian.org>
+---
+ actions/meson.build | 1 -
+ src/examples/meson.build | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/actions/meson.build b/actions/meson.build
+index 2abaaf3..1e3f370 100644
+--- a/actions/meson.build
++++ b/actions/meson.build
+@@ -1,7 +1,6 @@
+ policy = 'org.freedesktop.policykit.policy'
+
+ i18n.merge_file(
+- policy,
+ input: policy + '.in',
+ output: '@BASENAME@',
+ po_dir: po_dir,
+diff --git a/src/examples/meson.build b/src/examples/meson.build
+index c6305ab..8c18de5 100644
+--- a/src/examples/meson.build
++++ b/src/examples/meson.build
+@@ -1,7 +1,6 @@
+ policy = 'org.freedesktop.policykit.examples.pkexec.policy'
+
+ i18n.merge_file(
+- policy,
+ input: policy + '.in',
+ output: '@BASENAME@',
+ po_dir: po_dir,
+--
+GitLab
+
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index f23bd9f8..23b3540b 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -6,7 +6,6 @@
</maintainer>
<use>
<flag name="duktape">Use<pkg>dev-lang/duktape</pkg> for
javascript engine</flag>
- <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for
session tracking</flag>
<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for
session tracking</flag>
</use>
</pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.119-r2.ebuild
b/sys-auth/polkit/polkit-0.119-r2.ebuild
deleted file mode 100644
index 32f1c305..00000000
--- a/sys-auth/polkit/polkit-0.119-r2.ebuild
+++ /dev/null
@@ -1,141 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide
services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit
https://gitlab.freedesktop.org/polkit/polkit";
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz
- https://dev.gentoo.org/~anarchy/dist/polkit-0.118-duktape.patch";
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~mips ppc64 x86"
-IUSE="duktape elogind examples gtk +introspection kde nls pam selinux systemd
test"
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="^^ ( elogind systemd )"
-
-BDEPEND="
- acct-user/polkitd
- app-text/docbook-xml-dtd:4.1.2
- app-text/docbook-xsl-stylesheets
- dev-libs/glib
- dev-libs/gobject-introspection-common
- dev-libs/libxslt
- dev-util/glib-utils
- dev-util/gtk-doc-am
- dev-util/intltool
- sys-devel/gettext
- virtual/pkgconfig
- introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
- duktape? ( dev-lang/duktape )
- !duktape? ( dev-lang/spidermonkey:78[-debug] )
- dev-libs/glib:2
- dev-libs/expat
- elogind? ( sys-auth/elogind )
- pam? (
- sys-auth/pambase
- sys-libs/pam
- )
- !pam? ( virtual/libcrypt:= )
- systemd? ( sys-apps/systemd:0=[policykit] )
-"
-RDEPEND="${DEPEND}
- acct-user/polkitd
- selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
- gtk? ( || (
- >=gnome-extra/polkit-gnome-0.105
- >=lxde-base/lxsession-0.5.2
- ) )
- kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-PATCHES=(
- "${DISTDIR}"/${PN}-0.118-duktape.patch
- "${FILESDIR}"/${PN}-0.115-elogind.patch # bug 660880
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
-)
-
-QA_MULTILIB_PATHS="
- usr/lib/polkit-1/polkit-agent-helper-1
- usr/lib/polkit-1/polkitd"
-
-src_prepare() {
- default
-
- sed -i -e 's|unix-group:wheel|unix-user:0|'
src/polkitbackend/*-default.rules || die #401513
-
- # Workaround upstream hack around standard gtk-doc behavior, bug #552170
- sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
- -e '/install-data-local:/,/uninstall-local:/
s/@ENABLE_GTK_DOC_TRUE@//' \
- -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
- docs/polkit/Makefile.in || die
-
- # disable broken test - bug #624022
- sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
-
- # Fix cross-building, bug #590764, elogind patch, bug #598615
- eautoreconf
-}
-
-src_configure() {
- xdg_environment_reset
-
- local myeconfargs=(
- --localstatedir="${EPREFIX}"/var
- --disable-static
- --enable-man-pages
- --disable-gtk-doc
- --disable-examples
- $(use_enable elogind libelogind)
- $(use_enable introspection)
- $(use_enable nls)
- $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
- --with-authfw=$(usex pam pam shadow)
- $(use_enable systemd libsystemd-login)
- --with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
- $(use_enable test)
- --with-os-type=gentoo
- )
-
- if use duktape; then
- myeconfargs+=( --with-duktape )
- fi
-
- econf "${myeconfargs[@]}"
-}
-
-src_compile() {
- default
-
- # Required for polkitd on hardened/PaX due to spidermonkey's JIT
- pax-mark mr src/polkitbackend/.libs/polkitd
test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
- default
-
- if use examples; then
- docinto examples
- dodoc src/examples/{*.c,*.policy*}
- fi
-
- diropts -m 0700 -o polkitd
- keepdir /usr/share/polkit-1/rules.d
-
- find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
- chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
- chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
diff --git a/sys-auth/polkit/polkit-0.120-r1.ebuild
b/sys-auth/polkit/polkit-0.120-r2.ebuild
similarity index 89%
rename from sys-auth/polkit/polkit-0.120-r1.ebuild
rename to sys-auth/polkit/polkit-0.120-r2.ebuild
index a75f950a..24b53b1f 100644
--- a/sys-auth/polkit/polkit-0.120-r1.ebuild
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -56,11 +56,6 @@ PDEPEND="
kde? ( kde-plasma/polkit-kde-agent )
"
-PATCHES=(
- "${DISTDIR}"/${PN}-0.120-duktape-1.patch
- "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
-)
-
DOCS=( docs/TODO HACKING NEWS README )
QA_MULTILIB_PATHS="
@@ -68,6 +63,12 @@ QA_MULTILIB_PATHS="
usr/lib/polkit-1/polkitd"
src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}/polkit-0.120-meson.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+ "${DISTDIR}"/${PN}-0.120-duktape-1.patch
+ "${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+ )
default
sed -i -e 's|unix-group:wheel|unix-user:0|'
src/polkitbackend/*-default.rules || die #401513
@@ -114,6 +115,7 @@ src_install() {
# meson does not install required files with SUID bit. See
# https://bugs.gentoo.org/816393
# Remove the following lines once this has been fixed by upstream
+ # (should be fixed in next release:
https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
fperms u+s /usr/bin/pkexec
fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
}
