[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 1521587bb323049922809b7756705792564041a7
Author: Kostadin Shishmanov tutanota com>
AuthorDate: Fri May 3 11:37:06 2024 +
Commit: Sam James gentoo org>
CommitDate: Fri May 3 12:12:54 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1521587b
sys-auth/polkit: fix tests
Reenable tests with FEATURES="test" and backport test build error fix
for C99 compilers.
Bug: https://bugs.gentoo.org/925440
Signed-off-by: Kostadin Shishmanov tutanota.com>
Closes: https://github.com/gentoo/gentoo/pull/36527
Signed-off-by: Sam James gentoo.org>
sys-auth/polkit/files/polkit-124-c99-fixes.patch | 111 +++
sys-auth/polkit/polkit-124-r1.ebuild | 13 +--
2 files changed, 113 insertions(+), 11 deletions(-)
diff --git a/sys-auth/polkit/files/polkit-124-c99-fixes.patch
b/sys-auth/polkit/files/polkit-124-c99-fixes.patch
new file mode 100644
index ..00d3cbbd2664
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-c99-fixes.patch
@@ -0,0 +1,111 @@
+https://bugs.gentoo.org/925440
+https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5
+
+From: Vincent Mihalkovic
+Date: Fri, 8 Mar 2024 14:04:33 +0100
+Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file
+ where it is used
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes build error with GCC >= 14 and clang >= 17,
+failing on:
+```
+../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit
declaration of function ‘print_indent’ [-Wimplicit-function-declaration]
+ 25 | print_indent(stream, indent);
+ | ^~~~
+```
+
+Closes: #6
+---
+ subprojects/mocklibc.wrap | 2 +
+ .../packagefiles/mocklibc-print-indent.diff | 68 +++
+ 2 files changed, 70 insertions(+)
+ create mode 100644 subprojects/packagefiles/mocklibc-print-indent.diff
+
+diff --git a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap
+index af82298..539ee83 100644
+--- a/subprojects/mocklibc.wrap
b/subprojects/mocklibc.wrap
+@@ -8,3 +8,5 @@ source_hash =
b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120
+ patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip
+ patch_filename = mocklibc-1.0-2-wrap.zip
+ patch_hash = 0280f96a2eeb3c023e5acf4e00cef03d362868218d4a85347ea45137c0ef6c56
++
++diff_files = mocklibc-print-indent.diff
+diff --git a/subprojects/packagefiles/mocklibc-print-indent.diff
b/subprojects/packagefiles/mocklibc-print-indent.diff
+new file mode 100644
+index 000..d8b2029
+--- /dev/null
b/subprojects/packagefiles/mocklibc-print-indent.diff
+@@ -0,0 +1,68 @@
++From: Vincent Mihalkovic
++Date: Fri, 8 Mar 2024 14:04:33 +0100
++Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file
++ where it is used
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++This fixes build error with GCC >= 14 and clang >= 17,
++failing on:
++```
++../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit
declaration of function ‘print_indent’ [-Wimplicit-function-declaration]
++ 25 | print_indent(stream, indent);
++ | ^~~~
++```
++
++Closes: #6
++---
++ src/netgroup-debug.c | 11 +++
++ src/netgroup.c | 11 ---
++ 2 files changed, 11 insertions(+), 11 deletions(-)
++
++diff --git a/src/netgroup-debug.c b/src/netgroup-debug.c
++index 81d6e72..46e5b25 100644
++--- a/src/netgroup-debug.c
+ b/src/netgroup-debug.c
++@@ -21,6 +21,17 @@
++ #include
++ #include
++
+++/**
+++ * Print a varaible indentation to the stream.
+++ * @param stream Stream to print to
+++ * @param indent Number of indents to use
+++ */
+++static void print_indent(FILE *stream, unsigned int indent) {
+++ int i;
+++ for (i = 0; i < indent; i++)
+++fprintf(stream, " ");
+++}
+++
++ void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned
int indent) {
++ print_indent(stream, indent);
++
++diff --git a/src/netgroup.c b/src/netgroup.c
++index 06a8a89..e16e451 100644
++--- a/src/netgroup.c
+ b/src/netgroup.c
++@@ -71,17 +71,6 @@ static char *parser_copy_word(char **cur) {
++ return result;
++ }
++
++-/**
++- * Print a varaible indentation to the stream.
++- * @param stream Stream to print to
++- * @param indent Number of indents to use
++- */
++-void print_indent(FILE *stream, unsigned int indent) {
++- int i;
++- for (i = 0; i < indent; i++)
++-fprintf(stream, " ");
++-}
++-
++ /**
++ * Connect entries with 'child' type to their child entries.
++ * @param headentry Head of list of entries that need to be connected
++--
++2.43.0
+--
diff --git a/sys-auth/polkit/polkit-124-r1.ebuild
b/sys-auth/polkit/polkit-124-r1.ebuild
index d5ae6fcf9f54..4d3b917273a7 100644
--- a/sys-auth/polkit/polkit-124-r1.ebuild
+++ b/sys-auth/polkit/polkit-124-r1.ebuild
@@ -24,17 +24,7 @@
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: e94da7f8dae815704fe1c371688feb045db9eb16
Author: Sam James gentoo org>
AuthorDate: Fri Jan 19 06:35:27 2024 +
Commit: Sam James gentoo org>
CommitDate: Fri Jan 19 06:35:27 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e94da7f8
sys-auth/polkit: fix non-systemd build, don't install redundant sysusers file
No need for our own sysusers file as acct-user/polkitd already installs one.
Closes: https://bugs.gentoo.org/922458
Signed-off-by: Sam James gentoo.org>
.../polkit/files/polkit-124-systemd-fixup.patch| 26 ++
.../{polkit-124.ebuild => polkit-124-r1.ebuild}| 4
2 files changed, 30 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
new file mode 100644
index ..fceb33d31afd
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch
@@ -0,0 +1,26 @@
+https://bugs.gentoo.org/922458
+https://github.com/polkit-org/polkit/pull/417/files#r1458416421
+--- a/meson.build
b/meson.build
+@@ -212,11 +212,14 @@ if enable_logind
+ config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func,
dependencies: logind_dep))
+
+ # systemd unit / service files
+- systemd_dep = dependency('systemd', not_found_message: 'systemd required
but not found, please provide a valid systemd user unit dir or disable it')
+ systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
+- if systemd_systemdsystemunitdir == '' and session_tracking ==
'libsystemd-login'
+-# FIXME: systemd.pc file does not use variables with relative paths, so
`define_variable` cannot be used
+-systemd_systemdsystemunitdir =
systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
++ if session_tracking == 'libsystemd-login'
++systemd_dep = dependency('systemd', not_found_message: 'systemd required
but not found, please provide a valid systemd user unit dir or disable it')
++
++if systemd_systemdsystemunitdir == ''
++ # FIXME: systemd.pc file does not use variables with relative paths, so
`define_variable` cannot be used
++ systemd_systemdsystemunitdir =
systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
++endif
+ endif
+
+ systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir',
default: '/usr/lib/sysusers.d')
+--
+2.43.0
+
diff --git a/sys-auth/polkit/polkit-124.ebuild
b/sys-auth/polkit/polkit-124-r1.ebuild
similarity index 96%
rename from sys-auth/polkit/polkit-124.ebuild
rename to sys-auth/polkit/polkit-124-r1.ebuild
index 1b576a7af2d7..d5ae6fcf9f54 100644
--- a/sys-auth/polkit/polkit-124.ebuild
+++ b/sys-auth/polkit/polkit-124-r1.ebuild
@@ -91,6 +91,7 @@ QA_MULTILIB_PATHS="
PATCHES=(
"${FILESDIR}"/${PN}-124-systemd.patch
+ "${FILESDIR}"/${PN}-124-systemd-fixup.patch
)
python_check_deps() {
@@ -140,6 +141,9 @@ src_compile() {
src_install() {
meson_src_install
+ # acct-user/polkitd installs its own (albeit with a different filename)
+ rm -rf "${ED}"/usr/lib/sysusers.d || die
+
if use examples ; then
docinto examples
dodoc src/examples/{*.c,*.policy*}
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: d2f4032e1407982df7aa87b3e97bb2b7623e511b
Author: Sam James gentoo org>
AuthorDate: Fri Jan 19 05:38:36 2024 +
Commit: Sam James gentoo org>
CommitDate: Fri Jan 19 05:39:01 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2f4032e
sys-auth/polkit: add 124
Signed-off-by: Sam James gentoo.org>
sys-auth/polkit/Manifest | 1 +
sys-auth/polkit/files/polkit-124-systemd.patch | 50
sys-auth/polkit/polkit-124.ebuild | 161 +
3 files changed, 212 insertions(+)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index f4ec97d2f7df..6827b9281360 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,2 +1,3 @@
DIST polkit-122.tar.bz2 704972 BLAKE2B
601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4
SHA512
a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26
DIST polkit-123.tar.bz2 707480 BLAKE2B
27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a
SHA512
4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
+DIST polkit-124.tar.bz2 715490 BLAKE2B
ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40
SHA512
db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc
diff --git a/sys-auth/polkit/files/polkit-124-systemd.patch
b/sys-auth/polkit/files/polkit-124-systemd.patch
new file mode 100644
index ..e9b10e99e5da
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-124-systemd.patch
@@ -0,0 +1,50 @@
+https://github.com/polkit-org/polkit/pull/417
+
+From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001
+From: Luca Boccassi
+Date: Thu, 18 Jan 2024 15:07:32 +
+Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is
+ specified
+
+When 'systemdsystemunitdir' is specified as an option the systemd_dep
+variable is not defined, but the sysusers.d directory lookup uses it,
+causing a build failure:
+
+dh_auto_configure -- \
+ -Dexamples=false \
+ -Dintrospection=true \
+ -Dman=true \
+ -Dsystemdsystemunitdir=/usr/lib/systemd/system \
+ -Dtests=true \
+ -Dgtk_doc=true -Dsession_tracking=libsystemd-login
+ cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8
meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr
--sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu
-Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true
-Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true
-Dsession_tracking=libsystemd-login
+The Meson build system
+Version: 1.3.1
+Source dir: /builds/bluca/polkit/debian/output/source_dir
+Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu
+Build type: native build
+Project name: polkit
+Project version: 124
+
+<...>
+
+Run-time dependency libsystemd found: YES 255
+Checking for function "sd_uid_get_display" with dependency libsystemd: YES
+Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES
+../meson.build:222:37: ERROR: Unknown variable "systemd_dep".
+
+Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34
+--- a/meson.build
b/meson.build
+@@ -212,9 +212,9 @@ if enable_logind
+ config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func,
dependencies: logind_dep))
+
+ # systemd unit / service files
++ systemd_dep = dependency('systemd', not_found_message: 'systemd required
but not found, please provide a valid systemd user unit dir or disable it')
+ systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
+ if systemd_systemdsystemunitdir == '' and session_tracking ==
'libsystemd-login'
+-systemd_dep = dependency('systemd', not_found_message: 'systemd required
but not found, please provide a valid systemd user unit dir or disable it')
+ # FIXME: systemd.pc file does not use variables with relative paths, so
`define_variable` cannot be used
+ systemd_systemdsystemunitdir =
systemd_dep.get_pkgconfig_variable('systemdsystemunitdir')
+ endif
+
diff --git a/sys-auth/polkit/polkit-124.ebuild
b/sys-auth/polkit/polkit-124.ebuild
new file mode 100644
index ..1b576a7af2d7
--- /dev/null
+++ b/sys-auth/polkit/polkit-124.ebuild
@@ -0,0 +1,161 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: a44b0d4acf34b4a5bbd33c642b674dafe5a42aec
Author: Sam James gentoo org>
AuthorDate: Sat Oct 15 23:51:03 2022 +
Commit: Sam James gentoo org>
CommitDate: Sat Oct 15 23:51:03 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a44b0d4a
sys-auth/polkit: drop versions
Signed-off-by: Sam James gentoo.org>
sys-auth/polkit/Manifest | 2 -
...lkit-0.118-make-netgroup-support-optional.patch | 248 -
sys-auth/polkit/files/polkit-0.120-meson.patch | 42
.../files/polkit-0.120_p20220221-pkexec-suid.patch | 67 --
sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild | 129 ---
sys-auth/polkit/polkit-0.120_p20220221.ebuild | 126 ---
sys-auth/polkit/polkit-0.120_p20220509.ebuild | 146
7 files changed, 760 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index e635b78c0256..9f7fb1747d8e 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1 @@
-DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B
412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c
SHA512
15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
-DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B
5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c
SHA512
24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f
DIST polkit-121.tar.gz 743287 BLAKE2B
6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d
SHA512
f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624
diff --git
a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
deleted file mode 100644
index 8810e70b7378..
--- a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-Pulled in from
https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
-
-https://bugs.gentoo.org/833753
-https://bugs.gentoo.org/561672
-https://bugs.freedesktop.org/show_bug.cgi?id=50145
-https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
-
-Patch has been rebased a bit since but keeping original headers.
-
-From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
-From: "A. Wilcox"
-Date: Wed, 11 Jul 2018 04:54:26 -0500
-Subject: [PATCH] make netgroup support optional
-
-On at least Linux/musl and Linux/uclibc, netgroup support is not
-available. PolKit fails to compile on these systems for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work. If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Signed-off-by: A. Wilcox
a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
-[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
- }
- else if (g_str_has_prefix (str, "unix-netgroup:"))
- {
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine ('%s')",
-+ str);
-+#else
- identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
- }
-
- if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- GVariant *v;
- const char *name;
-
-+#ifndef HAVE_SETNETGRENT
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Netgroups are not available on this machine");
-+ goto out;
-+#else
-+
- v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
- if (v == NULL)
- {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
- name = g_variant_get_string (v, NULL);
- ret =
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 76caeda5c0ae4a7045d321f32ef95e31722434dd Author: Sam James gentoo org> AuthorDate: Sun May 15 05:17:19 2022 + Commit: Sam James gentoo org> CommitDate: Sun May 15 22:09:39 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76caeda5 sys-auth/polkit: drop 0.117-r3, 0.120-r3 Bug: https://bugs.gentoo.org/794052 Bug: https://bugs.gentoo.org/833574 Signed-off-by: Sam James gentoo.org> sys-auth/polkit/Manifest | 2 - sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 --- .../polkit/files/polkit-0.117-CVE-2021-3560.patch | 29 --- ...lkit-0.118-make-netgroup-support-optional.patch | 248 - .../polkit/files/polkit-0.120-CVE-2021-4034.patch | 72 -- .../polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 --- sys-auth/polkit/metadata.xml | 1 - sys-auth/polkit/polkit-0.117-r3.ebuild | 136 --- sys-auth/polkit/polkit-0.120-r3.ebuild | 123 -- 9 files changed, 717 deletions(-) diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index 36f72ccb57f8..1131b5984975 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,4 +1,2 @@ -DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70 -DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46 DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch deleted file mode 100644 index 93d672015db4.. --- a/sys-auth/polkit/files/polkit-0.115-elogind.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001 -From: Rasmus Thomsen -Date: Wed, 11 Apr 2018 13:14:14 +0200 -Subject: [PATCH] configure: fix elogind support - -HAVE_LIBSYSTEMD is used to determine which source files to use. -We have to check if either have_libsystemd or have_libelogind is -true, as both of these need the source files which are used when -HAVE_LIBSYSTEMD is true. - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 36df239..da47ecb 100644 a/configure.ac -+++ b/configure.ac -@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [ - - AC_SUBST(LIBSYSTEMD_CFLAGS) - AC_SUBST(LIBSYSTEMD_LIBS) --AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) -+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd]) - - dnl --- - dnl - systemd unit / service files --- -2.17.0 diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch deleted file mode 100644 index 9c3ce20cf574.. --- a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch +++ /dev/null @@ -1,29 +0,0 @@ -https://bugs.gentoo.org/794052 - -From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001 -From: Jan Rybar -Date: Wed, 2 Jun 2021 15:43:38 +0200 -Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit - -initial values returned if error caught - src/polkit/polkitsystembusname.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c -index 8daa12c..8ed1363 100644 a/src/polkit/polkitsystembusname.c -+++ b/src/polkit/polkitsystembusname.c -@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus - while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) - g_main_context_iteration (tmp_context, TRUE); - -+ if (data.caught_error) -+goto out; -+ - if (out_uid) -
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: ef7e6d556aac8790982a70acbd5d40130faa2346
Author: Sam James gentoo org>
AuthorDate: Tue Feb 22 06:11:04 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Feb 22 06:12:35 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef7e6d55
sys-auth/polkit: patch CVE-2021-4115
- Add as patch to 0.120-r3 (new) to be immediately stabilised
- Additionally bump to 0.120_p20220221 (only difference from
last snapshot is a test timeout fix + this CVE-2021-4115 patch)
but we'll hold off on stabling that given we only added the previous
snapshot a few days ago.
Bug: https://bugs.gentoo.org/833574
Signed-off-by: Sam James gentoo.org>
sys-auth/polkit/Manifest | 1 +
.../polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 +
sys-auth/polkit/polkit-0.120-r3.ebuild | 123
sys-auth/polkit/polkit-0.120_p20220221.ebuild | 126 +
4 files changed, 328 insertions(+)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 8ff4f745515e..754b065bc059 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,3 +1,4 @@
DIST polkit-0.117.tar.gz 1554536 BLAKE2B
1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0
SHA512
c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
DIST polkit-0.120.tar.gz 1626659 BLAKE2B
745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9
SHA512
db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
DIST polkit-0.120_p20220127.tar.bz2 733965 BLAKE2B
839a66799df870c36ea3788f68aea355ab99cf8aa0227ee633ee1155822663ce4671de4e9b041274345c1f62fbdf0405754ed1f3c7cf2a8855974854dc126e55
SHA512
67f2c1c7cd69767d578ccba2b94398eb6fcb348a77a4092c3517895190f095caee95ed491c8cff2827e287f4541cf83fefbefca1a0099d7e52bee6f825bbbd4f
+DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B
412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c
SHA512
15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
new file mode 100644
index ..a82ce25cae03
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch
@@ -0,0 +1,78 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
+https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
+https://bugs.gentoo.org/833574
+
+From: Jan Rybar
+Date: Mon, 21 Feb 2022 08:29:05 +
+Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix
+
+--- a/src/polkit/polkitsystembusname.c
b/src/polkit/polkitsystembusname.c
+@@ -62,6 +62,10 @@ enum
+ PROP_NAME,
+ };
+
++
++guint8 dbus_call_respond_fails; // has to be global because of callback
++
++
+ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+
+ G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name,
G_TYPE_OBJECT,
+@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
+ if (!v)
+ {
+ data->caught_error = TRUE;
++ dbus_call_respond_fails += 1;
+ }
+ else
+ {
+@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName
*system_bus
+ tmp_context = g_main_context_new ();
+ g_main_context_push_thread_default (tmp_context);
+
++ dbus_call_respond_fails = 0;
++
+ /* Do two async calls as it's basically as fast as one sync call.
+*/
+ g_dbus_connection_call (connection,
+@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync
(PolkitSystemBusName *system_bus
+ on_retrieved_unix_uid_pid,
+ );
+
+- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+-g_main_context_iteration (tmp_context, TRUE);
++ while (TRUE)
++ {
++/* If one dbus call returns error, we must wait until the other call
++ * calls _call_finish(), otherwise fd leak is possible.
++ * Resolves: GHSL-2021-077
++*/
+
+- if (data.caught_error)
+-goto out;
++if ( (dbus_call_respond_fails > 1) )
++{
++ // we got two faults, we can leave
++ goto out;
++}
++
++if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
++{
++ // we got one fault and the other call finally finished, we can leave
++ goto out;
++}
++
++if ( !(data.retrieved_uid && data.retrieved_pid) )
++{
++ g_main_context_iteration (tmp_context, TRUE);
++}
++else
++{
++
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: cca21561571e00e88f434ad94a9cde6851fab244
Author: Sam James gentoo org>
AuthorDate: Sun Feb 20 00:42:58 2022 +
Commit: Sam James gentoo org>
CommitDate: Sun Feb 20 00:42:58 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cca21561
sys-auth/polkit: add musl patch to 0.120_p20220127
Pulled in from ::musl.
Closes: https://bugs.gentoo.org/833753
Bug: https://bugs.gentoo.org/561672
Signed-off-by: Sam James gentoo.org>
...lkit-0.118-make-netgroup-support-optional.patch | 228 +
sys-auth/polkit/polkit-0.120_p20220127.ebuild | 3 +
2 files changed, 231 insertions(+)
diff --git
a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
new file mode 100644
index ..b11250fd3992
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch
@@ -0,0 +1,228 @@
+Pulled in from
https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch.
+
+https://bugs.gentoo.org/833753
+https://bugs.gentoo.org/561672
+https://bugs.freedesktop.org/show_bug.cgi?id=50145
+https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
+
+Patch has been rebased a bit since but keeping original headers.
+
+From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001
+From: "A. Wilcox"
+Date: Wed, 11 Jul 2018 04:54:26 -0500
+Subject: [PATCH] make netgroup support optional
+
+On at least Linux/musl and Linux/uclibc, netgroup support is not
+available. PolKit fails to compile on these systems for that reason.
+
+This change makes netgroup support conditional on the presence of the
+setnetgrent(3) function which is required for the support to work. If
+that function is not available on the system, an error will be returned
+to the administrator if unix-netgroup: is specified in configuration.
+
+Fixes bug 50145.
+
+Signed-off-by: A. Wilcox
+--- a/configure.ac
b/configure.ac
+@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+--- a/src/polkit/polkitidentity.c
b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
+ }
+ else if (g_str_has_prefix (str, "unix-netgroup:"))
+ {
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine ('%s')",
++ str);
++#else
+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+ }
+
+ if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ const char *name;
+
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine");
++ goto out;
++#else
++
+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+ if (v == NULL)
+ {
+@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ name = g_variant_get_string (v, NULL);
+ ret = polkit_unix_netgroup_new (name);
+ g_variant_unref (v);
++#endif
+ }
+ else
+ {
+--- a/src/polkit/polkitunixnetgroup.c
b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++ g_assert_not_reached();
++#endif
+ g_return_val_if_fail (name != NULL, NULL);
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+"name", name,
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity
*group,
+ GList *ret;
+
+ ret = NULL;
++#ifdef HAVE_SETNETGRENT
+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+ if (setnetgrent (name) == 0)
+ {
+ g_warning ("Error looking up net group with name %s: %s", name,
g_strerror (errno));
+ goto out;
+ }
+-#else
++# else
+ setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+
+ for (;;)
+ {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+ const
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 943593956c04c5c2b1f1c679d5b3f36428d1173a
Author: Mathieu Tortuyaux microsoft com>
AuthorDate: Thu Jan 27 09:31:48 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Jan 27 19:50:27 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94359395
sys-auth/polkit: fix CVE id
Nit-pick to avoid confusion.
Bug: https://bugs.gentoo.org/832057
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Mathieu Tortuyaux microsoft.com>
Closes: https://github.com/gentoo/gentoo/pull/23980
Signed-off-by: Sam James gentoo.org>
...olkit-0.120-CVE-2021-4043.patch => polkit-0.120-CVE-2021-4034.patch} | 0
sys-auth/polkit/polkit-0.117-r3.ebuild | 2 +-
sys-auth/polkit/polkit-0.120-r2.ebuild | 2 +-
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
similarity index 100%
rename from sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
rename to sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch
diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild
b/sys-auth/polkit/polkit-0.117-r3.ebuild
index a486ee25b894..33e09e40e512 100644
--- a/sys-auth/polkit/polkit-0.117-r3.ebuild
+++ b/sys-auth/polkit/polkit-0.117-r3.ebuild
@@ -62,7 +62,7 @@ PATCHES=(
"${FILESDIR}"/polkit-0.115-elogind.patch
"${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
- "${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch
+ "${FILESDIR}"/polkit-0.120-CVE-2021-4034.patch
)
QA_MULTILIB_PATHS="
diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild
b/sys-auth/polkit/polkit-0.120-r2.ebuild
index 4d864ecfd564..952906f5d88e 100644
--- a/sys-auth/polkit/polkit-0.120-r2.ebuild
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -63,7 +63,7 @@ QA_MULTILIB_PATHS="
src_prepare() {
local PATCHES=(
"${FILESDIR}/polkit-0.120-meson.patch"
- "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+ "${FILESDIR}/polkit-0.120-CVE-2021-4034.patch"
)
default
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 77e50819c7c7c22dee5ee6b2e7538b3cfff789af
Author: Sam James gentoo org>
AuthorDate: Wed Jan 26 00:50:34 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Jan 26 00:51:00 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77e50819
sys-auth/polkit: backport CVE-2021-3560, CVE-2021-4043 patches to 0.117
Needed for non-Rust arches like sparc.
(Most users are on 0.120 and already fixed in previous commits.)
Bug: https://bugs.gentoo.org/794052
Bug: https://bugs.gentoo.org/832057
Signed-off-by: Sam James gentoo.org>
.../polkit/files/polkit-0.117-CVE-2021-3560.patch | 29 +
sys-auth/polkit/polkit-0.117-r3.ebuild | 136 +
2 files changed, 165 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
new file mode 100644
index ..9c3ce20cf574
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch
@@ -0,0 +1,29 @@
+https://bugs.gentoo.org/794052
+
+From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001
+From: Jan Rybar
+Date: Wed, 2 Jun 2021 15:43:38 +0200
+Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit
+
+initial values returned if error caught
+---
+ src/polkit/polkitsystembusname.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/polkit/polkitsystembusname.c
b/src/polkit/polkitsystembusname.c
+index 8daa12c..8ed1363 100644
+--- a/src/polkit/polkitsystembusname.c
b/src/polkit/polkitsystembusname.c
+@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName
*system_bus
+ while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+ g_main_context_iteration (tmp_context, TRUE);
+
++ if (data.caught_error)
++goto out;
++
+ if (out_uid)
+ *out_uid = data.uid;
+ if (out_pid)
+--
+GitLab
+
diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild
b/sys-auth/polkit/polkit-0.117-r3.ebuild
new file mode 100644
index ..6dab5cf577c0
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.117-r3.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide
services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit
https://gitlab.freedesktop.org/polkit/polkit;
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz;
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc
~x86"
+IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test"
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="^^ ( elogind systemd )"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:68[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=(
+ # bug 660880
+ "${FILESDIR}"/polkit-0.115-elogind.patch
+
+ "${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch
+ "${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch
+)
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|'
src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/
s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: d0e16d6fb24423388c5acd74e5f0b9856af08f08
Author: Sam James gentoo org>
AuthorDate: Tue Jan 25 17:25:25 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Jan 25 17:25:54 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0e16d6f
sys-auth/polkit: fix CVE-2021-4043
Bug: https://bugs.gentoo.org/832057
Signed-off-by: Sam James gentoo.org>
.../polkit/files/polkit-0.120-CVE-2021-4043.patch | 72 +
sys-auth/polkit/polkit-0.120-r2.ebuild | 120 +
2 files changed, 192 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
new file mode 100644
index ..22bb71d14204
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
@@ -0,0 +1,72 @@
+https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+https://bugs.gentoo.org/832057
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
+
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
+From: Jan Rybar
+Date: Tue, 25 Jan 2022 17:21:46 +
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
+
+--- a/src/programs/pkcheck.c
b/src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+ local_agent_handle = NULL;
+ ret = 126;
+
++ if (argc < 1)
++{
++ exit(126);
++}
++
+ /* Disable remote file access from GIO. */
+ setenv ("GIO_USE_VFS", "local", 1);
+
+--- a/src/programs/pkexec.c
b/src/programs/pkexec.c
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+ pid_t pid_of_caller;
+ gpointer local_agent_handle;
+
++
++ /*
++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't
be nice, just bail out.
++ */
++ if (argc<1)
++{
++ exit(127);
++}
++
+ ret = 127;
+ authority = NULL;
+ subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+
+ path = g_strdup (pwstruct.pw_shell);
+ if (!path)
+- {
++{
+ g_printerr ("No shell configured or error retrieving pw_shell\n");
+ goto out;
+- }
++}
+ /* If you change this, be sure to change the if (!command_line)
+case below too */
+ command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+ goto out;
+ }
+ g_free (path);
+- argv[n] = path = s;
++ path = s;
++
++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be
null-terminated.
++ * /-less shell shouldn't happen, but let's be defensive and don't
write to null-termination
++ */
++ if (argv[n] != NULL)
++ {
++argv[n] = path;
++ }
+ }
+ if (access (path, F_OK) != 0)
+ {
+GitLab
diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild
b/sys-auth/polkit/polkit-0.120-r2.ebuild
new file mode 100644
index ..6af327e19f2f
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit meson pam pax-utils systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide
services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit
https://gitlab.freedesktop.org/polkit/polkit;
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz;
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc64 ~riscv ~s390 ~x86"
+IUSE="examples gtk +introspection kde pam selinux systemd test"
+#RESTRICT="!test? ( test )"
+# Tests currently don't work with meson. See
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+RESTRICT="test"
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( dev-libs/gobject-introspection )
+"
+DEPEND="
+ dev-lang/spidermonkey:78[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+src_prepare() {
+ local PATCHES=(
+
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 1bed18530dc535caec4a9fbfe2f9c4de9ac3d730
Author: Andreas Sturmlechner gentoo org>
AuthorDate: Sun Oct 4 15:58:22 2020 +
Commit: Andreas Sturmlechner gentoo org>
CommitDate: Sun Oct 4 15:58:22 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bed1853
sys-auth/polkit: Cleanup vulnerable 0.115-r4
Bug: https://bugs.gentoo.org/717712
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Andreas Sturmlechner gentoo.org>
sys-auth/polkit/Manifest | 1 -
sys-auth/polkit/files/CVE-2018-19788.patch | 339 -
.../files/polkit-0.115-spidermonkey-60.patch | 180 ---
sys-auth/polkit/polkit-0.115-r4.ebuild | 144 -
4 files changed, 664 deletions(-)
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 22da4a92e24..c1e90f0d5ca 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,4 +1,3 @@
-DIST polkit-0.115.tar.gz 1550932 BLAKE2B
3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1
SHA512
1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc
DIST polkit-0.116.tar.gz 1548311 BLAKE2B
e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31
SHA512
b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5
DIST polkit-0.117.tar.gz 1554536 BLAKE2B
1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0
SHA512
c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70
DIST polkit-0.118.tar.gz 1556765 BLAKE2B
d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119
SHA512
3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e
diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch
b/sys-auth/polkit/files/CVE-2018-19788.patch
deleted file mode 100644
index 97e3608a12b..000
--- a/sys-auth/polkit/files/CVE-2018-19788.patch
+++ /dev/null
@@ -1,339 +0,0 @@
-From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?=
-Date: Mon, 3 Dec 2018 10:28:58 +0100
-Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group
- objects
-
-(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since
-there should be no users with such number, see
-https://systemd.io/UIDS-GIDS#special-linux-uids.
-
-(uid_t) -1 is used as the default value in class initialization.
-
-When a user or group above INT32_MAX is created, the numeric uid or
-gid wraps around to negative when the value is assigned to gint, and
-polkit gets confused. Let's accept such gids, except for -1.
-
-A nicer fix would be to change the underlying type to e.g. uint32 to
-not have negative values. But this cannot be done without breaking the
-API, so likely new functions will have to be added (a
-polkit_unix_user_new variant that takes a unsigned, and the same for
-_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will
-require a bigger patch.
-
-Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74.
- src/polkit/polkitunixgroup.c | 15 +++
- src/polkit/polkitunixprocess.c | 12
- src/polkit/polkitunixuser.c| 13 ++---
- 3 files changed, 29 insertions(+), 11 deletions(-)
-
-diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
-index c57a1aa..309f689 100644
a/src/polkit/polkitunixgroup.c
-+++ b/src/polkit/polkitunixgroup.c
-@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group,
G_TYPE_OBJECT,
- static void
- polkit_unix_group_init (PolkitUnixGroup *unix_group)
- {
-+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
- }
-
- static void
-@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
-GParamSpec *pspec)
- {
- PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
-+ gint val;
-
- switch (prop_id)
- {
- case PROP_GID:
-- unix_group->gid = g_value_get_int (value);
-+ val = g_value_get_int (value);
-+ g_return_if_fail (val != -1);
-+ unix_group->gid = val;
- break;
-
- default:
-@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
-g_param_spec_int ("gid",
- "Group ID",
- "The UNIX group ID",
--
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 3593d9638f4876e8540afb40012856ebe6d257b5
Author: Arfrever Frehtes Taifersar Arahesis Apache Org>
AuthorDate: Mon Mar 25 00:49:59 2019 +
Commit: Lars Wendler gentoo org>
CommitDate: Tue Mar 26 08:58:40 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3593d963
sys-auth/polkit: Use dev-lang/spidermonkey:60.
Port to EAPI="7".
Improve HOMEPAGE.
Fixes: https://bugs.gentoo.org/681692
Signed-off-by: Arfrever Frehtes Taifersar Arahesis Apache.Org>
Signed-off-by: Lars Wendler gentoo.org>
.../files/polkit-0.115-spidermonkey-60.patch | 180 +
sys-auth/polkit/polkit-0.115-r4.ebuild | 143
2 files changed, 323 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
new file mode 100644
index 000..8a4510ad205
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch
@@ -0,0 +1,180 @@
+From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi
+Date: Fri, 31 Aug 2018 13:32:16 +0100
+Subject: [PATCH] Depend on mozjs-60
+
+This is the new ESR version of the Mozilla JS engine, superceding
+mozjs-52.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5c37e48..5cedb4e 100644
+--- a/configure.ac
b/configure.ac
+@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
+-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
++PKG_CHECK_MODULES(LIBJS, [mozjs-60])
+
+ AC_SUBST(LIBJS_CFLAGS)
+ AC_SUBST(LIBJS_CXXFLAGS)
+
+
+From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi
+Date: Fri, 31 Aug 2018 13:33:20 +0100
+Subject: [PATCH] Port the JS authority to mozjs-60
+
+API changes in mozjs that need to be reflected in the JS authority:
+
+ - the JS::CompileOptions constructor and the JS::CompartmentOptions
+ do not allow setting a JS version any more
+
+ - do not use NULL comparisons for C++ objects
+
+ - the resize() method for a vector has a return value that needs
+ to be handled
+
+ - JSClassOps has different fields
+---
+ .../polkitbackendjsauthority.cpp | 65 +--
+ 1 file changed, 32 insertions(+), 33 deletions(-)
+
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp
b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 7602714..984a0f0 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority,
polkit_backend_js_authority, POLKIT_BAC
+ /*
*/
+
+ static const struct JSClassOps js_global_class_ops = {
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL
++ nullptr, // addProperty
++ nullptr, // deleteProperty
++ nullptr, // enumerate
++ nullptr, // newEnumerate
++ nullptr, // resolve
++ nullptr, // mayResolve
++ nullptr, // finalize
++ nullptr, // call
++ nullptr, // hasInstance
++ nullptr, // construct
++ JS_GlobalObjectTraceHook
+ };
+
+ static JSClass js_global_class = {
+@@ -172,18 +171,17 @@ static JSClass js_global_class = {
+
+ /*
*/
+ static const struct JSClassOps js_polkit_class_ops = {
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL,
+- NULL
++ nullptr, // addProperty
++ nullptr, // deleteProperty
++ nullptr, // enumerate
++ nullptr, // newEnumerate
++ nullptr, // resolve
++ nullptr, // mayResolve
++ nullptr, // finalize
++ nullptr, // call
++ nullptr, // hasInstance
++ nullptr, // construct
++ nullptr // trace
+ };
+
+ static JSClass js_polkit_class = {
+@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
+
+ {
+ JS::CompartmentOptions compart_opts;
+-compart_opts.behaviors().setVersion(JSVERSION_LATEST);
++
+ JS::RootedObject global(authority->priv->cx);
+
+ authority->priv->js_global = new JS::Heap (JS_NewGlobalObject
(authority->priv->cx, _global_class, NULL, JS::FireOnNewGlobalHook,
compart_opts));
+
+ global = authority->priv->js_global->get ();
+-
+-if (global == NULL)
++if (!global)
+ goto fail;
+
+ authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
+
+-if (authority->priv->ac == NULL)
++if (!authority->priv->ac)
+ goto fail;
+
+ if (!JS_InitStandardClasses (authority->priv->cx, global))
+@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
+
+ polkit = authority->priv->js_polkit->get ();
+
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 796d413851084fa37559c1806e436cb8bdfce936
Author: Andreas Sturmlechner gentoo org>
AuthorDate: Wed Aug 8 19:55:48 2018 +
Commit: Andreas Sturmlechner gentoo org>
CommitDate: Wed Aug 8 20:45:29 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=796d4138
sys-auth/polkit: Fix configure with elogind
See also: https://bugs.freedesktop.org/show_bug.cgi?id=105989
Closes: https://bugs.gentoo.org/660880
Closes: https://bugs.gentoo.org/662338
Package-Manager: Portage-2.3.45, Repoman-2.3.10
sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 +
sys-auth/polkit/polkit-0.115-r1.ebuild | 137 +++
2 files changed, 165 insertions(+)
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch
b/sys-auth/polkit/files/polkit-0.115-elogind.patch
new file mode 100644
index 000..93d672015db
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.115-elogind.patch
@@ -0,0 +1,28 @@
+From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
+From: Rasmus Thomsen
+Date: Wed, 11 Apr 2018 13:14:14 +0200
+Subject: [PATCH] configure: fix elogind support
+
+HAVE_LIBSYSTEMD is used to determine which source files to use.
+We have to check if either have_libsystemd or have_libelogind is
+true, as both of these need the source files which are used when
+HAVE_LIBSYSTEMD is true.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 36df239..da47ecb 100644
+--- a/configure.ac
b/configure.ac
+@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
+
+ AC_SUBST(LIBSYSTEMD_CFLAGS)
+ AC_SUBST(LIBSYSTEMD_LIBS)
+-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using
libsystemd])
++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test
"$have_libelogind" = "yes" ], [Using libsystemd])
+
+ dnl
---
+ dnl - systemd unit / service files
+--
+2.17.0
diff --git a/sys-auth/polkit/polkit-0.115-r1.ebuild
b/sys-auth/polkit/polkit-0.115-r1.ebuild
new file mode 100644
index 000..f07c7ca222e
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.115-r1.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools pam pax-utils systemd user xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide
services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit;
+SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz;
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh
~sparc ~x86"
+IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test"
+
+REQUIRED_USE="?? ( elogind systemd )"
+
+CDEPEND="
+ dev-lang/spidermonkey:52[-debug]
+ dev-libs/glib:2
+ dev-libs/expat
+ elogind? ( sys-auth/elogind )
+ introspection? ( dev-libs/gobject-introspection )
+ pam? (
+ sys-auth/pambase
+ virtual/pam
+ )
+ systemd? ( sys-apps/systemd:0= )
+"
+DEPEND="${CDEPEND}
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/gtk-doc-am
+ dev-util/intltool
+ sys-devel/gettext
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+ !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) )
+"
+
+DOCS=( docs/TODO HACKING NEWS README )
+
+PATCHES=( "${FILESDIR}"/${P}-elogind.patch ) # bug 660880
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd"
+
+pkg_setup() {
+ local u=polkitd
+ local g=polkitd
+ local h=/var/lib/polkit-1
+
+ enewgroup ${g}
+ enewuser ${u} -1 -1 ${h} ${g}
+ esethome ${u} ${h}
+}
+
+src_prepare() {
+ default
+
+ sed -i -e 's|unix-group:wheel|unix-user:0|'
src/polkitbackend/*-default.rules || die #401513
+
+ # Workaround upstream hack around standard gtk-doc behavior, bug #552170
+ sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
+ -e '/install-data-local:/,/uninstall-local:/
s/@ENABLE_GTK_DOC_TRUE@//' \
+ -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
+ docs/polkit/Makefile.in || die
+
+ # disable broken test - bug #624022
+ sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
+
+ # Fix cross-building, bug #590764, elogind patch, bug #598615
+ eautoreconf
+}
+
+src_configure() {
+
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 487ef5103ed45a49310282d483c41f0dcf6638e2
Author: Sven Eden gmx net>
AuthorDate: Tue Jun 27 12:03:40 2017 +
Commit: Michael Palimaka gentoo org>
CommitDate: Tue Jun 27 12:04:19 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=487ef510
sys-auth/polkit: improve elogind patch
Gentoo-bug: 622800
Package-Manager: Portage-2.3.6, Repoman-2.3.2
sys-auth/polkit/files/polkit-0.113-elogind.patch | 22 --
...lkit-0.113-r2.ebuild => polkit-0.113-r3.ebuild} | 0
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch
b/sys-auth/polkit/files/polkit-0.113-elogind.patch
index fb142c65ce6..c822e00d24a 100644
--- a/sys-auth/polkit/files/polkit-0.113-elogind.patch
+++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch
@@ -117,8 +117,8 @@
$(NULL)
libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
a/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04
04:44:29.650112018 +0100
-+++ b/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04
04:44:58.283111505 +0100
+--- a/src/polkitbackend/polkitbackendjsauthority.c 2017-06-27
09:22:03.375841040 +0200
b/src/polkitbackend/polkitbackendjsauthority.c 2017-06-27
09:25:33.815845141 +0200
@@ -39,6 +39,10 @@
#include
#endif /* HAVE_LIBSYSTEMD */
@@ -130,6 +130,24 @@
#include
#include "initjs.h" /* init.js */
+@@ -793,7 +797,7 @@
+ g_assert_not_reached ();
+ }
+
+-#ifdef HAVE_LIBSYSTEMD
++#if defined(HAVE_LIBSYSTEMD) || defined(HAVE_LIBELOGIND)
+ if (sd_pid_get_session (pid, _str) == 0)
+ {
+ if (sd_session_get_seat (session_str, _str) == 0)
+@@ -801,7 +805,7 @@
+ /* do nothing */
+ }
+ }
+-#endif /* HAVE_LIBSYSTEMD */
++#endif /* HAVE_LIBSYSTEMD or HAVE_LIBELOGIND */
+
+ g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
+ uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject));
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04
04:44:29.650112018 +0100
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04
04:46:52.718109455 +0100
@@ -25,7 +25,11 @@
diff --git a/sys-auth/polkit/polkit-0.113-r2.ebuild
b/sys-auth/polkit/polkit-0.113-r3.ebuild
similarity index 100%
rename from sys-auth/polkit/polkit-0.113-r2.ebuild
rename to sys-auth/polkit/polkit-0.113-r3.ebuild
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 7ffb5079b8c109223cfeb4519abb84a6c5516293 Author: Andreas Sturmlechner gentoo org> AuthorDate: Sat Jan 14 12:24:15 2017 + Commit: Andreas Sturmlechner gentoo org> CommitDate: Sat Jan 14 19:25:03 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ffb5079 sys-auth/polkit: Add USE=elogind, bump to EAPI 6 Gentoo-bug: 598615 Drop non-existent lxde-base/lxpolkit from PDEPEND Package-Manager: portage-2.3.0 sys-auth/polkit/files/polkit-0.113-elogind.patch | 160 +++ sys-auth/polkit/metadata.xml | 1 + sys-auth/polkit/polkit-0.113-r2.ebuild | 133 +++ 3 files changed, 294 insertions(+) diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch new file mode 100644 index ..fb142c6 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch @@ -0,0 +1,160 @@ +--- a/configure.ac 2016-11-03 20:16:02.842071344 +0100 b/configure.ac 2016-11-03 20:15:34.612071850 +0100 +@@ -183,11 +183,12 @@ + + AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"]) + +-dnl --- +-dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking +-dnl --- ++dnl --- ++dnl - Select wether to use libsystemd-login, elogind or ConsoleKit for session tracking ++dnl --- + + have_libsystemd=no ++have_elogind=no + SESSION_TRACKING=ConsoleKit + + AC_ARG_ENABLE([libsystemd-login], +@@ -220,6 +221,29 @@ + fi + fi + fi ++ ++AC_ARG_ENABLE([libelogind], ++ [AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])], ++ [enable_libelogind=$enableval], ++ [enable_libelogind=auto]) ++if test "$enable_libelogind" != "no"; then ++ PKG_CHECK_MODULES([LIBELOGIND], ++[libelogind], ++[have_libelogind=yes], ++[have_libelogind=no]) ++ if test "$have_libelogind" = "yes"; then ++SESSION_TRACKING=libelogind ++AC_DEFINE([HAVE_LIBELOGIND], 1, [Define to 1 if libelogind is available]) ++save_LIBS=$LIBS ++LIBS=$LIBELOGIND_LIBS ++AC_CHECK_FUNCS(sd_uid_get_display) ++LIBS=$save_LIBS ++ else ++if test "$enable_libelogind" = "yes"; then ++ AC_MSG_ERROR([libelogind support requested but libelogind not found]) ++fi ++ fi ++fi + + AS_IF([test "x$cross_compiling" != "xyes" ], [ + AS_IF([test "$have_libsystemd" = "yes"], [ +@@ -245,6 +245,10 @@ + AC_SUBST(LIBSYSTEMD_LIBS) + AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) + ++AC_SUBST(LIBELOGIND_CFLAGS) ++AC_SUBST(LIBELOGIND_LIBS) ++AM_CONDITIONAL(HAVE_LIBELOGIND, [test "$have_libelogind" = "yes"], [Using libelogind]) ++ + dnl --- + dnl - systemd unit / service files + dnl --- +--- a/src/polkitbackend/Makefile.am2016-11-04 04:40:46.930116006 +0100 b/src/polkitbackend/Makefile.am2016-11-04 04:42:14.586114436 +0100 +@@ -42,21 +42,28 @@ + libpolkit_backend_1_la_SOURCES += \ + polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c + else ++if HAVE_LIBELOGIND ++libpolkit_backend_1_la_SOURCES += \ ++ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c ++else + libpolkit_backend_1_la_SOURCES += \ + polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c + endif ++endif + + libpolkit_backend_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(LIBSYSTEMD_CFLAGS)\ ++ $(LIBELOGIND_CFLAGS)\ + $(LIBJS_CFLAGS) \ + $(NULL) + + libpolkit_backend_1_la_LIBADD = \ + $(GLIB_LIBS) \ + $(LIBSYSTEMD_LIBS) \ ++ $(LIBELOGIND_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(EXPAT_LIBS) \ + $(LIBJS_LIBS) \ +--- a/src/polkit/Makefile.am 2016-11-04
