[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 1521587bb323049922809b7756705792564041a7 Author: Kostadin Shishmanov tutanota com> AuthorDate: Fri May 3 11:37:06 2024 + Commit: Sam James gentoo org> CommitDate: Fri May 3 12:12:54 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1521587b sys-auth/polkit: fix tests Reenable tests with FEATURES="test" and backport test build error fix for C99 compilers. Bug: https://bugs.gentoo.org/925440 Signed-off-by: Kostadin Shishmanov tutanota.com> Closes: https://github.com/gentoo/gentoo/pull/36527 Signed-off-by: Sam James gentoo.org> sys-auth/polkit/files/polkit-124-c99-fixes.patch | 111 +++ sys-auth/polkit/polkit-124-r1.ebuild | 13 +-- 2 files changed, 113 insertions(+), 11 deletions(-) diff --git a/sys-auth/polkit/files/polkit-124-c99-fixes.patch b/sys-auth/polkit/files/polkit-124-c99-fixes.patch new file mode 100644 index ..00d3cbbd2664 --- /dev/null +++ b/sys-auth/polkit/files/polkit-124-c99-fixes.patch @@ -0,0 +1,111 @@ +https://bugs.gentoo.org/925440 +https://github.com/polkit-org/polkit/commit/0d78d1e4bf5ab3ce11678005b220aac0cfc5bee5 + +From: Vincent Mihalkovic +Date: Fri, 8 Mar 2024 14:04:33 +0100 +Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file + where it is used +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes build error with GCC >= 14 and clang >= 17, +failing on: +``` +../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration] + 25 | print_indent(stream, indent); + | ^~~~ +``` + +Closes: #6 +--- + subprojects/mocklibc.wrap | 2 + + .../packagefiles/mocklibc-print-indent.diff | 68 +++ + 2 files changed, 70 insertions(+) + create mode 100644 subprojects/packagefiles/mocklibc-print-indent.diff + +diff --git a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap +index af82298..539ee83 100644 +--- a/subprojects/mocklibc.wrap b/subprojects/mocklibc.wrap +@@ -8,3 +8,5 @@ source_hash = b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120 + patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip + patch_filename = mocklibc-1.0-2-wrap.zip + patch_hash = 0280f96a2eeb3c023e5acf4e00cef03d362868218d4a85347ea45137c0ef6c56 ++ ++diff_files = mocklibc-print-indent.diff +diff --git a/subprojects/packagefiles/mocklibc-print-indent.diff b/subprojects/packagefiles/mocklibc-print-indent.diff +new file mode 100644 +index 000..d8b2029 +--- /dev/null b/subprojects/packagefiles/mocklibc-print-indent.diff +@@ -0,0 +1,68 @@ ++From: Vincent Mihalkovic ++Date: Fri, 8 Mar 2024 14:04:33 +0100 ++Subject: [PATCH 3/3] mocklibc: move the print_indent function to the file ++ where it is used ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++This fixes build error with GCC >= 14 and clang >= 17, ++failing on: ++``` ++../subprojects/mocklibc-1.0/src/netgroup-debug.c:25:3: error: implicit declaration of function ‘print_indent’ [-Wimplicit-function-declaration] ++ 25 | print_indent(stream, indent); ++ | ^~~~ ++``` ++ ++Closes: #6 ++--- ++ src/netgroup-debug.c | 11 +++ ++ src/netgroup.c | 11 --- ++ 2 files changed, 11 insertions(+), 11 deletions(-) ++ ++diff --git a/src/netgroup-debug.c b/src/netgroup-debug.c ++index 81d6e72..46e5b25 100644 ++--- a/src/netgroup-debug.c + b/src/netgroup-debug.c ++@@ -21,6 +21,17 @@ ++ #include ++ #include ++ +++/** +++ * Print a varaible indentation to the stream. +++ * @param stream Stream to print to +++ * @param indent Number of indents to use +++ */ +++static void print_indent(FILE *stream, unsigned int indent) { +++ int i; +++ for (i = 0; i < indent; i++) +++fprintf(stream, " "); +++} +++ ++ void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent) { ++ print_indent(stream, indent); ++ ++diff --git a/src/netgroup.c b/src/netgroup.c ++index 06a8a89..e16e451 100644 ++--- a/src/netgroup.c + b/src/netgroup.c ++@@ -71,17 +71,6 @@ static char *parser_copy_word(char **cur) { ++ return result; ++ } ++ ++-/** ++- * Print a varaible indentation to the stream. ++- * @param stream Stream to print to ++- * @param indent Number of indents to use ++- */ ++-void print_indent(FILE *stream, unsigned int indent) { ++- int i; ++- for (i = 0; i < indent; i++) ++-fprintf(stream, " "); ++-} ++- ++ /** ++ * Connect entries with 'child' type to their child entries. ++ * @param headentry Head of list of entries that need to be connected ++-- ++2.43.0 +-- diff --git a/sys-auth/polkit/polkit-124-r1.ebuild b/sys-auth/polkit/polkit-124-r1.ebuild index d5ae6fcf9f54..4d3b917273a7 100644 --- a/sys-auth/polkit/polkit-124-r1.ebuild +++ b/sys-auth/polkit/polkit-124-r1.ebuild @@ -24,17 +24,7 @@
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: e94da7f8dae815704fe1c371688feb045db9eb16 Author: Sam James gentoo org> AuthorDate: Fri Jan 19 06:35:27 2024 + Commit: Sam James gentoo org> CommitDate: Fri Jan 19 06:35:27 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e94da7f8 sys-auth/polkit: fix non-systemd build, don't install redundant sysusers file No need for our own sysusers file as acct-user/polkitd already installs one. Closes: https://bugs.gentoo.org/922458 Signed-off-by: Sam James gentoo.org> .../polkit/files/polkit-124-systemd-fixup.patch| 26 ++ .../{polkit-124.ebuild => polkit-124-r1.ebuild}| 4 2 files changed, 30 insertions(+) diff --git a/sys-auth/polkit/files/polkit-124-systemd-fixup.patch b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch new file mode 100644 index ..fceb33d31afd --- /dev/null +++ b/sys-auth/polkit/files/polkit-124-systemd-fixup.patch @@ -0,0 +1,26 @@ +https://bugs.gentoo.org/922458 +https://github.com/polkit-org/polkit/pull/417/files#r1458416421 +--- a/meson.build b/meson.build +@@ -212,11 +212,14 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files +- systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') +- if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +-# FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used +-systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') ++ if session_tracking == 'libsystemd-login' ++systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') ++ ++if systemd_systemdsystemunitdir == '' ++ # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used ++ systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') ++endif + endif + + systemd_sysusers_dir = systemd_dep.get_pkgconfig_variable('sysusers_dir', default: '/usr/lib/sysusers.d') +-- +2.43.0 + diff --git a/sys-auth/polkit/polkit-124.ebuild b/sys-auth/polkit/polkit-124-r1.ebuild similarity index 96% rename from sys-auth/polkit/polkit-124.ebuild rename to sys-auth/polkit/polkit-124-r1.ebuild index 1b576a7af2d7..d5ae6fcf9f54 100644 --- a/sys-auth/polkit/polkit-124.ebuild +++ b/sys-auth/polkit/polkit-124-r1.ebuild @@ -91,6 +91,7 @@ QA_MULTILIB_PATHS=" PATCHES=( "${FILESDIR}"/${PN}-124-systemd.patch + "${FILESDIR}"/${PN}-124-systemd-fixup.patch ) python_check_deps() { @@ -140,6 +141,9 @@ src_compile() { src_install() { meson_src_install + # acct-user/polkitd installs its own (albeit with a different filename) + rm -rf "${ED}"/usr/lib/sysusers.d || die + if use examples ; then docinto examples dodoc src/examples/{*.c,*.policy*}
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: d2f4032e1407982df7aa87b3e97bb2b7623e511b Author: Sam James gentoo org> AuthorDate: Fri Jan 19 05:38:36 2024 + Commit: Sam James gentoo org> CommitDate: Fri Jan 19 05:39:01 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2f4032e sys-auth/polkit: add 124 Signed-off-by: Sam James gentoo.org> sys-auth/polkit/Manifest | 1 + sys-auth/polkit/files/polkit-124-systemd.patch | 50 sys-auth/polkit/polkit-124.ebuild | 161 + 3 files changed, 212 insertions(+) diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index f4ec97d2f7df..6827b9281360 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,2 +1,3 @@ DIST polkit-122.tar.bz2 704972 BLAKE2B 601ed969de816d061a974b07490d64c144940898a75d4e1761462ee1ff0f00686b068298fa6fdc901879d8cd4bea4334c0187aa5bde50acf90728c37e73e21f4 SHA512 a7c0a951bbcdb09899adbc128296c74fc062441e996f4d6a782b214178f0936137e2fdc489eaa86a00599b988711735a5bd9b5c3b93bdb42fb915db9f9b04e26 DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6 +DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc diff --git a/sys-auth/polkit/files/polkit-124-systemd.patch b/sys-auth/polkit/files/polkit-124-systemd.patch new file mode 100644 index ..e9b10e99e5da --- /dev/null +++ b/sys-auth/polkit/files/polkit-124-systemd.patch @@ -0,0 +1,50 @@ +https://github.com/polkit-org/polkit/pull/417 + +From 69d6b94d590b4dd1fbbac22b4f4d449f46ef61aa Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 18 Jan 2024 15:07:32 + +Subject: [PATCH] meson: fix build failure when -Dsystemdsystemunitdir is + specified + +When 'systemdsystemunitdir' is specified as an option the systemd_dep +variable is not defined, but the sysusers.d directory lookup uses it, +causing a build failure: + +dh_auto_configure -- \ + -Dexamples=false \ + -Dintrospection=true \ + -Dman=true \ + -Dsystemdsystemunitdir=/usr/lib/systemd/system \ + -Dtests=true \ + -Dgtk_doc=true -Dsession_tracking=libsystemd-login + cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dexamples=false -Dintrospection=true -Dman=true -Dsystemdsystemunitdir=/usr/lib/systemd/system -Dtests=true -Dgtk_doc=true -Dsession_tracking=libsystemd-login +The Meson build system +Version: 1.3.1 +Source dir: /builds/bluca/polkit/debian/output/source_dir +Build dir: /builds/bluca/polkit/debian/output/source_dir/obj-x86_64-linux-gnu +Build type: native build +Project name: polkit +Project version: 124 + +<...> + +Run-time dependency libsystemd found: YES 255 +Checking for function "sd_uid_get_display" with dependency libsystemd: YES +Checking for function "sd_pidfd_get_session" with dependency libsystemd: YES +../meson.build:222:37: ERROR: Unknown variable "systemd_dep". + +Follow-up for 24f1e0af3f7bd17e220cb96201f3c654e737ad34 +--- a/meson.build b/meson.build +@@ -212,9 +212,9 @@ if enable_logind + config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep)) + + # systemd unit / service files ++ systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + systemd_systemdsystemunitdir = get_option('systemdsystemunitdir') + if systemd_systemdsystemunitdir == '' and session_tracking == 'libsystemd-login' +-systemd_dep = dependency('systemd', not_found_message: 'systemd required but not found, please provide a valid systemd user unit dir or disable it') + # FIXME: systemd.pc file does not use variables with relative paths, so `define_variable` cannot be used + systemd_systemdsystemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') + endif + diff --git a/sys-auth/polkit/polkit-124.ebuild b/sys-auth/polkit/polkit-124.ebuild new file mode 100644 index ..1b576a7af2d7 --- /dev/null +++ b/sys-auth/polkit/polkit-124.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) +inherit meson pam pax-utils python-any-r1 systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: a44b0d4acf34b4a5bbd33c642b674dafe5a42aec Author: Sam James gentoo org> AuthorDate: Sat Oct 15 23:51:03 2022 + Commit: Sam James gentoo org> CommitDate: Sat Oct 15 23:51:03 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a44b0d4a sys-auth/polkit: drop versions Signed-off-by: Sam James gentoo.org> sys-auth/polkit/Manifest | 2 - ...lkit-0.118-make-netgroup-support-optional.patch | 248 - sys-auth/polkit/files/polkit-0.120-meson.patch | 42 .../files/polkit-0.120_p20220221-pkexec-suid.patch | 67 -- sys-auth/polkit/polkit-0.120_p20220221-r1.ebuild | 129 --- sys-auth/polkit/polkit-0.120_p20220221.ebuild | 126 --- sys-auth/polkit/polkit-0.120_p20220509.ebuild | 146 7 files changed, 760 deletions(-) diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index e635b78c0256..9f7fb1747d8e 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,3 +1 @@ -DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f -DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f DIST polkit-121.tar.gz 743287 BLAKE2B 6ebda8fc866ef960281ef912a3d3c45572da3ba90a84026e386b78ced8eaadc6cfc0e88d6e5a75133bf99e28041f8b29b236bb0e9666dd1ffc43af2227a5cb2d SHA512 f565027b80f32833c558900b612e089ab25027da5bf9a90c421a292467d4db9a291f6dc9850c4bca8f9ee890d476fd064a643a5f7e28497661ba1e31d4227624 diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch deleted file mode 100644 index 8810e70b7378.. --- a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch +++ /dev/null @@ -1,248 +0,0 @@ -Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch. - -https://bugs.gentoo.org/833753 -https://bugs.gentoo.org/561672 -https://bugs.freedesktop.org/show_bug.cgi?id=50145 -https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 - -Patch has been rebased a bit since but keeping original headers. - -From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" -Date: Wed, 11 Jul 2018 04:54:26 -0500 -Subject: [PATCH] make netgroup support optional - -On at least Linux/musl and Linux/uclibc, netgroup support is not -available. PolKit fails to compile on these systems for that reason. - -This change makes netgroup support conditional on the presence of the -setnetgrent(3) function which is required for the support to work. If -that function is not available on the system, an error will be returned -to the administrator if unix-netgroup: is specified in configuration. - -Fixes bug 50145. - -Signed-off-by: A. Wilcox a/configure.ac -+++ b/configure.ac -@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], -[AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) - --AC_CHECK_FUNCS(clearenv fdatasync) -+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) - - if test "x$GCC" = "xyes"; then - LDFLAGS="-Wl,--as-needed $LDFLAGS" a/src/polkit/polkitidentity.c -+++ b/src/polkit/polkitidentity.c -@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, - } - else if (g_str_has_prefix (str, "unix-netgroup:")) - { -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine ('%s')", -+ str); -+#else - identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -+#endif - } - - if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, - GVariant *v; - const char *name; - -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine"); -+ goto out; -+#else -+ - v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); - if (v == NULL) - { -@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, - name = g_variant_get_string (v, NULL); - ret =
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 76caeda5c0ae4a7045d321f32ef95e31722434dd Author: Sam James gentoo org> AuthorDate: Sun May 15 05:17:19 2022 + Commit: Sam James gentoo org> CommitDate: Sun May 15 22:09:39 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76caeda5 sys-auth/polkit: drop 0.117-r3, 0.120-r3 Bug: https://bugs.gentoo.org/794052 Bug: https://bugs.gentoo.org/833574 Signed-off-by: Sam James gentoo.org> sys-auth/polkit/Manifest | 2 - sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 --- .../polkit/files/polkit-0.117-CVE-2021-3560.patch | 29 --- ...lkit-0.118-make-netgroup-support-optional.patch | 248 - .../polkit/files/polkit-0.120-CVE-2021-4034.patch | 72 -- .../polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 --- sys-auth/polkit/metadata.xml | 1 - sys-auth/polkit/polkit-0.117-r3.ebuild | 136 --- sys-auth/polkit/polkit-0.120-r3.ebuild | 123 -- 9 files changed, 717 deletions(-) diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index 36f72ccb57f8..1131b5984975 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,4 +1,2 @@ -DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70 -DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46 DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch deleted file mode 100644 index 93d672015db4.. --- a/sys-auth/polkit/files/polkit-0.115-elogind.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001 -From: Rasmus Thomsen -Date: Wed, 11 Apr 2018 13:14:14 +0200 -Subject: [PATCH] configure: fix elogind support - -HAVE_LIBSYSTEMD is used to determine which source files to use. -We have to check if either have_libsystemd or have_libelogind is -true, as both of these need the source files which are used when -HAVE_LIBSYSTEMD is true. - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 36df239..da47ecb 100644 a/configure.ac -+++ b/configure.ac -@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [ - - AC_SUBST(LIBSYSTEMD_CFLAGS) - AC_SUBST(LIBSYSTEMD_LIBS) --AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) -+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd]) - - dnl --- - dnl - systemd unit / service files --- -2.17.0 diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch deleted file mode 100644 index 9c3ce20cf574.. --- a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch +++ /dev/null @@ -1,29 +0,0 @@ -https://bugs.gentoo.org/794052 - -From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001 -From: Jan Rybar -Date: Wed, 2 Jun 2021 15:43:38 +0200 -Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit - -initial values returned if error caught - src/polkit/polkitsystembusname.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c -index 8daa12c..8ed1363 100644 a/src/polkit/polkitsystembusname.c -+++ b/src/polkit/polkitsystembusname.c -@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus - while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) - g_main_context_iteration (tmp_context, TRUE); - -+ if (data.caught_error) -+goto out; -+ - if (out_uid) -
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: ef7e6d556aac8790982a70acbd5d40130faa2346 Author: Sam James gentoo org> AuthorDate: Tue Feb 22 06:11:04 2022 + Commit: Sam James gentoo org> CommitDate: Tue Feb 22 06:12:35 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef7e6d55 sys-auth/polkit: patch CVE-2021-4115 - Add as patch to 0.120-r3 (new) to be immediately stabilised - Additionally bump to 0.120_p20220221 (only difference from last snapshot is a test timeout fix + this CVE-2021-4115 patch) but we'll hold off on stabling that given we only added the previous snapshot a few days ago. Bug: https://bugs.gentoo.org/833574 Signed-off-by: Sam James gentoo.org> sys-auth/polkit/Manifest | 1 + .../polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 + sys-auth/polkit/polkit-0.120-r3.ebuild | 123 sys-auth/polkit/polkit-0.120_p20220221.ebuild | 126 + 4 files changed, 328 insertions(+) diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index 8ff4f745515e..754b065bc059 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,3 +1,4 @@ DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70 DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46 DIST polkit-0.120_p20220127.tar.bz2 733965 BLAKE2B 839a66799df870c36ea3788f68aea355ab99cf8aa0227ee633ee1155822663ce4671de4e9b041274345c1f62fbdf0405754ed1f3c7cf2a8855974854dc126e55 SHA512 67f2c1c7cd69767d578ccba2b94398eb6fcb348a77a4092c3517895190f095caee95ed491c8cff2827e287f4541cf83fefbefca1a0099d7e52bee6f825bbbd4f +DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch new file mode 100644 index ..a82ce25cae03 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch @@ -0,0 +1,78 @@ +https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7 +https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 +https://bugs.gentoo.org/833574 + +From: Jan Rybar +Date: Mon, 21 Feb 2022 08:29:05 + +Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix + +--- a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +@@ -62,6 +62,10 @@ enum + PROP_NAME, + }; + ++ ++guint8 dbus_call_respond_fails; // has to be global because of callback ++ ++ + static void subject_iface_init (PolkitSubjectIface *subject_iface); + + G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, +@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, + if (!v) + { + data->caught_error = TRUE; ++ dbus_call_respond_fails += 1; + } + else + { +@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + ++ dbus_call_respond_fails = 0; ++ + /* Do two async calls as it's basically as fast as one sync call. +*/ + g_dbus_connection_call (connection, +@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + on_retrieved_unix_uid_pid, + ); + +- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) +-g_main_context_iteration (tmp_context, TRUE); ++ while (TRUE) ++ { ++/* If one dbus call returns error, we must wait until the other call ++ * calls _call_finish(), otherwise fd leak is possible. ++ * Resolves: GHSL-2021-077 ++*/ + +- if (data.caught_error) +-goto out; ++if ( (dbus_call_respond_fails > 1) ) ++{ ++ // we got two faults, we can leave ++ goto out; ++} ++ ++if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) ++{ ++ // we got one fault and the other call finally finished, we can leave ++ goto out; ++} ++ ++if ( !(data.retrieved_uid && data.retrieved_pid) ) ++{ ++ g_main_context_iteration (tmp_context, TRUE); ++} ++else ++{ ++
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: cca21561571e00e88f434ad94a9cde6851fab244 Author: Sam James gentoo org> AuthorDate: Sun Feb 20 00:42:58 2022 + Commit: Sam James gentoo org> CommitDate: Sun Feb 20 00:42:58 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cca21561 sys-auth/polkit: add musl patch to 0.120_p20220127 Pulled in from ::musl. Closes: https://bugs.gentoo.org/833753 Bug: https://bugs.gentoo.org/561672 Signed-off-by: Sam James gentoo.org> ...lkit-0.118-make-netgroup-support-optional.patch | 228 + sys-auth/polkit/polkit-0.120_p20220127.ebuild | 3 + 2 files changed, 231 insertions(+) diff --git a/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch new file mode 100644 index ..b11250fd3992 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch @@ -0,0 +1,228 @@ +Pulled in from https://github.com/gentoo/musl/blob/master/sys-auth/polkit/files/polkit-0.118-make-netgroup-support-optional.patch. + +https://bugs.gentoo.org/833753 +https://bugs.gentoo.org/561672 +https://bugs.freedesktop.org/show_bug.cgi?id=50145 +https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 + +Patch has been rebased a bit since but keeping original headers. + +From c7ad7cb3ca8fca32b9b64b0fc33867b98935b76b Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" +Date: Wed, 11 Jul 2018 04:54:26 -0500 +Subject: [PATCH] make netgroup support optional + +On at least Linux/musl and Linux/uclibc, netgroup support is not +available. PolKit fails to compile on these systems for that reason. + +This change makes netgroup support conditional on the presence of the +setnetgrent(3) function which is required for the support to work. If +that function is not available on the system, an error will be returned +to the administrator if unix-netgroup: is specified in configuration. + +Fixes bug 50145. + +Signed-off-by: A. Wilcox +--- a/configure.ac b/configure.ac +@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], +[AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv fdatasync) ++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +--- a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c +@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, + } + else if (g_str_has_prefix (str, "unix-netgroup:")) + { ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine ('%s')", ++ str); ++#else + identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); ++#endif + } + + if (identity == NULL && (error != NULL && *error == NULL)) +@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, + GVariant *v; + const char *name; + ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine"); ++ goto out; ++#else ++ + v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { +@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, + name = g_variant_get_string (v, NULL); + ret = polkit_unix_netgroup_new (name); + g_variant_unref (v); ++#endif + } + else + { +--- a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c +@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, + PolkitIdentity * + polkit_unix_netgroup_new (const gchar *name) + { ++#ifndef HAVE_SETNETGRENT ++ g_assert_not_reached(); ++#endif + g_return_val_if_fail (name != NULL, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, +"name", name, +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, + GList *ret; + + ret = NULL; ++#ifdef HAVE_SETNETGRENT + name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); + +-#ifdef HAVE_SETNETGRENT_RETURN ++# ifdef HAVE_SETNETGRENT_RETURN + if (setnetgrent (name) == 0) + { + g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); + goto out; + } +-#else ++# else + setnetgrent (name); +-#endif ++# endif /* HAVE_SETNETGRENT_RETURN */ + + for (;;) + { +-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) ++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) + const
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 943593956c04c5c2b1f1c679d5b3f36428d1173a Author: Mathieu Tortuyaux microsoft com> AuthorDate: Thu Jan 27 09:31:48 2022 + Commit: Sam James gentoo org> CommitDate: Thu Jan 27 19:50:27 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94359395 sys-auth/polkit: fix CVE id Nit-pick to avoid confusion. Bug: https://bugs.gentoo.org/832057 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Mathieu Tortuyaux microsoft.com> Closes: https://github.com/gentoo/gentoo/pull/23980 Signed-off-by: Sam James gentoo.org> ...olkit-0.120-CVE-2021-4043.patch => polkit-0.120-CVE-2021-4034.patch} | 0 sys-auth/polkit/polkit-0.117-r3.ebuild | 2 +- sys-auth/polkit/polkit-0.120-r2.ebuild | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch similarity index 100% rename from sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch rename to sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild index a486ee25b894..33e09e40e512 100644 --- a/sys-auth/polkit/polkit-0.117-r3.ebuild +++ b/sys-auth/polkit/polkit-0.117-r3.ebuild @@ -62,7 +62,7 @@ PATCHES=( "${FILESDIR}"/polkit-0.115-elogind.patch "${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch - "${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch + "${FILESDIR}"/polkit-0.120-CVE-2021-4034.patch ) QA_MULTILIB_PATHS=" diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild index 4d864ecfd564..952906f5d88e 100644 --- a/sys-auth/polkit/polkit-0.120-r2.ebuild +++ b/sys-auth/polkit/polkit-0.120-r2.ebuild @@ -63,7 +63,7 @@ QA_MULTILIB_PATHS=" src_prepare() { local PATCHES=( "${FILESDIR}/polkit-0.120-meson.patch" - "${FILESDIR}/polkit-0.120-CVE-2021-4043.patch" + "${FILESDIR}/polkit-0.120-CVE-2021-4034.patch" ) default
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 77e50819c7c7c22dee5ee6b2e7538b3cfff789af Author: Sam James gentoo org> AuthorDate: Wed Jan 26 00:50:34 2022 + Commit: Sam James gentoo org> CommitDate: Wed Jan 26 00:51:00 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77e50819 sys-auth/polkit: backport CVE-2021-3560, CVE-2021-4043 patches to 0.117 Needed for non-Rust arches like sparc. (Most users are on 0.120 and already fixed in previous commits.) Bug: https://bugs.gentoo.org/794052 Bug: https://bugs.gentoo.org/832057 Signed-off-by: Sam James gentoo.org> .../polkit/files/polkit-0.117-CVE-2021-3560.patch | 29 + sys-auth/polkit/polkit-0.117-r3.ebuild | 136 + 2 files changed, 165 insertions(+) diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch new file mode 100644 index ..9c3ce20cf574 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch @@ -0,0 +1,29 @@ +https://bugs.gentoo.org/794052 + +From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Wed, 2 Jun 2021 15:43:38 +0200 +Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit + +initial values returned if error caught +--- + src/polkit/polkitsystembusname.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 8daa12c..8ed1363 100644 +--- a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + ++ if (data.caught_error) ++goto out; ++ + if (out_uid) + *out_uid = data.uid; + if (out_pid) +-- +GitLab + diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild new file mode 100644 index ..6dab5cf577c0 --- /dev/null +++ b/sys-auth/polkit/polkit-0.117-r3.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools pam pax-utils systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit; +SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz; + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test" +RESTRICT="!test? ( test )" + +REQUIRED_USE="^^ ( elogind systemd )" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + dev-util/gtk-doc-am + dev-util/intltool + sys-devel/gettext + virtual/pkgconfig + introspection? ( dev-libs/gobject-introspection ) +" +DEPEND=" + dev-lang/spidermonkey:68[-debug] + dev-libs/glib:2 + dev-libs/expat + elogind? ( sys-auth/elogind ) + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) +" +RDEPEND="${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING NEWS README ) + +PATCHES=( + # bug 660880 + "${FILESDIR}"/polkit-0.115-elogind.patch + + "${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch + "${FILESDIR}"/polkit-0.120-CVE-2021-4043.patch +) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd" + +src_prepare() { + default + + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 + + # Workaround upstream hack around standard gtk-doc behavior, bug #552170 + sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \ + -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \ + -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \ + docs/polkit/Makefile.in || die + + # disable broken test - bug #624022 + sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die + + # Fix cross-building, bug #590764, elogind patch, bug #598615 + eautoreconf +} + +src_configure() { + xdg_environment_reset + + local
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: d0e16d6fb24423388c5acd74e5f0b9856af08f08 Author: Sam James gentoo org> AuthorDate: Tue Jan 25 17:25:25 2022 + Commit: Sam James gentoo org> CommitDate: Tue Jan 25 17:25:54 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0e16d6f sys-auth/polkit: fix CVE-2021-4043 Bug: https://bugs.gentoo.org/832057 Signed-off-by: Sam James gentoo.org> .../polkit/files/polkit-0.120-CVE-2021-4043.patch | 72 + sys-auth/polkit/polkit-0.120-r2.ebuild | 120 + 2 files changed, 192 insertions(+) diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch new file mode 100644 index ..22bb71d14204 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch @@ -0,0 +1,72 @@ +https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt +https://bugs.gentoo.org/832057 +https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch + +From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001 +From: Jan Rybar +Date: Tue, 25 Jan 2022 17:21:46 + +Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034) + +--- a/src/programs/pkcheck.c b/src/programs/pkcheck.c +@@ -363,6 +363,11 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ if (argc < 1) ++{ ++ exit(126); ++} ++ + /* Disable remote file access from GIO. */ + setenv ("GIO_USE_VFS", "local", 1); + +--- a/src/programs/pkexec.c b/src/programs/pkexec.c +@@ -488,6 +488,15 @@ main (int argc, char *argv[]) + pid_t pid_of_caller; + gpointer local_agent_handle; + ++ ++ /* ++ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. ++ */ ++ if (argc<1) ++{ ++ exit(127); ++} ++ + ret = 127; + authority = NULL; + subject = NULL; +@@ -614,10 +623,10 @@ main (int argc, char *argv[]) + + path = g_strdup (pwstruct.pw_shell); + if (!path) +- { ++{ + g_printerr ("No shell configured or error retrieving pw_shell\n"); + goto out; +- } ++} + /* If you change this, be sure to change the if (!command_line) +case below too */ + command_line = g_strdup (path); +@@ -636,7 +645,15 @@ main (int argc, char *argv[]) + goto out; + } + g_free (path); +- argv[n] = path = s; ++ path = s; ++ ++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. ++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination ++ */ ++ if (argv[n] != NULL) ++ { ++argv[n] = path; ++ } + } + if (access (path, F_OK) != 0) + { +GitLab diff --git a/sys-auth/polkit/polkit-0.120-r2.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild new file mode 100644 index ..6af327e19f2f --- /dev/null +++ b/sys-auth/polkit/polkit-0.120-r2.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit meson pam pax-utils systemd xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit; +SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz; + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc64 ~riscv ~s390 ~x86" +IUSE="examples gtk +introspection kde pam selinux systemd test" +#RESTRICT="!test? ( test )" +# Tests currently don't work with meson. See +# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 +RESTRICT="test" + +BDEPEND=" + acct-user/polkitd + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/glib + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/glib-utils + sys-devel/gettext + virtual/pkgconfig + introspection? ( dev-libs/gobject-introspection ) +" +DEPEND=" + dev-lang/spidermonkey:78[-debug] + dev-libs/glib:2 + dev-libs/expat + pam? ( + sys-auth/pambase + sys-libs/pam + ) + !pam? ( virtual/libcrypt:= ) + systemd? ( sys-apps/systemd:0=[policykit] ) + !systemd? ( sys-auth/elogind ) +" +RDEPEND="${DEPEND} + acct-user/polkitd + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) +" + +DOCS=( docs/TODO HACKING NEWS README ) + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd" + +src_prepare() { + local PATCHES=( +
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 1bed18530dc535caec4a9fbfe2f9c4de9ac3d730 Author: Andreas Sturmlechner gentoo org> AuthorDate: Sun Oct 4 15:58:22 2020 + Commit: Andreas Sturmlechner gentoo org> CommitDate: Sun Oct 4 15:58:22 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bed1853 sys-auth/polkit: Cleanup vulnerable 0.115-r4 Bug: https://bugs.gentoo.org/717712 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Andreas Sturmlechner gentoo.org> sys-auth/polkit/Manifest | 1 - sys-auth/polkit/files/CVE-2018-19788.patch | 339 - .../files/polkit-0.115-spidermonkey-60.patch | 180 --- sys-auth/polkit/polkit-0.115-r4.ebuild | 144 - 4 files changed, 664 deletions(-) diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index 22da4a92e24..c1e90f0d5ca 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,4 +1,3 @@ -DIST polkit-0.115.tar.gz 1550932 BLAKE2B 3185ebed46209f88a9ffccbbcaf1bf180d1ae6d5ec53cf3c66d867ad43910b47a1123a3db190991ebb382a0d28fc5a119ea4bab942db324e9af5663056cf6ee1 SHA512 1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc DIST polkit-0.116.tar.gz 1548311 BLAKE2B e9761a2934136d453a47b81dd1f132f9fc96c45b731d5fceb2aa7706f5325b6499f6acbb68032befc1b21878b1b54754685607c916ca8e02a8accca3ca014b31 SHA512 b66b01cc2bb4349de70147f41f161f0f6f41e7230b581dfb054058b48969ec57041ab05b51787c749ccfc36aa5f317952d7e7ba337b4f6f6c0a923ed5866c2d5 DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70 DIST polkit-0.118.tar.gz 1556765 BLAKE2B d048b37b1ff8ad59a2d8a333a3b459d1592b61f7a6d9a9569f8b2984de913d71abfc9748e242c7453f0bce4f322bd44672e35309f181afd22488794ca0e47119 SHA512 3d412f40c903cfaf68530f9c0cb616106f8edf43bec6805de129f8bb9cb4e64c98da6bf02caa3ef5619974f3e2df7a70564f08b92901662453477e9005752b4e diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch b/sys-auth/polkit/files/CVE-2018-19788.patch deleted file mode 100644 index 97e3608a12b..000 --- a/sys-auth/polkit/files/CVE-2018-19788.patch +++ /dev/null @@ -1,339 +0,0 @@ -From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 3 Dec 2018 10:28:58 +0100 -Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group - objects - -(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since -there should be no users with such number, see -https://systemd.io/UIDS-GIDS#special-linux-uids. - -(uid_t) -1 is used as the default value in class initialization. - -When a user or group above INT32_MAX is created, the numeric uid or -gid wraps around to negative when the value is assigned to gint, and -polkit gets confused. Let's accept such gids, except for -1. - -A nicer fix would be to change the underlying type to e.g. uint32 to -not have negative values. But this cannot be done without breaking the -API, so likely new functions will have to be added (a -polkit_unix_user_new variant that takes a unsigned, and the same for -_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will -require a bigger patch. - -Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. - src/polkit/polkitunixgroup.c | 15 +++ - src/polkit/polkitunixprocess.c | 12 - src/polkit/polkitunixuser.c| 13 ++--- - 3 files changed, 29 insertions(+), 11 deletions(-) - -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index c57a1aa..309f689 100644 a/src/polkit/polkitunixgroup.c -+++ b/src/polkit/polkitunixgroup.c -@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, - static void - polkit_unix_group_init (PolkitUnixGroup *unix_group) - { -+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ - } - - static void -@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, -GParamSpec *pspec) - { - PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); -+ gint val; - - switch (prop_id) - { - case PROP_GID: -- unix_group->gid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_group->gid = val; - break; - - default: -@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) -g_param_spec_int ("gid", - "Group ID", - "The UNIX group ID", --
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 3593d9638f4876e8540afb40012856ebe6d257b5 Author: Arfrever Frehtes Taifersar Arahesis Apache Org> AuthorDate: Mon Mar 25 00:49:59 2019 + Commit: Lars Wendler gentoo org> CommitDate: Tue Mar 26 08:58:40 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3593d963 sys-auth/polkit: Use dev-lang/spidermonkey:60. Port to EAPI="7". Improve HOMEPAGE. Fixes: https://bugs.gentoo.org/681692 Signed-off-by: Arfrever Frehtes Taifersar Arahesis Apache.Org> Signed-off-by: Lars Wendler gentoo.org> .../files/polkit-0.115-spidermonkey-60.patch | 180 + sys-auth/polkit/polkit-0.115-r4.ebuild | 143 2 files changed, 323 insertions(+) diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch new file mode 100644 index 000..8a4510ad205 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch @@ -0,0 +1,180 @@ +From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001 +From: Emmanuele Bassi +Date: Fri, 31 Aug 2018 13:32:16 +0100 +Subject: [PATCH] Depend on mozjs-60 + +This is the new ESR version of the Mozilla JS engine, superceding +mozjs-52. +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 5c37e48..5cedb4e 100644 +--- a/configure.ac b/configure.ac +@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + +-PKG_CHECK_MODULES(LIBJS, [mozjs-52]) ++PKG_CHECK_MODULES(LIBJS, [mozjs-60]) + + AC_SUBST(LIBJS_CFLAGS) + AC_SUBST(LIBJS_CXXFLAGS) + + +From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001 +From: Emmanuele Bassi +Date: Fri, 31 Aug 2018 13:33:20 +0100 +Subject: [PATCH] Port the JS authority to mozjs-60 + +API changes in mozjs that need to be reflected in the JS authority: + + - the JS::CompileOptions constructor and the JS::CompartmentOptions + do not allow setting a JS version any more + + - do not use NULL comparisons for C++ objects + + - the resize() method for a vector has a return value that needs + to be handled + + - JSClassOps has different fields +--- + .../polkitbackendjsauthority.cpp | 65 +-- + 1 file changed, 32 insertions(+), 33 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp +index 7602714..984a0f0 100644 +--- a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC + /* */ + + static const struct JSClassOps js_global_class_ops = { +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL ++ nullptr, // addProperty ++ nullptr, // deleteProperty ++ nullptr, // enumerate ++ nullptr, // newEnumerate ++ nullptr, // resolve ++ nullptr, // mayResolve ++ nullptr, // finalize ++ nullptr, // call ++ nullptr, // hasInstance ++ nullptr, // construct ++ JS_GlobalObjectTraceHook + }; + + static JSClass js_global_class = { +@@ -172,18 +171,17 @@ static JSClass js_global_class = { + + /* */ + static const struct JSClassOps js_polkit_class_ops = { +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL ++ nullptr, // addProperty ++ nullptr, // deleteProperty ++ nullptr, // enumerate ++ nullptr, // newEnumerate ++ nullptr, // resolve ++ nullptr, // mayResolve ++ nullptr, // finalize ++ nullptr, // call ++ nullptr, // hasInstance ++ nullptr, // construct ++ nullptr // trace + }; + + static JSClass js_polkit_class = { +@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object) + + { + JS::CompartmentOptions compart_opts; +-compart_opts.behaviors().setVersion(JSVERSION_LATEST); ++ + JS::RootedObject global(authority->priv->cx); + + authority->priv->js_global = new JS::Heap (JS_NewGlobalObject (authority->priv->cx, _global_class, NULL, JS::FireOnNewGlobalHook, compart_opts)); + + global = authority->priv->js_global->get (); +- +-if (global == NULL) ++if (!global) + goto fail; + + authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global); + +-if (authority->priv->ac == NULL) ++if (!authority->priv->ac) + goto fail; + + if (!JS_InitStandardClasses (authority->priv->cx, global)) +@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object) + + polkit = authority->priv->js_polkit->get (); +
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 796d413851084fa37559c1806e436cb8bdfce936 Author: Andreas Sturmlechner gentoo org> AuthorDate: Wed Aug 8 19:55:48 2018 + Commit: Andreas Sturmlechner gentoo org> CommitDate: Wed Aug 8 20:45:29 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=796d4138 sys-auth/polkit: Fix configure with elogind See also: https://bugs.freedesktop.org/show_bug.cgi?id=105989 Closes: https://bugs.gentoo.org/660880 Closes: https://bugs.gentoo.org/662338 Package-Manager: Portage-2.3.45, Repoman-2.3.10 sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 + sys-auth/polkit/polkit-0.115-r1.ebuild | 137 +++ 2 files changed, 165 insertions(+) diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch new file mode 100644 index 000..93d672015db --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.115-elogind.patch @@ -0,0 +1,28 @@ +From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001 +From: Rasmus Thomsen +Date: Wed, 11 Apr 2018 13:14:14 +0200 +Subject: [PATCH] configure: fix elogind support + +HAVE_LIBSYSTEMD is used to determine which source files to use. +We have to check if either have_libsystemd or have_libelogind is +true, as both of these need the source files which are used when +HAVE_LIBSYSTEMD is true. +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 36df239..da47ecb 100644 +--- a/configure.ac b/configure.ac +@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [ + + AC_SUBST(LIBSYSTEMD_CFLAGS) + AC_SUBST(LIBSYSTEMD_LIBS) +-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) ++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd]) + + dnl --- + dnl - systemd unit / service files +-- +2.17.0 diff --git a/sys-auth/polkit/polkit-0.115-r1.ebuild b/sys-auth/polkit/polkit-0.115-r1.ebuild new file mode 100644 index 000..f07c7ca222e --- /dev/null +++ b/sys-auth/polkit/polkit-0.115-r1.ebuild @@ -0,0 +1,137 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools pam pax-utils systemd user xdg-utils + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit; +SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz; + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="elogind examples gtk +introspection jit kde nls pam selinux systemd test" + +REQUIRED_USE="?? ( elogind systemd )" + +CDEPEND=" + dev-lang/spidermonkey:52[-debug] + dev-libs/glib:2 + dev-libs/expat + elogind? ( sys-auth/elogind ) + introspection? ( dev-libs/gobject-introspection ) + pam? ( + sys-auth/pambase + virtual/pam + ) + systemd? ( sys-apps/systemd:0= ) +" +DEPEND="${CDEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/gobject-introspection-common + dev-libs/libxslt + dev-util/gtk-doc-am + dev-util/intltool + sys-devel/gettext + virtual/pkgconfig +" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + >=lxde-base/lxsession-0.5.2 + ) ) + kde? ( kde-plasma/polkit-kde-agent ) + !systemd? ( !elogind? ( sys-auth/consolekit[policykit] ) ) +" + +DOCS=( docs/TODO HACKING NEWS README ) + +PATCHES=( "${FILESDIR}"/${P}-elogind.patch ) # bug 660880 + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd" + +pkg_setup() { + local u=polkitd + local g=polkitd + local h=/var/lib/polkit-1 + + enewgroup ${g} + enewuser ${u} -1 -1 ${h} ${g} + esethome ${u} ${h} +} + +src_prepare() { + default + + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 + + # Workaround upstream hack around standard gtk-doc behavior, bug #552170 + sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \ + -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \ + -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \ + docs/polkit/Makefile.in || die + + # disable broken test - bug #624022 + sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die + + # Fix cross-building, bug #590764, elogind patch, bug #598615 + eautoreconf +} + +src_configure() { +
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 487ef5103ed45a49310282d483c41f0dcf6638e2 Author: Sven Eden gmx net> AuthorDate: Tue Jun 27 12:03:40 2017 + Commit: Michael Palimaka gentoo org> CommitDate: Tue Jun 27 12:04:19 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=487ef510 sys-auth/polkit: improve elogind patch Gentoo-bug: 622800 Package-Manager: Portage-2.3.6, Repoman-2.3.2 sys-auth/polkit/files/polkit-0.113-elogind.patch | 22 -- ...lkit-0.113-r2.ebuild => polkit-0.113-r3.ebuild} | 0 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch index fb142c65ce6..c822e00d24a 100644 --- a/sys-auth/polkit/files/polkit-0.113-elogind.patch +++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch @@ -117,8 +117,8 @@ $(NULL) libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' a/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:29.650112018 +0100 -+++ b/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:58.283111505 +0100 +--- a/src/polkitbackend/polkitbackendjsauthority.c 2017-06-27 09:22:03.375841040 +0200 b/src/polkitbackend/polkitbackendjsauthority.c 2017-06-27 09:25:33.815845141 +0200 @@ -39,6 +39,10 @@ #include #endif /* HAVE_LIBSYSTEMD */ @@ -130,6 +130,24 @@ #include #include "initjs.h" /* init.js */ +@@ -793,7 +797,7 @@ + g_assert_not_reached (); + } + +-#ifdef HAVE_LIBSYSTEMD ++#if defined(HAVE_LIBSYSTEMD) || defined(HAVE_LIBELOGIND) + if (sd_pid_get_session (pid, _str) == 0) + { + if (sd_session_get_seat (session_str, _str) == 0) +@@ -801,7 +805,7 @@ + /* do nothing */ + } + } +-#endif /* HAVE_LIBSYSTEMD */ ++#endif /* HAVE_LIBSYSTEMD or HAVE_LIBELOGIND */ + + g_assert (POLKIT_IS_UNIX_USER (user_for_subject)); + uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject)); --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:44:29.650112018 +0100 +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:46:52.718109455 +0100 @@ -25,7 +25,11 @@ diff --git a/sys-auth/polkit/polkit-0.113-r2.ebuild b/sys-auth/polkit/polkit-0.113-r3.ebuild similarity index 100% rename from sys-auth/polkit/polkit-0.113-r2.ebuild rename to sys-auth/polkit/polkit-0.113-r3.ebuild
[gentoo-commits] repo/gentoo:master commit in: sys-auth/polkit/, sys-auth/polkit/files/
commit: 7ffb5079b8c109223cfeb4519abb84a6c5516293 Author: Andreas Sturmlechner gentoo org> AuthorDate: Sat Jan 14 12:24:15 2017 + Commit: Andreas Sturmlechner gentoo org> CommitDate: Sat Jan 14 19:25:03 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ffb5079 sys-auth/polkit: Add USE=elogind, bump to EAPI 6 Gentoo-bug: 598615 Drop non-existent lxde-base/lxpolkit from PDEPEND Package-Manager: portage-2.3.0 sys-auth/polkit/files/polkit-0.113-elogind.patch | 160 +++ sys-auth/polkit/metadata.xml | 1 + sys-auth/polkit/polkit-0.113-r2.ebuild | 133 +++ 3 files changed, 294 insertions(+) diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch new file mode 100644 index ..fb142c6 --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.113-elogind.patch @@ -0,0 +1,160 @@ +--- a/configure.ac 2016-11-03 20:16:02.842071344 +0100 b/configure.ac 2016-11-03 20:15:34.612071850 +0100 +@@ -183,11 +183,12 @@ + + AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"]) + +-dnl --- +-dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking +-dnl --- ++dnl --- ++dnl - Select wether to use libsystemd-login, elogind or ConsoleKit for session tracking ++dnl --- + + have_libsystemd=no ++have_elogind=no + SESSION_TRACKING=ConsoleKit + + AC_ARG_ENABLE([libsystemd-login], +@@ -220,6 +221,29 @@ + fi + fi + fi ++ ++AC_ARG_ENABLE([libelogind], ++ [AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])], ++ [enable_libelogind=$enableval], ++ [enable_libelogind=auto]) ++if test "$enable_libelogind" != "no"; then ++ PKG_CHECK_MODULES([LIBELOGIND], ++[libelogind], ++[have_libelogind=yes], ++[have_libelogind=no]) ++ if test "$have_libelogind" = "yes"; then ++SESSION_TRACKING=libelogind ++AC_DEFINE([HAVE_LIBELOGIND], 1, [Define to 1 if libelogind is available]) ++save_LIBS=$LIBS ++LIBS=$LIBELOGIND_LIBS ++AC_CHECK_FUNCS(sd_uid_get_display) ++LIBS=$save_LIBS ++ else ++if test "$enable_libelogind" = "yes"; then ++ AC_MSG_ERROR([libelogind support requested but libelogind not found]) ++fi ++ fi ++fi + + AS_IF([test "x$cross_compiling" != "xyes" ], [ + AS_IF([test "$have_libsystemd" = "yes"], [ +@@ -245,6 +245,10 @@ + AC_SUBST(LIBSYSTEMD_LIBS) + AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) + ++AC_SUBST(LIBELOGIND_CFLAGS) ++AC_SUBST(LIBELOGIND_LIBS) ++AM_CONDITIONAL(HAVE_LIBELOGIND, [test "$have_libelogind" = "yes"], [Using libelogind]) ++ + dnl --- + dnl - systemd unit / service files + dnl --- +--- a/src/polkitbackend/Makefile.am2016-11-04 04:40:46.930116006 +0100 b/src/polkitbackend/Makefile.am2016-11-04 04:42:14.586114436 +0100 +@@ -42,21 +42,28 @@ + libpolkit_backend_1_la_SOURCES += \ + polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c + else ++if HAVE_LIBELOGIND ++libpolkit_backend_1_la_SOURCES += \ ++ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c ++else + libpolkit_backend_1_la_SOURCES += \ + polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c + endif ++endif + + libpolkit_backend_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(LIBSYSTEMD_CFLAGS)\ ++ $(LIBELOGIND_CFLAGS)\ + $(LIBJS_CFLAGS) \ + $(NULL) + + libpolkit_backend_1_la_LIBADD = \ + $(GLIB_LIBS) \ + $(LIBSYSTEMD_LIBS) \ ++ $(LIBELOGIND_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(EXPAT_LIBS) \ + $(LIBJS_LIBS) \ +--- a/src/polkit/Makefile.am 2016-11-04