diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-06-29 12:04:12 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-06-29 12:04:12 +0100 |
commit | 0f558761aa2dee1017b4751e4017205e015a9560 (patch) | |
tree | 037df795519468a25d9362b4e95cdaeb84eb1cf9 /sys-auth/polkit | |
parent | 752d6256e5204b958b0ef7905675a940b5e9172f (diff) |
gentoo resync : 29.12.2022
Diffstat (limited to 'sys-auth/polkit')
-rw-r--r-- | sys-auth/polkit/Manifest | 12 | ||||
-rw-r--r-- | sys-auth/polkit/files/polkit-0.115-elogind.patch | 28 | ||||
-rw-r--r-- | sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch | 29 | ||||
-rw-r--r-- | sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch | 72 | ||||
-rw-r--r-- | sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch | 78 | ||||
-rw-r--r-- | sys-auth/polkit/metadata.xml | 1 | ||||
-rw-r--r-- | sys-auth/polkit/polkit-0.117-r3.ebuild | 136 | ||||
-rw-r--r-- | sys-auth/polkit/polkit-0.120-r3.ebuild | 123 | ||||
-rw-r--r-- | sys-auth/polkit/polkit-0.120_p20220509.ebuild | 2 |
9 files changed, 3 insertions, 478 deletions
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index afdab6e0266b..97dc21637488 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,18 +1,10 @@ -AUX polkit-0.115-elogind.patch 1069 BLAKE2B 6c5a3d7d3e716a994b951181808f64d864e6ca58b3a018a5354022f08c6e7c1d8987366c9777f47cc970916ad9fe39f288a1b1643113fc99745f333e02dab56f SHA512 06432fa56788699762c6978484640554f91728a1cb40679eb47b8514b3c7aa23aac5b9c26586eb4d7043a0af1b319bbe7f869d24844d9151317299b74a8e8f7f -AUX polkit-0.117-CVE-2021-3560.patch 909 BLAKE2B a912312e60fc442645a94a93795912220019a668f18a6a0d4e3c34ea23ea4155b37673b5e8db516cbe389b49423ef6008006823897dc41795ee5ac5def3e2708 SHA512 e62f362a4486e5eab04a0acd582d5cb9c1def19dd1707a9e1c861bdea6f576e6c24838c722526908de9cad63a699b513e4f56d1d5bbb0fcb9578f542d65b2953 AUX polkit-0.118-make-netgroup-support-optional.patch 7827 BLAKE2B 31fe769d1fdeb2ffca34533f0f448e3cd03d9a4849d8b67c7202368d804a5e6fbe58aecd1ae349c5193ffb87da035892500eb89507560412f10c2e44ed6c8d32 SHA512 ce00cbc8e35eb65f4db29cb4932b644bdc412f1c889560765f5da4eb7f265028c9e0839e1155b189fbea2b4bd3dca5106ad58698cfc1eebb61aeb582e29871a5 -AUX polkit-0.120-CVE-2021-4034.patch 1933 BLAKE2B f125b6c55428c2c12dbb89e7bc8619400d914f5b2b955d4e6ec24c4ac2cb02ba8e624f5c1a61dda74b1c24cd5c81a3f2985b9f4cf828bd801d940e707d62bec7 SHA512 cd32461e95297e29d7a5b7ba999b4f27c8296c964eb41c94b4511dc5181538ad0a50554340dae3c5a87629e07b8b22477478ffbf478f0fc16de856f8efb791d6 -AUX polkit-0.120-CVE-2021-4115.patch 2244 BLAKE2B 731e583d9657de6e3b7c384a0122487b71253539066ca17debf6172d6e6d45dee292bd421de5cc406c97d32862250d170ea42e83fb15103581c1443b7c39df35 SHA512 b9032fb05e4a18d72caf8eeed3f400d774798de28d5dde679f769f0d60cc1818ae688f6aa86c074517f2789eb61011368288c7ebafd0361af2c63f08ada3d00a AUX polkit-0.120-meson.patch 1201 BLAKE2B cae66df3db2c92392a07d3b39219a3c16819a9c2393b2bbfc65a32e4beac921e17bb09220cbfe2622edc21c7f81c64058cf60c315d48b8d80ba643d8336d5171 SHA512 f3a4feafae83dcc8bd665557cfc755c08888a78575313d510ec5ff140a2174a709755aa5e23081291ade6b2d333887a10848ae5c7a99b700a2e18476af21844d AUX polkit-0.120_p20220221-pkexec-suid.patch 1874 BLAKE2B 61984910aa9e99d07784894cd5415c8f524c2db49584bd14df9c75836387a711336897c02253abd546f5175d42f17e1a9f5954c646b1e5e97b3e544ed42a11cd SHA512 458eb26e294f3a28d951541d24cd6d5446106acd441cec8329b68a92029fd9c75278692fa81b89be251bfeb3cea5471c9a2c49e44ff3771c6c9354d388d49b3a AUX polkit-0.120_p20220509-make-netgroup-support-optional.patch 7306 BLAKE2B f01dae628a31cee32ea5416a456bc8515142949a656b7e7075db1e71b04b50041fa466e659f8056b02f8b6d542219bedb77b4279b7c375c7c4971c0b20d968b3 SHA512 300867e1b32f03eafaae9c91994576ce5112a064850dee1f323401cb624a60e48776c42dbb61ab2fd4d0c5fb0e9ec25e542842572d067a7b7b0e84c2c7d6ff4a -DIST polkit-0.117.tar.gz 1554536 BLAKE2B 1cf7e0ff9db19a29be626f4bea96c9e2ef8b1eab4b8287a5f1f4d2a818b86d58c1c4c4a41849d95e31559dba1b18853a31e934ebbadd8e07f94dfd58b45240e0 SHA512 c10ea984f2386fe436e58a2866e5323afc80d24f744f0ee61d966941259aa491bd96b07d911434aa731b300c3cca25b647804b396501175ab5b3c53384e94c70 -DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46 DIST polkit-0.120_p20220221.tar.bz2 734510 BLAKE2B 412f943d6d7b8ec493280073ed75c73f6acc89958d1507b416067ce742cc91e648956015a8d40a38c41ef061c79fc62004aa99b9902cdee0b8302852fa2df42c SHA512 15b09ba274f9b09ff5bf11d6238da43b0ee1fd76d53aa489b062f168a79f5de74cbd3953b45fa3bfad458e09e4c04032d08fe369bec6ffa35114da610741eb9f DIST polkit-0.120_p20220509.tar.bz2 702995 BLAKE2B 5eee6c5c895f95a1caa037cb7cc7ace86584013455142a8f7cd1e97c99de5d99575a70be525fb596342949f7c6ed56bd54cce6552132153bb1383377722f9e5c SHA512 24136d215d760d3eaff910495b2b1ac2d6bbc4577bd65566ff425485e76625aea2478ab323048c24ba6560ffee8eae6d22fa6b7bba0a3a5a35f53dc50d8dcb4f -EBUILD polkit-0.117-r3.ebuild 3421 BLAKE2B 8c73f230d712d78551e55bb5dbce0dd1ca61a6fdfb5f813d73e8f468d911e5d5141ee8d0e89915cb44d6eb9d74a57788c3e9a729b7d3208d4ae287efc7a018ec SHA512 1bb4ccb01b750961b067cdc91a4317d747022e5dfd1e7625f3f090302cf2a68a5b4da006c922c5e56192a7c520cb54a63b9c21e173def6e4868c388ec8ade7c0 -EBUILD polkit-0.120-r3.ebuild 3216 BLAKE2B 832d88d6f3e1770f42b9a17abb6a77c30cb4fedba6efef52a1a6e7c0e1c49d8e23af1379532c11b36136ff594ad5860cb69c6fe69aa81c25f0479b5f07cd2b5a SHA512 5c991f1f062230ba05564adfc9186f2f6b4bddd77182ff3ac5649198dd838c4c6216ff77dca042905b518d396f943dcd85a95f575b949b84605d0caabc95624d EBUILD polkit-0.120_p20220221-r1.ebuild 3303 BLAKE2B b00a260b749e8ee0620a04c93fd4cbe83de8e80d11fd4388be07914229b4dfefb881b35d2b22c231c1ebaa844a30f3579ae5948d290118a528414cbcd7e81110 SHA512 3b7d82d879a1611fcbb70562da47feace213acd0055a03bd752b7e2ee98951db3f8e3a12b04da80dcbf49eecbaf2573d71007879692c5f11264bde4f095ba239 EBUILD polkit-0.120_p20220221.ebuild 3236 BLAKE2B a0255cdd9d3b77b27d6962747ac34ce11c71dd10b1400bf187098216415856be84209f7b242ec25f0504ba7557b1cec622d796a8774ed33a14fde382f97b78dd SHA512 bcfd31c336e628b3bbfe20e7d43799945625f4af0b64b19969f56264833645ed2779da073d2731729c3faa7e2c824da75f6f69c4677322a3591feb4912d4d9da -EBUILD polkit-0.120_p20220509.ebuild 3803 BLAKE2B ff93a770243763bb9ce9d39134817ddeee84c4cdb98fa0652e92e59655a67f3bf4455ccf3c21d0940961e9f8a726823f4231cb83ff225e9e4d1b048575d36102 SHA512 41332f3d170d555bdc20e26d6c5b4022509f0972e20de81294c0623a00de824bac8af8b12c07201836ec83c39f0c4726a3fcbb5b21c5ad78cfcc20d77fdef8a8 -MISC metadata.xml 537 BLAKE2B 990f855eefe670eec229bdd37d597dbe568651ff4fefbad6c0f5bb1be53479b2b60ae44001d8af34c5730dba273878d47500f3dce120526a15618edfb42ed0ac SHA512 c30b94411055d404eb31b26b80b647500f8ef8c31d338b6753878298cde7e8c8657887cc0cf50fc23538401ac4239892a50f417c7e7840aa8c73c84c73518be2 +EBUILD polkit-0.120_p20220509.ebuild 3801 BLAKE2B a11fbcc81ea0c6f0e4a17a3fc4b11a4dcbb4d3a2985f5961cd92115f41b2e415bb31e4ad143d8653d8e0a7507399df6d00b44ae1f80f29a17efa26921f869d63 SHA512 75261b434a9086c3e623a569b981306584da571d25393ffdba471af1dc33e99f4fa6fc3b75dae562a52f0f13a231749d8eb6836a039453224b3eba86704e724d +MISC metadata.xml 454 BLAKE2B 1a94248c1f7e644ab2501a45aa66efb0fcfe2dd2526e486b1a7c73a56d4910463b69eff0b10cc568437b467f523ced8a2f38a9b67ed6f1891a3411230819f209 SHA512 3fabdf6bce379fa08c802b52398d65071515e08eef357c9886b6c74e1415671068cad942c711e1b1348f6e4b583ae6bec443e902e7d675df1938e981d3ff8143 diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch deleted file mode 100644 index 93d672015db4..000000000000 --- a/sys-auth/polkit/files/polkit-0.115-elogind.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001 -From: Rasmus Thomsen <cogitri@exherbo.org> -Date: Wed, 11 Apr 2018 13:14:14 +0200 -Subject: [PATCH] configure: fix elogind support - -HAVE_LIBSYSTEMD is used to determine which source files to use. -We have to check if either have_libsystemd or have_libelogind is -true, as both of these need the source files which are used when -HAVE_LIBSYSTEMD is true. ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 36df239..da47ecb 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [ - - AC_SUBST(LIBSYSTEMD_CFLAGS) - AC_SUBST(LIBSYSTEMD_LIBS) --AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) -+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd]) - - dnl --------------------------------------------------------------------------- - dnl - systemd unit / service files --- -2.17.0 diff --git a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch b/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch deleted file mode 100644 index 9c3ce20cf574..000000000000 --- a/sys-auth/polkit/files/polkit-0.117-CVE-2021-3560.patch +++ /dev/null @@ -1,29 +0,0 @@ -https://bugs.gentoo.org/794052 - -From a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Mon Sep 17 00:00:00 2001 -From: Jan Rybar <jrybar@redhat.com> -Date: Wed, 2 Jun 2021 15:43:38 +0200 -Subject: [PATCH] GHSL-2021-074: authentication bypass vulnerability in polkit - -initial values returned if error caught ---- - src/polkit/polkitsystembusname.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c -index 8daa12c..8ed1363 100644 ---- a/src/polkit/polkitsystembusname.c -+++ b/src/polkit/polkitsystembusname.c -@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus - while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) - g_main_context_iteration (tmp_context, TRUE); - -+ if (data.caught_error) -+ goto out; -+ - if (out_uid) - *out_uid = data.uid; - if (out_pid) --- -GitLab - diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch deleted file mode 100644 index 22bb71d14204..000000000000 --- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4034.patch +++ /dev/null @@ -1,72 +0,0 @@ -https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt -https://bugs.gentoo.org/832057 -https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch - -From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001 -From: Jan Rybar <jrybar@redhat.com> -Date: Tue, 25 Jan 2022 17:21:46 +0000 -Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034) - ---- a/src/programs/pkcheck.c -+++ b/src/programs/pkcheck.c -@@ -363,6 +363,11 @@ main (int argc, char *argv[]) - local_agent_handle = NULL; - ret = 126; - -+ if (argc < 1) -+ { -+ exit(126); -+ } -+ - /* Disable remote file access from GIO. */ - setenv ("GIO_USE_VFS", "local", 1); - ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -488,6 +488,15 @@ main (int argc, char *argv[]) - pid_t pid_of_caller; - gpointer local_agent_handle; - -+ -+ /* -+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. -+ */ -+ if (argc<1) -+ { -+ exit(127); -+ } -+ - ret = 127; - authority = NULL; - subject = NULL; -@@ -614,10 +623,10 @@ main (int argc, char *argv[]) - - path = g_strdup (pwstruct.pw_shell); - if (!path) -- { -+ { - g_printerr ("No shell configured or error retrieving pw_shell\n"); - goto out; -- } -+ } - /* If you change this, be sure to change the if (!command_line) - case below too */ - command_line = g_strdup (path); -@@ -636,7 +645,15 @@ main (int argc, char *argv[]) - goto out; - } - g_free (path); -- argv[n] = path = s; -+ path = s; -+ -+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. -+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination -+ */ -+ if (argv[n] != NULL) -+ { -+ argv[n] = path; -+ } - } - if (access (path, F_OK) != 0) - { -GitLab diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch deleted file mode 100644 index a82ce25cae03..000000000000 --- a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4115.patch +++ /dev/null @@ -1,78 +0,0 @@ -https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7 -https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 -https://bugs.gentoo.org/833574 - -From: Jan Rybar <jrybar@redhat.com> -Date: Mon, 21 Feb 2022 08:29:05 +0000 -Subject: [PATCH] CVE-2021-4115 (GHSL-2021-077) fix - ---- a/src/polkit/polkitsystembusname.c -+++ b/src/polkit/polkitsystembusname.c -@@ -62,6 +62,10 @@ enum - PROP_NAME, - }; - -+ -+guint8 dbus_call_respond_fails; // has to be global because of callback -+ -+ - static void subject_iface_init (PolkitSubjectIface *subject_iface); - - G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, -@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, - if (!v) - { - data->caught_error = TRUE; -+ dbus_call_respond_fails += 1; - } - else - { -@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus - tmp_context = g_main_context_new (); - g_main_context_push_thread_default (tmp_context); - -+ dbus_call_respond_fails = 0; -+ - /* Do two async calls as it's basically as fast as one sync call. - */ - g_dbus_connection_call (connection, -@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus - on_retrieved_unix_uid_pid, - &data); - -- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) -- g_main_context_iteration (tmp_context, TRUE); -+ while (TRUE) -+ { -+ /* If one dbus call returns error, we must wait until the other call -+ * calls _call_finish(), otherwise fd leak is possible. -+ * Resolves: GHSL-2021-077 -+ */ - -- if (data.caught_error) -- goto out; -+ if ( (dbus_call_respond_fails > 1) ) -+ { -+ // we got two faults, we can leave -+ goto out; -+ } -+ -+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) -+ { -+ // we got one fault and the other call finally finished, we can leave -+ goto out; -+ } -+ -+ if ( !(data.retrieved_uid && data.retrieved_pid) ) -+ { -+ g_main_context_iteration (tmp_context, TRUE); -+ } -+ else -+ { -+ break; -+ } -+ } - - if (out_uid) - *out_uid = data.uid; -GitLab diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml index e93e97eb38ac..4e902cca885e 100644 --- a/sys-auth/polkit/metadata.xml +++ b/sys-auth/polkit/metadata.xml @@ -6,7 +6,6 @@ </maintainer> <use> <flag name="duktape">Use <pkg>dev-lang/duktape</pkg> instead of <pkg>dev-lang/spidermonkey</pkg> as JavaScript engine</flag> - <flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag> <flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag> </use> </pkgmetadata> diff --git a/sys-auth/polkit/polkit-0.117-r3.ebuild b/sys-auth/polkit/polkit-0.117-r3.ebuild deleted file mode 100644 index 650af02e7fab..000000000000 --- a/sys-auth/polkit/polkit-0.117-r3.ebuild +++ /dev/null @@ -1,136 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools pam pax-utils systemd xdg-utils - -DESCRIPTION="Policy framework for controlling privileges for system-wide services" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" -SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" - -LICENSE="LGPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ~ppc64 sparc ~x86" -IUSE="elogind examples gtk +introspection kde nls pam selinux systemd test" -RESTRICT="!test? ( test )" - -REQUIRED_USE="^^ ( elogind systemd )" - -BDEPEND=" - acct-user/polkitd - app-text/docbook-xml-dtd:4.1.2 - app-text/docbook-xsl-stylesheets - dev-libs/glib - dev-libs/gobject-introspection-common - dev-libs/libxslt - dev-util/glib-utils - dev-util/gtk-doc-am - dev-util/intltool - sys-devel/gettext - virtual/pkgconfig - introspection? ( dev-libs/gobject-introspection ) -" -DEPEND=" - dev-lang/spidermonkey:68[-debug] - dev-libs/glib:2 - dev-libs/expat - elogind? ( sys-auth/elogind ) - pam? ( - sys-auth/pambase - sys-libs/pam - ) - !pam? ( virtual/libcrypt:= ) - systemd? ( sys-apps/systemd:0=[policykit] ) -" -RDEPEND="${DEPEND} - acct-user/polkitd - selinux? ( sec-policy/selinux-policykit ) -" -PDEPEND=" - gtk? ( || ( - >=gnome-extra/polkit-gnome-0.105 - >=lxde-base/lxsession-0.5.2 - ) ) - kde? ( kde-plasma/polkit-kde-agent ) -" - -DOCS=( docs/TODO HACKING NEWS README ) - -PATCHES=( - # bug 660880 - "${FILESDIR}"/polkit-0.115-elogind.patch - - "${FILESDIR}"/polkit-0.117-CVE-2021-3560.patch - "${FILESDIR}"/polkit-0.120-CVE-2021-4034.patch -) - -QA_MULTILIB_PATHS=" - usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd" - -src_prepare() { - default - - sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 - - # Workaround upstream hack around standard gtk-doc behavior, bug #552170 - sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \ - -e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \ - -e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \ - docs/polkit/Makefile.in || die - - # disable broken test - bug #624022 - sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die - - # Fix cross-building, bug #590764, elogind patch, bug #598615 - eautoreconf -} - -src_configure() { - xdg_environment_reset - - local myeconfargs=( - --localstatedir="${EPREFIX}"/var - --disable-static - --enable-man-pages - --disable-gtk-doc - --disable-examples - $(use_enable elogind libelogind) - $(use_enable introspection) - $(use_enable nls) - $(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '') - --with-authfw=$(usex pam pam shadow) - $(use_enable systemd libsystemd-login) - --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" - $(use_enable test) - --with-os-type=gentoo - ) - econf "${myeconfargs[@]}" -} - -src_compile() { - default - - # Required for polkitd on hardened/PaX due to spidermonkey's JIT - pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest -} - -src_install() { - default - - if use examples; then - docinto examples - dodoc src/examples/{*.c,*.policy*} - fi - - diropts -m 0700 -o polkitd - keepdir /usr/share/polkit-1/rules.d - - find "${ED}" -name '*.la' -delete || die -} - -pkg_postinst() { - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d -} diff --git a/sys-auth/polkit/polkit-0.120-r3.ebuild b/sys-auth/polkit/polkit-0.120-r3.ebuild deleted file mode 100644 index 8d65989915e6..000000000000 --- a/sys-auth/polkit/polkit-0.120-r3.ebuild +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit meson pam pax-utils systemd xdg-utils - -DESCRIPTION="Policy framework for controlling privileges for system-wide services" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit" -SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" - -LICENSE="LGPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 ~mips ppc64 ~riscv x86" -IUSE="examples gtk +introspection kde pam selinux systemd test" -#RESTRICT="!test? ( test )" -# Tests currently don't work with meson. See -# https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 -RESTRICT="test" - -BDEPEND=" - acct-user/polkitd - app-text/docbook-xml-dtd:4.1.2 - app-text/docbook-xsl-stylesheets - dev-libs/glib - dev-libs/gobject-introspection-common - dev-libs/libxslt - dev-util/glib-utils - sys-devel/gettext - virtual/pkgconfig - introspection? ( dev-libs/gobject-introspection ) -" -DEPEND=" - dev-lang/spidermonkey:78[-debug] - dev-libs/glib:2 - dev-libs/expat - pam? ( - sys-auth/pambase - sys-libs/pam - ) - !pam? ( virtual/libcrypt:= ) - systemd? ( sys-apps/systemd:0=[policykit] ) - !systemd? ( sys-auth/elogind ) -" -RDEPEND="${DEPEND} - acct-user/polkitd - selinux? ( sec-policy/selinux-policykit ) -" -PDEPEND=" - gtk? ( || ( - >=gnome-extra/polkit-gnome-0.105 - >=lxde-base/lxsession-0.5.2 - ) ) - kde? ( kde-plasma/polkit-kde-agent ) -" - -DOCS=( docs/TODO HACKING NEWS README ) - -QA_MULTILIB_PATHS=" - usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd" - -src_prepare() { - local PATCHES=( - "${FILESDIR}/polkit-0.120-meson.patch" - "${FILESDIR}/polkit-0.120-CVE-2021-4034.patch" - "${FILESDIR}/polkit-0.120-CVE-2021-4115.patch" - ) - - default - - sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 -} - -src_configure() { - xdg_environment_reset - - local emesonargs=( - --localstatedir="${EPREFIX}"/var - -Dauthfw="$(usex pam pam shadow)" - -Dexamples=false - -Dgtk_doc=false - -Dman=true - -Dos_type=gentoo - -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" - -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" - $(meson_use introspection) - $(meson_use test tests) - $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') - ) - meson_src_configure -} - -src_compile() { - meson_src_compile - - # Required for polkitd on hardened/PaX due to spidermonkey's JIT - pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest -} - -src_install() { - meson_src_install - - if use examples ; then - docinto examples - dodoc src/examples/{*.c,*.policy*} - fi - - diropts -m 0700 -o polkitd - keepdir /usr/share/polkit-1/rules.d - - # meson does not install required files with SUID bit. See - # https://bugs.gentoo.org/816393 - # Remove the following lines once this has been fixed by upstream - # (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8) - fperms u+s /usr/bin/pkexec - fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1 -} - -pkg_postinst() { - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d -} diff --git a/sys-auth/polkit/polkit-0.120_p20220509.ebuild b/sys-auth/polkit/polkit-0.120_p20220509.ebuild index 5f6838c29981..0fedd4058792 100644 --- a/sys-auth/polkit/polkit-0.120_p20220509.ebuild +++ b/sys-auth/polkit/polkit-0.120_p20220509.ebuild @@ -22,7 +22,7 @@ fi LICENSE="LGPL-2" SLOT="0" -#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" IUSE="+duktape examples gtk +introspection kde pam selinux systemd test" if [[ ${PV} == *_p* ]] ; then RESTRICT="!test? ( test )" |