summaryrefslogtreecommitdiff
path: root/sys-auth
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2024-11-10 21:02:07 +0000
committerV3n3RiX <venerix@koprulu.sector>2024-11-10 21:02:07 +0000
commit0ca3f86640e2f1f361da895b997c43bac22090a1 (patch)
tree029b42e7b1425ce16f4299635e5caad713501ead /sys-auth
parentbe94ae04eee564451203d45977c2ef7c7ace1580 (diff)
gentoo auto-resync : 10:11:2024 - 21:02:06
Diffstat (limited to 'sys-auth')
-rw-r--r--sys-auth/Manifest.gzbin9099 -> 9098 bytes
-rw-r--r--sys-auth/polkit/Manifest4
-rw-r--r--sys-auth/polkit/files/polkit-123-mozjs-JIT.patch36
-rw-r--r--sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch35
-rw-r--r--sys-auth/polkit/polkit-123-r1.ebuild159
5 files changed, 234 insertions, 0 deletions
diff --git a/sys-auth/Manifest.gz b/sys-auth/Manifest.gz
index 858e45ce5ddd..3ba07fcea9a8 100644
--- a/sys-auth/Manifest.gz
+++ b/sys-auth/Manifest.gz
Binary files differ
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index de46dc375e03..2ddfa1d1f0b7 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,10 +1,14 @@
AUX 8cf58abef12e61f369af3f583af349b0e086ba27.patch 2846 BLAKE2B 8763c07ed1d8601b1deb6cbd9400f976bd8656e640854c8c02077b7bce7dd52fc77ac4af779675e6bbfa5f24396f9b4cb3cdba5151a24323539e5d99fbdb2135 SHA512 2b6f4cc64d3ec38b024950dc08ff7beeb6483a7f50cb0dd8b14926fd2b826c4752b4032da5a5d7e0543b792bce70b25fa95a7c37a1229d903f374810deae4670
+AUX polkit-123-mozjs-JIT.patch 1000 BLAKE2B 8754b7647923280842f06228d93ad2d48381e1b72792f519eceaf8021176268e13b153e11e8fe7c6b231293bd0e7c5010235df15b4c52df7043f6ad0092617fe SHA512 0e892643e400e625f13fe6fe5255190c41bb6d4a6d2d8fa8e9e6d65a2749712f86e80c089d569dafb728dbf354b1861fb53b72b85983d4904c219634b0e66415
+AUX polkit-123-pkexec-uninitialized.patch 1118 BLAKE2B a6abfa5a67612c305823d43fc33332d4c58cef676a8e92f51e702861ac986092f50acc641b1fb0c0e020ce6ad33a971d9332b53f6db3cf7e49c1e580e3bec418 SHA512 90c62d553f84b4fa4f1a9fe30e12596b5214b7db52576b9de3fdb7ae2bd7299e38e8bf4a2eb2f43b23464f9750b31cd2e62d6185082fa24a25a4de1fdf4d038c
AUX polkit-124-c99-fixes.patch 3663 BLAKE2B d3820081c0215e37855045a1e1efe4da77ef17820f115a43984f37100533f0b2fbbf80cf41f508e2d63dfeeaa4ed782246d78a267cea32bc9e2ea4c9db4f8150 SHA512 6994c5ae05067ed12fbbf7e035434c8d856848e53ffc687aca568a05077600fc55857f33a289b7ff96bcab34423729806c0ad1c02f62dafa2cd07f9bdfd2e18a
AUX polkit-124-systemd-fixup.patch 1571 BLAKE2B e9f03f0239a4af15a05a8a83749f2da50c7457849d5f170556e3ca0e8c47ec9a90359a77a8255932b3843b8d50bedf1e07472cd1e33ba1cc76a7d2b5aa0560fd SHA512 b938ac6f4de8a2e2cc799c3fcaeca7f3d4f62f14868b0281329b3b102f8cc6d7474c96ed9a16e0197ef30db229df53e7287b816ecd16efce5f00fb2783cb049b
AUX polkit-124-systemd.patch 2483 BLAKE2B 3323abefac5adff5046d7756ba19d87b9206baecce4937de6b29ca2e12025c173d503e2f6bc9274147f16a333b1dd46a3d089645708d051f7cdb59a52705dcae SHA512 97622cd525e6706e82aad8bb63f8721ae22f3da47727797556b468b9f01417f78a3c52733582c5f40ba5196261faa7a0aff1da4326baf57d9d8d470d88b2a538
AUX polkit-125-musl.patch 1838 BLAKE2B 61615adbbd75e1cae40dfeafdf8f2cdd2423629074ae2fa0218c7b7ff1bd10d00d5649ff25e85ba4df2052245d7f1bc0e6877cbec96fe8dfd8c1fb09957f3b36 SHA512 4e6edca7a993519a4f8ad757f4efa88145f66792bb929241e7a098270478e512623b3eb5d2bf2cc0013f0e512e1d59334d398f19717055c864ed9574dd27b454
+DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6
DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc
DIST polkit-125.tar.gz 453652 BLAKE2B 068bd4a7c028a0b4e026a0fdc3a60bd323087282a5c5bd7cbc404dbedb997de63893ce2282e8cd5f01f8d98ff0cc1a46200543a832fa397a4f50ef8d6ba2b28b SHA512 64d85c1557355d6de6483beeb855b74a99dbb30cf9968206dc0aaf147156072ca2604bf667533099ee3972b3eed0421ec0a1ff8bea35a1e4c54da7b9688e0953
+EBUILD polkit-123-r1.ebuild 3992 BLAKE2B a619bb72c9047a54c8bbc342e43310ca0f5a4f885b7e6b73ae354fbcdc95919bb850ddecc7b54bccfe5bbef3880723ea34765d351ba6d28d41e9fab329e9f600 SHA512 0478d625f3d892655624bce05ff22a5370a4098f7e5585365c1e30c88454546af0da107d9d9ef79707ce34c0e189ee10ef1135fd93deeba97ff21074da164a3a
EBUILD polkit-124-r1.ebuild 3906 BLAKE2B 12fe0c0be38f8ab2edc577edaf46a580d46ffcc8f6992b6e06ef368ee81534d058d771cd39b8ba5eab35ab475e5e7d36e16b2bf2c2095db45c908fc370a9a591 SHA512 f799e4ffe69a32c96847e4b4b0862684118144002305cd3f005565e0860d224d073ecb64c7a9d699012185dc4e8434d984f71304461c269dd8c9b64d5874024d
EBUILD polkit-125-r1.ebuild 3948 BLAKE2B 6093ffdcdc548752c6f0c0e81b31d821b70ecc6f905bf1f17476a67d5575ad9e971f98b940799d4077150ac222c5ad127598282f7b540e45b31be05813047249 SHA512 ef66cc1c9c50f902befb51d9a60d7148a3dad96626d862d18cf47e158d1f92e125d05804410c87720d32ca716cdeb80e7ac1bb73db87531a1c3bd0ba24e3ad6a
EBUILD polkit-125.ebuild 3858 BLAKE2B 0f2abe9840da2f1853a7ad76aa4d318fa6667c63f015d19c5052c38d3b3408c91cc455c57f2eeaecbfa01bcf7bdff0be105a1385c7df5dec2959e9f1d616f3cb SHA512 69815752e060e6a193248cad74168bf334526121ed0beacdf70aacbb86c2b41aae79f8e3342cea92e560db10102b498c2d11c4e3b5e3a80cbcfa1478577a1a65
diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
new file mode 100644
index 000000000000..5b3f2c4a3641
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch
@@ -0,0 +1,36 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
+
+From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Sat, 29 Jul 2023 17:44:58 +0800
+Subject: [PATCH] jsauthority: mozjs: Disable JIT
+
+The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
+setting does not allow it.
+
+For polkit, security is much more important than the speed running
+Javascript code in rule files, so we should disable JIT.
+
+Fixes #199.
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -56,7 +56,16 @@
+ static class JsInitHelperType
+ {
+ public:
+- JsInitHelperType() { JS_Init(); }
++ JsInitHelperType()
++ {
++ /* Disable JIT because it needs W/X mapping, which is not allowed by
++ * our systemd hardening setting.
++ */
++ JS::DisableJitBackend();
++
++ JS_Init();
++ }
++
+ ~JsInitHelperType() { JS_ShutDown(); }
+ } JsInitHelper;
+
+--
+GitLab
diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
new file mode 100644
index 000000000000..f19560943c43
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch
@@ -0,0 +1,35 @@
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d
+
+From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001
+From: Vincent Mihalkovic <vmihalko@redhat.com>
+Date: Wed, 16 Aug 2023 08:59:55 +0000
+Subject: [PATCH] pkexec: fix uninitialized pointer warning
+
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -53,6 +53,7 @@
+ static gchar *original_user_name = NULL;
+ static gchar *original_cwd;
+ static gchar *command_line = NULL;
++static gchar *cmdline_short = NULL;
+ static struct passwd *pw;
+
+ #ifndef HAVE_CLEARENV
+@@ -508,6 +509,7 @@ main (int argc, char *argv[])
+ path = NULL;
+ exec_argv = NULL;
+ command_line = NULL;
++ cmdline_short = NULL;
+ opt_user = NULL;
+ local_agent_handle = NULL;
+
+@@ -802,7 +804,6 @@ main (int argc, char *argv[])
+ polkit_details_insert (details, "program", path);
+ polkit_details_insert (details, "command_line", command_line);
+
+- gchar *cmdline_short = NULL;
+ cmdline_short = g_strdup(command_line);
+ if (strlen(command_line) > 80)
+ g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ),
+--
+GitLab
diff --git a/sys-auth/polkit/polkit-123-r1.ebuild b/sys-auth/polkit/polkit-123-r1.ebuild
new file mode 100644
index 000000000000..c80be20754d2
--- /dev/null
+++ b/sys-auth/polkit/polkit-123-r1.ebuild
@@ -0,0 +1,159 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..11} )
+inherit meson pam pax-utils python-any-r1 systemd xdg-utils
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit"
+if [[ ${PV} == *_p* ]] ; then
+ # Upstream don't make releases very often. Test snapshots throughly
+ # and review commits, but don't shy away if there's useful stuff there
+ # we want.
+ MY_COMMIT=""
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2"
+
+ S="${WORKDIR}"/${PN}-${MY_COMMIT}
+else
+ SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2"
+fi
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+IUSE="+daemon examples gtk +introspection kde pam selinux systemd test"
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction
+RESTRICT="!test? ( test ) test"
+
+# This seems to be fixed with 121?
+#if [[ ${PV} == *_p* ]] ; then
+# RESTRICT="!test? ( test )"
+#else
+# # Tests currently don't work with meson in the dist tarballs. See
+# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144
+# RESTRICT="test"
+#fi
+
+BDEPEND="
+ acct-user/polkitd
+ app-text/docbook-xml-dtd:4.1.2
+ app-text/docbook-xsl-stylesheets
+ dev-libs/glib
+ dev-libs/gobject-introspection-common
+ dev-libs/libxslt
+ dev-util/glib-utils
+ sys-devel/gettext
+ virtual/pkgconfig
+ introspection? ( >=dev-libs/gobject-introspection-0.6.2 )
+ test? (
+ $(python_gen_any_dep '
+ dev-python/dbus-python[${PYTHON_USEDEP}]
+ dev-python/python-dbusmock[${PYTHON_USEDEP}]
+ ')
+ )
+"
+DEPEND="
+ >=dev-libs/glib-2.32:2
+ dev-libs/expat
+ daemon? ( dev-lang/duktape:= )
+ pam? (
+ sys-auth/pambase
+ sys-libs/pam
+ )
+ !pam? ( virtual/libcrypt:= )
+ systemd? ( sys-apps/systemd:0=[policykit] )
+ !systemd? ( sys-auth/elogind )
+"
+RDEPEND="
+ ${DEPEND}
+ acct-user/polkitd
+ selinux? ( sec-policy/selinux-policykit )
+"
+PDEPEND="
+ gtk? ( || (
+ >=gnome-extra/polkit-gnome-0.105
+ >=lxde-base/lxsession-0.5.2
+ ) )
+ kde? ( kde-plasma/polkit-kde-agent )
+"
+
+DOCS=( docs/TODO HACKING.md NEWS.md README.md )
+
+QA_MULTILIB_PATHS="
+ usr/lib/polkit-1/polkit-agent-helper-1
+ usr/lib/polkit-1/polkitd
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-mozjs-JIT.patch
+ "${FILESDIR}"/${P}-pkexec-uninitialized.patch
+)
+
+python_check_deps() {
+ python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" &&
+ python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # bug #401513
+ sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die
+}
+
+src_configure() {
+ xdg_environment_reset
+
+ local emesonargs=(
+ --localstatedir="${EPREFIX}"/var
+ -Dauthfw="$(usex pam pam shadow)"
+ -Dexamples=false
+ -Dgtk_doc=false
+ -Dman=true
+ -Dos_type=gentoo
+ -Dsession_tracking="$(usex systemd libsystemd-login libelogind)"
+ -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)"
+ -Djs_engine=duktape
+ $(meson_use !daemon libs-only)
+ $(meson_use introspection)
+ $(meson_use test tests)
+ $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '')
+ )
+ meson_src_configure
+}
+
+src_compile() {
+ meson_src_compile
+
+ # Required for polkitd on hardened/PaX due to spidermonkey's JIT
+ pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
+}
+
+src_install() {
+ meson_src_install
+
+ if use examples ; then
+ docinto examples
+ dodoc src/examples/{*.c,*.policy*}
+ fi
+
+ if use daemon; then
+ if [[ ${EUID} == 0 ]]; then
+ diropts -m 0700 -o polkitd
+ fi
+ keepdir /etc/polkit-1/rules.d
+ fi
+}
+
+pkg_postinst() {
+ if use daemon && [[ ${EUID} == 0 ]]; then
+ chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+ fi
+}