pax-mark polkitd to fix crashes on hardened/PaX systems.

Package-Manager: portage-2.2.0_alpha112/cvs/Linux x86_64
author: Alexandre Rostovtsev <tetromino@gentoo.org> 2012-06-25 09:32:04 +0000
committer: Alexandre Rostovtsev <tetromino@gentoo.org> 2012-06-25 09:32:04 +0000
commit: 6a8ecf39601e405cd4aeb7272b161c270c6d8318 (patch)
tree: 55561a37c92185a2db722a6cf9ec591d1af194af /sys-auth/polkit
parent: Version bump. The new version fixes build with new iproute2 (bug #423373). (diff)
download: historical-6a8ecf39601e405cd4aeb7272b161c270c6d8318.tar.gz
historical-6a8ecf39601e405cd4aeb7272b161c270c6d8318.tar.bz2
historical-6a8ecf39601e405cd4aeb7272b161c270c6d8318.zip
3 files changed, 127 insertions, 9 deletions
diff --git a/sys-auth/polkit/ChangeLog b/sys-auth/polkit/ChangeLog
index e7fb059d6803..c4629a40ceb9 100644
--- a/sys-auth/polkit/ChangeLog
+++ b/sys-auth/polkit/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sys-auth/polkit
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.86 2012/06/23 04:01:20 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/ChangeLog,v 1.87 2012/06/25 09:32:04 tetromino Exp $
+
+*polkit-0.106-r3 (25 Jun 2012)
+
+  25 Jun 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
+  +polkit-0.106-r3.ebuild:
+  pax-mark polkitd to fix crashes on hardened/PaX systems.
 
   23 Jun 2012; Samuli Suominen <ssuominen@gentoo.org> polkit-0.106-r2.ebuild:
   Convert pkg_postinst() message about polkitd home directory to new
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index b8e47db2e9ce..ab24c6f1e304 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -7,16 +7,17 @@ DIST polkit-0.106.tar.gz 1381428 RMD160 6fa79aaa4e67e072d16860f1a242b053cc311bc3
 EBUILD polkit-0.104-r1.ebuild 3548 RMD160 e056d1186192d865a610ebe1250e8adf9250eed7 SHA1 1a7cec206005fdb8985fc308f16bbe6f76b45c34 SHA256 a038cdfd2381bd5ddbd6cf4feef8a3aaa126b4e80a6205979538c9ebcbf0b9a0
 EBUILD polkit-0.105.ebuild 2194 RMD160 7f46dccee0326480a5c1c2fd276df48553abd630 SHA1 f41f0393be142066d39d52994f7f29f52c336f2c SHA256 15339d2d61f350eec88ad0fd90cec401df45106fc2ee52ee7b8b051103a5279e
 EBUILD polkit-0.106-r2.ebuild 2944 RMD160 692481f847aff6601a3468e938bff3334698ef8c SHA1 4fe3ae9cea9a1494d9575ede92197ee1b4301682 SHA256 f17b750e069cff665a55072c6a3ef964ddb7a37864f1d9f49e1bfc3b67aae0bb
-MISC ChangeLog 11612 RMD160 2184afe40734eaa33c89a1c388a0d105dbca5e75 SHA1 7f28a7b7fbe6d534d7f273e229d32a04a9064c78 SHA256 9f5686ffd8a4abeab7f9e7814e6ff6f13c00872a27d0204ed6962ca9e06be20b
+EBUILD polkit-0.106-r3.ebuild 3066 RMD160 18ef1dfed87b146c977ac3e8d40545ed83e9a2e3 SHA1 4641692d6a936966ba2beead438f2371f2e1b2be SHA256 97887b7820e97d15827df50b47348aa1d12aeeae8b0f7f0c74561a0f02973f9c
+MISC ChangeLog 11790 RMD160 aba3b3f69b9238d3038b05ad8bcc9bc4d9a62b23 SHA1 811278ba40af831262c80864f2b4b23f22d3876f SHA256 7e4a016b9aacc2cf594287b4cdf0dee073490e0cf2ee656de63097540d5fb3ce
 MISC metadata.xml 516 RMD160 0c65650680494cadd548ec430b11facf2cc28912 SHA1 092816617aa2ab7a9047298b6752b82bbab33520 SHA256 be8c8239fecd14fd1a9c1dee11ccb98b1188aceacf6ea58233a0f958ab648aba
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.19 (GNU/Linux)
 
-iQEcBAEBAgAGBQJP5T5wAAoJEEdUh39IaPFNs2cIAJOMox/WTkT3H3tSRiEIe8Ir
-dfVekX/yj8JvtOwsjfBITyWuPXiDCSxfjHMqMUJy0GweveTQC6w+1Xf9V/r9sEYE
-2rTU+Ov3ooQAiyK48bXQgbs8BOU/uTlJvW/poGEzT9jZj7adCCBAuHXAa2G8drss
-lyvBj7kQwd6wDmGO5sckwodXfQrFWIm+0qNpVmw8xCTLdSPuRYh+AC2oqBwjbQXY
-m0Xx3AuerY0Ft3lkv/Ocz8JCExjmr/9970ECJioUUrEgDzFcVUz/BexYv/wxUZhf
-khVfczYwa5B5/mPzdZXM/Z4DracdVgP/CvrlDwZx9/FElKWO5yEXfre4Drq4Fxs=
-=qUy7
+iQEcBAEBAgAGBQJP6DAhAAoJEJ0WA1zPCt1htwcH/17xJ7t0yUYYZ8l2DqIx5kHN
+cR2owswurD2B9mJLjcDjJ+inWaHN/DpFkXZ8NRh59D1oug6CvkoG7kTvY4Vb/BNC
+47aOyc/JEB3qa0NLziGnU34u26ECGlxFZa06HgbOZ362uQd7zHr183hAVThTPimd
+miy3TvnHdGJS8KBdyJaybDcPVlKBPBob9oSUR5/+RcNPS5CE+1l7oI9+Si0gnM1f
+tdK1ZZ9zWyyLa8oIQV5eF74tjxreu132FEFnyx+7GpZ8XZapHfBocg1UF09Yblz8
+HjoTtFgA8P3aE8Q5eDneNc60QCcNpg1g54kPvEekNairh0tP7qsP7Af4U+gzQH4=
+=wN+H
 -----END PGP SIGNATURE-----
diff --git a/sys-auth/polkit/polkit-0.106-r3.ebuild b/sys-auth/polkit/polkit-0.106-r3.ebuild
new file mode 100644
index 000000000000..5859819a0f91
--- /dev/null
+++ b/sys-auth/polkit/polkit-0.106-r3.ebuild
@@ -0,0 +1,111 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/polkit/polkit-0.106-r3.ebuild,v 1.1 2012/06/25 09:32:04 tetromino Exp $
+
+EAPI=4
+inherit eutils pam pax-utils systemd user
+
+DESCRIPTION="Policy framework for controlling privileges for system-wide services"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit"
+SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz"
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="debug examples gtk +introspection kde nls pam systemd"
+
+RDEPEND=">=dev-lang/spidermonkey-1.8.5
+	>=dev-libs/glib-2.32
+	>=dev-libs/expat-2
+	introspection? ( >=dev-libs/gobject-introspection-1 )
+	pam? (
+		sys-auth/pambase
+		virtual/pam
+		)
+	systemd? ( sys-apps/systemd )"
+DEPEND="${RDEPEND}
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt
+	dev-util/intltool
+	virtual/pkgconfig"
+PDEPEND="
+	gtk? ( || (
+		>=gnome-extra/polkit-gnome-0.105
+		lxde-base/lxpolkit
+		) )
+	kde? ( sys-auth/polkit-kde-agent )
+	pam? (
+		systemd? ( sys-auth/pambase[systemd] )
+		!systemd? ( sys-auth/pambase[consolekit] )
+		)
+	!systemd? ( >=sys-auth/consolekit-0.4.5_p2012[policykit] )"
+
+DOCS="docs/TODO HACKING NEWS README"
+
+pkg_setup() {
+	local u=polkitd
+	local g=polkitd
+	local h=/var/lib/polkit-1
+
+	enewgroup ${g}
+	enewuser ${u} -1 -1 ${h} ${g}
+	esethome ${u} ${h}
+}
+
+src_prepare() {
+	sed -i -e '/unix-group/s:wheel:adm:' src/polkitbackend/*-default.rules || die #401513
+
+	has_version ">=dev-lang/spidermonkey-1.8.7" && { sed -i -e '/mozjs/s:185:187:g' configure || die; }
+}
+
+src_configure() {
+	local myconf="--with-authfw=shadow"
+	use pam && \
+		myconf="--with-authfw=pam --with-pam-module-dir=$(getpam_mod_dir) --with-pam-include=system-local-login"
+
+	econf \
+		--localstatedir="${EPREFIX}"/var \
+		--disable-static \
+		$(use_enable debug verbose-mode) \
+		--enable-man-pages \
+		--disable-gtk-doc \
+		$(use_enable systemd libsystemd-login) \
+		$(use_enable introspection) \
+		--disable-examples \
+		$(use_enable nls) \
+		--with-os-type=gentoo \
+		"$(systemd_with_unitdir)" \
+		${myconf}
+}
+
+src_install() {
+	default
+
+	fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d
+
+	prune_libtool_files
+
+	diropts -m0700 -o polkitd -g polkitd
+	keepdir /var/lib/polkit-1
+
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		doins src/examples/{*.c,*.policy*}
+	fi
+
+	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
+	pax-mark mr "${ED}usr/lib/polkit-1/polkitd"
+}
+
+pkg_postinst() {
+	chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
+	chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1
+
+	echo
+	ewarn "The default administrator unix-group was changed from \"wheel\" to"
+	ewarn "\"adm\", see *-default.rules in /etc/polkit-1/rules.d"
+	ewarn "Users of unix-group \"adm\" can run, for example, \"pkexec /bin/sh\""
+	ewarn "to gain root shell without root password."
+	ewarn "For more information, see http://bugs.gentoo.org/401513"
+}
author	Alexandre Rostovtsev <tetromino@gentoo.org>	2012-06-25 09:32:04 +0000
committer	Alexandre Rostovtsev <tetromino@gentoo.org>	2012-06-25 09:32:04 +0000
commit	6a8ecf39601e405cd4aeb7272b161c270c6d8318 (patch)
tree	55561a37c92185a2db722a6cf9ec591d1af194af /sys-auth/polkit
parent	Version bump. The new version fixes build with new iproute2 (bug #423373). (diff)
download	historical-6a8ecf39601e405cd4aeb7272b161c270c6d8318.tar.gz historical-6a8ecf39601e405cd4aeb7272b161c270c6d8318.tar.bz2 historical-6a8ecf39601e405cd4aeb7272b161c270c6d8318.zip