From 56bd759df1d0c750a065b8c845e93d5dfa6b549d Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Sat, 8 Aug 2015 13:49:04 -0700 Subject: proj/gentoo: Initial commit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson X-Thanks: Alec Warner - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring - wrote much python to improve cvs2svn X-Thanks: Rich Freeman - validation scripts X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed --- sys-auth/polkit/Manifest | 2 + ...dle-invalid-object-paths-in-RegisterAuthe.patch | 106 ++++++++++++++++++ sys-auth/polkit/metadata.xml | 11 ++ sys-auth/polkit/polkit-0.112-r2.ebuild | 121 ++++++++++++++++++++ sys-auth/polkit/polkit-0.112-r3.ebuild | 122 +++++++++++++++++++++ sys-auth/polkit/polkit-0.113.ebuild | 115 +++++++++++++++++++ 6 files changed, 477 insertions(+) create mode 100644 sys-auth/polkit/Manifest create mode 100644 sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch create mode 100644 sys-auth/polkit/metadata.xml create mode 100644 sys-auth/polkit/polkit-0.112-r2.ebuild create mode 100644 sys-auth/polkit/polkit-0.112-r3.ebuild create mode 100644 sys-auth/polkit/polkit-0.113.ebuild (limited to 'sys-auth/polkit') diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest new file mode 100644 index 000000000000..2add7c33efe9 --- /dev/null +++ b/sys-auth/polkit/Manifest @@ -0,0 +1,2 @@ +DIST polkit-0.112.tar.gz 1429240 SHA256 d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 SHA512 e4ad1bd287b38e5650cb94b1897a959b2ceaa6c19b4478ba872eacb13b58758fd42f6ab1718976162d823d850cd5c99b3ccadf1b57d75dea7790101422029d5f WHIRLPOOL af5dd0a17b7356302b0319e80565d6ac916128dfc85b6e2711147f3de86651f11fe8d08f3d6067d7abd24e263be92403f9d8f46935ba93db571e386a603a038a +DIST polkit-0.113.tar.gz 1448865 SHA256 e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81 SHA512 ab177c89a20eeb2978ddbe28afb205d3619f9c5defe833eb68a85e71a0f2c905367f1295cbbfb85da5eafdd661bce474d5d84aca9195cd425a18c9b4170eb5f9 WHIRLPOOL 106db7e6085a4ce49da44929138671eff2fd6007c80533518abe2d91ede9242b1e3cd0a1801190eeac5d4d5c1e978a30a18e47a6b604497b38853fa60c935a81 diff --git a/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch new file mode 100644 index 000000000000..5ceb2de5f9ed --- /dev/null +++ b/sys-auth/polkit/files/polkit-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch @@ -0,0 +1,106 @@ +From 9e074421d5623b6962dc66994d519012b40334b9 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Sat, 30 May 2015 09:06:23 -0400 +Subject: [PATCH] backend: Handle invalid object paths in + RegisterAuthenticationAgent + +Properly propagate the error, otherwise we dereference a `NULL` +pointer. This is a local, authenticated DoS. + +Reported-by: Tavis Ormandy +Signed-off-by: Colin Walters +--- + .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- + 1 file changed, 30 insertions(+), 23 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 59028d5..f45fdf1 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1551,36 +1551,42 @@ authentication_agent_new (PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +- GVariant *registration_options) ++ GVariant *registration_options, ++ GError **error) + { + AuthenticationAgent *agent; +- GError *error; ++ GDBusProxy *proxy; + +- agent = g_new0 (AuthenticationAgent, 1); ++ if (!g_variant_is_object_path (object_path)) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "Invalid object path '%s'", object_path); ++ return NULL; ++ } ++ ++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, ++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | ++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, ++ NULL, /* GDBusInterfaceInfo* */ ++ unique_system_bus_name, ++ object_path, ++ "org.freedesktop.PolicyKit1.AuthenticationAgent", ++ NULL, /* GCancellable* */ ++ error); ++ if (proxy == NULL) ++ { ++ g_prefix_error (error, "Failed to construct proxy for agent: " ); ++ return NULL; ++ } + ++ agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; +- +- error = NULL; +- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, +- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | +- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, +- NULL, /* GDBusInterfaceInfo* */ +- agent->unique_system_bus_name, +- agent->object_path, +- "org.freedesktop.PolicyKit1.AuthenticationAgent", +- NULL, /* GCancellable* */ +- &error); +- if (agent->proxy == NULL) +- { +- g_warning ("Error constructing proxy for agent: %s", error->message); +- g_error_free (error); +- /* TODO: Make authentication_agent_new() return NULL and set a GError */ +- } ++ agent->proxy = proxy; + + return agent; + } +@@ -2383,8 +2389,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + caller_cmdline = NULL; + agent = NULL; + +- /* TODO: validate that object path is well-formed */ +- + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + +@@ -2471,7 +2475,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +- options); ++ options, ++ error); ++ if (!agent) ++ goto out; + + g_hash_table_insert (priv->hash_scope_to_authentication_agent, + g_object_ref (subject), +-- +1.8.3.1 + diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml new file mode 100644 index 000000000000..d553f2f472c3 --- /dev/null +++ b/sys-auth/polkit/metadata.xml @@ -0,0 +1,11 @@ + + + + freedesktop + + freedesktop-bugs@gentoo.org + + + Use sys-apps/systemd instead of sys-auth/consolekit for session tracking + + diff --git a/sys-auth/polkit/polkit-0.112-r2.ebuild b/sys-auth/polkit/polkit-0.112-r2.ebuild new file mode 100644 index 000000000000..246898ea6106 --- /dev/null +++ b/sys-auth/polkit/polkit-0.112-r2.ebuild @@ -0,0 +1,121 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils multilib pam pax-utils systemd user + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit" +SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86" +IUSE="examples gtk +introspection jit kde nls pam selinux systemd" + +CDEPEND=" + ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) + hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) + mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) + !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) ) + >=dev-libs/glib-2.32 + >=dev-libs/expat-2:= + introspection? ( >=dev-libs/gobject-introspection-1 ) + pam? ( + sys-auth/pambase + virtual/pam + ) + systemd? ( sys-apps/systemd:0= )" +DEPEND="${CDEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + dev-util/intltool + virtual/pkgconfig" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + lxde-base/lxpolkit + ) ) + kde? ( || ( + kde-plasma/polkit-kde-agent + sys-auth/polkit-kde-agent + ) ) + !systemd? ( sys-auth/consolekit[policykit] )" + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd" + +pkg_setup() { + local u=polkitd + local g=polkitd + local h=/var/lib/polkit-1 + + enewgroup ${g} + enewuser ${u} -1 -1 ${h} ${g} + esethome ${u} ${h} +} + +src_prepare() { + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 +} + +src_configure() { + econf \ + --localstatedir="${EPREFIX}"/var \ + --disable-static \ + --enable-man-pages \ + --disable-gtk-doc \ + $(use_enable systemd libsystemd-login) \ + $(use_enable introspection) \ + --disable-examples \ + $(use_enable nls) \ + $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \ + "$(systemd_with_unitdir)" \ + --with-authfw=$(usex pam pam shadow) \ + $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \ + --with-os-type=gentoo +} + +src_compile() { + default + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest' + local m='' + # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910 + has_version 'dev-lang/spidermonkey:17[jit]' && m='m' + # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags + use hppa && m='mr' + use ia64 && m='mr' + use mips && m='mr' + [ -n "$m" ] && pax-mark ${m} ${f} +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc docs/TODO HACKING NEWS README + + fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d + + diropts -m0700 -o polkitd -g polkitd + keepdir /var/lib/polkit-1 + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins src/examples/{*.c,*.policy*} + fi + + prune_libtool_files +} + +pkg_postinst() { + chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1 +} diff --git a/sys-auth/polkit/polkit-0.112-r3.ebuild b/sys-auth/polkit/polkit-0.112-r3.ebuild new file mode 100644 index 000000000000..873670c90a8d --- /dev/null +++ b/sys-auth/polkit/polkit-0.112-r3.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils multilib pam pax-utils systemd user + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit" +SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86" +IUSE="examples gtk +introspection jit kde nls pam selinux systemd" + +CDEPEND=" + ia64? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) + hppa? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) + mips? ( =dev-lang/spidermonkey-1.8.5*[-debug] ) + !hppa? ( !ia64? ( !mips? ( dev-lang/spidermonkey:17[-debug,jit=] ) ) ) + >=dev-libs/glib-2.32 + >=dev-libs/expat-2:= + introspection? ( >=dev-libs/gobject-introspection-1 ) + pam? ( + sys-auth/pambase + virtual/pam + ) + systemd? ( sys-apps/systemd:0= )" +DEPEND="${CDEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + dev-util/intltool + virtual/pkgconfig" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + lxde-base/lxpolkit + ) ) + kde? ( || ( + kde-plasma/polkit-kde-agent + sys-auth/polkit-kde-agent + ) ) + !systemd? ( sys-auth/consolekit[policykit] )" + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd" + +pkg_setup() { + local u=polkitd + local g=polkitd + local h=/var/lib/polkit-1 + + enewgroup ${g} + enewuser ${u} -1 -1 ${h} ${g} + esethome ${u} ${h} +} + +src_prepare() { + epatch "${FILESDIR}/${PN}-0.112-0001-backend-Handle-invalid-object-paths-in-RegisterAuthe.patch" # bug 551316 + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 +} + +src_configure() { + econf \ + --localstatedir="${EPREFIX}"/var \ + --disable-static \ + --enable-man-pages \ + --disable-gtk-doc \ + $(use_enable systemd libsystemd-login) \ + $(use_enable introspection) \ + --disable-examples \ + $(use_enable nls) \ + $(if use hppa || use ia64 || use mips; then echo --with-mozjs=mozjs185; else echo --with-mozjs=mozjs-17.0; fi) \ + "$(systemd_with_unitdir)" \ + --with-authfw=$(usex pam pam shadow) \ + $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \ + --with-os-type=gentoo +} + +src_compile() { + default + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + local f='src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest' + local m='' + # Only used when USE="jit" is enabled for 'dev-lang/spidermonkey:17' wrt #485910 + has_version 'dev-lang/spidermonkey:17[jit]' && m='m' + # hppa, ia64 and mips uses spidermonkey-1.8.5 which requires different pax-mark flags + use hppa && m='mr' + use ia64 && m='mr' + use mips && m='mr' + [ -n "$m" ] && pax-mark ${m} ${f} +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc docs/TODO HACKING NEWS README + + fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d + + diropts -m0700 -o polkitd -g polkitd + keepdir /var/lib/polkit-1 + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins src/examples/{*.c,*.policy*} + fi + + prune_libtool_files +} + +pkg_postinst() { + chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1 +} diff --git a/sys-auth/polkit/polkit-0.113.ebuild b/sys-auth/polkit/polkit-0.113.ebuild new file mode 100644 index 000000000000..5cce334f84b3 --- /dev/null +++ b/sys-auth/polkit/polkit-0.113.ebuild @@ -0,0 +1,115 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit eutils multilib pam pax-utils systemd user + +DESCRIPTION="Policy framework for controlling privileges for system-wide services" +HOMEPAGE="http://www.freedesktop.org/wiki/Software/polkit" +SRC_URI="http://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz" + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="examples gtk +introspection jit kde nls pam selinux systemd test" + +CDEPEND=" + dev-lang/spidermonkey:0/mozjs185[-debug] + >=dev-libs/glib-2.32:2 + >=dev-libs/expat-2:= + introspection? ( >=dev-libs/gobject-introspection-1:= ) + pam? ( + sys-auth/pambase + virtual/pam + ) + systemd? ( sys-apps/systemd:0= ) +" +DEPEND="${CDEPEND} + app-text/docbook-xml-dtd:4.1.2 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + dev-util/gtk-doc-am + dev-util/intltool + virtual/pkgconfig +" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-policykit ) +" +PDEPEND=" + gtk? ( || ( + >=gnome-extra/polkit-gnome-0.105 + lxde-base/lxpolkit + ) ) + kde? ( || ( + kde-plasma/polkit-kde-agent + sys-auth/polkit-kde-agent + ) ) + !systemd? ( sys-auth/consolekit[policykit] ) +" + +QA_MULTILIB_PATHS=" + usr/lib/polkit-1/polkit-agent-helper-1 + usr/lib/polkit-1/polkitd" + +pkg_setup() { + local u=polkitd + local g=polkitd + local h=/var/lib/polkit-1 + + enewgroup ${g} + enewuser ${u} -1 -1 ${h} ${g} + esethome ${u} ${h} +} + +src_prepare() { + sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513 +} + +src_configure() { + econf \ + --localstatedir="${EPREFIX}"/var \ + --disable-static \ + --enable-man-pages \ + --disable-gtk-doc \ + $(use_enable systemd libsystemd-login) \ + $(use_enable introspection) \ + --disable-examples \ + $(use_enable nls) \ + --with-mozjs=mozjs185 \ + "$(systemd_with_unitdir)" \ + --with-authfw=$(usex pam pam shadow) \ + $(use pam && echo --with-pam-module-dir="$(getpam_mod_dir)") \ + $(use_enable test) \ + --with-os-type=gentoo +} + +src_compile() { + default + + # Required for polkitd on hardened/PaX due to spidermonkey's JIT + pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc docs/TODO HACKING NEWS README + + fowners -R polkitd:root /{etc,usr/share}/polkit-1/rules.d + + diropts -m0700 -o polkitd -g polkitd + keepdir /var/lib/polkit-1 + + if use examples; then + insinto /usr/share/doc/${PF}/examples + doins src/examples/{*.c,*.policy*} + fi + + prune_libtool_files +} + +pkg_postinst() { + chown -R polkitd:root "${EROOT}"/{etc,usr/share}/polkit-1/rules.d + chown -R polkitd:polkitd "${EROOT}"/var/lib/polkit-1 +} -- cgit v1.2.3-65-gdbad