diff options
Diffstat (limited to 'sys-auth')
-rw-r--r-- | sys-auth/polkit/Manifest | 1 | ||||
-rw-r--r-- | sys-auth/polkit/files/polkit-123-mozjs-JIT.patch | 36 | ||||
-rw-r--r-- | sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch | 35 | ||||
-rw-r--r-- | sys-auth/polkit/polkit-123.ebuild | 162 |
4 files changed, 0 insertions, 234 deletions
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest index 811483f2c10c..a77359f0513e 100644 --- a/sys-auth/polkit/Manifest +++ b/sys-auth/polkit/Manifest @@ -1,3 +1,2 @@ -DIST polkit-123.tar.bz2 707480 BLAKE2B 27d8764606d8156118269fb4cd5eda1cfd0d56df219e4157cd78fd4c2a2d001c474271b7bb31e7e82ca376eacd26411418695058cc888700690606348b4d014a SHA512 4306363d3ed7311243de462832199bd10ddda35e36449104daff0895725d8189b07a4c88340f28607846fdf761c23470da2d43288199c46aa816426384124bb6 DIST polkit-124.tar.bz2 715490 BLAKE2B ecfc1ec73a7e1bbdf7374642ad4e1dbe534149a27e75bb1235eaa446ff912466ee0cdd978c34b7f110bc62a49b25ffddc9011e280686e3f304a234454be85a40 SHA512 db520882b0bedf1c96052570bf4c55d7e966d8172f6d26acf0791d98c4b911fce5ee39e6d830f06122ac8df33c6b43c252cdb7ba3a54523804824ebf355405dc DIST polkit-125.tar.gz 453652 BLAKE2B 068bd4a7c028a0b4e026a0fdc3a60bd323087282a5c5bd7cbc404dbedb997de63893ce2282e8cd5f01f8d98ff0cc1a46200543a832fa397a4f50ef8d6ba2b28b SHA512 64d85c1557355d6de6483beeb855b74a99dbb30cf9968206dc0aaf147156072ca2604bf667533099ee3972b3eed0421ec0a1ff8bea35a1e4c54da7b9688e0953 diff --git a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch b/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch deleted file mode 100644 index 5b3f2c4a3641..000000000000 --- a/sys-auth/polkit/files/polkit-123-mozjs-JIT.patch +++ /dev/null @@ -1,36 +0,0 @@ -https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb - -From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao <xry111@xry111.site> -Date: Sat, 29 Jul 2023 17:44:58 +0800 -Subject: [PATCH] jsauthority: mozjs: Disable JIT - -The JIT compiling of mozjs needs W/X mapping, but our systemd hardening -setting does not allow it. - -For polkit, security is much more important than the speed running -Javascript code in rule files, so we should disable JIT. - -Fixes #199. ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -56,7 +56,16 @@ - static class JsInitHelperType - { - public: -- JsInitHelperType() { JS_Init(); } -+ JsInitHelperType() -+ { -+ /* Disable JIT because it needs W/X mapping, which is not allowed by -+ * our systemd hardening setting. -+ */ -+ JS::DisableJitBackend(); -+ -+ JS_Init(); -+ } -+ - ~JsInitHelperType() { JS_ShutDown(); } - } JsInitHelper; - --- -GitLab diff --git a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch b/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch deleted file mode 100644 index f19560943c43..000000000000 --- a/sys-auth/polkit/files/polkit-123-pkexec-uninitialized.patch +++ /dev/null @@ -1,35 +0,0 @@ -https://gitlab.freedesktop.org/polkit/polkit/-/commit/c79ee5595c8d397098978ad50eb521ba2ae8467d - -From c79ee5595c8d397098978ad50eb521ba2ae8467d Mon Sep 17 00:00:00 2001 -From: Vincent Mihalkovic <vmihalko@redhat.com> -Date: Wed, 16 Aug 2023 08:59:55 +0000 -Subject: [PATCH] pkexec: fix uninitialized pointer warning - ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -53,6 +53,7 @@ - static gchar *original_user_name = NULL; - static gchar *original_cwd; - static gchar *command_line = NULL; -+static gchar *cmdline_short = NULL; - static struct passwd *pw; - - #ifndef HAVE_CLEARENV -@@ -508,6 +509,7 @@ main (int argc, char *argv[]) - path = NULL; - exec_argv = NULL; - command_line = NULL; -+ cmdline_short = NULL; - opt_user = NULL; - local_agent_handle = NULL; - -@@ -802,7 +804,6 @@ main (int argc, char *argv[]) - polkit_details_insert (details, "program", path); - polkit_details_insert (details, "command_line", command_line); - -- gchar *cmdline_short = NULL; - cmdline_short = g_strdup(command_line); - if (strlen(command_line) > 80) - g_stpcpy(g_stpcpy( cmdline_short + 38, " ... " ), --- -GitLab diff --git a/sys-auth/polkit/polkit-123.ebuild b/sys-auth/polkit/polkit-123.ebuild deleted file mode 100644 index b693b926940d..000000000000 --- a/sys-auth/polkit/polkit-123.ebuild +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..11} ) -inherit meson pam pax-utils python-any-r1 systemd xdg-utils - -DESCRIPTION="Policy framework for controlling privileges for system-wide services" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://github.com/polkit-org/polkit" -if [[ ${PV} == *_p* ]] ; then - # Upstream don't make releases very often. Test snapshots throughly - # and review commits, but don't shy away if there's useful stuff there - # we want. - MY_COMMIT="" - SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${MY_COMMIT}/polkit-${MY_COMMIT}.tar.bz2 -> ${P}.tar.bz2" - - S="${WORKDIR}"/${PN}-${MY_COMMIT} -else - SRC_URI="https://gitlab.freedesktop.org/polkit/polkit/-/archive/${PV}/${P}.tar.bz2" -fi - -LICENSE="LGPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" -IUSE="+daemon +duktape examples gtk +introspection kde pam selinux systemd test" -# https://gitlab.freedesktop.org/polkit/polkit/-/issues/181 for test restriction -RESTRICT="!test? ( test ) test" - -# This seems to be fixed with 121? -#if [[ ${PV} == *_p* ]] ; then -# RESTRICT="!test? ( test )" -#else -# # Tests currently don't work with meson in the dist tarballs. See -# # https://gitlab.freedesktop.org/polkit/polkit/-/issues/144 -# RESTRICT="test" -#fi - -BDEPEND=" - acct-user/polkitd - app-text/docbook-xml-dtd:4.1.2 - app-text/docbook-xsl-stylesheets - dev-libs/glib - dev-libs/gobject-introspection-common - dev-libs/libxslt - dev-util/glib-utils - sys-devel/gettext - virtual/pkgconfig - introspection? ( >=dev-libs/gobject-introspection-0.6.2 ) - test? ( - $(python_gen_any_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/python-dbusmock[${PYTHON_USEDEP}] - ') - ) -" -DEPEND=" - >=dev-libs/glib-2.32:2 - dev-libs/expat - daemon? ( - duktape? ( dev-lang/duktape:= ) - !duktape? ( dev-lang/spidermonkey:102[-debug] ) - ) - pam? ( - sys-auth/pambase - sys-libs/pam - ) - !pam? ( virtual/libcrypt:= ) - systemd? ( sys-apps/systemd:0=[policykit] ) - !systemd? ( sys-auth/elogind ) -" -RDEPEND=" - ${DEPEND} - acct-user/polkitd - selinux? ( sec-policy/selinux-policykit ) -" -PDEPEND=" - gtk? ( || ( - >=gnome-extra/polkit-gnome-0.105 - >=lxde-base/lxsession-0.5.2 - ) ) - kde? ( kde-plasma/polkit-kde-agent ) -" - -DOCS=( docs/TODO HACKING.md NEWS.md README.md ) - -QA_MULTILIB_PATHS=" - usr/lib/polkit-1/polkit-agent-helper-1 - usr/lib/polkit-1/polkitd -" - -PATCHES=( - "${FILESDIR}"/${P}-mozjs-JIT.patch - "${FILESDIR}"/${P}-pkexec-uninitialized.patch -) - -python_check_deps() { - python_has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && - python_has_version "dev-python/python-dbusmock[${PYTHON_USEDEP}]" -} - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_prepare() { - default - - # bug #401513 - sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die -} - -src_configure() { - xdg_environment_reset - - local emesonargs=( - --localstatedir="${EPREFIX}"/var - -Dauthfw="$(usex pam pam shadow)" - -Dexamples=false - -Dgtk_doc=false - -Dman=true - -Dos_type=gentoo - -Dsession_tracking="$(usex systemd libsystemd-login libelogind)" - -Dsystemdsystemunitdir="$(systemd_get_systemunitdir)" - -Djs_engine=$(usex duktape duktape mozjs) - $(meson_use !daemon libs-only) - $(meson_use introspection) - $(meson_use test tests) - $(usex pam "-Dpam_module_dir=$(getpam_mod_dir)" '') - ) - meson_src_configure -} - -src_compile() { - meson_src_compile - - # Required for polkitd on hardened/PaX due to spidermonkey's JIT - pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest -} - -src_install() { - meson_src_install - - if use examples ; then - docinto examples - dodoc src/examples/{*.c,*.policy*} - fi - - if use daemon; then - if [[ ${EUID} == 0 ]]; then - diropts -m 0700 -o polkitd - fi - keepdir /etc/polkit-1/rules.d - fi -} - -pkg_postinst() { - if use daemon && [[ ${EUID} == 0 ]]; then - chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d - fi -} |