diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-28 19:12:29 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 23:39:35 +0200 |
commit | 646a5c1cbfd95873950a87b5f75d52073a967023 (patch) | |
tree | b8b8d2ab3b0d432ea69ad1a64d1c789649d65020 /source/l/polkit | |
parent | d31c50870d0bee042ce660e445c9294a59a3a65b (diff) | |
download | current-646a5c1cbfd95873950a87b5f75d52073a967023.tar.gz current-646a5c1cbfd95873950a87b5f75d52073a967023.tar.xz |
Mon May 28 19:12:29 UTC 201820180528191229
a/pkgtools-15.0-noarch-13.txz: Rebuilt.
installpkg: default line length for --terselength is the number of columns.
removepkg: added --terse mode.
upgradepkg: default line length for --terselength is the number of columns.
upgradepkg: accept -option in addition to --option.
ap/vim-8.1.0026-x86_64-1.txz: Upgraded.
d/bison-3.0.5-x86_64-1.txz: Upgraded.
e/emacs-26.1-x86_64-1.txz: Upgraded.
kde/kopete-4.14.3-x86_64-8.txz: Rebuilt.
Recompiled against libidn-1.35.
n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded.
n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded.
n/libnftnl-1.1.0-x86_64-1.txz: Upgraded.
n/links-2.16-x86_64-2.txz: Rebuilt.
Rebuilt to enable X driver for -g mode.
n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded.
n/nftables-0.8.5-x86_64-1.txz: Upgraded.
n/p11-kit-0.23.11-x86_64-1.txz: Upgraded.
n/ulogd-2.0.7-x86_64-1.txz: Upgraded.
n/whois-5.3.1-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/l/polkit')
6 files changed, 257 insertions, 9 deletions
diff --git a/source/l/polkit/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch b/source/l/polkit/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch new file mode 100644 index 000000000..1d319fd69 --- /dev/null +++ b/source/l/polkit/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch @@ -0,0 +1,27 @@ +From f529fa4ac03f491678c7520d7a2d1c05491feab1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com> +Date: Sat, 12 Mar 2016 03:40:20 +0100 +Subject: [PATCH 01/16] Fix a memory leak of PolkitAgentListener's Server + object + +https://bugs.freedesktop.org/show_bug.cgi?id=94506 +--- + src/polkitagent/polkitagentlistener.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 491e4b9..4704b03 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -129,6 +129,8 @@ server_free (Server *server) + g_object_unref (server->subject); + + g_free (server->object_path); ++ ++ g_free (server); + } + + static gboolean +-- +2.13.0 + diff --git a/source/l/polkit/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch b/source/l/polkit/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch new file mode 100644 index 000000000..b3bf1056b --- /dev/null +++ b/source/l/polkit/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch @@ -0,0 +1,49 @@ +From 004bd37d0b33eb39372bd0e0bed8ab9c1ac2c50c Mon Sep 17 00:00:00 2001 +From: Philip Withnall <philip.withnall@collabora.co.uk> +Date: Fri, 22 Apr 2016 12:34:18 +0100 +Subject: [PATCH 04/16] polkit: Add g_autoptr() support for GObject-derived + polkit types +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add G_DEFINE_AUTOPTR_CLEANUP_FUNC calls to polkittypes.h, so that +g_autoptr() can be used with polkit objects. + +This is conditional on GLib ≥ 2.44.0 being available. It does not bump +polkit’s dependency on GLib. + +https://bugs.freedesktop.org/show_bug.cgi?id=95065 +--- + src/polkit/polkittypes.h | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/src/polkit/polkittypes.h b/src/polkit/polkittypes.h +index 3de1778..e0cf653 100644 +--- a/src/polkit/polkittypes.h ++++ b/src/polkit/polkittypes.h +@@ -64,4 +64,21 @@ typedef struct _PolkitTemporaryAuthorization PolkitTemporaryAuthorization; + struct _PolkitPermission; + typedef struct _PolkitPermission PolkitPermission; + ++#if GLIB_CHECK_VERSION(2, 44, 0) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitAuthority, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitActionDescription, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitSubject, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixProcess, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixSession, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitSystemBusName, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitIdentity, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixUser, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixGroup, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixNetgroup, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitAuthorizationResult, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitDetails, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitTemporaryAuthorization, g_object_unref) ++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitPermission, g_object_unref) ++#endif ++ + #endif /* __POLKIT_TYPES_H */ +-- +2.13.0 + diff --git a/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch b/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch new file mode 100644 index 000000000..b5d8ae0fe --- /dev/null +++ b/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch @@ -0,0 +1,127 @@ +From daf3d5c2d15466a267221fcb099c59c870098e03 Mon Sep 17 00:00:00 2001 +From: Philip Withnall <philip.withnall@collabora.co.uk> +Date: Thu, 19 May 2016 10:08:08 +0100 +Subject: [PATCH 05/16] data: Set GIO_USE_VFS=local in the environment + +There is no need for polkit to ever use GVFS to load files from +non-local sources, so it's best to avoid loading GVFS code, and to just +rely on the local implementation in GIO instead. This reduces the attack +surface of polkit. + +Implemented for the daemon, pkaction, pkcheck, pkexec and pkttyagent, +because none of them need remote file access. + +https://bugs.freedesktop.org/show_bug.cgi?id=95487 +--- + src/polkitbackend/polkitd.c | 4 ++++ + src/programs/pkaction.c | 4 ++++ + src/programs/pkcheck.c | 4 ++++ + src/programs/pkexec.c | 3 +++ + src/programs/pkttyagent.c | 4 ++++ + 5 files changed, 19 insertions(+) + +diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c +index d1527fb..8d54ed7 100644 +--- a/src/polkitbackend/polkitd.c ++++ b/src/polkitbackend/polkitd.c +@@ -22,6 +22,7 @@ + #include "config.h" + + #include <signal.h> ++#include <stdlib.h> + + #include <glib-unix.h> + +@@ -169,6 +170,9 @@ main (int argc, + sigint_id = 0; + registration_id = NULL; + ++ /* Disable remote file access from GIO. */ ++ setenv ("GIO_USE_VFS", "local", 1); ++ + g_type_init (); + + opt_context = g_option_context_new ("polkit system daemon"); +diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c +index f17a7dc..221662a 100644 +--- a/src/programs/pkaction.c ++++ b/src/programs/pkaction.c +@@ -24,6 +24,7 @@ + #endif + + #include <stdio.h> ++#include <stdlib.h> + #include <glib/gi18n.h> + #include <polkit/polkit.h> + +@@ -121,6 +122,9 @@ main (int argc, char *argv[]) + actions = NULL; + ret = 1; + ++ /* Disable remote file access from GIO. */ ++ setenv ("GIO_USE_VFS", "local", 1); ++ + g_type_init (); + + opt_show_version = FALSE; +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index 5781893..33db128 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -24,6 +24,7 @@ + #endif + + #include <stdio.h> ++#include <stdlib.h> + #include <glib/gi18n.h> + #include <polkit/polkit.h> + #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE +@@ -362,6 +363,9 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ /* Disable remote file access from GIO. */ ++ setenv ("GIO_USE_VFS", "local", 1); ++ + g_type_init (); + + details = polkit_details_new (); +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 50de92c..3b29b24 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -503,6 +503,9 @@ main (int argc, char *argv[]) + opt_user = NULL; + local_agent_handle = NULL; + ++ /* Disable remote file access from GIO. */ ++ setenv ("GIO_USE_VFS", "local", 1); ++ + /* check for correct invocation */ + if (geteuid () != 0) + { +diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c +index 423b728..8aac7dd 100644 +--- a/src/programs/pkttyagent.c ++++ b/src/programs/pkttyagent.c +@@ -24,6 +24,7 @@ + #endif + + #include <stdio.h> ++#include <stdlib.h> + #include <glib/gi18n.h> + #include <polkit/polkit.h> + #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE +@@ -74,6 +75,9 @@ main (int argc, char *argv[]) + guint ret = 126; + GVariantBuilder builder; + ++ /* Disable remote file access from GIO. */ ++ setenv ("GIO_USE_VFS", "local", 1); ++ + g_type_init (); + + error = NULL; +-- +2.13.0 + diff --git a/source/l/polkit/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch b/source/l/polkit/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch new file mode 100644 index 000000000..24e4bc461 --- /dev/null +++ b/source/l/polkit/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch @@ -0,0 +1,28 @@ +From df6488c0a5b2a6c7a2d4f6a55008263635c5571b Mon Sep 17 00:00:00 2001 +From: Rui Matos <tiagomatos@gmail.com> +Date: Thu, 2 Mar 2017 14:50:31 +0100 +Subject: [PATCH 15/16] polkitpermission: Fix a memory leak on authority + changes + +Signed-off-by: Rui Matos <tiagomatos@gmail.com> + +https://bugs.freedesktop.org/show_bug.cgi?id=99741 +--- + src/polkit/polkitpermission.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c +index f8a666e..f264094 100644 +--- a/src/polkit/polkitpermission.c ++++ b/src/polkit/polkitpermission.c +@@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, + if (result != NULL) + { + process_result (permission, result); ++ g_object_unref (result); + } + else + { +-- +2.13.0 + diff --git a/source/l/polkit/polkit.SlackBuild b/source/l/polkit/polkit.SlackBuild index 0d89e18b6..2d0e92457 100755 --- a/source/l/polkit/polkit.SlackBuild +++ b/source/l/polkit/polkit.SlackBuild @@ -1,8 +1,8 @@ -#!/bin/sh +#!/bin/bash # Copyright 2009, 2011, 2015 Robby Workman, Northport, Alabama, USA # Copyright 2010 Eric Hameleers, Eindhoven, NL -# Copyright 2009, 2010, 2011, 2012, 2013 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2009, 2010, 2011, 2012, 2013, 2018 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # Redistribution and use of this script, with or without modification, is @@ -22,10 +22,11 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +cd $(dirname $0) ; CWD=$(pwd) PKGNAM=polkit VERSION=${VERSION:-$(echo $PKGNAM-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-4} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -37,9 +38,16 @@ if [ -z "$ARCH" ]; then esac fi +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + NUMJOBS=${NUMJOBS:--j6} -CWD=$(pwd) TMP=${TMP:-/tmp} PKG=$TMP/package-$PKGNAM @@ -74,6 +82,12 @@ find . \ zcat $CWD/dont-set-wheel-group-as-admin.diff.gz | patch -p1 || exit 1 +# Add some patches from git +zcat $CWD/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch | patch -p1 || exit 1 +zcat $CWD/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch | patch -p1 || exit 1 +zcat $CWD/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch | patch -p1 || exit 1 +zcat $CWD/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch | patch -p1 || exit 1 + # If we get here and don't have a polkitd user/group, add one. # Otherwise a few directories in the package will have wrong permissions. if ! grep -q "^polkitd:" /etc/passwd ; then @@ -99,12 +113,15 @@ CXXFLAGS="$SLKCFLAGS" \ --with-authfw=shadow \ --enable-verbose-mode \ --with-os-type=Slackware \ - --build=$ARCH-slackware-linux + --build=$ARCH-slackware-linux || exit 1 # Build and install: make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + # Create homedir for polkit. This is mentioned in /etc/passwd, but isn't # actually used for anything later. Perms don't matter. mkdir -p $PKG/var/lib/polkit diff --git a/source/l/polkit/slack-desc b/source/l/polkit/slack-desc index 006d8a8e5..ebb01658d 100644 --- a/source/l/polkit/slack-desc +++ b/source/l/polkit/slack-desc @@ -1,8 +1,8 @@ # HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line +# The "handy ruler" below makes it easier to edit a package description. Line # up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. |-----handy-ruler-----------------------------------------------------| @@ -10,7 +10,7 @@ polkit: polkit (authentication framework) polkit: polkit: PolicyKit is an application-level toolkit for defining and handling polkit: the policy that allows unprivileged processes to speak to privileged -polkit: processes. PolicyKit is specifically targeting applications in rich +polkit: processes. PolicyKit is specifically targeting applications in rich polkit: desktop environments on multi-user UNIX-like operating systems. polkit: polkit: |