summaryrefslogtreecommitdiffstats
path: root/source/l/polkit
diff options
context:
space:
mode:
Diffstat (limited to 'source/l/polkit')
-rw-r--r--source/l/polkit/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch27
-rw-r--r--source/l/polkit/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch49
-rw-r--r--source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch127
-rw-r--r--source/l/polkit/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch28
-rwxr-xr-xsource/l/polkit/polkit.SlackBuild27
-rw-r--r--source/l/polkit/slack-desc8
6 files changed, 257 insertions, 9 deletions
diff --git a/source/l/polkit/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch b/source/l/polkit/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch
new file mode 100644
index 000000000..1d319fd69
--- /dev/null
+++ b/source/l/polkit/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch
@@ -0,0 +1,27 @@
+From f529fa4ac03f491678c7520d7a2d1c05491feab1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
+Date: Sat, 12 Mar 2016 03:40:20 +0100
+Subject: [PATCH 01/16] Fix a memory leak of PolkitAgentListener's Server
+ object
+
+https://bugs.freedesktop.org/show_bug.cgi?id=94506
+---
+ src/polkitagent/polkitagentlistener.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c
+index 491e4b9..4704b03 100644
+--- a/src/polkitagent/polkitagentlistener.c
++++ b/src/polkitagent/polkitagentlistener.c
+@@ -129,6 +129,8 @@ server_free (Server *server)
+ g_object_unref (server->subject);
+
+ g_free (server->object_path);
++
++ g_free (server);
+ }
+
+ static gboolean
+--
+2.13.0
+
diff --git a/source/l/polkit/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch b/source/l/polkit/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch
new file mode 100644
index 000000000..b3bf1056b
--- /dev/null
+++ b/source/l/polkit/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch
@@ -0,0 +1,49 @@
+From 004bd37d0b33eb39372bd0e0bed8ab9c1ac2c50c Mon Sep 17 00:00:00 2001
+From: Philip Withnall <philip.withnall@collabora.co.uk>
+Date: Fri, 22 Apr 2016 12:34:18 +0100
+Subject: [PATCH 04/16] polkit: Add g_autoptr() support for GObject-derived
+ polkit types
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add G_DEFINE_AUTOPTR_CLEANUP_FUNC calls to polkittypes.h, so that
+g_autoptr() can be used with polkit objects.
+
+This is conditional on GLib ≥ 2.44.0 being available. It does not bump
+polkit’s dependency on GLib.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=95065
+---
+ src/polkit/polkittypes.h | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/src/polkit/polkittypes.h b/src/polkit/polkittypes.h
+index 3de1778..e0cf653 100644
+--- a/src/polkit/polkittypes.h
++++ b/src/polkit/polkittypes.h
+@@ -64,4 +64,21 @@ typedef struct _PolkitTemporaryAuthorization PolkitTemporaryAuthorization;
+ struct _PolkitPermission;
+ typedef struct _PolkitPermission PolkitPermission;
+
++#if GLIB_CHECK_VERSION(2, 44, 0)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitAuthority, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitActionDescription, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitSubject, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixProcess, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixSession, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitSystemBusName, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitIdentity, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixUser, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixGroup, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitUnixNetgroup, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitAuthorizationResult, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitDetails, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitTemporaryAuthorization, g_object_unref)
++G_DEFINE_AUTOPTR_CLEANUP_FUNC (PolkitPermission, g_object_unref)
++#endif
++
+ #endif /* __POLKIT_TYPES_H */
+--
+2.13.0
+
diff --git a/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch b/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch
new file mode 100644
index 000000000..b5d8ae0fe
--- /dev/null
+++ b/source/l/polkit/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch
@@ -0,0 +1,127 @@
+From daf3d5c2d15466a267221fcb099c59c870098e03 Mon Sep 17 00:00:00 2001
+From: Philip Withnall <philip.withnall@collabora.co.uk>
+Date: Thu, 19 May 2016 10:08:08 +0100
+Subject: [PATCH 05/16] data: Set GIO_USE_VFS=local in the environment
+
+There is no need for polkit to ever use GVFS to load files from
+non-local sources, so it's best to avoid loading GVFS code, and to just
+rely on the local implementation in GIO instead. This reduces the attack
+surface of polkit.
+
+Implemented for the daemon, pkaction, pkcheck, pkexec and pkttyagent,
+because none of them need remote file access.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=95487
+---
+ src/polkitbackend/polkitd.c | 4 ++++
+ src/programs/pkaction.c | 4 ++++
+ src/programs/pkcheck.c | 4 ++++
+ src/programs/pkexec.c | 3 +++
+ src/programs/pkttyagent.c | 4 ++++
+ 5 files changed, 19 insertions(+)
+
+diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c
+index d1527fb..8d54ed7 100644
+--- a/src/polkitbackend/polkitd.c
++++ b/src/polkitbackend/polkitd.c
+@@ -22,6 +22,7 @@
+ #include "config.h"
+
+ #include <signal.h>
++#include <stdlib.h>
+
+ #include <glib-unix.h>
+
+@@ -169,6 +170,9 @@ main (int argc,
+ sigint_id = 0;
+ registration_id = NULL;
+
++ /* Disable remote file access from GIO. */
++ setenv ("GIO_USE_VFS", "local", 1);
++
+ g_type_init ();
+
+ opt_context = g_option_context_new ("polkit system daemon");
+diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c
+index f17a7dc..221662a 100644
+--- a/src/programs/pkaction.c
++++ b/src/programs/pkaction.c
+@@ -24,6 +24,7 @@
+ #endif
+
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <glib/gi18n.h>
+ #include <polkit/polkit.h>
+
+@@ -121,6 +122,9 @@ main (int argc, char *argv[])
+ actions = NULL;
+ ret = 1;
+
++ /* Disable remote file access from GIO. */
++ setenv ("GIO_USE_VFS", "local", 1);
++
+ g_type_init ();
+
+ opt_show_version = FALSE;
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index 5781893..33db128 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -24,6 +24,7 @@
+ #endif
+
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <glib/gi18n.h>
+ #include <polkit/polkit.h>
+ #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
+@@ -362,6 +363,9 @@ main (int argc, char *argv[])
+ local_agent_handle = NULL;
+ ret = 126;
+
++ /* Disable remote file access from GIO. */
++ setenv ("GIO_USE_VFS", "local", 1);
++
+ g_type_init ();
+
+ details = polkit_details_new ();
+diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
+index 50de92c..3b29b24 100644
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -503,6 +503,9 @@ main (int argc, char *argv[])
+ opt_user = NULL;
+ local_agent_handle = NULL;
+
++ /* Disable remote file access from GIO. */
++ setenv ("GIO_USE_VFS", "local", 1);
++
+ /* check for correct invocation */
+ if (geteuid () != 0)
+ {
+diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
+index 423b728..8aac7dd 100644
+--- a/src/programs/pkttyagent.c
++++ b/src/programs/pkttyagent.c
+@@ -24,6 +24,7 @@
+ #endif
+
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <glib/gi18n.h>
+ #include <polkit/polkit.h>
+ #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
+@@ -74,6 +75,9 @@ main (int argc, char *argv[])
+ guint ret = 126;
+ GVariantBuilder builder;
+
++ /* Disable remote file access from GIO. */
++ setenv ("GIO_USE_VFS", "local", 1);
++
+ g_type_init ();
+
+ error = NULL;
+--
+2.13.0
+
diff --git a/source/l/polkit/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch b/source/l/polkit/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch
new file mode 100644
index 000000000..24e4bc461
--- /dev/null
+++ b/source/l/polkit/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch
@@ -0,0 +1,28 @@
+From df6488c0a5b2a6c7a2d4f6a55008263635c5571b Mon Sep 17 00:00:00 2001
+From: Rui Matos <tiagomatos@gmail.com>
+Date: Thu, 2 Mar 2017 14:50:31 +0100
+Subject: [PATCH 15/16] polkitpermission: Fix a memory leak on authority
+ changes
+
+Signed-off-by: Rui Matos <tiagomatos@gmail.com>
+
+https://bugs.freedesktop.org/show_bug.cgi?id=99741
+---
+ src/polkit/polkitpermission.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c
+index f8a666e..f264094 100644
+--- a/src/polkit/polkitpermission.c
++++ b/src/polkit/polkitpermission.c
+@@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object,
+ if (result != NULL)
+ {
+ process_result (permission, result);
++ g_object_unref (result);
+ }
+ else
+ {
+--
+2.13.0
+
diff --git a/source/l/polkit/polkit.SlackBuild b/source/l/polkit/polkit.SlackBuild
index 0d89e18b6..2d0e92457 100755
--- a/source/l/polkit/polkit.SlackBuild
+++ b/source/l/polkit/polkit.SlackBuild
@@ -1,8 +1,8 @@
-#!/bin/sh
+#!/bin/bash
# Copyright 2009, 2011, 2015 Robby Workman, Northport, Alabama, USA
# Copyright 2010 Eric Hameleers, Eindhoven, NL
-# Copyright 2009, 2010, 2011, 2012, 2013 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2009, 2010, 2011, 2012, 2013, 2018 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
# Redistribution and use of this script, with or without modification, is
@@ -22,10 +22,11 @@
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=polkit
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-4}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -37,9 +38,16 @@ if [ -z "$ARCH" ]; then
esac
fi
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
NUMJOBS=${NUMJOBS:--j6}
-CWD=$(pwd)
TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM
@@ -74,6 +82,12 @@ find . \
zcat $CWD/dont-set-wheel-group-as-admin.diff.gz | patch -p1 || exit 1
+# Add some patches from git
+zcat $CWD/0001-Fix-a-memory-leak-of-PolkitAgentListener-s-Server-ob.patch | patch -p1 || exit 1
+zcat $CWD/0004-polkit-Add-g_autoptr-support-for-GObject-derived-pol.patch | patch -p1 || exit 1
+zcat $CWD/0005-data-Set-GIO_USE_VFS-local-in-the-environment.patch | patch -p1 || exit 1
+zcat $CWD/0015-polkitpermission-Fix-a-memory-leak-on-authority-chan.patch | patch -p1 || exit 1
+
# If we get here and don't have a polkitd user/group, add one.
# Otherwise a few directories in the package will have wrong permissions.
if ! grep -q "^polkitd:" /etc/passwd ; then
@@ -99,12 +113,15 @@ CXXFLAGS="$SLKCFLAGS" \
--with-authfw=shadow \
--enable-verbose-mode \
--with-os-type=Slackware \
- --build=$ARCH-slackware-linux
+ --build=$ARCH-slackware-linux || exit 1
# Build and install:
make $NUMJOBS || make || exit 1
make install DESTDIR=$PKG || exit 1
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
# Create homedir for polkit. This is mentioned in /etc/passwd, but isn't
# actually used for anything later. Perms don't matter.
mkdir -p $PKG/var/lib/polkit
diff --git a/source/l/polkit/slack-desc b/source/l/polkit/slack-desc
index 006d8a8e5..ebb01658d 100644
--- a/source/l/polkit/slack-desc
+++ b/source/l/polkit/slack-desc
@@ -1,8 +1,8 @@
# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
+# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler-----------------------------------------------------|
@@ -10,7 +10,7 @@ polkit: polkit (authentication framework)
polkit:
polkit: PolicyKit is an application-level toolkit for defining and handling
polkit: the policy that allows unprivileged processes to speak to privileged
-polkit: processes. PolicyKit is specifically targeting applications in rich
+polkit: processes. PolicyKit is specifically targeting applications in rich
polkit: desktop environments on multi-user UNIX-like operating systems.
polkit:
polkit: