Compare commits
No commits in common. "rawhide" and "f22" have entirely different histories.
17
.gitignore
vendored
17
.gitignore
vendored
@ -24,20 +24,3 @@ polkit-0.98.tar.gz
|
|||||||
/polkit-0.112.tar.gz.sign
|
/polkit-0.112.tar.gz.sign
|
||||||
/polkit-0.113.tar.gz
|
/polkit-0.113.tar.gz
|
||||||
/polkit-0.113.tar.gz.sign
|
/polkit-0.113.tar.gz.sign
|
||||||
/polkit-0.114.tar.gz
|
|
||||||
/polkit-0.114.tar.gz.sign
|
|
||||||
/polkit-0.115.tar.gz
|
|
||||||
/polkit-0.115.tar.gz.sign
|
|
||||||
/polkit-0.116.tar.gz
|
|
||||||
/polkit-0.116.tar.gz.sign
|
|
||||||
/polkit-0.117.tar.gz
|
|
||||||
/polkit-0.117.tar.gz.sign
|
|
||||||
/polkit-0.118.tar.gz
|
|
||||||
/polkit-0.118.tar.gz.sign
|
|
||||||
/polkit-0.120.tar.gz
|
|
||||||
/polkit-0.120.tar.gz.sign
|
|
||||||
/polkit-121.tar.gz
|
|
||||||
/polkit-121.tar.gz.sign
|
|
||||||
/polkit-121.tar.xz
|
|
||||||
/polkit-121.tar.xz.sign
|
|
||||||
/polkit-122.tar.gz
|
|
||||||
|
103
92.patch
103
92.patch
@ -1,103 +0,0 @@
|
|||||||
From 4910132853ad68dbe8f4e7710dd098120d1b9b95 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Xi Ruoyao <xry111@mengyan1223.wang>
|
|
||||||
Date: Tue, 25 Jan 2022 19:19:30 +0800
|
|
||||||
Subject: [PATCH 1/3] jsauthority: ensure to call JS_Init() and JS_ShutDown()
|
|
||||||
exactly once
|
|
||||||
|
|
||||||
Before this commit, we were calling JS_Init() in
|
|
||||||
polkit_backend_js_authority_class_init and never called JS_ShutDown.
|
|
||||||
This is actually a misusage of SpiderMonkey API. Quote from a comment
|
|
||||||
in js/Initialization.h (both mozjs-78 and mozjs-91):
|
|
||||||
|
|
||||||
It is currently not possible to initialize SpiderMonkey multiple
|
|
||||||
times (that is, calling JS_Init/JSAPI methods/JS_ShutDown in that
|
|
||||||
order, then doing so again).
|
|
||||||
|
|
||||||
This misusage does not cause severe issues with mozjs-78. However, when
|
|
||||||
we eventually port jsauthority to use mozjs-91, bad thing will happen:
|
|
||||||
see the test failure mentioned in #150.
|
|
||||||
|
|
||||||
This commit is tested with both mozjs-78 and mozjs-91, all tests pass
|
|
||||||
with it.
|
|
||||||
---
|
|
||||||
src/polkitbackend/polkitbackendjsauthority.cpp | 9 +++++++--
|
|
||||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
index ca17108..b22c34e 100644
|
|
||||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
@@ -75,6 +75,13 @@
|
|
||||||
|
|
||||||
/* ---------------------------------------------------------------------------------------------------- */
|
|
||||||
|
|
||||||
+static class JsInitHelperType
|
|
||||||
+{
|
|
||||||
+public:
|
|
||||||
+ JsInitHelperType() { JS_Init(); }
|
|
||||||
+ ~JsInitHelperType() { JS_ShutDown(); }
|
|
||||||
+} JsInitHelper;
|
|
||||||
+
|
|
||||||
struct _PolkitBackendJsAuthorityPrivate
|
|
||||||
{
|
|
||||||
gchar **rules_dirs;
|
|
||||||
@@ -589,7 +596,6 @@ polkit_backend_js_authority_finalize (GObject *object)
|
|
||||||
delete authority->priv->js_polkit;
|
|
||||||
|
|
||||||
JS_DestroyContext (authority->priv->cx);
|
|
||||||
- /* JS_ShutDown (); */
|
|
||||||
|
|
||||||
G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object);
|
|
||||||
}
|
|
||||||
@@ -666,7 +672,6 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
|
|
||||||
|
|
||||||
g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate));
|
|
||||||
|
|
||||||
- JS_Init ();
|
|
||||||
}
|
|
||||||
|
|
||||||
/* ---------------------------------------------------------------------------------------------------- */
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
||||||
|
|
||||||
From 2b5f49a4e4266d2c327ef55e6df121511e23236b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Xi Ruoyao <xry111@mengyan1223.wang>
|
|
||||||
Date: Tue, 25 Jan 2022 19:20:58 +0800
|
|
||||||
Subject: [PATCH 2/3] jsauthority: port to mozjs-91
|
|
||||||
|
|
||||||
---
|
|
||||||
configure.ac | 2 +-
|
|
||||||
meson.build | 2 +-
|
|
||||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index e434ca2..6783ee7 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
|
||||||
AC_SUBST(GLIB_CFLAGS)
|
|
||||||
AC_SUBST(GLIB_LIBS)
|
|
||||||
|
|
||||||
-PKG_CHECK_MODULES(LIBJS, [mozjs-78])
|
|
||||||
+PKG_CHECK_MODULES(LIBJS, [mozjs-91])
|
|
||||||
|
|
||||||
AC_SUBST(LIBJS_CFLAGS)
|
|
||||||
AC_SUBST(LIBJS_CXXFLAGS)
|
|
||||||
--
|
|
||||||
diff --git a/meson.build b/meson.build
|
|
||||||
index 858078d..09cce0f 100644
|
|
||||||
--- a/meson.build
|
|
||||||
+++ b/meson.build
|
|
||||||
@@ -133,7 +133,7 @@ expat_dep = dependency('expat')
|
|
||||||
assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.')
|
|
||||||
assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.')
|
|
||||||
|
|
||||||
-mozjs_dep = dependency('mozjs-78')
|
|
||||||
+mozjs_dep = dependency('mozjs-91')
|
|
||||||
|
|
||||||
dbus_dep = dependency('dbus-1', required: false)
|
|
||||||
dbus_policydir = pk_prefix / pk_datadir / 'dbus-1/system.d'
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
@ -1,71 +0,0 @@
|
|||||||
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
|
|
||||||
index 8ed1363..2fbf5f1 100644
|
|
||||||
--- a/src/polkit/polkitsystembusname.c
|
|
||||||
+++ b/src/polkit/polkitsystembusname.c
|
|
||||||
@@ -62,6 +62,10 @@ enum
|
|
||||||
PROP_NAME,
|
|
||||||
};
|
|
||||||
|
|
||||||
+
|
|
||||||
+guint8 dbus_call_respond_fails; // has to be global because of callback
|
|
||||||
+
|
|
||||||
+
|
|
||||||
static void subject_iface_init (PolkitSubjectIface *subject_iface);
|
|
||||||
|
|
||||||
G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
|
|
||||||
@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
|
|
||||||
if (!v)
|
|
||||||
{
|
|
||||||
data->caught_error = TRUE;
|
|
||||||
+ dbus_call_respond_fails += 1;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
|
||||||
tmp_context = g_main_context_new ();
|
|
||||||
g_main_context_push_thread_default (tmp_context);
|
|
||||||
|
|
||||||
+ dbus_call_respond_fails = 0;
|
|
||||||
+
|
|
||||||
/* Do two async calls as it's basically as fast as one sync call.
|
|
||||||
*/
|
|
||||||
g_dbus_connection_call (connection,
|
|
||||||
@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
|
||||||
on_retrieved_unix_uid_pid,
|
|
||||||
&data);
|
|
||||||
|
|
||||||
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
|
|
||||||
- g_main_context_iteration (tmp_context, TRUE);
|
|
||||||
+ while (TRUE)
|
|
||||||
+ {
|
|
||||||
+ /* If one dbus call returns error, we must wait until the other call
|
|
||||||
+ * calls _call_finish(), otherwise fd leak is possible.
|
|
||||||
+ * Resolves: GHSL-2021-077
|
|
||||||
+ */
|
|
||||||
|
|
||||||
- if (data.caught_error)
|
|
||||||
- goto out;
|
|
||||||
+ if ( (dbus_call_respond_fails > 1) )
|
|
||||||
+ {
|
|
||||||
+ // we got two faults, we can leave
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
|
|
||||||
+ {
|
|
||||||
+ // we got one fault and the other call finally finished, we can leave
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ( !(data.retrieved_uid && data.retrieved_pid) )
|
|
||||||
+ {
|
|
||||||
+ g_main_context_iteration (tmp_context, TRUE);
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (out_uid)
|
|
||||||
*out_uid = data.uid;
|
|
@ -1,79 +0,0 @@
|
|||||||
From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jan Rybar <jrybar@redhat.com>
|
|
||||||
Date: Tue, 25 Jan 2022 17:21:46 +0000
|
|
||||||
Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
|
|
||||||
|
|
||||||
---
|
|
||||||
src/programs/pkcheck.c | 5 +++++
|
|
||||||
src/programs/pkexec.c | 23 ++++++++++++++++++++---
|
|
||||||
2 files changed, 25 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
|
|
||||||
index f1bb4e1..768525c 100644
|
|
||||||
--- a/src/programs/pkcheck.c
|
|
||||||
+++ b/src/programs/pkcheck.c
|
|
||||||
@@ -363,6 +363,11 @@ main (int argc, char *argv[])
|
|
||||||
local_agent_handle = NULL;
|
|
||||||
ret = 126;
|
|
||||||
|
|
||||||
+ if (argc < 1)
|
|
||||||
+ {
|
|
||||||
+ exit(126);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Disable remote file access from GIO. */
|
|
||||||
setenv ("GIO_USE_VFS", "local", 1);
|
|
||||||
|
|
||||||
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
|
|
||||||
index 7698c5c..84e5ef6 100644
|
|
||||||
--- a/src/programs/pkexec.c
|
|
||||||
+++ b/src/programs/pkexec.c
|
|
||||||
@@ -488,6 +488,15 @@ main (int argc, char *argv[])
|
|
||||||
pid_t pid_of_caller;
|
|
||||||
gpointer local_agent_handle;
|
|
||||||
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
|
|
||||||
+ */
|
|
||||||
+ if (argc<1)
|
|
||||||
+ {
|
|
||||||
+ exit(127);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
ret = 127;
|
|
||||||
authority = NULL;
|
|
||||||
subject = NULL;
|
|
||||||
@@ -614,10 +623,10 @@ main (int argc, char *argv[])
|
|
||||||
|
|
||||||
path = g_strdup (pwstruct.pw_shell);
|
|
||||||
if (!path)
|
|
||||||
- {
|
|
||||||
+ {
|
|
||||||
g_printerr ("No shell configured or error retrieving pw_shell\n");
|
|
||||||
goto out;
|
|
||||||
- }
|
|
||||||
+ }
|
|
||||||
/* If you change this, be sure to change the if (!command_line)
|
|
||||||
case below too */
|
|
||||||
command_line = g_strdup (path);
|
|
||||||
@@ -636,7 +645,15 @@ main (int argc, char *argv[])
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
g_free (path);
|
|
||||||
- argv[n] = path = s;
|
|
||||||
+ path = s;
|
|
||||||
+
|
|
||||||
+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
|
|
||||||
+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
|
|
||||||
+ */
|
|
||||||
+ if (argv[n] != NULL)
|
|
||||||
+ {
|
|
||||||
+ argv[n] = path;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
if (access (path, F_OK) != 0)
|
|
||||||
{
|
|
||||||
--
|
|
||||||
GitLab
|
|
||||||
|
|
@ -1,90 +0,0 @@
|
|||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index eea70fc..c4569f1 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -34,7 +34,7 @@ AC_PROG_LN_S
|
|
||||||
AC_SYS_LARGEFILE
|
|
||||||
AM_PROG_CC_C_O
|
|
||||||
AC_PROG_CXX
|
|
||||||
-AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
|
|
||||||
+AX_CXX_COMPILE_STDCXX([17], [], [mandatory])
|
|
||||||
|
|
||||||
# Taken from dbus
|
|
||||||
AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
|
|
||||||
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
|
||||||
AC_SUBST(GLIB_CFLAGS)
|
|
||||||
AC_SUBST(GLIB_LIBS)
|
|
||||||
|
|
||||||
-PKG_CHECK_MODULES(LIBJS, [mozjs-68])
|
|
||||||
+PKG_CHECK_MODULES(LIBJS, [mozjs-78])
|
|
||||||
|
|
||||||
AC_SUBST(LIBJS_CFLAGS)
|
|
||||||
AC_SUBST(LIBJS_CXXFLAGS)
|
|
||||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
index 25bd1f9..ca17108 100644
|
|
||||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
@@ -49,6 +49,7 @@
|
|
||||||
#include <js/Realm.h>
|
|
||||||
#include <js/SourceText.h>
|
|
||||||
#include <js/Warnings.h>
|
|
||||||
+#include <js/Array.h>
|
|
||||||
#include <jsapi.h>
|
|
||||||
|
|
||||||
#include "initjs.h" /* init.js */
|
|
||||||
@@ -367,7 +368,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
|
|
||||||
static void
|
|
||||||
reload_scripts (PolkitBackendJsAuthority *authority)
|
|
||||||
{
|
|
||||||
- JS::AutoValueArray<1> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<1> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
|
|
||||||
JS::RootedObject js_polkit(authority->priv->cx, authority->priv->js_polkit->get ());
|
|
||||||
@@ -482,10 +483,6 @@ polkit_backend_js_authority_constructed (GObject *object)
|
|
||||||
if (!JS::InitSelfHostedCode (authority->priv->cx))
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
- JS::ContextOptionsRef (authority->priv->cx)
|
|
||||||
- .setIon (TRUE)
|
|
||||||
- .setBaseline (TRUE)
|
|
||||||
- .setAsmJS (TRUE);
|
|
||||||
JS::SetWarningReporter(authority->priv->cx, report_error);
|
|
||||||
JS_SetContextPrivate (authority->priv->cx, authority);
|
|
||||||
|
|
||||||
@@ -720,7 +717,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
|
|
||||||
elems[n].setNull ();
|
|
||||||
}
|
|
||||||
|
|
||||||
- JS::RootedObject array_object(authority->priv->cx, JS_NewArrayObject (authority->priv->cx, elems));
|
|
||||||
+ JS::RootedObject array_object(authority->priv->cx, JS::NewArrayObject (authority->priv->cx, elems));
|
|
||||||
|
|
||||||
value_jsval = JS::ObjectValue (*array_object);
|
|
||||||
JS_SetProperty (authority->priv->cx, obj, name, value_jsval);
|
|
||||||
@@ -1114,7 +1111,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
|
|
||||||
{
|
|
||||||
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
|
|
||||||
GList *ret = NULL;
|
|
||||||
- JS::AutoValueArray<2> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<2> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
guint n;
|
|
||||||
GError *error = NULL;
|
|
||||||
@@ -1218,7 +1215,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
|
|
||||||
{
|
|
||||||
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
|
|
||||||
PolkitImplicitAuthorization ret = implicit;
|
|
||||||
- JS::AutoValueArray<2> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<2> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
GError *error = NULL;
|
|
||||||
JS::RootedString ret_jsstr (authority->priv->cx);
|
|
||||||
@@ -1409,7 +1406,7 @@ js_polkit_spawn (JSContext *cx,
|
|
||||||
JS::CallArgs args = JS::CallArgsFromVp (js_argc, vp);
|
|
||||||
array_object = &args[0].toObject();
|
|
||||||
|
|
||||||
- if (!JS_GetArrayLength (cx, array_object, &array_len))
|
|
||||||
+ if (!JS::GetArrayLength (cx, array_object, &array_len))
|
|
||||||
{
|
|
||||||
JS_ReportErrorUTF8 (cx, "Failed to get array length");
|
|
||||||
goto out;
|
|
253
polkit.spec
253
polkit.spec
@ -1,34 +1,39 @@
|
|||||||
# Only enable if using patches that touches configure.ac,
|
# Only enable if using patches that touches configure.ac,
|
||||||
# Makefile.am or other build system related files
|
# Makefile.am or other build system related files
|
||||||
#
|
#
|
||||||
|
#define enable_autoreconf 1
|
||||||
|
|
||||||
Summary: An authorization framework
|
Summary: An authorization framework
|
||||||
Name: polkit
|
Name: polkit
|
||||||
Version: 122
|
Version: 0.113
|
||||||
Release: 4%{?dist}
|
Release: 4%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.freedesktop.org/wiki/Software/polkit
|
URL: http://www.freedesktop.org/wiki/Software/polkit
|
||||||
Source0: https://gitlab.freedesktop.org/polkit/polkit/-/archive/%{version}/%{name}-%{version}.tar.gz
|
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||||
|
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
|
||||||
BuildRequires: gcc-c++
|
Group: System Environment/Libraries
|
||||||
BuildRequires: glib2-devel >= 2.30.0
|
BuildRequires: glib2-devel >= 2.30.0
|
||||||
BuildRequires: expat-devel
|
BuildRequires: expat-devel
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
BuildRequires: gtk-doc
|
BuildRequires: gtk-doc
|
||||||
BuildRequires: gettext-devel
|
BuildRequires: intltool
|
||||||
BuildRequires: gobject-introspection-devel
|
BuildRequires: gobject-introspection-devel
|
||||||
BuildRequires: systemd, systemd-devel
|
BuildRequires: systemd, systemd-devel
|
||||||
BuildRequires: dbus-devel
|
BuildRequires: mozjs17-devel
|
||||||
BuildRequires: pkgconfig(duktape)
|
|
||||||
BuildRequires: meson
|
%if 0%{?enable_autoreconf}
|
||||||
BuildRequires: git
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake
|
||||||
|
BuildRequires: libtool
|
||||||
|
%endif
|
||||||
|
|
||||||
Requires: dbus, polkit-pkla-compat
|
Requires: dbus, polkit-pkla-compat
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Requires(post): systemd
|
Requires(post): /sbin/ldconfig, systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): /sbin/ldconfig, systemd
|
||||||
|
|
||||||
Obsoletes: PolicyKit <= 0.10
|
Obsoletes: PolicyKit <= 0.10
|
||||||
Provides: PolicyKit = 0.11
|
Provides: PolicyKit = 0.11
|
||||||
@ -40,7 +45,7 @@ Conflicts: polkit-gnome < 0.97
|
|||||||
Obsoletes: polkit-desktop-policy < 0.103
|
Obsoletes: polkit-desktop-policy < 0.103
|
||||||
Provides: polkit-desktop-policy = 0.103
|
Provides: polkit-desktop-policy = 0.103
|
||||||
|
|
||||||
Obsoletes: polkit-js-engine < 0.120-5
|
Obsoletes: polkit-js-engine < 0.110-4
|
||||||
Provides: polkit-js-engine = %{version}-%{release}
|
Provides: polkit-js-engine = %{version}-%{release}
|
||||||
|
|
||||||
# when -libs was split out, handle multilib upgrade path -- rex
|
# when -libs was split out, handle multilib upgrade path -- rex
|
||||||
@ -53,6 +58,7 @@ processes.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for polkit
|
Summary: Development files for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %name-docs = %{version}-%{release}
|
Requires: %name-docs = %{version}-%{release}
|
||||||
Requires: glib2-devel
|
Requires: glib2-devel
|
||||||
@ -64,6 +70,7 @@ Development files for polkit.
|
|||||||
|
|
||||||
%package docs
|
%package docs
|
||||||
Summary: Development documentation for polkit
|
Summary: Development documentation for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: %name-devel = %{version}-%{release}
|
Requires: %name-devel = %{version}-%{release}
|
||||||
Obsoletes: PolicyKit-docs <= 0.10
|
Obsoletes: PolicyKit-docs <= 0.10
|
||||||
Provides: PolicyKit-docs = 0.11
|
Provides: PolicyKit-docs = 0.11
|
||||||
@ -74,35 +81,40 @@ Development documentation for polkit.
|
|||||||
|
|
||||||
%package libs
|
%package libs
|
||||||
Summary: Libraries for polkit
|
Summary: Libraries for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
|
|
||||||
%description libs
|
%description libs
|
||||||
Libraries files for polkit.
|
Libraries files for polkit.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -S git
|
%setup -q
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%meson -D authfw=pam \
|
%if 0%{?enable_autoreconf}
|
||||||
-D examples=false \
|
autoreconf -i
|
||||||
-D gtk_doc=true \
|
%endif
|
||||||
-D introspection=true \
|
# we can't use _hardened_build here, see
|
||||||
-D man=true \
|
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
|
||||||
-D session_tracking=libsystemd-login \
|
export CFLAGS='-fPIC %optflags'
|
||||||
-D tests=false
|
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
|
||||||
|
%configure --enable-gtk-doc \
|
||||||
%meson_build
|
--disable-static \
|
||||||
|
--enable-introspection \
|
||||||
|
--disable-examples \
|
||||||
|
--enable-libsystemd-login=yes --with-mozjs=mozjs-17.0
|
||||||
|
make V=1
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%meson_install
|
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
||||||
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
|
||||||
%find_lang polkit-1
|
%find_lang polkit-1
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
getent group polkitd >/dev/null || groupadd -r -g 114 polkitd
|
getent group polkitd >/dev/null || groupadd -r polkitd
|
||||||
getent passwd polkitd >/dev/null || useradd -r -u 114 -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
|
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%post
|
%post
|
||||||
@ -118,20 +130,20 @@ exit 0
|
|||||||
%systemd_postun_with_restart polkit.service
|
%systemd_postun_with_restart polkit.service
|
||||||
|
|
||||||
%files -f polkit-1.lang
|
%files -f polkit-1.lang
|
||||||
%doc COPYING NEWS.md README.md
|
%defattr(-,root,root,-)
|
||||||
|
%doc COPYING NEWS README
|
||||||
%{_datadir}/man/man1/*
|
%{_datadir}/man/man1/*
|
||||||
%{_datadir}/man/man8/*
|
%{_datadir}/man/man8/*
|
||||||
%{_datadir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
|
|
||||||
%{_datadir}/dbus-1/system-services/*
|
%{_datadir}/dbus-1/system-services/*
|
||||||
%{_unitdir}/polkit.service
|
%{_unitdir}/polkit.service
|
||||||
%dir %{_datadir}/polkit-1/
|
%dir %{_datadir}/polkit-1/
|
||||||
%dir %{_datadir}/polkit-1/actions
|
%dir %{_datadir}/polkit-1/actions
|
||||||
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
|
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
|
||||||
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
|
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
|
||||||
%{_datadir}/polkit-1/policyconfig-1.dtd
|
|
||||||
%dir %{_sysconfdir}/polkit-1
|
%dir %{_sysconfdir}/polkit-1
|
||||||
%{_datadir}/polkit-1/rules.d/50-default.rules
|
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
|
||||||
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
|
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
|
||||||
|
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
|
||||||
%{_sysconfdir}/pam.d/polkit-1
|
%{_sysconfdir}/pam.d/polkit-1
|
||||||
%{_bindir}/pkaction
|
%{_bindir}/pkaction
|
||||||
%{_bindir}/pkcheck
|
%{_bindir}/pkcheck
|
||||||
@ -144,199 +156,24 @@ exit 0
|
|||||||
%attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1
|
%attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
|
%defattr(-,root,root,-)
|
||||||
%{_libdir}/lib*.so
|
%{_libdir}/lib*.so
|
||||||
%{_libdir}/pkgconfig/*.pc
|
%{_libdir}/pkgconfig/*.pc
|
||||||
%{_datadir}/gir-1.0/*.gir
|
%{_datadir}/gir-1.0/*.gir
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
%{_datadir}/gettext/its/polkit.its
|
|
||||||
%{_datadir}/gettext/its/polkit.loc
|
|
||||||
|
|
||||||
%files docs
|
%files docs
|
||||||
|
%defattr(-,root,root,-)
|
||||||
%{_datadir}/gtk-doc
|
%{_datadir}/gtk-doc
|
||||||
|
|
||||||
%ldconfig_scriptlets libs
|
%post libs -p /sbin/ldconfig
|
||||||
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%files libs
|
%files libs
|
||||||
%{_libdir}/lib*.so.*
|
%{_libdir}/lib*.so.*
|
||||||
%{_libdir}/girepository-1.0/*.typelib
|
%{_libdir}/girepository-1.0/*.typelib
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Feb 08 2023 Jan Rybar <jrybar@redhat.com> - 122-4
|
|
||||||
- Switch 'polkitd' to static UID/GID (fpc#1189) (on behalf of lucab)
|
|
||||||
- Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2104615
|
|
||||||
|
|
||||||
|
|
||||||
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 122-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Dec 16 2022 František Zatloukal <fzatlouk@redhat.com> - 122-2
|
|
||||||
- Rebuilt for duktape 2.7.0
|
|
||||||
|
|
||||||
* Wed Oct 26 2022 Vincent Mihalkovic <vmihalko@redhat.com> - 122-1
|
|
||||||
- rebase to 122
|
|
||||||
|
|
||||||
* Mon Aug 15 2022 Jan Rybar <jrybar@redhat.com> - 121-4
|
|
||||||
- duktape re-enabled
|
|
||||||
|
|
||||||
* Tue Aug 02 2022 Jan Rybar <jrybar@redhat.com> - 121-3
|
|
||||||
- switched back to mozjs until problems with duktape are fixed
|
|
||||||
- Related: bz#2109145
|
|
||||||
|
|
||||||
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 121-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jul 12 2022 Jan Rybar <jrybar@redhat.com> - 121-1
|
|
||||||
- Rebase to v.121
|
|
||||||
|
|
||||||
* Sun Feb 20 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 0.120-5
|
|
||||||
- switch to mozjs91
|
|
||||||
|
|
||||||
* Wed Feb 16 2022 Jan Rybar <jrybar@redhat.com> - 0.120-4
|
|
||||||
- file descriptor exhaustion (GHSL-2021-077)
|
|
||||||
- Resolves: CVE-2021-4115
|
|
||||||
|
|
||||||
* Wed Jan 26 2022 Timothée Ravier <tim@siosm.fr> - 0.120-3
|
|
||||||
- Fix for CVE-2021-4034
|
|
||||||
|
|
||||||
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.120-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Oct 06 2021 Pete Walter <pwalter@fedoraproject.org> - 0.120-1
|
|
||||||
- Update to 0.120
|
|
||||||
|
|
||||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.118-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu May 20 2021 Jan Rybar <jrybar@redhat.com> - 0.118-2
|
|
||||||
- CVE-2021-3560 mitigation
|
|
||||||
- Resolves: CVE-2021-3560
|
|
||||||
|
|
||||||
* Mon Apr 26 2021 Jan Rybar <jrybar@redhat.com> - 0.118-1
|
|
||||||
- rebase to 0.118
|
|
||||||
|
|
||||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.117-4
|
|
||||||
- Rebuilt for updated systemd-rpm-macros
|
|
||||||
See https://pagure.io/fesco/issue/2583.
|
|
||||||
|
|
||||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.117-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Aug 12 2020 Jan Rybar <jrybar@redhat.com> - 0.117-2
|
|
||||||
- update dependency to mozjs78
|
|
||||||
|
|
||||||
* Fri Jul 31 2020 Jan Rybar <jrybar@redhat.com> - 0.117-1
|
|
||||||
- Rebased to polkit-0.117
|
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-9
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jul 22 2020 Tom Stellard <tstellar@redhat.com> - 0.116-8
|
|
||||||
- Use make macros
|
|
||||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
|
||||||
|
|
||||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-7
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Oct 25 2019 Jan Rybar <jrybar@redhat.com> - 0.116-6
|
|
||||||
- jsauthority memleak fix
|
|
||||||
|
|
||||||
* Fri Sep 27 2019 Jan Rybar <jrybar@redhat.com> - 0.116-5
|
|
||||||
- pkttyagent: unread input flushed on terminal restore
|
|
||||||
|
|
||||||
* Sun Sep 08 2019 Kalev Lember <klember@redhat.com> - 0.116-4
|
|
||||||
- Rebuilt for mozjs60 s390x fixes
|
|
||||||
|
|
||||||
* Fri Aug 02 2019 Jan Rybar <jrybar@redhat.com> - 0.116-3
|
|
||||||
- pkttyagent: backport patch, get SIGTTOU in background job
|
|
||||||
|
|
||||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu May 02 2019 Pete Walter <pwalter@fedoraproject.org> - 0.116-1
|
|
||||||
- Update to 0.116
|
|
||||||
|
|
||||||
* Thu Feb 14 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
|
|
||||||
- pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
|
|
||||||
|
|
||||||
* Fri Feb 08 2019 Pete Walter <pwalter@fedoraproject.org> - 0.115-10
|
|
||||||
- Move to mozjs60
|
|
||||||
|
|
||||||
* Tue Feb 05 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
|
|
||||||
- Allow uid=-1 for PolkitUnixProcess
|
|
||||||
|
|
||||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-8
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jan 08 2019 Colin Walters <walters@verbum.org> - 0.115-7
|
|
||||||
- Add security fix for
|
|
||||||
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
|
|
||||||
|
|
||||||
* Fri Dec 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-6
|
|
||||||
- Fix of CVE-2018-19788, priv escalation with high UIDs
|
|
||||||
- Resolves: rhbz#1655926
|
|
||||||
|
|
||||||
* Thu Sep 27 2018 Owen Taylor <otaylor@redhat.com> - 0.115-5
|
|
||||||
- Fix installation with prefix != /usr
|
|
||||||
|
|
||||||
* Mon Aug 13 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
|
|
||||||
- Leaking zombie processess started by rules
|
|
||||||
|
|
||||||
* Fri Jul 20 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
|
|
||||||
- Warning raised by polkit when disconnected from ssh
|
|
||||||
- polkitagentlistener: resource leak - pointer to 'server'
|
|
||||||
- Error message raised on every 'systemctl start' in emergency.target
|
|
||||||
|
|
||||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
|
|
||||||
- Update to 0.115 (CVE-2018-1116)
|
|
||||||
|
|
||||||
* Tue Apr 03 2018 Ray Strode <rstrode@redhat.com> - 0.114-1
|
|
||||||
- Update to 0.114
|
|
||||||
|
|
||||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-16
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-15
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-14
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Apr 13 2017 Richard Hughes <rhughes@redhat.com> - 0.113-13
|
|
||||||
- Add the its files from upstream.
|
|
||||||
|
|
||||||
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-12
|
|
||||||
- Fix a memory leak in PolkitPermission.
|
|
||||||
Patch by Rui Matos <tiagomatos@gmail.com>
|
|
||||||
Resolves: #1433915
|
|
||||||
|
|
||||||
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-11
|
|
||||||
- Revert back to the state in 0.113-7, undoing the untested changes.
|
|
||||||
|
|
||||||
* Tue Apr 4 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.113-10
|
|
||||||
- Move to an upstream snapshot, rebase patches
|
|
||||||
|
|
||||||
* Fri Mar 31 2017 Rex Dieter <rdieter@fedoraproject.org> - 0.113-9
|
|
||||||
- restore Provides: polkit-desktop-policy polkit-js-engine
|
|
||||||
|
|
||||||
* Thu Mar 30 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.113-8
|
|
||||||
- Use %%license, license needs to be in -libs as it's the only guaranteed installed package
|
|
||||||
- Move to mozjs38
|
|
||||||
- Other upstream fixes
|
|
||||||
- Spec cleanups
|
|
||||||
|
|
||||||
* Mon Feb 13 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-7
|
|
||||||
- Fix memory leaks when calling authentication agents
|
|
||||||
Resolves: #1380166
|
|
||||||
|
|
||||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-6
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jul 14 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-4
|
* Tue Jul 14 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-4
|
||||||
- Bump the Obsoletes: to < 0.113-3 to account for the non-split 0.113-2.fc21
|
- Bump the Obsoletes: to < 0.113-3 to account for the non-split 0.113-2.fc21
|
||||||
Resolves: #1243004
|
Resolves: #1243004
|
||||||
|
3
sources
3
sources
@ -1 +1,2 @@
|
|||||||
SHA512 (polkit-122.tar.gz) = 6f537b218133777c1a9ef6b38296b4e17263d86b783acce4ce895ef3b507bb1b482d4b88bc410ab8846ce7cc7b84e82c4109f80f535190a351d7d2683b8608f3
|
4b77776c9e4f897dcfe03b2c34198edf polkit-0.113.tar.gz
|
||||||
|
86b92a63394de618898b43f5722e9fe2 polkit-0.113.tar.gz.sign
|
||||||
|
Loading…
Reference in New Issue
Block a user