Compare commits
No commits in common. "c9" and "c8" have entirely different histories.
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,2 +1 @@
|
|||||||
SOURCES/firefox-78.10.0esr.source.tar.xz
|
SOURCES/polkit-0.115.tar.gz
|
||||||
SOURCES/polkit-0.117.tar.gz
|
|
||||||
|
@ -1,2 +1 @@
|
|||||||
547bac33732774993bd8223de9acfeedcc69a10d SOURCES/firefox-78.10.0esr.source.tar.xz
|
208b7e44fcf0f515d067d37307af9ea1419eb305 SOURCES/polkit-0.115.tar.gz
|
||||||
0c375fa621bc9f74f2972e00fb517a408f419adf SOURCES/polkit-0.117.tar.gz
|
|
||||||
|
@ -1,30 +0,0 @@
|
|||||||
From db3a0a25b97377b388532b23e73a10d246f66496 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
|
|
||||||
Date: Mon, 3 Aug 2020 10:27:00 +0200
|
|
||||||
Subject: [PATCH] Skip failing tests on ppc64 and s390x
|
|
||||||
|
|
||||||
ppc64 and s390x: non262/extensions/clone-errors.js
|
|
||||||
s390x: test262/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-other-type.js
|
|
||||||
---
|
|
||||||
js/src/tests/jstests.list | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/js/src/tests/jstests.list b/js/src/tests/jstests.list
|
|
||||||
index 4085ce3..4f014f5 100644
|
|
||||||
--- a/js/src/tests/jstests.list
|
|
||||||
+++ b/js/src/tests/jstests.list
|
|
||||||
@@ -56,6 +56,11 @@ skip-if(!this.hasOwnProperty('addIntlExtras')) include test262/intl402/DisplayNa
|
|
||||||
skip-if(!this.hasOwnProperty("Atomics")) include test262/built-ins/Atomics/jstests.list
|
|
||||||
skip-if(!this.hasOwnProperty("SharedArrayBuffer")) include test262/built-ins/SharedArrayBuffer/jstests.list
|
|
||||||
|
|
||||||
+# Crashes on s390x and ppc64, avoid it
|
|
||||||
+skip-if(xulRuntime.XPCOMABI.match(/s390x|ppc64-/)) script non262/extensions/clone-errors.js
|
|
||||||
+
|
|
||||||
+# Crashes on s390x, avoid it
|
|
||||||
+skip-if(xulRuntime.XPCOMABI.match(/s390x/)) script test262/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-other-type.js
|
|
||||||
|
|
||||||
#####################################
|
|
||||||
# Test262 tests disabled on browser #
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,118 +0,0 @@
|
|||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/archlinux.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/archlinux.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/archlinux.py.D94538-autoconf2.diff 2021-02-25 13:53:04.963982705 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/archlinux.py 2021-02-25 13:53:25.713053151 +0100
|
|
||||||
@@ -26,7 +26,6 @@ class ArchlinuxBootstrapper(
|
|
||||||
'''Archlinux experimental bootstrapper.'''
|
|
||||||
|
|
||||||
SYSTEM_PACKAGES = [
|
|
||||||
- 'autoconf2.13',
|
|
||||||
'base-devel',
|
|
||||||
'nodejs',
|
|
||||||
'python2',
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/centosfedora.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/centosfedora.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/centosfedora.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/centosfedora.py 2021-02-25 13:53:04.963982705 +0100
|
|
||||||
@@ -26,7 +26,6 @@ class CentOSFedoraBootstrapper(
|
|
||||||
# For CentOS 7, later versions of nodejs come from nodesource
|
|
||||||
# and include the npm package.
|
|
||||||
self.packages = [
|
|
||||||
- 'autoconf213',
|
|
||||||
'nodejs',
|
|
||||||
'which',
|
|
||||||
]
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/debian.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/debian.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/debian.py.D94538-autoconf2.diff 2021-02-25 13:53:04.963982705 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/debian.py 2021-02-25 13:53:42.874111415 +0100
|
|
||||||
@@ -32,7 +32,6 @@ class DebianBootstrapper(
|
|
||||||
# These are common packages for all Debian-derived distros (such as
|
|
||||||
# Ubuntu).
|
|
||||||
COMMON_PACKAGES = [
|
|
||||||
- 'autoconf2.13',
|
|
||||||
'build-essential',
|
|
||||||
'nodejs',
|
|
||||||
'python-setuptools',
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/freebsd.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/freebsd.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/freebsd.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/freebsd.py 2021-02-25 13:53:04.963982705 +0100
|
|
||||||
@@ -15,7 +15,6 @@ class FreeBSDBootstrapper(BaseBootstrapp
|
|
||||||
self.flavor = flavor.lower()
|
|
||||||
|
|
||||||
self.packages = [
|
|
||||||
- 'autoconf213',
|
|
||||||
'gmake',
|
|
||||||
'gtar',
|
|
||||||
'pkgconf',
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/gentoo.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/gentoo.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/gentoo.py.D94538-autoconf2.diff 2021-02-17 08:49:38.000000000 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/gentoo.py 2021-02-25 13:53:04.963982705 +0100
|
|
||||||
@@ -36,7 +36,6 @@ class GentooBootstrapper(
|
|
||||||
def ensure_system_packages(self):
|
|
||||||
self.run_as_root(['emerge', '--noreplace', '--quiet',
|
|
||||||
'app-arch/zip',
|
|
||||||
- 'sys-devel/autoconf:2.1'
|
|
||||||
])
|
|
||||||
|
|
||||||
def ensure_browser_packages(self, artifact_mode=False):
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/openbsd.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/openbsd.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/openbsd.py.D94538-autoconf2.diff 2021-02-17 08:49:15.000000000 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/openbsd.py 2021-02-25 13:53:04.964982709 +0100
|
|
||||||
@@ -12,7 +12,6 @@ class OpenBSDBootstrapper(BaseBootstrapp
|
|
||||||
BaseBootstrapper.__init__(self, **kwargs)
|
|
||||||
|
|
||||||
self.packages = [
|
|
||||||
- 'autoconf-2.13',
|
|
||||||
'gmake',
|
|
||||||
'gtar',
|
|
||||||
'rust',
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/opensuse.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/opensuse.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/opensuse.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/opensuse.py 2021-02-25 13:53:04.964982709 +0100
|
|
||||||
@@ -13,7 +13,6 @@ class OpenSUSEBootstrapper(
|
|
||||||
'''openSUSE experimental bootstrapper.'''
|
|
||||||
|
|
||||||
SYSTEM_PACKAGES = [
|
|
||||||
- 'autoconf213',
|
|
||||||
'nodejs',
|
|
||||||
'npm',
|
|
||||||
'which',
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/osx.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/osx.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/osx.py.D94538-autoconf2.diff 2021-02-25 13:53:04.964982709 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/osx.py 2021-02-25 13:54:07.162193882 +0100
|
|
||||||
@@ -353,7 +353,6 @@ class OSXBootstrapper(BaseBootstrapper):
|
|
||||||
# least on 10.8) and because the build system wants a version
|
|
||||||
# newer than what Apple ships.
|
|
||||||
packages = [
|
|
||||||
- 'autoconf@2.13',
|
|
||||||
'git',
|
|
||||||
'gnu-tar',
|
|
||||||
'node',
|
|
||||||
@@ -428,7 +427,6 @@ class OSXBootstrapper(BaseBootstrapper):
|
|
||||||
'python27',
|
|
||||||
'python36',
|
|
||||||
'py27-gnureadline',
|
|
||||||
- 'autoconf213',
|
|
||||||
'gnutar',
|
|
||||||
'watchman',
|
|
||||||
'nodejs8'
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/solus.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/solus.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/solus.py.D94538-autoconf2.diff 2021-02-25 13:53:04.964982709 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/solus.py 2021-02-25 13:53:32.090074802 +0100
|
|
||||||
@@ -23,7 +23,6 @@ class SolusBootstrapper(
|
|
||||||
'''Solus experimental bootstrapper.'''
|
|
||||||
|
|
||||||
SYSTEM_PACKAGES = [
|
|
||||||
- 'autoconf213',
|
|
||||||
'nodejs',
|
|
||||||
'python',
|
|
||||||
'python3',
|
|
||||||
diff -up firefox-78.8.0/python/mozboot/mozboot/windows.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/windows.py
|
|
||||||
--- firefox-78.8.0/python/mozboot/mozboot/windows.py.D94538-autoconf2.diff 2021-02-17 08:49:34.000000000 +0100
|
|
||||||
+++ firefox-78.8.0/python/mozboot/mozboot/windows.py 2021-02-25 13:53:04.978982756 +0100
|
|
||||||
@@ -48,7 +48,6 @@ class WindowsBootstrapper(BaseBootstrapp
|
|
||||||
'patch',
|
|
||||||
'patchutils',
|
|
||||||
'diffutils',
|
|
||||||
- 'autoconf2.13',
|
|
||||||
'tar',
|
|
||||||
'zip',
|
|
||||||
'unzip',
|
|
@ -1,12 +0,0 @@
|
|||||||
--- a/js/public/StructuredClone.h
|
|
||||||
+++ b/js/public/StructuredClone.h
|
|
||||||
@@ -381,7 +381,7 @@ enum OwnTransferablePolicy {
|
|
||||||
namespace js {
|
|
||||||
class SharedArrayRawBuffer;
|
|
||||||
|
|
||||||
-class SharedArrayRawBufferRefs {
|
|
||||||
+class JS_PUBLIC_API SharedArrayRawBufferRefs {
|
|
||||||
public:
|
|
||||||
SharedArrayRawBufferRefs() = default;
|
|
||||||
SharedArrayRawBufferRefs(SharedArrayRawBufferRefs&& other) = default;
|
|
||||||
--
|
|
@ -1,38 +0,0 @@
|
|||||||
From 3b3c8e37cca418e07bdeceaf3a601805df28d925 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
|
|
||||||
Date: Wed, 15 Jul 2020 08:27:39 +0200
|
|
||||||
Subject: [PATCH] build: Copy headers on install instead of symlinking
|
|
||||||
|
|
||||||
Patch by Philip Chimento ported forward to mozjs78
|
|
||||||
---
|
|
||||||
python/mozbuild/mozbuild/backend/recursivemake.py | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/mozbuild/mozbuild/backend/recursivemake.py b/python/mozbuild/mozbuild/backend/recursivemake.py
|
|
||||||
index e3fc8fe..bed5ae9 100644
|
|
||||||
--- a/python/mozbuild/mozbuild/backend/recursivemake.py
|
|
||||||
+++ b/python/mozbuild/mozbuild/backend/recursivemake.py
|
|
||||||
@@ -1457,9 +1457,9 @@ class RecursiveMakeBackend(MakeBackend):
|
|
||||||
raise Exception("Wildcards are only supported in the filename part"
|
|
||||||
" of srcdir-relative or absolute paths.")
|
|
||||||
|
|
||||||
- install_manifest.add_pattern_link(basepath, wild, path)
|
|
||||||
+ install_manifest.add_pattern_copy(basepath, wild, path)
|
|
||||||
else:
|
|
||||||
- install_manifest.add_pattern_link(f.srcdir, f, path)
|
|
||||||
+ install_manifest.add_pattern_copy(f.srcdir, f, path)
|
|
||||||
elif isinstance(f, AbsolutePath):
|
|
||||||
if not f.full_path.lower().endswith(('.dll', '.pdb', '.so')):
|
|
||||||
raise Exception("Absolute paths installed to FINAL_TARGET_FILES must"
|
|
||||||
@@ -1468,7 +1468,7 @@ class RecursiveMakeBackend(MakeBackend):
|
|
||||||
install_manifest.add_optional_exists(dest)
|
|
||||||
absolute_files.append(f.full_path)
|
|
||||||
else:
|
|
||||||
- install_manifest.add_link(f.full_path, dest)
|
|
||||||
+ install_manifest.add_copy(f.full_path, dest)
|
|
||||||
else:
|
|
||||||
install_manifest.add_optional_exists(dest)
|
|
||||||
objdir_files.append(self._pretty_path(f, backend_file))
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,35 +0,0 @@
|
|||||||
From fd6847c9416f9eebde636e21d794d25d1be8791d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Mike Hommey <mh@glandium.org>
|
|
||||||
Date: Sat, 1 Jun 2019 09:06:01 +0900
|
|
||||||
Subject: [PATCH] Bug 1526653 - Include struct definitions for user_vfp and
|
|
||||||
user_vfp_exc.
|
|
||||||
|
|
||||||
---
|
|
||||||
js/src/wasm/WasmSignalHandlers.cpp | 11 ++++++++++-
|
|
||||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/js/src/wasm/WasmSignalHandlers.cpp b/js/src/wasm/WasmSignalHandlers.cpp
|
|
||||||
index 636537f8478..383c380f04c 100644
|
|
||||||
--- a/js/src/wasm/WasmSignalHandlers.cpp
|
|
||||||
+++ b/js/src/wasm/WasmSignalHandlers.cpp
|
|
||||||
@@ -249,7 +249,16 @@ using mozilla::DebugOnly;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
|
|
||||||
-# include <sys/user.h>
|
|
||||||
+struct user_vfp {
|
|
||||||
+ unsigned long long fpregs[32];
|
|
||||||
+ unsigned long fpscr;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+struct user_vfp_exc {
|
|
||||||
+ unsigned long fpexc;
|
|
||||||
+ unsigned long fpinst;
|
|
||||||
+ unsigned long fpinst2;
|
|
||||||
+};
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(ANDROID)
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -1,61 +0,0 @@
|
|||||||
From d1d785c169345b81c76213f6dd9be32b4db60294 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
|
|
||||||
Date: Wed, 15 Jul 2020 08:39:47 +0200
|
|
||||||
Subject: [PATCH] Build: allow LOCAL_INCLUDES paths with topsrcdir or topobjdir
|
|
||||||
|
|
||||||
---
|
|
||||||
python/mozbuild/mozbuild/frontend/emitter.py | 6 ------
|
|
||||||
.../mozbuild/test/frontend/test_emitter.py | 20 -------------------
|
|
||||||
2 files changed, 26 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/python/mozbuild/mozbuild/frontend/emitter.py b/python/mozbuild/mozbuild/frontend/emitter.py
|
|
||||||
index 8d5ab8e..65c43ff 100644
|
|
||||||
--- a/python/mozbuild/mozbuild/frontend/emitter.py
|
|
||||||
+++ b/python/mozbuild/mozbuild/frontend/emitter.py
|
|
||||||
@@ -1239,12 +1239,6 @@ class TreeMetadataEmitter(LoggingMixin):
|
|
||||||
'is a filename, but a directory is required: %s '
|
|
||||||
'(resolved to %s)' % (local_include, full_path),
|
|
||||||
context)
|
|
||||||
- if (full_path == context.config.topsrcdir or
|
|
||||||
- full_path == context.config.topobjdir):
|
|
||||||
- raise SandboxValidationError(
|
|
||||||
- 'Path specified in LOCAL_INCLUDES '
|
|
||||||
- '(%s) resolves to the topsrcdir or topobjdir (%s), which is '
|
|
||||||
- 'not allowed' % (local_include, full_path), context)
|
|
||||||
include_obj = LocalInclude(context, local_include)
|
|
||||||
local_includes.append(include_obj.path.full_path)
|
|
||||||
yield include_obj
|
|
||||||
diff --git a/python/mozbuild/mozbuild/test/frontend/test_emitter.py b/python/mozbuild/mozbuild/test/frontend/test_emitter.py
|
|
||||||
index e8cbd81..d45ccee 100644
|
|
||||||
--- a/python/mozbuild/mozbuild/test/frontend/test_emitter.py
|
|
||||||
+++ b/python/mozbuild/mozbuild/test/frontend/test_emitter.py
|
|
||||||
@@ -1040,26 +1040,6 @@ class TestEmitterBasic(unittest.TestCase):
|
|
||||||
|
|
||||||
self.assertEqual(local_includes, expected)
|
|
||||||
|
|
||||||
- def test_local_includes_invalid(self):
|
|
||||||
- """Test that invalid LOCAL_INCLUDES are properly detected."""
|
|
||||||
- reader = self.reader('local_includes-invalid/srcdir')
|
|
||||||
-
|
|
||||||
- with six.assertRaisesRegex(
|
|
||||||
- self,
|
|
||||||
- SandboxValidationError,
|
|
||||||
- 'Path specified in LOCAL_INCLUDES.*resolves to the '
|
|
||||||
- 'topsrcdir or topobjdir'):
|
|
||||||
- self.read_topsrcdir(reader)
|
|
||||||
-
|
|
||||||
- reader = self.reader('local_includes-invalid/objdir')
|
|
||||||
-
|
|
||||||
- with six.assertRaisesRegex(
|
|
||||||
- self,
|
|
||||||
- SandboxValidationError,
|
|
||||||
- 'Path specified in LOCAL_INCLUDES.*resolves to the '
|
|
||||||
- 'topsrcdir or topobjdir'):
|
|
||||||
- self.read_topsrcdir(reader)
|
|
||||||
-
|
|
||||||
def test_local_includes_file(self):
|
|
||||||
"""Test that a filename can't be used in LOCAL_INCLUDES."""
|
|
||||||
reader = self.reader('local_includes-filename')
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,34 +0,0 @@
|
|||||||
From: Simon McVittie <smcv@debian.org>
|
|
||||||
Date: Mon, 9 Oct 2017 09:23:14 +0100
|
|
||||||
Subject: icu_sources_data: Write command output to our stderr
|
|
||||||
|
|
||||||
Saying "See output in /tmp/foobar" is all very well for a developer
|
|
||||||
build, but on a buildd our /tmp is going to get thrown away after
|
|
||||||
the build. Just log the usual way instead.
|
|
||||||
---
|
|
||||||
intl/icu_sources_data.py | 7 ++-----
|
|
||||||
1 file changed, 2 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/intl/icu_sources_data.py b/intl/icu_sources_data.py
|
|
||||||
index 8cf9290..7d2d983 100644
|
|
||||||
--- a/intl/icu_sources_data.py
|
|
||||||
+++ b/intl/icu_sources_data.py
|
|
||||||
@@ -190,16 +190,13 @@ def update_sources(topsrcdir):
|
|
||||||
|
|
||||||
def try_run(name, command, cwd=None, **kwargs):
|
|
||||||
try:
|
|
||||||
- with tempfile.NamedTemporaryFile(prefix=name, delete=False) as f:
|
|
||||||
- subprocess.check_call(command, cwd=cwd, stdout=f,
|
|
||||||
- stderr=subprocess.STDOUT, **kwargs)
|
|
||||||
+ subprocess.check_call(command, cwd=cwd, stdout=sys.stderr,
|
|
||||||
+ stderr=subprocess.STDOUT, **kwargs)
|
|
||||||
except subprocess.CalledProcessError:
|
|
||||||
- print('''Error running "{}" in directory {}
|
|
||||||
- See output in {}'''.format(' '.join(command), cwd, f.name),
|
|
||||||
- file=sys.stderr)
|
|
||||||
+ print('''Error running "{}" in directory {}'''.format(' '.join(command), cwd),
|
|
||||||
+ file=sys.stderr)
|
|
||||||
return False
|
|
||||||
else:
|
|
||||||
- os.unlink(f.name)
|
|
||||||
return True
|
|
@ -1,26 +0,0 @@
|
|||||||
From: Simon McVittie <smcv@debian.org>
|
|
||||||
Date: Mon, 9 Oct 2017 09:22:12 +0100
|
|
||||||
Subject: icu_sources_data.py: Decouple from Mozilla build system
|
|
||||||
|
|
||||||
mozpack.path is a wrapper around os.path that normalizes path
|
|
||||||
separators on Windows, but on Unix we only have one path separator
|
|
||||||
so there's nothing to normalize. Avoid needing to import all of it.
|
|
||||||
---
|
|
||||||
intl/icu_sources_data.py | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/intl/icu_sources_data.py b/intl/icu_sources_data.py
|
|
||||||
index 98c0ccb..8cf9290 100644
|
|
||||||
--- a/intl/icu_sources_data.py
|
|
||||||
+++ b/intl/icu_sources_data.py
|
|
||||||
@@ -22,7 +22,9 @@ import subprocess
|
|
||||||
import sys
|
|
||||||
import tempfile
|
|
||||||
|
|
||||||
-from mozpack import path as mozpath
|
|
||||||
+# Close enough
|
|
||||||
+import os.path as mozpath
|
|
||||||
+mozpath.normsep = lambda p: p
|
|
||||||
|
|
||||||
# The following files have been determined to be dead/unused by a
|
|
||||||
# semi-automated analysis. You can just remove any of the files below
|
|
@ -1,12 +0,0 @@
|
|||||||
--- a/python/mozbuild/mozbuild/configure/__init__.py
|
|
||||||
+++ b/python/mozbuild/mozbuild/configure/__init__.py
|
|
||||||
@@ -491,7 +491,8 @@ class ConfigureSandbox(dict):
|
|
||||||
if self._help:
|
|
||||||
self._logger.warning(msg)
|
|
||||||
else:
|
|
||||||
- raise InvalidOptionError(msg)
|
|
||||||
+ #raise InvalidOptionError(msg)
|
|
||||||
+ pass
|
|
||||||
|
|
||||||
# Run the execution queue
|
|
||||||
for func, args in self._execution_queue:
|
|
@ -1,90 +0,0 @@
|
|||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index eea70fc..c4569f1 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -34,7 +34,7 @@ AC_PROG_LN_S
|
|
||||||
AC_SYS_LARGEFILE
|
|
||||||
AM_PROG_CC_C_O
|
|
||||||
AC_PROG_CXX
|
|
||||||
-AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
|
|
||||||
+AX_CXX_COMPILE_STDCXX([17], [], [mandatory])
|
|
||||||
|
|
||||||
# Taken from dbus
|
|
||||||
AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
|
|
||||||
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
|
||||||
AC_SUBST(GLIB_CFLAGS)
|
|
||||||
AC_SUBST(GLIB_LIBS)
|
|
||||||
|
|
||||||
-PKG_CHECK_MODULES(LIBJS, [mozjs-68])
|
|
||||||
+PKG_CHECK_MODULES(LIBJS, [mozjs-78])
|
|
||||||
|
|
||||||
AC_SUBST(LIBJS_CFLAGS)
|
|
||||||
AC_SUBST(LIBJS_CXXFLAGS)
|
|
||||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
index 25bd1f9..ca17108 100644
|
|
||||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
||||||
@@ -49,6 +49,7 @@
|
|
||||||
#include <js/Realm.h>
|
|
||||||
#include <js/SourceText.h>
|
|
||||||
#include <js/Warnings.h>
|
|
||||||
+#include <js/Array.h>
|
|
||||||
#include <jsapi.h>
|
|
||||||
|
|
||||||
#include "initjs.h" /* init.js */
|
|
||||||
@@ -367,7 +368,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
|
|
||||||
static void
|
|
||||||
reload_scripts (PolkitBackendJsAuthority *authority)
|
|
||||||
{
|
|
||||||
- JS::AutoValueArray<1> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<1> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
|
|
||||||
JS::RootedObject js_polkit(authority->priv->cx, authority->priv->js_polkit->get ());
|
|
||||||
@@ -482,10 +483,6 @@ polkit_backend_js_authority_constructed (GObject *object)
|
|
||||||
if (!JS::InitSelfHostedCode (authority->priv->cx))
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
- JS::ContextOptionsRef (authority->priv->cx)
|
|
||||||
- .setIon (TRUE)
|
|
||||||
- .setBaseline (TRUE)
|
|
||||||
- .setAsmJS (TRUE);
|
|
||||||
JS::SetWarningReporter(authority->priv->cx, report_error);
|
|
||||||
JS_SetContextPrivate (authority->priv->cx, authority);
|
|
||||||
|
|
||||||
@@ -720,7 +717,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
|
|
||||||
elems[n].setNull ();
|
|
||||||
}
|
|
||||||
|
|
||||||
- JS::RootedObject array_object(authority->priv->cx, JS_NewArrayObject (authority->priv->cx, elems));
|
|
||||||
+ JS::RootedObject array_object(authority->priv->cx, JS::NewArrayObject (authority->priv->cx, elems));
|
|
||||||
|
|
||||||
value_jsval = JS::ObjectValue (*array_object);
|
|
||||||
JS_SetProperty (authority->priv->cx, obj, name, value_jsval);
|
|
||||||
@@ -1114,7 +1111,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
|
|
||||||
{
|
|
||||||
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
|
|
||||||
GList *ret = NULL;
|
|
||||||
- JS::AutoValueArray<2> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<2> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
guint n;
|
|
||||||
GError *error = NULL;
|
|
||||||
@@ -1218,7 +1215,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
|
|
||||||
{
|
|
||||||
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
|
|
||||||
PolkitImplicitAuthorization ret = implicit;
|
|
||||||
- JS::AutoValueArray<2> args(authority->priv->cx);
|
|
||||||
+ JS::RootedValueArray<2> args(authority->priv->cx);
|
|
||||||
JS::RootedValue rval(authority->priv->cx);
|
|
||||||
GError *error = NULL;
|
|
||||||
JS::RootedString ret_jsstr (authority->priv->cx);
|
|
||||||
@@ -1409,7 +1406,7 @@ js_polkit_spawn (JSContext *cx,
|
|
||||||
JS::CallArgs args = JS::CallArgsFromVp (js_argc, vp);
|
|
||||||
array_object = &args[0].toObject();
|
|
||||||
|
|
||||||
- if (!JS_GetArrayLength (cx, array_object, &array_len))
|
|
||||||
+ if (!JS::GetArrayLength (cx, array_object, &array_len))
|
|
||||||
{
|
|
||||||
JS_ReportErrorUTF8 (cx, "Failed to get array length");
|
|
||||||
goto out;
|
|
291
SOURCES/polkit-0.115-CVE-2018-19788.patch
Normal file
291
SOURCES/polkit-0.115-CVE-2018-19788.patch
Normal file
@ -0,0 +1,291 @@
|
|||||||
|
diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
|
||||||
|
index c57a1aaacbb13c4e4297dd812cf5904f2f427b03..309f68918895e0f8b547f8c06f89c6fb1326fe20 100644
|
||||||
|
--- a/src/polkit/polkitunixgroup.c
|
||||||
|
+++ b/src/polkit/polkitunixgroup.c
|
||||||
|
@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
|
||||||
|
static void
|
||||||
|
polkit_unix_group_init (PolkitUnixGroup *unix_group)
|
||||||
|
{
|
||||||
|
+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
|
||||||
|
GParamSpec *pspec)
|
||||||
|
{
|
||||||
|
PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
|
||||||
|
+ gint val;
|
||||||
|
|
||||||
|
switch (prop_id)
|
||||||
|
{
|
||||||
|
case PROP_GID:
|
||||||
|
- unix_group->gid = g_value_get_int (value);
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ unix_group->gid = val;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
|
||||||
|
g_param_spec_int ("gid",
|
||||||
|
"Group ID",
|
||||||
|
"The UNIX group ID",
|
||||||
|
- 0,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
- 0,
|
||||||
|
+ -1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
G_PARAM_READWRITE |
|
||||||
|
G_PARAM_STATIC_NAME |
|
||||||
|
@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
polkit_unix_group_set_gid (PolkitUnixGroup *group,
|
||||||
|
- gint gid)
|
||||||
|
+ gint gid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
|
||||||
|
+ g_return_if_fail (gid != -1);
|
||||||
|
group->gid = gid;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
|
||||||
|
PolkitIdentity *
|
||||||
|
polkit_unix_group_new (gint gid)
|
||||||
|
{
|
||||||
|
+ g_return_val_if_fail (gid != -1, NULL);
|
||||||
|
+
|
||||||
|
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
|
||||||
|
"gid", gid,
|
||||||
|
NULL));
|
||||||
|
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
|
||||||
|
index 972b7776825d5ccf677ed12ed620fc0c52352547..b02b25894ad120d88ea21d4c96ac8dca1821fcf2 100644
|
||||||
|
--- a/src/polkit/polkitunixprocess.c
|
||||||
|
+++ b/src/polkit/polkitunixprocess.c
|
||||||
|
@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
|
||||||
|
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
|
||||||
|
- case PROP_UID:
|
||||||
|
- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
|
||||||
|
+ case PROP_UID: {
|
||||||
|
+ gint val;
|
||||||
|
+
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ polkit_unix_process_set_uid (unix_process, val);
|
||||||
|
break;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
case PROP_START_TIME:
|
||||||
|
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
|
||||||
|
@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
|
||||||
|
g_param_spec_int ("uid",
|
||||||
|
"User ID",
|
||||||
|
"The UNIX user ID",
|
||||||
|
- -1,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
-1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
|
||||||
|
gint uid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
|
||||||
|
- g_return_if_fail (uid >= -1);
|
||||||
|
process->uid = uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
|
||||||
|
index 8bfd3a1fb05ddb56adebd097569a9977b7b922f3..234a6976c573ac65200ee08228cd50111f0c769b 100644
|
||||||
|
--- a/src/polkit/polkitunixuser.c
|
||||||
|
+++ b/src/polkit/polkitunixuser.c
|
||||||
|
@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
|
||||||
|
static void
|
||||||
|
polkit_unix_user_init (PolkitUnixUser *unix_user)
|
||||||
|
{
|
||||||
|
+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
|
||||||
|
unix_user->name = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
|
||||||
|
GParamSpec *pspec)
|
||||||
|
{
|
||||||
|
PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
|
||||||
|
+ gint val;
|
||||||
|
|
||||||
|
switch (prop_id)
|
||||||
|
{
|
||||||
|
case PROP_UID:
|
||||||
|
- unix_user->uid = g_value_get_int (value);
|
||||||
|
+ val = g_value_get_int (value);
|
||||||
|
+ g_return_if_fail (val != -1);
|
||||||
|
+ unix_user->uid = val;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
|
||||||
|
g_param_spec_int ("uid",
|
||||||
|
"User ID",
|
||||||
|
"The UNIX user ID",
|
||||||
|
- 0,
|
||||||
|
+ G_MININT,
|
||||||
|
G_MAXINT,
|
||||||
|
- 0,
|
||||||
|
+ -1,
|
||||||
|
G_PARAM_CONSTRUCT |
|
||||||
|
G_PARAM_READWRITE |
|
||||||
|
G_PARAM_STATIC_NAME |
|
||||||
|
@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
|
||||||
|
gint uid)
|
||||||
|
{
|
||||||
|
g_return_if_fail (POLKIT_IS_UNIX_USER (user));
|
||||||
|
+ g_return_if_fail (uid != -1);
|
||||||
|
user->uid = uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
|
||||||
|
PolkitIdentity *
|
||||||
|
polkit_unix_user_new (gint uid)
|
||||||
|
{
|
||||||
|
+ g_return_val_if_fail (uid != -1, NULL);
|
||||||
|
+
|
||||||
|
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
|
||||||
|
"uid", uid,
|
||||||
|
NULL));
|
||||||
|
diff --git a/test/data/etc/group b/test/data/etc/group
|
||||||
|
index 12ef328b21b346ee3828ce3aaf15cca83858bd1d..b9acab97211fdf7db521dc0939b2dcfc2c9e350b 100644
|
||||||
|
--- a/test/data/etc/group
|
||||||
|
+++ b/test/data/etc/group
|
||||||
|
@@ -5,3 +5,4 @@ john:x:500:
|
||||||
|
jane:x:501:
|
||||||
|
sally:x:502:
|
||||||
|
henry:x:503:
|
||||||
|
+highuid2:x:4000000000:
|
||||||
|
diff --git a/test/data/etc/passwd b/test/data/etc/passwd
|
||||||
|
index 8544febcd8b1720e5577dfb3f0672a6fef29e701..5cf14a5620259f79806192ca935fee84a29ac96d 100644
|
||||||
|
--- a/test/data/etc/passwd
|
||||||
|
+++ b/test/data/etc/passwd
|
||||||
|
@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
|
||||||
|
jane:x:501:501:Jane Smith:/home/jane:/bin/bash
|
||||||
|
sally:x:502:502:Sally Derp:/home/sally:/bin/bash
|
||||||
|
henry:x:503:503:Henry Herp:/home/henry:/bin/bash
|
||||||
|
+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
|
||||||
|
+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
|
||||||
|
diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
index 446e62291b7fe4c5bacdceb1045350af1a9dc245..98bf062a08cb11fddb7df95d0bcdec1b1ac3587d 100644
|
||||||
|
--- a/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
|
||||||
|
@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
+polkit.addRule(function(action, subject) {
|
||||||
|
+ if (action.id == "net.company.john_action") {
|
||||||
|
+ if (subject.user == "john") {
|
||||||
|
+ return polkit.Result.YES;
|
||||||
|
+ } else {
|
||||||
|
+ return polkit.Result.NO;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+});
|
||||||
|
+
|
||||||
|
+polkit.addRule(function(action, subject) {
|
||||||
|
+ if (action.id == "net.company.highuid2_action") {
|
||||||
|
+ if (subject.user == "highuid2") {
|
||||||
|
+ return polkit.Result.YES;
|
||||||
|
+ } else {
|
||||||
|
+ return polkit.Result.NO;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+});
|
||||||
|
+
|
||||||
|
+
|
||||||
|
// ---------------------------------------------------------------------
|
||||||
|
// variables
|
||||||
|
|
||||||
|
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
index b484a26600dbde074ee7d8491f88624fdc83c39c..71aad23e2f5d1a7b15e138f23e6581a31498bad6 100644
|
||||||
|
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
|
||||||
|
@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
|
||||||
|
NULL,
|
||||||
|
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
},
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid22)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid21)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid24)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:2147483648",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
|
||||||
|
+ "group_membership_with_non_member(highuid23)",
|
||||||
|
+ "net.company.group.only_group_users",
|
||||||
|
+ "unix-user:4000000000",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* john is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "john_action",
|
||||||
|
+ "net.company.john_action",
|
||||||
|
+ "unix-user:john",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* only john is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "jane_action",
|
||||||
|
+ "net.company.john_action",
|
||||||
|
+ "unix-user:jane",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* highuid2 is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "highuid2_action",
|
||||||
|
+ "net.company.highuid2_action",
|
||||||
|
+ "unix-user:highuid2",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
+
|
||||||
|
+ {
|
||||||
|
+ /* only highuid2 is authorized to do this, see 10-testing.rules */
|
||||||
|
+ "highuid1_action",
|
||||||
|
+ "net.company.highuid2_action",
|
||||||
|
+ "unix-user:highuid1",
|
||||||
|
+ NULL,
|
||||||
|
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
|
||||||
|
+ },
|
||||||
|
};
|
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */
|
||||||
|
|
185
SOURCES/polkit-0.115-CVE-2019-6133.patch
Normal file
185
SOURCES/polkit-0.115-CVE-2019-6133.patch
Normal file
@ -0,0 +1,185 @@
|
|||||||
|
From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Colin Walters <walters@verbum.org>
|
||||||
|
Date: Fri, 4 Jan 2019 14:24:48 -0500
|
||||||
|
Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary
|
||||||
|
authorizations
|
||||||
|
|
||||||
|
It turns out that the combination of `(pid, start time)` is not
|
||||||
|
enough to be unique. For temporary authorizations, we can avoid
|
||||||
|
separate users racing on pid reuse by simply comparing the uid.
|
||||||
|
|
||||||
|
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
|
||||||
|
|
||||||
|
And the above original email report is included in full in a new comment.
|
||||||
|
|
||||||
|
Reported-by: Jann Horn <jannh@google.com>
|
||||||
|
|
||||||
|
Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
|
||||||
|
---
|
||||||
|
src/polkit/polkitsubject.c | 2 +
|
||||||
|
src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++-
|
||||||
|
.../polkitbackendinteractiveauthority.c | 39 +++++++++-
|
||||||
|
3 files changed, 110 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
|
||||||
|
index d4c1182..ccabd0a 100644
|
||||||
|
--- a/src/polkit/polkitsubject.c
|
||||||
|
+++ b/src/polkit/polkitsubject.c
|
||||||
|
@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject)
|
||||||
|
* @b: A #PolkitSubject.
|
||||||
|
*
|
||||||
|
* Checks if @a and @b are equal, ie. represent the same subject.
|
||||||
|
+ * However, avoid calling polkit_subject_equal() to compare two processes;
|
||||||
|
+ * for more information see the `PolkitUnixProcess` documentation.
|
||||||
|
*
|
||||||
|
* This function can be used in e.g. g_hash_table_new().
|
||||||
|
*
|
||||||
|
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
|
||||||
|
index b02b258..78d7251 100644
|
||||||
|
--- a/src/polkit/polkitunixprocess.c
|
||||||
|
+++ b/src/polkit/polkitunixprocess.c
|
||||||
|
@@ -51,7 +51,10 @@
|
||||||
|
* @title: PolkitUnixProcess
|
||||||
|
* @short_description: Unix processs
|
||||||
|
*
|
||||||
|
- * An object for representing a UNIX process.
|
||||||
|
+ * An object for representing a UNIX process. NOTE: This object as
|
||||||
|
+ * designed is now known broken; a mechanism to exploit a delay in
|
||||||
|
+ * start time in the Linux kernel was identified. Avoid
|
||||||
|
+ * calling polkit_subject_equal() to compare two processes.
|
||||||
|
*
|
||||||
|
* To uniquely identify processes, both the process id and the start
|
||||||
|
* time of the process (a monotonic increasing value representing the
|
||||||
|
@@ -66,6 +69,72 @@
|
||||||
|
* polkit_unix_process_new_for_owner() with trusted data.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75
|
||||||
|
+
|
||||||
|
+ But quoting the original email in full here to ensure it's preserved:
|
||||||
|
+
|
||||||
|
+ From: Jann Horn <jannh@google.com>
|
||||||
|
+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork
|
||||||
|
+ Date: Wednesday, October 10, 2018 5:34 PM
|
||||||
|
+
|
||||||
|
+When a (non-root) user attempts to e.g. control systemd units in the system
|
||||||
|
+instance from an active session over DBus, the access is gated by a polkit
|
||||||
|
+policy that requires "auth_admin_keep" auth. This results in an auth prompt
|
||||||
|
+being shown to the user, asking the user to confirm the action by entering the
|
||||||
|
+password of an administrator account.
|
||||||
|
+
|
||||||
|
+After the action has been confirmed, the auth decision for "auth_admin_keep" is
|
||||||
|
+cached for up to five minutes. Subject to some restrictions, similar actions can
|
||||||
|
+then be performed in this timespan without requiring re-auth:
|
||||||
|
+
|
||||||
|
+ - The PID of the DBus client requesting the new action must match the PID of
|
||||||
|
+ the DBus client requesting the old action (based on SO_PEERCRED information
|
||||||
|
+ forwarded by the DBus daemon).
|
||||||
|
+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22)
|
||||||
|
+ must not have changed. The granularity of this timestamp is in the
|
||||||
|
+ millisecond range.
|
||||||
|
+ - polkit polls every two seconds whether a process with the expected start time
|
||||||
|
+ still exists. If not, the temporary auth entry is purged.
|
||||||
|
+
|
||||||
|
+Without the start time check, this would obviously be buggy because an attacker
|
||||||
|
+could simply wait for the legitimate client to disappear, then create a new
|
||||||
|
+client with the same PID.
|
||||||
|
+
|
||||||
|
+Unfortunately, the start time check is bypassable because fork() is not atomic.
|
||||||
|
+Looking at the source code of copy_process() in the kernel:
|
||||||
|
+
|
||||||
|
+ p->start_time = ktime_get_ns();
|
||||||
|
+ p->real_start_time = ktime_get_boot_ns();
|
||||||
|
+ [...]
|
||||||
|
+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls);
|
||||||
|
+ if (retval)
|
||||||
|
+ goto bad_fork_cleanup_io;
|
||||||
|
+
|
||||||
|
+ if (pid != &init_struct_pid) {
|
||||||
|
+ pid = alloc_pid(p->nsproxy->pid_ns_for_children);
|
||||||
|
+ if (IS_ERR(pid)) {
|
||||||
|
+ retval = PTR_ERR(pid);
|
||||||
|
+ goto bad_fork_cleanup_thread;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+The ktime_get_boot_ns() call is where the "start time" of the process is
|
||||||
|
+recorded. The alloc_pid() call is where a free PID is allocated. In between
|
||||||
|
+these, some time passes; and because the copy_thread_tls() call between them can
|
||||||
|
+access userspace memory when sys_clone() is invoked through the 32-bit syscall
|
||||||
|
+entry point, an attacker can even stall the kernel arbitrarily long at this
|
||||||
|
+point (by supplying a pointer into userspace memory that is associated with a
|
||||||
|
+userfaultfd or is backed by a custom FUSE filesystem).
|
||||||
|
+
|
||||||
|
+This means that an attacker can immediately call sys_clone() when the victim
|
||||||
|
+process is created, often resulting in a process that has the exact same start
|
||||||
|
+time reported in procfs; and then the attacker can delay the alloc_pid() call
|
||||||
|
+until after the victim process has died and the PID assignment has cycled
|
||||||
|
+around. This results in an attacker process that polkit can't distinguish from
|
||||||
|
+the victim process.
|
||||||
|
+*/
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* PolkitUnixProcess:
|
||||||
|
*
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
index a1630b9..80e8141 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store)
|
||||||
|
g_free (store);
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* See the comment at the top of polkitunixprocess.c */
|
||||||
|
+static gboolean
|
||||||
|
+subject_equal_for_authz (PolkitSubject *a,
|
||||||
|
+ PolkitSubject *b)
|
||||||
|
+{
|
||||||
|
+ if (!polkit_subject_equal (a, b))
|
||||||
|
+ return FALSE;
|
||||||
|
+
|
||||||
|
+ /* Now special case unix processes, as we want to protect against
|
||||||
|
+ * pid reuse by including the UID.
|
||||||
|
+ */
|
||||||
|
+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) {
|
||||||
|
+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a;
|
||||||
|
+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a);
|
||||||
|
+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b;
|
||||||
|
+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b);
|
||||||
|
+
|
||||||
|
+ if (uid_a != -1 && uid_b != -1)
|
||||||
|
+ {
|
||||||
|
+ if (uid_a == uid_b)
|
||||||
|
+ {
|
||||||
|
+ return TRUE;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n",
|
||||||
|
+ polkit_unix_process_get_pid (ap),
|
||||||
|
+ uid_a, uid_b);
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ /* Fall through; one of the uids is unset so we can't reliably compare */
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return TRUE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static gboolean
|
||||||
|
temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store,
|
||||||
|
PolkitSubject *subject,
|
||||||
|
@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
|
||||||
|
TemporaryAuthorization *authorization = l->data;
|
||||||
|
|
||||||
|
if (strcmp (action_id, authorization->action_id) == 0 &&
|
||||||
|
- polkit_subject_equal (subject_to_use, authorization->subject))
|
||||||
|
+ subject_equal_for_authz (subject_to_use, authorization->subject))
|
||||||
|
{
|
||||||
|
ret = TRUE;
|
||||||
|
if (out_tmp_authz_id != NULL)
|
||||||
|
--
|
||||||
|
2.19.2
|
||||||
|
|
@ -1,46 +1,43 @@
|
|||||||
commit a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
|
|
||||||
Author: Jan Rybar <jrybar@redhat.com>
|
|
||||||
Date: Tue Jan 25 17:21:46 2022 +0000
|
|
||||||
|
|
||||||
pkexec: local privilege escalation (CVE-2021-4034)
|
|
||||||
|
|
||||||
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
|
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
|
||||||
index f1bb4e1..768525c 100644
|
index f1bb4e1..aff4f60 100644
|
||||||
--- a/src/programs/pkcheck.c
|
--- a/src/programs/pkcheck.c
|
||||||
+++ b/src/programs/pkcheck.c
|
+++ b/src/programs/pkcheck.c
|
||||||
@@ -363,6 +363,11 @@ main (int argc, char *argv[])
|
@@ -363,6 +363,12 @@ main (int argc, char *argv[])
|
||||||
local_agent_handle = NULL;
|
local_agent_handle = NULL;
|
||||||
ret = 126;
|
ret = 126;
|
||||||
|
|
||||||
+ if (argc < 1)
|
+ if (argc < 1)
|
||||||
+ {
|
+ {
|
||||||
+ exit(126);
|
+ help();
|
||||||
|
+ exit(1);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
/* Disable remote file access from GIO. */
|
/* Disable remote file access from GIO. */
|
||||||
setenv ("GIO_USE_VFS", "local", 1);
|
setenv ("GIO_USE_VFS", "local", 1);
|
||||||
|
|
||||||
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
|
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
|
||||||
index 7698c5c..84e5ef6 100644
|
index 7698c5c..d84dc57 100644
|
||||||
--- a/src/programs/pkexec.c
|
--- a/src/programs/pkexec.c
|
||||||
+++ b/src/programs/pkexec.c
|
+++ b/src/programs/pkexec.c
|
||||||
@@ -488,6 +488,15 @@ main (int argc, char *argv[])
|
@@ -488,6 +488,17 @@ main (int argc, char *argv[])
|
||||||
pid_t pid_of_caller;
|
pid_t pid_of_caller;
|
||||||
gpointer local_agent_handle;
|
gpointer local_agent_handle;
|
||||||
|
|
||||||
+
|
+
|
||||||
+ /*
|
+ /*
|
||||||
+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
|
+ * If 'pkexec' is called wrong, just show help and bail out.
|
||||||
+ */
|
+ */
|
||||||
+ if (argc<1)
|
+ if (argc<1)
|
||||||
+ {
|
+ {
|
||||||
+ exit(127);
|
+ clearenv();
|
||||||
|
+ usage(argc, argv);
|
||||||
|
+ exit(1);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
ret = 127;
|
ret = 127;
|
||||||
authority = NULL;
|
authority = NULL;
|
||||||
subject = NULL;
|
subject = NULL;
|
||||||
@@ -614,10 +623,10 @@ main (int argc, char *argv[])
|
@@ -614,10 +625,10 @@ main (int argc, char *argv[])
|
||||||
|
|
||||||
path = g_strdup (pwstruct.pw_shell);
|
path = g_strdup (pwstruct.pw_shell);
|
||||||
if (!path)
|
if (!path)
|
||||||
@ -53,7 +50,7 @@ index 7698c5c..84e5ef6 100644
|
|||||||
/* If you change this, be sure to change the if (!command_line)
|
/* If you change this, be sure to change the if (!command_line)
|
||||||
case below too */
|
case below too */
|
||||||
command_line = g_strdup (path);
|
command_line = g_strdup (path);
|
||||||
@@ -636,7 +645,15 @@ main (int argc, char *argv[])
|
@@ -636,7 +647,15 @@ main (int argc, char *argv[])
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
g_free (path);
|
g_free (path);
|
20
SOURCES/polkit-0.115-allow-uid-of-1.patch
Normal file
20
SOURCES/polkit-0.115-allow-uid-of-1.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff -up ./src/polkit/polkitunixprocess.c.ori ./src/polkit/polkitunixprocess.c
|
||||||
|
--- ./src/polkit/polkitunixprocess.c.ori 2019-02-06 16:47:23.460666237 +0100
|
||||||
|
+++ ./src/polkit/polkitunixprocess.c 2019-02-06 16:47:43.846573792 +0100
|
||||||
|
@@ -211,14 +211,9 @@ polkit_unix_process_set_property (GObjec
|
||||||
|
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
|
||||||
|
- case PROP_UID: {
|
||||||
|
- gint val;
|
||||||
|
-
|
||||||
|
- val = g_value_get_int (value);
|
||||||
|
- g_return_if_fail (val != -1);
|
||||||
|
- polkit_unix_process_set_uid (unix_process, val);
|
||||||
|
+ case PROP_UID:
|
||||||
|
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
|
||||||
|
break;
|
||||||
|
- }
|
||||||
|
|
||||||
|
case PROP_START_TIME:
|
||||||
|
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
|
60
SOURCES/polkit-0.115-bus-conn-msg-ssh.patch
Normal file
60
SOURCES/polkit-0.115-bus-conn-msg-ssh.patch
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
From 0ce0a7b3298d7b0fd5ce8c6775bcef9b0caf1bdb Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Herrmann <dh.herrmann@gmail.com>
|
||||||
|
Date: Wed, 4 Jul 2018 13:51:24 +0200
|
||||||
|
Subject: [PATCH] polkitagent: suppress disconnect messages
|
||||||
|
|
||||||
|
The polkitagent may be used by pkexec and friends. These might very
|
||||||
|
well survive until very late during system shutdown. Hence, a
|
||||||
|
disconnect of polkitd during runtime might be expected [1].
|
||||||
|
|
||||||
|
This patch silences the disconnect/reconnect messages and turns them
|
||||||
|
into debug messages. This only affects the polkit-agent, it does not
|
||||||
|
affect the polkit-daemon implementation.
|
||||||
|
|
||||||
|
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1249627
|
||||||
|
---
|
||||||
|
src/polkitagent/polkitagentlistener.c | 12 ++++++------
|
||||||
|
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c
|
||||||
|
index debd1bb..1c8b666 100644
|
||||||
|
--- a/src/polkitagent/polkitagentlistener.c
|
||||||
|
+++ b/src/polkitagent/polkitagentlistener.c
|
||||||
|
@@ -178,10 +178,10 @@ on_notify_authority_owner (GObject *object,
|
||||||
|
owner = polkit_authority_get_owner (server->authority);
|
||||||
|
if (owner == NULL)
|
||||||
|
{
|
||||||
|
- g_printerr ("PolicyKit daemon disconnected from the bus.\n");
|
||||||
|
+ g_debug ("PolicyKit daemon disconnected from the bus.\n");
|
||||||
|
|
||||||
|
if (server->is_registered)
|
||||||
|
- g_printerr ("We are no longer a registered authentication agent.\n");
|
||||||
|
+ g_debug ("We are no longer a registered authentication agent.\n");
|
||||||
|
|
||||||
|
server->is_registered = FALSE;
|
||||||
|
}
|
||||||
|
@@ -192,17 +192,17 @@ on_notify_authority_owner (GObject *object,
|
||||||
|
{
|
||||||
|
GError *error;
|
||||||
|
|
||||||
|
- g_printerr ("PolicyKit daemon reconnected to bus.\n");
|
||||||
|
- g_printerr ("Attempting to re-register as an authentication agent.\n");
|
||||||
|
+ g_debug ("PolicyKit daemon reconnected to bus.\n");
|
||||||
|
+ g_debug ("Attempting to re-register as an authentication agent.\n");
|
||||||
|
|
||||||
|
error = NULL;
|
||||||
|
if (server_register (server, &error))
|
||||||
|
{
|
||||||
|
- g_printerr ("We are now a registered authentication agent.\n");
|
||||||
|
+ g_debug ("We are now a registered authentication agent.\n");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- g_printerr ("Failed to register as an authentication agent: %s\n", error->message);
|
||||||
|
+ g_debug ("Failed to register as an authentication agent: %s\n", error->message);
|
||||||
|
g_error_free (error);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.18.0
|
||||||
|
|
19
SOURCES/polkit-0.115-jsauthority-memleak.patch
Normal file
19
SOURCES/polkit-0.115-jsauthority-memleak.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
commit 28e3a6653d8c3777b07e0128a0d97d46e586e311
|
||||||
|
Author: Jan Rybar <jrybar@redhat.com>
|
||||||
|
Date: Tue Oct 8 13:28:18 2019 +0000
|
||||||
|
|
||||||
|
jsauthority: Fix two minor memory leaks
|
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||||
|
index 9b752d1..e97b8aa 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||||
|
@@ -567,6 +567,8 @@ polkit_backend_js_authority_finalize (GObject *object)
|
||||||
|
g_strfreev (authority->priv->rules_dirs);
|
||||||
|
|
||||||
|
delete authority->priv->ac;
|
||||||
|
+ delete authority->priv->js_global;
|
||||||
|
+ delete authority->priv->js_polkit;
|
||||||
|
|
||||||
|
JS_DestroyContext (authority->priv->cx);
|
||||||
|
/* JS_ShutDown (); */
|
148
SOURCES/polkit-0.115-move-to-mozjs60.patch
Normal file
148
SOURCES/polkit-0.115-move-to-mozjs60.patch
Normal file
@ -0,0 +1,148 @@
|
|||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 5c37e481147466fd5a3a0a6b814f20fd2fe6bce8..5cedb4eca980f050fb5855ab577e93100adf8fec 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
||||||
|
AC_SUBST(GLIB_CFLAGS)
|
||||||
|
AC_SUBST(GLIB_LIBS)
|
||||||
|
|
||||||
|
-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
|
||||||
|
+PKG_CHECK_MODULES(LIBJS, [mozjs-60])
|
||||||
|
|
||||||
|
AC_SUBST(LIBJS_CFLAGS)
|
||||||
|
AC_SUBST(LIBJS_CXXFLAGS)
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||||
|
index 76027149d4dfdc54064be48a3aeafeec8326a67b..984a0f0e579d51c09117f4e495b0c3fdc46fe61b 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||||
|
@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */
|
||||||
|
|
||||||
|
static const struct JSClassOps js_global_class_ops = {
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL
|
||||||
|
+ nullptr, // addProperty
|
||||||
|
+ nullptr, // deleteProperty
|
||||||
|
+ nullptr, // enumerate
|
||||||
|
+ nullptr, // newEnumerate
|
||||||
|
+ nullptr, // resolve
|
||||||
|
+ nullptr, // mayResolve
|
||||||
|
+ nullptr, // finalize
|
||||||
|
+ nullptr, // call
|
||||||
|
+ nullptr, // hasInstance
|
||||||
|
+ nullptr, // construct
|
||||||
|
+ JS_GlobalObjectTraceHook
|
||||||
|
};
|
||||||
|
|
||||||
|
static JSClass js_global_class = {
|
||||||
|
@@ -172,18 +171,17 @@ static JSClass js_global_class = {
|
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */
|
||||||
|
static const struct JSClassOps js_polkit_class_ops = {
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL,
|
||||||
|
- NULL
|
||||||
|
+ nullptr, // addProperty
|
||||||
|
+ nullptr, // deleteProperty
|
||||||
|
+ nullptr, // enumerate
|
||||||
|
+ nullptr, // newEnumerate
|
||||||
|
+ nullptr, // resolve
|
||||||
|
+ nullptr, // mayResolve
|
||||||
|
+ nullptr, // finalize
|
||||||
|
+ nullptr, // call
|
||||||
|
+ nullptr, // hasInstance
|
||||||
|
+ nullptr, // construct
|
||||||
|
+ nullptr // trace
|
||||||
|
};
|
||||||
|
|
||||||
|
static JSClass js_polkit_class = {
|
||||||
|
@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
|
||||||
|
|
||||||
|
{
|
||||||
|
JS::CompartmentOptions compart_opts;
|
||||||
|
- compart_opts.behaviors().setVersion(JSVERSION_LATEST);
|
||||||
|
+
|
||||||
|
JS::RootedObject global(authority->priv->cx);
|
||||||
|
|
||||||
|
authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
|
||||||
|
|
||||||
|
global = authority->priv->js_global->get ();
|
||||||
|
-
|
||||||
|
- if (global == NULL)
|
||||||
|
+ if (!global)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
|
||||||
|
|
||||||
|
- if (authority->priv->ac == NULL)
|
||||||
|
+ if (!authority->priv->ac)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
if (!JS_InitStandardClasses (authority->priv->cx, global))
|
||||||
|
@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
|
||||||
|
|
||||||
|
polkit = authority->priv->js_polkit->get ();
|
||||||
|
|
||||||
|
- if (polkit == NULL)
|
||||||
|
+ if (!polkit)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
|
||||||
|
@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
|
||||||
|
js_polkit_functions))
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
|
||||||
|
+ JS::CompileOptions options(authority->priv->cx);
|
||||||
|
JS::RootedValue rval(authority->priv->cx);
|
||||||
|
if (!JS::Evaluate (authority->priv->cx,
|
||||||
|
options,
|
||||||
|
@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority,
|
||||||
|
JS::AutoValueVector elems(authority->priv->cx);
|
||||||
|
guint n;
|
||||||
|
|
||||||
|
- elems.resize(value->len);
|
||||||
|
+ if (!elems.resize(value->len))
|
||||||
|
+ g_error ("Unable to resize vector");
|
||||||
|
+
|
||||||
|
for (n = 0; n < value->len; n++)
|
||||||
|
{
|
||||||
|
const char *c_string = (const char *) g_ptr_array_index(value, n);
|
||||||
|
@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
gboolean ret = FALSE;
|
||||||
|
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
|
||||||
|
+ JS::CompileOptions options(authority->priv->cx);
|
||||||
|
const char *src;
|
||||||
|
JS::RootedObject obj(authority->priv->cx);
|
||||||
|
pid_t pid;
|
||||||
|
@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
gboolean ret = FALSE;
|
||||||
|
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
|
||||||
|
+ JS::CompileOptions options(authority->priv->cx);
|
||||||
|
const char *src;
|
||||||
|
JS::RootedObject obj(authority->priv->cx);
|
||||||
|
gchar **keys;
|
||||||
|
|
353
SOURCES/polkit-0.115-pkperm-watch-real-ssn-changes.patch
Normal file
353
SOURCES/polkit-0.115-pkperm-watch-real-ssn-changes.patch
Normal file
@ -0,0 +1,353 @@
|
|||||||
|
diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
|
||||||
|
index 88da3c0..eea05ae 100644
|
||||||
|
--- a/data/org.freedesktop.PolicyKit1.Authority.xml
|
||||||
|
+++ b/data/org.freedesktop.PolicyKit1.Authority.xml
|
||||||
|
@@ -431,7 +431,7 @@ Must match the effective UID of the caller of org.freedesktop.PolicyKit1.Authori
|
||||||
|
<!-- ---------------------------------------------------------------------------------------------------- -->
|
||||||
|
|
||||||
|
<signal name="Changed">
|
||||||
|
- <annotation name="org.gtk.EggDBus.DocString" value="This signal is emitted when actions and/or authorizations change"/>
|
||||||
|
+ <annotation name="org.gtk.EggDBus.DocString" value="This signal is emitted when actions, sessions and/or authorizations change, carrying information about the change."/>
|
||||||
|
</signal>
|
||||||
|
|
||||||
|
</interface>
|
||||||
|
diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
|
||||||
|
index 71d527c..93691b6 100644
|
||||||
|
--- a/src/polkit/polkitauthority.c
|
||||||
|
+++ b/src/polkit/polkitauthority.c
|
||||||
|
@@ -84,6 +84,7 @@ static PolkitAuthority *the_authority = NULL;
|
||||||
|
enum
|
||||||
|
{
|
||||||
|
CHANGED_SIGNAL,
|
||||||
|
+ SESSIONS_CHANGED_SIGNAL,
|
||||||
|
LAST_SIGNAL,
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -113,9 +114,19 @@ on_proxy_signal (GDBusProxy *proxy,
|
||||||
|
gpointer user_data)
|
||||||
|
{
|
||||||
|
PolkitAuthority *authority = POLKIT_AUTHORITY (user_data);
|
||||||
|
+ guint16 msg_mask;
|
||||||
|
+
|
||||||
|
if (g_strcmp0 (signal_name, "Changed") == 0)
|
||||||
|
{
|
||||||
|
- g_signal_emit_by_name (authority, "changed");
|
||||||
|
+ if ((parameters != NULL) && g_variant_check_format_string(parameters, "(q)", FALSE ) )
|
||||||
|
+ {
|
||||||
|
+ g_variant_get(parameters, "(q)", &msg_mask);
|
||||||
|
+ g_signal_emit (authority, signals[msg_mask], 0);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ g_signal_emit_by_name (authority, "changed");
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -287,6 +298,21 @@ polkit_authority_class_init (PolkitAuthorityClass *klass)
|
||||||
|
g_cclosure_marshal_VOID__VOID,
|
||||||
|
G_TYPE_NONE,
|
||||||
|
0);
|
||||||
|
+ /**
|
||||||
|
+ * PolkitAuthority::sessions-changed:
|
||||||
|
+ * @authority: A #PolkitAuthority.
|
||||||
|
+ *
|
||||||
|
+ * Emitted when sessions change
|
||||||
|
+ */
|
||||||
|
+ signals[SESSIONS_CHANGED_SIGNAL] = g_signal_new ("sessions-changed",
|
||||||
|
+ POLKIT_TYPE_AUTHORITY,
|
||||||
|
+ G_SIGNAL_RUN_LAST,
|
||||||
|
+ 0, /* class offset */
|
||||||
|
+ NULL, /* accumulator */
|
||||||
|
+ NULL, /* accumulator data */
|
||||||
|
+ g_cclosure_marshal_VOID__VOID,
|
||||||
|
+ G_TYPE_NONE,
|
||||||
|
+ 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */
|
||||||
|
diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c
|
||||||
|
index f264094..3231bf2 100644
|
||||||
|
--- a/src/polkit/polkitpermission.c
|
||||||
|
+++ b/src/polkit/polkitpermission.c
|
||||||
|
@@ -24,6 +24,10 @@
|
||||||
|
# include "config.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef HAVE_LIBSYSTEMD
|
||||||
|
+# include <systemd/sd-login.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
@@ -60,6 +64,8 @@ struct _PolkitPermission
|
||||||
|
|
||||||
|
gchar *action_id;
|
||||||
|
|
||||||
|
+ gchar *session_state;
|
||||||
|
+
|
||||||
|
/* non-NULL exactly when authorized with a temporary authorization */
|
||||||
|
gchar *tmp_authz_id;
|
||||||
|
};
|
||||||
|
@@ -74,9 +80,14 @@ enum
|
||||||
|
static void process_result (PolkitPermission *permission,
|
||||||
|
PolkitAuthorizationResult *result);
|
||||||
|
|
||||||
|
+static char *get_session_state();
|
||||||
|
+
|
||||||
|
static void on_authority_changed (PolkitAuthority *authority,
|
||||||
|
gpointer user_data);
|
||||||
|
|
||||||
|
+static void on_sessions_changed (PolkitAuthority *authority,
|
||||||
|
+ gpointer user_data);
|
||||||
|
+
|
||||||
|
static gboolean acquire (GPermission *permission,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GError **error);
|
||||||
|
@@ -126,6 +137,8 @@ polkit_permission_constructed (GObject *object)
|
||||||
|
|
||||||
|
if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL)
|
||||||
|
G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object);
|
||||||
|
+
|
||||||
|
+ permission->session_state = get_session_state();
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -135,11 +148,15 @@ polkit_permission_finalize (GObject *object)
|
||||||
|
|
||||||
|
g_free (permission->action_id);
|
||||||
|
g_free (permission->tmp_authz_id);
|
||||||
|
+ g_free (permission->session_state);
|
||||||
|
g_object_unref (permission->subject);
|
||||||
|
|
||||||
|
g_signal_handlers_disconnect_by_func (permission->authority,
|
||||||
|
on_authority_changed,
|
||||||
|
permission);
|
||||||
|
+ g_signal_handlers_disconnect_by_func (permission->authority,
|
||||||
|
+ on_sessions_changed,
|
||||||
|
+ permission);
|
||||||
|
g_object_unref (permission->authority);
|
||||||
|
|
||||||
|
if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL)
|
||||||
|
@@ -417,6 +434,11 @@ polkit_permission_initable_init (GInitable *initable,
|
||||||
|
G_CALLBACK (on_authority_changed),
|
||||||
|
permission);
|
||||||
|
|
||||||
|
+ g_signal_connect (permission->authority,
|
||||||
|
+ "sessions-changed",
|
||||||
|
+ G_CALLBACK (on_sessions_changed),
|
||||||
|
+ permission);
|
||||||
|
+
|
||||||
|
result = polkit_authority_check_authorization_sync (permission->authority,
|
||||||
|
permission->subject,
|
||||||
|
permission->action_id,
|
||||||
|
@@ -469,6 +491,37 @@ changed_check_cb (GObject *source_object,
|
||||||
|
g_object_unref (permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static char *get_session_state()
|
||||||
|
+{
|
||||||
|
+#ifdef HAVE_LIBSYSTEMD
|
||||||
|
+ char *session = NULL;
|
||||||
|
+ char *state = NULL;
|
||||||
|
+ uid_t uid;
|
||||||
|
+
|
||||||
|
+ if ( sd_pid_get_session(getpid(), &session) < 0 )
|
||||||
|
+ {
|
||||||
|
+ if ( sd_pid_get_owner_uid(getpid(), &uid) < 0)
|
||||||
|
+ {
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ if (sd_uid_get_display(uid, &session) < 0)
|
||||||
|
+ {
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (session != NULL)
|
||||||
|
+ {
|
||||||
|
+ sd_session_get_state(session, &state);
|
||||||
|
+ }
|
||||||
|
+out:
|
||||||
|
+ g_free(session);
|
||||||
|
+ return state;
|
||||||
|
+#else
|
||||||
|
+ return NULL;
|
||||||
|
+#endif
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
on_authority_changed (PolkitAuthority *authority,
|
||||||
|
gpointer user_data)
|
||||||
|
@@ -485,6 +538,40 @@ on_authority_changed (PolkitAuthority *authority,
|
||||||
|
g_object_ref (permission));
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
+static void on_sessions_changed (PolkitAuthority *authority,
|
||||||
|
+ gpointer user_data)
|
||||||
|
+{
|
||||||
|
+#ifdef HAVE_LIBSYSTEMD
|
||||||
|
+ char *new_session_state = NULL;
|
||||||
|
+ char *last_state = NULL;
|
||||||
|
+
|
||||||
|
+ PolkitPermission *permission = POLKIT_PERMISSION (user_data);
|
||||||
|
+
|
||||||
|
+ new_session_state = get_session_state();
|
||||||
|
+
|
||||||
|
+ /* if we cannot tell the session state, we should do CheckAuthorization anyway */
|
||||||
|
+ if ((new_session_state == NULL) || ( g_strcmp0(new_session_state, permission->session_state) != 0 ))
|
||||||
|
+ {
|
||||||
|
+ last_state = permission->session_state;
|
||||||
|
+ permission->session_state = new_session_state;
|
||||||
|
+ g_free(last_state);
|
||||||
|
+
|
||||||
|
+ polkit_authority_check_authorization (permission->authority,
|
||||||
|
+ permission->subject,
|
||||||
|
+ permission->action_id,
|
||||||
|
+ NULL, /* PolkitDetails */
|
||||||
|
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
|
||||||
|
+ NULL /* cancellable */,
|
||||||
|
+ changed_check_cb,
|
||||||
|
+ g_object_ref (permission));
|
||||||
|
+ }
|
||||||
|
+#else
|
||||||
|
+ on_authority_changed(authority, user_data); /* TODO: resolve the "too many session signals" issue for non-systemd systems later */
|
||||||
|
+#endif
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
static void
|
||||||
|
process_result (PolkitPermission *permission,
|
||||||
|
PolkitAuthorizationResult *result)
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
|
||||||
|
index 0d1fac4..6d21af9 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendauthority.c
|
||||||
|
+++ b/src/polkitbackend/polkitbackendauthority.c
|
||||||
|
@@ -48,6 +48,7 @@
|
||||||
|
enum
|
||||||
|
{
|
||||||
|
CHANGED_SIGNAL,
|
||||||
|
+ SESSIONS_CHANGED_SIGNAL,
|
||||||
|
LAST_SIGNAL,
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -78,6 +79,15 @@ polkit_backend_authority_class_init (PolkitBackendAuthorityClass *klass)
|
||||||
|
g_cclosure_marshal_VOID__VOID,
|
||||||
|
G_TYPE_NONE,
|
||||||
|
0);
|
||||||
|
+ signals[SESSIONS_CHANGED_SIGNAL] = g_signal_new ("sessions-changed",
|
||||||
|
+ POLKIT_BACKEND_TYPE_AUTHORITY,
|
||||||
|
+ G_SIGNAL_RUN_LAST,
|
||||||
|
+ G_STRUCT_OFFSET (PolkitBackendAuthorityClass, changed),
|
||||||
|
+ NULL, /* accumulator */
|
||||||
|
+ NULL, /* accumulator data */
|
||||||
|
+ g_cclosure_marshal_VOID__VOID,
|
||||||
|
+ G_TYPE_NONE,
|
||||||
|
+ 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -501,6 +511,8 @@ typedef struct
|
||||||
|
|
||||||
|
gulong authority_changed_id;
|
||||||
|
|
||||||
|
+ gulong authority_session_monitor_signaller;
|
||||||
|
+
|
||||||
|
gchar *object_path;
|
||||||
|
|
||||||
|
GHashTable *cancellation_id_to_check_auth_data;
|
||||||
|
@@ -523,6 +535,9 @@ server_free (Server *server)
|
||||||
|
if (server->authority != NULL && server->authority_changed_id > 0)
|
||||||
|
g_signal_handler_disconnect (server->authority, server->authority_changed_id);
|
||||||
|
|
||||||
|
+ if (server->authority != NULL && server->authority_session_monitor_signaller > 0)
|
||||||
|
+ g_signal_handler_disconnect (server->authority, server->authority_session_monitor_signaller);
|
||||||
|
+
|
||||||
|
if (server->cancellation_id_to_check_auth_data != NULL)
|
||||||
|
g_hash_table_unref (server->cancellation_id_to_check_auth_data);
|
||||||
|
|
||||||
|
@@ -531,20 +546,23 @@ server_free (Server *server)
|
||||||
|
g_free (server);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void
|
||||||
|
-on_authority_changed (PolkitBackendAuthority *authority,
|
||||||
|
- gpointer user_data)
|
||||||
|
+static void changed_dbus_call_handler(PolkitBackendAuthority *authority,
|
||||||
|
+ gpointer user_data,
|
||||||
|
+ guint16 msg_mask)
|
||||||
|
{
|
||||||
|
Server *server = user_data;
|
||||||
|
GError *error;
|
||||||
|
+ GVariant *parameters;
|
||||||
|
|
||||||
|
error = NULL;
|
||||||
|
+
|
||||||
|
+ parameters = g_variant_new("(q)", msg_mask);
|
||||||
|
if (!g_dbus_connection_emit_signal (server->connection,
|
||||||
|
NULL, /* destination bus name */
|
||||||
|
server->object_path,
|
||||||
|
"org.freedesktop.PolicyKit1.Authority",
|
||||||
|
"Changed",
|
||||||
|
- NULL,
|
||||||
|
+ parameters,
|
||||||
|
&error))
|
||||||
|
{
|
||||||
|
g_warning ("Error emitting Changed() signal: %s", error->message);
|
||||||
|
@@ -552,6 +570,29 @@ on_authority_changed (PolkitBackendAuthority *authority,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+on_authority_changed (PolkitBackendAuthority *authority,
|
||||||
|
+ gpointer user_data)
|
||||||
|
+{
|
||||||
|
+ guint16 msg_mask = 0;
|
||||||
|
+
|
||||||
|
+ msg_mask = (guint16) CHANGED_SIGNAL;
|
||||||
|
+ changed_dbus_call_handler(authority, user_data, msg_mask);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+on_sessions_changed (PolkitBackendAuthority *authority,
|
||||||
|
+ gpointer user_data)
|
||||||
|
+{
|
||||||
|
+ guint16 msg_mask = 0;
|
||||||
|
+
|
||||||
|
+ msg_mask = (guint16) SESSIONS_CHANGED_SIGNAL;
|
||||||
|
+ changed_dbus_call_handler(authority, user_data, msg_mask);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
static const gchar *server_introspection_data =
|
||||||
|
"<node>"
|
||||||
|
" <interface name='org.freedesktop.PolicyKit1.Authority'>"
|
||||||
|
@@ -1397,6 +1438,11 @@ polkit_backend_authority_register (PolkitBackendAuthority *authority,
|
||||||
|
G_CALLBACK (on_authority_changed),
|
||||||
|
server);
|
||||||
|
|
||||||
|
+ server->authority_session_monitor_signaller = g_signal_connect (server->authority,
|
||||||
|
+ "sessions-changed",
|
||||||
|
+ G_CALLBACK (on_sessions_changed),
|
||||||
|
+ server);
|
||||||
|
+
|
||||||
|
return server;
|
||||||
|
|
||||||
|
error:
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
index 08d439e..40376dd 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||||
|
@@ -284,7 +284,7 @@ on_session_monitor_changed (PolkitBackendSessionMonitor *monitor,
|
||||||
|
gpointer user_data)
|
||||||
|
{
|
||||||
|
PolkitBackendInteractiveAuthority *authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (user_data);
|
||||||
|
- g_signal_emit_by_name (authority, "changed");
|
||||||
|
+ g_signal_emit_by_name (authority, "sessions-changed");
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
13
SOURCES/polkit-0.115-pkttyagent-auth-errmsg-debug.patch
Normal file
13
SOURCES/polkit-0.115-pkttyagent-auth-errmsg-debug.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
|
||||||
|
--- ./src/programs/pkttyagent.c.ori 2018-08-01 15:51:28.495910434 +0200
|
||||||
|
+++ ./src/programs/pkttyagent.c 2018-08-02 15:51:45.126311197 +0200
|
||||||
|
@@ -150,7 +150,8 @@ main (int argc, char *argv[])
|
||||||
|
authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
|
||||||
|
if (authority == NULL)
|
||||||
|
{
|
||||||
|
- g_printerr ("Error getting authority: %s (%s, %d)\n",
|
||||||
|
+ g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n");
|
||||||
|
+ g_debug ("Error getting authority: %s (%s, %d)\n",
|
||||||
|
error->message, g_quark_to_string (error->domain), error->code);
|
||||||
|
g_error_free (error);
|
||||||
|
ret = 127;
|
12
SOURCES/polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
Normal file
12
SOURCES/polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
|
||||||
|
--- ./src/programs/pkttyagent.c.ori 2019-09-27 14:14:35.096310576 +0200
|
||||||
|
+++ ./src/programs/pkttyagent.c 2019-09-27 14:14:56.988586737 +0200
|
||||||
|
@@ -55,7 +55,7 @@ static void tty_handler(int signal)
|
||||||
|
|
||||||
|
if (tty_flags_saved)
|
||||||
|
{
|
||||||
|
- tcsetattr (fileno (tty), TCSAFLUSH, &ts);
|
||||||
|
+ tcsetattr (fileno (tty), TCSADRAIN, &ts);
|
||||||
|
}
|
||||||
|
|
||||||
|
kill(getpid(), signal);
|
94
SOURCES/polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
Normal file
94
SOURCES/polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
Normal file
@ -0,0 +1,94 @@
|
|||||||
|
commit bfb722bbe5a503095cc7e860f282b142f5aa75f1
|
||||||
|
Author: Jan Rybar <jrybar@redhat.com>
|
||||||
|
Date: Fri Mar 15 16:07:53 2019 +0000
|
||||||
|
|
||||||
|
pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
|
||||||
|
|
||||||
|
If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there.
|
||||||
|
|
||||||
|
diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
|
||||||
|
index 3f324b8..3c8d502 100644
|
||||||
|
--- a/src/programs/pkttyagent.c
|
||||||
|
+++ b/src/programs/pkttyagent.c
|
||||||
|
@@ -25,11 +25,44 @@
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
+#include <signal.h>
|
||||||
|
+#include <termios.h>
|
||||||
|
#include <glib/gi18n.h>
|
||||||
|
#include <polkit/polkit.h>
|
||||||
|
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
|
||||||
|
#include <polkitagent/polkitagent.h>
|
||||||
|
|
||||||
|
+
|
||||||
|
+static volatile sig_atomic_t tty_flags_saved;
|
||||||
|
+struct termios ts;
|
||||||
|
+FILE *tty = NULL;
|
||||||
|
+struct sigaction savesigterm, savesigint, savesigtstp;
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+static void tty_handler(int signal)
|
||||||
|
+{
|
||||||
|
+ switch (signal)
|
||||||
|
+ {
|
||||||
|
+ case SIGTERM:
|
||||||
|
+ sigaction (SIGTERM, &savesigterm, NULL);
|
||||||
|
+ break;
|
||||||
|
+ case SIGINT:
|
||||||
|
+ sigaction (SIGINT, &savesigint, NULL);
|
||||||
|
+ break;
|
||||||
|
+ case SIGTSTP:
|
||||||
|
+ sigaction (SIGTSTP, &savesigtstp, NULL);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (tty_flags_saved)
|
||||||
|
+ {
|
||||||
|
+ tcsetattr (fileno (tty), TCSAFLUSH, &ts);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ kill(getpid(), signal);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
int
|
||||||
|
main (int argc, char *argv[])
|
||||||
|
{
|
||||||
|
@@ -74,6 +107,8 @@ main (int argc, char *argv[])
|
||||||
|
GMainLoop *loop = NULL;
|
||||||
|
guint ret = 126;
|
||||||
|
GVariantBuilder builder;
|
||||||
|
+ struct sigaction sa;
|
||||||
|
+ const char *tty_name = NULL;
|
||||||
|
|
||||||
|
/* Disable remote file access from GIO. */
|
||||||
|
setenv ("GIO_USE_VFS", "local", 1);
|
||||||
|
@@ -212,6 +247,27 @@ main (int argc, char *argv[])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(),
|
||||||
|
+ but due to threading the handlers cannot take care of the signal there.
|
||||||
|
+ Though if controlling terminal cannot be found, the world won't stop spinning.
|
||||||
|
+*/
|
||||||
|
+ tty_name = ctermid(NULL);
|
||||||
|
+ if (tty_name != NULL)
|
||||||
|
+ {
|
||||||
|
+ tty = fopen(tty_name, "r+");
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (tty != NULL && !tcgetattr (fileno (tty), &ts))
|
||||||
|
+ {
|
||||||
|
+ tty_flags_saved = TRUE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ memset (&sa, 0, sizeof (sa));
|
||||||
|
+ sa.sa_handler = &tty_handler;
|
||||||
|
+ sigaction (SIGTERM, &sa, &savesigterm);
|
||||||
|
+ sigaction (SIGINT, &sa, &savesigint);
|
||||||
|
+ sigaction (SIGTSTP, &sa, &savesigtstp);
|
||||||
|
+
|
||||||
|
loop = g_main_loop_new (NULL, FALSE);
|
||||||
|
g_main_loop_run (loop);
|
||||||
|
|
11
SOURCES/polkit-0.115-polkitagentlistener-res-leak.patch
Normal file
11
SOURCES/polkit-0.115-polkitagentlistener-res-leak.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -up ./src/polkitagent/polkitagentlistener.c.ori ./src/polkitagent/polkitagentlistener.c
|
||||||
|
--- ./src/polkitagent/polkitagentlistener.c.ori 2018-08-10 14:58:58.555475169 +0200
|
||||||
|
+++ ./src/polkitagent/polkitagentlistener.c 2018-08-10 14:59:15.900396570 +0200
|
||||||
|
@@ -439,6 +439,7 @@ polkit_agent_listener_register_with_opti
|
||||||
|
server->thread_initialization_error = NULL;
|
||||||
|
g_thread_join (server->thread);
|
||||||
|
server_free (server);
|
||||||
|
+ server = NULL;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
|
||||||
|
index 1a6107a..3abd7c5 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
|
||||||
|
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
|
||||||
|
@@ -106,7 +106,7 @@ sd_source_new (void)
|
||||||
|
source = g_source_new (&sd_source_funcs, sizeof (SdSource));
|
||||||
|
sd_source = (SdSource *)source;
|
||||||
|
|
||||||
|
- if ((ret = sd_login_monitor_new (NULL, &sd_source->monitor)) < 0)
|
||||||
|
+ if ((ret = sd_login_monitor_new ("session", &sd_source->monitor)) < 0)
|
||||||
|
{
|
||||||
|
g_printerr ("Error getting login monitor: %d", ret);
|
||||||
|
}
|
13
SOURCES/polkit-0.115-spawning-zombie-processes.patch
Normal file
13
SOURCES/polkit-0.115-spawning-zombie-processes.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -up ./src/polkitbackend/polkitbackendjsauthority.cpp.ori ./src/polkitbackend/polkitbackendjsauthority.cpp
|
||||||
|
--- ./src/polkitbackend/polkitbackendjsauthority.cpp.ori 2018-04-03 22:57:57.000000000 +0200
|
||||||
|
+++ ./src/polkitbackend/polkitbackendjsauthority.cpp 2018-08-14 16:47:48.416993302 +0200
|
||||||
|
@@ -1595,7 +1595,8 @@ utils_spawn_data_free (UtilsSpawnData *d
|
||||||
|
(GSourceFunc) utils_child_watch_from_release_cb,
|
||||||
|
source,
|
||||||
|
(GDestroyNotify) g_source_destroy);
|
||||||
|
- g_source_attach (source, data->main_context);
|
||||||
|
+ /* attach source to the global default main context */
|
||||||
|
+ g_source_attach (source, NULL);
|
||||||
|
g_source_unref (source);
|
||||||
|
data->child_pid = 0;
|
||||||
|
}
|
6
SOURCES/polkit-0.115.tar.gz.sign
Normal file
6
SOURCES/polkit-0.115.tar.gz.sign
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iF0EABECAB0WIQTBl22e2Rp0WcvOUxRaM/Zgs4R53wUCW0S8UgAKCRBaM/Zgs4R5
|
||||||
|
3wNmAJ9YYc3MgbepSXr0mqWdiL93TmYMvwCeNf1e4EGsqndw9DP3CbpICMN7gV0=
|
||||||
|
=mAps
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCAAdFiEEf/t9a9gxR9dChOMXjOswMP/c4lgFAl8hQXkACgkQjOswMP/c
|
|
||||||
4lhBKAf/fZn/N2zUoREqQ0QIcMSb9OKnYxkvivmd1TA58Eski0cqo89dS89CqsVh
|
|
||||||
xhg5WpypKyqVNc28TUYHgHiD9BUL+3ldhHMQk8f1B28lJ3ipvHaYBQsm1UQOB/DU
|
|
||||||
xAhLttrFqeJxrjdSQT5GpIs3/SVYosE0/BDUbKOGivr2Wf/L1g19IUTtvaea1u9Z
|
|
||||||
5Wpr/YF8HHdyxbaIJh2ylJh5rnyfes3LKjLpG6L9srzVhjrddXU+LhMhDrLJp0HN
|
|
||||||
/LuKyEffK6qkWia3zTuqilmZdn5zKE5ryY0FArZF/5jr67oakypRFeMFqJvRyP6t
|
|
||||||
zxwLq7/r27U/h2/QxRKwdu6lsp5tbw==
|
|
||||||
=w9c/
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -1,9 +0,0 @@
|
|||||||
--- a/config/run_spidermonkey_checks.py
|
|
||||||
+++ b/config/run_spidermonkey_checks.py
|
|
||||||
@@ -13,4 +13,5 @@ def main(output, lib_file, *scripts):
|
|
||||||
retcode = subprocess.call(
|
|
||||||
[sys.executable, script], cwd=buildconfig.topsrcdir)
|
|
||||||
if retcode != 0:
|
|
||||||
- raise Exception(script + " failed")
|
|
||||||
+ #raise Exception(script + " failed")
|
|
||||||
+ pass
|
|
@ -1,11 +0,0 @@
|
|||||||
--- a/config/check_spidermonkey_style.py
|
|
||||||
+++ b/config/check_spidermonkey_style.py
|
|
||||||
|
|
||||||
@@ -779,6 +779,7 @@ def tarjan(V, E):
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
|
||||||
+ sys.exit(0)
|
|
||||||
if sys.argv[1:] == ["--fixup"]:
|
|
||||||
# Sort #include directives in-place. Fixup mode doesn't solve
|
|
||||||
# all possible silliness that the script checks for; it's just a
|
|
@ -1,26 +0,0 @@
|
|||||||
From 9be85b155c6df0454c5faef9e850f572c99e3615 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
|
|
||||||
Date: Wed, 15 Jul 2020 08:32:44 +0200
|
|
||||||
Subject: [PATCH] Increase the test timeout for slower buildds
|
|
||||||
|
|
||||||
Ported forward from Debian: https://bugs.debian.org/878284
|
|
||||||
---
|
|
||||||
js/src/Makefile.in | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/js/src/Makefile.in b/js/src/Makefile.in
|
|
||||||
index b86aeed..d68655a 100644
|
|
||||||
--- a/js/src/Makefile.in
|
|
||||||
+++ b/js/src/Makefile.in
|
|
||||||
@@ -53,7 +53,7 @@ check:: check-js-msg
|
|
||||||
|
|
||||||
check-jstests:
|
|
||||||
$(wildcard $(RUN_TEST_PROGRAM)) $(PYTHON3) -u $(srcdir)/tests/jstests.py \
|
|
||||||
- --no-progress --format=automation --timeout 300 \
|
|
||||||
+ --no-progress --format=automation --timeout 600 \
|
|
||||||
$(JSTESTS_EXTRA_ARGS) \
|
|
||||||
$(DIST)/bin/$(JS_SHELL_NAME)$(BIN_SUFFIX)
|
|
||||||
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -3,72 +3,36 @@
|
|||||||
#
|
#
|
||||||
%define enable_autoreconf 1
|
%define enable_autoreconf 1
|
||||||
|
|
||||||
%global bundled_mozjs 1
|
|
||||||
|
|
||||||
%if 0%{?bundled_mozjs}
|
|
||||||
%global mozjs_major 78
|
|
||||||
%global mozjs_version 78.10.0
|
|
||||||
|
|
||||||
# Big endian platforms
|
|
||||||
%ifarch ppc ppc64 s390 s390x
|
|
||||||
%global big_endian 1
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Make sure we don't add requires/provides for private libraries
|
|
||||||
%global __provides_exclude_from ^%{_libdir}/polkit-1/
|
|
||||||
%global __requires_exclude ^libmozjs-%{mozjs_major}\\.so.*
|
|
||||||
%endif
|
|
||||||
|
|
||||||
Summary: An authorization framework
|
Summary: An authorization framework
|
||||||
Name: polkit
|
Name: polkit
|
||||||
Version: 0.117
|
Version: 0.115
|
||||||
Release: 11%{?dist}
|
Release: 15%{?dist}.2
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.freedesktop.org/wiki/Software/polkit
|
URL: http://www.freedesktop.org/wiki/Software/polkit
|
||||||
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||||
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
|
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
|
||||||
|
Group: System Environment/Libraries
|
||||||
|
|
||||||
Patch1001: mozjs78.patch
|
|
||||||
Patch1002: CVE-2021-3560.patch
|
|
||||||
Patch1003: CVE-2021-4034.patch
|
|
||||||
Patch1004: CVE-2021-4115.patch
|
|
||||||
Patch1005: tty-restore-flags-if-changed.patch
|
|
||||||
|
|
||||||
%if 0%{?bundled_mozjs}
|
Patch1: polkit-0.115-bus-conn-msg-ssh.patch
|
||||||
Source2: https://ftp.mozilla.org/pub/firefox/releases/%{mozjs_version}esr/source/firefox-%{mozjs_version}esr.source.tar.xz
|
Patch2: polkit-0.115-pkttyagent-auth-errmsg-debug.patch
|
||||||
|
Patch3: polkit-0.115-polkitagentlistener-res-leak.patch
|
||||||
|
Patch4: polkit-0.115-spawning-zombie-processes.patch
|
||||||
|
Patch5: polkit-0.115-CVE-2018-19788.patch
|
||||||
|
Patch6: polkit-0.115-CVE-2019-6133.patch
|
||||||
|
Patch7: polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
|
||||||
|
Patch8: polkit-0.115-allow-uid-of-1.patch
|
||||||
|
Patch9: polkit-0.115-move-to-mozjs60.patch
|
||||||
|
Patch10: polkit-0.115-jsauthority-memleak.patch
|
||||||
|
Patch11: polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
|
||||||
|
Patch12: polkit-0.115-CVE-2021-3560.patch
|
||||||
|
Patch13: polkit-0.115-CVE-2021-4034.patch
|
||||||
|
Patch14: polkit-0.115-CVE-2021-4115.patch
|
||||||
|
Patch15: polkit-0.115-tty-flags-restore-if-changed.patch
|
||||||
|
Patch16: polkit-0.115-session-monitor-watch-sessions-only.patch
|
||||||
|
Patch17: polkit-0.115-pkperm-watch-real-ssn-changes.patch
|
||||||
|
|
||||||
# Patches from mozjs68, rebased for mozjs78:
|
|
||||||
Patch02: copy-headers.patch
|
|
||||||
Patch03: tests-increase-timeout.patch
|
|
||||||
Patch09: icu_sources_data.py-Decouple-from-Mozilla-build-system.patch
|
|
||||||
Patch10: icu_sources_data-Write-command-output-to-our-stderr.patch
|
|
||||||
|
|
||||||
# Build fixes - https://hg.mozilla.org/mozilla-central/rev/ca36a6c4f8a4a0ddaa033fdbe20836d87bbfb873
|
|
||||||
Patch12: emitter.patch
|
|
||||||
|
|
||||||
# Build fixes
|
|
||||||
Patch14: init_patch.patch
|
|
||||||
# TODO: Check with mozilla for cause of these fails and re-enable spidermonkey compile time checks if needed
|
|
||||||
Patch15: spidermonkey_checks_disable.patch
|
|
||||||
|
|
||||||
# armv7 fixes
|
|
||||||
Patch17: definitions_for_user_vfp.patch
|
|
||||||
|
|
||||||
# s390x/ppc64 fixes, TODO: file bug report upstream?
|
|
||||||
Patch18: spidermonkey_style_check_disable_s390x.patch
|
|
||||||
Patch19: 0001-Skip-failing-tests-on-ppc64-and-s390x.patch
|
|
||||||
|
|
||||||
# Fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1644600 ( SharedArrayRawBufferRefs is not exported )
|
|
||||||
# https://github.com/0ad/0ad/blob/83e81362d850cc6f2b3b598255b873b6d04d5809/libraries/source/spidermonkey/FixSharedArray.diff
|
|
||||||
Patch30: FixSharedArray.diff
|
|
||||||
|
|
||||||
# Avoid autoconf213 dependency, backported from upstream
|
|
||||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1663863
|
|
||||||
Patch31: 0002-D89554-autoconf1.diff
|
|
||||||
Patch32: 0003-D94538-autoconf2.diff
|
|
||||||
%endif
|
|
||||||
|
|
||||||
BuildRequires: make
|
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: glib2-devel >= 2.30.0
|
BuildRequires: glib2-devel >= 2.30.0
|
||||||
BuildRequires: expat-devel
|
BuildRequires: expat-devel
|
||||||
@ -77,33 +41,8 @@ BuildRequires: gtk-doc
|
|||||||
BuildRequires: intltool
|
BuildRequires: intltool
|
||||||
BuildRequires: gobject-introspection-devel
|
BuildRequires: gobject-introspection-devel
|
||||||
BuildRequires: systemd, systemd-devel
|
BuildRequires: systemd, systemd-devel
|
||||||
%if 0%{?bundled_mozjs}
|
BuildRequires: pkgconfig(mozjs-60)
|
||||||
BuildRequires: cargo
|
BuildRequires: git
|
||||||
BuildRequires: clang-devel
|
|
||||||
BuildRequires: gcc
|
|
||||||
BuildRequires: gcc-c++
|
|
||||||
BuildRequires: m4
|
|
||||||
BuildRequires: make
|
|
||||||
%if !0%{?rhel}
|
|
||||||
BuildRequires: nasm
|
|
||||||
%endif
|
|
||||||
BuildRequires: llvm
|
|
||||||
BuildRequires: llvm-devel
|
|
||||||
BuildRequires: rust
|
|
||||||
BuildRequires: perl-devel
|
|
||||||
BuildRequires: pkgconfig(libffi)
|
|
||||||
BuildRequires: pkgconfig(zlib)
|
|
||||||
BuildRequires: python3-devel
|
|
||||||
BuildRequires: python3-setuptools
|
|
||||||
BuildRequires: python3-six
|
|
||||||
BuildRequires: readline-devel
|
|
||||||
BuildRequires: zip
|
|
||||||
%if 0%{?big_endian}
|
|
||||||
BuildRequires: icu
|
|
||||||
%endif
|
|
||||||
%else
|
|
||||||
BuildRequires: pkgconfig(mozjs-78)
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if 0%{?enable_autoreconf}
|
%if 0%{?enable_autoreconf}
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
@ -111,13 +50,14 @@ BuildRequires: automake
|
|||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Requires: dbus, polkit-pkla-compat
|
Requires: dbus
|
||||||
|
Recommends: polkit-pkla-compat
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
Requires(post): systemd
|
Requires(post): /sbin/ldconfig, systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): /sbin/ldconfig, systemd
|
||||||
|
|
||||||
Obsoletes: PolicyKit <= 0.10
|
Obsoletes: PolicyKit <= 0.10
|
||||||
Provides: PolicyKit = 0.11
|
Provides: PolicyKit = 0.11
|
||||||
@ -142,6 +82,7 @@ processes.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for polkit
|
Summary: Development files for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
Requires: %name-docs = %{version}-%{release}
|
Requires: %name-docs = %{version}-%{release}
|
||||||
Requires: glib2-devel
|
Requires: glib2-devel
|
||||||
@ -153,6 +94,7 @@ Development files for polkit.
|
|||||||
|
|
||||||
%package docs
|
%package docs
|
||||||
Summary: Development documentation for polkit
|
Summary: Development documentation for polkit
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: %name-devel = %{version}-%{release}
|
Requires: %name-devel = %{version}-%{release}
|
||||||
Obsoletes: PolicyKit-docs <= 0.10
|
Obsoletes: PolicyKit-docs <= 0.10
|
||||||
Provides: PolicyKit-docs = 0.11
|
Provides: PolicyKit-docs = 0.11
|
||||||
@ -163,119 +105,16 @@ Development documentation for polkit.
|
|||||||
|
|
||||||
%package libs
|
%package libs
|
||||||
Summary: Libraries for polkit
|
Summary: Libraries for polkit
|
||||||
%if 0%{?bundled_mozjs}
|
Group: Development/Libraries
|
||||||
License: MIT and (MPLv1.1 or GPLv2+ or LGPLv2+) and MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0
|
|
||||||
Provides: bundled(mozjs) = %{mozjs_version}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description libs
|
%description libs
|
||||||
Libraries files for polkit.
|
Libraries files for polkit.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -S git
|
||||||
|
|
||||||
# Apply polkit patches
|
|
||||||
%patch1001 -p1
|
|
||||||
%patch1002 -p1
|
|
||||||
%patch1003 -p1
|
|
||||||
%patch1004 -p1
|
|
||||||
%patch1005 -p1
|
|
||||||
|
|
||||||
%if 0%{?bundled_mozjs}
|
|
||||||
# Extract mozjs archive
|
|
||||||
tar -xf %{S:2}
|
|
||||||
|
|
||||||
# Apply mozjs patches
|
|
||||||
pushd firefox-%{mozjs_version}
|
|
||||||
%patch02 -p1
|
|
||||||
%patch03 -p1
|
|
||||||
%patch09 -p1
|
|
||||||
%patch10 -p1
|
|
||||||
|
|
||||||
%patch12 -p1
|
|
||||||
|
|
||||||
%patch14 -p1
|
|
||||||
%patch15 -p1
|
|
||||||
|
|
||||||
%ifarch armv7hl
|
|
||||||
# Include definitions for user vfp on armv7 as it causes the compilation to fail without them
|
|
||||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1526653
|
|
||||||
%patch17 -p1
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%ifarch s390x
|
|
||||||
%patch18 -p1
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Fixes for ppc64 and s390x, there is no need to keep it in ifarch here since mozilla tests support ifarch conditions
|
|
||||||
%patch19 -p1
|
|
||||||
|
|
||||||
# Export SharedArrayRawBufferRefs
|
|
||||||
%patch30 -p1
|
|
||||||
|
|
||||||
# Avoid autoconf213 dependency
|
|
||||||
%patch31 -p1 -b .autoconf213
|
|
||||||
%patch32 -p1 -b .autoconf213-2
|
|
||||||
|
|
||||||
# Remove zlib directory (to be sure using system version)
|
|
||||||
rm -rf modules/zlib
|
|
||||||
popd
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if 0%{?bundled_mozjs}
|
|
||||||
pushd firefox-%{mozjs_version}/js/src
|
|
||||||
# Prefer GCC for now
|
|
||||||
export CC=gcc
|
|
||||||
export CXX=g++
|
|
||||||
|
|
||||||
# Workaround
|
|
||||||
# error: options `-C embed-bitcode=no` and `-C lto` are incompatible
|
|
||||||
# error: could not compile `jsrust`.
|
|
||||||
# https://github.com/japaric/cargo-call-stack/issues/25
|
|
||||||
export RUSTFLAGS="-C embed-bitcode"
|
|
||||||
|
|
||||||
# https://github.com/ptomato/mozjs/commit/36bb7982b41e0ef9a65f7174252ab996cd6777bd
|
|
||||||
export CARGO_PROFILE_RELEASE_LTO=true
|
|
||||||
|
|
||||||
export LINKFLAGS="%{?__global_ldflags}"
|
|
||||||
export PYTHON="%{__python3}"
|
|
||||||
|
|
||||||
%configure \
|
|
||||||
--without-system-icu \
|
|
||||||
--with-system-zlib \
|
|
||||||
--disable-tests \
|
|
||||||
--disable-strip \
|
|
||||||
--with-intl-api \
|
|
||||||
--enable-readline \
|
|
||||||
--enable-shared-js \
|
|
||||||
--enable-optimize \
|
|
||||||
--disable-debug \
|
|
||||||
--enable-pie \
|
|
||||||
--disable-jemalloc
|
|
||||||
|
|
||||||
%if 0%{?big_endian}
|
|
||||||
echo "Generate big endian version of config/external/icu/data/icud67l.dat"
|
|
||||||
pushd ../..
|
|
||||||
icupkg -tb config/external/icu/data/icudt67l.dat config/external/icu/data/icudt67b.dat
|
|
||||||
rm -f config/external/icu/data/icudt*l.dat
|
|
||||||
popd
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%make_build
|
|
||||||
popd
|
|
||||||
|
|
||||||
cat > mozjs-%{mozjs_major}.pc << EOF
|
|
||||||
Name: SpiderMonkey %{mozjs_version}
|
|
||||||
Description: The Mozilla library for JavaScript
|
|
||||||
Version: %{mozjs_version}
|
|
||||||
|
|
||||||
Libs: -L`pwd`/firefox-%{mozjs_version}/js/src/dist/bin -lmozjs-%{mozjs_major}
|
|
||||||
Cflags: -include `pwd`/firefox-%{mozjs_version}/js/src/dist/include/js/RequiredDefines.h -I`pwd`/firefox-%{mozjs_version}/js/src/dist/include
|
|
||||||
EOF
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if 0%{?enable_autoreconf}
|
%if 0%{?enable_autoreconf}
|
||||||
autoreconf -i
|
autoreconf -i
|
||||||
%endif
|
%endif
|
||||||
@ -283,11 +122,6 @@ autoreconf -i
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
|
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
|
||||||
export CFLAGS='-fPIC %optflags'
|
export CFLAGS='-fPIC %optflags'
|
||||||
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
|
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
|
||||||
%if 0%{?bundled_mozjs}
|
|
||||||
export PKG_CONFIG_PATH=`pwd`
|
|
||||||
export LD_LIBRARY_PATH=`pwd`/firefox-%{mozjs_version}/js/src/dist/bin
|
|
||||||
export LDFLAGS="$LDFLAGS -Wl,-rpath=%{_libdir}/polkit-1"
|
|
||||||
%endif
|
|
||||||
%configure --enable-gtk-doc \
|
%configure --enable-gtk-doc \
|
||||||
--disable-static \
|
--disable-static \
|
||||||
--enable-introspection \
|
--enable-introspection \
|
||||||
@ -296,33 +130,12 @@ export LDFLAGS="$LDFLAGS -Wl,-rpath=%{_libdir}/polkit-1"
|
|||||||
make V=1
|
make V=1
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%if 0%{?bundled_mozjs}
|
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
||||||
mkdir -p %{buildroot}%{_libdir}/polkit-1
|
|
||||||
cp -p firefox-%{mozjs_version}/js/src/dist/bin/libmozjs-%{mozjs_major}.so %{buildroot}%{_libdir}/polkit-1/
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%make_install \
|
|
||||||
typelibsdir=%{_libdir}/girepository-1.0 \
|
|
||||||
girdir=%{_datadir}/gir-1.0
|
|
||||||
|
|
||||||
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
|
|
||||||
%find_lang polkit-1
|
%find_lang polkit-1
|
||||||
|
|
||||||
%check
|
|
||||||
%if 0%{?bundled_mozjs}
|
|
||||||
export LD_LIBRARY_PATH=`pwd`/firefox-%{mozjs_version}/js/src/dist/bin
|
|
||||||
|
|
||||||
pushd firefox-%{mozjs_version}/js/src
|
|
||||||
# Run SpiderMonkey tests
|
|
||||||
PYTHONPATH=tests/lib %{__python3} tests/jstests.py -d -s -t 1800 --no-progress --wpt=disabled ../../js/src/dist/bin/js
|
|
||||||
|
|
||||||
# Run basic JIT tests
|
|
||||||
PYTHONPATH=tests/lib %{__python3} jit-test/jit_test.py -s -t 1800 --no-progress ../../js/src/dist/bin/js basic
|
|
||||||
popd
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
getent group polkitd >/dev/null || groupadd -r polkitd
|
getent group polkitd >/dev/null || groupadd -r polkitd
|
||||||
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
|
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
|
||||||
@ -376,117 +189,80 @@ exit 0
|
|||||||
%files docs
|
%files docs
|
||||||
%{_datadir}/gtk-doc
|
%{_datadir}/gtk-doc
|
||||||
|
|
||||||
%ldconfig_scriptlets libs
|
%post libs -p /sbin/ldconfig
|
||||||
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%files libs
|
%files libs
|
||||||
%{_libdir}/lib*.so.*
|
%{_libdir}/lib*.so.*
|
||||||
%{_libdir}/girepository-1.0/*.typelib
|
%{_libdir}/girepository-1.0/*.typelib
|
||||||
%if 0%{?bundled_mozjs}
|
|
||||||
%dir %{_libdir}/polkit-1
|
|
||||||
%{_libdir}/polkit-1/libmozjs-%{mozjs_major}.so
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Dec 02 2022 Jan Rybar <jrybar@redhat.com> - 0.117-11
|
* Mon May 20 2024 Jan Rybar <jrybar@redhat.com> - 0.115-15.2
|
||||||
- backport: restore tty only if changed
|
- PolkitPermission re-check on real session changes
|
||||||
- Resolves: rhbz#2150310
|
- Resolves: RHEL-34029
|
||||||
|
|
||||||
* Mon Mar 07 2022 Jan Rybar <jrybar@redhat.com> - 0.117-10
|
* Mon Apr 22 2024 Jan Rybar <jrybar@redhat.com> - 0.115-15.1
|
||||||
- fixed CVE-2021-4115 patch application
|
- reduce waking session monitor on uninteresting session changes
|
||||||
- Resolves: rhbz#2062644
|
- make polkit-pkla-compat uninstallable (for cases when no .pkla on system)
|
||||||
|
- Resolves: RHEL-34029
|
||||||
|
|
||||||
* Wed Feb 16 2022 Jan Rybar <jrybar@redhat.com> - 0.117-9
|
* Tue Nov 08 2022 Jan Rybar <jrybar@redhat.com> - 0.115-15
|
||||||
|
- pkttyagent gets stopped if killed in the background
|
||||||
|
- Resolves: rhbz#2128989
|
||||||
|
|
||||||
|
* Tue Feb 15 2022 Jan Rybar <jrybar@redhat.com> - 0.115-14
|
||||||
- file descriptor exhaustion (GHSL-2021-077)
|
- file descriptor exhaustion (GHSL-2021-077)
|
||||||
- Resolves: CVE-2021-4115
|
- Resolves: CVE-2021-4115
|
||||||
|
|
||||||
* Thu Jan 27 2022 Jan Rybar <jrybar@redhat.com> - 0.117-8
|
* Fri Dec 03 2021 Jan Rybar <jrybar@redhat.com> - 0.115-13
|
||||||
- pkexec: argv overflow results in local privilege esc.
|
- pkexec: argv overflow results in local privilege esc.
|
||||||
- Resolves: CVE-2021-4034
|
- Resolves: CVE-2021-4034
|
||||||
|
|
||||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.117-7
|
* Tue May 25 2021 Jan Rybar <jrybar@redhat.com> - 0.115-12
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- early disconnection from D-Bus results in privilege esc.
|
||||||
Related: rhbz#1991688
|
|
||||||
|
|
||||||
* Wed Jun 30 2021 Kalev Lember <klember@redhat.com> - 0.117-6
|
|
||||||
- Bundle mozjs (#1958111)
|
|
||||||
|
|
||||||
* Mon Jun 28 2021 Jan Rybar <jrybar@redhat.com> - 0.117-5
|
|
||||||
- CVE-2021-3560 mitigation
|
|
||||||
- Resolves: CVE-2021-3560
|
- Resolves: CVE-2021-3560
|
||||||
|
|
||||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.117-4
|
* Mon Nov 04 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
|
||||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
- pkttyagent: resetting terminal erases rest of input line
|
||||||
|
- Resolves: rhbz#1757853
|
||||||
|
|
||||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.117-3
|
* Tue Oct 29 2019 Jan Rybar <jrybar@redhat.com> - 0.115-10
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
- Fix of jasuthority memleak
|
||||||
|
- Resolves: rhbz#1745918
|
||||||
|
|
||||||
* Wed Aug 12 2020 Jan Rybar <jrybar@redhat.com> - 0.117-2
|
* Tue Sep 10 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
|
||||||
- update dependency to mozjs78
|
- Rebuild to reflect mozjs60 s390 abi change
|
||||||
|
- Related: rhbz#1746889
|
||||||
|
|
||||||
* Fri Jul 31 2020 Jan Rybar <jrybar@redhat.com> - 0.117-1
|
* Thu Jun 13 2019 Jan Rybar <jrybar@redhat.com> - 0.115-8
|
||||||
- Rebased to polkit-0.117
|
- Backport changing dependency to mozjs60
|
||||||
|
- Resolves: rhbz#1729416
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-9
|
* Thu Jun 13 2019 Jan Rybar <jrybar@redhat.com> - 0.115-7
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
- pkttyagent: polkit-agent-helper-1 timeout leaves tty echo disabled
|
||||||
|
- Mitigation of regression caused by fix of CVE-2018-19788
|
||||||
|
- Resolves: rhbz#1693781
|
||||||
|
- Resolves: rhbz#1693814
|
||||||
|
|
||||||
* Wed Jul 22 2020 Tom Stellard <tstellar@redhat.com> - 0.116-8
|
* Mon Jan 21 2019 Jan Rybar <jrybar@redhat.com> - 0.115-6
|
||||||
- Use make macros
|
- Fix of CVE-2019-6133, PID reuse via slow fork
|
||||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
- Resolves: rhbz#1667778
|
||||||
|
|
||||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-7
|
* Thu Dec 06 2018 Jan Rybar <jrybar@redhat.com> - 0.115-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Oct 25 2019 Jan Rybar <jrybar@redhat.com> - 0.116-6
|
|
||||||
- jsauthority memleak fix
|
|
||||||
|
|
||||||
* Fri Sep 27 2019 Jan Rybar <jrybar@redhat.com> - 0.116-5
|
|
||||||
- pkttyagent: unread input flushed on terminal restore
|
|
||||||
|
|
||||||
* Sun Sep 08 2019 Kalev Lember <klember@redhat.com> - 0.116-4
|
|
||||||
- Rebuilt for mozjs60 s390x fixes
|
|
||||||
|
|
||||||
* Fri Aug 02 2019 Jan Rybar <jrybar@redhat.com> - 0.116-3
|
|
||||||
- pkttyagent: backport patch, get SIGTTOU in background job
|
|
||||||
|
|
||||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu May 02 2019 Pete Walter <pwalter@fedoraproject.org> - 0.116-1
|
|
||||||
- Update to 0.116
|
|
||||||
|
|
||||||
* Thu Feb 14 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
|
|
||||||
- pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
|
|
||||||
|
|
||||||
* Fri Feb 08 2019 Pete Walter <pwalter@fedoraproject.org> - 0.115-10
|
|
||||||
- Move to mozjs60
|
|
||||||
|
|
||||||
* Tue Feb 05 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
|
|
||||||
- Allow uid=-1 for PolkitUnixProcess
|
|
||||||
|
|
||||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-8
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jan 08 2019 Colin Walters <walters@verbum.org> - 0.115-7
|
|
||||||
- Add security fix for
|
|
||||||
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
|
|
||||||
|
|
||||||
* Fri Dec 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-6
|
|
||||||
- Fix of CVE-2018-19788, priv escalation with high UIDs
|
- Fix of CVE-2018-19788, priv escalation with high UIDs
|
||||||
- Resolves: rhbz#1655926
|
- Resolves: rhbz#1656378
|
||||||
|
|
||||||
* Thu Sep 27 2018 Owen Taylor <otaylor@redhat.com> - 0.115-5
|
* Thu Aug 16 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
|
||||||
- Fix installation with prefix != /usr
|
- Spawned zombie subprocesses not reaped
|
||||||
|
- Resolves: rhbz#1616282
|
||||||
|
|
||||||
* Mon Aug 13 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
|
* Fri Aug 10 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
|
||||||
- Leaking zombie processess started by rules
|
- Resource leak found by static analyzer
|
||||||
|
- Resolves: rhbz#1602661
|
||||||
|
|
||||||
* Fri Jul 20 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
|
* Tue Aug 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-2
|
||||||
- Warning raised by polkit when disconnected from ssh
|
- Error message about getting authority is too elaborate (forward of #1342855)
|
||||||
- polkitagentlistener: resource leak - pointer to 'server'
|
- Bus disconnection report moved to debug mode (forward of #1249627)
|
||||||
- Error message raised on every 'systemctl start' in emergency.target
|
|
||||||
|
|
||||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
|
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
|
||||||
- Update to 0.115 (CVE-2018-1116)
|
- Update to 0.115 (CVE-2018-1116)
|
||||||
|
Loading…
Reference in New Issue
Block a user