diff options
Diffstat (limited to 'sys-auth')
5 files changed, 0 insertions, 938 deletions
diff --git a/sys-auth/polkit/files/CVE-2018-19788.patch b/sys-auth/polkit/files/CVE-2018-19788.patch deleted file mode 100644 index 97e3608a..00000000 --- a/sys-auth/polkit/files/CVE-2018-19788.patch +++ /dev/null @@ -1,339 +0,0 @@ -From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Mon, 3 Dec 2018 10:28:58 +0100 -Subject: [PATCH 1/2] Allow negative uids/gids in PolkitUnixUser and Group - objects - -(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since -there should be no users with such number, see -https://systemd.io/UIDS-GIDS#special-linux-uids. - -(uid_t) -1 is used as the default value in class initialization. - -When a user or group above INT32_MAX is created, the numeric uid or -gid wraps around to negative when the value is assigned to gint, and -polkit gets confused. Let's accept such gids, except for -1. - -A nicer fix would be to change the underlying type to e.g. uint32 to -not have negative values. But this cannot be done without breaking the -API, so likely new functions will have to be added (a -polkit_unix_user_new variant that takes a unsigned, and the same for -_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will -require a bigger patch. - -Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. ---- - src/polkit/polkitunixgroup.c | 15 +++++++++++---- - src/polkit/polkitunixprocess.c | 12 ++++++++---- - src/polkit/polkitunixuser.c | 13 ++++++++++--- - 3 files changed, 29 insertions(+), 11 deletions(-) - -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index c57a1aa..309f689 100644 ---- a/src/polkit/polkitunixgroup.c -+++ b/src/polkit/polkitunixgroup.c -@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, - static void - polkit_unix_group_init (PolkitUnixGroup *unix_group) - { -+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ - } - - static void -@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); -+ gint val; - - switch (prop_id) - { - case PROP_GID: -- unix_group->gid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_group->gid = val; - break; - - default: -@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) - g_param_spec_int ("gid", - "Group ID", - "The UNIX group ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) - */ - void - polkit_unix_group_set_gid (PolkitUnixGroup *group, -- gint gid) -+ gint gid) - { - g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); -+ g_return_if_fail (gid != -1); - group->gid = gid; - } - -@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, - PolkitIdentity * - polkit_unix_group_new (gint gid) - { -+ g_return_val_if_fail (gid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, - "gid", gid, - NULL)); -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index 972b777..b02b258 100644 ---- a/src/polkit/polkitunixprocess.c -+++ b/src/polkit/polkitunixprocess.c -@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, - polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); - break; - -- case PROP_UID: -- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); -+ case PROP_UID: { -+ gint val; -+ -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ polkit_unix_process_set_uid (unix_process, val); - break; -+ } - - case PROP_START_TIME: - polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- -1, -+ G_MININT, - G_MAXINT, - -1, - G_PARAM_CONSTRUCT | -@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); -- g_return_if_fail (uid >= -1); - process->uid = uid; - } - -diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c -index 8bfd3a1..234a697 100644 ---- a/src/polkit/polkitunixuser.c -+++ b/src/polkit/polkitunixuser.c -@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, - static void - polkit_unix_user_init (PolkitUnixUser *unix_user) - { -+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ - unix_user->name = NULL; - } - -@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, - GParamSpec *pspec) - { - PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); -+ gint val; - - switch (prop_id) - { - case PROP_UID: -- unix_user->uid = g_value_get_int (value); -+ val = g_value_get_int (value); -+ g_return_if_fail (val != -1); -+ unix_user->uid = val; - break; - - default: -@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) - g_param_spec_int ("uid", - "User ID", - "The UNIX user ID", -- 0, -+ G_MININT, - G_MAXINT, -- 0, -+ -1, - G_PARAM_CONSTRUCT | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | -@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - gint uid) - { - g_return_if_fail (POLKIT_IS_UNIX_USER (user)); -+ g_return_if_fail (uid != -1); - user->uid = uid; - } - -@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, - PolkitIdentity * - polkit_unix_user_new (gint uid) - { -+ g_return_val_if_fail (uid != -1, NULL); -+ - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, - "uid", uid, - NULL)); --- -2.18.1 - - -From b534a10727455409acd54018a9c91000e7626126 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Mon, 3 Dec 2018 11:20:34 +0100 -Subject: [PATCH 2/2] tests: add tests for high uids - ---- - test/data/etc/group | 1 + - test/data/etc/passwd | 2 + - .../etc/polkit-1/rules.d/10-testing.rules | 21 ++++++ - .../test-polkitbackendjsauthority.c | 72 +++++++++++++++++++ - 4 files changed, 96 insertions(+) - -diff --git a/test/data/etc/group b/test/data/etc/group -index 12ef328..b9acab9 100644 ---- a/test/data/etc/group -+++ b/test/data/etc/group -@@ -5,3 +5,4 @@ john:x:500: - jane:x:501: - sally:x:502: - henry:x:503: -+highuid2:x:4000000000: -diff --git a/test/data/etc/passwd b/test/data/etc/passwd -index 8544feb..5cf14a5 100644 ---- a/test/data/etc/passwd -+++ b/test/data/etc/passwd -@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash - jane:x:501:501:Jane Smith:/home/jane:/bin/bash - sally:x:502:502:Sally Derp:/home/sally:/bin/bash - henry:x:503:503:Henry Herp:/home/henry:/bin/bash -+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin -+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin -diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules -index 446e622..98bf062 100644 ---- a/test/data/etc/polkit-1/rules.d/10-testing.rules -+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules -@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) { - } - }); - -+polkit.addRule(function(action, subject) { -+ if (action.id == "net.company.john_action") { -+ if (subject.user == "john") { -+ return polkit.Result.YES; -+ } else { -+ return polkit.Result.NO; -+ } -+ } -+}); -+ -+polkit.addRule(function(action, subject) { -+ if (action.id == "net.company.highuid2_action") { -+ if (subject.user == "highuid2") { -+ return polkit.Result.YES; -+ } else { -+ return polkit.Result.NO; -+ } -+ } -+}); -+ -+ - // --------------------------------------------------------------------- - // variables - -diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index b484a26..71aad23 100644 ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = { - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, - }, -+ -+ { -+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid22)", -+ "net.company.group.only_group_users", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid21)", -+ "net.company.group.only_group_users", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid1 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid24)", -+ "net.company.group.only_group_users", -+ "unix-user:2147483648", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is not a member of group 'users', see test/data/etc/group */ -+ "group_membership_with_non_member(highuid23)", -+ "net.company.group.only_group_users", -+ "unix-user:4000000000", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* john is authorized to do this, see 10-testing.rules */ -+ "john_action", -+ "net.company.john_action", -+ "unix-user:john", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, -+ }, -+ -+ { -+ /* only john is authorized to do this, see 10-testing.rules */ -+ "jane_action", -+ "net.company.john_action", -+ "unix-user:jane", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, -+ -+ { -+ /* highuid2 is authorized to do this, see 10-testing.rules */ -+ "highuid2_action", -+ "net.company.highuid2_action", -+ "unix-user:highuid2", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, -+ }, -+ -+ { -+ /* only highuid2 is authorized to do this, see 10-testing.rules */ -+ "highuid1_action", -+ "net.company.highuid2_action", -+ "unix-user:highuid1", -+ NULL, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, -+ }, - }; - - /* ---------------------------------------------------------------------------------------------------- */ --- -2.18.1 - diff --git a/sys-auth/polkit/files/polkit-0.113-elogind.patch b/sys-auth/polkit/files/polkit-0.113-elogind.patch deleted file mode 100644 index fb142c65..00000000 --- a/sys-auth/polkit/files/polkit-0.113-elogind.patch +++ /dev/null @@ -1,160 +0,0 @@ ---- a/configure.ac 2016-11-03 20:16:02.842071344 +0100 -+++ b/configure.ac 2016-11-03 20:15:34.612071850 +0100 -@@ -183,11 +183,12 @@ - - AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"]) - --dnl --------------------------------------------------------------------------- --dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking --dnl --------------------------------------------------------------------------- -+dnl ----------------------------------------------------------------------------------- -+dnl - Select wether to use libsystemd-login, elogind or ConsoleKit for session tracking -+dnl ----------------------------------------------------------------------------------- - - have_libsystemd=no -+have_elogind=no - SESSION_TRACKING=ConsoleKit - - AC_ARG_ENABLE([libsystemd-login], -@@ -220,6 +221,29 @@ - fi - fi - fi -+ -+AC_ARG_ENABLE([libelogind], -+ [AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])], -+ [enable_libelogind=$enableval], -+ [enable_libelogind=auto]) -+if test "$enable_libelogind" != "no"; then -+ PKG_CHECK_MODULES([LIBELOGIND], -+ [libelogind], -+ [have_libelogind=yes], -+ [have_libelogind=no]) -+ if test "$have_libelogind" = "yes"; then -+ SESSION_TRACKING=libelogind -+ AC_DEFINE([HAVE_LIBELOGIND], 1, [Define to 1 if libelogind is available]) -+ save_LIBS=$LIBS -+ LIBS=$LIBELOGIND_LIBS -+ AC_CHECK_FUNCS(sd_uid_get_display) -+ LIBS=$save_LIBS -+ else -+ if test "$enable_libelogind" = "yes"; then -+ AC_MSG_ERROR([libelogind support requested but libelogind not found]) -+ fi -+ fi -+fi - - AS_IF([test "x$cross_compiling" != "xyes" ], [ - AS_IF([test "$have_libsystemd" = "yes"], [ -@@ -245,6 +245,10 @@ - AC_SUBST(LIBSYSTEMD_LIBS) - AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd]) - -+AC_SUBST(LIBELOGIND_CFLAGS) -+AC_SUBST(LIBELOGIND_LIBS) -+AM_CONDITIONAL(HAVE_LIBELOGIND, [test "$have_libelogind" = "yes"], [Using libelogind]) -+ - dnl --------------------------------------------------------------------------- - dnl - systemd unit / service files - dnl --------------------------------------------------------------------------- ---- a/src/polkitbackend/Makefile.am 2016-11-04 04:40:46.930116006 +0100 -+++ b/src/polkitbackend/Makefile.am 2016-11-04 04:42:14.586114436 +0100 -@@ -42,21 +42,28 @@ - libpolkit_backend_1_la_SOURCES += \ - polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c - else -+if HAVE_LIBELOGIND -+libpolkit_backend_1_la_SOURCES += \ -+ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c -+else - libpolkit_backend_1_la_SOURCES += \ - polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c - endif -+endif - - libpolkit_backend_1_la_CFLAGS = \ - -D_POLKIT_COMPILATION \ - -D_POLKIT_BACKEND_COMPILATION \ - $(GLIB_CFLAGS) \ - $(LIBSYSTEMD_CFLAGS) \ -+ $(LIBELOGIND_CFLAGS) \ - $(LIBJS_CFLAGS) \ - $(NULL) - - libpolkit_backend_1_la_LIBADD = \ - $(GLIB_LIBS) \ - $(LIBSYSTEMD_LIBS) \ -+ $(LIBELOGIND_LIBS) \ - $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(EXPAT_LIBS) \ - $(LIBJS_LIBS) \ ---- a/src/polkit/Makefile.am 2016-11-04 04:41:02.756115723 +0100 -+++ b/src/polkit/Makefile.am 2016-11-04 04:42:49.428113812 +0100 -@@ -85,19 +85,26 @@ - libpolkit_gobject_1_la_SOURCES += \ - polkitunixsession-systemd.c polkitunixsession.h - else -+if HAVE_LIBELOGIND -+libpolkit_gobject_1_la_SOURCES += \ -+ polkitunixsession-systemd.c polkitunixsession.h -+else - libpolkit_gobject_1_la_SOURCES += \ - polkitunixsession.c polkitunixsession.h - endif -+endif - - libpolkit_gobject_1_la_CFLAGS = \ - -D_POLKIT_COMPILATION \ - $(GLIB_CFLAGS) \ - $(LIBSYSTEMD_CFLAGS) \ -+ $(LIBELOGIND_CFLAGS) \ - $(NULL) - - libpolkit_gobject_1_la_LIBADD = \ - $(GLIB_LIBS) \ - $(LIBSYSTEMD_LIBS) \ -+ $(LIBELOGIND_LIBS) \ - $(NULL) - - libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' ---- a/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:29.650112018 +0100 -+++ b/src/polkitbackend/polkitbackendjsauthority.c 2016-11-04 04:44:58.283111505 +0100 -@@ -39,6 +39,10 @@ - #include <systemd/sd-login.h> - #endif /* HAVE_LIBSYSTEMD */ - -+#ifdef HAVE_LIBELOGIND -+#include <elogind/sd-login.h> -+#endif /* HAVE_LIBELOGIND */ -+ - #include <jsapi.h> - - #include "initjs.h" /* init.js */ ---- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:44:29.650112018 +0100 -+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2016-11-04 04:46:52.718109455 +0100 -@@ -25,7 +25,11 @@ - #include <grp.h> - #include <string.h> - #include <glib/gstdio.h> -+#ifdef HAVE_LIBSYSTEMD - #include <systemd/sd-login.h> -+#else -+#include <elogind/sd-login.h> -+#endif /* HAVE_LIBSYSTEMD versus HAVE_LIBELOGIND */ - #include <stdlib.h> - - #include <polkit/polkit.h> ---- a/src/polkit/polkitunixsession-systemd.c 2016-11-04 04:44:29.651112017 +0100 -+++ b/src/polkit/polkitunixsession-systemd.c 2016-11-04 04:47:07.160109197 +0100 -@@ -30,7 +30,11 @@ - #include "polkiterror.h" - #include "polkitprivate.h" - -+#ifdef HAVE_LIBSYSTEMD - #include <systemd/sd-login.h> -+#else -+#include <elogind/sd-login.h> -+#endif /* HAVE_LIBSYSTEMD versus HAVE_ELOGIND */ - - /** - * SECTION:polkitunixsession diff --git a/sys-auth/polkit/files/polkit-0.113-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.113-make-netgroup-support-optional.patch deleted file mode 100644 index 232cc315..00000000 --- a/sys-auth/polkit/files/polkit-0.113-make-netgroup-support-optional.patch +++ /dev/null @@ -1,130 +0,0 @@ ---- polkit-0.113/configure.ac -+++ polkit-0.113-optional-netgroup/configure.ac -@@ -158,7 +158,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXP - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) - --AC_CHECK_FUNCS(clearenv fdatasync) -+AC_CHECK_FUNCS(clearenv fdatasync getnetgrent) - - if test "x$GCC" = "xyes"; then - LDFLAGS="-Wl,--as-needed $LDFLAGS" ---- polkit-0.113/src/polkitbackend/init.js -+++ polkit-0.113-optional-netgroup/src/polkitbackend/init.js -@@ -29,7 +29,10 @@ function Subject() { - }; - - this.isInNetGroup = function(netGroup) { -- return polkit._userIsInNetGroup(this.user, netGroup); -+ if (polkit._userIsInNetGroup) -+ return polkit._userIsInNetGroup(this.user, netGroup); -+ else -+ return false; - }; - - this.toString = function() { ---- polkit-0.113/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ polkit-0.113-optional-netgroup/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2214,6 +2214,7 @@ get_users_in_group (PolkitIdentity - return ret; - } - -+#ifdef HAVE_GETNETGRENT - static GList * - get_users_in_net_group (PolkitIdentity *group, - gboolean include_root) -@@ -2269,6 +2270,7 @@ get_users_in_net_group (PolkitIdentity - endnetgrent (); - return ret; - } -+#endif - - /* ---------------------------------------------------------------------------------------------------- */ - -@@ -2355,10 +2357,12 @@ authentication_agent_initiate_challenge - { - user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE)); - } -+#ifdef HAVE_GETNETGRENT - else if (POLKIT_IS_UNIX_NETGROUP (identity)) - { - user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE)); - } -+#endif - else - { - g_warning ("Unsupported identity"); ---- polkit-0.113/src/polkitbackend/polkitbackendjsauthority.c -+++ polkit-0.113-optional-netgroup/src/polkitbackend/polkitbackendjsauthority.c -@@ -189,13 +189,16 @@ static JSClass js_polkit_class = { - - static JSBool js_polkit_log (JSContext *cx, unsigned argc, jsval *vp); - static JSBool js_polkit_spawn (JSContext *cx, unsigned argc, jsval *vp); -+#ifdef HAVE_GETNETGRENT - static JSBool js_polkit_user_is_in_netgroup (JSContext *cx, unsigned argc, jsval *vp); -- -+#endif - static JSFunctionSpec js_polkit_functions[] = - { - JS_FS("log", js_polkit_log, 0, 0), - JS_FS("spawn", js_polkit_spawn, 0, 0), -+#ifdef HAVE_GETNETGRENT - JS_FS("_userIsInNetGroup", js_polkit_user_is_in_netgroup, 0, 0), -+#endif - JS_FS_END - }; - -@@ -1498,7 +1501,7 @@ js_polkit_spawn (JSContext *cx, - - /* ---------------------------------------------------------------------------------------------------- */ - -- -+#ifdef HAVE_GETNETGRENT - static JSBool - js_polkit_user_is_in_netgroup (JSContext *cx, - unsigned argc, -@@ -1535,7 +1538,7 @@ js_polkit_user_is_in_netgroup (JSContext - out: - return ret; - } -- -+#endif - - - /* ---------------------------------------------------------------------------------------------------- */ ---- polkit-0.113/test/polkitbackend/test-polkitbackendjsauthority.c -+++ polkit-0.113-optional-netgroup/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_GETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - -@@ -258,7 +260,7 @@ static const RulesTestCase rules_test_ca - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, - }, -- -+#if HAVE_GETNETGRENT - /* check netgroup membership */ - { - /* john is a member of netgroup 'foo', see test/etc/netgroup */ -@@ -276,7 +278,7 @@ static const RulesTestCase rules_test_ca - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, - }, -- -+#endif - /* spawning */ - { - "spawning_non_existing_helper", - diff --git a/sys-auth/polkit/files/polkit-0.115-make-netgroup-support-optional.patch b/sys-auth/polkit/files/polkit-0.115-make-netgroup-support-optional.patch deleted file mode 100644 index 0a8f886d..00000000 --- a/sys-auth/polkit/files/polkit-0.115-make-netgroup-support-optional.patch +++ /dev/null @@ -1,129 +0,0 @@ ---- polkit-0.115/configure.ac -+++ polkit-0.115-optional-netgroup/configure.ac -@@ -158,7 +158,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXP - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) - --AC_CHECK_FUNCS(clearenv fdatasync) -+AC_CHECK_FUNCS(clearenv fdatasync getnetgrent) - - if test "x$GCC" = "xyes"; then - LDFLAGS="-Wl,--as-needed $LDFLAGS" ---- polkit-0.115/src/polkitbackend/init.js -+++ polkit-0.115-optional-netgroup/src/polkitbackend/init.js -@@ -29,7 +29,10 @@ function Subject() { - }; - - this.isInNetGroup = function(netGroup) { -- return polkit._userIsInNetGroup(this.user, netGroup); -+ if (polkit._userIsInNetGroup) -+ return polkit._userIsInNetGroup(this.user, netGroup); -+ else -+ return false; - }; - - this.toString = function() { ---- polkit-0.115/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ polkit-0.115-optional-netgroup/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2214,6 +2214,7 @@ get_users_in_group (PolkitIdentity - return ret; - } - -+#ifdef HAVE_GETNETGRENT - static GList * - get_users_in_net_group (PolkitIdentity *group, - gboolean include_root) -@@ -2269,6 +2270,7 @@ get_users_in_net_group (PolkitIdentity - endnetgrent (); - return ret; - } -+#endif - - /* ---------------------------------------------------------------------------------------------------- */ - -@@ -2355,10 +2357,12 @@ authentication_agent_initiate_challenge - { - user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE)); - } -+#ifdef HAVE_GETNETGRENT - else if (POLKIT_IS_UNIX_NETGROUP (identity)) - { - user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE)); - } -+#endif - else - { - g_warning ("Unsupported identity"); ---- polkit-0.115/src/polkitbackend/polkitbackendjsauthority.cpp -+++ polkit-0.115-optional-netgroup/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -194,13 +194,16 @@ - - static bool js_polkit_log (JSContext *cx, unsigned argc, JS::Value *vp); - static bool js_polkit_spawn (JSContext *cx, unsigned argc, JS::Value *vp); -+#ifdef HAVE_GETNETGRENT - static bool js_polkit_user_is_in_netgroup (JSContext *cx, unsigned argc, JS::Value *vp); -- -+#endif - static JSFunctionSpec js_polkit_functions[] = - { - JS_FN("log", js_polkit_log, 0, 0), - JS_FN("spawn", js_polkit_spawn, 0, 0), -+#ifdef HAVE_GETNETGRENT - JS_FN("_userIsInNetGroup", js_polkit_user_is_in_netgroup, 0, 0), -+#endif - JS_FS_END - }; - -@@ -1486,6 +1489,7 @@ - /* ---------------------------------------------------------------------------------------------------- */ - - -+#ifdef HAVE_GETNETGRENT - static bool - js_polkit_user_is_in_netgroup (JSContext *cx, - unsigned argc, -@@ -1523,7 +1523,7 @@ - - return ret; - } -- -+#endif - - - /* ---------------------------------------------------------------------------------------------------- */ ---- polkit-0.115/test/polkitbackend/test-polkitbackendjsauthority.c -+++ polkit-0.115-optional-netgroup/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_GETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - -@@ -258,7 +260,7 @@ static const RulesTestCase rules_test_ca - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, - }, -- -+#if HAVE_GETNETGRENT - /* check netgroup membership */ - { - /* john is a member of netgroup 'foo', see test/etc/netgroup */ -@@ -276,7 +278,7 @@ static const RulesTestCase rules_test_ca - NULL, - POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, - }, -- -+#endif - /* spawning */ - { - "spawning_non_existing_helper", - diff --git a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch b/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch deleted file mode 100644 index 8a4510ad..00000000 --- a/sys-auth/polkit/files/polkit-0.115-spidermonkey-60.patch +++ /dev/null @@ -1,180 +0,0 @@ -From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001 -From: Emmanuele Bassi <ebassi@gnome.org> -Date: Fri, 31 Aug 2018 13:32:16 +0100 -Subject: [PATCH] Depend on mozjs-60 - -This is the new ESR version of the Mozilla JS engine, superceding -mozjs-52. ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 5c37e48..5cedb4e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) - AC_SUBST(GLIB_CFLAGS) - AC_SUBST(GLIB_LIBS) - --PKG_CHECK_MODULES(LIBJS, [mozjs-52]) -+PKG_CHECK_MODULES(LIBJS, [mozjs-60]) - - AC_SUBST(LIBJS_CFLAGS) - AC_SUBST(LIBJS_CXXFLAGS) - - -From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001 -From: Emmanuele Bassi <ebassi@gnome.org> -Date: Fri, 31 Aug 2018 13:33:20 +0100 -Subject: [PATCH] Port the JS authority to mozjs-60 - -API changes in mozjs that need to be reflected in the JS authority: - - - the JS::CompileOptions constructor and the JS::CompartmentOptions - do not allow setting a JS version any more - - - do not use NULL comparisons for C++ objects - - - the resize() method for a vector has a return value that needs - to be handled - - - JSClassOps has different fields ---- - .../polkitbackendjsauthority.cpp | 65 +++++++++---------- - 1 file changed, 32 insertions(+), 33 deletions(-) - -diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 7602714..984a0f0 100644 ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC - /* ---------------------------------------------------------------------------------------------------- */ - - static const struct JSClassOps js_global_class_ops = { -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL -+ nullptr, // addProperty -+ nullptr, // deleteProperty -+ nullptr, // enumerate -+ nullptr, // newEnumerate -+ nullptr, // resolve -+ nullptr, // mayResolve -+ nullptr, // finalize -+ nullptr, // call -+ nullptr, // hasInstance -+ nullptr, // construct -+ JS_GlobalObjectTraceHook - }; - - static JSClass js_global_class = { -@@ -172,18 +171,17 @@ static JSClass js_global_class = { - - /* ---------------------------------------------------------------------------------------------------- */ - static const struct JSClassOps js_polkit_class_ops = { -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- NULL -+ nullptr, // addProperty -+ nullptr, // deleteProperty -+ nullptr, // enumerate -+ nullptr, // newEnumerate -+ nullptr, // resolve -+ nullptr, // mayResolve -+ nullptr, // finalize -+ nullptr, // call -+ nullptr, // hasInstance -+ nullptr, // construct -+ nullptr // trace - }; - - static JSClass js_polkit_class = { -@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object) - - { - JS::CompartmentOptions compart_opts; -- compart_opts.behaviors().setVersion(JSVERSION_LATEST); -+ - JS::RootedObject global(authority->priv->cx); - - authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts)); - - global = authority->priv->js_global->get (); -- -- if (global == NULL) -+ if (!global) - goto fail; - - authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global); - -- if (authority->priv->ac == NULL) -+ if (!authority->priv->ac) - goto fail; - - if (!JS_InitStandardClasses (authority->priv->cx, global)) -@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object) - - polkit = authority->priv->js_polkit->get (); - -- if (polkit == NULL) -+ if (!polkit) - goto fail; - - if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE)) -@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object) - js_polkit_functions)) - goto fail; - -- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); -+ JS::CompileOptions options(authority->priv->cx); - JS::RootedValue rval(authority->priv->cx); - if (!JS::Evaluate (authority->priv->cx, - options, -@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority, - JS::AutoValueVector elems(authority->priv->cx); - guint n; - -- elems.resize(value->len); -+ if (!elems.resize(value->len)) -+ g_error ("Unable to resize vector"); -+ - for (n = 0; n < value->len; n++) - { - const char *c_string = (const char *) g_ptr_array_index(value, n); -@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority, - GError **error) - { - gboolean ret = FALSE; -- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); -+ JS::CompileOptions options(authority->priv->cx); - const char *src; - JS::RootedObject obj(authority->priv->cx); - pid_t pid; -@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority, - GError **error) - { - gboolean ret = FALSE; -- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); -+ JS::CompileOptions options(authority->priv->cx); - const char *src; - JS::RootedObject obj(authority->priv->cx); - gchar **keys; |