rpms
/
polkit
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8e
rpms:i9e
rpms:i9c
rpms:c9
...
pull from: rpms:i8c
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8e
rpms:i9e
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i8c' have entirely different histories.
c9 ... i8c

36 changed files with 1336 additions and 6608 deletions
Show Stats

3
.gitignore vendored
Unescape View File

@ -1,2 +1 @@
SOURCES/firefox-78.10.0esr.source.tar.xz
SOURCES/polkit-0.117.tar.gz
SOURCES/polkit-0.115.tar.gz

3
.polkit.metadata
Unescape View File

@ -1,2 +1 @@
547bac33732774993bd8223de9acfeedcc69a10d SOURCES/firefox-78.10.0esr.source.tar.xz
0c375fa621bc9f74f2972e00fb517a408f419adf SOURCES/polkit-0.117.tar.gz
208b7e44fcf0f515d067d37307af9ea1419eb305 SOURCES/polkit-0.115.tar.gz

30
SOURCES/0001-Skip-failing-tests-on-ppc64-and-s390x.patch
Unescape View File

@ -1,30 +0,0 @@
From db3a0a25b97377b388532b23e73a10d246f66496 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Mon, 3 Aug 2020 10:27:00 +0200
Subject: [PATCH] Skip failing tests on ppc64 and s390x
ppc64 and s390x: non262/extensions/clone-errors.js
s390x: test262/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-other-type.js
---
js/src/tests/jstests.list | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/js/src/tests/jstests.list b/js/src/tests/jstests.list
index 4085ce3..4f014f5 100644
--- a/js/src/tests/jstests.list
+++ b/js/src/tests/jstests.list
@@ -56,6 +56,11 @@ skip-if(!this.hasOwnProperty('addIntlExtras')) include test262/intl402/DisplayNa
skip-if(!this.hasOwnProperty("Atomics")) include test262/built-ins/Atomics/jstests.list
skip-if(!this.hasOwnProperty("SharedArrayBuffer")) include test262/built-ins/SharedArrayBuffer/jstests.list
+# Crashes on s390x and ppc64, avoid it
+skip-if(xulRuntime.XPCOMABI.match(/s390x|ppc64-/)) script non262/extensions/clone-errors.js
+
+# Crashes on s390x, avoid it
+skip-if(xulRuntime.XPCOMABI.match(/s390x/)) script test262/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-other-type.js
#####################################
# Test262 tests disabled on browser #
--
2.26.2

5771
SOURCES/0002-D89554-autoconf1.diff
View File

File diff suppressed because it is too large Load Diff

118
SOURCES/0003-D94538-autoconf2.diff
Unescape View File

@ -1,118 +0,0 @@
diff -up firefox-78.8.0/python/mozboot/mozboot/archlinux.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/archlinux.py
--- firefox-78.8.0/python/mozboot/mozboot/archlinux.py.D94538-autoconf2.diff 2021-02-25 13:53:04.963982705 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/archlinux.py 2021-02-25 13:53:25.713053151 +0100
@@ -26,7 +26,6 @@ class ArchlinuxBootstrapper(
'''Archlinux experimental bootstrapper.'''
SYSTEM_PACKAGES = [
- 'autoconf2.13',
'base-devel',
'nodejs',
'python2',
diff -up firefox-78.8.0/python/mozboot/mozboot/centosfedora.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/centosfedora.py
--- firefox-78.8.0/python/mozboot/mozboot/centosfedora.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/centosfedora.py 2021-02-25 13:53:04.963982705 +0100
@@ -26,7 +26,6 @@ class CentOSFedoraBootstrapper(
# For CentOS 7, later versions of nodejs come from nodesource
# and include the npm package.
self.packages = [
- 'autoconf213',
'nodejs',
'which',
]
diff -up firefox-78.8.0/python/mozboot/mozboot/debian.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/debian.py
--- firefox-78.8.0/python/mozboot/mozboot/debian.py.D94538-autoconf2.diff 2021-02-25 13:53:04.963982705 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/debian.py 2021-02-25 13:53:42.874111415 +0100
@@ -32,7 +32,6 @@ class DebianBootstrapper(
# These are common packages for all Debian-derived distros (such as
# Ubuntu).
COMMON_PACKAGES = [
- 'autoconf2.13',
'build-essential',
'nodejs',
'python-setuptools',
diff -up firefox-78.8.0/python/mozboot/mozboot/freebsd.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/freebsd.py
--- firefox-78.8.0/python/mozboot/mozboot/freebsd.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/freebsd.py 2021-02-25 13:53:04.963982705 +0100
@@ -15,7 +15,6 @@ class FreeBSDBootstrapper(BaseBootstrapp
self.flavor = flavor.lower()
self.packages = [
- 'autoconf213',
'gmake',
'gtar',
'pkgconf',
diff -up firefox-78.8.0/python/mozboot/mozboot/gentoo.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/gentoo.py
--- firefox-78.8.0/python/mozboot/mozboot/gentoo.py.D94538-autoconf2.diff 2021-02-17 08:49:38.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/gentoo.py 2021-02-25 13:53:04.963982705 +0100
@@ -36,7 +36,6 @@ class GentooBootstrapper(
def ensure_system_packages(self):
self.run_as_root(['emerge', '--noreplace', '--quiet',
'app-arch/zip',
- 'sys-devel/autoconf:2.1'
])
def ensure_browser_packages(self, artifact_mode=False):
diff -up firefox-78.8.0/python/mozboot/mozboot/openbsd.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/openbsd.py
--- firefox-78.8.0/python/mozboot/mozboot/openbsd.py.D94538-autoconf2.diff 2021-02-17 08:49:15.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/openbsd.py 2021-02-25 13:53:04.964982709 +0100
@@ -12,7 +12,6 @@ class OpenBSDBootstrapper(BaseBootstrapp
BaseBootstrapper.__init__(self, **kwargs)
self.packages = [
- 'autoconf-2.13',
'gmake',
'gtar',
'rust',
diff -up firefox-78.8.0/python/mozboot/mozboot/opensuse.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/opensuse.py
--- firefox-78.8.0/python/mozboot/mozboot/opensuse.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/opensuse.py 2021-02-25 13:53:04.964982709 +0100
@@ -13,7 +13,6 @@ class OpenSUSEBootstrapper(
'''openSUSE experimental bootstrapper.'''
SYSTEM_PACKAGES = [
- 'autoconf213',
'nodejs',
'npm',
'which',
diff -up firefox-78.8.0/python/mozboot/mozboot/osx.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/osx.py
--- firefox-78.8.0/python/mozboot/mozboot/osx.py.D94538-autoconf2.diff 2021-02-25 13:53:04.964982709 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/osx.py 2021-02-25 13:54:07.162193882 +0100
@@ -353,7 +353,6 @@ class OSXBootstrapper(BaseBootstrapper):
# least on 10.8) and because the build system wants a version
# newer than what Apple ships.
packages = [
- 'autoconf@2.13',
'git',
'gnu-tar',
'node',
@@ -428,7 +427,6 @@ class OSXBootstrapper(BaseBootstrapper):
'python27',
'python36',
'py27-gnureadline',
- 'autoconf213',
'gnutar',
'watchman',
'nodejs8'
diff -up firefox-78.8.0/python/mozboot/mozboot/solus.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/solus.py
--- firefox-78.8.0/python/mozboot/mozboot/solus.py.D94538-autoconf2.diff 2021-02-25 13:53:04.964982709 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/solus.py 2021-02-25 13:53:32.090074802 +0100
@@ -23,7 +23,6 @@ class SolusBootstrapper(
'''Solus experimental bootstrapper.'''
SYSTEM_PACKAGES = [
- 'autoconf213',
'nodejs',
'python',
'python3',
diff -up firefox-78.8.0/python/mozboot/mozboot/windows.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/windows.py
--- firefox-78.8.0/python/mozboot/mozboot/windows.py.D94538-autoconf2.diff 2021-02-17 08:49:34.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/windows.py 2021-02-25 13:53:04.978982756 +0100
@@ -48,7 +48,6 @@ class WindowsBootstrapper(BaseBootstrapp
'patch',
'patchutils',
'diffutils',
- 'autoconf2.13',
'tar',
'zip',
'unzip',

12
SOURCES/FixSharedArray.diff
Unescape View File

@ -1,12 +0,0 @@
--- a/js/public/StructuredClone.h
+++ b/js/public/StructuredClone.h
@@ -381,7 +381,7 @@ enum OwnTransferablePolicy {
namespace js {
class SharedArrayRawBuffer;
-class SharedArrayRawBufferRefs {
+class JS_PUBLIC_API SharedArrayRawBufferRefs {
public:
SharedArrayRawBufferRefs() = default;
SharedArrayRawBufferRefs(SharedArrayRawBufferRefs&& other) = default;
--

38
SOURCES/copy-headers.patch
Unescape View File

@ -1,38 +0,0 @@
From 3b3c8e37cca418e07bdeceaf3a601805df28d925 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 15 Jul 2020 08:27:39 +0200
Subject: [PATCH] build: Copy headers on install instead of symlinking
Patch by Philip Chimento ported forward to mozjs78
---
python/mozbuild/mozbuild/backend/recursivemake.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/python/mozbuild/mozbuild/backend/recursivemake.py b/python/mozbuild/mozbuild/backend/recursivemake.py
index e3fc8fe..bed5ae9 100644
--- a/python/mozbuild/mozbuild/backend/recursivemake.py
+++ b/python/mozbuild/mozbuild/backend/recursivemake.py
@@ -1457,9 +1457,9 @@ class RecursiveMakeBackend(MakeBackend):
raise Exception("Wildcards are only supported in the filename part"
" of srcdir-relative or absolute paths.")
- install_manifest.add_pattern_link(basepath, wild, path)
+ install_manifest.add_pattern_copy(basepath, wild, path)
else:
- install_manifest.add_pattern_link(f.srcdir, f, path)
+ install_manifest.add_pattern_copy(f.srcdir, f, path)
elif isinstance(f, AbsolutePath):
if not f.full_path.lower().endswith(('.dll', '.pdb', '.so')):
raise Exception("Absolute paths installed to FINAL_TARGET_FILES must"
@@ -1468,7 +1468,7 @@ class RecursiveMakeBackend(MakeBackend):
install_manifest.add_optional_exists(dest)
absolute_files.append(f.full_path)
else:
- install_manifest.add_link(f.full_path, dest)
+ install_manifest.add_copy(f.full_path, dest)
else:
install_manifest.add_optional_exists(dest)
objdir_files.append(self._pretty_path(f, backend_file))
--
2.26.2

35
SOURCES/definitions_for_user_vfp.patch
Unescape View File

@ -1,35 +0,0 @@
From fd6847c9416f9eebde636e21d794d25d1be8791d Mon Sep 17 00:00:00 2001
From: Mike Hommey <mh@glandium.org>
Date: Sat, 1 Jun 2019 09:06:01 +0900
Subject: [PATCH] Bug 1526653 - Include struct definitions for user_vfp and
user_vfp_exc.
---
js/src/wasm/WasmSignalHandlers.cpp | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/js/src/wasm/WasmSignalHandlers.cpp b/js/src/wasm/WasmSignalHandlers.cpp
index 636537f8478..383c380f04c 100644
--- a/js/src/wasm/WasmSignalHandlers.cpp
+++ b/js/src/wasm/WasmSignalHandlers.cpp
@@ -249,7 +249,16 @@ using mozilla::DebugOnly;
#endif
#ifdef WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
-# include <sys/user.h>
+struct user_vfp {
+ unsigned long long fpregs[32];
+ unsigned long fpscr;
+};
+
+struct user_vfp_exc {
+ unsigned long fpexc;
+ unsigned long fpinst;
+ unsigned long fpinst2;
+};
#endif
#if defined(ANDROID)
--
2.30.2

61
SOURCES/emitter.patch
Unescape View File

@ -1,61 +0,0 @@
From d1d785c169345b81c76213f6dd9be32b4db60294 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 15 Jul 2020 08:39:47 +0200
Subject: [PATCH] Build: allow LOCAL_INCLUDES paths with topsrcdir or topobjdir
---
python/mozbuild/mozbuild/frontend/emitter.py | 6 ------
.../mozbuild/test/frontend/test_emitter.py | 20 -------------------
2 files changed, 26 deletions(-)
diff --git a/python/mozbuild/mozbuild/frontend/emitter.py b/python/mozbuild/mozbuild/frontend/emitter.py
index 8d5ab8e..65c43ff 100644
--- a/python/mozbuild/mozbuild/frontend/emitter.py
+++ b/python/mozbuild/mozbuild/frontend/emitter.py
@@ -1239,12 +1239,6 @@ class TreeMetadataEmitter(LoggingMixin):
'is a filename, but a directory is required: %s '
'(resolved to %s)' % (local_include, full_path),
context)
- if (full_path == context.config.topsrcdir or
- full_path == context.config.topobjdir):
- raise SandboxValidationError(
- 'Path specified in LOCAL_INCLUDES '
- '(%s) resolves to the topsrcdir or topobjdir (%s), which is '
- 'not allowed' % (local_include, full_path), context)
include_obj = LocalInclude(context, local_include)
local_includes.append(include_obj.path.full_path)
yield include_obj
diff --git a/python/mozbuild/mozbuild/test/frontend/test_emitter.py b/python/mozbuild/mozbuild/test/frontend/test_emitter.py
index e8cbd81..d45ccee 100644
--- a/python/mozbuild/mozbuild/test/frontend/test_emitter.py
+++ b/python/mozbuild/mozbuild/test/frontend/test_emitter.py
@@ -1040,26 +1040,6 @@ class TestEmitterBasic(unittest.TestCase):
self.assertEqual(local_includes, expected)
- def test_local_includes_invalid(self):
- """Test that invalid LOCAL_INCLUDES are properly detected."""
- reader = self.reader('local_includes-invalid/srcdir')
-
- with six.assertRaisesRegex(
- self,
- SandboxValidationError,
- 'Path specified in LOCAL_INCLUDES.*resolves to the '
- 'topsrcdir or topobjdir'):
- self.read_topsrcdir(reader)
-
- reader = self.reader('local_includes-invalid/objdir')
-
- with six.assertRaisesRegex(
- self,
- SandboxValidationError,
- 'Path specified in LOCAL_INCLUDES.*resolves to the '
- 'topsrcdir or topobjdir'):
- self.read_topsrcdir(reader)
-
def test_local_includes_file(self):
"""Test that a filename can't be used in LOCAL_INCLUDES."""
reader = self.reader('local_includes-filename')
--
2.26.2

34
SOURCES/icu_sources_data-Write-command-output-to-our-stderr.patch
Unescape View File

@ -1,34 +0,0 @@
From: Simon McVittie <smcv@debian.org>
Date: Mon, 9 Oct 2017 09:23:14 +0100
Subject: icu_sources_data: Write command output to our stderr
Saying "See output in /tmp/foobar" is all very well for a developer
build, but on a buildd our /tmp is going to get thrown away after
the build. Just log the usual way instead.
---
intl/icu_sources_data.py | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/intl/icu_sources_data.py b/intl/icu_sources_data.py
index 8cf9290..7d2d983 100644
--- a/intl/icu_sources_data.py
+++ b/intl/icu_sources_data.py
@@ -190,16 +190,13 @@ def update_sources(topsrcdir):
def try_run(name, command, cwd=None, **kwargs):
try:
- with tempfile.NamedTemporaryFile(prefix=name, delete=False) as f:
- subprocess.check_call(command, cwd=cwd, stdout=f,
- stderr=subprocess.STDOUT, **kwargs)
+ subprocess.check_call(command, cwd=cwd, stdout=sys.stderr,
+ stderr=subprocess.STDOUT, **kwargs)
except subprocess.CalledProcessError:
- print('''Error running "{}" in directory {}
- See output in {}'''.format(' '.join(command), cwd, f.name),
- file=sys.stderr)
+ print('''Error running "{}" in directory {}'''.format(' '.join(command), cwd),
+ file=sys.stderr)
return False
else:
- os.unlink(f.name)
return True

26
SOURCES/icu_sources_data.py-Decouple-from-Mozilla-build-system.patch
Unescape View File

@ -1,26 +0,0 @@
From: Simon McVittie <smcv@debian.org>
Date: Mon, 9 Oct 2017 09:22:12 +0100
Subject: icu_sources_data.py: Decouple from Mozilla build system
mozpack.path is a wrapper around os.path that normalizes path
separators on Windows, but on Unix we only have one path separator
so there's nothing to normalize. Avoid needing to import all of it.
---
intl/icu_sources_data.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/intl/icu_sources_data.py b/intl/icu_sources_data.py
index 98c0ccb..8cf9290 100644
--- a/intl/icu_sources_data.py
+++ b/intl/icu_sources_data.py
@@ -22,7 +22,9 @@ import subprocess
import sys
import tempfile
-from mozpack import path as mozpath
+# Close enough
+import os.path as mozpath
+mozpath.normsep = lambda p: p
# The following files have been determined to be dead/unused by a
# semi-automated analysis. You can just remove any of the files below

12
SOURCES/init_patch.patch
Unescape View File

@ -1,12 +0,0 @@
--- a/python/mozbuild/mozbuild/configure/__init__.py
+++ b/python/mozbuild/mozbuild/configure/__init__.py
@@ -491,7 +491,8 @@ class ConfigureSandbox(dict):
if self._help:
self._logger.warning(msg)
else:
- raise InvalidOptionError(msg)
+ #raise InvalidOptionError(msg)
+ pass
# Run the execution queue
for func, args in self._execution_queue:

90
SOURCES/mozjs78.patch
Unescape View File

@ -1,90 +0,0 @@
diff --git a/configure.ac b/configure.ac
index eea70fc..c4569f1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -34,7 +34,7 @@ AC_PROG_LN_S
AC_SYS_LARGEFILE
AM_PROG_CC_C_O
AC_PROG_CXX
-AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
+AX_CXX_COMPILE_STDCXX([17], [], [mandatory])
# Taken from dbus
AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
-PKG_CHECK_MODULES(LIBJS, [mozjs-68])
+PKG_CHECK_MODULES(LIBJS, [mozjs-78])
AC_SUBST(LIBJS_CFLAGS)
AC_SUBST(LIBJS_CXXFLAGS)
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 25bd1f9..ca17108 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -49,6 +49,7 @@
#include <js/Realm.h>
#include <js/SourceText.h>
#include <js/Warnings.h>
+#include <js/Array.h>
#include <jsapi.h>
#include "initjs.h" /* init.js */
@@ -367,7 +368,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
static void
reload_scripts (PolkitBackendJsAuthority *authority)
{
- JS::AutoValueArray<1> args(authority->priv->cx);
+ JS::RootedValueArray<1> args(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
JS::RootedObject js_polkit(authority->priv->cx, authority->priv->js_polkit->get ());
@@ -482,10 +483,6 @@ polkit_backend_js_authority_constructed (GObject *object)
if (!JS::InitSelfHostedCode (authority->priv->cx))
goto fail;
- JS::ContextOptionsRef (authority->priv->cx)
- .setIon (TRUE)
- .setBaseline (TRUE)
- .setAsmJS (TRUE);
JS::SetWarningReporter(authority->priv->cx, report_error);
JS_SetContextPrivate (authority->priv->cx, authority);
@@ -720,7 +717,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
elems[n].setNull ();
}
- JS::RootedObject array_object(authority->priv->cx, JS_NewArrayObject (authority->priv->cx, elems));
+ JS::RootedObject array_object(authority->priv->cx, JS::NewArrayObject (authority->priv->cx, elems));
value_jsval = JS::ObjectValue (*array_object);
JS_SetProperty (authority->priv->cx, obj, name, value_jsval);
@@ -1114,7 +1111,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
{
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
GList *ret = NULL;
- JS::AutoValueArray<2> args(authority->priv->cx);
+ JS::RootedValueArray<2> args(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
guint n;
GError *error = NULL;
@@ -1218,7 +1215,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
{
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
PolkitImplicitAuthorization ret = implicit;
- JS::AutoValueArray<2> args(authority->priv->cx);
+ JS::RootedValueArray<2> args(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
GError *error = NULL;
JS::RootedString ret_jsstr (authority->priv->cx);
@@ -1409,7 +1406,7 @@ js_polkit_spawn (JSContext *cx,
JS::CallArgs args = JS::CallArgsFromVp (js_argc, vp);
array_object = &args[0].toObject();
- if (!JS_GetArrayLength (cx, array_object, &array_len))
+ if (!JS::GetArrayLength (cx, array_object, &array_len))
{
JS_ReportErrorUTF8 (cx, "Failed to get array length");
goto out;

291
SOURCES/polkit-0.115-CVE-2018-19788.patch
Unescape View File

@ -0,0 +1,291 @@
diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c
index c57a1aaacbb13c4e4297dd812cf5904f2f427b03..309f68918895e0f8b547f8c06f89c6fb1326fe20 100644
--- a/src/polkit/polkitunixgroup.c
+++ b/src/polkit/polkitunixgroup.c
@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
static void
polkit_unix_group_init (PolkitUnixGroup *unix_group)
{
+ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */
}
static void
@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object,
GParamSpec *pspec)
{
PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object);
+ gint val;
switch (prop_id)
{
case PROP_GID:
- unix_group->gid = g_value_get_int (value);
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ unix_group->gid = val;
break;
default:
@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass)
g_param_spec_int ("gid",
"Group ID",
"The UNIX group ID",
- 0,
+ G_MININT,
G_MAXINT,
- 0,
+ -1,
G_PARAM_CONSTRUCT |
G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group)
*/
void
polkit_unix_group_set_gid (PolkitUnixGroup *group,
- gint gid)
+ gint gid)
{
g_return_if_fail (POLKIT_IS_UNIX_GROUP (group));
+ g_return_if_fail (gid != -1);
group->gid = gid;
}
@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
PolkitIdentity *
polkit_unix_group_new (gint gid)
{
+ g_return_val_if_fail (gid != -1, NULL);
+
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
"gid", gid,
NULL));
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index 972b7776825d5ccf677ed12ed620fc0c52352547..b02b25894ad120d88ea21d4c96ac8dca1821fcf2 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object,
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
- case PROP_UID:
- polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
+ case PROP_UID: {
+ gint val;
+
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ polkit_unix_process_set_uid (unix_process, val);
break;
+ }
case PROP_START_TIME:
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
@@ -239,7 +244,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
g_param_spec_int ("uid",
"User ID",
"The UNIX user ID",
- -1,
+ G_MININT,
G_MAXINT,
-1,
G_PARAM_CONSTRUCT |
@@ -303,7 +308,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process,
gint uid)
{
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
- g_return_if_fail (uid >= -1);
process->uid = uid;
}
diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c
index 8bfd3a1fb05ddb56adebd097569a9977b7b922f3..234a6976c573ac65200ee08228cd50111f0c769b 100644
--- a/src/polkit/polkitunixuser.c
+++ b/src/polkit/polkitunixuser.c
@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
static void
polkit_unix_user_init (PolkitUnixUser *unix_user)
{
+ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */
unix_user->name = NULL;
}
@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object,
GParamSpec *pspec)
{
PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object);
+ gint val;
switch (prop_id)
{
case PROP_UID:
- unix_user->uid = g_value_get_int (value);
+ val = g_value_get_int (value);
+ g_return_if_fail (val != -1);
+ unix_user->uid = val;
break;
default:
@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass)
g_param_spec_int ("uid",
"User ID",
"The UNIX user ID",
- 0,
+ G_MININT,
G_MAXINT,
- 0,
+ -1,
G_PARAM_CONSTRUCT |
G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
gint uid)
{
g_return_if_fail (POLKIT_IS_UNIX_USER (user));
+ g_return_if_fail (uid != -1);
user->uid = uid;
}
@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
PolkitIdentity *
polkit_unix_user_new (gint uid)
{
+ g_return_val_if_fail (uid != -1, NULL);
+
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
"uid", uid,
NULL));
diff --git a/test/data/etc/group b/test/data/etc/group
index 12ef328b21b346ee3828ce3aaf15cca83858bd1d..b9acab97211fdf7db521dc0939b2dcfc2c9e350b 100644
--- a/test/data/etc/group
+++ b/test/data/etc/group
@@ -5,3 +5,4 @@ john:x:500:
jane:x:501:
sally:x:502:
henry:x:503:
+highuid2:x:4000000000:
diff --git a/test/data/etc/passwd b/test/data/etc/passwd
index 8544febcd8b1720e5577dfb3f0672a6fef29e701..5cf14a5620259f79806192ca935fee84a29ac96d 100644
--- a/test/data/etc/passwd
+++ b/test/data/etc/passwd
@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash
jane:x:501:501:Jane Smith:/home/jane:/bin/bash
sally:x:502:502:Sally Derp:/home/sally:/bin/bash
henry:x:503:503:Henry Herp:/home/henry:/bin/bash
+highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin
+highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin
diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules
index 446e62291b7fe4c5bacdceb1045350af1a9dc245..98bf062a08cb11fddb7df95d0bcdec1b1ac3587d 100644
--- a/test/data/etc/polkit-1/rules.d/10-testing.rules
+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules
@@ -53,6 +53,27 @@ polkit.addRule(function(action, subject) {
}
});
+polkit.addRule(function(action, subject) {
+ if (action.id == "net.company.john_action") {
+ if (subject.user == "john") {
+ return polkit.Result.YES;
+ } else {
+ return polkit.Result.NO;
+ }
+ }
+});
+
+polkit.addRule(function(action, subject) {
+ if (action.id == "net.company.highuid2_action") {
+ if (subject.user == "highuid2") {
+ return polkit.Result.YES;
+ } else {
+ return polkit.Result.NO;
+ }
+ }
+});
+
+
// ---------------------------------------------------------------------
// variables
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
index b484a26600dbde074ee7d8491f88624fdc83c39c..71aad23e2f5d1a7b15e138f23e6581a31498bad6 100644
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
@@ -330,6 +330,78 @@ static const RulesTestCase rules_test_cases[] = {
NULL,
POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
},
+
+ {
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
+ "group_membership_with_non_member(highuid22)",
+ "net.company.group.only_group_users",
+ "unix-user:highuid2",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
+ "group_membership_with_non_member(highuid21)",
+ "net.company.group.only_group_users",
+ "unix-user:highuid2",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* highuid1 is not a member of group 'users', see test/data/etc/group */
+ "group_membership_with_non_member(highuid24)",
+ "net.company.group.only_group_users",
+ "unix-user:2147483648",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* highuid2 is not a member of group 'users', see test/data/etc/group */
+ "group_membership_with_non_member(highuid23)",
+ "net.company.group.only_group_users",
+ "unix-user:4000000000",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* john is authorized to do this, see 10-testing.rules */
+ "john_action",
+ "net.company.john_action",
+ "unix-user:john",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
+ },
+
+ {
+ /* only john is authorized to do this, see 10-testing.rules */
+ "jane_action",
+ "net.company.john_action",
+ "unix-user:jane",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
+
+ {
+ /* highuid2 is authorized to do this, see 10-testing.rules */
+ "highuid2_action",
+ "net.company.highuid2_action",
+ "unix-user:highuid2",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED,
+ },
+
+ {
+ /* only highuid2 is authorized to do this, see 10-testing.rules */
+ "highuid1_action",
+ "net.company.highuid2_action",
+ "unix-user:highuid1",
+ NULL,
+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED,
+ },
};
/* ---------------------------------------------------------------------------------------------------- */

185
SOURCES/polkit-0.115-CVE-2019-6133.patch
Unescape View File

@ -0,0 +1,185 @@
From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 4 Jan 2019 14:24:48 -0500
Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary
authorizations
It turns out that the combination of `(pid, start time)` is not
enough to be unique. For temporary authorizations, we can avoid
separate users racing on pid reuse by simply comparing the uid.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
And the above original email report is included in full in a new comment.
Reported-by: Jann Horn <jannh@google.com>
Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
---
src/polkit/polkitsubject.c | 2 +
src/polkit/polkitunixprocess.c | 71 ++++++++++++++++++-
.../polkitbackendinteractiveauthority.c | 39 +++++++++-
3 files changed, 110 insertions(+), 2 deletions(-)
diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
index d4c1182..ccabd0a 100644
--- a/src/polkit/polkitsubject.c
+++ b/src/polkit/polkitsubject.c
@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject)
* @b: A #PolkitSubject.
*
* Checks if @a and @b are equal, ie. represent the same subject.
+ * However, avoid calling polkit_subject_equal() to compare two processes;
+ * for more information see the `PolkitUnixProcess` documentation.
*
* This function can be used in e.g. g_hash_table_new().
*
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index b02b258..78d7251 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -51,7 +51,10 @@
* @title: PolkitUnixProcess
* @short_description: Unix processs
*
- * An object for representing a UNIX process.
+ * An object for representing a UNIX process. NOTE: This object as
+ * designed is now known broken; a mechanism to exploit a delay in
+ * start time in the Linux kernel was identified. Avoid
+ * calling polkit_subject_equal() to compare two processes.
*
* To uniquely identify processes, both the process id and the start
* time of the process (a monotonic increasing value representing the
@@ -66,6 +69,72 @@
* polkit_unix_process_new_for_owner() with trusted data.
*/
+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75
+
+ But quoting the original email in full here to ensure it's preserved:
+
+ From: Jann Horn <jannh@google.com>
+ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork
+ Date: Wednesday, October 10, 2018 5:34 PM
+
+When a (non-root) user attempts to e.g. control systemd units in the system
+instance from an active session over DBus, the access is gated by a polkit
+policy that requires "auth_admin_keep" auth. This results in an auth prompt
+being shown to the user, asking the user to confirm the action by entering the
+password of an administrator account.
+
+After the action has been confirmed, the auth decision for "auth_admin_keep" is
+cached for up to five minutes. Subject to some restrictions, similar actions can
+then be performed in this timespan without requiring re-auth:
+
+ - The PID of the DBus client requesting the new action must match the PID of
+ the DBus client requesting the old action (based on SO_PEERCRED information
+ forwarded by the DBus daemon).
+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22)
+ must not have changed. The granularity of this timestamp is in the
+ millisecond range.
+ - polkit polls every two seconds whether a process with the expected start time
+ still exists. If not, the temporary auth entry is purged.
+
+Without the start time check, this would obviously be buggy because an attacker
+could simply wait for the legitimate client to disappear, then create a new
+client with the same PID.
+
+Unfortunately, the start time check is bypassable because fork() is not atomic.
+Looking at the source code of copy_process() in the kernel:
+
+ p->start_time = ktime_get_ns();
+ p->real_start_time = ktime_get_boot_ns();
+ [...]
+ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls);
+ if (retval)
+ goto bad_fork_cleanup_io;
+
+ if (pid != &init_struct_pid) {
+ pid = alloc_pid(p->nsproxy->pid_ns_for_children);
+ if (IS_ERR(pid)) {
+ retval = PTR_ERR(pid);
+ goto bad_fork_cleanup_thread;
+ }
+ }
+
+The ktime_get_boot_ns() call is where the "start time" of the process is
+recorded. The alloc_pid() call is where a free PID is allocated. In between
+these, some time passes; and because the copy_thread_tls() call between them can
+access userspace memory when sys_clone() is invoked through the 32-bit syscall
+entry point, an attacker can even stall the kernel arbitrarily long at this
+point (by supplying a pointer into userspace memory that is associated with a
+userfaultfd or is backed by a custom FUSE filesystem).
+
+This means that an attacker can immediately call sys_clone() when the victim
+process is created, often resulting in a process that has the exact same start
+time reported in procfs; and then the attacker can delay the alloc_pid() call
+until after the victim process has died and the PID assignment has cycled
+around. This results in an attacker process that polkit can't distinguish from
+the victim process.
+*/
+
+
/**
* PolkitUnixProcess:
*
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index a1630b9..80e8141 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store)
g_free (store);
}
+/* See the comment at the top of polkitunixprocess.c */
+static gboolean
+subject_equal_for_authz (PolkitSubject *a,
+ PolkitSubject *b)
+{
+ if (!polkit_subject_equal (a, b))
+ return FALSE;
+
+ /* Now special case unix processes, as we want to protect against
+ * pid reuse by including the UID.
+ */
+ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) {
+ PolkitUnixProcess *ap = (PolkitUnixProcess*)a;
+ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a);
+ PolkitUnixProcess *bp = (PolkitUnixProcess*)b;
+ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b);
+
+ if (uid_a != -1 && uid_b != -1)
+ {
+ if (uid_a == uid_b)
+ {
+ return TRUE;
+ }
+ else
+ {
+ g_printerr ("denying slowfork; pid %d uid %d != %d!\n",
+ polkit_unix_process_get_pid (ap),
+ uid_a, uid_b);
+ return FALSE;
+ }
+ }
+ /* Fall through; one of the uids is unset so we can't reliably compare */
+ }
+
+ return TRUE;
+}
+
static gboolean
temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store,
PolkitSubject *subject,
@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
TemporaryAuthorization *authorization = l->data;
if (strcmp (action_id, authorization->action_id) == 0 &&
- polkit_subject_equal (subject_to_use, authorization->subject))
+ subject_equal_for_authz (subject_to_use, authorization->subject))
{
ret = TRUE;
if (out_tmp_authz_id != NULL)
--
2.19.2

0
SOURCES/CVE-2021-3560.patch → SOURCES/polkit-0.115-CVE-2021-3560.patch
Unescape View File

27
SOURCES/CVE-2021-4034.patch → SOURCES/polkit-0.115-CVE-2021-4034.patch
Unescape View File

@ -1,46 +1,43 @@
commit a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
Author: Jan Rybar <jrybar@redhat.com>
Date: Tue Jan 25 17:21:46 2022 +0000
pkexec: local privilege escalation (CVE-2021-4034)
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
index f1bb4e1..768525c 100644
index f1bb4e1..aff4f60 100644
--- a/src/programs/pkcheck.c
+++ b/src/programs/pkcheck.c
@@ -363,6 +363,11 @@ main (int argc, char *argv[])
@@ -363,6 +363,12 @@ main (int argc, char *argv[])
local_agent_handle = NULL;
ret = 126;
+ if (argc < 1)
+ {
+ exit(126);
+ help();
+ exit(1);
+ }
+
/* Disable remote file access from GIO. */
setenv ("GIO_USE_VFS", "local", 1);
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 7698c5c..84e5ef6 100644
index 7698c5c..d84dc57 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -488,6 +488,15 @@ main (int argc, char *argv[])
@@ -488,6 +488,17 @@ main (int argc, char *argv[])
pid_t pid_of_caller;
gpointer local_agent_handle;
+
+ /*
+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
+ * If 'pkexec' is called wrong, just show help and bail out.
+ */
+ if (argc<1)
+ {
+ exit(127);
+ clearenv();
+ usage(argc, argv);
+ exit(1);
+ }
+
ret = 127;
authority = NULL;
subject = NULL;
@@ -614,10 +623,10 @@ main (int argc, char *argv[])
@@ -614,10 +625,10 @@ main (int argc, char *argv[])
path = g_strdup (pwstruct.pw_shell);
if (!path)
@ -53,7 +50,7 @@ index 7698c5c..84e5ef6 100644
/* If you change this, be sure to change the if (!command_line)
case below too */
command_line = g_strdup (path);
@@ -636,7 +645,15 @@ main (int argc, char *argv[])
@@ -636,7 +647,15 @@ main (int argc, char *argv[])
goto out;
}
g_free (path);

0
SOURCES/CVE-2021-4115.patch → SOURCES/polkit-0.115-CVE-2021-4115.patch
Unescape View File

20
SOURCES/polkit-0.115-allow-uid-of-1.patch
Unescape View File

@ -0,0 +1,20 @@
diff -up ./src/polkit/polkitunixprocess.c.ori ./src/polkit/polkitunixprocess.c
--- ./src/polkit/polkitunixprocess.c.ori 2019-02-06 16:47:23.460666237 +0100
+++ ./src/polkit/polkitunixprocess.c 2019-02-06 16:47:43.846573792 +0100
@@ -211,14 +211,9 @@ polkit_unix_process_set_property (GObjec
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
- case PROP_UID: {
- gint val;
-
- val = g_value_get_int (value);
- g_return_if_fail (val != -1);
- polkit_unix_process_set_uid (unix_process, val);
+ case PROP_UID:
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
break;
- }
case PROP_START_TIME:
polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));

60
SOURCES/polkit-0.115-bus-conn-msg-ssh.patch
Unescape View File

@ -0,0 +1,60 @@
From 0ce0a7b3298d7b0fd5ce8c6775bcef9b0caf1bdb Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Wed, 4 Jul 2018 13:51:24 +0200
Subject: [PATCH] polkitagent: suppress disconnect messages
The polkitagent may be used by pkexec and friends. These might very
well survive until very late during system shutdown. Hence, a
disconnect of polkitd during runtime might be expected [1].
This patch silences the disconnect/reconnect messages and turns them
into debug messages. This only affects the polkit-agent, it does not
affect the polkit-daemon implementation.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1249627
---
src/polkitagent/polkitagentlistener.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c
index debd1bb..1c8b666 100644
--- a/src/polkitagent/polkitagentlistener.c
+++ b/src/polkitagent/polkitagentlistener.c
@@ -178,10 +178,10 @@ on_notify_authority_owner (GObject *object,
owner = polkit_authority_get_owner (server->authority);
if (owner == NULL)
{
- g_printerr ("PolicyKit daemon disconnected from the bus.\n");
+ g_debug ("PolicyKit daemon disconnected from the bus.\n");
if (server->is_registered)
- g_printerr ("We are no longer a registered authentication agent.\n");
+ g_debug ("We are no longer a registered authentication agent.\n");
server->is_registered = FALSE;
}
@@ -192,17 +192,17 @@ on_notify_authority_owner (GObject *object,
{
GError *error;
- g_printerr ("PolicyKit daemon reconnected to bus.\n");
- g_printerr ("Attempting to re-register as an authentication agent.\n");
+ g_debug ("PolicyKit daemon reconnected to bus.\n");
+ g_debug ("Attempting to re-register as an authentication agent.\n");
error = NULL;
if (server_register (server, &error))
{
- g_printerr ("We are now a registered authentication agent.\n");
+ g_debug ("We are now a registered authentication agent.\n");
}
else
{
- g_printerr ("Failed to register as an authentication agent: %s\n", error->message);
+ g_debug ("Failed to register as an authentication agent: %s\n", error->message);
g_error_free (error);
}
}
--
2.18.0

19
SOURCES/polkit-0.115-jsauthority-memleak.patch
Unescape View File

@ -0,0 +1,19 @@
commit 28e3a6653d8c3777b07e0128a0d97d46e586e311
Author: Jan Rybar <jrybar@redhat.com>
Date: Tue Oct 8 13:28:18 2019 +0000
jsauthority: Fix two minor memory leaks
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 9b752d1..e97b8aa 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -567,6 +567,8 @@ polkit_backend_js_authority_finalize (GObject *object)
g_strfreev (authority->priv->rules_dirs);
delete authority->priv->ac;
+ delete authority->priv->js_global;
+ delete authority->priv->js_polkit;
JS_DestroyContext (authority->priv->cx);
/* JS_ShutDown (); */

148
SOURCES/polkit-0.115-move-to-mozjs60.patch
Unescape View File

@ -0,0 +1,148 @@
diff --git a/configure.ac b/configure.ac
index 5c37e481147466fd5a3a0a6b814f20fd2fe6bce8..5cedb4eca980f050fb5855ab577e93100adf8fec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
-PKG_CHECK_MODULES(LIBJS, [mozjs-52])
+PKG_CHECK_MODULES(LIBJS, [mozjs-60])
AC_SUBST(LIBJS_CFLAGS)
AC_SUBST(LIBJS_CXXFLAGS)
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 76027149d4dfdc54064be48a3aeafeec8326a67b..984a0f0e579d51c09117f4e495b0c3fdc46fe61b 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
/* ---------------------------------------------------------------------------------------------------- */
static const struct JSClassOps js_global_class_ops = {
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL
+ nullptr, // addProperty
+ nullptr, // deleteProperty
+ nullptr, // enumerate
+ nullptr, // newEnumerate
+ nullptr, // resolve
+ nullptr, // mayResolve
+ nullptr, // finalize
+ nullptr, // call
+ nullptr, // hasInstance
+ nullptr, // construct
+ JS_GlobalObjectTraceHook
};
static JSClass js_global_class = {
@@ -172,18 +171,17 @@ static JSClass js_global_class = {
/* ---------------------------------------------------------------------------------------------------- */
static const struct JSClassOps js_polkit_class_ops = {
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL
+ nullptr, // addProperty
+ nullptr, // deleteProperty
+ nullptr, // enumerate
+ nullptr, // newEnumerate
+ nullptr, // resolve
+ nullptr, // mayResolve
+ nullptr, // finalize
+ nullptr, // call
+ nullptr, // hasInstance
+ nullptr, // construct
+ nullptr // trace
};
static JSClass js_polkit_class = {
@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object)
{
JS::CompartmentOptions compart_opts;
- compart_opts.behaviors().setVersion(JSVERSION_LATEST);
+
JS::RootedObject global(authority->priv->cx);
authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
global = authority->priv->js_global->get ();
-
- if (global == NULL)
+ if (!global)
goto fail;
authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
- if (authority->priv->ac == NULL)
+ if (!authority->priv->ac)
goto fail;
if (!JS_InitStandardClasses (authority->priv->cx, global))
@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object)
polkit = authority->priv->js_polkit->get ();
- if (polkit == NULL)
+ if (!polkit)
goto fail;
if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object)
js_polkit_functions))
goto fail;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
if (!JS::Evaluate (authority->priv->cx,
options,
@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority,
JS::AutoValueVector elems(authority->priv->cx);
guint n;
- elems.resize(value->len);
+ if (!elems.resize(value->len))
+ g_error ("Unable to resize vector");
+
for (n = 0; n < value->len; n++)
{
const char *c_string = (const char *) g_ptr_array_index(value, n);
@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority,
GError **error)
{
gboolean ret = FALSE;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
const char *src;
JS::RootedObject obj(authority->priv->cx);
pid_t pid;
@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority,
GError **error)
{
gboolean ret = FALSE;
- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
+ JS::CompileOptions options(authority->priv->cx);
const char *src;
JS::RootedObject obj(authority->priv->cx);
gchar **keys;

353
SOURCES/polkit-0.115-pkperm-watch-real-ssn-changes.patch
Unescape View File

@ -0,0 +1,353 @@
diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
index 88da3c0..eea05ae 100644
--- a/data/org.freedesktop.PolicyKit1.Authority.xml
+++ b/data/org.freedesktop.PolicyKit1.Authority.xml
@@ -431,7 +431,7 @@ Must match the effective UID of the caller of org.freedesktop.PolicyKit1.Authori
<!-- ---------------------------------------------------------------------------------------------------- -->
<signal name="Changed">
- <annotation name="org.gtk.EggDBus.DocString" value="This signal is emitted when actions and/or authorizations change"/>
+ <annotation name="org.gtk.EggDBus.DocString" value="This signal is emitted when actions, sessions and/or authorizations change, carrying information about the change."/>
</signal>
</interface>
diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
index 71d527c..93691b6 100644
--- a/src/polkit/polkitauthority.c
+++ b/src/polkit/polkitauthority.c
@@ -84,6 +84,7 @@ static PolkitAuthority *the_authority = NULL;
enum
{
CHANGED_SIGNAL,
+ SESSIONS_CHANGED_SIGNAL,
LAST_SIGNAL,
};
@@ -113,9 +114,19 @@ on_proxy_signal (GDBusProxy *proxy,
gpointer user_data)
{
PolkitAuthority *authority = POLKIT_AUTHORITY (user_data);
+ guint16 msg_mask;
+
if (g_strcmp0 (signal_name, "Changed") == 0)
{
- g_signal_emit_by_name (authority, "changed");
+ if ((parameters != NULL) && g_variant_check_format_string(parameters, "(q)", FALSE ) )
+ {
+ g_variant_get(parameters, "(q)", &msg_mask);
+ g_signal_emit (authority, signals[msg_mask], 0);
+ }
+ else
+ {
+ g_signal_emit_by_name (authority, "changed");
+ }
}
}
@@ -287,6 +298,21 @@ polkit_authority_class_init (PolkitAuthorityClass *klass)
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE,
0);
+ /**
+ * PolkitAuthority::sessions-changed:
+ * @authority: A #PolkitAuthority.
+ *
+ * Emitted when sessions change
+ */
+ signals[SESSIONS_CHANGED_SIGNAL] = g_signal_new ("sessions-changed",
+ POLKIT_TYPE_AUTHORITY,
+ G_SIGNAL_RUN_LAST,
+ 0, /* class offset */
+ NULL, /* accumulator */
+ NULL, /* accumulator data */
+ g_cclosure_marshal_VOID__VOID,
+ G_TYPE_NONE,
+ 0);
}
/* ---------------------------------------------------------------------------------------------------- */
diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c
index f264094..3231bf2 100644
--- a/src/polkit/polkitpermission.c
+++ b/src/polkit/polkitpermission.c
@@ -24,6 +24,10 @@
# include "config.h"
#endif
+#ifdef HAVE_LIBSYSTEMD
+# include <systemd/sd-login.h>
+#endif
+
#include <sys/types.h>
#include <unistd.h>
@@ -60,6 +64,8 @@ struct _PolkitPermission
gchar *action_id;
+ gchar *session_state;
+
/* non-NULL exactly when authorized with a temporary authorization */
gchar *tmp_authz_id;
};
@@ -74,9 +80,14 @@ enum
static void process_result (PolkitPermission *permission,
PolkitAuthorizationResult *result);
+static char *get_session_state();
+
static void on_authority_changed (PolkitAuthority *authority,
gpointer user_data);
+static void on_sessions_changed (PolkitAuthority *authority,
+ gpointer user_data);
+
static gboolean acquire (GPermission *permission,
GCancellable *cancellable,
GError **error);
@@ -126,6 +137,8 @@ polkit_permission_constructed (GObject *object)
if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL)
G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object);
+
+ permission->session_state = get_session_state();
}
static void
@@ -135,11 +148,15 @@ polkit_permission_finalize (GObject *object)
g_free (permission->action_id);
g_free (permission->tmp_authz_id);
+ g_free (permission->session_state);
g_object_unref (permission->subject);
g_signal_handlers_disconnect_by_func (permission->authority,
on_authority_changed,
permission);
+ g_signal_handlers_disconnect_by_func (permission->authority,
+ on_sessions_changed,
+ permission);
g_object_unref (permission->authority);
if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL)
@@ -417,6 +434,11 @@ polkit_permission_initable_init (GInitable *initable,
G_CALLBACK (on_authority_changed),
permission);
+ g_signal_connect (permission->authority,
+ "sessions-changed",
+ G_CALLBACK (on_sessions_changed),
+ permission);
+
result = polkit_authority_check_authorization_sync (permission->authority,
permission->subject,
permission->action_id,
@@ -469,6 +491,37 @@ changed_check_cb (GObject *source_object,
g_object_unref (permission);
}
+static char *get_session_state()
+{
+#ifdef HAVE_LIBSYSTEMD
+ char *session = NULL;
+ char *state = NULL;
+ uid_t uid;
+
+ if ( sd_pid_get_session(getpid(), &session) < 0 )
+ {
+ if ( sd_pid_get_owner_uid(getpid(), &uid) < 0)
+ {
+ goto out;
+ }
+ if (sd_uid_get_display(uid, &session) < 0)
+ {
+ goto out;
+ }
+ }
+
+ if (session != NULL)
+ {
+ sd_session_get_state(session, &state);
+ }
+out:
+ g_free(session);
+ return state;
+#else
+ return NULL;
+#endif
+}
+
static void
on_authority_changed (PolkitAuthority *authority,
gpointer user_data)
@@ -485,6 +538,40 @@ on_authority_changed (PolkitAuthority *authority,
g_object_ref (permission));
}
+
+static void on_sessions_changed (PolkitAuthority *authority,
+ gpointer user_data)
+{
+#ifdef HAVE_LIBSYSTEMD
+ char *new_session_state = NULL;
+ char *last_state = NULL;
+
+ PolkitPermission *permission = POLKIT_PERMISSION (user_data);
+
+ new_session_state = get_session_state();
+
+ /* if we cannot tell the session state, we should do CheckAuthorization anyway */
+ if ((new_session_state == NULL) || ( g_strcmp0(new_session_state, permission->session_state) != 0 ))
+ {
+ last_state = permission->session_state;
+ permission->session_state = new_session_state;
+ g_free(last_state);
+
+ polkit_authority_check_authorization (permission->authority,
+ permission->subject,
+ permission->action_id,
+ NULL, /* PolkitDetails */
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL /* cancellable */,
+ changed_check_cb,
+ g_object_ref (permission));
+ }
+#else
+ on_authority_changed(authority, user_data); /* TODO: resolve the "too many session signals" issue for non-systemd systems later */
+#endif
+}
+
+
static void
process_result (PolkitPermission *permission,
PolkitAuthorizationResult *result)
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
index 0d1fac4..6d21af9 100644
--- a/src/polkitbackend/polkitbackendauthority.c
+++ b/src/polkitbackend/polkitbackendauthority.c
@@ -48,6 +48,7 @@
enum
{
CHANGED_SIGNAL,
+ SESSIONS_CHANGED_SIGNAL,
LAST_SIGNAL,
};
@@ -78,6 +79,15 @@ polkit_backend_authority_class_init (PolkitBackendAuthorityClass *klass)
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE,
0);
+ signals[SESSIONS_CHANGED_SIGNAL] = g_signal_new ("sessions-changed",
+ POLKIT_BACKEND_TYPE_AUTHORITY,
+ G_SIGNAL_RUN_LAST,
+ G_STRUCT_OFFSET (PolkitBackendAuthorityClass, changed),
+ NULL, /* accumulator */
+ NULL, /* accumulator data */
+ g_cclosure_marshal_VOID__VOID,
+ G_TYPE_NONE,
+ 0);
}
/**
@@ -501,6 +511,8 @@ typedef struct
gulong authority_changed_id;
+ gulong authority_session_monitor_signaller;
+
gchar *object_path;
GHashTable *cancellation_id_to_check_auth_data;
@@ -523,6 +535,9 @@ server_free (Server *server)
if (server->authority != NULL && server->authority_changed_id > 0)
g_signal_handler_disconnect (server->authority, server->authority_changed_id);
+ if (server->authority != NULL && server->authority_session_monitor_signaller > 0)
+ g_signal_handler_disconnect (server->authority, server->authority_session_monitor_signaller);
+
if (server->cancellation_id_to_check_auth_data != NULL)
g_hash_table_unref (server->cancellation_id_to_check_auth_data);
@@ -531,20 +546,23 @@ server_free (Server *server)
g_free (server);
}
-static void
-on_authority_changed (PolkitBackendAuthority *authority,
- gpointer user_data)
+static void changed_dbus_call_handler(PolkitBackendAuthority *authority,
+ gpointer user_data,
+ guint16 msg_mask)
{
Server *server = user_data;
GError *error;
+ GVariant *parameters;
error = NULL;
+
+ parameters = g_variant_new("(q)", msg_mask);
if (!g_dbus_connection_emit_signal (server->connection,
NULL, /* destination bus name */
server->object_path,
"org.freedesktop.PolicyKit1.Authority",
"Changed",
- NULL,
+ parameters,
&error))
{
g_warning ("Error emitting Changed() signal: %s", error->message);
@@ -552,6 +570,29 @@ on_authority_changed (PolkitBackendAuthority *authority,
}
}
+
+static void
+on_authority_changed (PolkitBackendAuthority *authority,
+ gpointer user_data)
+{
+ guint16 msg_mask = 0;
+
+ msg_mask = (guint16) CHANGED_SIGNAL;
+ changed_dbus_call_handler(authority, user_data, msg_mask);
+}
+
+
+static void
+on_sessions_changed (PolkitBackendAuthority *authority,
+ gpointer user_data)
+{
+ guint16 msg_mask = 0;
+
+ msg_mask = (guint16) SESSIONS_CHANGED_SIGNAL;
+ changed_dbus_call_handler(authority, user_data, msg_mask);
+}
+
+
static const gchar *server_introspection_data =
"<node>"
" <interface name='org.freedesktop.PolicyKit1.Authority'>"
@@ -1397,6 +1438,11 @@ polkit_backend_authority_register (PolkitBackendAuthority *authority,
G_CALLBACK (on_authority_changed),
server);
+ server->authority_session_monitor_signaller = g_signal_connect (server->authority,
+ "sessions-changed",
+ G_CALLBACK (on_sessions_changed),
+ server);
+
return server;
error:
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 08d439e..40376dd 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -284,7 +284,7 @@ on_session_monitor_changed (PolkitBackendSessionMonitor *monitor,
gpointer user_data)
{
PolkitBackendInteractiveAuthority *authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (user_data);
- g_signal_emit_by_name (authority, "changed");
+ g_signal_emit_by_name (authority, "sessions-changed");
}
static void

13
SOURCES/polkit-0.115-pkttyagent-auth-errmsg-debug.patch
Unescape View File

@ -0,0 +1,13 @@
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
--- ./src/programs/pkttyagent.c.ori 2018-08-01 15:51:28.495910434 +0200
+++ ./src/programs/pkttyagent.c 2018-08-02 15:51:45.126311197 +0200
@@ -150,7 +150,8 @@ main (int argc, char *argv[])
authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
if (authority == NULL)
{
- g_printerr ("Error getting authority: %s (%s, %d)\n",
+ g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n");
+ g_debug ("Error getting authority: %s (%s, %d)\n",
error->message, g_quark_to_string (error->domain), error->code);
g_error_free (error);
ret = 127;

12
SOURCES/polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
Unescape View File

@ -0,0 +1,12 @@
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
--- ./src/programs/pkttyagent.c.ori 2019-09-27 14:14:35.096310576 +0200
+++ ./src/programs/pkttyagent.c 2019-09-27 14:14:56.988586737 +0200
@@ -55,7 +55,7 @@ static void tty_handler(int signal)
if (tty_flags_saved)
{
- tcsetattr (fileno (tty), TCSAFLUSH, &ts);
+ tcsetattr (fileno (tty), TCSADRAIN, &ts);
}
kill(getpid(), signal);

94
SOURCES/polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
Unescape View File

@ -0,0 +1,94 @@
commit bfb722bbe5a503095cc7e860f282b142f5aa75f1
Author: Jan Rybar <jrybar@redhat.com>
Date: Fri Mar 15 16:07:53 2019 +0000
pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there.
diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c
index 3f324b8..3c8d502 100644
--- a/src/programs/pkttyagent.c
+++ b/src/programs/pkttyagent.c
@@ -25,11 +25,44 @@
#include <stdio.h>
#include <stdlib.h>
+#include <signal.h>
+#include <termios.h>
#include <glib/gi18n.h>
#include <polkit/polkit.h>
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
#include <polkitagent/polkitagent.h>
+
+static volatile sig_atomic_t tty_flags_saved;
+struct termios ts;
+FILE *tty = NULL;
+struct sigaction savesigterm, savesigint, savesigtstp;
+
+
+static void tty_handler(int signal)
+{
+ switch (signal)
+ {
+ case SIGTERM:
+ sigaction (SIGTERM, &savesigterm, NULL);
+ break;
+ case SIGINT:
+ sigaction (SIGINT, &savesigint, NULL);
+ break;
+ case SIGTSTP:
+ sigaction (SIGTSTP, &savesigtstp, NULL);
+ break;
+ }
+
+ if (tty_flags_saved)
+ {
+ tcsetattr (fileno (tty), TCSAFLUSH, &ts);
+ }
+
+ kill(getpid(), signal);
+}
+
+
int
main (int argc, char *argv[])
{
@@ -74,6 +107,8 @@ main (int argc, char *argv[])
GMainLoop *loop = NULL;
guint ret = 126;
GVariantBuilder builder;
+ struct sigaction sa;
+ const char *tty_name = NULL;
/* Disable remote file access from GIO. */
setenv ("GIO_USE_VFS", "local", 1);
@@ -212,6 +247,27 @@ main (int argc, char *argv[])
}
}
+/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(),
+ but due to threading the handlers cannot take care of the signal there.
+ Though if controlling terminal cannot be found, the world won't stop spinning.
+*/
+ tty_name = ctermid(NULL);
+ if (tty_name != NULL)
+ {
+ tty = fopen(tty_name, "r+");
+ }
+
+ if (tty != NULL && !tcgetattr (fileno (tty), &ts))
+ {
+ tty_flags_saved = TRUE;
+ }
+
+ memset (&sa, 0, sizeof (sa));
+ sa.sa_handler = &tty_handler;
+ sigaction (SIGTERM, &sa, &savesigterm);
+ sigaction (SIGINT, &sa, &savesigint);
+ sigaction (SIGTSTP, &sa, &savesigtstp);
+
loop = g_main_loop_new (NULL, FALSE);
g_main_loop_run (loop);

11
SOURCES/polkit-0.115-polkitagentlistener-res-leak.patch
Unescape View File

@ -0,0 +1,11 @@
diff -up ./src/polkitagent/polkitagentlistener.c.ori ./src/polkitagent/polkitagentlistener.c
--- ./src/polkitagent/polkitagentlistener.c.ori 2018-08-10 14:58:58.555475169 +0200
+++ ./src/polkitagent/polkitagentlistener.c 2018-08-10 14:59:15.900396570 +0200
@@ -439,6 +439,7 @@ polkit_agent_listener_register_with_opti
server->thread_initialization_error = NULL;
g_thread_join (server->thread);
server_free (server);
+ server = NULL;
goto out;
}
}

13
SOURCES/polkit-0.115-session-monitor-watch-sessions-only.patch
Unescape View File

@ -0,0 +1,13 @@
diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
index 1a6107a..3abd7c5 100644
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
@@ -106,7 +106,7 @@ sd_source_new (void)
source = g_source_new (&sd_source_funcs, sizeof (SdSource));
sd_source = (SdSource *)source;
- if ((ret = sd_login_monitor_new (NULL, &sd_source->monitor)) < 0)
+ if ((ret = sd_login_monitor_new ("session", &sd_source->monitor)) < 0)
{
g_printerr ("Error getting login monitor: %d", ret);
}

13
SOURCES/polkit-0.115-spawning-zombie-processes.patch
Unescape View File

@ -0,0 +1,13 @@
diff -up ./src/polkitbackend/polkitbackendjsauthority.cpp.ori ./src/polkitbackend/polkitbackendjsauthority.cpp
--- ./src/polkitbackend/polkitbackendjsauthority.cpp.ori 2018-04-03 22:57:57.000000000 +0200
+++ ./src/polkitbackend/polkitbackendjsauthority.cpp 2018-08-14 16:47:48.416993302 +0200
@@ -1595,7 +1595,8 @@ utils_spawn_data_free (UtilsSpawnData *d
(GSourceFunc) utils_child_watch_from_release_cb,
source,
(GDestroyNotify) g_source_destroy);
- g_source_attach (source, data->main_context);
+ /* attach source to the global default main context */
+ g_source_attach (source, NULL);
g_source_unref (source);
data->child_pid = 0;
}

0
SOURCES/tty-restore-flags-if-changed.patch → SOURCES/polkit-0.115-tty-flags-restore-if-changed.patch
Unescape View File

6
SOURCES/polkit-0.115.tar.gz.sign
Unescape View File

@ -0,0 +1,6 @@
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQTBl22e2Rp0WcvOUxRaM/Zgs4R53wUCW0S8UgAKCRBaM/Zgs4R5
3wNmAJ9YYc3MgbepSXr0mqWdiL93TmYMvwCeNf1e4EGsqndw9DP3CbpICMN7gV0=
=mAps
-----END PGP SIGNATURE-----

11
SOURCES/polkit-0.117.tar.gz.sign
Unescape View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEf/t9a9gxR9dChOMXjOswMP/c4lgFAl8hQXkACgkQjOswMP/c
4lhBKAf/fZn/N2zUoREqQ0QIcMSb9OKnYxkvivmd1TA58Eski0cqo89dS89CqsVh
xhg5WpypKyqVNc28TUYHgHiD9BUL+3ldhHMQk8f1B28lJ3ipvHaYBQsm1UQOB/DU
xAhLttrFqeJxrjdSQT5GpIs3/SVYosE0/BDUbKOGivr2Wf/L1g19IUTtvaea1u9Z
5Wpr/YF8HHdyxbaIJh2ylJh5rnyfes3LKjLpG6L9srzVhjrddXU+LhMhDrLJp0HN
/LuKyEffK6qkWia3zTuqilmZdn5zKE5ryY0FArZF/5jr67oakypRFeMFqJvRyP6t
zxwLq7/r27U/h2/QxRKwdu6lsp5tbw==
=w9c/
-----END PGP SIGNATURE-----

9
SOURCES/spidermonkey_checks_disable.patch
Unescape View File

@ -1,9 +0,0 @@
--- a/config/run_spidermonkey_checks.py
+++ b/config/run_spidermonkey_checks.py
@@ -13,4 +13,5 @@ def main(output, lib_file, *scripts):
retcode = subprocess.call(
[sys.executable, script], cwd=buildconfig.topsrcdir)
if retcode != 0:
- raise Exception(script + " failed")
+ #raise Exception(script + " failed")
+ pass

11
SOURCES/spidermonkey_style_check_disable_s390x.patch
Unescape View File

@ -1,11 +0,0 @@
--- a/config/check_spidermonkey_style.py
+++ b/config/check_spidermonkey_style.py
@@ -779,6 +779,7 @@ def tarjan(V, E):
def main():
+ sys.exit(0)
if sys.argv[1:] == ["--fixup"]:
# Sort #include directives in-place. Fixup mode doesn't solve
# all possible silliness that the script checks for; it's just a

26
SOURCES/tests-increase-timeout.patch
Unescape View File

@ -1,26 +0,0 @@
From 9be85b155c6df0454c5faef9e850f572c99e3615 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 15 Jul 2020 08:32:44 +0200
Subject: [PATCH] Increase the test timeout for slower buildds
Ported forward from Debian: https://bugs.debian.org/878284
---
js/src/Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/js/src/Makefile.in b/js/src/Makefile.in
index b86aeed..d68655a 100644
--- a/js/src/Makefile.in
+++ b/js/src/Makefile.in
@@ -53,7 +53,7 @@ check:: check-js-msg
check-jstests:
$(wildcard $(RUN_TEST_PROGRAM)) $(PYTHON3) -u $(srcdir)/tests/jstests.py \
- --no-progress --format=automation --timeout 300 \
+ --no-progress --format=automation --timeout 600 \
$(JSTESTS_EXTRA_ARGS) \
$(DIST)/bin/$(JS_SHELL_NAME)$(BIN_SUFFIX)
--
2.26.2

389
SPECS/polkit.spec
Unescape View File

@ -3,72 +3,36 @@
#
%define enable_autoreconf 1
%global bundled_mozjs 1
%if 0%{?bundled_mozjs}
%global mozjs_major 78
%global mozjs_version 78.10.0
# Big endian platforms
%ifarch ppc ppc64 s390 s390x
%global big_endian 1
%endif
# Make sure we don't add requires/provides for private libraries
%global __provides_exclude_from ^%{_libdir}/polkit-1/
%global __requires_exclude ^libmozjs-%{mozjs_major}\\.so.*
%endif
Summary: An authorization framework
Name: polkit
Version: 0.117
Release: 11%{?dist}
Version: 0.115
Release: 15%{?dist}.2
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
Group: System Environment/Libraries
Patch1: polkit-0.115-bus-conn-msg-ssh.patch
Patch2: polkit-0.115-pkttyagent-auth-errmsg-debug.patch
Patch3: polkit-0.115-polkitagentlistener-res-leak.patch
Patch4: polkit-0.115-spawning-zombie-processes.patch
Patch5: polkit-0.115-CVE-2018-19788.patch
Patch6: polkit-0.115-CVE-2019-6133.patch
Patch7: polkit-0.115-pkttyagent-tty-echo-off-on-fail.patch
Patch8: polkit-0.115-allow-uid-of-1.patch
Patch9: polkit-0.115-move-to-mozjs60.patch
Patch10: polkit-0.115-jsauthority-memleak.patch
Patch11: polkit-0.115-pkttyagent-tcsaflush-batch-erase.patch
Patch12: polkit-0.115-CVE-2021-3560.patch
Patch13: polkit-0.115-CVE-2021-4034.patch
Patch14: polkit-0.115-CVE-2021-4115.patch
Patch15: polkit-0.115-tty-flags-restore-if-changed.patch
Patch16: polkit-0.115-session-monitor-watch-sessions-only.patch
Patch17: polkit-0.115-pkperm-watch-real-ssn-changes.patch
Patch1001: mozjs78.patch
Patch1002: CVE-2021-3560.patch
Patch1003: CVE-2021-4034.patch
Patch1004: CVE-2021-4115.patch
Patch1005: tty-restore-flags-if-changed.patch
%if 0%{?bundled_mozjs}
Source2: https://ftp.mozilla.org/pub/firefox/releases/%{mozjs_version}esr/source/firefox-%{mozjs_version}esr.source.tar.xz
# Patches from mozjs68, rebased for mozjs78:
Patch02: copy-headers.patch
Patch03: tests-increase-timeout.patch
Patch09: icu_sources_data.py-Decouple-from-Mozilla-build-system.patch
Patch10: icu_sources_data-Write-command-output-to-our-stderr.patch
# Build fixes - https://hg.mozilla.org/mozilla-central/rev/ca36a6c4f8a4a0ddaa033fdbe20836d87bbfb873
Patch12: emitter.patch
# Build fixes
Patch14: init_patch.patch
# TODO: Check with mozilla for cause of these fails and re-enable spidermonkey compile time checks if needed
Patch15: spidermonkey_checks_disable.patch
# armv7 fixes
Patch17: definitions_for_user_vfp.patch
# s390x/ppc64 fixes, TODO: file bug report upstream?
Patch18: spidermonkey_style_check_disable_s390x.patch
Patch19: 0001-Skip-failing-tests-on-ppc64-and-s390x.patch
# Fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1644600 ( SharedArrayRawBufferRefs is not exported )
# https://github.com/0ad/0ad/blob/83e81362d850cc6f2b3b598255b873b6d04d5809/libraries/source/spidermonkey/FixSharedArray.diff
Patch30: FixSharedArray.diff
# Avoid autoconf213 dependency, backported from upstream
# https://bugzilla.mozilla.org/show_bug.cgi?id=1663863
Patch31: 0002-D89554-autoconf1.diff
Patch32: 0003-D94538-autoconf2.diff
%endif
BuildRequires: make
BuildRequires: gcc-c++
BuildRequires: glib2-devel >= 2.30.0
BuildRequires: expat-devel
@ -77,33 +41,8 @@ BuildRequires: gtk-doc
BuildRequires: intltool
BuildRequires: gobject-introspection-devel
BuildRequires: systemd, systemd-devel
%if 0%{?bundled_mozjs}
BuildRequires: cargo
BuildRequires: clang-devel
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: m4
BuildRequires: make
%if !0%{?rhel}
BuildRequires: nasm
%endif
BuildRequires: llvm
BuildRequires: llvm-devel
BuildRequires: rust
BuildRequires: perl-devel
BuildRequires: pkgconfig(libffi)
BuildRequires: pkgconfig(zlib)
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-six
BuildRequires: readline-devel
BuildRequires: zip
%if 0%{?big_endian}
BuildRequires: icu
%endif
%else
BuildRequires: pkgconfig(mozjs-78)
%endif
BuildRequires: pkgconfig(mozjs-60)
BuildRequires: git
%if 0%{?enable_autoreconf}
BuildRequires: autoconf
@ -111,13 +50,14 @@ BuildRequires: automake
BuildRequires: libtool
%endif
Requires: dbus, polkit-pkla-compat
Requires: dbus
Recommends: polkit-pkla-compat
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): shadow-utils
Requires(post): systemd
Requires(post): /sbin/ldconfig, systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(postun): /sbin/ldconfig, systemd
Obsoletes: PolicyKit <= 0.10
Provides: PolicyKit = 0.11
@ -142,6 +82,7 @@ processes.
%package devel
Summary: Development files for polkit
Group: Development/Libraries
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: %name-docs = %{version}-%{release}
Requires: glib2-devel
@ -153,6 +94,7 @@ Development files for polkit.
%package docs
Summary: Development documentation for polkit
Group: Development/Libraries
Requires: %name-devel = %{version}-%{release}
Obsoletes: PolicyKit-docs <= 0.10
Provides: PolicyKit-docs = 0.11
@ -163,119 +105,16 @@ Development documentation for polkit.
%package libs
Summary: Libraries for polkit
%if 0%{?bundled_mozjs}
License: MIT and (MPLv1.1 or GPLv2+ or LGPLv2+) and MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0
Provides: bundled(mozjs) = %{mozjs_version}
%endif
Group: Development/Libraries
%description libs
Libraries files for polkit.
%prep
%setup -q
# Apply polkit patches
%patch1001 -p1
%patch1002 -p1
%patch1003 -p1
%patch1004 -p1
%patch1005 -p1
%if 0%{?bundled_mozjs}
# Extract mozjs archive
tar -xf %{S:2}
# Apply mozjs patches
pushd firefox-%{mozjs_version}
%patch02 -p1
%patch03 -p1
%patch09 -p1
%patch10 -p1
%patch12 -p1
%patch14 -p1
%patch15 -p1
%ifarch armv7hl
# Include definitions for user vfp on armv7 as it causes the compilation to fail without them
# https://bugzilla.mozilla.org/show_bug.cgi?id=1526653
%patch17 -p1
%endif
%ifarch s390x
%patch18 -p1
%endif
# Fixes for ppc64 and s390x, there is no need to keep it in ifarch here since mozilla tests support ifarch conditions
%patch19 -p1
# Export SharedArrayRawBufferRefs
%patch30 -p1
# Avoid autoconf213 dependency
%patch31 -p1 -b .autoconf213
%patch32 -p1 -b .autoconf213-2
# Remove zlib directory (to be sure using system version)
rm -rf modules/zlib
popd
%endif
%autosetup -S git
%build
%if 0%{?bundled_mozjs}
pushd firefox-%{mozjs_version}/js/src
# Prefer GCC for now
export CC=gcc
export CXX=g++
# Workaround
# error: options `-C embed-bitcode=no` and `-C lto` are incompatible
# error: could not compile `jsrust`.
# https://github.com/japaric/cargo-call-stack/issues/25
export RUSTFLAGS="-C embed-bitcode"
# https://github.com/ptomato/mozjs/commit/36bb7982b41e0ef9a65f7174252ab996cd6777bd
export CARGO_PROFILE_RELEASE_LTO=true
export LINKFLAGS="%{?__global_ldflags}"
export PYTHON="%{__python3}"
%configure \
--without-system-icu \
--with-system-zlib \
--disable-tests \
--disable-strip \
--with-intl-api \
--enable-readline \
--enable-shared-js \
--enable-optimize \
--disable-debug \
--enable-pie \
--disable-jemalloc
%if 0%{?big_endian}
echo "Generate big endian version of config/external/icu/data/icud67l.dat"
pushd ../..
icupkg -tb config/external/icu/data/icudt67l.dat config/external/icu/data/icudt67b.dat
rm -f config/external/icu/data/icudt*l.dat
popd
%endif
%make_build
popd
cat > mozjs-%{mozjs_major}.pc << EOF
Name: SpiderMonkey %{mozjs_version}
Description: The Mozilla library for JavaScript
Version: %{mozjs_version}
Libs: -L`pwd`/firefox-%{mozjs_version}/js/src/dist/bin -lmozjs-%{mozjs_major}
Cflags: -include `pwd`/firefox-%{mozjs_version}/js/src/dist/include/js/RequiredDefines.h -I`pwd`/firefox-%{mozjs_version}/js/src/dist/include
EOF
%endif
%if 0%{?enable_autoreconf}
autoreconf -i
%endif
@ -283,11 +122,6 @@ autoreconf -i
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
export CFLAGS='-fPIC %optflags'
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
%if 0%{?bundled_mozjs}
export PKG_CONFIG_PATH=`pwd`
export LD_LIBRARY_PATH=`pwd`/firefox-%{mozjs_version}/js/src/dist/bin
export LDFLAGS="$LDFLAGS -Wl,-rpath=%{_libdir}/polkit-1"
%endif
%configure --enable-gtk-doc \
--disable-static \
--enable-introspection \
@ -296,33 +130,12 @@ export LDFLAGS="$LDFLAGS -Wl,-rpath=%{_libdir}/polkit-1"
make V=1
%install
%if 0%{?bundled_mozjs}
mkdir -p %{buildroot}%{_libdir}/polkit-1
cp -p firefox-%{mozjs_version}/js/src/dist/bin/libmozjs-%{mozjs_major}.so %{buildroot}%{_libdir}/polkit-1/
%endif
%make_install \
typelibsdir=%{_libdir}/girepository-1.0 \
girdir=%{_datadir}/gir-1.0
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%find_lang polkit-1
%check
%if 0%{?bundled_mozjs}
export LD_LIBRARY_PATH=`pwd`/firefox-%{mozjs_version}/js/src/dist/bin
pushd firefox-%{mozjs_version}/js/src
# Run SpiderMonkey tests
PYTHONPATH=tests/lib %{__python3} tests/jstests.py -d -s -t 1800 --no-progress --wpt=disabled ../../js/src/dist/bin/js
# Run basic JIT tests
PYTHONPATH=tests/lib %{__python3} jit-test/jit_test.py -s -t 1800 --no-progress ../../js/src/dist/bin/js basic
popd
%endif
%pre
getent group polkitd >/dev/null || groupadd -r polkitd
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
@ -376,117 +189,83 @@ exit 0
%files docs
%{_datadir}/gtk-doc
%ldconfig_scriptlets libs
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%files libs
%{_libdir}/lib*.so.*
%{_libdir}/girepository-1.0/*.typelib
%if 0%{?bundled_mozjs}
%dir %{_libdir}/polkit-1
%{_libdir}/polkit-1/libmozjs-%{mozjs_major}.so
%endif
%changelog
* Fri Dec 02 2022 Jan Rybar <jrybar@redhat.com> - 0.117-11
- backport: restore tty only if changed
- Resolves: rhbz#2150310
* Mon May 20 2024 Jan Rybar <jrybar@redhat.com> - 0.115-15.2
- PolkitPermission re-check on real session changes
- Resolves: RHEL-34029
* Mon Apr 22 2024 Jan Rybar <jrybar@redhat.com> - 0.115-15.1
- reduce waking session monitor on uninteresting session changes
- make polkit-pkla-compat uninstallable (for cases when no .pkla on system)
- Resolves: RHEL-34029
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.115-15
- Rebuilt for MSVSphere 8.8
* Mon Mar 07 2022 Jan Rybar <jrybar@redhat.com> - 0.117-10
- fixed CVE-2021-4115 patch application
- Resolves: rhbz#2062644
* Tue Nov 08 2022 Jan Rybar <jrybar@redhat.com> - 0.115-15
- pkttyagent gets stopped if killed in the background
- Resolves: rhbz#2128989
* Wed Feb 16 2022 Jan Rybar <jrybar@redhat.com> - 0.117-9
* Tue Feb 15 2022 Jan Rybar <jrybar@redhat.com> - 0.115-14
- file descriptor exhaustion (GHSL-2021-077)
- Resolves: CVE-2021-4115
* Thu Jan 27 2022 Jan Rybar <jrybar@redhat.com> - 0.117-8
* Fri Dec 03 2021 Jan Rybar <jrybar@redhat.com> - 0.115-13
- pkexec: argv overflow results in local privilege esc.
- Resolves: CVE-2021-4034
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.117-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 30 2021 Kalev Lember <klember@redhat.com> - 0.117-6
- Bundle mozjs (#1958111)
* Mon Jun 28 2021 Jan Rybar <jrybar@redhat.com> - 0.117-5
- CVE-2021-3560 mitigation
* Tue May 25 2021 Jan Rybar <jrybar@redhat.com> - 0.115-12
- early disconnection from D-Bus results in privilege esc.
- Resolves: CVE-2021-3560
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.117-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.117-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Aug 12 2020 Jan Rybar <jrybar@redhat.com> - 0.117-2
- update dependency to mozjs78
* Fri Jul 31 2020 Jan Rybar <jrybar@redhat.com> - 0.117-1
- Rebased to polkit-0.117
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 22 2020 Tom Stellard <tstellar@redhat.com> - 0.116-8
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Nov 04 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
- pkttyagent: resetting terminal erases rest of input line
- Resolves: rhbz#1757853
* Fri Oct 25 2019 Jan Rybar <jrybar@redhat.com> - 0.116-6
- jsauthority memleak fix
* Tue Oct 29 2019 Jan Rybar <jrybar@redhat.com> - 0.115-10
- Fix of jasuthority memleak
- Resolves: rhbz#1745918
* Fri Sep 27 2019 Jan Rybar <jrybar@redhat.com> - 0.116-5
- pkttyagent: unread input flushed on terminal restore
* Tue Sep 10 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
- Rebuild to reflect mozjs60 s390 abi change
- Related: rhbz#1746889
* Sun Sep 08 2019 Kalev Lember <klember@redhat.com> - 0.116-4
- Rebuilt for mozjs60 s390x fixes
* Thu Jun 13 2019 Jan Rybar <jrybar@redhat.com> - 0.115-8
- Backport changing dependency to mozjs60
- Resolves: rhbz#1729416
* Fri Aug 02 2019 Jan Rybar <jrybar@redhat.com> - 0.116-3
- pkttyagent: backport patch, get SIGTTOU in background job
* Thu Jun 13 2019 Jan Rybar <jrybar@redhat.com> - 0.115-7
- pkttyagent: polkit-agent-helper-1 timeout leaves tty echo disabled
- Mitigation of regression caused by fix of CVE-2018-19788
- Resolves: rhbz#1693781
- Resolves: rhbz#1693814
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jan 21 2019 Jan Rybar <jrybar@redhat.com> - 0.115-6
- Fix of CVE-2019-6133, PID reuse via slow fork
- Resolves: rhbz#1667778
* Thu May 02 2019 Pete Walter <pwalter@fedoraproject.org> - 0.116-1
- Update to 0.116
* Thu Feb 14 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
- pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
* Fri Feb 08 2019 Pete Walter <pwalter@fedoraproject.org> - 0.115-10
- Move to mozjs60
* Tue Feb 05 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
- Allow uid=-1 for PolkitUnixProcess
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Jan 08 2019 Colin Walters <walters@verbum.org> - 0.115-7
- Add security fix for
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
* Fri Dec 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-6
* Thu Dec 06 2018 Jan Rybar <jrybar@redhat.com> - 0.115-5
- Fix of CVE-2018-19788, priv escalation with high UIDs
- Resolves: rhbz#1655926
* Thu Sep 27 2018 Owen Taylor <otaylor@redhat.com> - 0.115-5
- Fix installation with prefix != /usr
- Resolves: rhbz#1656378
* Mon Aug 13 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
- Leaking zombie processess started by rules
* Thu Aug 16 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
- Spawned zombie subprocesses not reaped
- Resolves: rhbz#1616282
* Fri Jul 20 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
- Warning raised by polkit when disconnected from ssh
- polkitagentlistener: resource leak - pointer to 'server'
- Error message raised on every 'systemctl start' in emergency.target
* Fri Aug 10 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
- Resource leak found by static analyzer
- Resolves: rhbz#1602661
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Aug 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-2
- Error message about getting authority is too elaborate (forward of #1342855)
- Bus disconnection report moved to debug mode (forward of #1249627)
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
- Update to 0.115 (CVE-2018-1116)

Write Preview
Loading…
Cancel
Save