rpms
/
polkit
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:i10c-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8e
rpms:i9e
rpms:i9c
rpms:c9
...
pull from: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8e
rpms:i9e
rpms:i9c
rpms:c9

No commits in common. 'i10c-beta' and 'c9' have entirely different histories.
i10c-beta ... c9

24 changed files with 6806 additions and 174 deletions
Show Stats

3
.gitignore vendored
Unescape View File

@ -1 +1,2 @@
SOURCES/125.tar.gz
SOURCES/firefox-78.10.0esr.source.tar.xz
SOURCES/polkit-0.117.tar.gz

3
.polkit.metadata
Unescape View File

@ -1 +1,2 @@
d602241d6f2c783e5e63001960665929704ec16a SOURCES/125.tar.gz
547bac33732774993bd8223de9acfeedcc69a10d SOURCES/firefox-78.10.0esr.source.tar.xz
0c375fa621bc9f74f2972e00fb517a408f419adf SOURCES/polkit-0.117.tar.gz

30
SOURCES/0001-Skip-failing-tests-on-ppc64-and-s390x.patch
Unescape View File

@ -0,0 +1,30 @@
From db3a0a25b97377b388532b23e73a10d246f66496 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Mon, 3 Aug 2020 10:27:00 +0200
Subject: [PATCH] Skip failing tests on ppc64 and s390x
ppc64 and s390x: non262/extensions/clone-errors.js
s390x: test262/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-other-type.js
---
js/src/tests/jstests.list | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/js/src/tests/jstests.list b/js/src/tests/jstests.list
index 4085ce3..4f014f5 100644
--- a/js/src/tests/jstests.list
+++ b/js/src/tests/jstests.list
@@ -56,6 +56,11 @@ skip-if(!this.hasOwnProperty('addIntlExtras')) include test262/intl402/DisplayNa
skip-if(!this.hasOwnProperty("Atomics")) include test262/built-ins/Atomics/jstests.list
skip-if(!this.hasOwnProperty("SharedArrayBuffer")) include test262/built-ins/SharedArrayBuffer/jstests.list
+# Crashes on s390x and ppc64, avoid it
+skip-if(xulRuntime.XPCOMABI.match(/s390x|ppc64-/)) script non262/extensions/clone-errors.js
+
+# Crashes on s390x, avoid it
+skip-if(xulRuntime.XPCOMABI.match(/s390x/)) script test262/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-other-type.js
#####################################
# Test262 tests disabled on browser #
--
2.26.2

5771
SOURCES/0002-D89554-autoconf1.diff
View File

File diff suppressed because it is too large Load Diff

118
SOURCES/0003-D94538-autoconf2.diff
Unescape View File

@ -0,0 +1,118 @@
diff -up firefox-78.8.0/python/mozboot/mozboot/archlinux.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/archlinux.py
--- firefox-78.8.0/python/mozboot/mozboot/archlinux.py.D94538-autoconf2.diff 2021-02-25 13:53:04.963982705 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/archlinux.py 2021-02-25 13:53:25.713053151 +0100
@@ -26,7 +26,6 @@ class ArchlinuxBootstrapper(
'''Archlinux experimental bootstrapper.'''
SYSTEM_PACKAGES = [
- 'autoconf2.13',
'base-devel',
'nodejs',
'python2',
diff -up firefox-78.8.0/python/mozboot/mozboot/centosfedora.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/centosfedora.py
--- firefox-78.8.0/python/mozboot/mozboot/centosfedora.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/centosfedora.py 2021-02-25 13:53:04.963982705 +0100
@@ -26,7 +26,6 @@ class CentOSFedoraBootstrapper(
# For CentOS 7, later versions of nodejs come from nodesource
# and include the npm package.
self.packages = [
- 'autoconf213',
'nodejs',
'which',
]
diff -up firefox-78.8.0/python/mozboot/mozboot/debian.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/debian.py
--- firefox-78.8.0/python/mozboot/mozboot/debian.py.D94538-autoconf2.diff 2021-02-25 13:53:04.963982705 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/debian.py 2021-02-25 13:53:42.874111415 +0100
@@ -32,7 +32,6 @@ class DebianBootstrapper(
# These are common packages for all Debian-derived distros (such as
# Ubuntu).
COMMON_PACKAGES = [
- 'autoconf2.13',
'build-essential',
'nodejs',
'python-setuptools',
diff -up firefox-78.8.0/python/mozboot/mozboot/freebsd.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/freebsd.py
--- firefox-78.8.0/python/mozboot/mozboot/freebsd.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/freebsd.py 2021-02-25 13:53:04.963982705 +0100
@@ -15,7 +15,6 @@ class FreeBSDBootstrapper(BaseBootstrapp
self.flavor = flavor.lower()
self.packages = [
- 'autoconf213',
'gmake',
'gtar',
'pkgconf',
diff -up firefox-78.8.0/python/mozboot/mozboot/gentoo.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/gentoo.py
--- firefox-78.8.0/python/mozboot/mozboot/gentoo.py.D94538-autoconf2.diff 2021-02-17 08:49:38.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/gentoo.py 2021-02-25 13:53:04.963982705 +0100
@@ -36,7 +36,6 @@ class GentooBootstrapper(
def ensure_system_packages(self):
self.run_as_root(['emerge', '--noreplace', '--quiet',
'app-arch/zip',
- 'sys-devel/autoconf:2.1'
])
def ensure_browser_packages(self, artifact_mode=False):
diff -up firefox-78.8.0/python/mozboot/mozboot/openbsd.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/openbsd.py
--- firefox-78.8.0/python/mozboot/mozboot/openbsd.py.D94538-autoconf2.diff 2021-02-17 08:49:15.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/openbsd.py 2021-02-25 13:53:04.964982709 +0100
@@ -12,7 +12,6 @@ class OpenBSDBootstrapper(BaseBootstrapp
BaseBootstrapper.__init__(self, **kwargs)
self.packages = [
- 'autoconf-2.13',
'gmake',
'gtar',
'rust',
diff -up firefox-78.8.0/python/mozboot/mozboot/opensuse.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/opensuse.py
--- firefox-78.8.0/python/mozboot/mozboot/opensuse.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/opensuse.py 2021-02-25 13:53:04.964982709 +0100
@@ -13,7 +13,6 @@ class OpenSUSEBootstrapper(
'''openSUSE experimental bootstrapper.'''
SYSTEM_PACKAGES = [
- 'autoconf213',
'nodejs',
'npm',
'which',
diff -up firefox-78.8.0/python/mozboot/mozboot/osx.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/osx.py
--- firefox-78.8.0/python/mozboot/mozboot/osx.py.D94538-autoconf2.diff 2021-02-25 13:53:04.964982709 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/osx.py 2021-02-25 13:54:07.162193882 +0100
@@ -353,7 +353,6 @@ class OSXBootstrapper(BaseBootstrapper):
# least on 10.8) and because the build system wants a version
# newer than what Apple ships.
packages = [
- 'autoconf@2.13',
'git',
'gnu-tar',
'node',
@@ -428,7 +427,6 @@ class OSXBootstrapper(BaseBootstrapper):
'python27',
'python36',
'py27-gnureadline',
- 'autoconf213',
'gnutar',
'watchman',
'nodejs8'
diff -up firefox-78.8.0/python/mozboot/mozboot/solus.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/solus.py
--- firefox-78.8.0/python/mozboot/mozboot/solus.py.D94538-autoconf2.diff 2021-02-25 13:53:04.964982709 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/solus.py 2021-02-25 13:53:32.090074802 +0100
@@ -23,7 +23,6 @@ class SolusBootstrapper(
'''Solus experimental bootstrapper.'''
SYSTEM_PACKAGES = [
- 'autoconf213',
'nodejs',
'python',
'python3',
diff -up firefox-78.8.0/python/mozboot/mozboot/windows.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/windows.py
--- firefox-78.8.0/python/mozboot/mozboot/windows.py.D94538-autoconf2.diff 2021-02-17 08:49:34.000000000 +0100
+++ firefox-78.8.0/python/mozboot/mozboot/windows.py 2021-02-25 13:53:04.978982756 +0100
@@ -48,7 +48,6 @@ class WindowsBootstrapper(BaseBootstrapp
'patch',
'patchutils',
'diffutils',
- 'autoconf2.13',
'tar',
'zip',
'unzip',

13
SOURCES/CVE-2021-3560.patch
Unescape View File

@ -0,0 +1,13 @@
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
g_main_context_iteration (tmp_context, TRUE);
+ if (data.caught_error)
+ goto out;
+
if (out_uid)
*out_uid = data.uid;
if (out_pid)

72
SOURCES/CVE-2021-4034.patch
Unescape View File

@ -0,0 +1,72 @@
commit a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
Author: Jan Rybar <jrybar@redhat.com>
Date: Tue Jan 25 17:21:46 2022 +0000
pkexec: local privilege escalation (CVE-2021-4034)
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
index f1bb4e1..768525c 100644
--- a/src/programs/pkcheck.c
+++ b/src/programs/pkcheck.c
@@ -363,6 +363,11 @@ main (int argc, char *argv[])
local_agent_handle = NULL;
ret = 126;
+ if (argc < 1)
+ {
+ exit(126);
+ }
+
/* Disable remote file access from GIO. */
setenv ("GIO_USE_VFS", "local", 1);
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 7698c5c..84e5ef6 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -488,6 +488,15 @@ main (int argc, char *argv[])
pid_t pid_of_caller;
gpointer local_agent_handle;
+
+ /*
+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
+ */
+ if (argc<1)
+ {
+ exit(127);
+ }
+
ret = 127;
authority = NULL;
subject = NULL;
@@ -614,10 +623,10 @@ main (int argc, char *argv[])
path = g_strdup (pwstruct.pw_shell);
if (!path)
- {
+ {
g_printerr ("No shell configured or error retrieving pw_shell\n");
goto out;
- }
+ }
/* If you change this, be sure to change the if (!command_line)
case below too */
command_line = g_strdup (path);
@@ -636,7 +645,15 @@ main (int argc, char *argv[])
goto out;
}
g_free (path);
- argv[n] = path = s;
+ path = s;
+
+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
+ */
+ if (argv[n] != NULL)
+ {
+ argv[n] = path;
+ }
}
if (access (path, F_OK) != 0)
{

71
SOURCES/CVE-2021-4115.patch
Unescape View File

@ -0,0 +1,71 @@
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
index 8ed1363..2fbf5f1 100644
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -62,6 +62,10 @@ enum
PROP_NAME,
};
+
+guint8 dbus_call_respond_fails; // has to be global because of callback
+
+
static void subject_iface_init (PolkitSubjectIface *subject_iface);
G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
if (!v)
{
data->caught_error = TRUE;
+ dbus_call_respond_fails += 1;
}
else
{
@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
tmp_context = g_main_context_new ();
g_main_context_push_thread_default (tmp_context);
+ dbus_call_respond_fails = 0;
+
/* Do two async calls as it's basically as fast as one sync call.
*/
g_dbus_connection_call (connection,
@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
on_retrieved_unix_uid_pid,
&data);
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
- g_main_context_iteration (tmp_context, TRUE);
+ while (TRUE)
+ {
+ /* If one dbus call returns error, we must wait until the other call
+ * calls _call_finish(), otherwise fd leak is possible.
+ * Resolves: GHSL-2021-077
+ */
- if (data.caught_error)
- goto out;
+ if ( (dbus_call_respond_fails > 1) )
+ {
+ // we got two faults, we can leave
+ goto out;
+ }
+
+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
+ {
+ // we got one fault and the other call finally finished, we can leave
+ goto out;
+ }
+
+ if ( !(data.retrieved_uid && data.retrieved_pid) )
+ {
+ g_main_context_iteration (tmp_context, TRUE);
+ }
+ else
+ {
+ break;
+ }
+ }
if (out_uid)
*out_uid = data.uid;

12
SOURCES/FixSharedArray.diff
Unescape View File

@ -0,0 +1,12 @@
--- a/js/public/StructuredClone.h
+++ b/js/public/StructuredClone.h
@@ -381,7 +381,7 @@ enum OwnTransferablePolicy {
namespace js {
class SharedArrayRawBuffer;
-class SharedArrayRawBufferRefs {
+class JS_PUBLIC_API SharedArrayRawBufferRefs {
public:
SharedArrayRawBufferRefs() = default;
SharedArrayRawBufferRefs(SharedArrayRawBufferRefs&& other) = default;
--

38
SOURCES/copy-headers.patch
Unescape View File

@ -0,0 +1,38 @@
From 3b3c8e37cca418e07bdeceaf3a601805df28d925 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 15 Jul 2020 08:27:39 +0200
Subject: [PATCH] build: Copy headers on install instead of symlinking
Patch by Philip Chimento ported forward to mozjs78
---
python/mozbuild/mozbuild/backend/recursivemake.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/python/mozbuild/mozbuild/backend/recursivemake.py b/python/mozbuild/mozbuild/backend/recursivemake.py
index e3fc8fe..bed5ae9 100644
--- a/python/mozbuild/mozbuild/backend/recursivemake.py
+++ b/python/mozbuild/mozbuild/backend/recursivemake.py
@@ -1457,9 +1457,9 @@ class RecursiveMakeBackend(MakeBackend):
raise Exception("Wildcards are only supported in the filename part"
" of srcdir-relative or absolute paths.")
- install_manifest.add_pattern_link(basepath, wild, path)
+ install_manifest.add_pattern_copy(basepath, wild, path)
else:
- install_manifest.add_pattern_link(f.srcdir, f, path)
+ install_manifest.add_pattern_copy(f.srcdir, f, path)
elif isinstance(f, AbsolutePath):
if not f.full_path.lower().endswith(('.dll', '.pdb', '.so')):
raise Exception("Absolute paths installed to FINAL_TARGET_FILES must"
@@ -1468,7 +1468,7 @@ class RecursiveMakeBackend(MakeBackend):
install_manifest.add_optional_exists(dest)
absolute_files.append(f.full_path)
else:
- install_manifest.add_link(f.full_path, dest)
+ install_manifest.add_copy(f.full_path, dest)
else:
install_manifest.add_optional_exists(dest)
objdir_files.append(self._pretty_path(f, backend_file))
--
2.26.2

35
SOURCES/definitions_for_user_vfp.patch
Unescape View File

@ -0,0 +1,35 @@
From fd6847c9416f9eebde636e21d794d25d1be8791d Mon Sep 17 00:00:00 2001
From: Mike Hommey <mh@glandium.org>
Date: Sat, 1 Jun 2019 09:06:01 +0900
Subject: [PATCH] Bug 1526653 - Include struct definitions for user_vfp and
user_vfp_exc.
---
js/src/wasm/WasmSignalHandlers.cpp | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/js/src/wasm/WasmSignalHandlers.cpp b/js/src/wasm/WasmSignalHandlers.cpp
index 636537f8478..383c380f04c 100644
--- a/js/src/wasm/WasmSignalHandlers.cpp
+++ b/js/src/wasm/WasmSignalHandlers.cpp
@@ -249,7 +249,16 @@ using mozilla::DebugOnly;
#endif
#ifdef WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
-# include <sys/user.h>
+struct user_vfp {
+ unsigned long long fpregs[32];
+ unsigned long fpscr;
+};
+
+struct user_vfp_exc {
+ unsigned long fpexc;
+ unsigned long fpinst;
+ unsigned long fpinst2;
+};
#endif
#if defined(ANDROID)
--
2.30.2

61
SOURCES/emitter.patch
Unescape View File

@ -0,0 +1,61 @@
From d1d785c169345b81c76213f6dd9be32b4db60294 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 15 Jul 2020 08:39:47 +0200
Subject: [PATCH] Build: allow LOCAL_INCLUDES paths with topsrcdir or topobjdir
---
python/mozbuild/mozbuild/frontend/emitter.py | 6 ------
.../mozbuild/test/frontend/test_emitter.py | 20 -------------------
2 files changed, 26 deletions(-)
diff --git a/python/mozbuild/mozbuild/frontend/emitter.py b/python/mozbuild/mozbuild/frontend/emitter.py
index 8d5ab8e..65c43ff 100644
--- a/python/mozbuild/mozbuild/frontend/emitter.py
+++ b/python/mozbuild/mozbuild/frontend/emitter.py
@@ -1239,12 +1239,6 @@ class TreeMetadataEmitter(LoggingMixin):
'is a filename, but a directory is required: %s '
'(resolved to %s)' % (local_include, full_path),
context)
- if (full_path == context.config.topsrcdir or
- full_path == context.config.topobjdir):
- raise SandboxValidationError(
- 'Path specified in LOCAL_INCLUDES '
- '(%s) resolves to the topsrcdir or topobjdir (%s), which is '
- 'not allowed' % (local_include, full_path), context)
include_obj = LocalInclude(context, local_include)
local_includes.append(include_obj.path.full_path)
yield include_obj
diff --git a/python/mozbuild/mozbuild/test/frontend/test_emitter.py b/python/mozbuild/mozbuild/test/frontend/test_emitter.py
index e8cbd81..d45ccee 100644
--- a/python/mozbuild/mozbuild/test/frontend/test_emitter.py
+++ b/python/mozbuild/mozbuild/test/frontend/test_emitter.py
@@ -1040,26 +1040,6 @@ class TestEmitterBasic(unittest.TestCase):
self.assertEqual(local_includes, expected)
- def test_local_includes_invalid(self):
- """Test that invalid LOCAL_INCLUDES are properly detected."""
- reader = self.reader('local_includes-invalid/srcdir')
-
- with six.assertRaisesRegex(
- self,
- SandboxValidationError,
- 'Path specified in LOCAL_INCLUDES.*resolves to the '
- 'topsrcdir or topobjdir'):
- self.read_topsrcdir(reader)
-
- reader = self.reader('local_includes-invalid/objdir')
-
- with six.assertRaisesRegex(
- self,
- SandboxValidationError,
- 'Path specified in LOCAL_INCLUDES.*resolves to the '
- 'topsrcdir or topobjdir'):
- self.read_topsrcdir(reader)
-
def test_local_includes_file(self):
"""Test that a filename can't be used in LOCAL_INCLUDES."""
reader = self.reader('local_includes-filename')
--
2.26.2

34
SOURCES/icu_sources_data-Write-command-output-to-our-stderr.patch
Unescape View File

@ -0,0 +1,34 @@
From: Simon McVittie <smcv@debian.org>
Date: Mon, 9 Oct 2017 09:23:14 +0100
Subject: icu_sources_data: Write command output to our stderr
Saying "See output in /tmp/foobar" is all very well for a developer
build, but on a buildd our /tmp is going to get thrown away after
the build. Just log the usual way instead.
---
intl/icu_sources_data.py | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/intl/icu_sources_data.py b/intl/icu_sources_data.py
index 8cf9290..7d2d983 100644
--- a/intl/icu_sources_data.py
+++ b/intl/icu_sources_data.py
@@ -190,16 +190,13 @@ def update_sources(topsrcdir):
def try_run(name, command, cwd=None, **kwargs):
try:
- with tempfile.NamedTemporaryFile(prefix=name, delete=False) as f:
- subprocess.check_call(command, cwd=cwd, stdout=f,
- stderr=subprocess.STDOUT, **kwargs)
+ subprocess.check_call(command, cwd=cwd, stdout=sys.stderr,
+ stderr=subprocess.STDOUT, **kwargs)
except subprocess.CalledProcessError:
- print('''Error running "{}" in directory {}
- See output in {}'''.format(' '.join(command), cwd, f.name),
- file=sys.stderr)
+ print('''Error running "{}" in directory {}'''.format(' '.join(command), cwd),
+ file=sys.stderr)
return False
else:
- os.unlink(f.name)
return True

26
SOURCES/icu_sources_data.py-Decouple-from-Mozilla-build-system.patch
Unescape View File

@ -0,0 +1,26 @@
From: Simon McVittie <smcv@debian.org>
Date: Mon, 9 Oct 2017 09:22:12 +0100
Subject: icu_sources_data.py: Decouple from Mozilla build system
mozpack.path is a wrapper around os.path that normalizes path
separators on Windows, but on Unix we only have one path separator
so there's nothing to normalize. Avoid needing to import all of it.
---
intl/icu_sources_data.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/intl/icu_sources_data.py b/intl/icu_sources_data.py
index 98c0ccb..8cf9290 100644
--- a/intl/icu_sources_data.py
+++ b/intl/icu_sources_data.py
@@ -22,7 +22,9 @@ import subprocess
import sys
import tempfile
-from mozpack import path as mozpath
+# Close enough
+import os.path as mozpath
+mozpath.normsep = lambda p: p
# The following files have been determined to be dead/unused by a
# semi-automated analysis. You can just remove any of the files below

12
SOURCES/init_patch.patch
Unescape View File

@ -0,0 +1,12 @@
--- a/python/mozbuild/mozbuild/configure/__init__.py
+++ b/python/mozbuild/mozbuild/configure/__init__.py
@@ -491,7 +491,8 @@ class ConfigureSandbox(dict):
if self._help:
self._logger.warning(msg)
else:
- raise InvalidOptionError(msg)
+ #raise InvalidOptionError(msg)
+ pass
# Run the execution queue
for func, args in self._execution_queue:

90
SOURCES/mozjs78.patch
Unescape View File

@ -0,0 +1,90 @@
diff --git a/configure.ac b/configure.ac
index eea70fc..c4569f1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -34,7 +34,7 @@ AC_PROG_LN_S
AC_SYS_LARGEFILE
AM_PROG_CC_C_O
AC_PROG_CXX
-AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
+AX_CXX_COMPILE_STDCXX([17], [], [mandatory])
# Taken from dbus
AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
-PKG_CHECK_MODULES(LIBJS, [mozjs-68])
+PKG_CHECK_MODULES(LIBJS, [mozjs-78])
AC_SUBST(LIBJS_CFLAGS)
AC_SUBST(LIBJS_CXXFLAGS)
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 25bd1f9..ca17108 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -49,6 +49,7 @@
#include <js/Realm.h>
#include <js/SourceText.h>
#include <js/Warnings.h>
+#include <js/Array.h>
#include <jsapi.h>
#include "initjs.h" /* init.js */
@@ -367,7 +368,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
static void
reload_scripts (PolkitBackendJsAuthority *authority)
{
- JS::AutoValueArray<1> args(authority->priv->cx);
+ JS::RootedValueArray<1> args(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
JS::RootedObject js_polkit(authority->priv->cx, authority->priv->js_polkit->get ());
@@ -482,10 +483,6 @@ polkit_backend_js_authority_constructed (GObject *object)
if (!JS::InitSelfHostedCode (authority->priv->cx))
goto fail;
- JS::ContextOptionsRef (authority->priv->cx)
- .setIon (TRUE)
- .setBaseline (TRUE)
- .setAsmJS (TRUE);
JS::SetWarningReporter(authority->priv->cx, report_error);
JS_SetContextPrivate (authority->priv->cx, authority);
@@ -720,7 +717,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
elems[n].setNull ();
}
- JS::RootedObject array_object(authority->priv->cx, JS_NewArrayObject (authority->priv->cx, elems));
+ JS::RootedObject array_object(authority->priv->cx, JS::NewArrayObject (authority->priv->cx, elems));
value_jsval = JS::ObjectValue (*array_object);
JS_SetProperty (authority->priv->cx, obj, name, value_jsval);
@@ -1114,7 +1111,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
{
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
GList *ret = NULL;
- JS::AutoValueArray<2> args(authority->priv->cx);
+ JS::RootedValueArray<2> args(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
guint n;
GError *error = NULL;
@@ -1218,7 +1215,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
{
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
PolkitImplicitAuthorization ret = implicit;
- JS::AutoValueArray<2> args(authority->priv->cx);
+ JS::RootedValueArray<2> args(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
GError *error = NULL;
JS::RootedString ret_jsstr (authority->priv->cx);
@@ -1409,7 +1406,7 @@ js_polkit_spawn (JSContext *cx,
JS::CallArgs args = JS::CallArgsFromVp (js_argc, vp);
array_object = &args[0].toObject();
- if (!JS_GetArrayLength (cx, array_object, &array_len))
+ if (!JS::GetArrayLength (cx, array_object, &array_len))
{
JS_ReportErrorUTF8 (cx, "Failed to get array length");
goto out;

11
SOURCES/polkit-0.117.tar.gz.sign
Unescape View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEf/t9a9gxR9dChOMXjOswMP/c4lgFAl8hQXkACgkQjOswMP/c
4lhBKAf/fZn/N2zUoREqQ0QIcMSb9OKnYxkvivmd1TA58Eski0cqo89dS89CqsVh
xhg5WpypKyqVNc28TUYHgHiD9BUL+3ldhHMQk8f1B28lJ3ipvHaYBQsm1UQOB/DU
xAhLttrFqeJxrjdSQT5GpIs3/SVYosE0/BDUbKOGivr2Wf/L1g19IUTtvaea1u9Z
5Wpr/YF8HHdyxbaIJh2ylJh5rnyfes3LKjLpG6L9srzVhjrddXU+LhMhDrLJp0HN
/LuKyEffK6qkWia3zTuqilmZdn5zKE5ryY0FArZF/5jr67oakypRFeMFqJvRyP6t
zxwLq7/r27U/h2/QxRKwdu6lsp5tbw==
=w9c/
-----END PGP SIGNATURE-----

2
SOURCES/polkit.sysusers
Unescape View File

@ -1,2 +0,0 @@
#Type Name ID GECOS Home directory Shell
u polkitd 114 "User for polkitd" / /sbin/nologin

35
SOURCES/pthread_condattr_loglevel.patch
Unescape View File

@ -1,35 +0,0 @@
commit 13bea3e08f924002a6a5c2f275d4bf1588fc3d02
Author: Sertonix <sertonix@posteo.net>
Date: Sun Aug 11 00:26:51 2024 +0200
Fix missing arguments with HAVE_PTHREAD_CONDATTR_SETCLOCK
Fixes <64f5e4dda52> Add syslog-style log levels support
diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c
index 3e665c7..a55e1c1 100644
--- a/src/polkitbackend/polkitbackendduktapeauthority.c
+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
@@ -767,12 +767,14 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
#ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK
if ((pthread_err = pthread_condattr_init(&attr))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ LOG_LEVEL_ERROR,
"Error initializing condition variable attributes: %s",
strerror(pthread_err));
return FALSE;
}
if ((pthread_err = pthread_condattr_setclock(&attr, PK_CLOCK))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ LOG_LEVEL_ERROR,
"Error setting condition variable attributes: %s",
strerror(pthread_err));
goto err_clean_condattr;
@@ -780,6 +782,7 @@ runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx
/* Init again, with needed attr */
if ((pthread_err = pthread_cond_init(&ctx->cond, &attr))) {
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ LOG_LEVEL_ERROR,
"Error initializing condition variable: %s",
strerror(pthread_err));
goto err_clean_condattr;

9
SOURCES/spidermonkey_checks_disable.patch
Unescape View File

@ -0,0 +1,9 @@
--- a/config/run_spidermonkey_checks.py
+++ b/config/run_spidermonkey_checks.py
@@ -13,4 +13,5 @@ def main(output, lib_file, *scripts):
retcode = subprocess.call(
[sys.executable, script], cwd=buildconfig.topsrcdir)
if retcode != 0:
- raise Exception(script + " failed")
+ #raise Exception(script + " failed")
+ pass

11
SOURCES/spidermonkey_style_check_disable_s390x.patch
Unescape View File

@ -0,0 +1,11 @@
--- a/config/check_spidermonkey_style.py
+++ b/config/check_spidermonkey_style.py
@@ -779,6 +779,7 @@ def tarjan(V, E):
def main():
+ sys.exit(0)
if sys.argv[1:] == ["--fixup"]:
# Sort #include directives in-place. Fixup mode doesn't solve
# all possible silliness that the script checks for; it's just a

26
SOURCES/tests-increase-timeout.patch
Unescape View File

@ -0,0 +1,26 @@
From 9be85b155c6df0454c5faef9e850f572c99e3615 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 15 Jul 2020 08:32:44 +0200
Subject: [PATCH] Increase the test timeout for slower buildds
Ported forward from Debian: https://bugs.debian.org/878284
---
js/src/Makefile.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/js/src/Makefile.in b/js/src/Makefile.in
index b86aeed..d68655a 100644
--- a/js/src/Makefile.in
+++ b/js/src/Makefile.in
@@ -53,7 +53,7 @@ check:: check-js-msg
check-jstests:
$(wildcard $(RUN_TEST_PROGRAM)) $(PYTHON3) -u $(srcdir)/tests/jstests.py \
- --no-progress --format=automation --timeout 300 \
+ --no-progress --format=automation --timeout 600 \
$(JSTESTS_EXTRA_ARGS) \
$(DIST)/bin/$(JS_SHELL_NAME)$(BIN_SUFFIX)
--
2.26.2

77
SOURCES/tty-restore-flags-if-changed.patch
Unescape View File

@ -0,0 +1,77 @@
diff -up ./src/polkitagent/polkitagenttextlistener.c.ori ./src/polkitagent/polkitagenttextlistener.c
--- ./src/polkitagent/polkitagenttextlistener.c.ori 2018-05-31 13:52:23.000000000 +0200
+++ ./src/polkitagent/polkitagenttextlistener.c 2022-10-21 17:21:11.227665209 +0200
@@ -121,6 +121,12 @@ polkit_agent_text_listener_class_init (P
listener_class = POLKIT_AGENT_LISTENER_CLASS (klass);
listener_class->initiate_authentication = polkit_agent_text_listener_initiate_authentication;
listener_class->initiate_authentication_finish = polkit_agent_text_listener_initiate_authentication_finish;
+
+ g_signal_new("tty_attrs_changed",
+ G_TYPE_FROM_CLASS(gobject_class),
+ G_SIGNAL_RUN_LAST | G_SIGNAL_NO_RECURSE | G_SIGNAL_NO_HOOKS,
+ 0, NULL, NULL, NULL,
+ G_TYPE_NONE, 1, G_TYPE_BOOLEAN);
}
/**
@@ -268,6 +274,7 @@ on_request (PolkitAgentSession *session,
* the problem.
*/
+ g_signal_emit_by_name(listener, "tty_attrs_changed", TRUE);
tcgetattr (fileno (listener->tty), &ts);
ots = ts;
ts.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
@@ -296,6 +303,7 @@ on_request (PolkitAgentSession *session,
}
}
tcsetattr (fileno (listener->tty), TCSAFLUSH, &ots);
+ g_signal_emit_by_name(listener, "tty_attrs_changed", FALSE);
putc ('\n', listener->tty);
polkit_agent_session_response (session, str->str);
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c
--- ./src/programs/pkttyagent.c.ori 2020-01-28 14:16:32.000000000 +0100
+++ ./src/programs/pkttyagent.c 2022-10-21 16:56:12.449760361 +0200
@@ -34,6 +34,7 @@
static volatile sig_atomic_t tty_flags_saved;
+static volatile sig_atomic_t tty_flags_changed;
struct termios ts;
FILE *tty = NULL;
struct sigaction savesigterm, savesigint, savesigtstp;
@@ -54,7 +55,7 @@ static void tty_handler(int signal)
break;
}
- if (tty_flags_saved)
+ if (tty_flags_saved && tty_flags_changed)
{
tcsetattr (fileno (tty), TCSADRAIN, &ts);
}
@@ -63,6 +64,14 @@ static void tty_handler(int signal)
}
+static void tty_attrs_changed(PolkitAgentListener *listener G_GNUC_UNUSED,
+ gboolean changed,
+ gpointer user_data G_GNUC_UNUSED)
+{
+ tty_flags_changed = changed;
+}
+
+
int
main (int argc, char *argv[])
{
@@ -221,6 +230,9 @@ main (int argc, char *argv[])
ret = 127;
goto out;
}
+ g_signal_connect(G_OBJECT(listener), "tty_attrs_changed",
+ G_CALLBACK(tty_attrs_changed), NULL);
+
local_agent_handle = polkit_agent_listener_register_with_options (listener,
POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD,
subject,

420
SPECS/polkit.spec
Unescape View File

@ -1,35 +1,123 @@
# Only enable if using patches that touches configure.ac,
# Makefile.am or other build system related files
#
Summary: An authorization framework
Name: polkit
Version: 125
Release: 2%{?dist}
License: LGPL-2.0-or-later
URL: https://github.com/polkit-org/polkit
Source0: https://github.com/polkit-org/polkit/archive/refs/tags/%{version}.tar.gz
Source1: polkit.sysusers
%define enable_autoreconf 1
%global bundled_mozjs 1
%if 0%{?bundled_mozjs}
%global mozjs_major 78
%global mozjs_version 78.10.0
Patch1: pthread_condattr_loglevel.patch
# Big endian platforms
%ifarch ppc ppc64 s390 s390x
%global big_endian 1
%endif
# Make sure we don't add requires/provides for private libraries
%global __provides_exclude_from ^%{_libdir}/polkit-1/
%global __requires_exclude ^libmozjs-%{mozjs_major}\\.so.*
%endif
Summary: An authorization framework
Name: polkit
Version: 0.117
Release: 11%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
Patch1001: mozjs78.patch
Patch1002: CVE-2021-3560.patch
Patch1003: CVE-2021-4034.patch
Patch1004: CVE-2021-4115.patch
Patch1005: tty-restore-flags-if-changed.patch
%if 0%{?bundled_mozjs}
Source2: https://ftp.mozilla.org/pub/firefox/releases/%{mozjs_version}esr/source/firefox-%{mozjs_version}esr.source.tar.xz
# Patches from mozjs68, rebased for mozjs78:
Patch02: copy-headers.patch
Patch03: tests-increase-timeout.patch
Patch09: icu_sources_data.py-Decouple-from-Mozilla-build-system.patch
Patch10: icu_sources_data-Write-command-output-to-our-stderr.patch
# Build fixes - https://hg.mozilla.org/mozilla-central/rev/ca36a6c4f8a4a0ddaa033fdbe20836d87bbfb873
Patch12: emitter.patch
# Build fixes
Patch14: init_patch.patch
# TODO: Check with mozilla for cause of these fails and re-enable spidermonkey compile time checks if needed
Patch15: spidermonkey_checks_disable.patch
# armv7 fixes
Patch17: definitions_for_user_vfp.patch
# s390x/ppc64 fixes, TODO: file bug report upstream?
Patch18: spidermonkey_style_check_disable_s390x.patch
Patch19: 0001-Skip-failing-tests-on-ppc64-and-s390x.patch
# Fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1644600 ( SharedArrayRawBufferRefs is not exported )
# https://github.com/0ad/0ad/blob/83e81362d850cc6f2b3b598255b873b6d04d5809/libraries/source/spidermonkey/FixSharedArray.diff
Patch30: FixSharedArray.diff
# Avoid autoconf213 dependency, backported from upstream
# https://bugzilla.mozilla.org/show_bug.cgi?id=1663863
Patch31: 0002-D89554-autoconf1.diff
Patch32: 0003-D94538-autoconf2.diff
%endif
BuildRequires: make
BuildRequires: gcc-c++
BuildRequires: glib2-devel >= 2.30.0
BuildRequires: expat-devel
BuildRequires: pam-devel
BuildRequires: gtk-doc
BuildRequires: gettext-devel
BuildRequires: intltool
BuildRequires: gobject-introspection-devel
BuildRequires: systemd, systemd-devel, systemd-rpm-macros
BuildRequires: dbus-devel
BuildRequires: pkgconfig(duktape)
BuildRequires: meson
BuildRequires: git
Requires: dbus
Recommends: polkit-pkla-compat
BuildRequires: systemd, systemd-devel
%if 0%{?bundled_mozjs}
BuildRequires: cargo
BuildRequires: clang-devel
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: m4
BuildRequires: make
%if !0%{?rhel}
BuildRequires: nasm
%endif
BuildRequires: llvm
BuildRequires: llvm-devel
BuildRequires: rust
BuildRequires: perl-devel
BuildRequires: pkgconfig(libffi)
BuildRequires: pkgconfig(zlib)
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-six
BuildRequires: readline-devel
BuildRequires: zip
%if 0%{?big_endian}
BuildRequires: icu
%endif
%else
BuildRequires: pkgconfig(mozjs-78)
%endif
%if 0%{?enable_autoreconf}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
%endif
Requires: dbus, polkit-pkla-compat
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%{?systemd_requires}
%{?sysusers_requires_compat}
Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Obsoletes: PolicyKit <= 0.10
Provides: PolicyKit = 0.11
@ -41,7 +129,7 @@ Conflicts: polkit-gnome < 0.97
Obsoletes: polkit-desktop-policy < 0.103
Provides: polkit-desktop-policy = 0.103
Obsoletes: polkit-js-engine < 0.120-5
Obsoletes: polkit-js-engine < 0.110-4
Provides: polkit-js-engine = %{version}-%{release}
# when -libs was split out, handle multilib upgrade path -- rex
@ -75,35 +163,170 @@ Development documentation for polkit.
%package libs
Summary: Libraries for polkit
%if 0%{?bundled_mozjs}
License: MIT and (MPLv1.1 or GPLv2+ or LGPLv2+) and MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0
Provides: bundled(mozjs) = %{mozjs_version}
%endif
%description libs
Libraries files for polkit.
%prep
%autosetup -S git
%setup -q
%build
%meson -D authfw=pam \
-D examples=false \
-D gtk_doc=true \
-D introspection=true \
-D man=true \
-D session_tracking=logind \
-D tests=false
# Apply polkit patches
%patch1001 -p1
%patch1002 -p1
%patch1003 -p1
%patch1004 -p1
%patch1005 -p1
%if 0%{?bundled_mozjs}
# Extract mozjs archive
tar -xf %{S:2}
# Apply mozjs patches
pushd firefox-%{mozjs_version}
%patch02 -p1
%patch03 -p1
%patch09 -p1
%patch10 -p1
%patch12 -p1
%meson_build
%patch14 -p1
%patch15 -p1
%ifarch armv7hl
# Include definitions for user vfp on armv7 as it causes the compilation to fail without them
# https://bugzilla.mozilla.org/show_bug.cgi?id=1526653
%patch17 -p1
%endif
%ifarch s390x
%patch18 -p1
%endif
# Fixes for ppc64 and s390x, there is no need to keep it in ifarch here since mozilla tests support ifarch conditions
%patch19 -p1
# Export SharedArrayRawBufferRefs
%patch30 -p1
# Avoid autoconf213 dependency
%patch31 -p1 -b .autoconf213
%patch32 -p1 -b .autoconf213-2
# Remove zlib directory (to be sure using system version)
rm -rf modules/zlib
popd
%endif
%build
%if 0%{?bundled_mozjs}
pushd firefox-%{mozjs_version}/js/src
# Prefer GCC for now
export CC=gcc
export CXX=g++
# Workaround
# error: options `-C embed-bitcode=no` and `-C lto` are incompatible
# error: could not compile `jsrust`.
# https://github.com/japaric/cargo-call-stack/issues/25
export RUSTFLAGS="-C embed-bitcode"
# https://github.com/ptomato/mozjs/commit/36bb7982b41e0ef9a65f7174252ab996cd6777bd
export CARGO_PROFILE_RELEASE_LTO=true
export LINKFLAGS="%{?__global_ldflags}"
export PYTHON="%{__python3}"
%configure \
--without-system-icu \
--with-system-zlib \
--disable-tests \
--disable-strip \
--with-intl-api \
--enable-readline \
--enable-shared-js \
--enable-optimize \
--disable-debug \
--enable-pie \
--disable-jemalloc
%if 0%{?big_endian}
echo "Generate big endian version of config/external/icu/data/icud67l.dat"
pushd ../..
icupkg -tb config/external/icu/data/icudt67l.dat config/external/icu/data/icudt67b.dat
rm -f config/external/icu/data/icudt*l.dat
popd
%endif
%make_build
popd
cat > mozjs-%{mozjs_major}.pc << EOF
Name: SpiderMonkey %{mozjs_version}
Description: The Mozilla library for JavaScript
Version: %{mozjs_version}
Libs: -L`pwd`/firefox-%{mozjs_version}/js/src/dist/bin -lmozjs-%{mozjs_major}
Cflags: -include `pwd`/firefox-%{mozjs_version}/js/src/dist/include/js/RequiredDefines.h -I`pwd`/firefox-%{mozjs_version}/js/src/dist/include
EOF
%endif
%if 0%{?enable_autoreconf}
autoreconf -i
%endif
# we can't use _hardened_build here, see
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
export CFLAGS='-fPIC %optflags'
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
%if 0%{?bundled_mozjs}
export PKG_CONFIG_PATH=`pwd`
export LD_LIBRARY_PATH=`pwd`/firefox-%{mozjs_version}/js/src/dist/bin
export LDFLAGS="$LDFLAGS -Wl,-rpath=%{_libdir}/polkit-1"
%endif
%configure --enable-gtk-doc \
--disable-static \
--enable-introspection \
--disable-examples \
--enable-libsystemd-login=yes
make V=1
%install
%meson_install
install -Dpm 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/polkit.conf
%if 0%{?bundled_mozjs}
mkdir -p %{buildroot}%{_libdir}/polkit-1
cp -p firefox-%{mozjs_version}/js/src/dist/bin/libmozjs-%{mozjs_major}.so %{buildroot}%{_libdir}/polkit-1/
%endif
%make_install \
typelibsdir=%{_libdir}/girepository-1.0 \
girdir=%{_datadir}/gir-1.0
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%find_lang polkit-1
%check
%if 0%{?bundled_mozjs}
export LD_LIBRARY_PATH=`pwd`/firefox-%{mozjs_version}/js/src/dist/bin
pushd firefox-%{mozjs_version}/js/src
# Run SpiderMonkey tests
PYTHONPATH=tests/lib %{__python3} tests/jstests.py -d -s -t 1800 --no-progress --wpt=disabled ../../js/src/dist/bin/js
# Run basic JIT tests
PYTHONPATH=tests/lib %{__python3} jit-test/jit_test.py -s -t 1800 --no-progress ../../js/src/dist/bin/js basic
popd
%endif
%pre
%sysusers_create_compat %{SOURCE1}
getent group polkitd >/dev/null || groupadd -r polkitd
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
exit 0
%post
# The implied (systemctl preset) will fail and complain, but the macro hides
@ -118,28 +341,25 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%systemd_postun_with_restart polkit.service
%files -f polkit-1.lang
%doc COPYING NEWS.md README.md
%doc COPYING NEWS README
%{_datadir}/man/man1/*
%{_datadir}/man/man8/*
%{_datadir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%{_datadir}/dbus-1/system-services/*
%{_unitdir}/polkit.service
%dir %{_datadir}/polkit-1/
%dir %{_datadir}/polkit-1/actions
%dir %{_datadir}/polkit-1/rules.d
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
%{_datadir}/polkit-1/policyconfig-1.dtd
%dir %{_sysconfdir}/polkit-1
%{_datadir}/polkit-1/rules.d/50-default.rules
%attr(0750,root,polkitd) %dir %{_sysconfdir}/polkit-1/rules.d
%{_sysusersdir}/polkit.conf
%{_prefix}/lib/pam.d/polkit-1
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%{_sysconfdir}/pam.d/polkit-1
%{_bindir}/pkaction
%{_bindir}/pkcheck
%{_bindir}/pkttyagent
%dir %{_prefix}/lib/polkit-1
%{_prefix}/lib/polkit-1/polkitd
%{_tmpfilesdir}/polkit-tmpfiles.conf
# see upstream docs for why these permissions are necessary
%attr(4755,root,root) %{_bindir}/pkexec
@ -161,111 +381,41 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
%files libs
%{_libdir}/lib*.so.*
%{_libdir}/girepository-1.0/*.typelib
%if 0%{?bundled_mozjs}
%dir %{_libdir}/polkit-1
%{_libdir}/polkit-1/libmozjs-%{mozjs_major}.so
%endif
%changelog
* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 125-2
- Rebuilt for MSVSphere 10
* Thu Aug 22 2024 Jan Rybar <jrybar@redhat.com> - 125-2
- late easyfix for new release
- Resolves: RHEL-55287
* Tue Aug 20 2024 Jan Rybar <jrybar@redhat.com> - 125-1
- rebase to polkit-125
- Resolves: RHEL-55287
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 124-3
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 124-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Jan Rybar <jrybar@redhat.com> - 124-1
- rebase to polkit-124
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 123-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 06 2023 Jan Rybar <jrybar@redhat.com> - 123-4
- align sysusers implementation with Fedora guidelines, fixes upstream CI
* Mon Nov 20 2023 Jan Rybar <jrybar@redhat.com> - 123-3
- backport of removal of IPAddressDeny sandboxing option
- Resolves: bz#2248838
* Thu Sep 21 2023 Christian Glombek <cglombek@redhat.com> - 123-2
- Provide a sysusers.d file to get user() and group() provides
(see https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format).
* Tue Aug 01 2023 Jan Rybar <jrybar@redhat.com> - 123-1
- Rebase to version 123
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 122-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Apr 11 2023 Lukáš Zaoral <lzaoral@redhat.com> - 122-6
- migrate to SPDX license format
* Fri Dec 02 2022 Jan Rybar <jrybar@redhat.com> - 0.117-11
- backport: restore tty only if changed
- Resolves: rhbz#2150310
* Thu Mar 30 2023 Jan Rybar <jrybar@redhat.com> - 122-5
- config file permission change to increase security of polkitd
- Resolves: bz#2182784
* Mon Mar 07 2022 Jan Rybar <jrybar@redhat.com> - 0.117-10
- fixed CVE-2021-4115 patch application
- Resolves: rhbz#2062644
* Wed Feb 08 2023 Jan Rybar <jrybar@redhat.com> - 122-4
- Switch 'polkitd' to static UID/GID (fpc#1189) (on behalf of lucab)
- Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2104615
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 122-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 16 2022 František Zatloukal <fzatlouk@redhat.com> - 122-2
- Rebuilt for duktape 2.7.0
* Wed Oct 26 2022 Vincent Mihalkovic <vmihalko@redhat.com> - 122-1
- rebase to 122
* Mon Aug 15 2022 Jan Rybar <jrybar@redhat.com> - 121-4
- duktape re-enabled
* Tue Aug 02 2022 Jan Rybar <jrybar@redhat.com> - 121-3
- switched back to mozjs until problems with duktape are fixed
- Related: bz#2109145
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 121-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 12 2022 Jan Rybar <jrybar@redhat.com> - 121-1
- Rebase to v.121
* Sun Feb 20 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 0.120-5
- switch to mozjs91
* Wed Feb 16 2022 Jan Rybar <jrybar@redhat.com> - 0.120-4
* Wed Feb 16 2022 Jan Rybar <jrybar@redhat.com> - 0.117-9
- file descriptor exhaustion (GHSL-2021-077)
- Resolves: CVE-2021-4115
* Wed Jan 26 2022 Timothée Ravier <tim@siosm.fr> - 0.120-3
- Fix for CVE-2021-4034
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.120-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jan 27 2022 Jan Rybar <jrybar@redhat.com> - 0.117-8
- pkexec: argv overflow results in local privilege esc.
- Resolves: CVE-2021-4034
* Wed Oct 06 2021 Pete Walter <pwalter@fedoraproject.org> - 0.120-1
- Update to 0.120
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.117-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.118-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jun 30 2021 Kalev Lember <klember@redhat.com> - 0.117-6
- Bundle mozjs (#1958111)
* Thu May 20 2021 Jan Rybar <jrybar@redhat.com> - 0.118-2
* Mon Jun 28 2021 Jan Rybar <jrybar@redhat.com> - 0.117-5
- CVE-2021-3560 mitigation
- Resolves: CVE-2021-3560
* Mon Apr 26 2021 Jan Rybar <jrybar@redhat.com> - 0.118-1
- rebase to 0.118
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.117-4
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.117-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.117-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save