sys-auth/polkit: meson fix, security bump

Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Jory Pratt <anarchy@gentoo.org>
author: Jory Pratt <anarchy@gentoo.org> 2022-01-26 07:37:13 -0600
committer: Jory Pratt <anarchy@gentoo.org> 2022-01-26 07:37:39 -0600
commit: 7b63ecc28ba29ecf67bf377328ad2534a0a9968e (patch)
tree: 1b9ef6210424295ee2df266dbd7e21e57437d2cb /sys-auth
parent: sys-auth/polkit: fix build with -duktape (diff)
download: musl-7b63ecc28ba29ecf67bf377328ad2534a0a9968e.tar.gz
musl-7b63ecc28ba29ecf67bf377328ad2534a0a9968e.tar.bz2
musl-7b63ecc28ba29ecf67bf377328ad2534a0a9968e.zip
9 files changed, 121 insertions, 644 deletions
diff --git a/sys-auth/polkit/Manifest b/sys-auth/polkit/Manifest
index 14c82431..1125d650 100644
--- a/sys-auth/polkit/Manifest
+++ b/sys-auth/polkit/Manifest
@@ -1,4 +1,2 @@
-DIST polkit-0.118-duktape.patch 50144 BLAKE2B 83be77ed93596bd44306b8e5b677497c6e4dab3a16626a32849abb3d91b527ad1e3a1436dcd7389ca5794ea1d7efaa3d5acc950f868fcda85b4bab75ad54205a SHA512 dec31b81678a5436ddeef633d668c735d3c7128d6b5fb7b5dda2d06e8cf40ce9093813e9fbc8870475321d6fcdef3395bf3dd0db7ed214f0f45b19bf47c8a867
-DIST polkit-0.119.tar.gz 1387409 BLAKE2B aeb605598393d1cab40f7c77954008a0392600584c5fe8cc9acaa0e122418ee48b9cce0b6839189ea415277ff0ae4dbd5b7c71cb910aa349dcaf7e1f3f70ef06 SHA512 0260fb15da1c4c1f429e8223260981e64e297f1be8ced42f6910f09ea6581b8205aca06c9c601eb4a128acba2f468de0223118f96862ba769f95721894cf1578
 DIST polkit-0.120-duktape-1.patch 127886 BLAKE2B 5ae791538ff576c01340a8eee197c0da580cf8a5afd5d0ba54526191edf68c16811debed981c540fcf2ad6fbf0d13f66c71c8ccd32560fda2f39aeb86cd15349 SHA512 bd3fb95a2e4151646859fef031f463fabd8c02bd24024f8269a74c171d70f8fc33de055193b2a0fb0c40fc459f01ec9a546cfdf1c90ef096ba8e5135d08be4a7
 DIST polkit-0.120.tar.gz 1626659 BLAKE2B 745727445b4946d44b8ea470d21ac131ca7706e83f5dbaf85cf3541ac60a1bbe23b3bf3172a62d9256ebb3dae02d2b2d476e3e0f7fe79a80c47864a120e62ed9 SHA512 db072769439d5e17d0eed681e7b94251b77828c1474b40fe40b94293903a64333e7fa17515a3270648691f04a1374d8b404405ead6abf292a8eb8483164adc46
diff --git a/sys-auth/polkit/files/polkit-0.115-elogind.patch b/sys-auth/polkit/files/polkit-0.115-elogind.patch
deleted file mode 100644
index 93d67201..00000000
--- a/sys-auth/polkit/files/polkit-0.115-elogind.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
-From: Rasmus Thomsen <cogitri@exherbo.org>
-Date: Wed, 11 Apr 2018 13:14:14 +0200
-Subject: [PATCH] configure: fix elogind support
-
-HAVE_LIBSYSTEMD is used to determine which source files to use.
-We have to check if either have_libsystemd or have_libelogind is
-true, as both of these need the source files which are used when
-HAVE_LIBSYSTEMD is true.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 36df239..da47ecb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
- 
- AC_SUBST(LIBSYSTEMD_CFLAGS)
- AC_SUBST(LIBSYSTEMD_LIBS)
--AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
-+AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
- 
- dnl ---------------------------------------------------------------------------
- dnl - systemd unit / service files
--- 
-2.17.0
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
deleted file mode 100644
index 84f07f98..00000000
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-1.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-From 71e5409c931f8e69ef7e782d1c396c335a4c3f76 Mon Sep 17 00:00:00 2001
-From: A. Wilcox <AWilcox@Wilcox-Tech.com>
-Date: Mon, 20 May 2019 20:24:42 -0500
-Subject: [PATCH] On at least Linux/musl and Linux/uclibc, netgroup 
-support is not available.  PolKit fails to compile on these systems
-for that reason.
-
-This change makes netgroup support conditional on the presence of the
-setnetgrent(3) function which is required for the support to work.  If
-that function is not available on the system, an error will be returned
-to the administrator if unix-netgroup: is specified in configuration.
-
-Fixes bug 50145.
-
-Closes polkit/polkit#14.
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
----
- configure.ac                                     |  2 +-
- src/polkit/polkitidentity.c                      | 16 ++++++++++++++++
- src/polkit/polkitunixnetgroup.c                  |  3 +++
- .../polkitbackendinteractiveauthority.c          | 14 ++++++++------
- src/polkitbackend/polkitbackendjsauthority.cpp   |  2 ++
- test/polkit/polkitidentitytest.c                 |  9 ++++++++-
- test/polkit/polkitunixnetgrouptest.c             |  3 +++
- .../test-polkitbackendjsauthority.c              |  2 ++
- 8 files changed, 43 insertions(+), 8 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 5cedb4e..87aa0ad 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
- 
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
- 
- if test "x$GCC" = "xyes"; then
-   LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f..10e9c17 100644
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
-     }
-   else if (g_str_has_prefix (str, "unix-netgroup:"))
-     {
-+#ifndef HAVE_SETNETGRENT
-+      g_set_error (error,
-+                   POLKIT_ERROR,
-+                   POLKIT_ERROR_FAILED,
-+                   "Netgroups are not available on this machine ('%s')",
-+                   str);
-+#else
-       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
-     }
- 
-   if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
-       GVariant *v;
-       const char *name;
- 
-+#ifndef HAVE_SETNETGRENT
-+      g_set_error (error,
-+                   POLKIT_ERROR,
-+                   POLKIT_ERROR_FAILED,
-+                   "Netgroups are not available on this machine");
-+      goto out;
-+#else
-       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
-       if (v == NULL)
-         {
-@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
-       name = g_variant_get_string (v, NULL);
-       ret = polkit_unix_netgroup_new (name);
-       g_variant_unref (v);
-+#endif
-     }
-   else
-     {
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
-index 8a2b369..83f8d4a 100644
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+  g_assert_not_reached();
-+#endif
-   g_return_val_if_fail (name != NULL, NULL);
-   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
-                                        "name", name,
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8..36c2f3d 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
-   GList *ret;
- 
-   ret = NULL;
-+#ifdef HAVE_SETNETGRENT
-   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
- 
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
-   if (setnetgrent (name) == 0)
-     {
-       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
-       goto out;
-     }
--#else
-+# else
-   setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
- 
-   for (;;)
-     {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-       const char *hostname, *username, *domainname;
--#else
-+# else
-       char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
-       PolkitIdentity *user;
-       GError *error = NULL;
- 
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
- 
-  out:
-   endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
-   return ret;
- }
- 
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 9b752d1..09b2878 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
- 
-   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
- 
-+#ifdef HAVE_SETNETGRENT
-   JS::RootedString usrstr (authority->priv->cx);
-   usrstr = args[0].toString();
-   user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
- 
-   JS_free (cx, netgroup);
-   JS_free (cx, user);
-+#endif
- 
-   ret = true;
- 
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
-index e91967b..e829aaa 100644
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
-   {"unix-group:root", "unix-group:jane", FALSE},
-   {"unix-group:jane", "unix-group:jane", TRUE},
- 
-+#ifdef HAVE_SETNETGRENT
-   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
-   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
- 
-   {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
-   {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
- 
-   {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
-   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
-   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
- 
-+#ifdef HAVE_SETNETGRENT
-   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
- 
-   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
-   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
--  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
- 
-   add_comparison_tests ();
- 
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1..e3352eb 100644
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
-   g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
-   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
-   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
-   return g_test_run ();
- }
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index 71aad23..fdd28f3 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
-         "unix-group:users"
-       }
-     },
-+#ifdef HAVE_SETNETGRENT
-     {
-       "net.company.action3",
-       {
-         "unix-netgroup:foo"
-       }
-     },
-+#endif
-   };
-   guint n;
- 
--- 
-2.21.0
-
diff --git a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch b/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
deleted file mode 100644
index aef30ef6..00000000
--- a/sys-auth/polkit/files/polkit-0.116-make-netgroup-support-optional-2.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 4809dc9..d1ea325 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
- 
--AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
- 
- if test "x$GCC" = "xyes"; then
-   LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
-index 3aa1f7f..793f17d 100644
---- a/src/polkit/polkitidentity.c
-+++ b/src/polkit/polkitidentity.c
-@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
-     }
-   else if (g_str_has_prefix (str, "unix-netgroup:"))
-     {
-+#ifndef HAVE_SETNETGRENT
-+      g_set_error (error,
-+                   POLKIT_ERROR,
-+                   POLKIT_ERROR_FAILED,
-+                   "Netgroups are not available on this machine ('%s')",
-+                   str);
-+#else
-       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
-+#endif
-     }
- 
-   if (identity == NULL && (error != NULL && *error == NULL))
-@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
-       GVariant *v;
-       const char *name;
- 
-+#ifndef HAVE_SETNETGRENT
-+      g_set_error (error,
-+                   POLKIT_ERROR,
-+                   POLKIT_ERROR_FAILED,
-+                   "Netgroups are not available on this machine");
-+      goto out;
-+#else
-+
-       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
-       if (v == NULL)
-         {
-@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
-       name = g_variant_get_string (v, NULL);
-       ret = polkit_unix_netgroup_new (name);
-       g_variant_unref (v);
-+#endif
-     }
-   else
-     {
-diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
-index 8a2b369..83f8d4a 100644
---- a/src/polkit/polkitunixnetgroup.c
-+++ b/src/polkit/polkitunixnetgroup.c
-@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
- PolkitIdentity *
- polkit_unix_netgroup_new (const gchar *name)
- {
-+#ifndef HAVE_SETNETGRENT
-+  g_assert_not_reached();
-+#endif
-   g_return_val_if_fail (name != NULL, NULL);
-   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
-                                        "name", name,
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 056d9a8..36c2f3d 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
-   GList *ret;
- 
-   ret = NULL;
-+#ifdef HAVE_SETNETGRENT
-   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
- 
--#ifdef HAVE_SETNETGRENT_RETURN
-+# ifdef HAVE_SETNETGRENT_RETURN
-   if (setnetgrent (name) == 0)
-     {
-       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
-       goto out;
-     }
--#else
-+# else
-   setnetgrent (name);
--#endif
-+# endif /* HAVE_SETNETGRENT_RETURN */
- 
-   for (;;)
-     {
--#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
-       const char *hostname, *username, *domainname;
--#else
-+# else
-       char *hostname, *username, *domainname;
--#endif
-+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
-       PolkitIdentity *user;
-       GError *error = NULL;
- 
-@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
- 
-  out:
-   endnetgrent ();
-+#endif /* HAVE_SETNETGRENT */
-   return ret;
- }
- 
-diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
-index 1d91103..366cbdf 100644
---- a/src/polkitbackend/polkitbackendjsauthority.cpp
-+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1519,6 +1519,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
- 
-   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
- 
-+#ifdef HAVE_SETNETGRENT
-   JS::RootedString usrstr (authority->priv->cx);
-   usrstr = args[0].toString();
-   user = JS_EncodeStringToUTF8 (cx, usrstr);
-@@ -1533,6 +1534,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
-     {
-       is_in_netgroup =  true;
-     }
-+#endif
- 
-   ret = true;
- 
-diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
-index e91967b..e829aaa 100644
---- a/test/polkit/polkitidentitytest.c
-+++ b/test/polkit/polkitidentitytest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <polkit/polkitprivate.h>
-@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
-   {"unix-group:root", "unix-group:jane", FALSE},
-   {"unix-group:jane", "unix-group:jane", TRUE},
- 
-+#ifdef HAVE_SETNETGRENT
-   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
-   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
-+#endif
- 
-   {"unix-user:root", "unix-group:root", FALSE},
-+#ifdef HAVE_SETNETGRENT
-   {"unix-user:jane", "unix-netgroup:foo", FALSE},
-+#endif
- 
-   {NULL},
- };
-@@ -181,11 +186,13 @@ main (int argc, char *argv[])
-   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
-   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
- 
-+#ifdef HAVE_SETNETGRENT
-   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
-+  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
-+#endif
- 
-   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
-   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
--  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
- 
-   add_comparison_tests ();
- 
-diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
-index 3701ba1..e3352eb 100644
---- a/test/polkit/polkitunixnetgrouptest.c
-+++ b/test/polkit/polkitunixnetgrouptest.c
-@@ -19,6 +19,7 @@
-  * Author: Nikki VonHollen <vonhollen@google.com>
-  */
- 
-+#include "config.h"
- #include "glib.h"
- #include <polkit/polkit.h>
- #include <string.h>
-@@ -69,7 +70,9 @@ int
- main (int argc, char *argv[])
- {
-   g_test_init (&argc, &argv, NULL);
-+#ifdef HAVE_SETNETGRENT
-   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
-   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
-+#endif
-   return g_test_run ();
- }
-diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
-index 71aad23..fdd28f3 100644
---- a/test/polkitbackend/test-polkitbackendjsauthority.c
-+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
-@@ -137,12 +137,14 @@ test_get_admin_identities (void)
-         "unix-group:users"
-       }
-     },
-+#ifdef HAVE_SETNETGRENT
-     {
-       "net.company.action3",
-       {
-         "unix-netgroup:foo"
-       }
-     },
-+#endif
-   };
-   guint n;
- 
diff --git a/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
new file mode 100644
index 00000000..22bb71d1
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-CVE-2021-4043.patch
@@ -0,0 +1,72 @@
+https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+https://bugs.gentoo.org/832057
+https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
+
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Tue, 25 Jan 2022 17:21:46 +0000
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
+
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+   local_agent_handle = NULL;
+   ret = 126;
+ 
++  if (argc < 1)
++    {
++      exit(126);
++    }
++
+   /* Disable remote file access from GIO. */
+   setenv ("GIO_USE_VFS", "local", 1);
+ 
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+   pid_t pid_of_caller;
+   gpointer local_agent_handle;
+ 
++
++  /*
++   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++   */
++  if (argc<1)
++    {
++      exit(127);
++    }
++
+   ret = 127;
+   authority = NULL;
+   subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+ 
+       path = g_strdup (pwstruct.pw_shell);
+       if (!path)
+-	{
++        {
+           g_printerr ("No shell configured or error retrieving pw_shell\n");
+           goto out;
+-	}
++        }
+       /* If you change this, be sure to change the if (!command_line)
+ 	 case below too */
+       command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+           goto out;
+         }
+       g_free (path);
+-      argv[n] = path = s;
++      path = s;
++
++      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++       */
++      if (argv[n] != NULL)
++      {
++        argv[n] = path;
++      }
+     }
+   if (access (path, F_OK) != 0)
+     {
+GitLab
diff --git a/sys-auth/polkit/files/polkit-0.120-meson.patch b/sys-auth/polkit/files/polkit-0.120-meson.patch
new file mode 100644
index 00000000..5e144688
--- /dev/null
+++ b/sys-auth/polkit/files/polkit-0.120-meson.patch
@@ -0,0 +1,42 @@
+From e7f3d9e8341df64e2abc3910dafb1113a84bff07 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@debian.org>
+Date: Mon, 25 Oct 2021 20:21:27 +0100
+Subject: [PATCH] Don't pass positional parameters to i18n.merge_file
+
+These were always ignored, and Meson 0.60.0 disallowed them.
+
+Resolves: https://gitlab.freedesktop.org/polkit/polkit/-/issues/160
+Reference: https://github.com/mesonbuild/meson/pull/9445
+Signed-off-by: Simon McVittie <smcv@debian.org>
+---
+ actions/meson.build      | 1 -
+ src/examples/meson.build | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/actions/meson.build b/actions/meson.build
+index 2abaaf3..1e3f370 100644
+--- a/actions/meson.build
++++ b/actions/meson.build
+@@ -1,7 +1,6 @@
+ policy = 'org.freedesktop.policykit.policy'
+ 
+ i18n.merge_file(
+-  policy,
+   input: policy + '.in',
+   output: '@BASENAME@',
+   po_dir: po_dir,
+diff --git a/src/examples/meson.build b/src/examples/meson.build
+index c6305ab..8c18de5 100644
+--- a/src/examples/meson.build
++++ b/src/examples/meson.build
+@@ -1,7 +1,6 @@
+ policy = 'org.freedesktop.policykit.examples.pkexec.policy'
+ 
+ i18n.merge_file(
+-  policy,
+   input: policy + '.in',
+   output: '@BASENAME@',
+   po_dir: po_dir,
+-- 
+GitLab
+
diff --git a/sys-auth/polkit/metadata.xml b/sys-auth/polkit/metadata.xml
index f23bd9f8..23b3540b 100644
--- a/sys-auth/polkit/metadata.xml
+++ b/sys-auth/polkit/metadata.xml
@@ -6,7 +6,6 @@
 	</maintainer>
 	<use>
 		<flag name="duktape">Use<pkg>dev-lang/duktape</pkg> for javascript engine</flag>
-		<flag name="elogind">Use <pkg>sys-auth/elogind</pkg> for session tracking</flag>
 		<flag name="systemd">Use <pkg>sys-apps/systemd</pkg> for session tracking</flag>
 	</use>
 </pkgmetadata>
diff --git a/sys-auth/polkit/polkit-0.119-r2.ebuild b/sys-auth/polkit/polkit-0.119-r2.ebuild
deleted file mode 100644
index 32f1c305..00000000
--- a/sys-auth/polkit/polkit-0.119-r2.ebuild
+++ /dev/null
@@ -1,141 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools pam pax-utils systemd xdg-utils
-
-DESCRIPTION="Policy framework for controlling privileges for system-wide services"
-HOMEPAGE="https://www.freedesktop.org/wiki/Software/polkit https://gitlab.freedesktop.org/polkit/polkit"
-SRC_URI="https://www.freedesktop.org/software/${PN}/releases/${P}.tar.gz
-	https://dev.gentoo.org/~anarchy/dist/polkit-0.118-duktape.patch"
-
-LICENSE="LGPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~mips ppc64 x86"
-IUSE="duktape elogind examples gtk +introspection kde nls pam selinux systemd test"
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="^^ ( elogind systemd )"
-
-BDEPEND="
-	acct-user/polkitd
-	app-text/docbook-xml-dtd:4.1.2
-	app-text/docbook-xsl-stylesheets
-	dev-libs/glib
-	dev-libs/gobject-introspection-common
-	dev-libs/libxslt
-	dev-util/glib-utils
-	dev-util/gtk-doc-am
-	dev-util/intltool
-	sys-devel/gettext
-	virtual/pkgconfig
-	introspection? ( dev-libs/gobject-introspection )
-"
-DEPEND="
-	duktape? ( dev-lang/duktape )
-	!duktape? ( dev-lang/spidermonkey:78[-debug] )
-	dev-libs/glib:2
-	dev-libs/expat
-	elogind? ( sys-auth/elogind )
-	pam? (
-		sys-auth/pambase
-		sys-libs/pam
-	)
-	!pam? ( virtual/libcrypt:= )
-	systemd? ( sys-apps/systemd:0=[policykit] )
-"
-RDEPEND="${DEPEND}
-	acct-user/polkitd
-	selinux? ( sec-policy/selinux-policykit )
-"
-PDEPEND="
-	gtk? ( || (
-		>=gnome-extra/polkit-gnome-0.105
-		>=lxde-base/lxsession-0.5.2
-	) )
-	kde? ( kde-plasma/polkit-kde-agent )
-"
-
-DOCS=( docs/TODO HACKING NEWS README )
-
-PATCHES=(
-	"${DISTDIR}"/${PN}-0.118-duktape.patch
-	"${FILESDIR}"/${PN}-0.115-elogind.patch # bug 660880
-	"${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
-)
-
-QA_MULTILIB_PATHS="
-	usr/lib/polkit-1/polkit-agent-helper-1
-	usr/lib/polkit-1/polkitd"
-
-src_prepare() {
-	default
-
-	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
-
-	# Workaround upstream hack around standard gtk-doc behavior, bug #552170
-	sed -i -e 's/@ENABLE_GTK_DOC_TRUE@\(TARGET_DIR\)/\1/' \
-		-e '/install-data-local:/,/uninstall-local:/ s/@ENABLE_GTK_DOC_TRUE@//' \
-		-e 's/@ENABLE_GTK_DOC_FALSE@install-data-local://' \
-		docs/polkit/Makefile.in || die
-
-	# disable broken test - bug #624022
-	sed -i -e "/^SUBDIRS/s/polkitbackend//" test/Makefile.am || die
-
-	# Fix cross-building, bug #590764, elogind patch, bug #598615
-	eautoreconf
-}
-
-src_configure() {
-	xdg_environment_reset
-
-	local myeconfargs=(
-		--localstatedir="${EPREFIX}"/var
-		--disable-static
-		--enable-man-pages
-		--disable-gtk-doc
-		--disable-examples
-		$(use_enable elogind libelogind)
-		$(use_enable introspection)
-		$(use_enable nls)
-		$(usex pam "--with-pam-module-dir=$(getpam_mod_dir)" '')
-		--with-authfw=$(usex pam pam shadow)
-		$(use_enable systemd libsystemd-login)
-		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
-		$(use_enable test)
-		--with-os-type=gentoo
-	)
-
-	if use duktape; then
-		 myeconfargs+=( --with-duktape )
-	fi
-
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	# Required for polkitd on hardened/PaX due to spidermonkey's JIT
-	pax-mark mr src/polkitbackend/.libs/polkitd test/polkitbackend/.libs/polkitbackendjsauthoritytest
-}
-
-src_install() {
-	default
-
-	if use examples; then
-		docinto examples
-		dodoc src/examples/{*.c,*.policy*}
-	fi
-
-	diropts -m 0700 -o polkitd
-	keepdir /usr/share/polkit-1/rules.d
-
-	find "${ED}" -name '*.la' -delete || die
-}
-
-pkg_postinst() {
-	chmod 0700 "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-	chown polkitd "${EROOT}"/{etc,usr/share}/polkit-1/rules.d
-}
diff --git a/sys-auth/polkit/polkit-0.120-r1.ebuild b/sys-auth/polkit/polkit-0.120-r2.ebuild
index a75f950a..24b53b1f 100644
--- a/sys-auth/polkit/polkit-0.120-r1.ebuild
+++ b/sys-auth/polkit/polkit-0.120-r2.ebuild
@@ -56,11 +56,6 @@ PDEPEND="
 	kde? ( kde-plasma/polkit-kde-agent )
 "
 
-PATCHES=(
-	"${DISTDIR}"/${PN}-0.120-duktape-1.patch
-	"${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
-)
-
 DOCS=( docs/TODO HACKING NEWS README )
 
 QA_MULTILIB_PATHS="
@@ -68,6 +63,12 @@ QA_MULTILIB_PATHS="
 	usr/lib/polkit-1/polkitd"
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/polkit-0.120-meson.patch"
+		"${FILESDIR}/polkit-0.120-CVE-2021-4043.patch"
+		"${DISTDIR}"/${PN}-0.120-duktape-1.patch
+		"${FILESDIR}"/${PN}-0.118-make-netgroup-support-optional.patch
+	)
 	default
 
 	sed -i -e 's|unix-group:wheel|unix-user:0|' src/polkitbackend/*-default.rules || die #401513
@@ -114,6 +115,7 @@ src_install() {
 	# meson does not install required files with SUID bit. See
 	#  https://bugs.gentoo.org/816393
 	# Remove the following lines once this has been fixed by upstream
+	# (should be fixed in next release: https://gitlab.freedesktop.org/polkit/polkit/-/commit/4ff1abe4a4c1f8c8378b9eaddb0346ac6448abd8)
 	fperms u+s /usr/bin/pkexec
 	fperms u+s /usr/lib/polkit-1/polkit-agent-helper-1
 }
author	Jory Pratt <anarchy@gentoo.org>	2022-01-26 07:37:13 -0600
committer	Jory Pratt <anarchy@gentoo.org>	2022-01-26 07:37:39 -0600
commit	7b63ecc28ba29ecf67bf377328ad2534a0a9968e (patch)
tree	1b9ef6210424295ee2df266dbd7e21e57437d2cb /sys-auth
parent	sys-auth/polkit: fix build with -duktape (diff)
download	musl-7b63ecc28ba29ecf67bf377328ad2534a0a9968e.tar.gz musl-7b63ecc28ba29ecf67bf377328ad2534a0a9968e.tar.bz2 musl-7b63ecc28ba29ecf67bf377328ad2534a0a9968e.zip