diff options
| author | Rasmus Thomsen <oss@cogitri.dev> | 2019-04-27 09:56:29 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-05-04 17:12:57 +0000 |
| commit | ec563f54fcb69061dbbeb7ac0d4bc08455148f90 (patch) | |
| tree | d0811b771c0e396450c6c8de4bcbbf40639ebeb2 /main | |
| parent | 257168624752e0b5ca396b9776a89e8a03db50a3 (diff) | |
| download | aports-ec563f54fcb69061dbbeb7ac0d4bc08455148f90.tar.bz2 aports-ec563f54fcb69061dbbeb7ac0d4bc08455148f90.tar.xz | |
main/polkit: update to 0.115
Diffstat (limited to 'main')
| -rw-r--r-- | main/polkit/0001-Bug-50145-make-netgroup-support-optional.patch | 108 | ||||
| -rw-r--r-- | main/polkit/APKBUILD | 72 | ||||
| -rw-r--r-- | main/polkit/CVE-2013-4288.patch | 123 | ||||
| -rw-r--r-- | main/polkit/CVE-2015-3218.patch | 115 | ||||
| -rw-r--r-- | main/polkit/CVE-2015-3255.patch | 67 | ||||
| -rw-r--r-- | main/polkit/CVE-2015-4625.patch | 1008 | ||||
| -rw-r--r-- | main/polkit/CVE-2018-19788.patch | 40 | ||||
| -rw-r--r-- | main/polkit/alpine-pam.patch | 18 | ||||
| -rw-r--r-- | main/polkit/automake.patch | 19 | ||||
| -rw-r--r-- | main/polkit/disable-ck-test.patch | 15 | ||||
| -rw-r--r-- | main/polkit/fix-consolekit-db-stat.patch | 30 | ||||
| -rw-r--r-- | main/polkit/fix-parallel-make.patch | 40 | ||||
| -rw-r--r-- | main/polkit/fix-test-fgetpwent.patch | 20 | ||||
| -rw-r--r-- | main/polkit/make-innetgr-optional.patch | 68 | ||||
| -rw-r--r-- | main/polkit/mozjs60-1.patch | 28 | ||||
| -rw-r--r-- | main/polkit/mozjs60-2.patch | 158 | ||||
| -rw-r--r-- | main/polkit/polkit.pre-install | 6 |
17 files changed, 311 insertions, 1624 deletions
diff --git a/main/polkit/0001-Bug-50145-make-netgroup-support-optional.patch b/main/polkit/0001-Bug-50145-make-netgroup-support-optional.patch deleted file mode 100644 index 1498e831ab..0000000000 --- a/main/polkit/0001-Bug-50145-make-netgroup-support-optional.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 2428beec9189bb93e6e1fdd5bdde35acf5279a03 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Sun, 20 May 2012 15:42:56 +0200 -Subject: [PATCH] Bug 50145 - make netgroup support optional - -https://bugs.freedesktop.org/show_bug.cgi?id=50145 - -netgroups are not defined in POSIX and are not be available on -all systems. - -We check for getnetgrent in configure script. - -Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> ---- - configure.ac | 2 +- - src/polkitbackend/polkitbackendlocalauthority.c | 8 ++++++-- - src/polkitbackend/polkitbackendlocalauthorizationstore.c | 3 ++- - 3 files changed, 9 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index f325922..711aa7c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -141,7 +141,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) - --AC_CHECK_FUNCS(clearenv) -+AC_CHECK_FUNCS(clearenv getnetgrent) - - if test "x$GCC" = "xyes"; then - LDFLAGS="-Wl,--as-needed $LDFLAGS" -diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c -index b53eda3..f14e924 100644 ---- a/src/polkitbackend/polkitbackendlocalauthority.c -+++ b/src/polkitbackend/polkitbackendlocalauthority.c -@@ -52,9 +52,10 @@ - - static GList *get_users_in_group (PolkitIdentity *group, - gboolean include_root); -- -+#if defined HAVE_GETNETGRENT - static GList *get_users_in_net_group (PolkitIdentity *group, - gboolean include_root); -+#endif - - static GList *get_groups_for_user (PolkitIdentity *user); - -@@ -511,10 +512,12 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti - { - ret = g_list_concat (ret, get_users_in_group (identity, FALSE)); - } -+#if defined HAVE_GETNETGRENT - else if (POLKIT_IS_UNIX_NETGROUP (identity)) - { - ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE)); - } -+#endif - else - { - g_warning ("Unsupported identity %s", admin_identities[n]); -@@ -690,6 +693,7 @@ get_users_in_group (PolkitIdentity *group, - return ret; - } - -+#if defined HAVE_GETNETGRENT - static GList * - get_users_in_net_group (PolkitIdentity *group, - gboolean include_root) -@@ -741,7 +745,7 @@ get_users_in_net_group (PolkitIdentity *group, - endnetgrent (); - return ret; - } -- -+#endif - - static GList * - get_groups_for_user (PolkitIdentity *user) -diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c -index 2ddfe75..02553c4 100644 ---- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c -+++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c -@@ -725,6 +725,7 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization - break; - } - -+#if defined HAVE_GETNETGRENT - /* if no identity specs matched and identity is a user, match against netgroups */ - if (ll == NULL && POLKIT_IS_UNIX_USER (identity)) - { -@@ -732,13 +733,13 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization - const gchar *user_name = polkit_unix_user_get_name (user_identity); - if (!user_name) - continue; -- - for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next) - { - if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL)) - break; - } - } -+#endif - - if (ll == NULL) - continue; --- -1.7.10.2 - diff --git a/main/polkit/APKBUILD b/main/polkit/APKBUILD index a231a1089b..d7a19d5a97 100644 --- a/main/polkit/APKBUILD +++ b/main/polkit/APKBUILD @@ -1,42 +1,34 @@ # Contributor: Carlo Landmeter # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=polkit -pkgver=0.105 -pkgrel=10 +pkgver=0.115 +pkgrel=0 pkgdesc="Application development toolkit for controlling system-wide privileges" -url="http://www.freedesktop.org/wiki/Software/polkit/" -arch="all" -license="LGPL-2.0+" -depends= -options="suid" -depends_dev="eggdbus-dev dbus-glib-dev" +url="https://www.freedesktop.org/wiki/Software/polkit/" +arch="all !armhf !armv7 !sx390" # limited by mozjs60 +license="GPL-2.0-or-later" +options="suid !check" +depends_dev="dbus-glib-dev" makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev - intltool autoconf automake libtool bash" -install= + intltool autoconf automake libtool bash mozjs60-dev linux-pam-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" source="https://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz - 0001-Bug-50145-make-netgroup-support-optional.patch - CVE-2013-4288.patch - CVE-2015-3218.patch - CVE-2015-3255.patch - CVE-2015-4625.patch CVE-2018-19788.patch - automake.patch - fix-parallel-make.patch - fix-consolekit-db-stat.patch - fix-test-fgetpwent.patch - disable-ck-test.patch + make-innetgr-optional.patch + mozjs60-1.patch + mozjs60-2.patch + alpine-pam.patch " +install="polkit.pre-install" +pkgusers="polkitd" +pkggroups="polkitd" -# secfixes: -# 0.105-r9: -# - CVE-2018-19788 +builddir="$srcdir/$pkgname-$pkgver" prepare() { cd "$builddir" - update_config_sub default_prepare - libtoolize --force && aclocal && autoconf && automake --add-missing + autoreconf -fi } build() { @@ -51,13 +43,15 @@ build() { --libexecdir=/usr/lib/polkit-1 \ --localstatedir=/var \ --disable-static \ - --disable-nls \ --enable-introspection \ - --with-authfw=shadow \ + --with-authfw=pam \ --with-os-type=alpine \ --disable-gtk-doc \ --disable-gtk-doc-html \ - --disable-gtk-doc-pdf + --disable-gtk-doc-pdf \ + --disable-libelogind \ + --disable-systemd \ + --disable-libsystemd-login make } @@ -71,17 +65,15 @@ package() { cd "$builddir" # Set SHELL as a workaround for #10081 make SHELL=/bin/bash DESTDIR="$pkgdir" install + + # Required to run the polkitd daemon as non-root + chown -R polkitd:polkitd "$pkgdir"/etc/polkit-1/rules.d "$pkgdir"/usr/share/polkit-1/rules.d + chmod -R 700 "$pkgdir"/etc/polkit-1/rules.d "$pkgdir"/usr/share/polkit-1/rules.d } -sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3 polkit-0.105.tar.gz -09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e 0001-Bug-50145-make-netgroup-support-optional.patch -d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb CVE-2013-4288.patch -625be61ca38267508bb360002c410414f7ca814487f4a51257906118731e208be0c90d21f45ac90fd9f64f2f5937fa1e312d6900179853fabbaaf5e75073c82c CVE-2015-3218.patch -0b26b819da0b34f10ff8a768850560b3207a6e10a7141bd1aa4769c1cb2829eb110164974b99d993d4e3a62145ace0fc5375489f84d2b56fe08e3430e3232aa8 CVE-2015-3255.patch -32ecc38db938fc1e3d14ffd9c492d12a42a91750e0eb1f66f8346d0cefd6e18fd0dffac8bffc65578cfb56c9598d3b336721477e8496de2619d6d69f1a6b309e CVE-2015-4625.patch -9bde734555526c77cac43b0aa90545ede4718d837bb2cb4b9fe5833cdaee0cc91215df4c7103fd675add434c1344385ce4b03c4fdeb3024245e4721cd0703f6a CVE-2018-19788.patch -25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf automake.patch -6b0d9262ba8b3c000acdcc8c86bd6fc043e5750a0155730638d4e3a92e63f43cb476d63b11856c041d60d8f38f7eb5ada0eb0eced9100bdac3bc2c7dd5108ddd fix-parallel-make.patch -95493ef842b46ce9e724933a5d86083589075fb452435057b8f629643cac7c7eff67a24fd188087987e98057f0130757fad546d0c090767da3d71ebaf8485a24 fix-consolekit-db-stat.patch -966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b fix-test-fgetpwent.patch -f73ab05ab5fdc90d3961fdcf88fa57eee8c90af4960b20d7ac845d2395c4cc20873ddc72bfd00fd127471336807faa705d0845444a0218343e74063e8f190980 disable-ck-test.patch" +sha512sums="1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc polkit-0.115.tar.gz +5b951d7532b0ad51214cf63814cb863fe83ebc57722245cef3f5f003bba368ffd18fab03b9f23bbef8ed30972ad32f074d25491c3fe338389e02e279b4ced62c CVE-2018-19788.patch +1e679eda2cacb25ad0d7409ab7c5811697519e46d3873a86a9ff2d8d3d3664e63c925ab13e5faf643031ea27e8e35730556121c96e06acd28c5f690848a8ce00 make-innetgr-optional.patch +8d71494ddfc3f8d24b6c7dbab2b0440d9ab9df49d9e095c90f3802054bf858f4c81c644d1ab64872a6ea61ae70c58a181e47123a4c50bd8a339b27a23bfffaaa mozjs60-1.patch +d7dc9fc3189a0897e8f484f7dfcee3722f75694401f7a01cac3eb1f0f6cb639081136e86e4bf467c908f77c847d4ddf310817c722fd21a73662ca6b908ce8d53 mozjs60-2.patch +077a3e10ada918e6f9879ce50bba9145229bd92d3f13d4c6454147eb051086afbcf8d0a683a5ebe583ba00f956db011aa1afd3d9e99d7693e288737191468b8f alpine-pam.patch" diff --git a/main/polkit/CVE-2013-4288.patch b/main/polkit/CVE-2013-4288.patch deleted file mode 100644 index 0ca8131e81..0000000000 --- a/main/polkit/CVE-2013-4288.patch +++ /dev/null @@ -1,123 +0,0 @@ -From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001 -From: Colin Walters <walters@verbum.org> -Date: Mon, 19 Aug 2013 12:16:11 -0400 -Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too - -The uid is a new addition; this allows callers such as libvirt to -close a race condition in reading the uid of the process talking to -them. They can read it via getsockopt(SO_PEERCRED) or equivalent, -rather than having pkcheck look at /proc later after the fact. - -Programs which invoke pkcheck but need to know beforehand (i.e. at -compile time) whether or not it supports passing the uid can -use: - -pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) -test x$pkcheck_supports_uid = xyes - -Conflicts: - docs/man/pkcheck.xml - src/programs/pkcheck.c ---- - data/polkit-gobject-1.pc.in | 3 +++ - docs/man/pkcheck.xml | 33 +++++++++++++++++++++------------ - src/programs/pkcheck.c | 7 ++++++- - 3 files changed, 30 insertions(+), 13 deletions(-) - -diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in -index c39677d..5c4c620 100644 ---- a/data/polkit-gobject-1.pc.in -+++ b/data/polkit-gobject-1.pc.in -@@ -11,3 +11,6 @@ Version: @VERSION@ - Libs: -L${libdir} -lpolkit-gobject-1 - Cflags: -I${includedir}/polkit-1 - Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 -+# Programs using pkcheck can use this to determine -+# whether or not it can be passed a uid. -+pkcheck_supports_uid=true -diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml -index 6b8a874..9f2faef 100644 ---- a/docs/man/pkcheck.xml -+++ b/docs/man/pkcheck.xml -@@ -55,6 +55,9 @@ - <arg choice="plain"> - <replaceable>pid,pid-start-time</replaceable> - </arg> -+ <arg choice="plain"> -+ <replaceable>pid,pid-start-time,uid</replaceable> -+ </arg> - </group> - </arg> - <arg choice="plain"> -@@ -90,7 +93,7 @@ - <title>DESCRIPTION</title> - <para> - <command>pkcheck</command> is used to check whether a process, specified by -- either <option>--process</option> or <option>--system-bus-name</option>, -+ either <option>--process</option> (see below) or <option>--system-bus-name</option>, - is authorized for <replaceable>action</replaceable>. The <option>--detail</option> - option can be used zero or more times to pass details about <replaceable>action</replaceable>. - If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks -@@ -160,17 +163,23 @@ KEY3=VALUE3 - <refsect1 id="pkcheck-notes"> - <title>NOTES</title> - <para> -- Since process identifiers can be recycled, the caller should always use -- <replaceable>pid,pid-start-time</replaceable> to specify the process -- to check for authorization when using the <option>--process</option> option. -- The value of <replaceable>pid-start-time</replaceable> -- can be determined by consulting e.g. the -- <citerefentry> -- <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum> -- </citerefentry> -- file system depending on the operating system. If only <replaceable>pid</replaceable> -- is passed to the <option>--process</option> option, then <command>pkcheck</command> -- will look up the start time itself but note that this may be racy. -+ Do not use either the bare <replaceable>pid</replaceable> or -+ <replaceable>pid,start-time</replaceable> syntax forms for -+ <option>--process</option>. There are race conditions in both. -+ New code should always use -+ <replaceable>pid,pid-start-time,uid</replaceable>. The value of -+ <replaceable>start-time</replaceable> can be determined by -+ consulting e.g. the -+ <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry> -+ file system depending on the operating system. If fewer than 3 -+ arguments are passed, <command>pkcheck</command> will attempt to -+ look up them up internally, but note that this may be racy. -+ </para> -+ <para> -+ If your program is a daemon with e.g. a custom Unix domain -+ socket, you should determine the <replaceable>uid</replaceable> -+ parameter via operating system mechanisms such as -+ <literal>PEERCRED</literal>. - </para> - </refsect1> - -diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c -index 719a36c..057e926 100644 ---- a/src/programs/pkcheck.c -+++ b/src/programs/pkcheck.c -@@ -372,6 +372,7 @@ main (int argc, char *argv[]) - else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) - { - gint pid; -+ guint uid; - guint64 pid_start_time; - - n++; -@@ -381,7 +382,11 @@ main (int argc, char *argv[]) - goto out; - } - -- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) -+ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) -+ { -+ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); -+ } -+ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) - { - subject = polkit_unix_process_new_full (pid, pid_start_time); - } --- -1.8.5.1 - diff --git a/main/polkit/CVE-2015-3218.patch b/main/polkit/CVE-2015-3218.patch deleted file mode 100644 index 977825102d..0000000000 --- a/main/polkit/CVE-2015-3218.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 48e646918efb2bf0b3b505747655726d7869f31c Mon Sep 17 00:00:00 2001 -From: Colin Walters <walters@redhat.com> -Date: Sat, 30 May 2015 09:06:23 -0400 -Subject: CVE-2015-3218: backend: Handle invalid object paths in - RegisterAuthenticationAgent -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Properly propagate the error, otherwise we dereference a `NULL` -pointer. This is a local, authenticated DoS. - -`RegisterAuthenticationAgentWithOptions` and -`UnregisterAuthentication` have been validated to not need changes for -this. - -http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html -https://bugs.freedesktop.org/show_bug.cgi?id=90829 - -Reported-by: Tavis Ormandy <taviso@google.com> -Reviewed-by: Philip Withnall <philip@tecnocode.co.uk> -Reviewed-by: Miloslav Trmač <mitr@redhat.com> -Signed-off-by: Colin Walters <walters@redhat.com> - -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index f6ea0fc..587f954 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -1566,36 +1566,42 @@ authentication_agent_new (PolkitSubject *scope, - const gchar *unique_system_bus_name, - const gchar *locale, - const gchar *object_path, -- GVariant *registration_options) -+ GVariant *registration_options, -+ GError **error) - { - AuthenticationAgent *agent; -- GError *error; -+ GDBusProxy *proxy; - -- agent = g_new0 (AuthenticationAgent, 1); -+ if (!g_variant_is_object_path (object_path)) -+ { -+ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -+ "Invalid object path '%s'", object_path); -+ return NULL; -+ } -+ -+ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, -+ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | -+ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, -+ NULL, /* GDBusInterfaceInfo* */ -+ unique_system_bus_name, -+ object_path, -+ "org.freedesktop.PolicyKit1.AuthenticationAgent", -+ NULL, /* GCancellable* */ -+ error); -+ if (proxy == NULL) -+ { -+ g_prefix_error (error, "Failed to construct proxy for agent: " ); -+ return NULL; -+ } - -+ agent = g_new0 (AuthenticationAgent, 1); - agent->ref_count = 1; - agent->scope = g_object_ref (scope); - agent->object_path = g_strdup (object_path); - agent->unique_system_bus_name = g_strdup (unique_system_bus_name); - agent->locale = g_strdup (locale); - agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; -- -- error = NULL; -- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, -- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | -- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, -- NULL, /* GDBusInterfaceInfo* */ -- agent->unique_system_bus_name, -- agent->object_path, -- "org.freedesktop.PolicyKit1.AuthenticationAgent", -- NULL, /* GCancellable* */ -- &error); -- if (agent->proxy == NULL) -- { -- g_warning ("Error constructing proxy for agent: %s", error->message); -- g_error_free (error); -- /* TODO: Make authentication_agent_new() return NULL and set a GError */ -- } -+ agent->proxy = proxy; - - return agent; - } -@@ -2398,8 +2404,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken - caller_cmdline = NULL; - agent = NULL; - -- /* TODO: validate that object path is well-formed */ -- - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); - priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); - -@@ -2486,7 +2490,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken - polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), - locale, - object_path, -- options); -+ options, -+ error); -+ if (!agent) -+ goto out; - - g_hash_table_insert (priv->hash_scope_to_authentication_agent, - g_object_ref (subject), --- -cgit v0.10.2 - diff --git a/main/polkit/CVE-2015-3255.patch b/main/polkit/CVE-2015-3255.patch deleted file mode 100644 index 1bd7c6bcf5..0000000000 --- a/main/polkit/CVE-2015-3255.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com> -Date: Wed, 1 Apr 2015 05:22:37 +0200 -Subject: CVE-2015-3255 Fix GHashTable usage. - -Don't assume that the hash table with free both the key and the value -at the same time, supply proper deallocation functions for the key -and value separately. - -Then drop ParsedAction::action_id which is no longer used for anything. - -https://bugs.freedesktop.org/show_bug.cgi?id=69501 -and -https://bugs.freedesktop.org/show_bug.cgi?id=83590 - -CVE: CVE-2015-3255 - -diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c -index bc14381..3894fe9 100644 ---- a/src/polkitbackend/polkitbackendactionpool.c -+++ b/src/polkitbackend/polkitbackendactionpool.c -@@ -40,7 +40,6 @@ - - typedef struct - { -- gchar *action_id; - gchar *vendor_name; - gchar *vendor_url; - gchar *icon_name; -@@ -62,7 +61,6 @@ typedef struct - static void - parsed_action_free (ParsedAction *action) - { -- g_free (action->action_id); - g_free (action->vendor_name); - g_free (action->vendor_url); - g_free (action->icon_name); -@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) - - priv->parsed_actions = g_hash_table_new_full (g_str_hash, - g_str_equal, -- NULL, -+ g_free, - (GDestroyNotify) parsed_action_free); - - priv->parsed_files = g_hash_table_new_full (g_str_hash, -@@ -988,7 +986,6 @@ _end (void *data, const char *el) - icon_name = pd->global_icon_name; - - action = g_new0 (ParsedAction, 1); -- action->action_id = g_strdup (pd->action_id); - action->vendor_name = g_strdup (vendor); - action->vendor_url = g_strdup (vendor_url); - action->icon_name = g_strdup (icon_name); -@@ -1003,7 +1000,8 @@ _end (void *data, const char *el) - action->implicit_authorization_inactive = pd->implicit_authorization_inactive; - action->implicit_authorization_active = pd->implicit_authorization_active; - -- g_hash_table_insert (priv->parsed_actions, action->action_id, action); -+ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), -+ action); - - /* we steal these hash tables */ - pd->annotations = NULL; --- -cgit v0.10.2 - diff --git a/main/polkit/CVE-2015-4625.patch b/main/polkit/CVE-2015-4625.patch deleted file mode 100644 index 4a43fb4336..0000000000 --- a/main/polkit/CVE-2015-4625.patch +++ /dev/null @@ -1,1008 +0,0 @@ -From ea544ffc18405237ccd95d28d7f45afef49aca17 Mon Sep 17 00:00:00 2001 -From: Colin Walters <walters@redhat.com> -Date: Thu, 4 Jun 2015 12:15:18 -0400 -Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Tavis noted that it'd be possible with a 32 bit counter for someone to -cause the cookie to wrap by creating Authentication requests in a -loop. - -Something important to note here is that wrapping of signed integers -is undefined behavior in C, so we definitely want to fix that. All -counter integers used in this patch are unsigned. - -See the comment above `authentication_agent_generate_cookie` for -details, but basically we're now using a cookie of the form: - -``` - <agent serial> - <agent random id> - <session serial> - <session -random id> -``` - -Which has multiple 64 bit counters, plus unpredictable random 128 bit -integer ids (effectively UUIDs, but we're not calling them that -because we don't need to be globally unique. - -We further ensure that the cookies are not visible to other processes -by changing the setuid helper to accept them over standard input. This -means that an attacker would have to guess both ids. - -In any case, the security hole here is better fixed with the other -change to bind user id (uid) of the agent with cookie lookups, making -cookie guessing worthless. - -Nevertheless, I think it's worth doing this change too, for defense in -depth. - -Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 -CVE: CVE-2015-4625 -Reported-by: Tavis Ormandy <taviso@google.com> -Reviewed-by: Miloslav Trmač <mitr@redhat.com> -Signed-off-by: Colin Walters <walters@redhat.com> - -diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c -index 937386e..19062aa 100644 ---- a/src/polkitagent/polkitagenthelper-pam.c -+++ b/src/polkitagent/polkitagenthelper-pam.c -@@ -65,7 +65,7 @@ main (int argc, char *argv[]) - { - int rc; - const char *user_to_auth; -- const char *cookie; -+ char *cookie = NULL; - struct pam_conv pam_conversation; - pam_handle_t *pam_h; - const void *authed_user; -@@ -97,7 +97,7 @@ main (int argc, char *argv[]) - openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); - - /* check for correct invocation */ -- if (argc != 3) -+ if (!(argc == 2 || argc == 3)) - { - syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); - fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); -@@ -105,7 +105,10 @@ main (int argc, char *argv[]) - } - - user_to_auth = argv[1]; -- cookie = argv[2]; -+ -+ cookie = read_cookie (argc, argv); -+ if (!cookie) -+ goto error; - - if (getuid () != 0) - { -@@ -203,6 +206,8 @@ main (int argc, char *argv[]) - goto error; - } - -+ free (cookie); -+ - #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); - #endif /* PAH_DEBUG */ -@@ -212,6 +217,7 @@ main (int argc, char *argv[]) - return 0; - - error: -+ free (cookie); - if (pam_h != NULL) - pam_end (pam_h, rc); - -diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c -index a4f73ac..e877915 100644 ---- a/src/polkitagent/polkitagenthelper-shadow.c -+++ b/src/polkitagent/polkitagenthelper-shadow.c -@@ -46,7 +46,7 @@ main (int argc, char *argv[]) - { - struct spwd *shadow; - const char *user_to_auth; -- const char *cookie; -+ char *cookie = NULL; - time_t now; - - /* clear the entire environment to avoid attacks with -@@ -67,7 +67,7 @@ main (int argc, char *argv[]) - openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); - - /* check for correct invocation */ -- if (argc != 3) -+ if (!(argc == 2 || argc == 3)) - { - syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); - fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); -@@ -86,7 +86,10 @@ main (int argc, char *argv[]) - } - - user_to_auth = argv[1]; -- cookie = argv[2]; -+ -+ cookie = read_cookie (argc, argv); -+ if (!cookie) -+ goto error; - - #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); -@@ -153,6 +156,8 @@ main (int argc, char *argv[]) - goto error; - } - -+ free (cookie); -+ - #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); - #endif /* PAH_DEBUG */ -@@ -162,6 +167,7 @@ main (int argc, char *argv[]) - return 0; - - error: -+ free (cookie); - fprintf (stdout, "FAILURE\n"); - flush_and_wait (); - return 1; -diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c -index cfa77fc..e23f9f5 100644 ---- a/src/polkitagent/polkitagenthelperprivate.c -+++ b/src/polkitagent/polkitagenthelperprivate.c -@@ -23,6 +23,7 @@ - #include "config.h" - #include "polkitagenthelperprivate.h" - #include <stdio.h> -+#include <string.h> - #include <stdlib.h> - #include <unistd.h> - -@@ -45,6 +46,38 @@ _polkit_clearenv (void) - #endif - - -+char * -+read_cookie (int argc, char **argv) -+{ -+ /* As part of CVE-2015-4625, we started passing the cookie -+ * on standard input, to ensure it's not visible to other -+ * processes. However, to ensure that things continue -+ * to work if the setuid binary is upgraded while old -+ * agents are still running (this will be common with -+ * package managers), we support both modes. -+ */ -+ if (argc == 3) -+ return strdup (argv[2]); -+ else -+ { -+ char *ret = NULL; -+ size_t n = 0; -+ ssize_t r = getline (&ret, &n, stdin); -+ if (r == -1) -+ { -+ if (!feof (stdin)) -+ perror ("getline"); -+ free (ret); -+ return NULL; -+ } -+ else -+ { -+ g_strchomp (ret); -+ return ret; -+ } -+ } -+} -+ - gboolean - send_dbus_message (const char *cookie, const char *user) - { -diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h -index aeca2c7..547fdcc 100644 ---- a/src/polkitagent/polkitagenthelperprivate.h -+++ b/src/polkitagent/polkitagenthelperprivate.h -@@ -38,6 +38,8 @@ - - int _polkit_clearenv (void); - -+char *read_cookie (int argc, char **argv); -+ - gboolean send_dbus_message (const char *cookie, const char *user); - - void flush_and_wait (); -diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c -index f014773..8b93ad0 100644 ---- a/src/polkitagent/polkitagentsession.c -+++ b/src/polkitagent/polkitagentsession.c -@@ -55,6 +55,7 @@ - #include <stdio.h> - #include <sys/types.h> - #include <sys/wait.h> -+#include <gio/gunixoutputstream.h> - #include <pwd.h> - - #include "polkitagentmarshal.h" -@@ -88,7 +89,7 @@ struct _PolkitAgentSession - gchar *cookie; - PolkitIdentity *identity; - -- int child_stdin; -+ GOutputStream *child_stdin; - int child_stdout; - GPid child_pid; - -@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); - static void - polkit_agent_session_init (PolkitAgentSession *session) - { -- session->child_stdin = -1; - session->child_stdout = -1; - } - -@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) - session->child_stdout = -1; - } - -- if (session->child_stdin != -1) -- { -- g_warn_if_fail (close (session->child_stdin) == 0); -- session->child_stdin = -1; -- } -+ g_clear_object (&session->child_stdin); - - session->helper_is_running = FALSE; - -@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, - - add_newline = (response[response_len] != '\n'); - -- write (session->child_stdin, response, response_len); -+ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); - if (add_newline) -- write (session->child_stdin, newline, 1); -+ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); - } - - /** -@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) - { - uid_t uid; - GError *error; -- gchar *helper_argv[4]; -+ gchar *helper_argv[3]; - struct passwd *passwd; -+ int stdin_fd = -1; - - g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); - -@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) - - helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1"; - helper_argv[1] = passwd->pw_name; -- helper_argv[2] = session->cookie; -- helper_argv[3] = NULL; -+ helper_argv[2] = NULL; - -- session->child_stdin = -1; - session->child_stdout = -1; - - error = NULL; -@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) - NULL, - NULL, - &session->child_pid, -- &session->child_stdin, -+ &stdin_fd, - &session->child_stdout, - NULL, - &error)) -@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) - if (G_UNLIKELY (_show_debug ())) - g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - -+ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); -+ -+ /* Write the cookie on stdin so it can't be seen by other processes */ -+ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), -+ NULL, NULL, NULL); -+ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); -+ - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, - G_IO_IN | G_IO_ERR | G_IO_HUP); -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index 3f339e9..15adc6a 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -214,6 +214,8 @@ typedef struct - - GDBusConnection *system_bus_connection; - guint name_owner_changed_signal_id; -+ -+ guint64 agent_serial; - } PolkitBackendInteractiveAuthorityPrivate; - - /* ---------------------------------------------------------------------------------------------------- */ -@@ -439,11 +441,15 @@ struct AuthenticationAgent - volatile gint ref_count; - - PolkitSubject *scope; -+ guint64 serial; - - gchar *locale; - GVariant *registration_options; - gchar *object_path; - gchar *unique_system_bus_name; -+ GRand *cookie_pool; -+ gchar *cookie_prefix; -+ guint64 cookie_serial; - - GDBusProxy *proxy; - -@@ -1427,9 +1433,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, - authentication_session_cancel (session); - } - -+/* We're not calling this a UUID, but it's basically -+ * the same thing, just not formatted that way because: -+ * -+ * - I'm too lazy to do it -+ * - If we did, people might think it was actually -+ * generated from /dev/random, which we're not doing -+ * because this value doesn't actually need to be -+ * globally unique. -+ */ -+static void -+append_rand_u128_str (GString *buf, -+ GRand *pool) -+{ -+ g_string_append_printf (buf, "%08x%08x%08x%08x", -+ g_rand_int (pool), -+ g_rand_int (pool), -+ g_rand_int (pool), -+ g_rand_int (pool)); -+} -+ -+/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) -+ * pair, and not guessable by other agents. -+ * -+ * <agent serial> - <agent uuid> - <session serial> - <session uuid> -+ * -+ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html -+ * -+ */ -+static gchar * -+authentication_agent_generate_cookie (AuthenticationAgent *agent) -+{ -+ GString *buf = g_string_new (""); -+ -+ g_string_append (buf, agent->cookie_prefix); -+ -+ g_string_append_c (buf, '-'); -+ agent->cookie_serial++; -+ g_string_append_printf (buf, "%" G_GUINT64_FORMAT, -+ agent->cookie_serial); -+ g_string_append_c (buf, '-'); -+ append_rand_u128_str (buf, agent->cookie_pool); -+ -+ return g_string_free (buf, FALSE); -+} -+ -+ - static AuthenticationSession * - authentication_session_new (AuthenticationAgent *agent, -- const gchar *cookie, - PolkitSubject *subject, - PolkitIdentity *user_of_subject, - PolkitSubject *caller, -@@ -1447,7 +1498,7 @@ authentication_session_new (AuthenticationAgent *agent, - - session = g_new0 (AuthenticationSession, 1); - session->agent = authentication_agent_ref (agent); -- session->cookie = g_strdup (cookie); -+ session->cookie = authentication_agent_generate_cookie (agent); - session->subject = g_object_ref (subject); - session->user_of_subject = g_object_ref (user_of_subject); - session->caller = g_object_ref (caller); -@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) - g_free (session); - } - --static gchar * --authentication_agent_new_cookie (AuthenticationAgent *agent) --{ -- static gint counter = 0; -- -- /* TODO: use a more random-looking cookie */ -- -- return g_strdup_printf ("cookie%d", counter++); --} -- - static PolkitSubject * - authentication_agent_get_scope (AuthenticationAgent *agent) - { -@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) - g_free (agent->unique_system_bus_name); - if (agent->registration_options != NULL) - g_variant_unref (agent->registration_options); -+ g_rand_free (agent->cookie_pool); -+ g_free (agent->cookie_prefix); - g_free (agent); - } - } - - static AuthenticationAgent * --authentication_agent_new (PolkitSubject *scope, -+authentication_agent_new (guint64 serial, -+ PolkitSubject *scope, - const gchar *unique_system_bus_name, - const gchar *locale, - const gchar *object_path, -@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, - - agent = g_new0 (AuthenticationAgent, 1); - agent->ref_count = 1; -+ agent->serial = serial; - agent->scope = g_object_ref (scope); - agent->object_path = g_strdup (object_path); - agent->unique_system_bus_name = g_strdup (unique_system_bus_name); -@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, - agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - agent->proxy = proxy; - -+ { -+ GString *cookie_prefix = g_string_new (""); -+ GRand *agent_private_rand = g_rand_new (); -+ -+ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); -+ -+ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, -+ * whose sequence will not correlate with the per-authentication session -+ * cookies. -+ */ -+ append_rand_u128_str (cookie_prefix, agent_private_rand); -+ g_rand_free (agent_private_rand); -+ -+ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); -+ -+ /* And a newly seeded pool for per-session cookies */ -+ agent->cookie_pool = g_rand_new (); -+ } -+ - return agent; - } - -@@ -2193,7 +2257,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, - { - PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); - AuthenticationSession *session; -- gchar *cookie; - GList *l; - GList *identities; - gchar *localized_message; -@@ -2215,8 +2278,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, - &localized_icon_name, - &localized_details); - -- cookie = authentication_agent_new_cookie (agent); -- - identities = NULL; - - /* select admin user if required by the implicit authorization */ -@@ -2279,7 +2340,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, - user_identities = g_list_prepend (NULL, polkit_unix_user_new (0)); - - session = authentication_session_new (agent, -- cookie, - subject, - user_of_subject, - caller, -@@ -2335,7 +2395,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, - g_list_free_full (user_identities, g_object_unref); - g_list_foreach (identities, (GFunc) g_object_unref, NULL); - g_list_free (identities); -- g_free (cookie); - - g_free (localized_message); - g_free (localized_icon_name); -@@ -2482,7 +2541,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken - goto out; - } - -- agent = authentication_agent_new (subject, -+ priv->agent_serial++; -+ agent = authentication_agent_new (priv->agent_serial, -+ subject, - polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), - locale, - object_path, --- -cgit v0.10.2 - -From 493aa5dc1d278ab9097110c1262f5229bbaf1766 Mon Sep 17 00:00:00 2001 -From: Colin Walters <walters@redhat.com> -Date: Wed, 17 Jun 2015 13:07:02 -0400 -Subject: CVE-2015-4625: Bind use of cookies to specific uids -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html - -The "cookie" value that Polkit hands out is global to all polkit -users. And when `AuthenticationAgentResponse` is invoked, we -previously only received the cookie and *target* identity, and -attempted to find an agent from that. - -The problem is that the current cookie is just an integer -counter, and if it overflowed, it would be possible for -an successful authorization in one session to trigger a response -in another session. - -The overflow and ability to guess the cookie were fixed by the -previous patch. - -This patch is conceptually further hardening on top of that. Polkit -currently treats uids as equivalent from a security domain -perspective; there is no support for -SELinux/AppArmor/etc. differentiation. - -We can retrieve the uid from `getuid()` in the setuid helper, which -allows us to ensure the uid invoking `AuthenticationAgentResponse2` -matches that of the agent. - -Then the authority only looks at authentication sessions matching the -cookie that were created by a matching uid, thus removing the ability -for different uids to interfere with each other entirely. - -Several fixes to this patch were contributed by: -Miloslav Trmač <mitr@redhat.com> - -Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 -CVE: CVE-2015-4625 -Reported-by: Tavis Ormandy <taviso@google.com> -Reviewed-by: Miloslav Trmač <mitr@redhat.com> -Signed-off-by: Colin Walters <walters@redhat.com> - -diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml -index 3b519c2..5beef7d 100644 ---- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml -+++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml -@@ -8,7 +8,19 @@ - <annotation name="org.gtk.EggDBus.DocString" value="<para>This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.</para><para>An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent() and org.freedesktop.PolicyKit1.Authority.UnregisterAuthenticationAgent() methods on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.</para>"/> - - <method name="BeginAuthentication"> -- <annotation name="org.gtk.EggDBus.DocString" value="<para>Called by the PolicyKit daemon when the authentication agent needs the user to authenticate as one of the identities in @identities for the action with the identifier @action_id.</para><para>Upon succesful authentication, the authentication agent must invoke the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning.</para><para>If the user dismisses the authentication dialog, the authentication agent should return an error.</para>"/> -+ <annotation name="org.gtk.EggDBus.DocString" value="<para>Called -+ by the PolicyKit daemon when the authentication agent needs the -+ user to authenticate as one of the identities in @identities for -+ the action with the identifier @action_id.</para><para>This -+ authentication is normally achieved via the -+ polkit_agent_session_response() API, which invokes a private -+ setuid helper process to verify the authentication. When -+ successful, it calls the -+ org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() -+ method on the #org.freedesktop.PolicyKit1.Authority interface of -+ the PolicyKit daemon before returning. If the user dismisses the -+ authentication dialog, the authentication agent should call -+ polkit_agent_session_cancel().</para>"/> - - <arg name="action_id" direction="in" type="s"> - <annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/> -diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml -index fbfb9cd..f9021ee 100644 ---- a/data/org.freedesktop.PolicyKit1.Authority.xml -+++ b/data/org.freedesktop.PolicyKit1.Authority.xml -@@ -313,7 +313,29 @@ - </method> - - <method name="AuthenticationAgentResponse"> -- <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it."/> -+ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful -+authentication, intended only for use by a privileged helper process -+internal to polkit."/> -+ -+ <arg name="cookie" direction="in" type="s"> -+ <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/> -+ </arg> -+ -+ <arg name="identity" direction="in" type="(sa{sv})"> -+ <annotation name="org.gtk.EggDBus.Type" value="Identity"/> -+ <annotation name="org.gtk.EggDBus.DocString" value="A #Identity struct describing what identity was authenticated."/> -+ </arg> -+ </method> -+ -+ <method name="AuthenticationAgentResponse2"> -+ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful -+authentication, intended only for use by a privileged helper process -+internal to polkit. Note this method was added in 0.114, and should be preferred over AuthenticationAgentResponse -+as it fixes a security issue."/> -+ -+ <arg name="uid" direction="in" type="u"> -+ <annotation name="org.gtk.EggDBus.DocString" value="The real uid of the agent. Normally set by the setuid helper program."/> -+ </arg> - - <arg name="cookie" direction="in" type="s"> - <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/> -diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml -index 6525e25..e66bf53 100644 ---- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml -+++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml -@@ -42,6 +42,8 @@ Structure <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth - IN String object_path) - <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse</link> (IN String cookie, - IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) -+<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse2</link> (IN uint32 uid, IN String cookie, -+ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) - <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.EnumerateTemporaryAuthorizations">EnumerateTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject, - OUT Array<<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>> temporary_authorizations) - <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject) -@@ -777,10 +779,52 @@ AuthenticationAgentResponse (IN String cookie, - IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) - </programlisting> - <para> --Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. -+Method for authentication agents to invoke on successful -+authentication, intended only for use by a privileged helper process -+internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. -+ </para> -+<variablelist role="params"> -+ <varlistentry> -+ <term><literal>IN String <parameter>cookie</parameter></literal>:</term> -+ <listitem> -+ <para> -+The cookie identifying the authentication request that was passed to the authentication agent. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> -+ <term><literal>IN <link linkend="eggdbus-struct-Identity">Identity</link> <parameter>identity</parameter></literal>:</term> -+ <listitem> -+ <para> -+A <link linkend="eggdbus-struct-Identity">Identity</link> struct describing what identity was authenticated. -+ </para> -+ </listitem> -+ </varlistentry> -+</variablelist> -+ </refsect2> -+ <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2"> -+ <title>AuthenticationAgentResponse2 ()</title> -+ <programlisting> -+AuthenticationAgentResponse2 (IN uint32 uid, -+ IN String cookie, -+ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) -+ </programlisting> -+ <para> -+Method for authentication agents to invoke on successful -+authentication, intended only for use by a privileged helper process -+internal to polkit. Note this method was introduced in 0.114 to fix a security issue. - </para> - <variablelist role="params"> - <varlistentry> -+ <term><literal>IN uint32 <parameter>uid</parameter></literal>:</term> -+ <listitem> -+ <para> -+The user id of the agent; normally this is the owner of the parent pid -+of the process that invoked the internal setuid helper. -+ </para> -+ </listitem> -+ </varlistentry> -+ <varlistentry> - <term><literal>IN String <parameter>cookie</parameter></literal>:</term> - <listitem> - <para> -diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml -index 150a7bc..176d2ea 100644 ---- a/docs/polkit/overview.xml -+++ b/docs/polkit/overview.xml -@@ -314,16 +314,18 @@ - <para> - Authentication agents are provided by desktop environments. When - an user session starts, the agent registers with the polkit -- Authority using -- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link> -+ Authority using the <link -+ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link> - method. When services are needed, the authority will invoke -- methods on -- the <link linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link> -+ methods on the <link -+ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link> - D-Bus interface. Once the user is authenticated, (a privileged -- part of) the agent invokes -- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link> -- method. Note that the polkit Authority itself does not care -- how the agent authenticates the user. -+ part of) the agent invokes the <link -+ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link> -+ method. This method should be treated as an internal -+ implementation detail, and callers should use the public shared -+ library API to invoke it, which currently uses a setuid helper -+ program. - </para> - <para> - The <link linkend="ref-authentication-agent-api">libpolkit-agent-1</link> -diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c -index ab6d3cd..6bd684a 100644 ---- a/src/polkit/polkitauthority.c -+++ b/src/polkit/polkitauthority.c -@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, - gpointer user_data) - { - GVariant *identity_value; -+ /* Note that in reality, this API is only accessible to root, and -+ * only called from the setuid helper `polkit-agent-helper-1`. -+ * -+ * However, because this is currently public API, we avoid -+ * triggering warnings from ABI diff type programs by just grabbing -+ * the real uid of the caller here. -+ */ -+ uid_t uid = getuid (); - - g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); - g_return_if_fail (cookie != NULL); -@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, - identity_value = polkit_identity_to_gvariant (identity); - g_variant_ref_sink (identity_value); - g_dbus_proxy_call (authority->proxy, -- "AuthenticationAgentResponse", -- g_variant_new ("(s@(sa{sv}))", -+ "AuthenticationAgentResponse2", -+ g_variant_new ("(us@(sa{sv}))", -+ (guint32)uid, - cookie, - identity_value), - G_DBUS_CALL_FLAGS_NONE, -diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c -index 601a974..03a4e84 100644 ---- a/src/polkitbackend/polkitbackendauthority.c -+++ b/src/polkitbackend/polkitbackendauthority.c -@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority - gboolean - polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, - PolkitSubject *caller, -+ uid_t uid, - const gchar *cookie, - PolkitIdentity *identity, - GError **error) -@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority - } - else - { -- return klass->authentication_agent_response (authority, caller, cookie, identity, error); -+ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); - } - } - -@@ -587,6 +588,11 @@ static const gchar *server_introspection_data = - " <arg type='s' name='cookie' direction='in'/>" - " <arg type='(sa{sv})' name='identity' direction='in'/>" - " </method>" -+ " <method name='AuthenticationAgentResponse2'>" -+ " <arg type='u' name='uid' direction='in'/>" -+ " <arg type='s' name='cookie' direction='in'/>" -+ " <arg type='(sa{sv})' name='identity' direction='in'/>" -+ " </method>" - " <method name='EnumerateTemporaryAuthorizations'>" - " <arg type='(sa{sv})' name='subject' direction='in'/>" - " <arg type='a(ss(sa{sv})tt)' name='temporary_authorizations' direction='out'/>" -@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, - error = NULL; - if (!polkit_backend_authority_authentication_agent_response (server->authority, - caller, -+ (uid_t)-1, -+ cookie, -+ identity, -+ &error)) -+ { -+ g_dbus_method_invocation_return_gerror (invocation, error); -+ g_error_free (error); -+ goto out; -+ } -+ -+ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); -+ -+ out: -+ if (identity != NULL) -+ g_object_unref (identity); -+} -+ -+static void -+server_handle_authentication_agent_response2 (Server *server, -+ GVariant *parameters, -+ PolkitSubject *caller, -+ GDBusMethodInvocation *invocation) -+{ -+ const gchar *cookie; -+ GVariant *identity_gvariant; -+ PolkitIdentity *identity; -+ GError *error; -+ guint32 uid; -+ -+ identity = NULL; -+ -+ g_variant_get (parameters, -+ "(u&s@(sa{sv}))", -+ &uid, -+ &cookie, -+ &identity_gvariant); -+ -+ error = NULL; -+ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); -+ if (identity == NULL) -+ { -+ g_prefix_error (&error, "Error getting identity: "); -+ g_dbus_method_invocation_return_gerror (invocation, error); -+ g_error_free (error); -+ goto out; -+ } -+ -+ error = NULL; -+ if (!polkit_backend_authority_authentication_agent_response (server->authority, -+ caller, -+ (uid_t)uid, - cookie, - identity, - &error)) -@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, - server_handle_unregister_authentication_agent (server, parameters, caller, invocation); - else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) - server_handle_authentication_agent_response (server, parameters, caller, invocation); -+ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) -+ server_handle_authentication_agent_response2 (server, parameters, caller, invocation); - else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) - server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); - else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) -diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h -index f9f7385..88df82e 100644 ---- a/src/polkitbackend/polkitbackendauthority.h -+++ b/src/polkitbackend/polkitbackendauthority.h -@@ -147,6 +147,7 @@ struct _PolkitBackendAuthorityClass - - gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, - PolkitSubject *caller, -+ uid_t uid, - const gchar *cookie, - PolkitIdentity *identity, - GError **error); -@@ -249,6 +250,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend - - gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, - PolkitSubject *caller, -+ uid_t uid, - const gchar *cookie, - PolkitIdentity *identity, - GError **error); -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index 15adc6a..96725f7 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -108,8 +108,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI - PolkitSubject *subject); - - --static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, -- const gchar *cookie); -+static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, -+ uid_t uid, -+ const gchar *cookie); - - static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, - const gchar *system_bus_unique_name); -@@ -169,6 +170,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a - - static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, - PolkitSubject *caller, -+ uid_t uid, - const gchar *cookie, - PolkitIdentity *identity, - GError **error); -@@ -440,6 +442,7 @@ struct AuthenticationAgent - { - volatile gint ref_count; - -+ uid_t creator_uid; - PolkitSubject *scope; - guint64 serial; - -@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) - static AuthenticationAgent * - authentication_agent_new (guint64 serial, - PolkitSubject *scope, -+ PolkitIdentity *creator, - const gchar *unique_system_bus_name, - const gchar *locale, - const gchar *object_path, -@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, - { - AuthenticationAgent *agent; - GDBusProxy *proxy; -+ PolkitUnixUser *creator_user; -+ -+ g_assert (POLKIT_IS_UNIX_USER (creator)); -+ creator_user = POLKIT_UNIX_USER (creator); - - if (!g_variant_is_object_path (object_path)) - { -@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, - agent->ref_count = 1; - agent->serial = serial; - agent->scope = g_object_ref (scope); -+ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); - agent->object_path = g_strdup (object_path); - agent->unique_system_bus_name = g_strdup (unique_system_bus_name); - agent->locale = g_strdup (locale); -@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori - } - - static AuthenticationSession * --get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, -- const gchar *cookie) -+get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, -+ uid_t uid, -+ const gchar *cookie) - { - PolkitBackendInteractiveAuthorityPrivate *priv; - GHashTableIter hash_iter; -@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author - { - GList *l; - -+ /* We need to ensure that if somehow we have duplicate cookies -+ * due to wrapping, that the cookie used is matched to the user -+ * who called AuthenticationAgentResponse2. See -+ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html -+ * -+ * Except if the legacy AuthenticationAgentResponse is invoked, -+ * we don't know the uid and hence use -1. Continue to support -+ * the old behavior for backwards compatibility, although everyone -+ * who is using our own setuid helper will automatically be updated -+ * to the new API. -+ */ -+ if (uid != (uid_t)-1) -+ { -+ if (agent->creator_uid != uid) -+ continue; -+ } -+ - for (l = agent->active_sessions; l != NULL; l = l->next) - { - AuthenticationSession *session = l->data; -@@ -2544,6 +2571,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken - priv->agent_serial++; - agent = authentication_agent_new (priv->agent_serial, - subject, -+ user_of_caller, - polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), - locale, - object_path, -@@ -2757,6 +2785,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack - static gboolean - polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, - PolkitSubject *caller, -+ uid_t uid, - const gchar *cookie, - PolkitIdentity *identity, - GError **error) -@@ -2799,7 +2828,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken - } - - /* find the authentication session */ -- session = get_authentication_session_for_cookie (interactive_authority, cookie); -+ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); - if (session == NULL) - { - g_set_error (error, --- -cgit v0.10.2 - ---- ./configure.ac.orig -+++ ./configure.ac -@@ -122,7 +122,7 @@ - changequote([,])dnl - fi - --PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) -+PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 gio-2.0 >= 2.30.0]) - AC_SUBST(GLIB_CFLAGS) - AC_SUBST(GLIB_LIBS) - diff --git a/main/polkit/CVE-2018-19788.patch b/main/polkit/CVE-2018-19788.patch index 9a2a5038dd..c48df46fa3 100644 --- a/main/polkit/CVE-2018-19788.patch +++ b/main/polkit/CVE-2018-19788.patch @@ -1,34 +1,3 @@ -From 2cb40c4d5feeaa09325522bd7d97910f1b59e379 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Mon, 3 Dec 2018 10:28:58 +0100 -Subject: [PATCH] Allow negative uids/gids in PolkitUnixUser and Group objects - -(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since -there should be no users with such number, see -https://systemd.io/UIDS-GIDS#special-linux-uids. - -(uid_t) -1 is used as the default value in class initialization. - -When a user or group above INT32_MAX is created, the numeric uid or -gid wraps around to negative when the value is assigned to gint, and -polkit gets confused. Let's accept such gids, except for -1. - -A nicer fix would be to change the underlying type to e.g. uint32 to -not have negative values. But this cannot be done without breaking the -API, so likely new functions will have to be added (a -polkit_unix_user_new variant that takes a unsigned, and the same for -_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will -require a bigger patch. - -Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. ---- - src/polkit/polkitunixgroup.c | 15 +++++++++++---- - src/polkit/polkitunixprocess.c | 12 ++++++++---- - src/polkit/polkitunixuser.c | 13 ++++++++++--- - 3 files changed, 29 insertions(+), 11 deletions(-) - -diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c -index c57a1aa..309f689 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, @@ -88,8 +57,6 @@ index c57a1aa..309f689 100644 return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); -diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c -index 972b777..b02b258 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -159,9 +159,14 @@ polkit_unix_process_set_property (GObject *object, @@ -125,9 +92,7 @@ index 972b777..b02b258 100644 - g_return_if_fail (uid >= -1); process->uid = uid; } - -diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c -index 8bfd3a1..234a697 100644 + --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, @@ -183,6 +148,3 @@ index 8bfd3a1..234a697 100644 return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); --- -2.18.1 - diff --git a/main/polkit/alpine-pam.patch b/main/polkit/alpine-pam.patch new file mode 100644 index 0000000000..662e7c4d99 --- /dev/null +++ b/main/polkit/alpine-pam.patch @@ -0,0 +1,18 @@ +Point /etc/pam.d/polkit-1 to the right PAM files. + +diff --git configure.ac configure.ac +index 36df239..53b5573 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -470,6 +470,11 @@ elif test x$with_os_type = xfreebsd -o x$with_os_type = xnetbsd; then + PAM_FILE_INCLUDE_ACCOUNT=system + PAM_FILE_INCLUDE_PASSWORD=system + PAM_FILE_INCLUDE_SESSION=system ++elif test x$with_os_type = xalpine; then ++ PAM_FILE_INCLUDE_AUTH=base-auth ++ PAM_FILE_INCLUDE_ACCOUNT=base-account ++ PAM_FILE_INCLUDE_PASSWORD=base-password ++ PAM_FILE_INCLUDE_SESSION=base-session + else + PAM_FILE_INCLUDE_AUTH=system-auth + PAM_FILE_INCLUDE_ACCOUNT=system-auth diff --git a/main/polkit/automake.patch b/main/polkit/automake.patch deleted file mode 100644 index 0f6825a261..0000000000 --- a/main/polkit/automake.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- ./configure.ac.orig 2012-12-31 21:39:08.969445979 +0000 -+++ ./configure.ac 2012-12-31 21:39:30.136285425 +0000 -@@ -3,7 +3,7 @@ - AC_PREREQ(2.59c) - AC_INIT(polkit, 0.105, http://lists.freedesktop.org/mailman/listinfo/polkit-devel) - AM_INIT_AUTOMAKE(polkit, 0.105) --AM_CONFIG_HEADER(config.h) -+AC_CONFIG_HEADER(config.h) - AM_MAINTAINER_MODE - - m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) -@@ -24,7 +24,6 @@ - - AC_ISC_POSIX - AC_PROG_CC --AM_PROG_CC_STDC - AC_HEADER_STDC - AM_PROG_LIBTOOL - AC_PROG_MAKE_SET diff --git a/main/polkit/disable-ck-test.patch b/main/polkit/disable-ck-test.patch deleted file mode 100644 index e1987d40d1..0000000000 --- a/main/polkit/disable-ck-test.patch +++ /dev/null @@ -1,15 +0,0 @@ -This test requires ConsoleKit to be running. - ---- polkit-0.105/test/polkitbackend/Makefile.am.old 2012-04-24 11:05:34.000000000 -0500 -+++ polkit-0.105/test/polkitbackend/Makefile.am 2017-09-27 20:48:42.479959296 -0500 -@@ -36,8 +36,8 @@ - TEST_PROGS += polkitbackendlocalauthorizationstoretest - polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c - --TEST_PROGS += polkitbackendlocalauthoritytest --polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c -+#TEST_PROGS += polkitbackendlocalauthoritytest -+#polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c - - # ---------------------------------------------------------------------------------------------------- - diff --git a/main/polkit/fix-consolekit-db-stat.patch b/main/polkit/fix-consolekit-db-stat.patch deleted file mode 100644 index 3deceb6396..0000000000 --- a/main/polkit/fix-consolekit-db-stat.patch +++ /dev/null @@ -1,30 +0,0 @@ ---- polkit-0.105.orig/src/polkitbackend/polkitbackendsessionmonitor.c 2012-04-24 19:05:34.000000000 +0300 -+++ polkit-0.105/src/polkitbackend/polkitbackendsessionmonitor.c 2015-08-17 14:50:51.428580856 +0300 -@@ -47,7 +47,7 @@ struct _PolkitBackendSessionMonitor - - GKeyFile *database; - GFileMonitor *database_monitor; -- time_t database_mtime; -+ struct timespec database_mtim; - }; - - struct _PolkitBackendSessionMonitorClass -@@ -95,7 +95,7 @@ reload_database (PolkitBackendSessionMon - goto out; - } - -- monitor->database_mtime = statbuf.st_mtime; -+ monitor->database_mtim = statbuf.st_mtim; - - monitor->database = g_key_file_new (); - if (!g_key_file_load_from_file (monitor->database, -@@ -131,7 +131,8 @@ ensure_database (PolkitBackendSessionMon - strerror (errno)); - goto out; - } -- if (statbuf.st_mtime == monitor->database_mtime) -+ if (statbuf.st_mtim.tv_sec == monitor->database_mtim.tv_sec && -+ statbuf.st_mtim.tv_nsec == monitor->database_mtim.tv_nsec) - { - ret = TRUE; - goto out; diff --git a/main/polkit/fix-parallel-make.patch b/main/polkit/fix-parallel-make.patch deleted file mode 100644 index b693a34ddc..0000000000 --- a/main/polkit/fix-parallel-make.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 7bd30764a5230684c7c979a08a83dfa6e327f719 Mon Sep 17 00:00:00 2001 -From: Ryan Lortie <desrt@velocity.(none)> -Date: Tue, 13 Nov 2012 16:50:14 +0000 -Subject: build: Fix .gir generation for parallel make - -As per the intructions in the introspection Makefile, we should have a -line declaring a dependency between the .gir and .la files. - -https://bugs.freedesktop.org/show_bug.cgi?id=57077 - -Signed-off-by: David Zeuthen <zeuthen@gmail.com> ---- -diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am -index 39d6d84..d648d29 100644 ---- a/src/polkit/Makefile.am -+++ b/src/polkit/Makefile.am -@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION - - INTROSPECTION_GIRS = Polkit-1.0.gir - -+Polkit-1.0.gir: libpolkit-gobject-1.la -+ - girdir = $(INTROSPECTION_GIRDIR) - gir_DATA = Polkit-1.0.gir - -diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am -index 1cfb73c..5b7d4c7 100644 ---- a/src/polkitagent/Makefile.am -+++ b/src/polkitagent/Makefile.am -@@ -108,6 +108,8 @@ if HAVE_INTROSPECTION - girdir = $(INTROSPECTION_GIRDIR) - gir_DATA = PolkitAgent-1.0.gir - -+PolkitAgent-1.0.gir: libpolkit-agent-1.la -+ - typelibsdir = $(INTROSPECTION_TYPELIBDIR) - typelibs_DATA = PolkitAgent-1.0.typelib - --- -cgit v0.9.0.2-2-gbebe diff --git a/main/polkit/fix-test-fgetpwent.patch b/main/polkit/fix-test-fgetpwent.patch deleted file mode 100644 index 7bc6481cc8..0000000000 --- a/main/polkit/fix-test-fgetpwent.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- polkit-0.105/test/mocklibc/src/pwd.c.old 2012-04-24 11:05:34.000000000 -0500 -+++ polkit-0.105/test/mocklibc/src/pwd.c 2017-09-27 19:40:57.883227673 -0500 -@@ -16,6 +16,7 @@ - * Author: Nikki VonHollen <vonhollen@gmail.com> - */ - -+#define _GNU_SOURCE - #include <pwd.h> - - #include <stdio.h> ---- polkit-0.105/test/mocklibc/src/grp.c.old 2012-04-24 11:05:34.000000000 -0500 -+++ polkit-0.105/test/mocklibc/src/grp.c 2017-09-27 19:44:57.759238450 -0500 -@@ -16,6 +16,7 @@ - * Author: Nikki VonHollen <vonhollen@gmail.com> - */ - -+#define _GNU_SOURCE - #include <grp.h> - - #include <stdio.h> diff --git a/main/polkit/make-innetgr-optional.patch b/main/polkit/make-innetgr-optional.patch new file mode 100644 index 0000000000..338c201745 --- /dev/null +++ b/main/polkit/make-innetgr-optional.patch @@ -0,0 +1,68 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv fdatasync) ++AC_CHECK_FUNCS(clearenv fdatasync getnetgrent) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2228,6 +2228,7 @@ get_users_in_net_group (PolkitIdentity *group, + ret = NULL; + name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); + ++#if defined HAVE_GETNETGRENT + #ifdef HAVE_SETNETGRENT_RETURN + if (setnetgrent (name) == 0) + { +@@ -2236,6 +2237,7 @@ get_users_in_net_group (PolkitIdentity *group, + } + #else + setnetgrent (name); ++#endif + #endif + + for (;;) +@@ -2248,8 +2250,10 @@ get_users_in_net_group (PolkitIdentity *group, + PolkitIdentity *user; + GError *error = NULL; + ++#if defined HAVE_GETNETGRENT + if (getnetgrent (&hostname, &username, &domainname) == 0) + break; ++#endif + + /* Skip NULL entries since we never want to make everyone an admin + * Skip "-" entries which mean "no match ever" in netgroup land */ +@@ -2274,7 +2278,9 @@ get_users_in_net_group (PolkitIdentity *group, + ret = g_list_reverse (ret); + + out: ++#if defined HAVE_GETNETGRENT + endnetgrent (); ++#endif + return ret; + } + +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + + JS::CallArgs args = JS::CallArgsFromVp (argc, vp); + ++#if defined HAVE_GETNETGRENT + user = JS_EncodeString (cx, args[0].toString()); + netgroup = JS_EncodeString (cx, args[1].toString()); + +@@ -1514,6 +1515,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + JS_free (cx, user); + + ret = true; ++#endif + + args.rval ().setBoolean (is_in_netgroup); + diff --git a/main/polkit/mozjs60-1.patch b/main/polkit/mozjs60-1.patch new file mode 100644 index 0000000000..d76a3350b3 --- /dev/null +++ b/main/polkit/mozjs60-1.patch @@ -0,0 +1,28 @@ +Upstream: yes +From c9cd7024140b837b5693d7c1bbaad1b0cd31cce6 Mon Sep 17 00:00:00 2001 +From: Emmanuele Bassi <ebassi@gnome.org> +Date: Fri, 31 Aug 2018 13:32:16 +0100 +Subject: Depend on mozjs-60 + +This is the new ESR version of the Mozilla JS engine, superceding +mozjs-52. +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 5c37e48..5cedb4e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -79,7 +79,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + +-PKG_CHECK_MODULES(LIBJS, [mozjs-52]) ++PKG_CHECK_MODULES(LIBJS, [mozjs-60]) + + AC_SUBST(LIBJS_CFLAGS) + AC_SUBST(LIBJS_CXXFLAGS) +-- +cgit v1.1 + diff --git a/main/polkit/mozjs60-2.patch b/main/polkit/mozjs60-2.patch new file mode 100644 index 0000000000..22369bc985 --- /dev/null +++ b/main/polkit/mozjs60-2.patch @@ -0,0 +1,158 @@ +Upstream: yes +From dd00683e8781d230a45781d509d86ad676138564 Mon Sep 17 00:00:00 2001 +From: Emmanuele Bassi <ebassi@gnome.org> +Date: Fri, 31 Aug 2018 13:33:20 +0100 +Subject: Port the JS authority to mozjs-60 + +API changes in mozjs that need to be reflected in the JS authority: + + - the JS::CompileOptions constructor and the JS::CompartmentOptions + do not allow setting a JS version any more + + - do not use NULL comparisons for C++ objects + + - the resize() method for a vector has a return value that needs + to be handled + + - JSClassOps has different fields +--- + src/polkitbackend/polkitbackendjsauthority.cpp | 65 +++++++++++++------------- + 1 file changed, 32 insertions(+), 33 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp +index 7602714..984a0f0 100644 +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -150,18 +150,17 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC + /* ---------------------------------------------------------------------------------------------------- */ + + static const struct JSClassOps js_global_class_ops = { +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL ++ nullptr, // addProperty ++ nullptr, // deleteProperty ++ nullptr, // enumerate ++ nullptr, // newEnumerate ++ nullptr, // resolve ++ nullptr, // mayResolve ++ nullptr, // finalize ++ nullptr, // call ++ nullptr, // hasInstance ++ nullptr, // construct ++ JS_GlobalObjectTraceHook + }; + + static JSClass js_global_class = { +@@ -172,18 +171,17 @@ static JSClass js_global_class = { + + /* ---------------------------------------------------------------------------------------------------- */ + static const struct JSClassOps js_polkit_class_ops = { +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL ++ nullptr, // addProperty ++ nullptr, // deleteProperty ++ nullptr, // enumerate ++ nullptr, // newEnumerate ++ nullptr, // resolve ++ nullptr, // mayResolve ++ nullptr, // finalize ++ nullptr, // call ++ nullptr, // hasInstance ++ nullptr, // construct ++ nullptr // trace + }; + + static JSClass js_polkit_class = { +@@ -469,19 +467,18 @@ polkit_backend_js_authority_constructed (GObject *object) + + { + JS::CompartmentOptions compart_opts; +- compart_opts.behaviors().setVersion(JSVERSION_LATEST); ++ + JS::RootedObject global(authority->priv->cx); + + authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts)); + + global = authority->priv->js_global->get (); +- +- if (global == NULL) ++ if (!global) + goto fail; + + authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global); + +- if (authority->priv->ac == NULL) ++ if (!authority->priv->ac) + goto fail; + + if (!JS_InitStandardClasses (authority->priv->cx, global)) +@@ -493,7 +490,7 @@ polkit_backend_js_authority_constructed (GObject *object) + + polkit = authority->priv->js_polkit->get (); + +- if (polkit == NULL) ++ if (!polkit) + goto fail; + + if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE)) +@@ -504,7 +501,7 @@ polkit_backend_js_authority_constructed (GObject *object) + js_polkit_functions)) + goto fail; + +- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); ++ JS::CompileOptions options(authority->priv->cx); + JS::RootedValue rval(authority->priv->cx); + if (!JS::Evaluate (authority->priv->cx, + options, +@@ -684,7 +681,9 @@ set_property_strv (PolkitBackendJsAuthority *authority, + JS::AutoValueVector elems(authority->priv->cx); + guint n; + +- elems.resize(value->len); ++ if (!elems.resize(value->len)) ++ g_error ("Unable to resize vector"); ++ + for (n = 0; n < value->len; n++) + { + const char *c_string = (const char *) g_ptr_array_index(value, n); +@@ -741,7 +740,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority, + GError **error) + { + gboolean ret = FALSE; +- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); ++ JS::CompileOptions options(authority->priv->cx); + const char *src; + JS::RootedObject obj(authority->priv->cx); + pid_t pid; +@@ -868,7 +867,7 @@ action_and_details_to_jsval (PolkitBackendJsAuthority *authority, + GError **error) + { + gboolean ret = FALSE; +- JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN); ++ JS::CompileOptions options(authority->priv->cx); + const char *src; + JS::RootedObject obj(authority->priv->cx); + gchar **keys; +-- +cgit v1.1 + diff --git a/main/polkit/polkit.pre-install b/main/polkit/polkit.pre-install new file mode 100644 index 0000000000..7c4e3eff88 --- /dev/null +++ b/main/polkit/polkit.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S polkitd 2>/dev/null +adduser -S -D -H -h /var/empty -s /sbin/nologin -G polkitd -g polkitd polkitd 2>/dev/null + +exit 0 |