[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
58/227: gnu: polkit: Update to 0.120 and ungraft.
|
From: |
guix-commits |
|
Subject: |
58/227: gnu: polkit: Update to 0.120 and ungraft. |
|
Date: |
Thu, 11 Nov 2021 12:30:02 -0500 (EST) |
apteryx pushed a commit to branch core-updates-frozen
in repository guix.
commit e151f94467250c87bfeb22b5ac41f20d296bd579
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Fri Oct 8 11:56:47 2021 -0400
gnu: polkit: Update to 0.120 and ungraft.
* gnu/packages/polkit.scm (polkit): Update to 0.120.
[origin]: Update URL and remove libsystemd-login substitution. Remove
replacement.
[inputs]: Update mozjs-60 to mozjs-78.
[native-inputs]: Add libxslt and docbook-xsl for manpage generation.
[phases]{fix-manpage-generation}: New phase.
(polkit/fixed): Delete package.
* gnu/packages/patches/polkit-CVE-2021-3560.patch: Delete file.
* gnu/local.mk: De-register it.
Co-authored-by: Morgan Smith <Morgan.J.Smith@outlook.com>
---
gnu/local.mk | 1 -
gnu/packages/patches/polkit-CVE-2021-3560.patch | 21 ----------
gnu/packages/polkit.scm | 51 +++++++++----------------
3 files changed, 19 insertions(+), 54 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 4f91030..df840da 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1621,7 +1621,6 @@ dist_patch_DATA =
\
%D%/packages/patches/plib-CVE-2011-4620.patch \
%D%/packages/patches/plib-CVE-2012-4552.patch \
%D%/packages/patches/plotutils-spline-test.patch \
- %D%/packages/patches/polkit-CVE-2021-3560.patch \
%D%/packages/patches/portaudio-audacity-compat.patch \
%D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/postgresql-disable-resolve_symlinks.patch \
diff --git a/gnu/packages/patches/polkit-CVE-2021-3560.patch
b/gnu/packages/patches/polkit-CVE-2021-3560.patch
deleted file mode 100644
index 9aa0373..0000000
--- a/gnu/packages/patches/polkit-CVE-2021-3560.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-This patch fixes CVE-2021-3560, "local privilege escalation using
-polkit_system_bus_name_get_creds_sync()":
-
- https://www.openwall.com/lists/oss-security/2021/06/03/1
-
-Patch from <https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a>.
-
-diff --git a/src/polkit/polkitsystembusname.c
b/src/polkit/polkitsystembusname.c
-index
8daa12cb9093c1d765c7b83654a2b8d0d382378e..8ed13631508dd96624898df90ee2ece4dcf3e1e5
100644
---- a/src/polkit/polkitsystembusname.c
-+++ b/src/polkit/polkitsystembusname.c
-@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName
*system_bus
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
- g_main_context_iteration (tmp_context, TRUE);
-
-+ if (data.caught_error)
-+ goto out;
-+
- if (out_uid)
- *out_uid = data.uid;
- if (out_pid)
diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm
index 9be5de2..ef58f36 100644
--- a/gnu/packages/polkit.scm
+++ b/gnu/packages/polkit.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2017 Huang Ying <huang.ying.caritas@gmail.com>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2021 Morgan Smith <Morgan.J.Smith@outlook.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -33,6 +34,7 @@
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages glib)
#:use-module (gnu packages gtk)
+ #:use-module (gnu packages docbook)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages linux)
#:use-module (gnu packages nss)
@@ -44,8 +46,7 @@
(define-public polkit
(package
(name "polkit")
- (version "0.116")
- (replacement polkit/fixed)
+ (version "0.120")
(source (origin
(method url-fetch)
(uri (string-append
@@ -53,7 +54,7 @@
name "-" version ".tar.gz"))
(sha256
(base32
- "1c9lbpndh5zis22f154vjrhnqw65z8s85nrgl42v738yf6g0q5w8"))
+ "00zfg9b9ivkcj2jcf5b92cpvvyljz8cmfwj86lkvy5rihnd5jypf"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -62,36 +63,21 @@
(substitute* "test/Makefile.in"
(("SUBDIRS = mocklibc . polkit polkitbackend")
"SUBDIRS = mocklibc . polkit"))
- (substitute* "configure"
- ;; Replace libsystemd-login with libelogind.
- (("libsystemd-login") "libelogind")
- ;; Skip the sanity check that the current system runs
- ;; systemd.
- (("test ! -d /sys/fs/cgroup/systemd/") "false"))
- (substitute* "src/polkit/polkitunixsession-systemd.c"
- (("systemd") "elogind"))
- (substitute*
"src/polkitbackend/polkitbackendsessionmonitor-systemd.c"
- (("systemd") "elogind"))
- (substitute* "src/polkitbackend/polkitbackendjsauthority.cpp"
- (("systemd") "elogind"))
-
;; Guix System's polkit service stores actions under
;; /etc/polkit-1/actions.
(substitute*
"src/polkitbackend/polkitbackendinteractiveauthority.c"
(("PACKAGE_DATA_DIR \"/polkit-1/actions\"")
"PACKAGE_SYSCONF_DIR \"/polkit-1/actions\""))
-
;; Set the setuid helper's real location.
(substitute* "src/polkitagent/polkitagentsession.c"
(("PACKAGE_PREFIX \"/lib/polkit-1/polkit-agent-helper-1\"")
- "\"/run/setuid-programs/polkit-agent-helper-1\""))
- #t))))
+ "\"/run/setuid-programs/polkit-agent-helper-1\""))))))
(build-system gnu-build-system)
(inputs
`(("expat" ,expat)
("linux-pam" ,linux-pam)
("elogind" ,elogind)
- ("mozjs" ,mozjs-60)
+ ("mozjs" ,mozjs-78)
("nspr" ,nspr)))
(propagated-inputs
`(("glib" ,glib))) ; required by polkit-gobject-1.pc
@@ -99,7 +85,9 @@
`(("pkg-config" ,pkg-config)
("glib:bin" ,glib "bin") ; for glib-mkenums
("intltool" ,intltool)
- ("gobject-introspection" ,gobject-introspection)))
+ ("gobject-introspection" ,gobject-introspection)
+ ("libxslt" ,libxslt) ; for man page generation
+ ("docbook-xsl" ,docbook-xsl))) ; for man page generation
(arguments
`(#:configure-flags '("--sysconfdir=/etc"
"--enable-man-pages"
@@ -118,8 +106,15 @@
(("@INTROSPECTION_GIRDIR@")
(string-append out "/share/gir-1.0/"))
(("@INTROSPECTION_TYPELIBDIR@")
- (string-append out "/lib/girepository-1.0/")))
- #t)))
+ (string-append out "/lib/girepository-1.0/"))))))
+ (add-after 'unpack 'fix-manpage-generation
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((xsldoc (string-append (assoc-ref inputs "docbook-xsl")
+ "/xml/xsl/docbook-xsl-"
+ ,(package-version docbook-xsl))))
+ (substitute* '("docs/man/Makefile.am" "docs/man/Makefile.in")
+ (("http://docbook.sourceforge.net/release/xsl/current";)
+ xsldoc)))))
(replace
'install
(lambda* (#:key outputs (make-flags '()) #:allow-other-keys)
@@ -131,8 +126,7 @@
(string-append "sysconfdir=" out "/etc")
(string-append "polkit_actiondir="
out "/share/polkit-1/actions")
- make-flags)
- #t))))))
+ make-flags)))))))
(home-page "https://www.freedesktop.org/wiki/Software/polkit/";)
(synopsis "Authorization API for privilege management")
(description "Polkit is an application-level toolkit for defining and
@@ -142,13 +136,6 @@ making process with respect to granting access to
privileged operations
for unprivileged applications.")
(license lgpl2.0+)))
-(define polkit/fixed
- (package
- (inherit polkit)
- (source (origin
- (inherit (package-source polkit))
- (patches (search-patches "polkit-CVE-2021-3560.patch"))))))
-
(define-public polkit-qt
(package
(name "polkit-qt")
- 55/227: gnu: abseil-cpp: Update to 20210324.2., (continued)
- 55/227: gnu: abseil-cpp: Update to 20210324.2., guix-commits, 2021/11/11
- 32/227: gnu: python-docutils: Update to 0.17.1., guix-commits, 2021/11/11
- 37/227: gnu: python-sphinxcontrib-serializinghtml: Update to 1.1.5., guix-commits, 2021/11/11
- 42/227: gnu: gst-plugins-good: Update to 1.19.2., guix-commits, 2021/11/11
- 46/227: gnu: gst-libav: Update to 1.19.2., guix-commits, 2021/11/11
- 27/227: gnu: gst-editing-services: Update to 1.18.4., guix-commits, 2021/11/11
- 47/227: gnu: gst-editing-services: Update to 1.19.2., guix-commits, 2021/11/11
- 48/227: gnu: python-gst: Update to 1.19.2., guix-commits, 2021/11/11
- 52/227: Revert commits made to resolve a gdk-pixbuf+svg propagation issue., guix-commits, 2021/11/11
- 57/227: gnu: Add a missing copyright., guix-commits, 2021/11/11
- 58/227: gnu: polkit: Update to 0.120 and ungraft.,
guix-commits <=
- 71/227: gnu: dbus-c++: Fix build., guix-commits, 2021/11/11
- 75/227: gnu: glibc: Remove unneeded nscd patching., guix-commits, 2021/11/11
- 70/227: gnu: python-keras: Enable parallel tests., guix-commits, 2021/11/11
- 72/227: gnu: libnice: Update to 0.1.18-0.47a9633 and disable test-bind test., guix-commits, 2021/11/11
- 73/227: bluez: Update to 5.61., guix-commits, 2021/11/11
- 84/227: gnu: make-ld-wrapper: Add a LINKER argument., guix-commits, 2021/11/11
- 80/227: gnu: diffutils: Update to 3.8., guix-commits, 2021/11/11
- 85/227: gnu: Add ld-gold-wrapper., guix-commits, 2021/11/11
- 89/227: aux-files: sitecustomize: Cleanup and add explanatory comments., guix-commits, 2021/11/11
- 93/227: gnu: Build all Rust packages using the latest rustc., guix-commits, 2021/11/11