From: Jan Palus <atler@pld-linux.org>
Date: Wed, 13 Jul 2022 21:36:29 +0000 (+0200)
Subject: up to 121 (new js engine)
X-Git-Tag: auto/th/polkit-121-1~2
X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=fbe373fc4e73b69ab3b8b949cc4f0e0fe6f1dd0d;p=packages%2Fpolkit.git

up to 121 (new js engine)

- duktape as new js engine preferred by upstream
- bcond for mozjs but note it might be dropped completely upstream soon
- project moved to meson
- static libs are gone
---

diff --git a/CVE-2021-4034.patch b/CVE-2021-4034.patch
deleted file mode 100644
index a06300a..0000000
--- a/CVE-2021-4034.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
-From: Jan Rybar <jrybar@redhat.com>
-Date: Tue, 25 Jan 2022 17:21:46 +0000
-Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
-
----
- src/programs/pkcheck.c |  5 +++++
- src/programs/pkexec.c  | 23 ++++++++++++++++++++---
- 2 files changed, 25 insertions(+), 3 deletions(-)
-
-diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
-index f1bb4e1..768525c 100644
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -363,6 +363,11 @@ main (int argc, char *argv[])
-   local_agent_handle = NULL;
-   ret = 126;
- 
-+  if (argc < 1)
-+    {
-+      exit(126);
-+    }
-+
-   /* Disable remote file access from GIO. */
-   setenv ("GIO_USE_VFS", "local", 1);
- 
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 7698c5c..84e5ef6 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -488,6 +488,15 @@ main (int argc, char *argv[])
-   pid_t pid_of_caller;
-   gpointer local_agent_handle;
- 
-+
-+  /*
-+   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
-+   */
-+  if (argc<1)
-+    {
-+      exit(127);
-+    }
-+
-   ret = 127;
-   authority = NULL;
-   subject = NULL;
-@@ -614,10 +623,10 @@ main (int argc, char *argv[])
- 
-       path = g_strdup (pwstruct.pw_shell);
-       if (!path)
--	{
-+        {
-           g_printerr ("No shell configured or error retrieving pw_shell\n");
-           goto out;
--	}
-+        }
-       /* If you change this, be sure to change the if (!command_line)
- 	 case below too */
-       command_line = g_strdup (path);
-@@ -636,7 +645,15 @@ main (int argc, char *argv[])
-           goto out;
-         }
-       g_free (path);
--      argv[n] = path = s;
-+      path = s;
-+
-+      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
-+       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
-+       */
-+      if (argv[n] != NULL)
-+      {
-+        argv[n] = path;
-+      }
-     }
-   if (access (path, F_OK) != 0)
-     {
--- 
-GitLab
-
diff --git a/polkit.spec b/polkit.spec
index e29defe..fee48fc 100644
--- a/polkit.spec
+++ b/polkit.spec
@@ -2,6 +2,7 @@
 # Conditional build:
 %bcond_without	apidocs		# build without apidocs
 %bcond_without	consolekit	# ConsoleKit fallback
+%bcond_with	mozjs		# build with mozjs as JS backend instead of duktape
 %bcond_without	systemd		# use systemd-login for session tracking (fallback to ConsoleKit on runtime)
 %bcond_with	elogind		# use elogind instead of systemd-login
 
@@ -11,19 +12,18 @@
 Summary:	A framework for defining policy for system-wide components
 Summary(pl.UTF-8):	Szkielet do definiowania polityki dla komponentów systemowych
 Name:		polkit
-Version:	0.120
-Release:	2
+Version:	121
+Release:	1
 License:	LGPL v2+
 Group:		Libraries
 Source0:	https://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
-# Source0-md5:	a6efe21d021fafe4191ee30331ef801c
+# Source0-md5:	255761abdc616805a6592bb5fffae178
 Patch0:		systemd-fallback.patch
-Patch1:		CVE-2021-4034.patch
 URL:		https://www.freedesktop.org/wiki/Software/polkit
-BuildRequires:	autoconf >= 2.60
-BuildRequires:	automake >= 1:1.7
+BuildRequires:	dbus-devel
 BuildRequires:	docbook-dtd412-xml
 BuildRequires:	docbook-style-xsl
+%{!?with_mozjs:BuildRequires:	duktape-devel >= 2.2.0}
 %{?with_elogind:BuildRequires:	elogind-devel}
 BuildRequires:	expat-devel >= 1:1.95.8
 BuildRequires:	gettext-tools
@@ -35,19 +35,21 @@ BuildRequires:	gobject-introspection-devel >= 0.6.2
 BuildRequires:	gtk-doc >= 1.3
 BuildRequires:	gtk-doc-automake >= 1.3
 BuildRequires:	libstdc++-devel >= 6:7
-BuildRequires:	libtool >= 2:1.5
 BuildRequires:	libxslt-progs
-BuildRequires:	mozjs78-devel
+BuildRequires:	meson >= 0.50.0
+%{?with_mozjs:BuildRequires:	mozjs91-devel}
+BuildRequires:	ninja
 BuildRequires:	pam-devel >= 0.80
 BuildRequires:	pkgconfig
 BuildRequires:	rpm-build >= 4.6
-BuildRequires:	rpmbuild(macros) >= 1.647
+BuildRequires:	rpmbuild(macros) >= 1.736
 %{?with_systemd:BuildRequires:	systemd-devel}
 Requires:	%{name}-libs = %{version}-%{release}
 %if %{without systemd} && %{without elogind}
 Requires:	ConsoleKit >= 0.4.1
 %endif
 Requires:	dbus >= 1.1.2-5
+%{!?with_mozjs:Requires:	duktape >= 2.2.0}
 %if %{with systemd}
 Requires:	systemd-units >= 38
 %endif
@@ -106,55 +108,30 @@ Header files for PolicyKit.
 %description devel -l pl.UTF-8
 Pliki nagłówkowe PolicyKit.
 
-%package static
-Summary:	Static PolicyKit libraries
-Summary(pl.UTF-8):	Statyczne biblioteki PolicyKit
-Group:		Development/Libraries
-Requires:	%{name}-devel = %{version}-%{release}
-Obsoletes:	PolicyKit-static
-
-%description static
-Static PolicyKit libraries.
-
-%description static -l pl.UTF-8
-Statyczne biblioteki PolicyKit.
-
 %prep
-%setup -q
+%setup -q -n %{name}-v.%{version}
 %if %{with consolekit} && (%{with systemd} || %{with elogind})
 %patch0 -p1
 %endif
-%patch1 -p1
 
 %build
-%{__gtkdocize}
-%{__gettextize}
-%{__libtoolize}
-%{__aclocal}
-%{__autoconf}
-%{__autoheader}
-%{__automake}
-%configure \
-	%{__enable_disable apidocs gtk-doc} \
-	--disable-silent-rules \
-	--disable-test \
-	%{__enable_disable elogind libelogind} \
-	%{__enable_disable systemd libsystemd-login} \
-	--with-html-dir=%{_gtkdocdir} \
-	--with-pam-include=system-auth \
-	--with-pam-module-dir=/%{_lib}/security \
-	--with-polkitd-user=polkitd
-
-LC_ALL=C.UTF-8 \
-%{__make} -j1
+%meson build \
+	-Dgtk_doc=%{__true_false apidocs} \
+	-Dtests=false \
+	-Dsession_tracking=%{?with_systemd:libsystemd-login}%{?with_elogind:libelogind} \
+	-Dpam_include=system-auth \
+	-Dpam_module_dir=/%{_lib}/security \
+	-Dpolkitd_user=polkitd \
+	-Dexamples=true \
+	-Djs_engine=%{!?with_mozjs:duktape}%{?with_mozjs:mozjs} \
+	-Dman=true
+
+%ninja_build -C build
 
 %install
 rm -rf $RPM_BUILD_ROOT
 
-%{__make} install \
-	DESTDIR=$RPM_BUILD_ROOT
-
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/*.la
+%ninja_install -C build
 
 %find_lang polkit-1
 
@@ -179,7 +156,7 @@ fi
 
 %files -f polkit-1.lang
 %defattr(644,root,root,755)
-%doc AUTHORS NEWS README
+%doc AUTHORS NEWS.md README.md
 %attr(755,root,root) %{_bindir}/pkaction
 %attr(755,root,root) %{_bindir}/pkcheck
 %attr(4755,root,root) %{_bindir}/pkexec
@@ -193,6 +170,7 @@ fi
 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/polkit-1/rules.d/50-default.rules
 /etc/pam.d/polkit-1
 %dir %{_datadir}/polkit-1
+%{_datadir}/polkit-1/policyconfig-1.dtd
 %{_datadir}/polkit-1/actions
 %attr(700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
 %{_datadir}/dbus-1/system-services/org.freedesktop.PolicyKit1.service
@@ -233,8 +211,3 @@ fi
 %{_datadir}/gir-1.0/PolkitAgent-1.0.gir
 %{_datadir}/gettext/its/polkit.its
 %{_datadir}/gettext/its/polkit.loc
-
-%files static
-%defattr(644,root,root,755)
-%{_libdir}/libpolkit-agent-1.a
-%{_libdir}/libpolkit-gobject-1.a
diff --git a/systemd-fallback.patch b/systemd-fallback.patch
index 606c106..3422d47 100644
--- a/systemd-fallback.patch
+++ b/systemd-fallback.patch
@@ -1,34 +1,3 @@
-diff -ruN polkit-0.113.orig/configure.ac polkit-0.113/configure.ac
---- polkit-0.113.orig/configure.ac	2015-06-19 22:31:02.000000000 +0200
-+++ polkit-0.113/configure.ac	2015-09-26 23:40:21.669982142 +0200
-@@ -200,7 +200,7 @@
-     [have_libsystemd=yes],
-     dnl if libsystemd is not available, fall back to the older libsystemd-login
-     [PKG_CHECK_MODULES([LIBSYSTEMD_LOGIN],
--      [libsystemd-login],
-+      [libsystemd-login libsystemd-daemon],
-       [
-         have_libsystemd=yes
-         LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_LOGIN_CFLAGS"
-diff -ruN polkit-0.113.orig/src/polkit/Makefile.am polkit-0.113/src/polkit/Makefile.am
---- polkit-0.113.orig/src/polkit/Makefile.am	2015-06-19 22:31:02.000000000 +0200
-+++ polkit-0.113/src/polkit/Makefile.am	2015-09-26 23:40:21.669982142 +0200
-@@ -79,15 +79,7 @@
- 	polkitimplicitauthorization.c		polkitimplicitauthorization.h		\
- 	polkittemporaryauthorization.c		polkittemporaryauthorization.h		\
- 	polkitpermission.c			polkitpermission.h			\
--        $(NULL)
--
--if HAVE_LIBSYSTEMD
--libpolkit_gobject_1_la_SOURCES += \
--	polkitunixsession-systemd.c		polkitunixsession.h
--else
--libpolkit_gobject_1_la_SOURCES += \
- 	polkitunixsession.c			polkitunixsession.h
--endif
- 
- libpolkit_gobject_1_la_CFLAGS =                                        	\
-         -D_POLKIT_COMPILATION                                  		\
 --- polkit-0.114/src/polkit/polkitunixsession.c.orig	2018-03-23 16:09:30.000000000 +0100
 +++ polkit-0.114/src/polkit/polkitunixsession.c	2018-04-12 19:03:50.775644785 +0200
 @@ -29,6 +29,12 @@
@@ -713,28 +682,9 @@ diff -ruN polkit-0.113.orig/src/polkit/Makefile.am polkit-0.113/src/polkit/Makef
 -{
 -  /* use default implementation to run GInitable code in a thread */
 -}
-diff -ruN polkit-0.113.orig/src/polkitbackend/Makefile.am polkit-0.113/src/polkitbackend/Makefile.am
---- polkit-0.113.orig/src/polkitbackend/Makefile.am	2015-06-19 22:31:02.000000000 +0200
-+++ polkit-0.113/src/polkitbackend/Makefile.am	2015-09-26 23:40:21.674982125 +0200
-@@ -36,15 +36,7 @@
- 	polkitbackendjsauthority.h		polkitbackendjsauthority.cpp		\
- 	polkitbackendactionpool.h		polkitbackendactionpool.c		\
- 	polkitbackendactionlookup.h		polkitbackendactionlookup.c		\
--        $(NULL)
--
--if HAVE_LIBSYSTEMD
--libpolkit_backend_1_la_SOURCES += \
--	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor-systemd.c
--else
--libpolkit_backend_1_la_SOURCES += \
- 	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor.c
--endif
- 
- libpolkit_backend_1_la_CFLAGS =                                        	\
-         -D_POLKIT_COMPILATION                                  		\
---- polkit-0.114.orig/src/polkitbackend/polkitbackendjsauthority.cpp	2015-06-19 22:39:58.000000000 +0200
-+++ polkit-0.114/src/polkitbackend/polkitbackendjsauthority.cpp	2015-09-26 23:40:21.674982125 +0200
-@@ -36,6 +36,7 @@
+--- polkit-v.121/src/polkitbackend/polkitbackendcommon.h.orig	2022-07-11 10:46:06.000000000 +0200
++++ polkit-v.121/src/polkitbackend/polkitbackendcommon.h	2022-07-13 23:30:49.653425289 +0200
+@@ -47,6 +47,7 @@
  #include <polkit/polkitprivate.h>
  
  #ifdef HAVE_LIBSYSTEMD
@@ -742,6 +692,8 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/Makefile.am polkit-0.113/src/polki
  #include <systemd/sd-login.h>
  #endif /* HAVE_LIBSYSTEMD */
  
+--- polkit-0.114.orig/src/polkitbackend/polkitbackendjsauthority.cpp	2015-06-19 22:39:58.000000000 +0200
++++ polkit-0.114/src/polkitbackend/polkitbackendjsauthority.cpp	2015-09-26 23:40:21.674982125 +0200
 @@ -794,6 +795,8 @@
      }
  
@@ -1671,3 +1623,52 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/Makefile.am polkit-0.113/src/polki
 -  return sd_session_is_active (session_id);
 -}
 -
+diff -ur polkit-v.121.orig/meson.build polkit-v.121/meson.build
+--- polkit-v.121.orig/meson.build	2022-07-11 10:46:06.000000000 +0200
++++ polkit-v.121/meson.build	2022-07-13 23:02:30.432622964 +0200
+@@ -187,7 +187,8 @@
+   if session_tracking == 'libsystemd-login'
+     logind_dep = dependency('libsystemd', required: false)
+     if not logind_dep.found()
+-      logind_dep = dependency('libsystemd-login', not_found_message: 'libsystemd support requested but libsystemd or libsystemd-login library not found')
++      logind_dep = [ dependency('libsystemd-login', not_found_message: 'libsystemd support requested but libsystemd or libsystemd-login library not found'),dependency('libsystemd-daemon', not_found_message: 'libsystemd support requested but libsystemd or libsystemd-daemon library not found')]
++
+     endif
+   else
+     logind_dep = dependency('libelogind', not_found_message: 'libelogind support requested but libelogind library not found')
+diff -ur polkit-v.121.orig/src/polkit/meson.build polkit-v.121/src/polkit/meson.build
+--- polkit-v.121.orig/src/polkit/meson.build	2022-07-11 10:46:06.000000000 +0200
++++ polkit-v.121/src/polkit/meson.build	2022-07-13 23:11:05.333520578 +0200
+@@ -77,13 +77,11 @@
+ c_flags = '-D_POLKIT_COMPILATION'
+ 
+ if enable_logind
+-  sources += 'polkitunixsession-systemd.c'
+-
+   deps += logind_dep
+-else
+-  sources += 'polkitunixsession.c'
+ endif
+ 
++  sources += 'polkitunixsession.c'
++
+ libpolkit_gobject = shared_library(
+   name,
+   sources: sources,
+diff -ur polkit-v.121.orig/src/polkitbackend/meson.build polkit-v.121/src/polkitbackend/meson.build
+--- polkit-v.121.orig/src/polkitbackend/meson.build	2022-07-11 10:46:06.000000000 +0200
++++ polkit-v.121/src/polkitbackend/meson.build	2022-07-13 23:05:09.917827287 +0200
+@@ -43,12 +43,9 @@
+ endif
+ 
+ if enable_logind
+-  sources += files('polkitbackendsessionmonitor-systemd.c')
+-
+   deps += logind_dep
+-else
+-  sources += files('polkitbackendsessionmonitor.c')
+ endif
++  sources += files('polkitbackendsessionmonitor.c')
+ 
+ libpolkit_backend = static_library(
+   name,