Commit Graph

79 Commits

Author SHA1 Message Date
Nick Cao
479329611e
polkit: fix build with meson 0.61 2022-03-13 12:16:17 +08:00
Martin Weinelt
08a80b7b00
polkit: Patch unauthenticated file descriptor leak
https://gitlab.freedesktop.org/polkit/polkit/-/issues/170
https://www.openwall.com/lists/oss-security/2022/02/18/1

Fixes: CVE-2021-4115
2022-02-18 19:49:52 +01:00
Martin Weinelt
bd3256cf4f polkit: fix local priviledge escalation in pkexec
> We discovered a Local Privilege Escalation (from any user to root) in
> polkit's pkexec, a SUID-root program that is installed by default on
> every major Linux distribution

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

Fixes: CVE-2021-4034
2022-01-25 11:55:05 -08:00
Joerie de Gram
649a7d75b4 polkit: disable gtkdoc when cross compiling 2022-01-16 23:57:01 +01:00
Jan Tojnar
3b916a6b78 polkit: fix hash 2021-11-01 14:53:13 +01:00
Jan Tojnar
595c25f105 polkit: Fix regression in paths in pkg-config file
resulting from discrepancy between Meson and Autotools build systems.
2021-11-01 14:51:57 +01:00
Jan Tojnar
527b98a125 polkit: port to Meson
Autotools build will be removed in the next release.

Examples are no longer installed.

Musl patch does not work.
2021-10-31 05:05:16 +01:00
Jan Tojnar
54417ca863 polkit: 0.119 → 0.120
https://lists.freedesktop.org/archives/polkit-devel/2021-October/000608.html
2021-10-31 03:45:42 +01:00
Jan Tojnar
e6b0796129 polkit: format the expression
Use lib.optionals instead of lib.optional, move phases to the bottom, have one input per line.
2021-10-31 03:45:42 +01:00
Yureka
d4c85edba9 polkit: fix musl build
Update patches and make them unconditional to prevent rot.
Also do not make systemd support dependent on musl.
2021-10-20 12:57:34 +02:00
Rahul Rameshbabu
5aecb4202d polkit: 0.118 -> 0.119
The 0.119 release of polkit integrates the following changes, so the
patches implemented to incorporate these changes are no longer needed.

    * 273357a395
    * https://gitlab.freedesktop.org/polkit/polkit/-/blob/0.119/src/polkit/polkitsystembusname.c#L438-440

Fixes: CVE-2021-3560 without a patch
2021-06-28 07:46:34 -07:00
Martin Weinelt
26ac1d5db9
polkit: Fix local privilege escalation vulnerability
Fixes a local privilege escalation using polkit_system_bus_name_get_creds_sync()

Fixes: CVE-2021-3560
2021-06-03 21:31:57 +02:00
Jan Tojnar
0420282780
treewide maintainers: add teams.{freedesktop,gnome} 2021-05-07 15:36:40 +02:00
Vladimír Čunát
9f054b5e1a
treewide: remove worldofpeace from meta.maintainers
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
2021-05-07 15:36:40 +02:00
Ben Siraphob
66e44425c6 pkgs/development/libraries: stdenv.lib -> lib 2021-01-21 19:11:02 -08:00
Jonathan Ringer
9bb3fccb5b treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
continuation of #109595

pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.

python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00
Florian Klink
4f087a608e polkit: don't build with gobject-introspection when cross-compiling
gobject-introspection doesn't currently cross-compile (see
https://github.com/NixOS/nixpkgs/pull/88222), but polkit is somewhat
essential for many system components.

By disabling gobject-introspection when cross-compiling, we get it to
build.
2021-01-01 23:11:53 +01:00
Arnout Engelen
025af7c4f5
polkit: 0.116 -> 0.118 (#103998) 2020-11-17 11:15:30 +01:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jan Tojnar
4cb7f43d3a
polkit: rename misleading flag
gobject-introspection has nothing to do with graphical systems or GNOME, it is needed for language bindings like Python.
2019-12-01 02:18:00 +01:00
Niklas Hambüchen
504199e48a polkit: Don't build elogind on non-Linux.
In #72057 I added support for elogind when systemd is not supported,
but it occurred to me that it probably doens't make sense to have
either of systemd or elogind on Darwin.
2019-11-20 23:23:46 +01:00
Jan Tojnar
70c0c48970
Merge branch 'staging-next' into staging 2019-11-01 02:58:40 +01:00
Niklas Hambüchen
62fbcea807
Merge pull request #72057 from nh2/polkit-musl-elogind
musl support for polkit, add elogind
2019-10-31 17:05:42 +01:00
Niklas Hambüchen
1ca49b80cb polkit: Disable systemd support on musl, it needs elogind there 2019-10-31 16:47:00 +01:00
Niklas Hambüchen
6b7f343121
Merge pull request #72301 from nh2/polkit-stable-patch-url
polkit: Fix unstable patch URL
2019-10-30 16:27:10 +01:00
Niklas Hambüchen
0e10ad926d polkit: Fix unstable patch URL.
Unmerged upstream merge requests can change when iterated on!
2019-10-30 14:53:09 +01:00
worldofpeace
81220cff1e polkit: add worldofpeace to maintainers 2019-10-28 20:41:36 -04:00
worldofpeace
e570377f52 polkit: drop obsolete comments, whitespace 2019-10-05 07:10:11 -04:00
worldofpeace
670c000eb9 polkit: drop -Wno-deprecated-declarations
appears to be uneeded.
2019-10-05 07:09:36 -04:00
worldofpeace
a61db21b36 polkit: propagate glib
polkit-gobject-1.pc has glib in Requires, and polkit-agent-1.pc
requires polkit-gobject-1.
2019-10-05 07:08:51 -04:00
worldofpeace
9d0e05233f polkit: Move D-Bus conf file to share/dbus-1/system.d
Since D-Bus 1.9.18 configuration files installed by third-party should
go in share/dbus-1/system.d. The old location is for sysadmin overrides.
2019-09-16 13:59:09 -04:00
volth
f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Will Dietz
eeff4eda14 polkit: 0.115 -> 0.116
* now uses mozjs60
* drop CVE patches included in release

* pname-ify
* use flag arrays and placeholder
2019-04-27 07:02:36 +02:00
Michael Eden
d8d8a9cddb polkit: optional introspection and cross compilation fixes 2019-04-16 19:03:22 +02:00
worldofpeace
7da64c9fbe polkit: fix CVE-2019-6133
Jann Horn of Google found that Polkit doesn't properly check
if a process is already authenticated, which can lead to an
authentication reuse by a different user[0]. See also [1]

Closes #55391

[0]: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
[1]: https://gitlab.freedesktop.org/polkit/polkit/issues/75
2019-02-07 18:07:08 -05:00
Jörg Thalheim
1b146a8c6f
treewide: remove paxutils from stdenv
More then one year ago we removed grsecurity kernels from nixpkgs:
https://github.com/NixOS/nixpkgs/pull/25277

This removes now also paxutils from stdenv.
2018-12-22 12:55:05 +01:00
c0bw3b
a14af16cfc polkit: add patch for CVE-2018-19788
unprivileged users with UID > INT_MAX can successfully execute any systemctl command
Original issue: https://gitlab.freedesktop.org/polkit/polkit/issues/74
2018-12-07 19:35:43 +01:00
Jan Tojnar
a51a99c690
gobject-introspection: rename package
camelCase package name was a huge inconsistency in GNOME package set.
2018-12-02 12:42:29 +01:00
Markus Kowalewski
0320769991
polkit: add license 2018-08-18 00:12:55 +02:00
Uli Baum
6840ae4aee polkit: 0.114 -> 0.115 2018-08-02 21:33:35 +02:00
Symphorien Gibol
2a51780f2c polkit: 0.113 -> 0.114 2018-07-08 22:33:29 +02:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
Matthew Justin Bauer
bad3800307
polkit: fix paxmark script 2018-06-16 21:24:27 -04:00
Matthew Bauer
133cf0ce1b polkit: supports darwin
- apply musl patch unconditionally
- add doCheck arg
- make paxmark linux0nly
2018-06-15 22:57:44 -04:00
Jan Tojnar
a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Will Dietz
551f0702c2 polkit: patch to fix w/musl, POSIX 2018-02-13 09:44:56 -06:00
Dan Peebles
dfd300c81d treewide: s/pkgs.fedoraproject.org/src.fedoraproject.org/
Upstream killed the pkgs server but src continues to serve up the exact
same content, so we can just point there and all hashes should be unchanged.
2018-02-08 16:38:08 -05:00
John Ericson
abec0e7645 polkit: Recategorize some dependencies 2017-09-21 15:49:54 -04:00
Nikolay Amiantov
e7fa6220d6 polkit: add patches from Fedora
This fixes few leaks and adds ITS description files which are needed for some
reverse dependencies.
2017-05-25 19:07:21 +03:00
Vladimír Čunát
96d41e393d
treewide: purge maintainers.urkud
It's sad, but he's been inactive for the last five years.
Keeping such people in meta.maintainers is counter-productive.
2017-03-27 19:52:29 +02:00