[gnome-build-meta/alatiera/polkit-setuid] polkit: backport fd.o patch to fix setuid issue

From: Jordan Petridis <jpetridis src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-build-meta/alatiera/polkit-setuid] polkit: backport fd.o patch to fix setuid issue
Date: Thu, 15 Sep 2022 13:20:32 +0000 (UTC)


commit d4bd0595d8cc4c83b119ece7a7bcbe3721fc1c56
Author: Jordan Petridis <jordan centricular com>
Date:   Thu Sep 15 16:20:04 2022 +0300

    polkit: backport fd.o patch to fix setuid issue

 elements/freedesktop-sdk.bst     |  2 ++
 files/freedesktop-sdk/9688.patch | 47 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)
---
diff --git a/elements/freedesktop-sdk.bst b/elements/freedesktop-sdk.bst
index c94c13864..525660cb7 100644
--- a/elements/freedesktop-sdk.bst
+++ b/elements/freedesktop-sdk.bst
@@ -6,6 +6,8 @@ sources:
   track-tags: true
 - kind: patch
   path: files/freedesktop-sdk/9576.patch
+- kind: patch
+  path: files/freedesktop-sdk/9688.patch
 config:
   options:
     target_arch: '%{arch}'
diff --git a/files/freedesktop-sdk/9688.patch b/files/freedesktop-sdk/9688.patch
new file mode 100644
index 000000000..5674062ec
--- /dev/null
+++ b/files/freedesktop-sdk/9688.patch
@@ -0,0 +1,47 @@
+From 20b2d956e1a85512988ba276bc247d3796a6cee8 Mon Sep 17 00:00:00 2001
+From: Jordan Petridis <jordan centricular com>
+Date: Thu, 15 Sep 2022 16:17:31 +0300
+Subject: [PATCH] components/polkit: Move the initial script from -base to
+ polkit.bst
+
+Close #1475
+---
+ elements/components/polkit-base.bst | 6 ------
+ elements/components/polkit.bst      | 7 +++++++
+ 2 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/elements/components/polkit-base.bst b/elements/components/polkit-base.bst
+index 0d7127ebc2..2df038699e 100644
+--- a/elements/components/polkit-base.bst
++++ b/elements/components/polkit-base.bst
+@@ -31,12 +31,6 @@ config:
+       install -D -m 644 extra/sysusers.conf %{install-root}/$SYSUSERSDIR/polkit.conf
+ 
+ public:
+-  initial-script:
+-    script: |
+-      #!/bin/bash
+-      sysroot="${1}"
+-      chmod 4755 "${sysroot}%{indep-libdir}/polkit-1/polkit-agent-helper-1"
+-      chmod 4755 "${sysroot}%{bindir}/pkexec"
+   cpe:
+     patches:
+     - CVE-2021-4034
+diff --git a/elements/components/polkit.bst b/elements/components/polkit.bst
+index 2f13194d5e..128bb572ac 100644
+--- a/elements/components/polkit.bst
++++ b/elements/components/polkit.bst
+@@ -13,3 +13,10 @@ config:
+   - polkit-gobject
+   include-orphans: true
+ 
++public:
++  initial-script:
++    script: |
++      #!/bin/bash
++      sysroot="${1}"
++      chmod 4755 "${sysroot}%{indep-libdir}/polkit-1/polkit-agent-helper-1"
++      chmod 4755 "${sysroot}%{bindir}/pkexec"
+-- 
+GitLab
+

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]