[gnome-build-meta/cherry-pick-14dac148] polkit: backport fd.o patch to fix setuid issue




commit 67111073eee959d48da3a7f90383ceb2662ec6aa
Author: Jordan Petridis <jordan centricular com>
Date:   Thu Sep 15 16:20:04 2022 +0300

    polkit: backport fd.o patch to fix setuid issue
    
    Part-of: <https://gitlab.gnome.org/GNOME/gnome-build-meta/-/merge_requests/1767>
    
    
    (cherry picked from commit 14dac14885b9a7cc7f03561d78d7974aa951acfb)

 elements/freedesktop-sdk.bst     |  2 ++
 files/freedesktop-sdk/9688.patch | 48 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
---
diff --git a/elements/freedesktop-sdk.bst b/elements/freedesktop-sdk.bst
index fdd6320b1..327525515 100644
--- a/elements/freedesktop-sdk.bst
+++ b/elements/freedesktop-sdk.bst
@@ -7,6 +7,8 @@ sources:
   ref: freedesktop-sdk-22.08.1-0-gd84e392b8b10845ea895ed0dbe72c58d8a81edce
 - kind: patch
   path: files/freedesktop-sdk/9576.patch
+- kind: patch
+  path: files/freedesktop-sdk/9688.patch
 config:
   options:
     target_arch: '%{arch}'
diff --git a/files/freedesktop-sdk/9688.patch b/files/freedesktop-sdk/9688.patch
new file mode 100644
index 000000000..c68555ff5
--- /dev/null
+++ b/files/freedesktop-sdk/9688.patch
@@ -0,0 +1,48 @@
+From 3c83706e2c3bd0588d541ff735f42c2c9ee355c7 Mon Sep 17 00:00:00 2001
+From: Jordan Petridis <jordan centricular com>
+Date: Thu, 15 Sep 2022 16:17:31 +0300
+Subject: [PATCH] components/polkit: Move the initial script from -base to
+ polkit.bst
+
+Close #1475
+---
+ elements/components/polkit-base.bst | 6 ------
+ elements/components/polkit.bst      | 8 ++++++++
+ 2 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/elements/components/polkit-base.bst b/elements/components/polkit-base.bst
+index dd7365972..fb99ff1eb 100644
+--- a/elements/components/polkit-base.bst
++++ b/elements/components/polkit-base.bst
+@@ -31,12 +31,6 @@ config:
+       install -D -m 644 extra/sysusers.conf %{install-root}/$SYSUSERSDIR/polkit.conf
+ 
+ public:
+-  initial-script:
+-    script: |
+-      #!/bin/bash
+-      sysroot="${1}"
+-      chmod 4755 "${sysroot}%{indep-libdir}/polkit-1/polkit-agent-helper-1"
+-      chmod 4755 "${sysroot}%{bindir}/pkexec"
+   cpe:
+     patches:
+     - CVE-2021-4034
+diff --git a/elements/components/polkit.bst b/elements/components/polkit.bst
+index 4f0dc6a8c..128bb572a 100644
+--- a/elements/components/polkit.bst
++++ b/elements/components/polkit.bst
+@@ -12,3 +12,11 @@ config:
+   exclude:
+   - polkit-gobject
+   include-orphans: true
++
++public:
++  initial-script:
++    script: |
++      #!/bin/bash
++      sysroot="${1}"
++      chmod 4755 "${sysroot}%{indep-libdir}/polkit-1/polkit-agent-helper-1"
++      chmod 4755 "${sysroot}%{bindir}/pkexec"
+-- 
+2.37.2
+


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]