From 169d7bccc02da43f8574d030502cfcf9308f505f Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Fri, 5 Jan 2024 11:33:25 -0600 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-raspberrypi: fde68b24f0..4c033eb074: Harunobu Kurokawa (1): rpi-cmdline, rpi-u-boot-src: Support USB boot meta-arm: 0b61cc659a..4d22f982bc: Debbie Martin (2): arm-systemready: Add parted dependency and inherit testimage ci: Add Arm SystemReady firmware and IR ACS builds Harsimran Singh Tungal (3): arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions corstone1000:arm-bsp/optee: Update optee to v4.0 corstone1000:arm-bsp/tftf: Fix tftf tests on mps3 Jon Mason (5): arm/trusted-firmware-a: move patch file to bbappend arm/trusted-firmware-a: update to 2.10 arm/hafnium: update to v2.10 CI: rename meta-secure-core directory arm/edk2: update to 202311 Ross Burton (1): CI: switch back to master poky: 028b6f6226..4675bbb757: Adrian Freihofer (4): cmake-qemu.bbclass: make it more usable oe-selftest: add a cpp-example recipe oeqa/core/decorator: add skip if not qemu-usermode oe-selftest: add tests for C and C++ build tools Alassane Yattara (22): bitbake: toaster/test: bug-fix on tests/browser/test_all_builds_page bitbake: toaster/test: from test_no_builds_message.py wait for the empty state div to appear bitbake: toaster/test: delay driver action until elements to appear bitbake: toaster/tests: Ensure to kill toaster process create for tests functional bitbake: toaster/tests: Added functional/utils, contains useful methods using by functional tests bitbake: toaster/tests: Refactorize tests/functional bitbake: toaster/tests: Bug fixes, functional tests dependent on each other bitbake: toaster/tests: Fixes warnings in autobuilder bitbake: toaster/tests: bug-fix tests writing files into /tmp on the autobuilders bitbake: toaster/test: fix Copyright bitbake: toaster/tests: logging warning in console, trying to kill unavailable Runbuilds process bitbake: toaster/tests: Removed all time.sleep occurrence bitbake: toaster/tests: Bug-Fix testcase functional/test_project_page_tab_config.py bitbake: toaster/tests: bug-fix element click intercepted in browser/test_layerdetails_page.py bitbake: toaster/tests: Update tests/functional/functional_helpers test_functional_basic bitbake: toaster/tests: Fixes functional tests warning on autobuilder bitbake: toaster/tests: Bug-fix test_functional_basic, delay driver actions bitbake: toaster/tests: bug-fix An element matching "#projectstable" should be visible bitbake: toaster/tests: bug-fix An element matching "#lastest_builds" should be on the page bitbake: toaster/tests: Skip to show more then 100 item in ToasterTable bitbake: toaster/tests: Bug-fix "#project-created-notification" should be visible bitbake: toaster/toastergui: Bug-fix verify given layer path only if import/add local layer Alex Bennée (1): qemurunner: more cleanups for output blocking Alex Kiernan (17): cargo: Rename MANIFEST_PATH -> CARGO_MANIFEST_PATH cargo: Move CARGO_MANIFEST_PATH/CARGO_SRC_DIR to cargo_common rust: cargo: Convert single-valued variables to weak defaults cargo: Add CARGO_LOCK_PATH for path to Cargo.lock rust: Upgrade 1.70.0 -> 1.71.0 rust: Upgrade 1.71.0 -> 1.71.1 sstate-cache-management: Rewrite in python devtool: selftest: Fix test_devtool_modify_git_crates_subpath inequality devtool: selftest: Fix test_devtool_modify_git_crates_subpath bbappend check meta-selftest: hello-rs: Simple rust test recipe devtool: selftest: Swap to hello-rs for crates testing zvariant: Drop recipe rust: Upgrade 1.71.1 -> 1.72.0 rust: Upgrade 1.72.0 -> 1.72.1 rust: Upgrade 1.72.1 -> 1.73.0 rust: Upgrade 1.73.0 -> 1.74.0 rust: Upgrade 1.74.0 -> 1.74.1 Alexander Kanavin (21): selftest/sstatetest: print output from bitbake with actual newlines, not \n selftest/sstatetests: do not delete custom $TMPDIRs under build-st when testing printdiff sstatesig/find_siginfo: special-case gcc-source when looking in sstate caches oeqa/selftest/sstatetests: re-work CDN tests, add local cache tests gobject-introspection: depend on setuptools to obtain distutils module libcap-ng-python: depend on setuptools to obtain distutils copy dnf: remove obsolete python3-gpg dependency (provided by gpgme) gpgme: disable python support (until upstream fixes 3.12 compatibility) python3-setuptools-rust: remove distutils dependency python3-babel: replace distutils with setuptools, as supported by upstream python3-pip: remove distutils depedency glib-2.0: replace distutils dependency with setuptools python3-pytest-runner: remove distutils dependency python3-numpy: distutils is no longer required bitbake: bitbake/codeparser.py: address ast module deprecations in py 3.12 glibc-y2038-tests: do not run tests using 32 bit time APIs bitbake: bitbake/runqueue: add debugging for find_siginfo() calls bitbake: bitbake-diffsigs/runqueue: adapt to reworked find_siginfo() bitbake: bitbake/runqueue: prioritize local stamps over sstate signatures in printdiff sstatesig/find_siginfo: unify a disjointed API lib/sstatesig/find_siginfo: raise an error instead of returning None when obtaining mtime Alexander Lussier-Cullen (6): bitbake: toaster: fix pytest build test execution and test discovery bitbake: toaster: Add verbose printout for missing chrome(driver) dependencies bitbake: bitbake: toaster: add functional testing toaster error details bitbake: toaster/tests: Exit tests on chromedriver creation failure bitbake: toaster/tests: fix functional tests setup and teardown bitbake: toaster/tests: fix chrome argument syntax and wait for driver exit Alexandre Belloni (1): oeqa/selftest/recipetool: stop looking for md5sum Anuj Mittal (9): sqlite3: upgrade 3.44.0 -> 3.44.2 base-passwd: upgrade 3.6.2 -> 3.6.3 bluez5: upgrade 5.70 -> 5.71 glib-2.0: upgrade 2.78.1 -> 2.78.3 glib-networking: upgrade 2.76.1 -> 2.78.0 puzzles: upgrade to latest revision stress-ng: upgrade 0.17.01 -> 0.17.03 libusb1: fix upstream version check enchant2: upgrade 2.6.2 -> 2.6.4 Archana Polampalli (1): bluez5: fix CVE-2023-45866 Bruce Ashfield (31): linux-yocto/6.5: cfg: split runtime and symbol debug linux-yocto/6.5: update to v6.5.11 linux-yocto/6.1: update to v6.1.62 linux-yocto-dev: bump to v6.7 linux-yocto/6.5: update to v6.5.12 linux-yocto/6.5: update to v6.5.13 linux-yocto/6.1: update to v6.1.65 linux-yocto/6.1: drop removed IMA option linux-yocto/6.5: drop removed IMA option linux-yocto-rt/6.1: update to -rt18 linux-yocto/6.1: update to v6.1.66 linux-yocto/6.1: update to v6.1.67 linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector linux-yocto/6.1: update to v6.1.68 oeqa/runtime/parselogs: add qemux86 ACPI ignore for kernel v6.6+ linux-libc-headers: update to v6.6-lts linux-yocto: introduce 6.6 reference kernel linux-yocto/6.6: fix AB-INT: QEMU kernel panic: No irq handler for vector linux-yocto-rt/6.6: fix CVE exclusion include linux-yocto/6.6: update CVE exclusions linux-yocto/6.6: update to v6.6.8 linux-yocto/6.1: update to v6.1.69 linux-yocto/6.5: drop 6.5 recipes linux-yocto-rt/6.6: correct meta data branch linux-yocto/6.6: update to v6.6.9 linux-yocto/6.6: update CVE exclusions linux-yocto/6.1: update to v6.1.70 linux-yocto/6.1: update CVE exclusions linux-yocto/6.6: ARM fix configuration audit warning linux-yocto/6.6: arm: jitter entropy backport poky/poky-tiny: make 6.6 the default kernel Changqing Li (1): man-pages: remove conflict pages Chen Qi (1): devtool: use straight print in check-upgrade-status output Clay Chang (1): devtool: deploy: provide max_process to strip_execs Daniel Ammann (1): base: Unpack .7z files with p7zip Deepthi Hemraj (1): autoconf: Add missing perl modules to RDEPENDS Dhairya Nagodra (2): cve-update-nvd2-native: faster requests with API keys cve-update-nvd2-native: increase the delay between subsequent request failures Eilís 'pidge' Ní Fhlannagáin (3): useradd: Fix issues with useradd dependencies useradd: Add testcase for bugzilla issue (currently disabled) usergrouptests.py: Add test for switching between static-ids Enrico Scholz (1): tcp-wrappers: drop libnsl2 build dependency Etienne Cordonnier (2): gdb/systemd: enable minidebuginfo support conditionally manuals: document minidebuginfo Fabio Estevam (3): libdrm: Upgrade to 2.4.119 kmscube: Upgrade to latest revision bmap-tools: Upgrade to 3.7 Hongxu Jia (2): socat: 1.7.4.4 -> 1.8.0.0 man-db: 2.11.2 -> 2.12.0 Jason Andryuk (3): linux-firmware: Package iwlwifi .pnvm files linux-firmware: Change bnx2 packaging linux-firmware: Create bnx2x subpackage Jeremy A. Puhlman (1): create-spdx-2.2: combine spdx can try to write before dir creation Jermain Horsman (2): lib/bblayers/makesetup.py: Remove unused imports lib/bblayers/buildconf.py: Remove unused imports/variables Jose Quaresma (2): go: update 1.20.10 -> 1.20.11 go: update 1.20.11 -> 1.20.12 Joshua Watt (11): bitbake: bitbake-hashserv: Add description of permissions bitbake.conf: Add runtimedir rpcbind: Specify state directory under /run libinput: Add packageconfig for tests ipk: Switch to using zstd compression lib/oe/path.py: Add relsymlink() lib/packagedata.py: Fix broken symlinks for providers with a '/' bitbake: contrib/vim: Syntax improvements classes-global/sstate: Fix variable typo lib/packagedata.py: Add API to iterate over rprovides classes-global/insane: Look up all runtime providers for file-rdeps Julien Stephan (19): recipetool: create_buildsys_python.py: initialize metadata recipetool: create: add trailing newlines recipetool: create: add new optional process_url callback for plugins recipetool: create_buildsys_python: add pypi support oeqa/selftest/recipetool: remove spaces on empty lines oeqa/selftest/recipetool/devtool: add test for pypi class recipetool: appendsrcfile(s): add dry-run mode recipeutils: bbappend_recipe: fix undefined variable recipeutils: bbappend_recipe: fix docstring recipeutils: bbappend_recipe: add a way to specify the name of the file to add recipeutils: bbappend_recipe: remove old srcuri entry if parameters are different recipetool: appendsrcfile(s): use params instead of extraline recipeutils: bbappend_recipe: allow to patch the recipe itself recipetool: appendsrcfile(s): add a mode to update the recipe itself oeqa/selftest/recipetool: appendsrfile: add test for machine oeqa/selftest/recipetool: appendsrc: add test for update mode oeqa/selftest/recipetool: add back checksum checks on pypi tests oeqa/selftest/recipetool: remove left over from development oeqa/selftest/recipetool: fix metadata corruption on meta layer Kevin Hao (2): beaglebone-yocto: Remove the redundant kernel-devicetree beaglebone-yocto: Remove the obsolete variables for uImage Khem Raj (13): tiff: Backport fixes for CVE-2023-6277 kmod: Fix build with latest musl elfutils: Use own basename API implementation util-linux: Fix build with latest musl sysvinit: Include libgen.h for basename API attr: Fix build with latest musl opkg: Use own version of portable basename function util-linux: Delete md-raid tests gdb: Update to gdb 14.1 release systemd: Fix build with latest musl qemu: Fix build with latest musl qemu: Add packageconfig knob to enable pipewire support weston: Include libgen.h for basename Lee Chee Yang (5): migration-guides: reword fix in release-notes-4.3.1 migration-guides: add release notes for 4.0.15 perlcross: update to 1.5.2 perl: 5.38.0 -> 5.38.2 curl: update to 8.5.0 Lucas Stach (1): mesa: upgrade 23.2.1 -> 23.3.1 Ludovic Jozeau (1): image-live.bbclass: LIVE_ROOTFS_TYPE support compression Lukas Funke (1): selftest: wic: add test for zerorize option of empty plugin Malte Schmidt (1): wic: extend empty plugin with options to write zeros to partiton Markus Volk (3): gtk4: upgrade 4.12.3 -> 4.12.4 libadwaita: update 1.4.0 -> 1.4.2 appstream: Upgrade 0.16.3 -> 1.0.0 Marlon Rodriguez Garcia (5): bitbake: toaster/tests: Update build test bitbake: toaster: Added new feature to import eventlogs from command line into toaster using replay functionality bitbake: toaster: remove test and update setup to avoid rebuilding image bitbake: toaster: Commandline build import table improvements bitbake: toaster: Added validation to stop import if there is a build in progress Marta Rybczynska (1): bitbake: toastergui: verify that an existing layer path is given Massimiliano Minella (1): zstd: fix LICENSE statement Michael Opdenacker (8): test-manual: text and formatting fixes test-manual: resource updates test-manual: use working example test-manual: add links to python unittest test-manual: explicit or fix file paths test-manual: add or improve hyperlinks dev-manual: runtime-testing: fix test module name poky.conf: update SANITY_TESTED_DISTROS to match autobuilder Mikko Rapeli (1): runqemu: match .rootfs. in addition to -image- for rootfs Ming Liu (1): grub: fs/fat: Don't error when mtime is 0 Mingli Yu (2): python3-license-expression: Fix the ptest failure ptest-packagelists.inc: Add python3-license-expression Pavel Zhukov (2): bitbake: utils: Do not create directories with ${ in the name oeqa/selftest/bbtests: Add test for unexpanded variables in the dirname Peter Kjellerstedt (11): oeqa/selftest/devtool: Correct git clone of local repository oeqa/selftest/devtool: Avoid global Git hooks when amending a patch oeqa/selftest/devtool: Make test_devtool_load_plugin more resilient oeqa/selftest/recipetool: Make test_recipetool_load_plugin more resilient lib/oe/recipeutils: Avoid wrapping any SRC_URI[sha*sum] variables recipetool: create: Improve identification of licenses recipetool: create: Only include the expected SRC_URI checksums devtool: upgrade: Update all existing checksums for the SRC_URI devtool: modify: Make --no-extract work again devtool: modify: Handle recipes with a menuconfig task correctly dev-manual: Discourage the use of SRC_URI[md5sum] Peter Marko (1): dtc: preserve version also from shallow git clones Philip Balister (1): sanity.bbclass: Check for additional native perl modules. Renat Khalikov (1): python3-maturin: Add missing space appending to CFLAGS Richard Purdie (41): bitbake: runqueue: Improve inter setscene task dependency handling bitbake: bb/toaster: Fix assertEquals deprecation warnings bitbake: toaster: Fix assertRegexpMatches deprecation warnings bitbake: toastermain/settings: Avoid python filehandle closure warnings bitbake: toastergui: Fix regex markup issues bitbake: bitbake: Move to version 2.6.1 to mark runqueue changes bitbake: toaster-eventreplay: Remove ordering assumptions sanity.conf: Require bitbake 2.6.1 for recent runqueue change sstate: Remove unneeded code from setscene_depvalid() related to useradd oeqa/runtime/systemd: Ensure test runs only on systemd images bitbake: toaster: Update to use qemux86-64 machine by default bitbake: toaster/tests/builds: Add BB_HASHSERVE passthrough pseudo: Update to pull in syncfs probe fix useradd: Fix useradd do_populate_sysroot dependency bug sstate: Fix dir ownership issues in SSTATE_DIR oeqa/sstatetests: Disable gcc source printdiff test for now build-appliance-image: Update to master head revision bitbake: utils: Fix mkdir with PosixPath bitbake: runqueue: Remove tie between rqexe and starts_worker build-appliance-image: Update to master head revision testimage: Exclude wtmp from target-dumper commands qemurunner: Improve stdout logging handling qemurunner: Improve handling of serial port output blocking oeqa/selftest/overlayfs: Don't overwrite DISTRO_FEATURES testimage: Drop target_dumper and most of monitor_dumper oeqa/selftest/overlayfs: Fix whitespace qemu: Clean up DEPENDS qemu: Ensure pip and the python venv aren't used for meson curl: Disable two intermittently failing tests linux/cve-exclusion6.1: Update to latest kernel point release lib/prservice: Improve lock handling robustness oeqa/selftest/prservice: Improve test robustness scripts: Drop shell sstate-cache-management oeqa/selftest/sstatetests: Update sstate management script tests to python script curl: Disable test 1091 due to intermittent failures bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9 bitbake: bitbake: Post release version bump to 2.7.0 bitbake: siggen: Ensure version of siggen is verified bitbake: bitbake: Version bump for find_siginfo chanages sstatesig: Add version information for find_sigingfo sanity: Require bitbake 2.7.1 Robert Berger (1): uninative-tarball.xz - reproducibility fix Robert Yang (5): gettext: Upgrade 0.22.3 -> 0.22.4 nfs-utils: Upgrade 2.6.3 -> 2.6.4 archiver.bbclass: Improve work-shared checking nfs-utils: Update Upstream-Status archiver.bbclass: Drop tarfile module to improve performance Ross Burton (23): avahi: update URL for new project location oeqa/runtime/parselogs: load ignores from disk oeqa/runtime/parselogs: migrate ignores meta-yocto-bsp/oeqa/parselogs: add BSP-specific ignores linux-yocto: update CVE exclusions genericx86: remove redundant assignments images: remove redundant IMAGE_BASENAME assignments insane: ensure more paths have the workdir removed tcl: skip timing-dependent tests in run-ptest qemurunner: remove unused import go: set vendor in CVE_PRODUCT runqemu: add qmp socket support linux-yocto: update CVE exclusions tcl: skip async and event tests in run-ptest images: add core-image-initramfs-boot machine/arch-armv9: remove crc and sve tunes, they are mandatory python3: re-enable profile guided optimisation openssl: mark assembler sections as call targets for PAC/BTI support on aarch64 nativesdk: ensure features don't get backfilled nativesdk: don't unset MACHINE_FEATURES, let machine-sdk/ set it conf/machine-sdk: declare qemu-usermode SDK_MACHINE_FEATURE libseccomp: remove redundant PV assignment oeqa/parselogs-ignores-qemuarmv5: add comments and organise Saul Wold (1): package.py: OEHasPackage: Add MLPREFIX to packagename Shubham Kulkarni (1): tzdata: Upgrade to 2023d Simone Weiß (2): manuals: brief-yoctoprojectqs: align variable order with default local.conf patchtest: Add test for deprecated CVE_CHECK_IGNORE Soumya Sambu (1): ncurses: Fix - tty is hung after reset Sundeep KOKKONDA (1): rust: rustdoc reproducibility issue fix - disable PGO Tim Orling (12): python3-bcrypt: upgrade 4.0.1 -> 4.1.1 python3-pygments: upgrade 2.16.1 -> 2.17.2 recipetool: pypi: do not clobber SRC_URI checksums python3-setuptools-rust: BBCLASSEXTEND + nativesdk python3-maturin: add v1.4.0 python3-maturin: bzip2-sys reproduciblility classes-recipe: add python_maturin.bbclass recipetool: add python_maturin support oe-selfest: add maturn runtime (testimage) test oeqa: add simple 'maturin' SDK (testsdk) test case oeqa: add "maturin develop" SDK test case oeqa: add runtime 'maturin develop' test case Tom Rini (1): inetutils: Update to the 2.5 release Trevor Gamblin (1): scripts/runqemu: fix regex escape sequences Victor Kamensky (5): systemtap: upgrade 4.9 -> 5.0 systemtap: do not install uprobes and uprobes sources systemtap-uprobes: removed as obsolete systemtap: explicit handling debuginfod library dependency systemtap: fix libdebuginfod auto detection logic Vijay Anusuri (1): avahi: backport CVE-2023-1981 & CVE's follow-up patches Viswanath Kraleti (2): image-uefi.conf: Add EFI_UKI_PATH variable systemd-boot: Add recipe to compile native Wang Mingyu (38): kbd: upgrade 2.6.3 -> 2.6.4 libatomic-ops: upgrade 7.8.0 -> 7.8.2 libnl: upgrade 3.8.0 -> 3.9.0 libseccomp: upgrade 2.5.4 -> 2.5.5 libva-utils: upgrade 2.20.0 -> 2.20.1 dnf: upgrade 4.18.1 -> 4.18.2 gpgme: upgrade 1.23.1 -> 1.23.2 kea: upgrade 2.4.0 -> 2.4.1 opkg-utils: upgrade 0.6.2 -> 0.6.3 repo: upgrade 2.39 -> 2.40 sysstat: upgrade 12.7.4 -> 12.7.5 p11-kit: upgrade 0.25.2 -> 0.25.3 python3-babel: upgrade 2.13.1 -> 2.14.0 python3-dbusmock: upgrade 0.29.1 -> 0.30.0 python3-hatchling: upgrade 1.18.0 -> 1.20.0 python3-hypothesis: upgrade 6.90.0 -> 6.92.1 python3-importlib-metadata: upgrade 6.8.0 -> 7.0.0 python3-license-expression: upgrade 30.1.1 -> 30.2.0 python3-pathspec: upgrade 0.11.2 -> 0.12.1 python3-pip: upgrade 23.3.1 -> 23.3.2 python3-psutil: upgrade 5.9.6 -> 5.9.7 python3-pytest-runner: upgrade 6.0.0 -> 6.0.1 python3-trove-classifiers: upgrade 2023.11.22 -> 2023.11.29 python3-typing-extensions: upgrade 4.8.0 -> 4.9.0 python3-wcwidth: upgrade 0.2.11 -> 0.2.12 ttyrun: upgrade 2.29.0 -> 2.30.0 xwayland: upgrade 23.2.2 -> 23.2.3 diffoscope: upgrade 252 -> 253 iputils: upgrade 20221126 -> 20231222 gstreamer1.0: upgrade 1.22.7 -> 1.22.8 dhcpcd: upgrade 10.0.5 -> 10.0.6 fontconfig: upgrade 2.14.2 -> 2.15.0 python3-setuptools: upgrade 69.0.2 -> 69.0.3 python3-dbusmock: upgrade 0.30.0 -> 0.30.1 python3-hatchling: upgrade 1.20.0 -> 1.21.0 python3-importlib-metadata: upgrade 7.0.0 -> 7.0.1 python3-lxml: upgrade 4.9.3 -> 4.9.4 aspell: upgrade 0.60.8 -> 0.60.8.1 Yash Shinde (1): rust: Disable rust oe-selftest Yi Zhao (3): json-glib: upgrade 1.6.6 -> 1.8.0 psplash: upgrade to latest revision debianutils: upgrade 5.14 -> 5.15 Yoann Congal (2): lib/oe/patch: handle creating patches for CRLF sources strace: Disable bluetooth support by default Zang Ruochen (2): ell: upgrade 0.60 -> 0.61 musl: add typedefs for Elf64_Relr and Elf32_Relr Zoltan Boszormenyi (1): update_gtk_icon_cache: Fix for GTK4-only builds venkata pyla (1): wic: use E2FSPROGS_FAKE_TIME and hash_seed to generate reproducible ext4 images meta-openembedded: 5ad7203f68..7d8115d550: Alex Kiernan (7): mdns: Fix HOMEPAGE URL mbedtls: Upgrade 3.5.0 -> 3.5.1 c-ares: Upgrade 1.22.1 -> 1.24.0 mdns: Upgrade 2200.40.37.0.1 -> 2200.60.25.0.4 c-ares: Move to tarballs, add ptest and static support thin-provisioning-tools: Upgrade 1.0.4 -> 1.0.9 bearssl: Upgrade to latest Alexander Kanavin (29): python3-pyinotify: remove as unmaintained python3-supervisor: do not rely on smtpd module python3-meld3: do not rely on smtpd module python3-m2crypto: do not rely on smtpd module python3-uinput: remove as unmaintained python3-mcrypto: rely on setuptools for distutils copy python3-joblib: do not rely in distutils python3-web3: remove distutils dependency python3-cppy: remove unused distutils dependency python3-pyroute2: remove unused distutils dependency python3-eventlet: backport a patch to remove distutils dependency python3-unoconv: rely on setuptools to obtain distutils copy python3-astroid: remove unneeded distutils dependency python3-django: remove unneeded distutils dependency python3-pillow: remove unneeded distutils dependency python3-grpcio: update 1.56.2 -> 1.59.3 gstd: correctly delete files in do_install libplist: fix python 3.12 compatibility libcamera: skip until upstream resolves python 3.12 compatibility nodejs: backport (partially) python 3.12 support nodejs: backport (partially) python 3.12 support polkit: remove long obsolete 0.119 version mozjs-115: split the way-too-long PYTHONPATH line polkit: update mozjs dependency 102 -> 115 mozjs-115: backport py 3.12 compatibility mozjs-102: remove the recipe gthumb: update 3.12.2 -> 3.12.4 flatpak: do not rely on executables from the host bolt: package systemd units Archana Polampalli (1): cjson: upgrade 1.7.16 -> 1.7.17 Bruce Ashfield (1): zfs: update to 2.2.2 Changqing Li (2): postgresql: upgrade 15.4 -> 15.5 redis: upgrade 6.2.13 -> 6.2.14 Derek Straka (70): python3-greenlet: update to version 3.0.2 python3-ujson: update to version 5.9.0 python3-termcolor: update to version 2.4.0 python3-cmake: update to version 3.28.0 python3-pint: upgrade to 0.23 python3-gnupg: update to 0.5.2 python3-pyzmq: update to 25.1.2 python3-tox: update to version 4.11.4 python3-olefile: update to version 0.47 python3-distlib: update to version 0.3.8 python3-colorlog: update to version 6.8.0 python3-pymongo: update version to 4.6.1 python3-bandit: update to version 1.7.6 python3-gmqtt: update to version 0.6.13 python3-portion: update to version 2.4.2 python3-prompt-toolkit: update to version 3.0.43 python3-asyncinotify: update to version 4.0.4 python3-bitstring: update to version 4.1.4 python3-ipython: update to version 8.18.1 nginx: update versions for both the stable branch and mainline python3-portalocker: update to version 2.8.2 python3-astroid: update to version 3.0.2 python3-alembic: update to version 1.13.1 python3-pymisp: update to verion 2.4.182 python3-ninja: update to version 1.11.1.1 python3-coverage: update to version 7.3.4 python3-pdm: update to version 2.11.1 python3-paramiko: update to version 3.4.0 python3-zeroconf: update to version 0.131.0 python3-wtforms: update to version 3.1.1 python3-isort: update to version 5.13.2 python3-protobuf: update to version 4.25.1 python3-lazy-object-proxy: update to version 1.10.0 python3-cantools: update to version 39.4.0 python3-sentry-sdk: update to version 1.39.1 python3-xmlschema: update to version 2.5.1 python3-apiflask: update to version 2.1.0 python3-rapidjson: update to version 1.14 python3-bitarray: update to version 2.9.0 python3-pyfanotify: update to version 0.2.2 python3-eventlet: update to version 0.34.1 python3-flask-wtf: update to version 1.2.1 python3-grpcio: update to version 1.60.0 python3-grpcio-tools: update to version 1.60.0 python3-cmake: update to version 3.28.1 python3-flask-sqlalchemy: fix upstream uri check python3-wtforms: fix upstream uri and version check gyp: update to the latest commit python3-ipython-genutils: fix upstream uri and version check python3-flask: fix upstream uri and version check python3-wpa-supplicant: fix upstream uri and version check python3-uswid: update to version 0.4.7 python3-flask-wtf: fix upstream uri and version check python3-gspread: update to version 5.12.3 python3-pytest-html: update to version 4.1.1 python3-setuptools-scm-git-archive: remove obsolete package python3-pyroute2: update to version 0.7.10 python3-constantly: update to version 23.10.4 python3-mypy: update to version 1.8.0 python3-flask-jwt-extended: update to version 4.6.0 python3-greenlet: update to version 3.0.3 python3-web3: update to version 6.13.0 python3-parse: update to version 1.20.0 python3-kmod: add comment about update to version 0.9.2 python3-engineio: update to version 4.8.1 python3-sqlalchemy: update to version 2.0.24 python3-pdm-backend: update to version 2.1.8 python3-cantools: update to version 39.4.1 python3-argh: update to version 0.30.5 python3-dominate: update to version 2.9.1 Dmitry Baryshkov (2): android-tools: remove two Debianisms networkmanager: drop libnewt dependency Frederic Martinsons (3): crash: factorize recipe with inc file to prepare cross-canadian version crash: add cross canadian version crash: update to 8.0.4 Jan Vermaete (1): netdata: added Python as rdepends Jean-Marc BOUCHE (1): terminus-font: build compressed archives with -n Jose Quaresma (1): ostree: Upgrade 2023.7 -> 2023.8 Joshua Watt (1): redis: Create state directory in systemd service Jörg Sommer (1): i2cdev: New recipe with i2c tools Kai Kang (1): lvm2: 2.03.16 -> 2.03.22 Khem Raj (3): Revert "nodejs: backport (partially) python 3.12 support" Revert "libcamera: skip until upstream resolves python 3.12 compatibility" libcamera: Fix build with python 3.12 Leon Anavi (11): sip: Upgrade 6.7.12 -> 6.8.0 python3-expandvars: add recipe python3-frozenlist: upgrade 1.4.0 -> 1.4.1 python3-yarl: upgrade 1.9.2 -> 1.9.4 python3-coverage: upgrade 7.3.2 -> 7.3.3 python3-cycler: upgrade 0.11.0 -> 0.12.1 python3-aiohue: upgrade 4.6.2 -> 4.7.0 python3-sdbus: upgrade 0.11.0 -> 0.11.1 python3-zeroconf: upgrade 0.128.4 -> 0.130.0 python3-dominate: upgrade 2.8.0 -> 2.9.0 python3-rlp: upgrade 3.0.0 -> 4.0.0 Marek Vasut (1): faad2: Upgrade 2.10.0 -> 2.11.1 Markus Volk (3): wireplumber: update 0.4.15 -> 0.4.17 tracker: dont inherit gsettings gnome-software: update 45.1 -> 45.2 Martin Jansa (4): monocypher: pass LIBDIR to fix installed-vs-shipped QA issue with multilib rygel: fix build with gtk+3 PACKAGECONFIG disabled rygel: add x11 to DISTRO_FEATURES driverctl: fix installed-vs-shipped Meenali Gupta (1): nginx: upgrade 1.25.2 -> 1.25.3 Mingli Yu (2): mariadb: Upgrade to 10.11.6 tk: Remove buildpath issue Nathan BRIENT (1): cyaml: new recipe Niko Mauno (1): pkcs11-provider: Add recipe Ny Antra Ranaivoarison (1): python3-click-spinner: backport patch that fixes deprecated methods Patrick Wicki (1): poco: upgrade 1.12.4 -> 1.12.5p2 Petr Chernikov (1): abseil-cpp: remove -Dcmake_cxx_standard=14 flag from extra_oecmake Robert Yang (1): minifi-cpp: Fix do_configure error builder aarch64 Ross Burton (13): Remove unused SRC_DISTRIBUTE_LICENSES gspell: inherit gtk-doc gspell: update DEPENDS, switch iso-codes for icu librest: remove spurious build dependencies librest: inherit gtk-doc keybinder: use autotools-brokensep instead of setting B keybinder: disable gtk-doc documentation gtksourceview3: remove obsolete DEPENDS libgsf: remove obsolete DEPENDS evolution-data-server: remove obsolete intltool DEPENDS php: remove lemon-native build dependency lemon: upgrade to 3.44.2 renderdoc: no need to depend on vim-native Samuli Piippo (1): jasper: enable opengl only wih x11 Theodore A. Roth (1): python3-flask-sqlalchemy: upgrade 2.5.1 -> 3.1.1 Thomas Perrot (2): networkmanager: add missing modemmanager rdepends networkmanager: fix some missing pkgconfig Tim Orling (8): python3-pydantic-core: add v2.14.5 python3-annotated-types: add v0.6.0 python3-pydantic: fix RDEPENDS python3-dirty-equals: add v0.7.1 python3-pydantic-core: enable ptest python3-cloudpickle: add v3.0.0 python3-pydantic: enable ptest python3-yappi: upgrade 1.4.0 -> 1.6.0; fix ptests Wang Mingyu (61): python3-alembic: upgrade 1.12.1 -> 1.13.0 python3-ansi2html: upgrade 1.8.0 -> 1.9.1 python3-argcomplete: upgrade 3.1.6 -> 3.2.1 python3-dbus-fast: upgrade 2.15.0 -> 2.21.0 python3-django: upgrade 4.2.7 -> 5.0 python3-flask-restx: upgrade 1.2.0 -> 1.3.0 python3-google-api-core: upgrade 2.14.0 -> 2.15.0 python3-google-api-python-client: upgrade 2.108.0 -> 2.111.0 python3-googleapis-common-protos: upgrade 1.61.0 -> 1.62.0 python3-google-auth: upgrade 2.23.4 -> 2.25.2 python3-imageio: upgrade 2.33.0 -> 2.33.1 python3-isort: upgrade 5.12.0 -> 5.13.1 python3-path: upgrade 16.7.1 -> 16.9.0 python3-platformdirs: upgrade 4.0.0 -> 4.1.0 python3-pytest-asyncio: upgrade 0.22.0 -> 0.23.2 python3-sentry-sdk: upgrade 1.37.1 -> 1.39.0 python3-bitarray: upgrade 2.8.3 -> 2.8.5 python3-eth-keyfile: upgrade 0.6.1 -> 0.7.0 python3-eth-rlp: upgrade 0.3.0 -> 1.0.0 python3-fastnumbers: upgrade 5.0.1 -> 5.1.0 python3-pylint: upgrade 3.0.2 -> 3.0.3 python3-tornado: upgrade 6.3.3 -> 6.4 python3-traitlets: upgrade 5.13.0 -> 5.14.0 python3-types-setuptools: upgrade 68.2.0.2 -> 69.0.0.0 python3-virtualenv: upgrade 20.24.7 -> 20.25.0 python3-web3: upgrade 6.11.3 -> 6.12.0 python3-websocket-client: upgrade 1.6.4 -> 1.7.0 python3-zeroconf: upgrade 0.127.0 -> 0.128.4 ctags: upgrade 6.0.20231126.0 -> 6.0.20231210.0 gensio: upgrade 2.8.0 -> 2.8.2 hwdata: upgrade 0.376 -> 0.377 lvgl: upgrade 8.3.10 -> 8.3.11 gjs: upgrade 1.78.0 -> 1.78.1 ifenslave: upgrade 2.13 -> 2.14 libei: upgrade 1.1.0 -> 1.2.0 pkcs11-helper: upgrade 1.29.0 -> 1.30.0 strongswan: upgrade 5.9.12 -> 5.9.13 webkitgtk3: upgrade 2.42.2 -> 2.42.3 sip: upgrade 6.8.0 -> 6.8.1 paho-mqtt-cpp: upgrade 1.3.1 -> 1.3.2 dbus-cxx: upgrade 2.4.0 -> 2.5.0 exiftool: upgrade 12.70 -> 12.71 uftp: upgrade 5.0.2 -> 5.0.3 ctags: upgrade 6.0.20231210.0 -> 6.0.20231224.0 jasper: Fix install conflict when enable multilib. jq: upgrade 1.7 -> 1.7.1 libmbim: upgrade 1.31.1 -> 1.31.2 libqmi: upgrade 1.34.0 -> 1.35.1 opencl-headers: upgrade 2023.04.17 -> 2023.12.14 valijson: upgrade 1.0.1 -> 1.0.2 python3-apispec: upgrade 6.3.0 -> 6.3.1 python3-asyncinotify: upgrade 4.0.4 -> 4.0.5 python3-bitarray: upgrade 2.9.0 -> 2.9.1 python3-cassandra-driver: upgrade 3.28.0 -> 3.29.0 python3-ipython: upgrade 8.18.1 -> 8.19.0 python3-pydantic: upgrade 2.5.2 -> 2.5.3 python3-regex: upgrade 2023.10.3 -> 2023.12.25 opencl-icd-loader: upgrade 2023.04.17 -> 2023.12.14 python3-distro: upgrade 1.8.0 -> 1.9.0 zchunk: upgrade 1.3.2 -> 1.4.0 python3-eventlet: upgrade 0.34.1 -> 0.34.2 William Lyu (1): networkmanager: Improved SUMMARY and added DESCRIPTION Xiangyu Chen (1): layer.conf: add libbpf to NON_MULTILIB_RECIPES Yi Zhao (2): open-vm-tools: upgrade 12.1.5 -> 12.3.5 samba: upgrade 4.18.8 -> 4.18.9 Zoltán Böszörményi (2): mutter: Make gnome-desktop and libcanberra dependencies optional zenity: Upgrade to 4.0.0 alperak (29): jasper: upgrade 2.0.33 -> 4.1.1 xcursorgen: upgrade 1.0.7 -> 1.0.8 xstdcmap: upgrade 1.0.4 -> 1.0.5 xlsclients: upgrade 1.1.4 -> 1.1.5 xlsatoms: upgrade 1.1.3 -> 1.1.4 xkbevd: upgrade 1.1.4 -> 1.1.5 xgamma: upgrade 1.0.6 -> 1.0.7 sessreg: upgrade 1.1.2 -> 1.1.3 xbitmaps: upgrade 1.1.2 -> 1.1.3 xcursor-themes: add recipe xorg-docs: add recipe xorg-sgml-doctools: update summary depends and inc file xf86-video-ati: upgrade 19.1.0 -> 22.0.0 xf86-input-void: upgrade 1.4.1 -> 1.4.2 libxaw: upgrade 1.0.14 -> 1.0.15 xf86-video-mga: upgrade 2.0.0 -> 2.0.1 snappy: upgrade 1.1.9 -> 1.1.10 xsetroot: upgrade 1.1.2 -> 1.1.3 libbytesize: Removed unnecessary setting of B libmxml: use autotools-brokensep instead of setting B libsombok3: use autotools-brokensep instead of setting B pgpool2: use autotools-brokensep instead of setting B qpdf: upgrade 11.6.3 -> 11.6.4 cpprest: upgrade 2.10.18 -> 2.10.19 avro-c: upgrade 1.11.2 -> 1.11.3 dool: upgrade 1.1.0 -> 1.3.1 driverctl: upgrade 0.111 -> 0.115 hstr: upgrade 2.5.0 -> 3.1.0 libharu: upgrade 2.3.0 -> 2.4.4 meta-security: 070a1e82cc..b2e1511338: Armin Kuster (6): libgssglue: update to 0.8 python3-privacyidea: Update to 3.9.1 lynis: Update SRC_URI to improve updater layers: Move READMEs to markdown format arpwatch: adjust CONFIGURE params to allow to build again. python3-pyinotify: fail2ban needs this module Dawid Dabrowski (1): libhoth recipe update Erik Schilling (2): dm-verity-img.bbclass: use bc-native dm-verity-img.bbclass: remove IMAGE_NAME_SUFFIX Mikko Rapeli (2): tpm2-tss: support native builds dm-verity-img.bbclass: add DM_VERITY_DEPLOY_DIR Change-Id: I94d7f1ee5ff2da4555c05fbf63a1293ec8f249c2 Signed-off-by: Patrick Williams --- .../0001-jsauthority-Bump-mozjs-to-115.patch | 26 + ...-local-privilege-escalation-CVE-2021-4034.patch | 84 - .../0002-CVE-2021-4115-GHSL-2021-077-fix.patch | 88 - .../polkit/0002-jsauthority-port-to-mozjs-91.patch | 38 - ...03-Added-support-for-duktape-as-JS-engine.patch | 3459 -------------------- ...-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch | 63 - .../0004-Make-netgroup-support-optional.patch | 253 -- ...05-Make-netgroup-support-optional-duktape.patch | 34 - .../polkit/polkit/polkit-1_pam.patch | 35 - .../recipes-extended/polkit/polkit_0.119.bb | 79 - .../meta-oe/recipes-extended/polkit/polkit_123.bb | 10 +- 11 files changed, 31 insertions(+), 4138 deletions(-) create mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-jsauthority-Bump-mozjs-to-115.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch delete mode 100644 meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb (limited to 'meta-openembedded/meta-oe/recipes-extended/polkit') diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-jsauthority-Bump-mozjs-to-115.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-jsauthority-Bump-mozjs-to-115.patch new file mode 100644 index 0000000000..163a03cfc3 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-jsauthority-Bump-mozjs-to-115.patch @@ -0,0 +1,26 @@ +From 2f0de2a831ab106fce210c1d65baef041256bc18 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Mon, 18 Sep 2023 01:53:04 +0800 +Subject: [PATCH] jsauthority: Bump mozjs to 115 + +No code change is needed! + +Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b340f50b7bb963863ede7c63f9a0b5c50c80c1e1] +Signed-off-by: Alexander Kanavin +--- + meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index 3b96562..92b68fd 100644 +--- a/meson.build ++++ b/meson.build +@@ -153,7 +153,7 @@ if js_engine == 'duktape' + func = 'pthread_condattr_setclock' + config_h.set('HAVE_' + func.to_upper(), cc.has_function(func, prefix : '#include ')) + elif js_engine == 'mozjs' +- js_dep = dependency('mozjs-102') ++ js_dep = dependency('mozjs-115') + + _system = host_machine.system().to_lower() + if _system.contains('freebsd') diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch deleted file mode 100644 index c725c001dd..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 85c2dd9275cdfb369f613089f22733c0f1ba2aec Mon Sep 17 00:00:00 2001 -From: Jan Rybar -Date: Tue, 25 Jan 2022 17:21:46 +0000 -Subject: [PATCH 1/3] pkexec: local privilege escalation (CVE-2021-4034) - -Signed-off-by: Mikko Rapeli - ---- - src/programs/pkcheck.c | 5 +++++ - src/programs/pkexec.c | 23 ++++++++++++++++++++--- - 2 files changed, 25 insertions(+), 3 deletions(-) - -CVE: CVE-2021-4034 -Upstream-Status: Backport [a2bf5c9c83b6ae46cbd5c779d3055bff81ded683] - -diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c -index f1bb4e1..768525c 100644 ---- a/src/programs/pkcheck.c -+++ b/src/programs/pkcheck.c -@@ -363,6 +363,11 @@ main (int argc, char *argv[]) - local_agent_handle = NULL; - ret = 126; - -+ if (argc < 1) -+ { -+ exit(126); -+ } -+ - /* Disable remote file access from GIO. */ - setenv ("GIO_USE_VFS", "local", 1); - -diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c -index 7698c5c..84e5ef6 100644 ---- a/src/programs/pkexec.c -+++ b/src/programs/pkexec.c -@@ -488,6 +488,15 @@ main (int argc, char *argv[]) - pid_t pid_of_caller; - gpointer local_agent_handle; - -+ -+ /* -+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. -+ */ -+ if (argc<1) -+ { -+ exit(127); -+ } -+ - ret = 127; - authority = NULL; - subject = NULL; -@@ -614,10 +623,10 @@ main (int argc, char *argv[]) - - path = g_strdup (pwstruct.pw_shell); - if (!path) -- { -+ { - g_printerr ("No shell configured or error retrieving pw_shell\n"); - goto out; -- } -+ } - /* If you change this, be sure to change the if (!command_line) - case below too */ - command_line = g_strdup (path); -@@ -636,7 +645,15 @@ main (int argc, char *argv[]) - goto out; - } - g_free (path); -- argv[n] = path = s; -+ path = s; -+ -+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. -+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination -+ */ -+ if (argv[n] != NULL) -+ { -+ argv[n] = path; -+ } - } - if (access (path, F_OK) != 0) - { --- -2.20.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch deleted file mode 100644 index fcad872dc3..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0002-CVE-2021-4115-GHSL-2021-077-fix.patch +++ /dev/null @@ -1,88 +0,0 @@ -From c86aea01a06ad4d6c428137e9cfe2f74b1ae7f01 Mon Sep 17 00:00:00 2001 -From: Jan Rybar -Date: Mon, 21 Feb 2022 08:29:05 +0000 -Subject: [PATCH 2/3] CVE-2021-4115 (GHSL-2021-077) fix - -Signed-off-by: Mikko Rapeli - ---- - src/polkit/polkitsystembusname.c | 38 ++++++++++++++++++++++++++++---- - 1 file changed, 34 insertions(+), 4 deletions(-) - -CVE: CVE-2021-4115 -Upstream-Status: Backport [41cb093f554da8772362654a128a84dd8a5542a7] - -diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c -index 8ed1363..2fbf5f1 100644 ---- a/src/polkit/polkitsystembusname.c -+++ b/src/polkit/polkitsystembusname.c -@@ -62,6 +62,10 @@ enum - PROP_NAME, - }; - -+ -+guint8 dbus_call_respond_fails; // has to be global because of callback -+ -+ - static void subject_iface_init (PolkitSubjectIface *subject_iface); - - G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, -@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, - if (!v) - { - data->caught_error = TRUE; -+ dbus_call_respond_fails += 1; - } - else - { -@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus - tmp_context = g_main_context_new (); - g_main_context_push_thread_default (tmp_context); - -+ dbus_call_respond_fails = 0; -+ - /* Do two async calls as it's basically as fast as one sync call. - */ - g_dbus_connection_call (connection, -@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus - on_retrieved_unix_uid_pid, - &data); - -- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) -- g_main_context_iteration (tmp_context, TRUE); -+ while (TRUE) -+ { -+ /* If one dbus call returns error, we must wait until the other call -+ * calls _call_finish(), otherwise fd leak is possible. -+ * Resolves: GHSL-2021-077 -+ */ - -- if (data.caught_error) -- goto out; -+ if ( (dbus_call_respond_fails > 1) ) -+ { -+ // we got two faults, we can leave -+ goto out; -+ } -+ -+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) -+ { -+ // we got one fault and the other call finally finished, we can leave -+ goto out; -+ } -+ -+ if ( !(data.retrieved_uid && data.retrieved_pid) ) -+ { -+ g_main_context_iteration (tmp_context, TRUE); -+ } -+ else -+ { -+ break; -+ } -+ } - - if (out_uid) - *out_uid = data.uid; --- -2.20.1 - diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch deleted file mode 100644 index 5b3660da2f..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0002-jsauthority-port-to-mozjs-91.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 4ce27b66bb07b72cb96d3d43a75108a5a6e7e156 Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao -Date: Tue, 10 Aug 2021 19:09:42 +0800 -Subject: [PATCH] jsauthority: port to mozjs-91 - -Upstream-Status: Submitted [https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/92] -Signed-off-by: Alexander Kanavin ---- - configure.ac | 2 +- - meson.build | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d807086..5a7fc11 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) - AC_SUBST(GLIB_CFLAGS) - AC_SUBST(GLIB_LIBS) - --PKG_CHECK_MODULES(LIBJS, [mozjs-78]) -+PKG_CHECK_MODULES(LIBJS, [mozjs-91]) - - AC_SUBST(LIBJS_CFLAGS) - AC_SUBST(LIBJS_CXXFLAGS) -diff --git a/meson.build b/meson.build -index b3702be..733bbff 100644 ---- a/meson.build -+++ b/meson.build -@@ -126,7 +126,7 @@ expat_dep = dependency('expat') - assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.') - assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.') - --mozjs_dep = dependency('mozjs-78') -+mozjs_dep = dependency('mozjs-91') - - dbus_dep = dependency('dbus-1') - dbus_confdir = dbus_dep.get_pkgconfig_variable('datadir', define_variable: ['datadir', pk_prefix / pk_datadir]) #changed from sysconfdir with respect to commit#8eada3836465838 diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch deleted file mode 100644 index b8562f8ce2..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-Added-support-for-duktape-as-JS-engine.patch +++ /dev/null @@ -1,3459 +0,0 @@ -From 4af72493cb380ab5ce0dd7c5bcd25a8b5457d770 Mon Sep 17 00:00:00 2001 -From: Gustavo Lima Chaves -Date: Tue, 25 Jan 2022 09:43:21 +0000 -Subject: [PATCH] Added support for duktape as JS engine - -Original author: Wu Xiaotian (@yetist) -Resurrection author, runaway-killer author: Gustavo Lima Chaves (@limachaves) - -Signed-off-by: Mikko Rapeli - -Upstream-Status: Backport [c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2] -Dropped change to .gitlab-ci.yml and adapted configure.ac due to other -patches in meta-oe. - ---- - buildutil/ax_pthread.m4 | 522 ++++++++ - configure.ac | 34 +- - docs/man/polkit.xml | 4 +- - meson.build | 16 +- - meson_options.txt | 1 + - src/polkitbackend/Makefile.am | 17 +- - src/polkitbackend/meson.build | 14 +- - src/polkitbackend/polkitbackendcommon.c | 530 +++++++++ - src/polkitbackend/polkitbackendcommon.h | 158 +++ - .../polkitbackendduktapeauthority.c | 1051 +++++++++++++++++ - .../polkitbackendjsauthority.cpp | 721 +---------- - .../etc/polkit-1/rules.d/10-testing.rules | 6 +- - .../test-polkitbackendjsauthority.c | 2 +- - 13 files changed, 2398 insertions(+), 678 deletions(-) - create mode 100644 buildutil/ax_pthread.m4 - create mode 100644 src/polkitbackend/polkitbackendcommon.c - create mode 100644 src/polkitbackend/polkitbackendcommon.h - create mode 100644 src/polkitbackend/polkitbackendduktapeauthority.c - -diff --git a/buildutil/ax_pthread.m4 b/buildutil/ax_pthread.m4 -new file mode 100644 -index 0000000..9f35d13 ---- /dev/null -+++ b/buildutil/ax_pthread.m4 -@@ -0,0 +1,522 @@ -+# =========================================================================== -+# https://www.gnu.org/software/autoconf-archive/ax_pthread.html -+# =========================================================================== -+# -+# SYNOPSIS -+# -+# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) -+# -+# DESCRIPTION -+# -+# This macro figures out how to build C programs using POSIX threads. It -+# sets the PTHREAD_LIBS output variable to the threads library and linker -+# flags, and the PTHREAD_CFLAGS output variable to any special C compiler -+# flags that are needed. (The user can also force certain compiler -+# flags/libs to be tested by setting these environment variables.) -+# -+# Also sets PTHREAD_CC and PTHREAD_CXX to any special C compiler that is -+# needed for multi-threaded programs (defaults to the value of CC -+# respectively CXX otherwise). (This is necessary on e.g. AIX to use the -+# special cc_r/CC_r compiler alias.) -+# -+# NOTE: You are assumed to not only compile your program with these flags, -+# but also to link with them as well. For example, you might link with -+# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS -+# $PTHREAD_CXX $CXXFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS -+# -+# If you are only building threaded programs, you may wish to use these -+# variables in your default LIBS, CFLAGS, and CC: -+# -+# LIBS="$PTHREAD_LIBS $LIBS" -+# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -+# CXXFLAGS="$CXXFLAGS $PTHREAD_CFLAGS" -+# CC="$PTHREAD_CC" -+# CXX="$PTHREAD_CXX" -+# -+# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant -+# has a nonstandard name, this macro defines PTHREAD_CREATE_JOINABLE to -+# that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX). -+# -+# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the -+# PTHREAD_PRIO_INHERIT symbol is defined when compiling with -+# PTHREAD_CFLAGS. -+# -+# ACTION-IF-FOUND is a list of shell commands to run if a threads library -+# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it -+# is not found. If ACTION-IF-FOUND is not specified, the default action -+# will define HAVE_PTHREAD. -+# -+# Please let the authors know if this macro fails on any platform, or if -+# you have any other suggestions or comments. This macro was based on work -+# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help -+# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by -+# Alejandro Forero Cuervo to the autoconf macro repository. We are also -+# grateful for the helpful feedback of numerous users. -+# -+# Updated for Autoconf 2.68 by Daniel Richard G. -+# -+# LICENSE -+# -+# Copyright (c) 2008 Steven G. Johnson -+# Copyright (c) 2011 Daniel Richard G. -+# Copyright (c) 2019 Marc Stevens -+# -+# This program is free software: you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation, either version 3 of the License, or (at your -+# option) any later version. -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -+# Public License for more details. -+# -+# You should have received a copy of the GNU General Public License along -+# with this program. If not, see . -+# -+# As a special exception, the respective Autoconf Macro's copyright owner -+# gives unlimited permission to copy, distribute and modify the configure -+# scripts that are the output of Autoconf when processing the Macro. You -+# need not follow the terms of the GNU General Public License when using -+# or distributing such scripts, even though portions of the text of the -+# Macro appear in them. The GNU General Public License (GPL) does govern -+# all other use of the material that constitutes the Autoconf Macro. -+# -+# This special exception to the GPL applies to versions of the Autoconf -+# Macro released by the Autoconf Archive. When you make and distribute a -+# modified version of the Autoconf Macro, you may extend this special -+# exception to the GPL to apply to your modified version as well. -+ -+#serial 31 -+ -+AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) -+AC_DEFUN([AX_PTHREAD], [ -+AC_REQUIRE([AC_CANONICAL_HOST]) -+AC_REQUIRE([AC_PROG_CC]) -+AC_REQUIRE([AC_PROG_SED]) -+AC_LANG_PUSH([C]) -+ax_pthread_ok=no -+ -+# We used to check for pthread.h first, but this fails if pthread.h -+# requires special compiler flags (e.g. on Tru64 or Sequent). -+# It gets checked for in the link test anyway. -+ -+# First of all, check if the user has set any of the PTHREAD_LIBS, -+# etcetera environment variables, and if threads linking works using -+# them: -+if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then -+ ax_pthread_save_CC="$CC" -+ ax_pthread_save_CFLAGS="$CFLAGS" -+ ax_pthread_save_LIBS="$LIBS" -+ AS_IF([test "x$PTHREAD_CC" != "x"], [CC="$PTHREAD_CC"]) -+ AS_IF([test "x$PTHREAD_CXX" != "x"], [CXX="$PTHREAD_CXX"]) -+ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -+ LIBS="$PTHREAD_LIBS $LIBS" -+ AC_MSG_CHECKING([for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS]) -+ AC_LINK_IFELSE([AC_LANG_CALL([], [pthread_join])], [ax_pthread_ok=yes]) -+ AC_MSG_RESULT([$ax_pthread_ok]) -+ if test "x$ax_pthread_ok" = "xno"; then -+ PTHREAD_LIBS="" -+ PTHREAD_CFLAGS="" -+ fi -+ CC="$ax_pthread_save_CC" -+ CFLAGS="$ax_pthread_save_CFLAGS" -+ LIBS="$ax_pthread_save_LIBS" -+fi -+ -+# We must check for the threads library under a number of different -+# names; the ordering is very important because some systems -+# (e.g. DEC) have both -lpthread and -lpthreads, where one of the -+# libraries is broken (non-POSIX). -+ -+# Create a list of thread flags to try. Items with a "," contain both -+# C compiler flags (before ",") and linker flags (after ","). Other items -+# starting with a "-" are C compiler flags, and remaining items are -+# library names, except for "none" which indicates that we try without -+# any flags at all, and "pthread-config" which is a program returning -+# the flags for the Pth emulation library. -+ -+ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" -+ -+# The ordering *is* (sometimes) important. Some notes on the -+# individual items follow: -+ -+# pthreads: AIX (must check this before -lpthread) -+# none: in case threads are in libc; should be tried before -Kthread and -+# other compiler flags to prevent continual compiler warnings -+# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) -+# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64 -+# (Note: HP C rejects this with "bad form for `-t' option") -+# -pthreads: Solaris/gcc (Note: HP C also rejects) -+# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it -+# doesn't hurt to check since this sometimes defines pthreads and -+# -D_REENTRANT too), HP C (must be checked before -lpthread, which -+# is present but should not be used directly; and before -mthreads, -+# because the compiler interprets this as "-mt" + "-hreads") -+# -mthreads: Mingw32/gcc, Lynx/gcc -+# pthread: Linux, etcetera -+# --thread-safe: KAI C++ -+# pthread-config: use pthread-config program (for GNU Pth library) -+ -+case $host_os in -+ -+ freebsd*) -+ -+ # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) -+ # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) -+ -+ ax_pthread_flags="-kthread lthread $ax_pthread_flags" -+ ;; -+ -+ hpux*) -+ -+ # From the cc(1) man page: "[-mt] Sets various -D flags to enable -+ # multi-threading and also sets -lpthread." -+ -+ ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags" -+ ;; -+ -+ openedition*) -+ -+ # IBM z/OS requires a feature-test macro to be defined in order to -+ # enable POSIX threads at all, so give the user a hint if this is -+ # not set. (We don't define these ourselves, as they can affect -+ # other portions of the system API in unpredictable ways.) -+ -+ AC_EGREP_CPP([AX_PTHREAD_ZOS_MISSING], -+ [ -+# if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS) -+ AX_PTHREAD_ZOS_MISSING -+# endif -+ ], -+ [AC_MSG_WARN([IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support.])]) -+ ;; -+ -+ solaris*) -+ -+ # On Solaris (at least, for some versions), libc contains stubbed -+ # (non-functional) versions of the pthreads routines, so link-based -+ # tests will erroneously succeed. (N.B.: The stubs are missing -+ # pthread_cleanup_push, or rather a function called by this macro, -+ # so we could check for that, but who knows whether they'll stub -+ # that too in a future libc.) So we'll check first for the -+ # standard Solaris way of linking pthreads (-mt -lpthread). -+ -+ ax_pthread_flags="-mt,-lpthread pthread $ax_pthread_flags" -+ ;; -+esac -+ -+# Are we compiling with Clang? -+ -+AC_CACHE_CHECK([whether $CC is Clang], -+ [ax_cv_PTHREAD_CLANG], -+ [ax_cv_PTHREAD_CLANG=no -+ # Note that Autoconf sets GCC=yes for Clang as well as GCC -+ if test "x$GCC" = "xyes"; then -+ AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG], -+ [/* Note: Clang 2.7 lacks __clang_[a-z]+__ */ -+# if defined(__clang__) && defined(__llvm__) -+ AX_PTHREAD_CC_IS_CLANG -+# endif -+ ], -+ [ax_cv_PTHREAD_CLANG=yes]) -+ fi -+ ]) -+ax_pthread_clang="$ax_cv_PTHREAD_CLANG" -+ -+ -+# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC) -+ -+# Note that for GCC and Clang -pthread generally implies -lpthread, -+# except when -nostdlib is passed. -+# This is problematic using libtool to build C++ shared libraries with pthread: -+# [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=25460 -+# [2] https://bugzilla.redhat.com/show_bug.cgi?id=661333 -+# [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468555 -+# To solve this, first try -pthread together with -lpthread for GCC -+ -+AS_IF([test "x$GCC" = "xyes"], -+ [ax_pthread_flags="-pthread,-lpthread -pthread -pthreads $ax_pthread_flags"]) -+ -+# Clang takes -pthread (never supported any other flag), but we'll try with -lpthread first -+ -+AS_IF([test "x$ax_pthread_clang" = "xyes"], -+ [ax_pthread_flags="-pthread,-lpthread -pthread"]) -+ -+ -+# The presence of a feature test macro requesting re-entrant function -+# definitions is, on some systems, a strong hint that pthreads support is -+# correctly enabled -+ -+case $host_os in -+ darwin* | hpux* | linux* | osf* | solaris*) -+ ax_pthread_check_macro="_REENTRANT" -+ ;; -+ -+ aix*) -+ ax_pthread_check_macro="_THREAD_SAFE" -+ ;; -+ -+ *) -+ ax_pthread_check_macro="--" -+ ;; -+esac -+AS_IF([test "x$ax_pthread_check_macro" = "x--"], -+ [ax_pthread_check_cond=0], -+ [ax_pthread_check_cond="!defined($ax_pthread_check_macro)"]) -+ -+ -+if test "x$ax_pthread_ok" = "xno"; then -+for ax_pthread_try_flag in $ax_pthread_flags; do -+ -+ case $ax_pthread_try_flag in -+ none) -+ AC_MSG_CHECKING([whether pthreads work without any flags]) -+ ;; -+ -+ *,*) -+ PTHREAD_CFLAGS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\1/"` -+ PTHREAD_LIBS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\2/"` -+ AC_MSG_CHECKING([whether pthreads work with "$PTHREAD_CFLAGS" and "$PTHREAD_LIBS"]) -+ ;; -+ -+ -*) -+ AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag]) -+ PTHREAD_CFLAGS="$ax_pthread_try_flag" -+ ;; -+ -+ pthread-config) -+ AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) -+ AS_IF([test "x$ax_pthread_config" = "xno"], [continue]) -+ PTHREAD_CFLAGS="`pthread-config --cflags`" -+ PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" -+ ;; -+ -+ *) -+ AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag]) -+ PTHREAD_LIBS="-l$ax_pthread_try_flag" -+ ;; -+ esac -+ -+ ax_pthread_save_CFLAGS="$CFLAGS" -+ ax_pthread_save_LIBS="$LIBS" -+ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -+ LIBS="$PTHREAD_LIBS $LIBS" -+ -+ # Check for various functions. We must include pthread.h, -+ # since some functions may be macros. (On the Sequent, we -+ # need a special flag -Kthread to make this header compile.) -+ # We check for pthread_join because it is in -lpthread on IRIX -+ # while pthread_create is in libc. We check for pthread_attr_init -+ # due to DEC craziness with -lpthreads. We check for -+ # pthread_cleanup_push because it is one of the few pthread -+ # functions on Solaris that doesn't have a non-functional libc stub. -+ # We try pthread_create on general principles. -+ -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include -+# if $ax_pthread_check_cond -+# error "$ax_pthread_check_macro must be defined" -+# endif -+ static void *some_global = NULL; -+ static void routine(void *a) -+ { -+ /* To avoid any unused-parameter or -+ unused-but-set-parameter warning. */ -+ some_global = a; -+ } -+ static void *start_routine(void *a) { return a; }], -+ [pthread_t th; pthread_attr_t attr; -+ pthread_create(&th, 0, start_routine, 0); -+ pthread_join(th, 0); -+ pthread_attr_init(&attr); -+ pthread_cleanup_push(routine, 0); -+ pthread_cleanup_pop(0) /* ; */])], -+ [ax_pthread_ok=yes], -+ []) -+ -+ CFLAGS="$ax_pthread_save_CFLAGS" -+ LIBS="$ax_pthread_save_LIBS" -+ -+ AC_MSG_RESULT([$ax_pthread_ok]) -+ AS_IF([test "x$ax_pthread_ok" = "xyes"], [break]) -+ -+ PTHREAD_LIBS="" -+ PTHREAD_CFLAGS="" -+done -+fi -+ -+ -+# Clang needs special handling, because older versions handle the -pthread -+# option in a rather... idiosyncratic way -+ -+if test "x$ax_pthread_clang" = "xyes"; then -+ -+ # Clang takes -pthread; it has never supported any other flag -+ -+ # (Note 1: This will need to be revisited if a system that Clang -+ # supports has POSIX threads in a separate library. This tends not -+ # to be the way of modern systems, but it's conceivable.) -+ -+ # (Note 2: On some systems, notably Darwin, -pthread is not needed -+ # to get POSIX threads support; the API is always present and -+ # active. We could reasonably leave PTHREAD_CFLAGS empty. But -+ # -pthread does define _REENTRANT, and while the Darwin headers -+ # ignore this macro, third-party headers might not.) -+ -+ # However, older versions of Clang make a point of warning the user -+ # that, in an invocation where only linking and no compilation is -+ # taking place, the -pthread option has no effect ("argument unused -+ # during compilation"). They expect -pthread to be passed in only -+ # when source code is being compiled. -+ # -+ # Problem is, this is at odds with the way Automake and most other -+ # C build frameworks function, which is that the same flags used in -+ # compilation (CFLAGS) are also used in linking. Many systems -+ # supported by AX_PTHREAD require exactly this for POSIX threads -+ # support, and in fact it is often not straightforward to specify a -+ # flag that is used only in the compilation phase and not in -+ # linking. Such a scenario is extremely rare in practice. -+ # -+ # Even though use of the -pthread flag in linking would only print -+ # a warning, this can be a nuisance for well-run software projects -+ # that build with -Werror. So if the active version of Clang has -+ # this misfeature, we search for an option to squash it. -+ -+ AC_CACHE_CHECK([whether Clang needs flag to prevent "argument unused" warning when linking with -pthread], -+ [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG], -+ [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown -+ # Create an alternate version of $ac_link that compiles and -+ # links in two steps (.c -> .o, .o -> exe) instead of one -+ # (.c -> exe), because the warning occurs only in the second -+ # step -+ ax_pthread_save_ac_link="$ac_link" -+ ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g' -+ ax_pthread_link_step=`AS_ECHO(["$ac_link"]) | sed "$ax_pthread_sed"` -+ ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)" -+ ax_pthread_save_CFLAGS="$CFLAGS" -+ for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do -+ AS_IF([test "x$ax_pthread_try" = "xunknown"], [break]) -+ CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS" -+ ac_link="$ax_pthread_save_ac_link" -+ AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], -+ [ac_link="$ax_pthread_2step_ac_link" -+ AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], -+ [break]) -+ ]) -+ done -+ ac_link="$ax_pthread_save_ac_link" -+ CFLAGS="$ax_pthread_save_CFLAGS" -+ AS_IF([test "x$ax_pthread_try" = "x"], [ax_pthread_try=no]) -+ ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" -+ ]) -+ -+ case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in -+ no | unknown) ;; -+ *) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;; -+ esac -+ -+fi # $ax_pthread_clang = yes -+ -+ -+ -+# Various other checks: -+if test "x$ax_pthread_ok" = "xyes"; then -+ ax_pthread_save_CFLAGS="$CFLAGS" -+ ax_pthread_save_LIBS="$LIBS" -+ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -+ LIBS="$PTHREAD_LIBS $LIBS" -+ -+ # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. -+ AC_CACHE_CHECK([for joinable pthread attribute], -+ [ax_cv_PTHREAD_JOINABLE_ATTR], -+ [ax_cv_PTHREAD_JOINABLE_ATTR=unknown -+ for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], -+ [int attr = $ax_pthread_attr; return attr /* ; */])], -+ [ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break], -+ []) -+ done -+ ]) -+ AS_IF([test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \ -+ test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \ -+ test "x$ax_pthread_joinable_attr_defined" != "xyes"], -+ [AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], -+ [$ax_cv_PTHREAD_JOINABLE_ATTR], -+ [Define to necessary symbol if this constant -+ uses a non-standard name on your system.]) -+ ax_pthread_joinable_attr_defined=yes -+ ]) -+ -+ AC_CACHE_CHECK([whether more special flags are required for pthreads], -+ [ax_cv_PTHREAD_SPECIAL_FLAGS], -+ [ax_cv_PTHREAD_SPECIAL_FLAGS=no -+ case $host_os in -+ solaris*) -+ ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS" -+ ;; -+ esac -+ ]) -+ AS_IF([test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \ -+ test "x$ax_pthread_special_flags_added" != "xyes"], -+ [PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS" -+ ax_pthread_special_flags_added=yes]) -+ -+ AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], -+ [ax_cv_PTHREAD_PRIO_INHERIT], -+ [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], -+ [[int i = PTHREAD_PRIO_INHERIT; -+ return i;]])], -+ [ax_cv_PTHREAD_PRIO_INHERIT=yes], -+ [ax_cv_PTHREAD_PRIO_INHERIT=no]) -+ ]) -+ AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \ -+ test "x$ax_pthread_prio_inherit_defined" != "xyes"], -+ [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.]) -+ ax_pthread_prio_inherit_defined=yes -+ ]) -+ -+ CFLAGS="$ax_pthread_save_CFLAGS" -+ LIBS="$ax_pthread_save_LIBS" -+ -+ # More AIX lossage: compile with *_r variant -+ if test "x$GCC" != "xyes"; then -+ case $host_os in -+ aix*) -+ AS_CASE(["x/$CC"], -+ [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], -+ [#handle absolute path differently from PATH based program lookup -+ AS_CASE(["x$CC"], -+ [x/*], -+ [ -+ AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"]) -+ AS_IF([test "x${CXX}" != "x"], [AS_IF([AS_EXECUTABLE_P([${CXX}_r])],[PTHREAD_CXX="${CXX}_r"])]) -+ ], -+ [ -+ AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC]) -+ AS_IF([test "x${CXX}" != "x"], [AC_CHECK_PROGS([PTHREAD_CXX],[${CXX}_r],[$CXX])]) -+ ] -+ ) -+ ]) -+ ;; -+ esac -+ fi -+fi -+ -+test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" -+test -n "$PTHREAD_CXX" || PTHREAD_CXX="$CXX" -+ -+AC_SUBST([PTHREAD_LIBS]) -+AC_SUBST([PTHREAD_CFLAGS]) -+AC_SUBST([PTHREAD_CC]) -+AC_SUBST([PTHREAD_CXX]) -+ -+# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: -+if test "x$ax_pthread_ok" = "xyes"; then -+ ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1]) -+ : -+else -+ ax_pthread_ok=no -+ $2 -+fi -+AC_LANG_POP -+])dnl AX_PTHREAD -diff --git a/configure.ac b/configure.ac -index b625743..bbf4768 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -80,11 +80,22 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) - AC_SUBST(GLIB_CFLAGS) - AC_SUBST(GLIB_LIBS) - --PKG_CHECK_MODULES(LIBJS, [mozjs-78]) -- --AC_SUBST(LIBJS_CFLAGS) --AC_SUBST(LIBJS_CXXFLAGS) --AC_SUBST(LIBJS_LIBS) -+dnl --------------------------------------------------------------------------- -+dnl - Check javascript backend -+dnl --------------------------------------------------------------------------- -+AC_ARG_WITH(duktape, AS_HELP_STRING([--with-duktape],[Use Duktape as javascript backend]),with_duktape=yes,with_duktape=no) -+AS_IF([test x${with_duktape} == xyes], [ -+ PKG_CHECK_MODULES(LIBJS, [duktape >= 2.2.0 ]) -+ AC_SUBST(LIBJS_CFLAGS) -+ AC_SUBST(LIBJS_LIBS) -+], [ -+ PKG_CHECK_MODULES(LIBJS, [mozjs-78]) -+ -+ AC_SUBST(LIBJS_CFLAGS) -+ AC_SUBST(LIBJS_CXXFLAGS) -+ AC_SUBST(LIBJS_LIBS) -+]) -+AM_CONDITIONAL(USE_DUKTAPE, [test x$with_duktape == xyes], [Using duktape as javascript engine library]) - - EXPAT_LIB="" - AC_ARG_WITH(expat, [ --with-expat= Use expat from here], -@@ -100,6 +111,12 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) - -+AX_PTHREAD([], [AC_MSG_ERROR([Cannot find the way to enable pthread support.])]) -+LIBS="$PTHREAD_LIBS $LIBS" -+CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -+CC="$PTHREAD_CC" -+AC_CHECK_FUNCS([pthread_condattr_setclock]) -+ - AC_CHECK_FUNCS(clearenv fdatasync) - - if test "x$GCC" = "xyes"; then -@@ -581,6 +598,13 @@ echo " - PAM support: ${have_pam} - systemdsystemunitdir: ${systemdsystemunitdir} - polkitd user: ${POLKITD_USER}" -+if test "x${with_duktape}" = xyes; then -+echo " -+ Javascript engine: Duktape" -+else -+echo " -+ Javascript engine: Mozjs" -+fi - - if test "$have_pam" = yes ; then - echo " -diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml -index 99aa474..90715a5 100644 ---- a/docs/man/polkit.xml -+++ b/docs/man/polkit.xml -@@ -639,7 +639,9 @@ polkit.Result = { - If user-provided code takes a long time to execute, an exception - will be thrown which normally results in the function being - terminated (the current limit is 15 seconds). This is used to -- catch runaway scripts. -+ catch runaway scripts. If the duktape JavaScript backend is -+ compiled in, instead of mozjs, no exception will be thrown—the -+ script will be killed right away (same timeout). - - - -diff --git a/meson.build b/meson.build -index b3702be..7506231 100644 ---- a/meson.build -+++ b/meson.build -@@ -126,7 +126,18 @@ expat_dep = dependency('expat') - assert(cc.has_header('expat.h', dependencies: expat_dep), 'Can\'t find expat.h. Please install expat.') - assert(cc.has_function('XML_ParserCreate', dependencies: expat_dep), 'Can\'t find expat library. Please install expat.') - --mozjs_dep = dependency('mozjs-78') -+duktape_req_version = '>= 2.2.0' -+ -+js_engine = get_option('js_engine') -+if js_engine == 'duktape' -+ js_dep = dependency('duktape', version: duktape_req_version) -+ libm_dep = cc.find_library('m') -+ thread_dep = dependency('threads') -+ func = 'pthread_condattr_setclock' -+ config_h.set('HAVE_' + func.to_upper(), cc.has_function(func, prefix : '#include ')) -+elif js_engine == 'mozjs' -+ js_dep = dependency('mozjs-78') -+endif - - dbus_dep = dependency('dbus-1') - dbus_confdir = dbus_dep.get_pkgconfig_variable('datadir', define_variable: ['datadir', pk_prefix / pk_datadir]) #changed from sysconfdir with respect to commit#8eada3836465838 -@@ -350,6 +361,9 @@ if enable_logind - output += ' systemdsystemunitdir: ' + systemd_systemdsystemunitdir + '\n' - endif - output += ' polkitd user: ' + polkitd_user + ' \n' -+output += ' Javascript engine: ' + js_engine + '\n' -+if enable_logind -+endif - output += ' PAM support: ' + enable_pam.to_string() + '\n\n' - if enable_pam - output += ' PAM file auth: ' + pam_conf['PAM_FILE_INCLUDE_AUTH'] + '\n' -diff --git a/meson_options.txt b/meson_options.txt -index 25e3e77..76aa311 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -16,3 +16,4 @@ option('introspection', type: 'boolean', value: true, description: 'Enable intro - - option('gtk_doc', type: 'boolean', value: false, description: 'use gtk-doc to build documentation') - option('man', type: 'boolean', value: false, description: 'build manual pages') -+option('js_engine', type: 'combo', choices: ['mozjs', 'duktape'], value: 'duktape', description: 'javascript engine') -diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am -index 7e3c080..935fb98 100644 ---- a/src/polkitbackend/Makefile.am -+++ b/src/polkitbackend/Makefile.am -@@ -17,6 +17,8 @@ AM_CPPFLAGS = \ - -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS \ - -D_REENTRANT \ -+ -D_XOPEN_SOURCE=700 \ -+ -D_GNU_SOURCE=1 \ - $(NULL) - - noinst_LTLIBRARIES=libpolkit-backend-1.la -@@ -31,9 +33,10 @@ libpolkit_backend_1_la_SOURCES = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendprivate.h \ -+ polkitbackendcommon.h polkitbackendcommon.c \ - polkitbackendauthority.h polkitbackendauthority.c \ - polkitbackendinteractiveauthority.h polkitbackendinteractiveauthority.c \ -- polkitbackendjsauthority.h polkitbackendjsauthority.cpp \ -+ polkitbackendjsauthority.h \ - polkitbackendactionpool.h polkitbackendactionpool.c \ - polkitbackendactionlookup.h polkitbackendactionlookup.c \ - $(NULL) -@@ -51,19 +54,27 @@ libpolkit_backend_1_la_CFLAGS = \ - -D_POLKIT_BACKEND_COMPILATION \ - $(GLIB_CFLAGS) \ - $(LIBSYSTEMD_CFLAGS) \ -- $(LIBJS_CFLAGS) \ -+ $(LIBJS_CFLAGS) \ - $(NULL) - - libpolkit_backend_1_la_CXXFLAGS = $(libpolkit_backend_1_la_CFLAGS) - - libpolkit_backend_1_la_LIBADD = \ - $(GLIB_LIBS) \ -+ $(DUKTAPE_LIBS) \ - $(LIBSYSTEMD_LIBS) \ - $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(EXPAT_LIBS) \ -- $(LIBJS_LIBS) \ -+ $(LIBJS_LIBS) \ - $(NULL) - -+if USE_DUKTAPE -+libpolkit_backend_1_la_SOURCES += polkitbackendduktapeauthority.c -+libpolkit_backend_1_la_LIBADD += -lm -+else -+libpolkit_backend_1_la_SOURCES += polkitbackendjsauthority.cpp -+endif -+ - rulesdir = $(sysconfdir)/polkit-1/rules.d - rules_DATA = 50-default.rules - -diff --git a/src/polkitbackend/meson.build b/src/polkitbackend/meson.build -index 93c3c34..99f8e33 100644 ---- a/src/polkitbackend/meson.build -+++ b/src/polkitbackend/meson.build -@@ -4,8 +4,8 @@ sources = files( - 'polkitbackendactionlookup.c', - 'polkitbackendactionpool.c', - 'polkitbackendauthority.c', -+ 'polkitbackendcommon.c', - 'polkitbackendinteractiveauthority.c', -- 'polkitbackendjsauthority.cpp', - ) - - output = 'initjs.h' -@@ -21,7 +21,7 @@ sources += custom_target( - deps = [ - expat_dep, - libpolkit_gobject_dep, -- mozjs_dep, -+ js_dep, - ] - - c_flags = [ -@@ -29,8 +29,18 @@ c_flags = [ - '-D_POLKIT_BACKEND_COMPILATION', - '-DPACKAGE_DATA_DIR="@0@"'.format(pk_prefix / pk_datadir), - '-DPACKAGE_SYSCONF_DIR="@0@"'.format(pk_prefix / pk_sysconfdir), -+ '-D_XOPEN_SOURCE=700', -+ '-D_GNU_SOURCE=1', - ] - -+if js_engine == 'duktape' -+ sources += files('polkitbackendduktapeauthority.c') -+ deps += libm_dep -+ deps += thread_dep -+elif js_engine == 'mozjs' -+ sources += files('polkitbackendjsauthority.cpp') -+endif -+ - if enable_logind - sources += files('polkitbackendsessionmonitor-systemd.c') - -diff --git a/src/polkitbackend/polkitbackendcommon.c b/src/polkitbackend/polkitbackendcommon.c -new file mode 100644 -index 0000000..6783dff ---- /dev/null -+++ b/src/polkitbackend/polkitbackendcommon.c -@@ -0,0 +1,530 @@ -+/* -+ * Copyright (C) 2008 Red Hat, Inc. -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General -+ * Public License along with this library; if not, write to the -+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330, -+ * Boston, MA 02111-1307, USA. -+ * -+ * Author: David Zeuthen -+ */ -+ -+#include "polkitbackendcommon.h" -+ -+static void -+utils_child_watch_from_release_cb (GPid pid, -+ gint status, -+ gpointer user_data) -+{ -+} -+ -+static void -+utils_spawn_data_free (UtilsSpawnData *data) -+{ -+ if (data->timeout_source != NULL) -+ { -+ g_source_destroy (data->timeout_source); -+ data->timeout_source = NULL; -+ } -+ -+ /* Nuke the child, if necessary */ -+ if (data->child_watch_source != NULL) -+ { -+ g_source_destroy (data->child_watch_source); -+ data->child_watch_source = NULL; -+ } -+ -+ if (data->child_pid != 0) -+ { -+ GSource *source; -+ kill (data->child_pid, SIGTERM); -+ /* OK, we need to reap for the child ourselves - we don't want -+ * to use waitpid() because that might block the calling -+ * thread (the child might handle SIGTERM and use several -+ * seconds for cleanup/rollback). -+ * -+ * So we use GChildWatch instead. -+ * -+ * Avoid taking a references to ourselves. but note that we need -+ * to pass the GSource so we can nuke it once handled. -+ */ -+ source = g_child_watch_source_new (data->child_pid); -+ g_source_set_callback (source, -+ (GSourceFunc) utils_child_watch_from_release_cb, -+ source, -+ (GDestroyNotify) g_source_destroy); -+ g_source_attach (source, data->main_context); -+ g_source_unref (source); -+ data->child_pid = 0; -+ } -+ -+ if (data->child_stdout != NULL) -+ { -+ g_string_free (data->child_stdout, TRUE); -+ data->child_stdout = NULL; -+ } -+ -+ if (data->child_stderr != NULL) -+ { -+ g_string_free (data->child_stderr, TRUE); -+ data->child_stderr = NULL; -+ } -+ -+ if (data->child_stdout_channel != NULL) -+ { -+ g_io_channel_unref (data->child_stdout_channel); -+ data->child_stdout_channel = NULL; -+ } -+ if (data->child_stderr_channel != NULL) -+ { -+ g_io_channel_unref (data->child_stderr_channel); -+ data->child_stderr_channel = NULL; -+ } -+ -+ if (data->child_stdout_source != NULL) -+ { -+ g_source_destroy (data->child_stdout_source); -+ data->child_stdout_source = NULL; -+ } -+ if (data->child_stderr_source != NULL) -+ { -+ g_source_destroy (data->child_stderr_source); -+ data->child_stderr_source = NULL; -+ } -+ -+ if (data->child_stdout_fd != -1) -+ { -+ g_warn_if_fail (close (data->child_stdout_fd) == 0); -+ data->child_stdout_fd = -1; -+ } -+ if (data->child_stderr_fd != -1) -+ { -+ g_warn_if_fail (close (data->child_stderr_fd) == 0); -+ data->child_stderr_fd = -1; -+ } -+ -+ if (data->cancellable_handler_id > 0) -+ { -+ g_cancellable_disconnect (data->cancellable, data->cancellable_handler_id); -+ data->cancellable_handler_id = 0; -+ } -+ -+ if (data->main_context != NULL) -+ g_main_context_unref (data->main_context); -+ -+ if (data->cancellable != NULL) -+ g_object_unref (data->cancellable); -+ -+ g_slice_free (UtilsSpawnData, data); -+} -+ -+/* called in the thread where @cancellable was cancelled */ -+static void -+utils_on_cancelled (GCancellable *cancellable, -+ gpointer user_data) -+{ -+ UtilsSpawnData *data = (UtilsSpawnData *)user_data; -+ GError *error; -+ -+ error = NULL; -+ g_warn_if_fail (g_cancellable_set_error_if_cancelled (cancellable, &error)); -+ g_simple_async_result_take_error (data->simple, error); -+ g_simple_async_result_complete_in_idle (data->simple); -+ g_object_unref (data->simple); -+} -+ -+static gboolean -+utils_timeout_cb (gpointer user_data) -+{ -+ UtilsSpawnData *data = (UtilsSpawnData *)user_data; -+ -+ data->timed_out = TRUE; -+ -+ /* ok, timeout is history, make sure we don't free it in spawn_data_free() */ -+ data->timeout_source = NULL; -+ -+ /* we're done */ -+ g_simple_async_result_complete_in_idle (data->simple); -+ g_object_unref (data->simple); -+ -+ return FALSE; /* remove source */ -+} -+ -+static void -+utils_child_watch_cb (GPid pid, -+ gint status, -+ gpointer user_data) -+{ -+ UtilsSpawnData *data = (UtilsSpawnData *)user_data; -+ gchar *buf; -+ gsize buf_size; -+ -+ if (g_io_channel_read_to_end (data->child_stdout_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL) -+ { -+ g_string_append_len (data->child_stdout, buf, buf_size); -+ g_free (buf); -+ } -+ if (g_io_channel_read_to_end (data->child_stderr_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL) -+ { -+ g_string_append_len (data->child_stderr, buf, buf_size); -+ g_free (buf); -+ } -+ -+ data->exit_status = status; -+ -+ /* ok, child watch is history, make sure we don't free it in spawn_data_free() */ -+ data->child_pid = 0; -+ data->child_watch_source = NULL; -+ -+ /* we're done */ -+ g_simple_async_result_complete_in_idle (data->simple); -+ g_object_unref (data->simple); -+} -+ -+static gboolean -+utils_read_child_stderr (GIOChannel *channel, -+ GIOCondition condition, -+ gpointer user_data) -+{ -+ UtilsSpawnData *data = (UtilsSpawnData *)user_data; -+ gchar buf[1024]; -+ gsize bytes_read; -+ -+ g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL); -+ g_string_append_len (data->child_stderr, buf, bytes_read); -+ return TRUE; -+} -+ -+static gboolean -+utils_read_child_stdout (GIOChannel *channel, -+ GIOCondition condition, -+ gpointer user_data) -+{ -+ UtilsSpawnData *data = (UtilsSpawnData *)user_data; -+ gchar buf[1024]; -+ gsize bytes_read; -+ -+ g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL); -+ g_string_append_len (data->child_stdout, buf, bytes_read); -+ return TRUE; -+} -+ -+void -+polkit_backend_common_spawn (const gchar *const *argv, -+ guint timeout_seconds, -+ GCancellable *cancellable, -+ GAsyncReadyCallback callback, -+ gpointer user_data) -+{ -+ UtilsSpawnData *data; -+ GError *error; -+ -+ data = g_slice_new0 (UtilsSpawnData); -+ data->timeout_seconds = timeout_seconds; -+ data->simple = g_simple_async_result_new (NULL, -+ callback, -+ user_data, -+ (gpointer*)polkit_backend_common_spawn); -+ data->main_context = g_main_context_get_thread_default (); -+ if (data->main_context != NULL) -+ g_main_context_ref (data->main_context); -+ -+ data->cancellable = cancellable != NULL ? (GCancellable*)g_object_ref (cancellable) : NULL; -+ -+ data->child_stdout = g_string_new (NULL); -+ data->child_stderr = g_string_new (NULL); -+ data->child_stdout_fd = -1; -+ data->child_stderr_fd = -1; -+ -+ /* the life-cycle of UtilsSpawnData is tied to its GSimpleAsyncResult */ -+ g_simple_async_result_set_op_res_gpointer (data->simple, data, (GDestroyNotify) utils_spawn_data_free); -+ -+ error = NULL; -+ if (data->cancellable != NULL) -+ { -+ /* could already be cancelled */ -+ error = NULL; -+ if (g_cancellable_set_error_if_cancelled (data->cancellable, &error)) -+ { -+ g_simple_async_result_take_error (data->simple, error); -+ g_simple_async_result_complete_in_idle (data->simple); -+ g_object_unref (data->simple); -+ goto out; -+ } -+ -+ data->cancellable_handler_id = g_cancellable_connect (data->cancellable, -+ G_CALLBACK (utils_on_cancelled), -+ data, -+ NULL); -+ } -+ -+ error = NULL; -+ if (!g_spawn_async_with_pipes (NULL, /* working directory */ -+ (gchar **) argv, -+ NULL, /* envp */ -+ G_SPAWN_SEARCH_PATH | G_SPAWN_DO_NOT_REAP_CHILD, -+ NULL, /* child_setup */ -+ NULL, /* child_setup's user_data */ -+ &(data->child_pid), -+ NULL, /* gint *stdin_fd */ -+ &(data->child_stdout_fd), -+ &(data->child_stderr_fd), -+ &error)) -+ { -+ g_prefix_error (&error, "Error spawning: "); -+ g_simple_async_result_take_error (data->simple, error); -+ g_simple_async_result_complete_in_idle (data->simple); -+ g_object_unref (data->simple); -+ goto out; -+ } -+ -+ if (timeout_seconds > 0) -+ { -+ data->timeout_source = g_timeout_source_new_seconds (timeout_seconds); -+ g_source_set_priority (data->timeout_source, G_PRIORITY_DEFAULT); -+ g_source_set_callback (data->timeout_source, utils_timeout_cb, data, NULL); -+ g_source_attach (data->timeout_source, data->main_context); -+ g_source_unref (data->timeout_source); -+ } -+ -+ data->child_watch_source = g_child_watch_source_new (data->child_pid); -+ g_source_set_callback (data->child_watch_source, (GSourceFunc) utils_child_watch_cb, data, NULL); -+ g_source_attach (data->child_watch_source, data->main_context); -+ g_source_unref (data->child_watch_source); -+ -+ data->child_stdout_channel = g_io_channel_unix_new (data->child_stdout_fd); -+ g_io_channel_set_flags (data->child_stdout_channel, G_IO_FLAG_NONBLOCK, NULL); -+ data->child_stdout_source = g_io_create_watch (data->child_stdout_channel, G_IO_IN); -+ g_source_set_callback (data->child_stdout_source, (GSourceFunc) utils_read_child_stdout, data, NULL); -+ g_source_attach (data->child_stdout_source, data->main_context); -+ g_source_unref (data->child_stdout_source); -+ -+ data->child_stderr_channel = g_io_channel_unix_new (data->child_stderr_fd); -+ g_io_channel_set_flags (data->child_stderr_channel, G_IO_FLAG_NONBLOCK, NULL); -+ data->child_stderr_source = g_io_create_watch (data->child_stderr_channel, G_IO_IN); -+ g_source_set_callback (data->child_stderr_source, (GSourceFunc) utils_read_child_stderr, data, NULL); -+ g_source_attach (data->child_stderr_source, data->main_context); -+ g_source_unref (data->child_stderr_source); -+ -+ out: -+ ; -+} -+ -+void -+polkit_backend_common_on_dir_monitor_changed (GFileMonitor *monitor, -+ GFile *file, -+ GFile *other_file, -+ GFileMonitorEvent event_type, -+ gpointer user_data) -+{ -+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data); -+ -+ /* TODO: maybe rate-limit so storms of events are collapsed into one with a 500ms resolution? -+ * Because when editing a file with emacs we get 4-8 events.. -+ */ -+ -+ if (file != NULL) -+ { -+ gchar *name; -+ -+ name = g_file_get_basename (file); -+ -+ /* g_print ("event_type=%d file=%p name=%s\n", event_type, file, name); */ -+ if (!g_str_has_prefix (name, ".") && -+ !g_str_has_prefix (name, "#") && -+ g_str_has_suffix (name, ".rules") && -+ (event_type == G_FILE_MONITOR_EVENT_CREATED || -+ event_type == G_FILE_MONITOR_EVENT_DELETED || -+ event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Reloading rules"); -+ polkit_backend_common_reload_scripts (authority); -+ } -+ g_free (name); -+ } -+} -+ -+gboolean -+polkit_backend_common_spawn_finish (GAsyncResult *res, -+ gint *out_exit_status, -+ gchar **out_standard_output, -+ gchar **out_standard_error, -+ GError **error) -+{ -+ GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res); -+ UtilsSpawnData *data; -+ gboolean ret = FALSE; -+ -+ g_return_val_if_fail (G_IS_ASYNC_RESULT (res), FALSE); -+ g_return_val_if_fail (error == NULL || *error == NULL, FALSE); -+ -+ g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_backend_common_spawn); -+ -+ if (g_simple_async_result_propagate_error (simple, error)) -+ goto out; -+ -+ data = (UtilsSpawnData*)g_simple_async_result_get_op_res_gpointer (simple); -+ -+ if (data->timed_out) -+ { -+ g_set_error (error, -+ G_IO_ERROR, -+ G_IO_ERROR_TIMED_OUT, -+ "Timed out after %d seconds", -+ data->timeout_seconds); -+ goto out; -+ } -+ -+ if (out_exit_status != NULL) -+ *out_exit_status = data->exit_status; -+ -+ if (out_standard_output != NULL) -+ *out_standard_output = g_strdup (data->child_stdout->str); -+ -+ if (out_standard_error != NULL) -+ *out_standard_error = g_strdup (data->child_stderr->str); -+ -+ ret = TRUE; -+ -+ out: -+ return ret; -+} -+ -+static const gchar * -+polkit_backend_js_authority_get_name (PolkitBackendAuthority *authority) -+{ -+ return "js"; -+} -+ -+static const gchar * -+polkit_backend_js_authority_get_version (PolkitBackendAuthority *authority) -+{ -+ return PACKAGE_VERSION; -+} -+ -+static PolkitAuthorityFeatures -+polkit_backend_js_authority_get_features (PolkitBackendAuthority *authority) -+{ -+ return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION; -+} -+ -+void -+polkit_backend_common_js_authority_class_init_common (PolkitBackendJsAuthorityClass *klass) -+{ -+ GObjectClass *gobject_class; -+ PolkitBackendAuthorityClass *authority_class; -+ PolkitBackendInteractiveAuthorityClass *interactive_authority_class; -+ -+ gobject_class = G_OBJECT_CLASS (klass); -+ gobject_class->finalize = polkit_backend_common_js_authority_finalize; -+ gobject_class->set_property = polkit_backend_common_js_authority_set_property; -+ gobject_class->constructed = polkit_backend_common_js_authority_constructed; -+ -+ authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); -+ authority_class->get_name = polkit_backend_js_authority_get_name; -+ authority_class->get_version = polkit_backend_js_authority_get_version; -+ authority_class->get_features = polkit_backend_js_authority_get_features; -+ -+ interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass); -+ interactive_authority_class->get_admin_identities = polkit_backend_common_js_authority_get_admin_auth_identities; -+ interactive_authority_class->check_authorization_sync = polkit_backend_common_js_authority_check_authorization_sync; -+ -+ g_object_class_install_property (gobject_class, -+ PROP_RULES_DIRS, -+ g_param_spec_boxed ("rules-dirs", -+ NULL, -+ NULL, -+ G_TYPE_STRV, -+ G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE)); -+} -+ -+gint -+polkit_backend_common_rules_file_name_cmp (const gchar *a, -+ const gchar *b) -+{ -+ gint ret; -+ const gchar *a_base; -+ const gchar *b_base; -+ -+ a_base = strrchr (a, '/'); -+ b_base = strrchr (b, '/'); -+ -+ g_assert (a_base != NULL); -+ g_assert (b_base != NULL); -+ a_base += 1; -+ b_base += 1; -+ -+ ret = g_strcmp0 (a_base, b_base); -+ if (ret == 0) -+ { -+ /* /etc wins over /usr */ -+ ret = g_strcmp0 (a, b); -+ g_assert (ret != 0); -+ } -+ -+ return ret; -+} -+ -+const gchar * -+polkit_backend_common_get_signal_name (gint signal_number) -+{ -+ switch (signal_number) -+ { -+#define _HANDLE_SIG(sig) case sig: return #sig; -+ _HANDLE_SIG (SIGHUP); -+ _HANDLE_SIG (SIGINT); -+ _HANDLE_SIG (SIGQUIT); -+ _HANDLE_SIG (SIGILL); -+ _HANDLE_SIG (SIGABRT); -+ _HANDLE_SIG (SIGFPE); -+ _HANDLE_SIG (SIGKILL); -+ _HANDLE_SIG (SIGSEGV); -+ _HANDLE_SIG (SIGPIPE); -+ _HANDLE_SIG (SIGALRM); -+ _HANDLE_SIG (SIGTERM); -+ _HANDLE_SIG (SIGUSR1); -+ _HANDLE_SIG (SIGUSR2); -+ _HANDLE_SIG (SIGCHLD); -+ _HANDLE_SIG (SIGCONT); -+ _HANDLE_SIG (SIGSTOP); -+ _HANDLE_SIG (SIGTSTP); -+ _HANDLE_SIG (SIGTTIN); -+ _HANDLE_SIG (SIGTTOU); -+ _HANDLE_SIG (SIGBUS); -+#ifdef SIGPOLL -+ _HANDLE_SIG (SIGPOLL); -+#endif -+ _HANDLE_SIG (SIGPROF); -+ _HANDLE_SIG (SIGSYS); -+ _HANDLE_SIG (SIGTRAP); -+ _HANDLE_SIG (SIGURG); -+ _HANDLE_SIG (SIGVTALRM); -+ _HANDLE_SIG (SIGXCPU); -+ _HANDLE_SIG (SIGXFSZ); -+#undef _HANDLE_SIG -+ default: -+ break; -+ } -+ return "UNKNOWN_SIGNAL"; -+} -+ -+void -+polkit_backend_common_spawn_cb (GObject *source_object, -+ GAsyncResult *res, -+ gpointer user_data) -+{ -+ SpawnData *data = (SpawnData *)user_data; -+ data->res = (GAsyncResult*)g_object_ref (res); -+ g_main_loop_quit (data->loop); -+} -diff --git a/src/polkitbackend/polkitbackendcommon.h b/src/polkitbackend/polkitbackendcommon.h -new file mode 100644 -index 0000000..dd700fc ---- /dev/null -+++ b/src/polkitbackend/polkitbackendcommon.h -@@ -0,0 +1,158 @@ -+/* -+ * Copyright (C) 2008 Red Hat, Inc. -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General -+ * Public License along with this library; if not, write to the -+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330, -+ * Boston, MA 02111-1307, USA. -+ * -+ * Author: David Zeuthen -+ */ -+ -+#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) -+#error "Only can be included directly, this file may disappear or change contents." -+#endif -+ -+#ifndef __POLKIT_BACKEND_COMMON_H -+#define __POLKIT_BACKEND_COMMON_H -+ -+#include "config.h" -+#include -+#include -+#include -+#include -+#ifdef HAVE_NETGROUP_H -+#include -+#else -+#include -+#endif -+#include -+#include -+#include -+#include //here, all things glib via glib.h (including -> gspawn.h) -+ -+#include -+#include "polkitbackendjsauthority.h" -+ -+#include -+ -+#ifdef HAVE_LIBSYSTEMD -+#include -+#endif /* HAVE_LIBSYSTEMD */ -+ -+#define RUNAWAY_KILLER_TIMEOUT (15) -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+enum -+{ -+ PROP_0, -+ PROP_RULES_DIRS, -+}; -+ -+typedef struct -+{ -+ GSimpleAsyncResult *simple; /* borrowed reference */ -+ GMainContext *main_context; /* may be NULL */ -+ -+ GCancellable *cancellable; /* may be NULL */ -+ gulong cancellable_handler_id; -+ -+ GPid child_pid; -+ gint child_stdout_fd; -+ gint child_stderr_fd; -+ -+ GIOChannel *child_stdout_channel; -+ GIOChannel *child_stderr_channel; -+ -+ GSource *child_watch_source; -+ GSource *child_stdout_source; -+ GSource *child_stderr_source; -+ -+ guint timeout_seconds; -+ gboolean timed_out; -+ GSource *timeout_source; -+ -+ GString *child_stdout; -+ GString *child_stderr; -+ -+ gint exit_status; -+} UtilsSpawnData; -+ -+typedef struct -+{ -+ GMainLoop *loop; -+ GAsyncResult *res; -+} SpawnData; -+ -+void polkit_backend_common_spawn (const gchar *const *argv, -+ guint timeout_seconds, -+ GCancellable *cancellable, -+ GAsyncReadyCallback callback, -+ gpointer user_data); -+void polkit_backend_common_spawn_cb (GObject *source_object, -+ GAsyncResult *res, -+ gpointer user_data); -+gboolean polkit_backend_common_spawn_finish (GAsyncResult *res, -+ gint *out_exit_status, -+ gchar **out_standard_output, -+ gchar **out_standard_error, -+ GError **error); -+ -+void polkit_backend_common_on_dir_monitor_changed (GFileMonitor *monitor, -+ GFile *file, -+ GFile *other_file, -+ GFileMonitorEvent event_type, -+ gpointer user_data); -+ -+void polkit_backend_common_js_authority_class_init_common (PolkitBackendJsAuthorityClass *klass); -+ -+gint polkit_backend_common_rules_file_name_cmp (const gchar *a, -+ const gchar *b); -+ -+const gchar *polkit_backend_common_get_signal_name (gint signal_number); -+ -+/* To be provided by each JS backend, from here onwards ---------------------------------------------- */ -+ -+void polkit_backend_common_reload_scripts (PolkitBackendJsAuthority *authority); -+void polkit_backend_common_js_authority_finalize (GObject *object); -+void polkit_backend_common_js_authority_constructed (GObject *object); -+GList *polkit_backend_common_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *_authority, -+ PolkitSubject *caller, -+ PolkitSubject *subject, -+ PolkitIdentity *user_for_subject, -+ gboolean subject_is_local, -+ gboolean subject_is_active, -+ const gchar *action_id, -+ PolkitDetails *details); -+void polkit_backend_common_js_authority_set_property (GObject *object, -+ guint property_id, -+ const GValue *value, -+ GParamSpec *pspec); -+PolkitImplicitAuthorization polkit_backend_common_js_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *_authority, -+ PolkitSubject *caller, -+ PolkitSubject *subject, -+ PolkitIdentity *user_for_subject, -+ gboolean subject_is_local, -+ gboolean subject_is_active, -+ const gchar *action_id, -+ PolkitDetails *details, -+ PolkitImplicitAuthorization implicit); -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __POLKIT_BACKEND_COMMON_H */ -+ -diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c -new file mode 100644 -index 0000000..c89dbcf ---- /dev/null -+++ b/src/polkitbackend/polkitbackendduktapeauthority.c -@@ -0,0 +1,1051 @@ -+/* -+ * Copyright (C) 2008-2012 Red Hat, Inc. -+ * Copyright (C) 2015 Tangent Space -+ * Copyright (C) 2019 Wu Xiaotian -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General -+ * Public License along with this library; if not, write to the -+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330, -+ * Boston, MA 02111-1307, USA. -+ * -+ * Author: David Zeuthen -+ */ -+ -+#include -+ -+#include "polkitbackendcommon.h" -+ -+#include "duktape.h" -+ -+/* Built source and not too big to worry about deduplication */ -+#include "initjs.h" /* init.js */ -+ -+/** -+ * SECTION:polkitbackendjsauthority -+ * @title: PolkitBackendJsAuthority -+ * @short_description: JS Authority -+ * @stability: Unstable -+ * -+ * An (Duktape-based) implementation of #PolkitBackendAuthority that reads and -+ * evaluates Javascript files and supports interaction with authentication -+ * agents (virtue of being based on #PolkitBackendInteractiveAuthority). -+ */ -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+struct _PolkitBackendJsAuthorityPrivate -+{ -+ gchar **rules_dirs; -+ GFileMonitor **dir_monitors; /* NULL-terminated array of GFileMonitor instances */ -+ -+ duk_context *cx; -+ -+ pthread_t runaway_killer_thread; -+}; -+ -+enum -+{ -+ RUNAWAY_KILLER_THREAD_EXIT_STATUS_UNSET, -+ RUNAWAY_KILLER_THREAD_EXIT_STATUS_SUCCESS, -+ RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE, -+}; -+ -+static gboolean execute_script_with_runaway_killer(PolkitBackendJsAuthority *authority, -+ const gchar *filename); -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY); -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+static duk_ret_t js_polkit_log (duk_context *cx); -+static duk_ret_t js_polkit_spawn (duk_context *cx); -+static duk_ret_t js_polkit_user_is_in_netgroup (duk_context *cx); -+ -+static const duk_function_list_entry js_polkit_functions[] = -+{ -+ { "log", js_polkit_log, 1 }, -+ { "spawn", js_polkit_spawn, 1 }, -+ { "_userIsInNetGroup", js_polkit_user_is_in_netgroup, 2 }, -+ { NULL, NULL, 0 }, -+}; -+ -+static void report_error (void *udata, -+ const char *msg) -+{ -+ PolkitBackendJsAuthority *authority = udata; -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "fatal Duktape JS backend error: %s", -+ (msg ? msg : "no message")); -+} -+ -+static void -+polkit_backend_js_authority_init (PolkitBackendJsAuthority *authority) -+{ -+ authority->priv = G_TYPE_INSTANCE_GET_PRIVATE (authority, -+ POLKIT_BACKEND_TYPE_JS_AUTHORITY, -+ PolkitBackendJsAuthorityPrivate); -+} -+ -+static void -+load_scripts (PolkitBackendJsAuthority *authority) -+{ -+ GList *files = NULL; -+ GList *l; -+ guint num_scripts = 0; -+ GError *error = NULL; -+ guint n; -+ -+ files = NULL; -+ -+ for (n = 0; authority->priv->rules_dirs != NULL && authority->priv->rules_dirs[n] != NULL; n++) -+ { -+ const gchar *dir_name = authority->priv->rules_dirs[n]; -+ GDir *dir = NULL; -+ -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Loading rules from directory %s", -+ dir_name); -+ -+ dir = g_dir_open (dir_name, -+ 0, -+ &error); -+ if (dir == NULL) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error opening rules directory: %s (%s, %d)", -+ error->message, g_quark_to_string (error->domain), error->code); -+ g_clear_error (&error); -+ } -+ else -+ { -+ const gchar *name; -+ while ((name = g_dir_read_name (dir)) != NULL) -+ { -+ if (g_str_has_suffix (name, ".rules")) -+ files = g_list_prepend (files, g_strdup_printf ("%s/%s", dir_name, name)); -+ } -+ g_dir_close (dir); -+ } -+ } -+ -+ files = g_list_sort (files, (GCompareFunc) polkit_backend_common_rules_file_name_cmp); -+ -+ for (l = files; l != NULL; l = l->next) -+ { -+ const gchar *filename = (gchar *)l->data; -+ -+ if (!execute_script_with_runaway_killer(authority, filename)) -+ continue; -+ num_scripts++; -+ } -+ -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Finished loading, compiling and executing %d rules", -+ num_scripts); -+ g_list_free_full (files, g_free); -+} -+ -+void -+polkit_backend_common_reload_scripts (PolkitBackendJsAuthority *authority) -+{ -+ duk_context *cx = authority->priv->cx; -+ -+ duk_set_top (cx, 0); -+ if (!duk_get_global_string (cx, "polkit")) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error deleting old rules, not loading new ones"); -+ return; -+ } -+ duk_push_string (cx, "_deleteRules"); -+ -+ duk_call_prop (cx, 0, 0); -+ -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Collecting garbage unconditionally..."); -+ -+ load_scripts (authority); -+ -+ /* Let applications know we have new rules... */ -+ g_signal_emit_by_name (authority, "changed"); -+} -+ -+static void -+setup_file_monitors (PolkitBackendJsAuthority *authority) -+{ -+ guint n; -+ GPtrArray *p; -+ -+ p = g_ptr_array_new (); -+ for (n = 0; authority->priv->rules_dirs != NULL && authority->priv->rules_dirs[n] != NULL; n++) -+ { -+ GFile *file; -+ GError *error; -+ GFileMonitor *monitor; -+ -+ file = g_file_new_for_path (authority->priv->rules_dirs[n]); -+ error = NULL; -+ monitor = g_file_monitor_directory (file, -+ G_FILE_MONITOR_NONE, -+ NULL, -+ &error); -+ g_object_unref (file); -+ if (monitor == NULL) -+ { -+ g_warning ("Error monitoring directory %s: %s", -+ authority->priv->rules_dirs[n], -+ error->message); -+ g_clear_error (&error); -+ } -+ else -+ { -+ g_signal_connect (monitor, -+ "changed", -+ G_CALLBACK (polkit_backend_common_on_dir_monitor_changed), -+ authority); -+ g_ptr_array_add (p, monitor); -+ } -+ } -+ g_ptr_array_add (p, NULL); -+ authority->priv->dir_monitors = (GFileMonitor**) g_ptr_array_free (p, FALSE); -+} -+ -+void -+polkit_backend_common_js_authority_constructed (GObject *object) -+{ -+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); -+ duk_context *cx; -+ -+ cx = duk_create_heap (NULL, NULL, NULL, authority, report_error); -+ if (cx == NULL) -+ goto fail; -+ -+ authority->priv->cx = cx; -+ -+ duk_push_global_object (cx); -+ duk_push_object (cx); -+ duk_put_function_list (cx, -1, js_polkit_functions); -+ duk_put_prop_string (cx, -2, "polkit"); -+ -+ /* load polkit objects/functions into JS context (e.g. addRule(), -+ * _deleteRules(), _runRules() et al) -+ */ -+ duk_eval_string (cx, init_js); -+ -+ if (authority->priv->rules_dirs == NULL) -+ { -+ authority->priv->rules_dirs = g_new0 (gchar *, 3); -+ authority->priv->rules_dirs[0] = g_strdup (PACKAGE_SYSCONF_DIR "/polkit-1/rules.d"); -+ authority->priv->rules_dirs[1] = g_strdup (PACKAGE_DATA_DIR "/polkit-1/rules.d"); -+ } -+ -+ setup_file_monitors (authority); -+ load_scripts (authority); -+ -+ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object); -+ return; -+ -+ fail: -+ g_critical ("Error initializing JavaScript environment"); -+ g_assert_not_reached (); -+} -+ -+void -+polkit_backend_common_js_authority_finalize (GObject *object) -+{ -+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); -+ guint n; -+ -+ for (n = 0; authority->priv->dir_monitors != NULL && authority->priv->dir_monitors[n] != NULL; n++) -+ { -+ GFileMonitor *monitor = authority->priv->dir_monitors[n]; -+ g_signal_handlers_disconnect_by_func (monitor, -+ G_CALLBACK (polkit_backend_common_on_dir_monitor_changed), -+ authority); -+ g_object_unref (monitor); -+ } -+ g_free (authority->priv->dir_monitors); -+ g_strfreev (authority->priv->rules_dirs); -+ -+ duk_destroy_heap (authority->priv->cx); -+ -+ G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object); -+} -+ -+void -+polkit_backend_common_js_authority_set_property (GObject *object, -+ guint property_id, -+ const GValue *value, -+ GParamSpec *pspec) -+{ -+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); -+ -+ switch (property_id) -+ { -+ case PROP_RULES_DIRS: -+ g_assert (authority->priv->rules_dirs == NULL); -+ authority->priv->rules_dirs = (gchar **) g_value_dup_boxed (value); -+ break; -+ -+ default: -+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); -+ break; -+ } -+} -+ -+static void -+polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass) -+{ -+ polkit_backend_common_js_authority_class_init_common (klass); -+ g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate)); -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+static void -+set_property_str (duk_context *cx, -+ const gchar *name, -+ const gchar *value) -+{ -+ duk_push_string (cx, value); -+ duk_put_prop_string (cx, -2, name); -+} -+ -+static void -+set_property_strv (duk_context *cx, -+ const gchar *name, -+ GPtrArray *value) -+{ -+ guint n; -+ duk_push_array (cx); -+ for (n = 0; n < value->len; n++) -+ { -+ duk_push_string (cx, g_ptr_array_index (value, n)); -+ duk_put_prop_index (cx, -2, n); -+ } -+ duk_put_prop_string (cx, -2, name); -+} -+ -+static void -+set_property_int32 (duk_context *cx, -+ const gchar *name, -+ gint32 value) -+{ -+ duk_push_int (cx, value); -+ duk_put_prop_string (cx, -2, name); -+} -+ -+static void -+set_property_bool (duk_context *cx, -+ const char *name, -+ gboolean value) -+{ -+ duk_push_boolean (cx, value); -+ duk_put_prop_string (cx, -2, name); -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+static gboolean -+push_subject (duk_context *cx, -+ PolkitSubject *subject, -+ PolkitIdentity *user_for_subject, -+ gboolean subject_is_local, -+ gboolean subject_is_active, -+ GError **error) -+{ -+ gboolean ret = FALSE; -+ pid_t pid; -+ uid_t uid; -+ gchar *user_name = NULL; -+ GPtrArray *groups = NULL; -+ struct passwd *passwd; -+ char *seat_str = NULL; -+ char *session_str = NULL; -+ -+ if (!duk_get_global_string (cx, "Subject")) { -+ return FALSE; -+ } -+ -+ duk_new (cx, 0); -+ -+ if (POLKIT_IS_UNIX_PROCESS (subject)) -+ { -+ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); -+ } -+ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) -+ { -+ PolkitSubject *process; -+ process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); -+ if (process == NULL) -+ goto out; -+ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (process)); -+ g_object_unref (process); -+ } -+ else -+ { -+ g_assert_not_reached (); -+ } -+ -+#ifdef HAVE_LIBSYSTEMD -+ if (sd_pid_get_session (pid, &session_str) == 0) -+ { -+ if (sd_session_get_seat (session_str, &seat_str) == 0) -+ { -+ /* do nothing */ -+ } -+ } -+#endif /* HAVE_LIBSYSTEMD */ -+ -+ g_assert (POLKIT_IS_UNIX_USER (user_for_subject)); -+ uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject)); -+ -+ groups = g_ptr_array_new_with_free_func (g_free); -+ -+ passwd = getpwuid (uid); -+ if (passwd == NULL) -+ { -+ user_name = g_strdup_printf ("%d", (gint) uid); -+ g_warning ("Error looking up info for uid %d: %m", (gint) uid); -+ } -+ else -+ { -+ gid_t gids[512]; -+ int num_gids = 512; -+ -+ user_name = g_strdup (passwd->pw_name); -+ -+ if (getgrouplist (passwd->pw_name, -+ passwd->pw_gid, -+ gids, -+ &num_gids) < 0) -+ { -+ g_warning ("Error looking up groups for uid %d: %m", (gint) uid); -+ } -+ else -+ { -+ gint n; -+ for (n = 0; n < num_gids; n++) -+ { -+ struct group *group; -+ group = getgrgid (gids[n]); -+ if (group == NULL) -+ { -+ g_ptr_array_add (groups, g_strdup_printf ("%d", (gint) gids[n])); -+ } -+ else -+ { -+ g_ptr_array_add (groups, g_strdup (group->gr_name)); -+ } -+ } -+ } -+ } -+ -+ set_property_int32 (cx, "pid", pid); -+ set_property_str (cx, "user", user_name); -+ set_property_strv (cx, "groups", groups); -+ set_property_str (cx, "seat", seat_str); -+ set_property_str (cx, "session", session_str); -+ set_property_bool (cx, "local", subject_is_local); -+ set_property_bool (cx, "active", subject_is_active); -+ -+ ret = TRUE; -+ -+ out: -+ free (session_str); -+ free (seat_str); -+ g_free (user_name); -+ if (groups != NULL) -+ g_ptr_array_unref (groups); -+ -+ return ret; -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+static gboolean -+push_action_and_details (duk_context *cx, -+ const gchar *action_id, -+ PolkitDetails *details, -+ GError **error) -+{ -+ gchar **keys; -+ guint n; -+ -+ if (!duk_get_global_string (cx, "Action")) { -+ return FALSE; -+ } -+ -+ duk_new (cx, 0); -+ -+ set_property_str (cx, "id", action_id); -+ -+ keys = polkit_details_get_keys (details); -+ for (n = 0; keys != NULL && keys[n] != NULL; n++) -+ { -+ gchar *key; -+ const gchar *value; -+ key = g_strdup_printf ("_detail_%s", keys[n]); -+ value = polkit_details_lookup (details, keys[n]); -+ set_property_str (cx, key, value); -+ g_free (key); -+ } -+ g_strfreev (keys); -+ -+ return TRUE; -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+typedef struct { -+ PolkitBackendJsAuthority *authority; -+ const gchar *filename; -+ pthread_cond_t cond; -+ pthread_mutex_t mutex; -+ gint ret; -+} RunawayKillerCtx; -+ -+static gpointer -+runaway_killer_thread_execute_js (gpointer user_data) -+{ -+ RunawayKillerCtx *ctx = user_data; -+ duk_context *cx = ctx->authority->priv->cx; -+ -+ int oldtype, pthread_err; -+ -+ if ((pthread_err = pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &oldtype))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority), -+ "Error setting thread cancel type: %s", -+ strerror(pthread_err)); -+ goto err; -+ } -+ -+ GFile *file = g_file_new_for_path(ctx->filename); -+ char *contents; -+ gsize len; -+ -+ if (!g_file_load_contents(file, NULL, &contents, &len, NULL, NULL)) { -+ polkit_backend_authority_log(POLKIT_BACKEND_AUTHORITY(ctx->authority), -+ "Error loading script %s", ctx->filename); -+ g_object_unref(file); -+ goto err; -+ } -+ -+ g_object_unref(file); -+ -+ /* evaluate the script, trying to print context in any syntax errors -+ found */ -+ if (duk_peval_lstring(cx, contents, len) != 0) -+ { -+ polkit_backend_authority_log(POLKIT_BACKEND_AUTHORITY(ctx->authority), -+ "Error compiling script %s: %s", ctx->filename, -+ duk_safe_to_string(cx, -1)); -+ duk_pop(cx); -+ goto free_err; -+ } -+ g_free(contents); -+ -+ ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_SUCCESS; -+ goto end; -+ -+free_err: -+ g_free(contents); -+err: -+ ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE; -+end: -+ if ((pthread_err = pthread_cond_signal(&ctx->cond))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority), -+ "Error signaling on condition variable: %s", -+ strerror(pthread_err)); -+ ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE; -+ } -+ return NULL; -+} -+ -+static gpointer -+runaway_killer_thread_call_js (gpointer user_data) -+{ -+ RunawayKillerCtx *ctx = user_data; -+ duk_context *cx = ctx->authority->priv->cx; -+ int oldtype, pthread_err; -+ -+ if ((pthread_err = pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &oldtype))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority), -+ "Error setting thread cancel type: %s", -+ strerror(pthread_err)); -+ goto err; -+ } -+ -+ if (duk_pcall_prop (cx, 0, 2) != DUK_EXEC_SUCCESS) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority), -+ "Error evaluating admin rules: ", -+ duk_safe_to_string (cx, -1)); -+ goto err; -+ } -+ -+ ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_SUCCESS; -+ goto end; -+ -+err: -+ ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE; -+end: -+ if ((pthread_err = pthread_cond_signal(&ctx->cond))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority), -+ "Error signaling on condition variable: %s", -+ strerror(pthread_err)); -+ ctx->ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE; -+ } -+ return NULL; -+} -+ -+#if defined (HAVE_PTHREAD_CONDATTR_SETCLOCK) -+# if defined(CLOCK_MONOTONIC) -+# define PK_CLOCK CLOCK_MONOTONIC -+# elif defined(CLOCK_BOOTTIME) -+# define PK_CLOCK CLOCK_BOOTTIME -+# else -+ /* No suitable clock */ -+# undef HAVE_PTHREAD_CONDATTR_SETCLOCK -+# define PK_CLOCK CLOCK_REALTIME -+# endif -+#else /* ! HAVE_PTHREAD_CONDATTR_SETCLOCK */ -+# define PK_CLOCK CLOCK_REALTIME -+#endif /* ! HAVE_PTHREAD_CONDATTR_SETCLOCK */ -+ -+static gboolean -+runaway_killer_common(PolkitBackendJsAuthority *authority, RunawayKillerCtx *ctx, void *js_context_cb (void *user_data)) -+{ -+ int pthread_err; -+ gboolean cancel = FALSE; -+ pthread_condattr_t attr; -+ struct timespec abs_time; -+ -+#ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK -+ if ((pthread_err = pthread_condattr_init(&attr))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error initializing condition variable attributes: %s", -+ strerror(pthread_err)); -+ return FALSE; -+ } -+ if ((pthread_err = pthread_condattr_setclock(&attr, PK_CLOCK))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error setting condition variable attributes: %s", -+ strerror(pthread_err)); -+ goto err_clean_condattr; -+ } -+ /* Init again, with needed attr */ -+ if ((pthread_err = pthread_cond_init(&ctx->cond, &attr))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error initializing condition variable: %s", -+ strerror(pthread_err)); -+ goto err_clean_condattr; -+ } -+#endif -+ -+ if ((pthread_err = pthread_mutex_lock(&ctx->mutex))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error locking mutex: %s", -+ strerror(pthread_err)); -+ goto err_clean_cond; -+ } -+ -+ if (clock_gettime(PK_CLOCK, &abs_time)) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error getting system's monotonic time: %s", -+ strerror(errno)); -+ goto err_clean_cond; -+ } -+ abs_time.tv_sec += RUNAWAY_KILLER_TIMEOUT; -+ -+ if ((pthread_err = pthread_create(&authority->priv->runaway_killer_thread, NULL, -+ js_context_cb, ctx))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error creating runaway JS killer thread: %s", -+ strerror(pthread_err)); -+ goto err_clean_cond; -+ } -+ -+ while (ctx->ret == RUNAWAY_KILLER_THREAD_EXIT_STATUS_UNSET) /* loop to treat spurious wakeups */ -+ if (pthread_cond_timedwait(&ctx->cond, &ctx->mutex, &abs_time) == ETIMEDOUT) { -+ cancel = TRUE; -+ -+ /* Log that we are terminating the script */ -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Terminating runaway script after %d seconds", -+ RUNAWAY_KILLER_TIMEOUT); -+ -+ break; -+ } -+ -+ if ((pthread_err = pthread_mutex_unlock(&ctx->mutex))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error unlocking mutex: %s", -+ strerror(pthread_err)); -+ goto err_clean_cond; -+ } -+ -+ if (cancel) { -+ if ((pthread_err = pthread_cancel (authority->priv->runaway_killer_thread))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error cancelling runaway JS killer thread: %s", -+ strerror(pthread_err)); -+ goto err_clean_cond; -+ } -+ } -+ if ((pthread_err = pthread_join (authority->priv->runaway_killer_thread, NULL))) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error joining runaway JS killer thread: %s", -+ strerror(pthread_err)); -+ goto err_clean_cond; -+ } -+ -+ return ctx->ret == RUNAWAY_KILLER_THREAD_EXIT_STATUS_SUCCESS; -+ -+ err_clean_cond: -+#ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK -+ pthread_cond_destroy(&ctx->cond); -+#endif -+ err_clean_condattr: -+#ifdef HAVE_PTHREAD_CONDATTR_SETCLOCK -+ pthread_condattr_destroy(&attr); -+#endif -+ return FALSE; -+} -+ -+/* Blocking for at most RUNAWAY_KILLER_TIMEOUT */ -+static gboolean -+execute_script_with_runaway_killer(PolkitBackendJsAuthority *authority, -+ const gchar *filename) -+{ -+ RunawayKillerCtx ctx = {.authority = authority, .filename = filename, -+ .ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_UNSET, -+ .mutex = PTHREAD_MUTEX_INITIALIZER, -+ .cond = PTHREAD_COND_INITIALIZER}; -+ -+ return runaway_killer_common(authority, &ctx, &runaway_killer_thread_execute_js); -+} -+ -+/* Calls already stacked function and args. Blocking for at most -+ * RUNAWAY_KILLER_TIMEOUT. If timeout is the case, ctx.ret will be -+ * RUNAWAY_KILLER_THREAD_EXIT_STATUS_UNSET, thus returning FALSE. -+ */ -+static gboolean -+call_js_function_with_runaway_killer(PolkitBackendJsAuthority *authority) -+{ -+ RunawayKillerCtx ctx = {.authority = authority, -+ .ret = RUNAWAY_KILLER_THREAD_EXIT_STATUS_UNSET, -+ .mutex = PTHREAD_MUTEX_INITIALIZER, -+ .cond = PTHREAD_COND_INITIALIZER}; -+ -+ return runaway_killer_common(authority, &ctx, &runaway_killer_thread_call_js); -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+GList * -+polkit_backend_common_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *_authority, -+ PolkitSubject *caller, -+ PolkitSubject *subject, -+ PolkitIdentity *user_for_subject, -+ gboolean subject_is_local, -+ gboolean subject_is_active, -+ const gchar *action_id, -+ PolkitDetails *details) -+{ -+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority); -+ GList *ret = NULL; -+ guint n; -+ GError *error = NULL; -+ const char *ret_str = NULL; -+ gchar **ret_strs = NULL; -+ duk_context *cx = authority->priv->cx; -+ -+ duk_set_top (cx, 0); -+ if (!duk_get_global_string (cx, "polkit")) { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error deleting old rules, not loading new ones"); -+ goto out; -+ } -+ -+ duk_push_string (cx, "_runAdminRules"); -+ -+ if (!push_action_and_details (cx, action_id, details, &error)) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error converting action and details to JS object: %s", -+ error->message); -+ g_clear_error (&error); -+ goto out; -+ } -+ -+ if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error)) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error converting subject to JS object: %s", -+ error->message); -+ g_clear_error (&error); -+ goto out; -+ } -+ -+ if (!call_js_function_with_runaway_killer (authority)) -+ goto out; -+ -+ ret_str = duk_require_string (cx, -1); -+ -+ ret_strs = g_strsplit (ret_str, ",", -1); -+ for (n = 0; ret_strs != NULL && ret_strs[n] != NULL; n++) -+ { -+ const gchar *identity_str = ret_strs[n]; -+ PolkitIdentity *identity; -+ -+ error = NULL; -+ identity = polkit_identity_from_string (identity_str, &error); -+ if (identity == NULL) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Identity `%s' is not valid, ignoring: %s", -+ identity_str, error->message); -+ g_clear_error (&error); -+ } -+ else -+ { -+ ret = g_list_prepend (ret, identity); -+ } -+ } -+ ret = g_list_reverse (ret); -+ -+ out: -+ g_strfreev (ret_strs); -+ /* fallback to root password auth */ -+ if (ret == NULL) -+ ret = g_list_prepend (ret, polkit_unix_user_new (0)); -+ -+ return ret; -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+PolkitImplicitAuthorization -+polkit_backend_common_js_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *_authority, -+ PolkitSubject *caller, -+ PolkitSubject *subject, -+ PolkitIdentity *user_for_subject, -+ gboolean subject_is_local, -+ gboolean subject_is_active, -+ const gchar *action_id, -+ PolkitDetails *details, -+ PolkitImplicitAuthorization implicit) -+{ -+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority); -+ PolkitImplicitAuthorization ret = implicit; -+ GError *error = NULL; -+ gchar *ret_str = NULL; -+ gboolean good = FALSE; -+ duk_context *cx = authority->priv->cx; -+ -+ duk_set_top (cx, 0); -+ if (!duk_get_global_string (cx, "polkit")) { -+ goto out; -+ } -+ -+ duk_push_string (cx, "_runRules"); -+ -+ if (!push_action_and_details (cx, action_id, details, &error)) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error converting action and details to JS object: %s", -+ error->message); -+ g_clear_error (&error); -+ goto out; -+ } -+ -+ if (!push_subject (cx, subject, user_for_subject, subject_is_local, subject_is_active, &error)) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Error converting subject to JS object: %s", -+ error->message); -+ g_clear_error (&error); -+ goto out; -+ } -+ -+ // If any error is the js context happened (ctx.ret == -+ // RUNAWAY_KILLER_THREAD_EXIT_STATUS_FAILURE) or it never properly returned -+ // (runaway scripts or ctx.ret == RUNAWAY_KILLER_THREAD_EXIT_STATUS_UNSET), -+ // unauthorize -+ if (!call_js_function_with_runaway_killer (authority)) -+ goto out; -+ -+ if (duk_is_null(cx, -1)) { -+ /* this is fine, means there was no match, use implicit authorizations */ -+ good = TRUE; -+ goto out; -+ } -+ ret_str = g_strdup (duk_require_string (cx, -1)); -+ if (!polkit_implicit_authorization_from_string (ret_str, &ret)) -+ { -+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -+ "Returned result `%s' is not valid", -+ ret_str); -+ goto out; -+ } -+ -+ good = TRUE; -+ -+ out: -+ if (!good) -+ ret = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; -+ if (ret_str != NULL) -+ g_free (ret_str); -+ -+ return ret; -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+static duk_ret_t -+js_polkit_log (duk_context *cx) -+{ -+ const char *str = duk_require_string (cx, 0); -+ fprintf (stderr, "%s\n", str); -+ return 0; -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+static duk_ret_t -+js_polkit_spawn (duk_context *cx) -+{ -+ duk_ret_t ret = DUK_RET_ERROR; -+ gchar *standard_output = NULL; -+ gchar *standard_error = NULL; -+ gint exit_status; -+ GError *error = NULL; -+ guint32 array_len; -+ gchar **argv = NULL; -+ GMainContext *context = NULL; -+ GMainLoop *loop = NULL; -+ SpawnData data = {0}; -+ char *err_str = NULL; -+ guint n; -+ -+ if (!duk_is_array (cx, 0)) -+ goto out; -+ -+ array_len = duk_get_length (cx, 0); -+ -+ argv = g_new0 (gchar*, array_len + 1); -+ for (n = 0; n < array_len; n++) -+ { -+ duk_get_prop_index (cx, 0, n); -+ argv[n] = g_strdup (duk_to_string (cx, -1)); -+ duk_pop (cx); -+ } -+ -+ context = g_main_context_new (); -+ loop = g_main_loop_new (context, FALSE); -+ -+ g_main_context_push_thread_default (context); -+ -+ data.loop = loop; -+ polkit_backend_common_spawn ((const gchar *const *) argv, -+ 10, /* timeout_seconds */ -+ NULL, /* cancellable */ -+ polkit_backend_common_spawn_cb, -+ &data); -+ -+ g_main_loop_run (loop); -+ -+ g_main_context_pop_thread_default (context); -+ -+ if (!polkit_backend_common_spawn_finish (data.res, -+ &exit_status, -+ &standard_output, -+ &standard_error, -+ &error)) -+ { -+ err_str = g_strdup_printf ("Error spawning helper: %s (%s, %d)", -+ error->message, g_quark_to_string (error->domain), error->code); -+ g_clear_error (&error); -+ goto out; -+ } -+ -+ if (!(WIFEXITED (exit_status) && WEXITSTATUS (exit_status) == 0)) -+ { -+ GString *gstr; -+ gstr = g_string_new (NULL); -+ if (WIFEXITED (exit_status)) -+ { -+ g_string_append_printf (gstr, -+ "Helper exited with non-zero exit status %d", -+ WEXITSTATUS (exit_status)); -+ } -+ else if (WIFSIGNALED (exit_status)) -+ { -+ g_string_append_printf (gstr, -+ "Helper was signaled with signal %s (%d)", -+ polkit_backend_common_get_signal_name (WTERMSIG (exit_status)), -+ WTERMSIG (exit_status)); -+ } -+ g_string_append_printf (gstr, ", stdout=`%s', stderr=`%s'", -+ standard_output, standard_error); -+ err_str = g_string_free (gstr, FALSE); -+ goto out; -+ } -+ -+ duk_push_string (cx, standard_output); -+ ret = 1; -+ -+ out: -+ g_strfreev (argv); -+ g_free (standard_output); -+ g_free (standard_error); -+ g_clear_object (&data.res); -+ if (loop != NULL) -+ g_main_loop_unref (loop); -+ if (context != NULL) -+ g_main_context_unref (context); -+ -+ if (err_str) -+ duk_error (cx, DUK_ERR_ERROR, err_str); -+ -+ return ret; -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -+ -+ -+static duk_ret_t -+js_polkit_user_is_in_netgroup (duk_context *cx) -+{ -+ const char *user; -+ const char *netgroup; -+ gboolean is_in_netgroup = FALSE; -+ -+ user = duk_require_string (cx, 0); -+ netgroup = duk_require_string (cx, 1); -+ -+ if (innetgr (netgroup, -+ NULL, /* host */ -+ user, -+ NULL)) /* domain */ -+ { -+ is_in_netgroup = TRUE; -+ } -+ -+ duk_push_boolean (cx, is_in_netgroup); -+ return 1; -+} -+ -+/* ---------------------------------------------------------------------------------------------------- */ -diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index ca17108..11e91c0 100644 ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -19,29 +19,7 @@ - * Author: David Zeuthen - */ - --#include "config.h" --#include --#include --#include --#include --#ifdef HAVE_NETGROUP_H --#include --#else --#include --#endif --#include --#include --#include --#include -- --#include --#include "polkitbackendjsauthority.h" -- --#include -- --#ifdef HAVE_LIBSYSTEMD --#include --#endif /* HAVE_LIBSYSTEMD */ -+#include "polkitbackendcommon.h" - - #include - #include -@@ -52,6 +30,7 @@ - #include - #include - -+/* Built source and not too big to worry about deduplication */ - #include "initjs.h" /* init.js */ - - #ifdef JSGC_USE_EXACT_ROOTING -@@ -67,10 +46,9 @@ - * @short_description: JS Authority - * @stability: Unstable - * -- * An implementation of #PolkitBackendAuthority that reads and -- * evalates Javascript files and supports interaction with -- * authentication agents (virtue of being based on -- * #PolkitBackendInteractiveAuthority). -+ * An (SpiderMonkey-based) implementation of #PolkitBackendAuthority that reads -+ * and evaluates Javascript files and supports interaction with authentication -+ * agents (virtue of being based on #PolkitBackendInteractiveAuthority). - */ - - /* ---------------------------------------------------------------------------------------------------- */ -@@ -100,57 +78,11 @@ static bool execute_script_with_runaway_killer (PolkitBackendJsAuthority *author - JS::HandleScript script, - JS::MutableHandleValue rval); - --static void utils_spawn (const gchar *const *argv, -- guint timeout_seconds, -- GCancellable *cancellable, -- GAsyncReadyCallback callback, -- gpointer user_data); -- --gboolean utils_spawn_finish (GAsyncResult *res, -- gint *out_exit_status, -- gchar **out_standard_output, -- gchar **out_standard_error, -- GError **error); -- --static void on_dir_monitor_changed (GFileMonitor *monitor, -- GFile *file, -- GFile *other_file, -- GFileMonitorEvent event_type, -- gpointer user_data); -- --/* ---------------------------------------------------------------------------------------------------- */ -- --enum --{ -- PROP_0, -- PROP_RULES_DIRS, --}; -- - /* ---------------------------------------------------------------------------------------------------- */ - - static gpointer runaway_killer_thread_func (gpointer user_data); - static void runaway_killer_terminate (PolkitBackendJsAuthority *authority); - --static GList *polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, -- PolkitSubject *caller, -- PolkitSubject *subject, -- PolkitIdentity *user_for_subject, -- gboolean subject_is_local, -- gboolean subject_is_active, -- const gchar *action_id, -- PolkitDetails *details); -- --static PolkitImplicitAuthorization polkit_backend_js_authority_check_authorization_sync ( -- PolkitBackendInteractiveAuthority *authority, -- PolkitSubject *caller, -- PolkitSubject *subject, -- PolkitIdentity *user_for_subject, -- gboolean subject_is_local, -- gboolean subject_is_active, -- const gchar *action_id, -- PolkitDetails *details, -- PolkitImplicitAuthorization implicit); -- - G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY); - - /* ---------------------------------------------------------------------------------------------------- */ -@@ -229,33 +161,6 @@ polkit_backend_js_authority_init (PolkitBackendJsAuthority *authority) - PolkitBackendJsAuthorityPrivate); - } - --static gint --rules_file_name_cmp (const gchar *a, -- const gchar *b) --{ -- gint ret; -- const gchar *a_base; -- const gchar *b_base; -- -- a_base = strrchr (a, '/'); -- b_base = strrchr (b, '/'); -- -- g_assert (a_base != NULL); -- g_assert (b_base != NULL); -- a_base += 1; -- b_base += 1; -- -- ret = g_strcmp0 (a_base, b_base); -- if (ret == 0) -- { -- /* /etc wins over /usr */ -- ret = g_strcmp0 (a, b); -- g_assert (ret != 0); -- } -- -- return ret; --} -- - /* authority->priv->cx must be within a request */ - static void - load_scripts (PolkitBackendJsAuthority *authority) -@@ -299,7 +204,7 @@ load_scripts (PolkitBackendJsAuthority *authority) - } - } - -- files = g_list_sort (files, (GCompareFunc) rules_file_name_cmp); -+ files = g_list_sort (files, (GCompareFunc) polkit_backend_common_rules_file_name_cmp); - - for (l = files; l != NULL; l = l->next) - { -@@ -365,8 +270,8 @@ load_scripts (PolkitBackendJsAuthority *authority) - g_list_free_full (files, g_free); - } - --static void --reload_scripts (PolkitBackendJsAuthority *authority) -+void -+polkit_backend_common_reload_scripts (PolkitBackendJsAuthority *authority) - { - JS::RootedValueArray<1> args(authority->priv->cx); - JS::RootedValue rval(authority->priv->cx); -@@ -395,42 +300,6 @@ reload_scripts (PolkitBackendJsAuthority *authority) - g_signal_emit_by_name (authority, "changed"); - } - --static void --on_dir_monitor_changed (GFileMonitor *monitor, -- GFile *file, -- GFile *other_file, -- GFileMonitorEvent event_type, -- gpointer user_data) --{ -- PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data); -- -- /* TODO: maybe rate-limit so storms of events are collapsed into one with a 500ms resolution? -- * Because when editing a file with emacs we get 4-8 events.. -- */ -- -- if (file != NULL) -- { -- gchar *name; -- -- name = g_file_get_basename (file); -- -- /* g_print ("event_type=%d file=%p name=%s\n", event_type, file, name); */ -- if (!g_str_has_prefix (name, ".") && -- !g_str_has_prefix (name, "#") && -- g_str_has_suffix (name, ".rules") && -- (event_type == G_FILE_MONITOR_EVENT_CREATED || -- event_type == G_FILE_MONITOR_EVENT_DELETED || -- event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) -- { -- polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), -- "Reloading rules"); -- reload_scripts (authority); -- } -- g_free (name); -- } --} -- -- - static void - setup_file_monitors (PolkitBackendJsAuthority *authority) - { -@@ -462,7 +331,7 @@ setup_file_monitors (PolkitBackendJsAuthority *authority) - { - g_signal_connect (monitor, - "changed", -- G_CALLBACK (on_dir_monitor_changed), -+ G_CALLBACK (polkit_backend_common_on_dir_monitor_changed), - authority); - g_ptr_array_add (p, monitor); - } -@@ -471,8 +340,8 @@ setup_file_monitors (PolkitBackendJsAuthority *authority) - authority->priv->dir_monitors = (GFileMonitor**) g_ptr_array_free (p, FALSE); - } - --static void --polkit_backend_js_authority_constructed (GObject *object) -+void -+polkit_backend_common_js_authority_constructed (GObject *object) - { - PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); - -@@ -561,8 +430,8 @@ polkit_backend_js_authority_constructed (GObject *object) - g_assert_not_reached (); - } - --static void --polkit_backend_js_authority_finalize (GObject *object) -+void -+polkit_backend_common_js_authority_finalize (GObject *object) - { - PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); - guint n; -@@ -577,7 +446,7 @@ polkit_backend_js_authority_finalize (GObject *object) - { - GFileMonitor *monitor = authority->priv->dir_monitors[n]; - g_signal_handlers_disconnect_by_func (monitor, -- (gpointer*)G_CALLBACK (on_dir_monitor_changed), -+ (gpointer*)G_CALLBACK (polkit_backend_common_on_dir_monitor_changed), - authority); - g_object_unref (monitor); - } -@@ -594,11 +463,11 @@ polkit_backend_js_authority_finalize (GObject *object) - G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object); - } - --static void --polkit_backend_js_authority_set_property (GObject *object, -- guint property_id, -- const GValue *value, -- GParamSpec *pspec) -+void -+polkit_backend_common_js_authority_set_property (GObject *object, -+ guint property_id, -+ const GValue *value, -+ GParamSpec *pspec) - { - PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); - -@@ -615,57 +484,12 @@ polkit_backend_js_authority_set_property (GObject *object, - } - } - --static const gchar * --polkit_backend_js_authority_get_name (PolkitBackendAuthority *authority) --{ -- return "js"; --} -- --static const gchar * --polkit_backend_js_authority_get_version (PolkitBackendAuthority *authority) --{ -- return PACKAGE_VERSION; --} -- --static PolkitAuthorityFeatures --polkit_backend_js_authority_get_features (PolkitBackendAuthority *authority) --{ -- return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION; --} -- - static void - polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass) - { -- GObjectClass *gobject_class; -- PolkitBackendAuthorityClass *authority_class; -- PolkitBackendInteractiveAuthorityClass *interactive_authority_class; -- -- -- gobject_class = G_OBJECT_CLASS (klass); -- gobject_class->finalize = polkit_backend_js_authority_finalize; -- gobject_class->set_property = polkit_backend_js_authority_set_property; -- gobject_class->constructed = polkit_backend_js_authority_constructed; -- -- authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); -- authority_class->get_name = polkit_backend_js_authority_get_name; -- authority_class->get_version = polkit_backend_js_authority_get_version; -- authority_class->get_features = polkit_backend_js_authority_get_features; -- -- interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass); -- interactive_authority_class->get_admin_identities = polkit_backend_js_authority_get_admin_auth_identities; -- interactive_authority_class->check_authorization_sync = polkit_backend_js_authority_check_authorization_sync; -- -- g_object_class_install_property (gobject_class, -- PROP_RULES_DIRS, -- g_param_spec_boxed ("rules-dirs", -- NULL, -- NULL, -- G_TYPE_STRV, -- GParamFlags(G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE))); -- -+ polkit_backend_common_js_authority_class_init_common (klass); - - g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate)); -- - JS_Init (); - } - -@@ -1005,11 +829,14 @@ runaway_killer_setup (PolkitBackendJsAuthority *authority) - { - g_assert (authority->priv->rkt_source == NULL); - -- /* set-up timer for runaway scripts, will be executed in runaway_killer_thread */ -+ /* set-up timer for runaway scripts, will be executed in -+ runaway_killer_thread, that is one, permanent thread running a glib -+ mainloop (rkt_loop) whose context (rkt_context) has a timeout source -+ (rkt_source) */ - g_mutex_lock (&authority->priv->rkt_timeout_pending_mutex); - authority->priv->rkt_timeout_pending = FALSE; - g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex); -- authority->priv->rkt_source = g_timeout_source_new_seconds (15); -+ authority->priv->rkt_source = g_timeout_source_new_seconds (RUNAWAY_KILLER_TIMEOUT); - g_source_set_callback (authority->priv->rkt_source, rkt_on_timeout, authority, NULL); - g_source_attach (authority->priv->rkt_source, authority->priv->rkt_context); - -@@ -1069,6 +896,9 @@ execute_script_with_runaway_killer (PolkitBackendJsAuthority *authority, - { - bool ret; - -+ // tries to JS_ExecuteScript(), may hang for > RUNAWAY_KILLER_TIMEOUT, -+ // runaway_killer_thread makes sure the call returns, due to exception -+ // injection - runaway_killer_setup (authority); - ret = JS_ExecuteScript (authority->priv->cx, - script, -@@ -1099,15 +929,15 @@ call_js_function_with_runaway_killer (PolkitBackendJsAuthority *authority, - - /* ---------------------------------------------------------------------------------------------------- */ - --static GList * --polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *_authority, -- PolkitSubject *caller, -- PolkitSubject *subject, -- PolkitIdentity *user_for_subject, -- gboolean subject_is_local, -- gboolean subject_is_active, -- const gchar *action_id, -- PolkitDetails *details) -+GList * -+polkit_backend_common_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *_authority, -+ PolkitSubject *caller, -+ PolkitSubject *subject, -+ PolkitIdentity *user_for_subject, -+ gboolean subject_is_local, -+ gboolean subject_is_active, -+ const gchar *action_id, -+ PolkitDetails *details) - { - PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority); - GList *ret = NULL; -@@ -1202,16 +1032,16 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA - - /* ---------------------------------------------------------------------------------------------------- */ - --static PolkitImplicitAuthorization --polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *_authority, -- PolkitSubject *caller, -- PolkitSubject *subject, -- PolkitIdentity *user_for_subject, -- gboolean subject_is_local, -- gboolean subject_is_active, -- const gchar *action_id, -- PolkitDetails *details, -- PolkitImplicitAuthorization implicit) -+PolkitImplicitAuthorization -+polkit_backend_common_js_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *_authority, -+ PolkitSubject *caller, -+ PolkitSubject *subject, -+ PolkitIdentity *user_for_subject, -+ gboolean subject_is_local, -+ gboolean subject_is_active, -+ const gchar *action_id, -+ PolkitDetails *details, -+ PolkitImplicitAuthorization implicit) - { - PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority); - PolkitImplicitAuthorization ret = implicit; -@@ -1324,65 +1154,6 @@ js_polkit_log (JSContext *cx, - - /* ---------------------------------------------------------------------------------------------------- */ - --static const gchar * --get_signal_name (gint signal_number) --{ -- switch (signal_number) -- { --#define _HANDLE_SIG(sig) case sig: return #sig; -- _HANDLE_SIG (SIGHUP); -- _HANDLE_SIG (SIGINT); -- _HANDLE_SIG (SIGQUIT); -- _HANDLE_SIG (SIGILL); -- _HANDLE_SIG (SIGABRT); -- _HANDLE_SIG (SIGFPE); -- _HANDLE_SIG (SIGKILL); -- _HANDLE_SIG (SIGSEGV); -- _HANDLE_SIG (SIGPIPE); -- _HANDLE_SIG (SIGALRM); -- _HANDLE_SIG (SIGTERM); -- _HANDLE_SIG (SIGUSR1); -- _HANDLE_SIG (SIGUSR2); -- _HANDLE_SIG (SIGCHLD); -- _HANDLE_SIG (SIGCONT); -- _HANDLE_SIG (SIGSTOP); -- _HANDLE_SIG (SIGTSTP); -- _HANDLE_SIG (SIGTTIN); -- _HANDLE_SIG (SIGTTOU); -- _HANDLE_SIG (SIGBUS); --#ifdef SIGPOLL -- _HANDLE_SIG (SIGPOLL); --#endif -- _HANDLE_SIG (SIGPROF); -- _HANDLE_SIG (SIGSYS); -- _HANDLE_SIG (SIGTRAP); -- _HANDLE_SIG (SIGURG); -- _HANDLE_SIG (SIGVTALRM); -- _HANDLE_SIG (SIGXCPU); -- _HANDLE_SIG (SIGXFSZ); --#undef _HANDLE_SIG -- default: -- break; -- } -- return "UNKNOWN_SIGNAL"; --} -- --typedef struct --{ -- GMainLoop *loop; -- GAsyncResult *res; --} SpawnData; -- --static void --spawn_cb (GObject *source_object, -- GAsyncResult *res, -- gpointer user_data) --{ -- SpawnData *data = (SpawnData *)user_data; -- data->res = (GAsyncResult*)g_object_ref (res); -- g_main_loop_quit (data->loop); --} -- - static bool - js_polkit_spawn (JSContext *cx, - unsigned js_argc, -@@ -1440,21 +1211,21 @@ js_polkit_spawn (JSContext *cx, - g_main_context_push_thread_default (context); - - data.loop = loop; -- utils_spawn ((const gchar *const *) argv, -- 10, /* timeout_seconds */ -- NULL, /* cancellable */ -- spawn_cb, -- &data); -+ polkit_backend_common_spawn ((const gchar *const *) argv, -+ 10, /* timeout_seconds */ -+ NULL, /* cancellable */ -+ polkit_backend_common_spawn_cb, -+ &data); - - g_main_loop_run (loop); - - g_main_context_pop_thread_default (context); - -- if (!utils_spawn_finish (data.res, -- &exit_status, -- &standard_output, -- &standard_error, -- &error)) -+ if (!polkit_backend_common_spawn_finish (data.res, -+ &exit_status, -+ &standard_output, -+ &standard_error, -+ &error)) - { - JS_ReportErrorUTF8 (cx, - "Error spawning helper: %s (%s, %d)", -@@ -1477,7 +1248,7 @@ js_polkit_spawn (JSContext *cx, - { - g_string_append_printf (gstr, - "Helper was signaled with signal %s (%d)", -- get_signal_name (WTERMSIG (exit_status)), -+ polkit_backend_common_get_signal_name (WTERMSIG (exit_status)), - WTERMSIG (exit_status)); - } - g_string_append_printf (gstr, ", stdout=`%s', stderr=`%s'", -@@ -1542,381 +1313,5 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - return ret; - } - -- -- - /* ---------------------------------------------------------------------------------------------------- */ - --typedef struct --{ -- GSimpleAsyncResult *simple; /* borrowed reference */ -- GMainContext *main_context; /* may be NULL */ -- -- GCancellable *cancellable; /* may be NULL */ -- gulong cancellable_handler_id; -- -- GPid child_pid; -- gint child_stdout_fd; -- gint child_stderr_fd; -- -- GIOChannel *child_stdout_channel; -- GIOChannel *child_stderr_channel; -- -- GSource *child_watch_source; -- GSource *child_stdout_source; -- GSource *child_stderr_source; -- -- guint timeout_seconds; -- gboolean timed_out; -- GSource *timeout_source; -- -- GString *child_stdout; -- GString *child_stderr; -- -- gint exit_status; --} UtilsSpawnData; -- --static void --utils_child_watch_from_release_cb (GPid pid, -- gint status, -- gpointer user_data) --{ --} -- --static void --utils_spawn_data_free (UtilsSpawnData *data) --{ -- if (data->timeout_source != NULL) -- { -- g_source_destroy (data->timeout_source); -- data->timeout_source = NULL; -- } -- -- /* Nuke the child, if necessary */ -- if (data->child_watch_source != NULL) -- { -- g_source_destroy (data->child_watch_source); -- data->child_watch_source = NULL; -- } -- -- if (data->child_pid != 0) -- { -- GSource *source; -- kill (data->child_pid, SIGTERM); -- /* OK, we need to reap for the child ourselves - we don't want -- * to use waitpid() because that might block the calling -- * thread (the child might handle SIGTERM and use several -- * seconds for cleanup/rollback). -- * -- * So we use GChildWatch instead. -- * -- * Avoid taking a references to ourselves. but note that we need -- * to pass the GSource so we can nuke it once handled. -- */ -- source = g_child_watch_source_new (data->child_pid); -- g_source_set_callback (source, -- (GSourceFunc) utils_child_watch_from_release_cb, -- source, -- (GDestroyNotify) g_source_destroy); -- /* attach source to the global default main context */ -- g_source_attach (source, NULL); -- g_source_unref (source); -- data->child_pid = 0; -- } -- -- if (data->child_stdout != NULL) -- { -- g_string_free (data->child_stdout, TRUE); -- data->child_stdout = NULL; -- } -- -- if (data->child_stderr != NULL) -- { -- g_string_free (data->child_stderr, TRUE); -- data->child_stderr = NULL; -- } -- -- if (data->child_stdout_channel != NULL) -- { -- g_io_channel_unref (data->child_stdout_channel); -- data->child_stdout_channel = NULL; -- } -- if (data->child_stderr_channel != NULL) -- { -- g_io_channel_unref (data->child_stderr_channel); -- data->child_stderr_channel = NULL; -- } -- -- if (data->child_stdout_source != NULL) -- { -- g_source_destroy (data->child_stdout_source); -- data->child_stdout_source = NULL; -- } -- if (data->child_stderr_source != NULL) -- { -- g_source_destroy (data->child_stderr_source); -- data->child_stderr_source = NULL; -- } -- -- if (data->child_stdout_fd != -1) -- { -- g_warn_if_fail (close (data->child_stdout_fd) == 0); -- data->child_stdout_fd = -1; -- } -- if (data->child_stderr_fd != -1) -- { -- g_warn_if_fail (close (data->child_stderr_fd) == 0); -- data->child_stderr_fd = -1; -- } -- -- if (data->cancellable_handler_id > 0) -- { -- g_cancellable_disconnect (data->cancellable, data->cancellable_handler_id); -- data->cancellable_handler_id = 0; -- } -- -- if (data->main_context != NULL) -- g_main_context_unref (data->main_context); -- -- if (data->cancellable != NULL) -- g_object_unref (data->cancellable); -- -- g_slice_free (UtilsSpawnData, data); --} -- --/* called in the thread where @cancellable was cancelled */ --static void --utils_on_cancelled (GCancellable *cancellable, -- gpointer user_data) --{ -- UtilsSpawnData *data = (UtilsSpawnData *)user_data; -- GError *error; -- -- error = NULL; -- g_warn_if_fail (g_cancellable_set_error_if_cancelled (cancellable, &error)); -- g_simple_async_result_take_error (data->simple, error); -- g_simple_async_result_complete_in_idle (data->simple); -- g_object_unref (data->simple); --} -- --static gboolean --utils_read_child_stderr (GIOChannel *channel, -- GIOCondition condition, -- gpointer user_data) --{ -- UtilsSpawnData *data = (UtilsSpawnData *)user_data; -- gchar buf[1024]; -- gsize bytes_read; -- -- g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL); -- g_string_append_len (data->child_stderr, buf, bytes_read); -- return TRUE; --} -- --static gboolean --utils_read_child_stdout (GIOChannel *channel, -- GIOCondition condition, -- gpointer user_data) --{ -- UtilsSpawnData *data = (UtilsSpawnData *)user_data; -- gchar buf[1024]; -- gsize bytes_read; -- -- g_io_channel_read_chars (channel, buf, sizeof buf, &bytes_read, NULL); -- g_string_append_len (data->child_stdout, buf, bytes_read); -- return TRUE; --} -- --static void --utils_child_watch_cb (GPid pid, -- gint status, -- gpointer user_data) --{ -- UtilsSpawnData *data = (UtilsSpawnData *)user_data; -- gchar *buf; -- gsize buf_size; -- -- if (g_io_channel_read_to_end (data->child_stdout_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL) -- { -- g_string_append_len (data->child_stdout, buf, buf_size); -- g_free (buf); -- } -- if (g_io_channel_read_to_end (data->child_stderr_channel, &buf, &buf_size, NULL) == G_IO_STATUS_NORMAL) -- { -- g_string_append_len (data->child_stderr, buf, buf_size); -- g_free (buf); -- } -- -- data->exit_status = status; -- -- /* ok, child watch is history, make sure we don't free it in spawn_data_free() */ -- data->child_pid = 0; -- data->child_watch_source = NULL; -- -- /* we're done */ -- g_simple_async_result_complete_in_idle (data->simple); -- g_object_unref (data->simple); --} -- --static gboolean --utils_timeout_cb (gpointer user_data) --{ -- UtilsSpawnData *data = (UtilsSpawnData *)user_data; -- -- data->timed_out = TRUE; -- -- /* ok, timeout is history, make sure we don't free it in spawn_data_free() */ -- data->timeout_source = NULL; -- -- /* we're done */ -- g_simple_async_result_complete_in_idle (data->simple); -- g_object_unref (data->simple); -- -- return FALSE; /* remove source */ --} -- --static void --utils_spawn (const gchar *const *argv, -- guint timeout_seconds, -- GCancellable *cancellable, -- GAsyncReadyCallback callback, -- gpointer user_data) --{ -- UtilsSpawnData *data; -- GError *error; -- -- data = g_slice_new0 (UtilsSpawnData); -- data->timeout_seconds = timeout_seconds; -- data->simple = g_simple_async_result_new (NULL, -- callback, -- user_data, -- (gpointer*)utils_spawn); -- data->main_context = g_main_context_get_thread_default (); -- if (data->main_context != NULL) -- g_main_context_ref (data->main_context); -- -- data->cancellable = cancellable != NULL ? (GCancellable*)g_object_ref (cancellable) : NULL; -- -- data->child_stdout = g_string_new (NULL); -- data->child_stderr = g_string_new (NULL); -- data->child_stdout_fd = -1; -- data->child_stderr_fd = -1; -- -- /* the life-cycle of UtilsSpawnData is tied to its GSimpleAsyncResult */ -- g_simple_async_result_set_op_res_gpointer (data->simple, data, (GDestroyNotify) utils_spawn_data_free); -- -- error = NULL; -- if (data->cancellable != NULL) -- { -- /* could already be cancelled */ -- error = NULL; -- if (g_cancellable_set_error_if_cancelled (data->cancellable, &error)) -- { -- g_simple_async_result_take_error (data->simple, error); -- g_simple_async_result_complete_in_idle (data->simple); -- g_object_unref (data->simple); -- goto out; -- } -- -- data->cancellable_handler_id = g_cancellable_connect (data->cancellable, -- G_CALLBACK (utils_on_cancelled), -- data, -- NULL); -- } -- -- error = NULL; -- if (!g_spawn_async_with_pipes (NULL, /* working directory */ -- (gchar **) argv, -- NULL, /* envp */ -- GSpawnFlags(G_SPAWN_SEARCH_PATH | G_SPAWN_DO_NOT_REAP_CHILD), -- NULL, /* child_setup */ -- NULL, /* child_setup's user_data */ -- &(data->child_pid), -- NULL, /* gint *stdin_fd */ -- &(data->child_stdout_fd), -- &(data->child_stderr_fd), -- &error)) -- { -- g_prefix_error (&error, "Error spawning: "); -- g_simple_async_result_take_error (data->simple, error); -- g_simple_async_result_complete_in_idle (data->simple); -- g_object_unref (data->simple); -- goto out; -- } -- -- if (timeout_seconds > 0) -- { -- data->timeout_source = g_timeout_source_new_seconds (timeout_seconds); -- g_source_set_priority (data->timeout_source, G_PRIORITY_DEFAULT); -- g_source_set_callback (data->timeout_source, utils_timeout_cb, data, NULL); -- g_source_attach (data->timeout_source, data->main_context); -- g_source_unref (data->timeout_source); -- } -- -- data->child_watch_source = g_child_watch_source_new (data->child_pid); -- g_source_set_callback (data->child_watch_source, (GSourceFunc) utils_child_watch_cb, data, NULL); -- g_source_attach (data->child_watch_source, data->main_context); -- g_source_unref (data->child_watch_source); -- -- data->child_stdout_channel = g_io_channel_unix_new (data->child_stdout_fd); -- g_io_channel_set_flags (data->child_stdout_channel, G_IO_FLAG_NONBLOCK, NULL); -- data->child_stdout_source = g_io_create_watch (data->child_stdout_channel, G_IO_IN); -- g_source_set_callback (data->child_stdout_source, (GSourceFunc) utils_read_child_stdout, data, NULL); -- g_source_attach (data->child_stdout_source, data->main_context); -- g_source_unref (data->child_stdout_source); -- -- data->child_stderr_channel = g_io_channel_unix_new (data->child_stderr_fd); -- g_io_channel_set_flags (data->child_stderr_channel, G_IO_FLAG_NONBLOCK, NULL); -- data->child_stderr_source = g_io_create_watch (data->child_stderr_channel, G_IO_IN); -- g_source_set_callback (data->child_stderr_source, (GSourceFunc) utils_read_child_stderr, data, NULL); -- g_source_attach (data->child_stderr_source, data->main_context); -- g_source_unref (data->child_stderr_source); -- -- out: -- ; --} -- --gboolean --utils_spawn_finish (GAsyncResult *res, -- gint *out_exit_status, -- gchar **out_standard_output, -- gchar **out_standard_error, -- GError **error) --{ -- GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res); -- UtilsSpawnData *data; -- gboolean ret = FALSE; -- -- g_return_val_if_fail (G_IS_ASYNC_RESULT (res), FALSE); -- g_return_val_if_fail (error == NULL || *error == NULL, FALSE); -- -- g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == utils_spawn); -- -- if (g_simple_async_result_propagate_error (simple, error)) -- goto out; -- -- data = (UtilsSpawnData*)g_simple_async_result_get_op_res_gpointer (simple); -- -- if (data->timed_out) -- { -- g_set_error (error, -- G_IO_ERROR, -- G_IO_ERROR_TIMED_OUT, -- "Timed out after %d seconds", -- data->timeout_seconds); -- goto out; -- } -- -- if (out_exit_status != NULL) -- *out_exit_status = data->exit_status; -- -- if (out_standard_output != NULL) -- *out_standard_output = g_strdup (data->child_stdout->str); -- -- if (out_standard_error != NULL) -- *out_standard_error = g_strdup (data->child_stderr->str); -- -- ret = TRUE; -- -- out: -- return ret; --} -diff --git a/test/data/etc/polkit-1/rules.d/10-testing.rules b/test/data/etc/polkit-1/rules.d/10-testing.rules -index 98bf062..e346b5d 100644 ---- a/test/data/etc/polkit-1/rules.d/10-testing.rules -+++ b/test/data/etc/polkit-1/rules.d/10-testing.rules -@@ -189,8 +189,10 @@ polkit.addRule(function(action, subject) { - ; - } catch (error) { - if (error == "Terminating runaway script") -- return polkit.Result.YES; -- return polkit.Result.NO; -+ // Inverted logic to accomodate Duktape's model as well, which -+ // will always fail with negation, on timeouts -+ return polkit.Result.NO; -+ return polkit.Result.YES; - } - } - }); -diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index f97e0e0..2103b17 100644 ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -328,7 +328,7 @@ static const RulesTestCase rules_test_cases[] = { - "net.company.run_away_script", - "unix-user:root", - NULL, -- POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED, -+ POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED, - }, - - { diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch deleted file mode 100644 index 9e9755e44f..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 7799441b9aa55324160deefbc65f9d918b8c94c1 Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao -Date: Tue, 10 Aug 2021 18:52:56 +0800 -Subject: [PATCH] jsauthority: ensure to call JS_Init() and JS_ShutDown() - exactly once - -Before this commit, we were calling JS_Init() in -polkit_backend_js_authority_class_init and never called JS_ShutDown. -This is actually a misusage of SpiderMonkey API. Quote from a comment -in js/Initialization.h (both mozjs-78 and mozjs-91): - - It is currently not possible to initialize SpiderMonkey multiple - times (that is, calling JS_Init/JSAPI methods/JS_ShutDown in that - order, then doing so again). - -This misusage does not cause severe issues with mozjs-78. However, when -we eventually port jsauthority to use mozjs-91, bad thing will happen: -see the test failure mentioned in #150. - -This commit is tested with both mozjs-78 and mozjs-91, all tests pass -with it. - -Upstream-Status: Submitted [https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/91] -Signed-off-by: Alexander Kanavin ---- - src/polkitbackend/polkitbackendjsauthority.cpp | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 41d8d5c..38dc001 100644 ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -75,6 +75,13 @@ - - /* ---------------------------------------------------------------------------------------------------- */ - -+static class JsInitHelperType -+{ -+public: -+ JsInitHelperType() { JS_Init(); } -+ ~JsInitHelperType() { JS_ShutDown(); } -+} JsInitHelper; -+ - struct _PolkitBackendJsAuthorityPrivate - { - gchar **rules_dirs; -@@ -589,7 +596,6 @@ polkit_backend_js_authority_finalize (GObject *object) - delete authority->priv->js_polkit; - - JS_DestroyContext (authority->priv->cx); -- /* JS_ShutDown (); */ - - G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object); - } -@@ -665,8 +671,6 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass) - - - g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate)); -- -- JS_Init (); - } - - /* ---------------------------------------------------------------------------------------------------- */ diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch deleted file mode 100644 index 181aca16ca..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch +++ /dev/null @@ -1,253 +0,0 @@ -From a334fac72112c01cd322f7c97ef7ca21457ab52f Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" -Date: Sun, 15 May 2022 05:04:10 +0000 -Subject: [PATCH] Make netgroup support optional - -On at least Linux/musl and Linux/uclibc, netgroup support is not -available. PolKit fails to compile on these systems for that reason. - -This change makes netgroup support conditional on the presence of the -setnetgrent(3) function which is required for the support to work. If -that function is not available on the system, an error will be returned -to the administrator if unix-netgroup: is specified in configuration. - -(sam: rebased for Meson and Duktape.) - -Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 -Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163 -Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52 -Signed-off-by: A. Wilcox - -Ported back the change in configure.ac (upstream removed autotools -support). - -Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66] -Signed-off-by: Marta Rybczynska - ---- - configure.ac | 2 +- - meson.build | 1 + - src/polkit/polkitidentity.c | 17 +++++++++++++++++ - src/polkit/polkitunixnetgroup.c | 3 +++ - .../polkitbackendinteractiveauthority.c | 14 ++++++++------ - src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ - test/polkit/polkitidentitytest.c | 8 +++++++- - test/polkit/polkitunixnetgrouptest.c | 2 ++ - .../test-polkitbackendjsauthority.c | 2 ++ - 9 files changed, 43 insertions(+), 8 deletions(-) - -diff --git a/configure.ac b/configure.ac -index ca4b9f2..4c5d596 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], - [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) - AC_SUBST(EXPAT_LIBS) - --AC_CHECK_FUNCS(clearenv fdatasync) -+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) - - if test "x$GCC" = "xyes"; then - LDFLAGS="-Wl,--as-needed $LDFLAGS" -diff --git a/meson.build b/meson.build -index 733bbff..d840926 100644 ---- a/meson.build -+++ b/meson.build -@@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true) - check_functions = [ - 'clearenv', - 'fdatasync', -+ 'setnetgrent', - ] - - foreach func: check_functions -diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c -index 3aa1f7f..793f17d 100644 ---- a/src/polkit/polkitidentity.c -+++ b/src/polkit/polkitidentity.c -@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, - } - else if (g_str_has_prefix (str, "unix-netgroup:")) - { -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine ('%s')", -+ str); -+#else - identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -+#endif - } - - if (identity == NULL && (error != NULL && *error == NULL)) -@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, - GVariant *v; - const char *name; - -+#ifndef HAVE_SETNETGRENT -+ g_set_error (error, -+ POLKIT_ERROR, -+ POLKIT_ERROR_FAILED, -+ "Netgroups are not available on this machine"); -+ goto out; -+#else -+ - v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); - if (v == NULL) - { -@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, - name = g_variant_get_string (v, NULL); - ret = polkit_unix_netgroup_new (name); - g_variant_unref (v); -+#endif - } - else - { -diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c -index 8a2b369..83f8d4a 100644 ---- a/src/polkit/polkitunixnetgroup.c -+++ b/src/polkit/polkitunixnetgroup.c -@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, - PolkitIdentity * - polkit_unix_netgroup_new (const gchar *name) - { -+#ifndef HAVE_SETNETGRENT -+ g_assert_not_reached(); -+#endif - g_return_val_if_fail (name != NULL, NULL); - return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, - "name", name, -diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index 056d9a8..36c2f3d 100644 ---- a/src/polkitbackend/polkitbackendinteractiveauthority.c -+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, - GList *ret; - - ret = NULL; -+#ifdef HAVE_SETNETGRENT - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - --#ifdef HAVE_SETNETGRENT_RETURN -+# ifdef HAVE_SETNETGRENT_RETURN - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } --#else -+# else - setnetgrent (name); --#endif -+# endif /* HAVE_SETNETGRENT_RETURN */ - - for (;;) - { --#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) - const char *hostname, *username, *domainname; --#else -+# else - char *hostname, *username, *domainname; --#endif -+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ - PolkitIdentity *user; - GError *error = NULL; - -@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, - - out: - endnetgrent (); -+#endif /* HAVE_SETNETGRENT */ - return ret; - } - -diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 5027815..bcb040c 100644 ---- a/src/polkitbackend/polkitbackendjsauthority.cpp -+++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - - JS::CallArgs args = JS::CallArgsFromVp (argc, vp); - -+#ifdef HAVE_SETNETGRENT - JS::RootedString usrstr (authority->priv->cx); - usrstr = args[0].toString(); - user = JS_EncodeStringToUTF8 (cx, usrstr); -@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, - { - is_in_netgroup = true; - } -+#endif - - ret = true; - -diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c -index e91967b..2635c4c 100644 ---- a/test/polkit/polkitidentitytest.c -+++ b/test/polkit/polkitidentitytest.c -@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { - {"unix-group:root", "unix-group:jane", FALSE}, - {"unix-group:jane", "unix-group:jane", TRUE}, - -+#ifdef HAVE_SETNETGRENT - {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, - {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, -+#endif - - {"unix-user:root", "unix-group:root", FALSE}, -+#ifdef HAVE_SETNETGRENT - {"unix-user:jane", "unix-netgroup:foo", FALSE}, -+#endif - - {NULL}, - }; -@@ -181,11 +185,13 @@ main (int argc, char *argv[]) - g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); - g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); - -+#ifdef HAVE_SETNETGRENT - g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); -+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -+#endif - - g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); - g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); -- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); - - add_comparison_tests (); - -diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c -index 3701ba1..e1d211e 100644 ---- a/test/polkit/polkitunixnetgrouptest.c -+++ b/test/polkit/polkitunixnetgrouptest.c -@@ -69,7 +69,9 @@ int - main (int argc, char *argv[]) - { - g_test_init (&argc, &argv, NULL); -+#ifdef HAVE_SETNETGRENT - g_test_add_func ("/PolkitUnixNetgroup/new", test_new); - g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); -+#endif - return g_test_run (); - } -diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index f97e0e0..fc52149 100644 ---- a/test/polkitbackend/test-polkitbackendjsauthority.c -+++ b/test/polkitbackend/test-polkitbackendjsauthority.c -@@ -137,12 +137,14 @@ test_get_admin_identities (void) - "unix-group:users" - } - }, -+#ifdef HAVE_SETNETGRENT - { - "net.company.action3", - { - "unix-netgroup:foo" - } - }, -+#endif - }; - guint n; - diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch deleted file mode 100644 index 12988ad94f..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0005-Make-netgroup-support-optional-duktape.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 792f8e2151c120ec51b50a4098e4f9642409cbec Mon Sep 17 00:00:00 2001 -From: Marta Rybczynska -Date: Fri, 29 Jul 2022 11:52:59 +0200 -Subject: [PATCH] Make netgroup support optional - -This patch adds a fragment of the netgroup patch to apply on the duktape-related -code. This change is needed to compile with duktape+musl. - -Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66] -Signed-off-by: Marta Rybczynska ---- - src/polkitbackend/polkitbackendduktapeauthority.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c -index c89dbcf..58a5936 100644 ---- a/src/polkitbackend/polkitbackendduktapeauthority.c -+++ b/src/polkitbackend/polkitbackendduktapeauthority.c -@@ -1036,6 +1036,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - user = duk_require_string (cx, 0); - netgroup = duk_require_string (cx, 1); - -+#ifdef HAVE_SETNETGRENT - if (innetgr (netgroup, - NULL, /* host */ - user, -@@ -1043,6 +1044,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) - { - is_in_netgroup = TRUE; - } -+#endif - - duk_push_boolean (cx, is_in_netgroup); - return 1; diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch deleted file mode 100644 index c491abf4ac..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/polkit-1_pam.patch +++ /dev/null @@ -1,35 +0,0 @@ -polkit: No system-auth in OE-Core, we can use common-* in place of it. - -Upstream-Status:Inappropriate [configuration] - -Signed-off-by: Xiaofeng Yan - -Upstream-Status: Inappropriate [oe specific] -Rebase to 0.115 -Signed-off-by: Hongxu Jia ---- - configure.ac | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 36df239..8b3e1b1 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -471,10 +471,10 @@ elif test x$with_os_type = xfreebsd -o x$with_os_type = xnetbsd; then - PAM_FILE_INCLUDE_PASSWORD=system - PAM_FILE_INCLUDE_SESSION=system - else -- PAM_FILE_INCLUDE_AUTH=system-auth -- PAM_FILE_INCLUDE_ACCOUNT=system-auth -- PAM_FILE_INCLUDE_PASSWORD=system-auth -- PAM_FILE_INCLUDE_SESSION=system-auth -+ PAM_FILE_INCLUDE_AUTH=common-auth -+ PAM_FILE_INCLUDE_ACCOUNT=common-account -+ PAM_FILE_INCLUDE_PASSWORD=common-password -+ PAM_FILE_INCLUDE_SESSION=common-session - fi - - AC_SUBST(PAM_FILE_INCLUDE_AUTH) --- -2.7.4 - diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb deleted file mode 100644 index c4d3d25afc..0000000000 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.119.bb +++ /dev/null @@ -1,79 +0,0 @@ -SUMMARY = "PolicyKit Authorization Framework" -DESCRIPTION = "The polkit package is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes." -HOMEPAGE = "http://www.freedesktop.org/wiki/Software/polkit" -LICENSE = "LGPL-2.0-or-later" -LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb \ - file://src/polkit/polkit.h;beginline=1;endline=20;md5=0a8630b0133176d0504c87a0ded39db4" - -DEPENDS = "expat glib-2.0 intltool-native" - -inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection features_check - -REQUIRED_DISTRO_FEATURES = "polkit" - -PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \ - bb.utils.contains('DISTRO_FEATURES', 'x11', 'consolekit', '', d), d)} \ - mozjs \ - " - -PACKAGECONFIG[pam] = "--with-authfw=pam,--with-authfw=shadow,libpam,libpam" -PACKAGECONFIG[systemd] = "--enable-libsystemd-login=yes --with-systemdsystemunitdir=${systemd_unitdir}/system/,--enable-libsystemd-login=no --with-systemdsystemunitdir=,systemd" -# there is no --enable/--disable option for consolekit and it's not picked by shlibs, so add it to RDEPENDS -PACKAGECONFIG[consolekit] = ",,,consolekit" - -# Default to mozjs javascript library -PACKAGECONFIG[mozjs] = ",,mozjs-91,,,duktape" -# duktape javascript engine is much smaller and faster but is not compatible with -# same javascript standards as mozjs. For example array.includes() function is not -# supported. Test rule compatibility when switching to duktape. -PACKAGECONFIG[duktape] = "--with-duktape,,duktape,,,mozjs" - -MOZJS_PATCHES = "\ - file://0002-jsauthority-port-to-mozjs-91.patch \ - file://0003-jsauthority-ensure-to-call-JS_Init-and-JS_ShutDown-e.patch \ -" -DUKTAPE_PATCHES = "file://0003-Added-support-for-duktape-as-JS-engine.patch" -DUKTAPE_NG_PATCHES = "file://0005-Make-netgroup-support-optional-duktape.patch" -PAM_SRC_URI = "file://polkit-1_pam.patch" -SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'mozjs', '${MOZJS_PATCHES}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'duktape', '${DUKTAPE_PATCHES}', '', d)} \ - file://0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch \ - file://0002-CVE-2021-4115-GHSL-2021-077-fix.patch \ - file://0004-Make-netgroup-support-optional.patch \ - ${@bb.utils.contains('PACKAGECONFIG', 'duktape', '${DUKTAPE_NG_PATCHES}', '', d)} \ - " -SRC_URI[sha256sum] = "c8579fdb86e94295404211285fee0722ad04893f0213e571bd75c00972fd1f5c" - -EXTRA_OECONF = "--with-os-type=moblin \ - --disable-man-pages \ - --disable-libelogind \ - " - -do_configure:prepend () { - rm -f ${S}/buildutil/lt*.m4 ${S}/buildutil/libtool.m4 -} - -do_compile:prepend () { - export GIR_EXTRA_LIBS_PATH="${B}/src/polkit/.libs" -} - -PACKAGES =+ "${PN}-examples" - -FILES:${PN}:append = " \ - ${libdir}/${BPN}-1 \ - ${nonarch_libdir}/${BPN}-1 \ - ${datadir}/dbus-1 \ - ${datadir}/${BPN}-1 \ - ${datadir}/gettext \ -" - -FILES:${PN}-examples = "${bindir}/*example*" - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 --shell /bin/nologin polkitd" - -SYSTEMD_SERVICE:${PN} = "${BPN}.service" -SYSTEMD_AUTO_ENABLE = "disable" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_123.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_123.bb index 4fc23559f9..670fd995fb 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_123.bb +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_123.bb @@ -4,10 +4,10 @@ HOMEPAGE = "http://www.freedesktop.org/wiki/Software/polkit" LICENSE = "LGPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" -SRC_URI = " \ - git://gitlab.freedesktop.org/polkit/polkit.git;protocol=https;branch=master \ - file://0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch \ -" +SRC_URI = "git://gitlab.freedesktop.org/polkit/polkit.git;protocol=https;branch=master \ + file://0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch \ + file://0001-jsauthority-Bump-mozjs-to-115.patch \ + " S = "${WORKDIR}/git" SRCREV = "fc8b07e71d99f88a29258cde99b913b44da1846d" @@ -31,7 +31,7 @@ PACKAGECONFIG[systemd] = "-Dsession_tracking=libsystemd-login,-Dsession_tracking PACKAGECONFIG[consolekit] = ",,,consolekit" # Default to mozjs javascript library -PACKAGECONFIG[mozjs] = "-Djs_engine=mozjs,,mozjs-102,,,duktape" +PACKAGECONFIG[mozjs] = "-Djs_engine=mozjs,,mozjs-115,,,duktape" # duktape javascript engine is much smaller and faster but is not compatible with # same javascript standards as mozjs. For example array.includes() function is not # supported. Test rule compatibility when switching to duktape. -- cgit v1.2.3