Merge branch 'master' of ssh://vparabola/home/parabola/abslibre-pre-mips64el

Conflicts: community/abe/PKGBUILD community/account-plugins/PKGBUILD community/adesklets/PKGBUILD community/aircrack-ng/PKGBUILD community/audit/PKGBUILD community/bchunk/PKGBUILD community/bibutils/PKGBUILD community/cantata/PKGBUILD community/cdck/PKGBUILD community/cinnamon-control-center/PKGBUILD community/clusterssh/PKGBUILD community/consonance/PKGBUILD community/credentials-preferences/PKGBUILD community/dee/PKGBUILD community/dosbox/PKGBUILD community/drbd/PKGBUILD community/dvdisaster/PKGBUILD community/ekg/PKGBUILD community/ekg2/PKGBUILD community/emelfm2/PKGBUILD community/erlang/PKGBUILD community/ettercap/PKGBUILD community/evilwm/PKGBUILD community/fatrat/PKGBUILD community/fcitx-mozc/PKGBUILD community/fcrackzip/PKGBUILD community/ffmpegsource/PKGBUILD community/fssos-nsvs/PKGBUILD community/geda-gaf/PKGBUILD community/gnome-applets/PKGBUILD community/gnome-panel/PKGBUILD community/gnustep-make/PKGBUILD community/gwibber/PKGBUILD community/html2text/PKGBUILD community/intellij-idea-libs/PKGBUILD community/libcgns2/PKGBUILD community/libmatio/PKGBUILD community/librcc/PKGBUILD community/libsignon-glib/PKGBUILD community/linux-tools/PKGBUILD community/minitube/PKGBUILD community/mpdscribble/PKGBUILD community/mplayer2/PKGBUILD community/musepack-tools/PKGBUILD community/nginx/PKGBUILD community/pam_pwcheck/PKGBUILD community/portaudio/PKGBUILD community/portaudio_cpp/PKGBUILD community/prelink/PKGBUILD community/projectm/PKGBUILD community/prosody/PKGBUILD community/python-basemap/PKGBUILD community/qgit/PKGBUILD community/raptor1/PKGBUILD community/sensors-applet/PKGBUILD community/signon-keyring-extension/PKGBUILD community/signon-plugin-oauth2/PKGBUILD community/signon-ui/PKGBUILD community/sshguard/PKGBUILD community/tea/PKGBUILD community/tint2/PKGBUILD community/tremulous/PKGBUILD community/vobcopy/PKGBUILD community/windowlab/PKGBUILD community/xdelta/PKGBUILD community/xmms2/PKGBUILD community/xosd/PKGBUILD core/gdbm/PKGBUILD core/heirloom-mailx/PKGBUILD core/libffi/PKGBUILD core/procps-ng/PKGBUILD core/systemd/PKGBUILD core/tar/PKGBUILD cross/mips64el-unknown-linux-gnu-linux-libre-api-headers/PKGBUILD extra/arj/PKGBUILD extra/audacity/PKGBUILD extra/cdparanoia/PKGBUILD extra/elfutils/PKGBUILD extra/fltk/PKGBUILD extra/gnome-python-desktop/PKGBUILD extra/gstreamer/PKGBUILD extra/gtk2/PKGBUILD extra/gvfs/PKGBUILD extra/imagemagick/PKGBUILD extra/indent/PKGBUILD extra/kdepim/PKGBUILD extra/lcms/PKGBUILD extra/lesstif/PKGBUILD extra/libchewing/PKGBUILD extra/libdrm/PKGBUILD extra/libmodplug/PKGBUILD extra/libnotify/PKGBUILD extra/libsm/PKGBUILD extra/libxmu/PKGBUILD extra/libxpm/PKGBUILD extra/mariadb/PKGBUILD extra/mesa/PKGBUILD extra/mkvtoolnix/PKGBUILD extra/neon/PKGBUILD extra/ocaml/PKGBUILD extra/phonon-vlc/PKGBUILD extra/php-xcache/PKGBUILD extra/polkit/PKGBUILD extra/pycups/PKGBUILD extra/python-cairo/PKGBUILD extra/python/PKGBUILD extra/ruby/PKGBUILD extra/sqlite/PKGBUILD extra/talloc/PKGBUILD extra/thunar-archive-plugin/PKGBUILD extra/totem-plparser/PKGBUILD extra/totem/PKGBUILD extra/vinagre/PKGBUILD extra/vino/PKGBUILD extra/vlc/PKGBUILD extra/wget/PKGBUILD extra/xine-lib/PKGBUILD extra/xorg-server/PKGBUILD extra/xorg-twm/PKGBUILD extra/xorg-xclipboard/PKGBUILD extra/xorg-xclock/PKGBUILD extra/xorg-xkill/PKGBUILD extra/xorg-xlsclients/PKGBUILD extra/xorg-xman/PKGBUILD extra/xorg-xrdb/PKGBUILD extra/xpdf/PKGBUILD extra/xvidcore/PKGBUILD extra/yelp/PKGBUILD libre/audacious-plugins-libre/PKGBUILD libre/mc-libre/PKGBUILD libre/python2-reportlab-libre/PKGBUILD
author: Nicolás Reynolds <fauno@endefensadelsl.org> 2013-10-08 22:20:37 -0300
committer: Nicolás Reynolds <fauno@endefensadelsl.org> 2013-10-08 22:20:37 -0300
commit: fccf9769e2c26f577f6214ed9d0dbb30cb8c51bd (patch)
tree: cc5312eeed95e18d8e2c6009c568f3d32501bc01 /extra/rtkit
parent: 69962c022fb4ed68b9163e60183fff714308e4e3 (diff)
parent: 3a0ad5dc35d5cff379cdfc736b9cae856416fe6a (diff)
3 files changed, 73 insertions, 4 deletions
diff --git a/extra/rtkit/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch b/extra/rtkit/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
new file mode 100644
index 000000000..92e54b950
--- /dev/null
+++ b/extra/rtkit/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
@@ -0,0 +1,48 @@
+From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Thu, 22 Aug 2013 16:05:22 -0400
+Subject: [PATCH] [SECURITY] Pass uid of caller to polkit
+
+Otherwise, we force polkit to look up the uid itself in /proc, which
+is racy if they execve() a setuid binary.
+---
+ rtkit-daemon.c |   11 ++++++++++-
+ 1 files changed, 10 insertions(+), 1 deletions(-)
+
+diff --git a/rtkit-daemon.c b/rtkit-daemon.c
+index 2ebe673..3ecc1f7 100644
+--- a/rtkit-daemon.c
++++ b/rtkit-daemon.c
+@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+         DBusMessage *m = NULL, *r = NULL;
+         const char *unix_process = "unix-process";
+         const char *pid = "pid";
++        const char *uid = "uid";
+         const char *start_time = "start-time";
+         const char *cancel_id = "";
+         uint32_t flags = 0;
+         uint32_t pid_u32 = p->pid;
+-        uint64_t start_time_u64 = p->starttime;
++        uint32_t uid_u32 = (uint32_t)u->uid;
+         DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
++        uint64_t start_time_u64 = p->starttime;
+         int ret;
+         dbus_bool_t authorized = FALSE;
+ 
+@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process
+         assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
+         assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
+ 
++        assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict));
++        assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid));
++        assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant));
++        assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32));
++        assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant));
++        assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict));
++
+         assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array));
+         assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct));
+ 
+-- 
+1.7.1
+
diff --git a/extra/rtkit/PKGBUILD b/extra/rtkit/PKGBUILD
index b0aeb467b..d81cbd75b 100644
--- a/extra/rtkit/PKGBUILD
+++ b/extra/rtkit/PKGBUILD
@@ -1,10 +1,10 @@
-# $Id: PKGBUILD 185307 2013-05-13 06:17:53Z heftig $
+# $Id: PKGBUILD 195870 2013-10-02 22:42:11Z heftig $
 # Maintainer: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
 # Contributor: Corrado Primier <bardo@aur.archlinux.org>
 
 pkgname=rtkit
 pkgver=0.11
-pkgrel=2
+pkgrel=4
 pkgdesc="Realtime Policy and Watchdog Daemon"
 arch=('i686' 'x86_64' 'mips64el')
 url="http://git.0pointer.de/?p=rtkit.git"
@@ -12,13 +12,18 @@ license=(GPL 'custom:BSD')
 depends=(dbus polkit systemd)
 install=rtkit.install
 source=(http://0pointer.de/public/$pkgname-$pkgver.tar.xz
-        libsystemd.patch)
+        libsystemd.patch systemd205.patch
+        0001-SECURITY-Pass-uid-of-caller-to-polkit.patch)
 md5sums=('a96c33b9827de66033d2311f82d79a5d'
-         '35089c0a284005f4abcf45168415857e')
+         '35089c0a284005f4abcf45168415857e'
+         '95195a70551057aca833da6bdbf2e35b'
+         '70df212cba2a6366ff960b60d55858d3')
 
 prepare() {
   cd $pkgname-$pkgver
   patch -Np1 -i ../libsystemd.patch
+  patch -Np1 -i ../systemd205.patch
+  patch -Np1 -i ../0001-SECURITY-Pass-uid-of-caller-to-polkit.patch
   autoreconf -fi
 }
 
diff --git a/extra/rtkit/systemd205.patch b/extra/rtkit/systemd205.patch
new file mode 100644
index 000000000..3f17b2ddb
--- /dev/null
+++ b/extra/rtkit/systemd205.patch
@@ -0,0 +1,16 @@
+diff -u -r rtkit-0.11/rtkit-daemon.service.in rtkit-0.11-sd205/rtkit-daemon.service.in
+--- rtkit-0.11/rtkit-daemon.service.in	2012-05-15 15:25:40.000000000 +0200
++++ rtkit-0.11-sd205/rtkit-daemon.service.in	2013-07-25 10:27:37.790884664 +0200
+@@ -24,12 +24,7 @@
+ BusName=org.freedesktop.RealtimeKit1
+ NotifyAccess=main
+ CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CHROOT CAP_SETGID CAP_SETUID
+-PrivateTmp=yes
+ PrivateNetwork=yes
+ 
+-# Work around the fact that the Linux currently doesn't assign any RT
+-# budget to CPU control groups that have none configured explicitly
+-ControlGroup=cpu:/
+-
+ [Install]
+ WantedBy=graphical.target
author	Nicolás Reynolds <fauno@endefensadelsl.org>	2013-10-08 22:20:37 -0300
committer	Nicolás Reynolds <fauno@endefensadelsl.org>	2013-10-08 22:20:37 -0300
commit	fccf9769e2c26f577f6214ed9d0dbb30cb8c51bd (patch)
tree	cc5312eeed95e18d8e2c6009c568f3d32501bc01 /extra/rtkit
parent	69962c022fb4ed68b9163e60183fff714308e4e3 (diff)
parent	3a0ad5dc35d5cff379cdfc736b9cae856416fe6a (diff)