diff options
| -rwxr-xr-x | community/mathomatic/PKGBUILD | 4 | ||||
| -rw-r--r-- | community/megaglest/PKGBUILD | 16 | ||||
| -rw-r--r-- | community/openttd/PKGBUILD | 10 | ||||
| -rw-r--r-- | community/parrot/PKGBUILD | 12 | ||||
| -rw-r--r-- | community/quvi/PKGBUILD | 10 | ||||
| -rw-r--r-- | community/systemd/PKGBUILD | 8 | ||||
| -rw-r--r-- | community/systemd/systemd.install | 10 | ||||
| -rw-r--r-- | core/pacman/PKGBUILD | 8 | ||||
| -rw-r--r-- | core/pacman/pacman.conf.x86_64 | 6 | ||||
| -rw-r--r-- | extra/libplist/PKGBUILD | 24 | ||||
| -rw-r--r-- | extra/libtorrent-rasterbar/PKGBUILD | 10 | ||||
| -rw-r--r-- | extra/mirage/PKGBUILD | 18 | ||||
| -rw-r--r-- | extra/nitrogen/PKGBUILD | 21 | ||||
| -rw-r--r-- | extra/orc/PKGBUILD | 13 | ||||
| -rw-r--r-- | extra/php/PKGBUILD | 6 | ||||
| -rw-r--r-- | extra/php/apache.conf | 10 | ||||
| -rw-r--r-- | extra/sofia-sip/PKGBUILD | 20 | ||||
| -rw-r--r-- | extra/wxpython/PKGBUILD | 16 | ||||
| -rw-r--r-- | extra/xfce4-xkb-plugin/PKGBUILD | 21 | ||||
| -rw-r--r-- | testing/nilfs-utils/PKGBUILD | 26 | ||||
| -rw-r--r-- | testing/polkit/CVE-2011-1485.patch | 908 | ||||
| -rw-r--r-- | testing/polkit/PKGBUILD | 7 |
22 files changed, 1056 insertions, 128 deletions
diff --git a/community/mathomatic/PKGBUILD b/community/mathomatic/PKGBUILD index 4754e0cb7..159de13ba 100755 --- a/community/mathomatic/PKGBUILD +++ b/community/mathomatic/PKGBUILD @@ -3,7 +3,7 @@ # Maintainer: Thorsten Töpper <atsutane-tu@freethoughts.de> pkgname=mathomatic -pkgver=15.5.2 +pkgver=15.5.3 pkgrel=1 pkgdesc="General purpose Computer Algebra System written in C" arch=('i686' 'x86_64') @@ -15,7 +15,7 @@ optdepends=('python2: for running /usr/share/doc/mathomatic/factorial/factorial' 'bash: for running a test script' 'gnuplot: for plotting') source=(http://mathomatic.org/$pkgname-$pkgver.tar.bz2) -md5sums=('c86a4bfb71497b34f24a3fa2141b2911') +md5sums=('661efbc2482acb343db521ea69a4a088') build() { cd "$srcdir"/$pkgname-$pkgver diff --git a/community/megaglest/PKGBUILD b/community/megaglest/PKGBUILD index abc4db3b9..1a8ecd1da 100644 --- a/community/megaglest/PKGBUILD +++ b/community/megaglest/PKGBUILD @@ -1,23 +1,23 @@ -# $Id: PKGBUILD 38887 2011-02-02 21:51:51Z svenstaro $ +# $Id: PKGBUILD 45343 2011-04-20 13:49:48Z svenstaro $ # Maintainer: Sven-Hendrik Haase <sh@lutzhaase.com> # Contributor: Larry Hajali <larryhaja [at] gmail [dot] com> pkgname=megaglest -pkgver=3.4.0 +pkgver=3.5.0 pkgrel=1 pkgdesc="Fork of Glest, a 3D real-time strategy game in a fantastic world." arch=('i686' 'x86_64') url="http://sourceforge.net/projects/megaglest/" license=('GPL2') -depends=('curl' 'megaglest-data' 'xerces-c' 'sdl' 'libvorbis' 'openal' 'mesa' 'lua') +depends=('curl' 'megaglest-data' 'xerces-c' 'sdl' 'libvorbis' 'openal' 'mesa' 'lua' 'icu') makedepends=('ftjam' 'p7zip' 'wxgtk' 'cmake') source=("http://downloads.sourceforge.net/project/${pkgname}/current_release/${pkgname}-source-${pkgver}.tar.bz2" "http://downloads.sourceforge.net/project/${pkgname}/current_release/megaglest-data-${pkgver}.7z" "megaglest.png" "megaglest.desktop" "megaglest.sh") -md5sums=('904846c60369f7898c7f83d506624d5a' - 'e46270881f1949e0876f4c39ecbf0a05' +md5sums=('5c84966ee6657274eeb5a28ce8b702c0' + '4405134d91d8303e9485de42ffc53e09' '5622ce716033d9afb62a3291b47844ed' '97dc7ea865efbea5daaf300207dad518' 'e3d6abbe79263d2fa5edb0bcbcf8755a') @@ -43,9 +43,9 @@ package() { # Damnit, upstream. install -d -m 0755 "${pkgdir}"/usr/{bin,share/${pkgname}} install -m 0755 "${srcdir}"/$pkgname.sh "${pkgdir}"/usr/bin/$pkgname - install -m 0755 mk/linux/glest.bin "${pkgdir}"/usr/share/${pkgname}/$pkgname - install -m 0755 mk/linux/glest_configurator "${pkgdir}"/usr/bin/glest_configurator - install -m 0755 mk/linux/glest_editor "${pkgdir}"/usr/bin/glest_editor + install -m 0755 mk/linux/megaglest.bin "${pkgdir}"/usr/share/${pkgname}/$pkgname + install -m 0755 mk/linux/megaglest_configurator "${pkgdir}"/usr/bin/megaglest_configurator + install -m 0755 mk/linux/megaglest_editor "${pkgdir}"/usr/bin/megaglest_editor install -m 0644 glest.ini glestkeys.ini servers.ini "${pkgdir}"/usr/share/$pkgname install -D -m 0644 "${srcdir}"/${pkgname}.desktop "${pkgdir}"/usr/share/applications/${pkgname}.desktop diff --git a/community/openttd/PKGBUILD b/community/openttd/PKGBUILD index 8b6dcff05..83efb989a 100644 --- a/community/openttd/PKGBUILD +++ b/community/openttd/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 34331 2010-12-06 11:18:09Z lcarlier $ +# $Id: PKGBUILD 45321 2011-04-20 07:05:05Z jelle $ # Maintainer: Vesa Kaihlavirta <vegai@iki.fi> pkgname=openttd -pkgver=1.0.5 -pkgrel=3 +pkgver=1.1.0 +pkgrel=1 pkgdesc='An engine for running Transport Tycoon Deluxe.' arch=('i686' 'x86_64') url='http://www.openttd.org' @@ -12,8 +12,8 @@ depends=('libpng' 'sdl' 'icu' 'fontconfig' 'lzo2' 'hicolor-icon-theme' 'desktop- install=openttd.install optdepends=('openttd-opengfx: free graphics' 'openttd-opensfx: free soundset') -source=("http://binaries.openttd.org/releases/${pkgver}/${pkgname}-${pkgver}-source.tar.bz2") -md5sums=('fc79f788e2be140948b972c32b0f1eec') +source=("http://binaries.openttd.org/releases/${pkgver}/${pkgname}-${pkgver}-source.tar.xz") +md5sums=('b5b1f2ecc7327505e360047236b09d06') build() { cd ${pkgname}-${pkgver} diff --git a/community/parrot/PKGBUILD b/community/parrot/PKGBUILD index 857f028d9..c4163c4c8 100644 --- a/community/parrot/PKGBUILD +++ b/community/parrot/PKGBUILD @@ -1,22 +1,22 @@ -# $Id: PKGBUILD 43054 2011-03-23 21:46:21Z spupykin $ +# $Id: PKGBUILD 45351 2011-04-20 15:07:06Z spupykin $ # Maintainer: Sergej Pupykin <pupykin.s+arch@gmail.com> # Contributer: mpie <michael.kyne-phillips1@ntlworld.com> pkgname=parrot -pkgver=3.2.0 -_rel=devel -#_rel=stable +pkgver=3.3.0 +#_rel=devel +_rel=stable pkgrel=1 pkgdesc="standalone virtual machine that can be used to execute bytecode compiled dynamic languages" arch=(i686 x86_64) url="http://www.parrotcode.org/" license=('GPL') -depends=('gmp' 'gdbm' 'readline' 'icu' 'openssl') +depends=('gmp' 'gdbm' 'readline' 'icu' 'openssl' 'libffi') makedepends=('perl-json') optdepends=('freeglut') options=(!emptydirs !makeflags) source=(ftp://ftp.parrot.org/pub/parrot/releases/${_rel}/$pkgver/parrot-$pkgver.tar.gz) -md5sums=('380c237404c513cd83f02d62dbacca03') +md5sums=('335d50fbef245bfe6d0bb277e224c728') build() { cd $srcdir/$pkgname-$pkgver diff --git a/community/quvi/PKGBUILD b/community/quvi/PKGBUILD index 0db615d35..7a4c6beee 100644 --- a/community/quvi/PKGBUILD +++ b/community/quvi/PKGBUILD @@ -1,18 +1,18 @@ -# $Id: PKGBUILD 43700 2011-03-29 09:36:38Z lfleischer $ +# $Id: PKGBUILD 45360 2011-04-20 15:12:08Z lfleischer $ # Maintainer: Lukas Fleischer <archlinux at cryptocrack dot de> # Contributor: joyfulgirl@archlinux.us pkgname=quvi -pkgver=0.2.14 +pkgver=0.2.15 pkgrel=1 pkgdesc='Command-line tool for parsing video download links.' arch=('i686' 'x86_64') -url='http://quvi.googlecode.com/' +url='http://quvi.sourceforge.net/' license=('LGPL') depends=('curl' 'pcre' 'lua') options=('!libtool') -source=("http://${pkgname}.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2") -md5sums=('9958319e82232dea781526198b98985e') +source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz") +md5sums=('7cda6c6593c1281e89d91de3b0bed284') build() { cd "${pkgname}-${pkgver}" diff --git a/community/systemd/PKGBUILD b/community/systemd/PKGBUILD index ff51c553d..af8b9b4a8 100644 --- a/community/systemd/PKGBUILD +++ b/community/systemd/PKGBUILD @@ -1,8 +1,8 @@ -# $Id: PKGBUILD 44387 2011-04-06 23:47:15Z dreisner $ +# $Id: PKGBUILD 45374 2011-04-21 02:36:08Z dreisner $ # Maintainer: Dave Reisner <d@falconindy.com> pkgname=systemd -pkgver=24 +pkgver=25 pkgrel=1 pkgdesc="Session and Startup manager" arch=('i686' 'x86_64') @@ -25,14 +25,14 @@ backup=(etc/systemd/system.conf install=systemd.install source=("http://www.freedesktop.org/software/$pkgname/$pkgname-$pkgver.tar.bz2" "os-release") -md5sums=('4a6b7d99f35bdae21d7f9b698792b8d3' +md5sums=('11c64b4af8ba863d650b6a7339610fc2' 'f9922299150b4adda7b89e10bca33033') build() { cd "$srcdir/$pkgname-$pkgver" ./configure --prefix=/usr \ - --with-rootdir=/ \ + --with-rootdir= \ --sysconfdir=/etc \ --libexecdir=/usr/lib \ --localstatedir=/var \ diff --git a/community/systemd/systemd.install b/community/systemd/systemd.install index 259d09b9e..0c75c4b27 100644 --- a/community/systemd/systemd.install +++ b/community/systemd/systemd.install @@ -1,14 +1,7 @@ -#!/bin/sh +#!/bin/bash checkgroups() { getent group lock >/dev/null || groupadd -g 54 lock - - utmpent=$(getent group utmp) - if [ -z $utmpent ]; then - getent group utmp >/dev/null || groupadd -g 32 utmp - elif [ $(echo $utmpent | cut -d: -f3) = '22' ]; then - groupmod -g 32 utmp - fi } post_install() { @@ -44,7 +37,6 @@ pre_remove() { post_remove() { getent group lock >/dev/null && groupdel lock - getent group utmp >/dev/null && groupdel utmp } # vim:set ts=2 sw=2 et: diff --git a/core/pacman/PKGBUILD b/core/pacman/PKGBUILD index d8513e4e6..6edea83d1 100644 --- a/core/pacman/PKGBUILD +++ b/core/pacman/PKGBUILD @@ -1,8 +1,8 @@ -# $Id: PKGBUILD 116411 2011-03-23 16:23:20Z dan $ +# $Id: PKGBUILD 120035 2011-04-18 16:49:22Z dan $ # Maintainer: Dan McGee <dan@archlinux.org> pkgname=pacman -pkgver=3.5.1 +pkgver=3.5.2 pkgrel=1 pkgdesc="A library-based package manager with dependency support" arch=('i686' 'x86_64') @@ -19,9 +19,9 @@ source=(ftp://ftp.archlinux.org/other/pacman/$pkgname-$pkgver.tar.gz pacman.conf pacman.conf.x86_64 makepkg.conf) -md5sums=('6e609a6cf0af2a49a0f8b35fc2459131' +md5sums=('b4f1fdbc17100923071ebe8fe9377be5' 'e99eb721b6b704f68c5f47468507c102' - '28e6a1f97ed3c47a3961ad00d2a43822' + 'f8b939d9b2beb79a0436961a2d707d7c' 'a8684989d3dfad5a6e1bcf95af3e571b') # keep an upgrade path for older installations diff --git a/core/pacman/pacman.conf.x86_64 b/core/pacman/pacman.conf.x86_64 index a5bb2db61..6f0423647 100644 --- a/core/pacman/pacman.conf.x86_64 +++ b/core/pacman/pacman.conf.x86_64 @@ -74,7 +74,11 @@ Include = /etc/pacman.d/mirrorlist Include = /etc/pacman.d/mirrorlist # If you want to run 32 bit applications on your x86_64 system, -# enable the multilib repository here. +# enable the multilib repositories as required here. + +#[multilib-testing] +#Include = /etc/pacman.d/mirrorlist + #[multilib] #Include = /etc/pacman.d/mirrorlist diff --git a/extra/libplist/PKGBUILD b/extra/libplist/PKGBUILD index 2a82efc5d..0121e951c 100644 --- a/extra/libplist/PKGBUILD +++ b/extra/libplist/PKGBUILD @@ -1,36 +1,30 @@ -# $Id: PKGBUILD 89629 2010-09-02 17:11:43Z remy $ +# $Id: PKGBUILD 120143 2011-04-20 11:59:42Z ibiru $ # Maintainer : Ionut Biru <ibiru@archlinux.org> # Contributor: Gabriel Martinez < reitaka at gmail dot com > pkgname=libplist -pkgver=1.3 -pkgrel=2 +pkgver=1.4 +pkgrel=1 pkgdesc="A library to handle Apple Property List format whereas it's binary or XML" url="http://libimobiledevice.org/" arch=('i686' 'x86_64') license=('GPL2' 'LGPL2.1') -depends=('glib2>=2.24.1' 'libxml2>=2.7.7') -makedepends=('cmake' 'swig' 'python2') -source=(http://cloud.github.com/downloads/JonathanBeck/${pkgname}/${pkgname}-${pkgver}.tar.bz2) -sha256sums=('982c8aac59cdc3fafc925a407a29b6cf367c5ec9bad6ad509fe5ea25d3e5b6b0') +depends=('glib2' 'libxml2' 'python2') +makedepends=('cmake' 'swig') +source=(http://www.libimobiledevice.org/downloads/${pkgname}-${pkgver}.tar.bz2) +sha256sums=('2ad226abe1131a72e7ecbb2b921ad92f54b8e787c2281c89b00145b519479a71') build() { - # CMake is not patched yet - cd "${srcdir}/${pkgname}-${pkgver}/cmake/modules" - cp /usr/share/cmake-2.8/Modules/FindPython*.cmake . - sed -i -e 's#2.6#2.7 2.6#' FindPythonLibs.cmake - sed -i -e 's#python2.6#python2.7 python2.6#' FindPythonInterp.cmake - cd "${srcdir}" mkdir build cd build cmake ../"${pkgname}-${pkgver}" \ -DCMAKE_SKIP_RPATH=ON \ -DCMAKE_INSTALL_PREFIX:PATH=/usr - make || return 1 + make } package() { cd "${srcdir}"/build - make DESTDIR="${pkgdir}" install || return 1 + make DESTDIR="${pkgdir}" install } diff --git a/extra/libtorrent-rasterbar/PKGBUILD b/extra/libtorrent-rasterbar/PKGBUILD index 2918856be..44968f451 100644 --- a/extra/libtorrent-rasterbar/PKGBUILD +++ b/extra/libtorrent-rasterbar/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 111968 2011-03-02 18:24:01Z ibiru $ +# $Id: PKGBUILD 120130 2011-04-20 11:35:26Z ibiru $ # Maintainer : Ionut Biru <ibiru@archlinux.org> # Contributor: Hugo Doria <hugo@archlinux.org> pkgname=libtorrent-rasterbar -pkgver=0.15.5 -pkgrel=2 +pkgver=0.15.6 +pkgrel=1 pkgdesc="A C++ library that aims to be a good alternative to all the other bittorrent implementations around" url="http://www.rasterbar.com/products/libtorrent/" arch=('i686' 'x86_64') @@ -12,12 +12,10 @@ license=('custom') depends=('boost-libs' 'python2') makedepends=('boost') source=(http://libtorrent.googlecode.com/files/${pkgname}-${pkgver}.tar.gz) -md5sums=('f1504a619e876c2731ee9a6b7d19cb1d') +sha1sums=('e6f33b139933ec245e8850558efe52e88081fc6d') build() { cd "${srcdir}/${pkgname}-${pkgver}" - export CFLAGS="${CFLAGS} -DBOOST_FILESYSTEM_VERSION=2" - export CXXFLAGS="${CXXFLAGS} -DBOOST_FILESYSTEM_VERSION=2" ./configure --prefix=/usr --enable-python-binding make } diff --git a/extra/mirage/PKGBUILD b/extra/mirage/PKGBUILD index d13d8ddd5..c63d6eddc 100644 --- a/extra/mirage/PKGBUILD +++ b/extra/mirage/PKGBUILD @@ -1,20 +1,24 @@ -# $Id: PKGBUILD 89709 2010-09-03 11:45:48Z remy $ +# $Id: PKGBUILD 120115 2011-04-20 11:08:02Z ibiru $ # Maintainer : Ionut Biru <ibiru@archlinux.org> # Contributor: James Rayner <james@archlinux.org> # Contributor: Scott Horowitz <stonecrest@gmail.com> pkgname=mirage -pkgver=0.9.5.1 -pkgrel=2 +pkgver=0.9.5.2 +pkgrel=1 pkgdesc="A simple GTK+ Image Viewer" url="http://mirageiv.berlios.de" license=("GPL") -depends=('pygtk>=2.17.0' 'desktop-file-utils') +depends=('pygtk' 'desktop-file-utils') arch=('i686' 'x86_64') source=(http://download.berlios.de/mirageiv/${pkgname}-${pkgver}.tar.gz) install=$pkgname.install -md5sums=('8b74db43ca6c81e3326d70c81df4bc56') +md5sums=('dace5cf01e5e53317ba8be0f8a74f4bf') build() { - cd "${srcdir}/${pkgname}-${pkgver}" - python2 setup.py install --root="${pkgdir}" + cd "${srcdir}/${pkgname}-${pkgver}" + python2 setup.py build +} +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + python2 setup.py install --root="${pkgdir}" } diff --git a/extra/nitrogen/PKGBUILD b/extra/nitrogen/PKGBUILD index b9c902a12..3a3ddac95 100644 --- a/extra/nitrogen/PKGBUILD +++ b/extra/nitrogen/PKGBUILD @@ -1,24 +1,27 @@ -# $Id: PKGBUILD 67236 2010-02-05 22:06:57Z ibiru $ +# $Id: PKGBUILD 120125 2011-04-20 11:21:45Z ibiru $ # Maintainer: James Rayner <james@archlinux.org> # Maintainer: Alexander Fehr <pizzapunk gmail com> # Contributor: Sebastian Sareyko <public@nooms.de> pkgname=nitrogen -pkgver=1.5.1 +pkgver=1.5.2 pkgrel=1 pkgdesc="Background browser and setter for X windows" arch=('i686' 'x86_64') url="http://projects.l3ib.org/nitrogen/" license=('GPL') -depends=('gtkmm' 'hicolor-icon-theme' 'librsvg>=2.26') +depends=('gtkmm' 'hicolor-icon-theme' 'librsvg') install=nitrogen.install -source=(http://projects.l3ib.org/nitrogen/files/nitrogen-$pkgver.tar.gz) -md5sums=('e683d7c10c17bd18eb9fd78c87c4e08c') +source=(http://projects.l3ib.org/nitrogen/files/${pkgname}-${pkgver}.tar.gz) +md5sums=('dd779a252a222eb9d329d74b809cfe73') build() { - cd "$srcdir/$pkgname-$pkgver" + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure --prefix=/usr + make +} - ./configure --prefix=/usr || return 1 - make || return 1 - make DESTDIR="$pkgdir" install || return 1 +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install } diff --git a/extra/orc/PKGBUILD b/extra/orc/PKGBUILD index 5e1fc92ce..3c0ad40d6 100644 --- a/extra/orc/PKGBUILD +++ b/extra/orc/PKGBUILD @@ -1,7 +1,7 @@ -# $Id: PKGBUILD 98440 2010-11-08 23:53:36Z ibiru $ +# $Id: PKGBUILD 120120 2011-04-20 11:12:16Z ibiru $ # Maintainer: Ionut Biru <ibiru@archlinux.org> pkgname=orc -pkgver=0.4.11 +pkgver=0.4.13 pkgrel=1 pkgdesc="The Oild Runtime Compiler" arch=('i686' 'x86_64') @@ -10,14 +10,15 @@ url="http://code.entropywave.com/projects/orc/" depends=('glibc') options=('!libtool') source=(http://code.entropywave.com/download/${pkgname}/${pkgname}-${pkgver}.tar.gz) -md5sums=('b8b0b148d319422c3ad250c29483b3c4') +md5sums=('f6d0aed003f67c91933c22d9e5f1696a') build () { cd "${srcdir}/${pkgname}-${pkgver}" - - ./configure --prefix=/usr \ - --disable-static + ./configure --prefix=/usr --disable-static make +} +package() { + cd "${srcdir}/${pkgname}-${pkgver}" make DESTDIR=${pkgdir} install install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" } diff --git a/extra/php/PKGBUILD b/extra/php/PKGBUILD index ee8e0a17c..d8daf9053 100644 --- a/extra/php/PKGBUILD +++ b/extra/php/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 118966 2011-04-09 20:51:34Z pierre $ +# $Id: PKGBUILD 120015 2011-04-18 10:42:15Z pierre $ # Maintainer: Pierre Schmitz <pierre@archlinux.de> pkgbase=php @@ -24,7 +24,7 @@ pkgname=('php' 'php-tidy' 'php-xsl') pkgver=5.3.6 -pkgrel=2 +pkgrel=3 _suhosinver=${pkgver}-0.9.10 arch=('i686' 'x86_64') license=('PHP') @@ -40,7 +40,7 @@ source=("http://www.php.net/distributions/${pkgbase}-${pkgver}.tar.bz2" md5sums=('2286f5a82a6e8397955a0025c1c2ad98' 'fff1a38877142f3ae6036dbe5a85d0a6' '39eaa70d276fc3d45d6bcf6cd5ae1106' - '96ca078be6729b665be8a865535a97bf' + 'dec2cbaad64e3abf4f0ec70e1de4e8e9' 'b01be5f816988fcee7e78225836e5e27' 'd50ff349da08110a7cc8c691ce2d0423' '07c4e412909ac65a44ec90e7a2c4bade') diff --git a/extra/php/apache.conf b/extra/php/apache.conf index 86344c803..c3ca0aad5 100644 --- a/extra/php/apache.conf +++ b/extra/php/apache.conf @@ -3,7 +3,11 @@ <IfModule dir_module> <IfModule php5_module> DirectoryIndex index.php index.html - AddHandler application/x-httpd-php .php - AddHandler application/x-httpd-php-source .phps + <FilesMatch "\.php$"> + SetHandler application/x-httpd-php + </FilesMatch> + <FilesMatch "\.phps$"> + SetHandler application/x-httpd-php-source + </FilesMatch> </IfModule> -</IfModule>
\ No newline at end of file +</IfModule> diff --git a/extra/sofia-sip/PKGBUILD b/extra/sofia-sip/PKGBUILD index 244979be8..74e54b92a 100644 --- a/extra/sofia-sip/PKGBUILD +++ b/extra/sofia-sip/PKGBUILD @@ -1,21 +1,25 @@ -# $Id: PKGBUILD 75544 2010-04-01 19:17:05Z ibiru $ +# $Id: PKGBUILD 120138 2011-04-20 11:51:10Z ibiru $ # Maintainer : Ionut Biru <ibiru@archlinux.org> # Contributor: Bjorn Lindeijer <bjorn lindeijer nl> pkgname=sofia-sip -pkgver=1.12.10 -pkgrel=2 +pkgver=1.12.11 +pkgrel=1 pkgdesc="An open-source SIP User-Agent library" arch=('i686' 'x86_64') url="http://sofia-sip.sourceforge.net" options=('!libtool' 'zipman') license=('LGPL') depends=('glib2' 'openssl') -source=(http://downloads.sourceforge.net/sofia-sip/$pkgname-$pkgver.tar.gz) -md5sums=('9e07fde3ad2009e44d1100ca3950d02b') +source=(http://downloads.sourceforge.net/sofia-sip/${pkgname}-${pkgver}.tar.gz) +md5sums=('f3582c62080eeecd3fa4cd5d4ccb4225') build() { - cd "$srcdir/$pkgname-$pkgver" + cd "${srcdir}/${pkgname}-${pkgver}" ./configure --prefix=/usr --with-openssl - make || return 1 - make DESTDIR="$pkgdir" install + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install } diff --git a/extra/wxpython/PKGBUILD b/extra/wxpython/PKGBUILD index be600b600..ccb46efba 100644 --- a/extra/wxpython/PKGBUILD +++ b/extra/wxpython/PKGBUILD @@ -1,25 +1,21 @@ -# $Id: PKGBUILD 119109 2011-04-10 23:04:52Z eric $ +# $Id: PKGBUILD 120105 2011-04-20 04:06:15Z eric $ # Maintainer: Eric Bélanger <eric@archlinux.org> -# Contributor: Andrew Wright <andreww@photism.org> pkgname=wxpython -pkgver=2.8.11.0 -pkgrel=3 +pkgver=2.8.12.0 +pkgrel=1 pkgdesc="A wxWidgets GUI toolkit for Python" arch=('i686' 'x86_64') license=('custom:wxWindows') url="http://www.wxpython.org" depends=('wxgtk' 'python2') makedepends=('mesa') -source=(http://downloads.sourceforge.net/wxpython/wxPython-src-${pkgver}.tar.bz2 editra-aui.diff) -md5sums=('63f73aae49e530852db56a31b57529fa' - '06c637c34c1570d8c82b870ce19c0622') -sha1sums=('18982edc236a1d87e4eef018928358c925aa5b17' - '077fe341bf8822647934d6b1ea82ce9b0adbf93a') +source=(http://downloads.sourceforge.net/wxpython/wxPython-src-${pkgver}.tar.bz2) +md5sums=('402e0b81e06f596d849e221a7a76acc6') +sha1sums=('f9ce806dcb5517beb6e3d2ee0ecbf8e569b7f8e4') build() { cd "${srcdir}/wxPython-src-${pkgver}" - patch -p1 < ../editra-aui.diff ./configure --prefix=/usr --libdir=/usr/lib --with-gtk=2 --with-opengl --enable-unicode \ --enable-graphics_ctx --with-gnomeprint --disable-optimize --enable-mediactrl \ --with-libpng=sys --with-libxpm=sys --with-libjpeg=sys --with-libtiff=sys diff --git a/extra/xfce4-xkb-plugin/PKGBUILD b/extra/xfce4-xkb-plugin/PKGBUILD index 2cabd66df..98f79e4db 100644 --- a/extra/xfce4-xkb-plugin/PKGBUILD +++ b/extra/xfce4-xkb-plugin/PKGBUILD @@ -1,32 +1,23 @@ -# $Id: PKGBUILD 107269 2011-01-22 22:04:45Z andyrtr $ +# $Id: PKGBUILD 120152 2011-04-20 16:40:20Z andyrtr $ # Maintainer: AndyRTR <andyrtr@archlinux.org> # Contributor: Tobias Kieslich <tobias (at) archlinux.org> pkgname=xfce4-xkb-plugin -pkgver=0.5.3.3 -pkgrel=4 +pkgver=0.5.4.0 +pkgrel=1 pkgdesc="plugin to switch keyboard layouts for the Xfce4 panel" arch=(i686 x86_64) license=('custom') url="http://goodies.xfce.org/projects/panel-plugins/xfce4-xkb-plugin" groups=('xfce4-goodies') -depends=('xfce4-panel' 'libxfcegui4' 'libxklavier>=5.0' 'librsvg') +depends=('xfce4-panel' 'libxklavier>=5.0' 'librsvg') makedepends=('intltool') options=('!libtool') -source=(http://archive.xfce.org/src/panel-plugins/${pkgname}/0.5/${pkgname}-${pkgver}.tar.gz - xfce4-xkb-plugin-0.5.3.3-libxklavier.patch - crashfix.diff) -md5sums=('b233cc9de1cbace075eaf6e2c9a8e685' - '781165ce1bc08059ae8e846c45c0bab2' - '4faeaaea7d294cbad2972af964508086') +source=(http://archive.xfce.org/src/panel-plugins/${pkgname}/0.5/${pkgname}-${pkgver}.tar.bz2) +md5sums=('3ea1efe366367af660e6e1d24a240b5f') build() { cd ${srcdir}/${pkgname}-${pkgver} - patch -Np1 -i "${srcdir}/xfce4-xkb-plugin-0.5.3.3-libxklavier.patch" - - # https://bugs.archlinux.org/task/21067 - http://bugzilla.xfce.org/show_bug.cgi?id=6477 - patch -Np1 -i ${srcdir}/crashfix.diff - ./configure --prefix=/usr \ --sysconfdir=/etc \ --libexecdir=/usr/lib \ diff --git a/testing/nilfs-utils/PKGBUILD b/testing/nilfs-utils/PKGBUILD new file mode 100644 index 000000000..1e4ff27e1 --- /dev/null +++ b/testing/nilfs-utils/PKGBUILD @@ -0,0 +1,26 @@ +# $Id: PKGBUILD 120135 2011-04-20 11:43:51Z ibiru $ +# Maintainer : Ionut Biru <ibiru@archlinux.org> +# Contributor: Geoffroy Carrier <geoffroy.carrier@koon.fr> +pkgname=nilfs-utils +pkgver=2.0.22 +pkgrel=1 +pkgdesc="A log-structured file system supporting continuous snapshotting (userspace utils)" +arch=('i686' 'x86_64') +url="http://www.nilfs.org/" +license=('GPL2' 'LGPL2.1') +backup=('etc/nilfs_cleanerd.conf') +depends=('util-linux-ng') +options=(!libtool) +source=(http://www.nilfs.org/download/${pkgname}-${pkgver}.tar.bz2) +md5sums=('d7650e53fbd4a73ef56e07a354fdd2b0') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure --libdir=/lib + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install LDCONFIG=/bin/true +} diff --git a/testing/polkit/CVE-2011-1485.patch b/testing/polkit/CVE-2011-1485.patch new file mode 100644 index 000000000..f7054a63a --- /dev/null +++ b/testing/polkit/CVE-2011-1485.patch @@ -0,0 +1,908 @@ +From dd848a42a64a3b22a0cc60f6657b56ce9b6010ae Mon Sep 17 00:00:00 2001 +From: David Zeuthen <davidz@redhat.com> +Date: Thu, 31 Mar 2011 16:59:09 +0000 +Subject: PolkitUnixProcess: Clarify that the real uid is returned, not the effective one + +On Linux, also switch to parsing /proc/<pid>/status instead of relying +on the st_uid returned by stat(2) to be the uid we want. + +This was pointed out by Neel Mehta <nmehta@google.com>. Thanks! + +Signed-off-by: David Zeuthen <davidz@redhat.com> +--- +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index d95a1d4..876da69 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -24,9 +24,7 @@ + #endif + + #include <sys/types.h> +-#ifndef HAVE_FREEBSD +-#include <sys/stat.h> +-#else ++#ifdef HAVE_FREEBSD + #include <sys/param.h> + #include <sys/sysctl.h> + #include <sys/user.h> +@@ -34,6 +32,7 @@ + #include <stdlib.h> + #include <string.h> + #include <errno.h> ++#include <stdio.h> + + #include "polkitunixprocess.h" + #include "polkitsubject.h" +@@ -208,6 +207,8 @@ polkit_unix_process_get_pid (PolkitUnixProcess *process) + * + * Gets the uid of the owner of @process. + * ++ * Note that this returns the real user-id (not the effective user-id) of @process. ++ * + * Returns: The UNIX user id of the owner for @process or 0 if @error is set. + **/ + gint +@@ -215,17 +216,21 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error) + { + gint result; ++ gchar *contents; ++ gchar **lines; + #ifdef HAVE_FREEBSD + struct kinfo_proc p; + #else +- struct stat statbuf; +- char procbuf[32]; ++ gchar filename[64]; ++ guint n; + #endif + + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); + g_return_val_if_fail (error == NULL || *error == NULL, 0); + + result = 0; ++ lines = NULL; ++ contents = NULL; + + #ifdef HAVE_FREEBSD + if (get_kinfo_proc (process->pid, &p) == 0) +@@ -241,23 +246,52 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process, + + result = p.ki_uid; + #else +- g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid); +- if (stat (procbuf, &statbuf) != 0) ++ ++ /* see 'man proc' for layout of the status file ++ * ++ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs). ++ */ ++ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid); ++ if (!g_file_get_contents (filename, ++ &contents, ++ NULL, ++ error)) + { +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "stat() failed for /proc/%d: %s", +- process->pid, +- g_strerror (errno)); + goto out; + } ++ lines = g_strsplit (contents, "\n", -1); ++ for (n = 0; lines != NULL && lines[n] != NULL; n++) ++ { ++ gint real_uid, effective_uid; ++ if (!g_str_has_prefix (lines[n], "Uid:")) ++ continue; ++ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2) ++ { ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Unexpected line `%s' in file %s", ++ lines[n], ++ filename); ++ goto out; ++ } ++ else ++ { ++ result = real_uid; ++ goto out; ++ } ++ } + +- result = statbuf.st_uid; ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Didn't find any line starting with `Uid:' in file %s", ++ filename); + #endif + +- out: +- ++out: ++ g_strfreev (lines); ++ g_free (contents); + return result; + } + +-- +cgit v0.8.3-6-g21f6 +From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001 +From: David Zeuthen <davidz@redhat.com> +Date: Fri, 01 Apr 2011 16:09:45 +0000 +Subject: Make PolkitUnixProcess also record the uid of the process + +This is needed to avoid possible TOCTTOU issues since a process can +change both its real uid and effective uid. + +Signed-off-by: David Zeuthen <davidz@redhat.com> +--- +diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt +index 12141e3..9f4fcf8 100644 +--- a/docs/polkit/polkit-1-sections.txt ++++ b/docs/polkit/polkit-1-sections.txt +@@ -145,10 +145,13 @@ POLKIT_UNIX_SESSION_GET_CLASS + PolkitUnixProcess + polkit_unix_process_new + polkit_unix_process_new_full ++polkit_unix_process_new_for_owner ++polkit_unix_process_set_pid + polkit_unix_process_get_pid ++polkit_unix_process_set_start_time + polkit_unix_process_get_start_time +-polkit_unix_process_set_pid +-polkit_unix_process_get_owner ++polkit_unix_process_set_uid ++polkit_unix_process_get_uid + <SUBSECTION Standard> + PolkitUnixProcessClass + POLKIT_UNIX_PROCESS +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index 577afec..d2c4c20 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -238,13 +238,18 @@ polkit_subject_from_string (const gchar *str, + { + gint scanned_pid; + guint64 scanned_starttime; +- if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) ++ gint scanned_uid; ++ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3) ++ { ++ subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid); ++ } ++ else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) + { + subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime); + } + else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1) + { +- subject = polkit_unix_process_new_full (scanned_pid, 0); ++ subject = polkit_unix_process_new (scanned_pid); + if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0) + { + g_object_unref (subject); +@@ -297,6 +302,8 @@ polkit_subject_to_gvariant (PolkitSubject *subject) + g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)))); + g_variant_builder_add (&builder, "{sv}", "start-time", + g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)))); ++ g_variant_builder_add (&builder, "{sv}", "uid", ++ g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)))); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { +@@ -395,6 +402,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, + GVariant *v; + guint32 pid; + guint64 start_time; ++ gint32 uid; + + v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error); + if (v == NULL) +@@ -414,7 +422,18 @@ polkit_subject_new_for_gvariant (GVariant *variant, + start_time = g_variant_get_uint64 (v); + g_variant_unref (v); + +- ret = polkit_unix_process_new_full (pid, start_time); ++ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); ++ if (v != NULL) ++ { ++ uid = g_variant_get_int32 (v); ++ g_variant_unref (v); ++ } ++ else ++ { ++ uid = -1; ++ } ++ ++ ret = polkit_unix_process_new_for_owner (pid, start_time, uid); + } + else if (g_strcmp0 (kind, "unix-session") == 0) + { +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 876da69..913be3a 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -62,6 +62,7 @@ struct _PolkitUnixProcess + + gint pid; + guint64 start_time; ++ gint uid; + }; + + struct _PolkitUnixProcessClass +@@ -74,6 +75,7 @@ enum + PROP_0, + PROP_PID, + PROP_START_TIME, ++ PROP_UID + }; + + static void subject_iface_init (PolkitSubjectIface *subject_iface); +@@ -81,6 +83,9 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); + static guint64 get_start_time_for_pid (gint pid, + GError **error); + ++static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error); ++ + #ifdef HAVE_FREEBSD + static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); + #endif +@@ -92,6 +97,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT, + static void + polkit_unix_process_init (PolkitUnixProcess *unix_process) + { ++ unix_process->uid = -1; + } + + static void +@@ -108,6 +114,10 @@ polkit_unix_process_get_property (GObject *object, + g_value_set_int (value, unix_process->pid); + break; + ++ case PROP_UID: ++ g_value_set_int (value, unix_process->uid); ++ break; ++ + case PROP_START_TIME: + g_value_set_uint64 (value, unix_process->start_time); + break; +@@ -132,6 +142,14 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + ++ case PROP_UID: ++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ break; ++ ++ case PROP_START_TIME: ++ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); ++ break; ++ + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; +@@ -139,12 +157,39 @@ polkit_unix_process_set_property (GObject *object, + } + + static void ++polkit_unix_process_constructed (GObject *object) ++{ ++ PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object); ++ ++ /* sets start_time and uid in case they are unset */ ++ ++ if (process->start_time == 0) ++ process->start_time = get_start_time_for_pid (process->pid, NULL); ++ ++ if (process->uid == -1) ++ { ++ GError *error; ++ error = NULL; ++ process->uid = _polkit_unix_process_get_owner (process, &error); ++ if (error != NULL) ++ { ++ process->uid = -1; ++ g_error_free (error); ++ } ++ } ++ ++ if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL) ++ G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object); ++} ++ ++static void + polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + { + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_unix_process_get_property; + gobject_class->set_property = polkit_unix_process_set_property; ++ gobject_class->constructed = polkit_unix_process_constructed; + + /** + * PolkitUnixProcess:pid: +@@ -156,7 +201,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + g_param_spec_int ("pid", + "Process ID", + "The UNIX process ID", +- -1, ++ 0, + G_MAXINT, + 0, + G_PARAM_CONSTRUCT | +@@ -166,6 +211,27 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + G_PARAM_STATIC_NICK)); + + /** ++ * PolkitUnixProcess:uid: ++ * ++ * The UNIX user id of the process or -1 if unknown. ++ * ++ * Note that this is the real user-id, not the effective user-id. ++ */ ++ g_object_class_install_property (gobject_class, ++ PROP_UID, ++ g_param_spec_int ("uid", ++ "User ID", ++ "The UNIX user ID", ++ -1, ++ G_MAXINT, ++ -1, ++ G_PARAM_CONSTRUCT | ++ G_PARAM_READWRITE | ++ G_PARAM_STATIC_NAME | ++ G_PARAM_STATIC_BLURB | ++ G_PARAM_STATIC_NICK)); ++ ++ /** + * PolkitUnixProcess:start-time: + * + * The start time of the process. +@@ -178,7 +244,8 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + 0, + G_MAXUINT64, + 0, +- G_PARAM_READABLE | ++ G_PARAM_CONSTRUCT | ++ G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); +@@ -186,113 +253,50 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + } + + /** +- * polkit_unix_process_get_pid: ++ * polkit_unix_process_get_uid: + * @process: A #PolkitUnixProcess. + * +- * Gets the process id for @process. ++ * Gets the user id for @process. Note that this is the real user-id, ++ * not the effective user-id. + * +- * Returns: The process id for @process. ++ * Returns: The user id for @process or -1 if unknown. + */ + gint +-polkit_unix_process_get_pid (PolkitUnixProcess *process) ++polkit_unix_process_get_uid (PolkitUnixProcess *process) + { +- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); +- return process->pid; ++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1); ++ return process->uid; + } + + /** +- * polkit_unix_process_get_owner: ++ * polkit_unix_process_set_uid: + * @process: A #PolkitUnixProcess. +- * @error: (allow-none): Return location for error or %NULL. ++ * @uid: The user id to set for @process or -1 to unset it. + * +- * Gets the uid of the owner of @process. ++ * Sets the (real, not effective) user id for @process. ++ */ ++void ++polkit_unix_process_set_uid (PolkitUnixProcess *process, ++ gint uid) ++{ ++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); ++ g_return_if_fail (uid >= -1); ++ process->uid = uid; ++} ++ ++/** ++ * polkit_unix_process_get_pid: ++ * @process: A #PolkitUnixProcess. + * +- * Note that this returns the real user-id (not the effective user-id) of @process. ++ * Gets the process id for @process. + * +- * Returns: The UNIX user id of the owner for @process or 0 if @error is set. +- **/ ++ * Returns: The process id for @process. ++ */ + gint +-polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error) ++polkit_unix_process_get_pid (PolkitUnixProcess *process) + { +- gint result; +- gchar *contents; +- gchar **lines; +-#ifdef HAVE_FREEBSD +- struct kinfo_proc p; +-#else +- gchar filename[64]; +- guint n; +-#endif +- + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); +- g_return_val_if_fail (error == NULL || *error == NULL, 0); +- +- result = 0; +- lines = NULL; +- contents = NULL; +- +-#ifdef HAVE_FREEBSD +- if (get_kinfo_proc (process->pid, &p) == 0) +- { +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "get_kinfo_proc() failed for pid %d: %s", +- process->pid, +- g_strerror (errno)); +- goto out; +- } +- +- result = p.ki_uid; +-#else +- +- /* see 'man proc' for layout of the status file +- * +- * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs). +- */ +- g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid); +- if (!g_file_get_contents (filename, +- &contents, +- NULL, +- error)) +- { +- goto out; +- } +- lines = g_strsplit (contents, "\n", -1); +- for (n = 0; lines != NULL && lines[n] != NULL; n++) +- { +- gint real_uid, effective_uid; +- if (!g_str_has_prefix (lines[n], "Uid:")) +- continue; +- if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2) +- { +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "Unexpected line `%s' in file %s", +- lines[n], +- filename); +- goto out; +- } +- else +- { +- result = real_uid; +- goto out; +- } +- } +- +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "Didn't find any line starting with `Uid:' in file %s", +- filename); +-#endif +- +-out: +- g_strfreev (lines); +- g_free (contents); +- return result; ++ return process->pid; + } + + /** +@@ -311,6 +315,21 @@ polkit_unix_process_get_start_time (PolkitUnixProcess *process) + } + + /** ++ * polkit_unix_process_set_start_time: ++ * @process: A #PolkitUnixProcess. ++ * @start_time: The start time for @pid. ++ * ++ * Set the start time of @process. ++ */ ++void ++polkit_unix_process_set_start_time (PolkitUnixProcess *process, ++ guint64 start_time) ++{ ++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); ++ process->start_time = start_time; ++} ++ ++/** + * polkit_unix_process_set_pid: + * @process: A #PolkitUnixProcess. + * @pid: A process id. +@@ -323,18 +342,17 @@ polkit_unix_process_set_pid (PolkitUnixProcess *process, + { + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); + process->pid = pid; +- if (pid != (gint) -1) +- process->start_time = get_start_time_for_pid (pid, NULL); + } + + /** + * polkit_unix_process_new: + * @pid: The process id. + * +- * Creates a new #PolkitUnixProcess for @pid. The start time of the +- * process will be looked up in using e.g. the +- * <filename>/proc</filename> filesystem depending on the platform in +- * use. ++ * Creates a new #PolkitUnixProcess for @pid. ++ * ++ * The uid and start time of the process will be looked up in using ++ * e.g. the <filename>/proc</filename> filesystem depending on the ++ * platform in use. + * + * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ +@@ -353,22 +371,42 @@ polkit_unix_process_new (gint pid) + * + * Creates a new #PolkitUnixProcess object for @pid and @start_time. + * ++ * The uid of the process will be looked up in using e.g. the ++ * <filename>/proc</filename> filesystem depending on the platform in ++ * use. ++ * + * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ + PolkitSubject * + polkit_unix_process_new_full (gint pid, + guint64 start_time) + { +- PolkitUnixProcess *process; +- +- process = POLKIT_UNIX_PROCESS (polkit_unix_process_new ((gint) -1)); +- process->pid = pid; +- if (start_time != 0) +- process->start_time = start_time; +- else +- process->start_time = get_start_time_for_pid (pid, NULL); ++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, ++ "pid", pid, ++ "start_time", start_time, ++ NULL)); ++} + +- return POLKIT_SUBJECT (process); ++/** ++ * polkit_unix_process_new_for_owner: ++ * @pid: The process id. ++ * @start_time: The start time for @pid or 0 to look it up in e.g. <filename>/proc</filename>. ++ * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. <filename>/proc</filename>. ++ * ++ * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid. ++ * ++ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). ++ */ ++PolkitSubject * ++polkit_unix_process_new_for_owner (gint pid, ++ guint64 start_time, ++ gint uid) ++{ ++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, ++ "pid", pid, ++ "start_time", start_time, ++ "uid", uid, ++ NULL)); + } + + static guint +@@ -616,3 +654,95 @@ out: + + return start_time; + } ++ ++static gint ++_polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error) ++{ ++ gint result; ++ gchar *contents; ++ gchar **lines; ++#ifdef HAVE_FREEBSD ++ struct kinfo_proc p; ++#else ++ gchar filename[64]; ++ guint n; ++#endif ++ ++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); ++ g_return_val_if_fail (error == NULL || *error == NULL, 0); ++ ++ result = 0; ++ lines = NULL; ++ contents = NULL; ++ ++#ifdef HAVE_FREEBSD ++ if (get_kinfo_proc (process->pid, &p) == 0) ++ { ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "get_kinfo_proc() failed for pid %d: %s", ++ process->pid, ++ g_strerror (errno)); ++ goto out; ++ } ++ ++ result = p.ki_uid; ++#else ++ ++ /* see 'man proc' for layout of the status file ++ * ++ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs). ++ */ ++ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid); ++ if (!g_file_get_contents (filename, ++ &contents, ++ NULL, ++ error)) ++ { ++ goto out; ++ } ++ lines = g_strsplit (contents, "\n", -1); ++ for (n = 0; lines != NULL && lines[n] != NULL; n++) ++ { ++ gint real_uid, effective_uid; ++ if (!g_str_has_prefix (lines[n], "Uid:")) ++ continue; ++ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2) ++ { ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Unexpected line `%s' in file %s", ++ lines[n], ++ filename); ++ goto out; ++ } ++ else ++ { ++ result = real_uid; ++ goto out; ++ } ++ } ++ ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Didn't find any line starting with `Uid:' in file %s", ++ filename); ++#endif ++ ++out: ++ g_strfreev (lines); ++ g_free (contents); ++ return result; ++} ++ ++/* deprecated public method */ ++gint ++polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error) ++{ ++ return _polkit_unix_process_get_owner (process, error); ++} +diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h +index b88cd03..531a57d 100644 +--- a/src/polkit/polkitunixprocess.h ++++ b/src/polkit/polkitunixprocess.h +@@ -47,16 +47,24 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; + typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; + + GType polkit_unix_process_get_type (void) G_GNUC_CONST; +-PolkitSubject *polkit_unix_process_new (gint pid); +-PolkitSubject *polkit_unix_process_new_full (gint pid, +- guint64 start_time); +- ++PolkitSubject *polkit_unix_process_new (gint pid); ++PolkitSubject *polkit_unix_process_new_full (gint pid, ++ guint64 start_time); ++PolkitSubject *polkit_unix_process_new_for_owner (gint pid, ++ guint64 start_time, ++ gint uid); + gint polkit_unix_process_get_pid (PolkitUnixProcess *process); + guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process); ++gint polkit_unix_process_get_uid (PolkitUnixProcess *process); + void polkit_unix_process_set_pid (PolkitUnixProcess *process, + gint pid); ++void polkit_unix_process_set_uid (PolkitUnixProcess *process, ++ gint uid); ++void polkit_unix_process_set_start_time (PolkitUnixProcess *process, ++ guint64 start_time); ++ + gint polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error); ++ GError **error) G_GNUC_DEPRECATED_FOR (polkit_unix_process_get_uid); + + G_END_DECLS + +-- +cgit v0.8.3-6-g21f6 +From c23d74447c7615dc74dae259f0fc3688ec988867 Mon Sep 17 00:00:00 2001 +From: David Zeuthen <davidz@redhat.com> +Date: Fri, 01 Apr 2011 16:12:27 +0000 +Subject: Use polkit_unix_process_get_uid() to get the owner of a process + +This avoids a TOCTTOU problem. + +Signed-off-by: David Zeuthen <davidz@redhat.com> +--- +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 495f752..9c331b6 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -293,14 +293,15 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { +- local_error = NULL; +- uid = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject), &local_error); +- if (local_error != NULL) ++ uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); ++ if ((gint) uid == -1) + { +- g_propagate_prefixed_error (error, local_error, "Error getting user for process: "); ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Unix process subject does not have uid set"); + goto out; + } +- + ret = polkit_unix_user_new (uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) +-- +cgit v0.8.3-6-g21f6 +From 3b12cfac29dddd27f1f166a7574d8374cc1dccf2 Mon Sep 17 00:00:00 2001 +From: David Zeuthen <davidz@redhat.com> +Date: Fri, 01 Apr 2011 16:13:15 +0000 +Subject: pkexec: Avoid TOCTTOU problems with parent process + +In a nutshell, the parent process may change its uid (either real- or +effective uid) after launching pkexec. It can do this by exec()'ing +e.g. a setuid root program. + +To avoid this problem, just use the uid the parent process had when it +executed pkexec. This happens to be the same uid of the pkexec process +itself. + +Additionally, remove some dubious code that allowed pkexec to continue +when the parent process died as there is no reason to support +something like that. Also ensure that the pkexec process is killed if +the parent process dies. + +This problem was pointed out by Neel Mehta <nmehta@google.com>. + +Signed-off-by: David Zeuthen <davidz@redhat.com> +--- +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 9217954..3e656be 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -35,6 +35,10 @@ + #include <pwd.h> + #include <errno.h> + ++#ifdef __linux__ ++#include <sys/prctl.h> ++#endif ++ + #include <glib/gi18n.h> + + #ifdef POLKIT_AUTHFW_PAM +@@ -423,7 +427,6 @@ main (int argc, char *argv[]) + GPtrArray *saved_env; + gchar *opt_user; + pid_t pid_of_caller; +- uid_t uid_of_caller; + gpointer local_agent_handle; + + ret = 127; +@@ -598,40 +601,49 @@ main (int argc, char *argv[]) + */ + g_type_init (); + +- /* now check if the program that invoked us is authorized */ ++ /* make sure we are nuked if the parent process dies */ ++#ifdef __linux__ ++ if (prctl (PR_SET_PDEATHSIG, SIGTERM) != 0) ++ { ++ g_printerr ("prctl(PR_SET_PDEATHSIG, SIGTERM) failed: %s\n", g_strerror (errno)); ++ goto out; ++ } ++#else ++#warning "Please add OS specific code to catch when the parent dies" ++#endif ++ ++ /* Figure out the parent process */ + pid_of_caller = getppid (); + if (pid_of_caller == 1) + { + /* getppid() can return 1 if the parent died (meaning that we are reaped +- * by /sbin/init); get process group leader instead - for example, this +- * happens when launching via gnome-panel (alt+f2, then 'pkexec gedit'). ++ * by /sbin/init); In that case we simpy bail. + */ +- pid_of_caller = getpgrp (); +- } +- +- subject = polkit_unix_process_new (pid_of_caller); +- if (subject == NULL) +- { +- g_printerr ("No such process for pid %d: %s\n", (gint) pid_of_caller, error->message); +- g_error_free (error); ++ g_printerr ("Refusing to render service to dead parents.\n"); + goto out; + } + +- /* paranoia: check that the uid of pid_of_caller matches getuid() */ +- error = NULL; +- uid_of_caller = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject), +- &error); +- if (error != NULL) +- { +- g_printerr ("Error determing pid of caller (pid %d): %s\n", (gint) pid_of_caller, error->message); +- g_error_free (error); +- goto out; +- } +- if (uid_of_caller != getuid ()) +- { +- g_printerr ("User of caller (%d) does not match our uid (%d)\n", uid_of_caller, getuid ()); +- goto out; +- } ++ /* This process we want to check an authorization for is the process ++ * that launched us - our parent process. ++ * ++ * At the time the parent process fork()'ed and exec()'ed us, the ++ * process had the same real-uid that we have now. So we use this ++ * real-uid instead of of looking it up to avoid TOCTTOU issues ++ * (consider the parent process exec()'ing a setuid helper). ++ * ++ * On the other hand, the monotonic process start-time is guaranteed ++ * to never change so it's safe to look that up given only the PID ++ * since we are guaranteed to be nuked if the parent goes away ++ * (cf. the prctl(2) call above). ++ */ ++ subject = polkit_unix_process_new_for_owner (pid_of_caller, ++ 0, /* 0 means "look up start-time in /proc" */ ++ getuid ()); ++ /* really double-check the invariants guaranteed by the PolkitUnixProcess class */ ++ g_assert (subject != NULL); ++ g_assert (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)) == pid_of_caller); ++ g_assert (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0); ++ g_assert (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) > 0); + + error = NULL; + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); +-- +cgit v0.8.3-6-g21f6 diff --git a/testing/polkit/PKGBUILD b/testing/polkit/PKGBUILD index 072cb033a..41cf78211 100644 --- a/testing/polkit/PKGBUILD +++ b/testing/polkit/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 114364 2011-03-12 22:11:26Z ibiru $ +# $Id: PKGBUILD 120110 2011-04-20 09:34:59Z jgc $ # Maintainer: Jan de Groot <jgc@archlinux.org> pkgname=polkit pkgver=0.101 -pkgrel=1 +pkgrel=2 pkgdesc="Application development toolkit for controlling system-wide privileges" arch=(i686 x86_64) license=('LGPL') @@ -13,12 +13,15 @@ makedepends=('intltool' 'gtk-doc' 'gobject-introspection') replaces=('policykit') options=('!libtool') source=(http://hal.freedesktop.org/releases/${pkgname}-${pkgver}.tar.gz + CVE-2011-1485.patch polkit.pam) md5sums=('f925ac93aba3c072977370c1e27feb7f' + '4d858b8ab602614d7db2bc8574f6fd29' '6564f95878297b954f0572bc1610dd15') build() { cd "${srcdir}/${pkgname}-${pkgver}" + patch -Np1 -i "${srcdir}/CVE-2011-1485.patch" ./configure --prefix=/usr --sysconfdir=/etc \ --localstatedir=/var --libexecdir=/usr/lib/polkit-1 \ --disable-static --enable-gtk-doc |