From a1e8649c27451ac75f05b9b520d52b78e9f2913d Mon Sep 17 00:00:00 2001 From: root Date: Fri, 4 Oct 2013 01:59:50 -0700 Subject: Fri Oct 4 01:57:28 PDT 2013 --- extra/gconf/PKGBUILD | 8 +- extra/gconf/gconf.install | 5 +- extra/pyqt5/PKGBUILD | 105 +++++++++++++++++++++ ...001-SECURITY-Pass-uid-of-caller-to-polkit.patch | 48 ++++++++++ extra/rtkit/PKGBUILD | 11 ++- 5 files changed, 165 insertions(+), 12 deletions(-) create mode 100644 extra/pyqt5/PKGBUILD create mode 100644 extra/rtkit/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch (limited to 'extra') diff --git a/extra/gconf/PKGBUILD b/extra/gconf/PKGBUILD index f26385c19..040c3978d 100644 --- a/extra/gconf/PKGBUILD +++ b/extra/gconf/PKGBUILD @@ -1,13 +1,13 @@ -# $Id: PKGBUILD 187058 2013-06-03 11:16:33Z allan $ +# $Id: PKGBUILD 195892 2013-10-03 19:08:22Z jgc $ # Maintainer: Jan de Groot pkgname=gconf pkgver=3.2.6 -pkgrel=2 +pkgrel=3 pkgdesc="A configuration database system" arch=(i686 x86_64) license=('LGPL') -depends=('libxml2' 'polkit' 'libldap' 'dbus-glib' 'gtk3') +depends=('libxml2' 'polkit' 'libldap' 'dbus-glib') makedepends=('intltool' 'gtk-doc' 'gobject-introspection') options=('!libtool') install=gconf.install @@ -40,7 +40,7 @@ build() { ./configure --prefix=/usr --sysconfdir=/etc \ --localstatedir=/var --libexecdir=/usr/lib/GConf \ - --disable-static --enable-defaults-service --with-gtk=3.0 \ + --disable-static --enable-defaults-service \ --disable-orbit make pkglibdir=/usr/lib/GConf diff --git a/extra/gconf/gconf.install b/extra/gconf/gconf.install index f7945d165..a5ea777a5 100644 --- a/extra/gconf/gconf.install +++ b/extra/gconf/gconf.install @@ -9,10 +9,7 @@ post_upgrade() { chmod 755 etc/gconf/gconf.xml.system usr/bin/gio-querymodules usr/lib/gio/modules - PID=`pidof gconfd-2` - if [ ! -z "${PID}" ]; then - kill ${PID} - fi + pkill /usr/lib/GConf/gconfd-2 || return 0 } post_remove() { diff --git a/extra/pyqt5/PKGBUILD b/extra/pyqt5/PKGBUILD new file mode 100644 index 000000000..fc6840cac --- /dev/null +++ b/extra/pyqt5/PKGBUILD @@ -0,0 +1,105 @@ +# $Id: PKGBUILD 195876 2013-10-03 10:38:53Z andrea $ +# Maintainer: Andrea Scarpino +# Contributor: Yichao Yu +# Contributor: Douglas Soares de Andrade +# Contributor: riai Ben + +pkgbase=pyqt5 +pkgname=pyqt5 +pkgname=('pyqt5-common' 'python-pyqt5' 'python2-pyqt5') +pkgver=5.1 +pkgrel=1 +arch=('i686' 'x86_64') +url="http://riverbankcomputing.co.uk/software/pyqt/intro" +license=('GPL') +makedepends=('python-sip' 'python2-sip' 'python-opengl' 'python2-opengl' + 'python2-dbus' 'python-dbus' 'qt5-multimedia' 'qt5-tools' + 'qt5-svg') +source=("http://downloads.sourceforge.net/project/pyqt/PyQt5/PyQt-${pkgver}/PyQt-gpl-${pkgver}.tar.gz") +md5sums=('056f6232bf9ea92baf86e812fd1669f8') + +build() { + cp -r PyQt-gpl-${pkgver} Py2Qt-gpl-${pkgver} + + cd PyQt-gpl-${pkgver} + python3 configure.py \ + --confirm-license \ + -v /usr/share/sip/PyQt5 \ + --qsci-api \ + -q /usr/bin/qmake-qt5 + + # Thanks Gerardo for the rpath fix + find -name 'Makefile' | xargs sed -i 's|-Wl,-rpath,/usr/lib||g;s|-Wl,-rpath,.* ||g' + + make + + ### Python2 version ### + cd ../Py2Qt-gpl-${pkgver} + python2 configure.py \ + --confirm-license \ + -v /usr/share/sip/Py2-PyQt5 \ + --qsci-api \ + -q /usr/bin/qmake-qt5 + + # Thanks Gerardo for the rpath fix + find -name 'Makefile' | xargs sed -i 's|-Wl,-rpath,/usr/lib||g;s|-Wl,-rpath,.* ||g' + + make +} + +package_pyqt5-common(){ + pkgdesc="Common PyQt files shared between python-pyqt5 and python2-pyqt5" + depends=('qt5-base') + + cd PyQt-gpl-${pkgver} + make -C pyrcc DESTDIR="${pkgdir}" INSTALL_ROOT="${pkgdir}" install + make -C pylupdate DESTDIR="${pkgdir}" INSTALL_ROOT="${pkgdir}" install + + install -Dm644 PyQt5.api "${pkgdir}"/usr/share/qt/qsci/api/python/PyQt5.api +} + +package_python-pyqt5(){ + pkgdesc="A set of Python 3.x bindings for the Qt5 toolkit" + depends=('python-sip' 'pyqt5-common' 'python' 'python') + optdepends=('python-opengl: enable OpenGL 3D graphics in PyQt applications' + 'python-dbus: for python-dbus mainloop support' + 'qt5-multimedia: QtMultimedia, QtMultimediaWidgets' + 'qt5-tools: QtHelp, QtDesigner' + 'qt5-svg: QtSvg' + 'qt5-webkit: QtWebKit, QtWebKitWidgets' + 'qt5-xmlpatterns: QtXmlPatterns' + 'qt5-declarative: QtQml, qmlplugin') + + cd PyQt-gpl-${pkgver} + # INSTALL_ROOT is needed for the QtDesigner module, the other Makefiles use DESTDIR + make DESTDIR="${pkgdir}" INSTALL_ROOT="${pkgdir}" install + + # Provided by pyqt-common + rm "${pkgdir}"/usr/bin/{pylupdate5,pyrcc5} + rm "${pkgdir}"/usr/share/qt/qsci/api/python/PyQt5.api +} + +package_python2-pyqt5(){ + pkgdesc="A set of Python 2.x bindings for the Qt5 toolkit" + depends=('python2-sip' 'pyqt5-common' 'python2') + optdepends=('python2-opengl: enable OpenGL 3D graphics in PyQt applications' + 'python-dbus: for python-dbus mainloop support' + 'qt5-multimedia: QtMultimedia, QtMultimediaWidgets' + 'qt5-tools: QtHelp, QtDesigner' + 'qt5-svg: QtSvg' + 'qt5-webkit: QtWebKit, QtWebKitWidgets' + 'qt5-xmlpatterns: QtXmlPatterns' + 'qt5-declarative: QtQml, qmlplugin') + + cd Py2Qt-gpl-${pkgver} + # INSTALL_ROOT is needed for the QtDesigner module, the other Makefiles use DESTDIR + make DESTDIR="${pkgdir}" INSTALL_ROOT="${pkgdir}" install + + # Fix conflicts with python-pyqt5 + mv "${pkgdir}"/usr/bin/{,python2-}pyuic5 + + rm "${pkgdir}"/usr/bin/{pylupdate5,pyrcc5} + rm "${pkgdir}"/usr/lib/qt/plugins/designer/libpyqt5.so + rm "${pkgdir}"/usr/lib/qt/plugins/PyQt5/libpyqt5qmlplugin.so + rm "${pkgdir}"/usr/share/qt/qsci/api/python/PyQt5.api +} diff --git a/extra/rtkit/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch b/extra/rtkit/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch new file mode 100644 index 000000000..92e54b950 --- /dev/null +++ b/extra/rtkit/0001-SECURITY-Pass-uid-of-caller-to-polkit.patch @@ -0,0 +1,48 @@ +From f44c5776b25ca2abd7569fb8532c6aede9b0c6b0 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Thu, 22 Aug 2013 16:05:22 -0400 +Subject: [PATCH] [SECURITY] Pass uid of caller to polkit + +Otherwise, we force polkit to look up the uid itself in /proc, which +is racy if they execve() a setuid binary. +--- + rtkit-daemon.c | 11 ++++++++++- + 1 files changed, 10 insertions(+), 1 deletions(-) + +diff --git a/rtkit-daemon.c b/rtkit-daemon.c +index 2ebe673..3ecc1f7 100644 +--- a/rtkit-daemon.c ++++ b/rtkit-daemon.c +@@ -1170,12 +1170,14 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process + DBusMessage *m = NULL, *r = NULL; + const char *unix_process = "unix-process"; + const char *pid = "pid"; ++ const char *uid = "uid"; + const char *start_time = "start-time"; + const char *cancel_id = ""; + uint32_t flags = 0; + uint32_t pid_u32 = p->pid; +- uint64_t start_time_u64 = p->starttime; ++ uint32_t uid_u32 = (uint32_t)u->uid; + DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant; ++ uint64_t start_time_u64 = p->starttime; + int ret; + dbus_bool_t authorized = FALSE; + +@@ -1206,6 +1208,13 @@ static int verify_polkit(DBusConnection *c, struct rtkit_user *u, struct process + assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant)); + assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict)); + ++ assert_se(dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict)); ++ assert_se(dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &uid)); ++ assert_se(dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant)); ++ assert_se(dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &uid_u32)); ++ assert_se(dbus_message_iter_close_container(&iter_dict, &iter_variant)); ++ assert_se(dbus_message_iter_close_container(&iter_array, &iter_dict)); ++ + assert_se(dbus_message_iter_close_container(&iter_struct, &iter_array)); + assert_se(dbus_message_iter_close_container(&iter_msg, &iter_struct)); + +-- +1.7.1 + diff --git a/extra/rtkit/PKGBUILD b/extra/rtkit/PKGBUILD index d79889c7e..13b4ee2df 100644 --- a/extra/rtkit/PKGBUILD +++ b/extra/rtkit/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 194685 2013-09-22 00:26:14Z dreisner $ +# $Id: PKGBUILD 195870 2013-10-02 22:42:11Z heftig $ # Maintainer: Jan Alexander Steffens (heftig) # Contributor: Corrado Primier pkgname=rtkit pkgver=0.11 -pkgrel=3 +pkgrel=4 pkgdesc="Realtime Policy and Watchdog Daemon" arch=(i686 x86_64) url="http://git.0pointer.de/?p=rtkit.git" @@ -12,15 +12,18 @@ license=(GPL 'custom:BSD') depends=(dbus polkit systemd) install=rtkit.install source=(http://0pointer.de/public/$pkgname-$pkgver.tar.xz - libsystemd.patch systemd205.patch) + libsystemd.patch systemd205.patch + 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch) md5sums=('a96c33b9827de66033d2311f82d79a5d' '35089c0a284005f4abcf45168415857e' - '95195a70551057aca833da6bdbf2e35b') + '95195a70551057aca833da6bdbf2e35b' + '70df212cba2a6366ff960b60d55858d3') prepare() { cd $pkgname-$pkgver patch -Np1 -i ../libsystemd.patch patch -Np1 -i ../systemd205.patch + patch -Np1 -i ../0001-SECURITY-Pass-uid-of-caller-to-polkit.patch autoreconf -fi } -- cgit v1.2.3-54-g00ecf