Opened 3 years ago

Closed 3 years ago

#63277 closed update (fixed)

policykit: Update to 0.119

Reported by: ryandesign (Ryan Carsten Schmidt) Owned by: dbevans (David B. Evans)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc:
Port: policykit

Description

The policykit port is several versions out of date. Current version as of a month ago is 0.119.

https://gitlab.freedesktop.org/polkit/polkit/-/tags

Change History (3)

comment:1 Changed 3 years ago by evanmiller (Evan Miller)

A mozjs78 port will be needed before this can go anywhere.

comment:3 Changed 3 years ago by neverpanic (Clemens Lang)

Resolution: fixed
Status: assignedclosed

In fa29fe7f1282995888ce51761af4d08ca16646af/macports-ports (master):

policykit: Update to 0.120 + 3 additional commits

Add rudimentary support for the meson build system to the
gobject_introspection PortGroup, which is used by polkit. This may need
further adaption in case other build systems do not name their gobject
introspection configure flag 'introspection'.

Switch polkit to the meson build system, drop the autoconf related files
and sections from the Portfile. Re-enable the livecheck that seems to
have been disabled because of warning in upstream's NEWS file that has
been also present in previous versions and was not a good reason to keep
polkit at an older version.

Fix CVE-2021-4034, a local privilege escalation in pkexec – although
I have not verified whether this is exploitable on macOS.

The updated polkit would require a newer mozjs – however, polkit
upstream is working on replacing polkit with the much smaller and
simpler to build duktape JavaScript engine, which will ship in 0.121.
Instead of packaging the newer version of mozjs, I packaged duktape and
pulled in the commit the enables using it. See

https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/97

for further discussion that suggests that pretty much all distributions
will switch to duktape as soon as it is available.

CVE: CVE-2021-4034
Closes: #63277

Note: See TracTickets for help on using tickets.