Discussion:
Want to fix polkit on Mageia 7 and have problems.
(too old to reply)
William Unruh
2022-01-28 04:26:40 UTC
Permalink
I am trying to fix polkit on a machine I have which has Mageia 7 (cannot
upgrade because of covid).
Even doing
rpmbuild --rebuild polkit-0.116-1.1.mga7.src.rpm

does not work. I get a bunch of first warnings like

Unescaped left brace in regex is deprecated here (and will be fatal in Perl 5.32), passed through in regex; marked by <-- HERE in m/^\s*typedef\s+enum\s*
({ <-- HERE )?\s*
(?:/\*<
(([^*]|\*(?!/))*)
\s*\*/)?
\s*({)?
/ at /usr/local/bin/glib-mkenums line 271.

and then a bunch of

In file included from ../../src/polkit/polkit.h:28,
from polkitenumtypes.c:4:
../../src/polkit/polkitenumtypes.h:13:9: error: macro names must be identifiers
#define @***@_TYPE_CHECK_AUTHORIZATION_FLAGS (polkit_check_authorization_flags_get_type ())
^
and the compile fails. So not even the unfixed version works.

I get the same problem is I install the polkit-0.116-1.1.mga7.src.rpm,
edit SPECS/polkit.spec to add a patch for
0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch
and that patch in SOURCE
Teh patch installs fine, but again the comilation dies due to the above
type errors.

a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?
b) If not, how can I compile the patched source without getting those
silly errors.
David W. Hodgins
2022-01-28 05:13:46 UTC
Permalink
On Thu, 27 Jan 2022 23:26:40 -0500, William Unruh <***@invalid.ca> wrote:
<snip details of attempt to compile polkit with security patch>
Post by William Unruh
a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?
No. Mageia 7 support ended June 30th 2021.
Post by William Unruh
b) If not, how can I compile the patched source without getting those
silly errors.
That would be best asked on the dev mailing list.

Regards, Dave Hodgins
William Unruh
2022-01-28 07:45:28 UTC
Permalink
Post by David W. Hodgins
<snip details of attempt to compile polkit with security patch>
Post by William Unruh
a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?
No. Mageia 7 support ended June 30th 2021.
It used to be that security support lasted longer.
Post by David W. Hodgins
Post by William Unruh
b) If not, how can I compile the patched source without getting those
silly errors.
That would be best asked on the dev mailing list.
Where is the dev mailing list?
Post by David W. Hodgins
Regards, Dave Hodgins
Bit Twister
2022-01-28 09:18:33 UTC
Permalink
Post by William Unruh
Post by David W. Hodgins
<snip details of attempt to compile polkit with security patch>
Post by William Unruh
a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?
No. Mageia 7 support ended June 30th 2021.
It used to be that security support lasted longer.
Post by David W. Hodgins
Post by William Unruh
b) If not, how can I compile the patched source without getting those
silly errors.
That would be best asked on the dev mailing list.
Where is the dev mailing list?
https://ml.mageia.org/l/arc/dev
TJ
2022-01-28 13:36:30 UTC
Permalink
Post by William Unruh
Post by David W. Hodgins
<snip details of attempt to compile polkit with security patch>
Post by William Unruh
a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?
No. Mageia 7 support ended June 30th 2021.
It used to be that security support lasted longer.
There were a couple of Mageia releases that "enjoyed" extended support
because of special circumstances at the time they were scheduled to go EOL.

Those circumstances did not exist for Mageia 7.

TJ
David W. Hodgins
2022-01-28 17:21:02 UTC
Permalink
Post by William Unruh
Post by David W. Hodgins
<snip details of attempt to compile polkit with security patch>
Post by William Unruh
a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?
No. Mageia 7 support ended June 30th 2021.
It used to be that security support lasted longer.
We made exceptions in the past when there was a critical security update with no
workaround (spetre/meltdown IIRC), just after a release had reached end of support.

That was a couple of weeks after support had ended, and some of the packagers
still had their environment setup allowing them to to produce the update and
some testers still had the installs needed to test it.

This is 7 months since Mageia 7 reached end of support and there is a simple
work around. As root run "chmod 0755 /usr/bin/pkexec".

That will mean pkexec doesn't work anymore. Running things like rpmdrake as a
regular user will not work. You must use an alternative approach to get root
privileges (open a terminal, use "su -" and then run rpmdrake or use sudo rpmdrake
if you've configured sudo).
Post by William Unruh
Post by David W. Hodgins
Post by William Unruh
b) If not, how can I compile the patched source without getting those
silly errors.
That would be best asked on the dev mailing list.
Where is the dev mailing list?
- Register for a Mageia account at https://identity.mageia.org/ if you haven't
already.
- Login and subscribe to ***@ml.mageia.org (Developement discussion list) at
https://ml.mageia.org

Once you've subscribed to the dev mailing list, you can post the question there.

In my opinion you'd be better off investing the time upgrading to Mageia 8.

Regards, Dave Hodgins
William Unruh
2022-01-28 19:43:48 UTC
Permalink
Post by David W. Hodgins
Post by William Unruh
Post by David W. Hodgins
<snip details of attempt to compile polkit with security patch>
Post by William Unruh
a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?
No. Mageia 7 support ended June 30th 2021.
It used to be that security support lasted longer.
We made exceptions in the past when there was a critical security update with no
workaround (spetre/meltdown IIRC), just after a release had reached end of support.
That was a couple of weeks after support had ended, and some of the packagers
still had their environment setup allowing them to to produce the update and
some testers still had the installs needed to test it.
This is 7 months since Mageia 7 reached end of support and there is a simple
work around. As root run "chmod 0755 /usr/bin/pkexec".
That will mean pkexec doesn't work anymore. Running things like rpmdrake as a
regular user will not work. You must use an alternative approach to get root
privileges (open a terminal, use "su -" and then run rpmdrake or use sudo rpmdrake
if you've configured sudo).
Post by William Unruh
Post by David W. Hodgins
Post by William Unruh
b) If not, how can I compile the patched source without getting those
silly errors.
That would be best asked on the dev mailing list.
Where is the dev mailing list?
- Register for a Mageia account at https://identity.mageia.org/ if you haven't
already.
https://ml.mageia.org
Once you've subscribed to the dev mailing list, you can post the question there.
In my opinion you'd be better off investing the time upgrading to Mageia 8.
Would be nice, (except I have always found that upgrading/reinstalling
meant about 3 full days of work getting everything to work properly
again) but yes, it does need to done.

However, because of covid I cannot get at these machines right now.

As far as I can tell, the fix for Mageia 8 works fine for Mageia 7.
There is not much that has changed in pkexec. The main thing seems to be
extra programs that pkexec is allowed to work with.

I guess disableing pkexec is the only option.

Thanks for the info on the dev mailing list.
Post by David W. Hodgins
Regards, Dave Hodgins
William Unruh
2022-01-29 07:10:45 UTC
Permalink
Thanks David. Went onto the dev mailing list and immediately got an
answer pointing out
Post by William Unruh
/ at /usr/local/bin/glib-mkenums line 271.
^^^^^

this line. There was an ancient version of glib-mkenums (from 2007) in
/usr/local/bin, which was apparently incompatible with the Mageai 7
perl. Getting rid of /usr/local/bin/glib-*
and the compiling worked fine. No idea anymore why they were there in
the first place.
Thanks.

Loading...