1. Forum
  2. FidoNet
  3. ALT.OS.LINUX.MAGEIA

  • Want to fix polkit on Mageia 7 and have problems.

    From William Unruh@2:250/1 to All on Fri Jan 28 04:26:40 2022

    I am trying to fix polkit on a machine I have which has Mageia 7 (cannot upgrade because of covid).
    Even doing
    rpmbuild --rebuild polkit-0.116-1.1.mga7.src.rpm

    does not work. I get a bunch of first warnings like

    Unescaped left brace in regex is deprecated here (and will be fatal in Perl 5.32), passed through in regex; marked by <-- HERE in m/^\s*typedef\s+enum\s*
    ({ <-- HERE )?\s*
    (?:/\*<
    (([^*]|\*(?!/))*)
    >\s*\*/)?
    \s*({)?
    / at /usr/local/bin/glib-mkenums line 271.

    and then a bunch of

    In file included from ../../src/polkit/polkit.h:28,
    from polkitenumtypes.c:4: .../../src/polkit/polkitenumtypes.h:13:9: error: macro names must be identifiers
    #define @ENUMPREFIX@_TYPE_CHECK_AUTHORIZATION_FLAGS (polkit_check_authorization_flags_get_type ())
    ^
    and the compile fails. So not even the unfixed version works.

    I get the same problem is I install the polkit-0.116-1.1.mga7.src.rpm,
    edit SPECS/polkit.spec to add a patch for 0001-pkexec-local-privilege-escalation-CVE-2021-4034.patch
    and that patch in SOURCE
    Teh patch installs fine, but again the comilation dies due to the above
    type errors.

    a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?
    b) If not, how can I compile the patched source without getting those
    silly errors.

    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From David W. Hodgins@2:250/1 to All on Fri Jan 28 05:13:46 2022
    On Thu, 27 Jan 2022 23:26:40 -0500, William Unruh <unruh@invalid.ca> wrote: <snip details of attempt to compile polkit with security patch>
    a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?

    No. Mageia 7 support ended June 30th 2021.

    b) If not, how can I compile the patched source without getting those
    silly errors.

    That would be best asked on the dev mailing list.

    Regards, Dave Hodgins


    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From William Unruh@2:250/1 to All on Fri Jan 28 07:45:28 2022
    On 2022-01-28, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
    On Thu, 27 Jan 2022 23:26:40 -0500, William Unruh <unruh@invalid.ca> wrote:
    <snip details of attempt to compile polkit with security patch>
    a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?

    No. Mageia 7 support ended June 30th 2021.

    It used to be that security support lasted longer.

    b) If not, how can I compile the patched source without getting those
    silly errors.

    That would be best asked on the dev mailing list.

    Where is the dev mailing list?

    Regards, Dave Hodgins


    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From Bit Twister@2:250/1 to All on Fri Jan 28 09:18:33 2022
    On Fri, 28 Jan 2022 07:45:28 -0000 (UTC), William Unruh wrote:
    On 2022-01-28, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
    On Thu, 27 Jan 2022 23:26:40 -0500, William Unruh <unruh@invalid.ca> wrote: >><snip details of attempt to compile polkit with security patch>
    a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?

    No. Mageia 7 support ended June 30th 2021.

    It used to be that security support lasted longer.

    b) If not, how can I compile the patched source without getting those
    silly errors.

    That would be best asked on the dev mailing list.

    Where is the dev mailing list?

    https://ml.mageia.org/l/arc/dev

    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From TJ@2:250/1 to All on Fri Jan 28 13:36:30 2022
    On 1/28/22 02:45, William Unruh wrote:
    On 2022-01-28, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
    On Thu, 27 Jan 2022 23:26:40 -0500, William Unruh <unruh@invalid.ca> wrote: >> <snip details of attempt to compile polkit with security patch>
    a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?

    No. Mageia 7 support ended June 30th 2021.

    It used to be that security support lasted longer.

    There were a couple of Mageia releases that "enjoyed" extended support
    because of special circumstances at the time they were scheduled to go EOL.

    Those circumstances did not exist for Mageia 7.

    TJ

    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From David W. Hodgins@2:250/1 to All on Fri Jan 28 17:21:02 2022
    On Fri, 28 Jan 2022 02:45:28 -0500, William Unruh <unruh@invalid.ca> wrote:
    On 2022-01-28, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
    On Thu, 27 Jan 2022 23:26:40 -0500, William Unruh <unruh@invalid.ca> wrote: >> <snip details of attempt to compile polkit with security patch>
    a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?

    No. Mageia 7 support ended June 30th 2021.

    It used to be that security support lasted longer.

    We made exceptions in the past when there was a critical security update with no
    workaround (spetre/meltdown IIRC), just after a release had reached end of support.

    That was a couple of weeks after support had ended, and some of the packagers still had their environment setup allowing them to to produce the update and some testers still had the installs needed to test it.

    This is 7 months since Mageia 7 reached end of support and there is a simple work around. As root run "chmod 0755 /usr/bin/pkexec".

    That will mean pkexec doesn't work anymore. Running things like rpmdrake as a regular user will not work. You must use an alternative approach to get root privileges (open a terminal, use "su -" and then run rpmdrake or use sudo rpmdrake
    if you've configured sudo).

    b) If not, how can I compile the patched source without getting those
    silly errors.

    That would be best asked on the dev mailing list.

    Where is the dev mailing list?

    - Register for a Mageia account at https://identity.mageia.org/ if you haven't
    already.
    - Login and subscribe to dev@ml.mageia.org (Developement discussion list) at
    https://ml.mageia.org

    Once you've subscribed to the dev mailing list, you can post the question there.

    In my opinion you'd be better off investing the time upgrading to Mageia 8.

    Regards, Dave Hodgins

    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From William Unruh@2:250/1 to All on Fri Jan 28 19:43:48 2022
    On 2022-01-28, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
    On Fri, 28 Jan 2022 02:45:28 -0500, William Unruh <unruh@invalid.ca> wrote:
    On 2022-01-28, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
    On Thu, 27 Jan 2022 23:26:40 -0500, William Unruh <unruh@invalid.ca> wrote: >>> <snip details of attempt to compile polkit with security patch>
    a) Is Mageia going to issue a security patch for Mageia 7 fro polkit?

    No. Mageia 7 support ended June 30th 2021.

    It used to be that security support lasted longer.

    We made exceptions in the past when there was a critical security update with no
    workaround (spetre/meltdown IIRC), just after a release had reached end of support.

    That was a couple of weeks after support had ended, and some of the packagers still had their environment setup allowing them to to produce the update and some testers still had the installs needed to test it.

    This is 7 months since Mageia 7 reached end of support and there is a simple work around. As root run "chmod 0755 /usr/bin/pkexec".

    That will mean pkexec doesn't work anymore. Running things like rpmdrake as a regular user will not work. You must use an alternative approach to get root privileges (open a terminal, use "su -" and then run rpmdrake or use sudo rpmdrake
    if you've configured sudo).

    b) If not, how can I compile the patched source without getting those
    silly errors.

    That would be best asked on the dev mailing list.

    Where is the dev mailing list?

    - Register for a Mageia account at https://identity.mageia.org/ if you haven't
    already.
    - Login and subscribe to dev@ml.mageia.org (Developement discussion list) at
    https://ml.mageia.org

    Once you've subscribed to the dev mailing list, you can post the question there.

    In my opinion you'd be better off investing the time upgrading to Mageia 8.

    Would be nice, (except I have always found that upgrading/reinstalling
    meant about 3 full days of work getting everything to work properly
    again) but yes, it does need to done.

    However, because of covid I cannot get at these machines right now.

    As far as I can tell, the fix for Mageia 8 works fine for Mageia 7.
    There is not much that has changed in pkexec. The main thing seems to be
    extra programs that pkexec is allowed to work with.

    I guess disableing pkexec is the only option.

    Thanks for the info on the dev mailing list.

    Regards, Dave Hodgins

    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From William Unruh@2:250/1 to All on Sat Jan 29 07:10:45 2022
    Thanks David. Went onto the dev mailing list and immediately got an
    answer pointing out

    / at /usr/local/bin/glib-mkenums line 271.
    ^^^^^

    this line. There was an ancient version of glib-mkenums (from 2007) in /usr/local/bin, which was apparently incompatible with the Mageai 7
    perl. Getting rid of /usr/local/bin/glib-*
    and the compiling worked fine. No idea anymore why they were there in
    the first place.
    Thanks.


    --- MBSE BBS v1.0.7.24 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)