Sat Mar 12 20:57:35 UTC 2022

patches/packages/polkit-0.120-x86_64-3_slack15.0.txz:  Rebuilt.
  Patched to fix a security issue where an unprivileged user could cause a
  denial of service due to process file descriptor exhaustion.
  Thanks to marav.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115
  (* Security fix *)

ChangeLog.rss

@@ -11,9 +11,26 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Thu, 10 Mar 2022 02:30:54 GMT</pubDate>
+      <pubDate>Sat, 12 Mar 2022 20:57:35 GMT</pubDate>
-      <lastBuildDate>Thu, 10 Mar 2022 12:29:45 GMT</lastBuildDate>
+      <lastBuildDate>Sun, 13 Mar 2022 12:29:44 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
+      <item>
+         <title>Sat, 12 Mar 2022 20:57:35 GMT</title>
+         <pubDate>Sat, 12 Mar 2022 20:57:35 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20220312205735</link>
+         <guid isPermaLink="false">20220312205735</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/polkit-0.120-x86_64-3_slack15.0.txz:  Rebuilt.
+  Patched to fix a security issue where an unprivileged user could cause a
+  denial of service due to process file descriptor exhaustion.
+  Thanks to marav.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
       <item>
          <title>Thu, 10 Mar 2022 02:30:54 GMT</title>
          <pubDate>Thu, 10 Mar 2022 02:30:54 GMT</pubDate>

ChangeLog.txt

@@ -1,3 +1,12 @@
+Sat Mar 12 20:57:35 UTC 2022
+patches/packages/polkit-0.120-x86_64-3_slack15.0.txz:  Rebuilt.
+  Patched to fix a security issue where an unprivileged user could cause a
+  denial of service due to process file descriptor exhaustion.
+  Thanks to marav.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115
+  (* Security fix *)
++--------------------------+
 Thu Mar 10 02:30:54 UTC 2022
 patches/packages/ca-certificates-20220309-noarch-1_slack15.0.txz:  Upgraded.
   This update provides the latest CA certificates to check for the

FILELIST.TXT

@@ -1,20 +1,20 @@
-Thu Mar 10 02:36:45 UTC 2022
+Sat Mar 12 21:00:24 UTC 2022
 
 Here is the file list for this directory.  If you are using a 
 mirror site and find missing or extra files in the disk 
 subdirectories, please have the archive administrator refresh
 the mirror.
 
-drwxr-xr-x 12 root root      4096 2022-03-10 02:30 .
+drwxr-xr-x 12 root root      4096 2022-03-12 20:57 .
 -rw-r--r--  1 root root      5767 2022-02-02 22:44 ./ANNOUNCE.15.0
 -rw-r--r--  1 root root     16617 2022-02-02 23:27 ./CHANGES_AND_HINTS.TXT
--rw-r--r--  1 root root   1115819 2022-03-09 04:18 ./CHECKSUMS.md5
+-rw-r--r--  1 root root   1116942 2022-03-10 02:37 ./CHECKSUMS.md5
--rw-r--r--  1 root root       163 2022-03-09 04:18 ./CHECKSUMS.md5.asc
+-rw-r--r--  1 root root       163 2022-03-10 02:37 ./CHECKSUMS.md5.asc
 -rw-r--r--  1 root root     17976 1994-06-10 02:28 ./COPYING
 -rw-r--r--  1 root root     35147 2007-06-30 04:21 ./COPYING3
 -rw-r--r--  1 root root     19573 2016-06-23 20:08 ./COPYRIGHT.TXT
 -rw-r--r--  1 root root       616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r--  1 root root   1876035 2022-03-10 02:30 ./ChangeLog.txt
+-rw-r--r--  1 root root   1876429 2022-03-12 20:57 ./ChangeLog.txt
 drwxr-xr-x  3 root root      4096 2013-03-20 22:17 ./EFI
 drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rw-r--r--  1 root root   1187840 2021-06-15 19:16 ./EFI/BOOT/bootx64.efi
@@ -25,7 +25,7 @@ drwxr-xr-x  2 root root      4096 2022-02-02 08:21 ./EFI/BOOT
 -rwxr-xr-x  1 root root      2504 2019-07-05 18:54 ./EFI/BOOT/make-grub.sh
 -rw-r--r--  1 root root     10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
 -rw-r--r--  1 root root      1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r--  1 root root   1456084 2022-03-09 04:17 ./FILELIST.TXT
+-rw-r--r--  1 root root   1457492 2022-03-10 02:36 ./FILELIST.TXT
 -rw-r--r--  1 root root      1572 2012-08-29 18:27 ./GPG-KEY
 -rw-r--r--  1 root root    864745 2022-02-02 08:25 ./PACKAGES.TXT
 -rw-r--r--  1 root root      8034 2022-02-02 03:36 ./README.TXT
@@ -737,13 +737,13 @@ drwxr-xr-x  2 root root      4096 2008-05-07 05:21 ./pasture/source/php/pear
 -rwxr-xr-x  1 root root      9448 2018-05-16 22:38 ./pasture/source/php/php.SlackBuild
 -rw-r--r--  1 root root       775 2017-07-07 19:25 ./pasture/source/php/php.ini-development.diff.gz
 -rw-r--r--  1 root root       830 2005-12-09 05:18 ./pasture/source/php/slack-desc
-drwxr-xr-x  4 root root      4096 2022-03-10 02:36 ./patches
+drwxr-xr-x  4 root root      4096 2022-03-12 21:00 ./patches
--rw-r--r--  1 root root     17560 2022-03-10 02:36 ./patches/CHECKSUMS.md5
+-rw-r--r--  1 root root     18424 2022-03-12 21:00 ./patches/CHECKSUMS.md5
--rw-r--r--  1 root root       163 2022-03-10 02:36 ./patches/CHECKSUMS.md5.asc
+-rw-r--r--  1 root root       163 2022-03-12 21:00 ./patches/CHECKSUMS.md5.asc
--rw-r--r--  1 root root     23532 2022-03-10 02:36 ./patches/FILE_LIST
+-rw-r--r--  1 root root     24650 2022-03-12 21:00 ./patches/FILE_LIST
--rw-r--r--  1 root root   8199908 2022-03-10 02:36 ./patches/MANIFEST.bz2
+-rw-r--r--  1 root root   8206383 2022-03-12 21:00 ./patches/MANIFEST.bz2
--rw-r--r--  1 root root     12005 2022-03-10 02:36 ./patches/PACKAGES.TXT
+-rw-r--r--  1 root root     12621 2022-03-12 21:00 ./patches/PACKAGES.TXT
-drwxr-xr-x  3 root root      4096 2022-03-10 02:36 ./patches/packages
+drwxr-xr-x  3 root root      4096 2022-03-12 21:00 ./patches/packages
 -rw-r--r--  1 root root       327 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txt
 -rw-r--r--  1 root root     10716 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-02-15 05:07 ./patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz.asc
@@ -799,13 +799,16 @@ drwxr-xr-x  2 root root      4096 2022-03-09 04:17 ./patches/packages/linux-5.15
 -rw-r--r--  1 root root       345 2022-02-18 04:57 ./patches/packages/php-7.4.28-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   5825644 2022-02-18 04:57 ./patches/packages/php-7.4.28-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-02-18 04:57 ./patches/packages/php-7.4.28-x86_64-1_slack15.0.txz.asc
+-rw-r--r--  1 root root       450 2022-03-12 20:37 ./patches/packages/polkit-0.120-x86_64-3_slack15.0.txt
+-rw-r--r--  1 root root    403284 2022-03-12 20:37 ./patches/packages/polkit-0.120-x86_64-3_slack15.0.txz
+-rw-r--r--  1 root root       163 2022-03-12 20:37 ./patches/packages/polkit-0.120-x86_64-3_slack15.0.txz.asc
 -rw-r--r--  1 root root       392 2022-03-02 20:36 ./patches/packages/seamonkey-2.53.11-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root  38098120 2022-03-02 20:36 ./patches/packages/seamonkey-2.53.11-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-03-02 20:36 ./patches/packages/seamonkey-2.53.11-x86_64-1_slack15.0.txz.asc
 -rw-r--r--  1 root root       354 2022-02-15 18:37 ./patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txt
 -rw-r--r--  1 root root   2805300 2022-02-15 18:37 ./patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz
 -rw-r--r--  1 root root       163 2022-02-15 18:37 ./patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz.asc
-drwxr-xr-x 17 root root      4096 2022-03-10 02:28 ./patches/source
+drwxr-xr-x 18 root root      4096 2022-03-12 20:40 ./patches/source
 drwxr-xr-x  2 root root      4096 2022-01-16 05:07 ./patches/source/aaa_base
 -rw-r--r--  1 root root     11041 2022-02-15 04:49 ./patches/source/aaa_base/_aaa_base.tar.gz
 -rwxr-xr-x  1 root root      3894 2022-02-15 05:07 ./patches/source/aaa_base/aaa_base.SlackBuild
@@ -939,6 +942,15 @@ drwxr-xr-x  2 root root      4096 2022-02-18 02:03 ./patches/source/php
 -rw-r--r--  1 root root       605 2020-03-17 21:22 ./patches/source/php/php.imap.api.diff.gz
 -rw-r--r--  1 root root       805 2020-05-12 19:14 ./patches/source/php/php.ini-development.diff.gz
 -rw-r--r--  1 root root       796 2021-02-19 19:05 ./patches/source/php/slack-desc
+drwxr-xr-x  2 root root      4096 2022-03-12 20:26 ./patches/source/polkit
+-rw-r--r--  1 root root       610 2018-08-20 21:35 ./patches/source/polkit/0001-configure-fix-elogind-support.patch.gz
+-rw-r--r--  1 root root       890 2022-03-12 20:25 ./patches/source/polkit/CVE-2021-4115.patch.gz
+-rw-r--r--  1 root root      1061 2022-01-26 02:14 ./patches/source/polkit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch.gz
+-rw-r--r--  1 root root       484 2020-11-30 06:55 ./patches/source/polkit/doinst.sh.gz
+-rw-r--r--  1 root root       292 2015-01-02 05:35 ./patches/source/polkit/dont-set-wheel-group-as-admin.diff.gz
+-rw-r--r--  1 root root    675865 2021-10-06 18:06 ./patches/source/polkit/polkit-0.120.tar.lz
+-rwxr-xr-x  1 root root      6539 2022-03-12 20:36 ./patches/source/polkit/polkit.SlackBuild
+-rw-r--r--  1 root root       903 2020-11-01 20:04 ./patches/source/polkit/slack-desc
 drwxr-xr-x  3 root root      4096 2022-03-02 19:58 ./patches/source/seamonkey
 drwxr-xr-x  2 root root      4096 2016-07-03 18:05 ./patches/source/seamonkey/autoconf
 -rw-r--r--  1 root root      5869 2016-07-03 18:04 ./patches/source/seamonkey/autoconf/autoconf-2.13-consolidated_fixes-1.patch.gz

patches/packages/polkit-0.120-x86_64-3_slack15.0.txt

@@ -0,0 +1,11 @@
+polkit: polkit (authentication framework)
+polkit: 
+polkit: PolicyKit is an application-level toolkit for defining and handling
+polkit: the policy that allows unprivileged processes to speak to privileged
+polkit: processes. PolicyKit is specifically targeting applications in rich
+polkit: desktop environments on multi-user UNIX-like operating systems.
+polkit:
+polkit: Homepage: http://www.freedesktop.org/wiki/Software/polkit
+polkit:
+polkit:
+polkit:

patches/source/polkit/0001-configure-fix-elogind-support.patch

@@ -0,0 +1,29 @@
+From 08bb656496cd3d6213bbe9473f63f2d4a110da6e Mon Sep 17 00:00:00 2001
+From: Rasmus Thomsen <cogitri@exherbo.org>
+Date: Wed, 11 Apr 2018 13:14:14 +0200
+Subject: [PATCH] configure: fix elogind support
+
+HAVE_LIBSYSTEMD is used to determine which source files to use.
+We have to check if either have_libsystemd or have_libelogind is
+true, as both of these need the source files which are used when
+HAVE_LIBSYSTEMD is true.
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 36df239..da47ecb 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -221,7 +221,7 @@ AS_IF([test "x$cross_compiling" != "xyes" ], [
+ 
+ AC_SUBST(LIBSYSTEMD_CFLAGS)
+ AC_SUBST(LIBSYSTEMD_LIBS)
+-AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes" || test "$have_libelogind" = "yes" ], [Using libsystemd])
+ 
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+-- 
+2.17.0
+

patches/source/polkit/CVE-2021-4115.patch

@@ -0,0 +1,71 @@
+diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
+index 8ed1363..2fbf5f1 100644
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -62,6 +62,10 @@ enum
+   PROP_NAME,
+ };
+ 
++
++guint8 dbus_call_respond_fails;      // has to be global because of callback
++
++
+ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+ 
+ G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
+@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject              *src,
+   if (!v)
+     {
+       data->caught_error = TRUE;
++      dbus_call_respond_fails += 1;
+     }
+   else
+     {
+@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
+   tmp_context = g_main_context_new ();
+   g_main_context_push_thread_default (tmp_context);
+ 
++  dbus_call_respond_fails = 0;
++
+   /* Do two async calls as it's basically as fast as one sync call.
+    */
+   g_dbus_connection_call (connection,
+@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus
+ 			  on_retrieved_unix_uid_pid,
+ 			  &data);
+ 
+-  while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+-    g_main_context_iteration (tmp_context, TRUE);
++  while (TRUE)
++  {
++    /* If one dbus call returns error, we must wait until the other call
++     * calls _call_finish(), otherwise fd leak is possible.
++     * Resolves: GHSL-2021-077
++    */
+ 
+-  if (data.caught_error)
+-    goto out;
++    if ( (dbus_call_respond_fails > 1) )
++    {
++      // we got two faults, we can leave
++      goto out;
++    }
++
++    if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
++    {
++      // we got one fault and the other call finally finished, we can leave
++      goto out;
++    }
++
++    if ( !(data.retrieved_uid && data.retrieved_pid) )
++    {
++      g_main_context_iteration (tmp_context, TRUE);
++    }
++    else
++    {
++      break;
++    }
++  }
+ 
+   if (out_uid)
+     *out_uid = data.uid;

patches/source/polkit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch

@@ -0,0 +1,79 @@
+From a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Tue, 25 Jan 2022 17:21:46 +0000
+Subject: [PATCH] pkexec: local privilege escalation (CVE-2021-4034)
+
+---
+ src/programs/pkcheck.c |  5 +++++
+ src/programs/pkexec.c  | 23 ++++++++++++++++++++---
+ 2 files changed, 25 insertions(+), 3 deletions(-)
+
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index f1bb4e1..768525c 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -363,6 +363,11 @@ main (int argc, char *argv[])
+   local_agent_handle = NULL;
+   ret = 126;
+ 
++  if (argc < 1)
++    {
++      exit(126);
++    }
++
+   /* Disable remote file access from GIO. */
+   setenv ("GIO_USE_VFS", "local", 1);
+ 
+diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
+index 7698c5c..84e5ef6 100644
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -488,6 +488,15 @@ main (int argc, char *argv[])
+   pid_t pid_of_caller;
+   gpointer local_agent_handle;
+ 
++
++  /*
++   * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
++   */
++  if (argc<1)
++    {
++      exit(127);
++    }
++
+   ret = 127;
+   authority = NULL;
+   subject = NULL;
+@@ -614,10 +623,10 @@ main (int argc, char *argv[])
+ 
+       path = g_strdup (pwstruct.pw_shell);
+       if (!path)
+-	{
++        {
+           g_printerr ("No shell configured or error retrieving pw_shell\n");
+           goto out;
+-	}
++        }
+       /* If you change this, be sure to change the if (!command_line)
+ 	 case below too */
+       command_line = g_strdup (path);
+@@ -636,7 +645,15 @@ main (int argc, char *argv[])
+           goto out;
+         }
+       g_free (path);
+-      argv[n] = path = s;
++      path = s;
++
++      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++       */
++      if (argv[n] != NULL)
++      {
++        argv[n] = path;
++      }
+     }
+   if (access (path, F_OK) != 0)
+     {
+-- 
+GitLab
+

patches/source/polkit/doinst.sh

@@ -0,0 +1,32 @@
+config() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+if [ -r etc/pam.d/polkit-1.new ]; then
+  config etc/pam.d/polkit-1.new
+fi
+
+# Make sure the polkitd user and group exist:
+if ! grep -q "^polkitd:" etc/passwd ; then
+  echo "polkitd:x:87:87:PolicyKit daemon owner:/var/lib/polkit:/bin/false" >> etc/passwd
+fi
+if ! grep -q "^polkitd:" etc/group ; then
+  echo "polkitd:x:87:" >> etc/group
+fi
+
+# Remove obsolete rules:
+rm -f etc/polkit-1/localauthority/50-local.d/*.pkla{,.new}
+rm -f etc/polkit-1/rules.d/*.pkla{,.new}
+
+# Remove obsolete directory:
+rmdir etc/polkit-1/localauthority/50-local.d 2> /dev/null
+rmdir etc/polkit-1/localauthority 2> /dev/null
+

patches/source/polkit/dont-set-wheel-group-as-admin.diff

@@ -0,0 +1,10 @@
+diff -Nur polkit-0.112.orig/src/polkitbackend/50-default.rules polkit-0.112/src/polkitbackend/50-default.rules
+--- polkit-0.112.orig/src/polkitbackend/50-default.rules	2013-04-29 12:28:57.000000000 -0500
++++ polkit-0.112/src/polkitbackend/50-default.rules	2015-01-01 23:32:40.154400050 -0600
+@@ -8,5 +8,5 @@
+ // about configuring polkit.
+ 
+ polkit.addAdminRule(function(action, subject) {
+-    return ["unix-group:wheel"];
++    return ["unix-user:root"];
+ });

patches/source/polkit/polkit.SlackBuild

@@ -0,0 +1,201 @@
+#!/bin/bash
+
+# Copyright 2009, 2011, 2015  Robby Workman, Northport, Alabama, USA
+# Copyright 2010  Eric Hameleers, Eindhoven, NL
+# Copyright 2009, 2010, 2011, 2012, 2013, 2018, 2020  Patrick J. Volkerding, Sebeka, MN, USA
+# All rights reserved.
+
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=polkit
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-3_slack15.0}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) export ARCH=i586 ;;
+    arm*) export ARCH=arm ;;
+    # Unless $ARCH is already set, use uname -m for all other archs:
+       *) export ARCH=$( uname -m ) ;;
+  esac
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+  exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
+cd $PKGNAM-$VERSION || exit 1
+
+# Make sure ownerships and permissions are sane:
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+zcat $CWD/dont-set-wheel-group-as-admin.diff.gz | patch -p1 --verbose || exit 1
+zcat $CWD/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/CVE-2021-4115.patch.gz | patch -p1 --verbose || exit 1
+
+# https://gitlab.freedesktop.org/polkit/polkit/-/issues/29
+zcat $CWD/0001-configure-fix-elogind-support.patch.gz | patch -p1 || exit 1
+
+# If we get here and don't have a polkitd user/group, add one.
+# Otherwise a few directories in the package will have wrong permissions.
+if ! grep -q "^polkitd:" /etc/passwd ; then
+  groupadd -fg 87 polkitd
+  useradd -c "PolicyKit daemon owner" -d /var/lib/polkit -u 87 -g polkitd -s /bin/false polkitd
+fi
+
+# Choose correct options depending on whether PAM is installed:
+if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
+  PAM_OPTIONS="--with-authfw=pam --with-pam-module-dir=/lib${LIBDIRSUFFIX}/security"
+  unset SHADOW_OPTIONS
+else
+  unset PAM_OPTIONS
+  SHADOW_OPTIONS="--with-authfw=shadow"
+fi
+
+if [ ! -r configure ]; then
+  if [ -x ./autogen.sh ]; then
+    NOCONFIGURE=1 ./autogen.sh
+  else
+    autoreconf -vif
+  fi
+fi
+
+LIBELOGIND_CFLAGS="$(pkg-config --cflags libelogind)" \
+LIBELOGIND_LIBS="$(pkg-config --libs libelogind)" \
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --docdir=/usr/doc/$PKGNAM-$VERSION \
+  --enable-man-pages \
+  --enable-gtk-doc \
+  --mandir=/usr/man \
+  --disable-static \
+  --disable-examples \
+  --enable-introspection \
+  --enable-libsystemd-login=no \
+  --enable-libelogind=yes \
+  $PAM_OPTIONS \
+  $SHADOW_OPTIONS \
+  --enable-verbose-mode \
+  --with-os-type=Slackware \
+  --build=$ARCH-slackware-linux || exit 1
+
+# Build and install:
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+# Create homedir for polkit.  This is mentioned in /etc/passwd, but isn't
+# actually used for anything later.  Perms don't matter.
+mkdir -p $PKG/var/lib/polkit
+
+# Move dbus configs to system location:
+mkdir -p $PKG/usr/share/dbus-1/system.d/
+mv $PKG/etc/dbus-1/system.d/* $PKG/usr/share/dbus-1/system.d/
+rmdir --parents $PKG/etc/dbus-1/system.d/
+
+# Leave the /etc/polkit-1/rules.d/ dir in place, but move the config(s)
+mv $PKG/etc/polkit-1/rules.d/* $PKG/usr/share/polkit-1/rules.d/
+
+if [ ! -z "$PAM_OPTIONS" ]; then
+  # Make the PAM file .new:
+  mv $PKG/etc/pam.d/polkit-1 $PKG/etc/pam.d/polkit-1.new
+fi
+
+# Strip binaries:
+find $PKG | xargs file | grep -e "executable" -e "shared object" \
+  | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Compress and link manpages, if any:
+if [ -d $PKG/usr/man ]; then
+  ( cd $PKG/usr/man
+    for manpagedir in $(find . -type d -name "man*") ; do
+      ( cd $manpagedir
+        for eachpage in $( find . -type l -maxdepth 1) ; do
+          ln -s $( readlink $eachpage ).gz $eachpage.gz
+          rm $eachpage
+        done
+        gzip -9 *.*
+      )
+    done
+  )
+fi
+
+# Add a documentation directory:
+mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
+cp -a \
+  AUTHORS COPYING HACKING INSTALL NEWS README \
+  $PKG/usr/doc/$PKGNAM-$VERSION
+( cd $PKG/usr/doc/$PKGNAM-$VERSION; ln -s ../../share/gtk-doc/html/polkit-1 html )
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+  DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION)
+  cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+  touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz

patches/source/polkit/slack-desc

@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+      |-----handy-ruler-----------------------------------------------------|
+polkit: polkit (authentication framework)
+polkit: 
+polkit: PolicyKit is an application-level toolkit for defining and handling
+polkit: the policy that allows unprivileged processes to speak to privileged
+polkit: processes. PolicyKit is specifically targeting applications in rich
+polkit: desktop environments on multi-user UNIX-like operating systems.
+polkit:
+polkit: Homepage: http://www.freedesktop.org/wiki/Software/polkit
+polkit:
+polkit:
+polkit:

recompress.sh

@@ -1191,6 +1191,11 @@ gzip ./patches/source/php/php.enchant-2.patch
 gzip ./patches/source/php/doinst.sh
 gzip ./patches/source/php/php.imap.api.diff
 gzip ./patches/source/php/php.ini-development.diff
+gzip ./patches/source/polkit/dont-set-wheel-group-as-admin.diff
+gzip ./patches/source/polkit/CVE-2021-4115.patch
+gzip ./patches/source/polkit/doinst.sh
+gzip ./patches/source/polkit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch
+gzip ./patches/source/polkit/0001-configure-fix-elogind-support.patch
 gzip ./patches/source/at/doinst.sh
 gzip ./patches/source/mozilla-firefox/firefox.moz_plugin_path.diff
 gzip ./patches/source/mozilla-firefox/ff.ui.scrollToClick.diff