Fixes a local privilege escalation using polkit_system_bus_name_get_creds_sync()
Fixes: CVE-2021-3560
(cherry picked from commit 26ac1d5db953292d78f0585dd8baccd9a36a44a4)
The samba package was marked as broken, when enableGlusterFS is true.
The samba build with glusterfs fails due to API breakage that I am
unable to debug:
[3562/4088] Compiling source3/modules/vfs_virusfilter.c
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_pread’:
../../source3/modules/vfs_glusterfs.c:856:8: error: too few arguments to function ‘glfs_pread’
856 | ret = glfs_pread(glfd, data, n, offset, 0);
| ^~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:713:1: note: declared here
713 | glfs_pread(glfs_fd_t *fd, void *buf, size_t count, off_t offset, int flags,
| ^~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_pread_do’:
../../source3/modules/vfs_glusterfs.c:938:16: error: too few arguments to function ‘glfs_pread’
938 | state->ret = glfs_pread(state->fd, state->buf, state->count,
| ^~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:713:1: note: declared here
713 | glfs_pread(glfs_fd_t *fd, void *buf, size_t count, off_t offset, int flags,
| ^~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_pwrite_do’:
../../source3/modules/vfs_glusterfs.c:1077:16: error: too few arguments to function ‘glfs_pwrite’
1077 | state->ret = glfs_pwrite(state->fd, state->buf, state->count,
| ^~~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:717:1: note: declared here
717 | glfs_pwrite(glfs_fd_t *fd, const void *buf, size_t count, off_t offset,
| ^~~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_pwrite’:
../../source3/modules/vfs_glusterfs.c:1161:8: error: too few arguments to function ‘glfs_pwrite’
1161 | ret = glfs_pwrite(glfd, data, n, offset, 0);
| ^~~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:717:1: note: declared here
717 | glfs_pwrite(glfs_fd_t *fd, const void *buf, size_t count, off_t offset,
| ^~~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_fsync_do’:
../../source3/modules/vfs_glusterfs.c:1287:16: error: too few arguments to function ‘glfs_fsync’
1287 | state->ret = glfs_fsync(state->fd);
| ^~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:790:1: note: declared here
790 | glfs_fsync(glfs_fd_t *fd, struct glfs_stat *prestat,
| ^~~~~~~~~~
../../source3/modules/vfs_glusterfs.c: In function ‘vfs_gluster_ftruncate’:
../../source3/modules/vfs_glusterfs.c:1621:8: error: too few arguments to function ‘glfs_ftruncate’
1621 | ret = glfs_ftruncate(glfd, offset);
| ^~~~~~~~~~~~~~
In file included from ../../source3/modules/vfs_glusterfs.c:41:
/nix/store/0gzaf6fqgfxfns19zlc07dyjqigj7ak7-glusterfs-9.0/include/glusterfs/api/glfs.h:768:1: note: declared here
768 | glfs_ftruncate(glfs_fd_t *fd, off_t length, struct glfs_stat *prestat,
| ^~~~~~~~~~~~~~
../../source3/modules/vfs_virusfilter.c: In function ‘quarantine_create_dir’:
../../source3/modules/vfs_virusfilter.c:132:13: warning: implicit declaration of function ‘strlcat’; did you mean ‘strncat’? [-Wimplicit-function-declaration]
132 | cat_len = strlcat(new_dir, "/", len + 1);
| ^~~~~~~
| strncat
Waf: Leaving directory `/build/samba-4.14.4/bin/default'
Build failed
-> task in 'vfs_glusterfs.objlist' failed with exit status 1 (run with -v to display more information)
(cherry picked from commit fac761a55ad4d6c6a8498c468ec7e5c43b984264)
This should help in rare hardware-specific situations where the root is
not automatically detected properly.
We search using a marker file. This should help some weird UEFI setups
where the root is set to `(hd0,msdos2)` by default.
Defaulting to `(hd0)` by looking for the ESP **will break themeing**. It
is unclear why, but files in `(hd0,msdos2)` are not all present as they
should be.
This also fixes an issue introduced with cb5c4fcd3c
where rEFInd stopped booting in many cases. This is because it ended up
using (hd0) rather than using the `search` which was happening
beforehand, which in turn uses (hd0,msdos2), which is the ESP.
Putting back the `search` here fixes that.
(cherry picked from commit 20b023b5ea63a6513a4dce7f162736a00bce5cc8)
This technically changes nothing. In practice `$root` is always the
"CWD", whether searched for automatically or not.
But this serves to announce we are relying on `$root`... I guess...
(cherry picked from commit c9bb054dd68964b0eb9a38c51bdf824bfb212fc7)
This commit has been generated by maintainers/scripts/haskell/regenerate-hackage-packages.sh
Main point here is to apply the new cabal2nix-unstable generation with
a libNixName entry for libXScrnSaver, so greenclip builds again.
