Hello community,

here is the log from the commit of package brltty for openSUSE:Factory checked 
in at 2017-02-21 13:35:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/brltty (Old)
 and      /work/SRC/openSUSE:Factory/.brltty.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "brltty"

Changes:
--------
--- /work/SRC/openSUSE:Factory/brltty/brltty.changes    2016-11-08 
18:26:16.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.brltty.new/brltty.changes       2017-02-21 
13:35:56.294271293 +0100
@@ -1,0 +2,19 @@
+Tue Feb 14 17:40:27 UTC 2017 - mgo...@suse.com
+
+- Disable udev rule for generic FTDI devices to avoid taking
+  USB-to-serial converters (boo#1007652). Add an update
+  message if one of these devices is detected.
+- Add a README.SUSE.
+
+- Add brltty-polkit-fixes.patch:  don't delay brltty if waiting
+  for polkit initialization, and fix polkit+key authentication
+  (bsc#930242).
+
+- Add brltty-braillenote-usb.patch: autodetect BrailleNote via
+  USB.
+
+- Always enable polkit (intention of the conditional was to
+  disable on 13.2 and 42.1, but it was being disabled under 42.2
+  as well).
+
+-------------------------------------------------------------------

New:
----
  README.SUSE
  brltty-braillenote-usb.patch
  brltty-polkit-fixes.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ brltty.spec ++++++
--- /var/tmp/diff_new_pack.KwzA4M/_old  2017-02-21 13:35:56.894186663 +0100
+++ /var/tmp/diff_new_pack.KwzA4M/_new  2017-02-21 13:35:56.898186099 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package brltty
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,11 +22,7 @@
 %define sover 0_6
 %define soname libbrlapi%{sover}
 
-%if 0%{?suse_version} > 1320
 %define with_polkit 1
-%else
-%define with_polkit 0
-%endif
 
 Name:           brltty
 Version:        5.4
@@ -38,10 +34,13 @@
 Url:            http://mielke.cc/brltty/
 
 Source0:        http://mielke.cc/brltty/archive/%{name}-%{version}.tar.xz
+Source1:        README.SUSE
 Patch1:         brltty-udev-rule.patch
+Patch2:         brltty-polkit-fixes.patch
 Patch3:         brltty-5.0-speechd.diff
 # PATCH-FIX-UPSTREAM brltty-5.4-latex-tables-executable.patch mgo...@suse.com 
-- LaTeX tables need to be executable.
 Patch4:         brltty-5.4-latex-tables-executable.patch
+Patch5:         brltty-braillenote-usb.patch
 
 BuildRequires:  bison
 BuildRequires:  espeak-devel
@@ -297,9 +296,12 @@
 
 %prep
 %setup -q
+cp %{_sourcedir}/README.SUSE .
 %patch1 -p1
+%patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 # Fix "wrong-file-end-of-line-encoding" rpmlint warning
 sed -i 's/\r$//' Documents/Manual-BRLTTY/Portuguese/BRLTTY.txt
 
@@ -332,6 +334,8 @@
 # Don't include source files in binary package
 rm -f %{buildroot}%{_libdir}/ocaml/brlapi/brlapi.{mli,cmxa}
 ln -sf ../../%{_unitdir}/%{name}.service %{buildroot}%{_sbindir}/rc%{name}
+# Don't claim generic USB serial adapters (boo#1007652)
+sed -i 's/^ENV{PRODUCT}=="403\/6001\/\*"/#ENV{PRODUCT}=="403\/6001\/\*"/' 
Autostart/Udev/udev.rules
 mkdir -p %{buildroot}%{_udevdir}/rules.d
 install -m644 Autostart/Udev/udev.rules 
%{buildroot}%{_udevdir}/rules.d/69-%{name}.rules
 %if %{?with_polkit}
@@ -384,15 +388,37 @@
 %post 
 %service_add_post %{name}.service
 
+# Remove any messages that could've been in place about the upgrade
+rm -f %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
+
+if [ -f /usr/bin/lsusb ]; then
+  lsusb 2>/dev/null |grep -q 0403:6001
+  if [ $? -eq 0 ]; then
+    cat >> %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release} 
<< EOF
+
+WARNING: The SUSE brltty package no longer enables certain USB
+refreshable Braille displays by default, and it appears that you may have
+one of these displays attached. If so, then you may need to edit
+/usr/lib/udev/rules.d/69-brltty.rules.
+If your device is a standard USB-to-serial converter, rather than a
+refreshable Braille display, then you can ignore this message.
+See /usr/share/doc/packages/brltty/README.SUSE for more information.
+
+EOF
+  fi
+fi
+
 %preun 
 %service_del_preun %{name}.service
 
 %postun
 %service_del_postun %{name}.service
+# Remove the /var/adm updatemsg that was hand-created and thus not on filelist
+rm -f %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
 
 %files
 %defattr(-, root, root)
-%doc LICENSE-GPL LICENSE-LGPL README Documents/ChangeLog 
Documents/CONTRIBUTORS Documents/HISTORY Documents/README.Bluetooth 
Documents/TODO
+%doc LICENSE-GPL LICENSE-LGPL README README.SUSE Documents/ChangeLog 
Documents/CONTRIBUTORS Documents/HISTORY Documents/README.Bluetooth 
Documents/TODO
 %doc Documents/Manual-BRLTTY/English
 %config(noreplace) %{_sysconfdir}/brltty.conf
 %{_sysconfdir}/brltty/
@@ -422,6 +448,7 @@
 %exclude %{_libdir}/brltty/libbrlttyses.so
 %exclude %{_libdir}/brltty/libbrlttyssd.so
 %exclude %{_libdir}/brltty/libbrlttyxa2.so
+%ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
 
 %files driver-at-spi2
 %defattr(-, root, root)

++++++ README.SUSE ++++++
Some notes on SUSE-specific configuration of brltty
========================================================================

USB:
------------------------------------------------------------------------
Most USB Braille displays should be autodetected by udev, starting brltty.
However, some Braille displays have the same product IDs as generic
USB-to-serial adapters, and, in order to avoid a conflict with these
adapters, the brltty udev rule for them has been disabled. If you have
an Albatross, Cebra, Hims, HandyTech, or MDV display and connect it
via USB, then you may want to edit /usr/lib/udev/rules.d/69-brltty.rules
and uncomment the following line:
#ENV{PRODUCT}=="403/6001/*", ENV{BRLTTY_BRAILLE_DRIVER}="at,ce,hm,ht,md", 
GOTO="brltty_usb_run"

See https://bugzilla.opensuse.org/show_bug.cgi?id=1007652 for more
information.

Alternatively, you can have systemd automatically start brltty at boot. Run
chkconfig brltty on
as the superuser.


Authentication:
------------------------------------------------------------------------
By default, brltty authenticates with clients (such as orca) via a key
file. However, SUSE enables polkit-based authentication instead.
This eliminates the need to, ie, add users to the brlapi group in order
to be able to have orca interact with the Braille display. It also
disallows remote users from interacting with the display. If you would
like to change this behavior, then you can edit the api-parameters
directive in /etc/brltty.conf.
++++++ brltty-braillenote-usb.patch ++++++
>From 71e8623c494d1936e27f12270f460312beb383bf Mon Sep 17 00:00:00 2001
From: Dave Mielke <d...@mielke.cc>
Date: Wed, 9 Nov 2016 14:49:00 -0500
Subject: [PATCH] The BrailleNote wasn't being autodetected when using USB.
 (dm)

---
 Programs/config.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Programs/config.c b/Programs/config.c
index 295d269..6554461 100644
--- a/Programs/config.c
+++ b/Programs/config.c
@@ -1487,7 +1487,7 @@ activateBrailleDriver (int verify) {
         autodetectableDrivers = serialDrivers;
       } else if (isUsbDevice(&dev)) {
         static const char *const usbDrivers[] = {
-          "al", "bm", "eu", "fs", "hd", "hm", "ht", "hw", "mt", "pg", "pm", 
"sk", "vo",
+          "al", "bm", "bn", "eu", "fs", "hd", "hm", "ht", "hw", "mt", "pg", 
"pm", "sk", "vo",
           NULL
         };
         autodetectableDrivers = usbDrivers;
-- 
2.6.6

++++++ brltty-polkit-fixes.patch ++++++
>From 7c26200d24b73fd4b3eec5e00f8593cf7ba507ff Mon Sep 17 00:00:00 2001
From: Dave Mielke <d...@mielke.cc>
Date: Sat, 8 Oct 2016 22:27:03 -0400
Subject: [PATCH] Waiting for Polkit initialization shouldn't delay BRLTTY
 startup. (st)

When BRLTTY is started very early, policykit is not running yet.
BrlAPI would then be disabled.
This makes the policykit initialization detect the case
when policykit it not started yet (G_IO_ERROR_NOT_FOUND), and
moves the initialization of authentication to inside the BrlAPI thread.
---
 Programs/auth.c          | 28 +++++++++++++++++++++-------
 Programs/brlapi_server.c | 10 ++++++----
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/Programs/auth.c b/Programs/auth.c
index f93afad..9b8bf3b 100644
--- a/Programs/auth.c
+++ b/Programs/auth.c
@@ -54,6 +54,7 @@ typedef unsigned int gid_t;
 #include "strfmt.h"
 #include "parse.h"
 #include "auth.h"
+#include "async_wait.h"
 
 /* peer credentials */
 #undef CAN_CHECK_CREDENTIALS
@@ -452,15 +453,28 @@ authPolkit_initialize (const char *parameter) {
   if ((polkit = malloc(sizeof(*polkit)))) {
     memset(polkit, 0, sizeof(*polkit));
 
-    GError *error_local = NULL;
-    polkit->authority = polkit_authority_get_sync(NULL, &error_local);
+    while(1) {
+      GError *error_local = NULL;
+      polkit->authority = polkit_authority_get_sync(NULL, &error_local);
 
-    if (polkit->authority) {
-      return polkit;
-    } else {
-      g_error_free(error_local);
-      g_free(polkit);
+      if (polkit->authority) {
+       return polkit;
+      } else {
+        GQuark domain = error_local->domain;
+        gint code = error_local->code;
+
+        logMessage(LOG_WARNING, "Unable to connect to polkit: %s (%d) %s 
(%d)", g_quark_to_string(domain), (int) domain, error_local->message, code);
+        g_error_free(error_local);
+
+        if ((domain != G_IO_ERROR) && (code != G_IO_ERROR_NOT_FOUND)) {
+          break;
+        }
+      }
+
+      asyncWait(1000);
     }
+
+    g_free(polkit);
   } else {
     logMallocError();
   }
diff --git a/Programs/brlapi_server.c b/Programs/brlapi_server.c
index c3b3c6e..295f169 100644
--- a/Programs/brlapi_server.c
+++ b/Programs/brlapi_server.c
@@ -2183,6 +2183,12 @@ THREAD_FUNCTION(runServer) {
   logMessage(LOG_CATEGORY(SERVER_EVENTS), "server thread started");
   if (!prepareThread()) goto finished;
 
+  if (auth && !isAbsolutePath(auth)) 
+    if (!(authDescriptor = authBeginServer(auth))) {
+      logMessage(LOG_WARNING, "Unable to start auth server");
+      goto finished;
+    }
+
   socketHosts = splitString(hosts,'+',&numSockets);
   if (numSockets>MAXSOCKETS) {
     logMessage(LOG_ERR,"too many hosts specified (%d, max 
%d)",numSockets,MAXSOCKETS);
@@ -3086,10 +3092,6 @@ int api_start(BrailleDisplay *brl, char **parameters)
     if (*operand) auth = operand;
   }
 
-  if (auth && !isAbsolutePath(auth)) 
-    if (!(authDescriptor = authBeginServer(auth)))
-      return 0;
-
   pthread_attr_t attr;
   pthread_mutexattr_t mattr;
 
-- 
2.6.6

>From 41f5c64ceb06d3cef1af1b3f474f56db1e3d2dd8 Mon Sep 17 00:00:00 2001
From: Dave Mielke <d...@mielke.cc>
Date: Sat, 8 Oct 2016 22:12:29 -0400
Subject: [PATCH] Fix polkit/keyfile authentication. (st)

Some parts of the code were assuming that auth had to always be a keyfile,
thus preventing the use of polkit+keyfile:/etc/brlapi.key as auth.
---
 Programs/brlapi_client.c |  7 ++++++-
 Programs/brlapi_common.h | 20 ++++++++++++++++++++
 Programs/brlapi_server.c | 25 ++++++++++++++++++++-----
 3 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/Programs/brlapi_client.c b/Programs/brlapi_client.c
index 0e20ec1..7a54980 100644
--- a/Programs/brlapi_client.c
+++ b/Programs/brlapi_client.c
@@ -724,7 +724,12 @@ brlapi_fileDescriptor BRLAPI_STDCALL 
brlapi__openConnection(brlapi_handle_t *han
       case BRLAPI_AUTH_KEY: {
         size_t authKeyLength;
        int res;
-        if (brlapi_loadAuthKey(settings.auth, &authKeyLength, (void *) 
&auth->key) < 0)
+       char *keyfile = brlapi_getKeyFile(settings.auth);
+       if (!keyfile)
+         continue;
+       res = brlapi_loadAuthKey(keyfile, &authKeyLength, (void *) &auth->key);
+       free(keyfile);
+        if (res < 0)
          continue;
         res = brlapi_writePacket(handle->fileDescriptor, BRLAPI_PACKET_AUTH, 
auth,
          sizeof(auth->type)+authKeyLength);
diff --git a/Programs/brlapi_common.h b/Programs/brlapi_common.h
index 98fed09..090ce84 100644
--- a/Programs/brlapi_common.h
+++ b/Programs/brlapi_common.h
@@ -415,3 +415,23 @@ BRLAPI(getKeyrangeMask) (brlapi_rangeType_t r, 
brlapi_keyCode_t code, brlapi_key
   brlapi_errno = BRLAPI_ERROR_INVALID_PARAMETER;
   return -1;
 }
+
+static char *
+BRLAPI(getKeyFile)(const char *auth)
+{
+  const char *path;
+  char *ret, *delim;
+  if (!strncmp(auth,"keyfile:",8))
+    path=auth+8;
+  else {
+    path=strstr(auth,"+keyfile:");
+    if (path) path+=9;
+    else path=auth;
+  }
+  ret=strdup(path);
+  delim=strchr(ret,'+');
+  if (delim)
+    *delim = 0;
+  return ret;
+}
+
diff --git a/Programs/brlapi_server.c b/Programs/brlapi_server.c
index 3fadda2..c3b3c6e 100644
--- a/Programs/brlapi_server.c
+++ b/Programs/brlapi_server.c
@@ -1225,6 +1225,18 @@ static void handleNewConnection(Connection *c)
   
brlapiserver_writePacket(c->fd,BRLAPI_PACKET_VERSION,&versionPacket.data,sizeof(versionPacket.version));
 }
 
+static int
+hasKeyFile(const char *auth)
+{
+  if (isAbsolutePath(auth))
+    return 1;
+  if (!strncmp(auth,"keyfile:", 8))
+    return 1;
+  if (strstr(auth,"+keyfile:"))
+    return 1;
+  return 0;
+}
+
 /* Function : handleUnauthorizedConnection */
 /* Returns 1 if connection has to be removed */
 static int handleUnauthorizedConnection(Connection *c, brlapi_packetType_t 
type, brlapi_packet_t *packet, size_t size)
@@ -1252,7 +1264,7 @@ static int handleUnauthorizedConnection(Connection *c, 
brlapi_packetType_t type,
        unauthConnections--;
        c->auth = 1;
       } else {
-       if (isAbsolutePath(auth))
+       if (hasKeyFile(auth))
          authPacket->type[nbmethods++] = htonl(BRLAPI_AUTH_KEY);
        c->auth = 0;
       }
@@ -1288,15 +1300,18 @@ static int handleUnauthorizedConnection(Connection *c, 
brlapi_packetType_t type,
          if (authDescriptor) authCorrect = authPerform(authDescriptor, c->fd);
          break;
        case BRLAPI_AUTH_KEY:
-         if (isAbsolutePath(auth)) {
-           if (brlapiserver_loadAuthKey(auth,&authKeyLength,&authKey)==-1) {
-             logMessage(LOG_WARNING,"Unable to load API authorization key from 
%s: %s in %s. You may use parameter auth=none if you don't want any 
authorization (dangerous)", auth, strerror(brlapi_libcerrno), brlapi_errfun);
+         if (hasKeyFile(auth)) {
+           char *path = brlapiserver_getKeyFile(auth);
+           int ret = brlapiserver_loadAuthKey(path,&authKeyLength,&authKey);
+           free(path);
+           if (ret==-1) {
+             logMessage(LOG_WARNING,"Unable to load API authorization key from 
%s: %s in %s. You may use parameter auth=none if you don't want any 
authorization (dangerous)", path, strerror(brlapi_libcerrno), brlapi_errfun);
              break;
            }
            logMessage(LOG_CATEGORY(SERVER_EVENTS), "authorization key loaded");
            authCorrect = (remaining==authKeyLength) && 
(!memcmp(&authPacket->key, &authKey, authKeyLength));
            memset(&authKey, 0, authKeyLength);
-           memset(&authPacket->key, 0, authKeyLength);
+           memset(&authPacket->key, 0, remaining);
          }
          break;
        default:
-- 
2.6.6


Reply via email to