Hello community,
here is the log from the commit of package polkit.3408 for openSUSE:13.1:Update
checked in at 2015-01-19 14:51:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/polkit.3408 (Old)
and /work/SRC/openSUSE:13.1:Update/.polkit.3408.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit.3408"
Changes:
--------
New Changes file:
--- /dev/null 2014-12-25 22:38:16.200041506 +0100
+++ /work/SRC/openSUSE:13.1:Update/.polkit.3408.new/polkit.changes
2015-01-19 14:51:16.000000000 +0100
@@ -0,0 +1,468 @@
+-------------------------------------------------------------------
+Mon Jan 12 13:21:20 UTC 2015 - tchva...@suse.com
+
+- Try to fix kded leaking due to powerdevil exposing this issue in
+ polkit (kde#271934, fdo#88288, bsc#912889):
+ * polkit-no-kded-leak.patch
+
+-------------------------------------------------------------------
+Fri Sep 27 08:16:34 UTC 2013 - t...@opensuse.org
+
+- Fixed URL
+
+-------------------------------------------------------------------
+Thu Sep 19 01:13:08 UTC 2013 - hrvoje.sen...@gmail.com
+
+- Update to 0.112
+ + polkitunixprocess: Deprecate racy APIs
+ + pkcheck: Support --process=pid,start-time,uid syntax too
+ (CVE-2013-4288)
+ + Use GOnce for interface type registration
+ + Add czech translation po file to distribution
+ + Update the czech once more with newest pot file
+
+-------------------------------------------------------------------
+Fri Jul 5 11:50:44 UTC 2013 - dims...@opensuse.org
+
+- On openSUSE 13.1+, switch from mozjs185 to mozjs-17.0 by:
+ + Conditionally BuildRequire pkgconfig(mozjs-17.0).
+- Drop libmozjs185-1_0 Recommends: the library is actually required
+ and auto-detected as such by rpm (from 0.111 changes: "The
+ JavaScript interpreter is now mandatory").
+
+-------------------------------------------------------------------
+Fri Jun 14 20:34:39 UTC 2013 - hrvoje.sen...@gmail.com
+
+- Update to 0.111
+ + Both js185 and mozjs17 versions of SpiderMonkey are supported
+ + The JavaScript interpreter is now mandatory
+ + Fixed various memory leaks
+ + Respect SUID_CFLAGS and SUID_LDFLAGS
+ + Set process environment from pam_getenvlist()
+ + Fix the build with automake 1.13
+- Drop polkit-suid_flags.patch and automake-113.patch, those
+ patches are included in this release
+
+-------------------------------------------------------------------
+Thu Apr 11 01:17:21 UTC 2013 - hrvoje.sen...@gmail.com
+
+- Add automake-113.patch, fixes build with automake-1.13
+
+-------------------------------------------------------------------
+Mon Feb 18 19:47:33 UTC 2013 - g...@opensuse.org
+
+- Recommend libmozjs185-1_0 which is dlopen'ed and required for JS
+ rules
+
+-------------------------------------------------------------------
+Mon Jan 14 15:51:20 UTC 2013 - hrvoje.sen...@gmail.com
+
+- Update to 0.110
+ + Set XAUTHORITY environment variable if is unset
+ + Use mutex and condition variables properly
+ + Build fixes.
+- Changes from version 0.109:
+ + Include gmodule-2.0 to avoid linker errors
+ + Don't require libmozjs185 devel packages for polkit rules
+ to work
+- Drop polkit-link-gmodule.patch and polkit-libmozjs.patch, those
+ are merged upstream
+
+-------------------------------------------------------------------
+Wed Jan 9 14:08:57 UTC 2013 - sasc...@suse.de
+
+- Only mark the following files as %config, not %config(noreplace):
+ + %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
+ + %{_sysconfdir}/pam.d/polkit-1
+ + %{_sysconfdir}/polkit-1/rules.d/50-default.rules
+ PolicyKit's own config files should only be changed for good reason
+ and we want to prefer openSUSE's defaults (you still get an .rpmsafe
+ file)
+
+-------------------------------------------------------------------
+Mon Dec 10 07:45:47 UTC 2012 - dims...@opensuse.org
+
+- Add polkit-libmozjs.patch: dlopen libmozjs185.so.1.0 instead of
+ libmozjs185.so, which is packaged in the -devel package
+ (bnc#793562)
+
+-------------------------------------------------------------------
+Thu Nov 15 21:31:19 UTC 2012 - dims...@opensuse.org
+
+- Update to version 0.108:
+ + PolkitAgent: Avoid crashing if initializing the server object
+ fails
+ + Fall back to authenticating as uid 0 if the list of admin
+ identities is empty
+ + Dynamically load libmozjs185.so and cope with it not being
+ available
+ + docs: mention the audience for authorization rules
+ + build: Fix .gir generation for parallel make
+- Only conditionally Require ConsoleKit when with_systemd is 0:
+ systemd support obsoletes ConsoleKit.
+- Add polkit-link-gmodule.patch: Link against gmodule-2.0.
+- Change libpolkit0 to require polkit >= %version instead of the
+ exact version. This will ease upgrade problems should there ever
+ be a soname bump of libpolkit0.
+
+-------------------------------------------------------------------
+Wed Nov 14 09:26:14 UTC 2012 - dims...@opensuse.org
+
+- Enable systemd inetegration (change with_systemd to 1): As an
+ agreed target for 12.3, systemd integration will be enabled.
+
+-------------------------------------------------------------------
+Thu Nov 8 21:34:15 UTC 2012 - a...@suse.de
+
+- Add pwdutils to prereq for groupadd and useradd.
+
+-------------------------------------------------------------------
+Thu Sep 27 07:55:23 UTC 2012 - vu...@opensuse.org
+
+- Add polkit-no-systemd.patch: this patch, only applied when not
+ building systemd support, removes the systemd service reference
+ from the dbus .service file. This is needed as the systemd
+ .service file does not get installed in that case and dbus gets
+ confused because it expects it.
+- Make %{_datadir}/polkit-1/rules.d and
+ %{_sysconfdir}/polkit-1/rules.d owned by user polkitd, as those
+ directories have 0700 as permissions.
+- Those two changes should fix polkit so it can start.
+ Fix bnc#782395.
+
+-------------------------------------------------------------------
+Tue Sep 25 09:05:02 UTC 2012 - vu...@opensuse.org
+
+- Use %{_localstatedir}/lib/polkit for $HOME of polkit user,
+ instead of %{_libexecdir}/polkit-1. The directory is manually
+ created in %install.
+
+-------------------------------------------------------------------
+Fri Sep 14 18:20:06 UTC 2012 - vu...@opensuse.org
+
+- Update to version 0.107:
+ + Try harder to look up the right localization
+ + Introduce a polkit.Result enumeration for authorization rules
+ + pkexec: add support for argv1 annotation and mention
+ shebang-wrappers
+ + doc: update guidance on situations where there is no polkit
+ authority
+- Changes from version 0.106:
+ + Major change: switch from .pkla files (keyfile-format) to
+ .rules files (JavaScript)
+ + Nuke polkitbackend library, localauthority backend and
+ extension system
+ + Run polkitd as an unprivileged user
+ + Add a systemd .service file
+ + Several other code changes.
+ + Updated documentation.
+- Changes from version 0.105:
+ + Add pkttyagent(1) helper
+ + Make it possible to influence agent registration with an a{sv}
+ parameter
+ + Several other code changes.
+- Add pkgconfig(mozjs185) BuildRequires: new dependency for the
+ authority backend.
+- Rebase polkit-no-wheel-group.patch: the admin configuration is
+ now in a .rules file.
+- Rebase polkit-suid_flags.patch.
+- Explicitly pass --enable-libsystemd-login or
+ --disable-libsystemd-login, depending on whether we build systemd
+ support.
+- Add a %pre script to create the polkitd group and user, as
+ polkitd now run as an unprivileged user.
+
+-------------------------------------------------------------------
+Wed Aug 22 15:52:30 UTC 2012 - meiss...@suse.com
+
+- also use -z now for binary hardening
+
+-------------------------------------------------------------------
+Wed Jun 13 20:54:29 CEST 2012 - vu...@opensuse.org
+
+- Package /etc/polkit-1/localauthority and its subdirectories. They
+ were forgotten because they were empty, but people might need
+ them to put .pkla files.
+
+-------------------------------------------------------------------
+Fri Feb 24 12:11:04 UTC 2012 - vu...@opensuse.org
+
+- Change the way we pass -fpie/-pie:
+ + Drop polkit-pie.patch: this was not upstreamable.
+ + Add polkit-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS
+ when building the suid binaries (pkexec and
+ polkit-agent-helper-1).
+ + Add autoconf, automake and libtool BuildRequires, and call
+ autoreconf, for the new patch.
+ + Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build.
++++ 271 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.1:Update/.polkit.3408.new/polkit.changes
New:
----
baselibs.conf
polkit-0.112.tar.gz
polkit-no-kded-leak.patch
polkit-no-systemd.patch
polkit-no-wheel-group.patch
polkit.changes
polkit.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ polkit.spec ++++++
#
# spec file for package polkit
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define with_systemd 1
%if 0%{with_systemd}
%define systemdsystemunitdir %(pkg-config --variable systemdsystemunitdir
systemd)
%endif
Name: polkit
Summary: PolicyKit Authorization Framework
License: LGPL-2.1+
Group: System/Libraries
Version: 0.112
Release: 0
Url: http://www.freedesktop.org/wiki/Software/polkit/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source0:
http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
Source99: baselibs.conf
# PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vu...@opensuse.org -- In
openSUSE, there's no special meaning for the wheel group, so we shouldn't allow
it to be admin
Patch0: polkit-no-wheel-group.patch
# PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377
vu...@opensuse.org -- Do not reference non-existing polkit.service file for
systemd (only applied if not built with systemd support)
Patch1: polkit-no-systemd.patch
# PATCH-FIX-UPSTREAM polkit-no-kded-leak -- attemp to fix leaking of kded
# duirng long periods of time while in lockscreen due to powerdevil managing
Patch2: polkit-no-kded-leak.patch
# needed for patch1
BuildRequires: autoconf
# needed for patch1
BuildRequires: automake
BuildRequires: glib2-devel >= 2.30.0
BuildRequires: gobject-introspection-devel >= 0.6.2
BuildRequires: gtk-doc
# gtk-doc drags indirectyly ruby in for one of the helpers. This in turn causes
a build cycle.
#!BuildIgnore: ruby
BuildRequires: intltool
BuildRequires: libexpat-devel
# needed for patch1 and patch3
BuildRequires: libtool
BuildRequires: pam-devel
%if 0%{?with_systemd}
BuildRequires: systemd-devel
%endif
%if 0%{?suse_version} >= 1310
BuildRequires: pkgconfig(mozjs-17.0)
%else
BuildRequires: pkgconfig(mozjs185)
%endif
PreReq: permissions pwdutils
%if ! %{with_systemd}
Requires: ConsoleKit
%endif
Requires: dbus-1
Requires: libpolkit0 = %{version}-%{release}
%if %{with_systemd}
%systemd_requires
%endif
# Upstream First - Policy:
# Never add any patches to this package without the upstream commit id
# in the patch. Any patches added here without a very good reason to make
# an exception will be silently removed with the next version update.
%description
PolicyKit is a toolkit for defining and handling authorizations.
It is used for allowing unprivileged processes to speak to privileged
processes.
%package devel
Summary: Development files for PolicyKit
Group: Development/Libraries/C and C++
Requires: %name = %{version}-%{release}
Requires: libpolkit0 = %{version}
Requires: pkgconfig
Requires: typelib-1_0-Polkit-1_0 = %{version}
%description devel
Development files for PolicyKit Authorization Framework.
%package doc
Summary: Development documentation for PolicyKit
Group: Development/Libraries/C and C++
%if 0%{?suse_version} >= 1120
BuildArch: noarch
%endif
%description doc
Development documentation for PolicyKit Authorization Framework.
%package -n libpolkit0
Summary: PolicyKit Authorization Framework -- Libraries
Group: System/Libraries
Requires: %{name} >= %{version}
%description -n libpolkit0
PolicyKit is a toolkit for defining and handling authorizations.
It is used for allowing unprivileged processes to speak to privileged
processes.
This package contains the libraries only.
%package -n typelib-1_0-Polkit-1_0
Summary: PolicyKit Authorization Framework -- Introspection bindings
Group: System/Libraries
%description -n typelib-1_0-Polkit-1_0
PolicyKit is a toolkit for defining and handling authorizations.
It is used for allowing unprivileged processes to speak to privileged
processes.
This package provides the GObject Introspection bindings for PolicyKit.
%prep
%setup -q
%patch0 -p1
%if !(0%{?with_systemd})
%patch1 -p1
%endif
%patch2 -p1
%build
export V=1
# needed for patch1
autoreconf -fi
export SUID_CFLAGS="-fPIE"
export SUID_LDFLAGS="-z now -pie"
%configure \
--with-os-type=suse \
--enable-gtk-doc \
--with-pic \
--disable-static \
--enable-introspection \
--enable-examples \
%if 0%{?with_systemd}
--enable-libsystemd-login \
%else
--disable-libsystemd-login \
%endif
--libexecdir=%{_libexecdir}/polkit-1
make %{?_smp_mflags}
%install
%make_install
rm $RPM_BUILD_ROOT%{_libdir}/*.la
# create $HOME for polkit user
install -d %{buildroot}%{_localstatedir}/lib/polkit
%find_lang polkit-1
%clean
rm -rf $RPM_BUILD_ROOT
%pre
getent group polkitd > /dev/null || groupadd -r polkitd
getent passwd polkitd > /dev/null || useradd -r -g polkitd -d
%{_localstatedir}/lib/polkit -s /sbin/nologin -c "User for polkitd" polkitd
%if %{with_systemd}
%service_add_pre polkit.service
%endif
exit 0
%if %{with_systemd}
%preun
%service_del_preun polkit.service
%postun
%service_del_postun polkit.service
%endif
%post
%set_permissions %{_bindir}/pkexec
%set_permissions %{_prefix}/lib/polkit-1/polkit-agent-helper-1
%if %{with_systemd}
%service_add_post polkit.service
%endif
%verifyscript
%verify_permissions -e %{_bindir}/pkexec
%verify_permissions -e %{_prefix}/lib/polkit-1/polkit-agent-helper-1
%post -n libpolkit0 -p /sbin/ldconfig
%postun -n libpolkit0 -p /sbin/ldconfig
%files -n libpolkit0
%defattr(-,root,root,-)
%{_libdir}/libpolkit-agent-1.so.*
%{_libdir}/libpolkit-gobject-1.so.*
%files -n typelib-1_0-Polkit-1_0
%defattr(-,root,root,-)
%{_libdir}/girepository-1.0/Polkit-1.0.typelib
%{_libdir}/girepository-1.0/PolkitAgent-1.0.typelib
%files -f polkit-1.lang
%defattr(-,root,root,-)
%doc COPYING
%{_mandir}/man1/pkexec.1%{?ext_man}
%{_mandir}/man1/pkaction.1%{?ext_man}
%{_mandir}/man1/pkcheck.1%{?ext_man}
%{_mandir}/man1/pkttyagent.1%{?ext_man}
%{_mandir}/man8/polkitd.8%{?ext_man}
%{_mandir}/man8/polkit.8%{?ext_man}
%dir %{_datadir}/dbus-1
%dir %{_datadir}/dbus-1/system-services
%{_datadir}/dbus-1/system-services/org.freedesktop.PolicyKit1.service
%dir %{_datadir}/polkit-1
%dir %{_datadir}/polkit-1/actions
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
%dir %{_sysconfdir}/dbus-1
%dir %{_sysconfdir}/dbus-1/system.d
%config %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%config %{_sysconfdir}/pam.d/polkit-1
%dir %{_sysconfdir}/polkit-1
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
%config %{_sysconfdir}/polkit-1/rules.d/50-default.rules
%{_bindir}/pkaction
%{_bindir}/pkcheck
%verify(not mode) %attr(4755,root,root) %{_bindir}/pkexec
%{_bindir}/pkttyagent
%dir %{_libexecdir}/polkit-1
%{_libexecdir}/polkit-1/polkitd
%verify(not mode) %attr(4755,root,root)
%{_prefix}/lib/polkit-1/polkit-agent-helper-1
# $HOME for polkit user
%dir %{_localstatedir}/lib/polkit
%if %{with_systemd}
%{systemdsystemunitdir}/polkit.service
%endif
%files devel
%defattr(-,root,root,-)
%{_libdir}/libpolkit-agent-1.so
%{_libdir}/libpolkit-gobject-1.so
%{_libdir}/pkgconfig/polkit-agent-1.pc
%{_libdir}/pkgconfig/polkit-gobject-1.pc
%{_includedir}/polkit-1/
%{_bindir}/pk-example-frobnicate
%{_datadir}/gir-1.0/*.gir
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy
%files doc
%defattr(-,root,root,-)
%doc NEWS
%doc %{_datadir}/gtk-doc/html/polkit-1/
%changelog
++++++ baselibs.conf ++++++
libpolkit0
++++++ polkit-no-kded-leak.patch ++++++
>From f4d71e0de885010494b8b0b8d62ca910011d7544 Mon Sep 17 00:00:00 2001
From: "Max A. Dednev" <ded...@rambler.ru>
Date: Sun, 11 Jan 2015 20:00:44 -0500
Subject: authority: Fix memory leak in EnumerateActions call results handler
Policykit-1 doesn't release reference counters of GVariant data for
org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This
patch fixed reference counting and following memory leak.
https://bugs.freedesktop.org/show_bug.cgi?id=88288
diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
index 75619ab..ab6d3cd 100644
--- a/src/polkit/polkitauthority.c
+++ b/src/polkit/polkitauthority.c
@@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority
*authority,
while ((child = g_variant_iter_next_value (&iter)) != NULL)
{
ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant
(child));
- g_variant_ref_sink (child);
g_variant_unref (child);
}
ret = g_list_reverse (ret);
--
cgit v0.10.2
++++++ polkit-no-systemd.patch ++++++
Index: polkit-0.107/data/org.freedesktop.PolicyKit1.service.in
===================================================================
--- polkit-0.107.orig/data/org.freedesktop.PolicyKit1.service.in
+++ polkit-0.107/data/org.freedesktop.PolicyKit1.service.in
@@ -2,4 +2,3 @@
Name=org.freedesktop.PolicyKit1
Exec=@libprivdir@/polkitd --no-debug
User=root
-SystemdService=polkit.service
++++++ polkit-no-wheel-group.patch ++++++
Index: polkit-0.107/src/polkitbackend/50-default.rules
===================================================================
--- polkit-0.107.orig/src/polkitbackend/50-default.rules
+++ polkit-0.107/src/polkitbackend/50-default.rules
@@ -8,5 +8,5 @@
// about configuring polkit.
polkit.addAdminRule(function(action, subject) {
- return ["unix-group:wheel"];
+ return ["unix-user:0"];
});
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
