Hello community, here is the log from the commit of package polkit.3408 for openSUSE:13.1:Update checked in at 2015-01-19 14:51:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/polkit.3408 (Old) and /work/SRC/openSUSE:13.1:Update/.polkit.3408.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit.3408" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.polkit.3408.new/polkit.changes 2015-01-19 14:51:16.000000000 +0100 @@ -0,0 +1,468 @@ +------------------------------------------------------------------- +Mon Jan 12 13:21:20 UTC 2015 - tchva...@suse.com + +- Try to fix kded leaking due to powerdevil exposing this issue in + polkit (kde#271934, fdo#88288, bsc#912889): + * polkit-no-kded-leak.patch + +------------------------------------------------------------------- +Fri Sep 27 08:16:34 UTC 2013 - t...@opensuse.org + +- Fixed URL + +------------------------------------------------------------------- +Thu Sep 19 01:13:08 UTC 2013 - hrvoje.sen...@gmail.com + +- Update to 0.112 + + polkitunixprocess: Deprecate racy APIs + + pkcheck: Support --process=pid,start-time,uid syntax too + (CVE-2013-4288) + + Use GOnce for interface type registration + + Add czech translation po file to distribution + + Update the czech once more with newest pot file + +------------------------------------------------------------------- +Fri Jul 5 11:50:44 UTC 2013 - dims...@opensuse.org + +- On openSUSE 13.1+, switch from mozjs185 to mozjs-17.0 by: + + Conditionally BuildRequire pkgconfig(mozjs-17.0). +- Drop libmozjs185-1_0 Recommends: the library is actually required + and auto-detected as such by rpm (from 0.111 changes: "The + JavaScript interpreter is now mandatory"). + +------------------------------------------------------------------- +Fri Jun 14 20:34:39 UTC 2013 - hrvoje.sen...@gmail.com + +- Update to 0.111 + + Both js185 and mozjs17 versions of SpiderMonkey are supported + + The JavaScript interpreter is now mandatory + + Fixed various memory leaks + + Respect SUID_CFLAGS and SUID_LDFLAGS + + Set process environment from pam_getenvlist() + + Fix the build with automake 1.13 +- Drop polkit-suid_flags.patch and automake-113.patch, those + patches are included in this release + +------------------------------------------------------------------- +Thu Apr 11 01:17:21 UTC 2013 - hrvoje.sen...@gmail.com + +- Add automake-113.patch, fixes build with automake-1.13 + +------------------------------------------------------------------- +Mon Feb 18 19:47:33 UTC 2013 - g...@opensuse.org + +- Recommend libmozjs185-1_0 which is dlopen'ed and required for JS + rules + +------------------------------------------------------------------- +Mon Jan 14 15:51:20 UTC 2013 - hrvoje.sen...@gmail.com + +- Update to 0.110 + + Set XAUTHORITY environment variable if is unset + + Use mutex and condition variables properly + + Build fixes. +- Changes from version 0.109: + + Include gmodule-2.0 to avoid linker errors + + Don't require libmozjs185 devel packages for polkit rules + to work +- Drop polkit-link-gmodule.patch and polkit-libmozjs.patch, those + are merged upstream + +------------------------------------------------------------------- +Wed Jan 9 14:08:57 UTC 2013 - sasc...@suse.de + +- Only mark the following files as %config, not %config(noreplace): + + %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf + + %{_sysconfdir}/pam.d/polkit-1 + + %{_sysconfdir}/polkit-1/rules.d/50-default.rules + PolicyKit's own config files should only be changed for good reason + and we want to prefer openSUSE's defaults (you still get an .rpmsafe + file) + +------------------------------------------------------------------- +Mon Dec 10 07:45:47 UTC 2012 - dims...@opensuse.org + +- Add polkit-libmozjs.patch: dlopen libmozjs185.so.1.0 instead of + libmozjs185.so, which is packaged in the -devel package + (bnc#793562) + +------------------------------------------------------------------- +Thu Nov 15 21:31:19 UTC 2012 - dims...@opensuse.org + +- Update to version 0.108: + + PolkitAgent: Avoid crashing if initializing the server object + fails + + Fall back to authenticating as uid 0 if the list of admin + identities is empty + + Dynamically load libmozjs185.so and cope with it not being + available + + docs: mention the audience for authorization rules + + build: Fix .gir generation for parallel make +- Only conditionally Require ConsoleKit when with_systemd is 0: + systemd support obsoletes ConsoleKit. +- Add polkit-link-gmodule.patch: Link against gmodule-2.0. +- Change libpolkit0 to require polkit >= %version instead of the + exact version. This will ease upgrade problems should there ever + be a soname bump of libpolkit0. + +------------------------------------------------------------------- +Wed Nov 14 09:26:14 UTC 2012 - dims...@opensuse.org + +- Enable systemd inetegration (change with_systemd to 1): As an + agreed target for 12.3, systemd integration will be enabled. + +------------------------------------------------------------------- +Thu Nov 8 21:34:15 UTC 2012 - a...@suse.de + +- Add pwdutils to prereq for groupadd and useradd. + +------------------------------------------------------------------- +Thu Sep 27 07:55:23 UTC 2012 - vu...@opensuse.org + +- Add polkit-no-systemd.patch: this patch, only applied when not + building systemd support, removes the systemd service reference + from the dbus .service file. This is needed as the systemd + .service file does not get installed in that case and dbus gets + confused because it expects it. +- Make %{_datadir}/polkit-1/rules.d and + %{_sysconfdir}/polkit-1/rules.d owned by user polkitd, as those + directories have 0700 as permissions. +- Those two changes should fix polkit so it can start. + Fix bnc#782395. + +------------------------------------------------------------------- +Tue Sep 25 09:05:02 UTC 2012 - vu...@opensuse.org + +- Use %{_localstatedir}/lib/polkit for $HOME of polkit user, + instead of %{_libexecdir}/polkit-1. The directory is manually + created in %install. + +------------------------------------------------------------------- +Fri Sep 14 18:20:06 UTC 2012 - vu...@opensuse.org + +- Update to version 0.107: + + Try harder to look up the right localization + + Introduce a polkit.Result enumeration for authorization rules + + pkexec: add support for argv1 annotation and mention + shebang-wrappers + + doc: update guidance on situations where there is no polkit + authority +- Changes from version 0.106: + + Major change: switch from .pkla files (keyfile-format) to + .rules files (JavaScript) + + Nuke polkitbackend library, localauthority backend and + extension system + + Run polkitd as an unprivileged user + + Add a systemd .service file + + Several other code changes. + + Updated documentation. +- Changes from version 0.105: + + Add pkttyagent(1) helper + + Make it possible to influence agent registration with an a{sv} + parameter + + Several other code changes. +- Add pkgconfig(mozjs185) BuildRequires: new dependency for the + authority backend. +- Rebase polkit-no-wheel-group.patch: the admin configuration is + now in a .rules file. +- Rebase polkit-suid_flags.patch. +- Explicitly pass --enable-libsystemd-login or + --disable-libsystemd-login, depending on whether we build systemd + support. +- Add a %pre script to create the polkitd group and user, as + polkitd now run as an unprivileged user. + +------------------------------------------------------------------- +Wed Aug 22 15:52:30 UTC 2012 - meiss...@suse.com + +- also use -z now for binary hardening + +------------------------------------------------------------------- +Wed Jun 13 20:54:29 CEST 2012 - vu...@opensuse.org + +- Package /etc/polkit-1/localauthority and its subdirectories. They + were forgotten because they were empty, but people might need + them to put .pkla files. + +------------------------------------------------------------------- +Fri Feb 24 12:11:04 UTC 2012 - vu...@opensuse.org + +- Change the way we pass -fpie/-pie: + + Drop polkit-pie.patch: this was not upstreamable. + + Add polkit-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS + when building the suid binaries (pkexec and + polkit-agent-helper-1). + + Add autoconf, automake and libtool BuildRequires, and call + autoreconf, for the new patch. + + Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build. ++++ 271 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.polkit.3408.new/polkit.changes New: ---- baselibs.conf polkit-0.112.tar.gz polkit-no-kded-leak.patch polkit-no-systemd.patch polkit-no-wheel-group.patch polkit.changes polkit.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit.spec ++++++ # # spec file for package polkit # # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define with_systemd 1 %if 0%{with_systemd} %define systemdsystemunitdir %(pkg-config --variable systemdsystemunitdir systemd) %endif Name: polkit Summary: PolicyKit Authorization Framework License: LGPL-2.1+ Group: System/Libraries Version: 0.112 Release: 0 Url: http://www.freedesktop.org/wiki/Software/polkit/ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz Source99: baselibs.conf # PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vu...@opensuse.org -- In openSUSE, there's no special meaning for the wheel group, so we shouldn't allow it to be admin Patch0: polkit-no-wheel-group.patch # PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377 vu...@opensuse.org -- Do not reference non-existing polkit.service file for systemd (only applied if not built with systemd support) Patch1: polkit-no-systemd.patch # PATCH-FIX-UPSTREAM polkit-no-kded-leak -- attemp to fix leaking of kded # duirng long periods of time while in lockscreen due to powerdevil managing Patch2: polkit-no-kded-leak.patch # needed for patch1 BuildRequires: autoconf # needed for patch1 BuildRequires: automake BuildRequires: glib2-devel >= 2.30.0 BuildRequires: gobject-introspection-devel >= 0.6.2 BuildRequires: gtk-doc # gtk-doc drags indirectyly ruby in for one of the helpers. This in turn causes a build cycle. #!BuildIgnore: ruby BuildRequires: intltool BuildRequires: libexpat-devel # needed for patch1 and patch3 BuildRequires: libtool BuildRequires: pam-devel %if 0%{?with_systemd} BuildRequires: systemd-devel %endif %if 0%{?suse_version} >= 1310 BuildRequires: pkgconfig(mozjs-17.0) %else BuildRequires: pkgconfig(mozjs185) %endif PreReq: permissions pwdutils %if ! %{with_systemd} Requires: ConsoleKit %endif Requires: dbus-1 Requires: libpolkit0 = %{version}-%{release} %if %{with_systemd} %systemd_requires %endif # Upstream First - Policy: # Never add any patches to this package without the upstream commit id # in the patch. Any patches added here without a very good reason to make # an exception will be silently removed with the next version update. %description PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. %package devel Summary: Development files for PolicyKit Group: Development/Libraries/C and C++ Requires: %name = %{version}-%{release} Requires: libpolkit0 = %{version} Requires: pkgconfig Requires: typelib-1_0-Polkit-1_0 = %{version} %description devel Development files for PolicyKit Authorization Framework. %package doc Summary: Development documentation for PolicyKit Group: Development/Libraries/C and C++ %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description doc Development documentation for PolicyKit Authorization Framework. %package -n libpolkit0 Summary: PolicyKit Authorization Framework -- Libraries Group: System/Libraries Requires: %{name} >= %{version} %description -n libpolkit0 PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. This package contains the libraries only. %package -n typelib-1_0-Polkit-1_0 Summary: PolicyKit Authorization Framework -- Introspection bindings Group: System/Libraries %description -n typelib-1_0-Polkit-1_0 PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. This package provides the GObject Introspection bindings for PolicyKit. %prep %setup -q %patch0 -p1 %if !(0%{?with_systemd}) %patch1 -p1 %endif %patch2 -p1 %build export V=1 # needed for patch1 autoreconf -fi export SUID_CFLAGS="-fPIE" export SUID_LDFLAGS="-z now -pie" %configure \ --with-os-type=suse \ --enable-gtk-doc \ --with-pic \ --disable-static \ --enable-introspection \ --enable-examples \ %if 0%{?with_systemd} --enable-libsystemd-login \ %else --disable-libsystemd-login \ %endif --libexecdir=%{_libexecdir}/polkit-1 make %{?_smp_mflags} %install %make_install rm $RPM_BUILD_ROOT%{_libdir}/*.la # create $HOME for polkit user install -d %{buildroot}%{_localstatedir}/lib/polkit %find_lang polkit-1 %clean rm -rf $RPM_BUILD_ROOT %pre getent group polkitd > /dev/null || groupadd -r polkitd getent passwd polkitd > /dev/null || useradd -r -g polkitd -d %{_localstatedir}/lib/polkit -s /sbin/nologin -c "User for polkitd" polkitd %if %{with_systemd} %service_add_pre polkit.service %endif exit 0 %if %{with_systemd} %preun %service_del_preun polkit.service %postun %service_del_postun polkit.service %endif %post %set_permissions %{_bindir}/pkexec %set_permissions %{_prefix}/lib/polkit-1/polkit-agent-helper-1 %if %{with_systemd} %service_add_post polkit.service %endif %verifyscript %verify_permissions -e %{_bindir}/pkexec %verify_permissions -e %{_prefix}/lib/polkit-1/polkit-agent-helper-1 %post -n libpolkit0 -p /sbin/ldconfig %postun -n libpolkit0 -p /sbin/ldconfig %files -n libpolkit0 %defattr(-,root,root,-) %{_libdir}/libpolkit-agent-1.so.* %{_libdir}/libpolkit-gobject-1.so.* %files -n typelib-1_0-Polkit-1_0 %defattr(-,root,root,-) %{_libdir}/girepository-1.0/Polkit-1.0.typelib %{_libdir}/girepository-1.0/PolkitAgent-1.0.typelib %files -f polkit-1.lang %defattr(-,root,root,-) %doc COPYING %{_mandir}/man1/pkexec.1%{?ext_man} %{_mandir}/man1/pkaction.1%{?ext_man} %{_mandir}/man1/pkcheck.1%{?ext_man} %{_mandir}/man1/pkttyagent.1%{?ext_man} %{_mandir}/man8/polkitd.8%{?ext_man} %{_mandir}/man8/polkit.8%{?ext_man} %dir %{_datadir}/dbus-1 %dir %{_datadir}/dbus-1/system-services %{_datadir}/dbus-1/system-services/org.freedesktop.PolicyKit1.service %dir %{_datadir}/polkit-1 %dir %{_datadir}/polkit-1/actions %{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy %attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d %dir %{_sysconfdir}/dbus-1 %dir %{_sysconfdir}/dbus-1/system.d %config %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf %config %{_sysconfdir}/pam.d/polkit-1 %dir %{_sysconfdir}/polkit-1 %attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d %config %{_sysconfdir}/polkit-1/rules.d/50-default.rules %{_bindir}/pkaction %{_bindir}/pkcheck %verify(not mode) %attr(4755,root,root) %{_bindir}/pkexec %{_bindir}/pkttyagent %dir %{_libexecdir}/polkit-1 %{_libexecdir}/polkit-1/polkitd %verify(not mode) %attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1 # $HOME for polkit user %dir %{_localstatedir}/lib/polkit %if %{with_systemd} %{systemdsystemunitdir}/polkit.service %endif %files devel %defattr(-,root,root,-) %{_libdir}/libpolkit-agent-1.so %{_libdir}/libpolkit-gobject-1.so %{_libdir}/pkgconfig/polkit-agent-1.pc %{_libdir}/pkgconfig/polkit-gobject-1.pc %{_includedir}/polkit-1/ %{_bindir}/pk-example-frobnicate %{_datadir}/gir-1.0/*.gir %{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy %files doc %defattr(-,root,root,-) %doc NEWS %doc %{_datadir}/gtk-doc/html/polkit-1/ %changelog ++++++ baselibs.conf ++++++ libpolkit0 ++++++ polkit-no-kded-leak.patch ++++++ >From f4d71e0de885010494b8b0b8d62ca910011d7544 Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" <ded...@rambler.ru> Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. https://bugs.freedesktop.org/show_bug.cgi?id=88288 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 75619ab..ab6d3cd 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v0.10.2 ++++++ polkit-no-systemd.patch ++++++ Index: polkit-0.107/data/org.freedesktop.PolicyKit1.service.in =================================================================== --- polkit-0.107.orig/data/org.freedesktop.PolicyKit1.service.in +++ polkit-0.107/data/org.freedesktop.PolicyKit1.service.in @@ -2,4 +2,3 @@ Name=org.freedesktop.PolicyKit1 Exec=@libprivdir@/polkitd --no-debug User=root -SystemdService=polkit.service ++++++ polkit-no-wheel-group.patch ++++++ Index: polkit-0.107/src/polkitbackend/50-default.rules =================================================================== --- polkit-0.107.orig/src/polkitbackend/50-default.rules +++ polkit-0.107/src/polkitbackend/50-default.rules @@ -8,5 +8,5 @@ // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-user:0"]; }); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org