Hello community, here is the log from the commit of package colord for openSUSE:Factory checked in at 2012-01-09 12:03:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/colord (Old) and /work/SRC/openSUSE:Factory/.colord.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "colord", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/colord/colord.changes 2011-11-02 13:11:32.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.colord.new/colord.changes 2012-01-09 12:03:09.000000000 +0100 @@ -1,0 +2,58 @@ +Thu Dec 8 20:25:09 UTC 2011 - [email protected] + +- Split typelib file into typelib-1_0-Colord-1_0 subpackage. +- Add typelib-1_0-Colord-1_0 Requires to libcolord-devel + subpackage. + +------------------------------------------------------------------- +Tue Dec 6 16:06:22 UTC 2011 - [email protected] + +- Run the colord daemon as user colord (bnc#698250): + + Add colord-polkit-annotate-owner.patch: add + org.freedesktop.policykit.owner annotations to policy file so + that running as colord user works. + + Add a %pre script to create the colord user and change + ownership of /var/lib/colord. + + Add pwdutils Requires(pre), to make sure we can create the + user. + + Pass --with-daemon-user=colord to configure. + + Package /var/lib/colord with the right user. + + Add libtool BuildRequires and calls to autoreconf and + intltoolize, as needed by above patch. + +------------------------------------------------------------------- +Tue Nov 29 21:27:11 UTC 2011 - [email protected] + +- Update to version 0.1.15: + + This release fixes an important security bug: CVE-2011-4349. + + New Features: + - Add a native driver for the Hughski ColorHug hardware + - Export cd-math as three projects are now using it + + Bugfixes: + - Documentation fixes and improvements + - Do not crash the daemon if adding the device to the db failed + - Do not match any sensor device with a kernel driver + - Don't be obscure when the user passes a device-id to colormgr + - Fix a memory leak when getting properties from a device + - Fix colormgr device-get-default-profile + - Fix some conection bugs in colormgr + - Fix some potential SQL injections + - Make gusb optional + - Only use the udev USB helper if the PID and VID have matches + - Output the Huey calibration matrices when dumping the sensor + +------------------------------------------------------------------- +Wed Nov 16 10:27:26 UTC 2011 - [email protected] + +- Update to version 0.1.14: + + New Features: + - Add defines for the i1 Display 3 + - Add two more DATA_source values to the specification + - Align the output from colormgr get-devices and get-profiles + - Allow cd-fix-profile to append and edit new metadata + + Bugfixes: + - Ensure non-native device are added with no driver module + - Split the sensor and device udev code + + Updated translations. + +------------------------------------------------------------------- Old: ---- colord-0.1.13.tar.xz New: ---- colord-0.1.15.tar.xz colord-polkit-annotate-owner.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ colord.spec ++++++ --- /var/tmp/diff_new_pack.JH0w8b/_old 2012-01-09 12:03:10.000000000 +0100 +++ /var/tmp/diff_new_pack.JH0w8b/_new 2012-01-09 12:03:10.000000000 +0100 @@ -15,19 +15,21 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - - Name: colord -Version: 0.1.13 -Release: 1 -License: GPLv2+ +Version: 0.1.15 +Release: 0 Summary: System Daemon for Managing Color Devices -Url: http://colord.hughsie.com/ +License: GPL-2.0+ Group: System/Daemons +Url: http://colord.hughsie.com/ Source0: http://www.freedesktop.org/software/colord/releases/%{name}-%{version}.tar.xz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM colord-polkit-annotate-owner.patch [email protected] -- Add org.freedesktop.policykit.owner annotations to policy file; will enter git very soon +Patch1: colord-polkit-annotate-owner.patch BuildRequires: gobject-introspection-devel BuildRequires: intltool +# needed for patch1 +BuildRequires: libtool BuildRequires: sane-backends-devel BuildRequires: vala # Only needed because we don't (and won't) support building xz tarballs by default... See bnc#697467 @@ -43,6 +45,7 @@ BuildRequires: pkgconfig(libusb-1.0) >= 1.0.0 BuildRequires: pkgconfig(polkit-gobject-1) BuildRequires: pkgconfig(sqlite3) +Requires(pre): pwdutils Requires: shared-color-profiles Recommends: %{name}-lang BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -62,10 +65,23 @@ It is used by gnome-color-manager for system integration and use when there are no users logged in. +%package -n typelib-1_0-Colord-1_0 +Summary: System Daemon for Managing Color Devices -- Introspection bindings +Group: System/Libraries + +%description -n typelib-1_0-Colord-1_0 +colord is a system activated daemon that maps devices to color profiles. +It is used by gnome-color-manager for system integration and use when +there are no users logged in. + +This package provides the GObject Introspection bindings for the +libcolord library. + %package -n libcolord-devel Summary: System Daemon for Managing Color Devices -- Development Files Group: Development/Languages/C and C++ Requires: libcolord1 = %{version} +Requires: typelib-1_0-Colord-1_0 = %{version} %description -n libcolord-devel colord is a system activated daemon that maps devices to color profiles. @@ -75,11 +91,16 @@ %lang_package %prep %setup -q +%patch1 -p1 %build +# needed for patch1 +autoreconf -fi +intltoolize --force %configure \ --disable-static \ - --enable-polkit + --enable-polkit \ + --with-daemon-user=colord make %{?_smp_mflags} %install @@ -96,6 +117,13 @@ popd %find_lang %{name} +%pre +getent group colord >/dev/null || groupadd -r colord +getent passwd colord >/dev/null || useradd -r -g colord -d %{_localstatedir}/lib/colord -s /sbin/nologin -c "user for colord" colord +# Fix ownership of /var/lib/colord from first packages (in 12.1) +test ! -d %{_localstatedir}/lib/colord || chown -R colord:colord %{_localstatedir}/lib/colord +exit 0 + %post -n libcolord1 -p /sbin/ldconfig %postun -n libcolord1 -p /sbin/ldconfig @@ -104,6 +132,7 @@ %defattr(-,root,root) %doc AUTHORS ChangeLog COPYING NEWS README /lib/udev/rules.d/*.rules +%attr(755,colord,colord) %dir %{_localstatedir}/lib/colord %config(noreplace) %{_sysconfdir}/%{name}.conf %{_sysconfdir}/dbus-1/system.d/org.freedesktop.ColorManager.conf %{_bindir}/cd-create-profile @@ -122,6 +151,9 @@ %files -n libcolord1 %defattr(-, root, root) %{_libdir}/libcolord.so.* + +%files -n typelib-1_0-Colord-1_0 +%defattr(-,root,root) %{_libdir}/girepository-1.0/Colord-1.0.typelib %files -n libcolord-devel ++++++ colord-polkit-annotate-owner.patch ++++++ commit 9f088d598187b1bddd0ce4fb97a56d61564d8381 Author: Vincent Untz <[email protected]> Date: Tue Dec 6 10:40:21 2011 +0100 Add org.freedesktop.policykit.owner annotations to .policy file We only add those annotations when the daemon is configured to run as non-root. diff --git a/policy/Makefile.am b/policy/Makefile.am index 85e3ecc..272675b 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -1,9 +1,16 @@ +org.freedesktop.color.policy.in: org.freedesktop.color.policy.in.in Makefile.am + $(AM_V_GEN)if test "x$(daemon_user)" != "xroot"; then \ + sed -e "s|<@ANNOTATE_OWNER@/>|<annotate key=\"org.freedesktop.policykit.owner\">unix-user:$(daemon_user)</annotate>|g" $< > $@ ; \ + else \ + sed -e "/^\s*<@ANNOTATE_OWNER@\/>\s*$$/d;s|<@ANNOTATE_OWNER@/>||g" $< > $@ ; \ + fi + @INTLTOOL_POLICY_RULE@ polkit_policydir = $(datadir)/polkit-1/actions -dist_polkit_policy_DATA = \ +polkit_policy_DATA = \ org.freedesktop.color.policy -EXTRA_DIST = org.freedesktop.color.policy.in -DISTCLEANFILES = org.freedesktop.color.policy +EXTRA_DIST = org.freedesktop.color.policy.in.in +DISTCLEANFILES = org.freedesktop.color.policy org.freedesktop.color.policy.in -include $(top_srcdir)/git.mk diff --git a/policy/org.freedesktop.color.policy.in b/policy/org.freedesktop.color.policy.in deleted file mode 100644 index a5bcfaf..0000000 --- a/policy/org.freedesktop.color.policy.in +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE policyconfig PUBLIC - "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" - "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";> -<policyconfig> - - <!-- - Policy definitions for System Color Manager actions. - Copyright (c) 2010 Richard Hughes <[email protected]> - --> - - <vendor>System Color Manager</vendor> - <vendor_url>http://www.freedesktop.org/projects/system-color-manager/</vendor_url> - <icon_name>application-vnd.iccprofile</icon_name> - - <action id="org.freedesktop.color-manager.create-device"> - <!-- SECURITY: - - Normal users should not have to authenticate to add devices - --> - <_description>Create a color managed device</_description> - <_message>Authentication is required to create a color managed device</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.freedesktop.color-manager.create-profile"> - <!-- SECURITY: - - Normal users should not have to authenticate to add profiles - --> - <_description>Create a color profile</_description> - <_message>Authentication is required to create a color profile</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.freedesktop.color-manager.delete-device"> - <!-- SECURITY: - - Normal users should not have to authenticate to delete devices - --> - <_description>Remove a color managed device</_description> - <_message>Authentication is required to remove a color managed device</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.freedesktop.color-manager.delete-profile"> - <!-- SECURITY: - - Normal users should not have to authenticate to delete profiles - --> - <_description>Remove a color profile</_description> - <_message>Authentication is required to remove a color profile</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.freedesktop.color-manager.modify-device"> - <!-- SECURITY: - - Normal users should not have to authenticate to modify devices - --> - <_description>Modify color settings for a device</_description> - <_message>Authentication is required to modify the color settings for a device</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.freedesktop.color-manager.modify-profile"> - <!-- SECURITY: - - Normal users should not have to authenticate to modify profiles - --> - <_description>Modify a color profile</_description> - <_message>Authentication is required to modify a color profile</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.freedesktop.color-manager.install-system-wide"> - <!-- SECURITY: - - Normal users require admin authentication to install files system - wide to apply color profiles for sessions that have not explicitly - chosen profiles to apply. - - This should not be set to 'yes' as unprivileged users could then - set a profile set to all-white or all-black and thus make the - other sessions unusable. - --> - <_description>Install system color profiles</_description> - <_message>Authentication is required to install the color profile for all users</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep</allow_active> - </defaults> - </action> - - <action id="org.freedesktop.color-manager.device-inhibit"> - <!-- SECURITY: - - Normal users should not have to authenticate to profile - devices. - --> - <_description>Inhibit color profile selection</_description> - <_message>Authentication is required to disable profile matching for a device</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - - <action id="org.freedesktop.color-manager.sensor-lock"> - <!-- SECURITY: - - Normal users should not have to authenticate to use the - colorimeter device. - --> - <_description>Use color sensor</_description> - <_message>Authentication is required to use the color sensor</_message> - <icon_name>application-vnd.iccprofile</icon_name> - <defaults> - <allow_any>no</allow_any> - <allow_inactive>no</allow_inactive> - <allow_active>yes</allow_active> - </defaults> - </action> - -</policyconfig> - diff --git a/policy/org.freedesktop.color.policy.in.in b/policy/org.freedesktop.color.policy.in.in new file mode 100644 index 0000000..4570f8f --- /dev/null +++ b/policy/org.freedesktop.color.policy.in.in @@ -0,0 +1,159 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd";> +<policyconfig> + + <!-- + Policy definitions for System Color Manager actions. + Copyright (c) 2010 Richard Hughes <[email protected]> + --> + + <vendor>System Color Manager</vendor> + <vendor_url>http://www.freedesktop.org/projects/system-color-manager/</vendor_url> + <icon_name>application-vnd.iccprofile</icon_name> + + <action id="org.freedesktop.color-manager.create-device"> + <!-- SECURITY: + - Normal users should not have to authenticate to add devices + --> + <_description>Create a color managed device</_description> + <_message>Authentication is required to create a color managed device</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + + <action id="org.freedesktop.color-manager.create-profile"> + <!-- SECURITY: + - Normal users should not have to authenticate to add profiles + --> + <_description>Create a color profile</_description> + <_message>Authentication is required to create a color profile</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + + <action id="org.freedesktop.color-manager.delete-device"> + <!-- SECURITY: + - Normal users should not have to authenticate to delete devices + --> + <_description>Remove a color managed device</_description> + <_message>Authentication is required to remove a color managed device</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + + <action id="org.freedesktop.color-manager.delete-profile"> + <!-- SECURITY: + - Normal users should not have to authenticate to delete profiles + --> + <_description>Remove a color profile</_description> + <_message>Authentication is required to remove a color profile</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + + <action id="org.freedesktop.color-manager.modify-device"> + <!-- SECURITY: + - Normal users should not have to authenticate to modify devices + --> + <_description>Modify color settings for a device</_description> + <_message>Authentication is required to modify the color settings for a device</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + + <action id="org.freedesktop.color-manager.modify-profile"> + <!-- SECURITY: + - Normal users should not have to authenticate to modify profiles + --> + <_description>Modify a color profile</_description> + <_message>Authentication is required to modify a color profile</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + + <action id="org.freedesktop.color-manager.install-system-wide"> + <!-- SECURITY: + - Normal users require admin authentication to install files system + wide to apply color profiles for sessions that have not explicitly + chosen profiles to apply. + - This should not be set to 'yes' as unprivileged users could then + set a profile set to all-white or all-black and thus make the + other sessions unusable. + --> + <_description>Install system color profiles</_description> + <_message>Authentication is required to install the color profile for all users</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + + <action id="org.freedesktop.color-manager.device-inhibit"> + <!-- SECURITY: + - Normal users should not have to authenticate to profile + devices. + --> + <_description>Inhibit color profile selection</_description> + <_message>Authentication is required to disable profile matching for a device</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + + <action id="org.freedesktop.color-manager.sensor-lock"> + <!-- SECURITY: + - Normal users should not have to authenticate to use the + colorimeter device. + --> + <_description>Use color sensor</_description> + <_message>Authentication is required to use the color sensor</_message> + <icon_name>application-vnd.iccprofile</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>yes</allow_active> + </defaults> + <@ANNOTATE_OWNER@/> + </action> + +</policyconfig> + -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
