Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package polkit-default-privs for
openSUSE:Factory checked in at 2021-10-11 16:48:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/polkit-default-privs (Old)
and /work/SRC/openSUSE:Factory/.polkit-default-privs.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit-default-privs"
Mon Oct 11 16:48:41 2021 rev:205 rq:924174 version:1550+20211008.9751669
Changes:
--------
---
/work/SRC/openSUSE:Factory/polkit-default-privs/polkit-default-privs.changes
2021-08-25 20:55:57.645338224 +0200
+++
/work/SRC/openSUSE:Factory/.polkit-default-privs.new.2443/polkit-default-privs.changes
2021-10-11 16:48:49.978188448 +0200
@@ -1,0 +2,16 @@
+Fri Oct 8 09:28:28 UTC 2021 - Matthias Gerstner <[email protected]>
+
+- drop backward compatibility symlink in /etc/polkit-default-privs.standard.
+ rpmlint 2.0 is now in Factory and the check there directly uses the profile
+ in /usr/etc/polkit-default-privs/profiles/standard.
+- drop polkit-whitelisting sub-package. This is now handled in rpmlint 2.0
+ internally.
+
+-------------------------------------------------------------------
+Fri Oct 08 09:22:37 UTC 2021 - [email protected]
+
+- Update to version 1550+20211008.9751669:
+ * whitelist power-profiles-daemon actions (bsc#1189900)
+ * cleanup: remove polkit-rules-whitelist.json
+
+-------------------------------------------------------------------
Old:
----
polkit-default-privs-1550+20210818.b0c41fd.tar.xz
New:
----
polkit-default-privs-1550+20211008.9751669.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ polkit-default-privs.spec ++++++
--- /var/tmp/diff_new_pack.7eHNgO/_old 2021-10-11 16:48:50.534189332 +0200
+++ /var/tmp/diff_new_pack.7eHNgO/_new 2021-10-11 16:48:50.538189339 +0200
@@ -23,7 +23,7 @@
%endif
Name: polkit-default-privs
-Version: 1550+20210818.b0c41fd
+Version: 1550+20211008.9751669
Release: 0
Summary: SUSE PolicyKit default permissions
License: GPL-2.0-or-later
@@ -66,11 +66,6 @@
make install DESTDIR=$RPM_BUILD_ROOT fillupdir="%{_fillupdir}"
mkdir -p $RPM_BUILD_ROOT/etc/polkit-1/rules.d/
> $RPM_BUILD_ROOT/etc/polkit-1/rules.d/90-default-privs.rules
-# TODO: this is a backward compatibility entry for the rpmlint-mini check for
-# polkit priv whitelistings. When rpmlint2 is fully in production we shouldn't
-# need this any more (apart from adjusting the rpmlint checker in rpmlint2
-# on the opensuse upstream branch).
-ln -s /usr/etc/polkit-default-privs/profiles/standard
$RPM_BUILD_ROOT/etc/polkit-default-privs.standard
%post
%{fillup_only -ns security polkit_default_privs}
@@ -87,14 +82,9 @@
%{profiledir}/standard
%{profiledir}/restrictive
%{basedir}/local.template
-%{_sysconfdir}/polkit-default-privs.standard
/sbin/chkstat-polkit
/sbin/set_polkit_default_privs
%_mandir/man*/*
%{_fillupdir}/sysconfig.security-polkit_default_privs
-%files -n polkit-whitelisting
-%defattr(-,root,root)
-/etc/polkit-rules-whitelist.json
-
%changelog
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.7eHNgO/_old 2021-10-11 16:48:50.570189390 +0200
+++ /var/tmp/diff_new_pack.7eHNgO/_new 2021-10-11 16:48:50.570189390 +0200
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/polkit-default-privs.git</param>
- <param
name="changesrevision">b0c41fdd805a1d1bfb286cc0fcd78f7e20d109c0</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">8f04b5e25b2404ce118f06d681bb4ef8b744251c</param></service></servicedata>
\ No newline at end of file
++++++ polkit-default-privs-1550+20210818.b0c41fd.tar.xz ->
polkit-default-privs-1550+20211008.9751669.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polkit-default-privs-1550+20210818.b0c41fd/Makefile
new/polkit-default-privs-1550+20211008.9751669/Makefile
--- old/polkit-default-privs-1550+20210818.b0c41fd/Makefile 2021-08-18
14:57:31.000000000 +0200
+++ new/polkit-default-privs-1550+20211008.9751669/Makefile 2021-10-08
11:05:53.000000000 +0200
@@ -28,8 +28,6 @@
install -m 644 etc/sysconfig.security-polkit_default_privs
$(DESTDIR)$(fillupdir)
# create a safe directory for potential custom profiles
install -d $(DESTDIR)/etc/polkit-default-privs
- # TODO: remove whitelist.json once rpmlint2 is in place
- install -m 644 etc/polkit-rules-whitelist.json $(DESTDIR)/etc
install -m 644 README.md $(DESTDIR)$(docdir)/polkit-default-privs
@for src in $(manpages); do \
page=`basename $$src` \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/polkit-default-privs-1550+20210818.b0c41fd/README.md
new/polkit-default-privs-1550+20211008.9751669/README.md
--- old/polkit-default-privs-1550+20210818.b0c41fd/README.md 2021-08-18
14:57:31.000000000 +0200
+++ new/polkit-default-privs-1550+20211008.9751669/README.md 2021-10-08
11:05:53.000000000 +0200
@@ -43,17 +43,6 @@
broken software in extreme cases. We are trying to catch theses cases and
patch our packages or improve upstream code.
-rules.d whitelisting
---------------------
-
-Polkit uses Java Script snippets to allow customization of the authentication
-process. Additional rule files can be installed in `/etc/polkit-1/rules.d` and
-`/usr/share/polkit-1/rules.d`. These files are independent of the polkit
-profiles implemented by polkit-default-privs. Therefore a separate
-whitelisting for them is managed in this repository found in
-`etc/polkit-rules-whitelist.json`. This whitelist is used by SUSE
-rpmlint-checks to determine valid additions to those directories.
-
Maintainer
----------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20210818.b0c41fd/etc/polkit-rules-whitelist.json
new/polkit-default-privs-1550+20211008.9751669/etc/polkit-rules-whitelist.json
---
old/polkit-default-privs-1550+20210818.b0c41fd/etc/polkit-rules-whitelist.json
2021-08-18 14:57:31.000000000 +0200
+++
new/polkit-default-privs-1550+20211008.9751669/etc/polkit-rules-whitelist.json
1970-01-01 01:00:00.000000000 +0100
@@ -1,114 +0,0 @@
-{
- "polkit-default-privs": {
- "audits": {
- "bsc#1125314": {
- "comment": "rules dynamically generated by our
own polkit profile tooling",
- "digests": {
-
"/etc/polkit-1/rules.d/90-default-privs.rules": "skip:<none>"
- }
- }
- }
- },
- "polkit": {
- "audits": {
- "bsc#1125314": {
- "comment": "default rule shipped by polkit,
allows uid 0 to do everything",
- "digests": {
-
"/usr/share/polkit-1/rules.d/50-default.rules":
"sha256:aea3041de2c15db8683620de8533206e50241c309eb27893605d5ead17e5e75f"
- }
- }
- }
- },
- "systemd": {
- "audits": {
- "bsc#1125438": {
- "comment": "allows systemd-networkd to set
hostname and timezone from DHCP information",
- "digests": {
-
"/usr/share/polkit-1/rules.d/60-systemd-networkd.rules":
"sha256:bf10f0b71878f90516b89d205a7fb2f8363cec6614ec717da88c2acf49c276a5"
- }
- }
- }
- },
- "systemd-network": {
- "audits": {
- "bsc#1125438": {
- "comment": "allows systemd-networkd to set
hostname and timezone from DHCP information",
- "digests": {
-
"/usr/share/polkit-1/rules.d/60-systemd-networkd.rules":
"sha256:bf10f0b71878f90516b89d205a7fb2f8363cec6614ec717da88c2acf49c276a5"
- }
- },
- "bsc#1185469": {
- "comment": "minor non-functional incremental
change",
- "digests": {
-
"/usr/share/polkit-1/rules.d/60-systemd-networkd.rules":
"sha256:f199e386a9297858331b00df07ed0b0ee5fcf4bea67f6c0bccc8a92b7e310bbd"
- }
- }
- }
- },
- "flatpak": {
- "audits": {
- "bsc#984817": {
- "comment": "allows the wheel group to operate
in a passwordless fashion. this is an exception at the moment since normally we
don't follow the special meaning of 'wheel'",
- "digests": {
-
"/usr/share/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules":
"sha256:a439399ec33c8909e935e68d2daf3a76dff411d94ade3a8e15243a7da68a7005"
- }
- },
- "bsc#1161091": {
- "comment": "flatpak 1.6 changes the rule file
to add override-parental-controls. Requires AUTH_ADMIN",
- "digests": {
-
"/usr/share/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules":
"sha256:89e33e299ddf829a6302e855c005931a1f703c64696b86c423fb2851e225fbaf"
- }
- }
- }
- },
- "libvirt-daemon": {
- "audits": {
- "bsc#1125314": {
- "comment": "allows members of the group
libvirt to manage libvirt without password",
- "digests": {
-
"/usr/share/polkit-1/rules.d/50-libvirt.rules":
"sha256:18ecc523dec42f91c679143043c9b28ef82eac68d1729a21d371c18eb93f2a18"
- }
- }
- }
- },
- "gnome-initial-setup": {
- "audits": {
- "bsc#1125432": {
- "comment": "Allows gnome-initial-session to
configure the system after input is collected from the user",
- "digests": {
-
"/usr/share/polkit-1/rules.d/20-gnome-initial-setup.rules":
"sha256:6daefe0a835dc1b34513302f393e98089c137602823f41fd0c3dd984c40902d8"
- }
- }
- }
- },
- "libvirt-dbus": {
- "audits": {
- "bsc#1173093": {
- "comment": "Allows the libvirt-dbus daemon to
run unprivileged but still control libvirt",
- "digests": {
-
"/usr/share/polkit-1/rules.d/libvirt-dbus.rules":
"sha256:1ae3b094d372d0108f34b58f577d133fdf0c9527bd5b72edf1d22a13daa74f6e"
- }
- }
- }
- },
- "malcontent": {
- "audits": {
- "bsc#1177974": {
- "comment": "Allows wheel members to bypass
parental controls. We allow this as an exception (granting implicit
authorization to wheel) since this is not security relevant per se.",
- "digests": {
-
"/usr/share/polkit-1/rules.d/com.endlessm.ParentalControls.rules":
"sha256:4dca105e78ff95c2317386d4df4f959f0c055eec13e12c34c48084b9bbb385b4"
- }
- }
- }
- },
- "brltty": {
- "audits": {
- "bsc#1180593": {
- "comment": "Allows members of 'brltty' to
implicitly get polkit authorization",
- "digests": {
-
"/usr/share/polkit-1/rules.d/org.a11y.brlapi.rules":
"sha256:f8f1dc555dfc72fd95263e107cd87f44b3d1ce899dbdc0f11b7dfbccaa92a434"
- }
- }
- }
- }
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20210818.b0c41fd/profiles/easy
new/polkit-default-privs-1550+20211008.9751669/profiles/easy
--- old/polkit-default-privs-1550+20210818.b0c41fd/profiles/easy
2021-08-18 14:57:31.000000000 +0200
+++ new/polkit-default-privs-1550+20211008.9751669/profiles/easy
2021-10-08 11:05:53.000000000 +0200
@@ -723,3 +723,7 @@
# zypp-gui repository manager (bsc#1188364)
zypp.gui.pkexec.run auth_admin:auth_admin:auth_admin_keep
+
+# a daemon that deals with system power settings (bsc#1189900)
+net.hadess.PowerProfiles.switch-profile auth_admin:yes:yes
+net.hadess.PowerProfiles.hold-profile auth_admin:yes:yes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20210818.b0c41fd/profiles/restrictive
new/polkit-default-privs-1550+20211008.9751669/profiles/restrictive
--- old/polkit-default-privs-1550+20210818.b0c41fd/profiles/restrictive
2021-08-18 14:57:31.000000000 +0200
+++ new/polkit-default-privs-1550+20211008.9751669/profiles/restrictive
2021-10-08 11:05:53.000000000 +0200
@@ -724,3 +724,7 @@
# zypp-gui repository manager (bsc#1188364)
zypp.gui.pkexec.run no:no:auth_admin_keep
+
+# a daemon that deals with system power settings (bsc#1189900)
+net.hadess.PowerProfiles.switch-profile no:no:yes
+net.hadess.PowerProfiles.hold-profile no:no:yes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/polkit-default-privs-1550+20210818.b0c41fd/profiles/standard
new/polkit-default-privs-1550+20211008.9751669/profiles/standard
--- old/polkit-default-privs-1550+20210818.b0c41fd/profiles/standard
2021-08-18 14:57:31.000000000 +0200
+++ new/polkit-default-privs-1550+20211008.9751669/profiles/standard
2021-10-08 11:05:53.000000000 +0200
@@ -725,3 +725,7 @@
# zypp-gui repository manager (bsc#1188364)
zypp.gui.pkexec.run auth_admin:auth_admin:auth_admin_keep
+
+# a daemon that deals with system power settings (bsc#1189900)
+net.hadess.PowerProfiles.switch-profile no:no:yes
+net.hadess.PowerProfiles.hold-profile no:no:yes
