Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package polkit-default-privs for openSUSE:Factory checked in at 2021-10-11 16:48:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polkit-default-privs (Old) and /work/SRC/openSUSE:Factory/.polkit-default-privs.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit-default-privs" Mon Oct 11 16:48:41 2021 rev:205 rq:924174 version:1550+20211008.9751669 Changes: -------- --- /work/SRC/openSUSE:Factory/polkit-default-privs/polkit-default-privs.changes 2021-08-25 20:55:57.645338224 +0200 +++ /work/SRC/openSUSE:Factory/.polkit-default-privs.new.2443/polkit-default-privs.changes 2021-10-11 16:48:49.978188448 +0200 @@ -1,0 +2,16 @@ +Fri Oct 8 09:28:28 UTC 2021 - Matthias Gerstner <matthias.gerst...@suse.com> + +- drop backward compatibility symlink in /etc/polkit-default-privs.standard. + rpmlint 2.0 is now in Factory and the check there directly uses the profile + in /usr/etc/polkit-default-privs/profiles/standard. +- drop polkit-whitelisting sub-package. This is now handled in rpmlint 2.0 + internally. + +------------------------------------------------------------------- +Fri Oct 08 09:22:37 UTC 2021 - matthias.gerst...@suse.com + +- Update to version 1550+20211008.9751669: + * whitelist power-profiles-daemon actions (bsc#1189900) + * cleanup: remove polkit-rules-whitelist.json + +------------------------------------------------------------------- Old: ---- polkit-default-privs-1550+20210818.b0c41fd.tar.xz New: ---- polkit-default-privs-1550+20211008.9751669.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit-default-privs.spec ++++++ --- /var/tmp/diff_new_pack.7eHNgO/_old 2021-10-11 16:48:50.534189332 +0200 +++ /var/tmp/diff_new_pack.7eHNgO/_new 2021-10-11 16:48:50.538189339 +0200 @@ -23,7 +23,7 @@ %endif Name: polkit-default-privs -Version: 1550+20210818.b0c41fd +Version: 1550+20211008.9751669 Release: 0 Summary: SUSE PolicyKit default permissions License: GPL-2.0-or-later @@ -66,11 +66,6 @@ make install DESTDIR=$RPM_BUILD_ROOT fillupdir="%{_fillupdir}" mkdir -p $RPM_BUILD_ROOT/etc/polkit-1/rules.d/ > $RPM_BUILD_ROOT/etc/polkit-1/rules.d/90-default-privs.rules -# TODO: this is a backward compatibility entry for the rpmlint-mini check for -# polkit priv whitelistings. When rpmlint2 is fully in production we shouldn't -# need this any more (apart from adjusting the rpmlint checker in rpmlint2 -# on the opensuse upstream branch). -ln -s /usr/etc/polkit-default-privs/profiles/standard $RPM_BUILD_ROOT/etc/polkit-default-privs.standard %post %{fillup_only -ns security polkit_default_privs} @@ -87,14 +82,9 @@ %{profiledir}/standard %{profiledir}/restrictive %{basedir}/local.template -%{_sysconfdir}/polkit-default-privs.standard /sbin/chkstat-polkit /sbin/set_polkit_default_privs %_mandir/man*/* %{_fillupdir}/sysconfig.security-polkit_default_privs -%files -n polkit-whitelisting -%defattr(-,root,root) -/etc/polkit-rules-whitelist.json - %changelog ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.7eHNgO/_old 2021-10-11 16:48:50.570189390 +0200 +++ /var/tmp/diff_new_pack.7eHNgO/_new 2021-10-11 16:48:50.570189390 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openSUSE/polkit-default-privs.git</param> - <param name="changesrevision">b0c41fdd805a1d1bfb286cc0fcd78f7e20d109c0</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">8f04b5e25b2404ce118f06d681bb4ef8b744251c</param></service></servicedata> \ No newline at end of file ++++++ polkit-default-privs-1550+20210818.b0c41fd.tar.xz -> polkit-default-privs-1550+20211008.9751669.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-1550+20210818.b0c41fd/Makefile new/polkit-default-privs-1550+20211008.9751669/Makefile --- old/polkit-default-privs-1550+20210818.b0c41fd/Makefile 2021-08-18 14:57:31.000000000 +0200 +++ new/polkit-default-privs-1550+20211008.9751669/Makefile 2021-10-08 11:05:53.000000000 +0200 @@ -28,8 +28,6 @@ install -m 644 etc/sysconfig.security-polkit_default_privs $(DESTDIR)$(fillupdir) # create a safe directory for potential custom profiles install -d $(DESTDIR)/etc/polkit-default-privs - # TODO: remove whitelist.json once rpmlint2 is in place - install -m 644 etc/polkit-rules-whitelist.json $(DESTDIR)/etc install -m 644 README.md $(DESTDIR)$(docdir)/polkit-default-privs @for src in $(manpages); do \ page=`basename $$src` \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-1550+20210818.b0c41fd/README.md new/polkit-default-privs-1550+20211008.9751669/README.md --- old/polkit-default-privs-1550+20210818.b0c41fd/README.md 2021-08-18 14:57:31.000000000 +0200 +++ new/polkit-default-privs-1550+20211008.9751669/README.md 2021-10-08 11:05:53.000000000 +0200 @@ -43,17 +43,6 @@ broken software in extreme cases. We are trying to catch theses cases and patch our packages or improve upstream code. -rules.d whitelisting --------------------- - -Polkit uses Java Script snippets to allow customization of the authentication -process. Additional rule files can be installed in `/etc/polkit-1/rules.d` and -`/usr/share/polkit-1/rules.d`. These files are independent of the polkit -profiles implemented by polkit-default-privs. Therefore a separate -whitelisting for them is managed in this repository found in -`etc/polkit-rules-whitelist.json`. This whitelist is used by SUSE -rpmlint-checks to determine valid additions to those directories. - Maintainer ---------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-1550+20210818.b0c41fd/etc/polkit-rules-whitelist.json new/polkit-default-privs-1550+20211008.9751669/etc/polkit-rules-whitelist.json --- old/polkit-default-privs-1550+20210818.b0c41fd/etc/polkit-rules-whitelist.json 2021-08-18 14:57:31.000000000 +0200 +++ new/polkit-default-privs-1550+20211008.9751669/etc/polkit-rules-whitelist.json 1970-01-01 01:00:00.000000000 +0100 @@ -1,114 +0,0 @@ -{ - "polkit-default-privs": { - "audits": { - "bsc#1125314": { - "comment": "rules dynamically generated by our own polkit profile tooling", - "digests": { - "/etc/polkit-1/rules.d/90-default-privs.rules": "skip:<none>" - } - } - } - }, - "polkit": { - "audits": { - "bsc#1125314": { - "comment": "default rule shipped by polkit, allows uid 0 to do everything", - "digests": { - "/usr/share/polkit-1/rules.d/50-default.rules": "sha256:aea3041de2c15db8683620de8533206e50241c309eb27893605d5ead17e5e75f" - } - } - } - }, - "systemd": { - "audits": { - "bsc#1125438": { - "comment": "allows systemd-networkd to set hostname and timezone from DHCP information", - "digests": { - "/usr/share/polkit-1/rules.d/60-systemd-networkd.rules": "sha256:bf10f0b71878f90516b89d205a7fb2f8363cec6614ec717da88c2acf49c276a5" - } - } - } - }, - "systemd-network": { - "audits": { - "bsc#1125438": { - "comment": "allows systemd-networkd to set hostname and timezone from DHCP information", - "digests": { - "/usr/share/polkit-1/rules.d/60-systemd-networkd.rules": "sha256:bf10f0b71878f90516b89d205a7fb2f8363cec6614ec717da88c2acf49c276a5" - } - }, - "bsc#1185469": { - "comment": "minor non-functional incremental change", - "digests": { - "/usr/share/polkit-1/rules.d/60-systemd-networkd.rules": "sha256:f199e386a9297858331b00df07ed0b0ee5fcf4bea67f6c0bccc8a92b7e310bbd" - } - } - } - }, - "flatpak": { - "audits": { - "bsc#984817": { - "comment": "allows the wheel group to operate in a passwordless fashion. this is an exception at the moment since normally we don't follow the special meaning of 'wheel'", - "digests": { - "/usr/share/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules": "sha256:a439399ec33c8909e935e68d2daf3a76dff411d94ade3a8e15243a7da68a7005" - } - }, - "bsc#1161091": { - "comment": "flatpak 1.6 changes the rule file to add override-parental-controls. Requires AUTH_ADMIN", - "digests": { - "/usr/share/polkit-1/rules.d/60-org.freedesktop.Flatpak.rules": "sha256:89e33e299ddf829a6302e855c005931a1f703c64696b86c423fb2851e225fbaf" - } - } - } - }, - "libvirt-daemon": { - "audits": { - "bsc#1125314": { - "comment": "allows members of the group libvirt to manage libvirt without password", - "digests": { - "/usr/share/polkit-1/rules.d/50-libvirt.rules": "sha256:18ecc523dec42f91c679143043c9b28ef82eac68d1729a21d371c18eb93f2a18" - } - } - } - }, - "gnome-initial-setup": { - "audits": { - "bsc#1125432": { - "comment": "Allows gnome-initial-session to configure the system after input is collected from the user", - "digests": { - "/usr/share/polkit-1/rules.d/20-gnome-initial-setup.rules": "sha256:6daefe0a835dc1b34513302f393e98089c137602823f41fd0c3dd984c40902d8" - } - } - } - }, - "libvirt-dbus": { - "audits": { - "bsc#1173093": { - "comment": "Allows the libvirt-dbus daemon to run unprivileged but still control libvirt", - "digests": { - "/usr/share/polkit-1/rules.d/libvirt-dbus.rules": "sha256:1ae3b094d372d0108f34b58f577d133fdf0c9527bd5b72edf1d22a13daa74f6e" - } - } - } - }, - "malcontent": { - "audits": { - "bsc#1177974": { - "comment": "Allows wheel members to bypass parental controls. We allow this as an exception (granting implicit authorization to wheel) since this is not security relevant per se.", - "digests": { - "/usr/share/polkit-1/rules.d/com.endlessm.ParentalControls.rules": "sha256:4dca105e78ff95c2317386d4df4f959f0c055eec13e12c34c48084b9bbb385b4" - } - } - } - }, - "brltty": { - "audits": { - "bsc#1180593": { - "comment": "Allows members of 'brltty' to implicitly get polkit authorization", - "digests": { - "/usr/share/polkit-1/rules.d/org.a11y.brlapi.rules": "sha256:f8f1dc555dfc72fd95263e107cd87f44b3d1ce899dbdc0f11b7dfbccaa92a434" - } - } - } - } -} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-1550+20210818.b0c41fd/profiles/easy new/polkit-default-privs-1550+20211008.9751669/profiles/easy --- old/polkit-default-privs-1550+20210818.b0c41fd/profiles/easy 2021-08-18 14:57:31.000000000 +0200 +++ new/polkit-default-privs-1550+20211008.9751669/profiles/easy 2021-10-08 11:05:53.000000000 +0200 @@ -723,3 +723,7 @@ # zypp-gui repository manager (bsc#1188364) zypp.gui.pkexec.run auth_admin:auth_admin:auth_admin_keep + +# a daemon that deals with system power settings (bsc#1189900) +net.hadess.PowerProfiles.switch-profile auth_admin:yes:yes +net.hadess.PowerProfiles.hold-profile auth_admin:yes:yes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-1550+20210818.b0c41fd/profiles/restrictive new/polkit-default-privs-1550+20211008.9751669/profiles/restrictive --- old/polkit-default-privs-1550+20210818.b0c41fd/profiles/restrictive 2021-08-18 14:57:31.000000000 +0200 +++ new/polkit-default-privs-1550+20211008.9751669/profiles/restrictive 2021-10-08 11:05:53.000000000 +0200 @@ -724,3 +724,7 @@ # zypp-gui repository manager (bsc#1188364) zypp.gui.pkexec.run no:no:auth_admin_keep + +# a daemon that deals with system power settings (bsc#1189900) +net.hadess.PowerProfiles.switch-profile no:no:yes +net.hadess.PowerProfiles.hold-profile no:no:yes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polkit-default-privs-1550+20210818.b0c41fd/profiles/standard new/polkit-default-privs-1550+20211008.9751669/profiles/standard --- old/polkit-default-privs-1550+20210818.b0c41fd/profiles/standard 2021-08-18 14:57:31.000000000 +0200 +++ new/polkit-default-privs-1550+20211008.9751669/profiles/standard 2021-10-08 11:05:53.000000000 +0200 @@ -725,3 +725,7 @@ # zypp-gui repository manager (bsc#1188364) zypp.gui.pkexec.run auth_admin:auth_admin:auth_admin_keep + +# a daemon that deals with system power settings (bsc#1189900) +net.hadess.PowerProfiles.switch-profile no:no:yes +net.hadess.PowerProfiles.hold-profile no:no:yes