Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package accountsservice for openSUSE:Factory
checked in at 2022-03-28 18:01:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/accountsservice (Old)
and /work/SRC/openSUSE:Factory/.accountsservice.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "accountsservice"
Mon Mar 28 18:01:00 2022 rev:79 rq: version:0.6.55
Changes:
--------
--- /work/SRC/openSUSE:Factory/accountsservice/accountsservice.changes
2022-03-28 13:43:29.558541001 +0200
+++
/work/SRC/openSUSE:Factory/.accountsservice.new.1900/accountsservice.changes
2022-03-28 18:01:01.445261794 +0200
@@ -2,111 +1,0 @@
-Mon Mar 28 11:34:44 UTC 2022 - Dominique Leuenberger <[email protected]>
-
-- Add accountsservice-too-restrictive.patch: weaken upstreams
- policy of accounts-daemon.service to be similar, but still
- stricter, to what we had with harden-accounts-daemon.service.patch.
- Attempt to workaround
- https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102
-
--------------------------------------------------------------------
-Mon Mar 28 07:32:37 UTC 2022 - Dominique Leuenberger <[email protected]>
-
-- Drop harden_accounts-daemon.service.patch: Seems to conflict with
- SELinux since version 22.04.62.
-
--------------------------------------------------------------------
-Fri Feb 11 23:35:22 UTC 2022 - Bj??rn Lie <[email protected]>
-
-- Update to version 22.04.62:
- + act-user-manager:
- - Fix incorrect return types in some finish() functions
- - Fix various refcounting bugs
- - Make a private function static
- - Remove ConsoleKit support
- - Watch for the daemon going away and coming back
- + act-user:
- - Use G_DECLARE_FINAL_TYPE to declare ActUser
- - Use stronger hashing methods in make_crypted() if available.
- + Add .service file to POTFILES.skip
- + Add support to build vala bindings
- + build:
- - Add missing pkg-config Requires.private dependencies
- - Bump minimum version of meson required
- - Expose chosen path_wtmp value as a variable
- + Check GDBusMessage for INTERACTIVE_AUTHORIZATION flag
- + ci:
- - Add test stage, reusing the build one
- - Cleanup the build stage so that we can define dependencies
- just once
- + Conditionalize more use of shadow.h
- + daemon:
- - Allow SystemAccount=false to be set in cache file
- - Don't try to add admin users to non existing groups
- - Ensure cache files for system users are processed
- - Fix error check in save_autologin()
- - Remove duplicate "changed" signal emission
- - Write GDM custom.conf file if it doesn't exist
- + data:
- - Don't send change updates for login-history
- - Tighten up systemd sandboxing of accounts-daemon.service
- + Drop .service file from POTFILES.in
- + Fix build with meson 0.60
- + Fix g-i annotation of act_user_get_password_expiration_policy
- + libaccountsservice: Expand documentation of ActUser:language
- + main:
- - Allow cache files to be marked immutable
- - Don???t print translation header with `--help`
- + meson: Determine project version from date
- + Move D-Bus conf file to $(datadir)/dbus-1/system.d
- + Never delete the root filesystem when removing users
- + NEWS: Drop NEWS file
- + po: delete obsolete po/accounts-service.pot
- + Remove user heuristics
- + Replace empty he.po with an actual translation
- + Stop ignoring autotools generated files
- + tests:
- - Add unit tests for libaccountservice using dbusmock and gir
- bindings
- - Sync tests with upstream python-dbusmock
- + user-classify: Add git to username blacklist
- + user:
- - Don't overwrite entire GECOS field when setting full name
- - Fix double-unref of GDBusMethodInvocation throughout
- - Fix indentation error
- - Introduce user templates for setting default session etc
- - Reject requests to change full name to something including a
- comma
- - Remove user from extra_admin_groups when demoting them from
- admin
- - Translate property x-session property name to match the proxy
- one
- + user-manager: Update users tables on username changes
- + Use timestamps instead of (expiration time and last change
- time)days
- + util:
- - Get uid when needed
- - Split out helper method for getting admin group IDs
- + Updated translations.
-- Drop patches fixed upstream:
- + accountsservice-read-root-user-cache.patch
- + accountsservice-wtmp-io-improvements.patch
- + accountsservice-fix-gdm-crash.patch
- + ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch
- + accountsservice-fix-gdm-crash.patch
-- Note that accountsservice-fix-gdm-crash.patch was not applied
- upstream, the issue was fixed in a different way. Upstream
- encourages issue reports should the current fix prove to not be
- good enough.
-- Rebase accountsservice-sysconfig.patch and
- harden_accounts-daemon.service.patch
-- Drop accountsservice-filter-suse-accounts.patch: The system users
- we were filtering are not present on any of today as far as I can
- tell, so drop this patch filtering out "common system users" such
- as beagleindex, fax and suse-ncc.
-- Stop passing systemd=true to meson, no longer recognized, nor
- needed.
-- Add pkgconfig(vapigen) BuildRequires: New dependency.
-- Add fdupes BuildRequires and macro, remove duplicates.
-- Add python3-dbusmock and python3-gobject BuildRequires and add a
- check section, run meson_test macro.
-
--------------------------------------------------------------------
Old:
----
accountsservice-22.04.62.tar.xz
accountsservice-too-restrictive.patch
New:
----
ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch
accountsservice-0.6.55.tar.xz
accountsservice-filter-suse-accounts.patch
accountsservice-fix-gdm-crash.patch
accountsservice-read-root-user-cache.patch
accountsservice-wtmp-io-improvements.patch
harden_accounts-daemon.service.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ accountsservice.spec ++++++
--- /var/tmp/diff_new_pack.e6nAz7/_old 2022-03-28 18:01:02.117261588 +0200
+++ /var/tmp/diff_new_pack.e6nAz7/_new 2022-03-28 18:01:02.121261586 +0200
@@ -16,8 +16,9 @@
#
+#!BuildIgnore: rpmlint-mini
Name: accountsservice
-Version: 22.04.62
+Version: 0.6.55
Release: 0
Summary: D-Bus Service to Manipulate User Account Information
License: GPL-3.0-or-later
@@ -26,21 +27,28 @@
Source0:
https://www.freedesktop.org/software/accountsservice/%{name}-%{version}.tar.xz
# WARNING: do not remove/significantly change patch0 without updating the
relevant patch in gdm too
-# PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071
[email protected] -- Read/write autologin configuration from sysconfig, like
gdm (see gdm-sysconfig-settings.patch)
-Patch1: accountsservice-sysconfig.patch
-# PATCH-FIX-UPSTREAM accountsservice-too-restrictive.patch
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102 --
Allow NAMESPACE switching until upstream finds the right flag
-Patch2: accountsservice-too-restrictive.patch
+# PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071
[email protected] -- Read/write autologin configuration from sysconfig, like
gdm (see gdm-sysconfig-settings.patch) WAS PATCH-FIX-OPENSUSE
+Patch0: accountsservice-sysconfig.patch
+# PATCH-FIX-OPENSUSE accountsservice-filter-suse-accounts.patch
[email protected] -- Filter out some system users that are specific to openSUSE
+Patch1: accountsservice-filter-suse-accounts.patch
+# PATCH-FIX-UPSTREAM accountsservice-read-root-user-cache.patch bsc#1114292
glfo#accountsservice/accountsservice#65 [email protected] read root user cache
file WAS PATCH-FIX-UPSTREAM
+Patch2: accountsservice-read-root-user-cache.patch
+# PATCH-FIX-UPSTREAM accountsservice-wtmp-io-improvements.patch boo#1139487
[email protected] -- Backports that improve wtmp io performance.
+Patch3: accountsservice-wtmp-io-improvements.patch
+# PATCH-FIX-UPSTREAM accountsservice-fix-gdm-crash.patch
glfo#accountsservice/accountsservice#55 [email protected] -- Prevent
gdm crash upon service restart when autologin is enabled
+Patch4: accountsservice-fix-gdm-crash.patch
+# PATCH-FIX-OPENSUSE harden_accounts-daemon.service.patch [email protected] --
For details please see
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+Patch5: harden_accounts-daemon.service.patch
+# PATCH-FIX-UPSTREAM ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch -- Fix
build with meson 0.61.0
+Patch6:
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/commit/ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch
## SLE and Leap only patches start at 1000
# PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch
fate#318433 [email protected] -- prevent multiple simultaneous login.
Patch1000: as-fate318433-prevent-same-account-multi-logins.patch
-BuildRequires: fdupes
BuildRequires: gtk-doc
BuildRequires: meson
BuildRequires: pkgconfig
-BuildRequires: python3-dbusmock
-BuildRequires: python3-gobject
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(gio-2.0) >= 2.37.3
BuildRequires: pkgconfig(gio-unix-2.0)
@@ -49,7 +57,6 @@
BuildRequires: pkgconfig(libsystemd) >= 186
BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(systemd)
-BuildRequires: pkgconfig(vapigen)
%{?systemd_ordering}
%description
@@ -96,8 +103,13 @@
%prep
%setup -q
+%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
# SLE and Leap patches start at 1000
%if 0%{?sle_version}
@@ -106,18 +118,15 @@
%build
%meson \
- -D introspection=true \
- -D gtk_doc=true \
+ -Dsystemd=true \
+ -Dintrospection=true \
+ -Dgtk_doc=true \
%{nil}
%meson_build
%install
%meson_install
%find_lang accounts-service
-%fdupes %{buildroot}%{_datadir}/accountsservice/user-templates
-
-%check
-%meson_test
%pre
%service_add_pre accounts-daemon.service
@@ -136,10 +145,10 @@
%files
%license COPYING
-%doc README.md
+%doc NEWS README.md
%{_unitdir}/accounts-daemon.service
+%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Accounts.conf
%{_libexecdir}/accounts-daemon
-%{_datadir}/dbus-1/system.d/org.freedesktop.Accounts.conf
%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.xml
%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.User.xml
%{_datadir}/dbus-1/system-services/org.freedesktop.Accounts.service
@@ -148,10 +157,6 @@
%dir %{_localstatedir}/lib/AccountsService
%dir %{_localstatedir}/lib/AccountsService/users
%dir %{_localstatedir}/lib/AccountsService/icons
-%dir %{_datadir}/accountsservice
-%dir %{_datadir}/accountsservice/user-templates
-%{_datadir}/accountsservice/user-templates/administrator
-%{_datadir}/accountsservice/user-templates/standard
%files -n libaccountsservice0
%{_libdir}/*.so.0*
@@ -166,9 +171,6 @@
%{_libdir}/pkgconfig/accountsservice.pc
%{_includedir}/accountsservice-1.0/
%{_datadir}/gir-1.0/AccountsService-1.0.gir
-%dir %{_datadir}/vala/vapi
-%{_datadir}/vala/vapi/accountsservice.deps
-%{_datadir}/vala/vapi/accountsservice.vapi
%files lang -f accounts-service.lang
++++++ ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch ++++++
>From ac9b14f1c1bbca413987d0bbfeaad05804107e9a Mon Sep 17 00:00:00 2001
From: Luca Boccassi <[email protected]>
Date: Sun, 31 Oct 2021 12:29:14 +0000
Subject: [PATCH] Fix build with meson 0.60
Positional parameters to merge_file() were never allowed and always
ignored, so just drop it.
See: https://github.com/mesonbuild/meson/issues/9441
Fixes #97
---
data/meson.build | 1 -
1 file changed, 1 deletion(-)
diff --git a/data/meson.build b/data/meson.build
index 70edf89..9e80299 100644
--- a/data/meson.build
+++ b/data/meson.build
@@ -33,7 +33,6 @@ configure_file(
policy = act_namespace.to_lower() + '.policy'
i18n.merge_file(
- policy,
input: policy + '.in',
output: policy,
po_dir: po_dir,
--
GitLab
++++++ accountsservice-22.04.62.tar.xz -> accountsservice-0.6.55.tar.xz ++++++
++++ 7122 lines of diff (skipped)
++++++ accountsservice-filter-suse-accounts.patch ++++++
Index: accountsservice-0.6.37/src/user-classify.c
===================================================================
--- accountsservice-0.6.37.orig/src/user-classify.c
+++ accountsservice-0.6.37/src/user-classify.c
@@ -51,7 +51,13 @@ static const char *default_excludes[] =
"man",
"at",
"gdm",
- "gnome-initial-setup"
+ "gnome-initial-setup",
+ "beagleindex",
+ "fax",
+ "suse-ncc",
+ "mailman",
+ "ldap",
+ "cyrus"
};
static gboolean
++++++ accountsservice-fix-gdm-crash.patch ++++++
>From 323707648fdefd11502faf44c2aa41d9b9500078 Mon Sep 17 00:00:00 2001
From: Iain Lane <[email protected]>
Date: Tue, 28 Apr 2020 16:47:00 +0100
Subject: [PATCH] act-user-manager: Watch for the daemon going away and coming
back
And set is-loaded accordingly. This causes properties to be invalidated
on the client side and then get re-fetched when the daemon comes back.
https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/55
---
src/libaccountsservice/act-user-manager.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/libaccountsservice/act-user-manager.c
b/src/libaccountsservice/act-user-manager.c
index 61a8719..a317507 100644
--- a/src/libaccountsservice/act-user-manager.c
+++ b/src/libaccountsservice/act-user-manager.c
@@ -2298,6 +2298,23 @@ act_user_manager_queue_load (ActUserManager *manager)
}
}
+static void
+on_name_owner_changed (GObject *object,
+ GParamSpec *pspec,
+ gpointer user_data)
+{
+ ActUserManager *manager = ACT_USER_MANAGER (user_data);
+ GDBusProxy *accounts_proxy = G_DBUS_PROXY (object);
+ g_autofree gchar *owner = NULL;
+
+ g_return_if_fail (ACT_IS_USER_MANAGER (manager));
+ g_return_if_fail (accounts_proxy != NULL);
+
+ owner = g_dbus_proxy_get_name_owner (accounts_proxy);
+
+ set_is_loaded (manager, owner != NULL);
+}
+
static gboolean
ensure_accounts_proxy (ActUserManager *manager)
{
@@ -2335,6 +2352,10 @@ ensure_accounts_proxy (ActUserManager *manager)
"user-deleted",
G_CALLBACK (on_user_removed_in_accounts_service),
manager);
+ g_signal_connect (priv->accounts_proxy,
+ "notify::g-name-owner",
+ G_CALLBACK (on_name_owner_changed),
+ manager);
return TRUE;
}
--
GitLab
++++++ accountsservice-read-root-user-cache.patch ++++++
>From d8b779513474ece1f5ec2fc9b7c32afb73e32181 Mon Sep 17 00:00:00 2001
From: Ray Strode <[email protected]>
Date: Mon, 29 Apr 2019 10:14:12 -0400
Subject: [PATCH] daemon: ensure cache files for system users are processed
At the moment we skip cache files for system users. That
doesn't make much sense; if there's a cache file we should
be using it.
This commit changes the code to read cache files, even for
system users, and so lets root have a non-default session.
Closes: https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/65
---
src/daemon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: accountsservice-0.6.55/src/daemon.c
===================================================================
--- accountsservice-0.6.55.orig/src/daemon.c 2019-05-30 00:12:49.993056439
+0200
+++ accountsservice-0.6.55/src/daemon.c 2019-05-30 00:12:50.289059484 +0200
@@ -486,7 +486,7 @@ reload_users (Daemon *daemon)
load_entries (daemon, users, TRUE, entry_generator_requested_users);
/* Now add/update users from other sources, possibly non-local */
- load_entries (daemon, users, FALSE, entry_generator_cachedir);
+ load_entries (daemon, users, TRUE, entry_generator_cachedir);
wtmp_helper_update_login_frequencies (users);
++++++ accountsservice-sysconfig.patch ++++++
--- /var/tmp/diff_new_pack.e6nAz7/_old 2022-03-28 18:01:02.293261534 +0200
+++ /var/tmp/diff_new_pack.e6nAz7/_new 2022-03-28 18:01:02.297261533 +0200
@@ -4,19 +4,19 @@
Use autologin configuration from sysconfig (SUSE-ism)
-Index: accountsservice-22.04.62/src/daemon.c
+Index: accountsservice-0.6.55/src/daemon.c
===================================================================
---- accountsservice-22.04.62.orig/src/daemon.c
-+++ accountsservice-22.04.62/src/daemon.c
-@@ -50,6 +50,7 @@
+--- accountsservice-0.6.55.orig/src/daemon.c 2019-04-23 17:16:09.000000000
+0200
++++ accountsservice-0.6.55/src/daemon.c 2019-05-30 00:12:49.993056439
+0200
+@@ -47,6 +47,7 @@
+ #include "wtmp-helper.h"
+ #include "daemon.h"
#include "util.h"
- #include "user.h"
- #include "accounts-user-generated.h"
+#include "gdm-sysconfig.h"
#define PATH_PASSWD "/etc/passwd"
#define PATH_SHADOW "/etc/shadow"
-@@ -581,7 +582,7 @@ reload_autologin_timeout (Daemon *daemon
+@@ -582,7 +583,7 @@ reload_autologin_timeout (Daemon *daemon
priv->autologin_id = 0;
if (!load_autologin (daemon, &name, &enabled, &error)) {
@@ -25,7 +25,7 @@
return FALSE;
}
-@@ -1508,6 +1509,43 @@ daemon_local_check_auth (Daemon
+@@ -1474,6 +1475,43 @@ daemon_local_check_auth (Daemon
g_object_unref (subject);
}
@@ -69,7 +69,7 @@
gboolean
load_autologin (Daemon *daemon,
gchar **name,
-@@ -1518,6 +1556,8 @@ load_autologin (Daemon *daemon,
+@@ -1484,6 +1522,8 @@ load_autologin (Daemon *daemon,
GError *local_error = NULL;
g_autofree gchar *string = NULL;
@@ -78,19 +78,19 @@
keyfile = g_key_file_new ();
if (!g_key_file_load_from_file (keyfile,
PATH_GDM_CUSTOM,
-@@ -1558,6 +1598,8 @@ save_autologin (Daemon *daemon,
+@@ -1523,6 +1563,8 @@ save_autologin (Daemon *daemon,
+ g_autofree gchar *data = NULL;
gboolean result;
- g_autoptr(GError) local_error = NULL;
+ return save_autologin_suse (daemon, name, enabled, error);
+
keyfile = g_key_file_new ();
if (!g_key_file_load_from_file (keyfile,
PATH_GDM_CUSTOM,
-Index: accountsservice-22.04.62/src/gdm-sysconfig.c
+Index: accountsservice-0.6.55/src/gdm-sysconfig.c
===================================================================
---- /dev/null
-+++ accountsservice-22.04.62/src/gdm-sysconfig.c
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ accountsservice-0.6.55/src/gdm-sysconfig.c 2019-05-30 00:12:49.993056439
+0200
@@ -0,0 +1,484 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
@@ -576,10 +576,10 @@
+ g_strfreev (lines);
+ return result;
+}
-Index: accountsservice-22.04.62/src/gdm-sysconfig.h
+Index: accountsservice-0.6.55/src/gdm-sysconfig.h
===================================================================
---- /dev/null
-+++ accountsservice-22.04.62/src/gdm-sysconfig.h
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ accountsservice-0.6.55/src/gdm-sysconfig.h 2019-05-30 00:12:49.993056439
+0200
@@ -0,0 +1,43 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
@@ -624,11 +624,11 @@
+G_END_DECLS
+
+#endif /* __GDM_SYSCONFIG_H */
-Index: accountsservice-22.04.62/src/meson.build
+Index: accountsservice-0.6.55/src/meson.build
===================================================================
---- accountsservice-22.04.62.orig/src/meson.build
-+++ accountsservice-22.04.62/src/meson.build
-@@ -48,6 +48,8 @@ libaccounts_generated_dep = declare_depe
+--- accountsservice-0.6.55.orig/src/meson.build 2019-04-23
17:16:09.000000000 +0200
++++ accountsservice-0.6.55/src/meson.build 2019-05-30 00:12:49.993056439
+0200
+@@ -46,6 +46,8 @@ libaccounts_generated_dep = declare_depe
)
sources = files(
++++++ accountsservice-wtmp-io-improvements.patch ++++++
>From 64b11314ea71b5e22edf4d968347489c5d5acd01 Mon Sep 17 00:00:00 2001
From: Ray Strode <[email protected]>
Date: Thu, 9 May 2019 14:58:34 -0400
Subject: [PATCH] data: don't send change updates for login-history
The login-history property of user objects can be quite large.
If wtmp is changed frequently, that can lead to memory fragmentation
in clients.
Furthermore, most clients never check login-history, so it's
wasted memory and wasted cpu.
This commit disables change notification for that property. If
a client really needs to get updates, they can manually refresh
their cache when appropriate.
---
data/org.freedesktop.Accounts.User.xml | 1 +
1 file changed, 1 insertion(+)
diff --git a/data/org.freedesktop.Accounts.User.xml
b/data/org.freedesktop.Accounts.User.xml
index 8d3fe1c..3b839a3 100644
--- a/data/org.freedesktop.Accounts.User.xml
+++ b/data/org.freedesktop.Accounts.User.xml
@@ -812,6 +812,7 @@
</property>
<property name="LoginHistory" type="a(xxa{sv})" access="read">
+ <annotation name="org.freedesktop.DBus.Property.EmitsChangedSignal"
value="false"/>
<doc:doc>
<doc:description>
<doc:para>
--
2.16.4
++++++ harden_accounts-daemon.service.patch ++++++
Index: accountsservice-0.6.55/data/accounts-daemon.service.in
===================================================================
--- accountsservice-0.6.55.orig/data/accounts-daemon.service.in
+++ accountsservice-0.6.55/data/accounts-daemon.service.in
@@ -8,6 +8,15 @@ After=nss-user-lookup.target
Wants=nss-user-lookup.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
Type=dbus
BusName=org.freedesktop.Accounts
ExecStart=@libexecdir@/accounts-daemon
