Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package polkit for openSUSE:Factory checked
in at 2022-08-18 16:48:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/polkit (Old)
and /work/SRC/openSUSE:Factory/.polkit.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit"
Thu Aug 18 16:48:51 2022 rev:85 rq:997525 version:121
Changes:
--------
--- /work/SRC/openSUSE:Factory/polkit/polkit.changes 2022-08-09
15:26:07.697243897 +0200
+++ /work/SRC/openSUSE:Factory/.polkit.new.2083/polkit.changes 2022-08-18
16:49:02.245427771 +0200
@@ -1,0 +2,40 @@
+Tue Aug 9 06:11:08 UTC 2022 - Luciano Santos <luc1...@opensuse.org>
+
+- Update to version 121:
+ + Addition of duktape as a JS engine backend.
+ + Other small fixes and improvements. For more details, visit:
+ gitlab.freedesktop.org/polkit/polkit/-/blob/121/NEWS.md
+ + Updated translations.
+- Drop merged-upstream patches:
+ + CVE-2021-4034-pkexec-fix.patch;
+ + 0001-CVE-2021-4115-GHSL-2021-077-fix.patch;
+ + duktape-support.patch;
+ + pkexec.patch.
+- Replace Intltool with Gettext as a build requirement following
+ the migration from last release (0.120).
+- Add Meson as a build requirement while dropping Libtool and
+ replace all Autotools macros with Meson ones. And pass the
+ following options to Meson: session_tracking=libsystemd-login;
+ systemdsystemunitdir=%{_unitdir}; os_type=suse;
+ pam_module_dir=%{_pam_moduledir}; pam_prefix=%{_pam_vendordir};
+ examples=true; tests=true; gtk_doc=true; man=true and
+ js_engine=duktape.
+- Drop no longer needed Libtool as a build requirement, following
+ Autotools replacement.
+- Add explicit pkgconfig module build requirements for glib-2.0 and
+ gobject-2.0 that are searched by the build scripts. They were
+ already being pulled by their siblings [pkgconfig(gio-2.0) and
+ pkgconfig(gio-unix-2.0)].
+- Drop conditional macro, which was wrapping "BuildArch: noarch"
+ for the doc subpackage, based on long gone EOLed (open)SUSE
+ release (11.2).
+- Add missing 'Requires(post): permissions' for the pkexec
+ subpackage.
+- Add python3-dbus-python and python3-python-dbusmock as build
+ requirements in order to run test in the check section.
+- Add polkit-fix-pam-prefix.patch to use the value of pam_prefix
+ Meson option, like it was designed to, rather than hard-coded
+ path for pam configuration files.
+- Remove unneeded executable bit from 50-default.rules file.
+
+-------------------------------------------------------------------
Old:
----
0001-CVE-2021-4115-GHSL-2021-077-fix.patch
CVE-2021-4034-pkexec-fix.patch
duktape-support.patch
pkexec.patch
polkit-0.120.tar.gz
polkit-0.120.tar.gz.sign
New:
----
polkit-121.tar.gz
polkit-121.tar.gz.sign
polkit-fix-pam-prefix.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ polkit.spec ++++++
--- /var/tmp/diff_new_pack.lmSEtR/_old 2022-08-18 16:49:03.097429755 +0200
+++ /var/tmp/diff_new_pack.lmSEtR/_new 2022-08-18 16:49:03.101429765 +0200
@@ -16,8 +16,12 @@
#
+%define _polkit_rulesdir %{_datadir}/polkit-1/rules.d
+%define glib_br_version 2.30.0
+%define run_tests 1
+
Name: polkit
-Version: 0.120
+Version: 121
Release: 0
Summary: PolicyKit Authorization Framework
License: LGPL-2.1-or-later
@@ -28,50 +32,58 @@
Source2: %{name}.keyring
Source3: system-user-polkitd.conf
Source99: baselibs.conf
+
+# Upstream First - Policy:
+# Never add any patches to this package without the upstream commit id
+# in the patch. Any patches added here without a very good reason to make
+# an exception will be silently removed with the next version update.
+
# PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vu...@opensuse.org -- In
openSUSE, there's no special meaning for the wheel group, so we shouldn't allow
it to be admin
Patch0: polkit-no-wheel-group.patch
# PATCH-FIX-OPENSUSE polkit-gettext.patch lnus...@suse.de -- allow fallback to
gettext for polkit action translations
+# polkit-use-gettext-as-fallback.patch
Patch1: polkit-gettext.patch
-# PATCH-FIX-UPSTREAM pkexec.patch sch...@suse.de -- pkexec: allow --version
and --help even if not setuid
-Patch2: pkexec.patch
# PATCH-FIX-OPENSUSE polkit-keyinit.patch meissner@ -- bsc#1144053 Please add
"pam_keyinit.so" to the /etc/pam.d/polkit-1 configuration file
Patch3: polkit-keyinit.patch
-# adjust path to polkit-agent-helper-1 (bsc#1180474)
+# PATCH-FIX-OPENSUSE polkit-adjust-libexec-path.patch -- Adjust path to
polkit-agent-helper-1 (bsc#1180474)
Patch4: polkit-adjust-libexec-path.patch
-# PATCH-FIX-UPSTREAM CVE-2021-4034-pkexec-fix.patch meissner@ -- bsc#1194568
VUL-0: CVE-2021-4034: polkit: pkexec Local Privilege Escalation aka pwnkit
-Patch5: CVE-2021-4034-pkexec-fix.patch
-# PATCH-FIX-UPSTREAM
https://gitlab.freedesktop.org/polkit/polkit/-/commit/c7fc4e1b61f0fd82fc697c19c604af7e9fb291a2.patch,
without .gitlab-ci.yml (not in the tarball)
-Patch6: duktape-support.patch
-# PATCH-FIX-UPSTREAM 0001-CVE-2021-4115-GHSL-2021-077-fix.patch meissner@ --
bsc#1195542 VUL-0: CVE-2021-4115: polkit: denial of service via file descriptor
leak
-Patch7: 0001-CVE-2021-4115-GHSL-2021-077-fix.patch
+# PATCH-FIX-UPSTREAM polkit-fix-pam-prefix.patch luc1...@opensuse.org -- Make
+# intended use of pam_prefix meson option rather than hard-coded path
+Patch5: polkit-fix-pam-prefix.patch
+
BuildRequires: gcc-c++
+BuildRequires: gettext
BuildRequires: gtk-doc
-BuildRequires: intltool
BuildRequires: libexpat-devel
-# needed for patch1 and 2
-BuildRequires: libtool
+BuildRequires: meson >= 0.50
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
BuildRequires: pkgconfig(duktape) >= 2.2.0
-BuildRequires: pkgconfig(gio-unix-2.0) >= 2.32.0
-BuildRequires: pkgconfig(gmodule-2.0) >= 2.32.0
+BuildRequires: pkgconfig(gio-unix-2.0) >= %{glib_br_version}
+BuildRequires: pkgconfig(glib-2.0) >= %{glib_br_version}
+BuildRequires: pkgconfig(gmodule-2.0) >= %{glib_br_version}
BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.6.2
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(systemd)
+%if 0%{?run_tests}
+#################################################################
+# python3-dbus-python and python3-python-dbusmock are needed for
+# test-polkitbackendjsauthority test:
+BuildRequires: python3-dbus-python
+BuildRequires: python3-python-dbusmock
+#################################################################
+%endif
# gtk-doc drags indirectyly ruby in for one of the helpers. This in turn
causes a build cycle.
#!BuildIgnore: ruby
+
Requires: dbus-1
Requires: libpolkit-agent-1-0 = %{version}-%{release}
Requires: libpolkit-gobject-1-0 = %{version}-%{release}
Requires(post): permissions
%sysusers_requires
%systemd_ordering
-# Upstream First - Policy:
-# Never add any patches to this package without the upstream commit id
-# in the patch. Any patches added here without a very good reason to make
-# an exception will be silently removed with the next version update.
%description
PolicyKit is a toolkit for defining and handling authorizations.
@@ -91,9 +103,10 @@
Development files for PolicyKit Authorization Framework.
%package -n pkexec
-Summary: pkexec component of polkit
+Summary: Pkexec component of polkit
Group: System/Libraries
Requires: %{name} = %{version}-%{release}
+Requires(post): permissions
Provides: polkit:/usr/bin/pkexec
%description -n pkexec
@@ -102,9 +115,7 @@
%package doc
Summary: Development documentation for PolicyKit
Group: Development/Libraries/C and C++
-%if 0%{?suse_version} >= 1120
BuildArch: noarch
-%endif
%description doc
Development documentation for PolicyKit Authorization Framework.
@@ -147,39 +158,49 @@
This package provides the GObject Introspection bindings for PolicyKit.
%prep
-%autosetup -p1
+%autosetup -p1 -n polkit-v.%{version}
%build
-# Needed for patch1 and patch2
-autoreconf -fi
-export SUID_CFLAGS="-fPIE"
-export SUID_LDFLAGS="-z now -pie"
-%configure \
- --with-os-type=suse \
- --enable-gtk-doc \
- --disable-static \
- --enable-introspection \
- --enable-examples \
- --enable-libsystemd-login \
- --with-duktape \
+%meson \
+ -D session_tracking=libsystemd-login \
+ -D systemdsystemunitdir="%{_unitdir}" \
+ -D os_type=suse \
+ -D pam_module_dir="%{_pam_moduledir}" \
+ -D pam_prefix="%{_pam_vendordir}" \
+ -D examples=true \
+ -D tests=true \
+ -D gtk_doc=true \
+ -D man=true \
+ -D js_engine=duktape \
%{nil}
-%make_build libprivdir=%{_libexecdir}/polkit-1
+%meson_build
%sysusers_generate_pre %{SOURCE3} polkit system-user-polkitd.conf
+%if 0%{?run_tests}
+%check
+%meson_test
+%endif
+
%install
# install explicitly into libexec. upstream has some unflexible logic for
# this executable at the moment, but there is a PR# open to fix this:
# https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/63
# once this has been resolved upstream and we update to a new release we can
# remove this and also patch4 above.
-%make_install libprivdir=%{_libexecdir}/polkit-1
-find %{buildroot} -type f -name "*.la" -delete -print
+#
+# Additional note: Upstream turned down the MR above, preferring to stick to
+# using ${prefix}/lib/polkit-1 and non-distro-configurable.
+%meson_install
+%find_lang polkit-1
+
# create $HOME for polkit user
install -d %{buildroot}%{_localstatedir}/lib/polkit
-%find_lang polkit-1
-mkdir -p %{buildroot}%{_pam_vendordir}
-mv %{buildroot}%{_sysconfdir}/pam.d/* %{buildroot}%{_pam_vendordir}/
-mv %{buildroot}%{_sysconfdir}/polkit-1/rules.d/50-default.rules
%{buildroot}%{_datadir}/polkit-1/rules.d/50-default.rules
+
+# We use /usr/share as prefix for the rules.d directory
+mv %{buildroot}%{_sysconfdir}/polkit-1/rules.d/50-default.rules \
+ %{buildroot}%{_polkit_rulesdir}/50-default.rules
+
+# Install the polkitd user creation file:
mkdir -p %{buildroot}%{_sysusersdir}
install -m0644 %{SOURCE3} %{buildroot}%{_sysusersdir}/
@@ -221,6 +242,7 @@
%{_libdir}/girepository-1.0/PolkitAgent-1.0.typelib
%files -f polkit-1.lang
+%doc NEWS.md README.md
%license COPYING
%{_mandir}/man1/pkaction.1%{?ext_man}
@@ -234,10 +256,11 @@
%dir %{_datadir}/dbus-1/system.d
%{_datadir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%dir %{_datadir}/polkit-1
+%{_datadir}/polkit-1/policyconfig-1.dtd
%dir %{_datadir}/polkit-1/actions
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
-%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
-%attr(0700,polkitd,root) %{_datadir}/polkit-1/rules.d/50-default.rules
+%attr(0700,polkitd,root) %dir %{_polkit_rulesdir}
+%attr(0600,polkitd,root) %{_polkit_rulesdir}/50-default.rules
%{_pam_vendordir}/polkit-1
%dir %{_sysconfdir}/polkit-1
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
@@ -269,7 +292,6 @@
%verify(not mode) %attr(4755,root,root) %{_bindir}/pkexec
%files doc
-%doc NEWS
%doc %{_datadir}/gtk-doc/html/polkit-1/
%changelog
++++++ polkit-0.120.tar.gz -> polkit-121.tar.gz ++++++
++++ 144906 lines of diff (skipped)
++++++ polkit-adjust-libexec-path.patch ++++++
--- /var/tmp/diff_new_pack.lmSEtR/_old 2022-08-18 16:49:03.417430501 +0200
+++ /var/tmp/diff_new_pack.lmSEtR/_new 2022-08-18 16:49:03.425430519 +0200
@@ -1,7 +1,5 @@
-Index: polkit-0.118/src/polkitagent/polkitagentsession.c
-===================================================================
---- polkit-0.118.orig/src/polkitagent/polkitagentsession.c
-+++ polkit-0.118/src/polkitagent/polkitagentsession.c
+--- a/src/polkitagent/polkitagentsession.c
++++ b/src/polkitagent/polkitagentsession.c
@@ -596,7 +596,7 @@ polkit_agent_session_initiate (PolkitAge
goto error;
}
@@ -11,4 +9,15 @@
helper_argv[1] = passwd->pw_name;
helper_argv[2] = NULL;
+--- a/meson.build
++++ b/meson.build
+@@ -28,7 +28,7 @@ pk_sysconfdir = get_option('sysconfdir')
+ pk_pkgdatadir = pk_datadir / pk_api_name
+ pk_pkgincludedir = pk_includedir / pk_api_name
+ # note that this is always 'lib', not lib64 or lib/x86_64-linux-gnu
+-pk_libprivdir = 'lib' / pk_api_name
++pk_libprivdir = 'libexec' / pk_api_name
+ pk_pkgsysconfdir = pk_sysconfdir / pk_api_name
+
+ pk_actiondir = pk_api_name / 'actions'
++++++ polkit-fix-pam-prefix.patch ++++++
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/131
build: Honour pam_prefix meson option
Make the use of pam_prefix worth its while since, at the moment, its value
is not being used. Instead, a hard-coded path is being deployed when it
shouldn't anymore.
The pam_prefix Meson option was designed to allow us to choose where pam
configuration files should end up. But at the moment it is not being used at
all where it should be.
--- a/meson.build
+++ b/meson.build
@@ -241,7 +241,7 @@ if enable_pam
pam_prefix = get_option('pam_prefix')
if pam_prefix == ''
- pam_prefix = pk_sysconfdir
+ pam_prefix = pk_sysconfdir / 'pam.d'
else
message('PAM files will be installed in prefix ' + pam_prefix)
endif
--- a/data/meson.build
+++ b/data/meson.build
@@ -22,7 +22,7 @@ if enable_pam
output: '@BASENAME@',
configuration: pam_conf,
install: true,
- install_dir: pk_sysconfdir / 'pam.d',
+ install_dir: pam_prefix,
)
endif
++++++ polkit-no-wheel-group.patch ++++++
--- /var/tmp/diff_new_pack.lmSEtR/_old 2022-08-18 16:49:03.465430612 +0200
+++ /var/tmp/diff_new_pack.lmSEtR/_new 2022-08-18 16:49:03.469430622 +0200
@@ -1,7 +1,5 @@
-Index: polkit-0.116/src/polkitbackend/50-default.rules
-===================================================================
---- polkit-0.116.orig/src/polkitbackend/50-default.rules 2018-03-27
13:46:06.000000000 +0200
-+++ polkit-0.116/src/polkitbackend/50-default.rules 2019-05-31
22:55:57.990503876 +0200
+--- a/src/polkitbackend/50-default.rules
++++ b/src/polkitbackend/50-default.rules
@@ -8,5 +8,5 @@
// about configuring polkit.
