Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package polkit for openSUSE:Factory checked in at 2023-12-05 17:02:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polkit (Old) and /work/SRC/openSUSE:Factory/.polkit.new.25432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit" Tue Dec 5 17:02:21 2023 rev:89 rq:1127651 version:123 Changes: -------- --- /work/SRC/openSUSE:Factory/polkit/polkit.changes 2023-03-31 21:15:10.514297438 +0200 +++ /work/SRC/openSUSE:Factory/.polkit.new.25432/polkit.changes 2023-12-05 17:02:45.912150117 +0100 @@ -1,0 +2,33 @@ +Fri Sep 29 09:56:41 UTC 2023 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 123: + + Highlights: + - better safety with deeper restriction of the configuration + files + - better safety with restricting the daemon's owner under + systemd + - better safety with the systemd unit sandboxing + - less thread races during upload of the configuration +- Changes from version 122: + + Highlights: + - new Georgian translation + - port to mozjs-102 + - daemon-less build (support for e.g. flatpak deps) + - re-enable of (API) documentation build +- See more detailed changes in the included NEWS.md file. +- Change URL and Source to new home, and drop polkit.keyring and + tar.gz.sign tarball signature, no longer available. +- Drop polkit-fix-pam-prefix.patch: Fixed upstream. +- Add /usr/bin/dbus-daemon BuildRequires, needed for tests. Replace + the dbus-1 with /usr/bin/dbus-daemon Requires. + +------------------------------------------------------------------- +Tue Sep 19 12:24:38 UTC 2023 - Ludwig Nussel <lnus...@suse.com> + +- change /usr/share/polkit-1/rules.d to 555,root:root. /usr content + isn't secret anyway so this avoids non-root owned files in /usr + (boo#1215482) +- update 50-default.rules to allow adding more admin rules + (jsc#PED-260, drop polkit-no-wheel-group.patch) + +------------------------------------------------------------------- Old: ---- polkit-121.tar.gz polkit-121.tar.gz.sign polkit-fix-pam-prefix.patch polkit-no-wheel-group.patch polkit.keyring New: ---- 50-default.rules polkit-123.tar.bz2 BETA DEBUG BEGIN: Old: tar.gz.sign tarball signature, no longer available. - Drop polkit-fix-pam-prefix.patch: Fixed upstream. - Add /usr/bin/dbus-daemon BuildRequires, needed for tests. Replace Old:- update 50-default.rules to allow adding more admin rules (jsc#PED-260, drop polkit-no-wheel-group.patch) BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit.spec ++++++ --- /var/tmp/diff_new_pack.czRX4f/_old 2023-12-05 17:02:46.664177837 +0100 +++ /var/tmp/diff_new_pack.czRX4f/_new 2023-12-05 17:02:46.664177837 +0100 @@ -21,16 +21,15 @@ %define run_tests 1 Name: polkit -Version: 121 +Version: 123 Release: 0 Summary: PolicyKit Authorization Framework License: LGPL-2.1-or-later Group: System/Libraries -URL: https://www.freedesktop.org/wiki/Software/polkit/ -Source0: https://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz -Source1: https://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign -Source2: %{name}.keyring +URL: https://gitlab.freedesktop.org/polkit/polkit/ +Source0: %{url}/-/archive/%{version}/%{name}-%{version}.tar.bz2 Source3: system-user-polkitd.conf +Source4: 50-default.rules Source99: baselibs.conf # Upstream First - Policy: @@ -38,8 +37,6 @@ # in the patch. Any patches added here without a very good reason to make # an exception will be silently removed with the next version update. -# PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vu...@opensuse.org -- In openSUSE, there's no special meaning for the wheel group, so we shouldn't allow it to be admin -Patch0: polkit-no-wheel-group.patch # PATCH-FIX-OPENSUSE polkit-gettext.patch lnus...@suse.de -- allow fallback to gettext for polkit action translations # polkit-use-gettext-as-fallback.patch Patch1: polkit-gettext.patch @@ -47,9 +44,6 @@ Patch3: polkit-keyinit.patch # PATCH-FIX-OPENSUSE polkit-adjust-libexec-path.patch -- Adjust path to polkit-agent-helper-1 (bsc#1180474) Patch4: polkit-adjust-libexec-path.patch -# PATCH-FIX-UPSTREAM polkit-fix-pam-prefix.patch luc1...@opensuse.org -- Make -# intended use of pam_prefix meson option rather than hard-coded path -Patch5: polkit-fix-pam-prefix.patch # Read actions also from /etc/polkit-1/actions Patch6: polkit-actions-in-etc.patch @@ -73,6 +67,7 @@ ################################################################# # python3-dbus-python and python3-python-dbusmock are needed for # test-polkitbackendjsauthority test: +BuildRequires: /usr/bin/dbus-daemon BuildRequires: python3-dbus-python BuildRequires: python3-python-dbusmock ################################################################# @@ -80,7 +75,7 @@ # gtk-doc drags indirectyly ruby in for one of the helpers. This in turn causes a build cycle. #!BuildIgnore: ruby -Requires: dbus-1 +Requires: /usr/bin/dbus-daemon Requires: libpolkit-agent-1-0 = %{version}-%{release} Requires: libpolkit-gobject-1-0 = %{version}-%{release} Requires(post): permissions @@ -160,7 +155,7 @@ This package provides the GObject Introspection bindings for PolicyKit. %prep -%autosetup -p1 -n polkit-v.%{version} +%autosetup -p1 %build %meson \ @@ -198,9 +193,8 @@ # create $HOME for polkit user install -d %{buildroot}%{_localstatedir}/lib/polkit -# We use /usr/share as prefix for the rules.d directory -mv %{buildroot}%{_sysconfdir}/polkit-1/rules.d/50-default.rules \ - %{buildroot}%{_polkit_rulesdir}/50-default.rules +rm -v %{buildroot}%{_polkit_rulesdir}/50-default.rules +install -m0644 %{SOURCE4} %{buildroot}%{_polkit_rulesdir}/50-default.rules # Install the polkitd user creation file: mkdir -p %{buildroot}%{_sysusersdir} @@ -264,8 +258,8 @@ %{_datadir}/polkit-1/policyconfig-1.dtd %dir %{_datadir}/polkit-1/actions %{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy -%attr(0750,root,polkitd) %dir %{_polkit_rulesdir} -%attr(0640,root,polkitd) %{_polkit_rulesdir}/50-default.rules +%attr(0555,root,root) %dir %{_polkit_rulesdir} + %{_polkit_rulesdir}/50-default.rules %{_pam_vendordir}/polkit-1 %dir %{_sysconfdir}/polkit-1 %attr(0750,root,polkitd) %dir %{_sysconfdir}/polkit-1/rules.d ++++++ 50-default.rules ++++++ /* make sure that users that are in an admin group always authenticate with * their own password and don't get a choice. Users not in an admin group get * the full choice and may also authenticate as root */ polkit._suse_admin_groups = []; polkit.addAdminRule(function(action, subject) { var rules = ["unix-user:0"]; for (var i in polkit._suse_admin_groups) { var g = polkit._suse_admin_groups[i]; if (subject.isInGroup(g)) return ["unix-user:"+subject.user]; rules.push("unix-group:"+g); } return rules; }); ++++++ polkit-121.tar.gz -> polkit-123.tar.bz2 ++++++ ++++ 2465 lines of diff (skipped)
