Hello community, here is the log from the commit of package polkit for openSUSE:Factory checked in at 2019-06-22 11:03:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polkit (Old) and /work/SRC/openSUSE:Factory/.polkit.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polkit" Sat Jun 22 11:03:16 2019 rev:67 rq:709799 version:0.116 Changes: -------- --- /work/SRC/openSUSE:Factory/polkit/polkit.changes 2019-05-21 10:21:48.763606582 +0200 +++ /work/SRC/openSUSE:Factory/.polkit.new.4615/polkit.changes 2019-06-22 11:03:26.071739336 +0200 @@ -1,0 +2,26 @@ +Wed May 29 07:57:26 UTC 2019 - Bjørn Lie <bjorn....@gmail.com> + +- Update to version 0.116: + + Leaking zombie child processes. + + Possible resource leak found by static analyzer. + + Output messages tuneup. + + Sanity fixes. + + pkttyagent tty echo disabled on SIGINT. + + HACKING: add link to Code of Conduct. + + polkitbackend: comment typos fix. + + configure.ac: fix detection of systemd with cgroups v2. + + CVE-2018-19788 High UIDs overflow fix. + + CVE-2019-6133 Slowfork vulnerability fix. + + Allow unset process-uid. + + Port the JS authority to mozjs-60. + + Use JS_EncodeStringToUTF8. + + Updated translations. +- Replace pkgconfig(mozjs-52) with pkgconfig(mozjs-60) + BuildRequires following upstreams changes. +- Drop patches fixed upstream: + + polkit-fix-possible-resource-leak.patch + + polkit-fix-leaking-zombie-child-processes.patch + + polkit-CVE-2018-19788.patch +- Refresh patches with quilt. + +------------------------------------------------------------------- Old: ---- polkit-0.115.tar.gz polkit-0.115.tar.gz.sign polkit-CVE-2018-19788.patch polkit-fix-leaking-zombie-child-processes.patch polkit-fix-possible-resource-leak.patch New: ---- polkit-0.116.tar.gz polkit-0.116.tar.gz.sign ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polkit.spec ++++++ --- /var/tmp/diff_new_pack.RRQsw1/_old 2019-06-22 11:03:26.971740840 +0200 +++ /var/tmp/diff_new_pack.RRQsw1/_new 2019-06-22 11:03:26.975740847 +0200 @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: polkit -Version: 0.115 +Version: 0.116 Release: 0 Summary: PolicyKit Authorization Framework License: LGPL-2.1-or-later @@ -34,12 +34,6 @@ Patch1: polkit-gettext.patch # PATCH-FIX-UPSTREAM pkexec.patch sch...@suse.de -- pkexec: allow --version and --help even if not setuid Patch2: pkexec.patch -# PATCH-FIX-UPSTREAM polkit-fix-possible-resource-leak.patch -- Fix possible resource leak found by static analyzer -Patch3: polkit-fix-possible-resource-leak.patch -# PATCH-FIX-UPSTREAM polkit-fix-leaking-zombie-child-processes.patch fdo#106021 -- polkitd: fix zombie not reaped when js spawned process timed out -Patch4: polkit-fix-leaking-zombie-child-processes.patch -# PATCH-FIX-UPSTREAM polkit-CVE-2018-19788.patch bsc#1118277 meiss...@suse.com -- 2cb40c4d5feeaa09325522bd7d97910f1b59e379 -Patch5: polkit-CVE-2018-19788.patch BuildRequires: gcc-c++ BuildRequires: gtk-doc @@ -49,11 +43,11 @@ BuildRequires: libtool BuildRequires: pam-devel BuildRequires: systemd-rpm-macros -BuildRequires: pkgconfig(gio-unix-2.0) >= 2.30.0 -BuildRequires: pkgconfig(gmodule-2.0) >= 2.30.0 +BuildRequires: pkgconfig(gio-unix-2.0) >= 2.32.0 +BuildRequires: pkgconfig(gmodule-2.0) >= 2.32.0 BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.6.2 BuildRequires: pkgconfig(libsystemd) -BuildRequires: pkgconfig(mozjs-52) +BuildRequires: pkgconfig(mozjs-60) BuildRequires: pkgconfig(systemd) # gtk-doc drags indirectyly ruby in for one of the helpers. This in turn causes a build cycle. #!BuildIgnore: ruby @@ -118,17 +112,10 @@ This package provides the GObject Introspection bindings for PolicyKit. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 +%autosetup -p1 %build -export V=1 -# needed for patch1 and patch2 +# Needed for patch1 and patch2 autoreconf -fi export SUID_CFLAGS="-fPIE" export SUID_LDFLAGS="-z now -pie" @@ -140,8 +127,9 @@ --enable-introspection \ --enable-examples \ --enable-libsystemd-login \ - --libexecdir=%{_libexecdir}/polkit-1 -make %{?_smp_mflags} + --libexecdir=%{_libexecdir}/polkit-1 \ + %{nil} +%make_build %install %make_install ++++++ pkexec.patch ++++++ --- /var/tmp/diff_new_pack.RRQsw1/_old 2019-06-22 11:03:27.051740974 +0200 +++ /var/tmp/diff_new_pack.RRQsw1/_new 2019-06-22 11:03:27.051740974 +0200 @@ -6,10 +6,10 @@ building packages that want to check for pkexec in an emulated environment that does not support setuid invocation (eg. QEMU linux-user). -Index: polkit-0.114/src/programs/pkexec.c +Index: polkit-0.116/src/programs/pkexec.c =================================================================== ---- polkit-0.114.orig/src/programs/pkexec.c 2018-04-03 20:16:17.000000000 +0200 -+++ polkit-0.114/src/programs/pkexec.c 2018-04-10 02:48:03.031508016 +0200 +--- polkit-0.116.orig/src/programs/pkexec.c 2018-05-31 13:52:53.000000000 +0200 ++++ polkit-0.116/src/programs/pkexec.c 2019-05-31 22:55:58.014504104 +0200 @@ -504,27 +504,6 @@ main (int argc, char *argv[]) /* Disable remote file access from GIO. */ setenv ("GIO_USE_VFS", "local", 1); ++++++ polkit-0.115.tar.gz -> polkit-0.116.tar.gz ++++++ ++++ 15979 lines of diff (skipped) ++++++ polkit-no-wheel-group.patch ++++++ --- /var/tmp/diff_new_pack.RRQsw1/_old 2019-06-22 11:03:27.583741864 +0200 +++ /var/tmp/diff_new_pack.RRQsw1/_new 2019-06-22 11:03:27.587741870 +0200 @@ -1,7 +1,7 @@ -Index: polkit-0.107/src/polkitbackend/50-default.rules +Index: polkit-0.116/src/polkitbackend/50-default.rules =================================================================== ---- polkit-0.107.orig/src/polkitbackend/50-default.rules -+++ polkit-0.107/src/polkitbackend/50-default.rules +--- polkit-0.116.orig/src/polkitbackend/50-default.rules 2018-03-27 13:46:06.000000000 +0200 ++++ polkit-0.116/src/polkitbackend/50-default.rules 2019-05-31 22:55:57.990503876 +0200 @@ -8,5 +8,5 @@ // about configuring polkit. ++++++ polkit.keyring ++++++ --- /var/tmp/diff_new_pack.RRQsw1/_old 2019-06-22 11:03:27.615741917 +0200 +++ /var/tmp/diff_new_pack.RRQsw1/_new 2019-06-22 11:03:27.619741924 +0200 @@ -624,3 +624,33 @@ xswOcJBwoxssbQmiBaFp13Frzhjwjwqer+npV6FuOLjRsnMd7h9EgiGYGqH385w0 =DnDa -----END PGP PUBLIC KEY BLOCK----- + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: SKS 1.1.6 +Comment: Hostname: fks.pgpkeys.eu + +mQENBFtkaE8BCADL6NFIHYl5RDKRyDm2/igDWiveVFWzUZGJeBBkAcpZcstJK0mDxwWbcOwE ++XvMUux4HwZCymZb+5SctrHyQvS629BTbynfZv5JOIAKl1Hg24yklBGYJ1LX/4H140Y2cGTN +3xymGisSYMNF11Cngsw1qND8NJ6fqadHafn8s1gvphFkCs8LpoJgTBrLEUQZpnpSRcIP+/UR +2R/ErCkwE9erPHfksj+B+hGD6PKqeLPSvLq5F9L+axnMgH784QQADn3BaM2ZePtC+gbUYgsY +ra6jwsEsjZmd/nauVex2rB3MaRgiwTg6+cmDXgd5a0w2CPMFlQiWiamb7/UfCxsFRgs3ABEB +AAG0J0phbiBSeWJhciAoUmVkIEhhdCkgPGpyeWJhckByZWRoYXQuY29tPokBOAQTAQIAIgUC +W2RoTwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQjOswMP/c4lha5wf8C7+FoCIU +NE83GgnG4Vp7jJFgn1B8ea7Jvya0X37kHWBUueQv7F0M+3qUtVQNHDSIfehysiAtNncWh58V +n9JWohzvWTGnZ1bY8IeU/MxCrBrWaxqsjsWOPq1smtnIas7LLkn44oOlyOXDVOp/JOk4QxoO +gf6GIERpit/0dBNjFSkeL037ocB/f6WekG4MpYtp/U4gy3MAWhBKXxJUTgJFRSiLtGEdnUGW +wG8ZbulGRRO79rWg9ThvpPEEqZG/2bm4kWMlaaaDsJ9lbPA4rN0uU0ny3/2COwqKtpwrLvRE +duRcVG9vpnCl5zkFtNc00p2RRBrQJ/PLq2OdSrGMf0skhbkBDQRbZGhPAQgAxaVnvy+O0sUR +/P1e7CAQKg7jSXFoUIHVpT/F7Q2t3hs2I3wmQTAy92CVWDXJDDpN93VR6IJQzws0F7IV9+Js +xl4Hu6ELyaOpMD0QVb09s9C0s2nz88rn6WMoy0wuVJcB0h8aNzUBjRsgi94XTH44tlcVZj4q +/GbQaJy8kBNu5V6sAQg64h5xuU4tow8tkzL78bNOLeYXyEYOO+Dlt/879oxQca+dTHXr13NV +wKFqcduBIcsQZd5JnQFeXo+8XWpmeS/wwX0RW+J0mSYWvjP/fMeE7BIftbbolqr+HwwppVNP +ouFDPq/9bKmQs7USen6rOJ6uIqMhPkopgXXOle3EEQARAQABiQEfBBgBAgAJBQJbZGhPAhsM +AAoJEIzrMDD/3OJYmlMH/0NTd/lZ0jh0djRYlRcz0OIT9B/2gYmNoekEsciEliPS3WEN+M2s +kZM/L/lLFCbD4dOqlXqb84Yvch9iC/VzCEYCEs8Kz647H2mBnyHxxOKtgrXJpWhZoRzs9pzb +AVCEkl5+PjFRwhn7Nwpm/EG+02VgR9JC1ZdX28iN3a3axbLuI9RIZznRRL5Jr5ePMJ0nRvWY +HX4K+Wt5UhHuo1Kaj9Yn0UcTCj7WKznRjNtL6S4N4mS8OJwi8jZ8Rvb3GFCViEaVz/+ZNBaW +HGJO/6RB1aNr3SlD155eTM6H6v2lsNn4gpc7T3GL9AzEsuUef5mqo1EsO+OJeBrQv8vVybJx +GJ8= +=QrX7 +-----END PGP PUBLIC KEY BLOCK-----