From 1f8a26dcd4c358beaa29725c684826a95546cf8cd8251ddde8ac5c7d5c12d4f4 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 10 Sep 2015 08:17:08 +0000 Subject: [PATCH] Accepting request 330108 from home:1Antoine1:branches:Base:System MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to 0.113: * Fix CVE-2015-4625 * Fix CVE-2015-3256 * Fix CVE-2015-3255 * Fix CVE-2015-3218 * On systemd-213 and later, the “active” state is shared across all sessions of an user, instead of being tracked separately * pkexec: when not given a program to execute, runs the users’ shell by default - Remove polkit-no-kded-leak.patch (upstreamed) OBS-URL: https://build.opensuse.org/request/show/330108 OBS-URL: https://build.opensuse.org/package/show/Base:System/polkit?expand=0&rev=105 --- polkit-0.112.tar.gz | 3 --- polkit-0.112.tar.gz.sign | 7 ------- polkit-0.113.tar.gz | 3 +++ polkit-0.113.tar.gz.sign | 7 +++++++ polkit-no-kded-leak.patch | 26 -------------------------- polkit.changes | 14 ++++++++++++++ polkit.spec | 8 ++------ 7 files changed, 26 insertions(+), 42 deletions(-) delete mode 100644 polkit-0.112.tar.gz delete mode 100644 polkit-0.112.tar.gz.sign create mode 100644 polkit-0.113.tar.gz create mode 100644 polkit-0.113.tar.gz.sign delete mode 100644 polkit-no-kded-leak.patch diff --git a/polkit-0.112.tar.gz b/polkit-0.112.tar.gz deleted file mode 100644 index 88ba6e6..0000000 --- a/polkit-0.112.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d695f43cba4748a822fbe864dd32c4887c5da1c71694a47693ace5e88fcf6af6 -size 1429240 diff --git a/polkit-0.112.tar.gz.sign b/polkit-0.112.tar.gz.sign deleted file mode 100644 index 99526d8..0000000 --- a/polkit-0.112.tar.gz.sign +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.14 (GNU/Linux) - -iEYEABECAAYFAlI53CgACgkQWjP2YLOEed/nVgCg3UZul+cjfinuTPkhBIqxdc6w -UIEAnjvkNKUVi3dvh3xNRcz9mCwkIXOf -=wNii ------END PGP SIGNATURE----- diff --git a/polkit-0.113.tar.gz b/polkit-0.113.tar.gz new file mode 100644 index 0000000..d71ed8e --- /dev/null +++ b/polkit-0.113.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e1c095093c654951f78f8618d427faf91cf62abdefed98de40ff65eca6413c81 +size 1448865 diff --git a/polkit-0.113.tar.gz.sign b/polkit-0.113.tar.gz.sign new file mode 100644 index 0000000..99e5443 --- /dev/null +++ b/polkit-0.113.tar.gz.sign @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iEYEABECAAYFAlWVdsEACgkQWjP2YLOEed/fGgCgt3FqYjfWpuaXtvIcB4BCf1+W +ImYAoIs6L6SdObfBu2IXA549n5Ky/7gN +=O1UZ +-----END PGP SIGNATURE----- diff --git a/polkit-no-kded-leak.patch b/polkit-no-kded-leak.patch deleted file mode 100644 index 467e156..0000000 --- a/polkit-no-kded-leak.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f4d71e0de885010494b8b0b8d62ca910011d7544 Mon Sep 17 00:00:00 2001 -From: "Max A. Dednev" -Date: Sun, 11 Jan 2015 20:00:44 -0500 -Subject: authority: Fix memory leak in EnumerateActions call results handler - -Policykit-1 doesn't release reference counters of GVariant data for -org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This -patch fixed reference counting and following memory leak. - -https://bugs.freedesktop.org/show_bug.cgi?id=88288 - -diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c -index 75619ab..ab6d3cd 100644 ---- a/src/polkit/polkitauthority.c -+++ b/src/polkit/polkitauthority.c -@@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, - while ((child = g_variant_iter_next_value (&iter)) != NULL) - { - ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); -- g_variant_ref_sink (child); - g_variant_unref (child); - } - ret = g_list_reverse (ret); --- -cgit v0.10.2 - diff --git a/polkit.changes b/polkit.changes index 110c340..aeed5a8 100644 --- a/polkit.changes +++ b/polkit.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Aug 6 21:26:18 UTC 2015 - antoine.belvire@laposte.net + +- Update to 0.113: + * Fix CVE-2015-4625 + * Fix CVE-2015-3256 + * Fix CVE-2015-3255 + * Fix CVE-2015-3218 + * On systemd-213 and later, the “active” state is shared across + all sessions of an user, instead of being tracked separately + * pkexec: when not given a program to execute, runs the users’ + shell by default +- Remove polkit-no-kded-leak.patch (upstreamed) + ------------------------------------------------------------------- Mon Jan 12 13:21:20 UTC 2015 - tchvatal@suse.com diff --git a/polkit.spec b/polkit.spec index ae1c211..c764ccf 100644 --- a/polkit.spec +++ b/polkit.spec @@ -1,7 +1,7 @@ # # spec file for package polkit # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ Name: polkit Summary: PolicyKit Authorization Framework License: LGPL-2.1+ Group: System/Libraries -Version: 0.112 +Version: 0.113 Release: 0 Url: http://www.freedesktop.org/wiki/Software/polkit/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -37,9 +37,6 @@ Source99: baselibs.conf Patch0: polkit-no-wheel-group.patch # PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377 vuntz@opensuse.org -- Do not reference non-existing polkit.service file for systemd (only applied if not built with systemd support) Patch1: polkit-no-systemd.patch -# PATCH-FIX-UPSTREAM polkit-no-kded-leak -- attemp to fix leaking of kded -# duirng long periods of time while in lockscreen due to powerdevil managing -Patch2: polkit-no-kded-leak.patch # needed for patch1 BuildRequires: autoconf # needed for patch1 @@ -132,7 +129,6 @@ This package provides the GObject Introspection bindings for PolicyKit. %if !(0%{?with_systemd}) %patch1 -p1 %endif -%patch2 -p1 %build export V=1