Accepting request 46290 from Base:System

Copy from Base:System/polkit based on submit request 46290 from user vuntz

OBS-URL: https://build.opensuse.org/request/show/46290
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/polkit?expand=0&rev=12

pkexec-information-disclosure.patch

@@ -1,61 +0,0 @@
-From 14bdfd816512a82b1ad258fa143ae5faa945df8a Mon Sep 17 00:00:00 2001
-From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
-Date: Wed, 10 Mar 2010 17:46:19 +0000
-Subject: Bug 26982 – pkexec information disclosure vulnerability
-
-pkexec is vulnerable to a minor information disclosure vulnerability
-that allows an attacker to verify whether or not arbitrary files
-exist, violating directory permissions. I reproduced the issue on my
-Karmic installation as follows:
-
- $ mkdir secret
- $ sudo chown root:root secret
- $ sudo chmod 400 secret
- $ sudo touch secret/hidden
- $ pkexec /home/drosenbe/secret/hidden
- (password prompt)
- $ pkexec /home/drosenbe/secret/doesnotexist
- Error getting information about /home/drosenbe/secret/doesnotexist: No such
- file or directory
-
-I've attached my patch for the issue. I replaced the stat() call
-entirely with access() using F_OK, so rather than check that the
-target exists, pkexec now checks if the user has permission to verify
-the existence of the program. There might be another way of doing
-this, such as chdir()'ing to the parent directory of the target and
-calling lstat(), but this seemed like more code than necessary to
-prevent such a minor problem.  I see no reason to allow pkexec to
-execute targets that are not accessible to the executing user because
-of directory permissions. This is such a limited use case anyway that
-this doesn't really affect functionality.
-
-http://bugs.freedesktop.org/show_bug.cgi?id=26982
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 860e665..17c191e 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -411,7 +411,6 @@ main (int argc, char *argv[])
-   gchar *opt_user;
-   pid_t pid_of_caller;
-   uid_t uid_of_caller;
--  struct stat statbuf;
- 
-   ret = 127;
-   authority = NULL;
-@@ -520,9 +519,9 @@ main (int argc, char *argv[])
-       g_free (path);
-       argv[n] = path = s;
-     }
--  if (stat (path, &statbuf) != 0)
-+  if (access (path, F_OK) != 0)
-     {
--      g_printerr ("Error getting information about %s: %s\n", path, g_strerror (errno));
-+      g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
-       goto out;
-     }
-   command_line = g_strjoinv (" ", argv + n);
---
-cgit v0.8.3-6-g21f6

polkit-0.96.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:65425af5ea4a62401df43a224c5f33d0256e4fbd265de09545f55602f14bf25d
-size 856349

polkit-0.98.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b282694581465347bd2943398d995a344fa44495f9200196e5ac62f5b961ec57
+size 794417

polkit-install-missing-header.patch

@@ -0,0 +1,24 @@
+Index: polkit-0.98/src/polkitagent/Makefile.am
+===================================================================
+--- polkit-0.98.orig/src/polkitagent/Makefile.am
++++ polkit-0.98/src/polkitagent/Makefile.am
+@@ -46,6 +46,7 @@ libpolkit_agent_1includedir=$(includedir
+ 
+ libpolkit_agent_1include_HEADERS =                        				\
+ 	polkitagent.h									\
++	polkitagentenumtypes.h								\
+ 	polkitagenttypes.h								\
+ 	polkitagentsession.h								\
+ 	polkitagentlistener.h								\
+Index: polkit-0.98/src/polkitagent/Makefile.in
+===================================================================
+--- polkit-0.98.orig/src/polkitagent/Makefile.in
++++ polkit-0.98/src/polkitagent/Makefile.in
+@@ -338,6 +338,7 @@ lib_LTLIBRARIES = libpolkit-agent-1.la
+ libpolkit_agent_1includedir = $(includedir)/polkit-1/polkitagent
+ libpolkit_agent_1include_HEADERS = \
+ 	polkitagent.h									\
++	polkitagentenumtypes.h								\
+ 	polkitagenttypes.h								\
+ 	polkitagentsession.h								\
+ 	polkitagentlistener.h								\

polkit.changes

@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Thu Aug 26 10:04:44 CEST 2010 - vuntz@opensuse.org
+
+- Update to version 0.98:
+  + Fix scanning of unix-process subjects
+  + Add textual authentication agent and use it in pkexec(1)
+  + Fix ConsoleKit interaction bug
+  + pkexec: add --disable-internal-agent option
+  + pkcheck: add --enable-internal-agent option
+  + Fix wording in pkexec(1) man page
+  + Various doc cleanups
+- Changes from version 0.97:
+  + Port to GDBus
+  + Add shadow authentication support
+  + Remove Lock Down functionality
+  + fdo#26982: pkexec information disclosure vulnerability
+  + Make polkitd accept --replace and gracefully handle SIGINT
+  + Implement polkit_temporary_authorization_new_for_gvariant()
+  + Make NameOwnerChanged a private impl detail of the interactive
+    authority
+  + Add a GPermission implementation
+  + PolkitAuthority: Implement failable initialization
+  + PolkitAuthority: Add g_return_if_fail() checks
+  + Add g_return_if_fail() to all public API entry points
+  + Use polkit_authority_get_sync() instead of deprecated
+    polkit_authority_get
+  + PolkitBackend: Don't export unneeded convenience API
+  + Update GI annotations
+  + Don't dist org.freedesktop.ConsoleKit.xml.
+  + Properly reference headers
+  + fdo#29051: Configuration reload on every query
+- Drop pkexec-information-disclosure.patch: fixed upstream.
+- Add polkit-install-missing-header.patch to install a header that
+  should get installed.
+- Remove eggdbus-devel BuildRequires.
+- Build with introspection support: add gobject-introspection
+  BuildRequires and pass --enable-introspection to configure.
+- Fix groups of all packages to be valid groups.
+
 -------------------------------------------------------------------
 Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
 

polkit.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package polkit (Version 0.96)
+# spec file for package polkit (Version 0.98)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -19,24 +19,25 @@
 
 Name:           polkit
 Summary:        PolicyKit Authorization Framework
-Version:        0.96
+Version:        0.98
-Release:        3
+Release:        1
 License:        LGPLv2+
 Url:            http://www.freedesktop.org/wiki/Software/PolicyKit
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Group:          System Environment/Libraries
+Group:          System/Libraries
-BuildRequires:  glib2-devel
-BuildRequires:  libexpat-devel
-BuildRequires:  pam-devel
-BuildRequires:  eggdbus-devel
-BuildRequires:  gtk-doc
-BuildRequires:  intltool
-Requires:       ConsoleKit
-Requires:       dbus-1
 Source0:        http://hal.freedesktop.org/releases/%{name}-%{version}.tar.bz2
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM polkit-install-missing-header.patch fdo#29816 vuntz@opensuse.org -- Install header that should get installed
+Patch0:         polkit-install-missing-header.patch
+BuildRequires:  glib2-devel
+BuildRequires:  gobject-introspection-devel
+BuildRequires:  gtk-doc
+BuildRequires:  intltool
+BuildRequires:  libexpat-devel
+BuildRequires:  pam-devel
+Requires:       ConsoleKit
+Requires:       dbus-1
 Requires:       libpolkit0 = %{version}-%{release}
-Patch0:         pkexec-information-disclosure.patch
 
 %description
 PolicyKit is a toolkit for defining and handling authorizations.
@@ -46,7 +47,7 @@ processes.
 %package devel
 License:        LGPLv2+
 Summary:        Development files for PolicyKit
-Group:          Development/Libraries
+Group:          Development/Libraries/C and C++
 Requires:       %name = %{version}-%{release}
 Requires:       pkgconfig
 Requires:       glib2-devel
@@ -57,7 +58,7 @@ Development files for PolicyKit Authorization Framework.
 %package doc
 License:        LGPLv2+
 Summary:        Development documentation for PolicyKit
-Group:          Development/Libraries
+Group:          Development/Libraries/C and C++
 %if 0%{?suse_version} >= 1120
 BuildArch:      noarch
 %endif
@@ -68,7 +69,7 @@ Development documentation for PolicyKit Authorization Framework.
 %package -n libpolkit0
 License:        LGPLv2+
 Summary:        Libraries required for polkit
-Group:          Development/Libraries
+Group:          System/Libraries
 Requires:       %{name} = %{version}
 
 %description -n libpolkit0
@@ -88,7 +89,7 @@ export V=1
   --with-os-type=suse \
   --enable-gtk-doc \
   --disable-static \
-  --disable-introspection \
+  --enable-introspection \
   --enable-examples \
   --libexecdir=%{_prefix}/lib/polkit-1
 make %{?_smp_mflags}
@@ -119,6 +120,7 @@ rm -rf $RPM_BUILD_ROOT
 %files -n libpolkit0
 %defattr(-,root,root,-)
 %{_libdir}/lib*.so.*
+%{_libdir}/girepository-1.0/Polkit-1.0.typelib
 
 %files -f polkit-1.lang
 %defattr(-,root,root,-)
@@ -138,7 +140,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
 %config(noreplace) %{_sysconfdir}/pam.d/polkit-1
-%{_sysconfdir}/polkit-1
+%dir %{_sysconfdir}/polkit-1
 %config(noreplace) %{_sysconfdir}/polkit-1/nullbackend.conf.d/50-nullbackend.conf
 %config(noreplace) %{_sysconfdir}/polkit-1/localauthority.conf.d/50-localauthority.conf
 %{_bindir}/pkaction
@@ -155,6 +157,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/*.pc
 %{_includedir}/*
 %{_bindir}/pk-example-frobnicate
+%{_datadir}/gir-1.0/*.gir
 %{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy
 
 %files doc