Accepting request 98989 from GNOME:Factory

Pushing G:F OBS-URL: https://build.opensuse.org/request/show/98989 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/colord?expand=0&rev=15
2012-01-09 11:03:06 +00:00 · 2012-01-09 11:03:06 +00:00 · e5fab18463
commit e5fab18463
parent b4b3d30416 21b936b5b0
5 changed files with 454 additions and 10 deletions
--- a/colord-0.1.13.tar.xz
+++ b/colord-0.1.13.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eb3d00653d4a028f4e97f4e61ffa29940c65b42c20d4439e067cb183b725c292
-size 445420
--- a/colord-0.1.15.tar.xz
+++ b/colord-0.1.15.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dff56476e02527899f4a2c39eeb092af369ab5dac1e21cbb6a5b0955b5c6e746
+size 456776
--- a/colord-polkit-annotate-owner.patch
+++ b/colord-polkit-annotate-owner.patch
@ -0,0 +1,354 @@
+commit 9f088d598187b1bddd0ce4fb97a56d61564d8381
+Author: Vincent Untz <vuntz@gnome.org>
+Date:   Tue Dec 6 10:40:21 2011 +0100
+
+    Add org.freedesktop.policykit.owner annotations to .policy file
+    
+    We only add those annotations when the daemon is configured to run as
+    non-root.
+
+diff --git a/policy/Makefile.am b/policy/Makefile.am
+index 85e3ecc..272675b 100644
+--- a/policy/Makefile.am
+++ b/policy/Makefile.am
+@@ -1,9 +1,16 @@
+org.freedesktop.color.policy.in: org.freedesktop.color.policy.in.in Makefile.am
+	$(AM_V_GEN)if test "x$(daemon_user)" != "xroot"; then \
+		sed -e "s|<@ANNOTATE_OWNER@/>|<annotate key=\"org.freedesktop.policykit.owner\">unix-user:$(daemon_user)</annotate>|g" $< > $@ ; \
+	else \
+		sed -e "/^\s*<@ANNOTATE_OWNER@\/>\s*$$/d;s|<@ANNOTATE_OWNER@/>||g" $< > $@ ; \
+	fi
+
+ @INTLTOOL_POLICY_RULE@
+ polkit_policydir = $(datadir)/polkit-1/actions
+-dist_polkit_policy_DATA =					\
+polkit_policy_DATA =					\
+ 	org.freedesktop.color.policy
+ 
+-EXTRA_DIST = org.freedesktop.color.policy.in
+-DISTCLEANFILES = org.freedesktop.color.policy
+EXTRA_DIST = org.freedesktop.color.policy.in.in
+DISTCLEANFILES = org.freedesktop.color.policy org.freedesktop.color.policy.in
+ 
+ -include $(top_srcdir)/git.mk
+diff --git a/policy/org.freedesktop.color.policy.in b/policy/org.freedesktop.color.policy.in
+deleted file mode 100644
+index a5bcfaf..0000000
+--- a/policy/org.freedesktop.color.policy.in
+++ /dev/null
+@@ -1,150 +0,0 @@
+-<?xml version="1.0" encoding="UTF-8"?>
+-<!DOCTYPE policyconfig PUBLIC
+- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+- "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+-<policyconfig>
+-
+-  <!--
+-    Policy definitions for System Color Manager actions.
+-    Copyright (c) 2010 Richard Hughes <richard@hughsie.com>
+-  -->
+-
+-  <vendor>System Color Manager</vendor>
+-  <vendor_url>http://www.freedesktop.org/projects/system-color-manager/</vendor_url>
+-  <icon_name>application-vnd.iccprofile</icon_name>
+-
+-  <action id="org.freedesktop.color-manager.create-device">
+-    <!-- SECURITY:
+-          - Normal users should not have to authenticate to add devices
+-     -->
+-    <_description>Create a color managed device</_description>
+-    <_message>Authentication is required to create a color managed device</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>yes</allow_active>
+-    </defaults>
+-  </action>
+-
+-  <action id="org.freedesktop.color-manager.create-profile">
+-    <!-- SECURITY:
+-          - Normal users should not have to authenticate to add profiles
+-     -->
+-    <_description>Create a color profile</_description>
+-    <_message>Authentication is required to create a color profile</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>yes</allow_active>
+-    </defaults>
+-  </action>
+-
+-  <action id="org.freedesktop.color-manager.delete-device">
+-    <!-- SECURITY:
+-          - Normal users should not have to authenticate to delete devices
+-     -->
+-    <_description>Remove a color managed device</_description>
+-    <_message>Authentication is required to remove a color managed device</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>yes</allow_active>
+-    </defaults>
+-  </action>
+-
+-  <action id="org.freedesktop.color-manager.delete-profile">
+-    <!-- SECURITY:
+-          - Normal users should not have to authenticate to delete profiles
+-     -->
+-    <_description>Remove a color profile</_description>
+-    <_message>Authentication is required to remove a color profile</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>yes</allow_active>
+-    </defaults>
+-  </action>
+-
+-  <action id="org.freedesktop.color-manager.modify-device">
+-    <!-- SECURITY:
+-          - Normal users should not have to authenticate to modify devices
+-     -->
+-    <_description>Modify color settings for a device</_description>
+-    <_message>Authentication is required to modify the color settings for a device</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>yes</allow_active>
+-    </defaults>
+-  </action>
+-
+-  <action id="org.freedesktop.color-manager.modify-profile">
+-    <!-- SECURITY:
+-          - Normal users should not have to authenticate to modify profiles
+-     -->
+-    <_description>Modify a color profile</_description>
+-    <_message>Authentication is required to modify a color profile</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>yes</allow_active>
+-    </defaults>
+-  </action>
+-
+-  <action id="org.freedesktop.color-manager.install-system-wide">
+-    <!-- SECURITY:
+-          - Normal users require admin authentication to install files system
+-            wide to apply color profiles for sessions that have not explicitly
+-            chosen profiles to apply.
+-          - This should not be set to 'yes' as unprivileged users could then
+-            set a profile set to all-white or all-black and thus make the
+-            other sessions unusable.
+-     -->
+-    <_description>Install system color profiles</_description>
+-    <_message>Authentication is required to install the color profile for all users</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>auth_admin_keep</allow_active>
+-    </defaults>
+-  </action>
+-
+-  <action id="org.freedesktop.color-manager.device-inhibit">
+-    <!-- SECURITY:
+-          - Normal users should not have to authenticate to profile
+-            devices.
+-     -->
+-    <_description>Inhibit color profile selection</_description>
+-    <_message>Authentication is required to disable profile matching for a device</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>yes</allow_active>
+-    </defaults>
+-  </action>
+-
+-  <action id="org.freedesktop.color-manager.sensor-lock">
+-    <!-- SECURITY:
+-          - Normal users should not have to authenticate to use the
+-            colorimeter device.
+-     -->
+-    <_description>Use color sensor</_description>
+-    <_message>Authentication is required to use the color sensor</_message>
+-    <icon_name>application-vnd.iccprofile</icon_name>
+-    <defaults>
+-      <allow_any>no</allow_any>
+-      <allow_inactive>no</allow_inactive>
+-      <allow_active>yes</allow_active>
+-    </defaults>
+-  </action>
+-
+-</policyconfig>
+-
+diff --git a/policy/org.freedesktop.color.policy.in.in b/policy/org.freedesktop.color.policy.in.in
+new file mode 100644
+index 0000000..4570f8f
+--- /dev/null
+++ b/policy/org.freedesktop.color.policy.in.in
+@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+<policyconfig>
+
+  <!--
+    Policy definitions for System Color Manager actions.
+    Copyright (c) 2010 Richard Hughes <richard@hughsie.com>
+  -->
+
+  <vendor>System Color Manager</vendor>
+  <vendor_url>http://www.freedesktop.org/projects/system-color-manager/</vendor_url>
+  <icon_name>application-vnd.iccprofile</icon_name>
+
+  <action id="org.freedesktop.color-manager.create-device">
+    <!-- SECURITY:
+          - Normal users should not have to authenticate to add devices
+     -->
+    <_description>Create a color managed device</_description>
+    <_message>Authentication is required to create a color managed device</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+  <action id="org.freedesktop.color-manager.create-profile">
+    <!-- SECURITY:
+          - Normal users should not have to authenticate to add profiles
+     -->
+    <_description>Create a color profile</_description>
+    <_message>Authentication is required to create a color profile</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+  <action id="org.freedesktop.color-manager.delete-device">
+    <!-- SECURITY:
+          - Normal users should not have to authenticate to delete devices
+     -->
+    <_description>Remove a color managed device</_description>
+    <_message>Authentication is required to remove a color managed device</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+  <action id="org.freedesktop.color-manager.delete-profile">
+    <!-- SECURITY:
+          - Normal users should not have to authenticate to delete profiles
+     -->
+    <_description>Remove a color profile</_description>
+    <_message>Authentication is required to remove a color profile</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+  <action id="org.freedesktop.color-manager.modify-device">
+    <!-- SECURITY:
+          - Normal users should not have to authenticate to modify devices
+     -->
+    <_description>Modify color settings for a device</_description>
+    <_message>Authentication is required to modify the color settings for a device</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+  <action id="org.freedesktop.color-manager.modify-profile">
+    <!-- SECURITY:
+          - Normal users should not have to authenticate to modify profiles
+     -->
+    <_description>Modify a color profile</_description>
+    <_message>Authentication is required to modify a color profile</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+  <action id="org.freedesktop.color-manager.install-system-wide">
+    <!-- SECURITY:
+          - Normal users require admin authentication to install files system
+            wide to apply color profiles for sessions that have not explicitly
+            chosen profiles to apply.
+          - This should not be set to 'yes' as unprivileged users could then
+            set a profile set to all-white or all-black and thus make the
+            other sessions unusable.
+     -->
+    <_description>Install system color profiles</_description>
+    <_message>Authentication is required to install the color profile for all users</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+  <action id="org.freedesktop.color-manager.device-inhibit">
+    <!-- SECURITY:
+          - Normal users should not have to authenticate to profile
+            devices.
+     -->
+    <_description>Inhibit color profile selection</_description>
+    <_message>Authentication is required to disable profile matching for a device</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+  <action id="org.freedesktop.color-manager.sensor-lock">
+    <!-- SECURITY:
+          - Normal users should not have to authenticate to use the
+            colorimeter device.
+     -->
+    <_description>Use color sensor</_description>
+    <_message>Authentication is required to use the color sensor</_message>
+    <icon_name>application-vnd.iccprofile</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+    <@ANNOTATE_OWNER@/>
+  </action>
+
+</policyconfig>
+
--- a/colord.changes
+++ b/colord.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Dec  8 20:25:09 UTC 2011 - dimstar@opensuse.org
+
+- Split typelib file into typelib-1_0-Colord-1_0 subpackage.
+- Add typelib-1_0-Colord-1_0 Requires to libcolord-devel
+  subpackage.
+
+-------------------------------------------------------------------
+Tue Dec  6 16:06:22 UTC 2011 - vuntz@opensuse.org
+
+- Run the colord daemon as user colord (bnc#698250):
+  + Add colord-polkit-annotate-owner.patch: add
+    org.freedesktop.policykit.owner annotations to policy file so
+    that running as colord user works.
+  + Add a %pre script to create the colord user and change
+    ownership of /var/lib/colord.
+  + Add pwdutils Requires(pre), to make sure we can create the
+    user.
+  + Pass --with-daemon-user=colord to configure.
+  + Package /var/lib/colord with the right user.
+  + Add libtool BuildRequires and calls to autoreconf and
+    intltoolize, as needed by above patch.
+
+-------------------------------------------------------------------
+Tue Nov 29 21:27:11 UTC 2011 - dimstar@opensuse.org
+
+- Update to version 0.1.15:
+  + This release fixes an important security bug: CVE-2011-4349.
+  + New Features:
+    - Add a native driver for the Hughski ColorHug hardware
+    - Export cd-math as three projects are now using it
+  + Bugfixes:
+    - Documentation fixes and improvements
+    - Do not crash the daemon if adding the device to the db failed
+    - Do not match any sensor device with a kernel driver
+    - Don't be obscure when the user passes a device-id to colormgr
+    - Fix a memory leak when getting properties from a device
+    - Fix colormgr device-get-default-profile
+    - Fix some conection bugs in colormgr
+    - Fix some potential SQL injections
+    - Make gusb optional
+    - Only use the udev USB helper if the PID and VID have matches
+    - Output the Huey calibration matrices when dumping the sensor
+
+-------------------------------------------------------------------
+Wed Nov 16 10:27:26 UTC 2011 - dimstar@opensuse.org
+
+- Update to version 0.1.14:
+  + New Features:
+    - Add defines for the i1 Display 3
+    - Add two more DATA_source values to the specification
+    - Align the output from colormgr get-devices and get-profiles
+    - Allow cd-fix-profile to append and edit new metadata
+  + Bugfixes:
+    - Ensure non-native device are added with no driver module
+    - Split the sensor and device udev code
+  + Updated translations.
+
 -------------------------------------------------------------------
 Fri Oct 28 14:31:58 UTC 2011 - lnussel@suse.de

--- a/colord.spec
+++ b/colord.spec
@ -15,19 +15,21 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #

-
-
 Name:           colord
-Version:        0.1.13
-Release:        1
-License:        GPLv2+
+Version:        0.1.15
+Release:        0
 Summary:        System Daemon for Managing Color Devices
-Url:            http://colord.hughsie.com/
+License:        GPL-2.0+
 Group:          System/Daemons
+Url:            http://colord.hughsie.com/
 Source0:        http://www.freedesktop.org/software/colord/releases/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM colord-polkit-annotate-owner.patch vuntz@opensuse.org -- Add org.freedesktop.policykit.owner annotations to policy file; will enter git very soon
+Patch1:         colord-polkit-annotate-owner.patch
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  intltool
+# needed for patch1
+BuildRequires:  libtool
 BuildRequires:  sane-backends-devel
 BuildRequires:  vala
 # Only needed because we don't (and won't) support building xz tarballs by default... See bnc#697467
@ -43,6 +45,7 @@ BuildRequires:  pkgconfig(lcms2)
 BuildRequires:  pkgconfig(libusb-1.0) >= 1.0.0
 BuildRequires:  pkgconfig(polkit-gobject-1)
 BuildRequires:  pkgconfig(sqlite3)
+Requires(pre):  pwdutils
 Requires:       shared-color-profiles
 Recommends:     %{name}-lang
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -62,10 +65,23 @@ colord is a system activated daemon that maps devices to color profiles.
 It is used by gnome-color-manager for system integration and use when
 there are no users logged in.

+%package -n typelib-1_0-Colord-1_0
+Summary:        System Daemon for Managing Color Devices -- Introspection bindings
+Group:          System/Libraries
+
+%description -n typelib-1_0-Colord-1_0
+colord is a system activated daemon that maps devices to color profiles.
+It is used by gnome-color-manager for system integration and use when
+there are no users logged in.
+
+This package provides the GObject Introspection bindings for the
+libcolord library.
+
 %package -n libcolord-devel
 Summary:        System Daemon for Managing Color Devices -- Development Files
 Group:          Development/Languages/C and C++
 Requires:       libcolord1 = %{version}
+Requires:       typelib-1_0-Colord-1_0 = %{version}

 %description -n libcolord-devel
 colord is a system activated daemon that maps devices to color profiles.
@ -75,11 +91,16 @@ there are no users logged in.
 %lang_package
 %prep
 %setup -q
+%patch1 -p1

 %build
+# needed for patch1
+autoreconf -fi
+intltoolize --force
 %configure \
    --disable-static \
-    --enable-polkit
+    --enable-polkit \
+    --with-daemon-user=colord
 make %{?_smp_mflags}

 %install
@ -96,6 +117,13 @@ test ! -f *.[2-9]
 popd
 %find_lang %{name}

+%pre
+getent group colord >/dev/null || groupadd -r colord
+getent passwd colord >/dev/null || useradd -r -g colord -d %{_localstatedir}/lib/colord -s /sbin/nologin -c "user for colord" colord
+# Fix ownership of /var/lib/colord from first packages (in 12.1)
+test ! -d %{_localstatedir}/lib/colord || chown -R colord:colord %{_localstatedir}/lib/colord
+exit 0
+
 %post -n libcolord1 -p /sbin/ldconfig

 %postun -n libcolord1 -p /sbin/ldconfig
@ -104,6 +132,7 @@ popd
 %defattr(-,root,root)
 %doc AUTHORS ChangeLog COPYING NEWS README
 /lib/udev/rules.d/*.rules
+%attr(755,colord,colord) %dir %{_localstatedir}/lib/colord
 %config(noreplace) %{_sysconfdir}/%{name}.conf
 %{_sysconfdir}/dbus-1/system.d/org.freedesktop.ColorManager.conf
 %{_bindir}/cd-create-profile
@ -122,6 +151,9 @@ popd
 %files -n libcolord1
 %defattr(-, root, root)
 %{_libdir}/libcolord.so.*
+
+%files -n typelib-1_0-Colord-1_0
+%defattr(-,root,root)
 %{_libdir}/girepository-1.0/Colord-1.0.typelib

 %files -n libcolord-devel