Accepting request 241428 from KDE:Frameworks5

- Added 0001-Fix-race-condition.patch for resolving bnc#864716 - Install org.kde.kf5auth.conf, now that it's whitelisted OBS-URL: https://build.opensuse.org/request/show/241428 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kauth?expand=0&rev=9
2014-07-21 19:39:47 +00:00 · 2014-07-21 19:39:47 +00:00 · d1ce2381e9
commit d1ce2381e9
parent 505e1431ff 12a36c14b8
3 changed files with 64 additions and 4 deletions
--- a/0001-Fix-race-condition.patch
+++ b/0001-Fix-race-condition.patch
@ -0,0 +1,46 @@
+commit 2ccf7af0bfd9ee1c3e5699eb0f5d6d65a6fb834e
+Author: Martin Sandsmark <martin.sandsmark@kde.org>
+Date:   Wed Jul 16 17:58:49 2014 +0200
+
+    Fix race condition.
+    
+    Using the PID based method in polkit is deprecated because of PID reuse
+    races.
+
+diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp
+index 165f7bb..5cac3fb 100644
+--- a/src/backends/polkit-1/Polkit1Backend.cpp
+++ b/src/backends/polkit-1/Polkit1Backend.cpp
+@@ -142,7 +142,7 @@ void Polkit1Backend::setupAction(const QString &action)
+ 
+ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+ {
+-    PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
+    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
+     PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
+                                      PolkitQt1::Authority::None);
+     switch (r) {
+@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+ 
+ QByteArray Polkit1Backend::callerID() const
+ {
+-    QByteArray a;
+-    QDataStream s(&a, QIODevice::WriteOnly);
+-    s << QCoreApplication::applicationPid();
+-
+-    return a;
+        return QDBusConnection::systemBus().baseService().toUtf8();
+ }
+ 
+ bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+-    QDataStream s(&callerID, QIODevice::ReadOnly);
+-    qint64 pid;
+-
+-    s >> pid;
+-
+-    PolkitQt1::UnixProcessSubject subject(pid);
+    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
+     PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
+ 
+     PolkitResultEventLoop e;
--- a/kauth.changes
+++ b/kauth.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri Jul 18 08:12:36 UTC 2014 - hrvoje.senjan@gmail.com
+
+- Install org.kde.kf5auth.conf, now that it's whitelisted
+
+-------------------------------------------------------------------
+Wed Jul 16 21:31:42 UTC 2014 - hrvoje.senjan@gmail.com
+
+- Added 0001-Fix-race-condition.patch for resolving bnc#864716
+
 -------------------------------------------------------------------
 Fri Jul 11 09:48:36 UTC 2014 - hrvoje.senjan@gmail.com

--- a/kauth.spec
+++ b/kauth.spec
@ -40,6 +40,8 @@ Source1:        baselibs.conf
 Patch0:         polkit-qt5-support.patch
 # PATCH-FIX-UPSTREAM 0001-Pass-trailing-slash-to-searched-backend-helper-plugi.patch
 Patch1:         0001-Pass-trailing-slash-to-searched-backend-helper-plugi.patch
+# PATCH-FIX-UPSTREAM 0001-Fix-race-condition.patch -- https://git.reviewboard.kde.org/r/119323/
+Patch2:         0001-Fix-race-condition.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -70,6 +72,7 @@ Development files.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 %build
  %cmake_kf5 -d build -- -DSYSCONF_INSTALL_DIR=%{_kf5_sysconfdir}
@ -81,8 +84,10 @@ Development files.

  %find_lang %{name}5 --with-qt --without-mo

-# Comment out until security review is done!
-# echo "setBadness('suse-dbus-unauthorized-service', 0)" > $RPM_SOURCE_DIR/%name-rpmlintrc
+%if 0%{?suse_version} <= 1310
+# we need this for older oS releases; only Factory/13.2 has the whitelist
+echo "setBadness('suse-dbus-unauthorized-service', 0)" > $RPM_SOURCE_DIR/%name-rpmlintrc
+%endif

 %post -n %lname -p /sbin/ldconfig

@ -97,8 +102,7 @@ Development files.
 %{_kf5_plugindir}/
 %dir %{_kf5_libdir}/libexec
 %{_kf5_libdir}/libexec/kauth
-# Until security review is done!
-%exclude %{_kf5_sysconfdir}/dbus-1/system.d/org.kde.kf5auth.conf
+%config %{_kf5_sysconfdir}/dbus-1/system.d/org.kde.kf5auth.conf

 %files devel
 %defattr(-,root,root)