diff --git a/0001-Fix-race-condition.patch b/0001-Fix-race-condition.patch new file mode 100644 index 0000000..843e002 --- /dev/null +++ b/0001-Fix-race-condition.patch @@ -0,0 +1,46 @@ +commit 2ccf7af0bfd9ee1c3e5699eb0f5d6d65a6fb834e +Author: Martin Sandsmark +Date: Wed Jul 16 17:58:49 2014 +0200 + + Fix race condition. + + Using the PID based method in polkit is deprecated because of PID reuse + races. + +diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp +index 165f7bb..5cac3fb 100644 +--- a/src/backends/polkit-1/Polkit1Backend.cpp ++++ b/src/backends/polkit-1/Polkit1Backend.cpp +@@ -142,7 +142,7 @@ void Polkit1Backend::setupAction(const QString &action) + + Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + { +- PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid()); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID())); + PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject, + PolkitQt1::Authority::None); + switch (r) { +@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action) + + QByteArray Polkit1Backend::callerID() const + { +- QByteArray a; +- QDataStream s(&a, QIODevice::WriteOnly); +- s << QCoreApplication::applicationPid(); +- +- return a; ++ return QDBusConnection::systemBus().baseService().toUtf8(); + } + + bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID) + { +- QDataStream s(&callerID, QIODevice::ReadOnly); +- qint64 pid; +- +- s >> pid; +- +- PolkitQt1::UnixProcessSubject subject(pid); ++ PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID)); + PolkitQt1::Authority *authority = PolkitQt1::Authority::instance(); + + PolkitResultEventLoop e; diff --git a/kauth.changes b/kauth.changes index 70c6df7..098145e 100644 --- a/kauth.changes +++ b/kauth.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Jul 18 08:12:36 UTC 2014 - hrvoje.senjan@gmail.com + +- Install org.kde.kf5auth.conf, now that it's whitelisted + +------------------------------------------------------------------- +Wed Jul 16 21:31:42 UTC 2014 - hrvoje.senjan@gmail.com + +- Added 0001-Fix-race-condition.patch for resolving bnc#864716 + ------------------------------------------------------------------- Fri Jul 11 09:48:36 UTC 2014 - hrvoje.senjan@gmail.com diff --git a/kauth.spec b/kauth.spec index 9503935..6600687 100644 --- a/kauth.spec +++ b/kauth.spec @@ -40,6 +40,8 @@ Source1: baselibs.conf Patch0: polkit-qt5-support.patch # PATCH-FIX-UPSTREAM 0001-Pass-trailing-slash-to-searched-backend-helper-plugi.patch Patch1: 0001-Pass-trailing-slash-to-searched-backend-helper-plugi.patch +# PATCH-FIX-UPSTREAM 0001-Fix-race-condition.patch -- https://git.reviewboard.kde.org/r/119323/ +Patch2: 0001-Fix-race-condition.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -70,6 +72,7 @@ Development files. %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build %cmake_kf5 -d build -- -DSYSCONF_INSTALL_DIR=%{_kf5_sysconfdir} @@ -81,8 +84,10 @@ Development files. %find_lang %{name}5 --with-qt --without-mo -# Comment out until security review is done! -# echo "setBadness('suse-dbus-unauthorized-service', 0)" > $RPM_SOURCE_DIR/%name-rpmlintrc +%if 0%{?suse_version} <= 1310 +# we need this for older oS releases; only Factory/13.2 has the whitelist +echo "setBadness('suse-dbus-unauthorized-service', 0)" > $RPM_SOURCE_DIR/%name-rpmlintrc +%endif %post -n %lname -p /sbin/ldconfig @@ -97,8 +102,7 @@ Development files. %{_kf5_plugindir}/ %dir %{_kf5_libdir}/libexec %{_kf5_libdir}/libexec/kauth -# Until security review is done! -%exclude %{_kf5_sysconfdir}/dbus-1/system.d/org.kde.kf5auth.conf +%config %{_kf5_sysconfdir}/dbus-1/system.d/org.kde.kf5auth.conf %files devel %defattr(-,root,root)