From d0940071bac00501a71798350f840ba6caa4457775f5dfb8fa98632e853c4885 Mon Sep 17 00:00:00 2001
From: Hrvoje Senjan <hrvoje.senjan@gmail.com>
Date: Wed, 16 Jul 2014 21:34:46 +0000
Subject: [PATCH 1/4] OBS-URL:
 https://build.opensuse.org/package/show/KDE:Frameworks5/kauth?expand=0&rev=36

---
 0001-Fix-race-condition.patch | 42 +++++++++++++++++++++++++++++++++++
 kauth.changes                 |  5 +++++
 kauth.spec                    |  3 +++
 3 files changed, 50 insertions(+)
 create mode 100644 0001-Fix-race-condition.patch

diff --git a/0001-Fix-race-condition.patch b/0001-Fix-race-condition.patch
new file mode 100644
index 0000000..cc787df
--- /dev/null
+++ b/0001-Fix-race-condition.patch
@@ -0,0 +1,42 @@
+From ecf0566285599605565cdb769f19160dfdfc5d12 Mon Sep 17 00:00:00 2001
+From: Martin Sandsmark <martin.sandsmark@kde.org>
+Date: Wed, 16 Jul 2014 17:58:49 +0200
+Subject: [PATCH] Fix race condition.
+
+Using the PID based method in polkit is deprecated because of PID reuse
+races.
+---
+ src/backends/polkit-1/Polkit1Backend.cpp | 13 ++-----------
+ 1 file changed, 2 insertions(+), 11 deletions(-)
+
+diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp
+index 165f7bb..1e6febe 100644
+--- a/src/backends/polkit-1/Polkit1Backend.cpp
++++ b/src/backends/polkit-1/Polkit1Backend.cpp
+@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+ 
+ QByteArray Polkit1Backend::callerID() const
+ {
+-    QByteArray a;
+-    QDataStream s(&a, QIODevice::WriteOnly);
+-    s << QCoreApplication::applicationPid();
+-
+-    return a;
++        return QDBusConnection::systemBus().baseService().toUtf8();
+ }
+ 
+ bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
+ {
+-    QDataStream s(&callerID, QIODevice::ReadOnly);
+-    qint64 pid;
+-
+-    s >> pid;
+-
+-    PolkitQt1::UnixProcessSubject subject(pid);
++    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
+     PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
+ 
+     PolkitResultEventLoop e;
+-- 
+1.9.1
+
diff --git a/kauth.changes b/kauth.changes
index 70c6df7..420db86 100644
--- a/kauth.changes
+++ b/kauth.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Jul 16 21:31:42 UTC 2014 - hrvoje.senjan@gmail.com
+
+- Added 0001-Fix-race-condition.patch for resolving bnc#864716
+
 -------------------------------------------------------------------
 Fri Jul 11 09:48:36 UTC 2014 - hrvoje.senjan@gmail.com
 
diff --git a/kauth.spec b/kauth.spec
index 9503935..93aed3f 100644
--- a/kauth.spec
+++ b/kauth.spec
@@ -40,6 +40,8 @@ Source1:        baselibs.conf
 Patch0:         polkit-qt5-support.patch
 # PATCH-FIX-UPSTREAM 0001-Pass-trailing-slash-to-searched-backend-helper-plugi.patch
 Patch1:         0001-Pass-trailing-slash-to-searched-backend-helper-plugi.patch
+# PATCH-FIX-UPSTREAM 0001-Fix-race-condition.patch -- https://git.reviewboard.kde.org/r/119323/
+Patch2:         0001-Fix-race-condition.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -70,6 +72,7 @@ Development files.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
   %cmake_kf5 -d build -- -DSYSCONF_INSTALL_DIR=%{_kf5_sysconfdir}

From 66a643ffb39fad92937c9713742e71e9d8dafa86e1174786c4bc1037df1a766b Mon Sep 17 00:00:00 2001
From: Hrvoje Senjan <hrvoje.senjan@gmail.com>
Date: Thu, 17 Jul 2014 05:02:51 +0000
Subject: [PATCH 2/4] OBS-URL:
 https://build.opensuse.org/package/show/KDE:Frameworks5/kauth?expand=0&rev=37

---
 0001-Fix-race-condition.patch | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/0001-Fix-race-condition.patch b/0001-Fix-race-condition.patch
index cc787df..9701901 100644
--- a/0001-Fix-race-condition.patch
+++ b/0001-Fix-race-condition.patch
@@ -13,7 +13,17 @@ diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Po
 index 165f7bb..1e6febe 100644
 --- a/src/backends/polkit-1/Polkit1Backend.cpp
 +++ b/src/backends/polkit-1/Polkit1Backend.cpp
-@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+@@ -142,7 +142,8 @@ void Polkit1Backend::setupAction(const QString &action)
+ 
+ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+ {
+-    PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
++    PolkitQt1::SystemBusNameSubject subject(QDBusConnection::systemBus().baseService());
++    qDebug() << "actionStatus called with subject:" << QDBusConnection::systemBus().baseService();
+     PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
+                                      PolkitQt1::Authority::None);
+     switch (r) {
+@@ -158,21 +159,13 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
  
  QByteArray Polkit1Backend::callerID() const
  {
@@ -34,6 +44,7 @@ index 165f7bb..1e6febe 100644
 -
 -    PolkitQt1::UnixProcessSubject subject(pid);
 +    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
++    qDebug() << "isCallerAuthorized called with subject:" << callerID;
      PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
  
      PolkitResultEventLoop e;

From ee66e2a9d378e04e0b13fe862b9101b5a0aa6d6176ec818ea71e8dd56165e6e8 Mon Sep 17 00:00:00 2001
From: Hrvoje Senjan <hrvoje.senjan@gmail.com>
Date: Fri, 18 Jul 2014 08:13:55 +0000
Subject: [PATCH 3/4] OBS-URL:
 https://build.opensuse.org/package/show/KDE:Frameworks5/kauth?expand=0&rev=38

---
 0001-Fix-race-condition.patch | 22 +++-------------------
 kauth.changes                 |  5 +++++
 kauth.spec                    |  9 +++++----
 3 files changed, 13 insertions(+), 23 deletions(-)

diff --git a/0001-Fix-race-condition.patch b/0001-Fix-race-condition.patch
index 9701901..e4274d8 100644
--- a/0001-Fix-race-condition.patch
+++ b/0001-Fix-race-condition.patch
@@ -1,29 +1,17 @@
-From ecf0566285599605565cdb769f19160dfdfc5d12 Mon Sep 17 00:00:00 2001
-From: Martin Sandsmark <martin.sandsmark@kde.org>
-Date: Wed, 16 Jul 2014 17:58:49 +0200
-Subject: [PATCH] Fix race condition.
-
-Using the PID based method in polkit is deprecated because of PID reuse
-races.
----
- src/backends/polkit-1/Polkit1Backend.cpp | 13 ++-----------
- 1 file changed, 2 insertions(+), 11 deletions(-)
-
 diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp
-index 165f7bb..1e6febe 100644
+index 165f7bb..525e920 100644
 --- a/src/backends/polkit-1/Polkit1Backend.cpp
 +++ b/src/backends/polkit-1/Polkit1Backend.cpp
-@@ -142,7 +142,8 @@ void Polkit1Backend::setupAction(const QString &action)
+@@ -142,7 +142,7 @@ void Polkit1Backend::setupAction(const QString &action)
  
  Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
  {
 -    PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
 +    PolkitQt1::SystemBusNameSubject subject(QDBusConnection::systemBus().baseService());
-+    qDebug() << "actionStatus called with subject:" << QDBusConnection::systemBus().baseService();
      PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
                                       PolkitQt1::Authority::None);
      switch (r) {
-@@ -158,21 +159,13 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
+@@ -158,21 +158,12 @@ Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
  
  QByteArray Polkit1Backend::callerID() const
  {
@@ -44,10 +32,6 @@ index 165f7bb..1e6febe 100644
 -
 -    PolkitQt1::UnixProcessSubject subject(pid);
 +    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
-+    qDebug() << "isCallerAuthorized called with subject:" << callerID;
      PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
  
      PolkitResultEventLoop e;
--- 
-1.9.1
-
diff --git a/kauth.changes b/kauth.changes
index 420db86..098145e 100644
--- a/kauth.changes
+++ b/kauth.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Jul 18 08:12:36 UTC 2014 - hrvoje.senjan@gmail.com
+
+- Install org.kde.kf5auth.conf, now that it's whitelisted
+
 -------------------------------------------------------------------
 Wed Jul 16 21:31:42 UTC 2014 - hrvoje.senjan@gmail.com
 
diff --git a/kauth.spec b/kauth.spec
index 93aed3f..6600687 100644
--- a/kauth.spec
+++ b/kauth.spec
@@ -84,8 +84,10 @@ Development files.
 
   %find_lang %{name}5 --with-qt --without-mo
 
-# Comment out until security review is done!
-# echo "setBadness('suse-dbus-unauthorized-service', 0)" > $RPM_SOURCE_DIR/%name-rpmlintrc
+%if 0%{?suse_version} <= 1310
+# we need this for older oS releases; only Factory/13.2 has the whitelist
+echo "setBadness('suse-dbus-unauthorized-service', 0)" > $RPM_SOURCE_DIR/%name-rpmlintrc
+%endif
 
 %post -n %lname -p /sbin/ldconfig
 
@@ -100,8 +102,7 @@ Development files.
 %{_kf5_plugindir}/
 %dir %{_kf5_libdir}/libexec
 %{_kf5_libdir}/libexec/kauth
-# Until security review is done!
-%exclude %{_kf5_sysconfdir}/dbus-1/system.d/org.kde.kf5auth.conf
+%config %{_kf5_sysconfdir}/dbus-1/system.d/org.kde.kf5auth.conf
 
 %files devel
 %defattr(-,root,root)

From 12a36c14b8e835c64e6d8604cb74a6a2d4a859988979252b2aa2067b56714ccd Mon Sep 17 00:00:00 2001
From: Hrvoje Senjan <hrvoje.senjan@gmail.com>
Date: Fri, 18 Jul 2014 08:15:26 +0000
Subject: [PATCH 4/4] OBS-URL:
 https://build.opensuse.org/package/show/KDE:Frameworks5/kauth?expand=0&rev=39

---
 0001-Fix-race-condition.patch | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/0001-Fix-race-condition.patch b/0001-Fix-race-condition.patch
index e4274d8..843e002 100644
--- a/0001-Fix-race-condition.patch
+++ b/0001-Fix-race-condition.patch
@@ -1,5 +1,14 @@
+commit 2ccf7af0bfd9ee1c3e5699eb0f5d6d65a6fb834e
+Author: Martin Sandsmark <martin.sandsmark@kde.org>
+Date:   Wed Jul 16 17:58:49 2014 +0200
+
+    Fix race condition.
+    
+    Using the PID based method in polkit is deprecated because of PID reuse
+    races.
+
 diff --git a/src/backends/polkit-1/Polkit1Backend.cpp b/src/backends/polkit-1/Polkit1Backend.cpp
-index 165f7bb..525e920 100644
+index 165f7bb..5cac3fb 100644
 --- a/src/backends/polkit-1/Polkit1Backend.cpp
 +++ b/src/backends/polkit-1/Polkit1Backend.cpp
 @@ -142,7 +142,7 @@ void Polkit1Backend::setupAction(const QString &action)
@@ -7,7 +16,7 @@ index 165f7bb..525e920 100644
  Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
  {
 -    PolkitQt1::UnixProcessSubject subject(QCoreApplication::applicationPid());
-+    PolkitQt1::SystemBusNameSubject subject(QDBusConnection::systemBus().baseService());
++    PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
      PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
                                       PolkitQt1::Authority::None);
      switch (r) {