diff --git a/20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch b/20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch deleted file mode 100644 index f5fb5cb..0000000 --- a/20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 20a2d7f7b80a1847f36236d40388f14ae99fa94b Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Sat, 24 Jul 2021 23:00:04 +0200 -Subject: [PATCH] tests: Add tests for quiet profile support - ---- - tests/integration-test | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/tests/integration-test b/tests/integration-test -index 848f743..9ff577f 100755 ---- a/tests/integration-test -+++ b/tests/integration-test -@@ -559,6 +559,28 @@ class Tests(dbusmock.DBusTestCase): - - self.stop_daemon() - -+ def test_quiet(self): -+ # Uses cool instead of low-power -+ acpi_dir = os.path.join(self.testbed.get_root_dir(), "sys/firmware/acpi/") -+ os.makedirs(acpi_dir) -+ with open(os.path.join(acpi_dir, "platform_profile") ,'w') as profile: -+ profile.write("cool\n") -+ with open(os.path.join(acpi_dir, "platform_profile_choices") ,'w') as choices: -+ choices.write("quiet balanced balanced-performance performance\n") -+ -+ self.start_daemon() -+ profiles = self.get_dbus_property('Profiles') -+ self.assertEqual(len(profiles), 3) -+ self.assertEqual(profiles[0]['Driver'], 'platform_profile') -+ self.assertEqual(profiles[0]['Profile'], 'power-saver') -+ self.assertEqual(self.get_dbus_property('ActiveProfile'), 'balanced') -+ self.assertEqual(self.read_sysfs_file("sys/firmware/acpi/platform_profile"), b'balanced') -+ self.set_dbus_property('ActiveProfile', GLib.Variant.new_string('power-saver')) -+ self.assertEqual(self.get_dbus_property('ActiveProfile'), 'power-saver') -+ self.assertEqual(self.read_sysfs_file("sys/firmware/acpi/platform_profile"), b'quiet') -+ -+ self.stop_daemon() -+ - def test_hold_release_profile(self): - self.create_platform_profile() - self.start_daemon() --- -GitLab - diff --git a/c9b646025d9f155509a6cda1c292bfd120daeb9e.patch b/c9b646025d9f155509a6cda1c292bfd120daeb9e.patch deleted file mode 100644 index f02512e..0000000 --- a/c9b646025d9f155509a6cda1c292bfd120daeb9e.patch +++ /dev/null @@ -1,37 +0,0 @@ -From c9b646025d9f155509a6cda1c292bfd120daeb9e Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Sat, 24 Jul 2021 22:59:12 +0200 -Subject: [PATCH] platform-profile: Add support for 'quiet' profile - ---- - src/ppd-driver-platform-profile.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/ppd-driver-platform-profile.c b/src/ppd-driver-platform-profile.c -index 1da5a75..8111251 100644 ---- a/src/ppd-driver-platform-profile.c -+++ b/src/ppd-driver-platform-profile.c -@@ -59,7 +59,9 @@ profile_to_acpi_platform_profile_value (PpdDriverPlatformProfile *self, - case PPD_PROFILE_POWER_SAVER: - if (g_strv_contains ((const char * const*) self->profile_choices, "low-power")) - return "low-power"; -- return "cool"; -+ if (g_strv_contains ((const char * const*) self->profile_choices, "cool")) -+ return "cool"; -+ return "quiet"; - case PPD_PROFILE_BALANCED: - return "balanced"; - case PPD_PROFILE_PERFORMANCE: -@@ -141,7 +143,8 @@ verify_acpi_platform_profile_choices (PpdDriverPlatformProfile *self) - const char * const *choices = (const char * const*) self->profile_choices; - - if ((g_strv_contains (choices, "low-power") || -- g_strv_contains (choices, "cool")) && -+ g_strv_contains (choices, "cool") || -+ g_strv_contains (choices, "quiet")) && - g_strv_contains (choices, "balanced") && - g_strv_contains (choices, "performance")) - return PPD_PROBE_RESULT_SUCCESS; --- -GitLab - diff --git a/f83685732b9dd8211840645ce76f43718b30218b.patch b/f83685732b9dd8211840645ce76f43718b30218b.patch new file mode 100644 index 0000000..6045872 --- /dev/null +++ b/f83685732b9dd8211840645ce76f43718b30218b.patch @@ -0,0 +1,75 @@ +From f83685732b9dd8211840645ce76f43718b30218b Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Wed, 6 Oct 2021 10:22:10 +0200 +Subject: [PATCH] build: Make pylint test optional + +As power-profiles-daemon keeps getting built with slightly different +versions of pylint with newer warnings, disable pylint test by default +to avoid getting bug reports about it. + +Closes: #52 +--- + .gitlab-ci.yml | 2 +- + meson.build | 6 ++++-- + meson_options.txt | 4 ++++ + src/meson.build | 2 +- + 4 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml +index ab28029..592a89d 100644 +--- a/.gitlab-ci.yml ++++ b/.gitlab-ci.yml +@@ -22,7 +22,7 @@ build_stable: + - dnf upgrade -y --nogpgcheck fedora-release fedora-repos* + - dnf update -y && dnf install -y $DEPENDENCIES + script: +- - meson -Dgtk_doc=true _build ++ - meson -Dgtk_doc=true -Dpylint=true _build + - ninja -v -C _build + - ninja -v -C _build install + - ninja -v -C _build uninstall +diff --git a/meson.build b/meson.build +index 70ab243..4ae43c0 100644 +--- a/meson.build ++++ b/meson.build +@@ -42,8 +42,10 @@ gnome = import('gnome') + add_global_arguments('-D_GNU_SOURCE=1', language: 'c') + add_global_arguments(common_cflags, language: 'c') + +-pylint = find_program('pylint-3', 'pylint3', 'pylint', required: false) +-pylint_flags = ['-d', 'C0116', '-d', 'C0114', '-d', 'W0707'] ++if get_option('pylint') ++ pylint = find_program('pylint-3', 'pylint3', 'pylint', required: true) ++ pylint_flags = ['-d', 'C0116', '-d', 'C0114', '-d', 'W0707'] ++endif + xmllint = find_program('xmllint', required: false) + + subdir('src') +diff --git a/meson_options.txt b/meson_options.txt +index a3789f6..7e89619 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -6,3 +6,7 @@ option('gtk_doc', + type: 'boolean', + value: false, + description: 'Build docs') ++option('pylint', ++ type: 'boolean', ++ value: false, ++ description: 'Run pylint checks, for developers only') +diff --git a/src/meson.build b/src/meson.build +index 0c00564..f20e42a 100644 +--- a/src/meson.build ++++ b/src/meson.build +@@ -72,7 +72,7 @@ script = configure_file( + install_dir: get_option('bindir') + ) + +-if pylint.found() ++if get_option('pylint') + test('pylint-powerprofilesctl', + pylint, + args: pylint_flags + [ script ], +-- +GitLab + diff --git a/hold-profile-hardening.patch b/hold-profile-hardening.patch new file mode 100644 index 0000000..ea67b2b --- /dev/null +++ b/hold-profile-hardening.patch @@ -0,0 +1,53 @@ +Index: power-profiles-daemon-0.9.0/src/power-profiles-daemon.c +=================================================================== +--- power-profiles-daemon-0.9.0.orig/src/power-profiles-daemon.c ++++ power-profiles-daemon-0.9.0/src/power-profiles-daemon.c +@@ -526,6 +526,29 @@ holder_disappeared (GDBusConnection *con + g_ptr_array_free (cookies, TRUE); + } + ++#define MAX_UNTRUSTED_STR_LEN 1024 ++#define MAX_PROFILE_HOLDS 32 ++ ++static gboolean ++check_sane_string(const char *s) ++{ ++ guint i; ++ ++ for (i = 0; s[i] != 0; i++) { ++ gchar ch = s[i]; ++ ++ if (i > MAX_UNTRUSTED_STR_LEN) ++ return FALSE; ++ ++ if (g_ascii_isalnum(ch) || g_ascii_isspace(ch)) ++ continue; ++ ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ + static void + hold_profile (PpdApp *data, + GVariant *parameters, +@@ -548,6 +571,18 @@ hold_profile (PpdApp *dat + return; + } + ++ if (!check_sane_string(reason) || !check_sane_string(application_id)) { ++ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, ++ "Input strings are too long or contain invalid characters"); ++ return; ++ } ++ ++ if (g_hash_table_size(data->profile_holds) > MAX_PROFILE_HOLDS) { ++ g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_LIMITS_EXCEEDED, ++ "Too many profile holds already active"); ++ return; ++ } ++ + hold = g_new0 (ProfileHold, 1); + hold->profile = profile; + hold->reason = g_strdup (reason); diff --git a/power-profiles-daemon-0.10.0.tar.bz2 b/power-profiles-daemon-0.10.0.tar.bz2 new file mode 100644 index 0000000..1a56363 --- /dev/null +++ b/power-profiles-daemon-0.10.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8abc36acb4abeef8731f09b97931b894fcc11c2e6c7806adbd0652264318b92d +size 43887 diff --git a/power-profiles-daemon-0.9.0.tar.bz2 b/power-profiles-daemon-0.9.0.tar.bz2 deleted file mode 100644 index a0a50a2..0000000 --- a/power-profiles-daemon-0.9.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:67278728af6661b805dcf8dcaf96b9c89ecde928147dc4dca45f82e273ba3b80 -size 41940 diff --git a/power-profiles-daemon-polkit-policy.patch b/power-profiles-daemon-polkit-policy.patch deleted file mode 100644 index 6a0ddf7..0000000 --- a/power-profiles-daemon-polkit-policy.patch +++ /dev/null @@ -1,226 +0,0 @@ -From 9d6e1735f3859ce8ead1847bc473e44a27b82f65 Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Tue, 28 Sep 2021 12:55:59 +0200 -Subject: [PATCH 1/3] data: Add polkit policy description - -Describe and set defaults for switching and holding power profiles. ---- - data/meson.build | 15 ++++++++++++++ - data/net.hadess.PowerProfiles.policy | 31 ++++++++++++++++++++++++++++ - meson.build | 1 + - 3 files changed, 47 insertions(+) - create mode 100644 data/net.hadess.PowerProfiles.policy - -Index: power-profiles-daemon-0.9.0/data/meson.build -=================================================================== ---- power-profiles-daemon-0.9.0.orig/data/meson.build -+++ power-profiles-daemon-0.9.0/data/meson.build -@@ -19,3 +19,18 @@ install_data( - 'net.hadess.PowerProfiles.service', - install_dir: dbusservicedir - ) -+ -+polkit_policy = 'net.hadess.PowerProfiles.policy' -+if xmllint.found() -+ test(polkit_policy, -+ xmllint, -+ args: [ -+ '--noout', -+ meson.source_root() / 'data' / polkit_policy, -+ ]) -+endif -+ -+install_data( -+ polkit_policy, -+ install_dir: polkit_policy_directory, -+) -Index: power-profiles-daemon-0.9.0/data/net.hadess.PowerProfiles.policy -=================================================================== ---- /dev/null -+++ power-profiles-daemon-0.9.0/data/net.hadess.PowerProfiles.policy -@@ -0,0 +1,31 @@ -+ -+ -+ -+ -+ -+ power-profiles-daemon -+ https://gitlab.freedesktop.org/hadess/power-profiles-daemon -+ -+ -+ Switch Power Profile -+ Privileges are required to switch power profiles. -+ -+ no -+ no -+ yes -+ -+ -+ -+ -+ Hold Power Profile -+ Privileges are required to hold power profiles. -+ -+ no -+ no -+ yes -+ -+ -+ -+ -Index: power-profiles-daemon-0.9.0/meson.build -=================================================================== ---- power-profiles-daemon-0.9.0.orig/meson.build -+++ power-profiles-daemon-0.9.0/meson.build -@@ -34,6 +34,8 @@ endif - gio_dep = dependency('gio-2.0') - gudev_dep = dependency('gudev-1.0', version: '>= 234') - upower_dep = dependency('upower-glib') -+polkit_gobject_dep = dependency('polkit-gobject-1', version: '>= 0.91') -+polkit_policy_directory = polkit_gobject_dep.get_pkgconfig_variable('policydir') - - gnome = import('gnome') - -@@ -42,6 +44,7 @@ add_global_arguments(common_cflags, lang - - pylint = find_program('pylint-3', 'pylint3', 'pylint', required: false) - pylint_flags = ['-d', 'C0116', '-d', 'C0114', '-d', 'W0707'] -+xmllint = find_program('xmllint', required: false) - - subdir('src') - subdir('data') -Index: power-profiles-daemon-0.9.0/.gitlab-ci.yml -=================================================================== ---- power-profiles-daemon-0.9.0.orig/.gitlab-ci.yml -+++ power-profiles-daemon-0.9.0/.gitlab-ci.yml -@@ -8,6 +8,7 @@ variables: - pkgconfig(gio-2.0) - pkgconfig(gudev-1.0) - pkgconfig(upower-glib) -+ pkgconfig(polkit-gobject-1) - systemd - meson - git -Index: power-profiles-daemon-0.9.0/README.md -=================================================================== ---- power-profiles-daemon-0.9.0.orig/README.md -+++ power-profiles-daemon-0.9.0/README.md -@@ -9,7 +9,7 @@ Installation - $ meson _build -Dprefix=/usr - $ ninja -v -C _build install - ``` --It requires libgudev and systemd. -+It requires libgudev, systemd and polkit-gobject. - - Introduction - ------------ -Index: power-profiles-daemon-0.9.0/src/meson.build -=================================================================== ---- power-profiles-daemon-0.9.0.orig/src/meson.build -+++ power-profiles-daemon-0.9.0/src/meson.build -@@ -1,4 +1,4 @@ --deps = [ gio_dep, gudev_dep, upower_dep ] -+deps = [ gio_dep, gudev_dep, upower_dep, polkit_gobject_dep ] - - resources = gnome.compile_resources( - 'power-profiles-daemon-resources', 'power-profiles-daemon.gresource.xml', -Index: power-profiles-daemon-0.9.0/src/power-profiles-daemon.c -=================================================================== ---- power-profiles-daemon-0.9.0.orig/src/power-profiles-daemon.c -+++ power-profiles-daemon-0.9.0/src/power-profiles-daemon.c -@@ -9,6 +9,7 @@ - */ - - #include -+#include - - #include "power-profiles-daemon-resources.h" - #include "power-profiles-daemon.h" -@@ -31,6 +32,8 @@ typedef struct { - GKeyFile *config; - const char *config_path; - -+ PolkitAuthority *auth; -+ - PpdProfile active_profile; - PpdProfile selected_profile; - GPtrArray *probed_drivers; -@@ -591,6 +594,36 @@ release_profile (PpdApp * - g_dbus_method_invocation_return_value (invocation, NULL); - } - -+static gboolean -+check_action_permission (PpdApp *data, -+ const char *sender, -+ const char *action, -+ GError **error) -+{ -+ g_autoptr(GError) local_error = NULL; -+ g_autoptr(PolkitAuthorizationResult) result = NULL; -+ g_autoptr(PolkitSubject) subject = NULL; -+ -+ subject = polkit_system_bus_name_new (sender); -+ result = polkit_authority_check_authorization_sync (data->auth, -+ subject, -+ action, -+ NULL, -+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, -+ NULL, &local_error); -+ if (result == NULL || -+ !polkit_authorization_result_get_is_authorized (result)) -+ { -+ g_set_error (error, G_DBUS_ERROR, -+ G_DBUS_ERROR_ACCESS_DENIED, -+ "Not Authorized: %s", local_error ? local_error->message : action); -+ return FALSE; -+ } -+ -+ return TRUE; -+ -+} -+ - static GVariant * - handle_get_property (GDBusConnection *connection, - const gchar *sender, -@@ -639,6 +672,8 @@ handle_set_property (GDBusConnection *c - "No such property: %s", property_name); - return FALSE; - } -+ if (!check_action_permission (data, sender, "net.hadess.PowerProfiles.switch-profile", error)) -+ return FALSE; - - g_variant_get (value, "&s", &profile); - return set_active_profile (data, profile, error); -@@ -664,6 +699,13 @@ handle_method_call (GDBusConnection - } - - if (g_strcmp0 (method_name, "HoldProfile") == 0) { -+ g_autoptr(GError) local_error = NULL; -+ if (!check_action_permission (data, -+ g_dbus_method_invocation_get_sender (invocation), -+ "net.hadess.PowerProfiles.hold-profile", -+ &local_error)) { -+ g_dbus_method_invocation_return_gerror (invocation, local_error); -+ } - hold_profile (data, parameters, invocation); - } else if (g_strcmp0 (method_name, "ReleaseProfile") == 0) { - release_profile (data, parameters, invocation); -@@ -900,6 +942,8 @@ free_app_data (PpdApp *data) - g_clear_object (&data->driver); - g_hash_table_destroy (data->profile_holds); - -+ g_clear_object (&data->auth); -+ - g_clear_pointer (&data->main_loop, g_main_loop_unref); - g_clear_pointer (&data->introspection_data, g_dbus_node_info_unref); - g_clear_object (&data->connection); -@@ -942,6 +986,7 @@ int main (int argc, char **argv) - - data = g_new0 (PpdApp, 1); - data->main_loop = g_main_loop_new (NULL, TRUE); -+ data->auth = polkit_authority_get_sync (NULL, NULL); - data->probed_drivers = g_ptr_array_new_with_free_func ((GDestroyNotify) g_object_unref); - data->actions = g_ptr_array_new_with_free_func ((GDestroyNotify) g_object_unref); - data->profile_holds = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, (GDestroyNotify) profile_hold_free); diff --git a/power-profiles-daemon.changes b/power-profiles-daemon.changes index 5336826..f78a3ab 100644 --- a/power-profiles-daemon.changes +++ b/power-profiles-daemon.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Wed Oct 6 20:32:31 UTC 2021 - Bjørn Lie + +- Update to version 0.10.0: + + This release adds authorisation checks for the profile holds + and profile switching features of the backend daemon, through + polkit. It is recommended that all distributions upgrade to + this version as soon as possible. + + This release also adds support for the "quiet" kernel platform + profile used in some systems. +- Drop patches fixed upstream: + + power-profiles-daemon-polkit-policy.patch + + c9b646025d9f155509a6cda1c292bfd120daeb9e.patch + + 20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch +- Add f83685732b9dd8211840645ce76f43718b30218b.patch: build: Make + pylint test optional. As power-profiles-daemon keeps getting + built with slightly different versions of pylint with newer + warnings, disable pylint test by default to avoid getting bug + reports about it. +- Add hold-profile-hardening.patch: Hardening of HoldProfile D-Bus + method (boo#1189900). Requested by openSUSE security team. + ------------------------------------------------------------------- Tue Sep 28 13:05:16 UTC 2021 - Atri Bhattacharya diff --git a/power-profiles-daemon.spec b/power-profiles-daemon.spec index 2c2399f..e7414cd 100644 --- a/power-profiles-daemon.spec +++ b/power-profiles-daemon.spec @@ -17,18 +17,17 @@ Name: power-profiles-daemon -Version: 0.9.0 +Version: 0.10.0 Release: 0 Summary: Power profiles handling over D-Bus License: GPL-3.0-or-later URL: https://gitlab.freedesktop.org/hadess/power-profiles-daemon Source: %{url}/-/archive/%{version}/%{name}-%{version}.tar.bz2 -# PATCH-FIX-UPSTREAM c9b646025d9f155509a6cda1c292bfd120daeb9e.patch -- platform-profile: Add support for 'quiet' profile -Patch1: https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/c9b646025d9f155509a6cda1c292bfd120daeb9e.patch -# PATCH-FIX-UPSTREAM 20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch -- tests: Add tests for quiet profile support -Patch2: https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/20a2d7f7b80a1847f36236d40388f14ae99fa94b.patch -# PATCH-FIX-UPSTREAM power-profiles-daemon-polkit-policy.patch boo#1189900 badshah400@gmail.com -- Describe and set defaults for switching and holding power profiles; patch taken from upstream merge request -Patch3: power-profiles-daemon-polkit-policy.patch +# PATCH-FEATURE-OPENSUSE hold-profile-hardening.patch -- Hardening of HoldProfile D-Bus method +Patch0: hold-profile-hardening.patch +# PATCH-FIX-UPSTREAM f83685732b9dd8211840645ce76f43718b30218b.patch -- build: Make pylint test optional +Patch1: https://gitlab.freedesktop.org/hadess/power-profiles-daemon/-/commit/f83685732b9dd8211840645ce76f43718b30218b.patch + BuildRequires: c_compiler BuildRequires: gtk-doc BuildRequires: meson @@ -68,9 +67,8 @@ This package provides documentation for %{name}. %install %meson_install -# Disable test until polkit changes are integrated, in version >= 0.9.1 -#%%check -#%%meson_test +%check +%meson_test %pre %service_add_pre %{name}.service