basebuilder_pel7x64builder0
6 years ago
12 changed files with 1737 additions and 0 deletions
@ -0,0 +1,578 @@ |
|||||||
|
commit 983e8ec37b0ec1cc5114cb9ca49cf558dedfb31e |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Don't pass an uninitialized JS parameter |
||||||
|
|
||||||
|
Don't pass argc==3 when using a 2-member array in |
||||||
|
polkit_backend_js_authority_check_authorization_sync . To avoid such |
||||||
|
problems in the future, use G_N_ELEMENTS in both similar callers. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index c232573..c7a29e0 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -1074,7 +1074,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA |
||||||
|
|
||||||
|
if (!call_js_function_with_runaway_killer (authority, |
||||||
|
"_runAdminRules", |
||||||
|
- 2, |
||||||
|
+ G_N_ELEMENTS (argv), |
||||||
|
argv, |
||||||
|
&rval)) |
||||||
|
{ |
||||||
|
@@ -1179,7 +1179,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu |
||||||
|
|
||||||
|
if (!call_js_function_with_runaway_killer (authority, |
||||||
|
"_runRules", |
||||||
|
- 3, |
||||||
|
+ G_N_ELEMENTS (argv), |
||||||
|
argv, |
||||||
|
&rval)) |
||||||
|
{ |
||||||
|
|
||||||
|
commit a97672540c66c03ed392fc072f0c682281f08989 |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Don't add extra NULL group to subject.groups |
||||||
|
|
||||||
|
The NULL “terminator” of ‘groups’ was being passed to JavaScript. Drop |
||||||
|
it, and simplify by leting set_property_strv use the GPtrArray directly |
||||||
|
instead of the extra conversions “into” a strv and a completely dead |
||||||
|
g_strv_length(). |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index c7a29e0..efb07a9 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -659,26 +659,22 @@ static void |
||||||
|
set_property_strv (PolkitBackendJsAuthority *authority, |
||||||
|
JSObject *obj, |
||||||
|
const gchar *name, |
||||||
|
- const gchar *const *value, |
||||||
|
- gssize len) |
||||||
|
+ GPtrArray *value) |
||||||
|
{ |
||||||
|
jsval value_jsval; |
||||||
|
JSObject *array_object; |
||||||
|
jsval *jsvals; |
||||||
|
guint n; |
||||||
|
|
||||||
|
- if (len < 0) |
||||||
|
- len = g_strv_length ((gchar **) value); |
||||||
|
- |
||||||
|
- jsvals = g_new0 (jsval, len); |
||||||
|
- for (n = 0; n < len; n++) |
||||||
|
+ jsvals = g_new0 (jsval, value->len); |
||||||
|
+ for (n = 0; n < value->len; n++) |
||||||
|
{ |
||||||
|
JSString *jsstr; |
||||||
|
- jsstr = JS_NewStringCopyZ (authority->priv->cx, value[n]); |
||||||
|
+ jsstr = JS_NewStringCopyZ (authority->priv->cx, g_ptr_array_index(value, n)); |
||||||
|
jsvals[n] = STRING_TO_JSVAL (jsstr); |
||||||
|
} |
||||||
|
|
||||||
|
- array_object = JS_NewArrayObject (authority->priv->cx, (gint32) len, jsvals); |
||||||
|
+ array_object = JS_NewArrayObject (authority->priv->cx, value->len, jsvals); |
||||||
|
|
||||||
|
value_jsval = OBJECT_TO_JSVAL (array_object); |
||||||
|
JS_SetProperty (authority->priv->cx, obj, name, &value_jsval); |
||||||
|
@@ -818,11 +814,9 @@ subject_to_jsval (PolkitBackendJsAuthority *authority, |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
- g_ptr_array_add (groups, NULL); |
||||||
|
- |
||||||
|
set_property_int32 (authority, obj, "pid", pid); |
||||||
|
set_property_str (authority, obj, "user", user_name); |
||||||
|
- set_property_strv (authority, obj, "groups", (const gchar* const *) groups->pdata, groups->len); |
||||||
|
+ set_property_strv (authority, obj, "groups", groups); |
||||||
|
set_property_str (authority, obj, "seat", seat_str); |
||||||
|
set_property_str (authority, obj, "session", session_str); |
||||||
|
set_property_bool (authority, obj, "local", subject_is_local); |
||||||
|
|
||||||
|
commit cbad0d5721804a4b7c2d998b00da9e70dc623820 |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Don't store unrooted jsvals on heap |
||||||
|
|
||||||
|
Don't create a temporary array of jsvals on heap; the GC is not looking |
||||||
|
for GC roots there. |
||||||
|
|
||||||
|
Compare |
||||||
|
https://developer.mozilla.org/en-US/docs/SpiderMonkey/GC_Rooting_Guide |
||||||
|
and |
||||||
|
https://web.archive.org/web/20140305233124/https://developer.mozilla.org/en-US/docs/SpiderMonkey_Garbage_Collection_Tips |
||||||
|
. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index efb07a9..d02e5e3 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -663,23 +663,22 @@ set_property_strv (PolkitBackendJsAuthority *authority, |
||||||
|
{ |
||||||
|
jsval value_jsval; |
||||||
|
JSObject *array_object; |
||||||
|
- jsval *jsvals; |
||||||
|
guint n; |
||||||
|
|
||||||
|
- jsvals = g_new0 (jsval, value->len); |
||||||
|
+ array_object = JS_NewArrayObject (authority->priv->cx, 0, NULL); |
||||||
|
+ |
||||||
|
for (n = 0; n < value->len; n++) |
||||||
|
{ |
||||||
|
JSString *jsstr; |
||||||
|
+ jsval val; |
||||||
|
+ |
||||||
|
jsstr = JS_NewStringCopyZ (authority->priv->cx, g_ptr_array_index(value, n)); |
||||||
|
- jsvals[n] = STRING_TO_JSVAL (jsstr); |
||||||
|
+ val = STRING_TO_JSVAL (jsstr); |
||||||
|
+ JS_SetElement (authority->priv->cx, array_object, n, &val); |
||||||
|
} |
||||||
|
|
||||||
|
- array_object = JS_NewArrayObject (authority->priv->cx, value->len, jsvals); |
||||||
|
- |
||||||
|
value_jsval = OBJECT_TO_JSVAL (array_object); |
||||||
|
JS_SetProperty (authority->priv->cx, obj, name, &value_jsval); |
||||||
|
- |
||||||
|
- g_free (jsvals); |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
commit 0f5852a4bdabe377ddcdbed09a0c1f95710e17fe |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Fix a per-authorization memory leak |
||||||
|
|
||||||
|
We were leaking PolkitAuthorizationResult on every request, primarily on |
||||||
|
the success path, but also on various error paths as well. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c |
||||||
|
index a09d667..14eea99 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendauthority.c |
||||||
|
@@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, |
||||||
|
g_variant_ref_sink (value); |
||||||
|
g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); |
||||||
|
g_variant_unref (value); |
||||||
|
+ g_object_unref (result); |
||||||
|
} |
||||||
|
|
||||||
|
check_auth_data_free (data); |
||||||
|
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
||||||
|
index 96725f7..7019356 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
||||||
|
@@ -1022,7 +1022,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority |
||||||
|
|
||||||
|
/* Otherwise just return the result */ |
||||||
|
g_simple_async_result_set_op_res_gpointer (simple, |
||||||
|
- result, |
||||||
|
+ g_object_ref (result), |
||||||
|
g_object_unref); |
||||||
|
g_simple_async_result_complete (simple); |
||||||
|
g_object_unref (simple); |
||||||
|
@@ -1039,6 +1039,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority |
||||||
|
g_free (subject_str); |
||||||
|
g_free (user_of_caller_str); |
||||||
|
g_free (user_of_subject_str); |
||||||
|
+ |
||||||
|
+ if (result != NULL) |
||||||
|
+ g_object_unref (result); |
||||||
|
} |
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */ |
||||||
|
|
||||||
|
commit ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Fix a memory leak when registering an authentication agent |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c |
||||||
|
index 14eea99..64560e1 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendauthority.c |
||||||
|
@@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, |
||||||
|
g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); |
||||||
|
|
||||||
|
out: |
||||||
|
+ g_variant_unref (subject_gvariant); |
||||||
|
if (subject != NULL) |
||||||
|
g_object_unref (subject); |
||||||
|
} |
||||||
|
|
||||||
|
commit 57e2d86edc2630cac1812a3285715dad795a4bd6 |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Wrap all JS usage within “requests” |
||||||
|
|
||||||
|
Required by |
||||||
|
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/JSAPI_reference/JS_THREADSAFE |
||||||
|
; lack of requests causes assertion failures with a debug build of |
||||||
|
mozjs17. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index d02e5e3..88f31bd 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -239,6 +239,7 @@ rules_file_name_cmp (const gchar *a, |
||||||
|
return ret; |
||||||
|
} |
||||||
|
|
||||||
|
+/* authority->priv->cx must be within a request */ |
||||||
|
static void |
||||||
|
load_scripts (PolkitBackendJsAuthority *authority) |
||||||
|
{ |
||||||
|
@@ -339,6 +340,8 @@ reload_scripts (PolkitBackendJsAuthority *authority) |
||||||
|
jsval argv[1] = {JSVAL_NULL}; |
||||||
|
jsval rval = JSVAL_NULL; |
||||||
|
|
||||||
|
+ JS_BeginRequest (authority->priv->cx); |
||||||
|
+ |
||||||
|
if (!JS_CallFunctionName(authority->priv->cx, |
||||||
|
authority->priv->js_polkit, |
||||||
|
"_deleteRules", |
||||||
|
@@ -364,7 +367,7 @@ reload_scripts (PolkitBackendJsAuthority *authority) |
||||||
|
/* Let applications know we have new rules... */ |
||||||
|
g_signal_emit_by_name (authority, "changed"); |
||||||
|
out: |
||||||
|
- ; |
||||||
|
+ JS_EndRequest (authority->priv->cx); |
||||||
|
} |
||||||
|
|
||||||
|
static void |
||||||
|
@@ -447,6 +450,7 @@ static void |
||||||
|
polkit_backend_js_authority_constructed (GObject *object) |
||||||
|
{ |
||||||
|
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); |
||||||
|
+ gboolean entered_request = FALSE; |
||||||
|
|
||||||
|
authority->priv->rt = JS_NewRuntime (8L * 1024L * 1024L); |
||||||
|
if (authority->priv->rt == NULL) |
||||||
|
@@ -466,6 +470,9 @@ polkit_backend_js_authority_constructed (GObject *object) |
||||||
|
JS_SetErrorReporter(authority->priv->cx, report_error); |
||||||
|
JS_SetContextPrivate (authority->priv->cx, authority); |
||||||
|
|
||||||
|
+ JS_BeginRequest(authority->priv->cx); |
||||||
|
+ entered_request = TRUE; |
||||||
|
+ |
||||||
|
authority->priv->js_global = |
||||||
|
#if JS_VERSION == 186 |
||||||
|
JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL); |
||||||
|
@@ -526,10 +533,15 @@ polkit_backend_js_authority_constructed (GObject *object) |
||||||
|
setup_file_monitors (authority); |
||||||
|
load_scripts (authority); |
||||||
|
|
||||||
|
+ JS_EndRequest (authority->priv->cx); |
||||||
|
+ entered_request = FALSE; |
||||||
|
+ |
||||||
|
G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object); |
||||||
|
return; |
||||||
|
|
||||||
|
fail: |
||||||
|
+ if (entered_request) |
||||||
|
+ JS_EndRequest (authority->priv->cx); |
||||||
|
g_critical ("Error initializing JavaScript environment"); |
||||||
|
g_assert_not_reached (); |
||||||
|
} |
||||||
|
@@ -642,6 +654,7 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass) |
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */ |
||||||
|
|
||||||
|
+/* authority->priv->cx must be within a request */ |
||||||
|
static void |
||||||
|
set_property_str (PolkitBackendJsAuthority *authority, |
||||||
|
JSObject *obj, |
||||||
|
@@ -655,6 +668,7 @@ set_property_str (PolkitBackendJsAuthority *authority, |
||||||
|
JS_SetProperty (authority->priv->cx, obj, name, &value_jsval); |
||||||
|
} |
||||||
|
|
||||||
|
+/* authority->priv->cx must be within a request */ |
||||||
|
static void |
||||||
|
set_property_strv (PolkitBackendJsAuthority *authority, |
||||||
|
JSObject *obj, |
||||||
|
@@ -681,7 +695,7 @@ set_property_strv (PolkitBackendJsAuthority *authority, |
||||||
|
JS_SetProperty (authority->priv->cx, obj, name, &value_jsval); |
||||||
|
} |
||||||
|
|
||||||
|
- |
||||||
|
+/* authority->priv->cx must be within a request */ |
||||||
|
static void |
||||||
|
set_property_int32 (PolkitBackendJsAuthority *authority, |
||||||
|
JSObject *obj, |
||||||
|
@@ -693,6 +707,7 @@ set_property_int32 (PolkitBackendJsAuthority *authority, |
||||||
|
JS_SetProperty (authority->priv->cx, obj, name, &value_jsval); |
||||||
|
} |
||||||
|
|
||||||
|
+/* authority->priv->cx must be within a request */ |
||||||
|
static void |
||||||
|
set_property_bool (PolkitBackendJsAuthority *authority, |
||||||
|
JSObject *obj, |
||||||
|
@@ -706,6 +721,7 @@ set_property_bool (PolkitBackendJsAuthority *authority, |
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */ |
||||||
|
|
||||||
|
+/* authority->priv->cx must be within a request */ |
||||||
|
static gboolean |
||||||
|
subject_to_jsval (PolkitBackendJsAuthority *authority, |
||||||
|
PolkitSubject *subject, |
||||||
|
@@ -838,6 +854,7 @@ subject_to_jsval (PolkitBackendJsAuthority *authority, |
||||||
|
|
||||||
|
/* ---------------------------------------------------------------------------------------------------- */ |
||||||
|
|
||||||
|
+/* authority->priv->cx must be within a request */ |
||||||
|
static gboolean |
||||||
|
action_and_details_to_jsval (PolkitBackendJsAuthority *authority, |
||||||
|
const gchar *action_id, |
||||||
|
@@ -1041,6 +1058,8 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA |
||||||
|
gchar *ret_str = NULL; |
||||||
|
gchar **ret_strs = NULL; |
||||||
|
|
||||||
|
+ JS_BeginRequest (authority->priv->cx); |
||||||
|
+ |
||||||
|
if (!action_and_details_to_jsval (authority, action_id, details, &argv[0], &error)) |
||||||
|
{ |
||||||
|
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), |
||||||
|
@@ -1120,6 +1139,8 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA |
||||||
|
|
||||||
|
JS_MaybeGC (authority->priv->cx); |
||||||
|
|
||||||
|
+ JS_EndRequest (authority->priv->cx); |
||||||
|
+ |
||||||
|
return ret; |
||||||
|
} |
||||||
|
|
||||||
|
@@ -1146,6 +1167,8 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu |
||||||
|
gchar *ret_str = NULL; |
||||||
|
gboolean good = FALSE; |
||||||
|
|
||||||
|
+ JS_BeginRequest (authority->priv->cx); |
||||||
|
+ |
||||||
|
if (!action_and_details_to_jsval (authority, action_id, details, &argv[0], &error)) |
||||||
|
{ |
||||||
|
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), |
||||||
|
@@ -1222,6 +1245,8 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu |
||||||
|
|
||||||
|
JS_MaybeGC (authority->priv->cx); |
||||||
|
|
||||||
|
+ JS_EndRequest (authority->priv->cx); |
||||||
|
+ |
||||||
|
return ret; |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
commit 5c668722320eb363f713a0998934aa48fecd56cb |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Register heap-based JSObject pointers to GC |
||||||
|
|
||||||
|
This is necessary so that the GC can move the objects (though I haven't |
||||||
|
so far encountered this in testing). |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index 88f31bd..39f7060 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -482,6 +482,7 @@ polkit_backend_js_authority_constructed (GObject *object) |
||||||
|
|
||||||
|
if (authority->priv->js_global == NULL) |
||||||
|
goto fail; |
||||||
|
+ JS_AddObjectRoot (authority->priv->cx, &authority->priv->js_global); |
||||||
|
|
||||||
|
if (!JS_InitStandardClasses (authority->priv->cx, authority->priv->js_global)) |
||||||
|
goto fail; |
||||||
|
@@ -494,6 +495,7 @@ polkit_backend_js_authority_constructed (GObject *object) |
||||||
|
JSPROP_ENUMERATE); |
||||||
|
if (authority->priv->js_polkit == NULL) |
||||||
|
goto fail; |
||||||
|
+ JS_AddObjectRoot (authority->priv->cx, &authority->priv->js_polkit); |
||||||
|
|
||||||
|
if (!JS_DefineFunctions (authority->priv->cx, |
||||||
|
authority->priv->js_polkit, |
||||||
|
@@ -572,6 +574,11 @@ polkit_backend_js_authority_finalize (GObject *object) |
||||||
|
g_free (authority->priv->dir_monitors); |
||||||
|
g_strfreev (authority->priv->rules_dirs); |
||||||
|
|
||||||
|
+ JS_BeginRequest (authority->priv->cx); |
||||||
|
+ JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_polkit); |
||||||
|
+ JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_global); |
||||||
|
+ JS_EndRequest (authority->priv->cx); |
||||||
|
+ |
||||||
|
JS_DestroyContext (authority->priv->cx); |
||||||
|
JS_DestroyRuntime (authority->priv->rt); |
||||||
|
/* JS_ShutDown (); */ |
||||||
|
|
||||||
|
commit 2881f8b260c03df29afb0e35e6d1707240f95ad7 |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Prevent builds against SpiderMonkey with exact stack rooting |
||||||
|
|
||||||
|
“Exact stack rooting” means that every on-stack pointer to a JavaScript |
||||||
|
value needs to be registered with the runtime. The current code doesn't |
||||||
|
do this, so it is not safe to use against a runtime with this |
||||||
|
configuration. Luckily this configuration is not default. |
||||||
|
|
||||||
|
See |
||||||
|
https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals/GC/Exact_Stack_Rooting |
||||||
|
and other pages in the wiki for what the conversion would require. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index 39f7060..22812a6 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -43,6 +43,13 @@ |
||||||
|
|
||||||
|
#include "initjs.h" /* init.js */ |
||||||
|
|
||||||
|
+#ifdef JSGC_USE_EXACT_ROOTING |
||||||
|
+/* See https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals/GC/Exact_Stack_Rooting |
||||||
|
+ * for more information about exact stack rooting. |
||||||
|
+ */ |
||||||
|
+#error "This code is not safe in SpiderMonkey exact stack rooting configurations" |
||||||
|
+#endif |
||||||
|
+ |
||||||
|
/** |
||||||
|
* SECTION:polkitbackendjsauthority |
||||||
|
* @title: PolkitBackendJsAuthority |
||||||
|
|
||||||
|
commit b544f10dd469ae3cfedc026db71ee76e9ef511a2 |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Clear the JS operation callback before invoking JS in the callback |
||||||
|
|
||||||
|
Setting the callback to NULL is required by |
||||||
|
https://developer.mozilla.org/en-US/docs/SpiderMonkey/JSAPI_Reference/JS_SetOperationCallback |
||||||
|
to avoid the possibility of recursion. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index 22812a6..8a0a097 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -961,9 +961,11 @@ js_operation_callback (JSContext *cx) |
||||||
|
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), "Terminating runaway script"); |
||||||
|
|
||||||
|
/* Throw an exception - this way the JS code can ignore the runaway script handling */ |
||||||
|
+ JS_SetOperationCallback (authority->priv->cx, NULL); |
||||||
|
val_str = JS_NewStringCopyZ (cx, "Terminating runaway script"); |
||||||
|
val = STRING_TO_JSVAL (val_str); |
||||||
|
JS_SetPendingException (authority->priv->cx, val); |
||||||
|
+ JS_SetOperationCallback (authority->priv->cx, js_operation_callback); |
||||||
|
return JS_FALSE; |
||||||
|
} |
||||||
|
|
||||||
|
|
||||||
|
commit d7da6a23766e9c95fa333a0a9c742f7397c0ad22 |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Tue Jul 1 20:00:48 2014 +0200 |
||||||
|
|
||||||
|
Fix spurious timeout exceptions on GC |
||||||
|
|
||||||
|
The JS “Operation callback” can be called by the runtime for other |
||||||
|
reasons, not only when we trigger it by a timeout—notably as part of GC. |
||||||
|
So, make sure to only raise an exception if there actually was a |
||||||
|
timeout. |
||||||
|
|
||||||
|
Adding a whole extra mutex to protect a single boolean is somewhat of an |
||||||
|
overkill, but better than worrying about “subtle bugs and occasionally |
||||||
|
undefined behaviour” the g_atomic_* API is warning about. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
also |
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=77524 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index 8a0a097..097dcc5 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -80,6 +80,8 @@ struct _PolkitBackendJsAuthorityPrivate |
||||||
|
GMainContext *rkt_context; |
||||||
|
GMainLoop *rkt_loop; |
||||||
|
GSource *rkt_source; |
||||||
|
+ GMutex rkt_timeout_pending_mutex; |
||||||
|
+ gboolean rkt_timeout_pending; |
||||||
|
|
||||||
|
/* A list of JSObject instances */ |
||||||
|
GList *scripts; |
||||||
|
@@ -528,6 +530,7 @@ polkit_backend_js_authority_constructed (GObject *object) |
||||||
|
|
||||||
|
g_mutex_init (&authority->priv->rkt_init_mutex); |
||||||
|
g_cond_init (&authority->priv->rkt_init_cond); |
||||||
|
+ g_mutex_init (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
|
||||||
|
authority->priv->runaway_killer_thread = g_thread_new ("runaway-killer-thread", |
||||||
|
runaway_killer_thread_func, |
||||||
|
@@ -563,6 +566,7 @@ polkit_backend_js_authority_finalize (GObject *object) |
||||||
|
|
||||||
|
g_mutex_clear (&authority->priv->rkt_init_mutex); |
||||||
|
g_cond_clear (&authority->priv->rkt_init_cond); |
||||||
|
+ g_mutex_clear (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
|
||||||
|
/* shut down the killer thread */ |
||||||
|
g_assert (authority->priv->rkt_loop != NULL); |
||||||
|
@@ -957,6 +961,18 @@ js_operation_callback (JSContext *cx) |
||||||
|
JSString *val_str; |
||||||
|
jsval val; |
||||||
|
|
||||||
|
+ /* This callback can be called by the runtime at any time without us causing |
||||||
|
+ * it by JS_TriggerOperationCallback(). |
||||||
|
+ */ |
||||||
|
+ g_mutex_lock (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
+ if (!authority->priv->rkt_timeout_pending) |
||||||
|
+ { |
||||||
|
+ g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
+ return JS_TRUE; |
||||||
|
+ } |
||||||
|
+ authority->priv->rkt_timeout_pending = FALSE; |
||||||
|
+ g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
+ |
||||||
|
/* Log that we are terminating the script */ |
||||||
|
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), "Terminating runaway script"); |
||||||
|
|
||||||
|
@@ -974,6 +990,10 @@ rkt_on_timeout (gpointer user_data) |
||||||
|
{ |
||||||
|
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data); |
||||||
|
|
||||||
|
+ g_mutex_lock (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
+ authority->priv->rkt_timeout_pending = TRUE; |
||||||
|
+ g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
+ |
||||||
|
/* Supposedly this is thread-safe... */ |
||||||
|
#if JS_VERSION == 186 |
||||||
|
JS_TriggerOperationCallback (authority->priv->rt); |
||||||
|
@@ -993,6 +1013,9 @@ runaway_killer_setup (PolkitBackendJsAuthority *authority) |
||||||
|
g_assert (authority->priv->rkt_source == NULL); |
||||||
|
|
||||||
|
/* set-up timer for runaway scripts, will be executed in runaway_killer_thread */ |
||||||
|
+ g_mutex_lock (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
+ authority->priv->rkt_timeout_pending = FALSE; |
||||||
|
+ g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex); |
||||||
|
authority->priv->rkt_source = g_timeout_source_new_seconds (15); |
||||||
|
g_source_set_callback (authority->priv->rkt_source, rkt_on_timeout, authority, NULL); |
||||||
|
g_source_attach (authority->priv->rkt_source, authority->priv->rkt_context); |
@ -0,0 +1,24 @@ |
|||||||
|
commit f4d71e0de885010494b8b0b8d62ca910011d7544 |
||||||
|
Author: Max A. Dednev <dednev@rambler.ru> |
||||||
|
Date: Sun Jan 11 20:00:44 2015 -0500 |
||||||
|
|
||||||
|
authority: Fix memory leak in EnumerateActions call results handler |
||||||
|
|
||||||
|
Policykit-1 doesn't release reference counters of GVariant data for |
||||||
|
org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This |
||||||
|
patch fixed reference counting and following memory leak. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=88288 |
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c |
||||||
|
index 75619ab..ab6d3cd 100644 |
||||||
|
--- a/src/polkit/polkitauthority.c |
||||||
|
+++ b/src/polkit/polkitauthority.c |
||||||
|
@@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, |
||||||
|
while ((child = g_variant_iter_next_value (&iter)) != NULL) |
||||||
|
{ |
||||||
|
ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); |
||||||
|
- g_variant_ref_sink (child); |
||||||
|
g_variant_unref (child); |
||||||
|
} |
||||||
|
ret = g_list_reverse (ret); |
@ -0,0 +1,20 @@ |
|||||||
|
commit 1986e443b170240e9ce4a34726b7fa6c55b3601c |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Sat Dec 7 04:21:10 2013 +0100 |
||||||
|
|
||||||
|
Fix a memory leak |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=72426 |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index bc2fe22..c3885a9 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -1363,7 +1363,6 @@ js_polkit_spawn (JSContext *cx, |
||||||
|
goto out; |
||||||
|
} |
||||||
|
s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val)); |
||||||
|
- s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val)); |
||||||
|
argv[n] = g_strdup (s); |
||||||
|
JS_free (cx, s); |
||||||
|
} |
@ -0,0 +1,120 @@ |
|||||||
|
From 7650ad1e08ab13bdb461783c4995d186d9392840 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Rui Matos <tiagomatos@gmail.com> |
||||||
|
Date: Thu, 6 Feb 2014 18:41:18 +0100 |
||||||
|
Subject: [PATCH] PolkitAgentSession: fix race between child and io watches |
||||||
|
|
||||||
|
The helper flushes and fdatasyncs stdout and stderr before terminating |
||||||
|
but this doesn't guarantee that our io watch is called before our |
||||||
|
child watch. This means that we can end up with a successful return |
||||||
|
from the helper which we still report as a failure. |
||||||
|
|
||||||
|
If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the |
||||||
|
io watch and the child terminates we still run the io watch handler |
||||||
|
which will complete the session. |
||||||
|
|
||||||
|
This means that the child watch is in fact needless and we can remove |
||||||
|
it. |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=60847 |
||||||
|
--- |
||||||
|
src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- |
||||||
|
1 file changed, 11 insertions(+), 36 deletions(-) |
||||||
|
|
||||||
|
diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c |
||||||
|
index 1c7a2dc..f014773 100644 |
||||||
|
--- a/src/polkitagent/polkitagentsession.c |
||||||
|
+++ b/src/polkitagent/polkitagentsession.c |
||||||
|
@@ -92,7 +92,6 @@ struct _PolkitAgentSession |
||||||
|
int child_stdout; |
||||||
|
GPid child_pid; |
||||||
|
|
||||||
|
- GSource *child_watch_source; |
||||||
|
GSource *child_stdout_watch_source; |
||||||
|
GIOChannel *child_stdout_channel; |
||||||
|
|
||||||
|
@@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) |
||||||
|
session->child_pid = 0; |
||||||
|
} |
||||||
|
|
||||||
|
- if (session->child_watch_source != NULL) |
||||||
|
- { |
||||||
|
- g_source_destroy (session->child_watch_source); |
||||||
|
- g_source_unref (session->child_watch_source); |
||||||
|
- session->child_watch_source = NULL; |
||||||
|
- } |
||||||
|
- |
||||||
|
if (session->child_stdout_watch_source != NULL) |
||||||
|
{ |
||||||
|
g_source_destroy (session->child_stdout_watch_source); |
||||||
|
@@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
-static void |
||||||
|
-child_watch_func (GPid pid, |
||||||
|
- gint status, |
||||||
|
- gpointer user_data) |
||||||
|
-{ |
||||||
|
- PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); |
||||||
|
- |
||||||
|
- if (G_UNLIKELY (_show_debug ())) |
||||||
|
- { |
||||||
|
- g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", |
||||||
|
- (gint) pid, |
||||||
|
- WIFEXITED(status), |
||||||
|
- WEXITSTATUS(status)); |
||||||
|
- } |
||||||
|
- |
||||||
|
- /* kill all the watches we have set up, except for the child since it has exited already */ |
||||||
|
- session->child_pid = 0; |
||||||
|
- complete_session (session, FALSE); |
||||||
|
-} |
||||||
|
- |
||||||
|
static gboolean |
||||||
|
io_watch_have_data (GIOChannel *channel, |
||||||
|
GIOCondition condition, |
||||||
|
@@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, |
||||||
|
NULL, |
||||||
|
NULL, |
||||||
|
&error); |
||||||
|
- if (error != NULL) |
||||||
|
+ if (error != NULL || line == NULL) |
||||||
|
{ |
||||||
|
- g_warning ("Error reading line from helper: %s", error->message); |
||||||
|
- g_error_free (error); |
||||||
|
+ /* In case we get just G_IO_HUP, line is NULL but error is |
||||||
|
+ unset.*/ |
||||||
|
+ g_warning ("Error reading line from helper: %s", |
||||||
|
+ error ? error->message : "nothing to read"); |
||||||
|
+ g_clear_error (&error); |
||||||
|
|
||||||
|
complete_session (session, FALSE); |
||||||
|
goto out; |
||||||
|
@@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, |
||||||
|
g_free (line); |
||||||
|
g_free (unescaped); |
||||||
|
|
||||||
|
+ if (condition & (G_IO_ERR | G_IO_HUP)) |
||||||
|
+ complete_session (session, FALSE); |
||||||
|
+ |
||||||
|
/* keep the IOChannel around */ |
||||||
|
return TRUE; |
||||||
|
} |
||||||
|
@@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) |
||||||
|
if (G_UNLIKELY (_show_debug ())) |
||||||
|
g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); |
||||||
|
|
||||||
|
- session->child_watch_source = g_child_watch_source_new (session->child_pid); |
||||||
|
- g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); |
||||||
|
- g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); |
||||||
|
- |
||||||
|
session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); |
||||||
|
- session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); |
||||||
|
+ session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, |
||||||
|
+ G_IO_IN | G_IO_ERR | G_IO_HUP); |
||||||
|
g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); |
||||||
|
g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); |
||||||
|
|
||||||
|
-- |
||||||
|
1.8.3.1 |
||||||
|
|
@ -0,0 +1,78 @@ |
|||||||
|
From 8635ffc16aeff6a07d675f861fe0dea03ea81d7e Mon Sep 17 00:00:00 2001 |
||||||
|
From: Colin Walters <walters@verbum.org> |
||||||
|
Date: Thu, 21 Nov 2013 17:39:37 -0500 |
||||||
|
Subject: [PATCH] pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR |
||||||
|
|
||||||
|
This workaround isn't too much code, and it's often better to fix bugs |
||||||
|
in two places anyways. |
||||||
|
|
||||||
|
For more information: |
||||||
|
|
||||||
|
See https://bugzilla.redhat.com/show_bug.cgi?id=753882 |
||||||
|
See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html |
||||||
|
--- |
||||||
|
src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- |
||||||
|
1 file changed, 30 insertions(+), 3 deletions(-) |
||||||
|
|
||||||
|
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c |
||||||
|
index 005e1fe..a7ca8e0 100644 |
||||||
|
--- a/src/programs/pkexec.c |
||||||
|
+++ b/src/programs/pkexec.c |
||||||
|
@@ -143,8 +143,22 @@ pam_conversation_function (int n, |
||||||
|
return PAM_CONV_ERR; |
||||||
|
} |
||||||
|
|
||||||
|
+/* A work around for: |
||||||
|
+ * https://bugzilla.redhat.com/show_bug.cgi?id=753882 |
||||||
|
+ */ |
||||||
|
+static gboolean |
||||||
|
+xdg_runtime_dir_is_owned_by (const char *path, |
||||||
|
+ uid_t target_uid) |
||||||
|
+{ |
||||||
|
+ struct stat stbuf; |
||||||
|
+ |
||||||
|
+ return stat (path, &stbuf) == 0 && |
||||||
|
+ stbuf.st_uid == target_uid; |
||||||
|
+} |
||||||
|
+ |
||||||
|
static gboolean |
||||||
|
-open_session (const gchar *user_to_auth) |
||||||
|
+open_session (const gchar *user_to_auth, |
||||||
|
+ uid_t target_uid) |
||||||
|
{ |
||||||
|
gboolean ret; |
||||||
|
gint rc; |
||||||
|
@@ -186,7 +200,19 @@ open_session (const gchar *user_to_auth) |
||||||
|
{ |
||||||
|
guint n; |
||||||
|
for (n = 0; envlist[n]; n++) |
||||||
|
- putenv (envlist[n]); |
||||||
|
+ { |
||||||
|
+ const char *envitem = envlist[n]; |
||||||
|
+ |
||||||
|
+ if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) |
||||||
|
+ { |
||||||
|
+ const char *eq = strchr (envitem, '='); |
||||||
|
+ g_assert (eq); |
||||||
|
+ if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) |
||||||
|
+ continue; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ putenv (envlist[n]); |
||||||
|
+ } |
||||||
|
free (envlist); |
||||||
|
} |
||||||
|
|
||||||
|
@@ -913,7 +939,8 @@ main (int argc, char *argv[]) |
||||||
|
* As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. |
||||||
|
*/ |
||||||
|
#ifdef POLKIT_AUTHFW_PAM |
||||||
|
- if (!open_session (pw->pw_name)) |
||||||
|
+ if (!open_session (pw->pw_name, |
||||||
|
+ pw->pw_uid)) |
||||||
|
{ |
||||||
|
goto out; |
||||||
|
} |
||||||
|
-- |
||||||
|
1.8.3.1 |
||||||
|
|
@ -0,0 +1,37 @@ |
|||||||
|
diff -up ./data/Makefile.am.ori ./data/Makefile.am |
||||||
|
--- ./data/Makefile.am.ori 2013-04-29 19:28:57.000000000 +0200 |
||||||
|
+++ ./data/Makefile.am 2018-05-31 14:33:50.164626183 +0200 |
||||||
|
@@ -36,6 +36,11 @@ pkgconfig_DATA = polkit-gobject-1.pc pol |
||||||
|
|
||||||
|
# ---------------------------------------------------------------------------------------------------- |
||||||
|
|
||||||
|
+itsdir = $(datadir)/gettext/its |
||||||
|
+its_DATA = polkit.loc polkit.its |
||||||
|
+ |
||||||
|
+# ---------------------------------------------------------------------------------------------------- |
||||||
|
+ |
||||||
|
systemdservice_in_files = polkit.service.in |
||||||
|
|
||||||
|
if HAVE_SYSTEMD |
||||||
|
diff -up ./data/polkit.its.ori ./data/polkit.its |
||||||
|
--- ./data/polkit.its.ori 2018-05-31 14:33:50.164626183 +0200 |
||||||
|
+++ ./data/polkit.its 2018-05-31 14:33:50.164626183 +0200 |
||||||
|
@@ -0,0 +1,8 @@ |
||||||
|
+<?xml version="1.0"?> |
||||||
|
+<its:rules xmlns:its="http://www.w3.org/2005/11/its" |
||||||
|
+ version="2.0"> |
||||||
|
+ <its:translateRule selector="//*" translate="no"/> |
||||||
|
+ <its:translateRule selector="//action/description | |
||||||
|
+ //action/message" |
||||||
|
+ translate="yes"/> |
||||||
|
+</its:rules> |
||||||
|
diff -up ./data/polkit.loc.ori ./data/polkit.loc |
||||||
|
--- ./data/polkit.loc.ori 2018-05-31 14:33:50.165626179 +0200 |
||||||
|
+++ ./data/polkit.loc 2018-05-31 14:33:50.164626183 +0200 |
||||||
|
@@ -0,0 +1,6 @@ |
||||||
|
+<?xml version="1.0"?> |
||||||
|
+<locatingRules> |
||||||
|
+ <locatingRule name="polkit policy" pattern="*.policy"> |
||||||
|
+ <documentRule localName="policyconfig" target="polkit.its"/> |
||||||
|
+ </locatingRule> |
||||||
|
+</locatingRules> |
@ -0,0 +1,79 @@ |
|||||||
|
A part of commit 7ecf29a9db86f7161e2ff48e7bb8ea46a90f954f |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Wed Feb 8 22:57:21 2017 +0100 |
||||||
|
|
||||||
|
Fix a memory leak in server_handle_authentication_agent_response{,2} |
||||||
|
|
||||||
|
Signed-off-by: Miloslav Trmač <mitr@redhat.com> |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c |
||||||
|
index 2bcad62..cad3f74 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendauthority.c |
||||||
|
@@ -1054,6 +1054,7 @@ server_handle_authentication_agent_response (Server *server, |
||||||
|
g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); |
||||||
|
|
||||||
|
out: |
||||||
|
+ g_variant_unref (identity_gvariant); |
||||||
|
if (identity != NULL) |
||||||
|
g_object_unref (identity); |
||||||
|
} |
||||||
|
commit d9efd2673d73214e7990e3e67cdddfa77c6a8226 |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Wed Feb 8 22:55:10 2017 +0100 |
||||||
|
|
||||||
|
Fix a memory leak in server_handle_unregister_authentication_agent |
||||||
|
|
||||||
|
Signed-off-by: Miloslav Trmač <mitr@redhat.com> |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c |
||||||
|
index 7e08e57..2bcad62 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendauthority.c |
||||||
|
@@ -1003,6 +1003,7 @@ server_handle_unregister_authentication_agent (Server *server, |
||||||
|
g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); |
||||||
|
|
||||||
|
out: |
||||||
|
+ g_variant_unref (subject_gvariant); |
||||||
|
if (subject != NULL) |
||||||
|
g_object_unref (subject); |
||||||
|
} |
||||||
|
commit af4566e1a7e9031b9a05f49c7d27bf379d822016 |
||||||
|
Author: Miloslav Trmač <mitr@redhat.com> |
||||||
|
Date: Thu Feb 9 19:53:54 2017 +0100 |
||||||
|
|
||||||
|
Fix a memory leak per agent authentication |
||||||
|
|
||||||
|
Signed-off-by: Miloslav Trmač <mitr@redhat.com> |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
||||||
|
index bf0ee48..b8096b3 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
||||||
|
@@ -1906,15 +1906,15 @@ authentication_agent_begin_cb (GDBusProxy *proxy, |
||||||
|
AuthenticationSession *session = user_data; |
||||||
|
gboolean gained_authorization; |
||||||
|
gboolean was_dismissed; |
||||||
|
+ GVariant *result; |
||||||
|
GError *error; |
||||||
|
|
||||||
|
was_dismissed = FALSE; |
||||||
|
gained_authorization = FALSE; |
||||||
|
|
||||||
|
error = NULL; |
||||||
|
- if (!g_dbus_proxy_call_finish (proxy, |
||||||
|
- res, |
||||||
|
- &error)) |
||||||
|
+ result = g_dbus_proxy_call_finish (proxy, res, &error); |
||||||
|
+ if (result == NULL) |
||||||
|
{ |
||||||
|
g_printerr ("Error performing authentication: %s (%s %d)\n", |
||||||
|
error->message, |
||||||
|
@@ -1926,6 +1926,7 @@ authentication_agent_begin_cb (GDBusProxy *proxy, |
||||||
|
} |
||||||
|
else |
||||||
|
{ |
||||||
|
+ g_variant_unref (result); |
||||||
|
gained_authorization = session->is_authenticated; |
||||||
|
g_debug ("Authentication complete, is_authenticated = %d", session->is_authenticated); |
||||||
|
} |
@ -0,0 +1,60 @@ |
|||||||
|
From 0ce0a7b3298d7b0fd5ce8c6775bcef9b0caf1bdb Mon Sep 17 00:00:00 2001 |
||||||
|
From: David Herrmann <dh.herrmann@gmail.com> |
||||||
|
Date: Wed, 4 Jul 2018 13:51:24 +0200 |
||||||
|
Subject: [PATCH] polkitagent: suppress disconnect messages |
||||||
|
|
||||||
|
The polkitagent may be used by pkexec and friends. These might very |
||||||
|
well survive until very late during system shutdown. Hence, a |
||||||
|
disconnect of polkitd during runtime might be expected [1]. |
||||||
|
|
||||||
|
This patch silences the disconnect/reconnect messages and turns them |
||||||
|
into debug messages. This only affects the polkit-agent, it does not |
||||||
|
affect the polkit-daemon implementation. |
||||||
|
|
||||||
|
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1249627 |
||||||
|
--- |
||||||
|
src/polkitagent/polkitagentlistener.c | 12 ++++++------ |
||||||
|
1 file changed, 6 insertions(+), 6 deletions(-) |
||||||
|
|
||||||
|
diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c |
||||||
|
index debd1bb..1c8b666 100644 |
||||||
|
--- a/src/polkitagent/polkitagentlistener.c |
||||||
|
+++ b/src/polkitagent/polkitagentlistener.c |
||||||
|
@@ -178,10 +178,10 @@ on_notify_authority_owner (GObject *object, |
||||||
|
owner = polkit_authority_get_owner (server->authority); |
||||||
|
if (owner == NULL) |
||||||
|
{ |
||||||
|
- g_printerr ("PolicyKit daemon disconnected from the bus.\n"); |
||||||
|
+ g_debug ("PolicyKit daemon disconnected from the bus.\n"); |
||||||
|
|
||||||
|
if (server->is_registered) |
||||||
|
- g_printerr ("We are no longer a registered authentication agent.\n"); |
||||||
|
+ g_debug ("We are no longer a registered authentication agent.\n"); |
||||||
|
|
||||||
|
server->is_registered = FALSE; |
||||||
|
} |
||||||
|
@@ -192,17 +192,17 @@ on_notify_authority_owner (GObject *object, |
||||||
|
{ |
||||||
|
GError *error; |
||||||
|
|
||||||
|
- g_printerr ("PolicyKit daemon reconnected to bus.\n"); |
||||||
|
- g_printerr ("Attempting to re-register as an authentication agent.\n"); |
||||||
|
+ g_debug ("PolicyKit daemon reconnected to bus.\n"); |
||||||
|
+ g_debug ("Attempting to re-register as an authentication agent.\n"); |
||||||
|
|
||||||
|
error = NULL; |
||||||
|
if (server_register (server, &error)) |
||||||
|
{ |
||||||
|
- g_printerr ("We are now a registered authentication agent.\n"); |
||||||
|
+ g_debug ("We are now a registered authentication agent.\n"); |
||||||
|
} |
||||||
|
else |
||||||
|
{ |
||||||
|
- g_printerr ("Failed to register as an authentication agent: %s\n", error->message); |
||||||
|
+ g_debug ("Failed to register as an authentication agent: %s\n", error->message); |
||||||
|
g_error_free (error); |
||||||
|
} |
||||||
|
} |
||||||
|
-- |
||||||
|
2.18.0 |
||||||
|
|
@ -0,0 +1,13 @@ |
|||||||
|
diff -up ./src/programs/pkttyagent.c.ori ./src/programs/pkttyagent.c |
||||||
|
--- ./src/programs/pkttyagent.c.ori 2018-08-01 15:51:28.495910434 +0200 |
||||||
|
+++ ./src/programs/pkttyagent.c 2018-08-02 15:51:45.126311197 +0200 |
||||||
|
@@ -150,7 +150,8 @@ main (int argc, char *argv[]) |
||||||
|
authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); |
||||||
|
if (authority == NULL) |
||||||
|
{ |
||||||
|
- g_printerr ("Error getting authority: %s (%s, %d)\n", |
||||||
|
+ g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); |
||||||
|
+ g_debug ("Error getting authority: %s (%s, %d)\n", |
||||||
|
error->message, g_quark_to_string (error->domain), error->code); |
||||||
|
g_error_free (error); |
||||||
|
ret = 127; |
@ -0,0 +1,27 @@ |
|||||||
|
From dfd2c165447029c32510842350e924ef5ac3f679 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Rui Matos <tiagomatos@gmail.com> |
||||||
|
Date: Thu, 2 Mar 2017 14:50:31 +0100 |
||||||
|
Subject: [PATCH] polkitpermission: Fix a memory leak on authority changes |
||||||
|
|
||||||
|
Signed-off-by: Rui Matos <tiagomatos@gmail.com> |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=99741 |
||||||
|
--- |
||||||
|
src/polkit/polkitpermission.c | 1 + |
||||||
|
1 file changed, 1 insertion(+) |
||||||
|
|
||||||
|
diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c |
||||||
|
index f8a666e..f264094 100644 |
||||||
|
--- a/src/polkit/polkitpermission.c |
||||||
|
+++ b/src/polkit/polkitpermission.c |
||||||
|
@@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, |
||||||
|
if (result != NULL) |
||||||
|
{ |
||||||
|
process_result (permission, result); |
||||||
|
+ g_object_unref (result); |
||||||
|
} |
||||||
|
else |
||||||
|
{ |
||||||
|
-- |
||||||
|
2.9.3 |
||||||
|
|
@ -0,0 +1,181 @@ |
|||||||
|
From a028743f5c88dd7c27c102c34535f25b42ea2c5f Mon Sep 17 00:00:00 2001 |
||||||
|
From: Kyle Walker <kwalker@redhat.com> |
||||||
|
Date: Mon, 23 Apr 2018 13:07:37 -0400 |
||||||
|
Subject: [PATCH] Backport of: |
||||||
|
https://bugs.freedesktop.org/attachment.cgi?id=138819 |
||||||
|
|
||||||
|
Signed-off-by: Kyle Walker <kwalker@redhat.com> |
||||||
|
--- |
||||||
|
src/polkitbackend/polkitbackendjsauthority.c | 76 +++++++++++++++++++++++++++- |
||||||
|
1 file changed, 74 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
index 39ed718..fd1dbfd 100644 |
||||||
|
--- a/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
+++ b/src/polkitbackend/polkitbackendjsauthority.c |
||||||
|
@@ -83,6 +83,13 @@ struct _PolkitBackendJsAuthorityPrivate |
||||||
|
GMutex rkt_timeout_pending_mutex; |
||||||
|
gboolean rkt_timeout_pending; |
||||||
|
|
||||||
|
+ /* avoid zombies by reap child in a new thread */ |
||||||
|
+ GThread *child_reaper_thread; |
||||||
|
+ GMutex crt_init_mutex; |
||||||
|
+ GCond crt_init_cond; |
||||||
|
+ GMainContext *crt_context; |
||||||
|
+ GMainLoop *crt_loop; |
||||||
|
+ |
||||||
|
/* A list of JSObject instances */ |
||||||
|
GList *scripts; |
||||||
|
}; |
||||||
|
@@ -124,6 +131,7 @@ enum |
||||||
|
/* ---------------------------------------------------------------------------------------------------- */ |
||||||
|
|
||||||
|
static gpointer runaway_killer_thread_func (gpointer user_data); |
||||||
|
+static gpointer child_reaper_thread_func (gpointer user_data); |
||||||
|
|
||||||
|
static GList *polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, |
||||||
|
PolkitSubject *caller, |
||||||
|
@@ -461,6 +469,18 @@ polkit_backend_js_authority_constructed (GObject *object) |
||||||
|
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object); |
||||||
|
gboolean entered_request = FALSE; |
||||||
|
|
||||||
|
+ g_mutex_init (&authority->priv->crt_init_mutex); |
||||||
|
+ g_cond_init (&authority->priv->crt_init_cond); |
||||||
|
+ |
||||||
|
+ authority->priv->child_reaper_thread = g_thread_new ("reap-child-thread", |
||||||
|
+ child_reaper_thread_func, |
||||||
|
+ authority); |
||||||
|
+ /* wait for child_reaper_thread to set up its GMainContext */ |
||||||
|
+ g_mutex_lock (&authority->priv->crt_init_mutex); |
||||||
|
+ while (authority->priv->crt_context == NULL) |
||||||
|
+ g_cond_wait (&authority->priv->crt_init_cond, &authority->priv->crt_init_mutex); |
||||||
|
+ g_mutex_unlock (&authority->priv->crt_init_mutex); |
||||||
|
+ |
||||||
|
authority->priv->rt = JS_NewRuntime (8L * 1024L * 1024L); |
||||||
|
if (authority->priv->rt == NULL) |
||||||
|
goto fail; |
||||||
|
@@ -585,6 +605,15 @@ polkit_backend_js_authority_finalize (GObject *object) |
||||||
|
g_free (authority->priv->dir_monitors); |
||||||
|
g_strfreev (authority->priv->rules_dirs); |
||||||
|
|
||||||
|
+ g_mutex_clear (&authority->priv->crt_init_mutex); |
||||||
|
+ g_cond_clear (&authority->priv->crt_init_cond); |
||||||
|
+ |
||||||
|
+ /* shut down the child reaper thread */ |
||||||
|
+ g_assert (authority->priv->crt_loop != NULL); |
||||||
|
+ g_main_loop_quit (authority->priv->crt_loop); |
||||||
|
+ g_thread_join (authority->priv->child_reaper_thread); |
||||||
|
+ g_assert (authority->priv->crt_loop == NULL); |
||||||
|
+ |
||||||
|
JS_BeginRequest (authority->priv->cx); |
||||||
|
JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_polkit); |
||||||
|
JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_global); |
||||||
|
@@ -1360,6 +1389,7 @@ get_signal_name (gint signal_number) |
||||||
|
|
||||||
|
typedef struct |
||||||
|
{ |
||||||
|
+ PolkitBackendJsAuthority *authority; |
||||||
|
GMainLoop *loop; |
||||||
|
GAsyncResult *res; |
||||||
|
} SpawnData; |
||||||
|
@@ -1379,7 +1409,7 @@ js_polkit_spawn (JSContext *cx, |
||||||
|
unsigned js_argc, |
||||||
|
jsval *vp) |
||||||
|
{ |
||||||
|
- /* PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx)); */ |
||||||
|
+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx)); |
||||||
|
JSBool ret = JS_FALSE; |
||||||
|
JSObject *array_object; |
||||||
|
gchar *standard_output = NULL; |
||||||
|
@@ -1424,6 +1454,8 @@ js_polkit_spawn (JSContext *cx, |
||||||
|
JS_free (cx, s); |
||||||
|
} |
||||||
|
|
||||||
|
+ data.authority = authority; |
||||||
|
+ |
||||||
|
context = g_main_context_new (); |
||||||
|
loop = g_main_loop_new (context, FALSE); |
||||||
|
|
||||||
|
@@ -1540,6 +1572,8 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
||||||
|
|
||||||
|
typedef struct |
||||||
|
{ |
||||||
|
+ PolkitBackendJsAuthority *authority; |
||||||
|
+ |
||||||
|
GSimpleAsyncResult *simple; /* borrowed reference */ |
||||||
|
GMainContext *main_context; /* may be NULL */ |
||||||
|
|
||||||
|
@@ -1572,11 +1606,43 @@ utils_child_watch_from_release_cb (GPid pid, |
||||||
|
gint status, |
||||||
|
gpointer user_data) |
||||||
|
{ |
||||||
|
+ g_print("Child(pid: %d) has been reaped!\n", pid); |
||||||
|
+} |
||||||
|
+ |
||||||
|
+/* ---------------------------------------------------------------------------------------------------- */ |
||||||
|
+ |
||||||
|
+static gpointer |
||||||
|
+child_reaper_thread_func (gpointer user_data) |
||||||
|
+{ |
||||||
|
+ PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data); |
||||||
|
+ |
||||||
|
+ g_mutex_lock (&authority->priv->crt_init_mutex); |
||||||
|
+ |
||||||
|
+ authority->priv->crt_context = g_main_context_new (); |
||||||
|
+ authority->priv->crt_loop = g_main_loop_new (authority->priv->crt_context, FALSE); |
||||||
|
+ g_main_context_push_thread_default (authority->priv->crt_context); |
||||||
|
+ |
||||||
|
+ /* Signal the main thread that we're done constructing */ |
||||||
|
+ g_cond_signal (&authority->priv->crt_init_cond); |
||||||
|
+ g_mutex_unlock (&authority->priv->crt_init_mutex); |
||||||
|
+ |
||||||
|
+ g_main_loop_run (authority->priv->crt_loop); |
||||||
|
+ |
||||||
|
+ g_main_context_pop_thread_default (authority->priv->crt_context); |
||||||
|
+ |
||||||
|
+ g_main_loop_unref (authority->priv->crt_loop); |
||||||
|
+ authority->priv->crt_loop = NULL; |
||||||
|
+ g_main_context_unref (authority->priv->crt_context); |
||||||
|
+ authority->priv->crt_context = NULL; |
||||||
|
+ |
||||||
|
+ return NULL; |
||||||
|
} |
||||||
|
|
||||||
|
+/* ---------------------------------------------------------------------------------------------------- */ |
||||||
|
static void |
||||||
|
utils_spawn_data_free (UtilsSpawnData *data) |
||||||
|
{ |
||||||
|
+ PolkitBackendJsAuthority *authority = data->authority; |
||||||
|
if (data->timeout_source != NULL) |
||||||
|
{ |
||||||
|
g_source_destroy (data->timeout_source); |
||||||
|
@@ -1604,12 +1670,17 @@ utils_spawn_data_free (UtilsSpawnData *data) |
||||||
|
* Avoid taking a references to ourselves. but note that we need |
||||||
|
* to pass the GSource so we can nuke it once handled. |
||||||
|
*/ |
||||||
|
+ |
||||||
|
+ /* avoid zombies by reaping child in a new thread |
||||||
|
+ * add source to reap thread context |
||||||
|
+ */ |
||||||
|
+ GMainContext *reap_context = authority->priv->crt_context; |
||||||
|
source = g_child_watch_source_new (data->child_pid); |
||||||
|
g_source_set_callback (source, |
||||||
|
(GSourceFunc) utils_child_watch_from_release_cb, |
||||||
|
source, |
||||||
|
(GDestroyNotify) g_source_destroy); |
||||||
|
- g_source_attach (source, data->main_context); |
||||||
|
+ g_source_attach (source, reap_context); |
||||||
|
g_source_unref (source); |
||||||
|
data->child_pid = 0; |
||||||
|
} |
||||||
|
@@ -1776,6 +1847,7 @@ utils_spawn (const gchar *const *argv, |
||||||
|
GError *error; |
||||||
|
|
||||||
|
data = g_slice_new0 (UtilsSpawnData); |
||||||
|
+ data->authority = ((SpawnData *)user_data)->authority; |
||||||
|
data->timeout_seconds = timeout_seconds; |
||||||
|
data->simple = g_simple_async_result_new (NULL, |
||||||
|
callback, |
||||||
|
-- |
||||||
|
2.14.3 |
||||||
|
|
@ -0,0 +1,520 @@ |
|||||||
|
# Only enable if using patches that touches configure.ac, |
||||||
|
# Makefile.am or other build system related files |
||||||
|
# |
||||||
|
%define enable_autoreconf 1 |
||||||
|
|
||||||
|
Summary: An authorization framework |
||||||
|
Name: polkit |
||||||
|
Version: 0.112 |
||||||
|
Release: 18%{?dist} |
||||||
|
License: LGPLv2+ |
||||||
|
URL: http://www.freedesktop.org/wiki/Software/polkit |
||||||
|
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz |
||||||
|
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign |
||||||
|
# https://bugs.freedesktop.org/show_bug.cgi?id=71894 |
||||||
|
Patch0: polkit-0.112-XDG_RUNTIME_DIR.patch |
||||||
|
# https://bugs.freedesktop.org/show_bug.cgi?id=60847 |
||||||
|
Patch1: polkit-0.112-PolkitAgentSession-race.patch |
||||||
|
# https://bugs.freedesktop.org/show_bug.cgi?id=69501 |
||||||
|
Patch2: polkit-0.112-CVE-2015-3256.patch |
||||||
|
# https://bugs.freedesktop.org/show_bug.cgi?id=88288 |
||||||
|
Patch3: polkit-0.112-EnumerateActions-leak.patch |
||||||
|
# https://bugs.freedesktop.org/show_bug.cgi?id=72426 |
||||||
|
Patch4: polkit-0.112-Polkit.spawn-leak.patch |
||||||
|
# https://bugs.freedesktop.org/show_bug.cgi?id=99741 |
||||||
|
Patch5: polkit-0.112-agent-leaks.patch |
||||||
|
# https://bugs.freedesktop.org/show_bug.cgi?id=99741 |
||||||
|
Patch6: polkit-0.112-polkitpermission-leak.patch |
||||||
|
Patch7: polkit-0.112-add-its-files.patch |
||||||
|
Patch8: polkit-0.112-spawning-zombie-processes.patch |
||||||
|
Patch9: polkit-0.112-bus-conn-msg-ssh.patch |
||||||
|
Patch10: polkit-0.112-pkttyagent-auth-errmsg-debug.patch |
||||||
|
|
||||||
|
Group: System Environment/Libraries |
||||||
|
BuildRequires: glib2-devel >= 2.30.0 |
||||||
|
BuildRequires: expat-devel |
||||||
|
BuildRequires: pam-devel |
||||||
|
BuildRequires: gtk-doc |
||||||
|
BuildRequires: intltool |
||||||
|
BuildRequires: gobject-introspection-devel |
||||||
|
BuildRequires: systemd-devel |
||||||
|
BuildRequires: mozjs17-devel |
||||||
|
|
||||||
|
%if 0%{?enable_autoreconf} |
||||||
|
BuildRequires: autoconf |
||||||
|
BuildRequires: automake |
||||||
|
BuildRequires: libtool |
||||||
|
%endif |
||||||
|
|
||||||
|
Requires: dbus, polkit-pkla-compat |
||||||
|
|
||||||
|
Requires(pre): shadow-utils |
||||||
|
Requires(post): /sbin/ldconfig, systemd |
||||||
|
Requires(preun): systemd |
||||||
|
Requires(postun): /sbin/ldconfig, systemd |
||||||
|
|
||||||
|
Obsoletes: PolicyKit <= 0.10 |
||||||
|
Provides: PolicyKit = 0.11 |
||||||
|
|
||||||
|
# polkit saw some API/ABI changes from 0.96 to 0.97 so require a |
||||||
|
# sufficiently new polkit-gnome package |
||||||
|
Conflicts: polkit-gnome < 0.97 |
||||||
|
|
||||||
|
Obsoletes: polkit-desktop-policy < 0.103 |
||||||
|
Provides: polkit-desktop-policy = 0.103 |
||||||
|
|
||||||
|
Obsoletes: polkit-js-engine < 0.110-4 |
||||||
|
Provides: polkit-js-engine = %{version}-%{release} |
||||||
|
|
||||||
|
%description |
||||||
|
polkit is a toolkit for defining and handling authorizations. It is |
||||||
|
used for allowing unprivileged processes to speak to privileged |
||||||
|
processes. |
||||||
|
|
||||||
|
%package devel |
||||||
|
Summary: Development files for polkit |
||||||
|
Group: Development/Libraries |
||||||
|
Requires: %name = %{version}-%{release} |
||||||
|
Requires: %name-docs = %{version}-%{release} |
||||||
|
Requires: glib2-devel |
||||||
|
Obsoletes: PolicyKit-devel <= 0.10 |
||||||
|
Provides: PolicyKit-devel = 0.11 |
||||||
|
|
||||||
|
%description devel |
||||||
|
Development files for polkit. |
||||||
|
|
||||||
|
%package docs |
||||||
|
Summary: Development documentation for polkit |
||||||
|
Group: Development/Libraries |
||||||
|
Requires: %name-devel = %{version}-%{release} |
||||||
|
Obsoletes: PolicyKit-docs <= 0.10 |
||||||
|
Provides: PolicyKit-docs = 0.11 |
||||||
|
BuildArch: noarch |
||||||
|
|
||||||
|
%description docs |
||||||
|
Development documentation for polkit. |
||||||
|
|
||||||
|
%prep |
||||||
|
%setup -q |
||||||
|
%patch0 -p1 -b .XDG_RUNTIME_DIR |
||||||
|
%patch1 -p1 -b .PolkitAgentSession-race |
||||||
|
%patch2 -p1 -b .CVE-2015-3256 |
||||||
|
%patch3 -p1 -b .EnumerateActions-leak |
||||||
|
%patch4 -p1 -b .Polkit.spawn-leak |
||||||
|
%patch5 -p1 -b .agent-leaks |
||||||
|
%patch6 -p1 -b .polkitpermission-leak.patch |
||||||
|
%patch7 -p1 -b .its-files.patch |
||||||
|
%patch8 -p1 |
||||||
|
%patch9 -p1 |
||||||
|
%patch10 -p1 |
||||||
|
|
||||||
|
%build |
||||||
|
%if 0%{?enable_autoreconf} |
||||||
|
autoreconf |
||||||
|
%endif |
||||||
|
# we can't use _hardened_build here, see |
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=962005 |
||||||
|
export CFLAGS='-fPIC %optflags' |
||||||
|
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro' |
||||||
|
%configure --enable-gtk-doc \ |
||||||
|
--disable-static \ |
||||||
|
--enable-introspection \ |
||||||
|
--disable-examples \ |
||||||
|
--enable-libsystemd-login=yes --with-mozjs=mozjs-17.0 |
||||||
|
make V=1 |
||||||
|
|
||||||
|
%install |
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' |
||||||
|
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la |
||||||
|
|
||||||
|
%find_lang polkit-1 |
||||||
|
|
||||||
|
%pre |
||||||
|
getent group polkitd >/dev/null || groupadd -r polkitd |
||||||
|
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd |
||||||
|
exit 0 |
||||||
|
|
||||||
|
%post |
||||||
|
/sbin/ldconfig |
||||||
|
# The implied (systemctl preset) will fail and complain, but the macro hides |
||||||
|
# and ignores the fact. This is in fact what we want, polkit.service does not |
||||||
|
# have an [Install] section and it is always started on demand. |
||||||
|
%systemd_post polkit.service |
||||||
|
# Restart snould usually be done in %%postun, but that wasn’t the case with |
||||||
|
# polkit-0.112-5 and earlier. This is a workaround to ensure restarting on |
||||||
|
# upgrades from earlier versions. |
||||||
|
if [ $1 -gt 1 ]; then |
||||||
|
/usr/bin/systemctl try-restart polkit.service >/dev/null 2>&1 || : |
||||||
|
fi |
||||||
|
|
||||||
|
%preun |
||||||
|
%systemd_preun polkit.service |
||||||
|
|
||||||
|
%postun |
||||||
|
/sbin/ldconfig |
||||||
|
%systemd_postun_with_restart polkit.service |
||||||
|
|
||||||
|
%files -f polkit-1.lang |
||||||
|
%defattr(-,root,root,-) |
||||||
|
%doc COPYING NEWS README |
||||||
|
%{_libdir}/lib*.so.* |
||||||
|
%{_datadir}/man/man1/* |
||||||
|
%{_datadir}/man/man8/* |
||||||
|
%{_datadir}/dbus-1/system-services/* |
||||||
|
%{_unitdir}/polkit.service |
||||||
|
%dir %{_datadir}/polkit-1/ |
||||||
|
%dir %{_datadir}/polkit-1/actions |
||||||
|
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d |
||||||
|
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy |
||||||
|
%dir %{_sysconfdir}/polkit-1 |
||||||
|
%{_sysconfdir}/polkit-1/rules.d/50-default.rules |
||||||
|
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d |
||||||
|
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf |
||||||
|
%{_sysconfdir}/pam.d/polkit-1 |
||||||
|
%{_bindir}/pkaction |
||||||
|
%{_bindir}/pkcheck |
||||||
|
%{_bindir}/pkttyagent |
||||||
|
%dir %{_prefix}/lib/polkit-1 |
||||||
|
%{_prefix}/lib/polkit-1/polkitd |
||||||
|
%{_libdir}/girepository-1.0/*.typelib |
||||||
|
|
||||||
|
# see upstream docs for why these permissions are necessary |
||||||
|
%attr(4755,root,root) %{_bindir}/pkexec |
||||||
|
%attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1 |
||||||
|
|
||||||
|
%files devel |
||||||
|
%defattr(-,root,root,-) |
||||||
|
%{_libdir}/lib*.so |
||||||
|
%{_libdir}/pkgconfig/*.pc |
||||||
|
%{_datadir}/gir-1.0/*.gir |
||||||
|
%{_includedir}/* |
||||||
|
%{_datadir}/gettext/its/polkit.its |
||||||
|
%{_datadir}/gettext/its/polkit.loc |
||||||
|
|
||||||
|
%files docs |
||||||
|
%defattr(-,root,root,-) |
||||||
|
%{_datadir}/gtk-doc |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Wed Aug 01 2018 Jan Rybar <jrybar@redhat.com> - 0.112-18 |
||||||
|
- Error message about getting authority is too elaborate |
||||||
|
- Resolves: rhbz#1342855 |
||||||
|
|
||||||
|
* Tue Jul 24 2018 Jan Rybar <jrybar@redhat.com> - 0.112-17 |
||||||
|
- Bus disconnection report moved to debug mode |
||||||
|
- Resolves: rhbz#1249627 |
||||||
|
|
||||||
|
* Mon Jul 23 2018 Jan Rybar <jrybar@redhat.com> - 0.112-16 |
||||||
|
- polkit spawns zombie processes |
||||||
|
- Authored by kwalker@redhat.com |
||||||
|
- Resolves: rhbz#1570907 |
||||||
|
|
||||||
|
* Thu May 31 2018 Jan Rybar <jrybar@redhat.com> - 0.112-15 |
||||||
|
- Localization *its* files required by newest Gnome Shell packages |
||||||
|
- Resolves: rhbz#1584533 |
||||||
|
|
||||||
|
* Tue Sep 19 2017 Yaakov Selkowitz <yselkowi@redhat.com> - 0.112-14 |
||||||
|
- Rebuilt for mozjs17 48-bit VA on aarch64 |
||||||
|
Resolves: #1436518 |
||||||
|
|
||||||
|
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.112-12 |
||||||
|
- Fix a memory leak in PolkitPermission. |
||||||
|
Patch by Rui Matos <tiagomatos@gmail.com> |
||||||
|
Resolves: #1433915 |
||||||
|
|
||||||
|
* Thu Feb 9 2017 Miloslav Trmač <mitr@redhat.com> - 0.112-11 |
||||||
|
- Fix memory leaks when calling authentication agents |
||||||
|
Resolves: #1380166 |
||||||
|
|
||||||
|
* Thu Feb 2 2017 Miloslav Trmač <mitr@redhat.com> - 0.112-10 |
||||||
|
- Fix a memory leak in Polkit.spawn calls from authorization rules |
||||||
|
Resolves: #1380166 |
||||||
|
|
||||||
|
* Wed Jul 6 2016 Miloslav Trmač <mitr@redhat.com> - 0.112-9 |
||||||
|
- Update for another mozjs17 change, the pkg-config file name does not change. |
||||||
|
Resolves: #1331776 |
||||||
|
|
||||||
|
* Mon Jul 4 2016 Miloslav Trmač <mitr@redhat.com> - 0.112-8 |
||||||
|
- Update for ABI change needed to fix use of 48-bit pointers on ARM64. |
||||||
|
Resolves: #1331776 |
||||||
|
|
||||||
|
* Tue May 17 2016 Miloslav Trmač <mitr@redhat.com> - 0.112-7 |
||||||
|
- Fix a memory leak when processing the result of EnumerateActions |
||||||
|
Resolves: #1310738 |
||||||
|
|
||||||
|
* Mon Oct 19 2015 Miloslav Trmač <mitr@redhat.com> - 0.112-6 |
||||||
|
- Fix CVE-2015-3256 |
||||||
|
Resolves: #1271790 |
||||||
|
|
||||||
|
* Mon Feb 10 2014 Miloslav Trmač <mitr@redhat.com> - 0.112-5 |
||||||
|
- Fix a PolkitAgentSession race condition |
||||||
|
Resolves: #1063193 |
||||||
|
|
||||||
|
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.112-4 |
||||||
|
- Mass rebuild 2014-01-24 |
||||||
|
|
||||||
|
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.112-3 |
||||||
|
- Mass rebuild 2013-12-27 |
||||||
|
|
||||||
|
* Sat Dec 7 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-2 |
||||||
|
- Workaround pam_systemd setting broken XDG_RUNTIME_DIR |
||||||
|
Resolves: #1033774 |
||||||
|
- Always use mozjs-17.0 even if js-devel is installed |
||||||
|
|
||||||
|
* Wed Sep 18 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-1 |
||||||
|
- Update to polkit-0.112 |
||||||
|
- Resolves: #1005135, CVE-2013-4288 |
||||||
|
|
||||||
|
* Wed May 29 2013 Tomas Bzatek <tbzatek@redhat.com> - 0.111-2 |
||||||
|
- Fix a race on PolkitSubject type registration (#866718) |
||||||
|
|
||||||
|
* Wed May 15 2013 Miloslav Trmač <mitr@redhat.com> - 0.111-1 |
||||||
|
- Update to polkit-0.111 |
||||||
|
Resolves: #917888 |
||||||
|
- Use SpiderMonkey from mozjs17 instead of js |
||||||
|
- Ship the signature in the srpm |
||||||
|
- Try to preserve timestamps in (make install) |
||||||
|
|
||||||
|
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4 |
||||||
|
- Shut up rpmlint about Summary: |
||||||
|
- Build with V=1 |
||||||
|
- Use %%{_unitdir} instead of hard-coding the path |
||||||
|
- Use the new systemd macros, primarily to run (systemctl daemon-reload) |
||||||
|
Resolves: #857382 |
||||||
|
|
||||||
|
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4 |
||||||
|
- Make the JavaScript engine mandatory. The polkit-js-engine package has been |
||||||
|
removed, main polkit package Provides:polkit-js-engine for compatibility. |
||||||
|
- Add Requires: polkit-pkla-compat |
||||||
|
Resolves: #908808 |
||||||
|
|
||||||
|
* Wed Feb 13 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-3 |
||||||
|
- Don't ship pk-example-frobnicate in the "live" configuration |
||||||
|
Resolves: #878112 |
||||||
|
|
||||||
|
* Fri Feb 8 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-2 |
||||||
|
- Own %%{_docdir}/polkit-js-engine-* |
||||||
|
Resolves: #907668 |
||||||
|
|
||||||
|
* Wed Jan 9 2013 David Zeuthen <davidz@redhat.com> - 0.110-1%{?dist} |
||||||
|
- Update to upstream release 0.110 |
||||||
|
|
||||||
|
* Mon Jan 7 2013 Matthias Clasen <mclasen@redhat.com> - 0.109-2%{?dist} |
||||||
|
- Build with pie and stuff |
||||||
|
|
||||||
|
* Wed Dec 19 2012 David Zeuthen <davidz@redhat.com> 0.109-1%{?dist} |
||||||
|
- Update to upstream release 0.109 |
||||||
|
- Drop upstreamed patches |
||||||
|
|
||||||
|
* Thu Nov 15 2012 David Zeuthen <davidz@redhat.com> 0.108-3%{?dist} |
||||||
|
- Attempt to open the correct libmozjs185 library, otherwise polkit |
||||||
|
authz rules will not work unless js-devel is installed (fdo #57146) |
||||||
|
|
||||||
|
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-2%{?dist} |
||||||
|
- Include gmodule-2.0 to avoid build error |
||||||
|
|
||||||
|
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-1%{?dist} |
||||||
|
- Update to upstream release 0.108 |
||||||
|
- Drop upstreamed patches |
||||||
|
- This release dynamically loads the JavaScript interpreter and can |
||||||
|
cope with it not being available. In this case, polkit authorization |
||||||
|
rules are not processed and the defaults for an action - as defined |
||||||
|
in its .policy file - are used for authorization decisions. |
||||||
|
- Add new meta-package, polkit-js-engine, that pulls in the required |
||||||
|
JavaScript bits to make polkit authorization rules work. The default |
||||||
|
install - not the minimal install - should include this package |
||||||
|
|
||||||
|
* Wed Oct 10 2012 Adam Jackson <ajax@redhat.com> 0.107-4 |
||||||
|
- Don't crash if initializing the server object fails |
||||||
|
|
||||||
|
* Tue Sep 18 2012 David Zeuthen <davidz@redhat.com> 0.107-3%{?dist} |
||||||
|
- Authenticate as root if e.g. the wheel group is empty (#834494) |
||||||
|
|
||||||
|
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.107-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Jul 11 2012 David Zeuthen <davidz@redhat.com> 0.107-1%{?dist} |
||||||
|
- Update to upstream release 0.107 |
||||||
|
|
||||||
|
* Fri Jun 29 2012 David Zeuthen <davidz@redhat.com> 0.106-2%{?dist} |
||||||
|
- Add forgotten Requires(pre): shadow-utils |
||||||
|
|
||||||
|
* Thu Jun 07 2012 David Zeuthen <davidz@redhat.com> 0.106-1%{?dist} |
||||||
|
- Update to upstream release 0.106 |
||||||
|
- Authorizations are no longer controlled by .pkla files - from now |
||||||
|
on, use the new .rules files described in the polkit(8) man page |
||||||
|
|
||||||
|
* Tue Apr 24 2012 David Zeuthen <davidz@redhat.com> 0.105-1%{?dist} |
||||||
|
- Update to upstream release 0.105 |
||||||
|
- Nuke patches that are now upstream |
||||||
|
- Change 'PolicyKit' to 'polkit' in summary and descriptions |
||||||
|
|
||||||
|
* Thu Mar 08 2012 David Zeuthen <davidz@redhat.com> 0.104-6%{?dist} |
||||||
|
- Don't leak file descriptors (bgo #671486) |
||||||
|
|
||||||
|
* Mon Feb 13 2012 Matthias Clasen <mclasen@redhat.com> - 0.104-5%{?dist} |
||||||
|
- Make the -docs subpackage noarch |
||||||
|
|
||||||
|
* Mon Feb 06 2012 David Zeuthen <davidz@redhat.com> 0.104-4%{?dist} |
||||||
|
- Set error if we cannot obtain a PolkitUnixSession for a given PID (#787222) |
||||||
|
|
||||||
|
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.104-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-2%{?dist} |
||||||
|
- Nuke the ConsoleKit run-time requirement |
||||||
|
|
||||||
|
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-1%{?dist} |
||||||
|
- Update to upstream release 0.104 |
||||||
|
- Force usage of systemd (instead of ConsoleKit) for session tracking |
||||||
|
|
||||||
|
* Tue Dec 06 2011 David Zeuthen <davidz@redhat.com> 0.103-1%{?dist} |
||||||
|
- Update to upstream release 0.103 |
||||||
|
- Drop upstreamed patch |
||||||
|
- Drop Fedora-specific policy, it is now upstream (fdo #41008) |
||||||
|
|
||||||
|
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.102-3 |
||||||
|
- Rebuilt for glibc bug#747377 |
||||||
|
|
||||||
|
* Tue Oct 18 2011 David Zeuthen <davidz@redhat.com> 0.102-2%{?dist} |
||||||
|
- Add patch to neuter the annoying systemd behavior where stdout/stderr |
||||||
|
is sent to the system logs |
||||||
|
|
||||||
|
* Thu Aug 04 2011 David Zeuthen <davidz@redhat.com> 0.102-1 |
||||||
|
- Update to 0.102 release |
||||||
|
|
||||||
|
* Fri May 13 2011 Bastien Nocera <bnocera@redhat.com> 0.101-7 |
||||||
|
- Allow setting the pretty hostname without a password for wheel, |
||||||
|
change matches systemd in git |
||||||
|
|
||||||
|
* Mon May 2 2011 Matthias Clasen <mclasen@redhat.com> - 0.101-6 |
||||||
|
- Update the action id of the datetime mechanism |
||||||
|
|
||||||
|
* Tue Apr 19 2011 David Zeuthen <davidz@redhat.com> - 0.101-5 |
||||||
|
- CVE-2011-1485 (#697951) |
||||||
|
|
||||||
|
* Tue Mar 22 2011 Kevin Kofler <Kevin@tigcc.ticalc.org> - 0.101-4 |
||||||
|
- Also allow org.kde.kcontrol.kcmclock.save without password for wheel |
||||||
|
|
||||||
|
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-3 |
||||||
|
- Fix typo in pkla file (thanks notting) |
||||||
|
|
||||||
|
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2 |
||||||
|
- Nuke desktop_admin_r and desktop_user_r groups - just use the |
||||||
|
wheel group instead (#688363) |
||||||
|
- Update the set of configuration directives that gives users |
||||||
|
in the wheel group extra privileges |
||||||
|
|
||||||
|
* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1 |
||||||
|
- New upstream version |
||||||
|
|
||||||
|
* Mon Feb 21 2011 David Zeuthen <davidz@redhat.com> - 0.100-1 |
||||||
|
- New upstream version |
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.98-7 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
||||||
|
|
||||||
|
* Fri Jan 28 2011 Matthias Clasen <mclasen@redhat.com> - 0.98-6 |
||||||
|
- Own /usr/libexec/polkit-1 |
||||||
|
|
||||||
|
* Fri Nov 12 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-5 |
||||||
|
- Enable introspection |
||||||
|
|
||||||
|
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-4 |
||||||
|
- Fix #629515 in a way that doesn't require autoreconf |
||||||
|
|
||||||
|
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-2 |
||||||
|
- Include polkitagentenumtypes.h (#629515) |
||||||
|
|
||||||
|
* Mon Aug 23 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-1 |
||||||
|
- Update to upstream release 0.98 |
||||||
|
- Co-own /usr/share/gtk-doc (#604410) |
||||||
|
|
||||||
|
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-5 |
||||||
|
- Rebuid to work around bodhi limitations |
||||||
|
|
||||||
|
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-4 |
||||||
|
- Fix a ConsoleKit interaction bug |
||||||
|
|
||||||
|
* Fri Aug 13 2010 David Zeuthen <davidz@redhat.com> - 0.97-3 |
||||||
|
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257) |
||||||
|
- Require GLib >= 2.25.12 instead of 2.25.11 |
||||||
|
- Ensure polkit-gnome packages earlier than 0.97 are not used with |
||||||
|
these packages |
||||||
|
|
||||||
|
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-2 |
||||||
|
- Rebuild |
||||||
|
|
||||||
|
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-1 |
||||||
|
- Update to 0.97. This release contains a port from EggDBus to the |
||||||
|
GDBus code available in recent GLib releases. |
||||||
|
|
||||||
|
* Fri Jan 15 2010 David Zeuthen <davidz@redhat.com> - 0.96-1 |
||||||
|
- Update to 0.96 |
||||||
|
- Disable introspection support for the time being |
||||||
|
|
||||||
|
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-2 |
||||||
|
- Rebuild |
||||||
|
|
||||||
|
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-1 |
||||||
|
- Update to 0.95 |
||||||
|
- Drop upstreamed patches |
||||||
|
|
||||||
|
* Tue Oct 20 2009 Matthias Clasen <mclasen@redhat.com> - 0.95-0.git20090913.3 |
||||||
|
- Fix a typo in pklocalauthority(8) |
||||||
|
|
||||||
|
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.2 |
||||||
|
- Refine how Obsolete: is used and also add Provides: (thanks Jesse |
||||||
|
Keating and nim-nim) |
||||||
|
|
||||||
|
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.1 |
||||||
|
- Add bugfix for polkit_unix_process_new_full() (thanks Bastien Nocera) |
||||||
|
- Obsolete old PolicyKit packages |
||||||
|
|
||||||
|
* Sun Sep 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913 |
||||||
|
- Update to git snapshot |
||||||
|
- Drop upstreamed patches |
||||||
|
- Turn on GObject introspection |
||||||
|
- Don't delete desktop_admin_r and desktop_user_r groups when |
||||||
|
uninstalling polkit-desktop-policy |
||||||
|
|
||||||
|
* Fri Sep 11 2009 David Zeuthen <davidz@redhat.com> - 0.94-4 |
||||||
|
- Add some patches from git master |
||||||
|
- Sort pkaction(1) output |
||||||
|
- Bug 23867 – UnixProcess vs. SystemBusName aliasing |
||||||
|
|
||||||
|
* Thu Aug 13 2009 David Zeuthen <davidz@redhat.com> - 0.94-3 |
||||||
|
- Add desktop_admin_r and desktop_user_r groups along with a first cut |
||||||
|
of default authorizations for users in these groups. |
||||||
|
|
||||||
|
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-2 |
||||||
|
- Disable GObject Introspection for now as it breaks the build |
||||||
|
|
||||||
|
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-1 |
||||||
|
- Update to upstream release 0.94 |
||||||
|
|
||||||
|
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.93-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
||||||
|
|
||||||
|
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-2 |
||||||
|
- Rebuild |
||||||
|
|
||||||
|
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-1 |
||||||
|
- Update to 0.93 |
||||||
|
|
||||||
|
* Tue Jun 09 2009 David Zeuthen <davidz@redhat.com> - 0.92-3 |
||||||
|
- Don't make docs noarch (I *heart* multilib) |
||||||
|
- Change license to LGPLv2+ |
||||||
|
|
||||||
|
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-2 |
||||||
|
- Rebuild |
||||||
|
|
||||||
|
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-1 |
||||||
|
- Update to 0.92 release |
||||||
|
|
||||||
|
* Wed May 27 2009 David Zeuthen <davidz@redhat.com> - 0.92-0.git20090527 |
||||||
|
- Update to 0.92 snapshot |
||||||
|
|
||||||
|
* Mon Feb 9 2009 David Zeuthen <davidz@redhat.com> - 0.91-1 |
||||||
|
- Initial spec file. |
Loading…
Reference in new issue