import polkit-0.117-10.el9_0
This commit is contained in:
commit
e3dfdee702
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
SOURCES/firefox-78.10.0esr.source.tar.xz
|
||||
SOURCES/polkit-0.117.tar.gz
|
2
.polkit.metadata
Normal file
2
.polkit.metadata
Normal file
@ -0,0 +1,2 @@
|
||||
547bac33732774993bd8223de9acfeedcc69a10d SOURCES/firefox-78.10.0esr.source.tar.xz
|
||||
0c375fa621bc9f74f2972e00fb517a408f419adf SOURCES/polkit-0.117.tar.gz
|
30
SOURCES/0001-Skip-failing-tests-on-ppc64-and-s390x.patch
Normal file
30
SOURCES/0001-Skip-failing-tests-on-ppc64-and-s390x.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From db3a0a25b97377b388532b23e73a10d246f66496 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
|
||||
Date: Mon, 3 Aug 2020 10:27:00 +0200
|
||||
Subject: [PATCH] Skip failing tests on ppc64 and s390x
|
||||
|
||||
ppc64 and s390x: non262/extensions/clone-errors.js
|
||||
s390x: test262/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-other-type.js
|
||||
---
|
||||
js/src/tests/jstests.list | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/js/src/tests/jstests.list b/js/src/tests/jstests.list
|
||||
index 4085ce3..4f014f5 100644
|
||||
--- a/js/src/tests/jstests.list
|
||||
+++ b/js/src/tests/jstests.list
|
||||
@@ -56,6 +56,11 @@ skip-if(!this.hasOwnProperty('addIntlExtras')) include test262/intl402/DisplayNa
|
||||
skip-if(!this.hasOwnProperty("Atomics")) include test262/built-ins/Atomics/jstests.list
|
||||
skip-if(!this.hasOwnProperty("SharedArrayBuffer")) include test262/built-ins/SharedArrayBuffer/jstests.list
|
||||
|
||||
+# Crashes on s390x and ppc64, avoid it
|
||||
+skip-if(xulRuntime.XPCOMABI.match(/s390x|ppc64-/)) script non262/extensions/clone-errors.js
|
||||
+
|
||||
+# Crashes on s390x, avoid it
|
||||
+skip-if(xulRuntime.XPCOMABI.match(/s390x/)) script test262/built-ins/TypedArray/prototype/set/typedarray-arg-set-values-same-buffer-other-type.js
|
||||
|
||||
#####################################
|
||||
# Test262 tests disabled on browser #
|
||||
--
|
||||
2.26.2
|
||||
|
5771
SOURCES/0002-D89554-autoconf1.diff
Normal file
5771
SOURCES/0002-D89554-autoconf1.diff
Normal file
File diff suppressed because it is too large
Load Diff
118
SOURCES/0003-D94538-autoconf2.diff
Normal file
118
SOURCES/0003-D94538-autoconf2.diff
Normal file
@ -0,0 +1,118 @@
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/archlinux.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/archlinux.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/archlinux.py.D94538-autoconf2.diff 2021-02-25 13:53:04.963982705 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/archlinux.py 2021-02-25 13:53:25.713053151 +0100
|
||||
@@ -26,7 +26,6 @@ class ArchlinuxBootstrapper(
|
||||
'''Archlinux experimental bootstrapper.'''
|
||||
|
||||
SYSTEM_PACKAGES = [
|
||||
- 'autoconf2.13',
|
||||
'base-devel',
|
||||
'nodejs',
|
||||
'python2',
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/centosfedora.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/centosfedora.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/centosfedora.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/centosfedora.py 2021-02-25 13:53:04.963982705 +0100
|
||||
@@ -26,7 +26,6 @@ class CentOSFedoraBootstrapper(
|
||||
# For CentOS 7, later versions of nodejs come from nodesource
|
||||
# and include the npm package.
|
||||
self.packages = [
|
||||
- 'autoconf213',
|
||||
'nodejs',
|
||||
'which',
|
||||
]
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/debian.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/debian.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/debian.py.D94538-autoconf2.diff 2021-02-25 13:53:04.963982705 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/debian.py 2021-02-25 13:53:42.874111415 +0100
|
||||
@@ -32,7 +32,6 @@ class DebianBootstrapper(
|
||||
# These are common packages for all Debian-derived distros (such as
|
||||
# Ubuntu).
|
||||
COMMON_PACKAGES = [
|
||||
- 'autoconf2.13',
|
||||
'build-essential',
|
||||
'nodejs',
|
||||
'python-setuptools',
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/freebsd.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/freebsd.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/freebsd.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/freebsd.py 2021-02-25 13:53:04.963982705 +0100
|
||||
@@ -15,7 +15,6 @@ class FreeBSDBootstrapper(BaseBootstrapp
|
||||
self.flavor = flavor.lower()
|
||||
|
||||
self.packages = [
|
||||
- 'autoconf213',
|
||||
'gmake',
|
||||
'gtar',
|
||||
'pkgconf',
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/gentoo.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/gentoo.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/gentoo.py.D94538-autoconf2.diff 2021-02-17 08:49:38.000000000 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/gentoo.py 2021-02-25 13:53:04.963982705 +0100
|
||||
@@ -36,7 +36,6 @@ class GentooBootstrapper(
|
||||
def ensure_system_packages(self):
|
||||
self.run_as_root(['emerge', '--noreplace', '--quiet',
|
||||
'app-arch/zip',
|
||||
- 'sys-devel/autoconf:2.1'
|
||||
])
|
||||
|
||||
def ensure_browser_packages(self, artifact_mode=False):
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/openbsd.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/openbsd.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/openbsd.py.D94538-autoconf2.diff 2021-02-17 08:49:15.000000000 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/openbsd.py 2021-02-25 13:53:04.964982709 +0100
|
||||
@@ -12,7 +12,6 @@ class OpenBSDBootstrapper(BaseBootstrapp
|
||||
BaseBootstrapper.__init__(self, **kwargs)
|
||||
|
||||
self.packages = [
|
||||
- 'autoconf-2.13',
|
||||
'gmake',
|
||||
'gtar',
|
||||
'rust',
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/opensuse.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/opensuse.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/opensuse.py.D94538-autoconf2.diff 2021-02-17 08:49:42.000000000 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/opensuse.py 2021-02-25 13:53:04.964982709 +0100
|
||||
@@ -13,7 +13,6 @@ class OpenSUSEBootstrapper(
|
||||
'''openSUSE experimental bootstrapper.'''
|
||||
|
||||
SYSTEM_PACKAGES = [
|
||||
- 'autoconf213',
|
||||
'nodejs',
|
||||
'npm',
|
||||
'which',
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/osx.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/osx.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/osx.py.D94538-autoconf2.diff 2021-02-25 13:53:04.964982709 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/osx.py 2021-02-25 13:54:07.162193882 +0100
|
||||
@@ -353,7 +353,6 @@ class OSXBootstrapper(BaseBootstrapper):
|
||||
# least on 10.8) and because the build system wants a version
|
||||
# newer than what Apple ships.
|
||||
packages = [
|
||||
- 'autoconf@2.13',
|
||||
'git',
|
||||
'gnu-tar',
|
||||
'node',
|
||||
@@ -428,7 +427,6 @@ class OSXBootstrapper(BaseBootstrapper):
|
||||
'python27',
|
||||
'python36',
|
||||
'py27-gnureadline',
|
||||
- 'autoconf213',
|
||||
'gnutar',
|
||||
'watchman',
|
||||
'nodejs8'
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/solus.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/solus.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/solus.py.D94538-autoconf2.diff 2021-02-25 13:53:04.964982709 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/solus.py 2021-02-25 13:53:32.090074802 +0100
|
||||
@@ -23,7 +23,6 @@ class SolusBootstrapper(
|
||||
'''Solus experimental bootstrapper.'''
|
||||
|
||||
SYSTEM_PACKAGES = [
|
||||
- 'autoconf213',
|
||||
'nodejs',
|
||||
'python',
|
||||
'python3',
|
||||
diff -up firefox-78.8.0/python/mozboot/mozboot/windows.py.D94538-autoconf2.diff firefox-78.8.0/python/mozboot/mozboot/windows.py
|
||||
--- firefox-78.8.0/python/mozboot/mozboot/windows.py.D94538-autoconf2.diff 2021-02-17 08:49:34.000000000 +0100
|
||||
+++ firefox-78.8.0/python/mozboot/mozboot/windows.py 2021-02-25 13:53:04.978982756 +0100
|
||||
@@ -48,7 +48,6 @@ class WindowsBootstrapper(BaseBootstrapp
|
||||
'patch',
|
||||
'patchutils',
|
||||
'diffutils',
|
||||
- 'autoconf2.13',
|
||||
'tar',
|
||||
'zip',
|
||||
'unzip',
|
13
SOURCES/CVE-2021-3560.patch
Normal file
13
SOURCES/CVE-2021-3560.patch
Normal file
@ -0,0 +1,13 @@
|
||||
--- a/src/polkit/polkitsystembusname.c
|
||||
+++ b/src/polkit/polkitsystembusname.c
|
||||
@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
||||
while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
|
||||
g_main_context_iteration (tmp_context, TRUE);
|
||||
|
||||
+ if (data.caught_error)
|
||||
+ goto out;
|
||||
+
|
||||
if (out_uid)
|
||||
*out_uid = data.uid;
|
||||
if (out_pid)
|
||||
|
72
SOURCES/CVE-2021-4034.patch
Normal file
72
SOURCES/CVE-2021-4034.patch
Normal file
@ -0,0 +1,72 @@
|
||||
commit a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
|
||||
Author: Jan Rybar <jrybar@redhat.com>
|
||||
Date: Tue Jan 25 17:21:46 2022 +0000
|
||||
|
||||
pkexec: local privilege escalation (CVE-2021-4034)
|
||||
|
||||
diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
|
||||
index f1bb4e1..768525c 100644
|
||||
--- a/src/programs/pkcheck.c
|
||||
+++ b/src/programs/pkcheck.c
|
||||
@@ -363,6 +363,11 @@ main (int argc, char *argv[])
|
||||
local_agent_handle = NULL;
|
||||
ret = 126;
|
||||
|
||||
+ if (argc < 1)
|
||||
+ {
|
||||
+ exit(126);
|
||||
+ }
|
||||
+
|
||||
/* Disable remote file access from GIO. */
|
||||
setenv ("GIO_USE_VFS", "local", 1);
|
||||
|
||||
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
|
||||
index 7698c5c..84e5ef6 100644
|
||||
--- a/src/programs/pkexec.c
|
||||
+++ b/src/programs/pkexec.c
|
||||
@@ -488,6 +488,15 @@ main (int argc, char *argv[])
|
||||
pid_t pid_of_caller;
|
||||
gpointer local_agent_handle;
|
||||
|
||||
+
|
||||
+ /*
|
||||
+ * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out.
|
||||
+ */
|
||||
+ if (argc<1)
|
||||
+ {
|
||||
+ exit(127);
|
||||
+ }
|
||||
+
|
||||
ret = 127;
|
||||
authority = NULL;
|
||||
subject = NULL;
|
||||
@@ -614,10 +623,10 @@ main (int argc, char *argv[])
|
||||
|
||||
path = g_strdup (pwstruct.pw_shell);
|
||||
if (!path)
|
||||
- {
|
||||
+ {
|
||||
g_printerr ("No shell configured or error retrieving pw_shell\n");
|
||||
goto out;
|
||||
- }
|
||||
+ }
|
||||
/* If you change this, be sure to change the if (!command_line)
|
||||
case below too */
|
||||
command_line = g_strdup (path);
|
||||
@@ -636,7 +645,15 @@ main (int argc, char *argv[])
|
||||
goto out;
|
||||
}
|
||||
g_free (path);
|
||||
- argv[n] = path = s;
|
||||
+ path = s;
|
||||
+
|
||||
+ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
|
||||
+ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
|
||||
+ */
|
||||
+ if (argv[n] != NULL)
|
||||
+ {
|
||||
+ argv[n] = path;
|
||||
+ }
|
||||
}
|
||||
if (access (path, F_OK) != 0)
|
||||
{
|
71
SOURCES/CVE-2021-4115.patch
Normal file
71
SOURCES/CVE-2021-4115.patch
Normal file
@ -0,0 +1,71 @@
|
||||
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
|
||||
index 8ed1363..2fbf5f1 100644
|
||||
--- a/src/polkit/polkitsystembusname.c
|
||||
+++ b/src/polkit/polkitsystembusname.c
|
||||
@@ -62,6 +62,10 @@ enum
|
||||
PROP_NAME,
|
||||
};
|
||||
|
||||
+
|
||||
+guint8 dbus_call_respond_fails; // has to be global because of callback
|
||||
+
|
||||
+
|
||||
static void subject_iface_init (PolkitSubjectIface *subject_iface);
|
||||
|
||||
G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT,
|
||||
@@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src,
|
||||
if (!v)
|
||||
{
|
||||
data->caught_error = TRUE;
|
||||
+ dbus_call_respond_fails += 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
||||
tmp_context = g_main_context_new ();
|
||||
g_main_context_push_thread_default (tmp_context);
|
||||
|
||||
+ dbus_call_respond_fails = 0;
|
||||
+
|
||||
/* Do two async calls as it's basically as fast as one sync call.
|
||||
*/
|
||||
g_dbus_connection_call (connection,
|
||||
@@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
|
||||
on_retrieved_unix_uid_pid,
|
||||
&data);
|
||||
|
||||
- while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
|
||||
- g_main_context_iteration (tmp_context, TRUE);
|
||||
+ while (TRUE)
|
||||
+ {
|
||||
+ /* If one dbus call returns error, we must wait until the other call
|
||||
+ * calls _call_finish(), otherwise fd leak is possible.
|
||||
+ * Resolves: GHSL-2021-077
|
||||
+ */
|
||||
|
||||
- if (data.caught_error)
|
||||
- goto out;
|
||||
+ if ( (dbus_call_respond_fails > 1) )
|
||||
+ {
|
||||
+ // we got two faults, we can leave
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid)))
|
||||
+ {
|
||||
+ // we got one fault and the other call finally finished, we can leave
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ if ( !(data.retrieved_uid && data.retrieved_pid) )
|
||||
+ {
|
||||
+ g_main_context_iteration (tmp_context, TRUE);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if (out_uid)
|
||||
*out_uid = data.uid;
|
12
SOURCES/FixSharedArray.diff
Normal file
12
SOURCES/FixSharedArray.diff
Normal file
@ -0,0 +1,12 @@
|
||||
--- a/js/public/StructuredClone.h
|
||||
+++ b/js/public/StructuredClone.h
|
||||
@@ -381,7 +381,7 @@ enum OwnTransferablePolicy {
|
||||
namespace js {
|
||||
class SharedArrayRawBuffer;
|
||||
|
||||
-class SharedArrayRawBufferRefs {
|
||||
+class JS_PUBLIC_API SharedArrayRawBufferRefs {
|
||||
public:
|
||||
SharedArrayRawBufferRefs() = default;
|
||||
SharedArrayRawBufferRefs(SharedArrayRawBufferRefs&& other) = default;
|
||||
--
|
38
SOURCES/copy-headers.patch
Normal file
38
SOURCES/copy-headers.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 3b3c8e37cca418e07bdeceaf3a601805df28d925 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
|
||||
Date: Wed, 15 Jul 2020 08:27:39 +0200
|
||||
Subject: [PATCH] build: Copy headers on install instead of symlinking
|
||||
|
||||
Patch by Philip Chimento ported forward to mozjs78
|
||||
---
|
||||
python/mozbuild/mozbuild/backend/recursivemake.py | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/python/mozbuild/mozbuild/backend/recursivemake.py b/python/mozbuild/mozbuild/backend/recursivemake.py
|
||||
index e3fc8fe..bed5ae9 100644
|
||||
--- a/python/mozbuild/mozbuild/backend/recursivemake.py
|
||||
+++ b/python/mozbuild/mozbuild/backend/recursivemake.py
|
||||
@@ -1457,9 +1457,9 @@ class RecursiveMakeBackend(MakeBackend):
|
||||
raise Exception("Wildcards are only supported in the filename part"
|
||||
" of srcdir-relative or absolute paths.")
|
||||
|
||||
- install_manifest.add_pattern_link(basepath, wild, path)
|
||||
+ install_manifest.add_pattern_copy(basepath, wild, path)
|
||||
else:
|
||||
- install_manifest.add_pattern_link(f.srcdir, f, path)
|
||||
+ install_manifest.add_pattern_copy(f.srcdir, f, path)
|
||||
elif isinstance(f, AbsolutePath):
|
||||
if not f.full_path.lower().endswith(('.dll', '.pdb', '.so')):
|
||||
raise Exception("Absolute paths installed to FINAL_TARGET_FILES must"
|
||||
@@ -1468,7 +1468,7 @@ class RecursiveMakeBackend(MakeBackend):
|
||||
install_manifest.add_optional_exists(dest)
|
||||
absolute_files.append(f.full_path)
|
||||
else:
|
||||
- install_manifest.add_link(f.full_path, dest)
|
||||
+ install_manifest.add_copy(f.full_path, dest)
|
||||
else:
|
||||
install_manifest.add_optional_exists(dest)
|
||||
objdir_files.append(self._pretty_path(f, backend_file))
|
||||
--
|
||||
2.26.2
|
||||
|
35
SOURCES/definitions_for_user_vfp.patch
Normal file
35
SOURCES/definitions_for_user_vfp.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From fd6847c9416f9eebde636e21d794d25d1be8791d Mon Sep 17 00:00:00 2001
|
||||
From: Mike Hommey <mh@glandium.org>
|
||||
Date: Sat, 1 Jun 2019 09:06:01 +0900
|
||||
Subject: [PATCH] Bug 1526653 - Include struct definitions for user_vfp and
|
||||
user_vfp_exc.
|
||||
|
||||
---
|
||||
js/src/wasm/WasmSignalHandlers.cpp | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/js/src/wasm/WasmSignalHandlers.cpp b/js/src/wasm/WasmSignalHandlers.cpp
|
||||
index 636537f8478..383c380f04c 100644
|
||||
--- a/js/src/wasm/WasmSignalHandlers.cpp
|
||||
+++ b/js/src/wasm/WasmSignalHandlers.cpp
|
||||
@@ -249,7 +249,16 @@ using mozilla::DebugOnly;
|
||||
#endif
|
||||
|
||||
#ifdef WASM_EMULATE_ARM_UNALIGNED_FP_ACCESS
|
||||
-# include <sys/user.h>
|
||||
+struct user_vfp {
|
||||
+ unsigned long long fpregs[32];
|
||||
+ unsigned long fpscr;
|
||||
+};
|
||||
+
|
||||
+struct user_vfp_exc {
|
||||
+ unsigned long fpexc;
|
||||
+ unsigned long fpinst;
|
||||
+ unsigned long fpinst2;
|
||||
+};
|
||||
#endif
|
||||
|
||||
#if defined(ANDROID)
|
||||
--
|
||||
2.30.2
|
||||
|
61
SOURCES/emitter.patch
Normal file
61
SOURCES/emitter.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From d1d785c169345b81c76213f6dd9be32b4db60294 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
|
||||
Date: Wed, 15 Jul 2020 08:39:47 +0200
|
||||
Subject: [PATCH] Build: allow LOCAL_INCLUDES paths with topsrcdir or topobjdir
|
||||
|
||||
---
|
||||
python/mozbuild/mozbuild/frontend/emitter.py | 6 ------
|
||||
.../mozbuild/test/frontend/test_emitter.py | 20 -------------------
|
||||
2 files changed, 26 deletions(-)
|
||||
|
||||
diff --git a/python/mozbuild/mozbuild/frontend/emitter.py b/python/mozbuild/mozbuild/frontend/emitter.py
|
||||
index 8d5ab8e..65c43ff 100644
|
||||
--- a/python/mozbuild/mozbuild/frontend/emitter.py
|
||||
+++ b/python/mozbuild/mozbuild/frontend/emitter.py
|
||||
@@ -1239,12 +1239,6 @@ class TreeMetadataEmitter(LoggingMixin):
|
||||
'is a filename, but a directory is required: %s '
|
||||
'(resolved to %s)' % (local_include, full_path),
|
||||
context)
|
||||
- if (full_path == context.config.topsrcdir or
|
||||
- full_path == context.config.topobjdir):
|
||||
- raise SandboxValidationError(
|
||||
- 'Path specified in LOCAL_INCLUDES '
|
||||
- '(%s) resolves to the topsrcdir or topobjdir (%s), which is '
|
||||
- 'not allowed' % (local_include, full_path), context)
|
||||
include_obj = LocalInclude(context, local_include)
|
||||
local_includes.append(include_obj.path.full_path)
|
||||
yield include_obj
|
||||
diff --git a/python/mozbuild/mozbuild/test/frontend/test_emitter.py b/python/mozbuild/mozbuild/test/frontend/test_emitter.py
|
||||
index e8cbd81..d45ccee 100644
|
||||
--- a/python/mozbuild/mozbuild/test/frontend/test_emitter.py
|
||||
+++ b/python/mozbuild/mozbuild/test/frontend/test_emitter.py
|
||||
@@ -1040,26 +1040,6 @@ class TestEmitterBasic(unittest.TestCase):
|
||||
|
||||
self.assertEqual(local_includes, expected)
|
||||
|
||||
- def test_local_includes_invalid(self):
|
||||
- """Test that invalid LOCAL_INCLUDES are properly detected."""
|
||||
- reader = self.reader('local_includes-invalid/srcdir')
|
||||
-
|
||||
- with six.assertRaisesRegex(
|
||||
- self,
|
||||
- SandboxValidationError,
|
||||
- 'Path specified in LOCAL_INCLUDES.*resolves to the '
|
||||
- 'topsrcdir or topobjdir'):
|
||||
- self.read_topsrcdir(reader)
|
||||
-
|
||||
- reader = self.reader('local_includes-invalid/objdir')
|
||||
-
|
||||
- with six.assertRaisesRegex(
|
||||
- self,
|
||||
- SandboxValidationError,
|
||||
- 'Path specified in LOCAL_INCLUDES.*resolves to the '
|
||||
- 'topsrcdir or topobjdir'):
|
||||
- self.read_topsrcdir(reader)
|
||||
-
|
||||
def test_local_includes_file(self):
|
||||
"""Test that a filename can't be used in LOCAL_INCLUDES."""
|
||||
reader = self.reader('local_includes-filename')
|
||||
--
|
||||
2.26.2
|
||||
|
@ -0,0 +1,34 @@
|
||||
From: Simon McVittie <smcv@debian.org>
|
||||
Date: Mon, 9 Oct 2017 09:23:14 +0100
|
||||
Subject: icu_sources_data: Write command output to our stderr
|
||||
|
||||
Saying "See output in /tmp/foobar" is all very well for a developer
|
||||
build, but on a buildd our /tmp is going to get thrown away after
|
||||
the build. Just log the usual way instead.
|
||||
---
|
||||
intl/icu_sources_data.py | 7 ++-----
|
||||
1 file changed, 2 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/intl/icu_sources_data.py b/intl/icu_sources_data.py
|
||||
index 8cf9290..7d2d983 100644
|
||||
--- a/intl/icu_sources_data.py
|
||||
+++ b/intl/icu_sources_data.py
|
||||
@@ -190,16 +190,13 @@ def update_sources(topsrcdir):
|
||||
|
||||
def try_run(name, command, cwd=None, **kwargs):
|
||||
try:
|
||||
- with tempfile.NamedTemporaryFile(prefix=name, delete=False) as f:
|
||||
- subprocess.check_call(command, cwd=cwd, stdout=f,
|
||||
- stderr=subprocess.STDOUT, **kwargs)
|
||||
+ subprocess.check_call(command, cwd=cwd, stdout=sys.stderr,
|
||||
+ stderr=subprocess.STDOUT, **kwargs)
|
||||
except subprocess.CalledProcessError:
|
||||
- print('''Error running "{}" in directory {}
|
||||
- See output in {}'''.format(' '.join(command), cwd, f.name),
|
||||
- file=sys.stderr)
|
||||
+ print('''Error running "{}" in directory {}'''.format(' '.join(command), cwd),
|
||||
+ file=sys.stderr)
|
||||
return False
|
||||
else:
|
||||
- os.unlink(f.name)
|
||||
return True
|
@ -0,0 +1,26 @@
|
||||
From: Simon McVittie <smcv@debian.org>
|
||||
Date: Mon, 9 Oct 2017 09:22:12 +0100
|
||||
Subject: icu_sources_data.py: Decouple from Mozilla build system
|
||||
|
||||
mozpack.path is a wrapper around os.path that normalizes path
|
||||
separators on Windows, but on Unix we only have one path separator
|
||||
so there's nothing to normalize. Avoid needing to import all of it.
|
||||
---
|
||||
intl/icu_sources_data.py | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/intl/icu_sources_data.py b/intl/icu_sources_data.py
|
||||
index 98c0ccb..8cf9290 100644
|
||||
--- a/intl/icu_sources_data.py
|
||||
+++ b/intl/icu_sources_data.py
|
||||
@@ -22,7 +22,9 @@ import subprocess
|
||||
import sys
|
||||
import tempfile
|
||||
|
||||
-from mozpack import path as mozpath
|
||||
+# Close enough
|
||||
+import os.path as mozpath
|
||||
+mozpath.normsep = lambda p: p
|
||||
|
||||
# The following files have been determined to be dead/unused by a
|
||||
# semi-automated analysis. You can just remove any of the files below
|
12
SOURCES/init_patch.patch
Normal file
12
SOURCES/init_patch.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- a/python/mozbuild/mozbuild/configure/__init__.py
|
||||
+++ b/python/mozbuild/mozbuild/configure/__init__.py
|
||||
@@ -491,7 +491,8 @@ class ConfigureSandbox(dict):
|
||||
if self._help:
|
||||
self._logger.warning(msg)
|
||||
else:
|
||||
- raise InvalidOptionError(msg)
|
||||
+ #raise InvalidOptionError(msg)
|
||||
+ pass
|
||||
|
||||
# Run the execution queue
|
||||
for func, args in self._execution_queue:
|
90
SOURCES/mozjs78.patch
Normal file
90
SOURCES/mozjs78.patch
Normal file
@ -0,0 +1,90 @@
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index eea70fc..c4569f1 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -34,7 +34,7 @@ AC_PROG_LN_S
|
||||
AC_SYS_LARGEFILE
|
||||
AM_PROG_CC_C_O
|
||||
AC_PROG_CXX
|
||||
-AX_CXX_COMPILE_STDCXX([14], [], [mandatory])
|
||||
+AX_CXX_COMPILE_STDCXX([17], [], [mandatory])
|
||||
|
||||
# Taken from dbus
|
||||
AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
|
||||
@@ -80,7 +80,7 @@ PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
|
||||
AC_SUBST(GLIB_CFLAGS)
|
||||
AC_SUBST(GLIB_LIBS)
|
||||
|
||||
-PKG_CHECK_MODULES(LIBJS, [mozjs-68])
|
||||
+PKG_CHECK_MODULES(LIBJS, [mozjs-78])
|
||||
|
||||
AC_SUBST(LIBJS_CFLAGS)
|
||||
AC_SUBST(LIBJS_CXXFLAGS)
|
||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
index 25bd1f9..ca17108 100644
|
||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
@@ -49,6 +49,7 @@
|
||||
#include <js/Realm.h>
|
||||
#include <js/SourceText.h>
|
||||
#include <js/Warnings.h>
|
||||
+#include <js/Array.h>
|
||||
#include <jsapi.h>
|
||||
|
||||
#include "initjs.h" /* init.js */
|
||||
@@ -367,7 +368,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
|
||||
static void
|
||||
reload_scripts (PolkitBackendJsAuthority *authority)
|
||||
{
|
||||
- JS::AutoValueArray<1> args(authority->priv->cx);
|
||||
+ JS::RootedValueArray<1> args(authority->priv->cx);
|
||||
JS::RootedValue rval(authority->priv->cx);
|
||||
|
||||
JS::RootedObject js_polkit(authority->priv->cx, authority->priv->js_polkit->get ());
|
||||
@@ -482,10 +483,6 @@ polkit_backend_js_authority_constructed (GObject *object)
|
||||
if (!JS::InitSelfHostedCode (authority->priv->cx))
|
||||
goto fail;
|
||||
|
||||
- JS::ContextOptionsRef (authority->priv->cx)
|
||||
- .setIon (TRUE)
|
||||
- .setBaseline (TRUE)
|
||||
- .setAsmJS (TRUE);
|
||||
JS::SetWarningReporter(authority->priv->cx, report_error);
|
||||
JS_SetContextPrivate (authority->priv->cx, authority);
|
||||
|
||||
@@ -720,7 +717,7 @@ set_property_strv (PolkitBackendJsAuthority *authority,
|
||||
elems[n].setNull ();
|
||||
}
|
||||
|
||||
- JS::RootedObject array_object(authority->priv->cx, JS_NewArrayObject (authority->priv->cx, elems));
|
||||
+ JS::RootedObject array_object(authority->priv->cx, JS::NewArrayObject (authority->priv->cx, elems));
|
||||
|
||||
value_jsval = JS::ObjectValue (*array_object);
|
||||
JS_SetProperty (authority->priv->cx, obj, name, value_jsval);
|
||||
@@ -1114,7 +1111,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
|
||||
{
|
||||
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
|
||||
GList *ret = NULL;
|
||||
- JS::AutoValueArray<2> args(authority->priv->cx);
|
||||
+ JS::RootedValueArray<2> args(authority->priv->cx);
|
||||
JS::RootedValue rval(authority->priv->cx);
|
||||
guint n;
|
||||
GError *error = NULL;
|
||||
@@ -1218,7 +1215,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
|
||||
{
|
||||
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
|
||||
PolkitImplicitAuthorization ret = implicit;
|
||||
- JS::AutoValueArray<2> args(authority->priv->cx);
|
||||
+ JS::RootedValueArray<2> args(authority->priv->cx);
|
||||
JS::RootedValue rval(authority->priv->cx);
|
||||
GError *error = NULL;
|
||||
JS::RootedString ret_jsstr (authority->priv->cx);
|
||||
@@ -1409,7 +1406,7 @@ js_polkit_spawn (JSContext *cx,
|
||||
JS::CallArgs args = JS::CallArgsFromVp (js_argc, vp);
|
||||
array_object = &args[0].toObject();
|
||||
|
||||
- if (!JS_GetArrayLength (cx, array_object, &array_len))
|
||||
+ if (!JS::GetArrayLength (cx, array_object, &array_len))
|
||||
{
|
||||
JS_ReportErrorUTF8 (cx, "Failed to get array length");
|
||||
goto out;
|
11
SOURCES/polkit-0.117.tar.gz.sign
Normal file
11
SOURCES/polkit-0.117.tar.gz.sign
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCAAdFiEEf/t9a9gxR9dChOMXjOswMP/c4lgFAl8hQXkACgkQjOswMP/c
|
||||
4lhBKAf/fZn/N2zUoREqQ0QIcMSb9OKnYxkvivmd1TA58Eski0cqo89dS89CqsVh
|
||||
xhg5WpypKyqVNc28TUYHgHiD9BUL+3ldhHMQk8f1B28lJ3ipvHaYBQsm1UQOB/DU
|
||||
xAhLttrFqeJxrjdSQT5GpIs3/SVYosE0/BDUbKOGivr2Wf/L1g19IUTtvaea1u9Z
|
||||
5Wpr/YF8HHdyxbaIJh2ylJh5rnyfes3LKjLpG6L9srzVhjrddXU+LhMhDrLJp0HN
|
||||
/LuKyEffK6qkWia3zTuqilmZdn5zKE5ryY0FArZF/5jr67oakypRFeMFqJvRyP6t
|
||||
zxwLq7/r27U/h2/QxRKwdu6lsp5tbw==
|
||||
=w9c/
|
||||
-----END PGP SIGNATURE-----
|
9
SOURCES/spidermonkey_checks_disable.patch
Normal file
9
SOURCES/spidermonkey_checks_disable.patch
Normal file
@ -0,0 +1,9 @@
|
||||
--- a/config/run_spidermonkey_checks.py
|
||||
+++ b/config/run_spidermonkey_checks.py
|
||||
@@ -13,4 +13,5 @@ def main(output, lib_file, *scripts):
|
||||
retcode = subprocess.call(
|
||||
[sys.executable, script], cwd=buildconfig.topsrcdir)
|
||||
if retcode != 0:
|
||||
- raise Exception(script + " failed")
|
||||
+ #raise Exception(script + " failed")
|
||||
+ pass
|
11
SOURCES/spidermonkey_style_check_disable_s390x.patch
Normal file
11
SOURCES/spidermonkey_style_check_disable_s390x.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- a/config/check_spidermonkey_style.py
|
||||
+++ b/config/check_spidermonkey_style.py
|
||||
|
||||
@@ -779,6 +779,7 @@ def tarjan(V, E):
|
||||
|
||||
|
||||
def main():
|
||||
+ sys.exit(0)
|
||||
if sys.argv[1:] == ["--fixup"]:
|
||||
# Sort #include directives in-place. Fixup mode doesn't solve
|
||||
# all possible silliness that the script checks for; it's just a
|
26
SOURCES/tests-increase-timeout.patch
Normal file
26
SOURCES/tests-increase-timeout.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 9be85b155c6df0454c5faef9e850f572c99e3615 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
|
||||
Date: Wed, 15 Jul 2020 08:32:44 +0200
|
||||
Subject: [PATCH] Increase the test timeout for slower buildds
|
||||
|
||||
Ported forward from Debian: https://bugs.debian.org/878284
|
||||
---
|
||||
js/src/Makefile.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/js/src/Makefile.in b/js/src/Makefile.in
|
||||
index b86aeed..d68655a 100644
|
||||
--- a/js/src/Makefile.in
|
||||
+++ b/js/src/Makefile.in
|
||||
@@ -53,7 +53,7 @@ check:: check-js-msg
|
||||
|
||||
check-jstests:
|
||||
$(wildcard $(RUN_TEST_PROGRAM)) $(PYTHON3) -u $(srcdir)/tests/jstests.py \
|
||||
- --no-progress --format=automation --timeout 300 \
|
||||
+ --no-progress --format=automation --timeout 600 \
|
||||
$(JSTESTS_EXTRA_ARGS) \
|
||||
$(DIST)/bin/$(JS_SHELL_NAME)$(BIN_SUFFIX)
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
846
SPECS/polkit.spec
Normal file
846
SPECS/polkit.spec
Normal file
@ -0,0 +1,846 @@
|
||||
# Only enable if using patches that touches configure.ac,
|
||||
# Makefile.am or other build system related files
|
||||
#
|
||||
%define enable_autoreconf 1
|
||||
|
||||
%global bundled_mozjs 1
|
||||
|
||||
%if 0%{?bundled_mozjs}
|
||||
%global mozjs_major 78
|
||||
%global mozjs_version 78.10.0
|
||||
|
||||
# Big endian platforms
|
||||
%ifarch ppc ppc64 s390 s390x
|
||||
%global big_endian 1
|
||||
%endif
|
||||
|
||||
# Make sure we don't add requires/provides for private libraries
|
||||
%global __provides_exclude_from ^%{_libdir}/polkit-1/
|
||||
%global __requires_exclude ^libmozjs-%{mozjs_major}\\.so.*
|
||||
%endif
|
||||
|
||||
Summary: An authorization framework
|
||||
Name: polkit
|
||||
Version: 0.117
|
||||
Release: 10%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: http://www.freedesktop.org/wiki/Software/polkit
|
||||
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
|
||||
|
||||
Patch1001: mozjs78.patch
|
||||
Patch1002: CVE-2021-3560.patch
|
||||
Patch1003: CVE-2021-4034.patch
|
||||
Patch1004: CVE-2021-4115.patch
|
||||
|
||||
%if 0%{?bundled_mozjs}
|
||||
Source2: https://ftp.mozilla.org/pub/firefox/releases/%{mozjs_version}esr/source/firefox-%{mozjs_version}esr.source.tar.xz
|
||||
|
||||
# Patches from mozjs68, rebased for mozjs78:
|
||||
Patch02: copy-headers.patch
|
||||
Patch03: tests-increase-timeout.patch
|
||||
Patch09: icu_sources_data.py-Decouple-from-Mozilla-build-system.patch
|
||||
Patch10: icu_sources_data-Write-command-output-to-our-stderr.patch
|
||||
|
||||
# Build fixes - https://hg.mozilla.org/mozilla-central/rev/ca36a6c4f8a4a0ddaa033fdbe20836d87bbfb873
|
||||
Patch12: emitter.patch
|
||||
|
||||
# Build fixes
|
||||
Patch14: init_patch.patch
|
||||
# TODO: Check with mozilla for cause of these fails and re-enable spidermonkey compile time checks if needed
|
||||
Patch15: spidermonkey_checks_disable.patch
|
||||
|
||||
# armv7 fixes
|
||||
Patch17: definitions_for_user_vfp.patch
|
||||
|
||||
# s390x/ppc64 fixes, TODO: file bug report upstream?
|
||||
Patch18: spidermonkey_style_check_disable_s390x.patch
|
||||
Patch19: 0001-Skip-failing-tests-on-ppc64-and-s390x.patch
|
||||
|
||||
# Fix for https://bugzilla.mozilla.org/show_bug.cgi?id=1644600 ( SharedArrayRawBufferRefs is not exported )
|
||||
# https://github.com/0ad/0ad/blob/83e81362d850cc6f2b3b598255b873b6d04d5809/libraries/source/spidermonkey/FixSharedArray.diff
|
||||
Patch30: FixSharedArray.diff
|
||||
|
||||
# Avoid autoconf213 dependency, backported from upstream
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1663863
|
||||
Patch31: 0002-D89554-autoconf1.diff
|
||||
Patch32: 0003-D94538-autoconf2.diff
|
||||
%endif
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: glib2-devel >= 2.30.0
|
||||
BuildRequires: expat-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: intltool
|
||||
BuildRequires: gobject-introspection-devel
|
||||
BuildRequires: systemd, systemd-devel
|
||||
%if 0%{?bundled_mozjs}
|
||||
BuildRequires: cargo
|
||||
BuildRequires: clang-devel
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: m4
|
||||
BuildRequires: make
|
||||
%if !0%{?rhel}
|
||||
BuildRequires: nasm
|
||||
%endif
|
||||
BuildRequires: llvm
|
||||
BuildRequires: llvm-devel
|
||||
BuildRequires: rust
|
||||
BuildRequires: perl-devel
|
||||
BuildRequires: pkgconfig(libffi)
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
BuildRequires: python3-six
|
||||
BuildRequires: readline-devel
|
||||
BuildRequires: zip
|
||||
%if 0%{?big_endian}
|
||||
BuildRequires: icu
|
||||
%endif
|
||||
%else
|
||||
BuildRequires: pkgconfig(mozjs-78)
|
||||
%endif
|
||||
|
||||
%if 0%{?enable_autoreconf}
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
%endif
|
||||
|
||||
Requires: dbus, polkit-pkla-compat
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
|
||||
Obsoletes: PolicyKit <= 0.10
|
||||
Provides: PolicyKit = 0.11
|
||||
|
||||
# polkit saw some API/ABI changes from 0.96 to 0.97 so require a
|
||||
# sufficiently new polkit-gnome package
|
||||
Conflicts: polkit-gnome < 0.97
|
||||
|
||||
Obsoletes: polkit-desktop-policy < 0.103
|
||||
Provides: polkit-desktop-policy = 0.103
|
||||
|
||||
Obsoletes: polkit-js-engine < 0.110-4
|
||||
Provides: polkit-js-engine = %{version}-%{release}
|
||||
|
||||
# when -libs was split out, handle multilib upgrade path -- rex
|
||||
Obsoletes: polkit < 0.113-3
|
||||
|
||||
%description
|
||||
polkit is a toolkit for defining and handling authorizations. It is
|
||||
used for allowing unprivileged processes to speak to privileged
|
||||
processes.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for polkit
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
Requires: %name-docs = %{version}-%{release}
|
||||
Requires: glib2-devel
|
||||
Obsoletes: PolicyKit-devel <= 0.10
|
||||
Provides: PolicyKit-devel = 0.11
|
||||
|
||||
%description devel
|
||||
Development files for polkit.
|
||||
|
||||
%package docs
|
||||
Summary: Development documentation for polkit
|
||||
Requires: %name-devel = %{version}-%{release}
|
||||
Obsoletes: PolicyKit-docs <= 0.10
|
||||
Provides: PolicyKit-docs = 0.11
|
||||
BuildArch: noarch
|
||||
|
||||
%description docs
|
||||
Development documentation for polkit.
|
||||
|
||||
%package libs
|
||||
Summary: Libraries for polkit
|
||||
%if 0%{?bundled_mozjs}
|
||||
License: MIT and (MPLv1.1 or GPLv2+ or LGPLv2+) and MPLv2.0 and MPLv1.1 and BSD and GPLv2+ and GPLv3+ and LGPLv2+ and AFL and ASL 2.0
|
||||
Provides: bundled(mozjs) = %{mozjs_version}
|
||||
%endif
|
||||
|
||||
%description libs
|
||||
Libraries files for polkit.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
# Apply polkit patches
|
||||
%patch1001 -p1
|
||||
%patch1002 -p1
|
||||
%patch1003 -p1
|
||||
%patch1004 -p1
|
||||
|
||||
%if 0%{?bundled_mozjs}
|
||||
# Extract mozjs archive
|
||||
tar -xf %{S:2}
|
||||
|
||||
# Apply mozjs patches
|
||||
pushd firefox-%{mozjs_version}
|
||||
%patch02 -p1
|
||||
%patch03 -p1
|
||||
%patch09 -p1
|
||||
%patch10 -p1
|
||||
|
||||
%patch12 -p1
|
||||
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
|
||||
%ifarch armv7hl
|
||||
# Include definitions for user vfp on armv7 as it causes the compilation to fail without them
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=1526653
|
||||
%patch17 -p1
|
||||
%endif
|
||||
|
||||
%ifarch s390x
|
||||
%patch18 -p1
|
||||
%endif
|
||||
|
||||
# Fixes for ppc64 and s390x, there is no need to keep it in ifarch here since mozilla tests support ifarch conditions
|
||||
%patch19 -p1
|
||||
|
||||
# Export SharedArrayRawBufferRefs
|
||||
%patch30 -p1
|
||||
|
||||
# Avoid autoconf213 dependency
|
||||
%patch31 -p1 -b .autoconf213
|
||||
%patch32 -p1 -b .autoconf213-2
|
||||
|
||||
# Remove zlib directory (to be sure using system version)
|
||||
rm -rf modules/zlib
|
||||
popd
|
||||
%endif
|
||||
|
||||
%build
|
||||
%if 0%{?bundled_mozjs}
|
||||
pushd firefox-%{mozjs_version}/js/src
|
||||
# Prefer GCC for now
|
||||
export CC=gcc
|
||||
export CXX=g++
|
||||
|
||||
# Workaround
|
||||
# error: options `-C embed-bitcode=no` and `-C lto` are incompatible
|
||||
# error: could not compile `jsrust`.
|
||||
# https://github.com/japaric/cargo-call-stack/issues/25
|
||||
export RUSTFLAGS="-C embed-bitcode"
|
||||
|
||||
# https://github.com/ptomato/mozjs/commit/36bb7982b41e0ef9a65f7174252ab996cd6777bd
|
||||
export CARGO_PROFILE_RELEASE_LTO=true
|
||||
|
||||
export LINKFLAGS="%{?__global_ldflags}"
|
||||
export PYTHON="%{__python3}"
|
||||
|
||||
%configure \
|
||||
--without-system-icu \
|
||||
--with-system-zlib \
|
||||
--disable-tests \
|
||||
--disable-strip \
|
||||
--with-intl-api \
|
||||
--enable-readline \
|
||||
--enable-shared-js \
|
||||
--enable-optimize \
|
||||
--disable-debug \
|
||||
--enable-pie \
|
||||
--disable-jemalloc
|
||||
|
||||
%if 0%{?big_endian}
|
||||
echo "Generate big endian version of config/external/icu/data/icud67l.dat"
|
||||
pushd ../..
|
||||
icupkg -tb config/external/icu/data/icudt67l.dat config/external/icu/data/icudt67b.dat
|
||||
rm -f config/external/icu/data/icudt*l.dat
|
||||
popd
|
||||
%endif
|
||||
|
||||
%make_build
|
||||
popd
|
||||
|
||||
cat > mozjs-%{mozjs_major}.pc << EOF
|
||||
Name: SpiderMonkey %{mozjs_version}
|
||||
Description: The Mozilla library for JavaScript
|
||||
Version: %{mozjs_version}
|
||||
|
||||
Libs: -L`pwd`/firefox-%{mozjs_version}/js/src/dist/bin -lmozjs-%{mozjs_major}
|
||||
Cflags: -include `pwd`/firefox-%{mozjs_version}/js/src/dist/include/js/RequiredDefines.h -I`pwd`/firefox-%{mozjs_version}/js/src/dist/include
|
||||
EOF
|
||||
%endif
|
||||
|
||||
%if 0%{?enable_autoreconf}
|
||||
autoreconf -i
|
||||
%endif
|
||||
# we can't use _hardened_build here, see
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=962005
|
||||
export CFLAGS='-fPIC %optflags'
|
||||
export LDFLAGS='-pie -Wl,-z,now -Wl,-z,relro'
|
||||
%if 0%{?bundled_mozjs}
|
||||
export PKG_CONFIG_PATH=`pwd`
|
||||
export LD_LIBRARY_PATH=`pwd`/firefox-%{mozjs_version}/js/src/dist/bin
|
||||
export LDFLAGS="$LDFLAGS -Wl,-rpath=%{_libdir}/polkit-1"
|
||||
%endif
|
||||
%configure --enable-gtk-doc \
|
||||
--disable-static \
|
||||
--enable-introspection \
|
||||
--disable-examples \
|
||||
--enable-libsystemd-login=yes
|
||||
make V=1
|
||||
|
||||
%install
|
||||
%if 0%{?bundled_mozjs}
|
||||
mkdir -p %{buildroot}%{_libdir}/polkit-1
|
||||
cp -p firefox-%{mozjs_version}/js/src/dist/bin/libmozjs-%{mozjs_major}.so %{buildroot}%{_libdir}/polkit-1/
|
||||
%endif
|
||||
|
||||
%make_install \
|
||||
typelibsdir=%{_libdir}/girepository-1.0 \
|
||||
girdir=%{_datadir}/gir-1.0
|
||||
|
||||
|
||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||
|
||||
%find_lang polkit-1
|
||||
|
||||
%check
|
||||
%if 0%{?bundled_mozjs}
|
||||
export LD_LIBRARY_PATH=`pwd`/firefox-%{mozjs_version}/js/src/dist/bin
|
||||
|
||||
pushd firefox-%{mozjs_version}/js/src
|
||||
# Run SpiderMonkey tests
|
||||
PYTHONPATH=tests/lib %{__python3} tests/jstests.py -d -s -t 1800 --no-progress --wpt=disabled ../../js/src/dist/bin/js
|
||||
|
||||
# Run basic JIT tests
|
||||
PYTHONPATH=tests/lib %{__python3} jit-test/jit_test.py -s -t 1800 --no-progress ../../js/src/dist/bin/js basic
|
||||
popd
|
||||
%endif
|
||||
|
||||
%pre
|
||||
getent group polkitd >/dev/null || groupadd -r polkitd
|
||||
getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin -c "User for polkitd" polkitd
|
||||
exit 0
|
||||
|
||||
%post
|
||||
# The implied (systemctl preset) will fail and complain, but the macro hides
|
||||
# and ignores the fact. This is in fact what we want, polkit.service does not
|
||||
# have an [Install] section and it is always started on demand.
|
||||
%systemd_post polkit.service
|
||||
|
||||
%preun
|
||||
%systemd_preun polkit.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart polkit.service
|
||||
|
||||
%files -f polkit-1.lang
|
||||
%doc COPYING NEWS README
|
||||
%{_datadir}/man/man1/*
|
||||
%{_datadir}/man/man8/*
|
||||
%{_datadir}/dbus-1/system-services/*
|
||||
%{_unitdir}/polkit.service
|
||||
%dir %{_datadir}/polkit-1/
|
||||
%dir %{_datadir}/polkit-1/actions
|
||||
%attr(0700,polkitd,root) %dir %{_datadir}/polkit-1/rules.d
|
||||
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
|
||||
%dir %{_sysconfdir}/polkit-1
|
||||
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
|
||||
%attr(0700,polkitd,root) %dir %{_sysconfdir}/polkit-1/rules.d
|
||||
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
|
||||
%{_sysconfdir}/pam.d/polkit-1
|
||||
%{_bindir}/pkaction
|
||||
%{_bindir}/pkcheck
|
||||
%{_bindir}/pkttyagent
|
||||
%dir %{_prefix}/lib/polkit-1
|
||||
%{_prefix}/lib/polkit-1/polkitd
|
||||
|
||||
# see upstream docs for why these permissions are necessary
|
||||
%attr(4755,root,root) %{_bindir}/pkexec
|
||||
%attr(4755,root,root) %{_prefix}/lib/polkit-1/polkit-agent-helper-1
|
||||
|
||||
%files devel
|
||||
%{_libdir}/lib*.so
|
||||
%{_libdir}/pkgconfig/*.pc
|
||||
%{_datadir}/gir-1.0/*.gir
|
||||
%{_includedir}/*
|
||||
%{_datadir}/gettext/its/polkit.its
|
||||
%{_datadir}/gettext/its/polkit.loc
|
||||
|
||||
%files docs
|
||||
%{_datadir}/gtk-doc
|
||||
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%files libs
|
||||
%{_libdir}/lib*.so.*
|
||||
%{_libdir}/girepository-1.0/*.typelib
|
||||
%if 0%{?bundled_mozjs}
|
||||
%dir %{_libdir}/polkit-1
|
||||
%{_libdir}/polkit-1/libmozjs-%{mozjs_major}.so
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Mar 11 2022 Jan Rybar <jrybar@redhat.com> - 0.117-10
|
||||
- patch application spec file fix
|
||||
- Resolves: CVE-2021-4115
|
||||
|
||||
* Wed Feb 16 2022 Jan Rybar <jrybar@redhat.com> - 0.117-9
|
||||
- file descriptor exhaustion (GHSL-2021-077)
|
||||
- Resolves: CVE-2021-4115
|
||||
|
||||
* Thu Jan 27 2022 Jan Rybar <jrybar@redhat.com> - 0.117-8
|
||||
- pkexec: argv overflow results in local privilege esc.
|
||||
- Resolves: CVE-2021-4034
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.117-7
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Wed Jun 30 2021 Kalev Lember <klember@redhat.com> - 0.117-6
|
||||
- Bundle mozjs (#1958111)
|
||||
|
||||
* Mon Jun 28 2021 Jan Rybar <jrybar@redhat.com> - 0.117-5
|
||||
- CVE-2021-3560 mitigation
|
||||
- Resolves: CVE-2021-3560
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.117-4
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.117-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Wed Aug 12 2020 Jan Rybar <jrybar@redhat.com> - 0.117-2
|
||||
- update dependency to mozjs78
|
||||
|
||||
* Fri Jul 31 2020 Jan Rybar <jrybar@redhat.com> - 0.117-1
|
||||
- Rebased to polkit-0.117
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jul 22 2020 Tom Stellard <tstellar@redhat.com> - 0.116-8
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Oct 25 2019 Jan Rybar <jrybar@redhat.com> - 0.116-6
|
||||
- jsauthority memleak fix
|
||||
|
||||
* Fri Sep 27 2019 Jan Rybar <jrybar@redhat.com> - 0.116-5
|
||||
- pkttyagent: unread input flushed on terminal restore
|
||||
|
||||
* Sun Sep 08 2019 Kalev Lember <klember@redhat.com> - 0.116-4
|
||||
- Rebuilt for mozjs60 s390x fixes
|
||||
|
||||
* Fri Aug 02 2019 Jan Rybar <jrybar@redhat.com> - 0.116-3
|
||||
- pkttyagent: backport patch, get SIGTTOU in background job
|
||||
|
||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.116-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu May 02 2019 Pete Walter <pwalter@fedoraproject.org> - 0.116-1
|
||||
- Update to 0.116
|
||||
|
||||
* Thu Feb 14 2019 Jan Rybar <jrybar@redhat.com> - 0.115-11
|
||||
- pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM
|
||||
|
||||
* Fri Feb 08 2019 Pete Walter <pwalter@fedoraproject.org> - 0.115-10
|
||||
- Move to mozjs60
|
||||
|
||||
* Tue Feb 05 2019 Jan Rybar <jrybar@redhat.com> - 0.115-9
|
||||
- Allow uid=-1 for PolkitUnixProcess
|
||||
|
||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Tue Jan 08 2019 Colin Walters <walters@verbum.org> - 0.115-7
|
||||
- Add security fix for
|
||||
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
|
||||
|
||||
* Fri Dec 07 2018 Jan Rybar <jrybar@redhat.com> - 0.115-6
|
||||
- Fix of CVE-2018-19788, priv escalation with high UIDs
|
||||
- Resolves: rhbz#1655926
|
||||
|
||||
* Thu Sep 27 2018 Owen Taylor <otaylor@redhat.com> - 0.115-5
|
||||
- Fix installation with prefix != /usr
|
||||
|
||||
* Mon Aug 13 2018 Jan Rybar <jrybar@redhat.com> - 0.115-4
|
||||
- Leaking zombie processess started by rules
|
||||
|
||||
* Fri Jul 20 2018 Jan Rybar <jrybar@redhat.com> - 0.115-3
|
||||
- Warning raised by polkit when disconnected from ssh
|
||||
- polkitagentlistener: resource leak - pointer to 'server'
|
||||
- Error message raised on every 'systemctl start' in emergency.target
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.115-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Tue Jul 10 2018 Miloslav Trmač <mitr@redhat.com> - 0.115-1
|
||||
- Update to 0.115 (CVE-2018-1116)
|
||||
|
||||
* Tue Apr 03 2018 Ray Strode <rstrode@redhat.com> - 0.114-1
|
||||
- Update to 0.114
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-16
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-15
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-14
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Thu Apr 13 2017 Richard Hughes <rhughes@redhat.com> - 0.113-13
|
||||
- Add the its files from upstream.
|
||||
|
||||
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-12
|
||||
- Fix a memory leak in PolkitPermission.
|
||||
Patch by Rui Matos <tiagomatos@gmail.com>
|
||||
Resolves: #1433915
|
||||
|
||||
* Tue Apr 4 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-11
|
||||
- Revert back to the state in 0.113-7, undoing the untested changes.
|
||||
|
||||
* Tue Apr 4 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.113-10
|
||||
- Move to an upstream snapshot, rebase patches
|
||||
|
||||
* Fri Mar 31 2017 Rex Dieter <rdieter@fedoraproject.org> - 0.113-9
|
||||
- restore Provides: polkit-desktop-policy polkit-js-engine
|
||||
|
||||
* Thu Mar 30 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.113-8
|
||||
- Use %%license, license needs to be in -libs as it's the only guaranteed installed package
|
||||
- Move to mozjs38
|
||||
- Other upstream fixes
|
||||
- Spec cleanups
|
||||
|
||||
* Mon Feb 13 2017 Miloslav Trmač <mitr@redhat.com> - 0.113-7
|
||||
- Fix memory leaks when calling authentication agents
|
||||
Resolves: #1380166
|
||||
|
||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.113-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Tue Jul 14 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-4
|
||||
- Bump the Obsoletes: to < 0.113-3 to account for the non-split 0.113-2.fc21
|
||||
Resolves: #1243004
|
||||
|
||||
* Sun Jul 12 2015 Rex Dieter <rdieter@fedoraproject.org> 0.113-3
|
||||
- Obsoletes: polkit < 0.112-8 (handle multilib upgrade path)
|
||||
|
||||
* Fri Jul 10 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-2
|
||||
- Add a fully versioned dependency from polkit to polkit-libs
|
||||
Resolves: #1241759
|
||||
- Require polkit-libs, not polkit, in polkit-devel
|
||||
|
||||
* Thu Jul 2 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-1
|
||||
- Update to polkit-0.113 (CVE-2015-3218, CVE-2015-3255, CVE-2015-3256,
|
||||
CVE-2015-4625)
|
||||
Resolves: #910262, #1175061, #1177930, #1194391, #1228739, #1233810
|
||||
|
||||
* Fri Jun 19 2015 Miloslav Trmač <mitr@redhat.com> - 0.112-11
|
||||
- Add BuildRequires: systemd so that %%{_unitdir} is defined, to fix the build.
|
||||
|
||||
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Sun Jan 25 2015 Rex Dieter <rdieter@fedoraproject.org> - 0.112-9
|
||||
- polkit doesn't release reference counters of GVariant data (#1180886)
|
||||
- fix ldconfig scriptlets (move to -libs subpkg)
|
||||
|
||||
* Sat Nov 08 2014 Colin Walters <walters@redhat.com> - 0.112-8
|
||||
- Split separate -libs package, so that NetworkManager can just depend on
|
||||
that, without dragging in the daemon (as well as libmozjs17). This
|
||||
allows the creation of more minimal systems that want programs like NM,
|
||||
but do not need the configurability of the daemon; it would be ok if only
|
||||
root is authorized.
|
||||
|
||||
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Tue Jul 22 2014 Kalev Lember <kalevlember@gmail.com> - 0.112-6
|
||||
- Rebuilt for gobject-introspection 1.41.4
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Thu Jun 5 2014 Kay Sievers <kay@redhat.com> - 0.112-4
|
||||
- backport upstream D-Bus "user bus" changes
|
||||
|
||||
* Mon Feb 10 2014 Miloslav Trmač <mitr@redhat.com> - 0.112-3
|
||||
- Fix a PolkitAgentSession race condition
|
||||
Resolves: #1063193
|
||||
|
||||
* Sat Dec 7 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-2
|
||||
- Workaround pam_systemd setting broken XDG_RUNTIME_DIR
|
||||
Resolves: #1033774
|
||||
- Always use mozjs-17.0 even if js-devel is installed
|
||||
|
||||
* Wed Sep 18 2013 Miloslav Trmač <mitr@redhat.com> - 0.112-1
|
||||
- Update to polkit-0.112
|
||||
- Resolves: #1009538, CVE-2013-4288
|
||||
|
||||
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.111-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Wed May 29 2013 Tomas Bzatek <tbzatek@redhat.com> - 0.111-2
|
||||
- Fix a race on PolkitSubject type registration (#866718)
|
||||
|
||||
* Wed May 15 2013 Miloslav Trmač <mitr@redhat.com> - 0.111-1
|
||||
- Update to polkit-0.111
|
||||
Resolves: #917888
|
||||
- Use SpiderMonkey from mozjs17 instead of js
|
||||
- Ship the signature in the srpm
|
||||
- Try to preserve timestamps in (make install)
|
||||
|
||||
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4
|
||||
- Shut up rpmlint about Summary:
|
||||
- Build with V=1
|
||||
- Use %%{_unitdir} instead of hard-coding the path
|
||||
- Use the new systemd macros, primarily to run (systemctl daemon-reload)
|
||||
Resolves: #857382
|
||||
|
||||
* Fri May 10 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-4
|
||||
- Make the JavaScript engine mandatory. The polkit-js-engine package has been
|
||||
removed, main polkit package Provides:polkit-js-engine for compatibility.
|
||||
- Add Requires: polkit-pkla-compat
|
||||
Resolves: #908808
|
||||
|
||||
* Wed Feb 13 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-3
|
||||
- Don't ship pk-example-frobnicate in the "live" configuration
|
||||
Resolves: #878112
|
||||
|
||||
* Fri Feb 8 2013 Miloslav Trmač <mitr@redhat.com> - 0.110-2
|
||||
- Own %%{_docdir}/polkit-js-engine-*
|
||||
Resolves: #907668
|
||||
|
||||
* Wed Jan 9 2013 David Zeuthen <davidz@redhat.com> - 0.110-1%{?dist}
|
||||
- Update to upstream release 0.110
|
||||
|
||||
* Mon Jan 7 2013 Matthias Clasen <mclasen@redhat.com> - 0.109-2%{?dist}
|
||||
- Build with pie and stuff
|
||||
|
||||
* Wed Dec 19 2012 David Zeuthen <davidz@redhat.com> 0.109-1%{?dist}
|
||||
- Update to upstream release 0.109
|
||||
- Drop upstreamed patches
|
||||
|
||||
* Thu Nov 15 2012 David Zeuthen <davidz@redhat.com> 0.108-3%{?dist}
|
||||
- Attempt to open the correct libmozjs185 library, otherwise polkit
|
||||
authz rules will not work unless js-devel is installed (fdo #57146)
|
||||
|
||||
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-2%{?dist}
|
||||
- Include gmodule-2.0 to avoid build error
|
||||
|
||||
* Wed Nov 14 2012 David Zeuthen <davidz@redhat.com> 0.108-1%{?dist}
|
||||
- Update to upstream release 0.108
|
||||
- Drop upstreamed patches
|
||||
- This release dynamically loads the JavaScript interpreter and can
|
||||
cope with it not being available. In this case, polkit authorization
|
||||
rules are not processed and the defaults for an action - as defined
|
||||
in its .policy file - are used for authorization decisions.
|
||||
- Add new meta-package, polkit-js-engine, that pulls in the required
|
||||
JavaScript bits to make polkit authorization rules work. The default
|
||||
install - not the minimal install - should include this package
|
||||
|
||||
* Wed Oct 10 2012 Adam Jackson <ajax@redhat.com> 0.107-4
|
||||
- Don't crash if initializing the server object fails
|
||||
|
||||
* Tue Sep 18 2012 David Zeuthen <davidz@redhat.com> 0.107-3%{?dist}
|
||||
- Authenticate as root if e.g. the wheel group is empty (#834494)
|
||||
|
||||
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.107-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Wed Jul 11 2012 David Zeuthen <davidz@redhat.com> 0.107-1%{?dist}
|
||||
- Update to upstream release 0.107
|
||||
|
||||
* Fri Jun 29 2012 David Zeuthen <davidz@redhat.com> 0.106-2%{?dist}
|
||||
- Add forgotten Requires(pre): shadow-utils
|
||||
|
||||
* Thu Jun 07 2012 David Zeuthen <davidz@redhat.com> 0.106-1%{?dist}
|
||||
- Update to upstream release 0.106
|
||||
- Authorizations are no longer controlled by .pkla files - from now
|
||||
on, use the new .rules files described in the polkit(8) man page
|
||||
|
||||
* Tue Apr 24 2012 David Zeuthen <davidz@redhat.com> 0.105-1%{?dist}
|
||||
- Update to upstream release 0.105
|
||||
- Nuke patches that are now upstream
|
||||
- Change 'PolicyKit' to 'polkit' in summary and descriptions
|
||||
|
||||
* Thu Mar 08 2012 David Zeuthen <davidz@redhat.com> 0.104-6%{?dist}
|
||||
- Don't leak file descriptors (bgo #671486)
|
||||
|
||||
* Mon Feb 13 2012 Matthias Clasen <mclasen@redhat.com> - 0.104-5%{?dist}
|
||||
- Make the -docs subpackage noarch
|
||||
|
||||
* Mon Feb 06 2012 David Zeuthen <davidz@redhat.com> 0.104-4%{?dist}
|
||||
- Set error if we cannot obtain a PolkitUnixSession for a given PID (#787222)
|
||||
|
||||
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.104-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-2%{?dist}
|
||||
- Nuke the ConsoleKit run-time requirement
|
||||
|
||||
* Tue Jan 03 2012 David Zeuthen <davidz@redhat.com> 0.104-1%{?dist}
|
||||
- Update to upstream release 0.104
|
||||
- Force usage of systemd (instead of ConsoleKit) for session tracking
|
||||
|
||||
* Tue Dec 06 2011 David Zeuthen <davidz@redhat.com> 0.103-1%{?dist}
|
||||
- Update to upstream release 0.103
|
||||
- Drop upstreamed patch
|
||||
- Drop Fedora-specific policy, it is now upstream (fdo #41008)
|
||||
|
||||
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.102-3
|
||||
- Rebuilt for glibc bug#747377
|
||||
|
||||
* Tue Oct 18 2011 David Zeuthen <davidz@redhat.com> 0.102-2%{?dist}
|
||||
- Add patch to neuter the annoying systemd behavior where stdout/stderr
|
||||
is sent to the system logs
|
||||
|
||||
* Thu Aug 04 2011 David Zeuthen <davidz@redhat.com> 0.102-1
|
||||
- Update to 0.102 release
|
||||
|
||||
* Fri May 13 2011 Bastien Nocera <bnocera@redhat.com> 0.101-7
|
||||
- Allow setting the pretty hostname without a password for wheel,
|
||||
change matches systemd in git
|
||||
|
||||
* Mon May 2 2011 Matthias Clasen <mclasen@redhat.com> - 0.101-6
|
||||
- Update the action id of the datetime mechanism
|
||||
|
||||
* Tue Apr 19 2011 David Zeuthen <davidz@redhat.com> - 0.101-5
|
||||
- CVE-2011-1485 (#697951)
|
||||
|
||||
* Tue Mar 22 2011 Kevin Kofler <Kevin@tigcc.ticalc.org> - 0.101-4
|
||||
- Also allow org.kde.kcontrol.kcmclock.save without password for wheel
|
||||
|
||||
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-3
|
||||
- Fix typo in pkla file (thanks notting)
|
||||
|
||||
* Thu Mar 17 2011 David Zeuthen <davidz@redhat.com> - 0.101-2
|
||||
- Nuke desktop_admin_r and desktop_user_r groups - just use the
|
||||
wheel group instead (#688363)
|
||||
- Update the set of configuration directives that gives users
|
||||
in the wheel group extra privileges
|
||||
|
||||
* Thu Mar 03 2011 David Zeuthen <davidz@redhat.com> - 0.101-1
|
||||
- New upstream version
|
||||
|
||||
* Mon Feb 21 2011 David Zeuthen <davidz@redhat.com> - 0.100-1
|
||||
- New upstream version
|
||||
|
||||
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.98-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
* Fri Jan 28 2011 Matthias Clasen <mclasen@redhat.com> - 0.98-6
|
||||
- Own /usr/libexec/polkit-1
|
||||
|
||||
* Fri Nov 12 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-5
|
||||
- Enable introspection
|
||||
|
||||
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-4
|
||||
- Fix #629515 in a way that doesn't require autoreconf
|
||||
|
||||
* Thu Sep 02 2010 David Zeuthen <davidz@redhat.com> - 0.98-2
|
||||
- Include polkitagentenumtypes.h (#629515)
|
||||
|
||||
* Mon Aug 23 2010 Matthias Clasen <mclasen@redhat.com> - 0.98-1
|
||||
- Update to upstream release 0.98
|
||||
- Co-own /usr/share/gtk-doc (#604410)
|
||||
|
||||
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-5
|
||||
- Rebuid to work around bodhi limitations
|
||||
|
||||
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-4
|
||||
- Fix a ConsoleKit interaction bug
|
||||
|
||||
* Fri Aug 13 2010 David Zeuthen <davidz@redhat.com> - 0.97-3
|
||||
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257)
|
||||
- Require GLib >= 2.25.12 instead of 2.25.11
|
||||
- Ensure polkit-gnome packages earlier than 0.97 are not used with
|
||||
these packages
|
||||
|
||||
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-2
|
||||
- Rebuild
|
||||
|
||||
* Mon Aug 09 2010 David Zeuthen <davidz@redhat.com> - 0.97-1
|
||||
- Update to 0.97. This release contains a port from EggDBus to the
|
||||
GDBus code available in recent GLib releases.
|
||||
|
||||
* Fri Jan 15 2010 David Zeuthen <davidz@redhat.com> - 0.96-1
|
||||
- Update to 0.96
|
||||
- Disable introspection support for the time being
|
||||
|
||||
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-2
|
||||
- Rebuild
|
||||
|
||||
* Fri Nov 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-1
|
||||
- Update to 0.95
|
||||
- Drop upstreamed patches
|
||||
|
||||
* Tue Oct 20 2009 Matthias Clasen <mclasen@redhat.com> - 0.95-0.git20090913.3
|
||||
- Fix a typo in pklocalauthority(8)
|
||||
|
||||
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.2
|
||||
- Refine how Obsolete: is used and also add Provides: (thanks Jesse
|
||||
Keating and nim-nim)
|
||||
|
||||
* Mon Sep 14 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913.1
|
||||
- Add bugfix for polkit_unix_process_new_full() (thanks Bastien Nocera)
|
||||
- Obsolete old PolicyKit packages
|
||||
|
||||
* Sun Sep 13 2009 David Zeuthen <davidz@redhat.com> - 0.95-0.git20090913
|
||||
- Update to git snapshot
|
||||
- Drop upstreamed patches
|
||||
- Turn on GObject introspection
|
||||
- Don't delete desktop_admin_r and desktop_user_r groups when
|
||||
uninstalling polkit-desktop-policy
|
||||
|
||||
* Fri Sep 11 2009 David Zeuthen <davidz@redhat.com> - 0.94-4
|
||||
- Add some patches from git master
|
||||
- Sort pkaction(1) output
|
||||
- Bug 23867 – UnixProcess vs. SystemBusName aliasing
|
||||
|
||||
* Thu Aug 13 2009 David Zeuthen <davidz@redhat.com> - 0.94-3
|
||||
- Add desktop_admin_r and desktop_user_r groups along with a first cut
|
||||
of default authorizations for users in these groups.
|
||||
|
||||
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-2
|
||||
- Disable GObject Introspection for now as it breaks the build
|
||||
|
||||
* Wed Aug 12 2009 David Zeuthen <davidz@redhat.com> - 0.94-1
|
||||
- Update to upstream release 0.94
|
||||
|
||||
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.93-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-2
|
||||
- Rebuild
|
||||
|
||||
* Mon Jul 20 2009 David Zeuthen <davidz@redhat.com> - 0.93-1
|
||||
- Update to 0.93
|
||||
|
||||
* Tue Jun 09 2009 David Zeuthen <davidz@redhat.com> - 0.92-3
|
||||
- Don't make docs noarch (I *heart* multilib)
|
||||
- Change license to LGPLv2+
|
||||
|
||||
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-2
|
||||
- Rebuild
|
||||
|
||||
* Mon Jun 08 2009 David Zeuthen <davidz@redhat.com> - 0.92-1
|
||||
- Update to 0.92 release
|
||||
|
||||
* Wed May 27 2009 David Zeuthen <davidz@redhat.com> - 0.92-0.git20090527
|
||||
- Update to 0.92 snapshot
|
||||
|
||||
* Mon Feb 9 2009 David Zeuthen <davidz@redhat.com> - 0.91-1
|
||||
- Initial spec file.
|
Loading…
Reference in New Issue
Block a user