Revisions of polkit

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1187081 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 91)
- Add -Wno-error=implicit-function-declaration to %optflags to
  work-around an issue in mocklibc (which has been meanwhile removed
  by upstream) with exactly this kind of issue.

If the request is OK, please forward it to Factory soon-ish so that we
can switch the default compiler. (forwarded request 1187079 from jamborm)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1132614 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 90)
- Add 'dbus-service' as Requires instead of /usr/bin/dbus-daemon
  This allow to use other dbus implementations such as dbus-broker with this
  package again. (bsc#1217863) (forwarded request 1132569 from tobijk)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1127651 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar) (revision 89)
- Update to version 123:
  + Highlights:
    - better safety with deeper restriction of the configuration
      files
    - better safety with restricting the daemon's owner under
      systemd
    - better safety with the systemd unit sandboxing
    - less thread races during upload of the configuration
- Changes from version 122:
  + Highlights:
    - new Georgian translation
    - port to mozjs-102
    - daemon-less build (support for e.g. flatpak deps)
    - re-enable of (API) documentation build
- See more detailed changes in the included NEWS.md file.
- Change URL and Source to new home, and drop polkit.keyring and
  tar.gz.sign tarball signature, no longer available.
- Drop polkit-fix-pam-prefix.patch: Fixed upstream.
- Add /usr/bin/dbus-daemon BuildRequires, needed for tests. Replace
  the dbus-1 with /usr/bin/dbus-daemon Requires.

- change /usr/share/polkit-1/rules.d to 555,root:root. /usr content
  isn't secret anyway so this avoids non-root owned files in /usr
  (boo#1215482)
- update 50-default.rules to allow adding more admin rules
  (jsc#PED-260, drop polkit-no-wheel-group.patch)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1034882 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 87)
- read actions also from /etc/polkit-1/actions (jsc#PED-1405)
  added polkit-actions-in-etc.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1003905 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 86)
next try

- obsolete libpolkit0 also from baselibs.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 997525 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 85)
Update to 121 stable release. (forwarded request 997456 from luc14n0)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 992575 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 83)
- add split-provides for polkit:/usr/bin/pkexec. (bsc#1202070) (forwarded request 992574 from msmeissn)
Fabian Vogt's avatar Fabian Vogt (favogt_factory) accepted request 989831 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 82)
- split out pkexec into seperate package to make system hardening
  easier (to avoid installing it jsc#PED-132 jsc#PED-148). (forwarded request 989830 from msmeissn)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 956662 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 81)
- Fixed denial of service via file descriptor leak (bsc#1195542 CVE-2021-4115)
  0001-CVE-2021-4115-GHSL-2021-077-fix.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 949264 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 80)
- Switch from mozjs to duktape:
  * Add duktape-support.patch

Provides the same features as with mozjs, but is *much* smaller both during
build and runtime. Before, installing polkit needed 62.0 MiB, with this it's
just 16.3 MiB. (Tested in an opensuse/tumbleweed container).

I didn't encounter any errors while playing around with it in a Live CD. (forwarded request 949263 from favogt)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 936198 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 79)
- update to 0.120:
  * transition from Intltool to gettext
  * several tarball, meson and pipeline fixups
  * Portuguese translation
  * Romanian translation
  * meson build system added
  * CVE-2021-3560 mitigation
  * properties in text listener
  * typos fixups
  * Update Hungarian translation
- drop CVE-2021-3560.patch  (upstream) (forwarded request 936022 from dirkmueller)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 907023 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 77)
- Change to using systemd-sysusers
- Remove unneeded shadow dependency, no longer required due to
  systemd-sysusers
- Fix 50-default.rules file-parent-ownership-mismatch warning
- Remove --with-pic, no effect with --disable-static

- Move /etc/polkit-1/rules.d/50-default.rules to
  /usr/share/polkit-1/rules.d/50-default.rules. The first location
  is only for admin changes.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 899432 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 76)
- Fix verifyscript: the path to the binary was wrongly defined as
  %{_libexecdir}/lib.

- CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync()
 (bsc#1186497)
  CVE-2021-3560.patch
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) committed (revision 73)
https://bugzilla.opensuse.org/show_bug.cgi?id=1180474
Displaying revisions 1 - 20 of 92
openSUSE Build Service is sponsored by