From patchwork Sun Sep 15 16:13:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 49148 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B989C3ABA0 for ; Sun, 15 Sep 2024 16:13:53 +0000 (UTC) Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com [209.85.219.169]) by mx.groups.io with SMTP id smtpd.web10.117526.1726416829365954284 for ; Sun, 15 Sep 2024 09:13:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=YR/jbjE5; spf=pass (domain: gmail.com, ip: 209.85.219.169, mailfrom: akuster808@gmail.com) Received: by mail-yb1-f169.google.com with SMTP id 3f1490d57ef6-e1f139b97b5so551979276.0 for ; Sun, 15 Sep 2024 09:13:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726416828; x=1727021628; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=XXkR5UB7oH/01FhXyQa1z9SW2powoyVu75q7iI2OE7U=; b=YR/jbjE5Gz/wk9NzYcivtNaTBd3K7oVO1otSrFdKA9IIkslJ9/9XwF5RlJWIVUopd4 l8GuTUtRZ2IYh1V9BaYF5C3QUdjrx9xDmrVsYVvbcVEA7cgRku40oVmez6UCq3AoayEV aeUPlZfnsIQKNqrpzY+tzpdsssiSQ9oKiCd70L8J+bSf7OYG8FmemORG78ZNnhsf2iGn E8DIoMLJ9NYSgv1Guzc+6Y788EWwHXz2GiFWS4aJMn2zQ3j9JclJNg3WZ0VGfPM0PcEu gyQQfwPvg2gqvfEzycf5U9vidWCUP1o3HOzMep1+okBoMzvGka6YONiPK//Rd6s/96ZO C6ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726416828; x=1727021628; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XXkR5UB7oH/01FhXyQa1z9SW2powoyVu75q7iI2OE7U=; b=Pk5HWahn/7QZknLsdu7Zr37AOO9jX7wnvgg3SVMTlpwtIXPscsKyCui7hCGALHss4a pMftHd30utnnWskNTWaIhj077T/SdGBfltoj/xXKTRkR1L1+mox5UoEkOt+wrB87ef27 rY45a6GfVJJt1Gjv97r3EHWfkaWNVigxov1cINWTu1QUWXlb4cBPO4ltYSS1HIOUnMJ9 n2I0MbKn2Lm4h7YWz5JCQnKIbG22MQ49CHxSn0jr8K+nDo0NfCMqOROd8dSRb+kv1cMX chAjqPVhfYL2hMN+riruEJRAbaYXk5cKJNjNbrEIgDhGAsBHRGOZ3+HLwNyKhnrPNBDH Dphg== X-Gm-Message-State: AOJu0YyM3y9GSv1YuH7jg3CDE/+zlfNhATtTUPJ62oeLp1XyIq4fxsKe 8khVuv6XfSqxBCrGR5hDVLxgMG8nmN3vYGxk6AFArT1szSNBEnQQ/qdXzw== X-Google-Smtp-Source: AGHT+IFJmSZrbxb8Px7sf0QEWZ0EaZiMDdu3xD0RbutuScg6EagiEX8RmDknCOBYcWrL8MKYoKu8PQ== X-Received: by 2002:a05:6902:2706:b0:e1d:aa:8807 with SMTP id 3f1490d57ef6-e1d79e51827mr13935517276.3.1726416828294; Sun, 15 Sep 2024 09:13:48 -0700 (PDT) Received: from keaua.attlocal.net ([2600:1700:45dd:7000:971b:923e:7e7f:305e]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-e1dc1381150sm663993276.43.2024.09.15.09.13.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Sep 2024 09:13:47 -0700 (PDT) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Cc: Markus Volk , Khem Raj Subject: [meta-oe][scarthgap][PATCH 1/2] gnome-remote-desktop: update 46.1 -> 46.2 Date: Sun, 15 Sep 2024 12:13:45 -0400 Message-ID: <20240915161347.187613-1-akuster808@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 15 Sep 2024 16:13:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/112301 From: Markus Volk 46.2 ==== * Potential crasher fix * Improved disconnection messages * Broader client compatibility support * Various security hardening improvements * CVE-2024-5148 Limit login screen->user session handover access to appropriate user Contributors: Pascal Nowack, Ray Strode Translators: Balázs Úr [hu], Efstathios Iosifidis [el], Fabio Tomat [fur], Hugo Carvalho [pt], Jordi Mas i Hernandez [ca], Juliano de Souza Camargo [pt_BR] - add polkitd user and fix permissions to avoid: Error: Transaction test error: file /usr/share/polkit-1/rules.d conflicts between attempted installs of gnome-remote-desktop-46.2-r0.corei7_64 and gnome-control-center-46.2-r0.corei7_64 Signed-off-by: Markus Volk Signed-off-by: Khem Raj (cherry picked from commit 7ecfdeb3cf4e13801b63f0c05afd572d9df54403) Signed-off-by: Armin Kuster --- ...ktop_46.1.bb => gnome-remote-desktop_46.2.bb} | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) rename meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/{gnome-remote-desktop_46.1.bb => gnome-remote-desktop_46.2.bb} (64%) diff --git a/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb b/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb similarity index 64% rename from meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb rename to meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb index 634b37971e..59ae9383db 100644 --- a/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb +++ b/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb @@ -4,11 +4,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" GNOMEBASEBUILDCLASS = "meson" -inherit gnomebase gettext gsettings features_check +inherit gnomebase gettext gsettings features_check useradd -REQUIRED_DISTRO_FEATURES = "opengl" +REQUIRED_DISTRO_FEATURES = "opengl polkit" -SRC_URI[archive.sha256sum] = "7c62a4281fdfa9522110affbf75d09973035f2adc7fa4577511d733186beb68f" +SRC_URI[archive.sha256sum] = "97443eaffe4b1a69626886a41d25cbeb2c148d3fed43d92115c1b7d20d5238ab" DEPENDS = " \ asciidoc-native \ @@ -36,5 +36,15 @@ PACKAGECONFIG[vnc] = "-Dvnc=true,-Dvnc=false,libvncserver" PACKAGECONFIG[rdp] = "-Drdp=true,-Drdp=false,freerdp3 fuse3 libxkbcommon" PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd" +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd" + +do_install:append() { + if [ -d ${D}${datadir}/polkit-1/rules.d ]; then + chmod 700 ${D}${datadir}/polkit-1/rules.d + chown polkitd:root ${D}${datadir}/polkit-1/rules.d + fi +} + PACKAGE_DEBUG_SPLIT_STYLE = "debug-without-src" FILES:${PN} += "${systemd_user_unitdir} ${systemd_system_unitdir} ${datadir} ${libdir}/sysusers.d ${libdir}/tmpfiles.d" From patchwork Sun Sep 15 16:13:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Armin Kuster X-Patchwork-Id: 49147 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C985C3ABA2 for ; Sun, 15 Sep 2024 16:13:53 +0000 (UTC) Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com [209.85.219.177]) by mx.groups.io with SMTP id smtpd.web10.117527.1726416829698525600 for ; Sun, 15 Sep 2024 09:13:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=WRbQW5Dq; spf=pass (domain: gmail.com, ip: 209.85.219.177, mailfrom: akuster808@gmail.com) Received: by mail-yb1-f177.google.com with SMTP id 3f1490d57ef6-e1a8ae00f5eso1985864276.0 for ; Sun, 15 Sep 2024 09:13:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726416829; x=1727021629; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=f29oHZCR/LdCn9Fr+GlXZRuR7if6Hg/RfeHlbuTNAuA=; b=WRbQW5DqeoShlxIVbDtb8DUxSE56xPh1o0pitbvBjJpkkZV5bUbWc5e8vNv3fCccVA c6dJLhSf8x811zngtTX+jIkGYjnxEJm/0xhtvRzHVmbU4RbbV8Zd5jgAyQOwwS9x+eGh SIDtXD1vmsThnejcts/OPcSwVV6RBuGUTITMX/halgoKfzFpmEE1GLUPzmYs+qRi54Iw ES1yg4L6eXJiR88mlmEOJfFij4a1NuXAzlvnTZiI3AkbRI5drkGbZXlKM/+gCP+U20Cy CgtGmHqGUQm3439o/S1lY5guF4nI3sLO/KqAnIGpw48VSLKlNwggDqXjaBdKq2ynRUfN xj/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726416829; x=1727021629; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f29oHZCR/LdCn9Fr+GlXZRuR7if6Hg/RfeHlbuTNAuA=; b=gniSigZw7tgxzxesV6kUMBAolonkoyGu/njD+I6tQUakTCK2h20IEFnsAUHaRPIMzB heyINBKbW1l+tFH9toA8NJmTp7iDCURr8ghgEPZZayyIZFMWH8o2hEruqNRqJD8ijWy/ xvEFM/jwaADhn7IO2gkHW2J7zGss7tfKlR14E/F5e0CKsTgcuxipBmyxfs6ZSY2e8sqX FxVuEDQzGWo+WcukUibHAzG+Bxq/Q0nAXlT2QivtvZlxIT9xAJqxbrLbuQamW6lWiUZP fe2APk3PUiV53z8MYOtNfNg16evqtMLGc6E/Aq87xXVKIWomohUlUaQ5NbvvvbcINGVP AdEg== X-Gm-Message-State: AOJu0Yyf2qKBgtJES5Dq75fGMEjFmyA58adqsWKU5HXiwV14vb4AoXXS EFZgQkJI54VnI2Yt3+gWEEizui9JvYssYiQK7FHD85VuIW4Vh8gkdDaXgA== X-Google-Smtp-Source: AGHT+IGAJogGJCuCh5V3H146FywqlreJnKjv1rLzXvHt7OBH0CMAJ3OcuXRiJvuvDsbqZctcVib1LA== X-Received: by 2002:a05:6902:1242:b0:e16:6aba:f3d with SMTP id 3f1490d57ef6-e1db00a6b54mr7087271276.8.1726416828775; Sun, 15 Sep 2024 09:13:48 -0700 (PDT) Received: from keaua.attlocal.net ([2600:1700:45dd:7000:971b:923e:7e7f:305e]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-e1dc1381150sm663993276.43.2024.09.15.09.13.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Sep 2024 09:13:48 -0700 (PDT) From: Armin Kuster To: openembedded-devel@lists.openembedded.org Cc: Marc Ferland Subject: [meta-oe][scarthgap][PATCH 2/2] polkit: update SRC_URI Date: Sun, 15 Sep 2024 12:13:46 -0400 Message-ID: <20240915161347.187613-2-akuster808@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240915161347.187613-1-akuster808@gmail.com> References: <20240915161347.187613-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 15 Sep 2024 16:13:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/112302 From: Marc Ferland Project has moved to github. Signed-off-by: Marc Ferland (cherry picked from commit fb3408270282fbd619df7a5efac5178cabc37ddb) Signed-off-by: Armin Kuster --- meta-oe/recipes-extended/polkit/polkit_124.bb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta-oe/recipes-extended/polkit/polkit_124.bb b/meta-oe/recipes-extended/polkit/polkit_124.bb index 9e2eb05c62..a597b40ee3 100644 --- a/meta-oe/recipes-extended/polkit/polkit_124.bb +++ b/meta-oe/recipes-extended/polkit/polkit_124.bb @@ -1,10 +1,11 @@ -SUMMARY = "PolicyKit Authorization Framework" +SUMMARY = "Polkit Authorization Framework" DESCRIPTION = "The polkit package is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes." HOMEPAGE = "http://www.freedesktop.org/wiki/Software/polkit" LICENSE = "LGPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" +BUGTRACKER = "https://github.com/polkit-org/polkit/issues" -SRC_URI = "git://gitlab.freedesktop.org/polkit/polkit.git;protocol=https;branch=master" +SRC_URI = "git://github.com/polkit-org/polkit.git;protocol=https;branch=main" S = "${WORKDIR}/git" SRCREV = "82f0924dc0eb23b9df68e88dbaf9e07c81940a5a"