diff --git a/.fprintd.metadata b/.fprintd.metadata index 2c3b6b4..2516563 100644 --- a/.fprintd.metadata +++ b/.fprintd.metadata @@ -1 +1 @@ -83225008f10e665d2ad754259083249f4fb3c871 SOURCES/fprintd-0.5.0.tar.bz2 +fbf31f3f11a7e80ee0fded85bbc293119fe96d73 SOURCES/fprintd-0.8.1.tar.xz diff --git a/.gitignore b/.gitignore index 28ec585..5a411ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/fprintd-0.5.0.tar.bz2 +SOURCES/fprintd-0.8.1.tar.xz diff --git a/SOURCES/0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch b/SOURCES/0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch new file mode 100644 index 0000000..5abedbb --- /dev/null +++ b/SOURCES/0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch @@ -0,0 +1,43 @@ +From 3eb55a6e11efcaab94d6595bfbdbe8ab6557f662 Mon Sep 17 00:00:00 2001 +From: Bastien Nocera +Date: Fri, 21 Sep 2018 12:33:21 +0200 +Subject: [PATCH] Remove sandboxing that's unsupported in RHEL7's systemd + +--- + data/fprintd.service.in | 14 +------------- + 1 file changed, 1 insertion(+), 13 deletions(-) + +diff --git a/data/fprintd.service.in b/data/fprintd.service.in +index 5f46810..05f4ddf 100644 +--- a/data/fprintd.service.in ++++ b/data/fprintd.service.in +@@ -8,10 +8,7 @@ BusName=net.reactivated.Fprint + ExecStart=@libexecdir@/fprintd + + # Filesystem lockdown +-ProtectSystem=strict +-ProtectKernelTunables=true +-ProtectControlGroups=true +-ReadWritePaths=@localstatedir@/lib/fprint ++ProtectSystem=true + ProtectHome=true + PrivateTmp=true + +@@ -19,14 +16,5 @@ PrivateTmp=true + PrivateNetwork=true + RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK + +-# Execute Mappings +-MemoryDenyWriteExecute=true +- +-# Modules +-ProtectKernelModules=true +- +-# Real-time +-RestrictRealtime=true +- + # Privilege escalation + NoNewPrivileges=true +-- +2.17.1 + diff --git a/SOURCES/0001-data-Fix-syntax-error-in-fprintd.pod.patch b/SOURCES/0001-data-Fix-syntax-error-in-fprintd.pod.patch deleted file mode 100644 index 59b6823..0000000 --- a/SOURCES/0001-data-Fix-syntax-error-in-fprintd.pod.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 7710040ea723def69dde485d6f497fac87f215fa Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Sun, 11 Aug 2013 18:58:20 +0200 -Subject: [PATCH] data: Fix syntax error in fprintd.pod - -fprintd.pod around line 100: =over without closing =back -POD document had syntax errors at /usr/bin/pod2man line 69. ---- - data/fprintd.pod | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/data/fprintd.pod b/data/fprintd.pod -index 83c7afc..7085920 100644 ---- a/data/fprintd.pod -+++ b/data/fprintd.pod -@@ -100,3 +100,6 @@ By default, fprintd stores the fingerprints in B - =over 8 - - =item B, B -+ -+=back -+ --- -1.8.4.2 - diff --git a/SOURCES/0001-pam-Fix-eventfd-leak.patch b/SOURCES/0001-pam-Fix-eventfd-leak.patch deleted file mode 100644 index b8421f9..0000000 --- a/SOURCES/0001-pam-Fix-eventfd-leak.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 7e4630ced2be4b7ecdfb9d60cfe0e0d3de594411 Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Mon, 27 Jan 2014 12:24:14 +0100 -Subject: [PATCH] pam: Fix eventfd leak - -When we create our own GMainContext, we need to be the ones -disposing of it as well, as GMainLoop won't take ownership of it. - -From https://bugzilla.redhat.com/show_bug.cgi?id=1050827 ---- - pam/pam_fprintd.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/pam/pam_fprintd.c b/pam/pam_fprintd.c -index 0f5e5a4..07302a1 100644 ---- a/pam/pam_fprintd.c -+++ b/pam/pam_fprintd.c -@@ -170,6 +170,17 @@ static void close_and_unref (DBusGConnection *connection) - dbus_g_connection_unref (connection); - } - -+static void unref_loop (GMainLoop *loop) -+{ -+ GMainContext *ctx; -+ -+ /* The main context was created separately, so -+ * we'll need to unref it ourselves */ -+ ctx = g_main_loop_get_context (loop); -+ g_main_loop_unref (loop); -+ g_main_context_unref (ctx); -+} -+ - #define DBUS_TYPE_G_OBJECT_PATH_ARRAY (dbus_g_type_get_collection ("GPtrArray", DBUS_TYPE_G_OBJECT_PATH)) - - static DBusGProxy *open_device(pam_handle_t *pamh, DBusGConnection *connection, DBusGProxy *manager, const char *username, gboolean *has_multiple_devices) -@@ -397,13 +408,13 @@ static int do_auth(pam_handle_t *pamh, const char *username) - dev = open_device(pamh, connection, manager, username, &has_multiple_devices); - g_object_unref (manager); - if (!dev) { -- g_main_loop_unref (loop); -+ unref_loop (loop); - close_and_unref (connection); - return PAM_AUTHINFO_UNAVAIL; - } - ret = do_verify(loop, pamh, dev, has_multiple_devices); - -- g_main_loop_unref (loop); -+ unref_loop (loop); - release_device(pamh, dev); - g_object_unref (dev); - close_and_unref (connection); --- -1.9.0 - diff --git a/SPECS/fprintd.spec b/SPECS/fprintd.spec index 703a475..4b1e5f9 100644 --- a/SPECS/fprintd.spec +++ b/SPECS/fprintd.spec @@ -1,11 +1,11 @@ Name: fprintd -Version: 0.5.0 -Release: 4.0%{?dist} +Version: 0.8.1 +Release: 2%{?dist} Summary: D-Bus service for Fingerprint reader access Group: System Environment/Daemons License: GPLv2+ -Source0: http://freedesktop.org/~hadess/%{name}-%{version}.tar.bz2 +Source0: https://gitlab.freedesktop.org/libfprint/fprintd/uploads/bdd9f91909f535368b7c21f72311704a/%{name}-%{version}.tar.xz Url: http://www.freedesktop.org/wiki/Software/fprint/fprintd BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) ExcludeArch: s390 s390x @@ -19,8 +19,8 @@ BuildRequires: intltool BuildRequires: autoconf automake libtool BuildRequires: perl-podlators -Patch0: 0001-data-Fix-syntax-error-in-fprintd.pod.patch -Patch1: 0001-pam-Fix-eventfd-leak.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1630309 +Patch0: 0001-Remove-sandboxing-that-s-unsupported-in-RHEL7-s-syst.patch %description D-Bus service to access fingerprint readers. @@ -52,9 +52,7 @@ Development documentation for fprintd, the D-Bus service for fingerprint readers access. %prep -%setup -q -n %{name}-%{version} -%patch0 -p1 -%patch1 -p1 +%autosetup -p1 %build %configure --libdir=/%{_lib}/ --enable-gtk-doc --enable-pam @@ -99,9 +97,15 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/dbus-1/interfaces/net.reactivated.Fprint.Manager.xml %changelog -* Mon May 12 2014 Bastien Nocera 0.5.0-4.0 -- Bump revision -Resolves: #1050827 +* Fri Sep 21 2018 Bastien Nocera - 0.8.1-2 ++ fprintd-0.8.1-2 +- Fix systemd warnings +- Resolves: #1630309 + +* Mon Jun 18 2018 Bastien Nocera - 0.8.1-1 ++ fprintd-0.8.1-1 +- Update to 0.8.1 +- Resolves: #1591757 * Mon May 12 2014 Bastien Nocera 0.5.0-4 - Fix single eventfd leak for each iteration