From 94d83e480b8dc7380d0e85dd7b7d7d6947e60185 Mon Sep 17 00:00:00 2001
From: Markus Volk <f_l_k@t-online.de>
Date: Tue, 28 May 2024 13:53:26 +0200
Subject: gnome-remote-desktop: update 46.1 -> 46.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

46.2
====
* Potential crasher fix
* Improved disconnection messages
* Broader client compatibility support
* Various security hardening improvements
* CVE-2024-5148 Limit login screen->user session handover access to appropriate user

Contributors:
 Pascal Nowack, Ray Strode

Translators:
  Balázs Úr [hu], Efstathios Iosifidis [el], Fabio Tomat [fur],
  Hugo Carvalho [pt], Jordi Mas i Hernandez [ca],
  Juliano de Souza Camargo [pt_BR]

- add polkitd user and fix permissions to avoid:
Error: Transaction test error:
  file /usr/share/polkit-1/rules.d conflicts between attempted installs of gnome-remote-desktop-46.2-r0.corei7_64 and gnome-control-center-46.2-r0.corei7_64

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7ecfdeb3cf4e13801b63f0c05afd572d9df54403)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../gnome-remote-desktop_46.1.bb                   | 40 -----------------
 .../gnome-remote-desktop_46.2.bb                   | 50 ++++++++++++++++++++++
 2 files changed, 50 insertions(+), 40 deletions(-)
 delete mode 100644 meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb
 create mode 100644 meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb

diff --git a/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb b/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb
deleted file mode 100644
index 634b37971e..0000000000
--- a/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.1.bb
+++ /dev/null
@@ -1,40 +0,0 @@
-SUMMARY = "Remote desktop daemon for GNOME using pipewire."
-LICENSE = "GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
-
-GNOMEBASEBUILDCLASS = "meson"
-
-inherit gnomebase gettext gsettings features_check
-
-REQUIRED_DISTRO_FEATURES = "opengl"
-
-SRC_URI[archive.sha256sum] = "7c62a4281fdfa9522110affbf75d09973035f2adc7fa4577511d733186beb68f"
-
-DEPENDS = " \
-    asciidoc-native \
-    libdrm \
-    libei \
-    libepoxy \
-    cairo \
-    glib-2.0 \
-    pipewire \
-    polkit \
-    libnotify \
-    libopus \
-    libsecret \
-    nv-codec-headers \
-    tpm2-tss \
-"
-
-PACKAGECONFIG ??= " \
-    rdp \
-    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
-"
-
-PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,pipewire-native wireplumber-native dbus-native"
-PACKAGECONFIG[vnc] = "-Dvnc=true,-Dvnc=false,libvncserver"
-PACKAGECONFIG[rdp] = "-Drdp=true,-Drdp=false,freerdp3 fuse3 libxkbcommon"
-PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd"
-
-PACKAGE_DEBUG_SPLIT_STYLE = "debug-without-src"
-FILES:${PN} += "${systemd_user_unitdir} ${systemd_system_unitdir} ${datadir} ${libdir}/sysusers.d ${libdir}/tmpfiles.d"
diff --git a/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb b/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb
new file mode 100644
index 0000000000..59ae9383db
--- /dev/null
+++ b/meta-gnome/dynamic-layers/meta-security/recipes-gnome/gnome-remote-desktop/gnome-remote-desktop_46.2.bb
@@ -0,0 +1,50 @@
+SUMMARY = "Remote desktop daemon for GNOME using pipewire."
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+
+GNOMEBASEBUILDCLASS = "meson"
+
+inherit gnomebase gettext gsettings features_check useradd
+
+REQUIRED_DISTRO_FEATURES = "opengl polkit"
+
+SRC_URI[archive.sha256sum] = "97443eaffe4b1a69626886a41d25cbeb2c148d3fed43d92115c1b7d20d5238ab"
+
+DEPENDS = " \
+    asciidoc-native \
+    libdrm \
+    libei \
+    libepoxy \
+    cairo \
+    glib-2.0 \
+    pipewire \
+    polkit \
+    libnotify \
+    libopus \
+    libsecret \
+    nv-codec-headers \
+    tpm2-tss \
+"
+
+PACKAGECONFIG ??= " \
+    rdp \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+"
+
+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,pipewire-native wireplumber-native dbus-native"
+PACKAGECONFIG[vnc] = "-Dvnc=true,-Dvnc=false,libvncserver"
+PACKAGECONFIG[rdp] = "-Drdp=true,-Drdp=false,freerdp3 fuse3 libxkbcommon"
+PACKAGECONFIG[systemd] = "-Dsystemd=true,-Dsystemd=false,systemd"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd"
+
+do_install:append() {
+    if [ -d ${D}${datadir}/polkit-1/rules.d ]; then
+        chmod 700 ${D}${datadir}/polkit-1/rules.d
+        chown polkitd:root ${D}${datadir}/polkit-1/rules.d
+    fi
+}
+
+PACKAGE_DEBUG_SPLIT_STYLE = "debug-without-src"
+FILES:${PN} += "${systemd_user_unitdir} ${systemd_system_unitdir} ${datadir} ${libdir}/sysusers.d ${libdir}/tmpfiles.d"
-- 
cgit v1.2.3-54-g00ecf