[libvirt] [PATCH] spec: Update polkit dependencies for CVE-2013-4311
Jiri Denemark
jdenemar at redhat.com
Wed Jul 16 06:34:12 UTC 2014
On Tue, Jul 15, 2014 at 17:09:29 -0600, Eric Blake wrote:
> On 07/15/2014 07:23 AM, Jiri Denemark wrote:
> > Use secured polkit on distros which provide it. However, RHEL-6 will
> > still allow for older polkit-0.93 rather than forcing polkit-0.96-5
> > which is not available in all RHEL-6 releases.
> >
> > Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
> > ---
> > libvirt.spec.in | 8 ++++++--
> > 1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/libvirt.spec.in b/libvirt.spec.in
> > index 8d1acfa..f32ab00 100644
> > --- a/libvirt.spec.in
> > +++ b/libvirt.spec.in
> > @@ -535,7 +535,9 @@ BuildRequires: module-init-tools
> > BuildRequires: cyrus-sasl-devel
> > %endif
> > %if %{with_polkit}
> > - %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
> > + %if 0%{?fedora} >= 21 || 0%{?rhel} >= 7
> > +BuildRequires: polkit-devel >= 0.112
> > + %elif 0%{?fedora} >= 12 || 0%{?rhel} >= 6
> > BuildRequires: polkit-devel >= 0.93
>
> Ouch - make rpm now complains:
>
> error: line 519: Unknown tag: %elif (020) || 0 >= 6
>
> I don't think %elif is a valid spec file construct (too much shell
> programming for you lately?)
No, I just blindly copied your suggestion and thought that trying "make
rpm" even without dependencies and most features turned off would be
enough to check the spec file syntax. Which was apparently wrong.
Jirka
More information about the libvir-list
mailing list