[rpms/PackageKit] f43: Update to 1.3.6 and drop merged patches

[rpms/PackageKit] f43: Update to 1.3.6 and drop merged patches

[Gordon Messmer]

A new commit has been pushed.

Repo   : rpms/PackageKit
Branch : f43
Commit : c277ece8b8436351dae8cebe077dc68d61b3f46a
Author : Gordon Messmer <gmessmer@redhat.com>
Date   : 2026-06-22T09:33:37-05:00
Stats  : +3/-89 in 5 file(s)
URL    : https://src.fedoraproject.org/rpms/PackageKit/c/c277ece8b8436351dae8cebe077dc68d61b3f46a?branch=f43

Log:
Update to 1.3.6 and drop merged patches

---
diff --git a/.gitignore b/.gitignore
index c3ab769..510a4ec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -88,3 +88,4 @@ PackageKit-0.6.7.tar.bz2
 /PackageKit-1.3.1.tar.xz
 /PackageKit-1.3.3.tar.xz
 /PackageKit-1.3.4.tar.xz
+/PackageKit-1.3.6.tar.xz

diff --git a/11c5f1f34f48b58ee10acec839dd01a31728704b.patch b/11c5f1f34f48b58ee10acec839dd01a31728704b.patch
deleted file mode 100644
index 6459539..0000000
--- a/11c5f1f34f48b58ee10acec839dd01a31728704b.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 11c5f1f34f48b58ee10acec839dd01a31728704b Mon Sep 17 00:00:00 2001
-From: Matthias Klumpp <matthias@tenstral.net>
-Date: Wed, 28 Jan 2026 21:43:50 +0100
-Subject: [PATCH] meson: test.depends does not accept a dummy dependency, give
- it an empty array instead
-
-This fixes an issue when building without Python backend support.
----
- lib/python/packagekit/meson.build | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/python/packagekit/meson.build b/lib/python/packagekit/meson.build
-index 8bee90a33..1f77863f9 100644
---- a/lib/python/packagekit/meson.build
-+++ b/lib/python/packagekit/meson.build
-@@ -7,7 +7,7 @@ packagekit_py_sources = [
-   'misc.py',
- ]
- 
--packagekit_test_py = dependency('', required: false)
-+packagekit_test_py = []
- if get_option('python_backend')
- 
- enums_py = custom_target(

diff --git a/GHSA-f55j-vvr9-69xv.patch b/GHSA-f55j-vvr9-69xv.patch
deleted file mode 100644
index 6419152..0000000
--- a/GHSA-f55j-vvr9-69xv.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 22656f21232702439bc6b7d10bb7ac65253b5e8d Mon Sep 17 00:00:00 2001
-From: Matthias Klumpp <matthias@tenstral.net>
-Date: Tue, 14 Apr 2026 16:12:18 +0200
-Subject: [PATCH] Do not allow re-invoking methods on non-new transactions
-
-This ensures that cached parameters (such a transaction flags) can not
-be changed on an already running transaction or a transaction that is
-waiting for authorization.
-
-It also prevents backwards state transitions in case a client
-misbehaves.
----
- src/pk-transaction.c | 26 ++++++++++++++++++++++----
- 1 file changed, 22 insertions(+), 4 deletions(-)
-
-diff --git a/src/pk-transaction.c b/src/pk-transaction.c
-index db64aab8f..82501b56f 100644
---- a/src/pk-transaction.c
-+++ b/src/pk-transaction.c
-@@ -5250,14 +5250,32 @@ pk_transaction_method_call (GDBusConnection *connection_, const gchar *sender,
- 		pk_transaction_set_hints (transaction, parameters, invocation);
- 		return;
- 	}
--	if (g_strcmp0 (method_name, "AcceptEula") == 0) {
--		pk_transaction_accept_eula (transaction, parameters, invocation);
--		return;
--	}
- 	if (g_strcmp0 (method_name, "Cancel") == 0) {
- 		pk_transaction_cancel (transaction, parameters, invocation);
- 		return;
- 	}
-+
-+	/* All action methods below must only be invoked once on a new transaction.
-+	 * Reject any attempt to re-invoke them after the transaction has been initialized,
-+	 * preventing situations where a second D-Bus call could overwrite transaction flags
-+	 * (or other cached state) after authorization has already been granted for the previous
-+	 * request based on the old parameters. */
-+	if (transaction->state != PK_TRANSACTION_STATE_NEW) {
-+		g_dbus_method_invocation_return_error (invocation,
-+						       PK_TRANSACTION_ERROR,
-+						       PK_TRANSACTION_ERROR_INVALID_STATE,
-+						       "cannot call %s on transaction %s: "
-+						       "already in state %s",
-+						       method_name,
-+						       transaction->tid,
-+						       pk_transaction_state_to_string (transaction->state));
-+		return;
-+	}
-+
-+	if (g_strcmp0 (method_name, "AcceptEula") == 0) {
-+		pk_transaction_accept_eula (transaction, parameters, invocation);
-+		return;
-+	}
- 	if (g_strcmp0 (method_name, "DownloadPackages") == 0) {
- 		pk_transaction_download_packages (transaction, parameters, invocation);
- 		return;
--- 
-2.53.0
-

diff --git a/PackageKit.spec b/PackageKit.spec
index b9e1caf..9d52ea7 100644
--- a/PackageKit.spec
+++ b/PackageKit.spec
@@ -8,17 +8,13 @@
 
 Summary:   Package management service
 Name:      PackageKit
-Version:   1.3.4
+Version:   1.3.6
 Release:   %autorelease
 License:   GPL-2.0-or-later AND LGPL-2.1-or-later AND FSFAP
 URL:       http://www.freedesktop.org/software/PackageKit/
 Source0:   http://www.freedesktop.org/software/PackageKit/releases/%{name}-%{version}.tar.xz
 
 # Backports from upstream (1~500)
-## Fix turning off the Python backend
-Patch0001:    https://github.com/PackageKit/PackageKit/commit/11c5f1f34f48b58ee10acec839dd01a31728704b.patch
-## Fix race condition vulnerability (Pack2TheRoot)
-Patch0002:    GHSA-f55j-vvr9-69xv.patch
 
 # Patches proposed upstream (501~1000)
 ## Alias "dnf" to "dnf5"

diff --git a/sources b/sources
index 889ee68..f71f4c9 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (PackageKit-1.3.4.tar.xz) = 2beeb0e1d06c74b6fd4cfdb69f0f058c9a7c799a8a82c02d0394040578b6adb968811477ed75e43d6927efad5b3328c63437b452087cbc2121eef50eee92c443
+SHA512 (PackageKit-1.3.6.tar.xz) = 5c4a9f9647be13348e7abfd758a3e8e26b75d33e563fea2cc85817c4d70a7afe36fd725825a23ed188cce2594c8da454504df25d777a28e170e5969bfe2cc4b2