policykit-1 (122-3) unstable; urgency=medium * d/polkitd.postinst: Stop polkitd before changing home directory. usermod will refuse to change the home directory if a polkitd process is running as the polkitd uid, so stop polkitd if necessary, and also don't fail if usermod can't change the home directory in an existing installation (which is non-critical anyway). (Closes: #1030154) -- Simon McVittie Tue, 31 Jan 2023 22:05:24 +0000 policykit-1 (122-2) unstable; urgency=medium [ Debian Janitor ] * d/changelog: Trim trailing whitespace * d/upstream/metadata: Update URLs for Bug-Database, Bug-Submit [ Simon McVittie ] * Update how we assign root-equivalent groups - d/p/debian/50-default.rules-Replace-wheel-group-with-sudo-group.patch, d/rules: Set up Debian's default root-equivalent group 'sudo' in 50-default.rules rather than in 40-debian-sudo.rules. This ensures that users of polkitd-pkla can override it by configuring admin identities the old way. Previously, because 40-debian-sudo.rules was earlier in the sequence than 49-polkit-pkla-compat.rules, it would take precedence and the admin identities from polkitd-pkla were ignored. (Closes: #1023393) By default, polkitd-pkla does not provide any admin identities, which means we behave as though polkitd-pkla was not installed at all, and fall back to the sudo group defined in 50-default.rules. - d/p/debian/05_revert-admin-identities-unix-group-wheel.patch: Drop patch, superseded by the one described above - d/rules: When built for Ubuntu, also install an Ubuntu-specific file sequenced after 49-polkit-pkla-compat.rules but before 50-default.rules, which treats both the 'sudo' group and the legacy 'admin' group as root-equivalent. * Replace /etc/pam.d/polkit-1 with /usr/lib/pam.d/polkit-1. /usr/lib/pam.d has been supported since at least 1.4.0 (Debian 11), so we can make this an ordinary packaged file instead of a conffile. Local sysadmin overrides can still be done via /etc/pam.d/polkit-1 as before. This sidesteps dpkg's inability to keep track of a conffile when it is moved from one package to another (#399829, #645849, #163657, #595112). (Closes: #1006203) * postinst: Only clean up config directories if not owned. If we only have polkitd installed, then we want to clean up the obsolete directory /etc/polkit-1/localauthority.conf.d on upgrade, but if we have polkitd-pkla installed, then it owns that directory and we should not remove it. (Closes: #1026425) * d/policykit-1.dirs: Continue to own some legacy directory names. Having the transitional package continue to own these directories until it has had a chance to clean up obsolete conffiles will silence warnings from dpkg about inability to remove them. (Closes: #1027420) * d/polkitd.postrm: Clean up /var/lib/polkit-1 on purge. If /var/lib/polkit-1 was the polkitd user's home directory, then it might contain a .cache subdirectory; clean that up too. * Create polkitd user with home directory /nonexistent in new installations. This will prevent it from creating detritus in /var/lib/polkit-1. * polkitd.postinst: Change polkitd home directory to /nonexistent on upgrade * Remove version constraints unnecessary since buster (oldstable) * Update standards version to 4.6.2 (no changes needed) -- Simon McVittie Fri, 20 Jan 2023 13:22:24 +0000 policykit-1 (122-1) unstable; urgency=medium * d/watch: Fix handling of polkit-pkla-compat * d/watch: Monitor Gitlab releases instead of fd.o web server * New upstream release * Drop patches that were included in the new upstream release -- Simon McVittie Fri, 28 Oct 2022 18:36:30 +0100 policykit-1 (121+compat0.1-6) unstable; urgency=medium * d/polkitd.examples: Really install the example rules mentioned in NEWS * d/control: Explicitly build-depend on docbook-xsl. polkit-pkla-compat needs this for the man pages, which cannot currently be disabled, so it is not marked as (and neither is xsltproc). * Only build API documentation if policykit-1-doc is built. It doesn't need to be built when we're doing an architecture-specific build, and we can also mark it with the build-profile (although that's not particularly useful in this case because it's the only arch-indep binary package). -- Simon McVittie Thu, 13 Oct 2022 21:05:11 +0100 policykit-1 (121+compat0.1-5) unstable; urgency=medium * Release to unstable (Closes: #946231, #1018897) -- Simon McVittie Thu, 13 Oct 2022 10:46:03 +0100 policykit-1 (121+compat0.1-4) experimental; urgency=medium * d/polkitd.postinst: Consistently indent with spaces * d/polkitd.postinst: Quote defensively * d/polkitd.postinst: Don't explicitly restart the systemd service. dh_installsystemd does this for us anyway. * d/polkitd.postinst: Make sure message bus policy is reloaded if needed. If we created or modified the polkitd user, then we need to refresh dbus-daemon's cached policy to take that user into account, otherwise polkitd will fail to start. This fixes an autopkgtest failure. * d/polkitd.postinst: Stop polkitd when not using systemd. On non-systemd systems, polkitd is a traditional D-Bus service and is not managed by a service manager, so the way to ensure we are running the upgraded version is to stop it and let the D-Bus system bus activate a new copy next time it is used. * Install a sysusers.d(5) fragment to set up the system user. This allows use of polkit without adduser on systems that have either systemd or systemd-standalone-sysusers. * d/polkitd.tmpfiles: Provide a tmpfiles.d(5) fragment for our directories * Add another override for man pages not matching Lintian expectations * d/rules: Build with hardening=+bindnow * Add doc-base metadata for the reference manual -- Simon McVittie Mon, 10 Oct 2022 15:00:55 +0100 policykit-1 (121+compat0.1-3) experimental; urgency=medium * Merge content of polkitd-javascript into polkitd. Keep the polkitd-javascript package as a transitional package. -- Simon McVittie Wed, 28 Sep 2022 12:19:38 +0100 policykit-1 (121+compat0.1-2) experimental; urgency=medium * Add a NEWS file describing the change of security policy format * d/control: policykit-1 Recommends polkitd-pkla. This arranges for upgrades from Debian 11 to install polkitd-pkla by default, preserving previous functionality, while also allowing it to be removed for legacy-free systems. * d/pkla/: Remove, no longer installed or used * d/example-rules: Add some examples of the JavaScript rules format * d/changelog: Merge changelog entries from testing/unstable, in preparation for uploading this branch to unstable -- Simon McVittie Wed, 14 Sep 2022 21:33:22 +0100 policykit-1 (121+compat0.1-1) experimental; urgency=medium * Restructure the package to use upstream project polkit-pkla-compat for compatibility with 0.105 and older versions. - polkitd-javascript is now the only implementation of polkitd. The packages will probably be merged in a future upload, but keep them separate for now as a contingency plan. - polkitd-pkla now Depends on polkitd-javascript instead of having Breaks/Replaces on it. It's now an addon for polkitd-javascript, which calls out to an external helper program to check authorization against the old pklocalauthority(8) configuration files. - polkitd-javascript: Ensure that the polkitd user has a primary group. The polkit-pkla-compat package wants its directories to be owned by root:polkitd, which will only work if the polkitd user has a corresponding polkitd group. - Add polkit-pkla-compat as a secondary upstream tarball - Build polkit-pkla-compat instead of a PKLA build of polkitd - Drop patches that reinstated the ability to do a PKLA build of polkitd * d/p/polkitbackendduktapeauthority.c-Print-the-error-string-we.patch: Add patch from upstream to display error string as intended * d/control: Explicitly build-depend on xml-core, for its dh addon * d/copyright: Update * Update Lintian overrides * Standards-Version: 4.6.1 (no changes required) * d/tests: Skip if dbus-daemon is not running and cannot be started * Try harder to clean up obsolete conffiles -- Simon McVittie Thu, 01 Sep 2022 15:59:38 +0100 policykit-1 (121-2) experimental; urgency=medium [ Michael Biebl ] * Use dh-sequence-gir Build-Depends to enable the gir addon * Remove no longer needed dh option. Upstream has removed the autotools based build system so we no longer need to tell dh which build system to use. * Remove workaround for missing mocklibc [ Simon McVittie ] * d/copyright: Reinstate entry for test/mocklibc * d/polkitd.install: Really install the XML catalog entry * d/rules: Enable xml-core dh sequence * d/catalog.xml: Fix basename of DTD -- Simon McVittie Sat, 23 Jul 2022 16:04:32 +0100 policykit-1 (121-1) experimental; urgency=medium * New upstream release * d/copyright: Update * Drop patches that were applied upstream * Refresh remaining patches * d/control: Build-depend on duktape instead of mozjs * Install policyconfig-1.dtd in polkitd package, with an XML catalog entry (Closes: #872615) * d/watch: Use Gitlab tags to watch for new releases for now. Subsequent releases will be done via the Gitlab releases feature, but it's not immediately obvious what form that will take. * Add patch from upstream to install rules.d defaults in /usr/share. This brings us one step closer to the "empty /etc is valid" model. * d/rules: Install sudo and Ubuntu admin rules into /usr/share, too. This avoids these files having to be conffiles that vary between distros. * d/upstream/metadata: Add * d/polkitd.docs: Update -- Simon McVittie Sat, 16 Jul 2022 20:17:46 +0100 policykit-1 (0.120-6) experimental; urgency=medium * Add patch from Fedora to fix denial of service via fd exhaustion (CVE-2021-4115; Closes: #1005784) -- Simon McVittie Fri, 18 Feb 2022 10:04:56 +0000 policykit-1 (0.120-5) experimental; urgency=medium * d/*.postinst: Correct package names in initial comments * d/policykit-1.bug-control: Correct name of Submit-As field -- Simon McVittie Wed, 09 Feb 2022 11:42:38 +0000 policykit-1 (0.120-4) experimental; urgency=medium * d/control: Change descriptions to refer to polkit. According to NEWS, the official name of the project has been polkit since 2012, and perhaps earlier. * d/patches: Use upstream's finalized patch for CVE-2021-4034. The patch that was provided to distributors under embargo was not the final version: it used a different exit status, and made an attempt to show help. The version that was actually committed after the embargo period ended interprets argc == 0 as an attack rather than a mistake, and does not attempt to show the help message. * d/patches: Move Debian-specific patches to d/p/debian/. This makes it clearer that these are not intended to go upstream. * Split policykit-1 into polkitd and pkexec packages. pkexec is a setuid program, which makes it a higher security risk than the more typical IPC-based uses of polkit. If we separate out pkexec into its own package, then only packages that rely on being able to run pkexec will have to depend on it, reducing attack surface for users who are able to remove the pkexec package. * Reinstate the .pkla backend as a separate binary package. Upstream polkit switched its authorization rule syntax from .ini-style .pkla files to JavaScript in version 0.106. Debian has historically used a fork of the last .pkla-based version, but this was becoming unsustainable: bug fixes from subsequent upstream versions were either applied as patches, or missing from the Debian package. The "local authority" code that implements .pkla files is not actually all that large, so patching it into a modern upstream version is a much smaller task than patching modern upstream bug fixes into an old upstream version. For this upload to experimental, keep both the JavaScript backend and the .pkla backend intact, by compiling polkitd twice with different options. This lets us preserve existing functionality of upstream and experimental polkit (with the more powerful JavaScript-based rules, which can base their authorization decisions on service-specific information like the name of a systemd unit), while also having the opportunity to evaluate polkitd-pkla as a more direct replacement for what's in bookworm. * Adjust Lintian override syntax * Add Debian-specific man pages for polkitd-pkla * d/copyright: Update * Always configure the sudo group as root-equivalent. This avoids Debian derivatives getting an unexpected change in behaviour when they switch from inheriting Debian's policykit-1 package to building their own policykit-1 package, perhaps as a result of wanting to apply an unrelated patch. The sudo group is defined to be root-equivalent in base-passwd, so this should be equally true for all Debian derivatives. (Closes: utopia-team/polkit!3; thanks to Arnaud Rebillout) -- Simon McVittie Sat, 05 Feb 2022 10:49:54 +0000 policykit-1 (0.120-3) experimental; urgency=high * d/p/Avoid-local-privilege-escalation-in-polkit-s-pkexec.patch: Apply embargoed patch for local privilege escalation (CVE-2021-4034) -- Simon McVittie Mon, 24 Jan 2022 14:09:42 +0000 policykit-1 (0.120-2) experimental; urgency=medium * d/rules: Extend timeout for unit tests. Meson's default 30 second timeout is uncomfortably short even on x86, and too short on e.g. mips. -- Simon McVittie Thu, 28 Oct 2021 12:52:02 +0100 policykit-1 (0.120-1) experimental; urgency=medium * New upstream release * Drop patches that were applied upstream * Depend on default-dbus-system-bus | dbus-system-bus instead of dbus. We need the system bus: let's be specific about that. This will allow dbus-broker to be substituted for dbus, if desired. * Build-depend on dbus-daemon instead of dbus. We only need dbus-run-session at build time; we don't need a fully-working system bus. * debian/missing/docs: Remove extra copy of documentation. This is in the new upstream release. - d/source/include-binaries: Remove, no longer needed * d/p/Don-t-pass-positional-parameters-to-i18n.merge_file.patch: Add patch to fix FTBFS with Meson 0.60.0 * Standards-Version: 4.6.0 (no changes required) * Use d/watch format version 4 -- Simon McVittie Tue, 26 Oct 2021 12:11:24 +0100 policykit-1 (0.119-1) experimental; urgency=medium * New upstream release - Fixes local privilege escalation involving polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) (Closes: #989429) * d/missing, d/rules: Work around missing docs/polkit/overview.xml etc. in 0.119 tarball * Build using Meson * d/p/build-Remove-redundant-computation-of-dbus-data-directory.patch, d/p/build-Don-t-require-dbus-development-files.patch, d/p/meson_post_install-Use-geteuid-instead-of-getpass.patch, d/p/meson_post_install-Don-t-fail-if-the-polkitd-user-doesn-t.patch, d/p/meson_post_install-If-installation-steps-are-skipped-say-.patch, d/p/meson_post_install-Don-t-install-pkexec-group-writable.patch, d/p/meson_post_install-Don-t-make-programs-setuid-if-we-are-n.patch, d/p/meson_post_install-Respect-DESTDIR-for-absolute-paths.patch, d/p/build-Make-the-directory-for-helper-executables-consisten.patch: Add some patches to improve the Meson build system * d/missing, d/rules: Get mocklibc into the right layout for the build * Stop providing static libraries. The Meson build infrastructure only supports shared libraries, and the static libraries built by Autotools were already not particularly useful, because they indirectly depend on the libmount shared library. -- Simon McVittie Fri, 04 Jun 2021 19:49:26 +0100 policykit-1 (0.118-2) experimental; urgency=medium [ Helmut Grohne ] * Annotate Build-Depends: dbus (Closes: #980998) [ Michael Biebl ] * Remove old maintscript migration code from pre-oldstable * Use --restart-after-upgrade. With debhelper 13.1, --no-start will disable --restart-after-upgrade. Since we want the service to be restarted on upgrades, request that explicitly. See #959678 [ Simon McVittie ] * d/rules: Remove --libexecdir override. This has no practical effect: the upstream build system no longer uses the libexec directory. * d/rules: Remove redundant dh_missing --fail-missing override. This is the default in dh compat level 13. -- Simon McVittie Fri, 16 Apr 2021 11:34:06 +0100 policykit-1 (0.118-1) experimental; urgency=medium * New upstream release - Drop patch that was applied upstream * d/control: Update build-dependency to mozjs78 -- Simon McVittie Sun, 27 Sep 2020 21:06:09 +0100 policykit-1 (0.117-1) experimental; urgency=medium * New upstream release * Rebase patches * Bump Standards-Version to 4.5.0 * Add polkitbackendjsauthoritytest-wrapper.py to release tarball * Add python3-dbusmock to Build-Depends and mark it . Required by test/polkitbackend/polkitbackendjsauthoritytest-wrapper.py * Bump debhelper-compat to 13 * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec. Support upgrades from 0.105-27 (and later versions in unstable), which moved the private binaries from /usr/lib/policykit-1 to /usr/libexec. (Closes: #965210) -- Michael Biebl Mon, 03 Aug 2020 15:42:56 +0200 policykit-1 (0.116-3) experimental; urgency=medium * Team upload. * Port to mozjs-68 (Closes: #961279) -- Laurent Bigonville Wed, 22 Jul 2020 11:59:43 +0200 policykit-1 (0.116-2) experimental; urgency=medium [ Mark Hindley ] * Depend on new virtual packages default-logind and logind (Closes: #923240) [ Simon McVittie ] * d/*.symbols: Add Build-Depends-Package metadata * d/policykit-1.lintian-overrides: Override systemd unit false positives. The systemd unit is only for on-demand D-Bus activation, and is not intended to be started during boot, so an [Install] section and a parallel LSB init script are not necessary. * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports. reportbug doesn't currently seem to interpret "Depends: default-logind | logind" as implying that it should include the version number of the package that Provides logind in bug reports. Workaround for #934472. * Standards-Version: 4.4.0 (no changes required) * Switch to debhelper-compat 12 -- Simon McVittie Sun, 11 Aug 2019 18:56:22 +0100 policykit-1 (0.116-1) experimental; urgency=medium * New upstream release - Document polkit_subject_equal() as unsuitable for security decisions (CVE-2019-6133) - Allow process uid to be unset again, fixing a regression in the solution for #915332 - Port the JS authority to mozjs-60 (Closes: #917309) - Fix some resource leaks - Documentation and debug message fixes * Drop patch for #915332, applied upstream * Standards-Version: 4.3.0 (no changes required) * Set experimental branch in Vcs-Git * Change the policykit-1 package from Architecture: any to Architecture: linux-any, and remove the consolekit [!linux-any] dependency. polkit no longer has any backends for non-Linux. (Closes: #918446) -- Simon McVittie Wed, 01 May 2019 08:24:29 +0100 policykit-1 (0.115-3) experimental; urgency=medium * Allow negative uids/gids in PolkitUnixUser and Group objects. Fixes a vulnerability in PolicyKit that allows a user with a uid greater than INT_MAX to successfully execute arbitrary polkit actions. (CVE-2018-19788, Closes: #915332) -- Michael Biebl Fri, 07 Dec 2018 20:17:15 +0100 policykit-1 (0.115-2) experimental; urgency=medium [ Simon McVittie ] * d/gbp.conf: Set patch-numbers to false to match current practice [ Michael Biebl ] * Switch to dh_missing and abort on uninstalled files * Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. * Remove obsolete conffile /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades * Bump Standards-Version to 4.2.1 * Remove Breaks for versions older than oldstable * Stop masking polkit.service during the upgrade process. This is no longer necessary with the D-Bus policy file being installed in /usr/share/dbus-1/system.d/. (Closes: #902474) * Use dh_installsystemd to restart polkit.service after an upgrade. This replaces a good deal of hand-written maintscript code. * Remove upgrade code which changes the home directory of the polkitd user -- Michael Biebl Tue, 27 Nov 2018 21:53:12 +0100 policykit-1 (0.115-1) experimental; urgency=medium * New upstream version 0.115 - Fixes CVE-2018-1116 (Closes: #903563) - d/p/jsauthority-pass-s-format-string-to-remaining-report.patch: Drop, applied upstream * d/watch: Use https * d/watch: Download upstream PGP signatures * debian/upstream/signing-key.asc: Add public keys for Ray Strode, Miloslav Trmac, David Zeuthen * d/gbp.conf: Merge upstream tags into the upstream branch * Add myself to Uploaders * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck * Standards-Version: 4.1.5 (no changes required) * Set Rules-Requires-Root to no -- Simon McVittie Wed, 11 Jul 2018 12:24:20 +0100 policykit-1 (0.114-1) experimental; urgency=medium [ Michael Biebl ] * New upstream version 0.114 * Rebase patches * Switch to mozjs 52 (Closes: #863784) * Drop -Wl,--no-as-needed, no longer necessary * jsauthority: pass "%s" format string to remaining report function * Add Provides to gir1.2-polkit-1.0 to reflect its contents [ Martin Pitt ] * debian/copyright: Use https URL for Format: * Update Vcs-* links for move to salsa.debian.org. * Move to debhelper compat level 10. Remove explicit dh-autoreconf, it's now done by default. * Bump Standards-Version to 4.1.3 * Add autopkgtest. This covers the pkaction and pkcheck CLI tools. -- Michael Biebl Mon, 09 Apr 2018 22:31:58 +0200 policykit-1 (0.113-6) experimental; urgency=medium * master/Add-gettext-support-for-.policy-files.patch: Backport from master: Add .loc and .its files so that gettext can be used to translate policy files. Some upstreams, particularly those that are switching to meson, expect these files to be present so that their PK policy files can be translated. (Closes: #863207) -- Iain Lane Wed, 24 May 2017 16:11:01 +0100 policykit-1 (0.113-5) experimental; urgency=medium [ Simon McVittie ] * Build-depend on intltool instead of relying on gtk-doc-tools' dependency (Closes: #837846) [ Michael Biebl ] * Use https:// for the upstream homepage. * Update Vcs-Browser to use cgit. * Drop the polkitd.service Alias. The version in unstable, based on 0.105, now also uses the name polkit.service for the systemd service unit. [ Martin Pitt ] * Use PAM's common-session-noninteractive modules for pkexec instead of common-session. The latter also runs pam_systemd (the only difference normally) which is a no-op under the classic session-centric D-BUS/graphical login model (as it won't start a new one if it is already running within a logind session), but very expensive when using dbus-user-session and being called from a service that runs outside the PAM session. This causes long delays in e. g. gnome-settings-daemon's backlight helpers. (LP: #1626651) -- Michael Biebl Fri, 21 Oct 2016 16:28:30 +0200 policykit-1 (0.113-4) experimental; urgency=medium [ Simon McVittie ] * Run tests with a session bus pretending to be the system bus, so they can pass in a buildd environment [ Michael Biebl ] * Create our custom rules files in debian/tmp so we don't FTBFS for binary-indep builds and run dh_install after that. * Run wrap-and-sort -ast. * Bump Standards-Version to 3.9.8. -- Michael Biebl Sat, 16 Apr 2016 14:46:18 +0200 policykit-1 (0.113-3) experimental; urgency=medium * Generate tight inter-package dependencies. This ensures that everything from the same source package is upgraded in lockstep. (Closes: #817998) * Drop obsolete Breaks from pre-wheezy. -- Michael Biebl Thu, 14 Apr 2016 14:15:09 +0200 policykit-1 (0.113-2) experimental; urgency=medium [ Simon McVittie ] * policykit-1.links: statically alias polkit.service (upstream's name) as polkitd.service (Debian's historical name) [ Martin Pitt ] * debian/policykit-1.{pre,post}inst: Temporarily mask polkit.service while policykit-1 is unpackaged but not yet configured. During that time we don't yet have our D-Bus policy in /etc so that polkitd cannot work yet. This can be dropped once the D-Bus policy moves to /usr. (Closes: #794723, LP: #1447654) -- Martin Pitt Wed, 21 Oct 2015 08:28:11 +0200 policykit-1 (0.113-1) experimental; urgency=medium * Team upload. [ Martin Pitt ] * policykit-1.postinst: Don't kill polkitd under systemd, but properly restart it. This avoids killing it shortly after systemd tries to bus-activate it on installation. (LP: #1447654) [ Simon McVittie ] * Disable silent build rules. (Previously done in Ubuntu, although it seems to have been lost in a merge somewhere.) * New upstream release - drop most patches: they either came from upstream, or have been merged upstream - add new function to symbols file - fixes CVE-2015-4625, CVE-2015-3218, CVE-2015-3255, CVE-2015-3256 * Annotate remaining patches with a bit more information. They are: - 01_pam_polkit.patch: use Debian's common-* infrastructure, plus pam_env to get the global environment and locale. Debian-specific. - 02_gettext.patch: Use gettext to translate .policy files at runtime, allowing for Ubuntu-style language packs. Debian-specific (mainly for Ubuntu's benefit, really). - 05_revert-admin-identities-unix-group-wheel.patch: Debian does not use the "wheel" group like Red Hat derivatives do; treat uid 0 as the administrative identity instead. Debian-specific. - 08_chdir_root.patch: Explicitly use chdir("/") instead of relying on user's home in `getent passwd` being set properly. Potentially upstreamable? * policykit-1.postinst: restart polkit.service, not polkitd.service (which doesn't exist) -- Simon McVittie Fri, 03 Jul 2015 13:33:59 +0100 policykit-1 (0.112-5) experimental; urgency=medium * Team upload. * Go back to mozjs 1.8.5, like the version in unstable: mozjs 17 has been removed from Debian, and mozjs 24 requires significant upstream changes and no longer has a C API (Closes: #776744) * Add a symlink so the old library can run the new agent helper (Closes: #699447) * Add patch from upstream to work around older versions of libpam-systemd which would give root processes the real uid's XDG_RUNTIME_DIR under su; it shouldn't be necessary any more, but is harmless (Closes: #772125) * Replace 03_complete_session.patch with a change from upstream which seems like a more correct solution for LP#445303, LP#649939 * Add patches from upstream to treat background processes as part of the same uid's active GUI session if any, fixing use of dbus-user-session (Closes: #779988) * Add patches from upstream to fix some memory leaks (Closes: #775158, LP: #1417637) * Add patch from upstream to fix redundant removal of an event source * Add patch to use libsystemd instead of the libsystemd-login compat library (Closes: #779756) -- Simon McVittie Tue, 31 Mar 2015 18:13:28 +0100 policykit-1 (0.112-4) experimental; urgency=medium [ Andreas Henriksson ] * Install typelib files into MA libdir. [ Martin Pitt ] * Rebuild against libsystemd0. This drops the last remaining dependency to libsystemd-login0. (Closes: #771281) * Bump Standards-Version to 3.9.6 (no changes necessary). -- Martin Pitt Fri, 28 Nov 2014 10:15:06 +0100 policykit-1 (0.112-3) experimental; urgency=medium * Team upload. * debian/rules: Really enable logind support on linux architectures only * debian/control: Use canonical VCS-* URL's * debian/control: Bump Standards-Version to 3.9.5 (no further changes) * debian/control: Depends against libpam-systemd instead of just systemd * debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it registers a logind session properly (Closes: #745983) * debian/policykit-1.postinst: Explicitly set a home directory for the polkitd user (Closes: #748981) -- Laurent Bigonville Sun, 07 Sep 2014 14:22:54 +0200 policykit-1 (0.112-2) experimental; urgency=low * Use logind on linux and consolekit on non-linux * Update to mozjs17 -- Sjoerd Simons Fri, 01 Nov 2013 21:36:55 +0100 policykit-1 (0.112-1) experimental; urgency=low * New upstream release. - Fixes CVE-2013-4288, unix-process subject for authorization is racy. (Closes: #723717) * Remove 00git_pkexec_pam_env.patch and 09_link_libmozjs.patch, both merged upstream. * Drop explicit Build-Depends on gir1.2-glib-2.0. * Bump Standards-Version to 3.9.4. No further changes. -- Michael Biebl Thu, 19 Sep 2013 17:39:54 +0200 policykit-1 (0.110-3) experimental; urgency=low [ Martin Pitt ] * Add 00git_pkexec_pam_env.patch: pkexec: Set process environment from pam_getenvlist(). Backported from upstream git head. * 01_pam_polkit.patch: Adjust patch to invoke pam_env, so our global settings from /etc/default/locale are applied correctly. Thanks Steve Langasek! [ Michael Biebl ] * Use gir addon instead of calling dh_girepository manually. -- Michael Biebl Mon, 03 Jun 2013 05:54:32 +0200 policykit-1 (0.110-2) experimental; urgency=low * When cleaning up /etc/polkit-1/nullbackend.conf.d/ and /etc/polkit-1/localauthority.conf.d/ don't fail if those directories have already been removed. (Closes: #698085) -- Michael Biebl Mon, 14 Jan 2013 06:01:36 +0100 policykit-1 (0.110-1) experimental; urgency=low * New upstream release. * Drop patches which have been merged upstream. * Drop debian/clean, no longer necessary. -- Michael Biebl Wed, 09 Jan 2013 21:40:35 +0100 policykit-1 (0.109-1) experimental; urgency=low * New upstream release. (Closes: #689473) * Update Build-Depends: - Bump libglib2.0-dev to (>= 2.30.0). - Add libmozjs185-dev for the JS rules support. * Remove polkitbackend library. * Use systemd service file provided by upstream. * Reload systemd as the name of the .service file has changed. * Update policykit-1.install: - Private binaries have been moved to /usr/lib/polkit-1. - The extension system has been removed. - The .pkla files are gone and so is /var/lib/polkit-1. * Remove obsolete conffiles and the corresponding (empty) directories on upgrades. * Convert the old localauthority conf files to the new JavaScript based rules file format and make sure it is executed before 50-default.rules. * Refresh patches to apply without fuzz. * The polkitd daemon now runs as unprivileged polkitd user instead of root. Create this system user in postinst and change the directory permissions accordingly so the daemon has access to the rules files. * debian/patches/08_chdir_root.patch: Explicitly use chdir("/") instead of relying on $HOME being set properly. * Since /etc/polkit-1/rules.d/50-default.rules is a proper conffile, remove the comment from upstream that changes to that file are not preserved on upgrades. (Closes: #580634) * debian/patches/09_link_libmozjs.patch: Explicitly link against libmozjs, even if that library is dlopenend as we want to have a proper shlibs dependency. * Use --no-as-needed flag to ensure the linker doesn't remove the libmozjs dependency. * Use dh-autoreconf to update the build system. * Update the Homepage: field. -- Michael Biebl Mon, 07 Jan 2013 23:59:52 +0100 policykit-1 (0.105-33) unstable; urgency=medium * d/p/0.121/CVE-2021-4115-GHSL-2021-077-fix.patch: Attribute CVE-2021-4115 patch to its author. Move it into debian/patches/0.121 to indicate that it is a backport from upstream git, expected to be included in 0.121. * d/p/Fix-a-crash-when-authorization-is-implied.patch: Add patch to fix a crash when one authorization implies another -- Simon McVittie Sat, 26 Feb 2022 11:11:57 +0000 policykit-1 (0.105-32) unstable; urgency=medium * Use upstream patch for CVE-2021-3560. This patch was included in 0.119, so move it into the 0.119/ directory in the patch series. * d/patches: Use upstream's finalized patch for CVE-2021-4034. The patch that was provided to distributors under embargo was not the final version: it used a different exit status, and made an attempt to show help. The version that was actually committed after the embargo period ended interprets argc == 0 as an attack rather than a mistake, and does not attempt to show the help message. * Move some Debian-specific patches into d/p/debian/. This makes it more obvious that they are not intended to go upstream. * d/control: Split the package. pkexec is a setuid program, which makes it a higher security risk than the more typical IPC-based uses of polkit. If we separate out pkexec into its own package, then only packages that rely on being able to run pkexec will have to depend on it, reducing attack surface for users who are able to remove the pkexec package. * d/control: policykit-1 Provides polkitd-pkla. This will give us a migration path to the separate per-backend packages currently available in experimental. * Add patch from Fedora to fix denial of service via fd exhaustion. CVE-2021-4115 (Closes: #1005784) * Standards-Version: 4.6.0 (no changes required) * Build-depend on dbus-daemon instead of dbus. We only need dbus-run-session at build time; we don't need a fully-working system bus. * Use d/watch format version 4 * d/rules: Create localauthority configuration with install(1), not echo(1). This aligns the packaging a bit more closely with experimental. * Always configure the sudo group as root-equivalent. This avoids Debian derivatives getting an unexpected change in behaviour when they switch from inheriting Debian's policykit-1 package to building their own policykit-1 package, perhaps as a result of wanting to apply an unrelated patch. The sudo group is defined to be root-equivalent in base-passwd, so this should be equally true for all Debian derivatives. Thanks to Arnaud Rebillout. * d/polkitd.links: Create more polkit-agent-helper-1 symlinks. This executable has moved several times, and its path gets compiled into the libpolkit-agent-1-0 shared library. Making the executable available in all the locations it has previously had is helpful when swapping between versions during testing. * Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso. -- Simon McVittie Fri, 18 Feb 2022 12:45:14 +0000 policykit-1 (0.105-31.1) unstable; urgency=high * Non-maintainer upload. * Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) -- Salvatore Bonaccorso Thu, 13 Jan 2022 06:34:44 +0100 policykit-1 (0.105-31) unstable; urgency=medium [ Salvatore Bonaccorso ] * d/p/CVE-2021-3560.patch: Fix local privilege escalation involving polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) (Closes: #989429) -- Simon McVittie Thu, 03 Jun 2021 17:06:34 +0100 policykit-1 (0.105-30) unstable; urgency=medium [ Helmut Grohne ] * Annotate Build-Depends: dbus (Closes: #980998) -- Simon McVittie Thu, 04 Feb 2021 13:56:09 +0000 policykit-1 (0.105-29) unstable; urgency=medium * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec. If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it will fail to find the binary at the new location. So create a symlink to prevent authentication failures on upgrades. (Closes: #965210) -- Michael Biebl Mon, 03 Aug 2020 11:05:29 +0200 policykit-1 (0.105-28) unstable; urgency=medium [ TANIGUCHI Takaki ] * postinst: Fix polkit-agent-helper-1 path [ Michael Biebl ] * Fix polkitd path in polkit.service (Closes: #965164) * Use --restart-after-upgrade. With debhelper 13.1, --no-start will disable --restart-after-upgrade. Since we want the service to be restarted on upgrades, request that explicitly. * Remove old maintscript migration code from pre-oldstable -- Michael Biebl Fri, 17 Jul 2020 10:49:51 +0200 policykit-1 (0.105-27) unstable; urgency=medium * Switch to /usr/libexec now that it is allowed by debian policy * Bump debhelper-compat to 13 * Bump Standards-Version to 4.5.0 * Try harder to look up the right localization. Fixes out-of-bounds read in _localize. (Closes: #956223) -- Michael Biebl Fri, 17 Jul 2020 00:50:43 +0200 policykit-1 (0.105-26) unstable; urgency=medium [ Mark Hindley ] * Depend on new virtual packages default-logind and logind (Closes: #923240) [ Simon McVittie ] * Apply most changes from upstream release 0.116 - d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch, d/p/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch: Reduce messages to stderr from polkit agents, in particular when using "systemctl reboot" on a ssh connection or when using "systemctl start" in systemd emergency mode - d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch: Fix critical warnings when calling polkit_permission_new_sync() with no D-Bus system bus - d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch: Fix a potential use-after-free in polkit agents - d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch: Re-enable echo if the tty agent is killed by SIGINT or SIGTERM or suspended with SIGTSTP * Add more bug fixes backported from earlier upstream releases - d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch: Fix a segfault when a library user like flatpak attempts to register a polkit agent with no system bus available (Closes: #923046) - d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch: Make it more obvious that polkitprivate.h was never intended to be API - d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch: Fix a memory leak - d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch: Avoid a use of the deprecated polkit_unix_process_new() * d/*.symbols: Add Build-Depends-Package metadata * d/policykit-1.lintian-overrides: Override systemd unit false positives. The systemd unit is only for on-demand D-Bus activation, and is not intended to be started during boot, so an [Install] section and a parallel LSB init script are not necessary. * Stop building libpolkit-backend as a shared library. Its API was never declared stable before upstream removed it in 0.106. Nothing in Debian depended on it, except for polkitd itself, which now links the same code statically. This is a step towards being able to use the current upstream release of polkit and patch in the old localauthority backend as an alternative to the JavaScript backend, instead of using the old 0.105 codebase and patching in essentially every change except the JavaScript backend, which is becoming unmanageable. - Remove the example null backend, which is pointless now that we've removed the ability to extend polkit. - Remove obsolete conffile 50-nullbackend.conf on upgrade - Remove the directory that previously contained 50-nullbackend.conf after upgrading or removing policykit-1 - Remove obsolete dh_makeshlibs override for the null backend * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports. reportbug doesn't currently seem to interpret "Depends: default-logind | logind" as implying that it should include the version number of the package that Provides logind in bug reports. Workaround for #934472. * Change the policykit-1 package from Architecture: any to Architecture: linux-any, and remove the consolekit [!linux-any] dependency. consolekit is no longer available in any Debian or debian-ports architecture, even those for non-Linux kernels. (Closes: #918446) * Standards-Version: 4.4.0 (no changes required) * Switch to debhelper-compat 12 - d/control: Add ${misc:Pre-Depends} * Switch to dh_missing and abort on uninstalled files (patch taken from experimental, thanks to Michael Biebl) -- Simon McVittie Sun, 11 Aug 2019 19:09:35 +0100 policykit-1 (0.105-25) unstable; urgency=medium * Team upload * Add tests-add-tests-for-high-uids.patch - Patch from upstream modified by Ubuntu to test high UID fix * Compare PolkitUnixProcess uids for temporary authorizations. - Fix temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) (Closes: #918985) -- Jeremy Bicha Tue, 15 Jan 2019 11:11:58 -0500 policykit-1 (0.105-24) unstable; urgency=medium * Allow uid of -1 for a PolkitUnixProcess. Revert an overzealous change from the previous security fix that caused a critical to be logged when trying to set the uid property to -1 (the default value). -- Martin Pitt Tue, 15 Jan 2019 08:05:52 +0000 policykit-1 (0.105-23) unstable; urgency=high * Allow negative uids/gids in PolkitUnixUser and Group objects. Fixes a vulnerability in PolicyKit that allows a user with a uid greater than INT_MAX to successfully execute arbitrary polkit actions. (CVE-2018-19788, Closes: #915332) -- Michael Biebl Fri, 07 Dec 2018 19:55:58 +0100 policykit-1 (0.105-22) unstable; urgency=medium * Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. * Remove obsolete conffile /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades * Bump Standards-Version to 4.2.1 * Remove Breaks for versions older than oldstable * Stop masking polkit.service during the upgrade process. This is no longer necessary with the D-Bus policy file being installed in /usr/share/dbus-1/system.d/. (Closes: #902474) * Use dh_installsystemd to restart polkit.service after an upgrade. This replaces a good deal of hand-written maintscript code. -- Michael Biebl Tue, 27 Nov 2018 20:17:44 +0100 policykit-1 (0.105-21) unstable; urgency=medium * Remove --no-parallel now that parallel builds (hopefully) work. Thanks to Adrian Bunk for spotting this. * Refresh patches via gbp pq * Use one patch per upstream commit for easier metadata round-trips * Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114 - d/p/0.111/Fix-a-memory-leak.patch: Fix a memory leak when PAM authentication fails - d/p/0.113/Remove-a-redundant-assignment.patch: Fix a potential compiler warning - d/p/master/Fix-multi-line-pam-text-info.patch: Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch, d/p/0.114/Fix-multi-line-pam-text-info.patch, d/p/0.114/Refactor-send_to_helper-usage.patch * d/p/03_polkitunixsession_sessionid_from_display.patch: Replace with functionally identical d/p/0.114/Support-polkit-session-agent-running-outside-user-session.patch as applied upstream * d/watch: Use https * d/watch: Download upstream PGP signatures * debian/upstream/signing-key.asc: Add public keys for Ray Strode, Miloslav Trmac, David Zeuthen * d/gbp.conf: Merge upstream tags into the upstream branch * Add myself to Uploaders * d/gbp.conf: Set patch-numbers to false to match current practice * d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch: Backport the security-significant part of 0.115 (CVE-2018-1116) (Closes: #903563) * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck * Standards-Version: 4.1.5 (no changes required) * Set Rules-Requires-Root to no -- Simon McVittie Wed, 11 Jul 2018 09:29:32 +0100 policykit-1 (0.105-20) unstable; urgency=medium * Team upload * d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch: Add patch from upstream to fix parallel builds (Closes: #894205) -- Simon McVittie Tue, 27 Mar 2018 13:50:28 +0100 policykit-1 (0.105-19) unstable; urgency=medium * debian/copyright: Use https URL for Format: * Update Vcs-* links for move to salsa.debian.org. * Fix typos in patch descriptions. Fixes lintian's spelling-error-in-patch-description complaints. * Move to debhelper compat level 10. Remove explicit dh-autoreconf, it's now done by default. * Bump Standards-Version to 4.1.3 * Add autopkgtest. This covers the pkaction and pkcheck CLI tools. -- Martin Pitt Mon, 26 Mar 2018 21:42:28 +0200 policykit-1 (0.105-18) unstable; urgency=medium * Team upload. * master/Add-gettext-support-for-.policy-files.patch: Backport from master: Add .loc and .its files so that gettext can be used to translate policy files. Some upstreams, particularly those that are switching to meson, expect these files to be present so that their PK policy files can be translated. (Closes: #863207) -- Iain Lane Wed, 24 May 2017 11:21:35 +0100 policykit-1 (0.105-17) unstable; urgency=medium [ Michael Biebl ] * Use https:// for the upstream homepage. * Update Vcs-Browser to use cgit. * Rename the systemd service unit to polkit.service. It is now based on what was added upstream in 0.106. [ Simon McVittie ] * Build-depend on intltool instead of relying on gtk-doc-tools' dependency (Closes: #837846) [ Martin Pitt ] * Use PAM's common-session-noninteractive modules for pkexec instead of common-session. The latter also runs pam_systemd (the only difference normally) which is a no-op under the classic session-centric D-BUS/graphical login model (as it won't start a new one if it is already running within a logind session), but very expensive when using dbus-user-session and being called from a service that runs outside the PAM session. This causes long delays in e. g. gnome-settings-daemon's backlight helpers. (LP: #1626651) -- Michael Biebl Fri, 21 Oct 2016 15:44:57 +0200 policykit-1 (0.105-16) unstable; urgency=medium [ Michael Biebl ] * Drop obsolete Breaks from pre-wheezy. * Use gir addon instead of calling dh_girepository manually. * Run wrap-and-sort -ast. * Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already pulled in via libgirepository1.0-dev. [ Martin Pitt ] * Add fallback if agent is not running in a logind session. This fixes polkit with dbus-user-session. Thanks Sebastien Bacher for the patch! * Bump Standards-Version to 3.9.8 (no changes necessary). -- Martin Pitt Mon, 25 Jul 2016 14:32:23 +0200 policykit-1 (0.105-15) unstable; urgency=medium * Generate tight inter-package dependencies. This ensures that everything from the same source package is upgraded in lockstep. (Closes: #817998) -- Michael Biebl Thu, 14 Apr 2016 13:57:13 +0200 policykit-1 (0.105-14.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS on non-linux/non-systemd. (Closes: #798769) -- Adam Borowski Thu, 14 Jan 2016 06:28:38 +0100 policykit-1 (0.105-14) unstable; urgency=medium * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink removal for consistency. * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch backported from upstream master. (LP: #1510824) -- Martin Pitt Mon, 23 Nov 2015 11:38:00 +0100 policykit-1 (0.105-13) unstable; urgency=medium * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while policykit-1 is unpackaged but not yet configured. During that time we don't yet have our D-Bus policy in /etc so that polkitd cannot work yet. This can be dropped once the D-Bus policy moves to /usr. (Closes: #794723, LP: #1447654) -- Martin Pitt Wed, 21 Oct 2015 08:11:22 +0200 policykit-1 (0.105-12) unstable; urgency=medium * Team upload * Replace 03_complete_session.patch with a change from upstream which seems like a more correct solution for LP#445303, LP#649939 * 05_revert-admin-identities-unix-group-wheel.patch: remove confusing staff -> desktop_admin_r change in a man page (desktop_admin_r looks vaguely like a SELinux role but is actually being used as a group); keep only the actual functional change. This matches the syntactically different but functionally similar change in experimental. * 09_pam_environment.patch: replace with the version that went upstream. * Annotate remaining patches with a bit more information. They are: - 00git_fix_memleak.patch, 00git_invalid_object_paths.patch, 00git_type_registration.patch, 04_get_cwd.patch, 07_set-XAUTHORITY-environment-variable-if-unset.patch, 08_deprecate_racy_APIs.patch, 09_pam_environment.patch, cve-2013-4288.patch: either backports from upstream, or already applied upstream, and not discussed further here. - 01_pam_polkit.patch: use Debian's common-* infrastructure, plus pam_env to get the global environment and locale. Debian-specific. - 02_gettext.patch: Use gettext to translate .policy files at runtime, allowing for Ubuntu-style language packs. Debian-specific (mainly for Ubuntu's benefit, really). - 05_revert-admin-identities-unix-group-wheel.patch: Debian does not use the "wheel" group like Red Hat derivatives do; treat uid 0 as the administrative identity instead. Debian-specific. - 06_systemd-service.patch: hook up the systemd service in debian/polkitd.service. Not forwarded: obsoleted by an upstream change in 0.106, commit 2995085. * Re-order patch series to put upstream changes first, sorted by version in which they went upstream, and put them in subdirectories by version * Add patches from 0.113 to fix heap corruption CVE-2015-3255 (Closes: #766860) and local authenticated denial of service CVE-2015-4625 (Closes: #796134) * Add numerous other bug-fix patches from 0.113 - work around bugs in older versions of libpam-systemd when using su or similar (Closes: #772125) - treat background processes as part of the same uid's active GUI session if they have one (Closes: #779988) - fix some memory leaks (Closes: #775158, LP: #1417637) * Add backported public API polkit_system_bus_name_get_user_sync() to symbols file * Fix FTBFS with dpkg-buildpackage -A by only installing files into policykit-1 in per-arch builds * Run tests with a session bus pretending to be the system bus, so they can pass in a buildd environment -- Simon McVittie Fri, 11 Sep 2015 09:48:00 +0100 policykit-1 (0.105-11) unstable; urgency=medium * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932) * policykit-1.postinst: Reload systemd before restarting polkitd.service, to avoid "Warning: polkitd.service changed on disk". (Closes: #791397) -- Martin Pitt Fri, 10 Jul 2015 13:03:33 +0200 policykit-1 (0.105-10) unstable; urgency=medium * Add 00git_type_registration.patch: Use GOnce for interface type registration. Fixes frequent udisks segfault (LP: #1236510). * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call results handler. (LP: #1417637) -- Martin Pitt Wed, 08 Jul 2015 12:15:41 +0200 policykit-1 (0.105-9) unstable; urgency=medium [ Martin Pitt ] * policykit-1.postinst: Don't kill polkitd under systemd, but properly restart it. This avoids killing it shortly after systemd tries to bus-activate it on installation. (LP: #1447654) [ Michael Biebl ] * Build against libsystemd instead of the old libsystemd-login compat library. (Closes: #779756) -- Michael Biebl Wed, 08 Jul 2015 02:10:58 +0200 policykit-1 (0.105-8) unstable; urgency=medium * Rebuild against libsystemd0. This drops the last remaining dependency to libsystemd-login0. (Closes: #771281) * Bump Standards-Version to 3.9.6 (no changes necessary). -- Martin Pitt Fri, 28 Nov 2014 10:07:46 +0100 policykit-1 (0.105-7) unstable; urgency=medium * Team upload. * Install typelib files into MA libdir. -- Andreas Henriksson Thu, 25 Sep 2014 13:56:15 +0200 policykit-1 (0.105-6.1) unstable; urgency=medium * Non-maintainer upload. * Use dh-autoreconf in build to support new architectures -- Wookey Thu, 10 Jul 2014 00:15:28 +0100 policykit-1 (0.105-6) unstable; urgency=medium * Team upload. * debian/control: Update Homepage URL * debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it registers a logind session properly (Closes: #745983) -- Laurent Bigonville Thu, 22 May 2014 19:31:58 +0200 policykit-1 (0.105-5) unstable; urgency=medium * Team upload. * Enable systemd support on linux architectures * debian/control: Bump Standards-Version to 3.9.5 (no further changes) * debian/control: Use canonical VCS-* URL's -- Laurent Bigonville Sun, 04 May 2014 12:40:59 +0200 policykit-1 (0.105-4) unstable; urgency=low * Acknowledge non-maintainer upload for CVE-2013-4288. * Also cherry-pick the upstream commit which deprecates the racy APIs. * debian/patches/09_pam_environment.patch: set process environment from pam_getenvlist(). * debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so our global settings from /etc/environment are applied correctly. * The two changes above fix pkexec to properly export the pam environment. Thanks Steve Langasek for the patch. (Closes: #692340) -- Michael Biebl Tue, 15 Oct 2013 18:34:24 +0200 policykit-1 (0.105-3+nmu1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix cve-2013-4288: race condition in pkcheck.c (closes: #723717). -- Michael Gilbert Mon, 14 Oct 2013 00:08:43 +0000 policykit-1 (0.105-3) unstable; urgency=low * 07_set-XAUTHORITY-environment-variable-if-unset.patch: Set XAUTHORITY environment variable to its default value $HOME/.Xauthority if unset. Some display managers, like KDM, do not set the XAUTHORITY variable, so starting graphical applications via pkexec was broken in those environments. (Closes: #671497) -- Michael Biebl Thu, 20 Dec 2012 18:55:14 +0100 policykit-1 (0.105-2) unstable; urgency=low * Change the permissions of /etc/polkit-1/localauthority to 700, this directory is not supposed to be readable by everyone. -- Michael Biebl Mon, 17 Dec 2012 17:02:06 +0100 policykit-1 (0.105-1) unstable; urgency=low * New upstream release. * debian/watch: Update URL, the tarballs are hosted on freedesktop.org now. * Update symbols file for libpolkit-gobject-1-0 and libpolkit-agent-1-0. * Update debian/copyright using the machine-readable copyright format 1.0. * Bump Standards-Version to 3.9.3. * Bump Build-Depends on debhelper to (>= 9). -- Michael Biebl Tue, 24 Apr 2012 21:06:04 +0200 policykit-1 (0.104-2) unstable; urgency=low * debian/control: Add Build-Depends on libglib2.0-doc and libgtk-3-doc for proper cross-references in the gtk-doc API documentation. * Install systemd service file for polkitd. -- Michael Biebl Sat, 11 Feb 2012 23:48:29 +0100 policykit-1 (0.104-1) unstable; urgency=low * New upstream release. - Add support for netgroups. (LP: #724052) * debian/rules: Disable systemd support, continue to work with ConsokeKit. * 05_revert-admin-identities-unix-group-wheel.patch: Refresh to apply cleanly. * debian/libpolkit-gobject-1-0.symbols: Add new symbols from this new release. * debian/rules: Do not let test failures fail the build. The new test suite also runs a test against the system D-BUS/ConsoleKit, which can't work on buildds. -- Martin Pitt Fri, 06 Jan 2012 12:28:54 +0100 policykit-1 (0.103-1) unstable; urgency=low * New upstream release. * debian/control: Change section of gir1.2-polkit-1.0 to introspection. * 05_revert-admin-identities-unix-group-wheel.patch: Revert upstream change to make group wheel the default admin identity since we already use group sudo resp. group admin for that. -- Michael Biebl Fri, 09 Dec 2011 00:48:17 +0100 policykit-1 (0.102-2) unstable; urgency=low * 02_gettext.patch: Explicitly #include to fix non-optimized build. Thanks Ivan Krasilnikov for pointing this out. * debian/rules: When building on Ubuntu, also consider the "sudo" group as administrator, for compatibility with Debian and sudo itself. Keep "admin" for existing systems. (LP: #893842) * Convert to Multi-Arch and dh compat 9. Thanks Daniel Schaal for the patch! (Closes: #636196) -- Martin Pitt Fri, 25 Nov 2011 07:44:09 +0100 policykit-1 (0.102-1) unstable; urgency=low * New upstream release. * debian/patches/00git_fix_proc_race.patch: Removed, merged upstream. * debian/patches/04_ignore_quilt_po.patch: Removed, merged upstream. * debian/patches/03_complete_session.patch: Refreshed. * debian/patches/04_get_cwd.patch: Use g_get_current_dir() to determine the current working directory. This fixes another PATH_MAX related FTBFS on hurd. Thanks Emilio Pozuelo Monfort for the patch. (Closes: #623017) -- Michael Biebl Tue, 02 Aug 2011 03:17:20 +0200 policykit-1 (0.101-4) unstable; urgency=high Urgency high due to security fix. * Add 00git_fix_proc_race.patch: Avoid /proc race conditions when checking privileges for pkexec. Patch taken from https://bugzilla.redhat.com/show_bug.cgi?id=692922, now also landed in upstream git. [CVE-2011-1485] * debian/libpolkit-gobject-1-0.symbols: Update for new symbols. * Add 04_ignore_quilt_po.patch: Ignore .po/ for intltool. This avoids build failures if quilt patches change files with translatable strings. Thanks to Kees Cook for the patch! -- Martin Pitt Wed, 20 Apr 2011 12:11:38 +0200 policykit-1 (0.101-3) unstable; urgency=low * debian/control - Add Depends on gir1.2-polkit-1.0 (= ${binary:Version}) to libpolkit-gobject-1-dev and libpolkit-agent-1-dev to comply with the updated GObject introspection policy. - Bump Standards-Version to 3.9.2. No further changes. -- Michael Biebl Sun, 10 Apr 2011 20:34:03 +0200 policykit-1 (0.101-2) unstable; urgency=low * Upload to unstable. -- Michael Biebl Fri, 25 Mar 2011 02:19:51 +0100 policykit-1 (0.101-1) experimental; urgency=low * New upstream release. * Update patches - Drop debian/patches/04_test_signalfd.patch, merged upstream. - Refresh other patches to apply cleanly. * debian/libpolkit-gobject-1-0.symbols - Add polkit_authorization_result_get_dismissed. * debian/control - Bump Build-Depends on libglib2.0-dev to (>= 2.28.0). * debian/rules - Don't build example programs. -- Michael Biebl Thu, 03 Mar 2011 23:50:17 +0100 policykit-1 (0.100-1) experimental; urgency=low * New upstream release. * Refresh debian/patches/03_complete_session.patch. * Replace debian/patches/04_test_signalfd.patch with a patch that was merged upstream. This also allows to drop debian/patches/99_autoreconf.patch. * Switch from cdbs to dh. * Bump debhelper compatibility level to 8. * Install documentation using debian/policykit-1.docs. * Enable gobject introspection support. - Add Build-Depends on libgirepository1.0-dev (>= 0.9.12), gobject-introspection (>= 0.9.12-4~) and gir1.2-glib-2.0. - Add package gir1.2-polkit-1.0 containing the typelib files. - Install gir files in libpolkit-agent-1-dev.install and libpolkit-gobject-1-dev.install. - Call dh_girepository in debian/rules. -- Michael Biebl Wed, 23 Feb 2011 19:51:17 +0100 policykit-1 (0.99-3) unstable; urgency=low * Upload to unstable. -- Michael Biebl Thu, 10 Feb 2011 19:21:36 +0100 policykit-1 (0.99-2) experimental; urgency=low [ Michael Biebl ] * Merge sudo group changes from unstable branch. [ Martin Pitt ] * debian/rules: Use dpkg-vendor instead of lsb_release. Drop lsb-release build dependency. * Add 04_test_signalfd.patch: Allow building on Non-Linux platforms without signalfd(). (Closes: #602476) * Add 99_autoreconf.patch: Pick up autoreconf changes from previous patch. -- Martin Pitt Mon, 06 Dec 2010 16:28:11 +0100 policykit-1 (0.99-1) experimental; urgency=low [ Michael Biebl ] * New upstream release. * debian/patches/00git-fix-error-freeing.patch - Remove, fixed upstream. * debian/patches/00git-pkexec-information-disclosure.patch - Remove, merged upstream. * debian/control - Drop Build-Depends on libeggdbus-1-dev. - Bump Build-Depends on libglib2.0-dev to (>= 2.25.12) for GDBus. * Switch to source format 3.0 (quilt). - Add debian/source/format. - Drop Build-Depends on quilt. - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules. - Remove debian/README.source. [ Robert Ancell ] * Add debian/patches/02_gettext.patch: Use gettext for translations in .policy files if they specify a gettext domain. [ James Westby ] * Add debian/patches/03_complete_session.patch: Fix the race that leads to the password box disappearing, but the dialog remaining. [ Martin Pitt ] * debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated .symbols files more strongly. -- Michael Biebl Thu, 04 Nov 2010 17:27:09 -0400 policykit-1 (0.96-4) unstable; urgency=low * debian/rules - When building for Debian, install a localauthority.conf.d configuration file which considers "sudo" group users as administrators. (Closes: #532499) -- Michael Biebl Tue, 16 Nov 2010 23:21:50 +0100 policykit-1 (0.96-3) unstable; urgency=low * debian/control - Use architecture wildcard linux-any for libselinux1-dev. - Bump Standards-Version to 3.9.1. * debian/policykit-1.postinst - Query D-Bus to find out the correct pid of the process claiming org.freedesktop.PolicyKit1. This way we do not accidentally kill the wrong process when being installed in a chroot. (Closes: #595030) * debian/policykit-1.prerm - Stop polkitd on remove. (Closes: #595031) -- Michael Biebl Thu, 16 Sep 2010 23:27:56 +0200 policykit-1 (0.96-2) unstable; urgency=medium * Urgency medium, just two small, but important bug fixes. * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure vulnerability that allows an attacker to verify whether or not arbitrary files exist, violating directory permissions. * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization() with an invalid PID. (LP: #540464) -- Martin Pitt Fri, 09 Apr 2010 12:09:53 +0200 policykit-1 (0.96-1) unstable; urgency=low * New upstream release. * debian/libpolkit-backend-1-0.symbols - Update for new API addition. -- Michael Biebl Sat, 16 Jan 2010 00:05:48 +0100 policykit-1 (0.95-1) unstable; urgency=low * New upstream release. * Remove patches - debian/patches/02_dont_export_private_symbols.patch (merged upstream) - debian/patches/03_path_max.patch (merged upstream) - debian/patches/04-ref-authority.patch (merged upstream) - debian/patches/05-pkexec-env.patch (merged upstream) - debian/patches/99_autoreconf.patch (obsolete) * debian/control - Bump Build-Depends on libeggbus-1-dev to (>= 0.6). * debian/rules - The example application is no longer built by default so we don't need to manually remove it anymore. * debian/libpolkit-{backend,gobject}-1-0.symbols - Update for new API additions. -- Michael Biebl Sat, 14 Nov 2009 05:33:34 +0100 policykit-1 (0.94-6) unstable; urgency=low * debian/policykit-1.postinst - Use start-stop-daemon instead of kill+pidof to stop the running polkitd daemon on upgrades. * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered unstable. (Closes: #552605) -- Michael Biebl Mon, 09 Nov 2009 01:09:07 +0100 policykit-1 (0.94-5) unstable; urgency=low * Add debian/patches/04-ref-authority.patch: Ref the instance returned by polkit_authority_get(), since the documentation says that it needs to be unref'ed after usage. This fixes crashes in NetworkManager and probably other programs, too. (LP: #438574, #432452, fd.o #24566) * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk) * Add myself to Uploaders: with Michael's consent. -- Martin Pitt Tue, 03 Nov 2009 12:28:09 +0100 policykit-1 (0.94-4) unstable; urgency=low * debian/patches/03_path_max.patch - Update patch to fix implicit pointer conversion for get_current_dir_name. (Closes: #550901) -- Michael Biebl Wed, 14 Oct 2009 14:00:40 +0200 policykit-1 (0.94-3) unstable; urgency=low * debian/patches/03_path_max.patch - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800) Thanks to Samuel Thibault for the patch. * debian/policykit-1.postinst: - Kill the old polkitd daemon on upgrade, to ensure that the new version will be used at the next occasion. -- Michael Biebl Tue, 13 Oct 2009 14:32:25 +0200 policykit-1 (0.94-2) unstable; urgency=low * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and link against -lfreebsd for sysctlnametomib. When glibc 2.10 enters unstable this workaround can be removed again. -- Michael Biebl Tue, 13 Oct 2009 00:29:47 +0200 policykit-1 (0.94-1) unstable; urgency=low * Rename package to policykit-1. Upstream (at least temporarily) forked the project to make it installable in parallel with policykit 0.9, until all programs are ported to the new API. * Drop all patches except 01_pam_polkit.patch. * Refresh debian/patches/01_pam_polkit.patch. * debian/control - Update Build-Depends + Drop libdbus-1-dev, libdbus-glib-1-dev. + Add libeggdbus-1-dev (>= 0.5) and lsb-release. + Bump libglib2-dev dependency to (>= 2.21.4). - Update list of binary packages and their package descriptions. - Drop dependency on adduser. - Bump Standards-Version to 3.8.3. + Add README.source which refers to the quilt documentation. - Update Vcs-* fields. Package is now managed using Git and hosted on git.debian.org. * Update shared library structure: libpolkit-{dbus,grant} → libpolkit-{agent,backend,gobject}-1. * Rename policykit, policykit-doc → policykit-1, policykit-1-doc. * Update and revise all *.install files. * debian/rules, debian/policykit.init: Drop init script, package doesn't use /var/run any more. * debian/policykit-1.postinst: Don't create "polkituser" system user, it's not used any more. * Update watch file. * debian/patches/02_dont_export_private_symbols.patch - Don't export private symbols in the libraries. * debian/patches/99_autoreconf.patch - Update the autotools files as the previous patch also touches the build system. * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved shlibs dependencies. * debian/rules - Disable introspection support. - When building for Ubuntu, install a localauthority.conf.d configuration file which considers "admin" group users as administrators. - Don't install example application. * debian/copyright - Update copyright holder. - License was changed to LGPL 2.1+. -- Michael Biebl Sun, 27 Sep 2009 21:35:18 +0200 policykit (0.9-4) unstable; urgency=low * Add support for /var/run being a tmpfs. (Closes: #532101) - Create /var/run/PolicyKit dynamically on boot by using an init script. Original patch by Martin Pitt, thanks. Updated patch to only run the init script in runlevel S at priority 75. - Do no longer ship /var/run/PolicyKit in the package itself. * debian/control - Bump Standards-Version to 3.8.1. * debian/patches/04_entry_leak.patch - Plug a memory leak. Patch pulled from Fedora. * debian/patches/05_manpage_typo_fix.patch - Fix a small typo in the polkit-auth man page. (Closes: #523565) * debian/patches/06_no_inotify_or_path_max.patch - Add support for systems which don't support inotify (like hurd) and don't use PATH_MAX unconditionally, instead use dynamically growing buffers. (Closes: #521756) Patch by Samuel Thibault, thanks. -- Michael Biebl Thu, 18 Jun 2009 09:55:34 +0200 policykit (0.9-3) unstable; urgency=low * Switch patch management system to quilt. * debian/control - Wrap Build-Depends. - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758) - Bump Build-Depends on debhelper to (>= 7). * debian/compat - Bump debhelper compat level to 7. * debian/rules - Include debhelper.mk before any other files as recommended by the cdbs documentation. * debian/patches/03_consolekit0.3-api.patch - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either. Patch pulled from Ubuntu. -- Michael Biebl Wed, 18 Feb 2009 17:25:52 +0100 policykit (0.9-2) unstable; urgency=high [ Simon McVittie ] * Add patch committed in Fedora (although not upstream) by the upstream maintainer, to allow PolicyKit to be used when CVE-2008-4311 has been fixed in dbus-daemon. (Closes: #510646) [ Michael Biebl ] * debian/control - Add ${misc:Depends} to all binary packages. -- Michael Biebl Wed, 07 Jan 2009 18:18:56 +0100 policykit (0.9-1) unstable; urgency=low * New upstream release. * debian/control - Bump Standards-Version to 3.8.0. No further changes. -- Michael Biebl Sun, 03 Aug 2008 10:53:11 +0200 policykit (0.8-2) unstable; urgency=low * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2. * debian/policykit.postinst - Set correct permissions for all files. (Closes: #482064) - Define a small helper function to apply the permissions. This makes it more concise and readable. -- Michael Biebl Fri, 23 May 2008 04:33:48 +0200 policykit (0.8-1) unstable; urgency=medium * New upstream release. - SECURITY - CVE-2008-1658: Fixes format string vulnerability in the grant helper. (Closes: #476615) * debian/control - Add Build-Depends on pkg-config. -- Michael Biebl Fri, 18 Apr 2008 01:39:08 +0200 policykit (0.7-2) unstable; urgency=low * Upload to unstable. -- Michael Biebl Fri, 11 Jan 2008 01:02:59 +0100 policykit (0.7-1) experimental; urgency=low * New upstream release. (Closes: #455874) * debian/control - Bump Standards-Version to 3.7.3. No further changes required. - Add Build-Depends on libdbus-glib-1-dev (>= 0.73). - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/. (Closes: #446504) - Improve package description. (Closes: #446554) * debian/copyright - All code is now licensed under the MIT/X11 license. Update the copyright notice accordingly. * debian/policykit.dirs - Add the directory /var/lib/PolicyKit-public. * debian/policykit.install - Install the D-Bus config and service files for the PolicyKit system service. - Install /var/lib/misc/PolicyKit.reload. * debian/rules - Fix the permissions of /var/lib/misc/PolicyKit.reload. * debian/policykit.postinst - Use dpkg-statoverride to check for local modifications before setting the SUID/SGID bits. -- Michael Biebl Thu, 20 Dec 2007 18:01:38 +0100 policykit (0.6-1) experimental; urgency=low * New upstream release. * debian/control - Use new "Homepage:" field to specify the upstream URL. - The Vcs-* fields are now officially supported, so remove the XS- prefix. - Add a Recommends: policykit-gnome to the policykit package. - Enable SELinux support by adding a Build-Depends on libselinux1-dev for all supported platforms. * debian/policykit.postinst - Install polkit-grant-helper-pam with the correct permissions. -- Michael Biebl Sat, 03 Nov 2007 00:02:33 +0100 policykit (0.5-1) experimental; urgency=low * Initial release. (Closes: #397087) -- Michael Biebl Tue, 02 Oct 2007 22:38:04 +0200