--- policykit-1-0.96.orig/debian/libpolkit-agent-1-0.install +++ policykit-1-0.96/debian/libpolkit-agent-1-0.install @@ -0,0 +1 @@ +usr/lib/libpolkit-agent-1.so.* --- policykit-1-0.96.orig/debian/copyright +++ policykit-1-0.96/debian/copyright @@ -0,0 +1,55 @@ +This package was debianized by Michael Biebl on +Sun, 02 Sep 2007 06:04:06 +0200. + +It was downloaded from http://hal.freedesktop.org/releases/ + +Upstream Author: + + David Zeuthen + +Copyright: + + Copyright (C) 2008, 2009 Red Hat, Inc. + +License: + + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU Lesser General +Public License can be found in `/usr/share/common-licenses/LGPL-2'. + + +=============================================================================== + +The API documentation in the docs/ subdirectory is licensed under the GFDL. + + Permission is granted to copy, distribute and/or modify this document + under the terms of the GNU Free Documentation License, Version 1.1 or any + later version published by the Free Software Foundation with no Invariant + Sections, no Front-Cover Texts, and no Back-Cover Texts. You may obtain a + copy of the GNU Free Documentation License from the Free Software Foundation + by visiting their Web site or by writing to: + + Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. + +On Debian systems, the complete text of the GNU Free Documentation +License can be found in `/usr/share/common-licenses/GFDL'. + +=============================================================================== + +The Debian packaging is (C) 2007-2009, Michael Biebl and +is licensed under the GPL, see `/usr/share/common-licenses/GPL'. + --- policykit-1-0.96.orig/debian/compat +++ policykit-1-0.96/debian/compat @@ -0,0 +1 @@ +7 --- policykit-1-0.96.orig/debian/libpolkit-gobject-1-dev.install +++ policykit-1-0.96/debian/libpolkit-gobject-1-dev.install @@ -0,0 +1,3 @@ +usr/lib/libpolkit-gobject*.{so,a} +usr/lib/pkgconfig/polkit-gobject*.pc +usr/include/polkit-1/polkit/ --- policykit-1-0.96.orig/debian/policykit-1-doc.links +++ policykit-1-0.96/debian/policykit-1-doc.links @@ -0,0 +1 @@ +usr/share/doc/policykit-1-doc/html/ usr/share/gtk-doc/html/polkit-1 --- policykit-1-0.96.orig/debian/policykit-1-doc.install +++ policykit-1-0.96/debian/policykit-1-doc.install @@ -0,0 +1 @@ +usr/share/gtk-doc/html/polkit-1/* /usr/share/doc/policykit-1-doc/html/ --- policykit-1-0.96.orig/debian/policykit-1.postinst +++ policykit-1-0.96/debian/policykit-1.postinst @@ -0,0 +1,58 @@ +#!/bin/sh +# postinst script for policykit +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +set_perms() { + USER=$1 + GROUP=$2 + MODE=$3 + FILE=$4 + if ! dpkg-statoverride --list $FILE > /dev/null 2>&1; then + chown $USER:$GROUP $FILE + chmod $MODE $FILE + fi +} + +case "$1" in + configure) + set_perms root root 700 /var/lib/polkit-1 + set_perms root root 4755 /usr/lib/policykit-1/polkit-agent-helper-1 + set_perms root root 4755 /usr/bin/pkexec + + # Kill the old polkitd daemon on upgrade, to ensure that the new + # version will be used at the next occasion. + start-stop-daemon --stop --quiet --oknodo --exec /usr/lib/policykit-1/polkitd + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- policykit-1-0.96.orig/debian/libpolkit-backend-1-dev.install +++ policykit-1-0.96/debian/libpolkit-backend-1-dev.install @@ -0,0 +1,3 @@ +usr/lib/libpolkit-backend*.{so,a} +usr/lib/pkgconfig/polkit-backend*.pc +usr/include/polkit-1/polkitbackend/ --- policykit-1-0.96.orig/debian/control +++ policykit-1-0.96/debian/control @@ -0,0 +1,108 @@ +Source: policykit-1 +Section: admin +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Utopia Maintenance Team +Uploaders: Michael Biebl , Martin Pitt +Build-Depends: cdbs, + debhelper (>= 7), + autotools-dev, + pkg-config, + libglib2.0-dev (>= 2.21.4), + libeggdbus-1-dev (>= 0.6), + libexpat1-dev, + libpam0g-dev, + libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], + gtk-doc-tools, + xsltproc, + quilt, + lsb-release +Standards-Version: 3.8.3 +Vcs-Git: git://git.debian.org/git/pkg-utopia/policykit.git +Vcs-Browser: http://git.debian.org/?p=pkg-utopia/policykit.git;a=summary +Homepage: http://hal.freedesktop.org/docs/PolicyKit/ + +Package: policykit-1 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, consolekit, dbus +Description: framework for managing administrative policies and privileges + PolicyKit is an application-level toolkit for defining and handling the policy + that allows unprivileged processes to speak to privileged processes. + . + It is a framework for centralizing the decision making process with respect to + granting access to privileged operations (like calling the HAL Mount() method) + for unprivileged (desktop) applications. + +Package: policykit-1-doc +Architecture: all +Section: doc +Depends: ${misc:Depends} +Suggests: devhelp +Description: documentation for PolicyKit-1 + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the API documentation of PolicyKit. + +Package: libpolkit-gobject-1-0 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: PolicyKit Authorization API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for accessing PolicyKit. + +Package: libpolkit-gobject-1-dev +Architecture: any +Section: libdevel +Depends: libpolkit-gobject-1-0 (= ${binary:Version}), ${misc:Depends}, libglib2.0-dev +Description: PolicyKit Authorization API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-gobject-1-0. + +Package: libpolkit-agent-1-0 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: PolicyKit Authentication Agent API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for accessing the authentication agent. + +Package: libpolkit-agent-1-dev +Architecture: any +Section: libdevel +Depends: libpolkit-agent-1-0 (= ${binary:Version}), ${misc:Depends}, libpolkit-gobject-1-dev +Description: PolicyKit Authentication Agent API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-agent-1-0. + +Package: libpolkit-backend-1-0 +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: PolicyKit backend API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for implementing authentication backends. + +Package: libpolkit-backend-1-dev +Architecture: any +Section: libdevel +Depends: libpolkit-backend-1-0 (= ${binary:Version}), ${misc:Depends}, libpolkit-gobject-1-dev +Description: PolicyKit backend API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-backend-1-0. --- policykit-1-0.96.orig/debian/libpolkit-agent-1-0.symbols +++ policykit-1-0.96/debian/libpolkit-agent-1-0.symbols @@ -0,0 +1,10 @@ +libpolkit-agent-1.so.0 libpolkit-agent-1-0 #MINVER# + polkit_agent_listener_get_type@Base 0.94 + polkit_agent_listener_initiate_authentication@Base 0.94 + polkit_agent_listener_initiate_authentication_finish@Base 0.94 + polkit_agent_register_listener@Base 0.94 + polkit_agent_session_cancel@Base 0.94 + polkit_agent_session_get_type@Base 0.94 + polkit_agent_session_initiate@Base 0.94 + polkit_agent_session_new@Base 0.94 + polkit_agent_session_response@Base 0.94 --- policykit-1-0.96.orig/debian/libpolkit-agent-1-dev.install +++ policykit-1-0.96/debian/libpolkit-agent-1-dev.install @@ -0,0 +1,3 @@ +usr/lib/libpolkit-agent*.{so,a} +usr/lib/pkgconfig/polkit-agent*.pc +usr/include/polkit-1/polkitagent/ --- policykit-1-0.96.orig/debian/rules +++ policykit-1-0.96/debian/rules @@ -0,0 +1,19 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk +include /usr/share/cdbs/1/rules/utils.mk + +DEB_DH_MAKESHLIBS_ARGS_policykit-1 := -Xusr/lib/polkit-1/ + +DEB_CONFIGURE_EXTRA_FLAGS := --enable-gtk-doc \ + --enable-man-pages \ + --enable-introspection=no + +binary-install/policykit-1:: + # when building for Ubuntu, allow the admin group + if [ "`lsb_release -is 2>/dev/null`" = "Ubuntu" ]; then \ + /bin/echo -e "[Configuration]\nAdminIdentities=unix-group:admin" > debian/policykit-1/etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf; \ + fi --- policykit-1-0.96.orig/debian/libpolkit-backend-1-0.symbols +++ policykit-1-0.96/debian/libpolkit-backend-1-0.symbols @@ -0,0 +1,51 @@ +libpolkit-backend-1.so.0 libpolkit-backend-1-0 #MINVER# + polkit_backend_action_lookup_get_details@Base 0.94 + polkit_backend_action_lookup_get_icon_name@Base 0.94 + polkit_backend_action_lookup_get_message@Base 0.94 + polkit_backend_action_lookup_get_type@Base 0.94 + polkit_backend_action_pool_get_action@Base 0.94 + polkit_backend_action_pool_get_all_actions@Base 0.94 + polkit_backend_action_pool_get_type@Base 0.94 + polkit_backend_action_pool_new@Base 0.94 + polkit_backend_authority_add_lockdown_for_action@Base 0.95 + polkit_backend_authority_add_lockdown_for_action_finish@Base 0.95 + polkit_backend_authority_authentication_agent_response@Base 0.94 + polkit_backend_authority_check_authorization@Base 0.94 + polkit_backend_authority_check_authorization_finish@Base 0.94 + polkit_backend_authority_enumerate_actions@Base 0.94 + polkit_backend_authority_enumerate_temporary_authorizations@Base 0.94 + polkit_backend_authority_get@Base 0.94 + polkit_backend_authority_get_features@Base 0.95 + polkit_backend_authority_get_name@Base 0.95 + polkit_backend_authority_get_type@Base 0.94 + polkit_backend_authority_get_version@Base 0.95 + polkit_backend_authority_log@Base 0.96 + polkit_backend_authority_register_authentication_agent@Base 0.94 + polkit_backend_authority_remove_lockdown_for_action@Base 0.95 + polkit_backend_authority_remove_lockdown_for_action_finish@Base 0.95 + polkit_backend_authority_revoke_temporary_authorization_by_id@Base 0.94 + polkit_backend_authority_revoke_temporary_authorizations@Base 0.94 + polkit_backend_authority_system_bus_name_owner_changed@Base 0.94 + polkit_backend_authority_unregister_authentication_agent@Base 0.94 + polkit_backend_config_source_get_boolean@Base 0.94 + polkit_backend_config_source_get_double@Base 0.94 + polkit_backend_config_source_get_integer@Base 0.94 + polkit_backend_config_source_get_string@Base 0.94 + polkit_backend_config_source_get_string_list@Base 0.94 + polkit_backend_config_source_get_type@Base 0.94 + polkit_backend_config_source_new@Base 0.94 + polkit_backend_interactive_authority_check_authorization_sync@Base 0.94 + polkit_backend_interactive_authority_get_admin_identities@Base 0.94 + polkit_backend_interactive_authority_get_type@Base 0.94 + polkit_backend_local_authority_get_type@Base 0.94 + polkit_backend_local_authorization_store_get_type@Base 0.94 + polkit_backend_local_authorization_store_lookup@Base 0.94 + polkit_backend_local_authorization_store_new@Base 0.94 + polkit_backend_register_authority@Base 0.94 + polkit_backend_session_monitor_get_session_for_subject@Base 0.94 + polkit_backend_session_monitor_get_sessions@Base 0.94 + polkit_backend_session_monitor_get_type@Base 0.94 + polkit_backend_session_monitor_get_user_for_subject@Base 0.94 + polkit_backend_session_monitor_is_session_active@Base 0.94 + polkit_backend_session_monitor_is_session_local@Base 0.94 + polkit_backend_session_monitor_new@Base 0.94 --- policykit-1-0.96.orig/debian/policykit-1.install +++ policykit-1-0.96/debian/policykit-1.install @@ -0,0 +1,11 @@ +etc/pam.d/ +etc/dbus-1/ +etc/polkit-1/ +usr/bin/ +usr/lib/polkit-1/extensions/*.so +usr/lib/policykit-1/ +usr/share/man/ +usr/share/polkit-1/ +usr/share/dbus-1/ +usr/share/locale/ +var/lib/polkit-1/ --- policykit-1-0.96.orig/debian/libpolkit-backend-1-0.install +++ policykit-1-0.96/debian/libpolkit-backend-1-0.install @@ -0,0 +1 @@ +usr/lib/libpolkit-backend-1.so.* --- policykit-1-0.96.orig/debian/changelog +++ policykit-1-0.96/debian/changelog @@ -0,0 +1,280 @@ +policykit-1 (0.96-2ubuntu1.1) maverick-security; urgency=low + + * SECURITY UPDATE: avoid /proc race conditions when checking privileges + for pkexec. + - 10_fix_proc_race.patch + - CVE-2011-1485 + + -- Kees Cook Tue, 19 Apr 2011 12:25:33 -0700 + +policykit-1 (0.96-2ubuntu1) maverick; urgency=low + + * debian/patches/02_gettext.patch: + - Allow gettext to be used for translations (LP: #619632) + + -- Robert Ancell Thu, 26 Aug 2010 11:19:22 +1000 + +policykit-1 (0.96-2) unstable; urgency=medium + + * Urgency medium, just two small, but important bug fixes. + * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure + vulnerability that allows an attacker to verify whether or not arbitrary + files exist, violating directory permissions. + * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization() + with an invalid PID. (LP: #540464) + + -- Martin Pitt Fri, 09 Apr 2010 12:09:53 +0200 + +policykit-1 (0.96-1) unstable; urgency=low + + * New upstream release. + * debian/libpolkit-backend-1-0.symbols + - Update for new API addition. + + -- Michael Biebl Sat, 16 Jan 2010 00:05:48 +0100 + +policykit-1 (0.95-1) unstable; urgency=low + + * New upstream release. + * Remove patches + - debian/patches/02_dont_export_private_symbols.patch (merged upstream) + - debian/patches/03_path_max.patch (merged upstream) + - debian/patches/04-ref-authority.patch (merged upstream) + - debian/patches/05-pkexec-env.patch (merged upstream) + - debian/patches/99_autoreconf.patch (obsolete) + * debian/control + - Bump Build-Depends on libeggbus-1-dev to (>= 0.6). + * debian/rules + - The example application is no longer built by default so we don't need + to manually remove it anymore. + * debian/libpolkit-{backend,gobject}-1-0.symbols + - Update for new API additions. + + -- Michael Biebl Sat, 14 Nov 2009 05:33:34 +0100 + +policykit-1 (0.94-6) unstable; urgency=low + + * debian/policykit-1.postinst + - Use start-stop-daemon instead of kill+pidof to stop the running polkitd + daemon on upgrades. + * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered + unstable. (Closes: #552605) + + -- Michael Biebl Mon, 09 Nov 2009 01:09:07 +0100 + +policykit-1 (0.94-5) unstable; urgency=low + + * Add debian/patches/04-ref-authority.patch: Ref the instance returned by + polkit_authority_get(), since the documentation says that it needs to be + unref'ed after usage. This fixes crashes in NetworkManager and probably + other programs, too. (LP: #438574, #432452, fd.o #24566) + * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec + saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk) + * Add myself to Uploaders: with Michael's consent. + + -- Martin Pitt Tue, 03 Nov 2009 12:28:09 +0100 + +policykit-1 (0.94-4) unstable; urgency=low + + * debian/patches/03_path_max.patch + - Update patch to fix implicit pointer conversion for + get_current_dir_name. (Closes: #550901) + + -- Michael Biebl Wed, 14 Oct 2009 14:00:40 +0200 + +policykit-1 (0.94-3) unstable; urgency=low + + * debian/patches/03_path_max.patch + - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800) + Thanks to Samuel Thibault for the patch. + * debian/policykit-1.postinst: + - Kill the old polkitd daemon on upgrade, to ensure that the new version + will be used at the next occasion. + + -- Michael Biebl Tue, 13 Oct 2009 14:32:25 +0200 + +policykit-1 (0.94-2) unstable; urgency=low + + * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and + link against -lfreebsd for sysctlnametomib. + When glibc 2.10 enters unstable this workaround can be removed again. + + -- Michael Biebl Tue, 13 Oct 2009 00:29:47 +0200 + +policykit-1 (0.94-1) unstable; urgency=low + + * Rename package to policykit-1. Upstream (at least temporarily) forked + the project to make it installable in parallel with policykit 0.9, until + all programs are ported to the new API. + * Drop all patches except 01_pam_polkit.patch. + * Refresh debian/patches/01_pam_polkit.patch. + * debian/control + - Update Build-Depends + + Drop libdbus-1-dev, libdbus-glib-1-dev. + + Add libeggdbus-1-dev (>= 0.5) and lsb-release. + + Bump libglib2-dev dependency to (>= 2.21.4). + - Update list of binary packages and their package descriptions. + - Drop dependency on adduser. + - Bump Standards-Version to 3.8.3. + + Add README.source which refers to the quilt documentation. + - Update Vcs-* fields. Package is now managed using Git and hosted on + git.debian.org. + * Update shared library structure: libpolkit-{dbus,grant} → + libpolkit-{agent,backend,gobject}-1. + * Rename policykit, policykit-doc → policykit-1, policykit-1-doc. + * Update and revise all *.install files. + * debian/rules, debian/policykit.init: Drop init script, package doesn't use + /var/run any more. + * debian/policykit-1.postinst: Don't create "polkituser" system user, it's + not used any more. + * Update watch file. + * debian/patches/02_dont_export_private_symbols.patch + - Don't export private symbols in the libraries. + * debian/patches/99_autoreconf.patch + - Update the autotools files as the previous patch also touches the build + system. + * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved + shlibs dependencies. + * debian/rules + - Disable introspection support. + - When building for Ubuntu, install a localauthority.conf.d configuration + file which considers "admin" group users as administrators. + - Don't install example application. + * debian/copyright + - Update copyright holder. + - License was changed to LGPL 2.1+. + + -- Michael Biebl Sun, 27 Sep 2009 21:35:18 +0200 + +policykit (0.9-4) unstable; urgency=low + + * Add support for /var/run being a tmpfs. (Closes: #532101) + - Create /var/run/PolicyKit dynamically on boot by using an init script. + Original patch by Martin Pitt, thanks. Updated patch to only run the + init script in runlevel S at priority 75. + - Do no longer ship /var/run/PolicyKit in the package itself. + * debian/control + - Bump Standards-Version to 3.8.1. + * debian/patches/04_entry_leak.patch + - Plug a memory leak. Patch pulled from Fedora. + * debian/patches/05_manpage_typo_fix.patch + - Fix a small typo in the polkit-auth man page. (Closes: #523565) + * debian/patches/06_no_inotify_or_path_max.patch + - Add support for systems which don't support inotify (like hurd) and + don't use PATH_MAX unconditionally, instead use dynamically growing + buffers. (Closes: #521756) + Patch by Samuel Thibault, thanks. + + -- Michael Biebl Thu, 18 Jun 2009 09:55:34 +0200 + +policykit (0.9-3) unstable; urgency=low + + * Switch patch management system to quilt. + * debian/control + - Wrap Build-Depends. + - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758) + - Bump Build-Depends on debhelper to (>= 7). + * debian/compat + - Bump debhelper compat level to 7. + * debian/rules + - Include debhelper.mk before any other files as recommended by the cdbs + documentation. + * debian/patches/03_consolekit0.3-api.patch + - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either. + Patch pulled from Ubuntu. + + -- Michael Biebl Wed, 18 Feb 2009 17:25:52 +0100 + +policykit (0.9-2) unstable; urgency=high + + [ Simon McVittie ] + * Add patch committed in Fedora (although not upstream) by the upstream + maintainer, to allow PolicyKit to be used when CVE-2008-4311 has + been fixed in dbus-daemon. (Closes: #510646) + + [ Michael Biebl ] + * debian/control + - Add ${misc:Depends} to all binary packages. + + -- Michael Biebl Wed, 07 Jan 2009 18:18:56 +0100 + +policykit (0.9-1) unstable; urgency=low + + * New upstream release. + * debian/control + - Bump Standards-Version to 3.8.0. No further changes. + + -- Michael Biebl Sun, 03 Aug 2008 10:53:11 +0200 + +policykit (0.8-2) unstable; urgency=low + + * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2. + * debian/policykit.postinst + - Set correct permissions for all files. (Closes: #482064) + - Define a small helper function to apply the permissions. This makes it + more concise and readable. + + -- Michael Biebl Fri, 23 May 2008 04:33:48 +0200 + +policykit (0.8-1) unstable; urgency=medium + + * New upstream release. + - SECURITY - CVE-2008-1658: + Fixes format string vulnerability in the grant helper. (Closes: #476615) + * debian/control + - Add Build-Depends on pkg-config. + + -- Michael Biebl Fri, 18 Apr 2008 01:39:08 +0200 + +policykit (0.7-2) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Fri, 11 Jan 2008 01:02:59 +0100 + +policykit (0.7-1) experimental; urgency=low + + * New upstream release. (Closes: #455874) + * debian/control + - Bump Standards-Version to 3.7.3. No further changes required. + - Add Build-Depends on libdbus-glib-1-dev (>= 0.73). + - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/. + (Closes: #446504) + - Improve package description. (Closes: #446554) + * debian/copyright + - All code is now licensed under the MIT/X11 license. Update the copyright + notice accordingly. + * debian/policykit.dirs + - Add the directory /var/lib/PolicyKit-public. + * debian/policykit.install + - Install the D-Bus config and service files for the PolicyKit system + service. + - Install /var/lib/misc/PolicyKit.reload. + * debian/rules + - Fix the permissions of /var/lib/misc/PolicyKit.reload. + * debian/policykit.postinst + - Use dpkg-statoverride to check for local modifications before setting + the SUID/SGID bits. + + -- Michael Biebl Thu, 20 Dec 2007 18:01:38 +0100 + +policykit (0.6-1) experimental; urgency=low + + * New upstream release. + * debian/control + - Use new "Homepage:" field to specify the upstream URL. + - The Vcs-* fields are now officially supported, so remove the XS- prefix. + - Add a Recommends: policykit-gnome to the policykit package. + - Enable SELinux support by adding a Build-Depends on libselinux1-dev for + all supported platforms. + * debian/policykit.postinst + - Install polkit-grant-helper-pam with the correct permissions. + + -- Michael Biebl Sat, 03 Nov 2007 00:02:33 +0100 + +policykit (0.5-1) experimental; urgency=low + + * Initial release. (Closes: #397087) + + -- Michael Biebl Tue, 02 Oct 2007 22:38:04 +0200 + --- policykit-1-0.96.orig/debian/libpolkit-gobject-1-0.symbols +++ policykit-1-0.96/debian/libpolkit-gobject-1-0.symbols @@ -0,0 +1,129 @@ +libpolkit-gobject-1.so.0 libpolkit-gobject-1-0 #MINVER# + polkit_action_description_get_action_id@Base 0.94 + polkit_action_description_get_annotation@Base 0.94 + polkit_action_description_get_annotation_keys@Base 0.94 + polkit_action_description_get_description@Base 0.94 + polkit_action_description_get_icon_name@Base 0.94 + polkit_action_description_get_implicit_active@Base 0.94 + polkit_action_description_get_implicit_any@Base 0.94 + polkit_action_description_get_implicit_inactive@Base 0.94 + polkit_action_description_get_message@Base 0.94 + polkit_action_description_get_real@Base 0.94 + polkit_action_description_get_type@Base 0.94 + polkit_action_description_get_vendor_name@Base 0.94 + polkit_action_description_get_vendor_url@Base 0.94 + polkit_action_description_new_for_real@Base 0.94 + polkit_authority_add_lockdown_for_action@Base 0.95 + polkit_authority_add_lockdown_for_action_finish@Base 0.95 + polkit_authority_add_lockdown_for_action_sync@Base 0.95 + polkit_authority_authentication_agent_response@Base 0.94 + polkit_authority_authentication_agent_response_finish@Base 0.94 + polkit_authority_authentication_agent_response_sync@Base 0.94 + polkit_authority_check_authorization@Base 0.94 + polkit_authority_check_authorization_finish@Base 0.94 + polkit_authority_check_authorization_sync@Base 0.94 + polkit_authority_enumerate_actions@Base 0.94 + polkit_authority_enumerate_actions_finish@Base 0.94 + polkit_authority_enumerate_actions_sync@Base 0.94 + polkit_authority_enumerate_temporary_authorizations@Base 0.94 + polkit_authority_enumerate_temporary_authorizations_finish@Base 0.94 + polkit_authority_enumerate_temporary_authorizations_sync@Base 0.94 + polkit_authority_features_get_type@Base 0.95 + polkit_authority_get@Base 0.94 + polkit_authority_get_backend_features@Base 0.95 + polkit_authority_get_backend_name@Base 0.95 + polkit_authority_get_backend_version@Base 0.95 + polkit_authority_get_type@Base 0.94 + polkit_authority_register_authentication_agent@Base 0.94 + polkit_authority_register_authentication_agent_finish@Base 0.94 + polkit_authority_register_authentication_agent_sync@Base 0.94 + polkit_authority_remove_lockdown_for_action@Base 0.95 + polkit_authority_remove_lockdown_for_action_finish@Base 0.95 + polkit_authority_remove_lockdown_for_action_sync@Base 0.95 + polkit_authority_revoke_temporary_authorization_by_id@Base 0.94 + polkit_authority_revoke_temporary_authorization_by_id_finish@Base 0.94 + polkit_authority_revoke_temporary_authorization_by_id_sync@Base 0.94 + polkit_authority_revoke_temporary_authorizations@Base 0.94 + polkit_authority_revoke_temporary_authorizations_finish@Base 0.94 + polkit_authority_revoke_temporary_authorizations_sync@Base 0.94 + polkit_authority_unregister_authentication_agent@Base 0.94 + polkit_authority_unregister_authentication_agent_finish@Base 0.94 + polkit_authority_unregister_authentication_agent_sync@Base 0.94 + polkit_authorization_result_get_details@Base 0.94 + polkit_authorization_result_get_is_authorized@Base 0.94 + polkit_authorization_result_get_is_challenge@Base 0.94 + polkit_authorization_result_get_locked_down@Base 0.95 + polkit_authorization_result_get_real@Base 0.94 + polkit_authorization_result_get_retains_authorization@Base 0.94 + polkit_authorization_result_get_temporary_authorization_id@Base 0.94 + polkit_authorization_result_get_type@Base 0.94 + polkit_authorization_result_new@Base 0.94 + polkit_authorization_result_new_for_real@Base 0.94 + polkit_check_authorization_flags_get_type@Base 0.94 + polkit_details_get_hash@Base 0.94 + polkit_details_get_keys@Base 0.94 + polkit_details_get_type@Base 0.94 + polkit_details_insert@Base 0.94 + polkit_details_lookup@Base 0.94 + polkit_details_new@Base 0.94 + polkit_details_new_for_hash@Base 0.94 + polkit_error_get_type@Base 0.94 + polkit_error_quark@Base 0.94 + polkit_identity_equal@Base 0.94 + polkit_identity_from_string@Base 0.94 + polkit_identity_get_real@Base 0.94 + polkit_identity_get_type@Base 0.94 + polkit_identity_hash@Base 0.94 + polkit_identity_new_for_real@Base 0.94 + polkit_identity_to_string@Base 0.94 + polkit_implicit_authorization_from_string@Base 0.94 + polkit_implicit_authorization_get_type@Base 0.94 + polkit_implicit_authorization_to_string@Base 0.94 + polkit_subject_equal@Base 0.94 + polkit_subject_exists@Base 0.94 + polkit_subject_exists_finish@Base 0.94 + polkit_subject_exists_sync@Base 0.94 + polkit_subject_from_string@Base 0.94 + polkit_subject_get_real@Base 0.94 + polkit_subject_get_type@Base 0.94 + polkit_subject_hash@Base 0.94 + polkit_subject_new_for_real@Base 0.94 + polkit_subject_to_string@Base 0.94 + polkit_system_bus_name_get_name@Base 0.94 + polkit_system_bus_name_get_process_sync@Base 0.95 + polkit_system_bus_name_get_type@Base 0.94 + polkit_system_bus_name_new@Base 0.94 + polkit_system_bus_name_set_name@Base 0.94 + polkit_temporary_authorization_get_action_id@Base 0.94 + polkit_temporary_authorization_get_id@Base 0.94 + polkit_temporary_authorization_get_real@Base 0.94 + polkit_temporary_authorization_get_subject@Base 0.94 + polkit_temporary_authorization_get_time_expires@Base 0.94 + polkit_temporary_authorization_get_time_obtained@Base 0.94 + polkit_temporary_authorization_get_type@Base 0.94 + polkit_temporary_authorization_new@Base 0.94 + polkit_temporary_authorization_new_for_real@Base 0.94 + polkit_unix_group_get_gid@Base 0.94 + polkit_unix_group_get_type@Base 0.94 + polkit_unix_group_new@Base 0.94 + polkit_unix_group_new_for_name@Base 0.94 + polkit_unix_group_set_gid@Base 0.94 + polkit_unix_process_get_owner@Base 0.94 + polkit_unix_process_get_pid@Base 0.94 + polkit_unix_process_get_start_time@Base 0.94 + polkit_unix_process_get_type@Base 0.94 + polkit_unix_process_new@Base 0.94 + polkit_unix_process_new_full@Base 0.94 + polkit_unix_process_set_pid@Base 0.94 + polkit_unix_session_get_session_id@Base 0.94 + polkit_unix_session_get_type@Base 0.94 + polkit_unix_session_new@Base 0.94 + polkit_unix_session_new_for_process@Base 0.94 + polkit_unix_session_new_for_process_finish@Base 0.94 + polkit_unix_session_new_for_process_sync@Base 0.94 + polkit_unix_session_set_session_id@Base 0.94 + polkit_unix_user_get_type@Base 0.94 + polkit_unix_user_get_uid@Base 0.94 + polkit_unix_user_new@Base 0.94 + polkit_unix_user_new_for_name@Base 0.94 + polkit_unix_user_set_uid@Base 0.94 --- policykit-1-0.96.orig/debian/watch +++ policykit-1-0.96/debian/watch @@ -0,0 +1,3 @@ +version=3 + +http://hal.freedesktop.org/releases/polkit-(.*)\.tar\.gz --- policykit-1-0.96.orig/debian/libpolkit-gobject-1-0.install +++ policykit-1-0.96/debian/libpolkit-gobject-1-0.install @@ -0,0 +1 @@ +usr/lib/libpolkit-gobject-1.so.* --- policykit-1-0.96.orig/debian/README.source +++ policykit-1-0.96/debian/README.source @@ -0,0 +1,3 @@ +This package uses the quilt patch management system. + +Please refer to /usr/share/doc/quilt/README.source for further information. --- policykit-1-0.96.orig/debian/patches/02_gettext.patch +++ policykit-1-0.96/debian/patches/02_gettext.patch @@ -0,0 +1,193 @@ +From c28ef44e1ba82e1a3419c740ac0bbb8aaa591bcd Mon Sep 17 00:00:00 2001 +From: Robert Ancell +Date: Wed, 18 Aug 2010 16:26:15 +1000 +Subject: [PATCH] Use gettext for translations in .policy files +Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 +Bug-Ubuntu: https://launchpad.net/bugs/619632 + +--- + src/polkitbackend/polkitbackendactionpool.c | 48 +++++++++++++++++++++++++++ + 1 files changed, 48 insertions(+), 0 deletions(-) + +Index: polkit-0.96/src/polkitbackend/polkitbackendactionpool.c +=================================================================== +--- polkit-0.96.orig/src/polkitbackend/polkitbackendactionpool.c 2010-08-26 12:45:45.017964001 +1000 ++++ polkit-0.96/src/polkitbackend/polkitbackendactionpool.c 2010-08-26 13:14:52.457964002 +1000 +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -45,7 +46,9 @@ + gchar *vendor_url; + gchar *icon_name; + gchar *description; ++ gchar *description_domain; + gchar *message; ++ gchar *message_domain; + + PolkitImplicitAuthorization implicit_authorization_any; + PolkitImplicitAuthorization implicit_authorization_inactive; +@@ -67,7 +70,9 @@ + g_free (action->vendor_url); + g_free (action->icon_name); + g_free (action->description); ++ g_free (action->description_domain); + g_free (action->message); ++ g_free (action->message_domain); + + g_hash_table_unref (action->localized_description); + g_hash_table_unref (action->localized_message); +@@ -87,6 +92,7 @@ + + static const gchar *_localize (GHashTable *translations, + const gchar *untranslated, ++ const gchar *domain, + const gchar *lang); + + typedef struct +@@ -388,9 +394,11 @@ + + description = _localize (parsed_action->localized_description, + parsed_action->description, ++ parsed_action->description_domain, + locale); + message = _localize (parsed_action->localized_message, + parsed_action->message, ++ parsed_action->message_domain, + locale); + + real = _polkit_action_description_new (action_id, +@@ -609,11 +617,16 @@ + GHashTable *policy_messages; + + char *policy_description_nolang; ++ char *policy_description_domain; + char *policy_message_nolang; ++ char *policy_message_domain; + + /* the value of xml:lang for the thing we're reading in _cdata() */ + char *elem_lang; + ++ /* the value of gettext-domain for the thing we're reading in _cdata() */ ++ char *elem_domain; ++ + char *annotate_key; + EggDBusHashMap *annotations; + +@@ -635,8 +648,12 @@ + + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = NULL; ++ g_free (pd->policy_description_domain); ++ pd->policy_description_domain = NULL; + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = NULL; ++ g_free (pd->policy_message_domain); ++ pd->policy_message_domain = NULL; + if (pd->policy_descriptions != NULL) + { + g_hash_table_unref (pd->policy_descriptions); +@@ -656,6 +673,8 @@ + } + g_free (pd->elem_lang); + pd->elem_lang = NULL; ++ g_free (pd->elem_domain); ++ pd->elem_domain = NULL; + } + + static void +@@ -743,6 +762,10 @@ + { + pd->elem_lang = g_strdup (attr[1]); + } ++ if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) ++ { ++ pd->elem_domain = g_strdup (attr[1]); ++ } + state = STATE_IN_ACTION_DESCRIPTION; + } + else if (strcmp (el, "message") == 0) +@@ -751,6 +774,10 @@ + { + pd->elem_lang = g_strdup (attr[1]); + } ++ if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) ++ { ++ pd->elem_domain = g_strdup (attr[1]); ++ } + state = STATE_IN_ACTION_MESSAGE; + } + else if (strcmp (el, "vendor") == 0 && num_attr == 0) +@@ -853,6 +880,7 @@ + { + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = str; ++ pd->policy_description_domain = g_strdup (pd->elem_domain); + str = NULL; + } + else +@@ -869,6 +897,7 @@ + { + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = str; ++ pd->policy_message_domain = g_strdup (pd->elem_domain); + str = NULL; + } + else +@@ -968,6 +997,8 @@ + + g_free (pd->elem_lang); + pd->elem_lang = NULL; ++ g_free (pd->elem_domain); ++ pd->elem_domain = NULL; + + switch (pd->state) + { +@@ -999,7 +1030,9 @@ + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); + action->description = g_strdup (pd->policy_description_nolang); ++ action->description_domain = g_strdup (pd->policy_description_domain); + action->message = g_strdup (pd->policy_message_nolang); ++ action->message_domain = g_strdup (pd->policy_message_domain); + + action->localized_description = pd->policy_descriptions; + action->localized_message = pd->policy_messages; +@@ -1104,6 +1137,7 @@ + * _localize: + * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' + * @untranslated: the untranslated value, e.g. 'Punch' ++ * @domain: the gettext domain for this string. Make be NULL. + * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG + * with the encoding cut off. Maybe be NULL. + * +@@ -1114,11 +1148,25 @@ + static const gchar * + _localize (GHashTable *translations, + const gchar *untranslated, ++ const gchar *domain, + const gchar *lang) + { + const gchar *result; + gchar lang2[256]; + guint n; ++ ++ if (domain != NULL) ++ { ++ gchar *old_locale; ++ ++ old_locale = g_strdup (setlocale (LC_ALL, NULL)); ++ setlocale (LC_ALL, lang); ++ result = dgettext (domain, untranslated); ++ setlocale (LC_ALL, old_locale); ++ g_free (old_locale); ++ ++ goto out; ++ } + + if (lang == NULL) + { --- policykit-1-0.96.orig/debian/patches/10_fix_proc_race.patch +++ policykit-1-0.96/debian/patches/10_fix_proc_race.patch @@ -0,0 +1,747 @@ +Description: avoid /proc/$pid race when checking for pkexec privileges + (CVE-2011-1485). +Origin: backported https://bugzilla.redhat.com/show_bug.cgi?id=692922 + +Index: policykit-1-0.96/docs/polkit/polkit-1-sections.txt +=================================================================== +--- policykit-1-0.96.orig/docs/polkit/polkit-1-sections.txt 2011-04-19 12:27:34.232498651 -0700 ++++ policykit-1-0.96/docs/polkit/polkit-1-sections.txt 2011-04-19 12:27:54.742775374 -0700 +@@ -148,10 +148,13 @@ + PolkitUnixProcess + polkit_unix_process_new + polkit_unix_process_new_full ++polkit_unix_process_new_for_owner ++polkit_unix_process_set_pid + polkit_unix_process_get_pid ++polkit_unix_process_set_start_time + polkit_unix_process_get_start_time +-polkit_unix_process_set_pid +-polkit_unix_process_get_owner ++polkit_unix_process_set_uid ++polkit_unix_process_get_uid + + PolkitUnixProcessClass + POLKIT_UNIX_PROCESS +Index: policykit-1-0.96/src/polkit/polkitsubject.c +=================================================================== +--- policykit-1-0.96.orig/src/polkit/polkitsubject.c 2011-04-19 12:27:34.252498921 -0700 ++++ policykit-1-0.96/src/polkit/polkitsubject.c 2011-04-19 12:27:54.752775509 -0700 +@@ -24,6 +24,7 @@ + #endif + + #include ++#include + + #include "polkitsubject.h" + #include "polkitunixprocess.h" +@@ -209,8 +210,6 @@ + GError **error) + { + PolkitSubject *subject; +- guint64 val; +- gchar *endptr; + + g_return_val_if_fail (str != NULL, NULL); + +@@ -220,12 +219,20 @@ + + if (g_str_has_prefix (str, "unix-process:")) + { +- val = g_ascii_strtoull (str + sizeof "unix-process:" - 1, +- &endptr, +- 10); +- if (*endptr == '\0') ++ gint scanned_pid; ++ guint64 scanned_starttime; ++ gint scanned_uid; ++ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3) + { +- subject = polkit_unix_process_new ((gint) val); ++ subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid); ++ } ++ else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) ++ { ++ subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime); ++ } ++ else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1) ++ { ++ subject = polkit_unix_process_new (scanned_pid); + if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0) + { + g_object_unref (subject); +@@ -233,8 +240,8 @@ + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, +- "No process with pid %" G_GUINT64_FORMAT, +- val); ++ "Unable to determine start time for process with pid %d", ++ scanned_pid); + } + } + } +@@ -268,6 +275,7 @@ + EggDBusHashMap *details; + EggDBusVariant *variant; + EggDBusVariant *variant2; ++ EggDBusVariant *variant3; + + s = NULL; + +@@ -281,10 +289,24 @@ + else if (strcmp (kind, "unix-process") == 0) + { + variant = egg_dbus_hash_map_lookup (details, "pid"); +- variant2 = egg_dbus_hash_map_lookup (details, "start-time"); +- if (variant != NULL && variant2 != NULL) +- s = polkit_unix_process_new_full (egg_dbus_variant_get_uint (variant), +- egg_dbus_variant_get_uint64 (variant2)); ++ if (variant != NULL && egg_dbus_variant_is_uint (variant)) ++ { ++ gint pid; ++ guint64 start_time; ++ gint uid; ++ variant2 = egg_dbus_hash_map_lookup (details, "start-time"); ++ pid = egg_dbus_variant_get_uint (variant); ++ if (variant2 != NULL && egg_dbus_variant_is_uint64 (variant2)) ++ start_time = egg_dbus_variant_get_uint64 (variant2); ++ else ++ start_time = 0; ++ variant3 = egg_dbus_hash_map_lookup (details, "uid"); ++ if (variant3 != NULL && egg_dbus_variant_is_int (variant3)) ++ uid = egg_dbus_variant_get_int (variant3); ++ else ++ uid = -1; ++ s = polkit_unix_process_new_for_owner (pid, start_time, uid); ++ } + } + else if (strcmp (kind, "unix-session") == 0) + { +@@ -330,6 +352,9 @@ + egg_dbus_hash_map_insert (details, + "start-time", + egg_dbus_variant_new_for_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)))); ++ egg_dbus_hash_map_insert (details, ++ "uid", ++ egg_dbus_variant_new_for_int (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)))); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { +Index: policykit-1-0.96/src/polkit/polkitunixprocess.c +=================================================================== +--- policykit-1-0.96.orig/src/polkit/polkitunixprocess.c 2011-04-19 12:27:34.212498381 -0700 ++++ policykit-1-0.96/src/polkit/polkitunixprocess.c 2011-04-19 12:27:54.752775509 -0700 +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include "polkitunixprocess.h" + #include "polkitsubject.h" +@@ -63,6 +64,7 @@ + + gint pid; + guint64 start_time; ++ gint uid; + }; + + struct _PolkitUnixProcessClass +@@ -75,6 +77,7 @@ + PROP_0, + PROP_PID, + PROP_START_TIME, ++ PROP_UID + }; + + static void subject_iface_init (PolkitSubjectIface *subject_iface); +@@ -82,6 +85,9 @@ + static guint64 get_start_time_for_pid (gint pid, + GError **error); + ++static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error); ++ + #ifdef HAVE_FREEBSD + static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); + #endif +@@ -93,6 +99,7 @@ + static void + polkit_unix_process_init (PolkitUnixProcess *unix_process) + { ++ unix_process->uid = -1; + } + + static void +@@ -109,6 +116,10 @@ + g_value_set_int (value, unix_process->pid); + break; + ++ case PROP_UID: ++ g_value_set_int (value, unix_process->uid); ++ break; ++ + case PROP_START_TIME: + g_value_set_uint64 (value, unix_process->start_time); + break; +@@ -133,6 +144,14 @@ + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + ++ case PROP_UID: ++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ break; ++ ++ case PROP_START_TIME: ++ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); ++ break; ++ + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; +@@ -140,12 +159,39 @@ + } + + static void ++polkit_unix_process_constructed (GObject *object) ++{ ++ PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object); ++ ++ /* sets start_time and uid in case they are unset */ ++ ++ if (process->start_time == 0) ++ process->start_time = get_start_time_for_pid (process->pid, NULL); ++ ++ if (process->uid == -1) ++ { ++ GError *error; ++ error = NULL; ++ process->uid = _polkit_unix_process_get_owner (process, &error); ++ if (error != NULL) ++ { ++ process->uid = -1; ++ g_error_free (error); ++ } ++ } ++ ++ if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL) ++ G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object); ++} ++ ++static void + polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + { + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_unix_process_get_property; + gobject_class->set_property = polkit_unix_process_set_property; ++ gobject_class->constructed = polkit_unix_process_constructed; + + /** + * PolkitUnixProcess:pid: +@@ -157,7 +203,7 @@ + g_param_spec_int ("pid", + "Process ID", + "The UNIX process ID", +- -1, ++ 0, + G_MAXINT, + 0, + G_PARAM_CONSTRUCT | +@@ -167,6 +213,27 @@ + G_PARAM_STATIC_NICK)); + + /** ++ * PolkitUnixProcess:uid: ++ * ++ * The UNIX user id of the process or -1 if unknown. ++ * ++ * Note that this is the real user-id, not the effective user-id. ++ */ ++ g_object_class_install_property (gobject_class, ++ PROP_UID, ++ g_param_spec_int ("uid", ++ "User ID", ++ "The UNIX user ID", ++ -1, ++ G_MAXINT, ++ -1, ++ G_PARAM_CONSTRUCT | ++ G_PARAM_READWRITE | ++ G_PARAM_STATIC_NAME | ++ G_PARAM_STATIC_BLURB | ++ G_PARAM_STATIC_NICK)); ++ ++ /** + * PolkitUnixProcess:start-time: + * + * The start time of the process. +@@ -179,7 +246,8 @@ + 0, + G_MAXUINT64, + 0, +- G_PARAM_READABLE | ++ G_PARAM_CONSTRUCT | ++ G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); +@@ -187,74 +255,50 @@ + } + + /** +- * polkit_unix_process_get_pid: ++ * polkit_unix_process_get_uid: + * @process: A #PolkitUnixProcess. + * +- * Gets the process id for @process. ++ * Gets the user id for @process. Note that this is the real user-id, ++ * not the effective user-id. + * +- * Returns: The process id for @process. ++ * Returns: The user id for @process or -1 if unknown. + */ + gint +-polkit_unix_process_get_pid (PolkitUnixProcess *process) ++polkit_unix_process_get_uid (PolkitUnixProcess *process) + { +- return process->pid; ++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1); ++ return process->uid; + } + + /** +- * polkit_unix_process_get_owner: ++ * polkit_unix_process_set_uid: + * @process: A #PolkitUnixProcess. +- * @error: Return location for error or %NULL. ++ * @uid: The user id to set for @process or -1 to unset it. + * +- * Gets the uid of the owner of @process. ++ * Sets the (real, not effective) user id for @process. ++ */ ++void ++polkit_unix_process_set_uid (PolkitUnixProcess *process, ++ gint uid) ++{ ++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); ++ g_return_if_fail (uid >= -1); ++ process->uid = uid; ++} ++ ++/** ++ * polkit_unix_process_get_pid: ++ * @process: A #PolkitUnixProcess. ++ * ++ * Gets the process id for @process. + * +- * Returns: The UNIX user id of the owner for @process or 0 if @error is set. +- **/ ++ * Returns: The process id for @process. ++ */ + gint +-polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error) ++polkit_unix_process_get_pid (PolkitUnixProcess *process) + { +- gint result; +-#ifdef HAVE_FREEBSD +- struct kinfo_proc p; +-#else +- struct stat statbuf; +- char procbuf[32]; +-#endif +- +- result = 0; +- +-#ifdef HAVE_FREEBSD +- if (get_kinfo_proc (process->pid, &p) == 0) +- { +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "get_kinfo_proc() failed for pid %d: %s", +- process->pid, +- g_strerror (errno)); +- goto out; +- } +- +- result = p.ki_uid; +-#else +- g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid); +- if (stat (procbuf, &statbuf) != 0) +- { +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "stat() failed for /proc/%d: %s", +- process->pid, +- g_strerror (errno)); +- goto out; +- } +- +- result = statbuf.st_uid; +-#endif +- +- out: +- +- return result; ++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); ++ return process->pid; + } + + /** +@@ -268,10 +312,26 @@ + guint64 + polkit_unix_process_get_start_time (PolkitUnixProcess *process) + { ++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); + return process->start_time; + } + + /** ++ * polkit_unix_process_set_start_time: ++ * @process: A #PolkitUnixProcess. ++ * @start_time: The start time for @pid. ++ * ++ * Set the start time of @process. ++ */ ++void ++polkit_unix_process_set_start_time (PolkitUnixProcess *process, ++ guint64 start_time) ++{ ++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); ++ process->start_time = start_time; ++} ++ ++/** + * polkit_unix_process_set_pid: + * @process: A #PolkitUnixProcess. + * @pid: A process id. +@@ -282,21 +342,21 @@ + polkit_unix_process_set_pid (PolkitUnixProcess *process, + gint pid) + { ++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); + process->pid = pid; +- if (pid != (gint) -1) +- process->start_time = get_start_time_for_pid (pid, NULL); + } + + /** + * polkit_unix_process_new: + * @pid: The process id. + * +- * Creates a new #PolkitUnixProcess for @pid. The start time of the +- * process will be looked up in using e.g. the +- * /proc filesystem depending on the platform in +- * use. ++ * Creates a new #PolkitUnixProcess for @pid. ++ * ++ * The uid and start time of the process will be looked up in using ++ * e.g. the /proc filesystem depending on the ++ * platform in use. + * +- * Returns: A #PolkitSubject. Free with g_object_unref(). ++ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ + PolkitSubject * + polkit_unix_process_new (gint pid) +@@ -313,22 +373,42 @@ + * + * Creates a new #PolkitUnixProcess object for @pid and @start_time. + * +- * Returns: A #PolkitSubject. Free with g_object_unref(). ++ * The uid of the process will be looked up in using e.g. the ++ * /proc filesystem depending on the platform in ++ * use. ++ * ++ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ + PolkitSubject * + polkit_unix_process_new_full (gint pid, + guint64 start_time) + { +- PolkitUnixProcess *process; +- +- process = POLKIT_UNIX_PROCESS (polkit_unix_process_new ((gint) -1)); +- process->pid = pid; +- if (start_time != 0) +- process->start_time = start_time; +- else +- process->start_time = get_start_time_for_pid (pid, NULL); ++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, ++ "pid", pid, ++ "start_time", start_time, ++ NULL)); ++} + +- return POLKIT_SUBJECT (process); ++/** ++ * polkit_unix_process_new_for_owner: ++ * @pid: The process id. ++ * @start_time: The start time for @pid or 0 to look it up in e.g. /proc. ++ * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. /proc. ++ * ++ * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid. ++ * ++ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). ++ */ ++PolkitSubject * ++polkit_unix_process_new_for_owner (gint pid, ++ guint64 start_time, ++ gint uid) ++{ ++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, ++ "pid", pid, ++ "start_time", start_time, ++ "uid", uid, ++ NULL)); + } + + static guint +@@ -576,3 +656,95 @@ + + return start_time; + } ++ ++static gint ++_polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error) ++{ ++ gint result; ++ gchar *contents; ++ gchar **lines; ++#ifdef HAVE_FREEBSD ++ struct kinfo_proc p; ++#else ++ gchar filename[64]; ++ guint n; ++#endif ++ ++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); ++ g_return_val_if_fail (error == NULL || *error == NULL, 0); ++ ++ result = 0; ++ lines = NULL; ++ contents = NULL; ++ ++#ifdef HAVE_FREEBSD ++ if (get_kinfo_proc (process->pid, &p) == 0) ++ { ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "get_kinfo_proc() failed for pid %d: %s", ++ process->pid, ++ g_strerror (errno)); ++ goto out; ++ } ++ ++ result = p.ki_uid; ++#else ++ ++ /* see 'man proc' for layout of the status file ++ * ++ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs). ++ */ ++ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid); ++ if (!g_file_get_contents (filename, ++ &contents, ++ NULL, ++ error)) ++ { ++ goto out; ++ } ++ lines = g_strsplit (contents, "\n", -1); ++ for (n = 0; lines != NULL && lines[n] != NULL; n++) ++ { ++ gint real_uid, effective_uid; ++ if (!g_str_has_prefix (lines[n], "Uid:")) ++ continue; ++ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2) ++ { ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Unexpected line `%s' in file %s", ++ lines[n], ++ filename); ++ goto out; ++ } ++ else ++ { ++ result = real_uid; ++ goto out; ++ } ++ } ++ ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Didn't find any line starting with `Uid:' in file %s", ++ filename); ++#endif ++ ++out: ++ g_strfreev (lines); ++ g_free (contents); ++ return result; ++} ++ ++/* deprecated public method */ ++gint ++polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error) ++{ ++ return _polkit_unix_process_get_owner (process, error); ++} +Index: policykit-1-0.96/src/polkit/polkitunixprocess.h +=================================================================== +--- policykit-1-0.96.orig/src/polkit/polkitunixprocess.h 2011-04-19 12:27:34.272499191 -0700 ++++ policykit-1-0.96/src/polkit/polkitunixprocess.h 2011-04-19 12:27:54.752775509 -0700 +@@ -50,11 +50,21 @@ + PolkitSubject *polkit_unix_process_new (gint pid); + PolkitSubject *polkit_unix_process_new_full (gint pid, + guint64 start_time); ++PolkitSubject *polkit_unix_process_new_for_owner (gint pid, ++ guint64 start_time, ++ gint uid); + + gint polkit_unix_process_get_pid (PolkitUnixProcess *process); ++gint polkit_unix_process_get_uid (PolkitUnixProcess *process); + guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process); + void polkit_unix_process_set_pid (PolkitUnixProcess *process, + gint pid); ++void polkit_unix_process_set_uid (PolkitUnixProcess *process, ++ gint uid); ++void polkit_unix_process_set_start_time (PolkitUnixProcess *process, ++ guint64 start_time); ++ ++G_GNUC_DEPRECATED + gint polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error); + +Index: policykit-1-0.96/src/polkitbackend/polkitbackendsessionmonitor.c +=================================================================== +--- policykit-1-0.96.orig/src/polkitbackend/polkitbackendsessionmonitor.c 2011-04-19 12:27:34.292499461 -0700 ++++ policykit-1-0.96/src/polkitbackend/polkitbackendsessionmonitor.c 2011-04-19 12:29:58.814450505 -0700 +@@ -418,13 +418,13 @@ + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { +- GError *local_error; +- +- local_error = NULL; +- uid = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject), &local_error); +- if (local_error != NULL) ++ uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); ++ if ((gint) uid == -1) + { +- g_propagate_error (error, local_error); ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Unix process subject does not have uid set"); + goto out; + } + user = polkit_unix_user_new (uid); +Index: policykit-1-0.96/src/programs/pkexec.c +=================================================================== +--- policykit-1-0.96.orig/src/programs/pkexec.c 2011-04-19 12:27:34.312499731 -0700 ++++ policykit-1-0.96/src/programs/pkexec.c 2011-04-19 12:30:48.015115326 -0700 +@@ -38,6 +38,10 @@ + #include + #include + ++#ifdef __linux__ ++#include ++#endif ++ + #include + + static gchar *original_user_name = NULL; +@@ -410,7 +414,6 @@ + GPtrArray *saved_env; + gchar *opt_user; + pid_t pid_of_caller; +- uid_t uid_of_caller; + + ret = 127; + authority = NULL; +@@ -578,40 +581,49 @@ + */ + g_type_init (); + +- /* now check if the program that invoked us is authorized */ ++ /* make sure we are nuked if the parent process dies */ ++#ifdef __linux__ ++ if (prctl (PR_SET_PDEATHSIG, SIGTERM) != 0) ++ { ++ g_printerr ("prctl(PR_SET_PDEATHSIG, SIGTERM) failed: %s\n", g_strerror (errno)); ++ goto out; ++ } ++#else ++#warning "Please add OS specific code to catch when the parent dies" ++#endif ++ ++ /* Figure out the parent process */ + pid_of_caller = getppid (); + if (pid_of_caller == 1) + { + /* getppid() can return 1 if the parent died (meaning that we are reaped +- * by /sbin/init); get process group leader instead - for example, this +- * happens when launching via gnome-panel (alt+f2, then 'pkexec gedit'). ++ * by /sbin/init); In that case we simpy bail. + */ +- pid_of_caller = getpgrp (); +- } +- +- subject = polkit_unix_process_new (pid_of_caller); +- if (subject == NULL) +- { +- g_printerr ("No such process for pid %d: %s\n", (gint) pid_of_caller, error->message); +- g_error_free (error); ++ g_printerr ("Refusing to render service to dead parents.\n"); + goto out; + } + +- /* paranoia: check that the uid of pid_of_caller matches getuid() */ +- error = NULL; +- uid_of_caller = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject), +- &error); +- if (error != NULL) +- { +- g_printerr ("Error determing pid of caller (pid %d): %s\n", (gint) pid_of_caller, error->message); +- g_error_free (error); +- goto out; +- } +- if (uid_of_caller != getuid ()) +- { +- g_printerr ("User of caller (%d) does not match our uid (%d)\n", uid_of_caller, getuid ()); +- goto out; +- } ++ /* This process we want to check an authorization for is the process ++ * that launched us - our parent process. ++ * ++ * At the time the parent process fork()'ed and exec()'ed us, the ++ * process had the same real-uid that we have now. So we use this ++ * real-uid instead of of looking it up to avoid TOCTTOU issues ++ * (consider the parent process exec()'ing a setuid helper). ++ * ++ * On the other hand, the monotonic process start-time is guaranteed ++ * to never change so it's safe to look that up given only the PID ++ * since we are guaranteed to be nuked if the parent goes away ++ * (cf. the prctl(2) call above). ++ */ ++ subject = polkit_unix_process_new_for_owner (pid_of_caller, ++ 0, /* 0 means "look up start-time in /proc" */ ++ getuid ()); ++ /* really double-check the invariants guaranteed by the PolkitUnixProcess class */ ++ g_assert (subject != NULL); ++ g_assert (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)) == pid_of_caller); ++ g_assert (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0); ++ g_assert (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) > 0); + + authority = polkit_authority_get (); + --- policykit-1-0.96.orig/debian/patches/00git-pkexec-information-disclosure.patch +++ policykit-1-0.96/debian/patches/00git-pkexec-information-disclosure.patch @@ -0,0 +1,68 @@ +From 14bdfd816512a82b1ad258fa143ae5faa945df8a Mon Sep 17 00:00:00 2001 +From: Dan Rosenberg +Date: Wed, 10 Mar 2010 12:46:19 -0500 +Subject: [PATCH 1/2] =?UTF-8?q?Bug=2026982=20=E2=80=93=20pkexec=20information=20disclosure=20vulnerability?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +pkexec is vulnerable to a minor information disclosure vulnerability +that allows an attacker to verify whether or not arbitrary files +exist, violating directory permissions. I reproduced the issue on my +Karmic installation as follows: + + $ mkdir secret + $ sudo chown root:root secret + $ sudo chmod 400 secret + $ sudo touch secret/hidden + $ pkexec /home/drosenbe/secret/hidden + (password prompt) + $ pkexec /home/drosenbe/secret/doesnotexist + Error getting information about /home/drosenbe/secret/doesnotexist: No such + file or directory + +I've attached my patch for the issue. I replaced the stat() call +entirely with access() using F_OK, so rather than check that the +target exists, pkexec now checks if the user has permission to verify +the existence of the program. There might be another way of doing +this, such as chdir()'ing to the parent directory of the target and +calling lstat(), but this seemed like more code than necessary to +prevent such a minor problem. I see no reason to allow pkexec to +execute targets that are not accessible to the executing user because +of directory permissions. This is such a limited use case anyway that +this doesn't really affect functionality. + +http://bugs.freedesktop.org/show_bug.cgi?id=26982 + +Signed-off-by: David Zeuthen +--- + src/programs/pkexec.c | 5 ++--- + 1 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 860e665..17c191e 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -411,7 +411,6 @@ main (int argc, char *argv[]) + gchar *opt_user; + pid_t pid_of_caller; + uid_t uid_of_caller; +- struct stat statbuf; + + ret = 127; + authority = NULL; +@@ -520,9 +519,9 @@ main (int argc, char *argv[]) + g_free (path); + argv[n] = path = s; + } +- if (stat (path, &statbuf) != 0) ++ if (access (path, F_OK) != 0) + { +- g_printerr ("Error getting information about %s: %s\n", path, g_strerror (errno)); ++ g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno)); + goto out; + } + command_line = g_strjoinv (" ", argv + n); +-- +1.7.0 + --- policykit-1-0.96.orig/debian/patches/00git-fix-error-freeing.patch +++ policykit-1-0.96/debian/patches/00git-fix-error-freeing.patch @@ -0,0 +1,32 @@ +From 4c5763334e546615a8f03a80c340b288e1975e91 Mon Sep 17 00:00:00 2001 +From: Martin Pitt +Date: Fri, 9 Apr 2010 11:48:45 +0200 +Subject: [PATCH 2/2] =?UTF-8?q?Bug=2027159=20=E2=80=94=20polkitd=20crashes=20when=20calling=20pkcheck=20on=20a=20wrong=20PID?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not free an error which we are passing to our caller. This fixes a NULL +pointer crash when doing CheckAuthorization() on an invalid PID. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=27159 +Bug-Ubuntu: https://launchpad.net/bugs/540464 +--- + src/polkitbackend/polkitbackendsessionmonitor.c | 1 - + 1 files changed, 0 insertions(+), 1 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 2028250..2a72435 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -425,7 +425,6 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + if (local_error != NULL) + { + g_propagate_error (error, local_error); +- g_error_free (local_error); + goto out; + } + user = polkit_unix_user_new (uid); +-- +1.7.0 + --- policykit-1-0.96.orig/debian/patches/series +++ policykit-1-0.96/debian/patches/series @@ -0,0 +1,5 @@ +00git-pkexec-information-disclosure.patch +00git-fix-error-freeing.patch +01_pam_polkit.patch +02_gettext.patch +10_fix_proc_race.patch --- policykit-1-0.96.orig/debian/patches/01_pam_polkit.patch +++ policykit-1-0.96/debian/patches/01_pam_polkit.patch @@ -0,0 +1,13 @@ +--- a/data/polkit-1.in ++++ b/data/polkit-1.in +@@ -1,6 +1,6 @@ + #%PAM-1.0 + +-auth include @PAM_FILE_INCLUDE_AUTH@ +-account include @PAM_FILE_INCLUDE_ACCOUNT@ +-password include @PAM_FILE_INCLUDE_PASSWORD@ +-session include @PAM_FILE_INCLUDE_SESSION@ ++@include common-auth ++@include common-account ++@include common-password ++@include common-session