Change log for policykit-1 package in Ubuntu
1 → 75 of 108 results | First • Previous • Next • Last |
policykit-1 (124-1ubuntu1) noble; urgency=medium * polkitd.postinst: call systemd-sysusers with SYSTEMD_NSS_DYNAMIC_BYPASS=1 This works around an upgrade bug in systemd where nss-systemd cannot establish a varlink connection with io.systemd.DynamicUser, hence causing the polkitd user/group creation to fail. (LP: #2054716) -- Nick Rosbrook <email address hidden> Wed, 13 Mar 2024 14:15:18 -0400
Available diffs
- diff from 124-1 (in Debian) to 124-1ubuntu1 (1005 bytes)
- diff from 124-1build1 to 124-1ubuntu1 (732 bytes)
Superseded in noble-proposed |
policykit-1 (124-1build1) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Fri, 08 Mar 2024 06:42:26 +0000
Available diffs
- diff from 124-1 (in Debian) to 124-1build1 (529 bytes)
policykit-1 (124-1) unstable; urgency=medium * Migrate upstream metadata and sources to Github * New upstream release * Upstream now installs pam.d snippet directly in /usr/lib, drop redirection * Upstream now ships sysusers.d, drop local copy * Bump copyright year ranges in d/copyright * Build-depend on systemd-dev and use pkg-config instead of hard-coding unit installation directory * Update symbols file for 124 * Override Lintian warning about redundant globbing * Drop d/u/signing-key.asc, releases no longer signed * Add myself to Uploaders -- Luca Boccassi <email address hidden> Sun, 21 Jan 2024 10:42:09 +0000
Available diffs
- diff from 123-3 to 124-1 (37.5 KiB)
policykit-1 (123-3) unstable; urgency=medium * d/control: Build-depend on a debhelper supporting system units in /usr/lib. This avoids making it too easy to backport a version that won't work correctly. Thanks to Michael Biebl -- Simon McVittie <email address hidden> Fri, 20 Oct 2023 09:23:16 +0100
Available diffs
- diff from 123-1 to 123-3 (1.4 KiB)
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
policykit-1 (123-1) unstable; urgency=medium * New upstream release * Update directory permissions to match upstream hardening - /etc/polkit-1/rules.d: was 0700 polkitd:root, now 0750 root:polkitd so polkitd cannot modify it - /var/lib/polkit-1: same as /etc/polkit-1/rules.d - /usr/share/polkit-1/rules.d: was 0700 polkitd:root, now 0755 root:root since everything in that directory comes from a package anyway * d/polkitd.postinst: Clean up /var/lib/polkit-1/.cache on upgrades, now that polkitd will not re-create it (Closes: #855083) * d/tests: Depend on polkitd instead of policykit-1 * d/tests: Rename cli test to polkitd * d/tests: Add a test for pkexec * d/p/debian/Don-t-use-PrivateNetwork-yes-for-the-systemd-unit.patch: Disable PrivateNetwork=yes for now. This would be good to have, but it causes autopkgtest failures under lxc. (Mitigates: #1042880) * d/control: Stop recommending polkitd-pkla in policykit-1. This is a step towards removing the policykit-1 transitional package entirely: it was included in Debian 12 and Ubuntu 22.04, so it has served its purpose and should be removed soon. -- Simon McVittie <email address hidden> Wed, 02 Aug 2023 12:49:21 +0100
Available diffs
- diff from 122-4 to 123-1 (16.0 KiB)
policykit-1 (122-4) unstable; urgency=medium * d/control: Remove transitional polkitd-javascript package. This package was released in bookworm, and nothing in Debian depends on it. It was only relevant for users of certain polkit releases in experimental. * d/*.install: Move gettext extensions into libpolkit-gobject-1-dev. These are generally only needed when building other packages. (Closes: #955204) -- Simon McVittie <email address hidden> Mon, 12 Jun 2023 20:09:41 +0100
Available diffs
- diff from 0.105-33 to 122-4 (1.5 MiB)
- diff from 122-3build1 (in Ubuntu) to 122-4 (1.3 KiB)
Superseded in mantic-proposed |
policykit-1 (122-3build1) mantic; urgency=medium * Upload again the new version to Ubuntu -- Sebastien Bacher <email address hidden> Mon, 08 May 2023 13:47:03 +0200
Available diffs
policykit-1 (122-3) unstable; urgency=medium * d/polkitd.postinst: Stop polkitd before changing home directory. usermod will refuse to change the home directory if a polkitd process is running as the polkitd uid, so stop polkitd if necessary, and also don't fail if usermod can't change the home directory in an existing installation (which is non-critical anyway). (Closes: #1030154) -- Simon McVittie <email address hidden> Tue, 31 Jan 2023 22:05:24 +0000
Available diffs
- diff from 122-2 to 122-3 (1.1 KiB)
policykit-1 (122-2) unstable; urgency=medium [ Debian Janitor ] * d/changelog: Trim trailing whitespace * d/upstream/metadata: Update URLs for Bug-Database, Bug-Submit [ Simon McVittie ] * Update how we assign root-equivalent groups - d/p/debian/50-default.rules-Replace-wheel-group-with-sudo-group.patch, d/rules: Set up Debian's default root-equivalent group 'sudo' in 50-default.rules rather than in 40-debian-sudo.rules. This ensures that users of polkitd-pkla can override it by configuring admin identities the old way. Previously, because 40-debian-sudo.rules was earlier in the sequence than 49-polkit-pkla-compat.rules, it would take precedence and the admin identities from polkitd-pkla were ignored. (Closes: #1023393) By default, polkitd-pkla does not provide any admin identities, which means we behave as though polkitd-pkla was not installed at all, and fall back to the sudo group defined in 50-default.rules. - d/p/debian/05_revert-admin-identities-unix-group-wheel.patch: Drop patch, superseded by the one described above - d/rules: When built for Ubuntu, also install an Ubuntu-specific file sequenced after 49-polkit-pkla-compat.rules but before 50-default.rules, which treats both the 'sudo' group and the legacy 'admin' group as root-equivalent. * Replace /etc/pam.d/polkit-1 with /usr/lib/pam.d/polkit-1. /usr/lib/pam.d has been supported since at least 1.4.0 (Debian 11), so we can make this an ordinary packaged file instead of a conffile. Local sysadmin overrides can still be done via /etc/pam.d/polkit-1 as before. This sidesteps dpkg's inability to keep track of a conffile when it is moved from one package to another (#399829, #645849, #163657, #595112). (Closes: #1006203) * postinst: Only clean up config directories if not owned. If we only have polkitd installed, then we want to clean up the obsolete directory /etc/polkit-1/localauthority.conf.d on upgrade, but if we have polkitd-pkla installed, then it owns that directory and we should not remove it. (Closes: #1026425) * d/policykit-1.dirs: Continue to own some legacy directory names. Having the transitional package continue to own these directories until it has had a chance to clean up obsolete conffiles will silence warnings from dpkg about inability to remove them. (Closes: #1027420) * d/polkitd.postrm: Clean up /var/lib/polkit-1 on purge. If /var/lib/polkit-1 was the polkitd user's home directory, then it might contain a .cache subdirectory; clean that up too. * Create polkitd user with home directory /nonexistent in new installations. This will prevent it from creating detritus in /var/lib/polkit-1. * polkitd.postinst: Change polkitd home directory to /nonexistent on upgrade * Remove version constraints unnecessary since buster (oldstable) * Update standards version to 4.6.2 (no changes needed) -- Simon McVittie <email address hidden> Fri, 20 Jan 2023 13:22:24 +0000
Available diffs
- diff from 122-1 to 122-2 (4.9 KiB)
policykit-1 (122-1) unstable; urgency=medium * d/watch: Fix handling of polkit-pkla-compat * d/watch: Monitor Gitlab releases instead of fd.o web server * New upstream release * Drop patches that were included in the new upstream release -- Simon McVittie <email address hidden> Fri, 28 Oct 2022 18:36:30 +0100
Superseded in mantic-release |
Published in lunar-release |
Obsolete in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
policykit-1 (0.105-33) unstable; urgency=medium * d/p/0.121/CVE-2021-4115-GHSL-2021-077-fix.patch: Attribute CVE-2021-4115 patch to its author. Move it into debian/patches/0.121 to indicate that it is a backport from upstream git, expected to be included in 0.121. * d/p/Fix-a-crash-when-authorization-is-implied.patch: Add patch to fix a crash when one authorization implies another -- Simon McVittie <email address hidden> Sat, 26 Feb 2022 11:11:57 +0000
Available diffs
- diff from 0.105-32 to 0.105-33 (3.0 KiB)
policykit-1 (0.105-31ubuntu0.2) impish-security; urgency=medium * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2021-4115.patch: wait for both calls in src/polkit/polkitsystembusname.c. - CVE-2021-4115 * debian/patches/CVE-2021-4034.patch: replaced with final upstream version. -- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500
Available diffs
policykit-1 (0.105-26ubuntu1.3) focal-security; urgency=medium * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2021-4115.patch: wait for both calls in src/polkit/polkitsystembusname.c. - CVE-2021-4115 * debian/patches/CVE-2021-4034.patch: replaced with final upstream version. -- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500
Available diffs
policykit-1 (0.105-32) unstable; urgency=medium * Use upstream patch for CVE-2021-3560. This patch was included in 0.119, so move it into the 0.119/ directory in the patch series. * d/patches: Use upstream's finalized patch for CVE-2021-4034. The patch that was provided to distributors under embargo was not the final version: it used a different exit status, and made an attempt to show help. The version that was actually committed after the embargo period ended interprets argc == 0 as an attack rather than a mistake, and does not attempt to show the help message. * Move some Debian-specific patches into d/p/debian/. This makes it more obvious that they are not intended to go upstream. * d/control: Split the package. pkexec is a setuid program, which makes it a higher security risk than the more typical IPC-based uses of polkit. If we separate out pkexec into its own package, then only packages that rely on being able to run pkexec will have to depend on it, reducing attack surface for users who are able to remove the pkexec package. * d/control: policykit-1 Provides polkitd-pkla. This will give us a migration path to the separate per-backend packages currently available in experimental. * Add patch from Fedora to fix denial of service via fd exhaustion. CVE-2021-4115 (Closes: #1005784) * Standards-Version: 4.6.0 (no changes required) * Build-depend on dbus-daemon instead of dbus. We only need dbus-run-session at build time; we don't need a fully-working system bus. * Use d/watch format version 4 * d/rules: Create localauthority configuration with install(1), not echo(1). This aligns the packaging a bit more closely with experimental. * Always configure the sudo group as root-equivalent. This avoids Debian derivatives getting an unexpected change in behaviour when they switch from inheriting Debian's policykit-1 package to building their own policykit-1 package, perhaps as a result of wanting to apply an unrelated patch. The sudo group is defined to be root-equivalent in base-passwd, so this should be equally true for all Debian derivatives. Thanks to Arnaud Rebillout. * d/polkitd.links: Create more polkit-agent-helper-1 symlinks. This executable has moved several times, and its path gets compiled into the libpolkit-agent-1-0 shared library. Making the executable available in all the locations it has previously had is helpful when swapping between versions during testing. * Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso. -- Simon McVittie <email address hidden> Fri, 18 Feb 2022 12:45:14 +0000
Available diffs
- diff from 0.105-31.1 to 0.105-32 (9.0 KiB)
policykit-1 (0.105-31.1) unstable; urgency=high * Non-maintainer upload. * Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) -- Salvatore Bonaccorso <email address hidden> Thu, 13 Jan 2022 06:34:44 +0100
Available diffs
policykit-1 (0.105-31ubuntu1) jammy; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Tue, 25 Jan 2022 14:18:21 -0500
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.6) bionic-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:34:00 -0500
policykit-1 (0.105-26ubuntu1.2) focal-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:33:38 -0500
Available diffs
policykit-1 (0.105-31ubuntu0.1) impish-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:30:52 -0500
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
policykit-1 (0.105-31) unstable; urgency=medium [ Salvatore Bonaccorso ] * d/p/CVE-2021-3560.patch: Fix local privilege escalation involving polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) (Closes: #989429) -- Simon McVittie <email address hidden> Thu, 03 Jun 2021 17:06:34 +0100
Available diffs
- diff from 0.105-30 to 0.105-31 (900 bytes)
policykit-1 (0.105-30ubuntu0.1) hirsute-security; urgency=medium * SECURITY UPDATE: local privilege escalation using polkit_system_bus_name_get_creds_sync() - debian/patches/CVE-2021-3560.patch: use proper return code in src/polkit/polkitsystembusname.c. - CVE-2021-3560 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:46:51 -0400
Available diffs
- diff from 0.105-30 (in Debian) to 0.105-30ubuntu0.1 (1013 bytes)
policykit-1 (0.105-26ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: local privilege escalation using polkit_system_bus_name_get_creds_sync() - debian/patches/CVE-2021-3560.patch: use proper return code in src/polkit/polkitsystembusname.c. - CVE-2021-3560 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:50:16 -0400
Available diffs
policykit-1 (0.105-29ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: local privilege escalation using polkit_system_bus_name_get_creds_sync() - debian/patches/CVE-2021-3560.patch: use proper return code in src/polkit/polkitsystembusname.c. - CVE-2021-3560 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:49:40 -0400
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
policykit-1 (0.105-30) unstable; urgency=medium [ Helmut Grohne ] * Annotate Build-Depends: dbus <!nocheck> (Closes: #980998) -- Simon McVittie <email address hidden> Thu, 04 Feb 2021 13:56:09 +0000
Available diffs
- diff from 0.105-29 to 0.105-30 (495 bytes)
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
policykit-1 (0.105-29) unstable; urgency=medium * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec. If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it will fail to find the binary at the new location. So create a symlink to prevent authentication failures on upgrades. (Closes: #965210) -- Michael Biebl <email address hidden> Mon, 03 Aug 2020 11:05:29 +0200
Available diffs
policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- <email address hidden> (Leonidas S. Barbosa) Thu, 29 Aug 2019 15:18:39 -0300
Available diffs
Superseded in groovy-release |
Published in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
policykit-1 (0.105-26ubuntu1) eoan; urgency=medium * Revert "Depend on new virtual packages default-logind and logind". We don't yet have a systemd which provides these virtual packages, rendering policykit-1 uninstallable. This change can be reverted once we do. -- Iain Lane <email address hidden> Fri, 16 Aug 2019 13:37:39 +0100
Available diffs
policykit-1 (0.105-26) unstable; urgency=medium [ Mark Hindley ] * Depend on new virtual packages default-logind and logind (Closes: #923240) [ Simon McVittie ] * Apply most changes from upstream release 0.116 - d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch, d/p/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch: Reduce messages to stderr from polkit agents, in particular when using "systemctl reboot" on a ssh connection or when using "systemctl start" in systemd emergency mode - d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch: Fix critical warnings when calling polkit_permission_new_sync() with no D-Bus system bus - d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch: Fix a potential use-after-free in polkit agents - d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch: Re-enable echo if the tty agent is killed by SIGINT or SIGTERM or suspended with SIGTSTP * Add more bug fixes backported from earlier upstream releases - d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch: Fix a segfault when a library user like flatpak attempts to register a polkit agent with no system bus available (Closes: #923046) - d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch: Make it more obvious that polkitprivate.h was never intended to be API - d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch: Fix a memory leak - d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch: Avoid a use of the deprecated polkit_unix_process_new() * d/*.symbols: Add Build-Depends-Package metadata * d/policykit-1.lintian-overrides: Override systemd unit false positives. The systemd unit is only for on-demand D-Bus activation, and is not intended to be started during boot, so an [Install] section and a parallel LSB init script are not necessary. * Stop building libpolkit-backend as a shared library. Its API was never declared stable before upstream removed it in 0.106. Nothing in Debian depended on it, except for polkitd itself, which now links the same code statically. This is a step towards being able to use the current upstream release of polkit and patch in the old localauthority backend as an alternative to the JavaScript backend, instead of using the old 0.105 codebase and patching in essentially every change except the JavaScript backend, which is becoming unmanageable. - Remove the example null backend, which is pointless now that we've removed the ability to extend polkit. - Remove obsolete conffile 50-nullbackend.conf on upgrade - Remove the directory that previously contained 50-nullbackend.conf after upgrading or removing policykit-1 - Remove obsolete dh_makeshlibs override for the null backend * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports. reportbug doesn't currently seem to interpret "Depends: default-logind | logind" as implying that it should include the version number of the package that Provides logind in bug reports. Workaround for #934472. * Change the policykit-1 package from Architecture: any to Architecture: linux-any, and remove the consolekit [!linux-any] dependency. consolekit is no longer available in any Debian or debian-ports architecture, even those for non-Linux kernels. (Closes: #918446) * Standards-Version: 4.4.0 (no changes required) * Switch to debhelper-compat 12 - d/control: Add ${misc:Pre-Depends} * Switch to dh_missing and abort on uninstalled files (patch taken from experimental, thanks to Michael Biebl) -- Simon McVittie <email address hidden> Sun, 11 Aug 2019 19:09:35 +0100
policykit-1 (0.105-14.1ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:28 -0400
Available diffs
policykit-1 (0.105-21ubuntu0.4) cosmic-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:51:01 -0400
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.5) bionic-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:02 -0400
Available diffs
policykit-1 (0.105-4ubuntu3.14.04.6) trusty-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:59 -0400
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
policykit-1 (0.105-25) unstable; urgency=medium * Team upload * Add tests-add-tests-for-high-uids.patch - Patch from upstream modified by Ubuntu to test high UID fix * Compare PolkitUnixProcess uids for temporary authorizations. - Fix temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) (Closes: #918985) -- Jeremy Bicha <email address hidden> Tue, 15 Jan 2019 11:11:58 -0500
Available diffs
policykit-1 (0.105-14.1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:19:19 -0500
Available diffs
policykit-1 (0.105-4ubuntu3.14.04.5) trusty-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:20:15 -0500
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.4) bionic-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:18:22 -0500
Available diffs
policykit-1 (0.105-21ubuntu0.3) cosmic-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:15:13 -0500
Available diffs
Superseded in disco-proposed |
policykit-1 (0.105-22ubuntu3) disco; urgency=medium * Re-enable security patches - debian/patches/CVE-2018-19788-1.patch - debian/patches/CVE-2018-19788-2.patch * Fix regression causing autopkgtest failures: - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:12:09 -0500
Available diffs
policykit-1 (0.105-22ubuntu2) disco; urgency=medium * Disable security patches until autopkgtest regression fix is available. (See Debian bug 916075) - debian/patches/CVE-2018-19788-1.patch - debian/patches/CVE-2018-19788-2.patch -- Marc Deslauriers <email address hidden> Tue, 11 Dec 2018 07:15:16 -0500
Available diffs
Superseded in disco-proposed |
policykit-1 (0.105-22ubuntu1) disco; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Fri, 07 Dec 2018 08:18:07 -0500
Available diffs
policykit-1 (0.105-22) unstable; urgency=medium * Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. * Remove obsolete conffile /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades * Bump Standards-Version to 4.2.1 * Remove Breaks for versions older than oldstable * Stop masking polkit.service during the upgrade process. This is no longer necessary with the D-Bus policy file being installed in /usr/share/dbus-1/system.d/. (Closes: #902474) * Use dh_installsystemd to restart polkit.service after an upgrade. This replaces a good deal of hand-written maintscript code. -- Michael Biebl <email address hidden> Tue, 27 Nov 2018 20:17:44 +0100
Available diffs
- diff from 0.105-21 to 0.105-22 (3.1 KiB)
policykit-1 (0.105-4ubuntu3.14.04.2) trusty-security; urgency=medium * SECURITY UPDATE: DoS via invalid object path - debian/patches/CVE-2015-3218.patch: handle invalid object paths in src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2015-3218 * SECURITY UPDATE: privilege escalation via duplicate action IDs - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in src/polkitbackend/polkitbackendactionpool.c. - CVE-2015-3255 * SECURITY UPDATE: privilege escalation via duplicate cookie values - debian/patches/CVE-2015-4625-1.patch: use unpredictable cookie values in configure.ac, src/polkitagent/polkitagenthelper-pam.c, src/polkitagent/polkitagenthelper-shadow.c, src/polkitagent/polkitagenthelperprivate.c, src/polkitagent/polkitagenthelperprivate.h, src/polkitagent/polkitagentsession.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - debian/patches/CVE-2015-4625-2.patch: bind use of cookies to specific uids in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml, data/org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/overview.xml, src/polkit/polkitauthority.c, src/polkitbackend/polkitbackendauthority.c, src/polkitbackend/polkitbackendauthority.h, src/polkitbackend/polkitbackendinteractiveauthority.c. - debian/patches/CVE-2015-4625-3.patch: update docs in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml, data/org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/overview.xml, src/polkit/polkitauthority.c, src/polkitagent/polkitagentlistener.c, src/polkitbackend/polkitbackendauthority.c. - CVE-2015-4625 * SECURITY UPDATE: DoS and information disclosure - debian/patches/CVE-2018-1116.patch: properly check UID in src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c, src/polkitbackend/polkitbackendsessionmonitor-systemd.c, src/polkitbackend/polkitbackendsessionmonitor.c, src/polkitbackend/polkitbackendsessionmonitor.h. - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol. - CVE-2018-1116 -- Marc Deslauriers <email address hidden> Fri, 13 Jul 2018 07:53:14 -0400
Available diffs
policykit-1 (0.105-18ubuntu0.1) artful-security; urgency=medium * SECURITY UPDATE: DoS and information disclosure - debian/patches/CVE-2018-1116.patch: properly check UID in src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c, src/polkitbackend/polkitbackendsessionmonitor-systemd.c, src/polkitbackend/polkitbackendsessionmonitor.c, src/polkitbackend/polkitbackendsessionmonitor.h. - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol. - CVE-2018-1116 -- Marc Deslauriers <email address hidden> Fri, 13 Jul 2018 07:43:05 -0400
Available diffs
policykit-1 (0.105-14.1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: DoS and information disclosure - debian/patches/CVE-2018-1116.patch: properly check UID in src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c, src/polkitbackend/polkitbackendsessionmonitor-systemd.c, src/polkitbackend/polkitbackendsessionmonitor.c, src/polkitbackend/polkitbackendsessionmonitor.h. - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol. - CVE-2018-1116 -- Marc Deslauriers <email address hidden> Fri, 13 Jul 2018 07:44:06 -0400
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: DoS and information disclosure - debian/patches/CVE-2018-1116.patch: properly check UID in src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c, src/polkitbackend/polkitbackendsessionmonitor-systemd.c, src/polkitbackend/polkitbackendsessionmonitor.c, src/polkitbackend/polkitbackendsessionmonitor.h. - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol. - CVE-2018-1116 -- Marc Deslauriers <email address hidden> Fri, 13 Jul 2018 07:42:06 -0400
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
policykit-1 (0.105-21) unstable; urgency=medium * Remove --no-parallel now that parallel builds (hopefully) work. Thanks to Adrian Bunk for spotting this. * Refresh patches via gbp pq * Use one patch per upstream commit for easier metadata round-trips * Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114 - d/p/0.111/Fix-a-memory-leak.patch: Fix a memory leak when PAM authentication fails - d/p/0.113/Remove-a-redundant-assignment.patch: Fix a potential compiler warning - d/p/master/Fix-multi-line-pam-text-info.patch: Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch, d/p/0.114/Fix-multi-line-pam-text-info.patch, d/p/0.114/Refactor-send_to_helper-usage.patch * d/p/03_polkitunixsession_sessionid_from_display.patch: Replace with functionally identical d/p/0.114/Support-polkit-session-agent-running-outside-user-session.patch as applied upstream * d/watch: Use https * d/watch: Download upstream PGP signatures * debian/upstream/signing-key.asc: Add public keys for Ray Strode, Miloslav Trmac, David Zeuthen * d/gbp.conf: Merge upstream tags into the upstream branch * Add myself to Uploaders * d/gbp.conf: Set patch-numbers to false to match current practice * d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch: Backport the security-significant part of 0.115 (CVE-2018-1116) * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck * Standards-Version: 4.1.5 (no changes required) * Set Rules-Requires-Root to no -- Simon McVittie <email address hidden> Wed, 11 Jul 2018 09:29:32 +0100
Available diffs
- diff from 0.105-20 to 0.105-21 (28.7 KiB)
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
policykit-1 (0.105-20) unstable; urgency=medium * Team upload * d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch: Add patch from upstream to fix parallel builds (Closes: #894205) -- Simon McVittie <email address hidden> Tue, 27 Mar 2018 13:50:28 +0100
Available diffs
- diff from 0.105-18 to 0.105-20 (2.9 KiB)
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
policykit-1 (0.105-18) unstable; urgency=medium * Team upload. * master/Add-gettext-support-for-.policy-files.patch: Backport from master: Add .loc and .its files so that gettext can be used to translate policy files. Some upstreams, particularly those that are switching to meson, expect these files to be present so that their PK policy files can be translated. (Closes: #863207) -- Iain Lane <email address hidden> Wed, 24 May 2017 11:21:35 +0100
Available diffs
- diff from 0.105-17 to 0.105-18 (2.1 KiB)
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
policykit-1 (0.105-17) unstable; urgency=medium [ Michael Biebl ] * Use https:// for the upstream homepage. * Update Vcs-Browser to use cgit. * Rename the systemd service unit to polkit.service. It is now based on what was added upstream in 0.106. [ Simon McVittie ] * Build-depend on intltool instead of relying on gtk-doc-tools' dependency (Closes: #837846) [ Martin Pitt ] * Use PAM's common-session-noninteractive modules for pkexec instead of common-session. The latter also runs pam_systemd (the only difference normally) which is a no-op under the classic session-centric D-BUS/graphical login model (as it won't start a new one if it is already running within a logind session), but very expensive when using dbus-user-session and being called from a service that runs outside the PAM session. This causes long delays in e. g. gnome-settings-daemon's backlight helpers. (LP: #1626651) -- Michael Biebl <email address hidden> Fri, 21 Oct 2016 15:44:57 +0200
Available diffs
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
policykit-1 (0.105-16git1) yakkety; urgency=medium Upload current Debian packaging git. [ Michael Biebl ] * Use https:// for the upstream homepage. * Update Vcs-Browser to use cgit. [ Simon McVittie ] * Build-depend on intltool instead of relying on gtk-doc-tools' dependency (Closes: #837846) [ Martin Pitt ] * Use PAM's common-session-noninteractive modules for pkexec instead of common-session. The latter also runs pam_systemd (the only difference normally) which is a no-op under the classic session-centric D-BUS/graphical login model (as it won't start a new one if it is already running within a logind session), but very expensive when using dbus-user-session and being called from a service that runs outside the PAM session. This causes long delays in e. g. gnome-settings-daemon's backlight helpers. (LP: #1626651) -- Martin Pitt <email address hidden> Thu, 06 Oct 2016 22:35:24 +0200
Available diffs
policykit-1 (0.105-16) unstable; urgency=medium [ Michael Biebl ] * Drop obsolete Breaks from pre-wheezy. * Use gir addon instead of calling dh_girepository manually. * Run wrap-and-sort -ast. * Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already pulled in via libgirepository1.0-dev. [ Martin Pitt ] * Add fallback if agent is not running in a logind session. This fixes polkit with dbus-user-session. Thanks Sebastien Bacher for the patch! * Bump Standards-Version to 3.9.8 (no changes necessary). -- Martin Pitt <email address hidden> Mon, 25 Jul 2016 14:32:23 +0200
Available diffs
- diff from 0.105-15 to 0.105-16 (2.9 KiB)
policykit-1 (0.105-15) unstable; urgency=medium * Generate tight inter-package dependencies. This ensures that everything from the same source package is upgraded in lockstep. (Closes: #817998) -- Michael Biebl <email address hidden> Thu, 14 Apr 2016 13:57:13 +0200
Available diffs
- diff from 0.105-14.1 to 0.105-15 (489 bytes)
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
policykit-1 (0.105-14.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS on non-linux/non-systemd. (Closes: #798769) -- Adam Borowski <email address hidden> Thu, 14 Jan 2016 06:28:38 +0100
Available diffs
- diff from 0.105-14 to 0.105-14.1 (1.3 KiB)
policykit-1 (0.105-14) unstable; urgency=medium * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink removal for consistency. * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch backported from upstream master. (LP: #1510824) -- Martin Pitt <email address hidden> Mon, 23 Nov 2015 11:38:00 +0100
Available diffs
policykit-1 (0.105-8ubuntu5) vivid; urgency=medium * Fix handling of multi-line helper output. (LP: #1510824) -- Dariusz Gadomski <email address hidden> Fri, 20 Nov 2015 15:30:03 +0100
Available diffs
policykit-1 (0.105-4ubuntu3.14.04.1) trusty; urgency=medium * Fix handling of multi-line helper output. (LP: #1510824) -- Dariusz Gadomski <email address hidden> Fri, 20 Nov 2015 15:36:30 +0100
Available diffs
policykit-1 (0.105-13ubuntu1) xenial; urgency=medium * Fix handling of multi-line helper output. (LP: #1510824) -- Dariusz Gadomski <email address hidden> Fri, 20 Nov 2015 14:44:23 +0100
Available diffs
policykit-1 (0.105-11ubuntu3) wily; urgency=medium * Fix handling of multi-line helper output. (LP: #1510824) -- Dariusz Gadomski <email address hidden> Fri, 20 Nov 2015 15:24:53 +0100
Available diffs
policykit-1 (0.105-13) unstable; urgency=medium * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while policykit-1 is unpackaged but not yet configured. During that time we don't yet have our D-Bus policy in /etc so that polkitd cannot work yet. This can be dropped once the D-Bus policy moves to /usr. (Closes: #794723, LP: #1447654) -- Martin Pitt <email address hidden> Wed, 21 Oct 2015 08:11:22 +0200
Available diffs
policykit-1 (0.105-8ubuntu4) vivid-proposed; urgency=medium * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while policykit-1 is unpackaged but not yet configured. During that time we don't yet have our D-Bus policy in /etc so that polkitd cannot work yet. This can be dropped once the D-Bus policy moves to /usr. (Closes: #794723, LP: #1447654) -- Martin Pitt <email address hidden> Tue, 20 Oct 2015 05:49:49 +0200
Available diffs
- diff from 0.105-8ubuntu3 to 0.105-8ubuntu4 (937 bytes)
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
policykit-1 (0.105-11ubuntu2) wily; urgency=medium * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while policykit-1 is unpackaged but not yet configured. During that time we don't yet have our D-Bus policy in /etc so that polkitd cannot work yet. This can be dropped once the D-Bus policy moves to /usr. (Closes: #794723, LP: #1447654) -- Martin Pitt <email address hidden> Tue, 20 Oct 2015 05:37:43 +0200
Available diffs
- diff from 0.105-11ubuntu1 to 0.105-11ubuntu2 (918 bytes)
policykit-1 (0.105-11ubuntu1) wily; urgency=medium * SECURITY UPDATE: heap corruption via duplicate ids - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in src/polkitbackend/polkitbackendactionpool.c. - CVE-2015-3255 * SECURITY UPDATE: denial of service via identical cookies - debian/patches/CVE-2015-4625.patch: use unpredictable cookie values, keep them secret, and bind them to specific uids in configure.ac, data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml, data/org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/overview.xml, src/polkit/polkitauthority.c, src/polkitagent/polkitagenthelper-pam.c, src/polkitagent/polkitagenthelper-shadow.c, src/polkitagent/polkitagenthelperprivate.c, src/polkitagent/polkitagenthelperprivate.h, src/polkitagent/polkitagentlistener.c, src/polkitagent/polkitagentsession.c, src/polkitbackend/polkitbackendauthority.c, src/polkitbackend/polkitbackendauthority.h, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2015-4625 -- Marc Deslauriers <email address hidden> Tue, 08 Sep 2015 13:03:49 -0400
Available diffs
policykit-1 (0.105-11) unstable; urgency=medium * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932) * policykit-1.postinst: Reload systemd before restarting polkitd.service, to avoid "Warning: polkitd.service changed on disk". (Closes: #791397) -- Martin Pitt <email address hidden> Fri, 10 Jul 2015 13:03:33 +0200
Available diffs
- diff from 0.105-10 to 0.105-11 (2.3 KiB)
policykit-1 (0.105-10) unstable; urgency=medium * Add 00git_type_registration.patch: Use GOnce for interface type registration. Fixes frequent udisks segfault (LP: #1236510). * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call results handler. (LP: #1417637) -- Martin Pitt <email address hidden> Wed, 08 Jul 2015 12:15:41 +0200
Available diffs
Superseded in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
Superseded in vivid-updates |
Deleted in vivid-proposed (Reason: moved to -updates) |
policykit-1 (0.105-8ubuntu3) vivid-proposed; urgency=medium * policykit-1.postinst: Don't kill polkitd under systemd, but properly restart it. This avoids killing it shortly after systemd tries to bus-activate it on installation. (LP: #1447654) -- Martin Pitt <email address hidden> Fri, 24 Apr 2015 16:56:30 +0100
Available diffs
- diff from 0.105-8ubuntu2 to 0.105-8ubuntu3 (675 bytes)
policykit-1 (0.105-4ubuntu2.14.04.1) trusty; urgency=medium * debian/patches/fix_memleak.patch: authority: Fix memory leak in EnumerateActions call results handler (lp: #1417637) -- Luis Lucas <email address hidden> Tue, 03 Feb 2015 17:15:02 +0000
Available diffs
- diff from 0.105-4ubuntu2 to 0.105-4ubuntu2.14.04.1 (1011 bytes)
policykit-1 (0.105-4ubuntu2.14.10.1) utopic; urgency=medium * debian/patches/fix_memleak.patch: authority: Fix memory leak in EnumerateActions call results handler (lp: #1417637) -- Luis Lucas <email address hidden> Tue, 03 Feb 2015 17:15:02 +0000
Available diffs
- diff from 0.105-4ubuntu2 to 0.105-4ubuntu2.14.10.1 (1018 bytes)
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
policykit-1 (0.105-8ubuntu2) vivid; urgency=medium * debian/patches/fix_memleak.patch: authority: Fix memory leak in EnumerateActions call results handler (lp: #1417637) -- Luis Lucas <email address hidden> Tue, 03 Feb 2015 17:15:02 +0000
Available diffs
policykit-1 (0.105-8ubuntu1) vivid; urgency=medium * Merge with Debian unstable. Remaining Ubuntu changes: - debian/patches/git_type_registration.patch: "Use GOnce for interface type registration. Static local variable may not be enough since it doesn't provide locking." That should fix some frequent udisks segfaults issues (lp: #1236510)
Available diffs
Superseded in vivid-release |
Obsolete in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
policykit-1 (0.105-4ubuntu2) trusty; urgency=medium * debian/patches/git_type_registration.patch: "Use GOnce for interface type registration. Static local variable may not be enough since it doesn't provide locking." That should fix some frequent udisks segfaults issues (lp: #1236510) -- Sebastien Bacher <email address hidden> Tue, 11 Feb 2014 19:26:03 +0100
Available diffs
policykit-1 (0.105-4ubuntu1) trusty; urgency=low * Merge with Debian unstable. Remaining Ubuntu changes: - Switch to using logind for session tracking. Depend on libpam-systemd instead of consolekit, and add libsystemd-login-dev build dependency. - debian/policykit-1.postinst: Don't restart polkitd if we are upgrading from a version that uses ConsoleKit. We need to keep the old daemon running until the next reboot, as all the current user sessions still have a CK session and no logind cgroup yet. - Build using autoreconf to update config.{guess,sub} files. - Configure with --disable-silent-rules.
Available diffs
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
policykit-1 (0.105-3ubuntu3) saucy; urgency=low * SECURITY UPDATE: use of pkcheck without specifying uid is racy, possibly leading to privilege escalation - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid syntax so callers have a non-racy way of using pkcheck. - CVE-2013-4288 -- Marc Deslauriers <email address hidden> Wed, 18 Sep 2013 12:38:05 -0400
Available diffs
policykit-1 (0.104-2ubuntu1.1) quantal-security; urgency=low * SECURITY UPDATE: use of pkcheck without specifying uid is racy, possibly leading to privilege escalation - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid syntax so callers have a non-racy way of using pkcheck. - CVE-2013-4288 -- Marc Deslauriers <email address hidden> Wed, 11 Sep 2013 09:47:31 -0400
Available diffs
policykit-1 (0.96-2ubuntu0.2) lucid-security; urgency=low * SECURITY UPDATE: use of pkcheck without specifying uid is racy, possibly leading to privilege escalation - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid syntax so callers have a non-racy way of using pkcheck. - CVE-2013-4288 -- Marc Deslauriers <email address hidden> Wed, 11 Sep 2013 09:50:59 -0400
Available diffs
policykit-1 (0.105-1ubuntu1.1) raring-security; urgency=low * SECURITY UPDATE: use of pkcheck without specifying uid is racy, possibly leading to privilege escalation - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid syntax so callers have a non-racy way of using pkcheck. - CVE-2013-4288 -- Marc Deslauriers <email address hidden> Wed, 11 Sep 2013 09:43:35 -0400
Available diffs
1 → 75 of 108 results | First • Previous • Next • Last |