Change log for policykit-1 package in Ubuntu

175 of 108 results
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
policykit-1 (124-1ubuntu1) noble; urgency=medium

  * polkitd.postinst: call systemd-sysusers with SYSTEMD_NSS_DYNAMIC_BYPASS=1
    This works around an upgrade bug in systemd where nss-systemd cannot
    establish a varlink connection with io.systemd.DynamicUser, hence causing
    the polkitd user/group creation to fail. (LP: #2054716)

 -- Nick Rosbrook <email address hidden>  Wed, 13 Mar 2024 14:15:18 -0400
Superseded in noble-proposed
policykit-1 (124-1build1) noble; urgency=medium

  * No-change rebuild against libglib2.0-0t64

 -- Steve Langasek <email address hidden>  Fri, 08 Mar 2024 06:42:26 +0000

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
policykit-1 (124-1) unstable; urgency=medium

  * Migrate upstream metadata and sources to Github
  * New upstream release
  * Upstream now installs pam.d snippet directly in /usr/lib, drop
    redirection
  * Upstream now ships sysusers.d, drop local copy
  * Bump copyright year ranges in d/copyright
  * Build-depend on systemd-dev and use pkg-config instead of hard-coding
    unit installation directory
  * Update symbols file for 124
  * Override Lintian warning about redundant globbing
  * Drop d/u/signing-key.asc, releases no longer signed
  * Add myself to Uploaders

 -- Luca Boccassi <email address hidden>  Sun, 21 Jan 2024 10:42:09 +0000

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
policykit-1 (123-3) unstable; urgency=medium

  * d/control: Build-depend on a debhelper supporting system units in /usr/lib.
    This avoids making it too easy to backport a version that won't work
    correctly. Thanks to Michael Biebl

 -- Simon McVittie <email address hidden>  Fri, 20 Oct 2023 09:23:16 +0100

Available diffs

Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
policykit-1 (123-1) unstable; urgency=medium

  * New upstream release
  * Update directory permissions to match upstream hardening
    - /etc/polkit-1/rules.d: was 0700 polkitd:root, now 0750 root:polkitd
      so polkitd cannot modify it
    - /var/lib/polkit-1: same as /etc/polkit-1/rules.d
    - /usr/share/polkit-1/rules.d: was 0700 polkitd:root, now 0755
      root:root since everything in that directory comes from a package
      anyway
  * d/polkitd.postinst: Clean up /var/lib/polkit-1/.cache on upgrades,
    now that polkitd will not re-create it (Closes: #855083)
  * d/tests: Depend on polkitd instead of policykit-1
  * d/tests: Rename cli test to polkitd
  * d/tests: Add a test for pkexec
  * d/p/debian/Don-t-use-PrivateNetwork-yes-for-the-systemd-unit.patch:
    Disable PrivateNetwork=yes for now. This would be good to have,
    but it causes autopkgtest failures under lxc. (Mitigates: #1042880)
  * d/control: Stop recommending polkitd-pkla in policykit-1.
    This is a step towards removing the policykit-1 transitional package
    entirely: it was included in Debian 12 and Ubuntu 22.04, so it has
    served its purpose and should be removed soon.

 -- Simon McVittie <email address hidden>  Wed, 02 Aug 2023 12:49:21 +0100

Available diffs

Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
policykit-1 (122-4) unstable; urgency=medium

  * d/control: Remove transitional polkitd-javascript package.
    This package was released in bookworm, and nothing in Debian depends
    on it. It was only relevant for users of certain polkit releases in
    experimental.
  * d/*.install: Move gettext extensions into libpolkit-gobject-1-dev.
    These are generally only needed when building other packages.
    (Closes: #955204)

 -- Simon McVittie <email address hidden>  Mon, 12 Jun 2023 20:09:41 +0100
Superseded in mantic-proposed
policykit-1 (122-3build1) mantic; urgency=medium

  * Upload again the new version to Ubuntu

 -- Sebastien Bacher <email address hidden>  Mon, 08 May 2023 13:47:03 +0200
Deleted in lunar-proposed (Reason: blocked on MIR and needs porting work for rules)
policykit-1 (122-3) unstable; urgency=medium

  * d/polkitd.postinst: Stop polkitd before changing home directory.
    usermod will refuse to change the home directory if a polkitd process
    is running as the polkitd uid, so stop polkitd if necessary, and also
    don't fail if usermod can't change the home directory in an existing
    installation (which is non-critical anyway). (Closes: #1030154)

 -- Simon McVittie <email address hidden>  Tue, 31 Jan 2023 22:05:24 +0000

Available diffs

Superseded in lunar-proposed
policykit-1 (122-2) unstable; urgency=medium

  [ Debian Janitor ]
  * d/changelog: Trim trailing whitespace
  * d/upstream/metadata: Update URLs for Bug-Database, Bug-Submit

  [ Simon McVittie ]
  * Update how we assign root-equivalent groups
    - d/p/debian/50-default.rules-Replace-wheel-group-with-sudo-group.patch,
      d/rules:
      Set up Debian's default root-equivalent group 'sudo' in
      50-default.rules rather than in 40-debian-sudo.rules. This ensures
      that users of polkitd-pkla can override it by configuring admin
      identities the old way. Previously, because 40-debian-sudo.rules was
      earlier in the sequence than 49-polkit-pkla-compat.rules, it would
      take precedence and the admin identities from polkitd-pkla were
      ignored. (Closes: #1023393)
      By default, polkitd-pkla does not provide any admin identities,
      which means we behave as though polkitd-pkla was not installed at all,
      and fall back to the sudo group defined in 50-default.rules.
    - d/p/debian/05_revert-admin-identities-unix-group-wheel.patch:
      Drop patch, superseded by the one described above
    - d/rules: When built for Ubuntu, also install an Ubuntu-specific file
      sequenced after 49-polkit-pkla-compat.rules but before
      50-default.rules, which treats both the 'sudo' group and the legacy
      'admin' group as root-equivalent.
  * Replace /etc/pam.d/polkit-1 with /usr/lib/pam.d/polkit-1.
    /usr/lib/pam.d has been supported since at least 1.4.0 (Debian 11),
    so we can make this an ordinary packaged file instead of a conffile.
    Local sysadmin overrides can still be done via /etc/pam.d/polkit-1
    as before.
    This sidesteps dpkg's inability to keep track of a conffile when it is
    moved from one package to another (#399829, #645849, #163657, #595112).
    (Closes: #1006203)
  * postinst: Only clean up config directories if not owned.
    If we only have polkitd installed, then we want to clean up the obsolete
    directory /etc/polkit-1/localauthority.conf.d on upgrade, but if we
    have polkitd-pkla installed, then it owns that directory and we should
    not remove it. (Closes: #1026425)
  * d/policykit-1.dirs: Continue to own some legacy directory names.
    Having the transitional package continue to own these directories until
    it has had a chance to clean up obsolete conffiles will silence warnings
    from dpkg about inability to remove them. (Closes: #1027420)
  * d/polkitd.postrm: Clean up /var/lib/polkit-1 on purge.
    If /var/lib/polkit-1 was the polkitd user's home directory, then it
    might contain a .cache subdirectory; clean that up too.
  * Create polkitd user with home directory /nonexistent in new installations.
    This will prevent it from creating detritus in /var/lib/polkit-1.
  * polkitd.postinst: Change polkitd home directory to /nonexistent on upgrade
  * Remove version constraints unnecessary since buster (oldstable)
  * Update standards version to 4.6.2 (no changes needed)

 -- Simon McVittie <email address hidden>  Fri, 20 Jan 2023 13:22:24 +0000

Available diffs

Superseded in lunar-proposed
policykit-1 (122-1) unstable; urgency=medium

  * d/watch: Fix handling of polkit-pkla-compat
  * d/watch: Monitor Gitlab releases instead of fd.o web server
  * New upstream release
  * Drop patches that were included in the new upstream release

 -- Simon McVittie <email address hidden>  Fri, 28 Oct 2022 18:36:30 +0100
Superseded in mantic-release
Published in lunar-release
Obsolete in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
policykit-1 (0.105-33) unstable; urgency=medium

  * d/p/0.121/CVE-2021-4115-GHSL-2021-077-fix.patch:
    Attribute CVE-2021-4115 patch to its author.
    Move it into debian/patches/0.121 to indicate that it is a backport from
    upstream git, expected to be included in 0.121.
  * d/p/Fix-a-crash-when-authorization-is-implied.patch:
    Add patch to fix a crash when one authorization implies another

 -- Simon McVittie <email address hidden>  Sat, 26 Feb 2022 11:11:57 +0000

Available diffs

Obsolete in impish-updates
Obsolete in impish-security
policykit-1 (0.105-31ubuntu0.2) impish-security; urgency=medium

  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2021-4115.patch: wait for both calls in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-4115
  * debian/patches/CVE-2021-4034.patch: replaced with final upstream
    version.

 -- Marc Deslauriers <email address hidden>  Mon, 21 Feb 2022 07:58:33 -0500
Published in focal-updates
Published in focal-security
policykit-1 (0.105-26ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via file descriptor leak
    - debian/patches/CVE-2021-4115.patch: wait for both calls in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-4115
  * debian/patches/CVE-2021-4034.patch: replaced with final upstream
    version.

 -- Marc Deslauriers <email address hidden>  Mon, 21 Feb 2022 07:58:33 -0500
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
policykit-1 (0.105-32) unstable; urgency=medium

  * Use upstream patch for CVE-2021-3560.
    This patch was included in 0.119, so move it into the 0.119/ directory
    in the patch series.
  * d/patches: Use upstream's finalized patch for CVE-2021-4034.
    The patch that was provided to distributors under embargo was not the
    final version: it used a different exit status, and made an attempt to
    show help. The version that was actually committed after the embargo
    period ended interprets argc == 0 as an attack rather than a mistake,
    and does not attempt to show the help message.
  * Move some Debian-specific patches into d/p/debian/.
    This makes it more obvious that they are not intended to go upstream.
  * d/control: Split the package.
    pkexec is a setuid program, which makes it a higher security risk than
    the more typical IPC-based uses of polkit. If we separate out pkexec
    into its own package, then only packages that rely on being able to run
    pkexec will have to depend on it, reducing attack surface for users
    who are able to remove the pkexec package.
  * d/control: policykit-1 Provides polkitd-pkla.
    This will give us a migration path to the separate per-backend packages
    currently available in experimental.
  * Add patch from Fedora to fix denial of service via fd exhaustion.
    CVE-2021-4115 (Closes: #1005784)
  * Standards-Version: 4.6.0 (no changes required)
  * Build-depend on dbus-daemon instead of dbus.
    We only need dbus-run-session at build time; we don't need a
    fully-working system bus.
  * Use d/watch format version 4
  * d/rules: Create localauthority configuration with install(1), not
    echo(1). This aligns the packaging a bit more closely with experimental.
  * Always configure the sudo group as root-equivalent.
    This avoids Debian derivatives getting an unexpected change in behaviour
    when they switch from inheriting Debian's policykit-1 package to
    building their own policykit-1 package, perhaps as a result of wanting
    to apply an unrelated patch.
    The sudo group is defined to be root-equivalent in base-passwd, so this
    should be equally true for all Debian derivatives.
    Thanks to Arnaud Rebillout.
  * d/polkitd.links: Create more polkit-agent-helper-1 symlinks.
    This executable has moved several times, and its path gets compiled
    into the libpolkit-agent-1-0 shared library. Making the executable
    available in all the locations it has previously had is helpful when
    swapping between versions during testing.
  * Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso.

 -- Simon McVittie <email address hidden>  Fri, 18 Feb 2022 12:45:14 +0000

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
policykit-1 (0.105-31.1) unstable; urgency=high

  * Non-maintainer upload.
  * Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

 -- Salvatore Bonaccorso <email address hidden>  Thu, 13 Jan 2022 06:34:44 +0100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
policykit-1 (0.105-31ubuntu1) jammy; urgency=medium

  * SECURITY UPDATE: Local Privilege Escalation in pkexec
    - debian/patches/CVE-2021-4034.patch: properly handle command-line
      arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
    - CVE-2021-4034

 -- Marc Deslauriers <email address hidden>  Tue, 25 Jan 2022 14:18:21 -0500
Published in bionic-updates
Published in bionic-security
policykit-1 (0.105-20ubuntu0.18.04.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Local Privilege Escalation in pkexec
    - debian/patches/CVE-2021-4034.patch: properly handle command-line
      arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
    - CVE-2021-4034

 -- Marc Deslauriers <email address hidden>  Wed, 12 Jan 2022 07:34:00 -0500
Superseded in focal-updates
Superseded in focal-security
policykit-1 (0.105-26ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: Local Privilege Escalation in pkexec
    - debian/patches/CVE-2021-4034.patch: properly handle command-line
      arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
    - CVE-2021-4034

 -- Marc Deslauriers <email address hidden>  Wed, 12 Jan 2022 07:33:38 -0500
Superseded in impish-updates
Superseded in impish-security
policykit-1 (0.105-31ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: Local Privilege Escalation in pkexec
    - debian/patches/CVE-2021-4034.patch: properly handle command-line
      arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
    - CVE-2021-4034

 -- Marc Deslauriers <email address hidden>  Wed, 12 Jan 2022 07:30:52 -0500
Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
policykit-1 (0.105-31) unstable; urgency=medium

  [ Salvatore Bonaccorso ]
  * d/p/CVE-2021-3560.patch:
    Fix local privilege escalation involving
    polkit_system_bus_name_get_creds_sync() (CVE-2021-3560)
    (Closes: #989429)

 -- Simon McVittie <email address hidden>  Thu, 03 Jun 2021 17:06:34 +0100

Available diffs

Obsolete in hirsute-updates
Obsolete in hirsute-security
policykit-1 (0.105-30ubuntu0.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation using
    polkit_system_bus_name_get_creds_sync()
    - debian/patches/CVE-2021-3560.patch: use proper return code in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-3560

 -- Marc Deslauriers <email address hidden>  Wed, 26 May 2021 07:46:51 -0400
Superseded in focal-updates
Superseded in focal-security
policykit-1 (0.105-26ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation using
    polkit_system_bus_name_get_creds_sync()
    - debian/patches/CVE-2021-3560.patch: use proper return code in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-3560

 -- Marc Deslauriers <email address hidden>  Wed, 26 May 2021 07:50:16 -0400
Obsolete in groovy-updates
Obsolete in groovy-security
policykit-1 (0.105-29ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: local privilege escalation using
    polkit_system_bus_name_get_creds_sync()
    - debian/patches/CVE-2021-3560.patch: use proper return code in
      src/polkit/polkitsystembusname.c.
    - CVE-2021-3560

 -- Marc Deslauriers <email address hidden>  Wed, 26 May 2021 07:49:40 -0400
Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
policykit-1 (0.105-30) unstable; urgency=medium

  [ Helmut Grohne ]
  * Annotate Build-Depends: dbus <!nocheck> (Closes: #980998)

 -- Simon McVittie <email address hidden>  Thu, 04 Feb 2021 13:56:09 +0000

Available diffs

Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
policykit-1 (0.105-29) unstable; urgency=medium

  * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec.
    If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it
    will fail to find the binary at the new location. So create a symlink to
    prevent authentication failures on upgrades. (Closes: #965210)

 -- Michael Biebl <email address hidden>  Mon, 03 Aug 2020 11:05:29 +0200
Published in precise-updates
Published in precise-security
policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 29 Aug 2019 15:18:39 -0300
Superseded in groovy-release
Published in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
policykit-1 (0.105-26ubuntu1) eoan; urgency=medium

  * Revert "Depend on new virtual packages default-logind and logind". We
    don't yet have a systemd which provides these virtual packages, rendering
    policykit-1 uninstallable. This change can be reverted once we do.

 -- Iain Lane <email address hidden>  Fri, 16 Aug 2019 13:37:39 +0100
Superseded in eoan-proposed
policykit-1 (0.105-26) unstable; urgency=medium

  [ Mark Hindley ]
  * Depend on new virtual packages default-logind and logind
    (Closes: #923240)

  [ Simon McVittie ]
  * Apply most changes from upstream release 0.116
    - d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch,
      d/p/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch:
      Reduce messages to stderr from polkit agents, in particular when using
      "systemctl reboot" on a ssh connection or when using "systemctl start"
      in systemd emergency mode
    - d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch:
      Fix critical warnings when calling polkit_permission_new_sync() with
      no D-Bus system bus
    - d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch:
      Fix a potential use-after-free in polkit agents
    - d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch:
      Re-enable echo if the tty agent is killed by SIGINT or SIGTERM
      or suspended with SIGTSTP
  * Add more bug fixes backported from earlier upstream releases
    - d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch:
      Fix a segfault when a library user like flatpak attempts to register
      a polkit agent with no system bus available (Closes: #923046)
    - d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch:
      Make it more obvious that polkitprivate.h was never intended to be API
    - d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch:
      Fix a memory leak
    - d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch:
      Avoid a use of the deprecated polkit_unix_process_new()
  * d/*.symbols: Add Build-Depends-Package metadata
  * d/policykit-1.lintian-overrides: Override systemd unit false positives.
    The systemd unit is only for on-demand D-Bus activation, and is not
    intended to be started during boot, so an [Install] section and a
    parallel LSB init script are not necessary.
  * Stop building libpolkit-backend as a shared library.
    Its API was never declared stable before upstream removed it in
    0.106. Nothing in Debian depended on it, except for polkitd itself,
    which now links the same code statically.
    This is a step towards being able to use the current upstream release of
    polkit and patch in the old localauthority backend as an alternative to
    the JavaScript backend, instead of using the old 0.105 codebase and
    patching in essentially every change except the JavaScript backend,
    which is becoming unmanageable.
    - Remove the example null backend, which is pointless now that we've
      removed the ability to extend polkit.
    - Remove obsolete conffile 50-nullbackend.conf on upgrade
    - Remove the directory that previously contained 50-nullbackend.conf
      after upgrading or removing policykit-1
    - Remove obsolete dh_makeshlibs override for the null backend
  * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports.
    reportbug doesn't currently seem to interpret
    "Depends: default-logind | logind" as implying that it should include
    the version number of the package that Provides logind in bug reports.
    Workaround for #934472.
  * Change the policykit-1 package from Architecture: any to
    Architecture: linux-any, and remove the consolekit [!linux-any]
    dependency. consolekit is no longer available in any Debian or
    debian-ports architecture, even those for non-Linux kernels.
    (Closes: #918446)
  * Standards-Version: 4.4.0 (no changes required)
  * Switch to debhelper-compat 12
    - d/control: Add ${misc:Pre-Depends}
  * Switch to dh_missing and abort on uninstalled files
    (patch taken from experimental, thanks to Michael Biebl)

 -- Simon McVittie <email address hidden>  Sun, 11 Aug 2019 19:09:35 +0100
Published in xenial-updates
Published in xenial-security
policykit-1 (0.105-14.1ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

 -- Marc Deslauriers <email address hidden>  Wed, 27 Mar 2019 09:57:28 -0400
Obsolete in cosmic-updates
Obsolete in cosmic-security
policykit-1 (0.105-21ubuntu0.4) cosmic-security; urgency=medium

  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

 -- Marc Deslauriers <email address hidden>  Wed, 27 Mar 2019 09:51:01 -0400
Superseded in bionic-updates
Superseded in bionic-security
policykit-1 (0.105-20ubuntu0.18.04.5) bionic-security; urgency=medium

  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

 -- Marc Deslauriers <email address hidden>  Wed, 27 Mar 2019 09:57:02 -0400
Published in trusty-updates
Published in trusty-security
policykit-1 (0.105-4ubuntu3.14.04.6) trusty-security; urgency=medium

  * SECURITY UPDATE: start time protection mechanism bypass
    - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
      for temporary authorizations in src/polkit/polkitsubject.c,
      src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2019-6133

 -- Marc Deslauriers <email address hidden>  Wed, 27 Mar 2019 09:57:59 -0400
Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release)
policykit-1 (0.105-25) unstable; urgency=medium

  * Team upload
  * Add tests-add-tests-for-high-uids.patch
    - Patch from upstream modified by Ubuntu to test high UID fix
  * Compare PolkitUnixProcess uids for temporary authorizations.
    - Fix temporary auth hijacking via PID reuse and non-atomic fork
      (CVE-2019-6133) (Closes: #918985)

 -- Jeremy Bicha <email address hidden>  Tue, 15 Jan 2019 11:11:58 -0500
Superseded in xenial-updates
Superseded in xenial-security
policykit-1 (0.105-14.1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

 -- Marc Deslauriers <email address hidden>  Tue, 15 Jan 2019 08:19:19 -0500
Superseded in trusty-updates
Superseded in trusty-security
policykit-1 (0.105-4ubuntu3.14.04.5) trusty-security; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

 -- Marc Deslauriers <email address hidden>  Tue, 15 Jan 2019 08:20:15 -0500
Superseded in bionic-updates
Superseded in bionic-security
policykit-1 (0.105-20ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

 -- Marc Deslauriers <email address hidden>  Tue, 15 Jan 2019 08:18:22 -0500
Superseded in cosmic-updates
Superseded in cosmic-security
policykit-1 (0.105-21ubuntu0.3) cosmic-security; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.
    - CVE-2018-19788

 -- Marc Deslauriers <email address hidden>  Tue, 15 Jan 2019 08:15:13 -0500
Superseded in disco-proposed
policykit-1 (0.105-22ubuntu3) disco; urgency=medium

  * Re-enable security patches
    - debian/patches/CVE-2018-19788-1.patch
    - debian/patches/CVE-2018-19788-2.patch
  * Fix regression causing autopkgtest failures:
    - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
      PolkitUnixProcess in src/polkit/polkitunixprocess.c.

 -- Marc Deslauriers <email address hidden>  Tue, 15 Jan 2019 08:12:09 -0500
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
policykit-1 (0.105-22ubuntu2) disco; urgency=medium

  * Disable security patches until autopkgtest regression fix is available.
    (See Debian bug 916075)
    - debian/patches/CVE-2018-19788-1.patch
    - debian/patches/CVE-2018-19788-2.patch

 -- Marc Deslauriers <email address hidden>  Tue, 11 Dec 2018 07:15:16 -0500
Superseded in disco-proposed
policykit-1 (0.105-22ubuntu1) disco; urgency=medium

  * SECURITY UPDATE: authorization bypass with large uid
    - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
      PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
      src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
    - debian/patches/CVE-2018-19788-2.patch: add tests to
      test/data/etc/group, test/data/etc/passwd,
      test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
      test/polkitbackend/polkitbackendlocalauthoritytest.c.
    - CVE-2018-19788

 -- Marc Deslauriers <email address hidden>  Fri, 07 Dec 2018 08:18:07 -0500
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
policykit-1 (0.105-22) unstable; urgency=medium

  * Move D-Bus policy file to /usr/share/dbus-1/system.d/
    To better support stateless systems with an empty /etc, the old location
    in /etc/dbus-1/system.d/ should only be used for local admin changes.
    Package provided D-Bus policy files are supposed to be installed in
    /usr/share/dbus-1/system.d/.
    This is supported since dbus 1.9.18.
  * Remove obsolete conffile
    /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades
  * Bump Standards-Version to 4.2.1
  * Remove Breaks for versions older than oldstable
  * Stop masking polkit.service during the upgrade process.
    This is no longer necessary with the D-Bus policy file being installed
    in /usr/share/dbus-1/system.d/. (Closes: #902474)
  * Use dh_installsystemd to restart polkit.service after an upgrade.
    This replaces a good deal of hand-written maintscript code.

 -- Michael Biebl <email address hidden>  Tue, 27 Nov 2018 20:17:44 +0100

Available diffs

Superseded in trusty-updates
Superseded in trusty-security
policykit-1 (0.105-4ubuntu3.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via invalid object path
    - debian/patches/CVE-2015-3218.patch: handle invalid object paths in
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2015-3218
  * SECURITY UPDATE: privilege escalation via duplicate action IDs
    - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
      src/polkitbackend/polkitbackendactionpool.c.
    - CVE-2015-3255
  * SECURITY UPDATE: privilege escalation via duplicate cookie values
    - debian/patches/CVE-2015-4625-1.patch: use unpredictable cookie values
      in configure.ac, src/polkitagent/polkitagenthelper-pam.c,
      src/polkitagent/polkitagenthelper-shadow.c,
      src/polkitagent/polkitagenthelperprivate.c,
      src/polkitagent/polkitagenthelperprivate.h,
      src/polkitagent/polkitagentsession.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - debian/patches/CVE-2015-4625-2.patch: bind use of cookies to specific
      uids in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      data/org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/overview.xml, src/polkit/polkitauthority.c,
      src/polkitbackend/polkitbackendauthority.c,
      src/polkitbackend/polkitbackendauthority.h,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - debian/patches/CVE-2015-4625-3.patch: update docs in
      data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      data/org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/overview.xml, src/polkit/polkitauthority.c,
      src/polkitagent/polkitagentlistener.c,
      src/polkitbackend/polkitbackendauthority.c.
    - CVE-2015-4625
  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

 -- Marc Deslauriers <email address hidden>  Fri, 13 Jul 2018 07:53:14 -0400
Obsolete in artful-updates
Obsolete in artful-security
policykit-1 (0.105-18ubuntu0.1) artful-security; urgency=medium

  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

 -- Marc Deslauriers <email address hidden>  Fri, 13 Jul 2018 07:43:05 -0400
Superseded in xenial-updates
Superseded in xenial-security
policykit-1 (0.105-14.1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

 -- Marc Deslauriers <email address hidden>  Fri, 13 Jul 2018 07:44:06 -0400
Superseded in bionic-updates
Superseded in bionic-security
policykit-1 (0.105-20ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS and information disclosure
    - debian/patches/CVE-2018-1116.patch: properly check UID in
      src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
      src/polkitbackend/polkitbackendinteractiveauthority.c,
      src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
      src/polkitbackend/polkitbackendsessionmonitor.c,
      src/polkitbackend/polkitbackendsessionmonitor.h.
    - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
    - CVE-2018-1116

 -- Marc Deslauriers <email address hidden>  Fri, 13 Jul 2018 07:42:06 -0400
Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
policykit-1 (0.105-21) unstable; urgency=medium

  * Remove --no-parallel now that parallel builds (hopefully) work.
    Thanks to Adrian Bunk for spotting this.
  * Refresh patches via gbp pq
  * Use one patch per upstream commit for easier metadata round-trips
  * Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114
    - d/p/0.111/Fix-a-memory-leak.patch:
      Fix a memory leak when PAM authentication fails
    - d/p/0.113/Remove-a-redundant-assignment.patch:
      Fix a potential compiler warning
    - d/p/master/Fix-multi-line-pam-text-info.patch:
      Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch,
      d/p/0.114/Fix-multi-line-pam-text-info.patch,
      d/p/0.114/Refactor-send_to_helper-usage.patch
  * d/p/03_polkitunixsession_sessionid_from_display.patch:
    Replace with functionally identical
    d/p/0.114/Support-polkit-session-agent-running-outside-user-session.patch
    as applied upstream
  * d/watch: Use https
  * d/watch: Download upstream PGP signatures
  * debian/upstream/signing-key.asc: Add public keys for Ray Strode,
    Miloslav Trmac, David Zeuthen
  * d/gbp.conf: Merge upstream tags into the upstream branch
  * Add myself to Uploaders
  * d/gbp.conf: Set patch-numbers to false to match current practice
  * d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch:
    Backport the security-significant part of 0.115 (CVE-2018-1116)
  * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI
  * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck
  * Standards-Version: 4.1.5 (no changes required)
  * Set Rules-Requires-Root to no

 -- Simon McVittie <email address hidden>  Wed, 11 Jul 2018 09:29:32 +0100

Available diffs

Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
policykit-1 (0.105-20) unstable; urgency=medium

  * Team upload
  * d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch:
    Add patch from upstream to fix parallel builds (Closes: #894205)

 -- Simon McVittie <email address hidden>  Tue, 27 Mar 2018 13:50:28 +0100

Available diffs

Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release)
policykit-1 (0.105-18) unstable; urgency=medium

  * Team upload.
  * master/Add-gettext-support-for-.policy-files.patch: Backport from master:
    Add .loc and .its files so that gettext can be used to translate policy
    files. Some upstreams, particularly those that are switching to meson,
    expect these files to be present so that their PK policy files can be
    translated. (Closes: #863207)

 -- Iain Lane <email address hidden>  Wed, 24 May 2017 11:21:35 +0100

Available diffs

Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
policykit-1 (0.105-17) unstable; urgency=medium

  [ Michael Biebl ]
  * Use https:// for the upstream homepage.
  * Update Vcs-Browser to use cgit.
  * Rename the systemd service unit to polkit.service. It is now based on what
    was added upstream in 0.106.

  [ Simon McVittie ]
  * Build-depend on intltool instead of relying on gtk-doc-tools'
    dependency (Closes: #837846)

  [ Martin Pitt ]
  * Use PAM's common-session-noninteractive modules for pkexec instead of
    common-session. The latter also runs pam_systemd (the only difference
    normally) which is a no-op under the classic session-centric
    D-BUS/graphical login model (as it won't start a new one if it is already
    running within a logind session), but very expensive when using
    dbus-user-session and being called from a service that runs outside the
    PAM session. This causes long delays in e. g. gnome-settings-daemon's
    backlight helpers. (LP: #1626651)

 -- Michael Biebl <email address hidden>  Fri, 21 Oct 2016 15:44:57 +0200
Superseded in zesty-release
Obsolete in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
policykit-1 (0.105-16git1) yakkety; urgency=medium

  Upload current Debian packaging git.

  [ Michael Biebl ]
  * Use https:// for the upstream homepage.
  * Update Vcs-Browser to use cgit.

  [ Simon McVittie ]
  * Build-depend on intltool instead of relying on gtk-doc-tools'
    dependency (Closes: #837846)

  [ Martin Pitt ]
  * Use PAM's common-session-noninteractive modules for pkexec instead of
    common-session. The latter also runs pam_systemd (the only difference
    normally) which is a no-op under the classic session-centric
    D-BUS/graphical login model (as it won't start a new one if it is already
    running within a logind session), but very expensive when using
    dbus-user-session and being called from a service that runs outside the
    PAM session. This causes long delays in e. g. gnome-settings-daemon's
    backlight helpers. (LP: #1626651)

 -- Martin Pitt <email address hidden>  Thu, 06 Oct 2016 22:35:24 +0200
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
policykit-1 (0.105-16) unstable; urgency=medium

  [ Michael Biebl ]
  * Drop obsolete Breaks from pre-wheezy.
  * Use gir addon instead of calling dh_girepository manually.
  * Run wrap-and-sort -ast.
  * Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already
    pulled in via libgirepository1.0-dev.

  [ Martin Pitt ]
  * Add fallback if agent is not running in a logind session. This fixes
    polkit with dbus-user-session. Thanks Sebastien Bacher for the patch!
  * Bump Standards-Version to 3.9.8 (no changes necessary).

 -- Martin Pitt <email address hidden>  Mon, 25 Jul 2016 14:32:23 +0200

Available diffs

Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release)
policykit-1 (0.105-15) unstable; urgency=medium

  * Generate tight inter-package dependencies.
    This ensures that everything from the same source package is upgraded in
    lockstep. (Closes: #817998)

 -- Michael Biebl <email address hidden>  Thu, 14 Apr 2016 13:57:13 +0200

Available diffs

Superseded in yakkety-release
Published in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
policykit-1 (0.105-14.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix FTBFS on non-linux/non-systemd. (Closes: #798769)

 -- Adam Borowski <email address hidden>  Thu, 14 Jan 2016 06:28:38 +0100

Available diffs

Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
policykit-1 (0.105-14) unstable; urgency=medium

  * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink
    removal for consistency.
  * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch
    backported from upstream master. (LP: #1510824)

 -- Martin Pitt <email address hidden>  Mon, 23 Nov 2015 11:38:00 +0100
Obsolete in vivid-updates
Deleted in vivid-proposed (Reason: moved to -updates)
policykit-1 (0.105-8ubuntu5) vivid; urgency=medium

  * Fix handling of multi-line helper output. (LP: #1510824)

 -- Dariusz Gadomski <email address hidden>  Fri, 20 Nov 2015 15:30:03 +0100

Available diffs

Superseded in trusty-updates
Deleted in trusty-proposed (Reason: moved to -updates)
policykit-1 (0.105-4ubuntu3.14.04.1) trusty; urgency=medium

  * Fix handling of multi-line helper output. (LP: #1510824)

 -- Dariusz Gadomski <email address hidden>  Fri, 20 Nov 2015 15:36:30 +0100
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
policykit-1 (0.105-13ubuntu1) xenial; urgency=medium

  * Fix handling of multi-line helper output. (LP: #1510824)

 -- Dariusz Gadomski <email address hidden>  Fri, 20 Nov 2015 14:44:23 +0100
Obsolete in wily-updates
Deleted in wily-proposed (Reason: moved to -updates)
policykit-1 (0.105-11ubuntu3) wily; urgency=medium

  * Fix handling of multi-line helper output. (LP: #1510824)

 -- Dariusz Gadomski <email address hidden>  Fri, 20 Nov 2015 15:24:53 +0100
Superseded in xenial-release
Deleted in xenial-proposed (Reason: moved to release)
policykit-1 (0.105-13) unstable; urgency=medium

  * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
    policykit-1 is unpackaged but not yet configured. During that time we
    don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
    This can be dropped once the D-Bus policy moves to /usr.
    (Closes: #794723, LP: #1447654)

 -- Martin Pitt <email address hidden>  Wed, 21 Oct 2015 08:11:22 +0200
Superseded in vivid-updates
Deleted in vivid-proposed (Reason: moved to -updates)
policykit-1 (0.105-8ubuntu4) vivid-proposed; urgency=medium

  * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
    policykit-1 is unpackaged but not yet configured. During that time we
    don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
    This can be dropped once the D-Bus policy moves to /usr.
    (Closes: #794723, LP: #1447654)

 -- Martin Pitt <email address hidden>  Tue, 20 Oct 2015 05:49:49 +0200

Available diffs

Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release)
policykit-1 (0.105-11ubuntu2) wily; urgency=medium

  * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
    policykit-1 is unpackaged but not yet configured. During that time we
    don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
    This can be dropped once the D-Bus policy moves to /usr.
    (Closes: #794723, LP: #1447654)

 -- Martin Pitt <email address hidden>  Tue, 20 Oct 2015 05:37:43 +0200

Available diffs

Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release)
policykit-1 (0.105-11ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: heap corruption via duplicate ids
    - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
      src/polkitbackend/polkitbackendactionpool.c.
    - CVE-2015-3255
  * SECURITY UPDATE: denial of service via identical cookies
    - debian/patches/CVE-2015-4625.patch: use unpredictable cookie values,
      keep them secret, and bind them to specific uids in configure.ac,
      data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      data/org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/overview.xml,
      src/polkit/polkitauthority.c,
      src/polkitagent/polkitagenthelper-pam.c,
      src/polkitagent/polkitagenthelper-shadow.c,
      src/polkitagent/polkitagenthelperprivate.c,
      src/polkitagent/polkitagenthelperprivate.h,
      src/polkitagent/polkitagentlistener.c,
      src/polkitagent/polkitagentsession.c,
      src/polkitbackend/polkitbackendauthority.c,
      src/polkitbackend/polkitbackendauthority.h,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2015-4625

 -- Marc Deslauriers <email address hidden>  Tue, 08 Sep 2015 13:03:49 -0400
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release)
policykit-1 (0.105-11) unstable; urgency=medium

  * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths
    in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932)
  * policykit-1.postinst: Reload systemd before restarting polkitd.service, to
    avoid "Warning: polkitd.service changed on disk". (Closes: #791397)

 -- Martin Pitt <email address hidden>  Fri, 10 Jul 2015 13:03:33 +0200

Available diffs

Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release)
policykit-1 (0.105-10) unstable; urgency=medium

  * Add 00git_type_registration.patch: Use GOnce for interface type
    registration. Fixes frequent udisks segfault (LP: #1236510).
  * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call
    results handler. (LP: #1417637)

 -- Martin Pitt <email address hidden>  Wed, 08 Jul 2015 12:15:41 +0200
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release)
Superseded in vivid-updates
Deleted in vivid-proposed (Reason: moved to -updates)
policykit-1 (0.105-8ubuntu3) vivid-proposed; urgency=medium

  * policykit-1.postinst: Don't kill polkitd under systemd, but properly
    restart it. This avoids killing it shortly after systemd tries to
    bus-activate it on installation. (LP: #1447654)
 -- Martin Pitt <email address hidden>   Fri, 24 Apr 2015 16:56:30 +0100

Available diffs

Superseded in trusty-updates
Deleted in trusty-proposed (Reason: moved to -updates)
policykit-1 (0.105-4ubuntu2.14.04.1) trusty; urgency=medium

  * debian/patches/fix_memleak.patch:
    authority: Fix memory leak in EnumerateActions call results handler
    (lp: #1417637)
 -- Luis Lucas <email address hidden>   Tue, 03 Feb 2015 17:15:02 +0000
Obsolete in utopic-updates
Deleted in utopic-proposed (Reason: moved to -updates)
policykit-1 (0.105-4ubuntu2.14.10.1) utopic; urgency=medium

  * debian/patches/fix_memleak.patch:
    authority: Fix memory leak in EnumerateActions call results handler
    (lp: #1417637)
 -- Luis Lucas <email address hidden>   Tue, 03 Feb 2015 17:15:02 +0000
Superseded in wily-release
Obsolete in vivid-release
Deleted in vivid-proposed (Reason: moved to release)
policykit-1 (0.105-8ubuntu2) vivid; urgency=medium

  * debian/patches/fix_memleak.patch:
    authority: Fix memory leak in EnumerateActions call results handler
    (lp: #1417637)
 -- Luis Lucas <email address hidden>   Tue, 03 Feb 2015 17:15:02 +0000

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release)
policykit-1 (0.105-8ubuntu1) vivid; urgency=medium

  * Merge with Debian unstable. Remaining Ubuntu changes:
    - debian/patches/git_type_registration.patch:
      "Use GOnce for interface type registration. Static local variable may
      not be enough since it doesn't provide locking."
      That should fix some frequent udisks segfaults issues (lp: #1236510)

Available diffs

Superseded in vivid-release
Obsolete in utopic-release
Published in trusty-release
Deleted in trusty-proposed (Reason: moved to release)
policykit-1 (0.105-4ubuntu2) trusty; urgency=medium

  * debian/patches/git_type_registration.patch:
    "Use GOnce for interface type registration. Static local variable may not
     be enough since it doesn't provide locking."
     That should fix some frequent udisks segfaults issues (lp: #1236510)
 -- Sebastien Bacher <email address hidden>   Tue, 11 Feb 2014 19:26:03 +0100

Available diffs

Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release)
policykit-1 (0.105-4ubuntu1) trusty; urgency=low

  * Merge with Debian unstable. Remaining Ubuntu changes:
    - Switch to using logind for session tracking. Depend on libpam-systemd
      instead of consolekit, and add libsystemd-login-dev build dependency.
    - debian/policykit-1.postinst: Don't restart polkitd if we are upgrading
      from a version that uses ConsoleKit. We need to keep the old daemon
      running until the next reboot, as all the current user sessions still
      have a CK session and no logind cgroup yet.
    - Build using autoreconf to update config.{guess,sub} files.
    - Configure with --disable-silent-rules.

Available diffs

Superseded in trusty-release
Obsolete in saucy-release
Deleted in saucy-proposed (Reason: moved to release)
policykit-1 (0.105-3ubuntu3) saucy; urgency=low

  * SECURITY UPDATE: use of pkcheck without specifying uid is racy,
    possibly leading to privilege escalation
    - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid
      syntax so callers have a non-racy way of using pkcheck.
    - CVE-2013-4288
 -- Marc Deslauriers <email address hidden>   Wed, 18 Sep 2013 12:38:05 -0400

Available diffs

Obsolete in quantal-updates
Obsolete in quantal-security
policykit-1 (0.104-2ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: use of pkcheck without specifying uid is racy,
    possibly leading to privilege escalation
    - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid
      syntax so callers have a non-racy way of using pkcheck.
    - CVE-2013-4288
 -- Marc Deslauriers <email address hidden>   Wed, 11 Sep 2013 09:47:31 -0400
Obsolete in lucid-updates
Obsolete in lucid-security
policykit-1 (0.96-2ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: use of pkcheck without specifying uid is racy,
    possibly leading to privilege escalation
    - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid
      syntax so callers have a non-racy way of using pkcheck.
    - CVE-2013-4288
 -- Marc Deslauriers <email address hidden>   Wed, 11 Sep 2013 09:50:59 -0400
Obsolete in raring-updates
Obsolete in raring-security
policykit-1 (0.105-1ubuntu1.1) raring-security; urgency=low

  * SECURITY UPDATE: use of pkcheck without specifying uid is racy,
    possibly leading to privilege escalation
    - debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid
      syntax so callers have a non-racy way of using pkcheck.
    - CVE-2013-4288
 -- Marc Deslauriers <email address hidden>   Wed, 11 Sep 2013 09:43:35 -0400
175 of 108 results