policykit-1 0.105-32 source package in Ubuntu

Changelog

policykit-1 (0.105-32) unstable; urgency=medium

  * Use upstream patch for CVE-2021-3560.
    This patch was included in 0.119, so move it into the 0.119/ directory
    in the patch series.
  * d/patches: Use upstream's finalized patch for CVE-2021-4034.
    The patch that was provided to distributors under embargo was not the
    final version: it used a different exit status, and made an attempt to
    show help. The version that was actually committed after the embargo
    period ended interprets argc == 0 as an attack rather than a mistake,
    and does not attempt to show the help message.
  * Move some Debian-specific patches into d/p/debian/.
    This makes it more obvious that they are not intended to go upstream.
  * d/control: Split the package.
    pkexec is a setuid program, which makes it a higher security risk than
    the more typical IPC-based uses of polkit. If we separate out pkexec
    into its own package, then only packages that rely on being able to run
    pkexec will have to depend on it, reducing attack surface for users
    who are able to remove the pkexec package.
  * d/control: policykit-1 Provides polkitd-pkla.
    This will give us a migration path to the separate per-backend packages
    currently available in experimental.
  * Add patch from Fedora to fix denial of service via fd exhaustion.
    CVE-2021-4115 (Closes: #1005784)
  * Standards-Version: 4.6.0 (no changes required)
  * Build-depend on dbus-daemon instead of dbus.
    We only need dbus-run-session at build time; we don't need a
    fully-working system bus.
  * Use d/watch format version 4
  * d/rules: Create localauthority configuration with install(1), not
    echo(1). This aligns the packaging a bit more closely with experimental.
  * Always configure the sudo group as root-equivalent.
    This avoids Debian derivatives getting an unexpected change in behaviour
    when they switch from inheriting Debian's policykit-1 package to
    building their own policykit-1 package, perhaps as a result of wanting
    to apply an unrelated patch.
    The sudo group is defined to be root-equivalent in base-passwd, so this
    should be equally true for all Debian derivatives.
    Thanks to Arnaud Rebillout.
  * d/polkitd.links: Create more polkit-agent-helper-1 symlinks.
    This executable has moved several times, and its path gets compiled
    into the libpolkit-agent-1-0 shared library. Making the executable
    available in all the locations it has previously had is helpful when
    swapping between versions during testing.
  * Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso.

 -- Simon McVittie <email address hidden>  Fri, 18 Feb 2022 12:45:14 +0000

Upload details

Uploaded by:
Utopia Maintenance Team
Uploaded to:
Sid
Original maintainer:
Utopia Maintenance Team
Architectures:
any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
policykit-1_0.105-32.dsc 2.9 KiB a097db01604f8bc15b6a0b2f1111e4f0ce00cdb07c7f63a945496aff8119def5
policykit-1_0.105.orig.tar.gz 1.4 MiB 8fdc7cc8ba4750fcce1a4db9daa759c12afebc7901237e1c993c38f08985e1df
policykit-1_0.105-32.debian.tar.xz 75.9 KiB 6774db88170fbf350aadd73a8bad2bdf29821f4cf70311e00cbf1cb27be9b8e6

Available diffs

No changes file available.

Binary packages built by this source

gir1.2-polkit-1.0: GObject introspection data for PolicyKit

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains introspection data for PolicyKit.
 .
 It can be used by packages using the GIRepository format to generate
 dynamic bindings.

libpolkit-agent-1-0: PolicyKit Authentication Agent API

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains a library for accessing the authentication agent.

libpolkit-agent-1-0-dbgsym: debug symbols for libpolkit-agent-1-0
libpolkit-agent-1-dev: PolicyKit Authentication Agent API - development files

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains the development files for the library found in
 libpolkit-agent-1-0.

libpolkit-gobject-1-0: PolicyKit Authorization API

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains a library for accessing PolicyKit.

libpolkit-gobject-1-0-dbgsym: debug symbols for libpolkit-gobject-1-0
libpolkit-gobject-1-dev: PolicyKit Authorization API - development files

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains the development files for the library found in
 libpolkit-gobject-1-0.

pkexec: run commands as another user with polkit authorization

 polkit is an application-level toolkit for defining and handling the policy
 that allows unprivileged processes to speak to privileged processes.
 It was previously named PolicyKit.
 .
 pkexec is a setuid program to allow certain users to run commands as
 root or as a different user, similar to sudo. Unlike sudo, it carries
 out authentication and authorization by sending a request to polkit,
 so it uses desktop environments' familiar prompting mechanisms for
 authentication and uses polkit policies for authorization decisions.
 .
 By default, members of the 'sudo' Unix group can use pkexec to run any
 command after authenticating. The authorization rules can be changed by
 the local system administrator.
 .
 If this functionality is not required, removing the pkexec package will
 reduce security risk by removing a setuid program.

pkexec-dbgsym: debug symbols for pkexec
policykit-1: transitional package for polkitd and pkexec

 polkit is an application-level toolkit for defining and handling the policy
 that allows unprivileged processes to speak to privileged processes.
 It was previously named PolicyKit.
 .
 This transitional package depends on polkitd, the system service used by
 polkit, and pkexec, a setuid program analogous to sudo. They were
 historically packaged together, but have been separated so that users of
 polkitd are not required to install pkexec.

policykit-1-doc: documentation for PolicyKit-1

 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
 .
 This package contains the API documentation of PolicyKit.

polkitd: framework for managing administrative policies and privileges

 PolicyKit is an application-level toolkit for defining and handling the policy
 that allows unprivileged processes to speak to privileged processes.
 .
 It is a framework for centralizing the decision making process with respect to
 granting access to privileged operations for unprivileged (desktop)
 applications.
 .
 In a typical use of polkit, an unprivileged application such as gnome-disks
 sends requests via D-Bus or other inter-process communication mechanisms
 to a privileged system service such as udisks, which asks polkitd for
 permission to process those requests. This allows the application to carry
 out privileged tasks without making use of setuid, which avoids several
 common sources of security vulnerabilities.
 .
 This package provides the polkitd D-Bus service and supporting programs.
 The pkexec program is not included, and can be found in the pkexec package.

polkitd-dbgsym: debug symbols for polkitd