Format: 1.8 Date: Fri, 18 Feb 2022 12:45:14 +0000 Source: policykit-1 Binary: gir1.2-polkit-1.0 libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-gobject-1-0 libpolkit-gobject-1-dev pkexec policykit-1 policykit-1-doc polkitd Built-For-Profiles: noudeb Architecture: amd64 all amd64_translations Version: 0.105-32 Distribution: jammy-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Simon McVittie Description: gir1.2-polkit-1.0 - GObject introspection data for PolicyKit libpolkit-agent-1-0 - PolicyKit Authentication Agent API libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files libpolkit-gobject-1-0 - PolicyKit Authorization API libpolkit-gobject-1-dev - PolicyKit Authorization API - development files pkexec - run commands as another user with polkit authorization policykit-1 - transitional package for polkitd and pkexec policykit-1-doc - documentation for PolicyKit-1 polkitd - framework for managing administrative policies and privileges Closes: 1005784 Changes: policykit-1 (0.105-32) unstable; urgency=medium . * Use upstream patch for CVE-2021-3560. This patch was included in 0.119, so move it into the 0.119/ directory in the patch series. * d/patches: Use upstream's finalized patch for CVE-2021-4034. The patch that was provided to distributors under embargo was not the final version: it used a different exit status, and made an attempt to show help. The version that was actually committed after the embargo period ended interprets argc == 0 as an attack rather than a mistake, and does not attempt to show the help message. * Move some Debian-specific patches into d/p/debian/. This makes it more obvious that they are not intended to go upstream. * d/control: Split the package. pkexec is a setuid program, which makes it a higher security risk than the more typical IPC-based uses of polkit. If we separate out pkexec into its own package, then only packages that rely on being able to run pkexec will have to depend on it, reducing attack surface for users who are able to remove the pkexec package. * d/control: policykit-1 Provides polkitd-pkla. This will give us a migration path to the separate per-backend packages currently available in experimental. * Add patch from Fedora to fix denial of service via fd exhaustion. CVE-2021-4115 (Closes: #1005784) * Standards-Version: 4.6.0 (no changes required) * Build-depend on dbus-daemon instead of dbus. We only need dbus-run-session at build time; we don't need a fully-working system bus. * Use d/watch format version 4 * d/rules: Create localauthority configuration with install(1), not echo(1). This aligns the packaging a bit more closely with experimental. * Always configure the sudo group as root-equivalent. This avoids Debian derivatives getting an unexpected change in behaviour when they switch from inheriting Debian's policykit-1 package to building their own policykit-1 package, perhaps as a result of wanting to apply an unrelated patch. The sudo group is defined to be root-equivalent in base-passwd, so this should be equally true for all Debian derivatives. Thanks to Arnaud Rebillout. * d/polkitd.links: Create more polkit-agent-helper-1 symlinks. This executable has moved several times, and its path gets compiled into the libpolkit-agent-1-0 shared library. Making the executable available in all the locations it has previously had is helpful when swapping between versions during testing. * Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso. Checksums-Sha1: bc8b65aac81a2e78052c0da030b8bc9cf75f02f5 7754 gir1.2-polkit-1.0_0.105-32_amd64.deb 4577c78ae8c300823df293895e75b3382212f175 43094 libpolkit-agent-1-0-dbgsym_0.105-32_amd64.ddeb 6aa99cc513a8ec7a67f5004090413830b96fdfd0 17086 libpolkit-agent-1-0_0.105-32_amd64.deb 13f67502b59b0eeaaa12ed2eab33a3616a7eb551 24140 libpolkit-agent-1-dev_0.105-32_amd64.deb 0c22db327c9eb912fa51a0c6ad71ee00f19db818 118540 libpolkit-gobject-1-0-dbgsym_0.105-32_amd64.ddeb 01663ec898ece4d61e5200812c980a2139fe0178 43298 libpolkit-gobject-1-0_0.105-32_amd64.deb 47e002f6d0816f51d884029fc15fb9ef12b08980 65374 libpolkit-gobject-1-dev_0.105-32_amd64.deb c66bc3dd0d222fcea58a4ccd207a82f97f990ac5 22312 pkexec-dbgsym_0.105-32_amd64.ddeb 472050e54f42ab46663bff06978375267506b9c9 15206 pkexec_0.105-32_amd64.deb 6bac7acf28c9031da087ba40a09ecfed834b0095 251160 policykit-1-doc_0.105-32_all.deb b2b0ccf599a8a71e61de348f5639f67b04f2fbc1 12413 policykit-1_0.105-32_amd64.buildinfo 8b8742ea268364b0dcfb37f09f2a2c3c1a77b2b6 2432 policykit-1_0.105-32_amd64.deb f625d535cddb70076597b17d3286a191fa7a189b 1813 policykit-1_0.105-32_amd64_translations.tar.gz ca5349b082a47fd5ef0035913b13057779acf94d 159230 polkitd-dbgsym_0.105-32_amd64.ddeb 8b1c6495618208e9b32c75500d2cd1b1d745550b 80192 polkitd_0.105-32_amd64.deb Checksums-Sha256: 9d4fc15a260ffa88c68a766444dbcb68fb11ad473e7f527a69552763673259b3 7754 gir1.2-polkit-1.0_0.105-32_amd64.deb f033baeeb11f78fdac0a1aad351a495199decbae19dfbb316e93c980d607e027 43094 libpolkit-agent-1-0-dbgsym_0.105-32_amd64.ddeb 97d7ccb9d040696d3348e52536dc726372606b8840317f68f7b57aee4d4aeed0 17086 libpolkit-agent-1-0_0.105-32_amd64.deb c3073d6498dcd570e79dfe3f03690cf87c8189f9033add0eb55f6c5a2c06aef6 24140 libpolkit-agent-1-dev_0.105-32_amd64.deb bc9b6a57aba42705f69749ab11f38ee831ace4311f9e7019e32032a6b2ef4719 118540 libpolkit-gobject-1-0-dbgsym_0.105-32_amd64.ddeb ad811ef1d89d734607f20e70a9e5e81866184bab2db2a2f8e3eda6b87657d7a7 43298 libpolkit-gobject-1-0_0.105-32_amd64.deb 841d16d604089fa8920288f323bfebd2427f4dd5c6584df22dd318fda88b52ce 65374 libpolkit-gobject-1-dev_0.105-32_amd64.deb 6e84f8e65030d295085d38bc3719ad25767579bef188e08daa38cfbf3d50e519 22312 pkexec-dbgsym_0.105-32_amd64.ddeb be74bd6b92f2fe7b34efc0f224e68d2b3b793f4abc1a016d5e7b0e57a4d74027 15206 pkexec_0.105-32_amd64.deb dd398be03b9262d08d5768a97827c6ec5f27b2966e6fefaf9b3f5e012c8ac4bd 251160 policykit-1-doc_0.105-32_all.deb e016e3081ac80d02aa4f87829841200fd34a1ce37d70baa94c9c55ebf257501a 12413 policykit-1_0.105-32_amd64.buildinfo 6dbde7a225ba77443459400dc928ed6e2ae7ee6e827203a5c1533d5a05512cae 2432 policykit-1_0.105-32_amd64.deb a6608ffc0cf73db2b7e831886cfdf50837522bdc56861cd62e41d2288d3b2830 1813 policykit-1_0.105-32_amd64_translations.tar.gz 615ea22dffb631341c7245be4cee53300592f5ee0a9c93fe558696be95751c31 159230 polkitd-dbgsym_0.105-32_amd64.ddeb ccea6f4ff7b626147cb77b26bf97bccb44a868a7d2c4768c504b51c0a29e78bc 80192 polkitd_0.105-32_amd64.deb Files: 6564cac4a428bec62360a3d0734b051e 7754 introspection optional gir1.2-polkit-1.0_0.105-32_amd64.deb 9ee4c29461715be470da7f2afa6f5255 43094 debug optional libpolkit-agent-1-0-dbgsym_0.105-32_amd64.ddeb 5e82a30891b13d48ce31de5e53ee6b7e 17086 libs optional libpolkit-agent-1-0_0.105-32_amd64.deb 40ca60255b26fa9f285b3f1d25e194c1 24140 libdevel optional libpolkit-agent-1-dev_0.105-32_amd64.deb d747a9d005735e3f9266d8d238f0e45b 118540 debug optional libpolkit-gobject-1-0-dbgsym_0.105-32_amd64.ddeb dbada5e12fcb1c1b7cf4ee0a7aba49f1 43298 libs optional libpolkit-gobject-1-0_0.105-32_amd64.deb 976ad2e0d7e1a464b92e02d33fbc9dfc 65374 libdevel optional libpolkit-gobject-1-dev_0.105-32_amd64.deb 9014d1a3144624424998bf7e4b1057c5 22312 debug optional pkexec-dbgsym_0.105-32_amd64.ddeb dc94768795553ef3ec839cfe442ce26d 15206 admin optional pkexec_0.105-32_amd64.deb 8464988a3a83d0729eff36421880ab42 251160 doc optional policykit-1-doc_0.105-32_all.deb 172031d61e9f2570f8d0b020c2f4e988 12413 admin optional policykit-1_0.105-32_amd64.buildinfo 96298ae69fc666499144d0351a8e67dd 2432 oldlibs optional policykit-1_0.105-32_amd64.deb 588adb4229a5bc605573165be7d4225d 1813 raw-translations - policykit-1_0.105-32_amd64_translations.tar.gz eba25cfc7a34b3037eb614e27d1d1790 159230 debug optional polkitd-dbgsym_0.105-32_amd64.ddeb c58505c9c914ea8ae75ac871f7a73e49 80192 admin optional polkitd_0.105-32_amd64.deb