Format: 1.8 Date: Fri, 18 Feb 2022 12:45:14 +0000 Source: policykit-1 Binary: gir1.2-polkit-1.0 libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-gobject-1-0 libpolkit-gobject-1-dev pkexec policykit-1 polkitd Built-For-Profiles: noudeb Architecture: arm64 arm64_translations Version: 0.105-32 Distribution: jammy-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Simon McVittie Description: gir1.2-polkit-1.0 - GObject introspection data for PolicyKit libpolkit-agent-1-0 - PolicyKit Authentication Agent API libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files libpolkit-gobject-1-0 - PolicyKit Authorization API libpolkit-gobject-1-dev - PolicyKit Authorization API - development files pkexec - run commands as another user with polkit authorization policykit-1 - transitional package for polkitd and pkexec polkitd - framework for managing administrative policies and privileges Closes: 1005784 Changes: policykit-1 (0.105-32) unstable; urgency=medium . * Use upstream patch for CVE-2021-3560. This patch was included in 0.119, so move it into the 0.119/ directory in the patch series. * d/patches: Use upstream's finalized patch for CVE-2021-4034. The patch that was provided to distributors under embargo was not the final version: it used a different exit status, and made an attempt to show help. The version that was actually committed after the embargo period ended interprets argc == 0 as an attack rather than a mistake, and does not attempt to show the help message. * Move some Debian-specific patches into d/p/debian/. This makes it more obvious that they are not intended to go upstream. * d/control: Split the package. pkexec is a setuid program, which makes it a higher security risk than the more typical IPC-based uses of polkit. If we separate out pkexec into its own package, then only packages that rely on being able to run pkexec will have to depend on it, reducing attack surface for users who are able to remove the pkexec package. * d/control: policykit-1 Provides polkitd-pkla. This will give us a migration path to the separate per-backend packages currently available in experimental. * Add patch from Fedora to fix denial of service via fd exhaustion. CVE-2021-4115 (Closes: #1005784) * Standards-Version: 4.6.0 (no changes required) * Build-depend on dbus-daemon instead of dbus. We only need dbus-run-session at build time; we don't need a fully-working system bus. * Use d/watch format version 4 * d/rules: Create localauthority configuration with install(1), not echo(1). This aligns the packaging a bit more closely with experimental. * Always configure the sudo group as root-equivalent. This avoids Debian derivatives getting an unexpected change in behaviour when they switch from inheriting Debian's policykit-1 package to building their own policykit-1 package, perhaps as a result of wanting to apply an unrelated patch. The sudo group is defined to be root-equivalent in base-passwd, so this should be equally true for all Debian derivatives. Thanks to Arnaud Rebillout. * d/polkitd.links: Create more polkit-agent-helper-1 symlinks. This executable has moved several times, and its path gets compiled into the libpolkit-agent-1-0 shared library. Making the executable available in all the locations it has previously had is helpful when swapping between versions during testing. * Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso. Checksums-Sha1: 954f89c8952abe3e01b5ff65b0380df81ac5120c 7760 gir1.2-polkit-1.0_0.105-32_arm64.deb 98c59c3212e68634ca3ad6cca5fdb2ca5f821656 43336 libpolkit-agent-1-0-dbgsym_0.105-32_arm64.ddeb 591d30e2a299aaa9b9216b895a23d7de803d97e0 15934 libpolkit-agent-1-0_0.105-32_arm64.deb d80209fa3d1a9fa362db8f65ff48eb2f9c889cb1 24460 libpolkit-agent-1-dev_0.105-32_arm64.deb 23f372fbb2d21046eec665905df3fb5627b5e31a 125158 libpolkit-gobject-1-0-dbgsym_0.105-32_arm64.ddeb 799561c31f3c0345f4be746189eb20ab548d721c 42420 libpolkit-gobject-1-0_0.105-32_arm64.deb 29a5d1b7cd4af12459605172a155087bcbeaf38e 68156 libpolkit-gobject-1-dev_0.105-32_arm64.deb 36399d92a94abb8500b53d709c101dcf22ffd293 22436 pkexec-dbgsym_0.105-32_arm64.ddeb 1f9a9a560e52aa858c1ca033b9003a965e0c9aa9 14792 pkexec_0.105-32_arm64.deb 5b8901c19e7cdfb927d8d2dde9c1d4e62d38e6d7 12130 policykit-1_0.105-32_arm64.buildinfo ab908c28dfed4c1f5bc6f9d7b5333a10ce3a7bec 2432 policykit-1_0.105-32_arm64.deb 9620ab911c84f0d5f08b19472a6f0fa961cce893 1831 policykit-1_0.105-32_arm64_translations.tar.gz fa8da4386720da72b8cecbd3ae389f790c8a1f78 157618 polkitd-dbgsym_0.105-32_arm64.ddeb 634992c3b7927b58e40b881715ceed1d0a0b2186 77718 polkitd_0.105-32_arm64.deb Checksums-Sha256: 533f5edb0ee24dc97c9916466e3f93ff418d0d8e7f77c5ab65288b99c7d65e37 7760 gir1.2-polkit-1.0_0.105-32_arm64.deb 680d4cf973939b7f7f6023f782d02e389ff6aac55563ba60edcafea166027ef7 43336 libpolkit-agent-1-0-dbgsym_0.105-32_arm64.ddeb 71629dae0a2e394bc85131a0de60b931283704c2587029e9c4d5dab9e04c945d 15934 libpolkit-agent-1-0_0.105-32_arm64.deb 87d5c472d9b36e3e3877b36120a6d39b19bc983515b4cbab9847f62883385cee 24460 libpolkit-agent-1-dev_0.105-32_arm64.deb 0e52546657fd3c5519ef659e1e61d7311c1418293c67f8c5bc8c04852c501b5b 125158 libpolkit-gobject-1-0-dbgsym_0.105-32_arm64.ddeb 589d8347d87a1dbb9845e39e1672b00fed30a92c65b10205a7ed1ccb032e6f77 42420 libpolkit-gobject-1-0_0.105-32_arm64.deb d5f4cdacc5fe8a46b1d95cb332f45a9f8ed047c241bcacb3ce9ffd9e779f2b59 68156 libpolkit-gobject-1-dev_0.105-32_arm64.deb afad74d95abc30ff46c9598ae48afa430a7baed87789cfe9945ad403de9ce77b 22436 pkexec-dbgsym_0.105-32_arm64.ddeb a005f337d59b91eb5f63fd873bdc28c161d62217c2ae590cb01d8222888f67f8 14792 pkexec_0.105-32_arm64.deb ef2322a574a10d85d96db8ce3fc02f23aa2c9d1d1c8a2cae90672dd4fee87d71 12130 policykit-1_0.105-32_arm64.buildinfo f881321e818ff42a0047c50b9b07bf508745e6f9b5eccff4849c9c1c24e74c67 2432 policykit-1_0.105-32_arm64.deb 2faea57d2c4b2cb9122220ae8e2a662331f55c11a1da7d47cd83b02aeff46c45 1831 policykit-1_0.105-32_arm64_translations.tar.gz 2080106a4c55ecd2b4698c35d952a3a935bf8ad106c8ecd20c5e40f18f23721b 157618 polkitd-dbgsym_0.105-32_arm64.ddeb 76097914131c38e00484f3b31398c13d9df7f68edfd08c7136cdbf6797ecc7d6 77718 polkitd_0.105-32_arm64.deb Files: ea37bd0f4049a051703db5b33fc7610d 7760 introspection optional gir1.2-polkit-1.0_0.105-32_arm64.deb 063387dd21e19022547324b3054b42e9 43336 debug optional libpolkit-agent-1-0-dbgsym_0.105-32_arm64.ddeb cbeb87efe80f3f0323056967a52c4252 15934 libs optional libpolkit-agent-1-0_0.105-32_arm64.deb ca37fe33a62d39ddee98b8994549efb2 24460 libdevel optional libpolkit-agent-1-dev_0.105-32_arm64.deb e7adc2af693e9f9dd6e5bf54f7f76e55 125158 debug optional libpolkit-gobject-1-0-dbgsym_0.105-32_arm64.ddeb 785935417685b46ccb1f7a7ec0b65968 42420 libs optional libpolkit-gobject-1-0_0.105-32_arm64.deb c7bbbd5c1ab54ddfe84a9d380de59cfb 68156 libdevel optional libpolkit-gobject-1-dev_0.105-32_arm64.deb d398635172b7494997a9fc5815340c5d 22436 debug optional pkexec-dbgsym_0.105-32_arm64.ddeb 9b0a7a76c8e93ac3e9d2441786166530 14792 admin optional pkexec_0.105-32_arm64.deb 6838f5e4c438902a3ceeeece35fec7d8 12130 admin optional policykit-1_0.105-32_arm64.buildinfo 4961c99fbd8ce73b5b4bb53309dbac6a 2432 oldlibs optional policykit-1_0.105-32_arm64.deb d479d326b346ae9db7688b672d2b9f13 1831 raw-translations - policykit-1_0.105-32_arm64_translations.tar.gz 7e367a535bdfa719330301dde8306288 157618 debug optional polkitd-dbgsym_0.105-32_arm64.ddeb 503da4075d07971a6c5de590e8b9fce9 77718 admin optional polkitd_0.105-32_arm64.deb