Format: 1.8 Date: Fri, 18 Feb 2022 12:45:14 +0000 Source: policykit-1 Binary: gir1.2-polkit-1.0 libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-gobject-1-0 libpolkit-gobject-1-dev pkexec policykit-1 polkitd Built-For-Profiles: noudeb Architecture: i386 i386_translations Version: 0.105-32 Distribution: jammy-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Simon McVittie Description: gir1.2-polkit-1.0 - GObject introspection data for PolicyKit libpolkit-agent-1-0 - PolicyKit Authentication Agent API libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files libpolkit-gobject-1-0 - PolicyKit Authorization API libpolkit-gobject-1-dev - PolicyKit Authorization API - development files pkexec - run commands as another user with polkit authorization policykit-1 - transitional package for polkitd and pkexec polkitd - framework for managing administrative policies and privileges Closes: 1005784 Changes: policykit-1 (0.105-32) unstable; urgency=medium . * Use upstream patch for CVE-2021-3560. This patch was included in 0.119, so move it into the 0.119/ directory in the patch series. * d/patches: Use upstream's finalized patch for CVE-2021-4034. The patch that was provided to distributors under embargo was not the final version: it used a different exit status, and made an attempt to show help. The version that was actually committed after the embargo period ended interprets argc == 0 as an attack rather than a mistake, and does not attempt to show the help message. * Move some Debian-specific patches into d/p/debian/. This makes it more obvious that they are not intended to go upstream. * d/control: Split the package. pkexec is a setuid program, which makes it a higher security risk than the more typical IPC-based uses of polkit. If we separate out pkexec into its own package, then only packages that rely on being able to run pkexec will have to depend on it, reducing attack surface for users who are able to remove the pkexec package. * d/control: policykit-1 Provides polkitd-pkla. This will give us a migration path to the separate per-backend packages currently available in experimental. * Add patch from Fedora to fix denial of service via fd exhaustion. CVE-2021-4115 (Closes: #1005784) * Standards-Version: 4.6.0 (no changes required) * Build-depend on dbus-daemon instead of dbus. We only need dbus-run-session at build time; we don't need a fully-working system bus. * Use d/watch format version 4 * d/rules: Create localauthority configuration with install(1), not echo(1). This aligns the packaging a bit more closely with experimental. * Always configure the sudo group as root-equivalent. This avoids Debian derivatives getting an unexpected change in behaviour when they switch from inheriting Debian's policykit-1 package to building their own policykit-1 package, perhaps as a result of wanting to apply an unrelated patch. The sudo group is defined to be root-equivalent in base-passwd, so this should be equally true for all Debian derivatives. Thanks to Arnaud Rebillout. * d/polkitd.links: Create more polkit-agent-helper-1 symlinks. This executable has moved several times, and its path gets compiled into the libpolkit-agent-1-0 shared library. Making the executable available in all the locations it has previously had is helpful when swapping between versions during testing. * Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso. Checksums-Sha1: cf3fd9a3a1c7fdf7ff81b560ff28593d69879c52 7756 gir1.2-polkit-1.0_0.105-32_i386.deb 2a96ab9d3bf8e80bc8f12331d8b9ef0573dd52e8 37070 libpolkit-agent-1-0-dbgsym_0.105-32_i386.ddeb 86e0c7f0f92d00e7e9df47714f6146c30ab76021 18176 libpolkit-agent-1-0_0.105-32_i386.deb 1046f3ca2d7330b61b4e930f255bda0b48b62549 25504 libpolkit-agent-1-dev_0.105-32_i386.deb 34dd4beb380756a5e309cedcbde21a8522cba6de 90016 libpolkit-gobject-1-0-dbgsym_0.105-32_i386.ddeb a2cae71c2c6e2f093bed7c57d1cd2565f8759fda 45798 libpolkit-gobject-1-0_0.105-32_i386.deb a091a065d5750588d0feb5288a041be3aa69613b 69512 libpolkit-gobject-1-dev_0.105-32_i386.deb 8e9689639f22c8ff1bbc2dd8122c150dee79aaa6 20052 pkexec-dbgsym_0.105-32_i386.ddeb a371db92abb93e80ddaec2f7c354a6876008d5af 15196 pkexec_0.105-32_i386.deb 1b473d56c694cd4ccd77b651c12732eefba14393 12021 policykit-1_0.105-32_i386.buildinfo 9f52213ade877dd706ff94caf848409a82220da9 2424 policykit-1_0.105-32_i386.deb c03fdaefab6e884255fccbfedb4f6645ef6d3924 1809 policykit-1_0.105-32_i386_translations.tar.gz 86e4fd5e27d1675616090c61ae9fd6aae7a69e9d 134058 polkitd-dbgsym_0.105-32_i386.ddeb 6ca2e16cbde96e05682a5d3a45de83296cfdf464 86490 polkitd_0.105-32_i386.deb Checksums-Sha256: 3f41521d742c822825de7acddd10f485cbd417681d5459b293835199e51e69c3 7756 gir1.2-polkit-1.0_0.105-32_i386.deb e61c91afcafe2d3755710279e2010d3c20aa847bafe770086bd36af8f3402270 37070 libpolkit-agent-1-0-dbgsym_0.105-32_i386.ddeb dc7a225937ea211fb1d7925d5f09b9693872f29c84b298420e1435400d54fad9 18176 libpolkit-agent-1-0_0.105-32_i386.deb dc6ed6300fba04b76c98a8347dc9d1b1a6ef75355c0e65af819ce0b9ef0996cd 25504 libpolkit-agent-1-dev_0.105-32_i386.deb ec108819e5cfa8e734472b9dfbef2889fc7c2525b9ae648dde9565af5ae61c73 90016 libpolkit-gobject-1-0-dbgsym_0.105-32_i386.ddeb 9bdb8a7c77c7f57260f54326c2ceeb732cd3630a037e801c9c035a19f65215b9 45798 libpolkit-gobject-1-0_0.105-32_i386.deb 02d2e117d3498a77f9ad299093f0ed291faefb523f542be7dadb20cf5f00f475 69512 libpolkit-gobject-1-dev_0.105-32_i386.deb 47c2c85125ca67c6e196e20422a0b6da1485ba849517d4d7752f383811effb8a 20052 pkexec-dbgsym_0.105-32_i386.ddeb c7bc674603e8e44e5f9e8858505f32c97b5f9a49fabba6f740d65bc2afdfe0a5 15196 pkexec_0.105-32_i386.deb 93ed89bd50225555404b4cd422942214f809bab1d52775f631388c9d6f26b0c4 12021 policykit-1_0.105-32_i386.buildinfo e38f97184fc143e822ea9b74d6245352f02c81879640b6bc9ca067aa510a1d81 2424 policykit-1_0.105-32_i386.deb 80fad81dde306b194dda48e7dbbbad3d9234c3503eee7373be5d730f5e0349e1 1809 policykit-1_0.105-32_i386_translations.tar.gz 1e5faee25bb340cb999f21c1847c0d29067f87d02fdeab16173c057fab499dfa 134058 polkitd-dbgsym_0.105-32_i386.ddeb 2ce9eae0e68a062e4f7040b98457107f98bef3ff083e4facb33e312dbd6fdbc1 86490 polkitd_0.105-32_i386.deb Files: 828c0e623eb8b751270ae3582cfb8c59 7756 introspection optional gir1.2-polkit-1.0_0.105-32_i386.deb a15a10953d465f9580641d9933595762 37070 debug optional libpolkit-agent-1-0-dbgsym_0.105-32_i386.ddeb f95ef43631647ae53aa1e0f1428efa1b 18176 libs optional libpolkit-agent-1-0_0.105-32_i386.deb 7cf2488d0ea1061837b4d050bedeeb1c 25504 libdevel optional libpolkit-agent-1-dev_0.105-32_i386.deb a232dd019f4f99c284fb8ce9db00dc12 90016 debug optional libpolkit-gobject-1-0-dbgsym_0.105-32_i386.ddeb 43be2b7910b71201bc90632efaa2523a 45798 libs optional libpolkit-gobject-1-0_0.105-32_i386.deb a3f3cca0275f8ce2a832534452fe1afe 69512 libdevel optional libpolkit-gobject-1-dev_0.105-32_i386.deb 0ac482c11ed40364baa9e66917afd8bc 20052 debug optional pkexec-dbgsym_0.105-32_i386.ddeb 6a4cb71d62b1192fd808c0956f6510df 15196 admin optional pkexec_0.105-32_i386.deb 1880bec074fd4479a8326c394e617c5c 12021 admin optional policykit-1_0.105-32_i386.buildinfo c99e465af1bab05d1dc6eb1c6e7398ad 2424 oldlibs optional policykit-1_0.105-32_i386.deb 37e1f404a9d26f2e49506b6378d03331 1809 raw-translations - policykit-1_0.105-32_i386_translations.tar.gz eb3bbd61af220dee19b0f793b220deda 134058 debug optional polkitd-dbgsym_0.105-32_i386.ddeb d88b216953f343ee123b1133ce623e74 86490 admin optional polkitd_0.105-32_i386.deb