Publishing details
Changelog
policykit-1 (0.116-2~ubuntu20.04.1) focal; urgency=medium
* No-change backport to focal
policykit-1 (0.116-2) experimental; urgency=medium
[ Mark Hindley ]
* Depend on new virtual packages default-logind and logind
(Closes: #923240)
[ Simon McVittie ]
* d/*.symbols: Add Build-Depends-Package metadata
* d/policykit-1.lintian-overrides: Override systemd unit false positives.
The systemd unit is only for on-demand D-Bus activation, and is not
intended to be started during boot, so an [Install] section and a
parallel LSB init script are not necessary.
* d/policykit-1.bug-control: Add systemd, elogind versions to bug reports.
reportbug doesn't currently seem to interpret
"Depends: default-logind | logind" as implying that it should include
the version number of the package that Provides logind in bug reports.
Workaround for #934472.
* Standards-Version: 4.4.0 (no changes required)
* Switch to debhelper-compat 12
policykit-1 (0.116-1) experimental; urgency=medium
* New upstream release
- Document polkit_subject_equal() as unsuitable for security decisions
(CVE-2019-6133)
- Allow process uid to be unset again, fixing a regression in the
solution for #915332
- Port the JS authority to mozjs-60 (Closes: #917309)
- Fix some resource leaks
- Documentation and debug message fixes
* Drop patch for #915332, applied upstream
* Standards-Version: 4.3.0 (no changes required)
* Set experimental branch in Vcs-Git
* Change the policykit-1 package from Architecture: any to
Architecture: linux-any, and remove the consolekit [!linux-any]
dependency. polkit no longer has any backends for non-Linux.
(Closes: #918446)
policykit-1 (0.115-3) experimental; urgency=medium
* Allow negative uids/gids in PolkitUnixUser and Group objects.
Fixes a vulnerability in PolicyKit that allows a user with a uid greater
than INT_MAX to successfully execute arbitrary polkit actions.
(CVE-2018-19788, Closes: #915332)
policykit-1 (0.115-2) experimental; urgency=medium
[ Simon McVittie ]
* d/gbp.conf: Set patch-numbers to false to match current practice
[ Michael Biebl ]
* Switch to dh_missing and abort on uninstalled files
* Move D-Bus policy file to /usr/share/dbus-1/system.d/
To better support stateless systems with an empty /etc, the old location
in /etc/dbus-1/system.d/ should only be used for local admin changes.
Package provided D-Bus policy files are supposed to be installed in
/usr/share/dbus-1/system.d/.
This is supported since dbus 1.9.18.
* Remove obsolete conffile
/etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades
* Bump Standards-Version to 4.2.1
* Remove Breaks for versions older than oldstable
* Stop masking polkit.service during the upgrade process.
This is no longer necessary with the D-Bus policy file being installed
in /usr/share/dbus-1/system.d/. (Closes: #902474)
* Use dh_installsystemd to restart polkit.service after an upgrade.
This replaces a good deal of hand-written maintscript code.
* Remove upgrade code which changes the home directory of the polkitd user
policykit-1 (0.115-1) experimental; urgency=medium
* New upstream version 0.115
- Fixes CVE-2018-1116 (Closes: #903563)
- d/p/jsauthority-pass-s-format-string-to-remaining-report.patch:
Drop, applied upstream
* d/watch: Use https
* d/watch: Download upstream PGP signatures
* debian/upstream/signing-key.asc: Add public keys for Ray Strode,
Miloslav Trmac, David Zeuthen
* d/gbp.conf: Merge upstream tags into the upstream branch
* Add myself to Uploaders
* d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI
* d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck
* Standards-Version: 4.1.5 (no changes required)
* Set Rules-Requires-Root to no
policykit-1 (0.114-1) experimental; urgency=medium
[ Michael Biebl ]
* New upstream version 0.114
* Rebase patches
* Switch to mozjs 52 (Closes: #863784)
* Drop -Wl,--no-as-needed, no longer necessary
* jsauthority: pass "%s" format string to remaining report function
* Add Provides to gir1.2-polkit-1.0 to reflect its contents
[ Martin Pitt ]
* debian/copyright: Use https URL for Format:
* Update Vcs-* links for move to salsa.debian.org.
* Move to debhelper compat level 10.
Remove explicit dh-autoreconf, it's now done by default.
* Bump Standards-Version to 4.1.3
* Add autopkgtest.
This covers the pkaction and pkcheck CLI tools.
policykit-1 (0.113-6) experimental; urgency=medium
* master/Add-gettext-support-for-.policy-files.patch: Backport from master:
Add .loc and .its files so that gettext can be used to translate policy
files. Some upstreams, particularly those that are switching to meson,
expect these files to be present so that their PK policy files can be
translated. (Closes: #863207)
policykit-1 (0.113-5) experimental; urgency=medium
[ Simon McVittie ]
* Build-depend on intltool instead of relying on gtk-doc-tools'
dependency (Closes: #837846)
[ Michael Biebl ]
* Use https:// for the upstream homepage.
* Update Vcs-Browser to use cgit.
* Drop the polkitd.service Alias. The version in unstable, based on 0.105,
now also uses the name polkit.service for the systemd service unit.
[ Martin Pitt ]
* Use PAM's common-session-noninteractive modules for pkexec instead of
common-session. The latter also runs pam_systemd (the only difference
normally) which is a no-op under the classic session-centric
D-BUS/graphical login model (as it won't start a new one if it is already
running within a logind session), but very expensive when using
dbus-user-session and being called from a service that runs outside the
PAM session. This causes long delays in e. g. gnome-settings-daemon's
backlight helpers. (LP: #1626651)
policykit-1 (0.113-4) experimental; urgency=medium
[ Simon McVittie ]
* Run tests with a session bus pretending to be the system bus,
so they can pass in a buildd environment
[ Michael Biebl ]
* Create our custom rules files in debian/tmp so we don't FTBFS for
binary-indep builds and run dh_install after that.
* Run wrap-and-sort -ast.
* Bump Standards-Version to 3.9.8.
policykit-1 (0.113-3) experimental; urgency=medium
* Generate tight inter-package dependencies.
This ensures that everything from the same source package is upgraded in
lockstep. (Closes: #817998)
* Drop obsolete Breaks from pre-wheezy.
policykit-1 (0.113-2) experimental; urgency=medium
[ Simon McVittie ]
* policykit-1.links: statically alias polkit.service (upstream's name)
as polkitd.service (Debian's historical name)
[ Martin Pitt ]
* debian/policykit-1.{pre,post}inst: Temporarily mask polkit.service while
policykit-1 is unpackaged but not yet configured. During that time we
don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
This can be dropped once the D-Bus policy moves to /usr.
(Closes: #794723, LP: #1447654)
policykit-1 (0.113-1) experimental; urgency=medium
* Team upload.
[ Martin Pitt ]
* policykit-1.postinst: Don't kill polkitd under systemd, but properly
restart it. This avoids killing it shortly after systemd tries to
bus-activate it on installation. (LP: #1447654)
[ Simon McVittie ]
* Disable silent build rules. (Previously done in Ubuntu, although
it seems to have been lost in a merge somewhere.)
* New upstream release
- drop most patches: they either came from upstream, or have been
merged upstream
- add new function to symbols file
- fixes CVE-2015-4625, CVE-2015-3218, CVE-2015-3255, CVE-2015-3256
* Annotate remaining patches with a bit more information. They are:
- 01_pam_polkit.patch: use Debian's common-* infrastructure,
plus pam_env to get the global environment and locale.
Debian-specific.
- 02_gettext.patch: Use gettext to translate .policy files at
runtime, allowing for Ubuntu-style language packs.
Debian-specific (mainly for Ubuntu's benefit, really).
- 05_revert-admin-identities-unix-group-wheel.patch: Debian does
not use the "wheel" group like Red Hat derivatives do;
treat uid 0 as the administrative identity instead.
Debian-specific.
- 08_chdir_root.patch: Explicitly use chdir("/") instead of
relying on user's home in `getent passwd` being set properly.
Potentially upstreamable?
* policykit-1.postinst: restart polkit.service, not polkitd.service
(which doesn't exist)
policykit-1 (0.112-5) experimental; urgency=medium
* Team upload.
* Go back to mozjs 1.8.5, like the version in unstable: mozjs 17 has
been removed from Debian, and mozjs 24 requires significant upstream
changes and no longer has a C API (Closes: #776744)
* Add a symlink so the old library can run the new agent helper
(Closes: #699447)
* Add patch from upstream to work around older versions of libpam-systemd
which would give root processes the real uid's XDG_RUNTIME_DIR
under su; it shouldn't be necessary any more, but is harmless
(Closes: #772125)
* Replace 03_complete_session.patch with a change from upstream
which seems like a more correct solution for LP#445303, LP#649939
* Add patches from upstream to treat background processes as part of
the same uid's active GUI session if any, fixing use of
dbus-user-session (Closes: #779988)
* Add patches from upstream to fix some memory leaks (Closes: #775158,
LP: #1417637)
* Add patch from upstream to fix redundant removal of an event source
* Add patch to use libsystemd instead of the libsystemd-login compat
library (Closes: #779756)
policykit-1 (0.112-4) experimental; urgency=medium
[ Andreas Henriksson ]
* Install typelib files into MA libdir.
[ Martin Pitt ]
* Rebuild against libsystemd0. This drops the last remaining dependency to
libsystemd-login0. (Closes: #771281)
* Bump Standards-Version to 3.9.6 (no changes necessary).
policykit-1 (0.112-3) experimental; urgency=medium
* Team upload.
* debian/rules: Really enable logind support on linux architectures only
* debian/control: Use canonical VCS-* URL's
* debian/control: Bump Standards-Version to 3.9.5 (no further changes)
* debian/control: Depends against libpam-systemd instead of just systemd
* debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it
registers a logind session properly (Closes: #745983)
* debian/policykit-1.postinst: Explicitly set a home directory for the
polkitd user (Closes: #748981)
policykit-1 (0.112-2) experimental; urgency=low
* Use logind on linux and consolekit on non-linux
* Update to mozjs17
policykit-1 (0.112-1) experimental; urgency=low
* New upstream release.
- Fixes CVE-2013-4288, unix-process subject for authorization is racy.
(Closes: #723717)
* Remove 00git_pkexec_pam_env.patch and 09_link_libmozjs.patch, both merged
upstream.
* Drop explicit Build-Depends on gir1.2-glib-2.0.
* Bump Standards-Version to 3.9.4. No further changes.
policykit-1 (0.110-3) experimental; urgency=low
[ Martin Pitt ]
* Add 00git_pkexec_pam_env.patch: pkexec: Set process environment from
pam_getenvlist(). Backported from upstream git head.
* 01_pam_polkit.patch: Adjust patch to invoke pam_env, so
our global settings from /etc/default/locale are applied correctly.
Thanks Steve Langasek!
[ Michael Biebl ]
* Use gir addon instead of calling dh_girepository manually.
policykit-1 (0.110-2) experimental; urgency=low
* When cleaning up /etc/polkit-1/nullbackend.conf.d/ and
/etc/polkit-1/localauthority.conf.d/ don't fail if those directories have
already been removed. (Closes: #698085)
policykit-1 (0.110-1) experimental; urgency=low
* New upstream release.
* Drop patches which have been merged upstream.
* Drop debian/clean, no longer necessary.
policykit-1 (0.109-1) experimental; urgency=low
* New upstream release. (Closes: #689473)
* Update Build-Depends:
- Bump libglib2.0-dev to (>= 2.30.0).
- Add libmozjs185-dev for the JS rules support.
* Remove polkitbackend library.
* Use systemd service file provided by upstream.
* Reload systemd as the name of the .service file has changed.
* Update policykit-1.install:
- Private binaries have been moved to /usr/lib/polkit-1.
- The extension system has been removed.
- The .pkla files are gone and so is /var/lib/polkit-1.
* Remove obsolete conffiles and the corresponding (empty) directories on
upgrades.
* Convert the old localauthority conf files to the new JavaScript based
rules file format and make sure it is executed before 50-default.rules.
* Refresh patches to apply without fuzz.
* The polkitd daemon now runs as unprivileged polkitd user instead of root.
Create this system user in postinst and change the directory permissions
accordingly so the daemon has access to the rules files.
* debian/patches/08_chdir_root.patch: Explicitly use chdir("/") instead of
relying on $HOME being set properly.
* Since /etc/polkit-1/rules.d/50-default.rules is a proper conffile, remove
the comment from upstream that changes to that file are not preserved on
upgrades. (Closes: #580634)
* debian/patches/09_link_libmozjs.patch: Explicitly link against libmozjs,
even if that library is dlopenend as we want to have a proper shlibs
dependency.
* Use --no-as-needed flag to ensure the linker doesn't remove the libmozjs
dependency.
* Use dh-autoreconf to update the build system.
* Update the Homepage: field.
-- Mikhail Novosyolov <email address hidden> Mon, 23 Dec 2019 19:21:21 +0300
Builds
Built packages
-
gir1.2-polkit-1.0
GObject introspection data for PolicyKit
-
libpolkit-agent-1-0
PolicyKit Authentication Agent API
-
libpolkit-agent-1-dev
PolicyKit Authentication Agent API - development files
-
libpolkit-gobject-1-0
PolicyKit Authorization API
-
libpolkit-gobject-1-dev
PolicyKit Authorization API - development files
-
policykit-1
framework for managing administrative policies and privileges
-
policykit-1-doc
documentation for PolicyKit-1
Package files