Change log for policykit-1 package in Ubuntu
1 → 50 of 116 results | First • Previous • Next • Last |
Published in noble-proposed |
policykit-1 (124-2ubuntu1.24.04.2) noble; urgency=medium * debian/patches/git-action-directories.patch: - fix incorrect call to get instance's priv. (lp: #2089145)
Available diffs
Published in oracular-proposed |
policykit-1 (124-2ubuntu1.24.10.2) oracular; urgency=medium * debian/patches/git-action-directories.patch: - fix incorrect call to get instance's priv. (lp: #2089145)
Available diffs
Superseded in oracular-proposed |
policykit-1 (124-2ubuntu1.24.10.1) oracular; urgency=medium * debian/patches/git-action-directories.patch: - cherry pick an upstream change to allow alternative directories for the actions files (lp: #2089145) -- Nathan Pratta Teodosio <email address hidden> Wed, 27 Nov 2024 15:20:27 +0100
Available diffs
Superseded in noble-proposed |
policykit-1 (124-2ubuntu1.24.04.1) noble; urgency=medium * debian/patches/git-action-directories.patch: - cherry pick an upstream change to allow alternative directories for the actions files (lp: #2089145) -- Nathan Pratta Teodosio <email address hidden> Wed, 27 Nov 2024 15:20:27 +0100
Available diffs
policykit-1 (125-2ubuntu1) plucky; urgency=medium * debian/patches/git-action-directories.patch: - cherry pick an upstream change to allow alternative directories for the actions files (lp: #2089145) -- Sebastien Bacher <email address hidden> Thu, 21 Nov 2024 13:57:28 +0100
Available diffs
- diff from 124-2ubuntu1 to 125-2ubuntu1 (559.8 KiB)
- diff from 125-2 (in Debian) to 125-2ubuntu1 (3.9 KiB)
policykit-1 (125-2) unstable; urgency=medium * Mark policykit-1-doc as MA foreign * Add patch to gracefully skip unit tests without permission to unshare -- Luca Boccassi <email address hidden> Thu, 08 Aug 2024 17:54:02 +0100
Superseded in plucky-release |
Published in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
policykit-1 (124-2ubuntu1) noble; urgency=medium * Merge with Debian; remaining changes: - polkitd.postinst: call systemd-sysusers with SYSTEMD_NSS_DYNAMIC_BYPASS=1 This works around an upgrade bug in systemd where nss-systemd cannot establish a varlink connection with io.systemd.DynamicUser, hence causing the polkitd user/group creation to fail.
Available diffs
- diff from 124-1ubuntu1 to 124-2ubuntu1 (4.7 KiB)
- diff from 124-1ubuntu2 to 124-2ubuntu1 (4.7 KiB)
Superseded in noble-proposed |
policykit-1 (124-1ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 08:15:10 +0000
Available diffs
- diff from 124-1ubuntu1 to 124-1ubuntu2 (353 bytes)
policykit-1 (124-1ubuntu1) noble; urgency=medium * polkitd.postinst: call systemd-sysusers with SYSTEMD_NSS_DYNAMIC_BYPASS=1 This works around an upgrade bug in systemd where nss-systemd cannot establish a varlink connection with io.systemd.DynamicUser, hence causing the polkitd user/group creation to fail. (LP: #2054716) -- Nick Rosbrook <email address hidden> Wed, 13 Mar 2024 14:15:18 -0400
Available diffs
- diff from 124-1 (in Debian) to 124-1ubuntu1 (1005 bytes)
- diff from 124-1build1 to 124-1ubuntu1 (732 bytes)
Superseded in noble-proposed |
policykit-1 (124-1build1) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Fri, 08 Mar 2024 06:42:26 +0000
Available diffs
- diff from 124-1 (in Debian) to 124-1build1 (529 bytes)
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
policykit-1 (124-1) unstable; urgency=medium * Migrate upstream metadata and sources to Github * New upstream release * Upstream now installs pam.d snippet directly in /usr/lib, drop redirection * Upstream now ships sysusers.d, drop local copy * Bump copyright year ranges in d/copyright * Build-depend on systemd-dev and use pkg-config instead of hard-coding unit installation directory * Update symbols file for 124 * Override Lintian warning about redundant globbing * Drop d/u/signing-key.asc, releases no longer signed * Add myself to Uploaders -- Luca Boccassi <email address hidden> Sun, 21 Jan 2024 10:42:09 +0000
Available diffs
- diff from 123-3 to 124-1 (37.5 KiB)
policykit-1 (123-3) unstable; urgency=medium * d/control: Build-depend on a debhelper supporting system units in /usr/lib. This avoids making it too easy to backport a version that won't work correctly. Thanks to Michael Biebl -- Simon McVittie <email address hidden> Fri, 20 Oct 2023 09:23:16 +0100
Available diffs
- diff from 123-1 to 123-3 (1.4 KiB)
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
policykit-1 (123-1) unstable; urgency=medium * New upstream release * Update directory permissions to match upstream hardening - /etc/polkit-1/rules.d: was 0700 polkitd:root, now 0750 root:polkitd so polkitd cannot modify it - /var/lib/polkit-1: same as /etc/polkit-1/rules.d - /usr/share/polkit-1/rules.d: was 0700 polkitd:root, now 0755 root:root since everything in that directory comes from a package anyway * d/polkitd.postinst: Clean up /var/lib/polkit-1/.cache on upgrades, now that polkitd will not re-create it (Closes: #855083) * d/tests: Depend on polkitd instead of policykit-1 * d/tests: Rename cli test to polkitd * d/tests: Add a test for pkexec * d/p/debian/Don-t-use-PrivateNetwork-yes-for-the-systemd-unit.patch: Disable PrivateNetwork=yes for now. This would be good to have, but it causes autopkgtest failures under lxc. (Mitigates: #1042880) * d/control: Stop recommending polkitd-pkla in policykit-1. This is a step towards removing the policykit-1 transitional package entirely: it was included in Debian 12 and Ubuntu 22.04, so it has served its purpose and should be removed soon. -- Simon McVittie <email address hidden> Wed, 02 Aug 2023 12:49:21 +0100
Available diffs
- diff from 122-4 to 123-1 (16.0 KiB)
policykit-1 (122-4) unstable; urgency=medium * d/control: Remove transitional polkitd-javascript package. This package was released in bookworm, and nothing in Debian depends on it. It was only relevant for users of certain polkit releases in experimental. * d/*.install: Move gettext extensions into libpolkit-gobject-1-dev. These are generally only needed when building other packages. (Closes: #955204) -- Simon McVittie <email address hidden> Mon, 12 Jun 2023 20:09:41 +0100
Available diffs
- diff from 0.105-33 to 122-4 (1.5 MiB)
- diff from 122-3build1 (in Ubuntu) to 122-4 (1.3 KiB)
Superseded in mantic-proposed |
policykit-1 (122-3build1) mantic; urgency=medium * Upload again the new version to Ubuntu -- Sebastien Bacher <email address hidden> Mon, 08 May 2023 13:47:03 +0200
Available diffs
policykit-1 (122-3) unstable; urgency=medium * d/polkitd.postinst: Stop polkitd before changing home directory. usermod will refuse to change the home directory if a polkitd process is running as the polkitd uid, so stop polkitd if necessary, and also don't fail if usermod can't change the home directory in an existing installation (which is non-critical anyway). (Closes: #1030154) -- Simon McVittie <email address hidden> Tue, 31 Jan 2023 22:05:24 +0000
Available diffs
- diff from 122-2 to 122-3 (1.1 KiB)
policykit-1 (122-2) unstable; urgency=medium [ Debian Janitor ] * d/changelog: Trim trailing whitespace * d/upstream/metadata: Update URLs for Bug-Database, Bug-Submit [ Simon McVittie ] * Update how we assign root-equivalent groups - d/p/debian/50-default.rules-Replace-wheel-group-with-sudo-group.patch, d/rules: Set up Debian's default root-equivalent group 'sudo' in 50-default.rules rather than in 40-debian-sudo.rules. This ensures that users of polkitd-pkla can override it by configuring admin identities the old way. Previously, because 40-debian-sudo.rules was earlier in the sequence than 49-polkit-pkla-compat.rules, it would take precedence and the admin identities from polkitd-pkla were ignored. (Closes: #1023393) By default, polkitd-pkla does not provide any admin identities, which means we behave as though polkitd-pkla was not installed at all, and fall back to the sudo group defined in 50-default.rules. - d/p/debian/05_revert-admin-identities-unix-group-wheel.patch: Drop patch, superseded by the one described above - d/rules: When built for Ubuntu, also install an Ubuntu-specific file sequenced after 49-polkit-pkla-compat.rules but before 50-default.rules, which treats both the 'sudo' group and the legacy 'admin' group as root-equivalent. * Replace /etc/pam.d/polkit-1 with /usr/lib/pam.d/polkit-1. /usr/lib/pam.d has been supported since at least 1.4.0 (Debian 11), so we can make this an ordinary packaged file instead of a conffile. Local sysadmin overrides can still be done via /etc/pam.d/polkit-1 as before. This sidesteps dpkg's inability to keep track of a conffile when it is moved from one package to another (#399829, #645849, #163657, #595112). (Closes: #1006203) * postinst: Only clean up config directories if not owned. If we only have polkitd installed, then we want to clean up the obsolete directory /etc/polkit-1/localauthority.conf.d on upgrade, but if we have polkitd-pkla installed, then it owns that directory and we should not remove it. (Closes: #1026425) * d/policykit-1.dirs: Continue to own some legacy directory names. Having the transitional package continue to own these directories until it has had a chance to clean up obsolete conffiles will silence warnings from dpkg about inability to remove them. (Closes: #1027420) * d/polkitd.postrm: Clean up /var/lib/polkit-1 on purge. If /var/lib/polkit-1 was the polkitd user's home directory, then it might contain a .cache subdirectory; clean that up too. * Create polkitd user with home directory /nonexistent in new installations. This will prevent it from creating detritus in /var/lib/polkit-1. * polkitd.postinst: Change polkitd home directory to /nonexistent on upgrade * Remove version constraints unnecessary since buster (oldstable) * Update standards version to 4.6.2 (no changes needed) -- Simon McVittie <email address hidden> Fri, 20 Jan 2023 13:22:24 +0000
Available diffs
- diff from 122-1 to 122-2 (4.9 KiB)
policykit-1 (122-1) unstable; urgency=medium * d/watch: Fix handling of polkit-pkla-compat * d/watch: Monitor Gitlab releases instead of fd.o web server * New upstream release * Drop patches that were included in the new upstream release -- Simon McVittie <email address hidden> Fri, 28 Oct 2022 18:36:30 +0100
Superseded in mantic-release |
Published in lunar-release |
Obsolete in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
policykit-1 (0.105-33) unstable; urgency=medium * d/p/0.121/CVE-2021-4115-GHSL-2021-077-fix.patch: Attribute CVE-2021-4115 patch to its author. Move it into debian/patches/0.121 to indicate that it is a backport from upstream git, expected to be included in 0.121. * d/p/Fix-a-crash-when-authorization-is-implied.patch: Add patch to fix a crash when one authorization implies another -- Simon McVittie <email address hidden> Sat, 26 Feb 2022 11:11:57 +0000
Available diffs
- diff from 0.105-32 to 0.105-33 (3.0 KiB)
policykit-1 (0.105-31ubuntu0.2) impish-security; urgency=medium * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2021-4115.patch: wait for both calls in src/polkit/polkitsystembusname.c. - CVE-2021-4115 * debian/patches/CVE-2021-4034.patch: replaced with final upstream version. -- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500
Available diffs
policykit-1 (0.105-26ubuntu1.3) focal-security; urgency=medium * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2021-4115.patch: wait for both calls in src/polkit/polkitsystembusname.c. - CVE-2021-4115 * debian/patches/CVE-2021-4034.patch: replaced with final upstream version. -- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500
Available diffs
policykit-1 (0.105-32) unstable; urgency=medium * Use upstream patch for CVE-2021-3560. This patch was included in 0.119, so move it into the 0.119/ directory in the patch series. * d/patches: Use upstream's finalized patch for CVE-2021-4034. The patch that was provided to distributors under embargo was not the final version: it used a different exit status, and made an attempt to show help. The version that was actually committed after the embargo period ended interprets argc == 0 as an attack rather than a mistake, and does not attempt to show the help message. * Move some Debian-specific patches into d/p/debian/. This makes it more obvious that they are not intended to go upstream. * d/control: Split the package. pkexec is a setuid program, which makes it a higher security risk than the more typical IPC-based uses of polkit. If we separate out pkexec into its own package, then only packages that rely on being able to run pkexec will have to depend on it, reducing attack surface for users who are able to remove the pkexec package. * d/control: policykit-1 Provides polkitd-pkla. This will give us a migration path to the separate per-backend packages currently available in experimental. * Add patch from Fedora to fix denial of service via fd exhaustion. CVE-2021-4115 (Closes: #1005784) * Standards-Version: 4.6.0 (no changes required) * Build-depend on dbus-daemon instead of dbus. We only need dbus-run-session at build time; we don't need a fully-working system bus. * Use d/watch format version 4 * d/rules: Create localauthority configuration with install(1), not echo(1). This aligns the packaging a bit more closely with experimental. * Always configure the sudo group as root-equivalent. This avoids Debian derivatives getting an unexpected change in behaviour when they switch from inheriting Debian's policykit-1 package to building their own policykit-1 package, perhaps as a result of wanting to apply an unrelated patch. The sudo group is defined to be root-equivalent in base-passwd, so this should be equally true for all Debian derivatives. Thanks to Arnaud Rebillout. * d/polkitd.links: Create more polkit-agent-helper-1 symlinks. This executable has moved several times, and its path gets compiled into the libpolkit-agent-1-0 shared library. Making the executable available in all the locations it has previously had is helpful when swapping between versions during testing. * Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso. -- Simon McVittie <email address hidden> Fri, 18 Feb 2022 12:45:14 +0000
Available diffs
- diff from 0.105-31.1 to 0.105-32 (9.0 KiB)
policykit-1 (0.105-31.1) unstable; urgency=high * Non-maintainer upload. * Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) -- Salvatore Bonaccorso <email address hidden> Thu, 13 Jan 2022 06:34:44 +0100
Available diffs
policykit-1 (0.105-31ubuntu1) jammy; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Tue, 25 Jan 2022 14:18:21 -0500
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.6) bionic-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:34:00 -0500
policykit-1 (0.105-26ubuntu1.2) focal-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:33:38 -0500
Available diffs
policykit-1 (0.105-31ubuntu0.1) impish-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation in pkexec - debian/patches/CVE-2021-4034.patch: properly handle command-line arguments in src/programs/pkcheck.c, src/programs/pkexec.c. - CVE-2021-4034 -- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:30:52 -0500
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
policykit-1 (0.105-31) unstable; urgency=medium [ Salvatore Bonaccorso ] * d/p/CVE-2021-3560.patch: Fix local privilege escalation involving polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) (Closes: #989429) -- Simon McVittie <email address hidden> Thu, 03 Jun 2021 17:06:34 +0100
Available diffs
- diff from 0.105-30 to 0.105-31 (900 bytes)
policykit-1 (0.105-30ubuntu0.1) hirsute-security; urgency=medium * SECURITY UPDATE: local privilege escalation using polkit_system_bus_name_get_creds_sync() - debian/patches/CVE-2021-3560.patch: use proper return code in src/polkit/polkitsystembusname.c. - CVE-2021-3560 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:46:51 -0400
Available diffs
- diff from 0.105-30 (in Debian) to 0.105-30ubuntu0.1 (1013 bytes)
policykit-1 (0.105-26ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: local privilege escalation using polkit_system_bus_name_get_creds_sync() - debian/patches/CVE-2021-3560.patch: use proper return code in src/polkit/polkitsystembusname.c. - CVE-2021-3560 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:50:16 -0400
Available diffs
policykit-1 (0.105-29ubuntu0.1) groovy-security; urgency=medium * SECURITY UPDATE: local privilege escalation using polkit_system_bus_name_get_creds_sync() - debian/patches/CVE-2021-3560.patch: use proper return code in src/polkit/polkitsystembusname.c. - CVE-2021-3560 -- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:49:40 -0400
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
policykit-1 (0.105-30) unstable; urgency=medium [ Helmut Grohne ] * Annotate Build-Depends: dbus <!nocheck> (Closes: #980998) -- Simon McVittie <email address hidden> Thu, 04 Feb 2021 13:56:09 +0000
Available diffs
- diff from 0.105-29 to 0.105-30 (495 bytes)
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
policykit-1 (0.105-29) unstable; urgency=medium * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec. If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it will fail to find the binary at the new location. So create a symlink to prevent authentication failures on upgrades. (Closes: #965210) -- Michael Biebl <email address hidden> Mon, 03 Aug 2020 11:05:29 +0200
Available diffs
policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- <email address hidden> (Leonidas S. Barbosa) Thu, 29 Aug 2019 15:18:39 -0300
Available diffs
Superseded in groovy-release |
Published in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
policykit-1 (0.105-26ubuntu1) eoan; urgency=medium * Revert "Depend on new virtual packages default-logind and logind". We don't yet have a systemd which provides these virtual packages, rendering policykit-1 uninstallable. This change can be reverted once we do. -- Iain Lane <email address hidden> Fri, 16 Aug 2019 13:37:39 +0100
Available diffs
policykit-1 (0.105-26) unstable; urgency=medium [ Mark Hindley ] * Depend on new virtual packages default-logind and logind (Closes: #923240) [ Simon McVittie ] * Apply most changes from upstream release 0.116 - d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch, d/p/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch: Reduce messages to stderr from polkit agents, in particular when using "systemctl reboot" on a ssh connection or when using "systemctl start" in systemd emergency mode - d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch: Fix critical warnings when calling polkit_permission_new_sync() with no D-Bus system bus - d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch: Fix a potential use-after-free in polkit agents - d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch: Re-enable echo if the tty agent is killed by SIGINT or SIGTERM or suspended with SIGTSTP * Add more bug fixes backported from earlier upstream releases - d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch: Fix a segfault when a library user like flatpak attempts to register a polkit agent with no system bus available (Closes: #923046) - d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch: Make it more obvious that polkitprivate.h was never intended to be API - d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch: Fix a memory leak - d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch: Avoid a use of the deprecated polkit_unix_process_new() * d/*.symbols: Add Build-Depends-Package metadata * d/policykit-1.lintian-overrides: Override systemd unit false positives. The systemd unit is only for on-demand D-Bus activation, and is not intended to be started during boot, so an [Install] section and a parallel LSB init script are not necessary. * Stop building libpolkit-backend as a shared library. Its API was never declared stable before upstream removed it in 0.106. Nothing in Debian depended on it, except for polkitd itself, which now links the same code statically. This is a step towards being able to use the current upstream release of polkit and patch in the old localauthority backend as an alternative to the JavaScript backend, instead of using the old 0.105 codebase and patching in essentially every change except the JavaScript backend, which is becoming unmanageable. - Remove the example null backend, which is pointless now that we've removed the ability to extend polkit. - Remove obsolete conffile 50-nullbackend.conf on upgrade - Remove the directory that previously contained 50-nullbackend.conf after upgrading or removing policykit-1 - Remove obsolete dh_makeshlibs override for the null backend * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports. reportbug doesn't currently seem to interpret "Depends: default-logind | logind" as implying that it should include the version number of the package that Provides logind in bug reports. Workaround for #934472. * Change the policykit-1 package from Architecture: any to Architecture: linux-any, and remove the consolekit [!linux-any] dependency. consolekit is no longer available in any Debian or debian-ports architecture, even those for non-Linux kernels. (Closes: #918446) * Standards-Version: 4.4.0 (no changes required) * Switch to debhelper-compat 12 - d/control: Add ${misc:Pre-Depends} * Switch to dh_missing and abort on uninstalled files (patch taken from experimental, thanks to Michael Biebl) -- Simon McVittie <email address hidden> Sun, 11 Aug 2019 19:09:35 +0100
policykit-1 (0.105-14.1ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:28 -0400
Available diffs
policykit-1 (0.105-21ubuntu0.4) cosmic-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:51:01 -0400
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.5) bionic-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:02 -0400
Available diffs
policykit-1 (0.105-4ubuntu3.14.04.6) trusty-security; urgency=medium * SECURITY UPDATE: start time protection mechanism bypass - debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids for temporary authorizations in src/polkit/polkitsubject.c, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2019-6133 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:59 -0400
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
policykit-1 (0.105-25) unstable; urgency=medium * Team upload * Add tests-add-tests-for-high-uids.patch - Patch from upstream modified by Ubuntu to test high UID fix * Compare PolkitUnixProcess uids for temporary authorizations. - Fix temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) (Closes: #918985) -- Jeremy Bicha <email address hidden> Tue, 15 Jan 2019 11:11:58 -0500
Available diffs
policykit-1 (0.105-14.1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:19:19 -0500
Available diffs
policykit-1 (0.105-4ubuntu3.14.04.5) trusty-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:20:15 -0500
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.4) bionic-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:18:22 -0500
Available diffs
policykit-1 (0.105-21ubuntu0.3) cosmic-security; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:15:13 -0500
Available diffs
Superseded in disco-proposed |
policykit-1 (0.105-22ubuntu3) disco; urgency=medium * Re-enable security patches - debian/patches/CVE-2018-19788-1.patch - debian/patches/CVE-2018-19788-2.patch * Fix regression causing autopkgtest failures: - debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a PolkitUnixProcess in src/polkit/polkitunixprocess.c. -- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:12:09 -0500
Available diffs
policykit-1 (0.105-22ubuntu2) disco; urgency=medium * Disable security patches until autopkgtest regression fix is available. (See Debian bug 916075) - debian/patches/CVE-2018-19788-1.patch - debian/patches/CVE-2018-19788-2.patch -- Marc Deslauriers <email address hidden> Tue, 11 Dec 2018 07:15:16 -0500
Available diffs
Superseded in disco-proposed |
policykit-1 (0.105-22ubuntu1) disco; urgency=medium * SECURITY UPDATE: authorization bypass with large uid - debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c, src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c. - debian/patches/CVE-2018-19788-2.patch: add tests to test/data/etc/group, test/data/etc/passwd, test/data/etc/polkit-1/localauthority/10-test/com.example.pkla, test/polkitbackend/polkitbackendlocalauthoritytest.c. - CVE-2018-19788 -- Marc Deslauriers <email address hidden> Fri, 07 Dec 2018 08:18:07 -0500
Available diffs
policykit-1 (0.105-22) unstable; urgency=medium * Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. * Remove obsolete conffile /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades * Bump Standards-Version to 4.2.1 * Remove Breaks for versions older than oldstable * Stop masking polkit.service during the upgrade process. This is no longer necessary with the D-Bus policy file being installed in /usr/share/dbus-1/system.d/. (Closes: #902474) * Use dh_installsystemd to restart polkit.service after an upgrade. This replaces a good deal of hand-written maintscript code. -- Michael Biebl <email address hidden> Tue, 27 Nov 2018 20:17:44 +0100
Available diffs
- diff from 0.105-21 to 0.105-22 (3.1 KiB)
policykit-1 (0.105-4ubuntu3.14.04.2) trusty-security; urgency=medium * SECURITY UPDATE: DoS via invalid object path - debian/patches/CVE-2015-3218.patch: handle invalid object paths in src/polkitbackend/polkitbackendinteractiveauthority.c. - CVE-2015-3218 * SECURITY UPDATE: privilege escalation via duplicate action IDs - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in src/polkitbackend/polkitbackendactionpool.c. - CVE-2015-3255 * SECURITY UPDATE: privilege escalation via duplicate cookie values - debian/patches/CVE-2015-4625-1.patch: use unpredictable cookie values in configure.ac, src/polkitagent/polkitagenthelper-pam.c, src/polkitagent/polkitagenthelper-shadow.c, src/polkitagent/polkitagenthelperprivate.c, src/polkitagent/polkitagenthelperprivate.h, src/polkitagent/polkitagentsession.c, src/polkitbackend/polkitbackendinteractiveauthority.c. - debian/patches/CVE-2015-4625-2.patch: bind use of cookies to specific uids in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml, data/org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/overview.xml, src/polkit/polkitauthority.c, src/polkitbackend/polkitbackendauthority.c, src/polkitbackend/polkitbackendauthority.h, src/polkitbackend/polkitbackendinteractiveauthority.c. - debian/patches/CVE-2015-4625-3.patch: update docs in data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml, data/org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml, docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml, docs/polkit/overview.xml, src/polkit/polkitauthority.c, src/polkitagent/polkitagentlistener.c, src/polkitbackend/polkitbackendauthority.c. - CVE-2015-4625 * SECURITY UPDATE: DoS and information disclosure - debian/patches/CVE-2018-1116.patch: properly check UID in src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c, src/polkitbackend/polkitbackendinteractiveauthority.c, src/polkitbackend/polkitbackendsessionmonitor-systemd.c, src/polkitbackend/polkitbackendsessionmonitor.c, src/polkitbackend/polkitbackendsessionmonitor.h. - debian/libpolkit-gobject-1-0.symbols: updated for new private symbol. - CVE-2018-1116 -- Marc Deslauriers <email address hidden> Fri, 13 Jul 2018 07:53:14 -0400
Available diffs
1 → 50 of 116 results | First • Previous • Next • Last |