Change log for policykit-1 package in Ubuntu
| 1 → 50 of 118 results | First • Previous • Next • Last |
| Published in resolute-release |
| Published in questing-release |
| Published in plucky-release |
| Deleted in plucky-proposed (Reason: Moved to plucky) |
policykit-1 (126-2) unstable; urgency=medium * Remove obsolete /var/lib/polkit-1/ directory on upgrades -- Michael Biebl <email address hidden> Fri, 17 Jan 2025 20:37:46 +0100
Available diffs
- diff from 125-2ubuntu1 (in Ubuntu) to 126-2 (46.5 KiB)
- diff from 126-1 to 126-2 (567 bytes)
policykit-1 (126-1) unstable; urgency=medium
* Update upstream source from tag 'upstream/126'
* Drop 08_chdir_root.patch, merged upstream
* d/rules: use execute_before instead of override
* polkitd: drop setting permissions for legacy /var/ directory
* polkitd: drop special handling for polkitd-pkla, dropped
* Drop gettext patch, merged upstream, and enable it in meson
* Drop PAM patch and set os_type to Debian, which enables the same
config
* Drop sudo group patch and use build config instead
* Drop test-namespace-skip.patch, merged upstream
* Drop Lintian source override, no longer needed
-- Luca Boccassi <email address hidden> Mon, 13 Jan 2025 17:36:43 +0000
Available diffs
- diff from 125-2ubuntu1 (in Ubuntu) to 126-1 (46.4 KiB)
policykit-1 (124-2ubuntu1.24.04.2) noble; urgency=medium
* debian/patches/git-action-directories.patch:
- fix incorrect call to get instance's priv. (lp: #2089145)
Available diffs
policykit-1 (124-2ubuntu1.24.10.2) oracular; urgency=medium
* debian/patches/git-action-directories.patch:
- fix incorrect call to get instance's priv. (lp: #2089145)
Available diffs
| Superseded in oracular-proposed |
policykit-1 (124-2ubuntu1.24.10.1) oracular; urgency=medium
* debian/patches/git-action-directories.patch:
- cherry pick an upstream change to allow alternative directories for
the actions files (lp: #2089145)
-- Nathan Pratta Teodosio <email address hidden> Wed, 27 Nov 2024 15:20:27 +0100
Available diffs
| Superseded in noble-proposed |
policykit-1 (124-2ubuntu1.24.04.1) noble; urgency=medium
* debian/patches/git-action-directories.patch:
- cherry pick an upstream change to allow alternative directories for
the actions files (lp: #2089145)
-- Nathan Pratta Teodosio <email address hidden> Wed, 27 Nov 2024 15:20:27 +0100
Available diffs
policykit-1 (125-2ubuntu1) plucky; urgency=medium
* debian/patches/git-action-directories.patch:
- cherry pick an upstream change to allow alternative directories for
the actions files (lp: #2089145)
-- Sebastien Bacher <email address hidden> Thu, 21 Nov 2024 13:57:28 +0100
Available diffs
- diff from 124-2ubuntu1 to 125-2ubuntu1 (559.8 KiB)
- diff from 125-2 (in Debian) to 125-2ubuntu1 (3.9 KiB)
policykit-1 (125-2) unstable; urgency=medium * Mark policykit-1-doc as MA foreign * Add patch to gracefully skip unit tests without permission to unshare -- Luca Boccassi <email address hidden> Thu, 08 Aug 2024 17:54:02 +0100
| Superseded in plucky-release |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
policykit-1 (124-2ubuntu1) noble; urgency=medium
* Merge with Debian; remaining changes:
- polkitd.postinst: call systemd-sysusers with SYSTEMD_NSS_DYNAMIC_BYPASS=1
This works around an upgrade bug in systemd where nss-systemd cannot
establish a varlink connection with io.systemd.DynamicUser, hence causing
the polkitd user/group creation to fail.
Available diffs
- diff from 124-1ubuntu1 to 124-2ubuntu1 (4.7 KiB)
- diff from 124-1ubuntu2 to 124-2ubuntu1 (4.7 KiB)
| Superseded in noble-proposed |
policykit-1 (124-1ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 08:15:10 +0000
Available diffs
- diff from 124-1ubuntu1 to 124-1ubuntu2 (353 bytes)
policykit-1 (124-1ubuntu1) noble; urgency=medium
* polkitd.postinst: call systemd-sysusers with SYSTEMD_NSS_DYNAMIC_BYPASS=1
This works around an upgrade bug in systemd where nss-systemd cannot
establish a varlink connection with io.systemd.DynamicUser, hence causing
the polkitd user/group creation to fail. (LP: #2054716)
-- Nick Rosbrook <email address hidden> Wed, 13 Mar 2024 14:15:18 -0400
Available diffs
- diff from 124-1 (in Debian) to 124-1ubuntu1 (1005 bytes)
- diff from 124-1build1 to 124-1ubuntu1 (732 bytes)
| Superseded in noble-proposed |
policykit-1 (124-1build1) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Fri, 08 Mar 2024 06:42:26 +0000
Available diffs
- diff from 124-1 (in Debian) to 124-1build1 (529 bytes)
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
policykit-1 (124-1) unstable; urgency=medium
* Migrate upstream metadata and sources to Github
* New upstream release
* Upstream now installs pam.d snippet directly in /usr/lib, drop
redirection
* Upstream now ships sysusers.d, drop local copy
* Bump copyright year ranges in d/copyright
* Build-depend on systemd-dev and use pkg-config instead of hard-coding
unit installation directory
* Update symbols file for 124
* Override Lintian warning about redundant globbing
* Drop d/u/signing-key.asc, releases no longer signed
* Add myself to Uploaders
-- Luca Boccassi <email address hidden> Sun, 21 Jan 2024 10:42:09 +0000
Available diffs
- diff from 123-3 to 124-1 (37.5 KiB)
policykit-1 (123-3) unstable; urgency=medium
* d/control: Build-depend on a debhelper supporting system units in /usr/lib.
This avoids making it too easy to backport a version that won't work
correctly. Thanks to Michael Biebl
-- Simon McVittie <email address hidden> Fri, 20 Oct 2023 09:23:16 +0100
Available diffs
- diff from 123-1 to 123-3 (1.4 KiB)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
policykit-1 (123-1) unstable; urgency=medium
* New upstream release
* Update directory permissions to match upstream hardening
- /etc/polkit-1/rules.d: was 0700 polkitd:root, now 0750 root:polkitd
so polkitd cannot modify it
- /var/lib/polkit-1: same as /etc/polkit-1/rules.d
- /usr/share/polkit-1/rules.d: was 0700 polkitd:root, now 0755
root:root since everything in that directory comes from a package
anyway
* d/polkitd.postinst: Clean up /var/lib/polkit-1/.cache on upgrades,
now that polkitd will not re-create it (Closes: #855083)
* d/tests: Depend on polkitd instead of policykit-1
* d/tests: Rename cli test to polkitd
* d/tests: Add a test for pkexec
* d/p/debian/Don-t-use-PrivateNetwork-yes-for-the-systemd-unit.patch:
Disable PrivateNetwork=yes for now. This would be good to have,
but it causes autopkgtest failures under lxc. (Mitigates: #1042880)
* d/control: Stop recommending polkitd-pkla in policykit-1.
This is a step towards removing the policykit-1 transitional package
entirely: it was included in Debian 12 and Ubuntu 22.04, so it has
served its purpose and should be removed soon.
-- Simon McVittie <email address hidden> Wed, 02 Aug 2023 12:49:21 +0100
Available diffs
- diff from 122-4 to 123-1 (16.0 KiB)
policykit-1 (122-4) unstable; urgency=medium
* d/control: Remove transitional polkitd-javascript package.
This package was released in bookworm, and nothing in Debian depends
on it. It was only relevant for users of certain polkit releases in
experimental.
* d/*.install: Move gettext extensions into libpolkit-gobject-1-dev.
These are generally only needed when building other packages.
(Closes: #955204)
-- Simon McVittie <email address hidden> Mon, 12 Jun 2023 20:09:41 +0100
Available diffs
- diff from 0.105-33 to 122-4 (1.5 MiB)
- diff from 122-3build1 (in Ubuntu) to 122-4 (1.3 KiB)
| Superseded in mantic-proposed |
policykit-1 (122-3build1) mantic; urgency=medium * Upload again the new version to Ubuntu -- Sebastien Bacher <email address hidden> Mon, 08 May 2023 13:47:03 +0200
Available diffs
policykit-1 (122-3) unstable; urgency=medium
* d/polkitd.postinst: Stop polkitd before changing home directory.
usermod will refuse to change the home directory if a polkitd process
is running as the polkitd uid, so stop polkitd if necessary, and also
don't fail if usermod can't change the home directory in an existing
installation (which is non-critical anyway). (Closes: #1030154)
-- Simon McVittie <email address hidden> Tue, 31 Jan 2023 22:05:24 +0000
Available diffs
- diff from 122-2 to 122-3 (1.1 KiB)
policykit-1 (122-2) unstable; urgency=medium
[ Debian Janitor ]
* d/changelog: Trim trailing whitespace
* d/upstream/metadata: Update URLs for Bug-Database, Bug-Submit
[ Simon McVittie ]
* Update how we assign root-equivalent groups
- d/p/debian/50-default.rules-Replace-wheel-group-with-sudo-group.patch,
d/rules:
Set up Debian's default root-equivalent group 'sudo' in
50-default.rules rather than in 40-debian-sudo.rules. This ensures
that users of polkitd-pkla can override it by configuring admin
identities the old way. Previously, because 40-debian-sudo.rules was
earlier in the sequence than 49-polkit-pkla-compat.rules, it would
take precedence and the admin identities from polkitd-pkla were
ignored. (Closes: #1023393)
By default, polkitd-pkla does not provide any admin identities,
which means we behave as though polkitd-pkla was not installed at all,
and fall back to the sudo group defined in 50-default.rules.
- d/p/debian/05_revert-admin-identities-unix-group-wheel.patch:
Drop patch, superseded by the one described above
- d/rules: When built for Ubuntu, also install an Ubuntu-specific file
sequenced after 49-polkit-pkla-compat.rules but before
50-default.rules, which treats both the 'sudo' group and the legacy
'admin' group as root-equivalent.
* Replace /etc/pam.d/polkit-1 with /usr/lib/pam.d/polkit-1.
/usr/lib/pam.d has been supported since at least 1.4.0 (Debian 11),
so we can make this an ordinary packaged file instead of a conffile.
Local sysadmin overrides can still be done via /etc/pam.d/polkit-1
as before.
This sidesteps dpkg's inability to keep track of a conffile when it is
moved from one package to another (#399829, #645849, #163657, #595112).
(Closes: #1006203)
* postinst: Only clean up config directories if not owned.
If we only have polkitd installed, then we want to clean up the obsolete
directory /etc/polkit-1/localauthority.conf.d on upgrade, but if we
have polkitd-pkla installed, then it owns that directory and we should
not remove it. (Closes: #1026425)
* d/policykit-1.dirs: Continue to own some legacy directory names.
Having the transitional package continue to own these directories until
it has had a chance to clean up obsolete conffiles will silence warnings
from dpkg about inability to remove them. (Closes: #1027420)
* d/polkitd.postrm: Clean up /var/lib/polkit-1 on purge.
If /var/lib/polkit-1 was the polkitd user's home directory, then it
might contain a .cache subdirectory; clean that up too.
* Create polkitd user with home directory /nonexistent in new installations.
This will prevent it from creating detritus in /var/lib/polkit-1.
* polkitd.postinst: Change polkitd home directory to /nonexistent on upgrade
* Remove version constraints unnecessary since buster (oldstable)
* Update standards version to 4.6.2 (no changes needed)
-- Simon McVittie <email address hidden> Fri, 20 Jan 2023 13:22:24 +0000
Available diffs
- diff from 122-1 to 122-2 (4.9 KiB)
policykit-1 (122-1) unstable; urgency=medium * d/watch: Fix handling of polkit-pkla-compat * d/watch: Monitor Gitlab releases instead of fd.o web server * New upstream release * Drop patches that were included in the new upstream release -- Simon McVittie <email address hidden> Fri, 28 Oct 2022 18:36:30 +0100
| Superseded in mantic-release |
| Published in lunar-release |
| Obsolete in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
policykit-1 (0.105-33) unstable; urgency=medium
* d/p/0.121/CVE-2021-4115-GHSL-2021-077-fix.patch:
Attribute CVE-2021-4115 patch to its author.
Move it into debian/patches/0.121 to indicate that it is a backport from
upstream git, expected to be included in 0.121.
* d/p/Fix-a-crash-when-authorization-is-implied.patch:
Add patch to fix a crash when one authorization implies another
-- Simon McVittie <email address hidden> Sat, 26 Feb 2022 11:11:57 +0000
Available diffs
- diff from 0.105-32 to 0.105-33 (3.0 KiB)
policykit-1 (0.105-31ubuntu0.2) impish-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2021-4115.patch: wait for both calls in
src/polkit/polkitsystembusname.c.
- CVE-2021-4115
* debian/patches/CVE-2021-4034.patch: replaced with final upstream
version.
-- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500
Available diffs
policykit-1 (0.105-26ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2021-4115.patch: wait for both calls in
src/polkit/polkitsystembusname.c.
- CVE-2021-4115
* debian/patches/CVE-2021-4034.patch: replaced with final upstream
version.
-- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500
Available diffs
policykit-1 (0.105-32) unstable; urgency=medium
* Use upstream patch for CVE-2021-3560.
This patch was included in 0.119, so move it into the 0.119/ directory
in the patch series.
* d/patches: Use upstream's finalized patch for CVE-2021-4034.
The patch that was provided to distributors under embargo was not the
final version: it used a different exit status, and made an attempt to
show help. The version that was actually committed after the embargo
period ended interprets argc == 0 as an attack rather than a mistake,
and does not attempt to show the help message.
* Move some Debian-specific patches into d/p/debian/.
This makes it more obvious that they are not intended to go upstream.
* d/control: Split the package.
pkexec is a setuid program, which makes it a higher security risk than
the more typical IPC-based uses of polkit. If we separate out pkexec
into its own package, then only packages that rely on being able to run
pkexec will have to depend on it, reducing attack surface for users
who are able to remove the pkexec package.
* d/control: policykit-1 Provides polkitd-pkla.
This will give us a migration path to the separate per-backend packages
currently available in experimental.
* Add patch from Fedora to fix denial of service via fd exhaustion.
CVE-2021-4115 (Closes: #1005784)
* Standards-Version: 4.6.0 (no changes required)
* Build-depend on dbus-daemon instead of dbus.
We only need dbus-run-session at build time; we don't need a
fully-working system bus.
* Use d/watch format version 4
* d/rules: Create localauthority configuration with install(1), not
echo(1). This aligns the packaging a bit more closely with experimental.
* Always configure the sudo group as root-equivalent.
This avoids Debian derivatives getting an unexpected change in behaviour
when they switch from inheriting Debian's policykit-1 package to
building their own policykit-1 package, perhaps as a result of wanting
to apply an unrelated patch.
The sudo group is defined to be root-equivalent in base-passwd, so this
should be equally true for all Debian derivatives.
Thanks to Arnaud Rebillout.
* d/polkitd.links: Create more polkit-agent-helper-1 symlinks.
This executable has moved several times, and its path gets compiled
into the libpolkit-agent-1-0 shared library. Making the executable
available in all the locations it has previously had is helpful when
swapping between versions during testing.
* Acknowledge CVE-2021-4034 NMU. Thanks to Salvatore Bonaccorso.
-- Simon McVittie <email address hidden> Fri, 18 Feb 2022 12:45:14 +0000
Available diffs
- diff from 0.105-31.1 to 0.105-32 (9.0 KiB)
policykit-1 (0.105-31.1) unstable; urgency=high * Non-maintainer upload. * Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) -- Salvatore Bonaccorso <email address hidden> Thu, 13 Jan 2022 06:34:44 +0100
Available diffs
policykit-1 (0.105-31ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation in pkexec
- debian/patches/CVE-2021-4034.patch: properly handle command-line
arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
- CVE-2021-4034
-- Marc Deslauriers <email address hidden> Tue, 25 Jan 2022 14:18:21 -0500
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.6) bionic-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation in pkexec
- debian/patches/CVE-2021-4034.patch: properly handle command-line
arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
- CVE-2021-4034
-- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:34:00 -0500
policykit-1 (0.105-26ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation in pkexec
- debian/patches/CVE-2021-4034.patch: properly handle command-line
arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
- CVE-2021-4034
-- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:33:38 -0500
Available diffs
policykit-1 (0.105-31ubuntu0.1) impish-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation in pkexec
- debian/patches/CVE-2021-4034.patch: properly handle command-line
arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
- CVE-2021-4034
-- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:30:52 -0500
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
policykit-1 (0.105-31) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* d/p/CVE-2021-3560.patch:
Fix local privilege escalation involving
polkit_system_bus_name_get_creds_sync() (CVE-2021-3560)
(Closes: #989429)
-- Simon McVittie <email address hidden> Thu, 03 Jun 2021 17:06:34 +0100
Available diffs
- diff from 0.105-30 to 0.105-31 (900 bytes)
policykit-1 (0.105-30ubuntu0.1) hirsute-security; urgency=medium
* SECURITY UPDATE: local privilege escalation using
polkit_system_bus_name_get_creds_sync()
- debian/patches/CVE-2021-3560.patch: use proper return code in
src/polkit/polkitsystembusname.c.
- CVE-2021-3560
-- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:46:51 -0400
Available diffs
- diff from 0.105-30 (in Debian) to 0.105-30ubuntu0.1 (1013 bytes)
policykit-1 (0.105-26ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: local privilege escalation using
polkit_system_bus_name_get_creds_sync()
- debian/patches/CVE-2021-3560.patch: use proper return code in
src/polkit/polkitsystembusname.c.
- CVE-2021-3560
-- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:50:16 -0400
Available diffs
policykit-1 (0.105-29ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: local privilege escalation using
polkit_system_bus_name_get_creds_sync()
- debian/patches/CVE-2021-3560.patch: use proper return code in
src/polkit/polkitsystembusname.c.
- CVE-2021-3560
-- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:49:40 -0400
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
policykit-1 (0.105-30) unstable; urgency=medium [ Helmut Grohne ] * Annotate Build-Depends: dbus <!nocheck> (Closes: #980998) -- Simon McVittie <email address hidden> Thu, 04 Feb 2021 13:56:09 +0000
Available diffs
- diff from 0.105-29 to 0.105-30 (495 bytes)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
policykit-1 (0.105-29) unstable; urgency=medium
* Add symlink for polkit-agent-helper-1 after the move to /usr/libexec.
If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it
will fail to find the binary at the new location. So create a symlink to
prevent authentication failures on upgrades. (Closes: #965210)
-- Michael Biebl <email address hidden> Mon, 03 Aug 2020 11:05:29 +0200
Available diffs
policykit-1 (0.104-1ubuntu1.5) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
-- <email address hidden> (Leonidas S. Barbosa) Thu, 29 Aug 2019 15:18:39 -0300
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
policykit-1 (0.105-26ubuntu1) eoan; urgency=medium
* Revert "Depend on new virtual packages default-logind and logind". We
don't yet have a systemd which provides these virtual packages, rendering
policykit-1 uninstallable. This change can be reverted once we do.
-- Iain Lane <email address hidden> Fri, 16 Aug 2019 13:37:39 +0100
Available diffs
policykit-1 (0.105-26) unstable; urgency=medium
[ Mark Hindley ]
* Depend on new virtual packages default-logind and logind
(Closes: #923240)
[ Simon McVittie ]
* Apply most changes from upstream release 0.116
- d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch,
d/p/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch:
Reduce messages to stderr from polkit agents, in particular when using
"systemctl reboot" on a ssh connection or when using "systemctl start"
in systemd emergency mode
- d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch:
Fix critical warnings when calling polkit_permission_new_sync() with
no D-Bus system bus
- d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch:
Fix a potential use-after-free in polkit agents
- d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch:
Re-enable echo if the tty agent is killed by SIGINT or SIGTERM
or suspended with SIGTSTP
* Add more bug fixes backported from earlier upstream releases
- d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch:
Fix a segfault when a library user like flatpak attempts to register
a polkit agent with no system bus available (Closes: #923046)
- d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch:
Make it more obvious that polkitprivate.h was never intended to be API
- d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch:
Fix a memory leak
- d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch:
Avoid a use of the deprecated polkit_unix_process_new()
* d/*.symbols: Add Build-Depends-Package metadata
* d/policykit-1.lintian-overrides: Override systemd unit false positives.
The systemd unit is only for on-demand D-Bus activation, and is not
intended to be started during boot, so an [Install] section and a
parallel LSB init script are not necessary.
* Stop building libpolkit-backend as a shared library.
Its API was never declared stable before upstream removed it in
0.106. Nothing in Debian depended on it, except for polkitd itself,
which now links the same code statically.
This is a step towards being able to use the current upstream release of
polkit and patch in the old localauthority backend as an alternative to
the JavaScript backend, instead of using the old 0.105 codebase and
patching in essentially every change except the JavaScript backend,
which is becoming unmanageable.
- Remove the example null backend, which is pointless now that we've
removed the ability to extend polkit.
- Remove obsolete conffile 50-nullbackend.conf on upgrade
- Remove the directory that previously contained 50-nullbackend.conf
after upgrading or removing policykit-1
- Remove obsolete dh_makeshlibs override for the null backend
* d/policykit-1.bug-control: Add systemd, elogind versions to bug reports.
reportbug doesn't currently seem to interpret
"Depends: default-logind | logind" as implying that it should include
the version number of the package that Provides logind in bug reports.
Workaround for #934472.
* Change the policykit-1 package from Architecture: any to
Architecture: linux-any, and remove the consolekit [!linux-any]
dependency. consolekit is no longer available in any Debian or
debian-ports architecture, even those for non-Linux kernels.
(Closes: #918446)
* Standards-Version: 4.4.0 (no changes required)
* Switch to debhelper-compat 12
- d/control: Add ${misc:Pre-Depends}
* Switch to dh_missing and abort on uninstalled files
(patch taken from experimental, thanks to Michael Biebl)
-- Simon McVittie <email address hidden> Sun, 11 Aug 2019 19:09:35 +0100
policykit-1 (0.105-14.1ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:28 -0400
Available diffs
policykit-1 (0.105-21ubuntu0.4) cosmic-security; urgency=medium
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:51:01 -0400
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.5) bionic-security; urgency=medium
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:02 -0400
Available diffs
policykit-1 (0.105-4ubuntu3.14.04.6) trusty-security; urgency=medium
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:59 -0400
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
policykit-1 (0.105-25) unstable; urgency=medium
* Team upload
* Add tests-add-tests-for-high-uids.patch
- Patch from upstream modified by Ubuntu to test high UID fix
* Compare PolkitUnixProcess uids for temporary authorizations.
- Fix temporary auth hijacking via PID reuse and non-atomic fork
(CVE-2019-6133) (Closes: #918985)
-- Jeremy Bicha <email address hidden> Tue, 15 Jan 2019 11:11:58 -0500
Available diffs
policykit-1 (0.105-14.1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:19:19 -0500
Available diffs
policykit-1 (0.105-4ubuntu3.14.04.5) trusty-security; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:20:15 -0500
Available diffs
policykit-1 (0.105-20ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:18:22 -0500
Available diffs
policykit-1 (0.105-21ubuntu0.3) cosmic-security; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:15:13 -0500
Available diffs
| Superseded in disco-proposed |
policykit-1 (0.105-22ubuntu3) disco; urgency=medium
* Re-enable security patches
- debian/patches/CVE-2018-19788-1.patch
- debian/patches/CVE-2018-19788-2.patch
* Fix regression causing autopkgtest failures:
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:12:09 -0500
Available diffs
policykit-1 (0.105-22ubuntu2) disco; urgency=medium
* Disable security patches until autopkgtest regression fix is available.
(See Debian bug 916075)
- debian/patches/CVE-2018-19788-1.patch
- debian/patches/CVE-2018-19788-2.patch
-- Marc Deslauriers <email address hidden> Tue, 11 Dec 2018 07:15:16 -0500
Available diffs
| Superseded in disco-proposed |
policykit-1 (0.105-22ubuntu1) disco; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- CVE-2018-19788
-- Marc Deslauriers <email address hidden> Fri, 07 Dec 2018 08:18:07 -0500
Available diffs
| 1 → 50 of 118 results | First • Previous • Next • Last |
