• Simon McVittie's avatar
    Import Debian changes 0.105-30 · 531368b6
    Simon McVittie authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
    policykit-1 (0.105-30) unstable; urgency=medium
      [ Helmut Grohne ]
      * Annotate Build-Depends: dbus <!nocheck> (Closes: #980998)
    policykit-1 (0.105-29) unstable; urgency=medium
      * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec.
        If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it
        will fail to find the binary at the new location. So create a symlink to
        prevent authentication failures on upgrades. (Closes: #965210)
    policykit-1 (0.105-28) unstable; urgency=medium
      [ TANIGUCHI Takaki ]
      * postinst: Fix polkit-agent-helper-1 path
      [ Michael Biebl ]
      * Fix polkitd path in polkit.service (Closes: #965164)
      * Use --restart-after-upgrade.
        With debhelper 13.1, --no-start will disable --restart-after-upgrade.
        Since we want the service to be restarted on upgrades, request that
      * Remove old maintscript migration code from pre-oldstable
    policykit-1 (0.105-27) unstable; urgency=medium
      * Switch to /usr/libexec now that it is allowed by debian policy
      * Bump debhelper-compat to 13
      * Bump Standards-Version to 4.5.0
      * Try harder to look up the right localization.
        Fixes out-of-bounds read in _localize. (Closes: #956223)
    policykit-1 (0.105-26) unstable; urgency=medium
      [ Mark Hindley ]
      * Depend on new virtual packages default-logind and logind
        (Closes: #923240)
      [ Simon McVittie ]
      * Apply most changes from upstream release 0.116
        - d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch,
          Reduce messages to stderr from polkit agents, in particular when using
          "systemctl reboot" on a ssh connection or when using "systemctl start"
          in systemd emergency mode
        - d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch:
          Fix critical warnings when calling polkit_permission_new_sync() with
          no D-Bus system bus
        - d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch:
          Fix a potential use-after-free in polkit agents
        - d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch:
          Re-enable echo if the tty agent is killed by SIGINT or SIGTERM
          or suspended with SIGTSTP
      * Add more bug fixes backported from earlier upstream releases
        - d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch:
          Fix a segfault when a library user like flatpak attempts to register
          a polkit agent with no system bus available (Closes: #923046)
        - d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch:
          Make it more obvious that polkitprivate.h was never intended to be API
        - d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch:
          Fix a memory leak
        - d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch:
          Avoid a use of the deprecated polkit_unix_process_new()
      * d/*.symbols: Add Build-Depends-Package metadata
      * d/policykit-1.lintian-overrides: Override systemd unit false positives.
        The systemd unit is only for on-demand D-Bus activation, and is not
        intended to be started during boot, so an [Install] section and a
        parallel LSB init script are not necessary.
      * Stop building libpolkit-backend as a shared library.
        Its API was never declared stable before upstream removed it in
        0.106. Nothing in Debian depended on it, except for polkitd itself,
        which now links the same code statically.
        This is a step towards being able to use the current upstream release of
        polkit and patch in the old localauthority backend as an alternative to
        the JavaScript backend, instead of using the old 0.105 codebase and
        patching in essentially every change except the JavaScript backend,
        which is becoming unmanageable.
        - Remove the example null backend, which is pointless now that we've
          removed the ability to extend polkit.
        - Remove obsolete conffile 50-nullbackend.conf on upgrade
        - Remove the directory that previously contained 50-nullbackend.conf
          after upgrading or removing policykit-1
        - Remove obsolete dh_makeshlibs override for the null backend
      * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports.
        reportbug doesn't currently seem to interpret
        "Depends: default-logind | logind" as implying that it should include
        the version number of the package that Provides logind in bug reports.
        Workaround for #934472.
      * Change the policykit-1 package from Architecture: any to
        Architecture: linux-any, and remove the consolekit [!linux-any]
        dependency. consolekit is no longer available in any Debian or
        debian-ports architecture, even those for non-Linux kernels.
        (Closes: #918446)
      * Standards-Version: 4.4.0 (no changes required)
      * Switch to debhelper-compat 12
        - d/control: Add ${misc:Pre-Depends}
      * Switch to dh_missing and abort on uninstalled files
        (patch taken from experimental, thanks to Michael Biebl)
    policykit-1 (0.105-25) unstable; urgency=medium
      * Team upload
      * Add tests-add-tests-for-high-uids.patch
        - Patch from upstream modified by Ubuntu to test high UID fix
      * Compare PolkitUnixProcess uids for temporary authorizations.
        - Fix temporary auth hijacking via PID reuse and non-atomic fork
          (CVE-2019-6133) (Closes: #918985)
    policykit-1 (0.105-24) unstable; urgency=medium
      * Allow uid of -1 for a PolkitUnixProcess.
        Revert an overzealous change from the previous security fix that caused
        a critical to be logged when trying to set the uid property to -1 (the
        default value).
    policykit-1 (0.105-23) unstable; urgency=high
      * Allow negative uids/gids in PolkitUnixUser and Group objects.
        Fixes a vulnerability in PolicyKit that allows a user with a uid greater
        than INT_MAX to successfully execute arbitrary polkit actions.
        (CVE-2018-19788, Closes: #915332)
    policykit-1 (0.105-22) unstable; urgency=medium
      * Move D-Bus policy file to /usr/share/dbus-1/system.d/
        To better support stateless systems with an empty /etc, the old location
        in /etc/dbus-1/system.d/ should only be used for local admin changes.
        Package provided D-Bus policy files are supposed to be installed in
        This is supported since dbus 1.9.18.
      * Remove obsolete conffile
        /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades
      * Bump Standards-Version to 4.2.1
      * Remove Breaks for versions older than oldstable
      * Stop masking polkit.service during the upgrade process.
        This is no longer necessary with the D-Bus policy file being installed
        in /usr/share/dbus-1/system.d/. (Closes: #902474)
      * Use dh_installsystemd to restart polkit.service after an upgrade.
        This replaces a good deal of hand-written maintscript code.
    policykit-1 (0.105-21) unstable; urgency=medium
      * Remove --no-parallel now that parallel builds (hopefully) work.
        Thanks to Adrian Bunk for spotting this.
      * Refresh patches via gbp pq
      * Use one patch per upstream commit for easier metadata round-trips
      * Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114
        - d/p/0.111/Fix-a-memory-leak.patch:
          Fix a memory leak when PAM authentication fails
        - d/p/0.113/Remove-a-redundant-assignment.patch:
          Fix a potential compiler warning
        - d/p/master/Fix-multi-line-pam-text-info.patch:
          Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch,
      * d/p/03_polkitunixsession_sessionid_from_display.patch:
        Replace with functionally identical
        as applied upstream
      * d/watch: Use https
      * d/watch: Download upstream PGP signatures
      * debian/upstream/signing-key.asc: Add public keys for Ray Strode,
        Miloslav Trmac, David Zeuthen
      * d/gbp.conf: Merge upstream tags into the upstream branch
      * Add myself to Uploaders
      * d/gbp.conf: Set patch-numbers to false to match current practice
      * d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch:
        Backport the security-significant part of 0.115 (CVE-2018-1116)
        (Closes: #903563)
      * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI
      * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck
      * Standards-Version: 4.1.5 (no changes required)
      * Set Rules-Requires-Root to no
    policykit-1 (0.105-20) unstable; urgency=medium
      * Team upload
      * d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch:
        Add patch from upstream to fix parallel builds (Closes: #894205)
    policykit-1 (0.105-19) unstable; urgency=medium
      * debian/copyright: Use https URL for Format:
      * Update Vcs-* links for move to salsa.debian.org.
      * Fix typos in patch descriptions.
        Fixes lintian's spelling-error-in-patch-description complaints.
      * Move to debhelper compat level 10.
        Remove explicit dh-autoreconf, it's now done by default.
      * Bump Standards-Version to 4.1.3
      * Add autopkgtest.
        This covers the pkaction and pkcheck CLI tools.
    policykit-1 (0.105-18) unstable; urgency=medium
      * Team upload.
      * master/Add-gettext-support-for-.policy-files.patch: Backport from master:
        Add .loc and .its files so that gettext can be used to translate policy
        files. Some upstreams, particularly those that are switching to meson,
        expect these files to be present so that their PK policy files can be
        translated. (Closes: #863207)
    policykit-1 (0.105-17) unstable; urgency=medium
      [ Michael Biebl ]
      * Use https:// for the upstream homepage.
      * Update Vcs-Browser to use cgit.
      * Rename the systemd service unit to polkit.service. It is now based on what
        was added upstream in 0.106.
      [ Simon McVittie ]
      * Build-depend on intltool instead of relying on gtk-doc-tools'
        dependency (Closes: #837846)
      [ Martin Pitt ]
      * Use PAM's common-session-noninteractive modules for pkexec instead of
        common-session. The latter also runs pam_systemd (the only difference
        normally) which is a no-op under the classic session-centric
        D-BUS/graphical login model (as it won't start a new one if it is already
        running within a logind session), but very expensive when using
        dbus-user-session and being called from a service that runs outside the
        PAM session. This causes long delays in e. g. gnome-settings-daemon's
        backlight helpers. (LP: #1626651)
    policykit-1 (0.105-16) unstable; urgency=medium
      [ Michael Biebl ]
      * Drop obsolete Breaks from pre-wheezy.
      * Use gir addon instead of calling dh_girepository manually.
      * Run wrap-and-sort -ast.
      * Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already
        pulled in via libgirepository1.0-dev.
      [ Martin Pitt ]
      * Add fallback if agent is not running in a logind session. This fixes
        polkit with dbus-user-session. Thanks Sebastien Bacher for the patch!
      * Bump Standards-Version to 3.9.8 (no changes necessary).
    policykit-1 (0.105-15) unstable; urgency=medium
      * Generate tight inter-package dependencies.
        This ensures that everything from the same source package is upgraded in
        lockstep. (Closes: #817998)
    policykit-1 (0.105-14.1) unstable; urgency=medium
      * Non-maintainer upload.
      * Fix FTBFS on non-linux/non-systemd. (Closes: #798769)
    policykit-1 (0.105-14) unstable; urgency=medium
      * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink
        removal for consistency.
      * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch
        backported from upstream master. (LP: #1510824)
    policykit-1 (0.105-13) unstable; urgency=medium
      * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
        policykit-1 is unpackaged but not yet configured. During that time we
        don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
        This can be dropped once the D-Bus policy moves to /usr.
        (Closes: #794723, LP: #1447654)
    policykit-1 (0.105-12) unstable; urgency=medium
      * Team upload
      * Replace 03_complete_session.patch with a change from upstream
        which seems like a more correct solution for LP#445303, LP#649939
      * 05_revert-admin-identities-unix-group-wheel.patch: remove confusing
        staff -> desktop_admin_r change in a man page (desktop_admin_r looks
        vaguely like a SELinux role but is actually being used as a group);
        keep only the actual functional change. This matches the syntactically
        different but functionally similar change in experimental.
      * 09_pam_environment.patch: replace with the version that went upstream.
      * Annotate remaining patches with a bit more information.
        They are:
        - 00git_fix_memleak.patch, 00git_invalid_object_paths.patch,
          00git_type_registration.patch, 04_get_cwd.patch,
          08_deprecate_racy_APIs.patch, 09_pam_environment.patch,
          cve-2013-4288.patch: either backports from upstream, or already
          applied upstream, and not discussed further here.
        - 01_pam_polkit.patch: use Debian's common-* infrastructure,
          plus pam_env to get the global environment and locale.
        - 02_gettext.patch: Use gettext to translate .policy files at
          runtime, allowing for Ubuntu-style language packs.
          Debian-specific (mainly for Ubuntu's benefit, really).
        - 05_revert-admin-identities-unix-group-wheel.patch: Debian does
          not use the "wheel" group like Red Hat derivatives do;
          treat uid 0 as the administrative identity instead.
        - 06_systemd-service.patch: hook up the systemd service in
          Not forwarded: obsoleted by an upstream change in 0.106,
          commit 2995085.
      * Re-order patch series to put upstream changes first, sorted by version
        in which they went upstream, and put them in subdirectories by version
      * Add patches from 0.113 to fix heap corruption CVE-2015-3255
        (Closes: #766860) and local authenticated denial of service
        CVE-2015-4625 (Closes: #796134)
      * Add numerous other bug-fix patches from 0.113
        - work around bugs in older versions of libpam-systemd when using
          su or similar (Closes: #772125)
        - treat background processes as part of the same uid's active GUI
          session if they have one (Closes: #779988)
        - fix some memory leaks (Closes: #775158, LP: #1417637)
      * Add backported public API polkit_system_bus_name_get_user_sync() to
        symbols file
      * Fix FTBFS with dpkg-buildpackage -A by only installing files into
        policykit-1 in per-arch builds
      * Run tests with a session bus pretending to be the system bus,
        so they can pass in a buildd environment
    policykit-1 (0.105-11) unstable; urgency=medium
      * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths
        in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932)
      * policykit-1.postinst: Reload systemd before restarting polkitd.service, to
        avoid "Warning: polkitd.service changed on disk". (Closes: #791397)
    policykit-1 (0.105-10) unstable; urgency=medium
      * Add 00git_type_registration.patch: Use GOnce for interface type
        registration. Fixes frequent udisks segfault (LP: #1236510).
      * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call
        results handler. (LP: #1417637)
    policykit-1 (0.105-9) unstable; urgency=medium
      [ Martin Pitt ]
      * policykit-1.postinst: Don't kill polkitd under systemd, but properly
        restart it. This avoids killing it shortly after systemd tries to
        bus-activate it on installation. (LP: #1447654)
      [ Michael Biebl ]
      * Build against libsystemd instead of the old libsystemd-login compat
        library. (Closes: #779756)
    policykit-1 (0.105-8) unstable; urgency=medium
      * Rebuild against libsystemd0. This drops the last remaining dependency to
        libsystemd-login0. (Closes: #771281)
      * Bump Standards-Version to 3.9.6 (no changes necessary).
    policykit-1 (0.105-7) unstable; urgency=medium
      * Team upload.
      * Install typelib files into MA libdir.
    policykit-1 (0.105-6.1) unstable; urgency=medium
      * Non-maintainer upload.
      * Use dh-autoreconf in build to support new architectures
    policykit-1 (0.105-6) unstable; urgency=medium
      * Team upload.
      * debian/control: Update Homepage URL
      * debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it
        registers a logind session properly (Closes: #745983)
    policykit-1 (0.105-5) unstable; urgency=medium
      * Team upload.
      * Enable systemd support on linux architectures
      * debian/control: Bump Standards-Version to 3.9.5 (no further changes)
      * debian/control: Use canonical VCS-* URL's
    policykit-1 (0.105-4) unstable; urgency=low
      * Acknowledge non-maintainer upload for CVE-2013-4288.
      * Also cherry-pick the upstream commit which deprecates the racy APIs.
      * debian/patches/09_pam_environment.patch: set process environment from
      * debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so our
        global settings from /etc/environment are applied correctly.
      * The two changes above fix pkexec to properly export the pam environment.
        Thanks Steve Langasek for the patch. (Closes: #692340)
    policykit-1 (0.105-3+nmu1) unstable; urgency=high
      * Non-maintainer upload by the Security Team.
      * Fix cve-2013-4288: race condition in pkcheck.c (closes: #723717).
    policykit-1 (0.105-3) unstable; urgency=low
      * 07_set-XAUTHORITY-environment-variable-if-unset.patch: Set XAUTHORITY
        environment variable to its default value $HOME/.Xauthority if unset.
        Some display managers, like KDM, do not set the XAUTHORITY variable, so
        starting graphical applications via pkexec was broken in those
        environments. (Closes: #671497)
    policykit-1 (0.105-2) unstable; urgency=low
      * Change the permissions of /etc/polkit-1/localauthority to 700, this
        directory is not supposed to be readable by everyone.
    policykit-1 (0.105-1) unstable; urgency=low
      * New upstream release.
      * debian/watch: Update URL, the tarballs are hosted on freedesktop.org now.
      * Update symbols file for libpolkit-gobject-1-0 and libpolkit-agent-1-0.
      * Update debian/copyright using the machine-readable copyright format 1.0.
      * Bump Standards-Version to 3.9.3.
      * Bump Build-Depends on debhelper to (>= 9).
    policykit-1 (0.104-2) unstable; urgency=low
      * debian/control: Add Build-Depends on libglib2.0-doc and libgtk-3-doc for
        proper cross-references in the gtk-doc API documentation.
      * Install systemd service file for polkitd.
    policykit-1 (0.104-1) unstable; urgency=low
      * New upstream release.
        - Add support for netgroups. (LP: #724052)
      * debian/rules: Disable systemd support, continue to work with ConsokeKit.
      * 05_revert-admin-identities-unix-group-wheel.patch: Refresh to apply
      * debian/libpolkit-gobject-1-0.symbols: Add new symbols from this new
      * debian/rules: Do not let test failures fail the build. The new test suite
        also runs a test against the system D-BUS/ConsoleKit, which can't work on
    policykit-1 (0.103-1) unstable; urgency=low
      * New upstream release.
      * debian/control: Change section of gir1.2-polkit-1.0 to introspection.
      * 05_revert-admin-identities-unix-group-wheel.patch: Revert upstream change
        to make group wheel the default admin identity since we already use group
        sudo resp. group admin for that.
    policykit-1 (0.102-2) unstable; urgency=low
      * 02_gettext.patch: Explicitly #include <locale.h> to fix non-optimized
        build. Thanks Ivan Krasilnikov for pointing this out.
      * debian/rules: When building on Ubuntu, also consider the "sudo" group as
        administrator, for compatibility with Debian and sudo itself. Keep "admin"
        for existing systems. (LP: #893842)
      * Convert to Multi-Arch and dh compat 9. Thanks Daniel Schaal for the
        patch! (Closes: #636196)
    policykit-1 (0.102-1) unstable; urgency=low
      * New upstream release.
      * debian/patches/00git_fix_proc_race.patch: Removed, merged upstream.
      * debian/patches/04_ignore_quilt_po.patch: Removed, merged upstream.
      * debian/patches/03_complete_session.patch: Refreshed.
      * debian/patches/04_get_cwd.patch: Use g_get_current_dir() to determine the
        current working directory. This fixes another PATH_MAX related FTBFS on
        hurd. Thanks Emilio Pozuelo Monfort for the patch. (Closes: #623017)
    policykit-1 (0.101-4) unstable; urgency=high
      Urgency high due to security fix.
      * Add 00git_fix_proc_race.patch: Avoid /proc race conditions when checking
        privileges for pkexec. Patch taken from
        https://bugzilla.redhat.com/show_bug.cgi?id=692922, now also landed in
        upstream git. [CVE-2011-1485]
      * debian/libpolkit-gobject-1-0.symbols: Update for new symbols.
      * Add 04_ignore_quilt_po.patch: Ignore .po/ for intltool. This avoids build
        failures if quilt patches change files with translatable strings. Thanks
        to Kees Cook for the patch!
    policykit-1 (0.101-3) unstable; urgency=low
      * debian/control
        - Add Depends on gir1.2-polkit-1.0 (= ${binary:Version}) to
          libpolkit-gobject-1-dev and libpolkit-agent-1-dev to comply with the
          updated GObject introspection policy.
        - Bump Standards-Version to 3.9.2. No further changes.
    policykit-1 (0.101-2) unstable; urgency=low
      * Upload to unstable.
    policykit-1 (0.101-1) experimental; urgency=low
      * New upstream release.
      * Update patches
        - Drop debian/patches/04_test_signalfd.patch, merged upstream.
        - Refresh other patches to apply cleanly.
      * debian/libpolkit-gobject-1-0.symbols
        - Add polkit_authorization_result_get_dismissed.
      * debian/control
        - Bump Build-Depends on libglib2.0-dev to (>= 2.28.0).
      * debian/rules
        - Don't build example programs.
    policykit-1 (0.100-1) experimental; urgency=low
      * New upstream release.
      * Refresh debian/patches/03_complete_session.patch.
      * Replace debian/patches/04_test_signalfd.patch with a patch that was merged
        upstream. This also allows to drop debian/patches/99_autoreconf.patch.
      * Switch from cdbs to dh.
      * Bump debhelper compatibility level to 8.
      * Install documentation using debian/policykit-1.docs.
      * Enable gobject introspection support.
        - Add Build-Depends on libgirepository1.0-dev (>= 0.9.12),
          gobject-introspection (>= 0.9.12-4~) and gir1.2-glib-2.0.
        - Add package gir1.2-polkit-1.0 containing the typelib files.
        - Install gir files in libpolkit-agent-1-dev.install and
        - Call dh_girepository in debian/rules.
    policykit-1 (0.99-3) unstable; urgency=low
      * Upload to unstable.
    policykit-1 (0.99-2) experimental; urgency=low
      [ Michael Biebl ]
      * Merge sudo group changes from unstable branch.
      [ Martin Pitt ]
      * debian/rules: Use dpkg-vendor instead of lsb_release. Drop lsb-release
        build dependency.
      * Add 04_test_signalfd.patch: Allow building on Non-Linux platforms without
        signalfd(). (Closes: #602476)
      * Add 99_autoreconf.patch: Pick up autoreconf changes from previous patch.
    policykit-1 (0.99-1) experimental; urgency=low
      [ Michael Biebl ]
      * New upstream release.
      * debian/patches/00git-fix-error-freeing.patch
        - Remove, fixed upstream.
      * debian/patches/00git-pkexec-information-disclosure.patch
        - Remove, merged upstream.
      * debian/control
        - Drop Build-Depends on libeggdbus-1-dev.
        - Bump Build-Depends on libglib2.0-dev to (>= 2.25.12) for GDBus.
      * Switch to source format 3.0 (quilt).
        - Add debian/source/format.
        - Drop Build-Depends on quilt.
        - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules.
        - Remove debian/README.source.
      [ Robert Ancell ]
      * Add debian/patches/02_gettext.patch: Use gettext for translations in
        .policy files if they specify a gettext domain.
      [ James Westby ]
      * Add debian/patches/03_complete_session.patch: Fix the race that leads to
        the password box disappearing, but the dialog remaining.
      [ Martin Pitt ]
      * debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated
        .symbols files more strongly.
    policykit-1 (0.96-4) unstable; urgency=low
      * debian/rules
        - When building for Debian, install a localauthority.conf.d configuration
          file which considers "sudo" group users as administrators.
          (Closes: #532499)
    policykit-1 (0.96-3) unstable; urgency=low
      * debian/control
        - Use architecture wildcard linux-any for libselinux1-dev.
        - Bump Standards-Version to 3.9.1.
      * debian/policykit-1.postinst
        - Query D-Bus to find out the correct pid of the process claiming
          org.freedesktop.PolicyKit1. This way we do not accidentally kill the
          wrong process when being installed in a chroot. (Closes: #595030)
      * debian/policykit-1.prerm
        - Stop polkitd on remove. (Closes: #595031)
    policykit-1 (0.96-2) unstable; urgency=medium
      * Urgency medium, just two small, but important bug fixes.
      * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure
        vulnerability that allows an attacker to verify whether or not arbitrary
        files exist, violating directory permissions.
      * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization()
        with an invalid PID. (LP: #540464)
    policykit-1 (0.96-1) unstable; urgency=low
      * New upstream release.
      * debian/libpolkit-backend-1-0.symbols
        - Update for new API addition.
    policykit-1 (0.95-1) unstable; urgency=low
      * New upstream release.
      * Remove patches
        - debian/patches/02_dont_export_private_symbols.patch (merged upstream)
        - debian/patches/03_path_max.patch (merged upstream)
        - debian/patches/04-ref-authority.patch (merged upstream)
        - debian/patches/05-pkexec-env.patch (merged upstream)
        - debian/patches/99_autoreconf.patch (obsolete)
      * debian/control
        - Bump Build-Depends on libeggbus-1-dev to (>= 0.6).
      * debian/rules
        - The example application is no longer built by default so we don't need
          to manually remove it anymore.
      * debian/libpolkit-{backend,gobject}-1-0.symbols
        - Update for new API additions.
    policykit-1 (0.94-6) unstable; urgency=low
      * debian/policykit-1.postinst
        - Use start-stop-daemon instead of kill+pidof to stop the running polkitd
          daemon on upgrades.
      * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered
        unstable. (Closes: #552605)
    policykit-1 (0.94-5) unstable; urgency=low
      * Add debian/patches/04-ref-authority.patch: Ref the instance returned by
        polkit_authority_get(), since the documentation says that it needs to be
        unref'ed after usage. This fixes crashes in NetworkManager and probably
        other programs, too. (LP: #438574, #432452, fd.o #24566)
      * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec
        saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk)
      * Add myself to Uploaders: with Michael's consent.
    policykit-1 (0.94-4) unstable; urgency=low
      * debian/patches/03_path_max.patch
        - Update patch to fix implicit pointer conversion for
          get_current_dir_name. (Closes: #550901)
    policykit-1 (0.94-3) unstable; urgency=low
      * debian/patches/03_path_max.patch
        - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800)
          Thanks to Samuel Thibault for the patch.
      * debian/policykit-1.postinst:
        - Kill the old polkitd daemon on upgrade, to ensure that the new version
          will be used at the next occasion.
    policykit-1 (0.94-2) unstable; urgency=low
      * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and
        link against -lfreebsd for sysctlnametomib.
        When glibc 2.10 enters unstable this workaround can be removed again.
    policykit-1 (0.94-1) unstable; urgency=low
      * Rename package to policykit-1. Upstream (at least temporarily) forked
        the project to make it installable in parallel with policykit 0.9, until
        all programs are ported to the new API.
      * Drop all patches except 01_pam_polkit.patch.
      * Refresh debian/patches/01_pam_polkit.patch.
      * debian/control
        - Update Build-Depends
          + Drop libdbus-1-dev, libdbus-glib-1-dev.
          + Add libeggdbus-1-dev (>= 0.5) and lsb-release.
          + Bump libglib2-dev dependency to (>= 2.21.4).
        - Update list of binary packages and their package descriptions.
        - Drop dependency on adduser.
        - Bump Standards-Version to 3.8.3.
          + Add README.source which refers to the quilt documentation.
        - Update Vcs-* fields. Package is now managed using Git and hosted on
      * Update shared library structure: libpolkit-{dbus,grant} →
      * Rename policykit, policykit-doc → policykit-1, policykit-1-doc.
      * Update and revise all *.install files.
      * debian/rules, debian/policykit.init: Drop init script, package doesn't use
        /var/run any more.
      * debian/policykit-1.postinst: Don't create "polkituser" system user, it's
        not used any more.
      * Update watch file.
      * debian/patches/02_dont_export_private_symbols.patch
        - Don't export private symbols in the libraries.
      * debian/patches/99_autoreconf.patch
        - Update the autotools files as the previous patch also touches the build
      * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved
        shlibs dependencies.
      * debian/rules
        - Disable introspection support.
        - When building for Ubuntu, install a localauthority.conf.d configuration
          file which considers "admin" group users as administrators.
        - Don't install example application.
      * debian/copyright
        - Update copyright holder.
        - License was changed to LGPL 2.1+.
    policykit (0.9-4) unstable; urgency=low
      * Add support for /var/run being a tmpfs. (Closes: #532101)
        - Create /var/run/PolicyKit dynamically on boot by using an init script.
          Original patch by Martin Pitt, thanks. Updated patch to only run the
          init script in runlevel S at priority 75.
        - Do no longer ship /var/run/PolicyKit in the package itself.
      * debian/control
        - Bump Standards-Version to 3.8.1.
      * debian/patches/04_entry_leak.patch
        - Plug a memory leak. Patch pulled from Fedora.
      * debian/patches/05_manpage_typo_fix.patch
        - Fix a small typo in the polkit-auth man page. (Closes: #523565)
      * debian/patches/06_no_inotify_or_path_max.patch
        - Add support for systems which don't support inotify (like hurd) and
          don't use PATH_MAX unconditionally, instead use dynamically growing
          buffers. (Closes: #521756)
          Patch by Samuel Thibault, thanks.
    policykit (0.9-3) unstable; urgency=low
      * Switch patch management system to quilt.
      * debian/control
        - Wrap Build-Depends.
        - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758)
        - Bump Build-Depends on debhelper to (>= 7).
      * debian/compat
        - Bump debhelper compat level to 7.
      * debian/rules
        - Include debhelper.mk before any other files as recommended by the cdbs
      * debian/patches/03_consolekit0.3-api.patch
        - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either.
          Patch pulled from Ubuntu.
    policykit (0.9-2) unstable; urgency=high
      [ Simon McVittie ]
      * Add patch committed in Fedora (although not upstream) by the upstream
        maintainer, to allow PolicyKit to be used when CVE-2008-4311 has
        been fixed in dbus-daemon. (Closes: #510646)
      [ Michael Biebl ]
      * debian/control
        - Add ${misc:Depends} to all binary packages.
    policykit (0.9-1) unstable; urgency=low
      * New upstream release.
      * debian/control
        - Bump Standards-Version to 3.8.0. No further changes.
    policykit (0.8-2) unstable; urgency=low
      * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2.
      * debian/policykit.postinst
        - Set correct permissions for all files. (Closes: #482064)
        - Define a small helper function to apply the permissions. This makes it
          more concise and readable.
    policykit (0.8-1) unstable; urgency=medium
      * New upstream release.
        - SECURITY - CVE-2008-1658:
          Fixes format string vulnerability in the grant helper. (Closes: #476615)
      * debian/control
        - Add Build-Depends on pkg-config.
    policykit (0.7-2) unstable; urgency=low
      * Upload to unstable.
    policykit (0.7-1) experimental; urgency=low
      * New upstream release. (Closes: #455874)
      * debian/control
        - Bump Standards-Version to 3.7.3. No further changes required.
        - Add Build-Depends on libdbus-glib-1-dev (>= 0.73).
        - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/.
          (Closes: #446504)
        - Improve package description. (Closes: #446554)
      * debian/copyright
        - All code is now licensed under the MIT/X11 license. Update the copyright
          notice accordingly.
      * debian/policykit.dirs
        - Add the directory /var/lib/PolicyKit-public.
      * debian/policykit.install
        - Install the D-Bus config and service files for the PolicyKit system
        - Install /var/lib/misc/PolicyKit.reload.
      * debian/rules
        - Fix the permissions of /var/lib/misc/PolicyKit.reload.
      * debian/policykit.postinst
        - Use dpkg-statoverride to check for local modifications before setting
          the SUID/SGID bits.
    policykit (0.6-1) experimental; urgency=low
      * New upstream release.
      * debian/control
        - Use new "Homepage:" field to specify the upstream URL.
        - The Vcs-* fields are now officially supported, so remove the XS- prefix.
        - Add a Recommends: policykit-gnome to the policykit package.
        - Enable SELinux support by adding a Build-Depends on libselinux1-dev for
          all supported platforms.
      * debian/policykit.postinst
        - Install polkit-grant-helper-pam with the correct permissions.
    policykit (0.5-1) experimental; urgency=low
      * Initial release. (Closes: #397087)