1. 26 Jan, 2022 3 commits
  2. 17 Jan, 2022 3 commits
    • Emanuele Aina's avatar
      Release policykit-1 version 1:0.105-31+apertis3 · 9fd56084
      Emanuele Aina authored
      
      
      Actually release the update bumping the version to re-introduce
      the epoch.
      Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>
      9fd56084
    • Vignesh Raman's avatar
      debian/changelog: Update version · 4814f818
      Vignesh Raman authored
      
      
      pristine-lfs-source already had policykit-1_0.105-31+apertis2.dsc
      
      Since the filenames does not include the epoch, the below error is seen
      when the version is updated to 1:0.105-31+apertis2,
      $ pristine-lfs -v import-dsc --full --branch "${PRISTINE_SOURCE}" _build-release/*.dsc
      I: Importing: _build-release/policykit-1_0.105.orig.tar.gz _build-release/policykit-1_0.105-31+apertis2.debian.tar.xz _build-release/policykit-1_0.105-31+apertis2.dsc
      abort: would overwrite files: policykit-1_0.105-31+apertis2.debian.tar.xz, policykit-1_0.105-31+apertis2.dsc
      
      To fix this bump the version to 1:0.105-31+apertis3
      Signed-off-by: Vignesh Raman's avatarVignesh Raman <vignesh.raman@collabora.com>
      4814f818
    • Vignesh Raman's avatar
      debian/changelog: Fix version · 1ae68880
      Vignesh Raman authored
      
      
      Re-add the epoch in the version that was lost by mistake
      in 0.105-31+apertis1. The epoch has been introduced in
      1:0.105-30apertis1 when we reverted to the version from
      Bullseye rather than the newer one from Experimental we
      used in the past.
      Signed-off-by: Vignesh Raman's avatarVignesh Raman <vignesh.raman@collabora.com>
      1ae68880
  3. 18 Jul, 2021 1 commit
  4. 14 Jul, 2021 1 commit
  5. 11 Jun, 2021 6 commits
  6. 18 Apr, 2021 3 commits
  7. 16 Apr, 2021 3 commits
    • Ritesh Raj Sarraf's avatar
      Merge branch 'debian/bullseye' into wip/ritesh/manual-merge-bullseye · cf27fab8
      Ritesh Raj Sarraf authored
      * debian/bullseye:
        Manually import orig tarball 0.105
      cf27fab8
    • Simon McVittie's avatar
      Import Debian changes 0.105-30 · 531368b6
      Simon McVittie authored and Ritesh Raj Sarraf's avatar Ritesh Raj Sarraf committed
      policykit-1 (0.105-30) unstable; urgency=medium
      .
        [ Helmut Grohne ]
        * Annotate Build-Depends: dbus <!nocheck> (Closes: #980998)
      .
      policykit-1 (0.105-29) unstable; urgency=medium
      .
        * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec.
          If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it
          will fail to find the binary at the new location. So create a symlink to
          prevent authentication failures on upgrades. (Closes: #965210)
      .
      policykit-1 (0.105-28) unstable; urgency=medium
      .
        [ TANIGUCHI Takaki ]
        * postinst: Fix polkit-agent-helper-1 path
      .
        [ Michael Biebl ]
        * Fix polkitd path in polkit.service (Closes: #965164)
        * Use --restart-after-upgrade.
          With debhelper 13.1, --no-start will disable --restart-after-upgrade.
          Since we want the service to be restarted on upgrades, request that
          explicitly.
        * Remove old maintscript migration code from pre-oldstable
      .
      policykit-1 (0.105-27) unstable; urgency=medium
      .
        * Switch to /usr/libexec now that it is allowed by debian policy
        * Bump debhelper-compat to 13
        * Bump Standards-Version to 4.5.0
        * Try harder to look up the right localization.
          Fixes out-of-bounds read in _localize. (Closes: #956223)
      .
      policykit-1 (0.105-26) unstable; urgency=medium
      .
        [ Mark Hindley ]
        * Depend on new virtual packages default-logind and logind
          (Closes: #923240)
      .
        [ Simon McVittie ]
        * Apply most changes from upstream release 0.116
          - d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch,
            d/p/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch:
            Reduce messages to stderr from polkit agents, in particular when using
            "systemctl reboot" on a ssh connection or when using "systemctl start"
            in systemd emergency mode
          - d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch:
            Fix critical warnings when calling polkit_permission_new_sync() with
            no D-Bus system bus
          - d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch:
            Fix a potential use-after-free in polkit agents
          - d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch:
            Re-enable echo if the tty agent is killed by SIGINT or SIGTERM
            or suspended with SIGTSTP
        * Add more bug fixes backported from earlier upstream releases
          - d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch:
            Fix a segfault when a library user like flatpak attempts to register
            a polkit agent with no system bus available (Closes: #923046)
          - d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch:
            Make it more obvious that polkitprivate.h was never intended to be API
          - d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch:
            Fix a memory leak
          - d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch:
            Avoid a use of the deprecated polkit_unix_process_new()
        * d/*.symbols: Add Build-Depends-Package metadata
        * d/policykit-1.lintian-overrides: Override systemd unit false positives.
          The systemd unit is only for on-demand D-Bus activation, and is not
          intended to be started during boot, so an [Install] section and a
          parallel LSB init script are not necessary.
        * Stop building libpolkit-backend as a shared library.
          Its API was never declared stable before upstream removed it in
          0.106. Nothing in Debian depended on it, except for polkitd itself,
          which now links the same code statically.
          This is a step towards being able to use the current upstream release of
          polkit and patch in the old localauthority backend as an alternative to
          the JavaScript backend, instead of using the old 0.105 codebase and
          patching in essentially every change except the JavaScript backend,
          which is becoming unmanageable.
          - Remove the example null backend, which is pointless now that we've
            removed the ability to extend polkit.
          - Remove obsolete conffile 50-nullbackend.conf on upgrade
          - Remove the directory that previously contained 50-nullbackend.conf
            after upgrading or removing policykit-1
          - Remove obsolete dh_makeshlibs override for the null backend
        * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports.
          reportbug doesn't currently seem to interpret
          "Depends: default-logind | logind" as implying that it should include
          the version number of the package that Provides logind in bug reports.
          Workaround for #934472.
        * Change the policykit-1 package from Architecture: any to
          Architecture: linux-any, and remove the consolekit [!linux-any]
          dependency. consolekit is no longer available in any Debian or
          debian-ports architecture, even those for non-Linux kernels.
          (Closes: #918446)
        * Standards-Version: 4.4.0 (no changes required)
        * Switch to debhelper-compat 12
          - d/control: Add ${misc:Pre-Depends}
        * Switch to dh_missing and abort on uninstalled files
          (patch taken from experimental, thanks to Michael Biebl)
      .
      policykit-1 (0.105-25) unstable; urgency=medium
      .
        * Team upload
        * Add tests-add-tests-for-high-uids.patch
          - Patch from upstream modified by Ubuntu to test high UID fix
        * Compare PolkitUnixProcess uids for temporary authorizations.
          - Fix temporary auth hijacking via PID reuse and non-atomic fork
            (CVE-2019-6133) (Closes: #918985)
      .
      policykit-1 (0.105-24) unstable; urgency=medium
      .
        * Allow uid of -1 for a PolkitUnixProcess.
          Revert an overzealous change from the previous security fix that caused
          a critical to be logged when trying to set the uid property to -1 (the
          default value).
      .
      policykit-1 (0.105-23) unstable; urgency=high
      .
        * Allow negative uids/gids in PolkitUnixUser and Group objects.
          Fixes a vulnerability in PolicyKit that allows a user with a uid greater
          than INT_MAX to successfully execute arbitrary polkit actions.
          (CVE-2018-19788, Closes: #915332)
      .
      policykit-1 (0.105-22) unstable; urgency=medium
      .
        * Move D-Bus policy file to /usr/share/dbus-1/system.d/
          To better support stateless systems with an empty /etc, the old location
          in /etc/dbus-1/system.d/ should only be used for local admin changes.
          Package provided D-Bus policy files are supposed to be installed in
          /usr/share/dbus-1/system.d/.
          This is supported since dbus 1.9.18.
        * Remove obsolete conffile
          /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades
        * Bump Standards-Version to 4.2.1
        * Remove Breaks for versions older than oldstable
        * Stop masking polkit.service during the upgrade process.
          This is no longer necessary with the D-Bus policy file being installed
          in /usr/share/dbus-1/system.d/. (Closes: #902474)
        * Use dh_installsystemd to restart polkit.service after an upgrade.
          This replaces a good deal of hand-written maintscript code.
      .
      policykit-1 (0.105-21) unstable; urgency=medium
      .
        * Remove --no-parallel now that parallel builds (hopefully) work.
          Thanks to Adrian Bunk for spotting this.
        * Refresh patches via gbp pq
        * Use one patch per upstream commit for easier metadata round-trips
        * Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114
          - d/p/0.111/Fix-a-memory-leak.patch:
            Fix a memory leak when PAM authentication fails
          - d/p/0.113/Remove-a-redundant-assignment.patch:
            Fix a potential compiler warning
          - d/p/master/Fix-multi-line-pam-text-info.patch:
            Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch,
            d/p/0.114/Fix-multi-line-pam-text-info.patch,
            d/p/0.114/Refactor-send_to_helper-usage.patch
        * d/p/03_polkitunixsession_sessionid_from_display.patch:
          Replace with functionally identical
          d/p/0.114/Support-polkit-session-agent-running-outside-user-session.patch
          as applied upstream
        * d/watch: Use https
        * d/watch: Download upstream PGP signatures
        * debian/upstream/signing-key.asc: Add public keys for Ray Strode,
          Miloslav Trmac, David Zeuthen
        * d/gbp.conf: Merge upstream tags into the upstream branch
        * Add myself to Uploaders
        * d/gbp.conf: Set patch-numbers to false to match current practice
        * d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch:
          Backport the security-significant part of 0.115 (CVE-2018-1116)
          (Closes: #903563)
        * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI
        * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck
        * Standards-Version: 4.1.5 (no changes required)
        * Set Rules-Requires-Root to no
      .
      policykit-1 (0.105-20) unstable; urgency=medium
      .
        * Team upload
        * d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch:
          Add patch from upstream to fix parallel builds (Closes: #894205)
      .
      policykit-1 (0.105-19) unstable; urgency=medium
      .
        * debian/copyright: Use https URL for Format:
        * Update Vcs-* links for move to salsa.debian.org.
        * Fix typos in patch descriptions.
          Fixes lintian's spelling-error-in-patch-description complaints.
        * Move to debhelper compat level 10.
          Remove explicit dh-autoreconf, it's now done by default.
        * Bump Standards-Version to 4.1.3
        * Add autopkgtest.
          This covers the pkaction and pkcheck CLI tools.
      .
      policykit-1 (0.105-18) unstable; urgency=medium
      .
        * Team upload.
        * master/Add-gettext-support-for-.policy-files.patch: Backport from master:
          Add .loc and .its files so that gettext can be used to translate policy
          files. Some upstreams, particularly those that are switching to meson,
          expect these files to be present so that their PK policy files can be
          translated. (Closes: #863207)
      .
      policykit-1 (0.105-17) unstable; urgency=medium
      .
        [ Michael Biebl ]
        * Use https:// for the upstream homepage.
        * Update Vcs-Browser to use cgit.
        * Rename the systemd service unit to polkit.service. It is now based on what
          was added upstream in 0.106.
      .
        [ Simon McVittie ]
        * Build-depend on intltool instead of relying on gtk-doc-tools'
          dependency (Closes: #837846)
      .
        [ Martin Pitt ]
        * Use PAM's common-session-noninteractive modules for pkexec instead of
          common-session. The latter also runs pam_systemd (the only difference
          normally) which is a no-op under the classic session-centric
          D-BUS/graphical login model (as it won't start a new one if it is already
          running within a logind session), but very expensive when using
          dbus-user-session and being called from a service that runs outside the
          PAM session. This causes long delays in e. g. gnome-settings-daemon's
          backlight helpers. (LP: #1626651)
      .
      policykit-1 (0.105-16) unstable; urgency=medium
      .
        [ Michael Biebl ]
        * Drop obsolete Breaks from pre-wheezy.
        * Use gir addon instead of calling dh_girepository manually.
        * Run wrap-and-sort -ast.
        * Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already
          pulled in via libgirepository1.0-dev.
      .
        [ Martin Pitt ]
        * Add fallback if agent is not running in a logind session. This fixes
          polkit with dbus-user-session. Thanks Sebastien Bacher for the patch!
        * Bump Standards-Version to 3.9.8 (no changes necessary).
      .
      policykit-1 (0.105-15) unstable; urgency=medium
      .
        * Generate tight inter-package dependencies.
          This ensures that everything from the same source package is upgraded in
          lockstep. (Closes: #817998)
      .
      policykit-1 (0.105-14.1) unstable; urgency=medium
      .
        * Non-maintainer upload.
        * Fix FTBFS on non-linux/non-systemd. (Closes: #798769)
      .
      policykit-1 (0.105-14) unstable; urgency=medium
      .
        * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink
          removal for consistency.
        * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch
          backported from upstream master. (LP: #1510824)
      .
      policykit-1 (0.105-13) unstable; urgency=medium
      .
        * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
          policykit-1 is unpackaged but not yet configured. During that time we
          don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
          This can be dropped once the D-Bus policy moves to /usr.
          (Closes: #794723, LP: #1447654)
      .
      policykit-1 (0.105-12) unstable; urgency=medium
      .
        * Team upload
        * Replace 03_complete_session.patch with a change from upstream
          which seems like a more correct solution for LP#445303, LP#649939
        * 05_revert-admin-identities-unix-group-wheel.patch: remove confusing
          staff -> desktop_admin_r change in a man page (desktop_admin_r looks
          vaguely like a SELinux role but is actually being used as a group);
          keep only the actual functional change. This matches the syntactically
          different but functionally similar change in experimental.
        * 09_pam_environment.patch: replace with the version that went upstream.
        * Annotate remaining patches with a bit more information.
          They are:
          - 00git_fix_memleak.patch, 00git_invalid_object_paths.patch,
            00git_type_registration.patch, 04_get_cwd.patch,
            07_set-XAUTHORITY-environment-variable-if-unset.patch,
            08_deprecate_racy_APIs.patch, 09_pam_environment.patch,
            cve-2013-4288.patch: either backports from upstream, or already
            applied upstream, and not discussed further here.
          - 01_pam_polkit.patch: use Debian's common-* infrastructure,
            plus pam_env to get the global environment and locale.
            Debian-specific.
          - 02_gettext.patch: Use gettext to translate .policy files at
            runtime, allowing for Ubuntu-style language packs.
            Debian-specific (mainly for Ubuntu's benefit, really).
          - 05_revert-admin-identities-unix-group-wheel.patch: Debian does
            not use the "wheel" group like Red Hat derivatives do;
            treat uid 0 as the administrative identity instead.
            Debian-specific.
          - 06_systemd-service.patch: hook up the systemd service in
            debian/polkitd.service.
            Not forwarded: obsoleted by an upstream change in 0.106,
            commit 2995085.
        * Re-order patch series to put upstream changes first, sorted by version
          in which they went upstream, and put them in subdirectories by version
        * Add patches from 0.113 to fix heap corruption CVE-2015-3255
          (Closes: #766860) and local authenticated denial of service
          CVE-2015-4625 (Closes: #796134)
        * Add numerous other bug-fix patches from 0.113
          - work around bugs in older versions of libpam-systemd when using
            su or similar (Closes: #772125)
          - treat background processes as part of the same uid's active GUI
            session if they have one (Closes: #779988)
          - fix some memory leaks (Closes: #775158, LP: #1417637)
        * Add backported public API polkit_system_bus_name_get_user_sync() to
          symbols file
        * Fix FTBFS with dpkg-buildpackage -A by only installing files into
          policykit-1 in per-arch builds
        * Run tests with a session bus pretending to be the system bus,
          so they can pass in a buildd environment
      .
      policykit-1 (0.105-11) unstable; urgency=medium
      .
        * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths
          in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932)
        * policykit-1.postinst: Reload systemd before restarting polkitd.service, to
          avoid "Warning: polkitd.service changed on disk". (Closes: #791397)
      .
      policykit-1 (0.105-10) unstable; urgency=medium
      .
        * Add 00git_type_registration.patch: Use GOnce for interface type
          registration. Fixes frequent udisks segfault (LP: #1236510).
        * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call
          results handler. (LP: #1417637)
      .
      policykit-1 (0.105-9) unstable; urgency=medium
      .
        [ Martin Pitt ]
        * policykit-1.postinst: Don't kill polkitd under systemd, but properly
          restart it. This avoids killing it shortly after systemd tries to
          bus-activate it on installation. (LP: #1447654)
      .
        [ Michael Biebl ]
        * Build against libsystemd instead of the old libsystemd-login compat
          library. (Closes: #779756)
      .
      policykit-1 (0.105-8) unstable; urgency=medium
      .
        * Rebuild against libsystemd0. This drops the last remaining dependency to
          libsystemd-login0. (Closes: #771281)
        * Bump Standards-Version to 3.9.6 (no changes necessary).
      .
      policykit-1 (0.105-7) unstable; urgency=medium
      .
        * Team upload.
        * Install typelib files into MA libdir.
      .
      policykit-1 (0.105-6.1) unstable; urgency=medium
      .
        * Non-maintainer upload.
        * Use dh-autoreconf in build to support new architectures
      .
      policykit-1 (0.105-6) unstable; urgency=medium
      .
        * Team upload.
        * debian/control: Update Homepage URL
        * debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it
          registers a logind session properly (Closes: #745983)
      .
      policykit-1 (0.105-5) unstable; urgency=medium
      .
        * Team upload.
        * Enable systemd support on linux architectures
        * debian/control: Bump Standards-Version to 3.9.5 (no further changes)
        * debian/control: Use canonical VCS-* URL's
      .
      policykit-1 (0.105-4) unstable; urgency=low
      .
        * Acknowledge non-maintainer upload for CVE-2013-4288.
        * Also cherry-pick the upstream commit which deprecates the racy APIs.
        * debian/patches/09_pam_environment.patch: set process environment from
          pam_getenvlist().
        * debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so our
          global settings from /etc/environment are applied correctly.
        * The two changes above fix pkexec to properly export the pam environment.
          Thanks Steve Langasek for the patch. (Closes: #692340)
      .
      policykit-1 (0.105-3+nmu1) unstable; urgency=high
      .
        * Non-maintainer upload by the Security Team.
        * Fix cve-2013-4288: race condition in pkcheck.c (closes: #723717).
      .
      policykit-1 (0.105-3) unstable; urgency=low
      .
        * 07_set-XAUTHORITY-environment-variable-if-unset.patch: Set XAUTHORITY
          environment variable to its default value $HOME/.Xauthority if unset.
          Some display managers, like KDM, do not set the XAUTHORITY variable, so
          starting graphical applications via pkexec was broken in those
          environments. (Closes: #671497)
      .
      policykit-1 (0.105-2) unstable; urgency=low
      .
        * Change the permissions of /etc/polkit-1/localauthority to 700, this
          directory is not supposed to be readable by everyone.
      .
      policykit-1 (0.105-1) unstable; urgency=low
      .
        * New upstream release.
        * debian/watch: Update URL, the tarballs are hosted on freedesktop.org now.
        * Update symbols file for libpolkit-gobject-1-0 and libpolkit-agent-1-0.
        * Update debian/copyright using the machine-readable copyright format 1.0.
        * Bump Standards-Version to 3.9.3.
        * Bump Build-Depends on debhelper to (>= 9).
      .
      policykit-1 (0.104-2) unstable; urgency=low
      .
        * debian/control: Add Build-Depends on libglib2.0-doc and libgtk-3-doc for
          proper cross-references in the gtk-doc API documentation.
        * Install systemd service file for polkitd.
      .
      policykit-1 (0.104-1) unstable; urgency=low
      .
        * New upstream release.
          - Add support for netgroups. (LP: #724052)
        * debian/rules: Disable systemd support, continue to work with ConsokeKit.
        * 05_revert-admin-identities-unix-group-wheel.patch: Refresh to apply
          cleanly.
        * debian/libpolkit-gobject-1-0.symbols: Add new symbols from this new
          release.
        * debian/rules: Do not let test failures fail the build. The new test suite
          also runs a test against the system D-BUS/ConsoleKit, which can't work on
          buildds.
      .
      policykit-1 (0.103-1) unstable; urgency=low
      .
        * New upstream release.
        * debian/control: Change section of gir1.2-polkit-1.0 to introspection.
        * 05_revert-admin-identities-unix-group-wheel.patch: Revert upstream change
          to make group wheel the default admin identity since we already use group
          sudo resp. group admin for that.
      .
      policykit-1 (0.102-2) unstable; urgency=low
      .
        * 02_gettext.patch: Explicitly #include <locale.h> to fix non-optimized
          build. Thanks Ivan Krasilnikov for pointing this out.
        * debian/rules: When building on Ubuntu, also consider the "sudo" group as
          administrator, for compatibility with Debian and sudo itself. Keep "admin"
          for existing systems. (LP: #893842)
        * Convert to Multi-Arch and dh compat 9. Thanks Daniel Schaal for the
          patch! (Closes: #636196)
      .
      policykit-1 (0.102-1) unstable; urgency=low
      .
        * New upstream release.
        * debian/patches/00git_fix_proc_race.patch: Removed, merged upstream.
        * debian/patches/04_ignore_quilt_po.patch: Removed, merged upstream.
        * debian/patches/03_complete_session.patch: Refreshed.
        * debian/patches/04_get_cwd.patch: Use g_get_current_dir() to determine the
          current working directory. This fixes another PATH_MAX related FTBFS on
          hurd. Thanks Emilio Pozuelo Monfort for the patch. (Closes: #623017)
      .
      policykit-1 (0.101-4) unstable; urgency=high
      .
        Urgency high due to security fix.
      .
        * Add 00git_fix_proc_race.patch: Avoid /proc race conditions when checking
          privileges for pkexec. Patch taken from
          https://bugzilla.redhat.com/show_bug.cgi?id=692922, now also landed in
          upstream git. [CVE-2011-1485]
        * debian/libpolkit-gobject-1-0.symbols: Update for new symbols.
        * Add 04_ignore_quilt_po.patch: Ignore .po/ for intltool. This avoids build
          failures if quilt patches change files with translatable strings. Thanks
          to Kees Cook for the patch!
      .
      policykit-1 (0.101-3) unstable; urgency=low
      .
        * debian/control
          - Add Depends on gir1.2-polkit-1.0 (= ${binary:Version}) to
            libpolkit-gobject-1-dev and libpolkit-agent-1-dev to comply with the
            updated GObject introspection policy.
          - Bump Standards-Version to 3.9.2. No further changes.
      .
      policykit-1 (0.101-2) unstable; urgency=low
      .
        * Upload to unstable.
      .
      policykit-1 (0.101-1) experimental; urgency=low
      .
        * New upstream release.
        * Update patches
          - Drop debian/patches/04_test_signalfd.patch, merged upstream.
          - Refresh other patches to apply cleanly.
        * debian/libpolkit-gobject-1-0.symbols
          - Add polkit_authorization_result_get_dismissed.
        * debian/control
          - Bump Build-Depends on libglib2.0-dev to (>= 2.28.0).
        * debian/rules
          - Don't build example programs.
      .
      policykit-1 (0.100-1) experimental; urgency=low
      .
        * New upstream release.
        * Refresh debian/patches/03_complete_session.patch.
        * Replace debian/patches/04_test_signalfd.patch with a patch that was merged
          upstream. This also allows to drop debian/patches/99_autoreconf.patch.
        * Switch from cdbs to dh.
        * Bump debhelper compatibility level to 8.
        * Install documentation using debian/policykit-1.docs.
        * Enable gobject introspection support.
          - Add Build-Depends on libgirepository1.0-dev (>= 0.9.12),
            gobject-introspection (>= 0.9.12-4~) and gir1.2-glib-2.0.
          - Add package gir1.2-polkit-1.0 containing the typelib files.
          - Install gir files in libpolkit-agent-1-dev.install and
            libpolkit-gobject-1-dev.install.
          - Call dh_girepository in debian/rules.
      .
      policykit-1 (0.99-3) unstable; urgency=low
      .
        * Upload to unstable.
      .
      policykit-1 (0.99-2) experimental; urgency=low
      .
        [ Michael Biebl ]
        * Merge sudo group changes from unstable branch.
      .
        [ Martin Pitt ]
        * debian/rules: Use dpkg-vendor instead of lsb_release. Drop lsb-release
          build dependency.
        * Add 04_test_signalfd.patch: Allow building on Non-Linux platforms without
          signalfd(). (Closes: #602476)
        * Add 99_autoreconf.patch: Pick up autoreconf changes from previous patch.
      .
      policykit-1 (0.99-1) experimental; urgency=low
      .
        [ Michael Biebl ]
        * New upstream release.
        * debian/patches/00git-fix-error-freeing.patch
          - Remove, fixed upstream.
        * debian/patches/00git-pkexec-information-disclosure.patch
          - Remove, merged upstream.
        * debian/control
          - Drop Build-Depends on libeggdbus-1-dev.
          - Bump Build-Depends on libglib2.0-dev to (>= 2.25.12) for GDBus.
        * Switch to source format 3.0 (quilt).
          - Add debian/source/format.
          - Drop Build-Depends on quilt.
          - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules.
          - Remove debian/README.source.
      .
        [ Robert Ancell ]
        * Add debian/patches/02_gettext.patch: Use gettext for translations in
          .policy files if they specify a gettext domain.
      .
        [ James Westby ]
        * Add debian/patches/03_complete_session.patch: Fix the race that leads to
          the password box disappearing, but the dialog remaining.
      .
        [ Martin Pitt ]
        * debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated
          .symbols files more strongly.
      .
      policykit-1 (0.96-4) unstable; urgency=low
      .
        * debian/rules
          - When building for Debian, install a localauthority.conf.d configuration
            file which considers "sudo" group users as administrators.
            (Closes: #532499)
      .
      policykit-1 (0.96-3) unstable; urgency=low
      .
        * debian/control
          - Use architecture wildcard linux-any for libselinux1-dev.
          - Bump Standards-Version to 3.9.1.
        * debian/policykit-1.postinst
          - Query D-Bus to find out the correct pid of the process claiming
            org.freedesktop.PolicyKit1. This way we do not accidentally kill the
            wrong process when being installed in a chroot. (Closes: #595030)
        * debian/policykit-1.prerm
          - Stop polkitd on remove. (Closes: #595031)
      .
      policykit-1 (0.96-2) unstable; urgency=medium
      .
        * Urgency medium, just two small, but important bug fixes.
        * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure
          vulnerability that allows an attacker to verify whether or not arbitrary
          files exist, violating directory permissions.
        * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization()
          with an invalid PID. (LP: #540464)
      .
      policykit-1 (0.96-1) unstable; urgency=low
      .
        * New upstream release.
        * debian/libpolkit-backend-1-0.symbols
          - Update for new API addition.
      .
      policykit-1 (0.95-1) unstable; urgency=low
      .
        * New upstream release.
        * Remove patches
          - debian/patches/02_dont_export_private_symbols.patch (merged upstream)
          - debian/patches/03_path_max.patch (merged upstream)
          - debian/patches/04-ref-authority.patch (merged upstream)
          - debian/patches/05-pkexec-env.patch (merged upstream)
          - debian/patches/99_autoreconf.patch (obsolete)
        * debian/control
          - Bump Build-Depends on libeggbus-1-dev to (>= 0.6).
        * debian/rules
          - The example application is no longer built by default so we don't need
            to manually remove it anymore.
        * debian/libpolkit-{backend,gobject}-1-0.symbols
          - Update for new API additions.
      .
      policykit-1 (0.94-6) unstable; urgency=low
      .
        * debian/policykit-1.postinst
          - Use start-stop-daemon instead of kill+pidof to stop the running polkitd
            daemon on upgrades.
        * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered
          unstable. (Closes: #552605)
      .
      policykit-1 (0.94-5) unstable; urgency=low
      .
        * Add debian/patches/04-ref-authority.patch: Ref the instance returned by
          polkit_authority_get(), since the documentation says that it needs to be
          unref'ed after usage. This fixes crashes in NetworkManager and probably
          other programs, too. (LP: #438574, #432452, fd.o #24566)
        * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec
          saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk)
        * Add myself to Uploaders: with Michael's consent.
      .
      policykit-1 (0.94-4) unstable; urgency=low
      .
        * debian/patches/03_path_max.patch
          - Update patch to fix implicit pointer conversion for
            get_current_dir_name. (Closes: #550901)
      .
      policykit-1 (0.94-3) unstable; urgency=low
      .
        * debian/patches/03_path_max.patch
          - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800)
            Thanks to Samuel Thibault for the patch.
        * debian/policykit-1.postinst:
          - Kill the old polkitd daemon on upgrade, to ensure that the new version
            will be used at the next occasion.
      .
      policykit-1 (0.94-2) unstable; urgency=low
      .
        * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and
          link against -lfreebsd for sysctlnametomib.
          When glibc 2.10 enters unstable this workaround can be removed again.
      .
      policykit-1 (0.94-1) unstable; urgency=low
      .
        * Rename package to policykit-1. Upstream (at least temporarily) forked
          the project to make it installable in parallel with policykit 0.9, until
          all programs are ported to the new API.
        * Drop all patches except 01_pam_polkit.patch.
        * Refresh debian/patches/01_pam_polkit.patch.
        * debian/control
          - Update Build-Depends
            + Drop libdbus-1-dev, libdbus-glib-1-dev.
            + Add libeggdbus-1-dev (>= 0.5) and lsb-release.
            + Bump libglib2-dev dependency to (>= 2.21.4).
          - Update list of binary packages and their package descriptions.
          - Drop dependency on adduser.
          - Bump Standards-Version to 3.8.3.
            + Add README.source which refers to the quilt documentation.
          - Update Vcs-* fields. Package is now managed using Git and hosted on
            git.debian.org.
        * Update shared library structure: libpolkit-{dbus,grant} →
          libpolkit-{agent,backend,gobject}-1.
        * Rename policykit, policykit-doc → policykit-1, policykit-1-doc.
        * Update and revise all *.install files.
        * debian/rules, debian/policykit.init: Drop init script, package doesn't use
          /var/run any more.
        * debian/policykit-1.postinst: Don't create "polkituser" system user, it's
          not used any more.
        * Update watch file.
        * debian/patches/02_dont_export_private_symbols.patch
          - Don't export private symbols in the libraries.
        * debian/patches/99_autoreconf.patch
          - Update the autotools files as the previous patch also touches the build
            system.
        * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved
          shlibs dependencies.
        * debian/rules
          - Disable introspection support.
          - When building for Ubuntu, install a localauthority.conf.d configuration
            file which considers "admin" group users as administrators.
          - Don't install example application.
        * debian/copyright
          - Update copyright holder.
          - License was changed to LGPL 2.1+.
      .
      policykit (0.9-4) unstable; urgency=low
      .
        * Add support for /var/run being a tmpfs. (Closes: #532101)
          - Create /var/run/PolicyKit dynamically on boot by using an init script.
            Original patch by Martin Pitt, thanks. Updated patch to only run the
            init script in runlevel S at priority 75.
          - Do no longer ship /var/run/PolicyKit in the package itself.
        * debian/control
          - Bump Standards-Version to 3.8.1.
        * debian/patches/04_entry_leak.patch
          - Plug a memory leak. Patch pulled from Fedora.
        * debian/patches/05_manpage_typo_fix.patch
          - Fix a small typo in the polkit-auth man page. (Closes: #523565)
        * debian/patches/06_no_inotify_or_path_max.patch
          - Add support for systems which don't support inotify (like hurd) and
            don't use PATH_MAX unconditionally, instead use dynamically growing
            buffers. (Closes: #521756)
            Patch by Samuel Thibault, thanks.
      .
      policykit (0.9-3) unstable; urgency=low
      .
        * Switch patch management system to quilt.
        * debian/control
          - Wrap Build-Depends.
          - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758)
          - Bump Build-Depends on debhelper to (>= 7).
        * debian/compat
          - Bump debhelper compat level to 7.
        * debian/rules
          - Include debhelper.mk before any other files as recommended by the cdbs
            documentation.
        * debian/patches/03_consolekit0.3-api.patch
          - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either.
            Patch pulled from Ubuntu.
      .
      policykit (0.9-2) unstable; urgency=high
      .
        [ Simon McVittie ]
        * Add patch committed in Fedora (although not upstream) by the upstream
          maintainer, to allow PolicyKit to be used when CVE-2008-4311 has
          been fixed in dbus-daemon. (Closes: #510646)
      .
        [ Michael Biebl ]
        * debian/control
          - Add ${misc:Depends} to all binary packages.
      .
      policykit (0.9-1) unstable; urgency=low
      .
        * New upstream release.
        * debian/control
          - Bump Standards-Version to 3.8.0. No further changes.
      .
      policykit (0.8-2) unstable; urgency=low
      .
        * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2.
        * debian/policykit.postinst
          - Set correct permissions for all files. (Closes: #482064)
          - Define a small helper function to apply the permissions. This makes it
            more concise and readable.
      .
      policykit (0.8-1) unstable; urgency=medium
      .
        * New upstream release.
          - SECURITY - CVE-2008-1658:
            Fixes format string vulnerability in the grant helper. (Closes: #476615)
        * debian/control
          - Add Build-Depends on pkg-config.
      .
      policykit (0.7-2) unstable; urgency=low
      .
        * Upload to unstable.
      .
      policykit (0.7-1) experimental; urgency=low
      .
        * New upstream release. (Closes: #455874)
        * debian/control
          - Bump Standards-Version to 3.7.3. No further changes required.
          - Add Build-Depends on libdbus-glib-1-dev (>= 0.73).
          - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/.
            (Closes: #446504)
          - Improve package description. (Closes: #446554)
        * debian/copyright
          - All code is now licensed under the MIT/X11 license. Update the copyright
            notice accordingly.
        * debian/policykit.dirs
          - Add the directory /var/lib/PolicyKit-public.
        * debian/policykit.install
          - Install the D-Bus config and service files for the PolicyKit system
            service.
          - Install /var/lib/misc/PolicyKit.reload.
        * debian/rules
          - Fix the permissions of /var/lib/misc/PolicyKit.reload.
        * debian/policykit.postinst
          - Use dpkg-statoverride to check for local modifications before setting
            the SUID/SGID bits.
      .
      policykit (0.6-1) experimental; urgency=low
      .
        * New upstream release.
        * debian/control
          - Use new "Homepage:" field to specify the upstream URL.
          - The Vcs-* fields are now officially supported, so remove the XS- prefix.
          - Add a Recommends: policykit-gnome to the policykit package.
          - Enable SELinux support by adding a Build-Depends on libselinux1-dev for
            all supported platforms.
        * debian/policykit.postinst
          - Install polkit-grant-helper-pam with the correct permissions.
      .
      policykit (0.5-1) experimental; urgency=low
      .
        * Initial release. (Closes: #397087)
      531368b6
    • Ritesh Raj Sarraf's avatar
      Manually import orig tarball 0.105 · 2e8a1b0d
      Ritesh Raj Sarraf authored
      2e8a1b0d
  8. 22 Feb, 2021 1 commit
  9. 28 Jul, 2020 1 commit
  10. 30 Mar, 2020 1 commit
  11. 11 Dec, 2019 1 commit
  12. 10 Dec, 2019 1 commit
    • Frederic Danis's avatar
      AppArmor: Update profile · 14005e21
      Frederic Danis authored and Emanuele Aina's avatar Emanuele Aina committed
      
      
      Add rules to fix file accesses related to the following messages:
      
          ====
          profile:/usr/lib/polkit-1/polkitd
          apparmor:DENIED
          denied_mask:r
          operation:open
          name:/proc/472/task/505/stat
          requested_mask:r
          ====
          profile:/usr/lib/polkit-1/polkitd
          apparmor:DENIED
          denied_mask:c
          operation:mkdir
          name:/var/lib/polkit-1/.cache/
          requested_mask:c
          ====
          profile:/usr/lib/polkit-1/polkitd
          apparmor:DENIED
          denied_mask:r
          operation:open
          name:/proc/5862/cmdline
          requested_mask:r
          ====
          profile:/usr/lib/polkit-1/polkitd
          apparmor:DENIED
          denied_mask:r
          operation:open
          name:/proc/5866/cmdline
          requested_mask:r
          ====
          profile:/usr/lib/polkit-1/polkitd
          apparmor:DENIED
          denied_mask:r
          operation:open
          name:/proc/5971/cmdline
          requested_mask:r
          ====
          profile:/usr/lib/polkit-1/polkitd
          apparmor:DENIED
          denied_mask:r
          operation:open
          name:/proc/5975/cmdline
          requested_mask:r
      Signed-off-by: Frederic Danis's avatarFrédéric Danis <frederic.danis@collabora.com>
      14005e21
  13. 31 Jul, 2019 1 commit
  14. 30 Jul, 2019 1 commit
  15. 31 May, 2019 1 commit
  16. 07 Dec, 2018 1 commit
    • Michael Biebl's avatar
      Import Debian changes 0.115-3 · 169fb07d
      Michael Biebl authored
      policykit-1 (0.115-3) experimental; urgency=medium
      
        * Allow negative uids/gids in PolkitUnixUser and Group objects.
          Fixes a vulnerability in PolicyKit that allows a user with a uid greater
          than INT_MAX to successfully execute arbitrary polkit actions.
          (CVE-2018-19788, Closes: #915332)
      
      policykit-1 (0.115-2) experimental; urgency=medium
      
        [ Simon McVittie ]
        * d/gbp.conf: Set patch-numbers to false to match current practice
      
        [ Michael Biebl ]
        * Switch to dh_missing and abort on uninstalled files
        * Move D-Bus policy file to /usr/share/dbus-1/system.d/
          To better support stateless systems with an empty /etc, the old location
          in /etc/dbus-1/system.d/ should only be used for local admin changes.
          Package provided D-Bus policy files are supposed to be installed in
          /usr/share/dbus-1/system.d/.
          This is supported since dbus 1.9.18.
        * Remove obsolete conffile
          /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades
        * Bump Standards-Version to 4.2.1
        * Remove Breaks for versions older than oldstable
        * Stop masking polkit.service during the upgrade process.
          This is no longer necessary with the D-Bus policy file being installed
          in /usr/share/dbus-1/system.d/. (Closes: #902474)
        * Use dh_installsystemd to restart polkit.service after an upgrade.
          This replaces a good deal of hand-written maintscript code.
        * Remove upgrade code which changes the home directory of the polkitd user
      
      policykit-1 (0.115-1) experimental; urgency=medium
      
        * New upstream version 0.115
          - Fixes CVE-2018-1116 (Closes: #903563)
          - d/p/jsauthority-pass-s-format-string-to-remaining-report.patch:
            Drop, applied upstream
        * d/watch: Use https
        * d/watch: Download upstream PGP signatures
        * debian/upstream/signing-key.asc: Add public keys for Ray Strode,
          Miloslav Trmac, David Zeuthen
        * d/gbp.conf: Merge upstream tags into the upstream branch
        * Add myself to Uploaders
        * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI
        * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck
        * Standards-Version: 4.1.5 (no changes required)
        * Set Rules-Requires-Root to no
      
      policykit-1 (0.114-1) experimental; urgency=medium
      
        [ Michael Biebl ]
        * New upstream version 0.114
        * Rebase patches
        * Switch to mozjs 52 (Closes: #863784)
        * Drop -Wl,--no-as-needed, no longer necessary
        * jsauthority: pass "%s" format string to remaining report function
        * Add Provides to gir1.2-polkit-1.0 to reflect its contents
      
        [ Martin Pitt ]
        * debian/copyright: Use https URL for Format:
        * Update Vcs-* links for move to salsa.debian.org.
        * Move to debhelper compat level 10.
          Remove explicit dh-autoreconf, it's now done by default.
        * Bump Standards-Version to 4.1.3
        * Add autopkgtest.
          This covers the pkaction and pkcheck CLI tools.
      
      policykit-1 (0.113-6) experimental; urgency=medium
      
        * master/Add-gettext-support-for-.policy-files.patch: Backport from master:
          Add .loc and .its files so that gettext can be used to translate policy
          files. Some upstreams, particularly those that are switching to meson,
          expect these files to be present so that their PK policy files can be
          translated. (Closes: #863207)
      
      policykit-1 (0.113-5) experimental; urgency=medium
      
        [ Simon McVittie ]
        * Build-depend on intltool instead of relying on gtk-doc-tools'
          dependency (Closes: #837846)
      
        [ Michael Biebl ]
        * Use https:// for the upstream homepage.
        * Update Vcs-Browser to use cgit.
        * Drop the polkitd.service Alias. The version in unstable, based on 0.105,
          now also uses the name polkit.service for the systemd service unit.
      
        [ Martin Pitt ]
        * Use PAM's common-session-noninteractive modules for pkexec instead of
          common-session. The latter also runs pam_systemd (the only difference
          normally) which is a no-op under the classic session-centric
          D-BUS/graphical login model (as it won't start a new one if it is already
          running within a logind session), but very expensive when using
          dbus-user-session and being called from a service that runs outside the
          PAM session. This causes long delays in e. g. gnome-settings-daemon's
          backlight helpers. (LP: #1626651)
      
      policykit-1 (0.113-4) experimental; urgency=medium
      
        [ Simon McVittie ]
        * Run tests with a session bus pretending to be the system bus,
          so they can pass in a buildd environment
      
        [ Michael Biebl ]
        * Create our custom rules files in debian/tmp so we don't FTBFS for
          binary-indep builds and run dh_install after that.
        * Run wrap-and-sort -ast.
        * Bump Standards-Version to 3.9.8.
      
      policykit-1 (0.113-3) experimental; urgency=medium
      
        * Generate tight inter-package dependencies.
          This ensures that everything from the same source package is upgraded in
          lockstep. (Closes: #817998)
        * Drop obsolete Breaks from pre-wheezy.
      
      policykit-1 (0.113-2) experimental; urgency=medium
      
        [ Simon McVittie ]
        * policykit-1.links: statically alias polkit.service (upstream's name)
          as polkitd.service (Debian's historical name)
      
        [ Martin Pitt ]
        * debian/policykit-1.{pre,post}inst: Temporarily mask polkit.service while
          policykit-1 is unpackaged but not yet configured. During that time we
          don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
          This can be dropped once the D-Bus policy moves to /usr.
          (Closes: #794723, LP: #1447654)
      
      policykit-1 (0.113-1) experimental; urgency=medium
      
        * Team upload.
      
        [ Martin Pitt ]
        * policykit-1.postinst: Don't kill polkitd under systemd, but properly
          restart it. This avoids killing it shortly after systemd tries to
          bus-activate it on installation. (LP: #1447654)
      
        [ Simon McVittie ]
        * Disable silent build rules. (Previously done in Ubuntu, although
          it seems to have been lost in a merge somewhere.)
        * New upstream release
          - drop most patches: they either came from upstream, or have been
            merged upstream
          - add new function to symbols file
          - fixes CVE-2015-4625, CVE-2015-3218, CVE-2015-3255, CVE-2015-3256
        * Annotate remaining patches with a bit more information. They are:
          - 01_pam_polkit.patch: use Debian's common-* infrastructure,
            plus pam_env to get the global environment and locale.
            Debian-specific.
          - 02_gettext.patch: Use gettext to translate .policy files at
            runtime, allowing for Ubuntu-style language packs.
            Debian-specific (mainly for Ubuntu's benefit, really).
          - 05_revert-admin-identities-unix-group-wheel.patch: Debian does
            not use the "wheel" group like Red Hat derivatives do;
            treat uid 0 as the administrative identity instead.
            Debian-specific.
          - 08_chdir_root.patch: Explicitly use chdir("/") instead of
            relying on user's home in `getent passwd` being set properly.
            Potentially upstreamable?
        * policykit-1.postinst: restart polkit.service, not polkitd.service
          (which doesn't exist)
      
      policykit-1 (0.112-5) experimental; urgency=medium
      
        * Team upload.
        * Go back to mozjs 1.8.5, like the version in unstable: mozjs 17 has
          been removed from Debian, and mozjs 24 requires significant upstream
          changes and no longer has a C API (Closes: #776744)
        * Add a symlink so the old library can run the new agent helper
          (Closes: #699447)
        * Add patch from upstream to work around older versions of libpam-systemd
          which would give root processes the real uid's XDG_RUNTIME_DIR
          under su; it shouldn't be necessary any more, but is harmless
          (Closes: #772125)
        * Replace 03_complete_session.patch with a change from upstream
          which seems like a more correct solution for LP#445303, LP#649939
        * Add patches from upstream to treat background processes as part of
          the same uid's active GUI session if any, fixing use of
          dbus-user-session (Closes: #779988)
        * Add patches from upstream to fix some memory leaks (Closes: #775158,
          LP: #1417637)
        * Add patch from upstream to fix redundant removal of an event source
        * Add patch to use libsystemd instead of the libsystemd-login compat
          library (Closes: #779756)
      
      policykit-1 (0.112-4) experimental; urgency=medium
      
        [ Andreas Henriksson ]
        * Install typelib files into MA libdir.
      
        [ Martin Pitt ]
        * Rebuild against libsystemd0. This drops the last remaining dependency to
          libsystemd-login0. (Closes: #771281)
        * Bump Standards-Version to 3.9.6 (no changes necessary).
      
      policykit-1 (0.112-3) experimental; urgency=medium
      
        * Team upload.
        * debian/rules: Really enable logind support on linux architectures only
        * debian/control: Use canonical VCS-* URL's
        * debian/control: Bump Standards-Version to 3.9.5 (no further changes)
        * debian/control: Depends against libpam-systemd instead of just systemd
        * debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it
          registers a logind session properly (Closes: #745983)
        * debian/policykit-1.postinst: Explicitly set a home directory for the
          polkitd user (Closes: #748981)
      
      policykit-1 (0.112-2) experimental; urgency=low
      
        * Use logind on linux and consolekit on non-linux
        * Update to mozjs17
      
      policykit-1 (0.112-1) experimental; urgency=low
      
        * New upstream release.
          - Fixes CVE-2013-4288, unix-process subject for authorization is racy.
            (Closes: #723717)
        * Remove 00git_pkexec_pam_env.patch and 09_link_libmozjs.patch, both merged
          upstream.
        * Drop explicit Build-Depends on gir1.2-glib-2.0.
        * Bump Standards-Version to 3.9.4. No further changes.
      
      policykit-1 (0.110-3) experimental; urgency=low
      
        [ Martin Pitt ]
        * Add 00git_pkexec_pam_env.patch: pkexec: Set process environment from
          pam_getenvlist(). Backported from upstream git head.
        * 01_pam_polkit.patch: Adjust patch to invoke pam_env, so
          our global settings from /etc/default/locale are applied correctly.
          Thanks Steve Langasek!
      
        [ Michael Biebl ]
        * Use gir addon instead of calling dh_girepository manually.
      
      policykit-1 (0.110-2) experimental; urgency=low
      
        * When cleaning up /etc/polkit-1/nullbackend.conf.d/ and
          /etc/polkit-1/localauthority.conf.d/ don't fail if those directories have
          already been removed. (Closes: #698085)
      
      policykit-1 (0.110-1) experimental; urgency=low
      
        * New upstream release.
        * Drop patches which have been merged upstream.
        * Drop debian/clean, no longer necessary.
      
      policykit-1 (0.109-1) experimental; urgency=low
      
        * New upstream release. (Closes: #689473)
        * Update Build-Depends:
          - Bump libglib2.0-dev to (>= 2.30.0).
          - Add libmozjs185-dev for the JS rules support.
        * Remove polkitbackend library.
        * Use systemd service file provided by upstream.
        * Reload systemd as the name of the .service file has changed.
        * Update policykit-1.install:
          - Private binaries have been moved to /usr/lib/polkit-1.
          - The extension system has been removed.
          - The .pkla files are gone and so is /var/lib/polkit-1.
        * Remove obsolete conffiles and the corresponding (empty) directories on
          upgrades.
        * Convert the old localauthority conf files to the new JavaScript based
          rules file format and make sure it is executed before 50-default.rules.
        * Refresh patches to apply without fuzz.
        * The polkitd daemon now runs as unprivileged polkitd user instead of root.
          Create this system user in postinst and change the directory permissions
          accordingly so the daemon has access to the rules files.
        * debian/patches/08_chdir_root.patch: Explicitly use chdir("/") instead of
          relying on $HOME being set properly.
        * Since /etc/polkit-1/rules.d/50-default.rules is a proper conffile, remove
          the comment from upstream that changes to that file are not preserved on
          upgrades. (Closes: #580634)
        * debian/patches/09_link_libmozjs.patch: Explicitly link against libmozjs,
          even if that library is dlopenend as we want to have a proper shlibs
          dependency.
        * Use --no-as-needed flag to ensure the linker doesn't remove the libmozjs
          dependency.
        * Use dh-autoreconf to update the build system.
        * Update the Homepage: field.
      
      policykit-1 (0.105-3) unstable; urgency=low
      
        * 07_set-XAUTHORITY-environment-variable-if-unset.patch: Set XAUTHORITY
          environment variable to its default value $HOME/.Xauthority if unset.
          Some display managers, like KDM, do not set the XAUTHORITY variable, so
          starting graphical applications via pkexec was broken in those
          environments. (Closes: #671497)
      
      policykit-1 (0.105-2) unstable; urgency=low
      
        * Change the permissions of /etc/polkit-1/localauthority to 700, this
          directory is not supposed to be readable by everyone.
      
      policykit-1 (0.105-1) unstable; urgency=low
      
        * New upstream release.
        * debian/watch: Update URL, the tarballs are hosted on freedesktop.org now.
        * Update symbols file for libpolkit-gobject-1-0 and libpolkit-agent-1-0.
        * Update debian/copyright using the machine-readable copyright format 1.0.
        * Bump Standards-Version to 3.9.3.
        * Bump Build-Depends on debhelper to (>= 9).
      
      policykit-1 (0.104-2) unstable; urgency=low
      
        * debian/control: Add Build-Depends on libglib2.0-doc and libgtk-3-doc for
          proper cross-references in the gtk-doc API documentation.
        * Install systemd service file for polkitd.
      
      policykit-1 (0.104-1) unstable; urgency=low
      
        * New upstream release.
          - Add support for netgroups. (LP: #724052)
        * debian/rules: Disable systemd support, continue to work with ConsokeKit.
        * 05_revert-admin-identities-unix-group-wheel.patch: Refresh to apply
          cleanly.
        * debian/libpolkit-gobject-1-0.symbols: Add new symbols from this new
          release.
        * debian/rules: Do not let test failures fail the build. The new test suite
          also runs a test against the system D-BUS/ConsoleKit, which can't work on
          buildds.
      
      policykit-1 (0.103-1) unstable; urgency=low
      
        * New upstream release.
        * debian/control: Change section of gir1.2-polkit-1.0 to introspection.
        * 05_revert-admin-identities-unix-group-wheel.patch: Revert upstream change
          to make group wheel the default admin identity since we already use group
          sudo resp. group admin for that.
      
      policykit-1 (0.102-2) unstable; urgency=low
      
        * 02_gettext.patch: Explicitly #include <locale.h> to fix non-optimized
          build. Thanks Ivan Krasilnikov for pointing this out.
        * debian/rules: When building on Ubuntu, also consider the "sudo" group as
          administrator, for compatibility with Debian and sudo itself. Keep "admin"
          for existing systems. (LP: #893842)
        * Convert to Multi-Arch and dh compat 9. Thanks Daniel Schaal for the
          patch! (Closes: #636196)
      
      policykit-1 (0.102-1) unstable; urgency=low
      
        * New upstream release.
        * debian/patches/00git_fix_proc_race.patch: Removed, merged upstream.
        * debian/patches/04_ignore_quilt_po.patch: Removed, merged upstream.
        * debian/patches/03_complete_session.patch: Refreshed.
        * debian/patches/04_get_cwd.patch: Use g_get_current_dir() to determine the
          current working directory. This fixes another PATH_MAX related FTBFS on
          hurd. Thanks Emilio Pozuelo Monfort for the patch. (Closes: #623017)
      
      policykit-1 (0.101-4) unstable; urgency=high
      
        Urgency high due to security fix.
      
        * Add 00git_fix_proc_race.patch: Avoid /proc race conditions when checking
          privileges for pkexec. Patch taken from
          https://bugzilla.redhat.com/show_bug.cgi?id=692922, now also landed in
          upstream git. [CVE-2011-1485]
        * debian/libpolkit-gobject-1-0.symbols: Update for new symbols.
        * Add 04_ignore_quilt_po.patch: Ignore .po/ for intltool. This avoids build
          failures if quilt patches change files with translatable strings. Thanks
          to Kees Cook for the patch!
      
      policykit-1 (0.101-3) unstable; urgency=low
      
        * debian/control
          - Add Depends on gir1.2-polkit-1.0 (= ${binary:Version}) to
            libpolkit-gobject-1-dev and libpolkit-agent-1-dev to comply with the
            updated GObject introspection policy.
          - Bump Standards-Version to 3.9.2. No further changes.
      
      policykit-1 (0.101-2) unstable; urgency=low
      
        * Upload to unstable.
      
      policykit-1 (0.101-1) experimental; urgency=low
      
        * New upstream release.
        * Update patches
          - Drop debian/patches/04_test_signalfd.patch, merged upstream.
          - Refresh other patches to apply cleanly.
        * debian/libpolkit-gobject-1-0.symbols
          - Add polkit_authorization_result_get_dismissed.
        * debian/control
          - Bump Build-Depends on libglib2.0-dev to (>= 2.28.0).
        * debian/rules
          - Don't build example programs.
      
      policykit-1 (0.100-1) experimental; urgency=low
      
        * New upstream release.
        * Refresh debian/patches/03_complete_session.patch.
        * Replace debian/patches/04_test_signalfd.patch with a patch that was merged
          upstream. This also allows to drop debian/patches/99_autoreconf.patch.
        * Switch from cdbs to dh.
        * Bump debhelper compatibility level to 8.
        * Install documentation using debian/policykit-1.docs.
        * Enable gobject introspection support.
          - Add Build-Depends on libgirepository1.0-dev (>= 0.9.12),
            gobject-introspection (>= 0.9.12-4~) and gir1.2-glib-2.0.
          - Add package gir1.2-polkit-1.0 containing the typelib files.
          - Install gir files in libpolkit-agent-1-dev.install and
            libpolkit-gobject-1-dev.install.
          - Call dh_girepository in debian/rules.
      
      policykit-1 (0.99-3) unstable; urgency=low
      
        * Upload to unstable.
      
      policykit-1 (0.99-2) experimental; urgency=low
      
        [ Michael Biebl ]
        * Merge sudo group changes from unstable branch.
      
        [ Martin Pitt ]
        * debian/rules: Use dpkg-vendor instead of lsb_release. Drop lsb-release
          build dependency.
        * Add 04_test_signalfd.patch: Allow building on Non-Linux platforms without
          signalfd(). (Closes: #602476)
        * Add 99_autoreconf.patch: Pick up autoreconf changes from previous patch.
      
      policykit-1 (0.99-1) experimental; urgency=low
      
        [ Michael Biebl ]
        * New upstream release.
        * debian/patches/00git-fix-error-freeing.patch
          - Remove, fixed upstream.
        * debian/patches/00git-pkexec-information-disclosure.patch
          - Remove, merged upstream.
        * debian/control
          - Drop Build-Depends on libeggdbus-1-dev.
          - Bump Build-Depends on libglib2.0-dev to (>= 2.25.12) for GDBus.
        * Switch to source format 3.0 (quilt).
          - Add debian/source/format.
          - Drop Build-Depends on quilt.
          - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules.
          - Remove debian/README.source.
      
        [ Robert Ancell ]
        * Add debian/patches/02_gettext.patch: Use gettext for translations in
          .policy files if they specify a gettext domain.
      
        [ James Westby ]
        * Add debian/patches/03_complete_session.patch: Fix the race that leads to
          the password box disappearing, but the dialog remaining.
      
        [ Martin Pitt ]
        * debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated
          .symbols files more strongly.
      
      policykit-1 (0.96-4) unstable; urgency=low
      
        * debian/rules
          - When building for Debian, install a localauthority.conf.d configuration
            file which considers "sudo" group users as administrators.
            (Closes: #532499)
      
      policykit-1 (0.96-3) unstable; urgency=low
      
        * debian/control
          - Use architecture wildcard linux-any for libselinux1-dev.
          - Bump Standards-Version to 3.9.1.
        * debian/policykit-1.postinst
          - Query D-Bus to find out the correct pid of the process claiming
            org.freedesktop.PolicyKit1. This way we do not accidentally kill the
            wrong process when being installed in a chroot. (Closes: #595030)
        * debian/policykit-1.prerm
          - Stop polkitd on remove. (Closes: #595031)
      
      policykit-1 (0.96-2) unstable; urgency=medium
      
        * Urgency medium, just two small, but important bug fixes.
        * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure
          vulnerability that allows an attacker to verify whether or not arbitrary
          files exist, violating directory permissions.
        * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization()
          with an invalid PID. (LP: #540464)
      
      policykit-1 (0.96-1) unstable; urgency=low
      
        * New upstream release.
        * debian/libpolkit-backend-1-0.symbols
          - Update for new API addition.
      
      policykit-1 (0.95-1) unstable; urgency=low
      
        * New upstream release.
        * Remove patches
          - debian/patches/02_dont_export_private_symbols.patch (merged upstream)
          - debian/patches/03_path_max.patch (merged upstream)
          - debian/patches/04-ref-authority.patch (merged upstream)
          - debian/patches/05-pkexec-env.patch (merged upstream)
          - debian/patches/99_autoreconf.patch (obsolete)
        * debian/control
          - Bump Build-Depends on libeggbus-1-dev to (>= 0.6).
        * debian/rules
          - The example application is no longer built by default so we don't need
            to manually remove it anymore.
        * debian/libpolkit-{backend,gobject}-1-0.symbols
          - Update for new API additions.
      
      policykit-1 (0.94-6) unstable; urgency=low
      
        * debian/policykit-1.postinst
          - Use start-stop-daemon instead of kill+pidof to stop the running polkitd
            daemon on upgrades.
        * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered
          unstable. (Closes: #552605)
      
      policykit-1 (0.94-5) unstable; urgency=low
      
        * Add debian/patches/04-ref-authority.patch: Ref the instance returned by
          polkit_authority_get(), since the documentation says that it needs to be
          unref'ed after usage. This fixes crashes in NetworkManager and probably
          other programs, too. (LP: #438574, #432452, fd.o #24566)
        * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec
          saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk)
        * Add myself to Uploaders: with Michael's consent.
      
      policykit-1 (0.94-4) unstable; urgency=low
      
        * debian/patches/03_path_max.patch
          - Update patch to fix implicit pointer conversion for
            get_current_dir_name. (Closes: #550901)
      
      policykit-1 (0.94-3) unstable; urgency=low
      
        * debian/patches/03_path_max.patch
          - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800)
            Thanks to Samuel Thibault for the patch.
        * debian/policykit-1.postinst:
          - Kill the old polkitd daemon on upgrade, to ensure that the new version
            will be used at the next occasion.
      
      policykit-1 (0.94-2) unstable; urgency=low
      
        * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and
          link against -lfreebsd for sysctlnametomib.
          When glibc 2.10 enters unstable this workaround can be removed again.
      
      policykit-1 (0.94-1) unstable; urgency=low
      
        * Rename package to policykit-1. Upstream (at least temporarily) forked
          the project to make it installable in parallel with policykit 0.9, until
          all programs are ported to the new API.
        * Drop all patches except 01_pam_polkit.patch.
        * Refresh debian/patches/01_pam_polkit.patch.
        * debian/control
          - Update Build-Depends
            + Drop libdbus-1-dev, libdbus-glib-1-dev.
            + Add libeggdbus-1-dev (>= 0.5) and lsb-release.
            + Bump libglib2-dev dependency to (>= 2.21.4).
          - Update list of binary packages and their package descriptions.
          - Drop dependency on adduser.
          - Bump Standards-Version to 3.8.3.
            + Add README.source which refers to the quilt documentation.
          - Update Vcs-* fields. Package is now managed using Git and hosted on
            git.debian.org.
        * Update shared library structure: libpolkit-{dbus,grant} →
          libpolkit-{agent,backend,gobject}-1.
        * Rename policykit, policykit-doc → policykit-1, policykit-1-doc.
        * Update and revise all *.install files.
        * debian/rules, debian/policykit.init: Drop init script, package doesn't use
          /var/run any more.
        * debian/policykit-1.postinst: Don't create "polkituser" system user, it's
          not used any more.
        * Update watch file.
        * debian/patches/02_dont_export_private_symbols.patch
          - Don't export private symbols in the libraries.
        * debian/patches/99_autoreconf.patch
          - Update the autotools files as the previous patch also touches the build
            system.
        * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved
          shlibs dependencies.
        * debian/rules
          - Disable introspection support.
          - When building for Ubuntu, install a localauthority.conf.d configuration
            file which considers "admin" group users as administrators.
          - Don't install example application.
        * debian/copyright
          - Update copyright holder.
          - License was changed to LGPL 2.1+.
      
      policykit (0.9-4) unstable; urgency=low
      
        * Add support for /var/run being a tmpfs. (Closes: #532101)
          - Create /var/run/PolicyKit dynamically on boot by using an init script.
            Original patch by Martin Pitt, thanks. Updated patch to only run the
            init script in runlevel S at priority 75.
          - Do no longer ship /var/run/PolicyKit in the package itself.
        * debian/control
          - Bump Standards-Version to 3.8.1.
        * debian/patches/04_entry_leak.patch
          - Plug a memory leak. Patch pulled from Fedora.
        * debian/patches/05_manpage_typo_fix.patch
          - Fix a small typo in the polkit-auth man page. (Closes: #523565)
        * debian/patches/06_no_inotify_or_path_max.patch
          - Add support for systems which don't support inotify (like hurd) and
            don't use PATH_MAX unconditionally, instead use dynamically growing
            buffers. (Closes: #521756)
            Patch by Samuel Thibault, thanks.
      
      policykit (0.9-3) unstable; urgency=low
      
        * Switch patch management system to quilt.
        * debian/control
          - Wrap Build-Depends.
          - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758)
          - Bump Build-Depends on debhelper to (>= 7).
        * debian/compat
          - Bump debhelper compat level to 7.
        * debian/rules
          - Include debhelper.mk before any other files as recommended by the cdbs
            documentation.
        * debian/patches/03_consolekit0.3-api.patch
          - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either.
            Patch pulled from Ubuntu.
      
      policykit (0.9-2) unstable; urgency=high
      
        [ Simon McVittie ]
        * Add patch committed in Fedora (although not upstream) by the upstream
          maintainer, to allow PolicyKit to be used when CVE-2008-4311 has
          been fixed in dbus-daemon. (Closes: #510646)
      
        [ Michael Biebl ]
        * debian/control
          - Add ${misc:Depends} to all binary packages.
      
      policykit (0.9-1) unstable; urgency=low
      
        * New upstream release. 
        * debian/control
          - Bump Standards-Version to 3.8.0. No further changes.
      
      policykit (0.8-2) unstable; urgency=low
      
        * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2. 
        * debian/policykit.postinst
          - Set correct permissions for all files. (Closes: #482064)
          - Define a small helper function to apply the permissions. This makes it
            more concise and readable.
      
      policykit (0.8-1) unstable; urgency=medium
      
        * New upstream release.
          - SECURITY - CVE-2008-1658:
            Fixes format string vulnerability in the grant helper. (Closes: #476615)
        * debian/control
          - Add Build-Depends on pkg-config.
      
      policykit (0.7-2) unstable; urgency=low
      
        * Upload to unstable.
      
      policykit (0.7-1) experimental; urgency=low
      
        * New upstream release. (Closes: #455874)
        * debian/control
          - Bump Standards-Version to 3.7.3. No further changes required.
          - Add Build-Depends on libdbus-glib-1-dev (>= 0.73).
          - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/.
            (Closes: #446504)
          - Improve package description. (Closes: #446554)
        * debian/copyright
          - All code is now licensed under the MIT/X11 license. Update the copyright
            notice accordingly.
        * debian/policykit.dirs
          - Add the directory /var/lib/PolicyKit-public.
        * debian/policykit.install
          - Install the D-Bus config and service files for the PolicyKit system
            service.
          - Install /var/lib/misc/PolicyKit.reload.
        * debian/rules
          - Fix the permissions of /var/lib/misc/PolicyKit.reload.
        * debian/policykit.postinst
          - Use dpkg-statoverride to check for local modifications before setting
            the SUID/SGID bits.
      
      policykit (0.6-1) experimental; urgency=low
      
        * New upstream release.
        * debian/control
          - Use new "Homepage:" field to specify the upstream URL.
          - The Vcs-* fields are now officially supported, so remove the XS- prefix.  
          - Add a Recommends: policykit-gnome to the policykit package.
          - Enable SELinux support by adding a Build-Depends on libselinux1-dev for
            all supported platforms.
        * debian/policykit.postinst
          - Install polkit-grant-helper-pam with the correct permissions.
      
      policykit (0.5-1) experimental; urgency=low
      
        * Initial release. (Closes: #397087)
      169fb07d
  17. 31 May, 2019 1 commit