policykit-1 (0.96-2ubuntu0.1) lucid-security; urgency=low * SECURITY UPDATE: avoid /proc race conditions when checking privileges for pkexec. - 10_fix_proc_race.patch - CVE-2011-1485 -- Kees Cook Tue, 19 Apr 2011 12:38:05 -0700 policykit-1 (0.96-2) unstable; urgency=medium * Urgency medium, just two small, but important bug fixes. * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure vulnerability that allows an attacker to verify whether or not arbitrary files exist, violating directory permissions. * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization() with an invalid PID. (LP: #540464) -- Martin Pitt Fri, 09 Apr 2010 12:09:53 +0200 policykit-1 (0.96-1) unstable; urgency=low * New upstream release. * debian/libpolkit-backend-1-0.symbols - Update for new API addition. -- Michael Biebl Sat, 16 Jan 2010 00:05:48 +0100 policykit-1 (0.95-1) unstable; urgency=low * New upstream release. * Remove patches - debian/patches/02_dont_export_private_symbols.patch (merged upstream) - debian/patches/03_path_max.patch (merged upstream) - debian/patches/04-ref-authority.patch (merged upstream) - debian/patches/05-pkexec-env.patch (merged upstream) - debian/patches/99_autoreconf.patch (obsolete) * debian/control - Bump Build-Depends on libeggbus-1-dev to (>= 0.6). * debian/rules - The example application is no longer built by default so we don't need to manually remove it anymore. * debian/libpolkit-{backend,gobject}-1-0.symbols - Update for new API additions. -- Michael Biebl Sat, 14 Nov 2009 05:33:34 +0100 policykit-1 (0.94-6) unstable; urgency=low * debian/policykit-1.postinst - Use start-stop-daemon instead of kill+pidof to stop the running polkitd daemon on upgrades. * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered unstable. (Closes: #552605) -- Michael Biebl Mon, 09 Nov 2009 01:09:07 +0100 policykit-1 (0.94-5) unstable; urgency=low * Add debian/patches/04-ref-authority.patch: Ref the instance returned by polkit_authority_get(), since the documentation says that it needs to be unref'ed after usage. This fixes crashes in NetworkManager and probably other programs, too. (LP: #438574, #432452, fd.o #24566) * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk) * Add myself to Uploaders: with Michael's consent. -- Martin Pitt Tue, 03 Nov 2009 12:28:09 +0100 policykit-1 (0.94-4) unstable; urgency=low * debian/patches/03_path_max.patch - Update patch to fix implicit pointer conversion for get_current_dir_name. (Closes: #550901) -- Michael Biebl Wed, 14 Oct 2009 14:00:40 +0200 policykit-1 (0.94-3) unstable; urgency=low * debian/patches/03_path_max.patch - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800) Thanks to Samuel Thibault for the patch. * debian/policykit-1.postinst: - Kill the old polkitd daemon on upgrade, to ensure that the new version will be used at the next occasion. -- Michael Biebl Tue, 13 Oct 2009 14:32:25 +0200 policykit-1 (0.94-2) unstable; urgency=low * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and link against -lfreebsd for sysctlnametomib. When glibc 2.10 enters unstable this workaround can be removed again. -- Michael Biebl Tue, 13 Oct 2009 00:29:47 +0200 policykit-1 (0.94-1) unstable; urgency=low * Rename package to policykit-1. Upstream (at least temporarily) forked the project to make it installable in parallel with policykit 0.9, until all programs are ported to the new API. * Drop all patches except 01_pam_polkit.patch. * Refresh debian/patches/01_pam_polkit.patch. * debian/control - Update Build-Depends + Drop libdbus-1-dev, libdbus-glib-1-dev. + Add libeggdbus-1-dev (>= 0.5) and lsb-release. + Bump libglib2-dev dependency to (>= 2.21.4). - Update list of binary packages and their package descriptions. - Drop dependency on adduser. - Bump Standards-Version to 3.8.3. + Add README.source which refers to the quilt documentation. - Update Vcs-* fields. Package is now managed using Git and hosted on git.debian.org. * Update shared library structure: libpolkit-{dbus,grant} → libpolkit-{agent,backend,gobject}-1. * Rename policykit, policykit-doc → policykit-1, policykit-1-doc. * Update and revise all *.install files. * debian/rules, debian/policykit.init: Drop init script, package doesn't use /var/run any more. * debian/policykit-1.postinst: Don't create "polkituser" system user, it's not used any more. * Update watch file. * debian/patches/02_dont_export_private_symbols.patch - Don't export private symbols in the libraries. * debian/patches/99_autoreconf.patch - Update the autotools files as the previous patch also touches the build system. * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved shlibs dependencies. * debian/rules - Disable introspection support. - When building for Ubuntu, install a localauthority.conf.d configuration file which considers "admin" group users as administrators. - Don't install example application. * debian/copyright - Update copyright holder. - License was changed to LGPL 2.1+. -- Michael Biebl Sun, 27 Sep 2009 21:35:18 +0200 policykit (0.9-4) unstable; urgency=low * Add support for /var/run being a tmpfs. (Closes: #532101) - Create /var/run/PolicyKit dynamically on boot by using an init script. Original patch by Martin Pitt, thanks. Updated patch to only run the init script in runlevel S at priority 75. - Do no longer ship /var/run/PolicyKit in the package itself. * debian/control - Bump Standards-Version to 3.8.1. * debian/patches/04_entry_leak.patch - Plug a memory leak. Patch pulled from Fedora. * debian/patches/05_manpage_typo_fix.patch - Fix a small typo in the polkit-auth man page. (Closes: #523565) * debian/patches/06_no_inotify_or_path_max.patch - Add support for systems which don't support inotify (like hurd) and don't use PATH_MAX unconditionally, instead use dynamically growing buffers. (Closes: #521756) Patch by Samuel Thibault, thanks. -- Michael Biebl Thu, 18 Jun 2009 09:55:34 +0200 policykit (0.9-3) unstable; urgency=low * Switch patch management system to quilt. * debian/control - Wrap Build-Depends. - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758) - Bump Build-Depends on debhelper to (>= 7). * debian/compat - Bump debhelper compat level to 7. * debian/rules - Include debhelper.mk before any other files as recommended by the cdbs documentation. * debian/patches/03_consolekit0.3-api.patch - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either. Patch pulled from Ubuntu. -- Michael Biebl Wed, 18 Feb 2009 17:25:52 +0100 policykit (0.9-2) unstable; urgency=high [ Simon McVittie ] * Add patch committed in Fedora (although not upstream) by the upstream maintainer, to allow PolicyKit to be used when CVE-2008-4311 has been fixed in dbus-daemon. (Closes: #510646) [ Michael Biebl ] * debian/control - Add ${misc:Depends} to all binary packages. -- Michael Biebl Wed, 07 Jan 2009 18:18:56 +0100 policykit (0.9-1) unstable; urgency=low * New upstream release. * debian/control - Bump Standards-Version to 3.8.0. No further changes. -- Michael Biebl Sun, 03 Aug 2008 10:53:11 +0200 policykit (0.8-2) unstable; urgency=low * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2. * debian/policykit.postinst - Set correct permissions for all files. (Closes: #482064) - Define a small helper function to apply the permissions. This makes it more concise and readable. -- Michael Biebl Fri, 23 May 2008 04:33:48 +0200 policykit (0.8-1) unstable; urgency=medium * New upstream release. - SECURITY - CVE-2008-1658: Fixes format string vulnerability in the grant helper. (Closes: #476615) * debian/control - Add Build-Depends on pkg-config. -- Michael Biebl Fri, 18 Apr 2008 01:39:08 +0200 policykit (0.7-2) unstable; urgency=low * Upload to unstable. -- Michael Biebl Fri, 11 Jan 2008 01:02:59 +0100 policykit (0.7-1) experimental; urgency=low * New upstream release. (Closes: #455874) * debian/control - Bump Standards-Version to 3.7.3. No further changes required. - Add Build-Depends on libdbus-glib-1-dev (>= 0.73). - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/. (Closes: #446504) - Improve package description. (Closes: #446554) * debian/copyright - All code is now licensed under the MIT/X11 license. Update the copyright notice accordingly. * debian/policykit.dirs - Add the directory /var/lib/PolicyKit-public. * debian/policykit.install - Install the D-Bus config and service files for the PolicyKit system service. - Install /var/lib/misc/PolicyKit.reload. * debian/rules - Fix the permissions of /var/lib/misc/PolicyKit.reload. * debian/policykit.postinst - Use dpkg-statoverride to check for local modifications before setting the SUID/SGID bits. -- Michael Biebl Thu, 20 Dec 2007 18:01:38 +0100 policykit (0.6-1) experimental; urgency=low * New upstream release. * debian/control - Use new "Homepage:" field to specify the upstream URL. - The Vcs-* fields are now officially supported, so remove the XS- prefix. - Add a Recommends: policykit-gnome to the policykit package. - Enable SELinux support by adding a Build-Depends on libselinux1-dev for all supported platforms. * debian/policykit.postinst - Install polkit-grant-helper-pam with the correct permissions. -- Michael Biebl Sat, 03 Nov 2007 00:02:33 +0100 policykit (0.5-1) experimental; urgency=low * Initial release. (Closes: #397087) -- Michael Biebl Tue, 02 Oct 2007 22:38:04 +0200