* Team upload
* d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch:
Add patch from upstream to fix parallel builds (Closes: #894205)
* debian/copyright: Use https URL for Format:
* Update Vcs-* links for move to salsa.debian.org.
* Fix typos in patch descriptions.
Fixes lintian's spelling-error-in-patch-description complaints.
* Move to debhelper compat level 10.
Remove explicit dh-autoreconf, it's now done by default.
* Bump Standards-Version to 4.1.3
* Add autopkgtest.
This covers the pkaction and pkcheck CLI tools.
* Team upload.
* master/Add-gettext-support-for-.policy-files.patch: Backport from master:
Add .loc and .its files so that gettext can be used to translate policy
files. Some upstreams, particularly those that are switching to meson,
expect these files to be present so that their PK policy files can be
translated. (Closes: #863207)
[ Michael Biebl ]
* Use https:// for the upstream homepage.
* Update Vcs-Browser to use cgit.
* Rename the systemd service unit to polkit.service. It is now based on what
was added upstream in 0.106.
[ Simon McVittie ]
* Build-depend on intltool instead of relying on gtk-doc-tools'
dependency (Closes: #837846)
[ Martin Pitt ]
* Use PAM's common-session-noninteractive modules for pkexec instead of
common-session. The latter also runs pam_systemd (the only difference
normally) which is a no-op under the classic session-centric
D-BUS/graphical login model (as it won't start a new one if it is already
running within a logind session), but very expensive when using
dbus-user-session and being called from a service that runs outside the
PAM session. This causes long delays in e. g. gnome-settings-daemon's
backlight helpers. (LP: #1626651)
[ Michael Biebl ]
* Drop obsolete Breaks from pre-wheezy.
* Use gir addon instead of calling dh_girepository manually.
* Run wrap-and-sort -ast.
* Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already
pulled in via libgirepository1.0-dev.
[ Martin Pitt ]
* Add fallback if agent is not running in a logind session. This fixes
polkit with dbus-user-session. Thanks Sebastien Bacher for the patch!
* Bump Standards-Version to 3.9.8 (no changes necessary).
* Generate tight inter-package dependencies.
This ensures that everything from the same source package is upgraded in
lockstep. (Closes: #817998)
* Non-maintainer upload.
* Fix FTBFS on non-linux/non-systemd. (Closes: #798769)
* debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink
removal for consistency.
* Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch
backported from upstream master. (LP: #1510824)
* debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
policykit-1 is unpackaged but not yet configured. During that time we
don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
This can be dropped once the D-Bus policy moves to /usr.
(Closes: #794723, LP: #1447654)
* Team upload
* Replace 03_complete_session.patch with a change from upstream
which seems like a more correct solution for LP#445303, LP#649939
* 05_revert-admin-identities-unix-group-wheel.patch: remove confusing
staff -> desktop_admin_r change in a man page (desktop_admin_r looks
vaguely like a SELinux role but is actually being used as a group);
keep only the actual functional change. This matches the syntactically
different but functionally similar change in experimental.
* 09_pam_environment.patch: replace with the version that went upstream.
* Annotate remaining patches with a bit more information.
They are:
- 00git_fix_memleak.patch, 00git_invalid_object_paths.patch,
00git_type_registration.patch, 04_get_cwd.patch,
07_set-XAUTHORITY-environment-variable-if-unset.patch,
08_deprecate_racy_APIs.patch, 09_pam_environment.patch,
cve-2013-4288.patch: either backports from upstream, or already
applied upstream, and not discussed further here.
- 01_pam_polkit.patch: use Debian's common-* infrastructure,
plus pam_env to get the global environment and locale.
Debian-specific.
- 02_gettext.patch: Use gettext to translate .policy files at
runtime, allowing for Ubuntu-style language packs.
Debian-specific (mainly for Ubuntu's benefit, really).
- 05_revert-admin-identities-unix-group-wheel.patch: Debian does
not use the "wheel" group like Red Hat derivatives do;
treat uid 0 as the administrative identity instead.
Debian-specific.
- 06_systemd-service.patch: hook up the systemd service in
debian/polkitd.service.
Not forwarded: obsoleted by an upstream change in 0.106,
commit 2995085.
* Re-order patch series to put upstream changes first, sorted by version
in which they went upstream, and put them in subdirectories by version
* Add patches from 0.113 to fix heap corruption CVE-2015-3255
(Closes: #766860) and local authenticated denial of service
CVE-2015-4625 (Closes: #796134)
* Add numerous other bug-fix patches from 0.113
- work around bugs in older versions of libpam-systemd when using
su or similar (Closes: #772125)
- treat background processes as part of the same uid's active GUI
session if they have one (Closes: #779988)
- fix some memory leaks (Closes: #775158, LP: #1417637)
* Add backported public API polkit_system_bus_name_get_user_sync() to
symbols file
* Fix FTBFS with dpkg-buildpackage -A by only installing files into
policykit-1 in per-arch builds
* Run tests with a session bus pretending to be the system bus,
so they can pass in a buildd environment
* Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths
in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932)
* policykit-1.postinst: Reload systemd before restarting polkitd.service, to
avoid "Warning: polkitd.service changed on disk". (Closes: #791397)
* Add 00git_type_registration.patch: Use GOnce for interface type
registration. Fixes frequent udisks segfault (LP: #1236510).
* Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call
results handler. (LP: #1417637)
[ Martin Pitt ]
* policykit-1.postinst: Don't kill polkitd under systemd, but properly
restart it. This avoids killing it shortly after systemd tries to
bus-activate it on installation. (LP: #1447654)
[ Michael Biebl ]
* Build against libsystemd instead of the old libsystemd-login compat
library. (Closes: #779756)
* Rebuild against libsystemd0. This drops the last remaining dependency to
libsystemd-login0. (Closes: #771281)
* Bump Standards-Version to 3.9.6 (no changes necessary).
* Team upload.
* Install typelib files into MA libdir.
* Non-maintainer upload.
* Use dh-autoreconf in build to support new architectures
* Team upload.
* debian/control: Update Homepage URL
* debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it
registers a logind session properly (Closes: #745983)
* Team upload.
* Enable systemd support on linux architectures
* debian/control: Bump Standards-Version to 3.9.5 (no further changes)
* debian/control: Use canonical VCS-* URL's
* Acknowledge non-maintainer upload for CVE-2013-4288.
* Also cherry-pick the upstream commit which deprecates the racy APIs.
* debian/patches/09_pam_environment.patch: set process environment from
pam_getenvlist().
* debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so our
global settings from /etc/environment are applied correctly.
* The two changes above fix pkexec to properly export the pam environment.
Thanks Steve Langasek for the patch. (Closes: #692340)
* Non-maintainer upload by the Security Team.
* Fix cve-2013-4288: race condition in pkcheck.c (closes: #723717).
* 07_set-XAUTHORITY-environment-variable-if-unset.patch: Set XAUTHORITY
environment variable to its default value $HOME/.Xauthority if unset.
Some display managers, like KDM, do not set the XAUTHORITY variable, so
starting graphical applications via pkexec was broken in those
environments. (Closes: #671497)
* Change the permissions of /etc/polkit-1/localauthority to 700, this
directory is not supposed to be readable by everyone.
* New upstream release.
* debian/watch: Update URL, the tarballs are hosted on freedesktop.org now.
* Update symbols file for libpolkit-gobject-1-0 and libpolkit-agent-1-0.
* Update debian/copyright using the machine-readable copyright format 1.0.
* Bump Standards-Version to 3.9.3.
* Bump Build-Depends on debhelper to (>= 9).
* debian/control: Add Build-Depends on libglib2.0-doc and libgtk-3-doc for
proper cross-references in the gtk-doc API documentation.
* Install systemd service file for polkitd.
* New upstream release.
- Add support for netgroups. (LP: #724052)
* debian/rules: Disable systemd support, continue to work with ConsokeKit.
* 05_revert-admin-identities-unix-group-wheel.patch: Refresh to apply
cleanly.
* debian/libpolkit-gobject-1-0.symbols: Add new symbols from this new
release.
* debian/rules: Do not let test failures fail the build. The new test suite
also runs a test against the system D-BUS/ConsoleKit, which can't work on
buildds.
* New upstream release.
* debian/control: Change section of gir1.2-polkit-1.0 to introspection.
* 05_revert-admin-identities-unix-group-wheel.patch: Revert upstream change
to make group wheel the default admin identity since we already use group
sudo resp. group admin for that.
* 02_gettext.patch: Explicitly #include <locale.h> to fix non-optimized
build. Thanks Ivan Krasilnikov for pointing this out.
* debian/rules: When building on Ubuntu, also consider the "sudo" group as
administrator, for compatibility with Debian and sudo itself. Keep "admin"
for existing systems. (LP: #893842)
* Convert to Multi-Arch and dh compat 9. Thanks Daniel Schaal for the
patch! (Closes: #636196)
* New upstream release.
* debian/patches/00git_fix_proc_race.patch: Removed, merged upstream.
* debian/patches/04_ignore_quilt_po.patch: Removed, merged upstream.
* debian/patches/03_complete_session.patch: Refreshed.
* debian/patches/04_get_cwd.patch: Use g_get_current_dir() to determine the
current working directory. This fixes another PATH_MAX related FTBFS on
hurd. Thanks Emilio Pozuelo Monfort for the patch. (Closes: #623017)
Urgency high due to security fix.
* Add 00git_fix_proc_race.patch: Avoid /proc race conditions when checking
privileges for pkexec. Patch taken from
https://bugzilla.redhat.com/show_bug.cgi?id=692922, now also landed in
upstream git. [CVE-2011-1485]
* debian/libpolkit-gobject-1-0.symbols: Update for new symbols.
* Add 04_ignore_quilt_po.patch: Ignore .po/ for intltool. This avoids build
failures if quilt patches change files with translatable strings. Thanks
to Kees Cook for the patch!
* debian/control
- Add Depends on gir1.2-polkit-1.0 (= ${binary:Version}) to
libpolkit-gobject-1-dev and libpolkit-agent-1-dev to comply with the
updated GObject introspection policy.
- Bump Standards-Version to 3.9.2. No further changes.
* Upload to unstable.
* New upstream release.
* Update patches
- Drop debian/patches/04_test_signalfd.patch, merged upstream.
- Refresh other patches to apply cleanly.
* debian/libpolkit-gobject-1-0.symbols
- Add polkit_authorization_result_get_dismissed.
* debian/control
- Bump Build-Depends on libglib2.0-dev to (>= 2.28.0).
* debian/rules
- Don't build example programs.
* New upstream release.
* Refresh debian/patches/03_complete_session.patch.
* Replace debian/patches/04_test_signalfd.patch with a patch that was merged
upstream. This also allows to drop debian/patches/99_autoreconf.patch.
* Switch from cdbs to dh.
* Bump debhelper compatibility level to 8.
* Install documentation using debian/policykit-1.docs.
* Enable gobject introspection support.
- Add Build-Depends on libgirepository1.0-dev (>= 0.9.12),
gobject-introspection (>= 0.9.12-4~) and gir1.2-glib-2.0.
- Add package gir1.2-polkit-1.0 containing the typelib files.
- Install gir files in libpolkit-agent-1-dev.install and
libpolkit-gobject-1-dev.install.
- Call dh_girepository in debian/rules.
* Upload to unstable.
[ Michael Biebl ]
* Merge sudo group changes from unstable branch.
[ Martin Pitt ]
* debian/rules: Use dpkg-vendor instead of lsb_release. Drop lsb-release
build dependency.
* Add 04_test_signalfd.patch: Allow building on Non-Linux platforms without
signalfd(). (Closes: #602476)
* Add 99_autoreconf.patch: Pick up autoreconf changes from previous patch.
[ Michael Biebl ]
* New upstream release.
* debian/patches/00git-fix-error-freeing.patch
- Remove, fixed upstream.
* debian/patches/00git-pkexec-information-disclosure.patch
- Remove, merged upstream.
* debian/control
- Drop Build-Depends on libeggdbus-1-dev.
- Bump Build-Depends on libglib2.0-dev to (>= 2.25.12) for GDBus.
* Switch to source format 3.0 (quilt).
- Add debian/source/format.
- Drop Build-Depends on quilt.
- Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules.
- Remove debian/README.source.
[ Robert Ancell ]
* Add debian/patches/02_gettext.patch: Use gettext for translations in
.policy files if they specify a gettext domain.
[ James Westby ]
* Add debian/patches/03_complete_session.patch: Fix the race that leads to
the password box disappearing, but the dialog remaining.
[ Martin Pitt ]
* debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated
.symbols files more strongly.
* debian/rules
- When building for Debian, install a localauthority.conf.d configuration
file which considers "sudo" group users as administrators.
(Closes: #532499)
* debian/control
- Use architecture wildcard linux-any for libselinux1-dev.
- Bump Standards-Version to 3.9.1.
* debian/policykit-1.postinst
- Query D-Bus to find out the correct pid of the process claiming
org.freedesktop.PolicyKit1. This way we do not accidentally kill the
wrong process when being installed in a chroot. (Closes: #595030)
* debian/policykit-1.prerm
- Stop polkitd on remove. (Closes: #595031)
* Urgency medium, just two small, but important bug fixes.
* Add 00git-pkexec-information-disclosure.patch: Fix information disclosure
vulnerability that allows an attacker to verify whether or not arbitrary
files exist, violating directory permissions.
* 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization()
with an invalid PID. (LP: #540464)
* New upstream release.
* debian/libpolkit-backend-1-0.symbols
- Update for new API addition.
* New upstream release.
* Remove patches
- debian/patches/02_dont_export_private_symbols.patch (merged upstream)
- debian/patches/03_path_max.patch (merged upstream)
- debian/patches/04-ref-authority.patch (merged upstream)
- debian/patches/05-pkexec-env.patch (merged upstream)
- debian/patches/99_autoreconf.patch (obsolete)
* debian/control
- Bump Build-Depends on libeggbus-1-dev to (>= 0.6).
* debian/rules
- The example application is no longer built by default so we don't need
to manually remove it anymore.
* debian/libpolkit-{backend,gobject}-1-0.symbols
- Update for new API additions.
* debian/policykit-1.postinst
- Use start-stop-daemon instead of kill+pidof to stop the running polkitd
daemon on upgrades.
* Remove our workaround for kfreebsd again now that eglibc 2.10 has entered
unstable. (Closes: #552605)
* Add debian/patches/04-ref-authority.patch: Ref the instance returned by
polkit_authority_get(), since the documentation says that it needs to be
unref'ed after usage. This fixes crashes in NetworkManager and probably
other programs, too. (LP: #438574, #432452, fd.o #24566)
* Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec
saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk)
* Add myself to Uploaders: with Michael's consent.
* debian/patches/03_path_max.patch
- Update patch to fix implicit pointer conversion for
get_current_dir_name. (Closes: #550901)
* debian/patches/03_path_max.patch
- Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800)
Thanks to Samuel Thibault for the patch.
* debian/policykit-1.postinst:
- Kill the old polkitd daemon on upgrade, to ensure that the new version
will be used at the next occasion.
* Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and
link against -lfreebsd for sysctlnametomib.
When glibc 2.10 enters unstable this workaround can be removed again.
* Rename package to policykit-1. Upstream (at least temporarily) forked
the project to make it installable in parallel with policykit 0.9, until
all programs are ported to the new API.
* Drop all patches except 01_pam_polkit.patch.
* Refresh debian/patches/01_pam_polkit.patch.
* debian/control
- Update Build-Depends
+ Drop libdbus-1-dev, libdbus-glib-1-dev.
+ Add libeggdbus-1-dev (>= 0.5) and lsb-release.
+ Bump libglib2-dev dependency to (>= 2.21.4).
- Update list of binary packages and their package descriptions.
- Drop dependency on adduser.
- Bump Standards-Version to 3.8.3.
+ Add README.source which refers to the quilt documentation.
- Update Vcs-* fields. Package is now managed using Git and hosted on
git.debian.org.
* Update shared library structure: libpolkit-{dbus,grant} →
libpolkit-{agent,backend,gobject}-1.
* Rename policykit, policykit-doc → policykit-1, policykit-1-doc.
* Update and revise all *.install files.
* debian/rules, debian/policykit.init: Drop init script, package doesn't use
/var/run any more.
* debian/policykit-1.postinst: Don't create "polkituser" system user, it's
not used any more.
* Update watch file.
* debian/patches/02_dont_export_private_symbols.patch
- Don't export private symbols in the libraries.
* debian/patches/99_autoreconf.patch
- Update the autotools files as the previous patch also touches the build
system.
* Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved
shlibs dependencies.
* debian/rules
- Disable introspection support.
- When building for Ubuntu, install a localauthority.conf.d configuration
file which considers "admin" group users as administrators.
- Don't install example application.
* debian/copyright
- Update copyright holder.
- License was changed to LGPL 2.1+.
* Add support for /var/run being a tmpfs. (Closes: #532101)
- Create /var/run/PolicyKit dynamically on boot by using an init script.
Original patch by Martin Pitt, thanks. Updated patch to only run the
init script in runlevel S at priority 75.
- Do no longer ship /var/run/PolicyKit in the package itself.
* debian/control
- Bump Standards-Version to 3.8.1.
* debian/patches/04_entry_leak.patch
- Plug a memory leak. Patch pulled from Fedora.
* debian/patches/05_manpage_typo_fix.patch
- Fix a small typo in the polkit-auth man page. (Closes: #523565)
* debian/patches/06_no_inotify_or_path_max.patch
- Add support for systems which don't support inotify (like hurd) and
don't use PATH_MAX unconditionally, instead use dynamically growing
buffers. (Closes: #521756)
Patch by Samuel Thibault, thanks.
* Switch patch management system to quilt.
* debian/control
- Wrap Build-Depends.
- Demote Recommends: policykit-gnome to Suggests. (Closes: #513758)
- Bump Build-Depends on debhelper to (>= 7).
* debian/compat
- Bump debhelper compat level to 7.
* debian/rules
- Include debhelper.mk before any other files as recommended by the cdbs
documentation.
* debian/patches/03_consolekit0.3-api.patch
- Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either.
Patch pulled from Ubuntu.
[ Simon McVittie ]
* Add patch committed in Fedora (although not upstream) by the upstream
maintainer, to allow PolicyKit to be used when CVE-2008-4311 has
been fixed in dbus-daemon. (Closes: #510646)
[ Michael Biebl ]
* debian/control
- Add ${misc:Depends} to all binary packages.
* New upstream release.
* debian/control
- Bump Standards-Version to 3.8.0. No further changes.
* Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2.
* debian/policykit.postinst
- Set correct permissions for all files. (Closes: #482064)
- Define a small helper function to apply the permissions. This makes it
more concise and readable.
* New upstream release.
- SECURITY - CVE-2008-1658:
Fixes format string vulnerability in the grant helper. (Closes: #476615)
* debian/control
- Add Build-Depends on pkg-config.
* Upload to unstable.
* New upstream release. (Closes: #455874)
* debian/control
- Bump Standards-Version to 3.7.3. No further changes required.
- Add Build-Depends on libdbus-glib-1-dev (>= 0.73).
- Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/.
(Closes: #446504)
- Improve package description. (Closes: #446554)
* debian/copyright
- All code is now licensed under the MIT/X11 license. Update the copyright
notice accordingly.
* debian/policykit.dirs
- Add the directory /var/lib/PolicyKit-public.
* debian/policykit.install
- Install the D-Bus config and service files for the PolicyKit system
service.
- Install /var/lib/misc/PolicyKit.reload.
* debian/rules
- Fix the permissions of /var/lib/misc/PolicyKit.reload.
* debian/policykit.postinst
- Use dpkg-statoverride to check for local modifications before setting
the SUID/SGID bits.
* New upstream release.
* debian/control
- Use new "Homepage:" field to specify the upstream URL.
- The Vcs-* fields are now officially supported, so remove the XS- prefix.
- Add a Recommends: policykit-gnome to the policykit package.
- Enable SELinux support by adding a Build-Depends on libselinux1-dev for
all supported platforms.
* debian/policykit.postinst
- Install polkit-grant-helper-pam with the correct permissions.
* Initial release. (Closes: #397087)