policykit-1 (122-3) unstable; urgency=medium
* d/polkitd.postinst: Stop polkitd before changing home directory.
usermod will refuse to change the home directory if a polkitd process
is running as the polkitd uid, so stop polkitd if necessary, and also
don't fail if usermod can't change the home directory in an existing
installation (which is non-critical anyway). (Closes: #1030154)
-- Simon McVittie <smcv@debian.org> Tue, 31 Jan 2023 22:05:24 +0000
policykit-1 (122-2) unstable; urgency=medium
[ Debian Janitor ]
* d/changelog: Trim trailing whitespace
* d/upstream/metadata: Update URLs for Bug-Database, Bug-Submit
[ Simon McVittie ]
* Update how we assign root-equivalent groups
- d/p/debian/50-default.rules-Replace-wheel-group-with-sudo-group.patch,
d/rules:
Set up Debian's default root-equivalent group 'sudo' in
50-default.rules rather than in 40-debian-sudo.rules. This ensures
that users of polkitd-pkla can override it by configuring admin
identities the old way. Previously, because 40-debian-sudo.rules was
earlier in the sequence than 49-polkit-pkla-compat.rules, it would
take precedence and the admin identities from polkitd-pkla were
ignored. (Closes: #1023393)
By default, polkitd-pkla does not provide any admin identities,
which means we behave as though polkitd-pkla was not installed at all,
and fall back to the sudo group defined in 50-default.rules.
- d/p/debian/05_revert-admin-identities-unix-group-wheel.patch:
Drop patch, superseded by the one described above
- d/rules: When built for Ubuntu, also install an Ubuntu-specific file
sequenced after 49-polkit-pkla-compat.rules but before
50-default.rules, which treats both the 'sudo' group and the legacy
'admin' group as root-equivalent.
* Replace /etc/pam.d/polkit-1 with /usr/lib/pam.d/polkit-1.
/usr/lib/pam.d has been supported since at least 1.4.0 (Debian 11),
so we can make this an ordinary packaged file instead of a conffile.
Local sysadmin overrides can still be done via /etc/pam.d/polkit-1
as before.
This sidesteps dpkg's inability to keep track of a conffile when it is
moved from one package to another (#399829, #645849, #163657, #595112).
(Closes: #1006203)
* postinst: Only clean up config directories if not owned.
If we only have polkitd installed, then we want to clean up the obsolete
directory /etc/polkit-1/localauthority.conf.d on upgrade, but if we
have polkitd-pkla installed, then it owns that directory and we should
not remove it. (Closes: #1026425)
* d/policykit-1.dirs: Continue to own some legacy directory names.
Having the transitional package continue to own these directories until
it has had a chance to clean up obsolete conffiles will silence warnings
from dpkg about inability to remove them. (Closes: #1027420)
* d/polkitd.postrm: Clean up /var/lib/polkit-1 on purge.
If /var/lib/polkit-1 was the polkitd user's home directory, then it
might contain a .cache subdirectory; clean that up too.
* Create polkitd user with home directory /nonexistent in new installations.
This will prevent it from creating detritus in /var/lib/polkit-1.
* polkitd.postinst: Change polkitd home directory to /nonexistent on upgrade
* Remove version constraints unnecessary since buster (oldstable)
* Update standards version to 4.6.2 (no changes needed)
-- Simon McVittie <smcv@debian.org> Fri, 20 Jan 2023 13:22:24 +0000
policykit-1 (122-1) unstable; urgency=medium
* d/watch: Fix handling of polkit-pkla-compat
* d/watch: Monitor Gitlab releases instead of fd.o web server
* New upstream release
* Drop patches that were included in the new upstream release
-- Simon McVittie <smcv@debian.org> Fri, 28 Oct 2022 18:36:30 +0100
policykit-1 (121+compat0.1-6) unstable; urgency=medium
* d/polkitd.examples: Really install the example rules mentioned in NEWS
* d/control: Explicitly build-depend on docbook-xsl.
polkit-pkla-compat needs this for the man pages, which cannot currently
be disabled, so it is not marked as <!nodoc> (and neither is xsltproc).
* Only build API documentation if policykit-1-doc is built.
It doesn't need to be built when we're doing an architecture-specific
build, and we can also mark it with the <!nodoc> build-profile (although
that's not particularly useful in this case because it's the only
arch-indep binary package).
-- Simon McVittie <smcv@debian.org> Thu, 13 Oct 2022 21:05:11 +0100
policykit-1 (121+compat0.1-5) unstable; urgency=medium
* Release to unstable (Closes: #946231, #1018897)
-- Simon McVittie <smcv@debian.org> Thu, 13 Oct 2022 10:46:03 +0100
policykit-1 (121+compat0.1-4) experimental; urgency=medium
* d/polkitd.postinst: Consistently indent with spaces
* d/polkitd.postinst: Quote defensively
* d/polkitd.postinst: Don't explicitly restart the systemd service.
dh_installsystemd does this for us anyway.
* d/polkitd.postinst: Make sure message bus policy is reloaded if needed.
If we created or modified the polkitd user, then we need to refresh
dbus-daemon's cached policy to take that user into account, otherwise
polkitd will fail to start. This fixes an autopkgtest failure.
* d/polkitd.postinst: Stop polkitd when not using systemd.
On non-systemd systems, polkitd is a traditional D-Bus service and is
not managed by a service manager, so the way to ensure we are running
the upgraded version is to stop it and let the D-Bus system bus activate
a new copy next time it is used.
* Install a sysusers.d(5) fragment to set up the system user.
This allows use of polkit without adduser on systems that have either
systemd or systemd-standalone-sysusers.
* d/polkitd.tmpfiles: Provide a tmpfiles.d(5) fragment for our directories
* Add another override for man pages not matching Lintian expectations
* d/rules: Build with hardening=+bindnow
* Add doc-base metadata for the reference manual
-- Simon McVittie <smcv@debian.org> Mon, 10 Oct 2022 15:00:55 +0100
policykit-1 (121+compat0.1-3) experimental; urgency=medium
* Merge content of polkitd-javascript into polkitd.
Keep the polkitd-javascript package as a transitional package.
-- Simon McVittie <smcv@debian.org> Wed, 28 Sep 2022 12:19:38 +0100
policykit-1 (121+compat0.1-2) experimental; urgency=medium
* Add a NEWS file describing the change of security policy format
* d/control: policykit-1 Recommends polkitd-pkla.
This arranges for upgrades from Debian 11 to install polkitd-pkla by
default, preserving previous functionality, while also allowing it to
be removed for legacy-free systems.
* d/pkla/: Remove, no longer installed or used
* d/example-rules: Add some examples of the JavaScript rules format
* d/changelog: Merge changelog entries from testing/unstable, in
preparation for uploading this branch to unstable
-- Simon McVittie <smcv@debian.org> Wed, 14 Sep 2022 21:33:22 +0100
policykit-1 (121+compat0.1-1) experimental; urgency=medium
* Restructure the package to use upstream project polkit-pkla-compat
for compatibility with 0.105 and older versions.
- polkitd-javascript is now the only implementation of polkitd.
The packages will probably be merged in a future upload, but keep
them separate for now as a contingency plan.
- polkitd-pkla now Depends on polkitd-javascript instead of having
Breaks/Replaces on it. It's now an addon for polkitd-javascript,
which calls out to an external helper program to check authorization
against the old pklocalauthority(8) configuration files.
- polkitd-javascript: Ensure that the polkitd user has a primary group.
The polkit-pkla-compat package wants its directories to be owned by
root:polkitd, which will only work if the polkitd user has a
corresponding polkitd group.
- Add polkit-pkla-compat as a secondary upstream tarball
- Build polkit-pkla-compat instead of a PKLA build of polkitd
- Drop patches that reinstated the ability to do a PKLA build of polkitd
* d/p/polkitbackendduktapeauthority.c-Print-the-error-string-we.patch:
Add patch from upstream to display error string as intended
* d/control: Explicitly build-depend on xml-core, for its dh addon
* d/copyright: Update
* Update Lintian overrides
* Standards-Version: 4.6.1 (no changes required)
* d/tests: Skip if dbus-daemon is not running and cannot be started
* Try harder to clean up obsolete conffiles
-- Simon McVittie <smcv@debian.org> Thu, 01 Sep 2022 15:59:38 +0100
policykit-1 (121-2) experimental; urgency=medium
[ Michael Biebl ]
* Use dh-sequence-gir Build-Depends to enable the gir addon
* Remove no longer needed dh option.
Upstream has removed the autotools based build system so we no longer
need to tell dh which build system to use.
* Remove workaround for missing mocklibc
[ Simon McVittie ]
* d/copyright: Reinstate entry for test/mocklibc
* d/polkitd.install: Really install the XML catalog entry
* d/rules: Enable xml-core dh sequence
* d/catalog.xml: Fix basename of DTD
-- Simon McVittie <smcv@debian.org> Sat, 23 Jul 2022 16:04:32 +0100
policykit-1 (121-1) experimental; urgency=medium
* New upstream release
* d/copyright: Update
* Drop patches that were applied upstream
* Refresh remaining patches
* d/control: Build-depend on duktape instead of mozjs
* Install policyconfig-1.dtd in polkitd package, with an XML catalog
entry (Closes: #872615)
* d/watch: Use Gitlab tags to watch for new releases for now.
Subsequent releases will be done via the Gitlab releases feature, but
it's not immediately obvious what form that will take.
* Add patch from upstream to install rules.d defaults in /usr/share.
This brings us one step closer to the "empty /etc is valid" model.
* d/rules: Install sudo and Ubuntu admin rules into /usr/share, too.
This avoids these files having to be conffiles that vary between
distros.
* d/upstream/metadata: Add
* d/polkitd.docs: Update
-- Simon McVittie <smcv@debian.org> Sat, 16 Jul 2022 20:17:46 +0100
policykit-1 (0.120-6) experimental; urgency=medium
* Add patch from Fedora to fix denial of service via fd exhaustion
(CVE-2021-4115; Closes: #1005784)
-- Simon McVittie <smcv@debian.org> Fri, 18 Feb 2022 10:04:56 +0000
policykit-1 (0.120-5) experimental; urgency=medium
* d/*.postinst: Correct package names in initial comments
* d/policykit-1.bug-control: Correct name of Submit-As field
-- Simon McVittie <smcv@debian.org> Wed, 09 Feb 2022 11:42:38 +0000
policykit-1 (0.120-4) experimental; urgency=medium
* d/control: Change descriptions to refer to polkit.
According to NEWS, the official name of the project has been polkit
since 2012, and perhaps earlier.
* d/patches: Use upstream's finalized patch for CVE-2021-4034.
The patch that was provided to distributors under embargo was not the
final version: it used a different exit status, and made an attempt to
show help. The version that was actually committed after the embargo
period ended interprets argc == 0 as an attack rather than a mistake,
and does not attempt to show the help message.
* d/patches: Move Debian-specific patches to d/p/debian/.
This makes it clearer that these are not intended to go upstream.
* Split policykit-1 into polkitd and pkexec packages.
pkexec is a setuid program, which makes it a higher security risk than
the more typical IPC-based uses of polkit. If we separate out pkexec
into its own package, then only packages that rely on being able to run
pkexec will have to depend on it, reducing attack surface for users
who are able to remove the pkexec package.
* Reinstate the .pkla backend as a separate binary package.
Upstream polkit switched its authorization rule syntax from .ini-style
.pkla files to JavaScript in version 0.106. Debian has historically used
a fork of the last .pkla-based version, but this was becoming
unsustainable: bug fixes from subsequent upstream versions were either
applied as patches, or missing from the Debian package.
The "local authority" code that implements .pkla files is not actually
all that large, so patching it into a modern upstream version is a
much smaller task than patching modern upstream bug fixes into an old
upstream version.
For this upload to experimental, keep both the JavaScript backend and the
.pkla backend intact, by compiling polkitd twice with different options.
This lets us preserve existing functionality of upstream and experimental
polkit (with the more powerful JavaScript-based rules, which can base
their authorization decisions on service-specific information like the
name of a systemd unit), while also having the opportunity to evaluate
polkitd-pkla as a more direct replacement for what's in bookworm.
* Adjust Lintian override syntax
* Add Debian-specific man pages for polkitd-pkla
* d/copyright: Update
* Always configure the sudo group as root-equivalent.
This avoids Debian derivatives getting an unexpected change in behaviour
when they switch from inheriting Debian's policykit-1 package to
building their own policykit-1 package, perhaps as a result of wanting
to apply an unrelated patch.
The sudo group is defined to be root-equivalent in base-passwd, so this
should be equally true for all Debian derivatives.
(Closes: utopia-team/polkit!3; thanks to Arnaud Rebillout)
-- Simon McVittie <smcv@debian.org> Sat, 05 Feb 2022 10:49:54 +0000
policykit-1 (0.120-3) experimental; urgency=high
* d/p/Avoid-local-privilege-escalation-in-polkit-s-pkexec.patch:
Apply embargoed patch for local privilege escalation (CVE-2021-4034)
-- Simon McVittie <smcv@debian.org> Mon, 24 Jan 2022 14:09:42 +0000
policykit-1 (0.120-2) experimental; urgency=medium
* d/rules: Extend timeout for unit tests.
Meson's default 30 second timeout is uncomfortably short even on x86,
and too short on e.g. mips.
-- Simon McVittie <smcv@debian.org> Thu, 28 Oct 2021 12:52:02 +0100
policykit-1 (0.120-1) experimental; urgency=medium
* New upstream release
* Drop patches that were applied upstream
* Depend on default-dbus-system-bus | dbus-system-bus instead of dbus.
We need the system bus: let's be specific about that. This will allow
dbus-broker to be substituted for dbus, if desired.
* Build-depend on dbus-daemon instead of dbus.
We only need dbus-run-session at build time; we don't need a
fully-working system bus.
* debian/missing/docs: Remove extra copy of documentation.
This is in the new upstream release.
- d/source/include-binaries: Remove, no longer needed
* d/p/Don-t-pass-positional-parameters-to-i18n.merge_file.patch:
Add patch to fix FTBFS with Meson 0.60.0
* Standards-Version: 4.6.0 (no changes required)
* Use d/watch format version 4
-- Simon McVittie <smcv@debian.org> Tue, 26 Oct 2021 12:11:24 +0100
policykit-1 (0.119-1) experimental; urgency=medium
* New upstream release
- Fixes local privilege escalation involving
polkit_system_bus_name_get_creds_sync() (CVE-2021-3560)
(Closes: #989429)
* d/missing, d/rules: Work around missing docs/polkit/overview.xml etc.
in 0.119 tarball
* Build using Meson
* d/p/build-Remove-redundant-computation-of-dbus-data-directory.patch,
d/p/build-Don-t-require-dbus-development-files.patch,
d/p/meson_post_install-Use-geteuid-instead-of-getpass.patch,
d/p/meson_post_install-Don-t-fail-if-the-polkitd-user-doesn-t.patch,
d/p/meson_post_install-If-installation-steps-are-skipped-say-.patch,
d/p/meson_post_install-Don-t-install-pkexec-group-writable.patch,
d/p/meson_post_install-Don-t-make-programs-setuid-if-we-are-n.patch,
d/p/meson_post_install-Respect-DESTDIR-for-absolute-paths.patch,
d/p/build-Make-the-directory-for-helper-executables-consisten.patch:
Add some patches to improve the Meson build system
* d/missing, d/rules: Get mocklibc into the right layout for the build
* Stop providing static libraries.
The Meson build infrastructure only supports shared libraries, and the
static libraries built by Autotools were already not particularly
useful, because they indirectly depend on the libmount shared library.
-- Simon McVittie <smcv@debian.org> Fri, 04 Jun 2021 19:49:26 +0100
policykit-1 (0.118-2) experimental; urgency=medium
[ Helmut Grohne ]
* Annotate Build-Depends: dbus <!nocheck> (Closes: #980998)
[ Michael Biebl ]
* Remove old maintscript migration code from pre-oldstable
* Use --restart-after-upgrade.
With debhelper 13.1, --no-start will disable --restart-after-upgrade.
Since we want the service to be restarted on upgrades, request that
explicitly.
See #959678
[ Simon McVittie ]
* d/rules: Remove --libexecdir override.
This has no practical effect: the upstream build system no longer uses
the libexec directory.
* d/rules: Remove redundant dh_missing --fail-missing override.
This is the default in dh compat level 13.
-- Simon McVittie <smcv@debian.org> Fri, 16 Apr 2021 11:34:06 +0100
policykit-1 (0.118-1) experimental; urgency=medium
* New upstream release
- Drop patch that was applied upstream
* d/control: Update build-dependency to mozjs78
-- Simon McVittie <smcv@debian.org> Sun, 27 Sep 2020 21:06:09 +0100
policykit-1 (0.117-1) experimental; urgency=medium
* New upstream release
* Rebase patches
* Bump Standards-Version to 4.5.0
* Add polkitbackendjsauthoritytest-wrapper.py to release tarball
* Add python3-dbusmock to Build-Depends and mark it <!nocheck>.
Required by test/polkitbackend/polkitbackendjsauthoritytest-wrapper.py
* Bump debhelper-compat to 13
* Add symlink for polkit-agent-helper-1 after the move to /usr/libexec.
Support upgrades from 0.105-27 (and later versions in unstable), which
moved the private binaries from /usr/lib/policykit-1 to /usr/libexec.
(Closes: #965210)
-- Michael Biebl <biebl@debian.org> Mon, 03 Aug 2020 15:42:56 +0200
policykit-1 (0.116-3) experimental; urgency=medium
* Team upload.
* Port to mozjs-68 (Closes: #961279)
-- Laurent Bigonville <bigon@debian.org> Wed, 22 Jul 2020 11:59:43 +0200
policykit-1 (0.116-2) experimental; urgency=medium
[ Mark Hindley ]
* Depend on new virtual packages default-logind and logind
(Closes: #923240)
[ Simon McVittie ]
* d/*.symbols: Add Build-Depends-Package metadata
* d/policykit-1.lintian-overrides: Override systemd unit false positives.
The systemd unit is only for on-demand D-Bus activation, and is not
intended to be started during boot, so an [Install] section and a
parallel LSB init script are not necessary.
* d/policykit-1.bug-control: Add systemd, elogind versions to bug reports.
reportbug doesn't currently seem to interpret
"Depends: default-logind | logind" as implying that it should include
the version number of the package that Provides logind in bug reports.
Workaround for #934472.
* Standards-Version: 4.4.0 (no changes required)
* Switch to debhelper-compat 12
-- Simon McVittie <smcv@debian.org> Sun, 11 Aug 2019 18:56:22 +0100
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog polkitd`.
Generated by dwww version 1.15 on Sat May 18 13:06:23 CEST 2024.