- Jul 22, 2020
-
-
Laurent Bigonville authored
-
Laurent Bigonville authored
Closes: #961279
-
- Aug 11, 2019
-
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
reportbug doesn't currently seem to interpret "Depends: default-logind | logind" as implying that it should include the version number of the package that Provides logind in bug reports. Workaround for #934472.
-
Simon McVittie authored
The systemd unit is only for on-demand D-Bus activation, and is not intended to be started during boot, so an [Install] section and a parallel LSB init script are not necessary.
-
Simon McVittie authored
-
Closes: #923240
-
- May 01, 2019
-
-
Simon McVittie authored
-
Simon McVittie authored
Remove the consolekit [!linux-any] dependency. polkit no longer has any backends for non-Linux. Closes: #918446
-
Simon McVittie authored
-
- Apr 29, 2019
-
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
Update to upstream version '0.116' with Debian dir eaaf329b7d2c68a20ed5fb4aaa2a8e507ddf7d70
-
Simon McVittie authored
-
- Apr 26, 2019
- Apr 25, 2019
- Apr 02, 2019
-
-
Jan Rybar authored
Js encode string to utf8 See merge request polkit/polkit!29
-
Jan Rybar authored
When strings handled by the jsbackendauthority contain non-ASCII, the code will fail. For example, on a system having a user with a non-ASCII name, the following message will appear when a USB stick is plugged in. mar 04 21:47:31 mimmi polkitd[17163]: Error evaluating authorization rules The user will not be allowed to do the mount. The problem is that strings were variously encoded back to C strings with JS_EncodeString and JS_EncodeStringToUTF8. According to the documentation (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/JSAPI_reference/JS_EncodeString#Description) the former will simply drop the high byte from each character. If that happens to a username, it will no longer be found as a valid user name on the system. Explicitly encoding to UTF-8 will at least work in UTF-8 locales, which is the increasingly dominant encoding.
-
- Mar 26, 2019
- Mar 15, 2019
-
-
Jan Rybar authored
pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM See merge request polkit/polkit!24
-
Jan Rybar authored
If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there.
-
- Mar 14, 2019
-
-
Ray Strode authored
Port JavaScript authority to mozjs-60 See merge request polkit/polkit!4
-
- Mar 12, 2019
-
-
API changes in mozjs that need to be reflected in the JS authority: - the JS::CompileOptions constructor and the JS::CompartmentOptions do not allow setting a JS version any more - do not use NULL comparisons for C++ objects - the resize() method for a vector has a return value that needs to be handled - JSClassOps has different fields
-
This is the new ESR version of the Mozilla JS engine, superceding mozjs-52.
-
- Feb 05, 2019
-
-
Jan Rybar authored
Allow uid of -1 for a PolkitUnixProcess See merge request polkit/polkit!17
-
Phaedrus Leeds authored
Commit 2cb40c4d changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1).
-
- Jan 08, 2019
-
-
Colin Walters authored
backend: Compare PolkitUnixProcess uids for temporary authorizations Closes #75 See merge request polkit/polkit!19
-
Colin Walters authored
It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn <jannh@google.com> Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
-
- Dec 07, 2018
-
-
Michael Biebl authored
-
Michael Biebl authored
Fixes a vulnerability in PolicyKit that allows a user with a uid greater than INT_MAX to successfully execute arbitrary polkit actions. CVE-2018-19788 Closes: #915332
-
- Dec 06, 2018
-
-
Jan Rybar authored
High uid fixup CVE-2018-19788 Closes #74 See merge request polkit/polkit!14
-