Skip to content
Snippets Groups Projects
  1. Feb 05, 2022
  2. Feb 03, 2022
    • Simon McVittie's avatar
      Update changelog · 67143c66
      Simon McVittie authored
      67143c66
    • Simon McVittie's avatar
      Always configure the sudo group as root-equivalent · afbbf671
      Simon McVittie authored
      This avoids Debian derivatives getting an unexpected change in behaviour
      when they switch from inheriting Debian's policykit-1 package to
      building their own policykit-1 package, perhaps as a result of wanting
      to apply an unrelated patch.
      
      The sudo group is defined to be root-equivalent in base-passwd, so this
      should be equally true for all Debian derivatives.
      
      Thanks: Arnaud Rebillout
      Closes: !3
      afbbf671
    • Simon McVittie's avatar
      Update changelog · 2849f2e8
      Simon McVittie authored
      2849f2e8
    • Simon McVittie's avatar
      d/copyright: Update · 76baa093
      Simon McVittie authored
      76baa093
    • Simon McVittie's avatar
      6b4eaabc
    • Simon McVittie's avatar
      Adjust Lintian override syntax · 21431ad4
      Simon McVittie authored
      21431ad4
    • Simon McVittie's avatar
      Reinstate the .pkla backend as a separate binary package · e31c7b6e
      Simon McVittie authored
      Upstream polkit switched its authorization rule syntax from .ini-style
      .pkla files to JavaScript in version 0.106. Debian has historically used
      a fork of the last .pkla-based version, but this was becoming
      unsustainable: bug fixes from subsequent upstream versions were either
      applied as patches, or missing from the Debian package.
      
      The "local authority" code that implements .pkla files is not actually
      all that large, so patching it into a modern upstream version is a
      much smaller task than patching modern upstream bug fixes into an old
      upstream version.
      
      For this upload to experimental, keep both the JavaScript backend and the
      .pkla backend intact, by compiling polkitd twice with different options.
      This lets us preserve existing functionality of upstream and experimental
      polkit (with the more powerful JavaScript-based rules, which can base
      their authorization decisions on service-specific information like the
      name of a systemd unit), while also having the opportunity to evaluate
      polkitd-pkla as a more direct replacement for what's in bookworm.
      e31c7b6e
    • Simon McVittie's avatar
      d/control: Split the package · 81c21cda
      Simon McVittie authored
      pkexec is a setuid program, which makes it a higher security risk than
      the more typical IPC-based uses of polkit. If we separate out pkexec
      into its own package, then only packages that rely on being able to run
      pkexec will have to depend on it, reducing attack surface for users
      who are able to remove the pkexec package.
      81c21cda
    • Simon McVittie's avatar
      d/patches: Move Debian-specific patches to d/p/debian/ · 29c9a578
      Simon McVittie authored
      This makes it clearer that these are not intended to go upstream.
      29c9a578
    • Simon McVittie's avatar
      d/patches: Use upstream's final patch for CVE-2021-4034 · 58c91719
      Simon McVittie authored
      The patch that was provided to distributors under embargo was not the
      final version: it used a different exit status, and made an attempt to
      show help. The version that was actually committed after the embargo
      period ended interprets argc == 0 as an attack rather than a mistake,
      and does not attempt to show the help message.
      58c91719
  3. Jan 26, 2022
  4. Jan 24, 2022
  5. Oct 28, 2021
  6. Oct 26, 2021
  7. Oct 25, 2021
  8. Sep 29, 2021
  9. Sep 07, 2021
  10. Jul 29, 2021
    • Iñigo Martínez's avatar
      build: Migrate from Intltool to Gettext · 96c6fc83
      Iñigo Martínez authored
      Recent versions of Gettext are able to translate several formats
      that are used in GNOME applications.
      
      This migrates from Intltool to Gettext both autotools and meson
      build systems.
      96c6fc83
  11. Jul 21, 2021
  12. Jul 19, 2021
    • Simon McVittie's avatar
      build: Make the directory for helper executables consistent with Autotools · e9aef131
      Simon McVittie authored and Simon McVittie (Collabora)'s avatar Simon McVittie (Collabora) committed
      
      The Autotools build system has been using /usr/lib/polkit-1 for several
      releases, even on distributions where the library directory is /usr/lib64
      or /usr/lib/x86_64-linux-gnu, so it makes sense for Meson to do the same.
      This lets 32- and 64-bit polkit agents share a single helper executable.
      
      This might be superseded by polkit!63, which requests going back to using
      the libexecdir for these (like polkit 0.105 did), which would also make
      sense; but until that's decided, let's at least be consistent between
      our two build systems.
      
      Every time we change this, all programs that have already loaded
      libpolkit-agent into their address space need to be restarted, unless
      distributions provide compatibility symlinks.
      
      Signed-off-by: default avatarSimon McVittie <smcv@debian.org>
      e9aef131
  13. Jul 15, 2021
  14. Jun 04, 2021
Loading