- Feb 18, 2022
-
-
Simon McVittie authored
-
Simon McVittie authored
CVE-2021-4115 Closes: #1005784
-
- Feb 09, 2022
-
-
Simon McVittie authored
-
- Feb 05, 2022
-
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
- Feb 03, 2022
-
-
Simon McVittie authored
-
Simon McVittie authored
This avoids Debian derivatives getting an unexpected change in behaviour when they switch from inheriting Debian's policykit-1 package to building their own policykit-1 package, perhaps as a result of wanting to apply an unrelated patch. The sudo group is defined to be root-equivalent in base-passwd, so this should be equally true for all Debian derivatives. Thanks: Arnaud Rebillout Closes: !3
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
Upstream polkit switched its authorization rule syntax from .ini-style .pkla files to JavaScript in version 0.106. Debian has historically used a fork of the last .pkla-based version, but this was becoming unsustainable: bug fixes from subsequent upstream versions were either applied as patches, or missing from the Debian package. The "local authority" code that implements .pkla files is not actually all that large, so patching it into a modern upstream version is a much smaller task than patching modern upstream bug fixes into an old upstream version. For this upload to experimental, keep both the JavaScript backend and the .pkla backend intact, by compiling polkitd twice with different options. This lets us preserve existing functionality of upstream and experimental polkit (with the more powerful JavaScript-based rules, which can base their authorization decisions on service-specific information like the name of a systemd unit), while also having the opportunity to evaluate polkitd-pkla as a more direct replacement for what's in bookworm.
-
Simon McVittie authored
pkexec is a setuid program, which makes it a higher security risk than the more typical IPC-based uses of polkit. If we separate out pkexec into its own package, then only packages that rely on being able to run pkexec will have to depend on it, reducing attack surface for users who are able to remove the pkexec package.
-
Simon McVittie authored
This makes it clearer that these are not intended to go upstream.
-
Simon McVittie authored
The patch that was provided to distributors under embargo was not the final version: it used a different exit status, and made an attempt to show help. The version that was actually committed after the embargo period ended interprets argc == 0 as an attack rather than a mistake, and does not attempt to show the help message.
-
- Jan 26, 2022
-
-
Simon McVittie authored
According to NEWS, the official name of the project has been polkit since 2012, and perhaps earlier.
-
- Jan 24, 2022
-
-
Simon McVittie authored
-
Simon McVittie authored
-
- Oct 28, 2021
-
-
Simon McVittie authored
-
Simon McVittie authored
Meson's default 30 second timeout is uncomfortably short even on x86, and too short on e.g. mips.
-
- Oct 26, 2021
-
-
Simon McVittie authored
-
- Oct 25, 2021
-
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
We only need dbus-run-session at build time; we don't need a fully-working system bus.
-
Simon McVittie authored
-
Simon McVittie authored
This is in the new upstream release.
-
Simon McVittie authored
We need the system bus: let's be specific about that. This will allow dbus-broker to be substituted for dbus, if desired.
-
Simon McVittie authored
-
Simon McVittie authored
-
Simon McVittie authored
Update to upstream version '0.120' with Debian dir fe54aed4b0b84c4ce5f5900046b80b6ec4d8800d
-
Simon McVittie authored
-
- Sep 29, 2021
- Sep 07, 2021
-
-
Simon McVittie authored
We don't actually need libdbus, only the dbus-daemon's installation directory for system services, which in practice is always going to be /usr/share/dbus-1/system-services. Signed-off-by: Simon McVittie <smcv@debian.org>
-
Simon McVittie authored
We were asking pkg-config "if I define ${datadir} to pk_prefix/pk_datadir, what would ${datadir} be?" but the answer is obviously always going to be pk_prefix/pk_datadir. Signed-off-by: Simon McVittie <smcv@debian.org>
-
- Jul 29, 2021
-
-
Iñigo Martínez authored
Recent versions of Gettext are able to translate several formats that are used in GNOME applications. This migrates from Intltool to Gettext both autotools and meson build systems.
-