[Pkg-utopia-maintainers] policykit-1_0.120-4_source+binary.changes ACCEPTED into experimental, experimental
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Feb 9 07:00:10 GMT 2022
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 05 Feb 2022 10:49:54 +0000
Binary: gir1.2-polkit-1.0 libpolkit-agent-1-0 libpolkit-agent-1-0-dbgsym libpolkit-agent-1-dev libpolkit-gobject-1-0 libpolkit-gobject-1-0-dbgsym libpolkit-gobject-1-dev pkexec pkexec-dbgsym policykit-1 policykit-1-doc polkitd polkitd-dbgsym polkitd-javascript polkitd-javascript-dbgsym polkitd-pkla polkitd-pkla-dbgsym
Source: policykit-1
Architecture: all amd64 source
Version: 0.120-4
Distribution: experimental
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Description:
gir1.2-polkit-1.0 - GObject introspection data for polkit
libpolkit-agent-1-0 - polkit Authentication Agent API
libpolkit-agent-1-dev - polkit Authentication Agent API - development files
libpolkit-gobject-1-0 - polkit Authorization API
libpolkit-gobject-1-dev - polkit Authorization API - development files
pkexec - run commands as another user with polkit authorization
policykit-1-doc - documentation for polkit
policykit-1 - transitional package for polkitd and pkexec
polkitd - framework for managing administrative policies and privileges
polkitd-javascript - JavaScript backend for polkitd
polkitd-pkla - Legacy "local authority" (.pkla) backend for polkitd
Changes:
policykit-1 (0.120-4) experimental; urgency=medium
.
* d/control: Change descriptions to refer to polkit.
According to NEWS, the official name of the project has been polkit
since 2012, and perhaps earlier.
* d/patches: Use upstream's finalized patch for CVE-2021-4034.
The patch that was provided to distributors under embargo was not the
final version: it used a different exit status, and made an attempt to
show help. The version that was actually committed after the embargo
period ended interprets argc == 0 as an attack rather than a mistake,
and does not attempt to show the help message.
* d/patches: Move Debian-specific patches to d/p/debian/.
This makes it clearer that these are not intended to go upstream.
* Split policykit-1 into polkitd and pkexec packages.
pkexec is a setuid program, which makes it a higher security risk than
the more typical IPC-based uses of polkit. If we separate out pkexec
into its own package, then only packages that rely on being able to run
pkexec will have to depend on it, reducing attack surface for users
who are able to remove the pkexec package.
* Reinstate the .pkla backend as a separate binary package.
Upstream polkit switched its authorization rule syntax from .ini-style
.pkla files to JavaScript in version 0.106. Debian has historically used
a fork of the last .pkla-based version, but this was becoming
unsustainable: bug fixes from subsequent upstream versions were either
applied as patches, or missing from the Debian package.
The "local authority" code that implements .pkla files is not actually
all that large, so patching it into a modern upstream version is a
much smaller task than patching modern upstream bug fixes into an old
upstream version.
For this upload to experimental, keep both the JavaScript backend and the
.pkla backend intact, by compiling polkitd twice with different options.
This lets us preserve existing functionality of upstream and experimental
polkit (with the more powerful JavaScript-based rules, which can base
their authorization decisions on service-specific information like the
name of a systemd unit), while also having the opportunity to evaluate
polkitd-pkla as a more direct replacement for what's in bookworm.
* Adjust Lintian override syntax
* Add Debian-specific man pages for polkitd-pkla
* d/copyright: Update
* Always configure the sudo group as root-equivalent.
This avoids Debian derivatives getting an unexpected change in behaviour
when they switch from inheriting Debian's policykit-1 package to
building their own policykit-1 package, perhaps as a result of wanting
to apply an unrelated patch.
The sudo group is defined to be root-equivalent in base-passwd, so this
should be equally true for all Debian derivatives.
(Closes: utopia-team/polkit!3; thanks to Arnaud Rebillout)
Checksums-Sha1:
14e788f2ab4da3bd4244638ac8f0f1b2bdc4c46f 3488 policykit-1_0.120-4.dsc
ae2ed71ba11442c44ddafa7e9f0e6bb756304484 60532 policykit-1_0.120-4.debian.tar.xz
2c1561e32694d1db30e9dba81e7987dec64e4bf8 8928 policykit-1_0.120-4_source.buildinfo
0c6f4aad2df21bf7622beff9f9a1c6681c805944 21708 gir1.2-polkit-1.0_0.120-4_amd64.deb
6b0d636bdc657e2e75bcfb0972a663dd959c0f68 43692 libpolkit-agent-1-0-dbgsym_0.120-4_amd64.deb
6d5eda9a571b851b33c96357df8cfcc67861ae7e 29884 libpolkit-agent-1-0_0.120-4_amd64.deb
8313f1b098e51057f834bd78bf631ad0f4f69f52 23760 libpolkit-agent-1-dev_0.120-4_amd64.deb
5d464997b99b463bf3ae0492f59dd55917f99c01 113860 libpolkit-gobject-1-0-dbgsym_0.120-4_amd64.deb
7813966edccbae61190e4019aaee719cb0a22831 49756 libpolkit-gobject-1-0_0.120-4_amd64.deb
73dec304ef9edd0e37e82875a2b6c6b0bfed009b 38728 libpolkit-gobject-1-dev_0.120-4_amd64.deb
4cd066adea3906d881d076520d637ee0c3030fa5 22492 pkexec-dbgsym_0.120-4_amd64.deb
1e9ae2c0a94da9e2ea6ce6eed5c5500c1c4fde4b 28204 pkexec_0.120-4_amd64.deb
8df1c22a9fd6d9e75fabeae9a0751e8c5ce5b1be 12440 policykit-1_0.120-4_amd64.buildinfo
93e02a357ffad2a24e112734ca7411dd8a73546b 16556 policykit-1_0.120-4_amd64.deb
45a32426feeedd5bd7784bc1994bf8276e23423e 38088 polkitd-dbgsym_0.120-4_amd64.deb
0372131c6400c45d6a5ebc8aaf39498fffb28285 276852 polkitd-javascript-dbgsym_0.120-4_amd64.deb
c02a7fa3938a01bd1459d50c0ca3cf3bfcb20df3 69092 polkitd-javascript_0.120-4_amd64.deb
980348e5b06c959f9b5cea1a092c7f7562086679 121348 polkitd-pkla-dbgsym_0.120-4_amd64.deb
44cec1090b2556b2b1cd03b7f46b451c1bb6bad9 62544 polkitd-pkla_0.120-4_amd64.deb
e3197ebcd7fe4eaa7e30a71ece69477859fe59aa 68536 polkitd_0.120-4_amd64.deb
0d8bcf75398468e779bb9a8fcebf7d80647d416f 248032 policykit-1-doc_0.120-4_all.deb
4ca3eab3b7c536e670b3793fb90c5742f6c0bbc5 8096 policykit-1_0.120-4_all.buildinfo
Checksums-Sha256:
17491899b9efb5a27cfaa47b242e77dd8cd6145e9e73287a4b8e4136fb74c7a7 3488 policykit-1_0.120-4.dsc
7830e5e901000368ee07c05a5b8cfe4a6ecc77de82ecafedd5f7088f24569e4d 60532 policykit-1_0.120-4.debian.tar.xz
3f467e62b70ef449baa3fd4d2fc0ef7b2b69c49ec0dbd5702968dc1425b91748 8928 policykit-1_0.120-4_source.buildinfo
3a22ac9e50d5d7b139ceb6cbe7eb42dead9c6ba1b36485709a4f2abf00d0d44b 21708 gir1.2-polkit-1.0_0.120-4_amd64.deb
99b2be8c5b68fc03dc2d633b92da7b01e05b06e472975065cacf4a2b9f6c4065 43692 libpolkit-agent-1-0-dbgsym_0.120-4_amd64.deb
6bacd0e2e4031676868e11ca170026e3da8b9e25f5916c66446ac3af0ef58967 29884 libpolkit-agent-1-0_0.120-4_amd64.deb
bf1964db3b3ba8be03c56c6b6f40ddf0e8a9120c9eb33dd9ffe3004b837f0b16 23760 libpolkit-agent-1-dev_0.120-4_amd64.deb
0568d113c16d6fa340139f35a6738d6d19c552d1620000fdd0cf9dae7700bad2 113860 libpolkit-gobject-1-0-dbgsym_0.120-4_amd64.deb
fc13c1d5311ad3771077e97df3b2e2409bc05df4a2c692968be2c78de92e865e 49756 libpolkit-gobject-1-0_0.120-4_amd64.deb
061ccbef4dec78de3d491c64fa6eb0200a89c72f8e6f11ec3ba472a3e78ef238 38728 libpolkit-gobject-1-dev_0.120-4_amd64.deb
de27ee3020c905140c5ee03b6b86a9b3615708a2bb9553104a9c7096a294937f 22492 pkexec-dbgsym_0.120-4_amd64.deb
7efebbe918bae2d4fb43392b01196888b2f02922d91d0a3166ab63ab130e5f51 28204 pkexec_0.120-4_amd64.deb
e3c5b88365b7f7a5bbfc60205619ab04aebf85fa26b9cba90d11cfe40d65857b 12440 policykit-1_0.120-4_amd64.buildinfo
09c51fda01bf52e12c6df7479844f580164fffcebc582a82bf1ea5a0e4a0e341 16556 policykit-1_0.120-4_amd64.deb
144a3ad79ed8a12f416ed28e8c4d36ab2dbe169ab2b2b939c8d4cb4c50abd6a5 38088 polkitd-dbgsym_0.120-4_amd64.deb
326e978885f807d1c5cb7ef0aa76734212abcb083cc57e2544212ce98e35e826 276852 polkitd-javascript-dbgsym_0.120-4_amd64.deb
bda7b81efa81a4fe295c8c078dba7286590bc79d6123022df8d89a36107ac699 69092 polkitd-javascript_0.120-4_amd64.deb
bc9ac25be89d21951c0dad2a31d12e897fdc50aa70ac68e4d1ed67c4d5054a23 121348 polkitd-pkla-dbgsym_0.120-4_amd64.deb
76b2c837e67c2306f6e6d5b1dd91484732019a0dbbdf4a4c197e5f1e19349a60 62544 polkitd-pkla_0.120-4_amd64.deb
61a120cd8a55282bce07054e6b30991e8819b069cb41519f885ae48176852485 68536 polkitd_0.120-4_amd64.deb
a30d79a8daa2ce3adc8921d7f3dab6a673583cd434f0ba18d0466c03f5d4b730 248032 policykit-1-doc_0.120-4_all.deb
95c3396ccef26336fb0f885103260e587b7d858bbb54169ba12fc96edf0ddc6c 8096 policykit-1_0.120-4_all.buildinfo
Files:
2a1ca5e58aa7dba99a4cf14f4bb8e134 3488 admin optional policykit-1_0.120-4.dsc
3b40af593ef8f247c800a507011b6df1 60532 admin optional policykit-1_0.120-4.debian.tar.xz
8812dde9b3b12e8f030330fad64ead61 8928 admin optional policykit-1_0.120-4_source.buildinfo
3867a8d0427481b1929e635fc194f09b 21708 introspection optional gir1.2-polkit-1.0_0.120-4_amd64.deb
d08a69c872ad32c262dc964e1f69600c 43692 debug optional libpolkit-agent-1-0-dbgsym_0.120-4_amd64.deb
9ce30a9d02d3e3b98ea11acdedcef308 29884 libs optional libpolkit-agent-1-0_0.120-4_amd64.deb
a99c80a6723f78d6b4a009e3b74a6ca0 23760 libdevel optional libpolkit-agent-1-dev_0.120-4_amd64.deb
45bc85dc58920a8f8b5a629c1231f595 113860 debug optional libpolkit-gobject-1-0-dbgsym_0.120-4_amd64.deb
bebc6fdda3ca1cc0b1f65a0952b3936a 49756 libs optional libpolkit-gobject-1-0_0.120-4_amd64.deb
89fb9a4270336f2bdfad7b59b8828ec5 38728 libdevel optional libpolkit-gobject-1-dev_0.120-4_amd64.deb
3dce1d83bc8cddf99e56fd885c61f642 22492 debug optional pkexec-dbgsym_0.120-4_amd64.deb
e4b0fef27a2426e935a4a8e01c256af6 28204 admin optional pkexec_0.120-4_amd64.deb
670aa7fac2c064ceae284ec40252b0f7 12440 admin optional policykit-1_0.120-4_amd64.buildinfo
00d855ed244482323ae096ed817cf4d2 16556 oldlibs optional policykit-1_0.120-4_amd64.deb
b5894dc3f82f33875e3892b3c1c8e62b 38088 debug optional polkitd-dbgsym_0.120-4_amd64.deb
7fea87c2c6e7d2aa975c8112db06fd20 276852 debug optional polkitd-javascript-dbgsym_0.120-4_amd64.deb
5d2d41a286e8c31f8cae20166672f4ae 69092 admin optional polkitd-javascript_0.120-4_amd64.deb
cfd311d18a9ca6943fdc3d34ce5903e9 121348 debug optional polkitd-pkla-dbgsym_0.120-4_amd64.deb
ab74128f7aa466f447de75abf7f5019b 62544 admin optional polkitd-pkla_0.120-4_amd64.deb
48d98cb9b4c3581d4d72bb1483ec6ab3 68536 admin optional polkitd_0.120-4_amd64.deb
ddb60a71775280c948108319ee56f5b4 248032 doc optional policykit-1-doc_0.120-4_all.deb
48c8a8c164ef0b9c7c7cd2cab1cc1dba 8096 admin optional policykit-1_0.120-4_all.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmH+WqgACgkQ4FrhR4+B
TE+PSBAAolrDrljxzlI8HHV9W/BevKDilzEo7GclY+y6cX/l9wgskCp3nSiVHZr/
jQFbfVbZwDADnoy/vBaCrgu6gyaU3BiJZfrzbucUwCpoRUXv4nKXC2Ru1IJhI5JS
PunXDkjzj8NmSw/t/aEOhfWBjYxT2GLHC/Ggt3pUupFbI8/QA44DTDNk9+v7aEpI
GrD/xC7fHK20asp1LNuYZ8nL8ZY5+4Iz6R565Gwf8Z3hV8WYjt6tdR5RXVX75uqJ
ctqp9Be4sm4ibc079RWdiMjqKkVg5UGg0yFQ++GPcXxkLOHJc7/cSQkUTfUlKgs2
Rw9sKrtoHO7K66JBZ2QOrvzvI2Wwhb+T7//UovmZ/piyV3+Gms5rXdMgWTJm09k6
i+9l9fvlzJTTSTGoFWYxnx1CxfQOoKgdUq0BjIJPjEvc6nq9XBmg+/Kz8NUYN0G/
Li9NAr8TwvOlH3XBR7/A+05At4SOhI5RfIF7SN2ifvaTiIlxPEHt4roAtbUNHKL3
AlWoEeYj3iC+Rh2zTD9z1QmKmAugMgeCEkojN0A5NhEYKeqF7M35AElY3c0z6Cnm
XXAErqQNQpLGU92Of5KMNyQ5xwrWmHnNaEOjXtcrVfPr0Z2gEnrrvCFfaPUOyPFa
ADs6FDAkLqtt6+xYF0eg3RFN9CzGk8mz2A9ieV4HmtaO63qSR3A=
=f6UG
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-utopia-maintainers
mailing list