-
policykit-1 (0.105-21ubuntu0.4) cosmic-security; urgency=medium
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:51:01 -0400
-
policykit-1 (0.105-21ubuntu0.3) cosmic-security; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:15:13 -0500
-
policykit-1 (0.105-21) unstable; urgency=medium
* Remove --no-parallel now that parallel builds (hopefully) work.
Thanks to Adrian Bunk for spotting this.
* Refresh patches via gbp pq
* Use one patch per upstream commit for easier metadata round-trips
* Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114
- d/p/0.111/Fix-a-memory-leak.patch:
Fix a memory leak when PAM authentication fails
- d/p/0.113/Remove-a-redundant-assignment.patch:
Fix a potential compiler warning
- d/p/master/Fix-multi-line-pam-text-info.patch:
Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch,
d/p/0.114/Fix-multi-line-pam-text-info.patch,
d/p/0.114/Refactor-send_to_helper-usage.patch
* d/p/03_polkitunixsession_sessionid_from_display.patch:
Replace with functionally identical
d/p/0.114/Support-polkit-session-agent-running-outside-user-session.patch
as applied upstream
* d/watch: Use https
* d/watch: Download upstream PGP signatures
* debian/upstream/signing-key.asc: Add public keys for Ray Strode,
Miloslav Trmac, David Zeuthen
* d/gbp.conf: Merge upstream tags into the upstream branch
* Add myself to Uploaders
* d/gbp.conf: Set patch-numbers to false to match current practice
* d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch:
Backport the security-significant part of 0.115 (CVE-2018-1116)
* d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI
* d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck
* Standards-Version: 4.1.5 (no changes required)
* Set Rules-Requires-Root to no
-- Simon McVittie <email address hidden> Wed, 11 Jul 2018 09:29:32 +0100
-
policykit-1 (0.105-20) unstable; urgency=medium
* Team upload
* d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch:
Add patch from upstream to fix parallel builds (Closes: #894205)
-- Simon McVittie <email address hidden> Tue, 27 Mar 2018 13:50:28 +0100