Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
polkit.19838
polkit.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File polkit.changes of Package polkit.19838
------------------------------------------------------------------- Thu May 27 11:52:44 UTC 2021 - Marcus Meissner <meissner@suse.com> - CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497) CVE-2021-3560.patch ------------------------------------------------------------------- Tue Jul 23 06:29:16 UTC 2019 - Marcus Meissner <meissner@suse.com> - CVE-2019-6133.patch: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend. (bsc#1121826 CVE-2019-6133) ------------------------------------------------------------------- Thu Dec 20 17:29:58 UTC 2018 - meissner@suse.com - polkit-CVE-2018-19788.patch: Fixed handling of UIDs over MAX_UINT (bsc#1118277 CVE-2018-19788) ------------------------------------------------------------------- Wed Jul 4 11:51:10 UTC 2018 - meissner@suse.com - 0001-Fix-CVE-FIXME-Trusting-client-supplied-UID.patch: Fixed trusting the client-supplied UID (CVE-2018-1116 bsc#1099031) ------------------------------------------------------------------- Wed Nov 18 10:40:35 UTC 2015 - meissner@suse.com - polkit-revert-session-magic.patch: revert an upstream session - user enhancements which seems to expose a systemd sessiond/user handling bug. bsc#954139 ------------------------------------------------------------------- Fri Oct 2 10:54:15 UTC 2015 - meissner@suse.com - polkit 0.113 update * Fixes CVE-2015-4625, a local privilege escalation due to predictable authentication session cookie values. Thanks to Tavis Ormandy, Google Project Zero for reporting this issue. For the future, authentication agents are encouraged to use PolkitAgentSession instead of using the D-Bus agent response API directly. (bsc#935119) * Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the JavaScript interpreter, possibly leading to local privilege escalation. (bsc#943816) * Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate action IDs, possibly leading to local privilege escalation. Thanks to Laurent Bigonville for reporting this issue. (bsc#939246) * Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to Tavis Ormandy, Google Project Zero, for reporting this issue. (bsc#933922) * On systemd-213 and later, the "active" state is shared across all sessions of an user, instead of being tracked separately. * pkexec, when not given a program to execute, runs the users shell by default. - Fixed shutdown problems on powerpc64le bsc#950114 ------------------------------------------------------------------- Fri Sep 27 08:16:34 UTC 2013 - toms@opensuse.org - Fixed URL ------------------------------------------------------------------- Thu Sep 19 01:13:08 UTC 2013 - hrvoje.senjan@gmail.com - Update to 0.112 + polkitunixprocess: Deprecate racy APIs + pkcheck: Support --process=pid,start-time,uid syntax too (CVE-2013-4288) + Use GOnce for interface type registration + Add czech translation po file to distribution + Update the czech once more with newest pot file ------------------------------------------------------------------- Fri Jul 5 11:50:44 UTC 2013 - dimstar@opensuse.org - On openSUSE 13.1+, switch from mozjs185 to mozjs-17.0 by: + Conditionally BuildRequire pkgconfig(mozjs-17.0). - Drop libmozjs185-1_0 Recommends: the library is actually required and auto-detected as such by rpm (from 0.111 changes: "The JavaScript interpreter is now mandatory"). ------------------------------------------------------------------- Fri Jun 14 20:34:39 UTC 2013 - hrvoje.senjan@gmail.com - Update to 0.111 + Both js185 and mozjs17 versions of SpiderMonkey are supported + The JavaScript interpreter is now mandatory + Fixed various memory leaks + Respect SUID_CFLAGS and SUID_LDFLAGS + Set process environment from pam_getenvlist() + Fix the build with automake 1.13 - Drop polkit-suid_flags.patch and automake-113.patch, those patches are included in this release ------------------------------------------------------------------- Thu Apr 11 01:17:21 UTC 2013 - hrvoje.senjan@gmail.com - Add automake-113.patch, fixes build with automake-1.13 ------------------------------------------------------------------- Mon Feb 18 19:47:33 UTC 2013 - gber@opensuse.org - Recommend libmozjs185-1_0 which is dlopen'ed and required for JS rules ------------------------------------------------------------------- Mon Jan 14 15:51:20 UTC 2013 - hrvoje.senjan@gmail.com - Update to 0.110 + Set XAUTHORITY environment variable if is unset + Use mutex and condition variables properly + Build fixes. - Changes from version 0.109: + Include gmodule-2.0 to avoid linker errors + Don't require libmozjs185 devel packages for polkit rules to work - Drop polkit-link-gmodule.patch and polkit-libmozjs.patch, those are merged upstream ------------------------------------------------------------------- Wed Jan 9 14:08:57 UTC 2013 - saschpe@suse.de - Only mark the following files as %config, not %config(noreplace): + %{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf + %{_sysconfdir}/pam.d/polkit-1 + %{_sysconfdir}/polkit-1/rules.d/50-default.rules PolicyKit's own config files should only be changed for good reason and we want to prefer openSUSE's defaults (you still get an .rpmsafe file) ------------------------------------------------------------------- Mon Dec 10 07:45:47 UTC 2012 - dimstar@opensuse.org - Add polkit-libmozjs.patch: dlopen libmozjs185.so.1.0 instead of libmozjs185.so, which is packaged in the -devel package (bnc#793562) ------------------------------------------------------------------- Thu Nov 15 21:31:19 UTC 2012 - dimstar@opensuse.org - Update to version 0.108: + PolkitAgent: Avoid crashing if initializing the server object fails + Fall back to authenticating as uid 0 if the list of admin identities is empty + Dynamically load libmozjs185.so and cope with it not being available + docs: mention the audience for authorization rules + build: Fix .gir generation for parallel make - Only conditionally Require ConsoleKit when with_systemd is 0: systemd support obsoletes ConsoleKit. - Add polkit-link-gmodule.patch: Link against gmodule-2.0. - Change libpolkit0 to require polkit >= %version instead of the exact version. This will ease upgrade problems should there ever be a soname bump of libpolkit0. ------------------------------------------------------------------- Wed Nov 14 09:26:14 UTC 2012 - dimstar@opensuse.org - Enable systemd inetegration (change with_systemd to 1): As an agreed target for 12.3, systemd integration will be enabled. ------------------------------------------------------------------- Thu Nov 8 21:34:15 UTC 2012 - aj@suse.de - Add pwdutils to prereq for groupadd and useradd. ------------------------------------------------------------------- Thu Sep 27 07:55:23 UTC 2012 - vuntz@opensuse.org - Add polkit-no-systemd.patch: this patch, only applied when not building systemd support, removes the systemd service reference from the dbus .service file. This is needed as the systemd .service file does not get installed in that case and dbus gets confused because it expects it. - Make %{_datadir}/polkit-1/rules.d and %{_sysconfdir}/polkit-1/rules.d owned by user polkitd, as those directories have 0700 as permissions. - Those two changes should fix polkit so it can start. Fix bnc#782395. ------------------------------------------------------------------- Tue Sep 25 09:05:02 UTC 2012 - vuntz@opensuse.org - Use %{_localstatedir}/lib/polkit for $HOME of polkit user, instead of %{_libexecdir}/polkit-1. The directory is manually created in %install. ------------------------------------------------------------------- Fri Sep 14 18:20:06 UTC 2012 - vuntz@opensuse.org - Update to version 0.107: + Try harder to look up the right localization + Introduce a polkit.Result enumeration for authorization rules + pkexec: add support for argv1 annotation and mention shebang-wrappers + doc: update guidance on situations where there is no polkit authority - Changes from version 0.106: + Major change: switch from .pkla files (keyfile-format) to .rules files (JavaScript) + Nuke polkitbackend library, localauthority backend and extension system + Run polkitd as an unprivileged user + Add a systemd .service file + Several other code changes. + Updated documentation. - Changes from version 0.105: + Add pkttyagent(1) helper + Make it possible to influence agent registration with an a{sv} parameter + Several other code changes. - Add pkgconfig(mozjs185) BuildRequires: new dependency for the authority backend. - Rebase polkit-no-wheel-group.patch: the admin configuration is now in a .rules file. - Rebase polkit-suid_flags.patch. - Explicitly pass --enable-libsystemd-login or --disable-libsystemd-login, depending on whether we build systemd support. - Add a %pre script to create the polkitd group and user, as polkitd now run as an unprivileged user. ------------------------------------------------------------------- Wed Aug 22 15:52:30 UTC 2012 - meissner@suse.com - also use -z now for binary hardening ------------------------------------------------------------------- Wed Jun 13 20:54:29 CEST 2012 - vuntz@opensuse.org - Package /etc/polkit-1/localauthority and its subdirectories. They were forgotten because they were empty, but people might need them to put .pkla files. ------------------------------------------------------------------- Fri Feb 24 12:11:04 UTC 2012 - vuntz@opensuse.org - Change the way we pass -fpie/-pie: + Drop polkit-pie.patch: this was not upstreamable. + Add polkit-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS when building the suid binaries (pkexec and polkit-agent-helper-1). + Add autoconf, automake and libtool BuildRequires, and call autoreconf, for the new patch. + Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build. + Pass --with-pic to configure instead of changing CFLAGS to contain -fPIC. ------------------------------------------------------------------- Tue Feb 7 14:39:43 UTC 2012 - dlovasko@suse.com - fixed bnc#743145 - added -fpie/-pie flags to compilation and linking of polkit-agent-helper and pkexec ------------------------------------------------------------------- Mon Jan 9 09:33:30 UTC 2012 - vuntz@opensuse.org - Split typelib file into typelib-1_0-Polkit-1_0 subpackage. - Add typelib-1_0-Polkit-1_0 Requires to devel subpackage. - Add explicit libpolkit0 Requires to devel subpackage: it was missing before. - Remove explicit glib2-devel Requires from devel subpackage: it will automatically be added the pkgconfig() way. - Improve summary of libpolkit0 subpackage. ------------------------------------------------------------------- Wed Jan 4 22:03:54 UTC 2012 - crrodriguez@opensuse.org - A quick test reveals that the systemd backend does not integrate very well with packages yet, revert. ------------------------------------------------------------------- Wed Jan 4 21:02:38 UTC 2012 - crrodriguez@opensuse.org - Previous update missed systemd-devel in buildrequires without it no systemd support is built ------------------------------------------------------------------- Wed Jan 4 13:52:09 UTC 2012 - vuntz@opensuse.org - Update to version 0.104: + Add optional systemd support + Add netgroup support (fdo#43610) + Add unit tests (fdo#43608) - Changes from version 0.103: + Mistype in DBus object: PoliycKit1 -> PolicyKit1 + Add support for the org.freedesktop.policykit.imply annotation + Add --no-debug option and use this for D-Bus activation + Add org.freedesktop.policykit.owner annotation (fdo#41025) + Default to AdminIdentities=unix-group:wheel for local authority - Drop patches that were taken from upstream: + 0001-Add-support-for-the-org.freedesktop.policykit.imply-a.diff + 0002-Add-no-debug-option-and-use-this-for-D-Bus-activation.diff + 0003-Bug-41025-Add-org.freedesktop.policykit.owner-annotat.diff - Add polkit-no-wheel-group.patch: do not allow the wheel group as admin identity, and revert to only accept the root user for this. ------------------------------------------------------------------- Wed Nov 2 10:30:03 UTC 2011 - lnussel@suse.de - pick some patches from git to add support for org.freedesktop.policykit.imply, disable debug spam and allow unprivileged users to query authorizations (bnc#698250) ------------------------------------------------------------------- Fri Sep 2 10:42:54 UTC 2011 - vuntz@opensuse.org - Update to version 0.102: + pkexec: - fdo#38769: Support running X11 apps - Avoid time-of-check-to-time-of-use problems with parent process + Fix backend crash if a .policy file does not specify <message> + Fix multi-line pam prompt handling + Don't show diagnostic messages intended for the administrator to the end user + PolkitUnixProcess: - Clarify that the real uid is returned, not the effective one - Record the uid of the process + Backend: Use polkit_unix_process_get_uid() to get the owner of a process + Introspection fixes: - Add --c-include to the gir files - Specify exported pkg-config files in GIRs + Build fix. - Drop polkit-CVE-2011-1485-1.patch, polkit-CVE-2011-1485-2.patch, polkit-CVE-2011-1485-3.patch, polkit-CVE-2011-1485-4.patch: fixed upstream. - Remove service usage, following the new consensus on Factory packaging. ------------------------------------------------------------------- Wed Aug 10 12:20:39 UTC 2011 - dimstar@opensuse.org - BuildIgnore ruby, which is being dragged in via indirect dependencies by gtk-doc for one of the helpers, which we do not need during the build of polkit. Not dragging ruby in resolves a build-cycle. ------------------------------------------------------------------- Thu May 5 19:35:05 CEST 2011 - vuntz@opensuse.org - Use %set_permissions instead of deprecated %run_permissions in %post. - Add permissions PreReq, which was missing before. ------------------------------------------------------------------- Tue Apr 26 21:19:32 CEST 2011 - kay.sievers@novell.com - use LGPLv2.1+ in spec file ------------------------------------------------------------------- Tue Apr 26 18:24:01 CEST 2011 - kay.sievers@novell.com - stat race condition (CVE-2011-1485) (bnc#688788) ------------------------------------------------------------------- Wed Apr 6 15:40:51 UTC 2011 - fcrozat@novell.com - Remove PolkitAgent-1.0.typelib from main package, it is in library package. ------------------------------------------------------------------- Wed Mar 9 13:54:11 UTC 2011 - coolo@novell.com - update to 0.101: * tons of bug fixes, see NEWS ------------------------------------------------------------------- Wed Nov 10 15:04:36 UTC 2010 - coolo@novell.com - fix file list ------------------------------------------------------------------- Thu Sep 16 09:34:50 CEST 2010 - vuntz@opensuse.org - Update to version 0.99: + Remove duplicate definitions of enumeration types + Fix (correct) GCC warning about possibly-uninitialized variable + Fix another GCC uninitialized variable warning + fdo#29816: Install polkitagentenumtypes.h - Drop polkit-install-missing-header.patch: fixed upstream. ------------------------------------------------------------------- Thu Aug 26 10:04:44 CEST 2010 - vuntz@opensuse.org - Update to version 0.98: + Fix scanning of unix-process subjects + Add textual authentication agent and use it in pkexec(1) + Fix ConsoleKit interaction bug + pkexec: add --disable-internal-agent option + pkcheck: add --enable-internal-agent option + Fix wording in pkexec(1) man page + Various doc cleanups - Changes from version 0.97: + Port to GDBus + Add shadow authentication support + Remove Lock Down functionality + fdo#26982: pkexec information disclosure vulnerability + Make polkitd accept --replace and gracefully handle SIGINT + Implement polkit_temporary_authorization_new_for_gvariant() + Make NameOwnerChanged a private impl detail of the interactive authority + Add a GPermission implementation + PolkitAuthority: Implement failable initialization + PolkitAuthority: Add g_return_if_fail() checks + Add g_return_if_fail() to all public API entry points + Use polkit_authority_get_sync() instead of deprecated polkit_authority_get + PolkitBackend: Don't export unneeded convenience API + Update GI annotations + Don't dist org.freedesktop.ConsoleKit.xml. + Properly reference headers + fdo#29051: Configuration reload on every query - Drop pkexec-information-disclosure.patch: fixed upstream. - Add polkit-install-missing-header.patch to install a header that should get installed. - Remove eggdbus-devel BuildRequires. - Build with introspection support: add gobject-introspection BuildRequires and pass --enable-introspection to configure. - Fix groups of all packages to be valid groups. ------------------------------------------------------------------- Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de - use %_smp_mflags ------------------------------------------------------------------- Fri Apr 9 19:14:09 CEST 2010 - kay.sievers@novell.com - fix pkexec information disclosure (fdo#26982, CVE-2010-0750, bnc#593959) ------------------------------------------------------------------- Mon Jan 18 14:20:11 CET 2010 - dmueller@suse.de - add baselibs.conf ------------------------------------------------------------------- Mon Jan 18 12:56:02 CET 2010 - kay.sievers@novell.com - new upstream release 0.96 - Bug 25367 — Also read local authority configuration data from /etc - Run the open_session part of the PAM stack in pkexec(1) - Bug 25594 – System logging - Properly handle return value from getpwnam_r() - Fix error message when no authentication agent is available - Make pkexec(1) validate environment variables - Make pkexec(1) use the syslogging facilities - Save original cwd in pkexec(1) since it will change during the life-time - Complain on stderr, not stdout - Don't log authorization checks ------------------------------------------------------------------- Wed Jan 6 18:22:23 CET 2010 - dmueller@suse.de - update to 0.95: The major change this release is that the lockdown feature has been cleaned up in a way so it isn't specific to the local authority. See the NEWS files for more details. ------------------------------------------------------------------- Wed Dec 16 10:44:34 CET 2009 - jengelh@medozas.de - Package documentation as noarch ------------------------------------------------------------------- Wed Aug 19 23:22:44 CEST 2009 - vuntz@novell.com - Add Requires on polkit to libpolkit0: all applications using libpolkit0 will really need polkit to be installed to work properly. ------------------------------------------------------------------- Thu Aug 13 04:31:38 CEST 2009 - kay.sievers@novell.com - new upstream release 0.94 - Allow unprivileged callers to check authorizations - Don't spawn man(1) from a setuid program - Add polkit.retains_authorization_after_challenge to authz result - Ensure all fds except stdin/stdout/stderr are closed after exec(2) - Be more careful when determining process start time - Remove temporary authorization when the subject it applies to vanishes - Generate GI gir and typelibs for libpolkit-gobject-1 - drop patches which are in the release now - disable introspection ------------------------------------------------------------------- Tue Aug 11 21:23:49 CEST 2009 - kay.sievers@novell.com - add upstream patches: polkit-close-stdfds.patch polkit-no-man-spawn.patch polkit-proc-stat-parse-fix.patch - drop rpmlint patch ------------------------------------------------------------------- Thu Aug 6 17:36:16 CEST 2009 - meissner@suse.de - check for the right binary in verify_permisisons ------------------------------------------------------------------- Thu Jul 30 17:32:41 CEST 2009 - coolo@novell.com - disable suid bit for now to get software build on top - split out libraries to follow shared library policy ------------------------------------------------------------------- Tue Jul 21 03:20:55 CEST 2009 - kay.sievers@novell.com - update to version 0.93 ------------------------------------------------------------------- Sun Jul 19 15:31:44 CEST 2009 - kay.sievers@novell.com - initial import of polkit 0.92
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor