2012-09-25 17:49:47 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Sep 25 09:05:02 UTC 2012 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Use %{_localstatedir}/lib/polkit for $HOME of polkit user,
|
|
|
|
|
|
instead of %{_libexecdir}/polkit-1. The directory is manually
|
|
|
|
|
|
created in %install.
|
|
|
|
|
|
|
2012-09-21 23:03:29 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri Sep 14 18:20:06 UTC 2012 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Update to version 0.107:
|
|
|
|
|
|
+ Try harder to look up the right localization
|
|
|
|
|
|
+ Introduce a polkit.Result enumeration for authorization rules
|
|
|
|
|
|
+ pkexec: add support for argv1 annotation and mention
|
|
|
|
|
|
shebang-wrappers
|
|
|
|
|
|
+ doc: update guidance on situations where there is no polkit
|
|
|
|
|
|
authority
|
|
|
|
|
|
- Changes from version 0.106:
|
|
|
|
|
|
+ Major change: switch from .pkla files (keyfile-format) to
|
|
|
|
|
|
.rules files (JavaScript)
|
|
|
|
|
|
+ Nuke polkitbackend library, localauthority backend and
|
|
|
|
|
|
extension system
|
|
|
|
|
|
+ Run polkitd as an unprivileged user
|
|
|
|
|
|
+ Add a systemd .service file
|
|
|
|
|
|
+ Several other code changes.
|
|
|
|
|
|
+ Updated documentation.
|
|
|
|
|
|
- Changes from version 0.105:
|
|
|
|
|
|
+ Add pkttyagent(1) helper
|
|
|
|
|
|
+ Make it possible to influence agent registration with an a{sv}
|
|
|
|
|
|
parameter
|
|
|
|
|
|
+ Several other code changes.
|
|
|
|
|
|
- Add pkgconfig(mozjs185) BuildRequires: new dependency for the
|
|
|
|
|
|
authority backend.
|
|
|
|
|
|
- Rebase polkit-no-wheel-group.patch: the admin configuration is
|
|
|
|
|
|
now in a .rules file.
|
|
|
|
|
|
- Rebase polkit-suid_flags.patch.
|
|
|
|
|
|
- Explicitly pass --enable-libsystemd-login or
|
|
|
|
|
|
--disable-libsystemd-login, depending on whether we build systemd
|
|
|
|
|
|
support.
|
|
|
|
|
|
- Add a %pre script to create the polkitd group and user, as
|
|
|
|
|
|
polkitd now run as an unprivileged user.
|
|
|
|
|
|
|
2012-08-22 20:26:50 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Aug 22 15:52:30 UTC 2012 - meissner@suse.com
|
|
|
|
|
|
|
|
|
|
|
|
- also use -z now for binary hardening
|
|
|
|
|
|
|
2012-06-14 09:36:01 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Jun 13 20:54:29 CEST 2012 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Package /etc/polkit-1/localauthority and its subdirectories. They
|
|
|
|
|
|
were forgotten because they were empty, but people might need
|
|
|
|
|
|
them to put .pkla files.
|
|
|
|
|
|
|
2012-02-24 13:54:59 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri Feb 24 12:11:04 UTC 2012 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Change the way we pass -fpie/-pie:
|
|
|
|
|
|
+ Drop polkit-pie.patch: this was not upstreamable.
|
|
|
|
|
|
+ Add polkit-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS
|
|
|
|
|
|
when building the suid binaries (pkexec and
|
|
|
|
|
|
polkit-agent-helper-1).
|
|
|
|
|
|
+ Add autoconf, automake and libtool BuildRequires, and call
|
|
|
|
|
|
autoreconf, for the new patch.
|
|
|
|
|
|
+ Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build.
|
|
|
|
|
|
+ Pass --with-pic to configure instead of changing CFLAGS to
|
|
|
|
|
|
contain -fPIC.
|
|
|
|
|
|
|
2012-01-09 11:07:22 +01:00
|
|
|
|
-------------------------------------------------------------------
|
2012-02-09 18:05:33 +01:00
|
|
|
|
Tue Feb 7 14:39:43 UTC 2012 - dlovasko@suse.com
|
|
|
|
|
|
|
|
|
|
|
|
- fixed bnc#743145 - added -fpie/-pie flags to compilation and linking of polkit-agent-helper and pkexec
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2012-01-09 11:07:22 +01:00
|
|
|
|
Mon Jan 9 09:33:30 UTC 2012 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Split typelib file into typelib-1_0-Polkit-1_0 subpackage.
|
|
|
|
|
|
- Add typelib-1_0-Polkit-1_0 Requires to devel subpackage.
|
|
|
|
|
|
- Add explicit libpolkit0 Requires to devel subpackage: it was
|
|
|
|
|
|
missing before.
|
|
|
|
|
|
- Remove explicit glib2-devel Requires from devel subpackage: it
|
|
|
|
|
|
will automatically be added the pkgconfig() way.
|
|
|
|
|
|
- Improve summary of libpolkit0 subpackage.
|
|
|
|
|
|
|
2012-01-04 23:08:35 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Jan 4 22:03:54 UTC 2012 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- A quick test reveals that the systemd backend does not
|
|
|
|
|
|
integrate very well with packages yet, revert.
|
|
|
|
|
|
|
2012-01-04 22:05:01 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Jan 4 21:02:38 UTC 2012 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Previous update missed systemd-devel in buildrequires
|
|
|
|
|
|
without it no systemd support is built
|
|
|
|
|
|
|
2012-01-04 21:57:24 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Jan 4 13:52:09 UTC 2012 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Update to version 0.104:
|
|
|
|
|
|
+ Add optional systemd support
|
|
|
|
|
|
+ Add netgroup support (fdo#43610)
|
|
|
|
|
|
+ Add unit tests (fdo#43608)
|
|
|
|
|
|
- Changes from version 0.103:
|
|
|
|
|
|
+ Mistype in DBus object: PoliycKit1 -> PolicyKit1
|
|
|
|
|
|
+ Add support for the org.freedesktop.policykit.imply annotation
|
|
|
|
|
|
+ Add --no-debug option and use this for D-Bus activation
|
|
|
|
|
|
+ Add org.freedesktop.policykit.owner annotation (fdo#41025)
|
|
|
|
|
|
+ Default to AdminIdentities=unix-group:wheel for local authority
|
|
|
|
|
|
- Drop patches that were taken from upstream:
|
|
|
|
|
|
+ 0001-Add-support-for-the-org.freedesktop.policykit.imply-a.diff
|
|
|
|
|
|
+ 0002-Add-no-debug-option-and-use-this-for-D-Bus-activation.diff
|
|
|
|
|
|
+ 0003-Bug-41025-Add-org.freedesktop.policykit.owner-annotat.diff
|
|
|
|
|
|
- Add polkit-no-wheel-group.patch: do not allow the wheel group as
|
|
|
|
|
|
admin identity, and revert to only accept the root user for this.
|
|
|
|
|
|
|
2011-11-02 17:05:54 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Nov 2 10:30:03 UTC 2011 - lnussel@suse.de
|
|
|
|
|
|
|
|
|
|
|
|
- pick some patches from git to add support for
|
|
|
|
|
|
org.freedesktop.policykit.imply, disable debug spam and allow
|
|
|
|
|
|
unprivileged users to query authorizations (bnc#698250)
|
|
|
|
|
|
|
2011-09-02 19:04:47 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri Sep 2 10:42:54 UTC 2011 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Update to version 0.102:
|
|
|
|
|
|
+ pkexec:
|
|
|
|
|
|
- fdo#38769: Support running X11 apps
|
|
|
|
|
|
- Avoid time-of-check-to-time-of-use problems with parent
|
|
|
|
|
|
process
|
|
|
|
|
|
+ Fix backend crash if a .policy file does not specify <message>
|
|
|
|
|
|
+ Fix multi-line pam prompt handling
|
|
|
|
|
|
+ Don't show diagnostic messages intended for the administrator
|
|
|
|
|
|
to the end user
|
|
|
|
|
|
+ PolkitUnixProcess:
|
|
|
|
|
|
- Clarify that the real uid is returned, not the effective one
|
|
|
|
|
|
- Record the uid of the process
|
|
|
|
|
|
+ Backend: Use polkit_unix_process_get_uid() to get the owner of
|
|
|
|
|
|
a process
|
|
|
|
|
|
+ Introspection fixes:
|
|
|
|
|
|
- Add --c-include to the gir files
|
|
|
|
|
|
- Specify exported pkg-config files in GIRs
|
|
|
|
|
|
+ Build fix.
|
|
|
|
|
|
- Drop polkit-CVE-2011-1485-1.patch, polkit-CVE-2011-1485-2.patch,
|
|
|
|
|
|
polkit-CVE-2011-1485-3.patch, polkit-CVE-2011-1485-4.patch: fixed
|
|
|
|
|
|
upstream.
|
|
|
|
|
|
- Remove service usage, following the new consensus on Factory
|
|
|
|
|
|
packaging.
|
|
|
|
|
|
|
2011-08-12 20:03:34 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Aug 10 12:20:39 UTC 2011 - dimstar@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- BuildIgnore ruby, which is being dragged in via indirect
|
|
|
|
|
|
dependencies by gtk-doc for one of the helpers, which we do not
|
|
|
|
|
|
need during the build of polkit. Not dragging ruby in resolves a
|
|
|
|
|
|
build-cycle.
|
|
|
|
|
|
|
2011-05-06 23:12:17 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu May 5 19:35:05 CEST 2011 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Use %set_permissions instead of deprecated %run_permissions in
|
|
|
|
|
|
%post.
|
|
|
|
|
|
- Add permissions PreReq, which was missing before.
|
|
|
|
|
|
|
2011-04-26 21:21:00 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Apr 26 21:19:32 CEST 2011 - kay.sievers@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- use LGPLv2.1+ in spec file
|
|
|
|
|
|
|
2011-04-26 19:03:02 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Apr 26 18:24:01 CEST 2011 - kay.sievers@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- stat race condition (CVE-2011-1485) (bnc#688788)
|
|
|
|
|
|
|
2011-04-15 16:12:10 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Apr 6 15:40:51 UTC 2011 - fcrozat@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- Remove PolkitAgent-1.0.typelib from main package, it is in
|
|
|
|
|
|
library package.
|
|
|
|
|
|
|
2011-03-09 15:03:42 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Mar 9 13:54:11 UTC 2011 - coolo@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- update to 0.101:
|
|
|
|
|
|
* tons of bug fixes, see NEWS
|
|
|
|
|
|
|
2010-11-11 13:26:16 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Nov 10 15:04:36 UTC 2010 - coolo@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- fix file list
|
|
|
|
|
|
|
2010-08-26 11:13:54 +02:00
|
|
|
|
-------------------------------------------------------------------
|
2010-09-17 21:00:24 +02:00
|
|
|
|
Thu Sep 16 09:34:50 CEST 2010 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Update to version 0.99:
|
|
|
|
|
|
+ Remove duplicate definitions of enumeration types
|
|
|
|
|
|
+ Fix (correct) GCC warning about possibly-uninitialized variable
|
|
|
|
|
|
+ Fix another GCC uninitialized variable warning
|
|
|
|
|
|
+ fdo#29816: Install polkitagentenumtypes.h
|
|
|
|
|
|
- Drop polkit-install-missing-header.patch: fixed upstream.
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2010-08-26 11:13:54 +02:00
|
|
|
|
Thu Aug 26 10:04:44 CEST 2010 - vuntz@opensuse.org
|
|
|
|
|
|
|
|
|
|
|
|
- Update to version 0.98:
|
|
|
|
|
|
+ Fix scanning of unix-process subjects
|
|
|
|
|
|
+ Add textual authentication agent and use it in pkexec(1)
|
|
|
|
|
|
+ Fix ConsoleKit interaction bug
|
|
|
|
|
|
+ pkexec: add --disable-internal-agent option
|
|
|
|
|
|
+ pkcheck: add --enable-internal-agent option
|
|
|
|
|
|
+ Fix wording in pkexec(1) man page
|
|
|
|
|
|
+ Various doc cleanups
|
|
|
|
|
|
- Changes from version 0.97:
|
|
|
|
|
|
+ Port to GDBus
|
|
|
|
|
|
+ Add shadow authentication support
|
|
|
|
|
|
+ Remove Lock Down functionality
|
|
|
|
|
|
+ fdo#26982: pkexec information disclosure vulnerability
|
|
|
|
|
|
+ Make polkitd accept --replace and gracefully handle SIGINT
|
|
|
|
|
|
+ Implement polkit_temporary_authorization_new_for_gvariant()
|
|
|
|
|
|
+ Make NameOwnerChanged a private impl detail of the interactive
|
|
|
|
|
|
authority
|
|
|
|
|
|
+ Add a GPermission implementation
|
|
|
|
|
|
+ PolkitAuthority: Implement failable initialization
|
|
|
|
|
|
+ PolkitAuthority: Add g_return_if_fail() checks
|
|
|
|
|
|
+ Add g_return_if_fail() to all public API entry points
|
|
|
|
|
|
+ Use polkit_authority_get_sync() instead of deprecated
|
|
|
|
|
|
polkit_authority_get
|
|
|
|
|
|
+ PolkitBackend: Don't export unneeded convenience API
|
|
|
|
|
|
+ Update GI annotations
|
|
|
|
|
|
+ Don't dist org.freedesktop.ConsoleKit.xml.
|
|
|
|
|
|
+ Properly reference headers
|
|
|
|
|
|
+ fdo#29051: Configuration reload on every query
|
|
|
|
|
|
- Drop pkexec-information-disclosure.patch: fixed upstream.
|
|
|
|
|
|
- Add polkit-install-missing-header.patch to install a header that
|
|
|
|
|
|
should get installed.
|
|
|
|
|
|
- Remove eggdbus-devel BuildRequires.
|
|
|
|
|
|
- Build with introspection support: add gobject-introspection
|
|
|
|
|
|
BuildRequires and pass --enable-introspection to configure.
|
|
|
|
|
|
- Fix groups of all packages to be valid groups.
|
|
|
|
|
|
|
2010-07-20 20:13:37 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
|
|
- use %_smp_mflags
|
|
|
|
|
|
|
2010-04-16 01:31:12 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri Apr 9 19:14:09 CEST 2010 - kay.sievers@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- fix pkexec information disclosure
|
|
|
|
|
|
(fdo#26982, CVE-2010-0750, bnc#593959)
|
|
|
|
|
|
|
2010-01-21 10:44:18 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Jan 18 14:20:11 CET 2010 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
|
|
- add baselibs.conf
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Mon Jan 18 12:56:02 CET 2010 - kay.sievers@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- new upstream release 0.96
|
|
|
|
|
|
- Bug 25367 — Also read local authority configuration data from /etc
|
|
|
|
|
|
- Run the open_session part of the PAM stack in pkexec(1)
|
|
|
|
|
|
- Bug 25594 – System logging
|
|
|
|
|
|
- Properly handle return value from getpwnam_r()
|
|
|
|
|
|
- Fix error message when no authentication agent is available
|
|
|
|
|
|
- Make pkexec(1) validate environment variables
|
|
|
|
|
|
- Make pkexec(1) use the syslogging facilities
|
|
|
|
|
|
- Save original cwd in pkexec(1) since it will change during the life-time
|
|
|
|
|
|
- Complain on stderr, not stdout
|
|
|
|
|
|
- Don't log authorization checks
|
|
|
|
|
|
|
2010-01-18 13:07:53 +01:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Jan 6 18:22:23 CET 2010 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
|
|
- update to 0.95:
|
|
|
|
|
|
The major change this release is that the lockdown feature has
|
|
|
|
|
|
been cleaned up in a way so it isn't specific to the local
|
|
|
|
|
|
authority. See the NEWS files for more details.
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Dec 16 10:44:34 CET 2009 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
|
|
- Package documentation as noarch
|
|
|
|
|
|
|
2009-08-28 20:12:54 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Aug 19 23:22:44 CEST 2009 - vuntz@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- Add Requires on polkit to libpolkit0: all applications using
|
|
|
|
|
|
libpolkit0 will really need polkit to be installed to work
|
|
|
|
|
|
properly.
|
|
|
|
|
|
|
2009-08-13 23:33:53 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu Aug 13 04:31:38 CEST 2009 - kay.sievers@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- new upstream release 0.94
|
|
|
|
|
|
- Allow unprivileged callers to check authorizations
|
|
|
|
|
|
- Don't spawn man(1) from a setuid program
|
|
|
|
|
|
- Add polkit.retains_authorization_after_challenge to authz result
|
|
|
|
|
|
- Ensure all fds except stdin/stdout/stderr are closed after exec(2)
|
|
|
|
|
|
- Be more careful when determining process start time
|
|
|
|
|
|
- Remove temporary authorization when the subject it applies to vanishes
|
|
|
|
|
|
- Generate GI gir and typelibs for libpolkit-gobject-1
|
|
|
|
|
|
- drop patches which are in the release now
|
|
|
|
|
|
- disable introspection
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Aug 11 21:23:49 CEST 2009 - kay.sievers@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- add upstream patches:
|
|
|
|
|
|
polkit-close-stdfds.patch
|
|
|
|
|
|
polkit-no-man-spawn.patch
|
|
|
|
|
|
polkit-proc-stat-parse-fix.patch
|
|
|
|
|
|
- drop rpmlint patch
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu Aug 6 17:36:16 CEST 2009 - meissner@suse.de
|
|
|
|
|
|
|
|
|
|
|
|
- check for the right binary in verify_permisisons
|
|
|
|
|
|
|
2009-07-30 18:07:53 +02:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu Jul 30 17:32:41 CEST 2009 - coolo@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- disable suid bit for now to get software build on top
|
|
|
|
|
|
- split out libraries to follow shared library policy
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Tue Jul 21 03:20:55 CEST 2009 - kay.sievers@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- update to version 0.93
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Sun Jul 19 15:31:44 CEST 2009 - kay.sievers@novell.com
|
|
|
|
|
|
|
|
|
|
|
|
- initial import of polkit 0.92
|
|
|
|
|
|
|
