Dominique Leuenberger
dcb149fa57
- also use -z now for binary hardening OBS-URL: https://build.opensuse.org/request/show/131367 OBS-URL: https://build.opensuse.org/package/show/Base:System/polkit?expand=0&rev=65
295 lines
11 KiB
Plaintext
295 lines
11 KiB
Plaintext
-------------------------------------------------------------------
|
||
Wed Aug 22 15:52:30 UTC 2012 - meissner@suse.com
|
||
|
||
- also use -z now for binary hardening
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 13 20:54:29 CEST 2012 - vuntz@opensuse.org
|
||
|
||
- Package /etc/polkit-1/localauthority and its subdirectories. They
|
||
were forgotten because they were empty, but people might need
|
||
them to put .pkla files.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 24 12:11:04 UTC 2012 - vuntz@opensuse.org
|
||
|
||
- Change the way we pass -fpie/-pie:
|
||
+ Drop polkit-pie.patch: this was not upstreamable.
|
||
+ Add polkit-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS
|
||
when building the suid binaries (pkexec and
|
||
polkit-agent-helper-1).
|
||
+ Add autoconf, automake and libtool BuildRequires, and call
|
||
autoreconf, for the new patch.
|
||
+ Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build.
|
||
+ Pass --with-pic to configure instead of changing CFLAGS to
|
||
contain -fPIC.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 7 14:39:43 UTC 2012 - dlovasko@suse.com
|
||
|
||
- fixed bnc#743145 - added -fpie/-pie flags to compilation and linking of polkit-agent-helper and pkexec
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 9 09:33:30 UTC 2012 - vuntz@opensuse.org
|
||
|
||
- Split typelib file into typelib-1_0-Polkit-1_0 subpackage.
|
||
- Add typelib-1_0-Polkit-1_0 Requires to devel subpackage.
|
||
- Add explicit libpolkit0 Requires to devel subpackage: it was
|
||
missing before.
|
||
- Remove explicit glib2-devel Requires from devel subpackage: it
|
||
will automatically be added the pkgconfig() way.
|
||
- Improve summary of libpolkit0 subpackage.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 4 22:03:54 UTC 2012 - crrodriguez@opensuse.org
|
||
|
||
- A quick test reveals that the systemd backend does not
|
||
integrate very well with packages yet, revert.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 4 21:02:38 UTC 2012 - crrodriguez@opensuse.org
|
||
|
||
- Previous update missed systemd-devel in buildrequires
|
||
without it no systemd support is built
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 4 13:52:09 UTC 2012 - vuntz@opensuse.org
|
||
|
||
- Update to version 0.104:
|
||
+ Add optional systemd support
|
||
+ Add netgroup support (fdo#43610)
|
||
+ Add unit tests (fdo#43608)
|
||
- Changes from version 0.103:
|
||
+ Mistype in DBus object: PoliycKit1 -> PolicyKit1
|
||
+ Add support for the org.freedesktop.policykit.imply annotation
|
||
+ Add --no-debug option and use this for D-Bus activation
|
||
+ Add org.freedesktop.policykit.owner annotation (fdo#41025)
|
||
+ Default to AdminIdentities=unix-group:wheel for local authority
|
||
- Drop patches that were taken from upstream:
|
||
+ 0001-Add-support-for-the-org.freedesktop.policykit.imply-a.diff
|
||
+ 0002-Add-no-debug-option-and-use-this-for-D-Bus-activation.diff
|
||
+ 0003-Bug-41025-Add-org.freedesktop.policykit.owner-annotat.diff
|
||
- Add polkit-no-wheel-group.patch: do not allow the wheel group as
|
||
admin identity, and revert to only accept the root user for this.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 2 10:30:03 UTC 2011 - lnussel@suse.de
|
||
|
||
- pick some patches from git to add support for
|
||
org.freedesktop.policykit.imply, disable debug spam and allow
|
||
unprivileged users to query authorizations (bnc#698250)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 2 10:42:54 UTC 2011 - vuntz@opensuse.org
|
||
|
||
- Update to version 0.102:
|
||
+ pkexec:
|
||
- fdo#38769: Support running X11 apps
|
||
- Avoid time-of-check-to-time-of-use problems with parent
|
||
process
|
||
+ Fix backend crash if a .policy file does not specify <message>
|
||
+ Fix multi-line pam prompt handling
|
||
+ Don't show diagnostic messages intended for the administrator
|
||
to the end user
|
||
+ PolkitUnixProcess:
|
||
- Clarify that the real uid is returned, not the effective one
|
||
- Record the uid of the process
|
||
+ Backend: Use polkit_unix_process_get_uid() to get the owner of
|
||
a process
|
||
+ Introspection fixes:
|
||
- Add --c-include to the gir files
|
||
- Specify exported pkg-config files in GIRs
|
||
+ Build fix.
|
||
- Drop polkit-CVE-2011-1485-1.patch, polkit-CVE-2011-1485-2.patch,
|
||
polkit-CVE-2011-1485-3.patch, polkit-CVE-2011-1485-4.patch: fixed
|
||
upstream.
|
||
- Remove service usage, following the new consensus on Factory
|
||
packaging.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 10 12:20:39 UTC 2011 - dimstar@opensuse.org
|
||
|
||
- BuildIgnore ruby, which is being dragged in via indirect
|
||
dependencies by gtk-doc for one of the helpers, which we do not
|
||
need during the build of polkit. Not dragging ruby in resolves a
|
||
build-cycle.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 5 19:35:05 CEST 2011 - vuntz@opensuse.org
|
||
|
||
- Use %set_permissions instead of deprecated %run_permissions in
|
||
%post.
|
||
- Add permissions PreReq, which was missing before.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 26 21:19:32 CEST 2011 - kay.sievers@novell.com
|
||
|
||
- use LGPLv2.1+ in spec file
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 26 18:24:01 CEST 2011 - kay.sievers@novell.com
|
||
|
||
- stat race condition (CVE-2011-1485) (bnc#688788)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 6 15:40:51 UTC 2011 - fcrozat@novell.com
|
||
|
||
- Remove PolkitAgent-1.0.typelib from main package, it is in
|
||
library package.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 9 13:54:11 UTC 2011 - coolo@novell.com
|
||
|
||
- update to 0.101:
|
||
* tons of bug fixes, see NEWS
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 10 15:04:36 UTC 2010 - coolo@novell.com
|
||
|
||
- fix file list
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 16 09:34:50 CEST 2010 - vuntz@opensuse.org
|
||
|
||
- Update to version 0.99:
|
||
+ Remove duplicate definitions of enumeration types
|
||
+ Fix (correct) GCC warning about possibly-uninitialized variable
|
||
+ Fix another GCC uninitialized variable warning
|
||
+ fdo#29816: Install polkitagentenumtypes.h
|
||
- Drop polkit-install-missing-header.patch: fixed upstream.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 26 10:04:44 CEST 2010 - vuntz@opensuse.org
|
||
|
||
- Update to version 0.98:
|
||
+ Fix scanning of unix-process subjects
|
||
+ Add textual authentication agent and use it in pkexec(1)
|
||
+ Fix ConsoleKit interaction bug
|
||
+ pkexec: add --disable-internal-agent option
|
||
+ pkcheck: add --enable-internal-agent option
|
||
+ Fix wording in pkexec(1) man page
|
||
+ Various doc cleanups
|
||
- Changes from version 0.97:
|
||
+ Port to GDBus
|
||
+ Add shadow authentication support
|
||
+ Remove Lock Down functionality
|
||
+ fdo#26982: pkexec information disclosure vulnerability
|
||
+ Make polkitd accept --replace and gracefully handle SIGINT
|
||
+ Implement polkit_temporary_authorization_new_for_gvariant()
|
||
+ Make NameOwnerChanged a private impl detail of the interactive
|
||
authority
|
||
+ Add a GPermission implementation
|
||
+ PolkitAuthority: Implement failable initialization
|
||
+ PolkitAuthority: Add g_return_if_fail() checks
|
||
+ Add g_return_if_fail() to all public API entry points
|
||
+ Use polkit_authority_get_sync() instead of deprecated
|
||
polkit_authority_get
|
||
+ PolkitBackend: Don't export unneeded convenience API
|
||
+ Update GI annotations
|
||
+ Don't dist org.freedesktop.ConsoleKit.xml.
|
||
+ Properly reference headers
|
||
+ fdo#29051: Configuration reload on every query
|
||
- Drop pkexec-information-disclosure.patch: fixed upstream.
|
||
- Add polkit-install-missing-header.patch to install a header that
|
||
should get installed.
|
||
- Remove eggdbus-devel BuildRequires.
|
||
- Build with introspection support: add gobject-introspection
|
||
BuildRequires and pass --enable-introspection to configure.
|
||
- Fix groups of all packages to be valid groups.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
|
||
|
||
- use %_smp_mflags
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 9 19:14:09 CEST 2010 - kay.sievers@novell.com
|
||
|
||
- fix pkexec information disclosure
|
||
(fdo#26982, CVE-2010-0750, bnc#593959)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 18 14:20:11 CET 2010 - dmueller@suse.de
|
||
|
||
- add baselibs.conf
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 18 12:56:02 CET 2010 - kay.sievers@novell.com
|
||
|
||
- new upstream release 0.96
|
||
- Bug 25367 — Also read local authority configuration data from /etc
|
||
- Run the open_session part of the PAM stack in pkexec(1)
|
||
- Bug 25594 – System logging
|
||
- Properly handle return value from getpwnam_r()
|
||
- Fix error message when no authentication agent is available
|
||
- Make pkexec(1) validate environment variables
|
||
- Make pkexec(1) use the syslogging facilities
|
||
- Save original cwd in pkexec(1) since it will change during the life-time
|
||
- Complain on stderr, not stdout
|
||
- Don't log authorization checks
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 6 18:22:23 CET 2010 - dmueller@suse.de
|
||
|
||
- update to 0.95:
|
||
The major change this release is that the lockdown feature has
|
||
been cleaned up in a way so it isn't specific to the local
|
||
authority. See the NEWS files for more details.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 16 10:44:34 CET 2009 - jengelh@medozas.de
|
||
|
||
- Package documentation as noarch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 19 23:22:44 CEST 2009 - vuntz@novell.com
|
||
|
||
- Add Requires on polkit to libpolkit0: all applications using
|
||
libpolkit0 will really need polkit to be installed to work
|
||
properly.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 13 04:31:38 CEST 2009 - kay.sievers@novell.com
|
||
|
||
- new upstream release 0.94
|
||
- Allow unprivileged callers to check authorizations
|
||
- Don't spawn man(1) from a setuid program
|
||
- Add polkit.retains_authorization_after_challenge to authz result
|
||
- Ensure all fds except stdin/stdout/stderr are closed after exec(2)
|
||
- Be more careful when determining process start time
|
||
- Remove temporary authorization when the subject it applies to vanishes
|
||
- Generate GI gir and typelibs for libpolkit-gobject-1
|
||
- drop patches which are in the release now
|
||
- disable introspection
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 11 21:23:49 CEST 2009 - kay.sievers@novell.com
|
||
|
||
- add upstream patches:
|
||
polkit-close-stdfds.patch
|
||
polkit-no-man-spawn.patch
|
||
polkit-proc-stat-parse-fix.patch
|
||
- drop rpmlint patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 6 17:36:16 CEST 2009 - meissner@suse.de
|
||
|
||
- check for the right binary in verify_permisisons
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 30 17:32:41 CEST 2009 - coolo@novell.com
|
||
|
||
- disable suid bit for now to get software build on top
|
||
- split out libraries to follow shared library policy
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 21 03:20:55 CEST 2009 - kay.sievers@novell.com
|
||
|
||
- update to version 0.93
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 19 15:31:44 CEST 2009 - kay.sievers@novell.com
|
||
|
||
- initial import of polkit 0.92
|
||
|