- 23 Feb, 2020 1 commit
-
-
Robert Ancell authored
The local authority was removed in 0f830c76 (May 2012) as it was deemed unnecessary as the jsbackend could perform any functionality that was previously done using the localbackend. However, for security reasons Debian and Ubuntu did not determine the JS backend safe enough to ship by default, and thus have remained on polkit version 105 ever since (though collecting cherry-picked patches from the following releases). By re-instating the local authority both Debian and Ubuntu are able to update to track the latest version of polkit. The JS backend remains by default and the local backend is only compiled and used if configured with --disable-javascript. While supporting two backends does come at an increased cost in this case it seems reasonable low as the code in this change required almost no modification to re-introduce.
-
- 21 Feb, 2020 2 commits
-
-
Just compiles and installs polkit
- 27 Jan, 2020 4 commits
-
-
Jan Rybar authored
Restoring terminal setting erases unread input See merge request polkit/polkit!40
-
Jan Rybar authored
-
Jan Rybar authored
Freeing uninitialized memory See merge request polkit/polkit!44
-
Jan Rybar authored
-
- 08 Oct, 2019 2 commits
-
-
Jan Rybar authored
jsauthority: Fix two minor memory leaks See merge request polkit/polkit!42
-
Jan Rybar authored
-
- 07 Oct, 2019 3 commits
-
-
Jan Rybar authored
Merge branch 'libreajans/polkit-patch-1' See merge request polkit/polkit!41
-
Jan Rybar authored
-
Jan Rybar authored
Update Swedish translation See merge request polkit/polkit!39
-
- 14 Sep, 2019 1 commit
-
-
Anders Jonsson authored
-
- 01 Aug, 2019 2 commits
-
-
Jan Rybar authored
pkttyagent: process stopped by SIGTTOU if run in background job See merge request polkit/polkit!34
-
Jan Rybar authored
-
- 19 May, 2019 2 commits
-
-
Ray Strode authored
Update Danish translation (da.po) See merge request polkit/polkit!23
-
scootergrisen authored
-
- 26 Apr, 2019 2 commits
-
-
Jan Rybar authored
Release 0.116 release notes See merge request polkit/polkit!32
-
Jan Rybar authored
-
- 25 Apr, 2019 2 commits
-
-
Jan Rybar authored
README update reflecting transition to Gitlab See merge request polkit/polkit!31
-
Jan Rybar authored
-
- 02 Apr, 2019 2 commits
-
-
Jan Rybar authored
Js encode string to utf8 See merge request polkit/polkit!29
-
Jan Rybar authored
When strings handled by the jsbackendauthority contain non-ASCII, the code will fail. For example, on a system having a user with a non-ASCII name, the following message will appear when a USB stick is plugged in. mar 04 21:47:31 mimmi polkitd[17163]: Error evaluating authorization rules The user will not be allowed to do the mount. The problem is that strings were variously encoded back to C strings with JS_EncodeString and JS_EncodeStringToUTF8. According to the documentation (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/JSAPI_reference/JS_EncodeString#Description) the former will simply drop the high byte from each character. If that happens to a username, it will no longer be found as a valid user name on the system. Explicitly encoding to UTF-8 will at least work in UTF-8 locales, which is the increasingly dominant encoding.
-
- 26 Mar, 2019 2 commits
-
-
Jan Rybar authored
Code polish and removal of unused var reported by lint See merge request polkit/polkit!27
-
Jan Rybar authored
-
- 15 Mar, 2019 2 commits
-
-
Jan Rybar authored
pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM See merge request polkit/polkit!24
-
Jan Rybar authored
If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there.
-
- 14 Mar, 2019 1 commit
-
-
Ray Strode authored
Port JavaScript authority to mozjs-60 See merge request polkit/polkit!4
-
- 12 Mar, 2019 2 commits
-
-
API changes in mozjs that need to be reflected in the JS authority: - the JS::CompileOptions constructor and the JS::CompartmentOptions do not allow setting a JS version any more - do not use NULL comparisons for C++ objects - the resize() method for a vector has a return value that needs to be handled - JSClassOps has different fields
-
This is the new ESR version of the Mozilla JS engine, superceding mozjs-52.
-
- 05 Feb, 2019 2 commits
-
-
Jan Rybar authored
Allow uid of -1 for a PolkitUnixProcess See merge request polkit/polkit!17
-
Commit 2cb40c4d changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1).
-
- 08 Jan, 2019 2 commits
-
-
Colin Walters authored
backend: Compare PolkitUnixProcess uids for temporary authorizations Closes #75 See merge request !19
-
Colin Walters authored
It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by:
Jann Horn <jannh@google.com> Closes: #75
-
- 06 Dec, 2018 1 commit
-
-
Jan Rybar authored
High uid fixup CVE-2018-19788 Closes #74 See merge request polkit/polkit!14
-
- 04 Dec, 2018 2 commits
-
-
Zbigniew Jędrzejewski-Szmek authored
-
Zbigniew Jędrzejewski-Szmek authored
(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes #74.
-
- 03 Dec, 2018 1 commit
-
-
Ray Strode authored
configure.ac: fix detection of systemd with cgroups v2 See merge request polkit/polkit!13
-
- 02 Dec, 2018 1 commit
-
-
Zbigniew Jędrzejewski-Szmek authored
sys/fs/cgroup/systemd/ does not exist on modern systems.
-
- 30 Nov, 2018 1 commit
-
-
Ray Strode authored
polkitbackend: Fix some minor typos in an internal comment See merge request polkit/polkit!12
-