-------------- polkit 0.106 -------------- WARNING WARNING WARNING: This is a prerelease on the road to polkit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. This is polkit 0.106. There's a major change in this release which is a switch from .pkla files (keyfile-format) to .rules files (JavaScript), see http://davidz25.blogspot.com/2012/06/authorization-rules-in-polkit.html for more information. Build requirements glib, gobject, gio >= 2.30 mozjs185 gobject-introspection >= 0.6.2 (optional) pam (optional) ConsoleKit OR systemd Changes since polkit 0.105: Colin Walters (3): build: Check for mozjs185, not libjs autogen.sh: Fix check for libtool (we only need libtoolize) agenthelper-pam: Fix newline-trimming code David Zeuthen (65): Post-release version bump to 0.106 Add experimental authority backend using JavaScript rule files Include seat and session in Subject object Pass details to JS functions and simplify how Subject instances are constructed Clean up code a bit Add a couple of more error checks Collect garbage Emit ::Changed signal after reloading rules Reformat init.js and also avoid quoting non-string properties in toString() Make it possible for JS code to change details Add polkit.spawn() to spawn external programs Make polkit.spawn() take an array of arguments instead of a command-line Don't include command-line in spawning error messages docs: add AUTHORIZATION RULES section to the polkit(8) man page Also add an example of polkit.spawn() to polkit(8) man page docs: clarify how rules files work Also load rules from /usr/share/polkit/rules.d Use addRule() and addAdminRule() docs: emphasize that registered functions may actually never be called Add test cases for evaluation order Test that subject.isInGroup() works Add netgroup support Minor doc fixes Mention unix-netgroup:xyz as a valid return value in addAdminRule() functions Add test-cases and 10 second timeout for polkit.spawn() Create rules.d directories Update docs docs: enclose local <citerefentry> in <link> to make links work docs: update SEE ALSO to make each man page point to all other man pages Clarify docs a bit polkitd: add reference to polkit(8) from its man page Fix speling Fix a couple typos in the docs Mention details["polkit.message"] and add an example using details Use <variablelist> instead of <informaltable> for Subject attributes Make polkit_details_insert() remove the key if passed value is NULL Add real-world example featuring udisks2 and the drive.* variables it passes Rename --enable-systemd to --enable-libsystemd-login Fix distcheck Add a systemd .service file Nuke polkitbackend library, localauthority backend and extension system Mention systemd(1) in the polkitd(8) man page Store private binaries in /usr/lib/polkit-1 instead of /usr/libexec Add default rules Pass expanded identity list to the AuthenticationSession Use "rules", not "scripts" to refer to files in rules.d Terminate runaway scripts Use a condition variable to signal that runaway killer thread is ready Combine action and details parameters Clarify pkexec(1) variables Use g_unix_signal_add() from GLib 2.30 Move polkitd into src/polkitbackend Ensure polkitd is rebuilt if libpolkit-backend-1.la changes Remove unused DBUS_GLIB_* and GIO_* variables Run polkitd as an unprivileged user Log when the name org.fd.PolicyKit1 has been acquired Rewrite the "Writing polkit applications" chapter Update links to udisks docs Update pkexec(1) man page with example Small updates to the "Writing polkit applications" chapter State that authorization rules must not rely on SpiderMonkey features Make it work when using ConsoleKit instead of libsystemd-login Mention the implications of returning *_keep in an authorization rule docs: add a "make sure your app works when there's no polkitd(8)" note Update NEWS for release Thanks to our contributors. David Zeuthen, June 7, 2012 -------------- polkit 0.105 -------------- This is polkit 0.105 WARNING WARNING WARNING: This is a prerelease on the road to polkit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.28 gobject-introspection >= 0.6.2 (optional) pam (optional) ConsoleKit OR systemd Changes since polkit 0.104: David Zeuthen (11): Post-release version bump PolkitUnixSession: Set error if we cannot find a session for the given pid PolkitUnixSession: Actually return TRUE if a session exists PolkitAgentSession: Don't leak file descriptors Add pkttyagent(1) helper Make it possible to influence agent registration with an a{sv} parameter Fix type in docs Mention pkttyagent(1) in "Writing PolicyKit applications" chapter Update the docs to use 'polkit' (instead of 'PolicyKit') as the name Add Makefile rules for signing and publishing releases and docs Update NEWS for release Ryan Lortie (1): Various builddir != srcdir fixes Thanks to our contributors. David Zeuthen, April 24, 2012 -------------- PolicyKit 0.104 -------------- This is PolicyKit 0.104 WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.28 gobject-introspection >= 0.6.2 (optional) pam (optional) ConsoleKit OR systemd Changes since PolicyKit 0.103: David Zeuthen (3): Post-release version bump to 0.104 Detect whether systemd is available and default to use if so Update NEWS for release Matthias Clasen (1): Add optional systemd support Nikki VonHollen (2): Bug 43608 – Add unit tests Bug 43610 - Add netgroup support Thanks to our contributors. David Zeuthen, January 3, 2012 -------------- PolicyKit 0.103 -------------- This is PolicyKit 0.103 WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.28 gobject-introspection >= 0.6.2 (optional) pam (optional) IMPORTANT: As of release 0.103, the default Authority backend now defaults to allowing members of the 'wheel' group to authenticate as an administator since this is common usage in popular Linux distributions. Distributors can change this by patching the 50-localauthority.conf file in /etc/polkit-1/localauthority.conf.d as needed. Changes since PolicyKit 0.102: Alan Near (1): Mistype in DBus object: PoliycKit1 -> PolicyKit1 David Zeuthen (7): Post-release version bump to 0.103 Add support for the org.freedesktop.policykit.imply annotation Add --no-debug option and use this for D-Bus activation Bug 41025 – Add org.freedesktop.policykit.owner annotation Default to AdminIdentities=unix-group:wheel for local authority Update NEWS for release Fix typo Thanks to our contributors. David Zeuthen, December 6, 2011 -------------- PolicyKit 0.102 -------------- This is PolicyKit 0.102 WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.28 gobject-introspection >= 0.6.2 (optional) pam (optional) Changes since PolicyKit 0.101: Benjamin Otte (1): introspection: Add --c-include to the gir files David Zeuthen (7): Post-release version bump to 0.102 Don't show diagnostic messages intended for the administrator to the end u PolkitUnixProcess: Clarify that the real uid is returned, not the effectiv Make PolkitUnixProcess also record the uid of the process Use polkit_unix_process_get_uid() to get the owner of a process pkexec: Avoid TOCTTOU problems with parent process Update NEWS for release Evan Nemerson (1): Specify exported pkg-config files in GIRs Marc Deslauriers (1): Fix multi-line pam prompt handling Martin Pitt (3): Ignore .po/ for intltool Fix backend crash if a .policy file does not specify <message> Bug 38769 — pkexec: Support running X11 apps Thanks to our contributors. David Zeuthen, August 1, 2011 -------------- PolicyKit 0.101 -------------- This is PolicyKit 0.101 WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.28 gobject-introspection >= 0.6.2 (optional) pam (optional) Changes since PolicyKit 0.100: Adrian Bunk (1): Bug 27253 – Use GOBJECT_INTROSPECTION_CHECK from gobject-introspection David Zeuthen (16): Post-release version bump to 0.101 Bug 30653 – No way to detect cancellation in pkexec Bug 27081 – pkexec fails to build on non glibc systems Bug 30438 – PolicyKit fails to build on AIX Bug 32334 – Always set polkit.retains_authorization_after_challenge Fix a memory leak Be more specific about what info we want when enumerating files Make pkcheck(1) report if the authentication dialog was dismissed pkcheck: Make it possible to list and revoke temporary authorizations Be a bit more careful parsing the command-line Bug 29712 – Use monotonic for temporary authorizations Allow overriding message shown in authentication dialog Deprecated PolkitBackendActionLookup Fix a couple of warnings triggered by gcc 4.6 Build examples by default and fix compiler warnings Update NEWS for release Michael Biebl (1): Bug 29871 – Fix build failures with binutils-gold Thanks to our contributors. David Zeuthen, March 3, 2011 -------------- PolicyKit 0.100 -------------- This is PolicyKit 0.100 WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.25.12 gobject-introspection >= 0.6.2 (optional) pam (optional) Changes since PolicyKit 0.99: David Zeuthen (12): Post-release version bump to 0.100 Add missing GObject Introspection annotations Build gir/typelib for PolkitAgent-1.0 Fix-up PolkitAgentSession to use GObject properties Improve error reporting for authentication sessions Add some debug info that can be shown with the env var POLKIT_DEBUG Fix up debug and timeouts in agent helper Always pass non-zero value to g_once_init_leave() Add a note about POLKIT_DEBUG Pass caller and subject pid to authentication agent Update NEWS for release Fix 'make distcheck' Thanks to our contributors. David Zeuthen, February 21, 2011 -------------- PolicyKit 0.99 -------------- This is PolicyKit 0.99 WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.25.12 gobject-introspection >= 0.6.2 (optional) pam (optional) Changes since PolicyKit 0.98: Colin Walters (3): Remove duplicate definitions of enumeration types Fix (correct) GCC warning about possibly-uninitialized variable Fix another GCC uninitialized variable warning David Zeuthen (2): Post-release version bump to 0.99 Update NEWS for release Vincent Untz (1): Bug 29816 – Install polkitagentenumtypes.h Thanks to our contributors. David Zeuthen, September 15, 2010 -------------- PolicyKit 0.98 -------------- This is PolicyKit 0.98. WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.25.12 gobject-introspection >= 0.6.2 (optional) pam (optional) Changes since PolicyKit 0.97: David Zeuthen (11): Post-release version bump to 0.98 Require GLib 2.25.12 Fix scanning of unix-process subjects Add textual authentication agent and use it in pkexec(1) Fix ConsoleKit interaction bug pkexec: add --disable-internal-agent option pkcheck: add --enable-internal-agent option Fix wording in pkexec(1) man page Various doc cleanups Fix dist-check Update NEWS for release Thanks to our contributors. David Zeuthen, August 20, 2010 -------------- PolicyKit 0.97 -------------- This is PolicyKit 0.97. WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. The main change since the previous version is a port from eggdbus to GLib's new D-Bus implementation. Other changes includes various bug fixes and support for shadow authentication. Support for the AddLockdown() and RemoveLockdown() methods has been removed. You will need an updated version of PolicyKit-gnome to go with this release. Build requirements glib, gobject, gio >= 2.25.11 gobject-introspection >= 0.6.2 (optional) pam (optional) Changes since PolicyKit 0.96: Andrew Psaltis (1): Add shadow support Dan Rosenberg (1): Bug 26982 – pkexec information disclosure vulnerability David Zeuthen (23): Post-release version bump to 0.97 Port core bits to gdbus Port CK class to gdbus Port PolkitBackendInteractiveAuthority to gdbus Port PolkitAgent to gdbus Add generated docbook D-Bus API docs to git Nuke eggdbus usage Make polkitd accept --replace and gracefully handle SIGINT Implement polkit_temporary_authorization_new_for_gvariant() Remove Lock Down functionality Make NameOwnerChanged a private impl detail of the interactive authority Update README Merge remote branch 'origin/gdbus' Add a GPermission implementation PolkitAuthority: Implement failable initialization PolkitAuthority: Add g_return_if_fail() checks Add g_return_if_fail() to all public API entry points Use polkit_authority_get_sync() instead of deprecated polkit_authority_get PolkitBackend: Don't export unneeded convenience API Update GI annotations Don't dist org.freedesktop.ConsoleKit.xml; It's dead, Jim Properly reference headers Update NEWS for release Petr Mrázek (1): Bug 29051 – Configuration reload on every query Thanks to our contributors. David Zeuthen, August 9, 2010 -------------- PolicyKit 0.96 -------------- This is PolicyKit 0.96. This is supposed to be the last release until 1.0. WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.21.4 eggdbus-1 >= 0.6 gobject-introspection >= 0.6.2 (optional) pam Changes since PolicyKit 0.95: David Zeuthen (15): Bug 25367 — Also read local authority configuration data from /etc Fix logic error in pk-example-frobnicate Run the open_session part of the PAM stack in pkexec(1) Fix up last comment Bug 25594 – System logging Remove trailing whitespace from log messages Properly handle return value from getpwnam_r() Fix error message when no authentication agent is available Make pkexec(1) validate environment variables Make pkexec(1) use the syslogging facilities Save original cwd in pkexec(1) since it will change during the life-time Complain on stderr, not stdout Post-release version bump to 0.96 Don't log authorization checks Update NEWS for release David Zeuthen, January 15, 2010 -------------- PolicyKit 0.95 -------------- This is PolicyKit 0.95. This is supposed to be the last release until 1.0. WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.21.4 eggdbus-1 >= 0.6 gobject-introspection >= 0.6.2 (optional) pam Changes since PolicyKit 0.94: Alexander Sack (1): Bug 24566 – Properly _ref authority in singleton constructor Andreas Sandberg (1): Bug 24235 – polkit-agent-helper may call pam_end with a stale pam handle Bastien Nocera (1): Fix process start time when using polkit_unix_process_new_full() David Zeuthen (20): Post-release version bump to 0.95 Use correct program name when complaining about not being setuid root Sort by action id in pkaction(1) output Bug 23867 – UnixProcess vs. SystemBusName aliasing Implement lockdown for the Local Authority implementation Remove POLKIT_USER from configuration summary Add missing comma so we're save both LANG and LANGUAGE, not only LANGLANGUAGE Pass --libtool to g-ir-scanner Clarify comment on where to find process start-time on Linux Add properties with information about the currently used authority Clarify when AllowUserInteraction should and shouldn't be used Add methods AddLockdownForAction() and RemoveLockdownForAction() Port lockdown from pklalockdown(1) to D-Bus methods Drop ununsed policykit actions Remove TODO about symbol visibility as this has been fixed for a while Clarify pklocalauthority(8) man page Properly validate all arguments passed via D-Bus Add Python example Fix make distcheck Update NEWS for release Matthias Clasen (1): Bug 24640 – Typos in pklocalauthority(8) Michael Biebl (8): Trim the list of exported symbols Use _polkit_agent_marshal prefix Make private symbols accessible to libpolkitagent and libpolkitbackend Make examples optional Enable silent rules Remove POLKIT_USER option Don't include Polkit-1.0.gir in the dist tarball Bug 24176 – Current git master fails to build, GLIB_LDADD -> GLIB_LIBS Samuel Thibault (1): Bug 24495 – Fails to build on platforms without PATH_MAX (like hurd) David Zeuthen, November 13, 2009 -------------- PolicyKit 0.94 -------------- This is PolicyKit 0.94. WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.21.4 eggdbus-1 >= 0.5 gobject-introspection >= 0.6.2 (optional) pam Changes since PolicyKit 0.93: David Zeuthen (13): Post-release version bump to 0.94 Require correct versions of glib and eggdbus Ignore .pkla files starting with dot and don't segfault on error path Allow unprivileged callers to check authorizations Don't spawn man(1) from a setuid program Add polkit.retains_authorization_after_challenge to authz result Ensure all fds except stdin/stdout/stderr are closed after exec(2) Be more careful when determining process start time Pass the right struct offset for the ::changed class signal handler Don't set the GError if the process doesn't exist Remove temporary authorization when the subject it applies to vanishes Generate GI gir and typelibs for libpolkit-gobject-1 Update NEWS for release Joe Marcus Clarke (1): Bug 23093 – FreeBSD portability fixes David Zeuthen, August 12, 2009 -------------- PolicyKit 0.93 -------------- This is PolicyKit 0.93. WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.21.4 eggdbus-1 >= 0.5 pam Changes since PolicyKit 0.92: David Zeuthen (16): Post-release version bump to 0.93 GIO modules need to be prefix with lib Cancel an authentication if the unique name for the subject vanishes Plug a couple of memory leaks Move local authority management to a separate library Rip out polkit-local and refactor local authority to only use tmp authz Move authentication agent bits to separate authority subclass Also pass the identity of the subject we are checking for Actually make the local authority look up authorization files In .pkla files, use Result{Any,Inactive,Active} instead of just Result Rename some man pages and the daemon binary Add docs detailing how the Local Authority works Add support for querying and revoking temporary authorizations Fix make distcheck Update TODO Update NEWS for release Yanko Kaneti (2): Use unique ids for sections to prevent them being autogenerated More unique ids to get the docs build fully predictable David Zeuthen, July 20th, 2009 -------------- PolicyKit 0.92 -------------- This is PolicyKit 0.92. WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. Build requirements glib, gobject, gio >= 2.14 eggdbus-1 >= 0.4 pam Changes since PolicyKit 0.91: David Zeuthen (36): post-release version bump to 0.92 install gtkdoc HTML in the proper location Fix D-Bus policy to work with non-permissive D-Bus Only allow privileged apps to check authz and add ActionLookup interface Change the PolkitAuthorizationResult enumeration into an object Port examples and command-line tools to new API Move docs to proper location Add a pkexec(1) command Mention /usr/bin/pkexec in the configure blurb Fix a bug where details were not shown for normal pkexec usage Use an object, not a GHashTable when passing details around Forgot to add source for PolkitDetails Change the defaults for .run-frobnicate to auth_self_keep Require eggdbus-1 >= 0.4 Only free hash table if it's not NULL Avoid returning an error if no authentication agent is available Clarify docs for is_challenge member of the AuthorizationResult struct Add pkcheck(1) command to check for authorizations nullbackend: Catch up with latest API changes Return the icon name instead of a GIcon in PolkitActionDescription Add pkaction(1) and nuke polkit-1(1) commands Update SEE ALSO sections in man pages Add a man page for polkit-1(8) First cut at some high-level docs Improve pkexec(1) man page by adding screenshots of authentication dialogs Add some more API docs Add a "PolicyKit Overview" section to the docs Consolidate all gtk-doc stuff in docs/polkit Expand on the D-Bus docs Use .../extensions instead of ../backends for loading extensions Minor doc fixes Move the doc chapters around a bit Change GNOME to freedesktop.org in the docs Fix make distcheck Update NEWS Also dist polkitd-1.xml Richard Hughes (2): fix up gtk-doc API markup for a couple of functions add a draft version of the porting guide -- WIP David Zeuthen, June 8, 2009