diff -Nru policykit-1-0.105/debian/changelog policykit-1-0.105/debian/changelog
--- policykit-1-0.105/debian/changelog	2014-11-28 12:07:50.000000000 +0300
+++ policykit-1-0.105/debian/changelog	2014-12-05 11:35:29.000000000 +0300
@@ -1,3 +1,13 @@
+policykit-1 (0.105-8.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * 09_pam_environment.patch: refreshed for the next patch to apply
+    cleanly (keep the coding style as well).
+  * 10_xdg_runtime_dir.patch: new patch. Work around systemd injecting
+    broken XDG_RUNTIME_DIR.
+
+ -- Vlad Orlov <monsta@inbox.ru>  Fri, 05 Dec 2014 11:33:10 +0300
+
 policykit-1 (0.105-8) unstable; urgency=medium
 
   * Rebuild against libsystemd0. This drops the last remaining dependency to
diff -Nru policykit-1-0.105/debian/patches/09_pam_environment.patch policykit-1-0.105/debian/patches/09_pam_environment.patch
--- policykit-1-0.105/debian/patches/09_pam_environment.patch	2014-11-28 12:07:50.000000000 +0300
+++ policykit-1-0.105/debian/patches/09_pam_environment.patch	2014-12-05 11:18:20.000000000 +0300
@@ -4,11 +4,11 @@
  set in the environment of the pam session.  pkexec needs to process the
  output of pam_getenvlist() to get these.
 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684
-Index: trunk/src/programs/pkexec.c
+Index: policykit-1-0.105/src/programs/pkexec.c
 ===================================================================
---- trunk.orig/src/programs/pkexec.c
-+++ trunk/src/programs/pkexec.c
-@@ -145,6 +145,7 @@
+--- policykit-1-0.105.orig/src/programs/pkexec.c
++++ policykit-1-0.105/src/programs/pkexec.c
+@@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth)
    gboolean ret;
    gint rc;
    pam_handle_t *pam_h;
@@ -16,17 +16,18 @@
    struct pam_conv conversation;
  
    ret = FALSE;
-@@ -176,6 +177,14 @@
+@@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth)
  
    ret = TRUE;
  
 +  envlist = pam_getenvlist (pam_h);
-+  if (envlist != NULL) {
-+    int i;
-+    for (i = 0; envlist[i]; i++)
-+      putenv(envlist[i]);
-+    free (envlist);
-+  }
++  if (envlist != NULL)
++    {
++      guint n;
++      for (n = 0; envlist[n]; n++)
++        putenv (envlist[n]);
++      free (envlist);
++    }
 +
  out:
    if (pam_h != NULL)
diff -Nru policykit-1-0.105/debian/patches/10_xdg_runtime_dir.patch policykit-1-0.105/debian/patches/10_xdg_runtime_dir.patch
--- policykit-1-0.105/debian/patches/10_xdg_runtime_dir.patch	1970-01-01 03:00:00.000000000 +0300
+++ policykit-1-0.105/debian/patches/10_xdg_runtime_dir.patch	2014-12-05 11:32:23.000000000 +0300
@@ -0,0 +1,75 @@
+From 8635ffc16aeff6a07d675f861fe0dea03ea81d7e Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Thu, 21 Nov 2013 17:39:37 -0500
+Subject: [PATCH] pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR
+
+This workaround isn't too much code, and it's often better to fix bugs
+in two places anyways.
+
+For more information:
+
+See https://bugzilla.redhat.com/show_bug.cgi?id=753882
+See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html
+---
+ src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++---
+ 1 file changed, 30 insertions(+), 3 deletions(-)
+
+Index: policykit-1-0.105/src/programs/pkexec.c
+===================================================================
+--- policykit-1-0.105.orig/src/programs/pkexec.c
++++ policykit-1-0.105/src/programs/pkexec.c
+@@ -139,8 +139,22 @@ pam_conversation_function (int n,
+   return PAM_CONV_ERR;
+ }
+ 
++/* A work around for:
++ * https://bugzilla.redhat.com/show_bug.cgi?id=753882
++ */
+ static gboolean
+-open_session (const gchar *user_to_auth)
++xdg_runtime_dir_is_owned_by (const char *path,
++			     uid_t       target_uid)
++{
++  struct stat stbuf;
++
++  return stat (path, &stbuf) == 0 &&
++    stbuf.st_uid == target_uid;
++}
++
++static gboolean
++open_session (const gchar *user_to_auth,
++	      uid_t        target_uid)
+ {
+   gboolean ret;
+   gint rc;
+@@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth)
+     {
+       guint n;
+       for (n = 0; envlist[n]; n++)
+-        putenv (envlist[n]);
++        {
++          const char *envitem = envlist[n];
++
++          if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR="))
++            {
++              const char *eq = strchr (envitem, '=');
++              g_assert (eq);
++              if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid))
++                continue;
++            }
++
++          putenv (envlist[n]);
++        }
+       free (envlist);
+     }
+ 
+@@ -892,7 +918,8 @@ main (int argc, char *argv[])
+    * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
+    */
+ #ifdef POLKIT_AUTHFW_PAM
+-  if (!open_session (pw->pw_name))
++  if (!open_session (pw->pw_name,
++		     pw->pw_uid))
+     {
+       goto out;
+     }
diff -Nru policykit-1-0.105/debian/patches/series policykit-1-0.105/debian/patches/series
--- policykit-1-0.105/debian/patches/series	2014-11-28 12:07:50.000000000 +0300
+++ policykit-1-0.105/debian/patches/series	2014-12-05 11:19:28.000000000 +0300
@@ -8,3 +8,4 @@
 08_deprecate_racy_APIs.patch
 cve-2013-4288.patch
 09_pam_environment.patch
+10_xdg_runtime_dir.patch