[Touch-packages] [Bug 1972654] Re: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable
The new version is in mantic now ** Changed in: policykit-1 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1972654 Title: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable Status in policykit-1 package in Ubuntu: Fix Released Bug description: Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable for Ubuntu 23.04 Changelog entries since current kinetic version 0.105-33: https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog In particular, see the 0.120-4 changelog entry. I am filing a bug for Security Team review. Previously, Debian and Ubuntu developers agreed to keep using the last version of policykit before it switched to using JavaScript rules. But that was years ago. I believe Debian & Ubuntu are the only distros to have opted out of the new policykit. It is harder to maintain the old style rules when upstream rules use the new format. And it is a challenge to backport security and other bugfixes from the new series, without making mistakes or missing important details. There was a proposal to use duktape instead of mozjs for the JavaScript interpreter but I don't think that's been merged yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972654] Re: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable
@Simon, yes, I've been working on it in mantic. The new version is in proposed atm. I ported our Ubuntu specifics rules some days ago, https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.22. The remaining blocker at this point is that currently duktape has no autopkgtest which is a requirement for the MIR (lp: #1997417). Upstream have tests but they are not included in the tarball. We started by looking at adding those but then hit an issue than the tests matching the current release rely on python2 which isn't available in the archive. The tests have been ported to python3 upstream so we are looking at including a newer version of those now. It doesn't help that the upstream project doesn't seem active at this point (no commit since Novembre, no reply to https://github.com/svaarala/duktape/issues/2536 asking for a new release) Anyway, those details aside I think it's fine for Ubuntu if you go ahead and start remove pkla files in Debian, thanks for letting us know! ** Bug watch added: github.com/svaarala/duktape/issues #2536 https://github.com/svaarala/duktape/issues/2536 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1972654 Title: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable Status in policykit-1 package in Ubuntu: Fix Committed Bug description: Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable for Ubuntu 23.04 Changelog entries since current kinetic version 0.105-33: https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog In particular, see the 0.120-4 changelog entry. I am filing a bug for Security Team review. Previously, Debian and Ubuntu developers agreed to keep using the last version of policykit before it switched to using JavaScript rules. But that was years ago. I believe Debian & Ubuntu are the only distros to have opted out of the new policykit. It is harder to maintain the old style rules when upstream rules use the new format. And it is a challenge to backport security and other bugfixes from the new series, without making mistakes or missing important details. There was a proposal to use duktape instead of mozjs for the JavaScript interpreter but I don't think that's been merged yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972654] Re: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable
** Changed in: policykit-1 (Ubuntu) Importance: Medium => High ** Changed in: policykit-1 (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => Sebastien Bacher (seb128) ** Changed in: policykit-1 (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1972654 Title: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable Status in policykit-1 package in Ubuntu: Fix Committed Bug description: Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable for Ubuntu 23.04 Changelog entries since current kinetic version 0.105-33: https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog In particular, see the 0.120-4 changelog entry. I am filing a bug for Security Team review. Previously, Debian and Ubuntu developers agreed to keep using the last version of policykit before it switched to using JavaScript rules. But that was years ago. I believe Debian & Ubuntu are the only distros to have opted out of the new policykit. It is harder to maintain the old style rules when upstream rules use the new format. And it is a challenge to backport security and other bugfixes from the new series, without making mistakes or missing important details. There was a proposal to use duktape instead of mozjs for the JavaScript interpreter but I don't think that's been merged yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972654] Re: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable
Is this going to happen in 23.10? It seems to have been stalled in -proposed since May. After the imminent Debian 12 release (which includes polkit 122), I intend to start removing legacy polkit 0.105 support, with my goal being polkitd-pkla no longer existing in Debian 13, and packages no longer shipping legacy polkitd-pkla configuration in /var/lib. If Ubuntu still needs this after that point, then you'll have to patch it back in where necessary. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1972654 Title: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable Status in policykit-1 package in Ubuntu: Confirmed Bug description: Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable for Ubuntu 23.04 Changelog entries since current kinetic version 0.105-33: https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog In particular, see the 0.120-4 changelog entry. I am filing a bug for Security Team review. Previously, Debian and Ubuntu developers agreed to keep using the last version of policykit before it switched to using JavaScript rules. But that was years ago. I believe Debian & Ubuntu are the only distros to have opted out of the new policykit. It is harder to maintain the old style rules when upstream rules use the new format. And it is a challenge to backport security and other bugfixes from the new series, without making mistakes or missing important details. There was a proposal to use duktape instead of mozjs for the JavaScript interpreter but I don't think that's been merged yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972654] Re: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable
Update of the policykit-desktop-privileges rules up for review now as https://code.launchpad.net/~seb128/ubuntu/+source/policykit-desktop- privileges/+git/policykit-desktop-privileges/+merge/443877 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1972654 Title: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable Status in policykit-1 package in Ubuntu: Confirmed Bug description: Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable for Ubuntu 23.04 Changelog entries since current kinetic version 0.105-33: https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog In particular, see the 0.120-4 changelog entry. I am filing a bug for Security Team review. Previously, Debian and Ubuntu developers agreed to keep using the last version of policykit before it switched to using JavaScript rules. But that was years ago. I believe Debian & Ubuntu are the only distros to have opted out of the new policykit. It is harder to maintain the old style rules when upstream rules use the new format. And it is a challenge to backport security and other bugfixes from the new series, without making mistakes or missing important details. There was a proposal to use duktape instead of mozjs for the JavaScript interpreter but I don't think that's been merged yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972654] Re: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable
** Tags removed: block-proposed kinetic ** Tags added: mantic update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1972654 Title: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable Status in policykit-1 package in Ubuntu: Confirmed Bug description: Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable for Ubuntu 23.04 Changelog entries since current kinetic version 0.105-33: https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog In particular, see the 0.120-4 changelog entry. I am filing a bug for Security Team review. Previously, Debian and Ubuntu developers agreed to keep using the last version of policykit before it switched to using JavaScript rules. But that was years ago. I believe Debian & Ubuntu are the only distros to have opted out of the new policykit. It is harder to maintain the old style rules when upstream rules use the new format. And it is a challenge to backport security and other bugfixes from the new series, without making mistakes or missing important details. There was a proposal to use duktape instead of mozjs for the JavaScript interpreter but I don't think that's been merged yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972654] Re: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable
ACK from the security team to sync from unstable. Please make sure the policy overrides in policykit-desktop-privileges still work or are converted to their equivalent JS before doing so. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1972654 Title: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable Status in policykit-1 package in Ubuntu: Confirmed Bug description: Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable for Ubuntu 23.04 Changelog entries since current kinetic version 0.105-33: https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog In particular, see the 0.120-4 changelog entry. I am filing a bug for Security Team review. Previously, Debian and Ubuntu developers agreed to keep using the last version of policykit before it switched to using JavaScript rules. But that was years ago. I believe Debian & Ubuntu are the only distros to have opted out of the new policykit. It is harder to maintain the old style rules when upstream rules use the new format. And it is a challenge to backport security and other bugfixes from the new series, without making mistakes or missing important details. There was a proposal to use duktape instead of mozjs for the JavaScript interpreter but I don't think that's been merged yet. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp