Please merge policykit 0.8-1 (main) from Debian unstable (main)

Hi,

Attached is the debdiff to the package that is in Debian.

I'm not sure where the doc/* changes came from, and I'm
not sure that they are needed.

It appears that we need to rebuild system-tools-backends
against this new version, which I will request once this upload
has been done.

Thanks,

James

Martin: can you please take a look at it?

The doc/ changes are not needed, they are regenerated on build, and the build system is too dumb to properly clean them up again. This blows up the diff a lot, but don't worry, I'll filterdiff it to sanity.

I fixed the patch to *actually* disable 02_ptrace.patch (by renaming it to .disabled) and uploaded. Thanks!

This bug was fixed in the package policykit - 0.8-1ubuntu1

---------------
policykit (0.8-1ubuntu1) intrepid; urgency=low

  * Merge from debian unstable (LP: #232227), remaining changes:
    - debian/patches/ubuntu-admin-group.patch: Change PolicyKit.conf to use
      'admin' as administrator group, instead of the 'root' user. Also
      grant all permissions to root, since root is not in the admin group and
      is already almighty anyway. This unbreaks running tools like g-s-t as
      root.
    - debian/policykit.init: Create /var/run/PolicyKit if it does not exist.
      This happens if /var/run is on a tmpfs. Install it in debian/rules.
    - Add Breaks: policykit (<< 0.7) to libpolkit2.
    - debian/policykit.postinst: Drop the dpkg-statoverride and chown
      operations for /var/run/PolicyKit. /var/run is a tmpfs and thus
      volatile, stat overrides do not make sense on it, and it's the init
      script's job to properly set up the directory.
  * Disable debian/patches/02_noptrace.patch for now, since it prevents us
    from collecting crash reports for gnome-panel and other PK-using
    applications. This will be re-enabled again just before the intrepid
    release.
  * Drop debian/patches/03_readdir_filetype_unknown.patch as it is
    now fixed upstream.
  * Drop debian/patches/10_format-string-security.patch as it is now
    fixed upstream.
  * debian/policykit.postinst: change the permissions applied to some
    files to match what is now required upstream:
    - /var/lib/PolicyKit - Now owned by polkituser:polkituser and mode 770
    - /var/lib/PolicyKit-public - Now owned by polkituser and mode 755
    - /var/lib/misc/PolicyKit.reload - Now owned by polkituser and mode 755
    - /usr/lib/policykit/polkit-set-default-helper - Now owned by polkituser
      and mode 4755.
    - /usr/lib/policykit/polkit-resolve-exe-helper - Now in group polkituser
      and mode 4755

policykit (0.8-1) unstable; urgency=medium

  * New upstream release.
    - SECURITY - CVE-2008-1658:
      Fixes format string vulnerability in the grant helper. (Closes: #476615)
  * debian/control
    - Add Build-Depends on pkg-config.

 -- James Westby <email address hidden> Tue, 13 May 2008 10:29:24 +0100