Change logs for click source package in Trusty

click (0.4.21.1ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: fix privilege escalation via crafted data.tar.gz that
    can be used to install alternate security policy than what is defined
    - click/install.py: Forbid installing packages with data tarball members
      whose names do not start with "./". Based on patch from Colin Watson.
    - CVE-2015-XXXX
    - LP: #1506467

 -- Jamie Strandboge <email address hidden>  Thu, 15 Oct 2015 10:05:35 -0500

click (0.4.21.1) trusty; urgency=medium

  [ Colin Watson ]
  * When a hook command fails, include the command in the error message.
  * Don't allow failure of a single hook to prevent other hooks being run.
  * Log hook failures to stderr and exit non-zero, rather than propagating
    an exception which is then logged as a click crash.

click (0.4.21) trusty; urgency=medium

  * Add *_as_string variants of manifest methods, for clients that already
    have their own JSON parsing libraries and don't want to use JSON-GLib.
  * Write to stderr and exit non-zero when chrooted commands fail, rather
    than propagating an exception which is then logged as a click crash
    (LP: #1298457).
  * Make the get_manifests family of functions log errors about individual
    manifests to stderr rather than crashing (LP: #1297519).
  * Don't run user hooks until dbus has started; the content-hub hook needs
    to modify gsettings.
  * Don't rely on PyGObject supporting default None arguments; this was only
    added in 3.11.1.
 -- Ubuntu daily release <email address hidden>   Tue, 08 Apr 2014 09:41:55 +0000

click (0.4.20) trusty; urgency=medium

  [ Colin Watson ]
  * Create system hook symlinks for all installed packages, not just current
    versions.  This avoids missing AppArmor profiles when there are
    unregistered user-installed versions of packages lying around.
 -- Ubuntu daily release <email address hidden>   Mon, 24 Mar 2014 16:16:37 +0000

click (0.4.19) trusty; urgency=medium

  [ Colin Watson ]
  * Set Click.User.ensure_db visibility back to private, since it's no
    longer used by Click.Hook.  (The C ABI is unaffected.)
  * Add brief documentation on Click's multiple-database scheme, based on my
    recent mail to ubuntu-phone.
  * Fix a few potential GLib critical messages from the PackageKit plugin.
  * Make libclick-0.4-dev depend on libjson-glib-dev for
    <json-glib/json-glib.h>.
  * Add Requires.private to click-0.4.pc, so that programs built against
    libclick pick up the proper CFLAGS including glib and json-glib.
  * chroot: Allow creating 14.04 chroots.
  * Include _directory and _removable dynamic manifest keys in "click info"
    output (LP: #1293788).
  * Document -f and -s options to "click chroot" in click(1).
  * chroot: Fix code to make /finish.sh executable.
  * chroot: Make /usr/sbin/policy-rc.d executable in the chroot, as
    otherwise it has no effect.
  * chroot: Run apt-get dist-upgrade on the chroot before trying to install
    the basic build tool set.  Fixes chroot creation for saucy.

  [ Benjamin Zeller ]
  * Take pkexec env vars into account when creating a chroot.

  [ Dimitri John Ledkov ]
  * Add session management to click chroot.
 -- Ubuntu daily release <email address hidden>   Tue, 18 Mar 2014 14:27:53 +0000

click (0.4.18.3) trusty; urgency=medium

  [ Colin Watson ]
  * Take a slightly different approach to fixing "click hook run-user": only
    try to update user registration symlinks if they already exist in the
    overlay database.

click (0.4.18.2) trusty; urgency=medium

  * Make "click hook run-user" ensure that the user registration directory
    exists before dropping privileges and trying to create symlinks in it
    (LP: #1291192).
 -- Ubuntu daily release <email address hidden>   Wed, 12 Mar 2014 12:02:47 +0000

click (0.4.18.1) trusty; urgency=medium

  [ Colin Watson ]
  * If a user attempts to install a version of a package that is already
    installed in an underlay database, then just register the appropriate
    version for them rather than unpacking another copy.
  * Make "click hook run-system" and "click hook run-user" consistently use
    the bottom-most unpacked copy of a given version of a package, and
    update hook symlinks and user registration symlinks if necessary.

click (0.4.18) trusty; urgency=medium

  * Give gir1.2-click-0.4 an exact-versioned dependency on libclick-0.4-0.
  * Use is_symlink helper method in a few more places.
  * Add a similar is_dir helper method.
  * Ignore extraneous non-directories when walking a database root in
    Click.DB.get_packages and Click.DB.gc.
  * Make the PackageKit plugin tolerate the "_removable" dynamic manifest
    key being changed to a boolean in the future.
  * Document that users of "_removable" should tolerate it being a boolean.
  * Use libclick when removing packages, listing packages, or searching
    packages via the PackageKit plugin.
  * Add libclick interfaces to get package manifests, both individually
    (LP: #1287692) and for all installed packages (LP: #1287693).
  * Override description-starts-with-package-name Lintian error for click;
    this is describing the system as a whole rather than naming the package.
  * Add libclick interfaces to get the list of frameworks supported by the
    current system (LP: #1271633) and various properties of those frameworks
    (LP: #1287694).
 -- Ubuntu daily release <email address hidden>   Tue, 11 Mar 2014 17:22:10 +0000

click (0.4.17.2) trusty; urgency=medium

  [ Colin Watson ]
  * Fix Click.User construction in "click pkgdir".

click (0.4.17.1) trusty; urgency=medium

  * gobject-introspection-1.0.pc is in libgirepository1.0-dev, not
    gobject-introspection.  Fix Build-Depends.
  * Build-depend and depend on gir1.2-glib-2.0 and python3-gi.
  * Map gboolean to ctypes.c_int, not ctypes.c_bool.  gboolean and gint are
    the same as far as glib is concerned, and ctypes does strange things
    with its bool type in callbacks.

click (0.4.17) trusty; urgency=medium

  * Use full path to click in Upstart jobs to save a $PATH lookup.
  * Add systemd units to run Click system and user hooks at the appropriate
    times.  We probably won't be using these for a while, but it does no
    harm to add them.
  * Move an initial core of functionality (database, hooks, osextras, query,
    user) from Python into a new "libclick" library, allowing
    performance-critical clients to avoid the cost of starting a new Python
    interpreter (LP: #1282311).
 -- Ubuntu daily release <email address hidden>   Thu, 06 Mar 2014 16:38:35 +0000

click (0.4.16) trusty; urgency=medium

  [ Colin Watson ]
  * hooks: Fix expansion of "$$" in hook patterns to conform to the
    documented behaviour of expanding to the single character "$".
  * Move version detection out of configure.ac into a separate get-version
    script, since intltool-update has trouble with the previous approach.
  * Stop using unittest2 if available; the relevant improvements were
    integrated into the standard library's unittest in Python 2.7, and we no
    longer support 2.6.
  * user: When setting the registered version of a package to the version in
    an underlay database (e.g. a preinstalled version vs. one in the
    user-installed area), remove the overlay link rather than setting a new
    one equal to the underlay; this was always the intended behaviour but
    didn't work that way due to a typo.
  * Add Python 3.4 to list of tested versions.
  * Call setup.py from the top-level Makefile.am rather than from
    debian/rules, to make the build system a bit more unified.
  * Drop AM_GNU_GETTEXT and call intltoolize before autoreconf in
    autogen.sh; this fixes a bug whereby "make" after "./configure" always
    immediately needed to run aclocal.
  * Build-depend on python3-pep8 so that test_pep8_clean doesn't need to be
    skipped when running under Python 3.  This can safely be removed for
    backports to precise.
  * Simplify click -> python3-click dependency given that both are
    Architecture: any.
  * Tighten packagekit-plugin-click -> click dependency to require a
    matching version.
  * Use dh_install --fail-missing to avoid future mistakes.
  * Sync up substvar use with what debhelper actually generates for us: add
    ${misc:Pre-Depends} to click and packagekit-plugin-click, and remove
    ${python3:Depends} from click-dev.
  * Reset SIGPIPE handling from Python's default of raising an exception to
    the Unix default of terminating the process (LP: #1285790).
 -- Ubuntu daily release <email address hidden>   Tue, 04 Mar 2014 15:23:45 +0000

click (0.4.15) trusty; urgency=medium

  [ Stéphane Graber ]
  * Set X-Auto-Uploader to no-rewrite-version
  * Set Vcs-Bzr to the new target branch
 -- Ubuntu daily release <email address hidden>   Thu, 30 Jan 2014 16:12:17 +0000

click (0.4.14) trusty; urgency=low

  [ Colin Watson ]
  * chroot: Print help if no subcommand given (LP: #1260669).
  * chroot: Recommend debootstrap from click-dev, and explicitly check for
    it in "click chroot create" (LP: #1260487).
  * chroot: Check for root in "create" and "destroy" (LP: #1260671).
  * hooks: Add a ${short-id} expansion to hook patterns; this is valid only
    in user-level or single-version hooks, and expands to a new "short
    application ID" without the version (LP: #1251635).
  * hooks: Strip any trailing slashes from the end of patterns, as they
    cause confusion with symlink-to-directory semantics and can never be
    useful (LP: #1253855).
  * install: Extend the interpretation of "framework" a little bit to allow
    a Click package to declare that it requires multiple frameworks.  This
    will allow splitting up the SDK framework declarations into more
    fine-grained elements.
  * Policy version 3.9.5: no changes required.
  * build: Enforce only a single framework declaration for now, by request.

  [ Zoltan Balogh ]
  * Add qtmultimedia5-dev to the SDK framework list.

  [ Dimitri John Ledkov ]
  * chroot: Add "cmake" to build_pkgs, as it is expected for cmake to be
    available on any (Ubuntu) framework.
 -- Colin Watson <email address hidden>   Thu, 23 Jan 2014 17:30:54 +0000

click (0.4.13) trusty; urgency=low

  [ Robert Bruce Park ]
  * Ignore click packages when building click packages.

  [ Colin Watson ]
  * If "click build" or "click buildsource" is given a directory as the
    value of its -m/--manifest option, interpret that as indicating the
    "manifest.json" file in that directory (LP: #1251604).
  * Ensure correct permissions on /opt/click.ubuntu.com at boot, since a
    system image update may have changed clickpkg's UID/GID (LP: #1259253).
 -- Colin Watson <email address hidden>   Tue, 10 Dec 2013 14:33:42 +0000

click (0.4.12) trusty; urgency=low

  [ Colin Watson ]
  * Adjust top-level "click help" entry for "install" to point to pkcon.
  * Fix hook installation tests to test Unicode manifests properly.
  * Read version and date from debian/changelog when building documentation.
  * Declare click-dev Multi-Arch: foreign (LP: #1238796).
  * Build-depend on python3:any/python3-all:any rather than
    python3/python3-all.

  [ Brian Murray, Colin Watson ]
  * Add chroot management support.
 -- Colin Watson <email address hidden>   Thu, 21 Nov 2013 14:46:16 +0000

click (0.4.11) saucy; urgency=low

  * Drop --force-missing-framework from PackageKit plugin now that
    /usr/share/click/frameworks/ubuntu-sdk-13.10.framework is in
    ubuntu-sdk-libs.
  * Show a neater error message when a package's framework is not installed
    (LP: #1236671).
  * Show a neater error message when building a package whose manifest file
    cannot be parsed (LP: #1236669).
  * Show a neater error message when running "click install" with
    insufficient privileges (LP: #1236673).
 -- Colin Watson <email address hidden>   Fri, 11 Oct 2013 12:07:06 +0100