Debian Bug report logs - #510645
ConsoleKit.conf needs alterations for new D-Bus

version graph

Package: consolekit; Maintainer for consolekit is Robert Millan <rmh@debian.org>; Source for consolekit is src:consolekit.

Reported by: Simon McVittie <smcv@debian.org>

Date: Sun, 4 Jan 2009 01:42:01 UTC

Severity: serious

Tags: patch

Merged with 510790

Found in version consolekit/0.2.10-3

Fixed in version consolekit/0.2.10-4

Done: Michael Biebl <biebl@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://bugs.freedesktop.org/show_bug.cgi?id=19020

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#510645; Package consolekit. (Sun, 04 Jan 2009 01:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
New Bug report received and forwarded. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. (Sun, 04 Jan 2009 01:42:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ConsoleKit.conf needs alterations for new D-Bus
Date: Sun, 4 Jan 2009 01:36:25 +0000
[Message part 1 (text/plain, inline)]
Package: consolekit
Version: 0.2.10-3
Severity: normal
User: pkg-utopia-maintainers@lists.alioth.debian.org
Usertags: CVE-2008-4311

ConsoleKit's D-Bus system.d config should be updated to fix
non-deterministic denials for no-interface messages (related to
CVE-2008-4311). However, it does not appear to be a blocker for fixing
CVE-2008-4311, so I'm setting normal severity.

http://bugs.freedesktop.org/show_bug.cgi?id=19020 contains a patch from
Colin Walters which seems to be appropriate.

Regards from the Cambridge BSP,
    Simon
[signature.asc (application/pgp-signature, inline)]

Severity set to `serious' from `normal' Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Sun, 04 Jan 2009 22:36:02 GMT) Full text and rfc822 format available.

Merged 510645 510790. Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Sun, 04 Jan 2009 22:36:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#510645; Package consolekit. (Tue, 06 Jan 2009 03:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. (Tue, 06 Jan 2009 03:21:04 GMT) Full text and rfc822 format available.

Message #14 received at 510645@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: 510645@bugs.debian.org
Subject: Patch for ConsoleKit
Date: Tue, 6 Jan 2009 03:15:52 +0000
[Message part 1 (text/plain, inline)]
tags 510645 + patch pending
forwarded 510645 http://bugs.freedesktop.org/show_bug.cgi?id=19020
forwarded 510646 http://bugs.freedesktop.org/show_bug.cgi?id=18948
thanks

As with PolicyKit, the Red Hat patch seems fine, I've adapted it to our
version of CK and committed it to pkg-utopia svn, and I've done some trivial
testing (thanks to sjoerd for getting me started!), but I don't really know
how ConsoleKit works and how to do a reasonable smoke-test, so I'd rather
someone who knew what they were doing did the upload.

    Simon
[signature.asc (application/pgp-signature, inline)]

Tags added: patch, pending Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Tue, 06 Jan 2009 03:21:05 GMT) Full text and rfc822 format available.

Noted your statement that Bug has been forwarded to http://bugs.freedesktop.org/show_bug.cgi?id=19020. Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Tue, 06 Jan 2009 03:21:07 GMT) Full text and rfc822 format available.

Reply sent to Michael Biebl <biebl@debian.org>:
You have taken responsibility. (Wed, 07 Jan 2009 17:39:07 GMT) Full text and rfc822 format available.

Notification sent to Simon McVittie <smcv@debian.org>:
Bug acknowledged by developer. (Wed, 07 Jan 2009 17:39:07 GMT) Full text and rfc822 format available.

Message #23 received at 510645-close@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: 510645-close@bugs.debian.org
Subject: Bug#510645: fixed in consolekit 0.2.10-4
Date: Wed, 07 Jan 2009 17:17:04 +0000
Source: consolekit
Source-Version: 0.2.10-4

We believe that the bug you reported is fixed in the latest version of
consolekit, which is due to be installed in the Debian FTP archive:

consolekit_0.2.10-4.diff.gz
  to pool/main/c/consolekit/consolekit_0.2.10-4.diff.gz
consolekit_0.2.10-4.dsc
  to pool/main/c/consolekit/consolekit_0.2.10-4.dsc
consolekit_0.2.10-4_i386.deb
  to pool/main/c/consolekit/consolekit_0.2.10-4_i386.deb
libck-connector-dev_0.2.10-4_i386.deb
  to pool/main/c/consolekit/libck-connector-dev_0.2.10-4_i386.deb
libck-connector0_0.2.10-4_i386.deb
  to pool/main/c/consolekit/libck-connector0_0.2.10-4_i386.deb
libpam-ck-connector_0.2.10-4_i386.deb
  to pool/main/c/consolekit/libpam-ck-connector_0.2.10-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 510645@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated consolekit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 07 Jan 2009 17:58:29 +0100
Source: consolekit
Binary: consolekit libck-connector0 libck-connector-dev libpam-ck-connector
Architecture: source i386
Version: 0.2.10-4
Distribution: unstable
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description: 
 consolekit - framework for defining and tracking users, sessions and seats
 libck-connector-dev - ConsoleKit development files
 libck-connector0 - ConsoleKit libraries
 libpam-ck-connector - ConsoleKit PAM module
Closes: 510645
Changes: 
 consolekit (0.2.10-4) unstable; urgency=high
 .
   [ Michael Biebl ]
   * debian/watch
     - Check for both .gz and .bz2 tarballs.
   * debian/control
     - Add ${misc:Depends} to libck-connector-dev.
 .
   [ Simon McVittie ]
   * debian/patches/05-dbus_policy.patch: patch from
     Colin Walters so ConsoleKit introspection and SetIdleHint still work
     after CVE-2008-4311 is fixed in dbus-daemon. (Closes: #510645)
   * Urgency high for bugfix that blocks CVE-2008-4311 upload.
Checksums-Sha1: 
 4aa3a2dbe9aad0a44ccdefd96a95267a0b84f268 1484 consolekit_0.2.10-4.dsc
 7c13eac72dd8ef77040b3ed89eeff1a693cd777e 8289 consolekit_0.2.10-4.diff.gz
 5690439056920269ac00b41385d3904f8a60a525 125918 consolekit_0.2.10-4_i386.deb
 eb516e12e8bd27277987c40627f4cab7b41627fb 41316 libck-connector0_0.2.10-4_i386.deb
 f064152dacf266fbccfe43019ec7e296cd175208 48806 libck-connector-dev_0.2.10-4_i386.deb
 c29c94ad7935aefc03d6ab78360945a7841ce2c0 41548 libpam-ck-connector_0.2.10-4_i386.deb
Checksums-Sha256: 
 73e85ff04035a1903abfa9dba63fc5766be80c5efca336d255b78eb9f87cf2f3 1484 consolekit_0.2.10-4.dsc
 b8ca2684bd9492db13cf9529341e5a902e843ccb0dc40d1084d44934cc395d91 8289 consolekit_0.2.10-4.diff.gz
 44a60907af4d42395c2d84a6cb6c19030c2f297d931a68445236d37997831aca 125918 consolekit_0.2.10-4_i386.deb
 cd9589457fb3a94c4d0b0e67ea17cfb5eeaaeb8dde0dbb1955a4a4372d8233d4 41316 libck-connector0_0.2.10-4_i386.deb
 ae40a859d874970824284a014c45e3977a5b30ca5b8486b247eef659447c667d 48806 libck-connector-dev_0.2.10-4_i386.deb
 66211e750da1f39b995976d9e1862b5bea0083e7fb3ed2bb1873eab95fa7a074 41548 libpam-ck-connector_0.2.10-4_i386.deb
Files: 
 2c707cd7fa62665d89ff380bccbe73b1 1484 admin optional consolekit_0.2.10-4.dsc
 c4e6f80c35b541f035440290b5285da2 8289 admin optional consolekit_0.2.10-4.diff.gz
 2089768bd86726359222952142c924a8 125918 admin optional consolekit_0.2.10-4_i386.deb
 2c08386d0244d9f9343b1b50de094756 41316 libs optional libck-connector0_0.2.10-4_i386.deb
 f6d977d10e9dd909a6e52d4fefcd8ded 48806 libdevel optional libck-connector-dev_0.2.10-4_i386.deb
 b81505b7a924d63cc19c0f13135ba6ae 41548 admin optional libpam-ck-connector_0.2.10-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklk39kACgkQh7PER70FhVTMlQCgi2tThL0HFn/VP5FV7CPxANFp
jXIAoIC+yo96jQbzod3pJtQH9NppfUCp
=kpSF
-----END PGP SIGNATURE-----





Reply sent to Michael Biebl <biebl@debian.org>:
You have taken responsibility. (Wed, 07 Jan 2009 17:39:08 GMT) Full text and rfc822 format available.

Notification sent to Simon McVittie <smcv@debian.org>:
Bug acknowledged by developer. (Wed, 07 Jan 2009 17:39:08 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 06 Feb 2009 07:27:01 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:47:14 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.