Debian Bug report logs - #510646
system.d/...PolicyKit.conf needs alterations for new D-Bus

version graph

Package: policykit; Maintainer for policykit is (unknown);

Reported by: Simon McVittie <smcv@debian.org>

Date: Sun, 4 Jan 2009 01:48:01 UTC

Severity: serious

Tags: patch

Found in versions policykit/0.9-1, policykit/0.8-2

Fixed in version 0.9-2

Done: Michael Biebl <biebl@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://bugs.freedesktop.org/show_bug.cgi?id=18948

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#510646; Package policykit. (Sun, 04 Jan 2009 01:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
New Bug report received and forwarded. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. (Sun, 04 Jan 2009 01:48:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: system.d/...PolicyKit.conf needs alterations for new D-Bus
Date: Sun, 4 Jan 2009 01:43:03 +0000
[Message part 1 (text/plain, inline)]
Package: policykit
Version: 0.9-1
Severity: serious
Justification: blocker for #503532 (CVE-2008-4311)
Tags: patch
User: pkg-utopia-maintainers@lists.alioth.debian.org
Usertags: CVE-2008-4311

PolicyKit installs a D-Bus system policy file which doesn't allow
any methods to be called. Method calls used to be allowed by
a dbus-daemon bug, but with the dbus-daemon changes targeted for lenny,
they will be denied.

http://bugs.freedesktop.org/show_bug.cgi?id=18948 is the upstream bug
and https://bugs.freedesktop.org/attachment.cgi?id=20901 is a patch from
Tomas Hoger, reviewed and applied by David Zeuthen.

Regards from the Cambridge BSP,
    Simon
[signature.asc (application/pgp-signature, inline)]

Blocking bugs of 503532 added: 510646 Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Sun, 04 Jan 2009 13:39:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#510646; Package policykit. (Tue, 06 Jan 2009 01:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. (Tue, 06 Jan 2009 01:57:03 GMT) Full text and rfc822 format available.

Message #12 received at 510646@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: 510646@bugs.debian.org
Subject: Patch committed to svn
Date: Tue, 6 Jan 2009 01:54:37 +0000
[Message part 1 (text/plain, inline)]
tags 510646 + pending
thanks

The patch seems fine (it allows D-Bus access) and I've committed it to
pkg-utopia svn. I'm not really aware of how to test normal operation
of policykit, though, so I'd rather not do the upload myself...

(Apparently libvirt-bin can be configured to use polkit, but I couldn't
get this to work myself, and that's the only thing in lenny that
actually uses it.)

    Simon
[signature.asc (application/pgp-signature, inline)]

Tags added: pending Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Tue, 06 Jan 2009 02:48:02 GMT) Full text and rfc822 format available.

Noted your statement that Bug has been forwarded to http://bugs.freedesktop.org/show_bug.cgi?id=18948. Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Tue, 06 Jan 2009 03:21:08 GMT) Full text and rfc822 format available.

Reply sent to Michael Biebl <biebl@debian.org>:
You have taken responsibility. (Wed, 07 Jan 2009 17:39:09 GMT) Full text and rfc822 format available.

Notification sent to Simon McVittie <smcv@debian.org>:
Bug acknowledged by developer. (Wed, 07 Jan 2009 17:39:09 GMT) Full text and rfc822 format available.

Message #21 received at 510646-close@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: 510646-close@bugs.debian.org
Subject: Bug#510646: fixed in policykit 0.9-2
Date: Wed, 07 Jan 2009 17:32:04 +0000
Source: policykit
Source-Version: 0.9-2

We believe that the bug you reported is fixed in the latest version of
policykit, which is due to be installed in the Debian FTP archive:

libpolkit-dbus-dev_0.9-2_i386.deb
  to pool/main/p/policykit/libpolkit-dbus-dev_0.9-2_i386.deb
libpolkit-dbus2_0.9-2_i386.deb
  to pool/main/p/policykit/libpolkit-dbus2_0.9-2_i386.deb
libpolkit-dev_0.9-2_i386.deb
  to pool/main/p/policykit/libpolkit-dev_0.9-2_i386.deb
libpolkit-grant-dev_0.9-2_i386.deb
  to pool/main/p/policykit/libpolkit-grant-dev_0.9-2_i386.deb
libpolkit-grant2_0.9-2_i386.deb
  to pool/main/p/policykit/libpolkit-grant2_0.9-2_i386.deb
libpolkit2_0.9-2_i386.deb
  to pool/main/p/policykit/libpolkit2_0.9-2_i386.deb
policykit-doc_0.9-2_all.deb
  to pool/main/p/policykit/policykit-doc_0.9-2_all.deb
policykit_0.9-2.diff.gz
  to pool/main/p/policykit/policykit_0.9-2.diff.gz
policykit_0.9-2.dsc
  to pool/main/p/policykit/policykit_0.9-2.dsc
policykit_0.9-2_i386.deb
  to pool/main/p/policykit/policykit_0.9-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 510646@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated policykit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 07 Jan 2009 18:18:56 +0100
Source: policykit
Binary: policykit policykit-doc libpolkit2 libpolkit-dev libpolkit-dbus2 libpolkit-dbus-dev libpolkit-grant2 libpolkit-grant-dev
Architecture: source all i386
Version: 0.9-2
Distribution: unstable
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description: 
 libpolkit-dbus-dev - library for accessing PolicyKit via D-Bus - development files
 libpolkit-dbus2 - library for accessing PolicyKit via D-Bus
 libpolkit-dev - library for accessing PolicyKit - development files
 libpolkit-grant-dev - library for obtaining privileges via PolicyKit - development file
 libpolkit-grant2 - library for obtaining privileges via PolicyKit
 libpolkit2 - library for accessing PolicyKit
 policykit  - framework for managing administrative policies and privileges
 policykit-doc - documentation for PolicyKit
Closes: 510646
Changes: 
 policykit (0.9-2) unstable; urgency=high
 .
   [ Simon McVittie ]
   * Add patch committed in Fedora (although not upstream) by the upstream
     maintainer, to allow PolicyKit to be used when CVE-2008-4311 has
     been fixed in dbus-daemon. (Closes: #510646)
 .
   [ Michael Biebl ]
   * debian/control
     - Add ${misc:Depends} to all binary packages.
Checksums-Sha1: 
 f6bd6b8f2afb76d7414e89d9d5e5861342b7fc0e 1581 policykit_0.9-2.dsc
 d9c726f41986f36c48107aa52de76b407e0787e7 6351 policykit_0.9-2.diff.gz
 45a08ddc29e01fe06d1d9a3980a3a14552a0cc71 363032 policykit-doc_0.9-2_all.deb
 debf606cd40096f78c9394cc7ff21dd61b4198b3 130302 policykit_0.9-2_i386.deb
 5a705def4e2ebb3631da0b5b3f3c51f87f644dfb 104570 libpolkit2_0.9-2_i386.deb
 0058a55001e00240eb45a966465cf3a72c0fb8f4 122242 libpolkit-dev_0.9-2_i386.deb
 c18752cc79734612285b6a0a0ada853f23800ae2 86206 libpolkit-dbus2_0.9-2_i386.deb
 a8a89a2a5194c5a12a15dfcbfc2d48f69ff55dba 90406 libpolkit-dbus-dev_0.9-2_i386.deb
 010b1529fe349a6898e9bc8b2713aa9facf741a8 82842 libpolkit-grant2_0.9-2_i386.deb
 276a67fdc03dc4fe9750effa7dd7de1c37b544d1 89384 libpolkit-grant-dev_0.9-2_i386.deb
Checksums-Sha256: 
 76d0c4882c8ee965717b6ca64a11b950b6c86332b78e651bae0ac84915939c7b 1581 policykit_0.9-2.dsc
 560ae6c5ccae4dd6c40fb780bb767ba6b92f9102fc28707bba6b0ce369361474 6351 policykit_0.9-2.diff.gz
 eae27bad6273d680191f0fcc7a99136c48d8b4615780d48ce134f5c51d21333a 363032 policykit-doc_0.9-2_all.deb
 6482ae768489238633af1bac0f3a49027cc58d0acfe60deadbe1a63cd06cd144 130302 policykit_0.9-2_i386.deb
 be06f35bd342fa07b319570ac8ad46e3e5a9e91eec72131d9b48c21e5a11e91b 104570 libpolkit2_0.9-2_i386.deb
 83f464c993120cb472c507f78fa3fda6e3ac55d2b2d0e447243a166f25a3357c 122242 libpolkit-dev_0.9-2_i386.deb
 c3e2b6f330826d7c41c57aca55ab6a94da56589f0430b44369f4999f2a47cbe1 86206 libpolkit-dbus2_0.9-2_i386.deb
 e7f743be1ca77f3b274c723d21bf4b3ee05f3df8bbdd84c161d07792342e4d74 90406 libpolkit-dbus-dev_0.9-2_i386.deb
 f782d166dc67ba727d0ce4b978bac1836bad020cca267788c5dba0b91771215f 82842 libpolkit-grant2_0.9-2_i386.deb
 3d12129db2ba0d5b9b16bf50fe7ce9e7ffabe3bde260ed770da07bdc87bc0575 89384 libpolkit-grant-dev_0.9-2_i386.deb
Files: 
 f2fe97ecf5e84fecbec7fe6beac1c10c 1581 admin optional policykit_0.9-2.dsc
 080b2b11618121bd16eabe122f837972 6351 admin optional policykit_0.9-2.diff.gz
 ba971fa1c2bab720e1d968cd84f46e63 363032 doc optional policykit-doc_0.9-2_all.deb
 8c4ed73ce06b6247b3e4810858c9c1e8 130302 admin optional policykit_0.9-2_i386.deb
 d00409ae20b3e45086fa52188722d1a0 104570 libs optional libpolkit2_0.9-2_i386.deb
 07e6221c1467c6881f9cddf56cd30d8f 122242 libdevel optional libpolkit-dev_0.9-2_i386.deb
 12a32c5170e38c7912b8025ff406546e 86206 libs optional libpolkit-dbus2_0.9-2_i386.deb
 e68557cdd1005eede8aa99c8193418a2 90406 libdevel optional libpolkit-dbus-dev_0.9-2_i386.deb
 07ee101ae5a993329abc6674595d99ad 82842 libs optional libpolkit-grant2_0.9-2_i386.deb
 39a1030f852cdaf8a3f12223e0a585a3 89384 libdevel optional libpolkit-grant-dev_0.9-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklk5eMACgkQh7PER70FhVSx+ACeMiJurIwdrJ7PT9frq6aTS2++
wdcAoJI48nISjxivemESBbhtHhwFt7KC
=Iyh7
-----END PGP SIGNATURE-----





Bug marked as found in version 0.8-2. Request was from Simon McVittie <smcv@debian.org> to control@bugs.debian.org. (Thu, 08 Jan 2009 18:30:04 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 07 Feb 2009 07:28:16 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 23:46:08 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.