Debian Bug report logs -
#510646
system.d/...PolicyKit.conf needs alterations for new D-Bus
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#510646; Package policykit.
(Sun, 04 Jan 2009 01:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Simon McVittie <smcv@debian.org>:
New Bug report received and forwarded. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(Sun, 04 Jan 2009 01:48:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: policykit
Version: 0.9-1
Severity: serious
Justification: blocker for #503532 (CVE-2008-4311)
Tags: patch
User: pkg-utopia-maintainers@lists.alioth.debian.org
Usertags: CVE-2008-4311
PolicyKit installs a D-Bus system policy file which doesn't allow
any methods to be called. Method calls used to be allowed by
a dbus-daemon bug, but with the dbus-daemon changes targeted for lenny,
they will be denied.
http://bugs.freedesktop.org/show_bug.cgi?id=18948 is the upstream bug
and https://bugs.freedesktop.org/attachment.cgi?id=20901 is a patch from
Tomas Hoger, reviewed and applied by David Zeuthen.
Regards from the Cambridge BSP,
Simon
[signature.asc (application/pgp-signature, inline)]
Blocking bugs of 503532 added: 510646
Request was from Simon McVittie <smcv@debian.org>
to control@bugs.debian.org.
(Sun, 04 Jan 2009 13:39:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#510646; Package policykit.
(Tue, 06 Jan 2009 01:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Simon McVittie <smcv@debian.org>:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(Tue, 06 Jan 2009 01:57:03 GMT) (full text, mbox, link).
Message #12 received at 510646@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 510646 + pending
thanks
The patch seems fine (it allows D-Bus access) and I've committed it to
pkg-utopia svn. I'm not really aware of how to test normal operation
of policykit, though, so I'd rather not do the upload myself...
(Apparently libvirt-bin can be configured to use polkit, but I couldn't
get this to work myself, and that's the only thing in lenny that
actually uses it.)
Simon
[signature.asc (application/pgp-signature, inline)]
Tags added: pending
Request was from Simon McVittie <smcv@debian.org>
to control@bugs.debian.org.
(Tue, 06 Jan 2009 02:48:02 GMT) (full text, mbox, link).
Reply sent
to Michael Biebl <biebl@debian.org>:
You have taken responsibility.
(Wed, 07 Jan 2009 17:39:09 GMT) (full text, mbox, link).
Notification sent
to Simon McVittie <smcv@debian.org>:
Bug acknowledged by developer.
(Wed, 07 Jan 2009 17:39:09 GMT) (full text, mbox, link).
Message #21 received at 510646-close@bugs.debian.org (full text, mbox, reply):
Source: policykit
Source-Version: 0.9-2
We believe that the bug you reported is fixed in the latest version of
policykit, which is due to be installed in the Debian FTP archive:
libpolkit-dbus-dev_0.9-2_i386.deb
to pool/main/p/policykit/libpolkit-dbus-dev_0.9-2_i386.deb
libpolkit-dbus2_0.9-2_i386.deb
to pool/main/p/policykit/libpolkit-dbus2_0.9-2_i386.deb
libpolkit-dev_0.9-2_i386.deb
to pool/main/p/policykit/libpolkit-dev_0.9-2_i386.deb
libpolkit-grant-dev_0.9-2_i386.deb
to pool/main/p/policykit/libpolkit-grant-dev_0.9-2_i386.deb
libpolkit-grant2_0.9-2_i386.deb
to pool/main/p/policykit/libpolkit-grant2_0.9-2_i386.deb
libpolkit2_0.9-2_i386.deb
to pool/main/p/policykit/libpolkit2_0.9-2_i386.deb
policykit-doc_0.9-2_all.deb
to pool/main/p/policykit/policykit-doc_0.9-2_all.deb
policykit_0.9-2.diff.gz
to pool/main/p/policykit/policykit_0.9-2.diff.gz
policykit_0.9-2.dsc
to pool/main/p/policykit/policykit_0.9-2.dsc
policykit_0.9-2_i386.deb
to pool/main/p/policykit/policykit_0.9-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510646@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated policykit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 07 Jan 2009 18:18:56 +0100
Source: policykit
Binary: policykit policykit-doc libpolkit2 libpolkit-dev libpolkit-dbus2 libpolkit-dbus-dev libpolkit-grant2 libpolkit-grant-dev
Architecture: source all i386
Version: 0.9-2
Distribution: unstable
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
libpolkit-dbus-dev - library for accessing PolicyKit via D-Bus - development files
libpolkit-dbus2 - library for accessing PolicyKit via D-Bus
libpolkit-dev - library for accessing PolicyKit - development files
libpolkit-grant-dev - library for obtaining privileges via PolicyKit - development file
libpolkit-grant2 - library for obtaining privileges via PolicyKit
libpolkit2 - library for accessing PolicyKit
policykit - framework for managing administrative policies and privileges
policykit-doc - documentation for PolicyKit
Closes: 510646
Changes:
policykit (0.9-2) unstable; urgency=high
.
[ Simon McVittie ]
* Add patch committed in Fedora (although not upstream) by the upstream
maintainer, to allow PolicyKit to be used when CVE-2008-4311 has
been fixed in dbus-daemon. (Closes: #510646)
.
[ Michael Biebl ]
* debian/control
- Add ${misc:Depends} to all binary packages.
Checksums-Sha1:
f6bd6b8f2afb76d7414e89d9d5e5861342b7fc0e 1581 policykit_0.9-2.dsc
d9c726f41986f36c48107aa52de76b407e0787e7 6351 policykit_0.9-2.diff.gz
45a08ddc29e01fe06d1d9a3980a3a14552a0cc71 363032 policykit-doc_0.9-2_all.deb
debf606cd40096f78c9394cc7ff21dd61b4198b3 130302 policykit_0.9-2_i386.deb
5a705def4e2ebb3631da0b5b3f3c51f87f644dfb 104570 libpolkit2_0.9-2_i386.deb
0058a55001e00240eb45a966465cf3a72c0fb8f4 122242 libpolkit-dev_0.9-2_i386.deb
c18752cc79734612285b6a0a0ada853f23800ae2 86206 libpolkit-dbus2_0.9-2_i386.deb
a8a89a2a5194c5a12a15dfcbfc2d48f69ff55dba 90406 libpolkit-dbus-dev_0.9-2_i386.deb
010b1529fe349a6898e9bc8b2713aa9facf741a8 82842 libpolkit-grant2_0.9-2_i386.deb
276a67fdc03dc4fe9750effa7dd7de1c37b544d1 89384 libpolkit-grant-dev_0.9-2_i386.deb
Checksums-Sha256:
76d0c4882c8ee965717b6ca64a11b950b6c86332b78e651bae0ac84915939c7b 1581 policykit_0.9-2.dsc
560ae6c5ccae4dd6c40fb780bb767ba6b92f9102fc28707bba6b0ce369361474 6351 policykit_0.9-2.diff.gz
eae27bad6273d680191f0fcc7a99136c48d8b4615780d48ce134f5c51d21333a 363032 policykit-doc_0.9-2_all.deb
6482ae768489238633af1bac0f3a49027cc58d0acfe60deadbe1a63cd06cd144 130302 policykit_0.9-2_i386.deb
be06f35bd342fa07b319570ac8ad46e3e5a9e91eec72131d9b48c21e5a11e91b 104570 libpolkit2_0.9-2_i386.deb
83f464c993120cb472c507f78fa3fda6e3ac55d2b2d0e447243a166f25a3357c 122242 libpolkit-dev_0.9-2_i386.deb
c3e2b6f330826d7c41c57aca55ab6a94da56589f0430b44369f4999f2a47cbe1 86206 libpolkit-dbus2_0.9-2_i386.deb
e7f743be1ca77f3b274c723d21bf4b3ee05f3df8bbdd84c161d07792342e4d74 90406 libpolkit-dbus-dev_0.9-2_i386.deb
f782d166dc67ba727d0ce4b978bac1836bad020cca267788c5dba0b91771215f 82842 libpolkit-grant2_0.9-2_i386.deb
3d12129db2ba0d5b9b16bf50fe7ce9e7ffabe3bde260ed770da07bdc87bc0575 89384 libpolkit-grant-dev_0.9-2_i386.deb
Files:
f2fe97ecf5e84fecbec7fe6beac1c10c 1581 admin optional policykit_0.9-2.dsc
080b2b11618121bd16eabe122f837972 6351 admin optional policykit_0.9-2.diff.gz
ba971fa1c2bab720e1d968cd84f46e63 363032 doc optional policykit-doc_0.9-2_all.deb
8c4ed73ce06b6247b3e4810858c9c1e8 130302 admin optional policykit_0.9-2_i386.deb
d00409ae20b3e45086fa52188722d1a0 104570 libs optional libpolkit2_0.9-2_i386.deb
07e6221c1467c6881f9cddf56cd30d8f 122242 libdevel optional libpolkit-dev_0.9-2_i386.deb
12a32c5170e38c7912b8025ff406546e 86206 libs optional libpolkit-dbus2_0.9-2_i386.deb
e68557cdd1005eede8aa99c8193418a2 90406 libdevel optional libpolkit-dbus-dev_0.9-2_i386.deb
07ee101ae5a993329abc6674595d99ad 82842 libs optional libpolkit-grant2_0.9-2_i386.deb
39a1030f852cdaf8a3f12223e0a585a3 89384 libdevel optional libpolkit-grant-dev_0.9-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklk5eMACgkQh7PER70FhVSx+ACeMiJurIwdrJ7PT9frq6aTS2++
wdcAoJI48nISjxivemESBbhtHhwFt7KC
=Iyh7
-----END PGP SIGNATURE-----
Bug marked as found in version 0.8-2.
Request was from Simon McVittie <smcv@debian.org>
to control@bugs.debian.org.
(Thu, 08 Jan 2009 18:30:04 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 07 Feb 2009 07:28:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Jan 30 05:58:38 2024;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.