Debian Bug report logs - #510649
/etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961

version graph

Package: dnsmasq; Maintainer for dnsmasq is Simon Kelley <simon@thekelleys.org.uk>; Source for dnsmasq is src:dnsmasq.

Reported by: Simon McVittie <smcv@debian.org>

Date: Sun, 4 Jan 2009 02:03:01 UTC

Severity: normal

Found in version dnsmasq/2.46-1

Fixed in version dnsmasq/2.47-1

Done: Simon Kelley <simon@thekelleys.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Simon Kelley <simon@thekelleys.org.uk>:
Bug#510649; Package dnsmasq. (Sun, 04 Jan 2009 02:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
New Bug report received and forwarded. Copy sent to Simon Kelley <simon@thekelleys.org.uk>. (Sun, 04 Jan 2009 02:03:03 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: /etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961
Date: Sun, 4 Jan 2009 01:58:05 +0000
[Message part 1 (text/plain, inline)]
Package: dnsmasq
Version: 2.46-1
Severity: normal
User: pkg-utopia-maintainers@lists.alioth.debian.org
Usertags: fdo-18961

ConsoleKit's D-Bus system.d config should be updated to fix
non-deterministic allow/deny for messages with no interface (related to
CVE-2008-4311).

http://bugs.freedesktop.org/show_bug.cgi?id=19020 contains a patch from
Colin Walters. (If you consider bugs.debian.org to be the "upstream" bug
tracker for dnsmasq, please advertise this fact in documentation; Colin
didn't seem to know where to send the patch.)

Regards from the Cambridge BSP,
    Simon
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Simon Kelley <simon@thekelleys.org.uk>:
Bug#510649; Package dnsmasq. (Sun, 04 Jan 2009 02:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
Extra info received and forwarded to list. Copy sent to Simon Kelley <simon@thekelleys.org.uk>. (Sun, 04 Jan 2009 02:21:06 GMT) Full text and rfc822 format available.

Message #10 received at 510649@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: 510649@bugs.debian.org
Subject: Re: Bug#510649: /etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961
Date: Sun, 4 Jan 2009 02:19:00 +0000
[Message part 1 (text/plain, inline)]
On Sun, 04 Jan 2009 at 01:58:05 +0000, Simon McVittie wrote:
> http://bugs.freedesktop.org/show_bug.cgi?id=19020 contains a patch from
> Colin Walters.

Sorry, that should be <http://bugs.freedesktop.org/show_bug.cgi?id=18961>.

    Simon
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#510649; Package dnsmasq. (Mon, 05 Jan 2009 14:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon Kelley <simon@thekelleys.org.uk>:
Extra info received and forwarded to list. (Mon, 05 Jan 2009 14:24:03 GMT) Full text and rfc822 format available.

Message #15 received at 510649@bugs.debian.org (full text, mbox):

From: Simon Kelley <simon@thekelleys.org.uk>
To: Simon McVittie <smcv@debian.org>, 510649@bugs.debian.org
Subject: Re: Bug#510649: /etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961
Date: Mon, 05 Jan 2009 14:22:33 +0000
Simon McVittie wrote:
> Package: dnsmasq
> Version: 2.46-1
> Severity: normal
> User: pkg-utopia-maintainers@lists.alioth.debian.org
> Usertags: fdo-18961
> 
> ConsoleKit's D-Bus system.d config should be updated to fix
> non-deterministic allow/deny for messages with no interface (related to
> CVE-2008-4311).
> 
> http://bugs.freedesktop.org/show_bug.cgi?id=19020 contains a patch from
> Colin Walters. (If you consider bugs.debian.org to be the "upstream" bug
> tracker for dnsmasq, please advertise this fact in documentation; Colin
> didn't seem to know where to send the patch.)
> 
> Regards from the Cambridge BSP,
>     Simon

Hi Simon.

I got email from Colin which I acknowleged, and his fix is in the next 
(upstream) dnsmasq release. It wasn't clear from his mail or from this 
bug if there are implications for Lenny. It is necessary to update the 
dnsmasq-2.45 package in Lenny?

Cheers,

Simon.







Information forwarded to debian-bugs-dist@lists.debian.org, Simon Kelley <simon@thekelleys.org.uk>:
Bug#510649; Package dnsmasq. (Mon, 05 Jan 2009 16:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon McVittie <smcv@debian.org>:
Extra info received and forwarded to list. Copy sent to Simon Kelley <simon@thekelleys.org.uk>. (Mon, 05 Jan 2009 16:27:03 GMT) Full text and rfc822 format available.

Message #20 received at 510649@bugs.debian.org (full text, mbox):

From: Simon McVittie <smcv@debian.org>
To: 510649@bugs.debian.org
Subject: Re: Bug#510649: /etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961
Date: Mon, 5 Jan 2009 16:24:08 +0000
[Message part 1 (text/plain, inline)]
On Mon, 05 Jan 2009 at 14:22:33 +0000, Simon Kelley wrote:
> Simon McVittie wrote:
>> Package: dnsmasq
>> Version: 2.46-1
>
> I got email from Colin which I acknowleged, and his fix is in the next  
> (upstream) dnsmasq release. It wasn't clear from his mail or from this  
> bug if there are implications for Lenny. It is necessary to update the  
> dnsmasq-2.45 package in Lenny?

Thanks, please close this bug in the appropriate version. We filed bugs
for fdo-18961 because it wasn't entirely clear whether they blocked the
release of the secure-by-default dbus version (in which case we'd have
upgraded them to serious). In practice it seems that they're
not RC and there's no need to backport this to lenny.

Testing dnsmasq 2.45's D-Bus functionality with a version of D-Bus where
CVE-2008-4311 has been fixed (see
<http://lists.debian.org/debian-devel/2009/01/msg00082.html>) would be
very useful; I've done some trivial testing on a freshly installed lenny
laptop, but you know what's meant to happen much better than I do!

In the unlikely event that it turns out to have regressions, please escalate
this bug to serious, and coordinate with me or pkg-utopia to get it suitably
tagged and fixed before we push the secure-by-default version of dbus.

Thanks,
    Simon
[signature.asc (application/pgp-signature, inline)]

Reply sent to Simon Kelley <simon@thekelleys.org.uk>:
You have taken responsibility. (Thu, 05 Feb 2009 21:12:08 GMT) Full text and rfc822 format available.

Notification sent to Simon McVittie <smcv@debian.org>:
Bug acknowledged by developer. (Thu, 05 Feb 2009 21:12:08 GMT) Full text and rfc822 format available.

Message #25 received at 510649-close@bugs.debian.org (full text, mbox):

From: Simon Kelley <simon@thekelleys.org.uk>
To: 510649-close@bugs.debian.org
Subject: Bug#510649: fixed in dnsmasq 2.47-1
Date: Thu, 05 Feb 2009 20:47:10 +0000
Source: dnsmasq
Source-Version: 2.47-1

We believe that the bug you reported is fixed in the latest version of
dnsmasq, which is due to be installed in the Debian FTP archive:

dnsmasq-base_2.47-1_i386.deb
  to pool/main/d/dnsmasq/dnsmasq-base_2.47-1_i386.deb
dnsmasq_2.47-1.diff.gz
  to pool/main/d/dnsmasq/dnsmasq_2.47-1.diff.gz
dnsmasq_2.47-1.dsc
  to pool/main/d/dnsmasq/dnsmasq_2.47-1.dsc
dnsmasq_2.47-1_all.deb
  to pool/main/d/dnsmasq/dnsmasq_2.47-1_all.deb
dnsmasq_2.47.orig.tar.gz
  to pool/main/d/dnsmasq/dnsmasq_2.47.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 510649@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Kelley <simon@thekelleys.org.uk> (supplier of updated dnsmasq package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 2 Feb 2009 13:39:11 +0000
Source: dnsmasq
Binary: dnsmasq dnsmasq-base
Architecture: source i386 all
Version: 2.47-1
Distribution: unstable
Urgency: low
Maintainer: Simon Kelley <simon@thekelleys.org.uk>
Changed-By: Simon Kelley <simon@thekelleys.org.uk>
Description: 
 dnsmasq    - A small caching DNS proxy and DHCP/TFTP server
 dnsmasq-base - A small caching DNS proxy and DHCP/TFTP server
Closes: 506734 507646 508560 508774 510649
Changes: 
 dnsmasq (2.47-1) unstable; urgency=low
 .
    * New upstream.
    * Handle the "ENABLED" flag in the init script a bit more
      intelligently. The "stop" and "status" functions continue
      to work even when disabled, but a failed "stop" becomes
      silent and returns zero exit code.
    * Don't explicitly kill dnsmasq at system shutdown, rely on the
      sendsigs script instead which is quicker. (closes: #506734)
    * Store the PID-file in /var/run/dnsmasq. This directory is owned by
      user "dnsmasq", so that dnsmasq can delete the PID-file on
      shutdown. This ensures that the the PID-file goes even when dnsmasq
      is stopped by sendsigs. (closes: #508560)
    * Bump standards-version to 3.8.0 (no changes required.)
    * /usr/sbin/adduser -> adduser in postinst. Lintian fix.
    * Handle IPv6 addresses in "tentative" state better. (closes: #507646)
    * Add DBus introspection support. (closes: #508774)
    * Fix Dbus configuration. (closes: #510649)
Checksums-Sha1: 
 2dbb4bca970b61f91170f770e17c63fbdd3c2473 970 dnsmasq_2.47-1.dsc
 fcb34bab8b8de74c89a681537909d9ba2d225db8 393306 dnsmasq_2.47.orig.tar.gz
 ddf5c64c74b1dba890ea1d7f75b9b12cb2b50340 14521 dnsmasq_2.47-1.diff.gz
 45e3dc08e9cecb01f3730b06112cf29a4f84547b 261996 dnsmasq-base_2.47-1_i386.deb
 f46327c13211967fb467c4dce49e33ecce566861 12852 dnsmasq_2.47-1_all.deb
Checksums-Sha256: 
 1f72aa403035c358b5d21d58e32d53fb5e0ce40de3b24ec2a4b9bdc8eb7d0fc6 970 dnsmasq_2.47-1.dsc
 b0514310f53721f64e1afdbef4f50df53e0a3aabc388b728cb49696e5238d13d 393306 dnsmasq_2.47.orig.tar.gz
 40a11a7bb89c341b5b06289553b714fb9224062d7171337b039dab95cb00a579 14521 dnsmasq_2.47-1.diff.gz
 a44740b8446be1565ce9a5b8bcfb5daa9e27e28fe2fab7be6df7715a810cfc0b 261996 dnsmasq-base_2.47-1_i386.deb
 2db463f14f6d58383fc0c6e9d02f2e4b09332a926b184b5a71e48fa538af056d 12852 dnsmasq_2.47-1_all.deb
Files: 
 33237ab0e897619b7e26dd5f1c45cd99 970 net optional dnsmasq_2.47-1.dsc
 8bf2bd2dcbd5b3e7a689611d20b51126 393306 net optional dnsmasq_2.47.orig.tar.gz
 2a02b71a414e458384029788e9411f16 14521 net optional dnsmasq_2.47-1.diff.gz
 e8f8ec8ad701626f7324bafb8a6c4991 261996 net optional dnsmasq-base_2.47-1_i386.deb
 bc2f4272de236f6233866aaddd338fc5 12852 net optional dnsmasq_2.47-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJitq0KPyGmiibgrcRAnFsAJ41Qfsv0yYg4B3/QysMdFNPX7wlMgCfdyoW
EnFiCWgC5A2jwf9QiHeD3Ds=
=8hNR
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 06 Mar 2009 07:29:54 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 08:29:07 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.