Your message dated Mon, 09 Apr 2018 13:20:18 +0000
with message-id <e1f5wiy-000c3g...@fasolo.debian.org>
and subject line Bug#890587: fixed in parted 3.2-21
has caused the Debian Bug report #890587,
regarding libparted2: should not use /dev/mem
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
890587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890587
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libparted2
Version: 3.2-20
Severity: normal

http://oss.tresys.com/pipermail/refpolicy/2018-February/010476.html

The udisks2 access to /dev/mem is discussed on the SE Linux list at the above
URL.

https://sources.debian.org/patches/parted/3.2-20/gptsync.patch/

It seems that the access is due to the above patch that was copied from an
older version of dmidecode.

http://oss.tresys.com/pipermail/refpolicy/2018-February/010486.html

According to the above message newer versions of dmidecode use
/sys/firmware/dmi/tables/DMI which seems like a better way of doing it.

Please change libparted2 to use code from a newer version of dmidecode so it
doesn't need to access /dev/mem.

Removing access to /dev/mem allows running with minimum privileges (access to
/dev/mem means ultimate access to the system) and avoids potential reliability
issues if there is an accidental read from a memory mapped device.

-- System Information:
Debian Release: buster/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default

Versions of packages libparted2 depends on:
ii  libblkid1           2.30.2-0.3
ii  libc6               2.26-6
ii  libdevmapper1.02.1  2:1.02.145-4.1
ii  libuuid1            2.30.2-0.3

libparted2 recommends no packages.

Versions of packages libparted2 suggests:
ii  libparted-dev   3.2-20
pn  libparted-i18n  <none>
ii  parted          3.2-20

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: parted
Source-Version: 3.2-21

We believe that the bug you reported is fixed in the latest version of
parted, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 890...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated parted package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 09 Apr 2018 12:16:58 +0100
Source: parted
Binary: parted parted-udeb libparted2 libparted-fs-resize0 libparted2-udeb 
libparted-fs-resize0-udeb libparted-i18n libparted-dev libparted0-dev parted-doc
Architecture: source
Version: 3.2-21
Distribution: unstable
Urgency: medium
Maintainer: Parted Maintainer Team <parted-maintain...@lists.alioth.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Description:
 libparted-dev - disk partition manipulator - development files
 libparted-fs-resize0 - disk partition manipulator - shared FS resizing library
 libparted-fs-resize0-udeb - disk partition manipulator - FS resizing library 
udeb (udeb)
 libparted-i18n - disk partition manipulator - i18n support
 libparted0-dev - disk partition manipulator - transitional package
 libparted2 - disk partition manipulator - shared library
 libparted2-udeb - disk partition manipulator - library udeb (udeb)
 parted     - disk partition manipulator
 parted-doc - disk partition manipulator - documentation
 parted-udeb - Manually partition a hard drive (parted) (udeb)
Closes: 840709 840710 890587
Changes:
 parted (3.2-21) unstable; urgency=medium
 .
   * Move VCS to salsa.debian.org.
   * Call dmidecode directly to detect Apple systems rather than using an
     out-of-date clone-and-hack of its code that preferred reading from
     /dev/mem (closes: #890587).
   * Cherry-pick upstream patch to prevent crash resizing FAT with very deep
     directories (closes: #840709).
   * Cherry-pick upstream patch to fix recognition of FAT file system after
     resizing (closes: #840710).
Checksums-Sha1:
 f2cbea400779a0d5d4b0b7a3e2103a0225da08dd 2829 parted_3.2-21.dsc
 32b7c7c6c5306d4698d653332fe0e53532fc57a9 87456 parted_3.2-21.debian.tar.xz
 1a5df1bb0e86d8040ecdfa494b32335df0db9831 6872 parted_3.2-21_source.buildinfo
Checksums-Sha256:
 49d9b335bd8c638ff2ea6aa06ef7c0df2d8d4faa88199ca984e50b546afbec22 2829 
parted_3.2-21.dsc
 7d234985f8b0f8b5ce7d7e90377c84b0cadb484e36b55ad6703d07d73a7ae77f 87456 
parted_3.2-21.debian.tar.xz
 2d4f27d9827e13470932eff7a0a95250f9318400f7e5bc1c19d179a950f1201e 6872 
parted_3.2-21_source.buildinfo
Files:
 fb7be67f4c7f14d9301e9e4fd99c0849 2829 admin optional parted_3.2-21.dsc
 708aa71fb6e50bb7f26b372c436d49f9 87456 admin optional 
parted_3.2-21.debian.tar.xz
 dc804083bf1d27991ca4777fb18cfec7 6872 admin optional 
parted_3.2-21_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlrLTbkACgkQOTWH2X2G
UAtiYBAAgirb0bnEyyPjcg8DjymQJSH8PBT4cNlQZmX1OAPHF51iGBfdYi0bG2q4
izV3zyZsk4QAShUIRBu94Z0zZSNjEekRLZzwA3g1kj/hFgvHA8tK1ryvVj4/K8N8
0GgieHxTCrWYY5V++pj5DYP0XZ2X34+OvOkgMGuQXxU3DzA6HpOzYoG/PL9KDMvF
fccAyFEp7wMGnYOSaOs32xjbCwwBS+YZOHjDIwuh6wkAPIfF2smvYoZZgRRk7Wbv
qv0/EzS+z6cTFCriObv7nwy/rHIkxPlLBEHlCn8CFOJKlsiSCGp9nUC82dDHqLGR
3dOr2kZTWhB7mWeoHf9zX/87nTJi8Iv7NhmlmYaSEzZoBcPeT/S5HnN/56xIqObt
acwoi/Qj/SmnW4TuKi8vbDOHMtpd5zpPkhDJ7Ava+nMruacOgV9aRDBOlVFvlvJU
IjX93Js3iJ/x+PREDJAhxkDIw9kXZKe7sYiqYQlFilVVUgO2wyYu6RqOFzosYB6x
PIn+PagA3CEESYOwArMBWJ2lbEuy+0epIj1iD9cX8eqy3MeGihZUVLjhAhj5BK61
R05F1mLOFT8ma7k9gbqBvoHVu4X+je2rf1re2wz//MSQdvs3mAp6l/MuhwAkiQtX
4vMfAg8icJws0IjYqzXGsvBZzzfvZv+14JU8JoLw3PboEVG7ESM=
=Js+d
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to