Bug#905058: policykit-1: brlapi connections do not work any more
Simon McVittie, le mer. 01 août 2018 17:29:39 +0100, a ecrit: > On Wed, 01 Aug 2018 at 18:13:47 +0200, Samuel Thibault wrote: > > Control: reassign -1 905058 brltty > > Control: tags -1 + patch pending > > > > Samuel Thibault, le mar. 31 juil. 2018 02:42:06 +0200, a ecrit: > > > As reported also on > > > https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1782320 > > > , on upgrading from policykit 0.105-20 to 0.105-21, brlapi connections > > > have stopped working. > > > > So it seems it is a misuse of the policykit API from brltty, I will > > upload a fixed package. > > Thanks. Would you like us to add a versioned Breaks in polkit? That could be useful, just in case. > Please could you also prepare the same fix for stretch? We'll need that > to avoid regressing when we upload a polkit with this CVE fix there. Oh right, I'll do it. Samuel
Bug#905058: policykit-1: brlapi connections do not work any more
On Wed, 01 Aug 2018 at 18:13:47 +0200, Samuel Thibault wrote: > Control: reassign -1 905058 brltty > Control: tags -1 + patch pending > > Samuel Thibault, le mar. 31 juil. 2018 02:42:06 +0200, a ecrit: > > As reported also on > > https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1782320 > > , on upgrading from policykit 0.105-20 to 0.105-21, brlapi connections > > have stopped working. > > So it seems it is a misuse of the policykit API from brltty, I will > upload a fixed package. Thanks. Would you like us to add a versioned Breaks in polkit? Please could you also prepare the same fix for stretch? We'll need that to avoid regressing when we upload a polkit with this CVE fix there. codesearch.debian.net didn't show me any examples of this bug in packages other than brltty. smcv
Bug#905058: policykit-1: brlapi connections do not work any more
Control: reassign -1 905058 brltty Control: tags -1 + patch pending Samuel Thibault, le mar. 31 juil. 2018 02:42:06 +0200, a ecrit: > As reported also on > https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1782320 > , on upgrading from policykit 0.105-20 to 0.105-21, brlapi connections > have stopped working. So it seems it is a misuse of the policykit API from brltty, I will upload a fixed package. Samuel
Bug#905058: policykit-1: brlapi connections do not work any more
Package: policykit-1 Version: 0.105-21 Severity: important Tags: a11y Hello, As reported also on https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1782320 , on upgrading from policykit 0.105-20 to 0.105-21, brlapi connections have stopped working. The idea is that the brltty daemon checks whether programs trying to connect to it through brlapi are legitimate by having an active session. This used to work previously, but not in 0.105-21 any more. Notably, we get this GError: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: process with PID 12570 has been replaced which seems to be due to a mismatch in program start time (which does not make sense, the start time hasn't changed). This is due to the introduction of Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch , disabling it fixes the issue. This is really problematic, because it completely break braille output in graphical session, thus making the system very useless for a lot of people, unless changing the configuration by hand to revert to keypass-based authentication in /etc/brlapi.key. Samuel -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages policykit-1 depends on: ii dbus 1.12.8-3 ii libc6 2.27-5 ii libglib2.0-0 2.56.1-2 ii libpam-systemd 239-7 ii libpam0g 1.1.8-3.7 ii libpolkit-agent-1-00.105-18 ii libpolkit-backend-1-0 0.105-18 ii libpolkit-gobject-1-0 0.105-18 policykit-1 recommends no packages. policykit-1 suggests no packages. -- no debconf information -- Samuel "...Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and the Ugly)." (By Matt Welsh)