Bug#776617: marked as done (wheezy-pu: fso stack)

To: Julien Cristau <[email protected]>
Subject: Bug#776617: marked as done (wheezy-pu: fso stack)
From: [email protected] (Debian Bug Tracking System)
Date: Sun, 21 Feb 2016 10:51:25 +0000
Message-id: <[🔎] [email protected]>
References: <[email protected]> <[email protected]>

Your message dated Sun, 21 Feb 2016 10:49:21 +0000
with message-id <[email protected]>
and subject line Re: Bug#776617: wheezy-pu: fso stack
has caused the Debian Bug report #776617,
regarding wheezy-pu: fso stack
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
776617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776617
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

To: Debian Bug Tracking System <[email protected]>
Subject: wheezy-pu: fso stack
From: Sebastian Reichel <[email protected]>
Date: Fri, 30 Jan 2015 01:43:16 +0100
Message-id: <[email protected]>

Package: release.debian.org
Severity: normal
Tags: wheezy
User: [email protected]
Usertags: pu

Hi,

I just requested unblocking of the fso stack for unstable -> testing
migration. I also prepared fixed packages for wheezy and the security
team send me here.

This is the debdiff for the proposed stable updates:

=== debdiff fso-datad_0.11.0-1.dsc fso-datad_0.11.0-1+deb7u1.dsc ===

diff -Nru fso-datad-0.11.0/debian/changelog fso-datad-0.11.0/debian/changelog
--- fso-datad-0.11.0/debian/changelog	2012-05-26 10:29:47.000000000 +0200
+++ fso-datad-0.11.0/debian/changelog	2015-01-28 00:18:22.000000000 +0100
@@ -1,3 +1,9 @@
+fso-datad (0.11.0-1+deb7u1) wheezy-security; urgency=high
+
+  * Fix DBus permissions (Closes: CVE-2014-8156)
+
+ -- Sebastian Reichel <[email protected]>  Wed, 28 Jan 2015 00:04:16 +0100
+
 fso-datad (0.11.0-1) unstable; urgency=low
 
   * New upstream release 
diff -Nru fso-datad-0.11.0/debian/patches/fix-dbus-permissions.patch fso-datad-0.11.0/debian/patches/fix-dbus-permissions.patch
--- fso-datad-0.11.0/debian/patches/fix-dbus-permissions.patch	1970-01-01 01:00:00.000000000 +0100
+++ fso-datad-0.11.0/debian/patches/fix-dbus-permissions.patch	2015-01-28 00:15:03.000000000 +0100
@@ -0,0 +1,24 @@
+From: Sebastian Reichel <[email protected]>
+Reported-By: Simon McVittie <[email protected]>
+Last-Update: 2015-01-20
+Description: Fix Security Problem in DBus Configuration
+ Old configuration allows every local user to send arbitrary D-Bus
+ messages to the path /org/freesmartphone/Framework on *any* D-Bus
+ system service (rough HTTP analogy: send a POST to
+ http://server/org/freesmartphone/Framework on any server).
+Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156
+
+Index: fso-datad/data/fsodatad.conf
+===================================================================
+--- fso-datad.orig/data/fsodatad.conf
++++ fso-datad/data/fsodatad.conf
+@@ -3,8 +3,7 @@
+ <busconfig>
+     <policy context="default">
+         <allow own="org.freesmartphone.odatad"/>
+-        <allow send_path="/org/freesmartphone/Time"/>
+-        <allow send_destination="org.freesmartphone.odatad"/>
++        <allow send_destination="org.freesmartphone.odatad" send_path="/org/freesmartphone/Time"/>
+     </policy>
+     <policy context="default">
+         <allow send_interface="org.freedesktop.DBus.Introspectable"/>
diff -Nru fso-datad-0.11.0/debian/patches/series fso-datad-0.11.0/debian/patches/series
--- fso-datad-0.11.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ fso-datad-0.11.0/debian/patches/series	2015-01-28 00:15:24.000000000 +0100
@@ -0,0 +1 @@
+fix-dbus-permissions.patch

=== debdiff fso-deviced_0.11.4-1.dsc fso-deviced_0.11.4-1+deb7u1.dsc ===

diff -Nru fso-deviced-0.11.4/debian/changelog fso-deviced-0.11.4/debian/changelog
--- fso-deviced-0.11.4/debian/changelog	2012-06-01 07:00:15.000000000 +0200
+++ fso-deviced-0.11.4/debian/changelog	2015-01-28 01:17:12.000000000 +0100
@@ -1,3 +1,9 @@
+fso-deviced (0.11.4-1+deb7u1) wheezy-security; urgency=high
+
+  * Fix DBus permissions (Closes: CVE-2014-8156)
+
+ -- Sebastian Reichel <[email protected]>  Wed, 28 Jan 2015 00:40:54 +0100
+
 fso-deviced (0.11.4-1) unstable; urgency=low
 
   * New upstream release
diff -Nru fso-deviced-0.11.4/debian/patches/fix-dbus-permissions.patch fso-deviced-0.11.4/debian/patches/fix-dbus-permissions.patch
--- fso-deviced-0.11.4/debian/patches/fix-dbus-permissions.patch	1970-01-01 01:00:00.000000000 +0100
+++ fso-deviced-0.11.4/debian/patches/fix-dbus-permissions.patch	2015-01-28 00:40:03.000000000 +0100
@@ -0,0 +1,24 @@
+From: Sebastian Reichel <[email protected]>
+Reported-By: Simon McVittie <[email protected]>
+Last-Update: 2015-01-20
+Description: Fix Security Problem in DBus Configuration
+ Old configuration allows every local user to send arbitrary D-Bus
+ messages to the path /org/freesmartphone/Framework on *any* D-Bus
+ system service (rough HTTP analogy: send a POST to
+ http://server/org/freesmartphone/Framework on any server).
+Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156
+
+Index: fso-deviced/data/fsodeviced.conf
+===================================================================
+--- fso-deviced.orig/data/fsodeviced.conf
++++ fso-deviced/data/fsodeviced.conf
+@@ -3,8 +3,7 @@
+ <busconfig>
+     <policy context="default">
+         <allow own="org.freesmartphone.odeviced"/>
+-        <allow send_path="/org/freesmartphone/Device"/>
+-        <allow send_destination="org.freesmartphone.odeviced"/>
++        <allow send_destination="org.freesmartphone.odeviced" send_path="/org/freesmartphone/Device"/>
+     </policy>
+     <policy context="default">
+         <allow send_interface="org.freedesktop.DBus.Introspectable"/>
diff -Nru fso-deviced-0.11.4/debian/patches/series fso-deviced-0.11.4/debian/patches/series
--- fso-deviced-0.11.4/debian/patches/series	2012-06-01 07:00:15.000000000 +0200
+++ fso-deviced-0.11.4/debian/patches/series	2015-01-28 00:40:13.000000000 +0100
@@ -1 +1,2 @@
 openmoko-wifi-2.6.39.patch
+fix-dbus-permissions.patch

=== debdiff fso-frameworkd_0.9.5.9+git20110512-4.dsc fso-frameworkd_0.9.5.9+git20110512-4+deb7u1.dsc ===

diff -Nru fso-frameworkd-0.9.5.9+git20110512/debian/changelog fso-frameworkd-0.9.5.9+git20110512/debian/changelog
--- fso-frameworkd-0.9.5.9+git20110512/debian/changelog	2012-03-28 05:04:21.000000000 +0200
+++ fso-frameworkd-0.9.5.9+git20110512/debian/changelog	2015-01-28 01:05:39.000000000 +0100
@@ -1,3 +1,9 @@
+fso-frameworkd (0.9.5.9+git20110512-4+deb7u1) wheezy-security; urgency=high
+
+  * Fix DBus permissions (Closes: CVE-2014-8156)
+
+ -- Sebastian Reichel <[email protected]>  Wed, 28 Jan 2015 00:59:39 +0100
+
 fso-frameworkd (0.9.5.9+git20110512-4) unstable; urgency=low
 
   * make fso-frameworkd-gta01 and fso-frameworkd-gta02 armel only,
diff -Nru fso-frameworkd-0.9.5.9+git20110512/debian/patches/fix-dbus-permissions.patch fso-frameworkd-0.9.5.9+git20110512/debian/patches/fix-dbus-permissions.patch
--- fso-frameworkd-0.9.5.9+git20110512/debian/patches/fix-dbus-permissions.patch1970-01-01 01:00:00.000000000 +0100
+++ fso-frameworkd-0.9.5.9+git20110512/debian/patches/fix-dbus-permissions.patch2015-01-28 00:57:48.000000000 +0100
@@ -0,0 +1,96 @@
+From: Sebastian Reichel <[email protected]>
+Reported-By: Simon McVittie <[email protected]>
+Last-Update: 2015-01-20
+Description: Fix Security Problem in DBus Configuration
+ Old configuration allows every local user to send arbitrary D-Bus
+ messages to the path /org/freesmartphone/Framework on *any* D-Bus
+ system service (rough HTTP analogy: send a POST to
+ http://server/org/freesmartphone/Framework on any server).
+Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156
+
+Index: fso-frameworkd/etc/dbus-1/system.d/frameworkd.conf
+===================================================================
+--- fso-frameworkd.orig/etc/dbus-1/system.d/frameworkd.conf
++++ fso-frameworkd/etc/dbus-1/system.d/frameworkd.conf
+@@ -3,70 +3,57 @@
+ <busconfig>
+     <policy context="default">
+         <allow own="org.freesmartphone.testing"/>
+-        <allow send_path="/org/freesmartphone/testing"/>
+-        <allow send_destination="org.freesmartphone.testing"/>
++        <allow send_destination="org.freesmartphone.testing" send_path="/org/freesmartphone/testing"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.onetworkd"/>
+-        <allow send_path="/org/freesmartphone.onetworkd"/>
+-        <allow send_destination="org.freesmartphone.onetwork"/>
++        <allow send_destination="org.freesmartphone.onetwork" send_path="/org/freesmartphone.onetworkd"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.frameworkd"/>
+-        <allow send_path="/org/freesmartphone/Framework"/>
+-        <allow send_destination="org.freesmartphone.frameworkd"/>
++        <allow send_destination="org.freesmartphone.frameworkd" send_path="/org/freesmartphone/Framework"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.odeviced"/>
+-        <allow send_path="/"/>
+         <allow send_destination="org.freesmartphone.odeviced"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.oeventsd"/>
+-        <allow send_path="/org/freesmartphone/Events"/>
+-        <allow send_destination="org.freesmartphone.oeventsd"/>
++        <allow send_destination="org.freesmartphone.oeventsd" send_path="/org/freesmartphone/Events"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.ousaged"/>
+-        <allow send_path="/org/freesmartphone/Usage"/>
+-        <allow send_destination="org.freesmartphone.ousaged"/>
++        <allow send_destination="org.freesmartphone.ousaged" send_path="/org/freesmartphone/Usage"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.ogsmd"/>
+-        <allow send_path="/org/freesmartphone/GSM"/>
+-        <allow send_destination="org.freesmartphone.ogsmd"/>
++        <allow send_destination="org.freesmartphone.ogsmd" send_path="/org/freesmartphone/GSM"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.ogpsd"/>
+         <allow own="org.freedesktop.Gypsy"/>
+-        <allow send_path="/org/freedesktop/Gypsy"/>
+         <allow send_destination="org.freesmartphone.ogpsd"/>
+         <allow send_destination="org.freedesktop.gypsy"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.opreferencesd"/>
+-        <allow send_path="/org/freesmartphone/Preferences"/>
+-        <allow send_destination="org.freesmartphone.opreferencesd"/>
++        <allow send_destination="org.freesmartphone.opreferencesd" send_path="/org/freesmartphone/Preferences"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.ophoned"/>
+-        <allow send_path="/org/freesmartphone/Phone"/>
+-        <allow send_destination="org.freesmartphone.ophoned"/>
++        <allow send_destination="org.freesmartphone.ophoned" send_path="/org/freesmartphone/Phone"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.opimd"/>
+-        <allow send_path="/org/freesmartphone/PIM"/>
+-        <allow send_destination="org.freesmartphone.opimd"/>
++        <allow send_destination="org.freesmartphone.opimd" send_path="/org/freesmartphone/PIM"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.otimed"/>
+-        <allow send_path="/org/freesmartphone/Time"/>
+-        <allow send_destination="org.freesmartphone.otimed"/>
++        <allow send_destination="org.freesmartphone.otimed" send_path="/org/freesmartphone/Time"/>
+     </policy>
+     <policy context="default">
+         <allow own="org.freesmartphone.omuxerd"/>
+-        <allow send_path="/org/freesmartphone/GSM/Muxer"/>
+-        <allow send_destination="org.freesmartphone.omuxerd"/>
++        <allow send_destination="org.freesmartphone.omuxerd" send_path="/org/freesmartphone/GSM/Muxer"/>
+         <allow send_interface="org.freesmartphone.GSM.MUX"/>
+     </policy>
+     <policy context="default">
diff -Nru fso-frameworkd-0.9.5.9+git20110512/debian/patches/series fso-frameworkd-0.9.5.9+git20110512/debian/patches/series
--- fso-frameworkd-0.9.5.9+git20110512/debian/patches/series	2012-03-28 05:04:21.000000000 +0200
+++ fso-frameworkd-0.9.5.9+git20110512/debian/patches/series	2015-01-28 00:58:07.000000000 +0100
@@ -1,3 +1,4 @@
 fix-setup.py
 fix-ogpsd.patch
 fix-message-notfication.patch
+fix-dbus-permissions.patch

=== debdiff fso-gsmd_0.11.3-2.dsc fso-gsmd_0.11.3-2+deb7u1.dsc ===

diff -Nru fso-gsmd-0.11.3/debian/changelog fso-gsmd-0.11.3/debian/changelog
--- fso-gsmd-0.11.3/debian/changelog	2012-06-27 02:41:45.000000000 +0200
+++ fso-gsmd-0.11.3/debian/changelog	2015-01-28 01:11:10.000000000 +0100
@@ -1,3 +1,9 @@
+fso-gsmd (0.11.3-2+deb7u1) wheezy-security; urgency=high
+
+  * Fix DBus permissions (Closes: CVE-2014-8156)
+
+ -- Sebastian Reichel <[email protected]>  Wed, 28 Jan 2015 01:04:52 +0100
+
 fso-gsmd (0.11.3-2) unstable; urgency=low
 
   * fso-gsmd 0.11.3 requires libgsm0710mux 0.11.2
diff -Nru fso-gsmd-0.11.3/debian/patches/fix-dbus-permissions.patch fso-gsmd-0.11.3/debian/patches/fix-dbus-permissions.patch
--- fso-gsmd-0.11.3/debian/patches/fix-dbus-permissions.patch	1970-01-01 01:00:00.000000000 +0100
+++ fso-gsmd-0.11.3/debian/patches/fix-dbus-permissions.patch	2015-01-28 01:06:55.000000000 +0100
@@ -0,0 +1,24 @@
+From: Sebastian Reichel <[email protected]>
+Reported-By: Simon McVittie <[email protected]>
+Last-Update: 2015-01-20
+Description: Fix Security Problem in DBus Configuration
+ Old configuration allows every local user to send arbitrary D-Bus
+ messages to the path /org/freesmartphone/Framework on *any* D-Bus
+ system service (rough HTTP analogy: send a POST to
+ http://server/org/freesmartphone/Framework on any server).
+Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156
+
+Index: fso-gsmd/data/fsogsmd.conf
+===================================================================
+--- fso-gsmd.orig/data/fsogsmd.conf
++++ fso-gsmd/data/fsogsmd.conf
+@@ -3,8 +3,7 @@
+ <busconfig>
+     <policy context="default">
+         <allow own="org.freesmartphone.ogsmd"/>
+-        <allow send_path="/org/freesmartphone/GSM"/>
+-        <allow send_destination="org.freesmartphone.ogsmd"/>
++        <allow send_destination="org.freesmartphone.ogsmd" send_path="/org/freesmartphone/GSM"/>
+     </policy>
+     <policy context="default">
+         <allow send_interface="org.freedesktop.DBus.Introspectable"/>
diff -Nru fso-gsmd-0.11.3/debian/patches/series fso-gsmd-0.11.3/debian/patches/series
--- fso-gsmd-0.11.3/debian/patches/series	2012-06-27 02:41:45.000000000 +0200
+++ fso-gsmd-0.11.3/debian/patches/series	2015-01-28 01:07:02.000000000 +0100
@@ -2,3 +2,4 @@
 phonebook-storage-dir.patch
 sms-storage-dir.patch
 fix-pkglibdir.patch
+fix-dbus-permissions.patch

=== debdiff fso-usaged_0.11.0-1.dsc fso-usaged_0.11.0-1+deb7u1.dsc ===

diff -Nru fso-usaged-0.11.0/debian/changelog fso-usaged-0.11.0/debian/changelog
--- fso-usaged-0.11.0/debian/changelog	2012-05-26 11:44:02.000000000 +0200
+++ fso-usaged-0.11.0/debian/changelog	2015-01-28 01:09:39.000000000 +0100
@@ -1,3 +1,9 @@
+fso-usaged (0.11.0-1+deb7u1) wheezy-security; urgency=high
+
+  * Fix DBus permissions (Closes: CVE-2014-8156)
+
+ -- Sebastian Reichel <[email protected]>  Wed, 28 Jan 2015 01:08:45 +0100
+
 fso-usaged (0.11.0-1) unstable; urgency=low
 
   * New upstream release
diff -Nru fso-usaged-0.11.0/debian/patches/fix-dbus-permissions.patch fso-usaged-0.11.0/debian/patches/fix-dbus-permissions.patch
--- fso-usaged-0.11.0/debian/patches/fix-dbus-permissions.patch	1970-01-01 01:00:00.000000000 +0100
+++ fso-usaged-0.11.0/debian/patches/fix-dbus-permissions.patch	2015-01-28 01:10:04.000000000 +0100
@@ -0,0 +1,24 @@
+From: Sebastian Reichel <[email protected]>
+Reported-By: Simon McVittie <[email protected]>
+Last-Update: 2015-01-20
+Description: Fix Security Problem in DBus Configuration
+ Old configuration allows every local user to send arbitrary D-Bus
+ messages to the path /org/freesmartphone/Framework on *any* D-Bus
+ system service (rough HTTP analogy: send a POST to
+ http://server/org/freesmartphone/Framework on any server).
+Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156
+
+Index: fso-usaged/data/fsousaged.conf
+===================================================================
+--- fso-usaged.orig/data/fsousaged.conf
++++ fso-usaged/data/fsousaged.conf
+@@ -3,8 +3,7 @@
+ <busconfig>
+     <policy context="default">
+         <allow own="org.freesmartphone.ousaged"/>
+-        <allow send_path="/org/freesmartphone/Usage"/>
+-        <allow send_destination="org.freesmartphone.ousaged"/>
++        <allow send_destination="org.freesmartphone.ousaged" send_path="/org/freesmartphone/Usage"/>
+     </policy>
+     <policy context="default">
+         <allow send_interface="org.freedesktop.DBus.Introspectable"/>
diff -Nru fso-usaged-0.11.0/debian/patches/series fso-usaged-0.11.0/debian/patches/series
--- fso-usaged-0.11.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ fso-usaged-0.11.0/debian/patches/series	2015-01-28 01:10:11.000000000 +0100
@@ -0,0 +1 @@
+fix-dbus-permissions.patch

=== debdiff phonefsod_0.1+git20110827-3.dsc phonefsod_0.1+git20110827-3+deb7u1.dsc ===

diff -Nru phonefsod-0.1+git20110827/debian/changelog phonefsod-0.1+git20110827/debian/changelog
--- phonefsod-0.1+git20110827/debian/changelog	2012-03-30 01:53:42.000000000 +0200
+++ phonefsod-0.1+git20110827/debian/changelog	2015-01-28 01:12:26.000000000 +0100
@@ -1,3 +1,9 @@
+phonefsod (0.1+git20110827-3+deb7u1) wheezy-security; urgency=high
+
+  * Fix DBus permissions (Closes: CVE-2014-8156) 
+
+ -- Sebastian Reichel <[email protected]>  Wed, 28 Jan 2015 01:12:08 +0100
+
 phonefsod (0.1+git20110827-3) unstable; urgency=low
 
   * Fix #665595
diff -Nru phonefsod-0.1+git20110827/debian/patches/fix-dbus-permissions.patch phonefsod-0.1+git20110827/debian/patches/fix-dbus-permissions.patch
--- phonefsod-0.1+git20110827/debian/patches/fix-dbus-permissions.patch	1970-01-01 01:00:00.000000000 +0100
+++ phonefsod-0.1+git20110827/debian/patches/fix-dbus-permissions.patch	2015-01-28 01:12:43.000000000 +0100
@@ -0,0 +1,24 @@
+From: Sebastian Reichel <[email protected]>
+Reported-By: Simon McVittie <[email protected]>
+Last-Update: 2015-01-20
+Description: Fix Security Problem in DBus Configuration
+ Old configuration allows every local user to send arbitrary D-Bus
+ messages to the path /org/freesmartphone/Framework on *any* D-Bus
+ system service (rough HTTP analogy: send a POST to
+ http://server/org/freesmartphone/Framework on any server).
+Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156
+
+Index: phonefsod/data/dbus-1/phonefsod.conf
+===================================================================
+--- phonefsod.orig/data/dbus-1/phonefsod.conf
++++ phonefsod/data/dbus-1/phonefsod.conf
+@@ -1,8 +1,7 @@
+ <busconfig>
+     <policy user="root">
+         <allow own="org.shr.phonefso"/>
+-        <allow send_path="/org/shr/phonefso/Usage"/>
+-        <allow send_destination="org.shr.phonefso"/>
++        <allow send_destination="org.shr.phonefso" send_path="/org/shr/phonefso/Usage"/>
+         <allow receive_sender="org.shr.phonefso"/>
+     </policy>
+ </busconfig>
diff -Nru phonefsod-0.1+git20110827/debian/patches/series phonefsod-0.1+git20110827/debian/patches/series
--- phonefsod-0.1+git20110827/debian/patches/series	2012-03-30 01:53:42.000000000 +0200
+++ phonefsod-0.1+git20110827/debian/patches/series	2015-01-28 01:12:52.000000000 +0100
@@ -1,3 +1,4 @@
 no-output-before-daemonization.patch
 fix-ld-as-needed.patch
 remove-invidiual-glib-header-includes.patch
+fix-dbus-permissions.patch
diff -Nru phonefsod-0.1+git20110827/debian/phonefsod.conf phonefsod-0.1+git20110827/debian/phonefsod.conf
--- phonefsod-0.1+git20110827/debian/phonefsod.conf	2012-03-30 01:53:42.000000000 +0200
+++ phonefsod-0.1+git20110827/debian/phonefsod.conf	2015-01-28 01:13:16.000000000 +0100
@@ -4,8 +4,7 @@
 	</policy>
 
     <policy context="default">
-        <allow send_path="/org/shr/phonefso/Usage"/>
-        <allow send_destination="org.shr.phonefso"/>
+        <allow send_destination="org.shr.phonefso" send_path="/org/shr/phonefso/Usage"/>
         <allow receive_sender="org.shr.phonefso"/>
     </policy>
 </busconfig>

--- End Message ---

--- Begin Message ---

To: "Adam D. Barratt" <[email protected]>, [email protected]
Cc: Sebastian Reichel <[email protected]>
Subject: Re: Bug#776617: wheezy-pu: fso stack
From: Julien Cristau <[email protected]>
Date: Sun, 21 Feb 2016 10:49:21 +0000
Message-id: <[email protected]>
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On Fri, Aug 21, 2015 at 15:47:32 +0100, Adam D. Barratt wrote:

> On Sat, 2015-04-25 at 17:15 +0100, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > Apologies for managing to overlook this when you filed it.
> > 
> > On Fri, 2015-01-30 at 01:43 +0100, Sebastian Reichel wrote:
> > > I just requested unblocking of the fso stack for unstable -> testing
> > > migration. I also prepared fixed packages for wheezy and the security
> > > team send me here.
> > > 
> > > This is the debdiff for the proposed stable updates:
> > > 
> > > === debdiff fso-datad_0.11.0-1.dsc fso-datad_0.11.0-1+deb7u1.dsc ===
> > > 
> > > diff -Nru fso-datad-0.11.0/debian/changelog fso-datad-0.11.0/debian/changelog
> > > --- fso-datad-0.11.0/debian/changelog	2012-05-26 10:29:47.000000000 +0200
> > > +++ fso-datad-0.11.0/debian/changelog	2015-01-28 00:18:22.000000000 +0100
> > > @@ -1,3 +1,9 @@
> > > +fso-datad (0.11.0-1+deb7u1) wheezy-security; urgency=high
> > > +
> > > +  * Fix DBus permissions (Closes: CVE-2014-8156)
> > 
> > With s/-security//g in each of the new changelog stanzas, please go
> > ahead; thanks.
> 
> Ping?
> 
No response or upload since August, closing.

Cheers,
Julien

Attachment: signature.asc
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: Bug#746946: marked as done (wheezy-pu: package distro-info-data/0.23~deb7u1)
Next by Date: Bug#780533: marked as done (pu: package jakarta-taglibs-standard/1.1.2-2)
Previous by thread: Bug#746946: marked as done (wheezy-pu: package distro-info-data/0.23~deb7u1)
Next by thread: Bug#780533: marked as done (pu: package jakarta-taglibs-standard/1.1.2-2)
Index(es):
- Date
- Thread

	
		OSZAR »