Your message dated Wed, 06 May 2015 22:06:56 +0000
with message-id <e1yq7sy-0002jm...@franck.debian.org>
and subject line Bug#685832: fixed in xfce4-sensors-plugin 1.2.6-1
has caused the Debian Bug report #685832,
regarding xfce4-sensors-plugin: xcfe4-sensors-plugin relies on a setuid hddtemp
and recommends to setuid it
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
685832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685832
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xfce4-sensors-plugin
Version: 1.2.5-1+b1
Severity: important
Tags: patch security
Hello,
xfce4-sensors-plugin seems to want, although not necessary, to have hddtemp
setuid in the system in order to read the temperature of the HDD. It even goes
to suggest to the user to setuid hddtemp.
But there is an option to fetch hddtemp information without having hddtemp
setuid, to read directly from a local port. This option is now disabled at
buildtime because there is no netcat installed during build.
So I just added netcat as a build depends and the resulting package works fine
and no longer recommends the user the unsafe option of running hddtemp setuid.
Please use the attached patch to fix this issue.
Thanks,
Eddy
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (999, 'testing'), (500, 'stable'), (50, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.0-heidi (SMP w/2 CPU cores)
Locale: LANG=ro_RO.utf8, LC_CTYPE=ro_RO.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages xfce4-sensors-plugin depends on:
ii libatk1.0-0 2.4.0-2
ii libc6 2.13-35
ii libcairo2 1.12.2-2
ii libfontconfig1 2.9.0-7
ii libfreetype6 2.4.9-1
ii libgdk-pixbuf2.0-0 2.26.1-1
ii libglib2.0-0 2.32.3-1
ii libgtk2.0-0 2.24.10-2
ii libnotify4 0.7.5-1
ii libpango1.0-0 1.30.0-1
ii libsensors4 1:3.3.2-2
ii libxfce4ui-1-0 4.8.1-1
ii libxfce4util4 4.8.2-1
ii xfce4-panel 4.8.6-3
Versions of packages xfce4-sensors-plugin recommends:
ii hddtemp 0.3-beta15-51
ii lm-sensors 1:3.3.2-2
Versions of packages xfce4-sensors-plugin suggests:
ii xsensors 0.70-2
-- no debconf information
diff -ruN xfce4-sensors-plugin-1.2.5.orig/debian/changelog xfce4-sensors-plugin-1.2.5/debian/changelog
--- xfce4-sensors-plugin-1.2.5.orig/debian/changelog 2012-05-16 00:20:17.000000000 +0300
+++ xfce4-sensors-plugin-1.2.5/debian/changelog 2012-07-04 00:29:22.000000000 +0300
@@ -1,3 +1,11 @@
+xfce4-sensors-plugin (1.2.5-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Build depend on netcat's different flavours to enable unpriviliged
+ hddtemp temperature reading
+
+ -- Eddy PetriÈor <eddy.petri...@gmail.com> Wed, 04 Jul 2012 00:24:21 +0300
+
xfce4-sensors-plugin (1.2.5-1) unstable; urgency=low
* New upstream release.
diff -ruN xfce4-sensors-plugin-1.2.5.orig/debian/control xfce4-sensors-plugin-1.2.5/debian/control
--- xfce4-sensors-plugin-1.2.5.orig/debian/control 2012-04-08 16:15:00.000000000 +0300
+++ xfce4-sensors-plugin-1.2.5/debian/control 2012-07-04 00:23:09.000000000 +0300
@@ -7,7 +7,7 @@
Build-Depends: debhelper (>= 9), libgtk2.0-dev, dpkg-dev (>= 1.16.1),
xfce4-panel-dev (>= 4.8.0), libxml2-dev, libsensors4-dev, libxml-parser-perl,
hddtemp [!kfreebsd-amd64 !kfreebsd-i386 !hurd-i386], intltool, libxfce4ui-1-dev,
- libnotify-dev
+ libnotify-dev, netcat-traditional | netcat-openbsd | netcat
Standards-Version: 3.9.3
Homepage: http://goodies.xfce.org/
Vcs-Svn: svn://svn.debian.org/pkg-xfce/goodies/trunk/xfce4-sensors-plugin/
@@ -16,7 +16,7 @@
Package: xfce4-sensors-plugin
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
-Recommends: hddtemp, lm-sensors
+Recommends: hddtemp, lm-sensors, netcat
Suggests: xsensors
Description: hardware sensors plugin for the Xfce4 panel
The sensors plugin reads your hardware sensor values and displays
--- End Message ---
--- Begin Message ---
Source: xfce4-sensors-plugin
Source-Version: 1.2.6-1
We believe that the bug you reported is fixed in the latest version of
xfce4-sensors-plugin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 685...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <cor...@debian.org> (supplier of updated xfce4-sensors-plugin
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 06 May 2015 22:12:35 +0200
Source: xfce4-sensors-plugin
Binary: xfce4-sensors-plugin
Architecture: source amd64
Version: 1.2.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian Xfce Maintainers <pkg-xfce-devel@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description:
xfce4-sensors-plugin - hardware sensors plugin for the Xfce4 panel
Closes: 670046 685832
Changes:
xfce4-sensors-plugin (1.2.6-1) unstable; urgency=low
.
[ Evgeni Golov ]
* Correct Vcs-* URLs to point to anonscm.debian.org
.
[ Mateusz Łukasik ]
* New upstream release. (Closes: #670046, #685832)
- Remove debian/patches/fix_typo_in_fr.po.diff -- included upstream.
* debian/control:
- Bump standards version to 3.9.6.
Checksums-Sha1:
372ca12b2348a9d51e4e7db8df6607a32f4d61d4 1913 xfce4-sensors-plugin_1.2.6-1.dsc
5bf26deacc942f1c5c596517432a8eb055b825f8 454524
xfce4-sensors-plugin_1.2.6.orig.tar.bz2
31bb63ff2a5e2056619a37cc26f3e83f55f4eb6d 5252
xfce4-sensors-plugin_1.2.6-1.debian.tar.xz
f30597091581d6bce4efc47c2e839ca0111b0f07 116338
xfce4-sensors-plugin_1.2.6-1_amd64.deb
Checksums-Sha256:
1cd3f2d1a43ed932b0571d0351d2e209443961a5d2fbd7e9a45f3fbf35bdceab 1913
xfce4-sensors-plugin_1.2.6-1.dsc
235ef842bd45e701bceebb21a384ab09f21afceea8ed95f91bb4c6cf3abe1bc0 454524
xfce4-sensors-plugin_1.2.6.orig.tar.bz2
87f7ab12f33b66d2ee19455dcd0c8b153386e30ae6903539029740c55ec77d32 5252
xfce4-sensors-plugin_1.2.6-1.debian.tar.xz
bb751ee34a50078c33f73abe9f48eea973c202f95d8c42a04da1bd797c2c745c 116338
xfce4-sensors-plugin_1.2.6-1_amd64.deb
Files:
ae611f58023c0f19a0df57408553db5b 1913 xfce optional
xfce4-sensors-plugin_1.2.6-1.dsc
33c2e343c1224d9c4ae757a70cbe08eb 454524 xfce optional
xfce4-sensors-plugin_1.2.6.orig.tar.bz2
2e9a92d7f27cb10bb1250912bbccdcc8 5252 xfce optional
xfce4-sensors-plugin_1.2.6-1.debian.tar.xz
acc8a361e2979f10db00ebd91ed7f9e1 116338 xfce optional
xfce4-sensors-plugin_1.2.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCgAGBQJVSnZvAAoJEG3bU/KmdcClTjcH/1ZZznOXOx6pcdYevUDht2GQ
ObMXfz4ozyYj0r1LOT0ZCt0SdvKNmZmeL7v3UpeDRfEP0EflA70wqYDSqhKVmoK6
MMIZNnyQbs+QcZZn1DnsKIUGaVnbrTNVmKvCaMyH2ueZGkWbiK8Z2jzWcxsbO9a0
dOAjnvZFWA1IyNV9h2+BncYiMAMr5b2SbuRY33ej1tzP7a9lXgJRhhgQ3iahTgFu
xRoDoaKxdNPnwcgsPy7AKwD/wVkPAUx0/B7/2moXJvuAINbGsEr7ZqSDQd44z4vf
CTYYTt8poDXpI9XV6HrijdtYrYksKjOfss3LZFYBIhynLgqyMd6N8lydVBL7DDk=
=wOhN
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-xfce-devel mailing list
Pkg-xfce-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xfce-devel