Your message dated Wed, 25 Jun 2025 07:19:08 +0000
with message-id <e1uukpu-00deeo...@fasolo.debian.org>
and subject line Bug#1094257: fixed in bluez 5.83-1~exp1
has caused the Debian Bug report #1094257,
regarding Do not start mpris-proxy for root user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1094257: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094257
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bluez
Version: 5.79-1
Severity: important
X-Debbugs-Cc: aeru...@aerusso.net
Dear maintainer,
A default installation of bluez results in the systemd user unit
mpris-proxy.service being started for all users---including root.
This unnecessarily exposes root to any security vulnerability in
mpris-proxy.
Please consider the following trivial patch that changes this
default behavior.
Best,
Antonio Russo
From d9e02494e661109607c073968fa352c1397a1ffb Mon Sep 17 00:00:00 2001
From: Antonio Enrico Russo <aeru...@aerusso.net>
Date: Sun, 26 Jan 2025 08:00:26 -0700
Subject: [PATCH] Do not start mpris-proxy for root user
A default installation of bluez results in the systemd user unit
mpris-proxy.service being started for all users---including root.
This unnecessarily exposes root to any security vulnerability in
mpris-proxy.
Inhibit this default behavior by using ConditionUser=!root.
Signed-off-by: Antonio Enrico Russo <aeru...@aerusso.net>
---
tools/mpris-proxy.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in
index 5307490..118ed6e 100644
--- a/tools/mpris-proxy.service.in
+++ b/tools/mpris-proxy.service.in
@@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1)
Wants=dbus.socket
After=dbus.socket
+ConditionUser=!root
[Service]
Type=simple
--
2.48.1
OpenPGP_0x72DB026E04C1C768.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: bluez
Source-Version: 5.83-1~exp1
Done: Nobuhiro Iwamatsu <iwama...@debian.org>
We believe that the bug you reported is fixed in the latest version of
bluez, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1094...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nobuhiro Iwamatsu <iwama...@debian.org> (supplier of updated bluez package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Jun 2025 06:44:40 +0900
Source: bluez
Architecture: source
Version: 5.83-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Bluetooth Maintainers <team+pkg-blueto...@tracker.debian.org>
Changed-By: Nobuhiro Iwamatsu <iwama...@debian.org>
Closes: 1094257
Changes:
bluez (5.83-1~exp1) experimental; urgency=medium
.
* New upstream version 5.83.
* d/patches: Update Fix-typo.patch
* debian/bluez.manpages: Install man7/mgmt.7
* d/control: Bumped Standards-Version to 4.7.2
.
[Salvatore Bonaccorso]
* Do not start mpris-proxy for system users (Closes: #1094257)
Checksums-Sha1:
0a2e62539134b30acd4e088563d31d4a75219909 2888 bluez_5.83-1~exp1.dsc
ce23c80b88b9137eaa71e327e790c78de1c62933 3731106 bluez_5.83.orig.tar.gz
8e8c04945cd9db65de43bf19ea7fc9e2a2f1d8d0 44924 bluez_5.83-1~exp1.debian.tar.xz
f36b2a32a392d298d89220f64383b4de8bfd5477 17185
bluez_5.83-1~exp1_amd64.buildinfo
Checksums-Sha256:
47e9758d8de12f52742eb91d25719fe91df97f42dc4800b47677ebc5afadcbf6 2888
bluez_5.83-1~exp1.dsc
024d7dc74e7d9a240c081d1f040f77ab7032e629836b82ebb23327420185dc09 3731106
bluez_5.83.orig.tar.gz
7ec4a3434350b09ec9c720fb6d7d99726e0470f98d759fbbffcc5ba4315cb9b2 44924
bluez_5.83-1~exp1.debian.tar.xz
643390beaf0a9aa7fb586b86e8fd04de1b64e5063b853dab00d0df3ba8bd7266 17185
bluez_5.83-1~exp1_amd64.buildinfo
Files:
1b80a7b7176eab4c488f652e9ecf9229 2888 admin optional bluez_5.83-1~exp1.dsc
7b33f7884f6ebace2bf5ada8ed05fd0d 3731106 admin optional bluez_5.83.orig.tar.gz
34ac39e6b470d79e4459b6b3e05f9263 44924 admin optional
bluez_5.83-1~exp1.debian.tar.xz
7de3154c127083b5952e218937aacd29 17185 admin optional
bluez_5.83-1~exp1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXmKe5SMhlzV7hM9DMiR/u0CtH6YFAmhbhkAACgkQMiR/u0Ct
H6bzsQ/8DmtCQGPG1viPsMc18Jtl+Ubyl25Er2tTX8IchQVJKPuqHKQZrnzMybn9
uhU+/3Xqps9szD188BHVp1gSxFQbvVnh56jzuMk59ssrucygi+xtj7TIec7bb0eq
shTyPi3fbFCkHVxjNXBOfVmnaoiGzuwOs7h7smUcZwdxS73h6bgDqz8qSZcdB5da
rcUVwzcNCwKCUUpGpvr9cSqf5p7puBlAnmQGe4l+R/1q+QivToqGD01PAuJeOsoS
WhLPBuZYmyORVr8xnE8hEFzjr87pZ1vQcduWF4wmaoVRU7s/4ukE/j5dPMxSWdjr
YHTFOP+FYmxzvsxDFN2SIaT3Cc880MFR4XjZc3bAAR1ntDLU2yo4HgEXGJ47LQae
Dl58o94IJeUrvDBw584L8FEkj97HDgeFgVSh0nFm05Wj2s9XwIpdE8S1LSyKQdVw
8BqsctDCQaQTwU5dOTYH3dwnL3x4XiAKvkFPd70Ls4wTPmftMZx8UJOH83hRJcNG
y8h2l1QnAQ3AdVo1yJu5ZmR4Po62ZBNpBdZgS5OglCrAFPVldKi8lCpRiO6YJSaq
WDS7aRPpGFwL7WlUkas2xbrqWHcpVQ5S1TW0tO3DXmbFUo22xZottEoAH8Tan8iX
9YrJfxIidDZrrNAKFhUwkzGc3OM5JSTGHURjtmSTjMgubKTFm5E=
=JtcN
-----END PGP SIGNATURE-----
pgp1iJFQDxkML.pgp
Description: PGP signature
--- End Message ---
