Ubuntu
blueman package

  1. Groovy (20.10)
  2. Bug #1897287
  3. Comment #13

Comment 13 for bug 1897287

Revision history for this message
cschramm (cschramm) wrote : Re: Local privilege escalation in blueman

Hi Moritz,

>> buster 2.0.8 focal 2.1.2: Add libpolkit-agent-1-dev as a build dependency
>> and make policykit-1 a mandatory runtime dependency
>
> Does that need to be accompanied with an additional flag passed to
> the configure script or will it get picked up automatically if
> libpolkit-agent-1-dev present in the build environment?

having that package around on build time is enough. There is a feature
flag but it's enabled by default (but then overridden if pkg-config does
not find the polkit-agent-1 module).

The configuration step will show "Policykit-1 Enabled: yes" at the end
and POLKIT will have a True-ish value in
usr/lib/python3/dist-packages/blueman/Constants.py.

Can we define a CRD for this that I can forward to the Launchpad bug? I
think it makes sense to publish Ubuntu and Debian fixes at the same time
and before or together with the upstream disclosure as it's rather bad
due to the missing Polkit authorization, at least for systems that use
dhcpcd.

Cheers