Bug#271715: updated patch

Martin Zobel-Helas Martin Zobel-Helas <mhelas@helas.net>, 271715@bugs.debian.org
Thu, 23 Sep 2004 12:58:31 +0200


--KFztAG8eRSV9hGtP
Content-Type: multipart/mixed; boundary="UlVJffcvxoiEqYs2"
Content-Disposition: inline


--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

attached an updated version of the patch for siproxd.

Greetings
Martin



--=20
  Martin Zobel-Helas     mhelas@helas.net   or   helas@gmx.net
  http://www.helas.net      or      http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0
  .
  Please don't CC me, I am reading the lists I am posting to.

--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="siproxd.patch"
Content-Transfer-Encoding: quoted-printable

diff -rNu siproxd-0.57.snap040720.old/debian/changelog siproxd-0.57.snap040=
720/debian/changelog
--- siproxd-0.57.snap040720.old/debian/changelog	2004-09-23 11:48:09.000000=
000 +0200
+++ siproxd-0.57.snap040720/debian/changelog	2004-09-23 11:58:17.000000000 =
+0200
@@ -1,3 +1,11 @@
+siproxd (0.57.snap040720-1.1) unstable; urgency=3Dhigh
+
+  * NMU
+  * Fix filepermission of /etc/siproxd.conf (closes: #271715)
+    urgency high, as we have world readable passwords.
+
+ -- Martin Zobel-Helas <mhelas@helas.net>  Thu, 23 Sep 2004 11:54:11 +0200
+
 siproxd (0.57.snap040720-1) unstable; urgency=3Dlow
=20
   * New Upstream Release
diff -rNu siproxd-0.57.snap040720.old/debian/control siproxd-0.57.snap04072=
0/debian/control
--- siproxd-0.57.snap040720.old/debian/control	2004-09-23 11:48:09.00000000=
0 +0200
+++ siproxd-0.57.snap040720/debian/control	2004-09-23 12:35:48.000000000 +0=
200
@@ -9,7 +9,7 @@
=20
 Package: siproxd
 Architecture: any
-Depends: ${shlibs:Depends}, adduser (>=3D 3.56)
+Depends: ${shlibs:Depends}, adduser (>=3D 3.56),  debconf
 Suggests: linphone | kphone | asterisk
 Description: SIP proxy/redirect/registrar=20
  Siproxd is a proxy/masquerading daemon for the SIP protocol.
diff -rNu siproxd-0.57.snap040720.old/debian/rules siproxd-0.57.snap040720/=
debian/rules
--- siproxd-0.57.snap040720.old/debian/rules	2004-09-23 11:48:09.000000000 =
+0200
+++ siproxd-0.57.snap040720/debian/rules	2004-09-23 11:53:10.000000000 +0200
@@ -9,6 +9,7 @@
 export DH_VERBOSE=3D1
 DEB_CONFIGURE_EXTRA_FLAGS :=3D--with-libosip-prefix=3D/usr
 DEB_CONFIGURE_SCRIPT_ENV +=3D LDFLAGS=3D"-lgcc_s -lnss_dns"
+DEB_FIXPERMS_EXCLUDE :=3Dsiproxd_passwd.cfg
=20
 clean::
 	dh_clean debian/man/siproxd.8
@@ -19,3 +20,4 @@
 	dh_installman -psiproxd debian/man/siproxd.8
 	mv debian/siproxd/etc/siproxd.conf.example debian/siproxd/etc/siproxd.conf
 	chmod 644 -v debian/siproxd/etc/siproxd.conf=20
+	chmod 600 -v debian/siproxd/etc/siproxd_passwd.cfg=20
diff -rNu siproxd-0.57.snap040720.old/debian/siproxd.postinst siproxd-0.57.=
snap040720/debian/siproxd.postinst
--- siproxd-0.57.snap040720.old/debian/siproxd.postinst	2004-09-23 11:48:09=
=2E000000000 +0200
+++ siproxd-0.57.snap040720/debian/siproxd.postinst	2004-09-23 12:34:58.000=
000000 +0200
@@ -1,5 +1,7 @@
 #!/bin/sh
=20
+. /usr/share/debconf/confmodule
+
 case "$1" in
   configure)
=20
@@ -9,7 +11,9 @@
 		--disabled-login --force-badname siproxd > /dev/null
         fi
=20
-	if dpkg --compare-versions "$2" ge "0.55.snap040427-1"; then
+	if dpkg --compare-versions "$2" le "0.55.snap040427-1"; then
+	    db_input high siproxd/passwords || true
+	    db_go || true
 	    chown root:siproxd /etc/siproxd.conf /etc/siproxd_passwd.cfg
 	    chmod 600 /etc/siproxd_passwd.cfg=20
 	fi
diff -rNu siproxd-0.57.snap040720.old/debian/siproxd.templates siproxd-0.57=
=2Esnap040720/debian/siproxd.templates
--- siproxd-0.57.snap040720.old/debian/siproxd.templates	1970-01-01 01:00:0=
0.000000000 +0100
+++ siproxd-0.57.snap040720/debian/siproxd.templates	2004-09-23 12:22:40.00=
0000000 +0200
@@ -0,0 +1,7 @@
+Template: siproxd/passwords
+Type: note
+Description: information about readable passwords
+ siproxd up to version 0.57.snap040720-1 has the permission of=20
+ /etc/siproxd_passwd.cfg set to 644. There are passwords stored in that
+ file, so if you have local users that you don't trust, you should change
+ the passwords. I will now make the file 600.

--UlVJffcvxoiEqYs2--

--KFztAG8eRSV9hGtP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBUqxXeSmrkPesOvARAl8HAJ4t21SKhv9RJTYbXxQbSMj7Vw1G6QCgx/zb
MnhXlLVsdYIhhm0Q10Q8FpQ=
=R2+T
-----END PGP SIGNATURE-----

--KFztAG8eRSV9hGtP--