Bug#271715: even more patched.

Martin Zobel-Helas Martin Zobel-Helas <mhelas@helas.net>, 271715@bugs.debian.org
Thu, 23 Sep 2004 14:38:58 +0200 

--6sX45UoQRIJXqkqR
Content-Type: multipart/mixed; boundary="lrZ03NoBR/3+SXJZ"
Content-Disposition: inline


--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


find attached a more enhanced version of the patch.

I asked djpig to sponsor the upload for me.

Greetings
--=20
  Martin Zobel-Helas     mhelas@helas.net   or   helas@gmx.net
  http://www.helas.net      or      http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0
  .
  Please don't CC me, I am reading the lists I am posting to.

--lrZ03NoBR/3+SXJZ
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment; filename="siproxd.patch"
Content-Transfer-Encoding: quoted-printable

diff -rNu siproxd-0.57.snap040720.old/debian/changelog siproxd-0.57.snap040=
720/debian/changelog
--- siproxd-0.57.snap040720.old/debian/changelog	2004-09-23 11:48:09.000000=
000 +0200
+++ siproxd-0.57.snap040720/debian/changelog	2004-09-23 14:17:01.000000000 =
+0200
@@ -1,3 +1,13 @@
+siproxd (0.57.snap040720-1.1) unstable; urgency=3Dhigh
+
+  * NMU
+  * Fix filepermission of /etc/siproxd_passwd.cfg (closes: #271715)
+    urgency high, as we have world readable passwords.
+  * added dependency on ${misc:Depends} to get debconf
+  * added german translation of debconf message.
+
+ -- Martin Zobel-Helas <mhelas@helas.net>  Thu, 23 Sep 2004 11:54:11 +0200
+
 siproxd (0.57.snap040720-1) unstable; urgency=3Dlow
=20
   * New Upstream Release
diff -rNu siproxd-0.57.snap040720.old/debian/control siproxd-0.57.snap04072=
0/debian/control
--- siproxd-0.57.snap040720.old/debian/control	2004-09-23 11:48:09.00000000=
0 +0200
+++ siproxd-0.57.snap040720/debian/control	2004-09-23 14:14:19.000000000 +0=
200
@@ -9,7 +9,7 @@
=20
 Package: siproxd
 Architecture: any
-Depends: ${shlibs:Depends}, adduser (>=3D 3.56)
+Depends: ${shlibs:Depends}, adduser (>=3D 3.56), ${misc:Depends}=20
 Suggests: linphone | kphone | asterisk
 Description: SIP proxy/redirect/registrar=20
  Siproxd is a proxy/masquerading daemon for the SIP protocol.
diff -rNu siproxd-0.57.snap040720.old/debian/po/POTFILES.in siproxd-0.57.sn=
ap040720/debian/po/POTFILES.in
--- siproxd-0.57.snap040720.old/debian/po/POTFILES.in	1970-01-01 01:00:00.0=
00000000 +0100
+++ siproxd-0.57.snap040720/debian/po/POTFILES.in	2004-09-23 13:20:17.00000=
0000 +0200
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] siproxd.templates
diff -rNu siproxd-0.57.snap040720.old/debian/po/de.po siproxd-0.57.snap0407=
20/debian/po/de.po
--- siproxd-0.57.snap040720.old/debian/po/de.po	1970-01-01 01:00:00.0000000=
00 +0100
+++ siproxd-0.57.snap040720/debian/po/de.po	2004-09-23 13:57:36.000000000 +=
0200
@@ -0,0 +1,46 @@
+#
+#    Translators, if you are not familiar with the PO format, gettext
+#    documentation is worth reading, especially sections dedicated to
+#    this format, e.g. by running:
+#         info -n '(gettext)PO Files'
+#         info -n '(gettext)Header Entry'
+#
+#    Some information specific to po-debconf are available at
+#            /usr/share/doc/po-debconf/README-trans
+#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+#    Developers do not need to manually edit POT or PO files.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: de\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2004-09-23 13:20+0200\n"
+"PO-Revision-Date: 2004-09-23 13:20+0200\n"=20
+"Last-Translator: Martin Zobel-Helas <mhelas@helas.net>\n"
+"Language-Team: Deutsch <debian-l10n-german@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=3DISO-8859-15\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../siproxd.templates:3
+msgid "information about readable passwords"
+msgstr "Information =FCber lesbare Pa=DFw=F6rter"
+
+#. Type: note
+#. Description
+#: ../siproxd.templates:3
+msgid ""
+"siproxd up to version 0.57.snap040720-1 has the permission of /etc/"
+"siproxd_passwd.cfg set to 644. There are passwords stored in that file, s=
o "
+"if you have local users that you don't trust, you should change the "
+"passwords. I will now make the file 600."
+msgstr ""
+"In siproxd bis einschlie=DFlich zur Version 0.57.snap040720-1 ist "
+"die Dateiberechtigung f=FCr /etc/siproxd_passwd.cfg auf 644 gesetzt. "
+"Da Pa=DFw=F6rter in dieser Datei gespeichert werden, sollten Sie diese "
+"=E4ndern, falls Sie lokale Benutzer haben, denen Sie nicht vertrauen. "
+"Die Dateiberechtigung wird jetzt auf 600 gesetzt."
diff -rNu siproxd-0.57.snap040720.old/debian/po/templates.pot siproxd-0.57.=
snap040720/debian/po/templates.pot
--- siproxd-0.57.snap040720.old/debian/po/templates.pot	1970-01-01 01:00:00=
=2E000000000 +0100
+++ siproxd-0.57.snap040720/debian/po/templates.pot	2004-09-23 13:20:18.000=
000000 +0200
@@ -0,0 +1,41 @@
+#
+#    Translators, if you are not familiar with the PO format, gettext
+#    documentation is worth reading, especially sections dedicated to
+#    this format, e.g. by running:
+#         info -n '(gettext)PO Files'
+#         info -n '(gettext)Header Entry'
+#
+#    Some information specific to po-debconf are available at
+#            /usr/share/doc/po-debconf/README-trans
+#         or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+#    Developers do not need to manually edit POT or PO files.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2004-09-23 13:20+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=3DCHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: note
+#. Description
+#: ../siproxd.templates:3
+msgid "information about readable passwords"
+msgstr ""
+
+#. Type: note
+#. Description
+#: ../siproxd.templates:3
+msgid ""
+"siproxd up to version 0.57.snap040720-1 has the permission of /etc/"
+"siproxd_passwd.cfg set to 644. There are passwords stored in that file, s=
o "
+"if you have local users that you don't trust, you should change the "
+"passwords. I will now make the file 600."
+msgstr ""
diff -rNu siproxd-0.57.snap040720.old/debian/rules siproxd-0.57.snap040720/=
debian/rules
--- siproxd-0.57.snap040720.old/debian/rules	2004-09-23 11:48:09.000000000 =
+0200
+++ siproxd-0.57.snap040720/debian/rules	2004-09-23 12:48:53.000000000 +0200
@@ -9,6 +9,7 @@
 export DH_VERBOSE=3D1
 DEB_CONFIGURE_EXTRA_FLAGS :=3D--with-libosip-prefix=3D/usr
 DEB_CONFIGURE_SCRIPT_ENV +=3D LDFLAGS=3D"-lgcc_s -lnss_dns"
+DEB_FIXPERMS_EXCLUDE :=3Dsiproxd_passwd.cfg
=20
 clean::
 	dh_clean debian/man/siproxd.8
@@ -19,3 +20,4 @@
 	dh_installman -psiproxd debian/man/siproxd.8
 	mv debian/siproxd/etc/siproxd.conf.example debian/siproxd/etc/siproxd.conf
 	chmod 644 -v debian/siproxd/etc/siproxd.conf=20
+	chmod 600 -v debian/siproxd/etc/siproxd_passwd.cfg=20
diff -rNu siproxd-0.57.snap040720.old/debian/siproxd.postinst siproxd-0.57.=
snap040720/debian/siproxd.postinst
--- siproxd-0.57.snap040720.old/debian/siproxd.postinst	2004-09-23 11:48:09=
=2E000000000 +0200
+++ siproxd-0.57.snap040720/debian/siproxd.postinst	2004-09-23 14:04:39.000=
000000 +0200
@@ -1,5 +1,7 @@
 #!/bin/sh
=20
+. /usr/share/debconf/confmodule
+
 case "$1" in
   configure)
=20
@@ -9,7 +11,9 @@
 		--disabled-login --force-badname siproxd > /dev/null
         fi
=20
-	if dpkg --compare-versions "$2" ge "0.55.snap040427-1"; then
+	if dpkg --compare-versions "$2" le "0.57.snap040720-1"; then
+	    db_input high siproxd/passwords || true
+	    db_go || true
 	    chown root:siproxd /etc/siproxd.conf /etc/siproxd_passwd.cfg
 	    chmod 600 /etc/siproxd_passwd.cfg=20
 	fi
diff -rNu siproxd-0.57.snap040720.old/debian/siproxd.templates siproxd-0.57=
=2Esnap040720/debian/siproxd.templates
--- siproxd-0.57.snap040720.old/debian/siproxd.templates	1970-01-01 01:00:0=
0.000000000 +0100
+++ siproxd-0.57.snap040720/debian/siproxd.templates	2004-09-23 13:20:17.00=
0000000 +0200
@@ -0,0 +1,7 @@
+Template: siproxd/passwords
+Type: note
+_Description: information about readable passwords
+ siproxd up to version 0.57.snap040720-1 has the permission of
+ /etc/siproxd_passwd.cfg set to 644. There are passwords stored in that
+ file, so if you have local users that you don't trust, you should change
+ the passwords. I will now make the file 600.

--lrZ03NoBR/3+SXJZ--

--6sX45UoQRIJXqkqR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBUsPieSmrkPesOvARAoWrAKCQvu09DL0Ny930XagaHw7BsfCT2ACgk41N
Sy769AvYR90Y2OYytAZwyBE=
=x2U2
-----END PGP SIGNATURE-----

--6sX45UoQRIJXqkqR--