freenet6: chmod go-r /etc/freenet6/tspc.conf to hide passwords

Automatically imported from Debian bug report #254709 http://bugs.debian.org/254709

Message-ID: <email address hidden>
Date: Wed, 16 Jun 2004 16:51:30 +0200
From: Simon Josefsson <email address hidden>
To: <email address hidden>
Subject: freenet6: chmod go-r /etc/freenet6/tspc.conf to hide passwords

Package: freenet6
Version: 1.0-2
Severity: wishlist

Hello. I think it might be nice to make the tspc.conf file readable
only to root, since it may contain passwords. People adding a
password might forget to change permissions.

Thanks,
Simon

Message-ID: <email address hidden>
Date: Thu, 17 Jun 2004 08:46:08 +0200
From: Martin Waitz <email address hidden>
To: Simon Josefsson <email address hidden>, <email address hidden>
Subject: Re: Bug#254709: freenet6: chmod go-r /etc/freenet6/tspc.conf to hide passwords

--agiWCrAZ2JOwsdBK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi :)

On Wed, Jun 16, 2004 at 04:51:30PM +0200, Simon Josefsson wrote:
> Hello. I think it might be nice to make the tspc.conf file readable
> only to root, since it may contain passwords. People adding a
> password might forget to change permissions.

nice catch, will be in the next version.
thanks.

--=20
Martin Waitz

--agiWCrAZ2JOwsdBK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFA0Twrj/Eaxd/oD7IRAhSkAJ4xwxPoMvC7ShFrxXftPXrdkNY6bwCeMBJH
dbPKG4ynyZSgpOVI0df/cPM=
=VR7n
-----END PGP SIGNATURE-----

--agiWCrAZ2JOwsdBK--

Message-ID: <email address hidden>
Date: Tue, 7 Sep 2004 18:03:05 +0200
From: Martin Zobel-Helas <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: this is a serious security issue

--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

severity 254709 serious
tags 254709 + security
thanks

Hi,

this is not wishlist but rather serious. you have world readable passwords
sitting in /etc/freenet6/tscp.conf.

Greetings
Martin
--=20
  Martin Zobel-Helas <email address hidden> or <email address hidden>
  http://www.helas.net or http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0
  .
  Please don't CC me, I am reading the lists I am posting to.

--k1lZvvs/B4yU6o8G
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBPdu4eSmrkPesOvARAss2AKDaYQcdRlkFPPz/WwzmmWBMCUFoLACg4CzH
QOYTQGJYngZZa/aQKgTNzE0=
=nmB3
-----END PGP SIGNATURE-----

--k1lZvvs/B4yU6o8G--

Not a package we care about.

Message-ID: <email address hidden>
Date: Tue, 7 Sep 2004 18:44:40 +0200
From: Martin Waitz <email address hidden>
To: Martin Zobel-Helas <email address hidden>, <email address hidden>
Subject: Re: Bug#254709: this is a serious security issue

--87MiR7gHvrw39A9h
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi :)

On Tue, Sep 07, 2004 at 06:03:05PM +0200, Martin Zobel-Helas wrote:
> this is not wishlist but rather serious. you have world readable passwords
> sitting in /etc/freenet6/tscp.conf.

is this file really created readable on new installations?
I thought it was a leftover from previous versions.

--=20
Martin Waitz

--87MiR7gHvrw39A9h
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBPeV2j/Eaxd/oD7IRAkPKAJ47Wpt/yJuXg0d31EvFsefoTZne2gCffMNz
zrWo+YL5Zxp6JiZaAIIKAnQ=
=B0ru
-----END PGP SIGNATURE-----

--87MiR7gHvrw39A9h--

freenet6 is in supported

Message-ID: <email address hidden>
Date: Tue, 7 Sep 2004 11:58:44 -0700
From: Matt Zimmerman <email address hidden>
To: Martin Zobel-Helas <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: /etc/freenet6/tspc.conf is world readable and contains passwords

On Tue, Sep 07, 2004 at 05:54:14PM +0200, Martin Zobel-Helas wrote:

> i am not sure wether this is the right place to contact, but i found
> /etc/freenet6/tspc.conf world-readable per default on my system. Looking into
> the source package of freenet6 confirmed my fears: /etc/freenet6/tspc.conf is
> world readable. This file contains the username and the password to use to
> contact the IPv6 tunnelbroker freenet6.net.
>
> This effects both packages in woody and in sarge.
>
> I will also set #254709 to serious and tag it security.

Please forward a copy of the patch to <email address hidden> if this issue
also affects 0.9.6-1 in woody.

--
 - mdz

Message-ID: <email address hidden>
Date: Tue, 7 Sep 2004 22:35:50 +0200
From: Martin Waitz <email address hidden>
To: Martin Zobel-Helas <email address hidden>, <email address hidden>,
   <email address hidden>
Subject: Re: Bug#254709: /etc/freenet6/tspc.conf is world readable and contains passwords

--NYEXl3WhqsXurSTm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi :)

> On Tue, Sep 07, 2004 at 05:54:14PM +0200, Martin Zobel-Helas wrote:
> > i am not sure wether this is the right place to contact, but i found
> > /etc/freenet6/tspc.conf world-readable per default on my system.

arg, it is explicitly installed -m 0600 but dh_fixperms ''fixes'' that.
The fix is to add -Xtspc.conf to the dh_fixperms call in debian/rules.

On Tue, Sep 07, 2004 at 11:58:44AM -0700, Matt Zimmerman wrote:
> Please forward a copy of the patch to <email address hidden> if this is=
sue
> also affects 0.9.6-1 in woody.

confirmed, all versions are affected.

--=20
Martin Waitz

--NYEXl3WhqsXurSTm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBPhukj/Eaxd/oD7IRAofPAJ0WHiSVQ52bXxEo3MtFrFlaLmghtQCdGx8h
QlOi7qfOD1f5+AGDZ5y3QOM=
=Aw4s
-----END PGP SIGNATURE-----

--NYEXl3WhqsXurSTm--

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 09:10:32 +0200
From: Martin Waitz <email address hidden>
To: <email address hidden>
Subject: Re: Bug#254709: /etc/freenet6/tspc.conf is world readable and contains passwords

--Hy4a9G0dOYssRJVI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi :)

I won't have the possibility to upload a new version of freenet6 in the
next one or two weeks. I'd appreciate it if anybody could NMU to fix this b=
ug.

--=20
Martin Waitz

--Hy4a9G0dOYssRJVI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBPrBnj/Eaxd/oD7IRAmLUAJ9Ob8IkKox9hwn728fqg9/BlXAfBQCghCKo
qqW453zGJuvVbN4AWRsoO90=
=eyEY
-----END PGP SIGNATURE-----

--Hy4a9G0dOYssRJVI--

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 11:15:30 +0200 (CEST)
From: Fabio Massimo Di Nitto <email address hidden>
To: <email address hidden>
Subject: NMU?

Hi,
 if nobody is working on it, I will prepare the NMU, but fixing the
permission at build time is not enough. We need to change permission on
upgrades and warn the user, probably via debconf, that the password might
be compromised.

Martin do you have any objections to this change?

Fabio

--
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 11:36:19 +0200
From: Martin Zobel-Helas <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#254709: /etc/freenet6/tspc.conf is world readable and contains passwords

--s2ZSL+KKDSLx8OML
Content-Type: multipart/mixed; boundary="X1bOJ3K7DJ5YkBrT"
Content-Disposition: inline

--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tags 254709 + patch
thanks

see attached patch

--=20
  Martin Zobel-Helas <email address hidden> or <email address hidden>
  http://www.helas.net or http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0
  .
  Please don't CC me, I am reading the lists I am posting to.

--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="freenet6.patch"
Content-Transfer-Encoding: quoted-printable

diff -rNu freenet6-1.0/debian/changelog freenet6-1.0.new/debian/changelog
--- freenet6-1.0/debian/changelog 2004-09-08 10:02:16.000000000 +0200
+++ freenet6-1.0.new/debian/changelog 2004-09-08 10:14:46.000000000 +0200
@@ -1,3 +1,11 @@
+freenet6 (1.0-2.1) unstable; urgency=3Dhigh
+
+ * NMU
+ * fix permission of file /etc/freenet6/tspc.conf (Closes: #254709)
+ * added debconf-note about world-readable passwords
+
+ -- Martin Zobel-Helas <email address hidden> Wed, 8 Sep 2004 09:46:08 +0200
+
 freenet6 (1.0-2) unstable; urgency=3Dlow
=20
   * fix check in initscript, thanks Nelson Castillo (Closes: #221886)
diff -rNu freenet6-1.0/debian/control freenet6-1.0.new/debian/control
--- freenet6-1.0/debian/control 2004-09-08 10:02:16.000000000 +0200
+++ freenet6-1.0.new/debian/control 2004-09-08 10:45:47.000000000 +0200
@@ -7,7 +7,7 @@
=20
 Package: freenet6
 Architecture: any
-Depends: ${shlibs:Depends}, net-tools, iproute
+Depends: ${shlibs:Depends}, net-tools, iproute, debconf, stat | coreutils
 Suggests: radvd
 Description: Client to configure an IPv6 tunnel to freenet6
  Providing tspc, a Tunnel Server Protocol Client, this Package allows an e=
asy
diff -rNu freenet6-1.0/debian/freenet6.templates freenet6-1.0.new/debian/fr=
eenet6.templates
--- freenet6-1.0/debian/freenet6.templates 1970-01-01 01:00:00.000000000 +0=
100
+++ freenet6-1.0.new/debian/freenet6.templates 2004-09-08 11:29:30.00000000=
0 +0200
@@ -0,0 +1,10 @@
+Template: freenet6/passwords
+Type: note
+Description: information about readable passwords
+ freenet6 up to version 1.0-2 has the permissions of
+ /etc/freenet6/tspc.conf set to 644. There might be a password for=20
+ the tunnel broker link set in this file.
+ I will now make the file 600, but if you have local users that you=20
+ don't trust, you should ask Freenet6.net to change your password and
+ change it in /etc/freenet6/tspc.conf.
+
diff -rNu freenet6-1.0/debian/postinst freenet6-1.0.new/debian/postinst
--- freenet6-1.0/debian/postinst 1970-01-01 01:00:00.000000000 +0100
+++ freenet6-1.0.new/debian/postinst 2004-09-08 11:21:39.000000000 +0200
@@ -0,0 +1,14 @@
+#!/bin/sh -e
+
+. /usr/share/debconf/confmodule
+
+if [ `stat -c%a /etc/freenet6/tspc...

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 12:10:31 +0200
From: Andreas Barth <email address hidden>
To: <email address hidden>
Subject: Uploaded NMU

Hi,

I uploaded an NMU with Martins patch.

Cheers,
Andi

Sync requested

Message-Id: <email address hidden>
Date: Wed, 08 Sep 2004 06:32:09 -0400
From: Martin Zobel-Helas <email address hidden>
To: <email address hidden>
Cc: Martin Zobel-Helas <email address hidden>, Martin Waitz <email address hidden>
Subject: Fixed in NMU of freenet6 1.0-2.1

tag 254709 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 8 Sep 2004 09:46:08 +0200
Source: freenet6
Binary: freenet6
Architecture: source i386
Version: 1.0-2.1
Distribution: unstable
Urgency: high
Maintainer: Martin Waitz <email address hidden>
Changed-By: Martin Zobel-Helas <email address hidden>
Description:
 freenet6 - Client to configure an IPv6 tunnel to freenet6
Closes: 254709
Changes:
 freenet6 (1.0-2.1) unstable; urgency=high
 .
   * NMU
   * fix permission of file /etc/freenet6/tspc.conf (Closes: #254709)
   * added debconf-note about world-readable passwords
Files:
 96841aa620568d9cb884421aa37a9f9a 572 net optional freenet6_1.0-2.1.dsc
 136fc1bfe58135c9c129a8a9e50b3f3d 13765 net optional freenet6_1.0-2.1.diff.gz
 1196360cc558fdb84604e0bf33fb444b 40442 net optional freenet6_1.0-2.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iEYEARECAAYFAkE+2lYACgkQmdOZoew2oYUm3gCfRJUItANm/9g4YGC1IqewsK4K
n3kAoKQl95MPP+DyqKIjGq/w0n1hp1Du
=kaTB
-----END PGP SIGNATURE-----

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 12:58:18 +0200
From: Martin Zobel-Helas <email address hidden>
To: <email address hidden>
Subject: for woody

--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tags 254709 - fixed
tags 254709 + woody
thanks

--=20
  Martin Zobel-Helas <email address hidden> or <email address hidden>
  http://www.helas.net or http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0
  .
  Please don't CC me, I am reading the lists I am posting to.

--BOKacYhQ+x31HxR3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBPuXKeSmrkPesOvARArVOAJ4tpC4hJyj3x+aFwW/bzURlaDYnfQCg4rMS
f2qm3X3BiJML1nK42aF3Eog=
=467m
-----END PGP SIGNATURE-----

--BOKacYhQ+x31HxR3--

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 13:11:23 +0200
From: Martin Zobel-Helas <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: add tag + sarge

--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tags 254709 + sarge
thanks

To make sure we don't release buggy freenet6 with sarge.

--=20
  Martin Zobel-Helas <email address hidden> or <email address hidden>
  http://www.helas.net or http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0
  .
  Please don't CC me, I am reading the lists I am posting to.

--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBPujbeSmrkPesOvARAiDgAKD/MirTupg1wNLzJVb4uj+UPYAbfACeLNXC
U4iXYs3+fT6md0AXAC1h1yE=
=WMwq
-----END PGP SIGNATURE-----

--k+w/mQv8wyuph6w0--

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 14:00:13 +0200
From: Martin Waitz <email address hidden>
To: Martin Zobel-Helas <email address hidden>
Cc: <email address hidden>
Subject: Re: Fixed in NMU of freenet6 1.0-2.1

--1RfOVxRbNnn9f8MI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi :)

On Wed, Sep 08, 2004 at 06:32:09AM -0400, Martin Zobel-Helas wrote:
> * NMU
> * fix permission of file /etc/freenet6/tspc.conf (Closes: #254709)
> * added debconf-note about world-readable passwords

thanks for the NMU.
Is the debconf notice only displayed when the file is infact
world-readable and does include a password?
I really don't want to show any warning if there is nothing to warn
about.

--=20
Martin Waitz

--1RfOVxRbNnn9f8MI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBPvNaj/Eaxd/oD7IRAkC7AJ9ZEfGWNUq4doMNqFsWHAcpgDXN8wCfQG5D
fztmGrY0q5PxTGJqDqAbByQ=
=ao/K
-----END PGP SIGNATURE-----

--1RfOVxRbNnn9f8MI--

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 14:13:01 +0200
From: Martin Waitz <email address hidden>
To: Martin Zobel-Helas <email address hidden>
Cc: <email address hidden>
Subject: Re: Fixed in NMU of freenet6 1.0-2.1

--W/IQTGW+1SjCkQmn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi again :)

I just downloaded your NMU from incoming.d.o

could you please add something similar to
--- postinst.nmu Wed Sep 8 14:07:54 2004
+++ postinst.new Wed Sep 8 14:07:18 2004
@@ -5,7 +5,8 @@
 # this is needed to set the permissions right for upgrades from woody etc
 # afterwards, also dependency on debconf, stat | coreutils could be dropped

-if [ `stat -c%a /etc/freenet6/tspc.conf 2>/dev/null` !=3D "600" ]; then
+if [ `stat -c%a /etc/freenet6/tspc.conf 2>/dev/null` !=3D "600" -a
+ `grep ^passwd /etc/freenet6` !=3D "passwd=3D" ]; then
        db_input high freenet6/passwords || true
        db_go || true
=20

(I can't test that at the moment, sorry)

If that works, please send the complete patch to <email address hidden>
as requested by Matt Zimmerman.

and thank you very much for your help! :)

--=20
Martin Waitz

--W/IQTGW+1SjCkQmn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBPvdMj/Eaxd/oD7IRAn50AJ9N6UQuB/fJnoQBDd6Nx5UVRE44gQCff6tk
bYK98Vv66HorFYyuOZ3lnQg=
=iAzA
-----END PGP SIGNATURE-----

--W/IQTGW+1SjCkQmn--

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 14:16:55 +0200
From: Martin Zobel-Helas <email address hidden>
To: Martin Waitz <email address hidden>
Cc: <email address hidden>
Subject: Re: Fixed in NMU of freenet6 1.0-2.1

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Martin Waitz wrote:
> hi :)
>=20
> On Wed, Sep 08, 2004 at 06:32:09AM -0400, Martin Zobel-Helas wrote:
> > * NMU
> > * fix permission of file /etc/freenet6/tspc.conf (Closes: #254709)
> > * added debconf-note about world-readable passwords
>=20
> thanks for the NMU.
> Is the debconf notice only displayed when the file is infact
> world-readable and does include a password?
> I really don't want to show any warning if there is nothing to warn
> about.

currently the debconf notice is displayed only if the file is different to =
600
but even when it contains no password.

one could fix the it by adding something like:

if [ `stat -c%a /etc/freenet6/tspc.conf 2>/dev/null` !=3D "600" ]; then
        if ! [ `grep "^passwd=3D$" /etc/freenet6/tspc.conf` ]; then=20
                db_input high freenet6/passwords || true
                db_go || true
        fi
        chmod 600 /etc/freenet6/tspc.conf
fi

Greetings
Martin

--=20
  Martin Zobel-Helas <email address hidden> or <email address hidden>
  http://www.helas.net or http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0
  .
  Please don't CC me, I am reading the lists I am posting to.

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBPvg3eSmrkPesOvARAn41AJ9CoIYONw7aJcFK+/5AmQbXlsVGqwCfR10j
zqi4Ru5jFoic9TeJ9eDZoRw=
=Kfmb
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 14:53:06 +0200
From: Martin Waitz <email address hidden>
To: Martin Zobel-Helas <email address hidden>
Cc: <email address hidden>
Subject: Re: Fixed in NMU of freenet6 1.0-2.1

--KtWcatouGV9Nk9BU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi :)

On Wed, Sep 08, 2004 at 02:16:55PM +0200, Martin Zobel-Helas wrote:
> if [ `stat -c%a /etc/freenet6/tspc.conf 2>/dev/null` !=3D "600" ]; then
> if ! [ `grep "^passwd=3D$" /etc/freenet6/tspc.conf` ]; then=20
> db_input high freenet6/passwords || true
> db_go || true
> fi
> chmod 600 /etc/freenet6/tspc.conf
> fi

that looks great!
could you please include that check in a new upload
(and pass on a patch to the security team, as requested)

thanks a lot!

--=20
Martin Waitz

--KtWcatouGV9Nk9BU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBPwCxj/Eaxd/oD7IRAnBXAJsHahEfgWaGccaaWjFPadKIfDe82QCdFhx3
yE1WldBcIcIGwzENbRD+4zk=
=0emu
-----END PGP SIGNATURE-----

--KtWcatouGV9Nk9BU--

Message-ID: <email address hidden>
Date: Wed, 8 Sep 2004 16:05:17 +0200
From: Martin Zobel-Helas <email address hidden>
To: Martin Waitz <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: Fixed in NMU of freenet6 1.0-2.1

--FkmkrVfFsRoUs1wW
Content-Type: multipart/mixed; boundary="PEIAKu/WMn1b1Hv9"
Content-Disposition: inline

--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Martin Waitz wrote:
> If that works, please send the complete patch to <email address hidden>
> as requested by Matt Zimmerman.
>=20
>=20
> and thank you very much for your help! :)

Hi,

here comes the full patch for the NMU (including first and second NMU), whi=
ch=20
was adjusted on the wish of the maintainer.

Greetings
Martin

--=20
  Martin Zobel-Helas <email address hidden> or <email address hidden>
  http://www.helas.net or http://mhelas.blogspot.com
  GPGKey-Fingerprint: 14744CACEF5CECFAE29E2CB17929AB90F7AC3AF0
  .
  Please don't CC me, I am reading the lists I am posting to.

--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="freenet6.patch"
Content-Transfer-Encoding: quoted-printable

diff -rNu freenet6-1.0/debian/changelog freenet6-1.0.new/debian/changelog
--- freenet6-1.0/debian/changelog 2004-09-08 10:02:16.000000000 +0200
+++ freenet6-1.0.new/debian/changelog 2004-09-08 15:40:24.000000000 +0200
@@ -1,3 +1,18 @@
+freenet6 (1.0-2.2) unstable; urgency=3Dhigh
+
+ * NMU
+ * modified postinst to only display debconf notice when password is not =
empty
+
+ -- Martin Zobel-Helas <email address hidden> Wed, 8 Sep 2004 15:23:28 +0200
+
+freenet6 (1.0-2.1) unstable; urgency=3Dhigh
+
+ * NMU
+ * fix permission of file /etc/freenet6/tspc.conf (Closes: #254709)
+ * added debconf-note about world-readable passwords
+
+ -- Martin Zobel-Helas <email address hidden> Wed, 8 Sep 2004 09:46:08 +0200
+
 freenet6 (1.0-2) unstable; urgency=3Dlow
=20
   * fix check in initscript, thanks Nelson Castillo (Closes: #221886)
diff -rNu freenet6-1.0/debian/control freenet6-1.0.new/debian/control
--- freenet6-1.0/debian/control 2004-09-08 10:02:16.000000000 +0200
+++ freenet6-1.0.new/debian/control 2004-09-08 10:45:47.000000000 +0200
@@ -7,7 +7,7 @@
=20
 Package: freenet6
 Architecture: any
-Depends: ${shlibs:Depends}, net-tools, iproute
+Depends: ${shlibs:Depends}, net-tools, iproute, debconf, stat | coreutils
 Suggests: radvd
 Description: Client to configure an IPv6 tunnel to freenet6
  Providing tspc, a Tunnel Server Protocol Client, this Package allows an e=
asy
diff -rNu freenet6-1.0/debian/freenet6.templates freenet6-1.0.new/debian/fr=
eenet6.templates
--- freenet6-1.0/debian/freenet6.templates 1970-01-01 01:00:00.000000000 +0=
100
+++ freenet6-1.0.new/debian/freenet6.templates 2004-09-08 11:29:30.00000000=
0 +0200
@@ -0,0 +1,10 @@
+Template: freenet6/passwords
+Type: note
+Description: information about readable passwords
+ freenet6 up to version 1.0-2 has the permissions of
+ /etc/freenet6/tspc.conf set to 644. There might be a password for=20
+ the tunnel broker link set in this file.
+ I will n...

It looks like the maintainer has made further adjustments to his fix; which one
do we want?

sync requested

sync complete

Message-ID: <email address hidden>
Date: Mon, 13 Sep 2004 23:24:15 +0200
From: Martin Schulze <email address hidden>
To: Martin Zobel-Helas <email address hidden>
Cc: Martin Waitz <email address hidden>, <email address hidden>,
 <email address hidden>
Subject: Re: Fixed in NMU of freenet6 1.0-2.1

Martin Zobel-Helas wrote:
> Martin Waitz wrote:
> > If that works, please send the complete patch to <email address hidden>
> > as requested by Matt Zimmerman.
> >
> >
> > and thank you very much for your help! :)
>
> Hi,
>
> here comes the full patch for the NMU (including first and second NMU), which
> was adjusted on the wish of the maintainer.

Please mention CAN-2004-0563 in the changelog so we can track this isssssue
more easily.

Regards,

 Joey

--
No question is too silly to ask, but, of course, some are too silly
to answer. -- Perl book

Please always Cc to me when replying to me on the lists.

Message-ID: <email address hidden>
Date: Tue, 14 Sep 2004 03:58:45 -0700
From: Steve Langasek <email address hidden>
To: <email address hidden>
Subject: Re: freenet6: chmod go-r /etc/freenet6/tspc.conf to hide passwords

tags 254709 - sarge
thanks

The fixed package has reached testing.

--
Steve Langasek
postmodern programmer

Message-Id: <email address hidden>
Date: Sun, 19 Dec 2004 00:44:22 -0500
From: Martin Waitz <email address hidden>
To: <email address hidden>
Cc: Martin Waitz <email address hidden>
Subject: Fixed in upload of tspc 2.1.1-1 to experimental

tag 113325 + fixed-in-experimental
tag 254709 + fixed-in-experimental
tag 270480 + fixed-in-experimental
tag 271947 + fixed-in-experimental
tag 274864 + fixed-in-experimental
tag 280029 + fixed-in-experimental

quit

This message was generated automatically in response to an
upload to the experimental distribution. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 5 Oct 2004 23:56:32 +0200
Source: tspc
Binary: freenet6 tspc
Architecture: source i386 all
Version: 2.1.1-1
Distribution: experimental
Urgency: low
Maintainer: Martin Waitz <email address hidden>
Changed-By: Martin Waitz <email address hidden>
Description:
 freenet6 - IPv6 tunnel to freenet6 (transitional package)
 tspc - Client to configure an IPv6 tunnel to freenet6
Closes: 113325 254709 270480 271947 274864 280029
Changes:
 tspc (2.1.1-1) experimental; urgency=low
 .
   * New upstream release (Closes: #274864, #270480)
     - has a daemon mode to renew tunnel (Closes: #113325)
     - creates 2000/3 route (Closes: #280029)
   * use po-debconf (thanks Martin Quinson) (Closes: #271947)
   * use CDBS and quilt for packaging
   * Acknowlege NMU, thanks Martin -- CAN-2004-0563 (Closes: #254709)
Files:
 7ffe7c13fefe56c059af42b9265a748d 574 net optional tspc_2.1.1-1.dsc
 65183cae002feaacd8bc92d6a5404cc2 1745514 net optional tspc_2.1.1.orig.tar.gz
 c36e3678c77ddb2dd89b39027cda943b 10034 net optional tspc_2.1.1-1.diff.gz
 9109949d3e5cc4e03c71d5493ff5982d 4276 net optional freenet6_2.1.1-1_all.deb
 7d0921633c19da04f2c85ab77515f9a2 41718 net optional tspc_2.1.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBrlR5j/Eaxd/oD7IRArNgAJ9KRp+PWHW46Y0zuLJmzW+aXrSe3ACfR6N6
TQdRvcgS8vd014d4aj9OnQA=
=G5Rx
-----END PGP SIGNATURE-----

Message-ID: <email address hidden>
Date: Fri, 24 Dec 2004 21:25:56 +0100
From: Martin Waitz <email address hidden>
To: <email address hidden>, <email address hidden>,
 <email address hidden>, <email address hidden>,
 <email address hidden>, <email address hidden>
Subject: Fixed with new upstream version.

hoi :)

tspc 2.1.1-2 has entered unstable fixing all those bugs.
For details, see the Changelogs for 2.1.1-1

--=20
Martin Waitz