Re: CVE against the fwknop package
Le 11/11/2012 17:20, Julien Cristau a écrit : On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? Go ahead. Done. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50a9e0f4.4040...@debian.org
Re: CVE against the fwknop package
On Mon, Nov 19, 2012 at 08:34:12 +0100, Franck Joncourt wrote: Le 11/11/2012 17:20, Julien Cristau a écrit : On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? Go ahead. Done. Approve hint added. Cheers, Julien signature.asc Description: Digital signature
Re: CVE against the fwknop package
On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? Go ahead. Cheers, Julien signature.asc Description: Digital signature
Re: CVE against the fwknop package
Hi all, Le 16/10/2012 08:34, Franck Joncourt a écrit : Le 15/10/2012 22:19, Julien Cristau a écrit : On Mon, Oct 15, 2012 at 21:32:53 +0200, Franck Joncourt wrote: Le 15/10/2012 19:31, Julien Cristau a écrit : On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? I'm afraid that's not going to work while the sid version ftbfs... Ok, I wanted it to go through wheezy but, I will check to fix the FTBS on MIPS before then. Actually I'm told the tpu upload should work, so nevermind. In fact, the MIPs problem may come from a new feature in the client program (use of getenv but not sure) but it is up to you. Ok. Let me know if you want me to change things in the patches and confirm me whether I can upload to testing-proposed-updates or not. Is there a chance to upload the package to testing-proposed-updates ? Regards, Franck -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/508260fd.2030...@debian.org
Re: CVE against the fwknop package
Hi Julien, Le 15/10/2012 22:19, Julien Cristau a écrit : On Mon, Oct 15, 2012 at 21:32:53 +0200, Franck Joncourt wrote: Le 15/10/2012 19:31, Julien Cristau a écrit : On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? I'm afraid that's not going to work while the sid version ftbfs... Ok, I wanted it to go through wheezy but, I will check to fix the FTBS on MIPS before then. Actually I'm told the tpu upload should work, so nevermind. In fact, the MIPs problem may come from a new feature in the client program (use of getenv but not sure) but it is up to you. Ok. Let me know if you want me to change things in the patches and confirm me whether I can upload to testing-proposed-updates or not. Regards, Franck -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/507cfff8.9020...@debian.org
Re: CVE against the fwknop package
Hi, Le 11/10/2012 00:15, Adam D. Barratt a écrit : On 10.10.2012 20:29, Franck Joncourt wrote: I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. I assume you meant wheezy here? squeeze has 1.9. Yes, I meant wheezy :) Sorry for the mistake. Any news about the possibility to upload the package? Regards, -- Franck -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/507c1b44.1030...@debian.org
Re: CVE against the fwknop package
On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? I'm afraid that's not going to work while the sid version ftbfs... Cheers, Julien signature.asc Description: Digital signature
Re: CVE against the fwknop package
On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? The diff looks mostly ok, though checking for S_ISLNK from stat(2) seems useless, and I'm not quite sure why the chmod is done *after* writing the config file rather than upfront. Cheers, Julien signature.asc Description: Digital signature
Re: CVE against the fwknop package
Le 15/10/2012 19:31, Julien Cristau a écrit : On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? I'm afraid that's not going to work while the sid version ftbfs... Ok, I wanted it to go through wheezy but, I will check to fix the FTBS on MIPS before then. Regards, Franck -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/507c64e5.9050...@debian.org
Re: CVE against the fwknop package
[...] The diff looks mostly ok, though checking for S_ISLNK from stat(2) seems useless, and I'm not quite sure why the chmod is done *after* writing the config file rather than upfront. I have added the patches to fix the permission issues as done per upstream but keeping in mind no to change too much things on my own. I have also updated the patches to make it works against the rc2 but just a bit. For the client, the permissions should not be overwritten at the end of the function but rather set when created as you mentionned : I think you are right. For the S_ISLNK, I have to check further. I am going to check all that and try to make the 2.0.3 release build on MIPs. Regards, Franck -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/507c6843.3000...@debian.org
Re: CVE against the fwknop package
On Mon, Oct 15, 2012 at 21:32:53 +0200, Franck Joncourt wrote: Le 15/10/2012 19:31, Julien Cristau a écrit : On Wed, Oct 10, 2012 at 21:29:18 +0200, Franck Joncourt wrote: Hi, I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. The new package will be named fwknop_2.0.0rc2-2+deb7u1.dsc. It is targetted for the testing-proposed-updates with urgency set to high. Can someone check the update so that I can upload the package? I'm afraid that's not going to work while the sid version ftbfs... Ok, I wanted it to go through wheezy but, I will check to fix the FTBS on MIPS before then. Actually I'm told the tpu upload should work, so nevermind. Cheers, Julien signature.asc Description: Digital signature
Re: CVE against the fwknop package
Hi Adam, Le 11/10/2012 00:15, Adam D. Barratt a écrit : On 10.10.2012 20:29, Franck Joncourt wrote: I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. I assume you meant wheezy here? squeeze has 1.9. Yes, I meant wheezy :) Sorry for the mistake. Regards, -- Franck -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50766d25.1090...@debian.org
Re: CVE against the fwknop package
On 10.10.2012 20:29, Franck Joncourt wrote: I have prepared an upload for squeeze to fix the CVEs against the 2.0.0rc2 release. I have enclosed a debdiff. I assume you meant wheezy here? squeeze has 1.9. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/afe74f253ff4ebaf199bdda6514b9...@mail.adsl.funky-badger.org