[Pkg-kde-commits] rev 339 - in branches/kde-3.3.2/kdenetwork/debian: . patches
Christopher Martin
chrsmrtn-guest@haydn.debian.org
Sat, 18 Dec 2004 10:32:51 -0700
Author: chrsmrtn-guest
Date: 2004-12-18 10:31:58 -0700 (Sat, 18 Dec 2004)
New Revision: 339
Added:
branches/kde-3.3.2/kdenetwork/debian/patches/10_kppp_options.diff
Removed:
branches/kde-3.3.2/kdenetwork/debian/patches/10_pppdargs.diff
Modified:
branches/kde-3.3.2/kdenetwork/debian/changelog
branches/kde-3.3.2/kdenetwork/debian/control
branches/kde-3.3.2/kdenetwork/debian/kppp.README.Debian
branches/kde-3.3.2/kdenetwork/debian/kppp.install
branches/kde-3.3.2/kdenetwork/debian/rules
Log:
Add kppp patches to kdenetwork. They are tested.
Modified: branches/kde-3.3.2/kdenetwork/debian/changelog
===================================================================
--- branches/kde-3.3.2/kdenetwork/debian/changelog 2004-12-18 15:29:12 UTC (rev 338)
+++ branches/kde-3.3.2/kdenetwork/debian/changelog 2004-12-18 17:31:58 UTC (rev 339)
@@ -1,4 +1,4 @@
-kdenetwork (4:3.3.2-0pre1) unstable; urgency=low
+kdenetwork (4:3.3.2-1~pre1) unstable; urgency=low
* New upstream release.
@@ -10,8 +10,16 @@
* debian/patches:
- dropped 11_kget.diff, fix included upstream.
- -- Adeodato Simó <asp16@alu.ua.es> Sat, 18 Dec 2004 13:58:28 +0100
+ * kppp overhaul: replace utterly broken 10_pppdargs.diff patch
+ with 10_kppp_options.diff. kppp now SUID. To connect with kppp,
+ users must now uncomment #noauth in /etc/ppp/peers/kppp-options,
+ and be part of the dip group. No editing of ppp config files,
+ pap/chap-secrets, etc. required. Updated the kppp
+ README.Debian to explain these changes and their security
+ implications. (Closes: #126406, #203318) [CM]
+ -- Adeodato Simó <asp16@alu.ua.es> Fri, 17 Dec 2004 03:12:18 +0100
+
kdenetwork (4:3.3.1-2) unstable; urgency=low
* reapply kget patch, Closes: #280616
Modified: branches/kde-3.3.2/kdenetwork/debian/control
===================================================================
--- branches/kde-3.3.2/kdenetwork/debian/control 2004-12-18 15:29:12 UTC (rev 338)
+++ branches/kde-3.3.2/kdenetwork/debian/control 2004-12-18 17:31:58 UTC (rev 339)
@@ -137,8 +137,7 @@
Package: kppp
Section: net
Architecture: any
-Depends: ${shlibs:Depends}
-Recommends: ppp
+Depends: ${shlibs:Depends}, ppp
Suggests: khelpcenter
Description: KDE dialer and frontend to pppd
KDE is a powerful Open Source graphical desktop environment for Unix
Modified: branches/kde-3.3.2/kdenetwork/debian/kppp.README.Debian
===================================================================
--- branches/kde-3.3.2/kdenetwork/debian/kppp.README.Debian 2004-12-18 15:29:12 UTC (rev 338)
+++ branches/kde-3.3.2/kdenetwork/debian/kppp.README.Debian 2004-12-18 17:31:58 UTC (rev 339)
@@ -2,20 +2,16 @@
==========================
In order to actually use kppp you must first be a part of the "dip" group.
-This is the same for using PPP in general on Debian. If you are not a part
-of this group you will not be able to actually run pppd or setup proper
-connections.
+This is the standard for using ppp in general with Debian. If you are not a
+member of this group, you will not be able to run pppd or setup connections.
+Furthermore, kppp requires that the ppp daemon be run with the "noauth"
+option. However, pppd's default setting, in /etc/ppp/options, is "auth",
+and for security reasons it should remain so. To work around this problem,
+uncomment "noauth" in /etc/ppp/peers/kppp-options. You should then be able
+to connect.
-kppp and immediate disconnects
-==============================
-
-In order for kppp to properly work you must set "noauth" in /etc/ppp/options.
-Keep in mind that you main have /etc/ppp/options.ttyS0 (For example) so make
-sure you change it in the proper (all?) file.
-
-The default is "auth" so if you don't change this most likely you'll connect
-and end up just getting a disconnect shortly after.
-
-
-- Ivan E. Moore II <rkrusty@debian.org>
+Note that if "noauth" is uncommented, a setting of "noauth" in
+/etc/ppp/options will conflict with kppp. Note also that uncommenting
+"noauth" opens the possibility that other malicious members of the "dip"
+group could now potentially abuse the ppp daemon with the "noauth" option.
Modified: branches/kde-3.3.2/kdenetwork/debian/kppp.install
===================================================================
--- branches/kde-3.3.2/kdenetwork/debian/kppp.install 2004-12-18 15:29:12 UTC (rev 338)
+++ branches/kde-3.3.2/kdenetwork/debian/kppp.install 2004-12-18 17:31:58 UTC (rev 339)
@@ -1,3 +1,4 @@
+debian/tmp/etc/ppp/peers/kppp-options
debian/tmp/usr/bin/kppp
debian/tmp/usr/bin/kppplogview
debian/tmp/usr/share/applications/kde/Kppp.desktop
Added: branches/kde-3.3.2/kdenetwork/debian/patches/10_kppp_options.diff
===================================================================
--- branches/kde-3.3.2/kdenetwork/debian/patches/10_kppp_options.diff 2004-12-18 15:29:12 UTC (rev 338)
+++ branches/kde-3.3.2/kdenetwork/debian/patches/10_kppp_options.diff 2004-12-18 17:31:58 UTC (rev 339)
@@ -0,0 +1,10 @@
+--- kdenetwork-orig/kppp/connect.cpp
++++ kdenetwork-patched/kppp/connect.cpp
+@@ -1253,6 +1253,7 @@
+ command += " " + gpppdata.speed();
+
+ command += " -detach";
++ command += " call kppp-options";
+
+ if(gpppdata.ipaddr() != "0.0.0.0" ||
+ gpppdata.gateway() != "0.0.0.0") {
Deleted: branches/kde-3.3.2/kdenetwork/debian/patches/10_pppdargs.diff
Modified: branches/kde-3.3.2/kdenetwork/debian/rules
===================================================================
--- branches/kde-3.3.2/kdenetwork/debian/rules 2004-12-18 15:29:12 UTC (rev 338)
+++ branches/kde-3.3.2/kdenetwork/debian/rules 2004-12-18 17:31:58 UTC (rev 339)
@@ -161,10 +161,16 @@
cd $(objdir) && \
$(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
+ # Create special ppp config file for kppp
+ mkdir -p debian/tmp/etc/ppp/peers
+ echo "#noauth" > debian/tmp/etc/ppp/peers/kppp-options
+
# kppp permissions
chown root:dip debian/tmp/usr/bin/kppp*
- chmod 2754 debian/tmp/usr/bin/kppp
+ chown root:dip debian/tmp/etc/ppp/peers/kppp-options
+ chmod 4754 debian/tmp/usr/bin/kppp
chmod 0754 debian/tmp/usr/bin/kppplogview
+ chmod 0640 debian/tmp/etc/ppp/peers/kppp-options
#chmod 4755 debian/tmp/usr/sbin/reslisa
@@ -206,7 +212,7 @@
dh_link
dh_strip
dh_compress -X.bz2 -X.css -X.dcl -X.docbook -X-license -X.tag
- dh_fixperms -Xusr/bin/kppp -Xusr/bin/kppplogview
+ dh_fixperms -Xusr/bin/kppp -Xusr/bin/kppplogview -Xetc/ppp/peers/kppp-options
dh_perl
# dh_python
env DH_COMPAT=3 dh_makeshlibs -V