[Pkg-ltsp-devel] #469462: X access wide open on LTSP clients

vagrant at freegeek.org vagrant at freegeek.org
Mon Mar 17 21:23:30 UTC 2008


On Mon, Mar 17, 2008 at 08:30:44PM +0100, Nico Golde wrote:
> * vagrant at freegeek.org <vagrant at freegeek.org> [2008-03-17 20:25]:
> > On Mon, Mar 17, 2008 at 06:05:13PM +0100, Nico Golde wrote:
> > > * vagrant at freegeek.org <vagrant at freegeek.org> [2008-03-17 17:50]:

> > so that's 3 proposed patches:
> > 
> > * the security bugfix
> > * patching to not conflict with ltspfs
> > * adding the attached script as /usr/lib/ltsp/screen.d/ldm
> > 
> > the security patch will actually need changes to the upstream source;
> > i'm most familiar with using dpatch.
> > 
> > let me know which to include, and i can prepare and test an upload.
> 
> Looking at your arguing every patch seems to be fine with 
> me. 

> About the conflict patch. Is this conflict already present in testing
> or not? If yes please do not include the fix because we want to keep
> the changes as minimal as possible regarding the security issue and if
> no please go ahead include it in the package.

maybe i'm misinterpreting what you're saying, but it seems a little
backwards from what i would think...

the conflicting package is ltspfs (same version in testing and
unstable), and conflicts on versions of ldm equal to or less than the
version in testing(2:0.1~bzr20071217-1).  so, when uploading a newer
version, i believe it would either be required to apply the fix (by not
installing the files causing the conflict), or to add a reverse
conflicts on ltspfs. without fixing the conflict, it's in a similar boat
as the added script- it makes ltsp-client uninstallable.

i'll prepare an upload with all included, but hold off on uploading
until i can confirm all three are ok.

live well,
  vagrant



More information about the Pkg-ltsp-devel mailing list