Bug#780272: unblock (pre-approval): uif/1.1.4-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please consider unblocking planned upload of package uif.
+ * debian/po:
+ + Add nl.po. Thanks to Frans Spiesschaert! (Closes: #767285).
-> Probably not appropriate anymore at this time of the freeze(?).
+ * debian/patches:
+ + Add 0001_Debian-name-spelling.patch. Fix spelling of the Debian project
+ name and another typo in an error message. (Closes: #772496).
-> Non-function, non-i18n-related fix of the "Debian" name (plus another typo).
+ + Add 0002_correctly-ignore-ipv4+6-only-rules.patch. Fix severe flaw in
+ IPv4-only/IPv6-only rule setup. Don't open IPv4 wholes when setting up
+ IPv6-only rules and vice versa. (Closes: #779150).
-> Real RC bug that actually deserves a CVE (though I will not push that that far...).
light+love,
Mike
unblock uif/1.1.4-2
-- System Information:
Debian Release: 8.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing-updates'), (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
diff -Nru uif-1.1.4/debian/changelog uif-1.1.4/debian/changelog
--- uif-1.1.4/debian/changelog 2015-03-11 12:21:18.000000000 +0100
+++ uif-1.1.4/debian/changelog 2015-03-11 12:21:33.000000000 +0100
@@ -1,3 +1,16 @@
+uif (1.1.4-2) unstable; urgency=medium
+
+ * debian/po:
+ + Add nl.po. Thanks to Frans Spiesschaert! (Closes: #767285).
+ * debian/patches:
+ + Add 0001_Debian-name-spelling.patch. Fix spelling of the Debian project
+ name and another typo in an error message. (Closes: #772496).
+ + Add 0002_correctly-ignore-ipv4+6-only-rules.patch. Fix severe flaw in
+ IPv4-only/IPv6-only rule setup. Don't open IPv4 wholes when setting up
+ IPv6-only rules and vice versa. (Closes: #779150).
+
+ -- Mike Gabriel <sunweaver@debian.org> Wed, 11 Mar 2015 12:19:46 +0100
+
uif (1.1.4-1) unstable; urgency=medium
* New upstream release.
diff -Nru uif-1.1.4/debian/patches/0001_Debian-name-spelling.patch uif-1.1.4/debian/patches/0001_Debian-name-spelling.patch
--- uif-1.1.4/debian/patches/0001_Debian-name-spelling.patch 1970-01-01 01:00:00.000000000 +0100
+++ uif-1.1.4/debian/patches/0001_Debian-name-spelling.patch 2015-03-11 12:21:29.000000000 +0100
@@ -0,0 +1,17 @@
+Description: Fix spelling errors in error message
+Origin: https://github.com/cajus/uif/commit/3ffeb89b134a541d15afccdc2a994e81c940f51f
+
+diff --git a/uif.pl b/uif.pl
+index 63f27f3..e1b8547 100755
+--- a/uif.pl
++++ b/uif.pl
+@@ -1553,7 +1553,7 @@ sub readCommandLine {
+ }
+
+ if ($readldap || $writeldap) {
+- if ($LDAPENABLED == 0) { die "To use LDAP fatures be sure to install Net::LDAP from debain package libnet-ldap-perl" } ;
++ if ($LDAPENABLED == 0) { die "To use LDAP features be sure to install Net::LDAP from the Debian package libnet-ldap-perl" } ;
+ $ldap = Net::LDAP->new($ldapserver) or die "$@";
+ if ($ldapbinddn && ($ldappassword eq "")) {
+ $mesg=$ldap->bind( $ldapbinddn);
+
diff -Nru uif-1.1.4/debian/patches/0002_correctly-ignore-ipv4+6-only-rules.patch uif-1.1.4/debian/patches/0002_correctly-ignore-ipv4+6-only-rules.patch
--- uif-1.1.4/debian/patches/0002_correctly-ignore-ipv4+6-only-rules.patch 1970-01-01 01:00:00.000000000 +0100
+++ uif-1.1.4/debian/patches/0002_correctly-ignore-ipv4+6-only-rules.patch 2015-03-11 12:21:29.000000000 +0100
@@ -0,0 +1,53 @@
+From d8c870050f1c4063e3c7475b1aca6a2f337f58f6 Mon Sep 17 00:00:00 2001
+From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+Date: Wed, 11 Mar 2015 09:56:51 +0100
+Subject: [PATCH] Fix severe flaw in IPv4-only/IPv6-only rule setup. Don't open
+ IPv4 wholes when setting up IPv6-only rules and vice versa.
+
+---
+# ChangeLog | 2 ++
+ uif.pl | 7 +++++++
+ 2 files changed, 9 insertions(+)
+
+#diff --git a/ChangeLog b/ChangeLog
+#index e78c794..e611c7e 100644
+#--- a/ChangeLog
+#+++ b/ChangeLog
+#@@ -3,6 +3,8 @@ uif (1.1.5-0) UNRELEASED; urgency=medium
+# * New upstream version (1.1.5):
+# - Fix spelling of Debian in error message. (Closes: Debian bug #772496).
+# - Fix another typo in same error message.
+#+ - Fix severe flaw in IPv4-only/IPv6-only rule setup. Don't open
+#+ IPv4 wholes when setting up IPv6-only rules and vice versa.
+#
+# -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Tue, 09 Dec 2014 13:12:11 +0100
+#
+diff --git a/uif.pl b/uif.pl
+index 869dcae..c203758 100755
+--- a/uif.pl
++++ b/uif.pl
+@@ -563,9 +563,11 @@ sub validateData {
+ $position =~ s/\((.+)\)$//;
+ if (($ipv6) && ($only_proto eq "4")) {
+ print "IPv6 setup: Skipping IPv4-only rule for network \"$position\"\n";
++ $$rule{'Type'} = 'IGNORE-IPV4-ONLY';
+ next;
+ } elsif ((! $ipv6) && ($only_proto eq "6")) {
+ print "IPv4 setup: Skipping IPv6-only rule for network \"$position\"\n";
++ $$rule{'Type'} = 'IGNORE-IPV6-ONLY';
+ next;
+ }
+ }
+@@ -960,6 +962,11 @@ sub genRuleDump {
+ my $chains;
+
+ foreach $rule (@$Rules) {
++
++ if ( ($$rule{'Type'} eq "IGNORE-IPV4-ONLY") || ($$rule{'Type'} eq "IGNORE-IPV6-ONLY") ) {
++ next;
++ }
++
+ my @protocol;
+ my @source;
+ my @destination;
+
diff -Nru uif-1.1.4/debian/patches/series uif-1.1.4/debian/patches/series
--- uif-1.1.4/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ uif-1.1.4/debian/patches/series 2015-03-11 12:21:29.000000000 +0100
@@ -0,0 +1,2 @@
+0001_Debian-name-spelling.patch
+0002_correctly-ignore-ipv4+6-only-rules.patch
diff -Nru uif-1.1.4/debian/po/nl.po uif-1.1.4/debian/po/nl.po
--- uif-1.1.4/debian/po/nl.po 1970-01-01 01:00:00.000000000 +0100
+++ uif-1.1.4/debian/po/nl.po 2015-03-11 12:21:29.000000000 +0100
@@ -0,0 +1,165 @@
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+# Dutch translation of uif debconf templates.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the uif package.
+# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: uif_1.1.4-1\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2010-05-04 11:43+0200\n"
+"PO-Revision-Date: 2014-10-16 21:58+0200\n"
+"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
+"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#. Type: select
+#. Choices
+#: ../templates:1001
+msgid "don't touch"
+msgstr "niet aanraken"
+
+#. Type: select
+#. Choices
+#: ../templates:1001
+msgid "workstation"
+msgstr "werkstation"
+
+#. Type: select
+#. Description
+#: ../templates:1002
+msgid "Firewall configuration method"
+msgstr "Methode voor het instellen van de firewall"
+
+#. Type: select
+#. Description
+#: ../templates:1002
+msgid ""
+"The firewall can be initialized using debconf, or using information you "
+"manually put into /etc/uif/uif.conf."
+msgstr ""
+"De firewall kan met behulp van debconf geïnitialiseerd worden, of via "
+"informatie die u handmatig in het bestand /etc/uif/uif.conf invoert."
+
+#. Type: string
+#. Description
+#: ../templates:2001
+msgid "Enter trusted hosts and/or networks:"
+msgstr "Geef de computers en/of de netwerken op die vertrouwd mogen worden:"
+
+#. Type: string
+#. Description
+#: ../templates:2001
+msgid ""
+"In workstation mode, you can specify some hosts or networks to be globally "
+"trusted. All incoming traffic coming from there will be allowed. Multiple "
+"entries have to be separate with spaces."
+msgstr ""
+"In werkstationmodus kunt u een aantal computers of netwerken opgeven die "
+"algemeen vertrouwd mogen worden. Alle inkomend verkeer dat daarvan afkomstig "
+"is, zal toegelaten worden. Meerdere items van elkaar scheiden met witruimte."
+
+#. Type: string
+#. Description
+#: ../templates:2001
+msgid "Example: 10.1.0.0/16 trust.mydomain.com 192.168.1.55"
+msgstr "Bijvoorbeeld: 10.1.0.0/16 vertrouw.mijndomein.com 192.168.1.55"
+
+#. Type: boolean
+#. Description
+#: ../templates:3001
+msgid "Do you want your host to be reachable via ping?"
+msgstr "Wilt u uw computer bereikbaar laten zijn via ping?"
+
+#. Type: boolean
+#. Description
+#: ../templates:3001
+msgid ""
+"Normally an Internet host should be reachable with pings. Choosing no here "
+"will disable pings which might be somewhat confusing when analyzing network "
+"problems."
+msgstr ""
+"Normaal gezien zou een met het Internet verbonden computer bereikbaar moeten "
+"zijn met pings. Hier neen kiezen zal pingen uitschakelen, hetgeen enigszins "
+"verwarrend kan zijn bij het onderzoeken van netwerkproblemen."
+
+#. Type: boolean
+#. Description
+#: ../templates:4001
+msgid "Do you want your host to react to traceroutes?"
+msgstr "Wilt u dat uw computer reageert op traceroutes?"
+
+#. Type: boolean
+#. Description
+#: ../templates:4001
+msgid ""
+"Normally an Internet host should react to traceroutes. Choosing no here will "
+"disable this, which might be somewhat confusing when analyzing network "
+"problems."
+msgstr ""
+"Normaal gezien zou een met het Internet verbonden computer moeten reageren "
+"op traceroutes. Hier neen kiezen zal dit uitschakelen, hetgeen enigszins "
+"verwarrend kan zijn bij het onderzoeken van netwerkproblemen."
+
+#. Type: note
+#. Description
+#: ../templates:5001
+msgid "Firewall for simple workstation setups"
+msgstr "Een firewallopstelling voor een eenvoudig werkstation"
+
+#. Type: note
+#. Description
+#: ../templates:5001
+msgid ""
+"Warning: This configuration provides a very simple firewall setup which is "
+"only able to trust certain hosts and configure global ping / traceroute "
+"behaviour."
+msgstr ""
+"Waarschuwing: deze configuratie stelt een heel eenvoudige firewallopstelling "
+"in, die enkel in staat is sommige computers te vertrouwen en een globaal "
+"gedrag in te stellen in verband met ping / traceroute."
+
+#. Type: note
+#. Description
+#: ../templates:5001
+msgid ""
+"If you need a more specific setup, use /etc/uif/uif.conf as a template and "
+"choose \"don't touch\" next time."
+msgstr ""
+"Indien u een meer specifiek opzet wilt, gebruik dan /etc/uif/uif.conf als "
+"model en kies de volgende keer voor \"niet aanraken\"."
+
+#. Type: error
+#. Description
+#: ../templates:6001
+msgid "Error in list of trusted hosts"
+msgstr "Fout in de lijst met te vertrouwen computers"
+
+#. Type: error
+#. Description
+#: ../templates:6001
+msgid ""
+"Please check the hosts / networks you entered. One or more entries are not "
+"correct, contain no resolvable hosts, valid IP-addresses, valid network "
+"definitions or masks."
+msgstr ""
+"Gelieve de reeks computers / netwerken die u opgaf te controleren. Een of "
+"meer elementen zijn niet correct, bevatten niet-opzoekbare computers, "
+"ongeldige IP-adressen, ongeldige netwerkdefinities of -maskeringen."
Reply to: