Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please consider unblocking planned upload of package uif. + * debian/po: + + Add nl.po. Thanks to Frans Spiesschaert! (Closes: #767285). -> Probably not appropriate anymore at this time of the freeze(?). + * debian/patches: + + Add 0001_Debian-name-spelling.patch. Fix spelling of the Debian project + name and another typo in an error message. (Closes: #772496). -> Non-function, non-i18n-related fix of the "Debian" name (plus another typo). + + Add 0002_correctly-ignore-ipv4+6-only-rules.patch. Fix severe flaw in + IPv4-only/IPv6-only rule setup. Don't open IPv4 wholes when setting up + IPv6-only rules and vice versa. (Closes: #779150). -> Real RC bug that actually deserves a CVE (though I will not push that that far...). light+love, Mike unblock uif/1.1.4-2 -- System Information: Debian Release: 8.0 APT prefers stable APT policy: (990, 'stable'), (500, 'testing-updates'), (500, 'testing-proposed-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
diff -Nru uif-1.1.4/debian/changelog uif-1.1.4/debian/changelog --- uif-1.1.4/debian/changelog 2015-03-11 12:21:18.000000000 +0100 +++ uif-1.1.4/debian/changelog 2015-03-11 12:21:33.000000000 +0100 @@ -1,3 +1,16 @@ +uif (1.1.4-2) unstable; urgency=medium + + * debian/po: + + Add nl.po. Thanks to Frans Spiesschaert! (Closes: #767285). + * debian/patches: + + Add 0001_Debian-name-spelling.patch. Fix spelling of the Debian project + name and another typo in an error message. (Closes: #772496). + + Add 0002_correctly-ignore-ipv4+6-only-rules.patch. Fix severe flaw in + IPv4-only/IPv6-only rule setup. Don't open IPv4 wholes when setting up + IPv6-only rules and vice versa. (Closes: #779150). + + -- Mike Gabriel <[email protected]> Wed, 11 Mar 2015 12:19:46 +0100 + uif (1.1.4-1) unstable; urgency=medium * New upstream release. diff -Nru uif-1.1.4/debian/patches/0001_Debian-name-spelling.patch uif-1.1.4/debian/patches/0001_Debian-name-spelling.patch --- uif-1.1.4/debian/patches/0001_Debian-name-spelling.patch 1970-01-01 01:00:00.000000000 +0100 +++ uif-1.1.4/debian/patches/0001_Debian-name-spelling.patch 2015-03-11 12:21:29.000000000 +0100 @@ -0,0 +1,17 @@ +Description: Fix spelling errors in error message +Origin: https://github.com/cajus/uif/commit/3ffeb89b134a541d15afccdc2a994e81c940f51f + +diff --git a/uif.pl b/uif.pl +index 63f27f3..e1b8547 100755 +--- a/uif.pl ++++ b/uif.pl +@@ -1553,7 +1553,7 @@ sub readCommandLine { + } + + if ($readldap || $writeldap) { +- if ($LDAPENABLED == 0) { die "To use LDAP fatures be sure to install Net::LDAP from debain package libnet-ldap-perl" } ; ++ if ($LDAPENABLED == 0) { die "To use LDAP features be sure to install Net::LDAP from the Debian package libnet-ldap-perl" } ; + $ldap = Net::LDAP->new($ldapserver) or die "$@"; + if ($ldapbinddn && ($ldappassword eq "")) { + $mesg=$ldap->bind( $ldapbinddn); + diff -Nru uif-1.1.4/debian/patches/0002_correctly-ignore-ipv4+6-only-rules.patch uif-1.1.4/debian/patches/0002_correctly-ignore-ipv4+6-only-rules.patch --- uif-1.1.4/debian/patches/0002_correctly-ignore-ipv4+6-only-rules.patch 1970-01-01 01:00:00.000000000 +0100 +++ uif-1.1.4/debian/patches/0002_correctly-ignore-ipv4+6-only-rules.patch 2015-03-11 12:21:29.000000000 +0100 @@ -0,0 +1,53 @@ +From d8c870050f1c4063e3c7475b1aca6a2f337f58f6 Mon Sep 17 00:00:00 2001 +From: Mike Gabriel <[email protected]> +Date: Wed, 11 Mar 2015 09:56:51 +0100 +Subject: [PATCH] Fix severe flaw in IPv4-only/IPv6-only rule setup. Don't open + IPv4 wholes when setting up IPv6-only rules and vice versa. + +--- +# ChangeLog | 2 ++ + uif.pl | 7 +++++++ + 2 files changed, 9 insertions(+) + +#diff --git a/ChangeLog b/ChangeLog +#index e78c794..e611c7e 100644 +#--- a/ChangeLog +#+++ b/ChangeLog +#@@ -3,6 +3,8 @@ uif (1.1.5-0) UNRELEASED; urgency=medium +# * New upstream version (1.1.5): +# - Fix spelling of Debian in error message. (Closes: Debian bug #772496). +# - Fix another typo in same error message. +#+ - Fix severe flaw in IPv4-only/IPv6-only rule setup. Don't open +#+ IPv4 wholes when setting up IPv6-only rules and vice versa. +# +# -- Mike Gabriel <[email protected]> Tue, 09 Dec 2014 13:12:11 +0100 +# +diff --git a/uif.pl b/uif.pl +index 869dcae..c203758 100755 +--- a/uif.pl ++++ b/uif.pl +@@ -563,9 +563,11 @@ sub validateData { + $position =~ s/\((.+)\)$//; + if (($ipv6) && ($only_proto eq "4")) { + print "IPv6 setup: Skipping IPv4-only rule for network \"$position\"\n"; ++ $$rule{'Type'} = 'IGNORE-IPV4-ONLY'; + next; + } elsif ((! $ipv6) && ($only_proto eq "6")) { + print "IPv4 setup: Skipping IPv6-only rule for network \"$position\"\n"; ++ $$rule{'Type'} = 'IGNORE-IPV6-ONLY'; + next; + } + } +@@ -960,6 +962,11 @@ sub genRuleDump { + my $chains; + + foreach $rule (@$Rules) { ++ ++ if ( ($$rule{'Type'} eq "IGNORE-IPV4-ONLY") || ($$rule{'Type'} eq "IGNORE-IPV6-ONLY") ) { ++ next; ++ } ++ + my @protocol; + my @source; + my @destination; + diff -Nru uif-1.1.4/debian/patches/series uif-1.1.4/debian/patches/series --- uif-1.1.4/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ uif-1.1.4/debian/patches/series 2015-03-11 12:21:29.000000000 +0100 @@ -0,0 +1,2 @@ +0001_Debian-name-spelling.patch +0002_correctly-ignore-ipv4+6-only-rules.patch diff -Nru uif-1.1.4/debian/po/nl.po uif-1.1.4/debian/po/nl.po --- uif-1.1.4/debian/po/nl.po 1970-01-01 01:00:00.000000000 +0100 +++ uif-1.1.4/debian/po/nl.po 2015-03-11 12:21:29.000000000 +0100 @@ -0,0 +1,165 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# Dutch translation of uif debconf templates. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the uif package. +# Frans Spiesschaert <[email protected]>, 2014. +# +msgid "" +msgstr "" +"Project-Id-Version: uif_1.1.4-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-05-04 11:43+0200\n" +"PO-Revision-Date: 2014-10-16 21:58+0200\n" +"Last-Translator: Frans Spiesschaert <[email protected]>\n" +"Language-Team: Debian Dutch l10n Team <[email protected]>\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: select +#. Choices +#: ../templates:1001 +msgid "don't touch" +msgstr "niet aanraken" + +#. Type: select +#. Choices +#: ../templates:1001 +msgid "workstation" +msgstr "werkstation" + +#. Type: select +#. Description +#: ../templates:1002 +msgid "Firewall configuration method" +msgstr "Methode voor het instellen van de firewall" + +#. Type: select +#. Description +#: ../templates:1002 +msgid "" +"The firewall can be initialized using debconf, or using information you " +"manually put into /etc/uif/uif.conf." +msgstr "" +"De firewall kan met behulp van debconf geïnitialiseerd worden, of via " +"informatie die u handmatig in het bestand /etc/uif/uif.conf invoert." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Enter trusted hosts and/or networks:" +msgstr "Geef de computers en/of de netwerken op die vertrouwd mogen worden:" + +#. Type: string +#. Description +#: ../templates:2001 +msgid "" +"In workstation mode, you can specify some hosts or networks to be globally " +"trusted. All incoming traffic coming from there will be allowed. Multiple " +"entries have to be separate with spaces." +msgstr "" +"In werkstationmodus kunt u een aantal computers of netwerken opgeven die " +"algemeen vertrouwd mogen worden. Alle inkomend verkeer dat daarvan afkomstig " +"is, zal toegelaten worden. Meerdere items van elkaar scheiden met witruimte." + +#. Type: string +#. Description +#: ../templates:2001 +msgid "Example: 10.1.0.0/16 trust.mydomain.com 192.168.1.55" +msgstr "Bijvoorbeeld: 10.1.0.0/16 vertrouw.mijndomein.com 192.168.1.55" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Do you want your host to be reachable via ping?" +msgstr "Wilt u uw computer bereikbaar laten zijn via ping?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Normally an Internet host should be reachable with pings. Choosing no here " +"will disable pings which might be somewhat confusing when analyzing network " +"problems." +msgstr "" +"Normaal gezien zou een met het Internet verbonden computer bereikbaar moeten " +"zijn met pings. Hier neen kiezen zal pingen uitschakelen, hetgeen enigszins " +"verwarrend kan zijn bij het onderzoeken van netwerkproblemen." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Do you want your host to react to traceroutes?" +msgstr "Wilt u dat uw computer reageert op traceroutes?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Normally an Internet host should react to traceroutes. Choosing no here will " +"disable this, which might be somewhat confusing when analyzing network " +"problems." +msgstr "" +"Normaal gezien zou een met het Internet verbonden computer moeten reageren " +"op traceroutes. Hier neen kiezen zal dit uitschakelen, hetgeen enigszins " +"verwarrend kan zijn bij het onderzoeken van netwerkproblemen." + +#. Type: note +#. Description +#: ../templates:5001 +msgid "Firewall for simple workstation setups" +msgstr "Een firewallopstelling voor een eenvoudig werkstation" + +#. Type: note +#. Description +#: ../templates:5001 +msgid "" +"Warning: This configuration provides a very simple firewall setup which is " +"only able to trust certain hosts and configure global ping / traceroute " +"behaviour." +msgstr "" +"Waarschuwing: deze configuratie stelt een heel eenvoudige firewallopstelling " +"in, die enkel in staat is sommige computers te vertrouwen en een globaal " +"gedrag in te stellen in verband met ping / traceroute." + +#. Type: note +#. Description +#: ../templates:5001 +msgid "" +"If you need a more specific setup, use /etc/uif/uif.conf as a template and " +"choose \"don't touch\" next time." +msgstr "" +"Indien u een meer specifiek opzet wilt, gebruik dan /etc/uif/uif.conf als " +"model en kies de volgende keer voor \"niet aanraken\"." + +#. Type: error +#. Description +#: ../templates:6001 +msgid "Error in list of trusted hosts" +msgstr "Fout in de lijst met te vertrouwen computers" + +#. Type: error +#. Description +#: ../templates:6001 +msgid "" +"Please check the hosts / networks you entered. One or more entries are not " +"correct, contain no resolvable hosts, valid IP-addresses, valid network " +"definitions or masks." +msgstr "" +"Gelieve de reeks computers / netwerken die u opgaf te controleren. Een of " +"meer elementen zijn niet correct, bevatten niet-opzoekbare computers, " +"ongeldige IP-adressen, ongeldige netwerkdefinities of -maskeringen."
