Bug#432934: The 'doc' subdirectory is missing in the tar file inetutils_1.5.dfsg.1.orig.tar.gz

[Lothar Wassmann]

Package: inetutils
Version: 1.5.dfsg.1
Severity: serious
Justification: no longer builds from source


Due to the 'doc' subdirectory missing from the tar file
configuring the source fails with:
[...]
configure: creating ./config.status
config.status: creating Makefile
config.status: creating lib/Makefile
config.status: creating libinetutils/Makefile
config.status: creating libtelnet/Makefile
config.status: creating glob/Makefile
config.status: creating libicmp/Makefile
config.status: creating ping/Makefile
config.status: creating ftp/Makefile
config.status: creating ftpd/Makefile
config.status: creating inetd/Makefile
config.status: creating rcp/Makefile
config.status: creating rexecd/Makefile
config.status: creating rlogin/Makefile
config.status: creating rlogind/Makefile
config.status: creating rsh/Makefile
config.status: creating rshd/Makefile
config.status: creating logger/Makefile
config.status: creating syslogd/Makefile
config.status: creating talk/Makefile
config.status: creating talkd/Makefile
config.status: creating telnet/Makefile
config.status: creating telnetd/Makefile
config.status: creating tftp/Makefile
config.status: creating tftpd/Makefile
config.status: creating uucpd/Makefile
config.status: creating gwhois/Makefile
config.status: creating libls/Makefile
config.status: creating ifconfig/Makefile
config.status: creating ifconfig/system/Makefile
config.status: creating confpaths.h
config.status: creating headers/Makefile
config.status: error: cannot find input file: doc/Makefile.in

-- System Information:
Debian Release: 4.0
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable'), (1, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL 
set to C)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#382132: diffmon: information disclosure through world readable tmp files

[Lothar Wassmann]

Package: diffmon
Version: 20020222-2
Severity: critical
Justification: root security hole

diffmon explicitly sets umask to '000' thus creating all files in /tmp with
world readable attributes. This may allow local users to read files that they
normally don't have access to.

The attached patch makes diffmon use a more reasonable umask.


Lothar Wassmann

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (50, 'unstable'), (50, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8.1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages diffmon depends on:
ii  bash2.05b-26 The GNU Bourne Again SHell
ii  debconf 1.4.30.13Debian configuration management sy
ii  exim4-daemon-light [mail-tr 4.50-8sarge2 lightweight exim MTA (v4) daemon

-- debconf information:
* diffmon/configwarning:
--- usr/bin/diffmon.org 2002-02-26 15:06:49.0 +0100
+++ usr/bin/diffmon 2006-08-09 08:59:21.389223825 +0200
@@ -170,7 +170,7 @@
 # Make sure PATH includes location of sendmail and gzip.
 PATH=/usr/local/gnubin:/usr/local/bin:${PATH}:/usr/lib:/usr/sbin
 
-umask 000
+umask 077
 
 TRAP_SIGNALS=EXIT SIGHUP SIGINT SIGQUIT SIGTERM
 trap 'cleanup_and_exit' ${TRAP_SIGNALS}