debian/0000755000000000000000000000000013326615354007176 5ustar debian/changelog0000644000000000000000000003065113326455546011062 0ustar network-manager-vpnc (0.9.8.6-1ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: Privilege escalation attack - debian/patches/CVE-2018-10900.patch: Disallow newlines in configuration values. If we didn't it would allow the user to inject arbitrary configuration directives with potential security implications. - CVE-2018-10900 -- Mike Salvatore Thu, 26 Jul 2018 19:17:40 -0400 network-manager-vpnc (0.9.8.6-1ubuntu2) trusty; urgency=medium * Recommend plasma-nm instead of plasma-widget-networkmanagement -- Rohan Garg Sat, 04 Jan 2014 19:05:47 +0100 network-manager-vpnc (0.9.8.6-1ubuntu1) trusty; urgency=medium * Merge from Debian. Remaining changes: - debian/control: + Have network-manager-vpnc recommend network-manager-vpnc-gnome | plasma-widget-networkmanagement - debian/patches/gtk_table_to_gtk_grid.patch: port the uses of GtkTable to a GtkGrid, since GtkTable is now deprecated -- Jackson Doak Thu, 19 Dec 2013 07:14:21 +1100 network-manager-vpnc (0.9.8.6-1) unstable; urgency=low * New upstream release. * Remove 01-fix-path-to-connection-editor-plugin-in-service-file.patch, merged upstream. -- Michael Biebl Fri, 13 Sep 2013 20:03:27 +0200 network-manager-vpnc (0.9.8.2-1ubuntu1) saucy; urgency=low * Sync with Debian. Remaining changes: - debian/control: + Have network-manager-vpnc recommend network-manager-vpnc-gnome | plasma-widget-networkmanagement - debian/patches/gtk_table_to_gtk_grid.patch: port the uses of GtkTable to a GtkGrid, since GtkTable is now deprecated * Dropped changes: - debian/rules: + re-add code to grab git snapshots - debian/patches/auth-dialog-libexecdir.patch: Applied in new version -- Jeremy Bicha Mon, 10 Jun 2013 23:08:41 -0400 network-manager-vpnc (0.9.8.2-1) unstable; urgency=low * New upstream release. * Bump network-manager Build-Depends to (>= 0.9.8). * Fix path to connection-editor plugin in service file. Patch cherry-picked from upstream Git. * Use dh-autoreconf to update the build system. -- Michael Biebl Tue, 11 Jun 2013 00:36:36 +0200 network-manager-vpnc (0.9.8.0-2) unstable; urgency=low * Mark binary packages as linux-any. * Upload to unstable. * Bump Standards-Version to 3.9.4. No further changes. -- Michael Biebl Mon, 06 May 2013 18:19:09 +0200 network-manager-vpnc (0.9.8.0-1) experimental; urgency=low * New upstream release. - Provides configuration option and UI for local port. (Closes: #658269) * Drop obsolete Breaks/Replaces. -- Michael Biebl Thu, 21 Feb 2013 15:18:40 +0100 network-manager-vpnc (0.9.6.0-1) experimental; urgency=low * New upstream release. * Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.9.6). * Use --list-missing to show uninstalled files. -- Michael Biebl Sat, 27 Oct 2012 00:20:41 +0200 network-manager-vpnc (0.9.4.0-1) unstable; urgency=low * New upstream release. * Fix versioned Build-Depends on dpkg-dev. The buildflags.mk snippet was added in version 1.16.1, not 1.6.1. * Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.9.4). * Drop Build-Depends on libgconf2-dev. * Update debian/copyright using the machine-readable copyright format 1.0. * Bump Standards-Version to 3.9.3. -- Michael Biebl Sat, 24 Mar 2012 23:58:01 +0100 network-manager-vpnc (0.9.2.0-1) unstable; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.9.2). * Enable default hardening options from dpkg-buildflags. - Use buildflags.mk snippet in debian/rules. - Add Build-Depends on dpkg-dev (>= 1.6.1). -- Michael Biebl Sat, 12 Nov 2011 06:27:15 +0100 network-manager-vpnc (0.9.0-3) unstable; urgency=low * debian/watch: Track .xz tarballs. * Build against GTK 3. -- Michael Biebl Sun, 16 Oct 2011 09:23:13 +0200 network-manager-vpnc (0.9.0-2) unstable; urgency=low * Upload to unstable. -- Michael Biebl Fri, 16 Sep 2011 21:46:40 +0200 network-manager-vpnc (0.9.0-1) experimental; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.9). -- Michael Biebl Wed, 24 Aug 2011 15:38:24 +0200 network-manager-vpnc (0.8.999-1) experimental; urgency=low * New upstream release (0.9 rc2). -- Michael Biebl Wed, 04 May 2011 23:59:26 +0200 network-manager-vpnc (0.8.998-1) experimental; urgency=low * New upstream release (0.9 rc1). * debian/control - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.8.998). - Bump Build-Depends on libgtk2.0-dev to (>= 2.20). * debian/rules - Build against GTK+ version 2. -- Michael Biebl Tue, 03 May 2011 01:42:30 +0200 network-manager-vpnc (0.8.4-1) unstable; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.8.4). - Update package descriptions. - Bump Standards-Version to 3.9.2. No further changes. * debian/watch - Switch to bzip2. -- Michael Biebl Thu, 21 Apr 2011 17:31:16 +0200 network-manager-vpnc (0.8.3.995-1) unstable; urgency=low * New upstream release (0.8.4 beta1). * Bump debhelper compatibility level to 8. * debian/control - Drop Build-Depends on libglade2-dev, converted to GtkBuilder. - Bump Build-Depends on libnm-*-dev and network-manager-dev to (>= 0.8.3.995). -- Michael Biebl Sat, 19 Mar 2011 11:02:34 +0100 network-manager-vpnc (0.8.2-3) unstable; urgency=low * Upload to unstable. -- Michael Biebl Mon, 07 Feb 2011 01:38:28 +0100 network-manager-vpnc (0.8.2-2) experimental; urgency=low * Switch from cdbs to dh - Drop Build-Depends on cdbs. - Bump Build-Depends on debhelper to (>= 7.0.50~) for override targets. - Convert debian/rules to use dh. - Rename debian/docs to debian/network-manager-vpnc.docs so it is correctly picked up by dh_installdocs. -- Michael Biebl Wed, 22 Dec 2010 04:51:30 +0100 network-manager-vpnc (0.8.2-1) experimental; urgency=low * New upstream release. * Update Vcs-* fields: Move packaging from svn to git. * debian/control - Bump Build-Depends on libnm-* packages to (>= 0.8.2). -- Michael Biebl Sat, 18 Dec 2010 12:18:29 +0100 network-manager-vpnc (0.8.1-1) unstable; urgency=low * New upstream release. * Switch to source format 3.0 (quilt). - Add debian/source/format. - Drop Build-Depends on quilt. - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules. - Remove debian/README.source. * debian/control - Bump Build-Depends on libnm-* packages to (>= 0.8.1). - Bump Standards-Version to 3.9.1. Use Breaks instead of Conflicts as recommended by the new policy. -- Michael Biebl Tue, 27 Jul 2010 15:13:25 +0200 network-manager-vpnc (0.8-1) unstable; urgency=low * New upstream release. * debian/control - Bump Build-Depends on libnm-* packages to (>= 0.8). - Bump Standards-Version to 3.8.4. No further changes. * debian/network-manager-vpnc-gnome.install - Remove .desktop file and icons, no longer installed or used upstream. -- Michael Biebl Mon, 22 Feb 2010 19:27:57 +0100 network-manager-vpnc (0.7.999-2) unstable; urgency=low * Upload to unstable. -- Michael Biebl Wed, 27 Jan 2010 01:08:39 +0100 network-manager-vpnc (0.7.999-1) experimental; urgency=low * New upstream release (0.8 RC3). - Fixes misleading error message when sending the IPv4 configuration fails. (Closes: #529747) * debian/control - Bump Build-Depends on libnm-* packages to (>= 0.7.999). - Bump Build-Depends on libdbus-glib-1-dev to (>= 0.74). * debian/patches/02_add_disable_natt_and_1des.diff - Drop, patch has been disabled for quite a while and equivalent functionality has been added upstream. -- Michael Biebl Sat, 23 Jan 2010 01:29:48 +0100 network-manager-vpnc (0.7.2-1) unstable; urgency=low [ Soren Hansen ] * Remove myself from Uploaders. [ Michael Biebl ] * New upstream release. * debian/control - Bump build dependencies on nm packages to (>= 0.7.2). - Bump Standards-Version to 3.8.3. No further changes. -- Michael Biebl Fri, 27 Nov 2009 10:51:59 +0100 network-manager-vpnc (0.7.1-1) unstable; urgency=low * New upstream release. * Bump Standards-Version to 3.8.1. No further changes. -- Michael Biebl Thu, 16 Apr 2009 17:47:47 +0200 network-manager-vpnc (0.7.0.99-1) unstable; urgency=low * New upstream release (0.7.1 rc3). * debian/patches/10-tests-static-build-fix.patch - Removed, merged upstream. -- Michael Biebl Thu, 05 Mar 2009 13:48:39 +0100 network-manager-vpnc (0.7.0.97-1) unstable; urgency=low * New upstream release. * debian/patches/01-dbus_policy.patch - Removed, merged upstream. * debian/patches/10-tests-static-build-fix.patch - Fix build failure with "--disable-static". * debian/control - Bump Build-Depends on libnm-util-dev to (>= 0.7.0.97). -- Michael Biebl Wed, 25 Feb 2009 10:53:30 +0100 network-manager-vpnc (0.7.0-2) experimental; urgency=low * debian/control - Set priority to optional. - Drop libgnomeui-dev from Build-Depends, no longer required. - Wrap build dependencies. - Bump build dependency on debhelper to (>= 7). * debian/compat - Bump to debhelper v7 compat mode. * debian/patches/01-dbus_policy.patch - Remove bare send_interface policy rules. (Closes: #510735) * debian/rules - Include gnome.mk cdbs class instead of autotools.mk. -- Michael Biebl Sat, 14 Feb 2009 15:36:28 +0100 network-manager-vpnc (0.7.0-1) experimental; urgency=low * New upstream release. * debian/control - Add Vcs-* fields pointing to the Subversion repository of the package. - Bump Standards-Version to 3.8.0. Add README.source as recommended by the new policy. - Fix GNOME spelling error in the package description. - Set Utopia Maintenance Team as Maintainer, add myself and Soren to Uploaders. - Add Homepage: field. (Closes: #482549) - Update build dependencies. * debian/rules - Do not run autogen.sh, the upstream tarball contains a proper build system now. - Install plugins into /usr/lib/NetworkManager, so NetworkManager can find them. * debian/*.install - Update accordingly. * Switch patch management system to quilt. * Drop obsolete patches - debian/patches/01_fix_dbus_signal_name.diff - debian/patches/04_nm-vpnc-server-name.diff - debian/patches/03_disable_vi_gmo.diff * Disable patches which do not apply cleanly anymore - debian/patches/02_add_disable_natt_and_1des.diff * debian/debian/network-manager-vpnc.postinst - Do no longer restart NetworkManager, only tell dbus to reload the config files. * debian/watch - Add watch file which allows to track new upstream releases. * debian/copyright - Revised and updated. -- Michael Biebl Mon, 15 Dec 2008 21:17:03 +0100 network-manager-vpnc (0.6.4svn2806-1) unstable; urgency=low * New SVN checkout. * Updated maintainer. * Split package into n-m-v and n-m-v-gnome (added Replaces and Conflicts accordingly). * Added lib-nm-util to Build-Depends. * Don't try to generate vietnamese translations. They don't exist. * Fix library references in nm-vpnc-service.name.in. * Use /etc/init.d/network-manager instead of /etc/dbus/event.d/25NetworkManager. -- Soren Hansen Tue, 02 Oct 2007 19:42:57 +0200 network-manager-vpnc (0.6.4svn2569-1) UNRELEASED; urgency=low * New SVN checkout * patches/02_add_disable_natt_and_1des.diff: + Add "Single DES encryption" and "Disable Nat Traversal" options, thanks to Stéphane Graber -- Soren Hansen Thu, 10 May 2007 14:36:20 +0200 network-manager-vpnc (0.6.4svn2422-1) unstable; urgency=low * Initial upload to Debian (Closes: #362005) -- Soren Hansen Wed, 7 Mar 2007 22:45:43 +0100 debian/network-manager-vpnc.docs0000644000000000000000000000001512255102746014105 0ustar NEWS AUTHORS debian/network-manager-vpnc-gnome.install0000644000000000000000000000017012255102746015730 0ustar usr/lib/NetworkManager/*.so* usr/lib/NetworkManager/nm-vpnc-auth-dialog usr/share/gnome-vpn-properties usr/share/locale debian/compat0000644000000000000000000000000212255102746010370 0ustar 8 debian/network-manager-vpnc.postinst0000755000000000000000000000040612255102746015047 0ustar #!/bin/sh set -e case "$1" in configure) if [ -x "/etc/init.d/dbus" ]; then if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d dbus force-reload || true else /etc/init.d/dbus force-reload || true fi fi ;; esac #DEBHELPER# exit 0 debian/rules0000755000000000000000000000055312255102746010255 0ustar #!/usr/bin/make -f DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk %: dh $@ --with autoreconf override_dh_auto_configure: dh_auto_configure -- \ --libexecdir=/usr/lib/NetworkManager \ --disable-static \ --with-gtkver=3 override_dh_makeshlibs: dh_makeshlibs -X/usr/lib/NetworkManager/ override_dh_install: dh_install --list-missing debian/patches/0000755000000000000000000000000013326615253010623 5ustar debian/patches/series0000644000000000000000000000013313326455371012040 0ustar # Debian patches for network-manager-vpnc gtk_table_to_gtk_grid.patch CVE-2018-10900.patch debian/patches/gtk_table_to_gtk_grid.patch0000644000000000000000000000363212255102746016156 0ustar From: Mathieu Trudel-Lapierre Subject: Port GtkTable uses to GtkGrid, since the former is now deprecated. Index: network-manager-vpnc-0.9.2.0+git201201080319.236292c/auth-dialog/vpn-password-dialog.c =================================================================== --- network-manager-vpnc-0.9.2.0+git201201080319.236292c.orig/auth-dialog/vpn-password-dialog.c 2012-02-10 14:41:30.000000000 -0500 +++ network-manager-vpnc-0.9.2.0+git201201080319.236292c/auth-dialog/vpn-password-dialog.c 2012-02-10 15:10:40.120355818 -0500 @@ -123,8 +123,8 @@ label = gtk_label_new_with_mnemonic (label_text); gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); - gtk_table_attach_defaults (GTK_TABLE (table), label, 0, 1, row, row + 1); - gtk_table_attach_defaults (GTK_TABLE (table), entry, 1, 2, row, row + 1); + gtk_grid_attach (GTK_GRID (table), label, 0, row, 1, 1); + gtk_grid_attach (GTK_GRID (table), entry, 1, row, 1, 1); gtk_label_set_mnemonic_widget (GTK_LABEL (label), entry); } @@ -153,7 +153,7 @@ if (priv->show_password_secondary) add_row (priv->table, row++, priv->secondary_password_label, priv->password_entry_secondary); - gtk_table_attach_defaults (GTK_TABLE (priv->table), priv->show_passwords_checkbox, 1, 2, row, row + 1); + gtk_grid_attach (GTK_GRID (priv->table), priv->show_passwords_checkbox, 1, row, 1, 1); gtk_widget_show_all (priv->table); } @@ -227,9 +227,9 @@ priv->group = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL); - priv->table = gtk_table_new (4, 2, FALSE); - gtk_table_set_col_spacings (GTK_TABLE (priv->table), 12); - gtk_table_set_row_spacings (GTK_TABLE (priv->table), 6); + priv->table = gtk_grid_new (); + gtk_grid_set_column_spacing (GTK_GRID (priv->table), 12); + gtk_grid_set_row_spacing (GTK_GRID (priv->table), 6); gtk_container_add (GTK_CONTAINER (priv->table_alignment), priv->table); priv->password_entry = gtk_entry_new (); debian/patches/CVE-2018-10900.patch0000644000000000000000000000257213326615253013326 0ustar Backport of: From 07ac18a32b4e361a27ef48ac757d36cbb46e8e12 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Fri, 13 Jul 2018 18:51:04 +0200 Subject: [PATCH] service: disallow newlinies in configuration values (CVE-2018-10900) The vpnc configuration format doesn't allow those. vpnc(8): The values start exactly one space after the keywords, and run to the end of line. This lets you put any kind of weird character (except CR, LF and NUL) in your strings We have no choice but to reject them. If we didn't it would allow the user to inject arbitrary configuration directives with potential security implications. https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc Reported by: Denis Andzakovic --- src/nm-vpnc-service.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/src/nm-vpnc-service.c +++ b/src/nm-vpnc-service.c @@ -160,7 +160,14 @@ validate_one_property (const char *key, case ITEM_TYPE_IGNORED: break; /* technically valid, but unused */ case ITEM_TYPE_STRING: - break; /* valid */ + if (strchr (value, '\n') || strchr (value, '\r')) { + g_set_error (info->error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + _("property '%s' contains a newline character"), + key); + } + break; case ITEM_TYPE_PATH: if ( !value || !strlen (value) debian/network-manager-vpnc.install0000644000000000000000000000013612255102746014627 0ustar etc usr/lib/NetworkManager/nm-vpnc-service usr/lib/NetworkManager/nm-vpnc-service-vpnc-helper debian/gbp.conf0000644000000000000000000000006512255102746010612 0ustar [DEFAULT] pristine-tar = True debian-branch = master debian/control0000644000000000000000000000375312262046455010607 0ustar Source: network-manager-vpnc Section: net Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Utopia Maintenance Team Uploaders: Michael Biebl Build-Depends: debhelper (>= 8), dpkg-dev (>= 1.16.1), dh-autoreconf, network-manager-dev (>= 0.9.8), libnm-util-dev (>= 0.9.8), libnm-glib-dev (>= 0.9.8), libnm-glib-vpn-dev (>= 0.9.8), intltool, libdbus-glib-1-dev (>= 0.74), libgnome-keyring-dev, libgtk-3-dev (>= 3.0), libglib2.0-dev Standards-Version: 3.9.4 Vcs-Git: git://git.debian.org/git/pkg-utopia/network-manager-vpnc.git Vcs-Browser: http://git.debian.org/?p=pkg-utopia/network-manager-vpnc.git;a=summary Homepage: http://www.gnome.org/projects/NetworkManager/ Package: network-manager-vpnc Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, vpnc Recommends: network-manager-vpnc-gnome | plasma-nm Description: network management framework (VPNC plugin core) NetworkManager is a system network service that manages your network devices and connections, attempting to keep active network connectivity when available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and provides VPN integration with a variety of different VPN services. . This package provides a VPN plugin for vpnc, providing easy access Cisco Concentrator based VPN's. Package: network-manager-vpnc-gnome Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, network-manager-vpnc (= ${binary:Version}) Description: network management framework (VPNC plugin GNOME GUI) NetworkManager is a system network service that manages your network devices and connections, attempting to keep active network connectivity when available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and provides VPN integration with a variety of different VPN services. . This package provides the GNOME bits of NetworkManager's VPNC plugin. debian/source/0000755000000000000000000000000012255103127010464 5ustar debian/source/format0000644000000000000000000000001412255102746011700 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000411312255102746011124 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: NetworkManager-vpnc Source: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-vpnc/ Files: * Copyright: 2005 - 2012 Red Hat, Inc. 2007 - 2008 Novell, Inc. 2011 IBM Corp. All Rights Reserved 2005 - 2008 Dan Williams 2005 David Zeuthen, License: GPL-2+ Files: auth-dialog/vpn-password-dialog.* Copyright: 1999, 2000 Eazel, Inc. 2011 Red Hat, Inc. License: LGPL-2+ License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". License: LGPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems, the complete text of the GNU Lesser General Public License can be found in "/usr/share/common-licenses/LGPL-2". debian/watch0000644000000000000000000000015412255102746010223 0ustar version=3 http://download.gnome.org/sources/NetworkManager-vpnc/([\d\.]+)/NetworkManager-vpnc-(.*)\.tar\.xz