1. Forum
  2. FidoNet
  3. ALT.OS.LINUX.MAGEIA

  • Warning: Vpnc my overwrite your data

    From Markus Robert Kessler@2:250/1 to All on Thu Sep 28 17:53:00 2023
    In addition to what had to be said in message
    "Warning: Openconnect my overwrite your data"
    I sadly have to report that the same is valid for vpnc.

    I installed the most recent version from one of the official MGA9 sources
    and a "sudo vpnc --pid-file /etc/shadow" overwrote this file (which I had backuped before, expecting things like that).

    In the times of MGA5 I realised that MGA's version of vpnc wasn't even
    able to make a connection to AVM Fritzbox routers, and I wrote bug
    reports and discussed this over and over. But always the same statement
    of not having enough people, time etc.

    At that time it was already clear that the source tarball was always the
    same, but the other distros have their own patches to fix security issues
    and not-working features like that. -- Same picture regarding openconnect.

    So, I got a package from Suse linux and managed to port it to Mageia.

    At that time, some MGA people convinced me of being a packager -- I was willing to -- and I introduced this case to some "mentor". For privacy
    reasons I won't write the name here. After a short while he had to tell
    me, that my solution would mean multiple modifications per one svn
    commit, and this was against Mageia's policies.

    As there was no progress over weeks, I realized that it was pointless to
    call myself a "mageia packager" and withdrew membership. Instead I
    published this package along with several other packages on my homepage
    for people who needed these features.

    I tested my Suse port right this evening to be sure not to tell lies,
    and, yes, the patches made by Suse are sanitizing user input, and hence,
    this port behaves as desired. In contrast to the one from MGA9 repo.

    To be honest, I am tired of writing bug reports that nobody cares about,
    and so, I won't write one more against vpnc, and I won't do so regarding openconnect.

    Anyway, please keep in mind, that installing and running a Mageia
    installation "out of the box" is risky, and, you should betatest
    everything you use.

    Best regards,

    Markus


    --
    Please reply to group only.
    For private email please use http://www.dipl-ing-kessler.de/email.htm

    --- MBSE BBS v1.0.8.4 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)