Bug#859224: netkit-ftp-ssl: Please migrate to openssl1.1 in Buster
Let me begin by stating for a fact that the present source package 'netkit-ftp-ssl' does in fact build correctly with libssl1.1, as soon as the Build-Depends stanza is modified to allow libssl in version 1.1. However, and this is the core of the present issue, an executable linked to libssl1.1 is so seriously impaired in functionality as to be useless for all but the most basic encrypted exchanges. It is my firm belief that libssl1.1 is buggy in the following respect, a phenomenon that does not exist in libssl1.0. A central mechanism for large scale package transmission in an SSL-protected FTP protocol exchange is the notion of "reused session identity", meaning that the crypto engine keeps a track record of related packages during the full extent of a compound session, in practice during the often extended time required to send a file larger than a few kilobytes. Netkit-ftl-ssl achieves this by use of the function SSL_copy_seesion_id(). This presumably is a legacy function from the time of SSLeay. Unfortunately the libssl code base does not include or publish any documentation on SSL_copy_session_id(), but still offers the declaration in the header file. With the advent of libssl1.1 the behaviour of SSL_copy_session_id() has changed without any mention in the published changelog as far as I have been able to determine. In effect, SSL_copy_session_id() is able to arrange reuse of the session identity exactly once -- I repeat to make the point -- exactly ONCE, where libssl1.0 is able to continually renew the identity for the entire session. Thus libssl1.1 prevents transmission of files in excess of 3 kB! The best setup to observe this new behaviour is to use Proftpd at the server end. It offers a setting to handle misconfigured or crippled FTP clients: # etc/proftpd.conf TLSOptions NoSessionReuseRequired Without this option, a client using netkit-ftp-ssl with libssl1.1 sees a cancelled connection at the time the third package is sent in a single session, whereas libssl1.0 continues to go on shipping however many packages remain to cover the requested file's entire contents. Due to this changed behaviour I claim that libssl1.1 is buggy, leading to a crippled client with substantial loss in encrypting abilities. Regrettably I am not able by myself to resolve this unfortunate phenomenon with libssl, so I must defer the matter to the custodians of libssl library proper. M E Andersson, maintainer of netkit-ftp-ssl
Bug#854711: Unblocking package netkit-ftp-ssl, resolving #854460.
Package: release.debian.org
Severity: important
Tags: patch
Being the maintainer of netkit-ftp-ssl, I request an unblocking
of netkit-ftp-ssl in version 0.17.34+0.2-4. This upload resolves
successfully the bug #854460 of severity 'important'.
The problem is interoperability with TLS-able FTP servers, like
Proftpd, which mandate that the data connection reuse the session
identity set by the control channel.
The presently available version in testing, 0.17.34+0.2-3, is
not able to fetch files or get listings with TLS protection due
to an accidental inactivation of function SSL_copy_session_id().
This is a legacy function, not documented in any manual page,
and only mentioned in one file 'ssleay.txt' of the openssl archive.
The debdiff reactivates this function call, which was commented
out by me due to a misunderstanding. In addition, it turns out
to be decisive to forbid the use of libssl in version 1.1 for
the binary package. The reason being that libssl (>= 1.1.0)
only succeeds to reuse the session identity a single time,
yes really a single time, with the present unintrusive and
long time used solution. Therefore I had to change the build
dependency to read
libssl1.0-dev | libssl-dev (<< 1.1.0~)
Both changes are necessary and they lead also to a package that
can be built directly in Wheezy without any changes, allowing
trivial backporting.
The packages netkit-ftp-ssl, linux-ftpd-ssl and netkit-telnet-ssl
have seen substantial improvement for certificate verification
and identification for this Debian release, but only the binary
ftp-ssl is affected by the present issue.
Best regards,
Mats Erik Andersson, DM
diff -Nru netkit-ftp-ssl-0.17.34+0.2/debian/changelog
netkit-ftp-ssl-0.17.34+0.2/debian/changelog
--- netkit-ftp-ssl-0.17.34+0.2/debian/changelog 2017-01-18 19:33:56.0
+0100
+++ netkit-ftp-ssl-0.17.34+0.2/debian/changelog 2017-02-08 18:39:46.0
+0100
@@ -1,3 +1,14 @@
+netkit-ftp-ssl (0.17.34+0.2-4) unstable; urgency=medium
+
+ * Correctly reuse SSL session identity in data connection.
+This suffices for libssl1.0, not for libssl1.1. (Closes: #854460)
++ debian/patches/700_prefer_tls.diff: Reactivate commented out
+ function call to SSL_copy_session_id().
++ debian/control: Prefer libssl1.0-dev and condition libssl-dev
+ on "<< 1.1.0~" for trivial backporting.
+
+ -- Mats Erik Andersson <mats.anders...@gisladisker.se> Wed, 08 Feb 2017
18:39:46 +0100
+
netkit-ftp-ssl (0.17.34+0.2-3) unstable; urgency=low
* Allow verification mode to print additional details about the
diff -Nru netkit-ftp-ssl-0.17.34+0.2/debian/control
netkit-ftp-ssl-0.17.34+0.2/debian/control
--- netkit-ftp-ssl-0.17.34+0.2/debian/control 2017-01-10 15:37:21.0
+0100
+++ netkit-ftp-ssl-0.17.34+0.2/debian/control 2017-02-08 18:30:50.0
+0100
@@ -4,7 +4,7 @@
Maintainer: Mats Erik Andersson <mats.anders...@gisladisker.se>
Uploaders: Alberto Gonzalez Iniesta <a...@inittab.org>
Standards-Version: 3.9.8
-Build-Depends: debhelper (>= 9), libeditline-dev, libncurses5-dev, libssl-dev
| libssl1.0-dev
+Build-Depends: debhelper (>= 9), libeditline-dev, libncurses5-dev,
libssl1.0-dev | libssl-dev (<< 1.1.0~)
Package: ftp-ssl
Architecture: any
diff -Nru netkit-ftp-ssl-0.17.34+0.2/debian/patches/700_prefer_tls.diff
netkit-ftp-ssl-0.17.34+0.2/debian/patches/700_prefer_tls.diff
--- netkit-ftp-ssl-0.17.34+0.2/debian/patches/700_prefer_tls.diff
2017-01-18 19:33:41.0 +0100
+++ netkit-ftp-ssl-0.17.34+0.2/debian/patches/700_prefer_tls.diff
2017-02-08 15:39:49.00000 +0100
@@ -23,7 +23,7 @@
.
Author: Mats Erik Andersson <deb...@gisladisker.se>
Forwarded: no
-Last-Update: 2017-01-18
+Last-Update: 2017-02-07
diff -Naurp netkit-ftp-0.17.debian/ftp/cmds.c netkit-ftp-0.17/ftp/cmds.c
--- netkit-ftp-0.17.debian/ftp/cmds.c 2016-12-23 00:05:51.820239257 +0100
@@ -190,20 +190,8 @@
.Xr ftpd 8 ,
diff -Naurp netkit-ftp-0.17.debian/ftp/ftp.c netkit-ftp-0.17/ftp/ftp.c
--- netkit-ftp-0.17.debian/ftp/ftp.c 2016-12-23 00:05:52.380213160 +0100
-+++ netkit-ftp-0.17/ftp/ftp.c 2017-01-18 19:19:27.145786765 +0100
-@@ -1672,7 +1672,10 @@ dataconn(const char *lmode)
-* this quick assuming Eric has this going
-* okay! ;-)
-*/
-- SSL_copy_session_id(ssl_data_con,ssl_con);
-+ /* MEA: Do not use deterministic session identities
-+ * in a subordinate connection.
-+ */
-+ //SSL_copy_session_id(ssl_data_con,ssl_con);
-
- /* we are doing I/O and not using select so
-* it is "safe" to read ahead
-@@ -1686,12 +1689,17 @@ dataconn(const char *lmode)
netkit-ftp-0.17/ftp/ftp.c 2017-02-07 23:35:32.871433587 +0100
+@@ -1686,12 +1686,17 @@ dataconn(const char *lmode)
if ((ret=SSL_connect(ssl_data_con))<=0) {
static char errbuf[1024];
@@ -224,7
Bug#854460: Failure is worse with libssl1.1.
Doing a single change in the patch '700_prefer_tls.diff' to the effect of re-adding /* netkit-ftp-0.17/ftp/ftp.c:1675 */ SSL_copy_session_id(ssl_data_con, ssl_con); will solve the problem completely when building against libssl1.0-dev, i.e., linking with libss1.0. However, when building with libssl-dev, i.e., libssl1.1, the resulting binary is able to execute exactly ONE data connection with success. The rest are denied as before. The error message from Proftpd is still 'Not owner.'. Clearly there is a bug in libss1.1. For the time being a rebuild against libss1.0-dev, with the above code line uncommented, is my recommendation in the role as maintainer for this package.
Bug#854460: No reuse of SSL session for data connection.
Package: ftp-ssl Version: 0.17.34+0.2-3 Severity: important This version of ftp-ssl is not able to reuse SSL session data properly; in particular does not set the session identity of the data connection. It is a mistake introduced during the improvement of certificate verification. The effect is not noticeable with the server 'linux-ftpd-ssl', but Proftpd will need 'NoSessionReuseRequired' to deliver files and listings to this version of ftp-ssl. Sadly reported by the package maintainer!
Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
Fredag den 9:e december 2016, klockan 12:45, skrev Gianfranco Costamagna detta: > Hi, > > >There is no problem to fetch the key. The problem is to use it. My present > > >use case is this > > > > gpgv --homedir debian/upstream --keyring debian/upstream/signing-key.pgp \ > >archive.sig archive A revised packaging has been uploaded. I have inspected '/usr/sbin/uscan' in order to find out how prepare a call to gpgv. This has been added into the target 'get-orig-source', but I have also changed 'debian/copyright' and 'debian/watch' to accomodate for your suggestion. I am not prepared to drop the target 'get-orig-source', though. Best regards, Mats E Andersson
Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
Onsdag den 7:e december 2016, klockan 23:38, skrev Gianfranco Costamagna detta: > > >> please use a text-version of the signing-key and avoid the > >> include-binaries file? > > > >Then I need education on the procedure to create a keyring file on the go, > >since gpgv only handles keyrings, not armoured keyfiles. > > https://wiki.debian.org/debian/watch#Cryptographic_signature_verification > gpg --keyserver keys.gnupg.net --recv-keys 3602B07F55D0C732 > gpg --armor --export-options export-minimal --export '3602B07F55D0C732' >> > debian/upstream/signing-key.asc > > does this work? There is no problem to fetch the key. The problem is to use it. My present use case is this gpgv --homedir debian/upstream --keyring debian/upstream/signing-key.pgp \ archive.sig archive You are requesting me to use 'debian/upstream/signing-key.asc', an armoured key which gpgv is not able to handle to my knowledge. Observe that upstream's source archive must be repackaged to fulfill DFSG, so the above use of gpgv is located in the target 'get-orig-source' for verification of the original archive before proceeding to eliminate the texinfo source, which violates DFSG. Best regards, Mats E Andersson
Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
Hello there! Onsdag den 7:e december 2016, klockan 15:56, skrev Gianfranco Costamagna detta: > > > >+ debian/upstream/signing-key.pgp: New file. > >+ debian/source/include-binaries: New file. > > please use a text-version of the signing-key and avoid the include-binaries > file? Then I need education on the procedure to create a keyring file on the go, since gpgv only handles keyrings, not armoured keyfiles. Best regards, Mats E Andersson
Bug#847228: RFS: ipband/0.8.1-5 -- mostly spelling mistakes
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of the package "ipband": Package name: ipband Version : 0.8.1-5 Upstream Author : Andrew Nevynniy <anevy...@russelmetals.com> URL : http://sourceforge.net/projects/ipband/files/latest/download/ License : GPL-2+ Section : net It builds a single binary package: ipband - daemon for subnet bandwidth monitoring with reporting via email Information is available at: https://mentors.debian.net/package/ipband The package is fetchable with dget using the standard command: dget -x https://mentors.debian.net/debian/pool/main/i/ipband/ipband_0.8.1-5.dsc Changes since the last upload: * Step up to Standards version 3.9.8, no changes. * Increase hardening level. * Binary package depends on lsb-base due to init script. * debian/copyright: Misspelled field name. * More spelling mistakes. + debian/ipband.conf-*: Updated. + debian/ipband.default: Likewise. * [lintian] Spelling errors in binary and manual page. + debian/patches/06_spelling_errors.diff: New file. Regards, Mats Erik Andersson
Bug#846399: RFS: rush/1.8+dfsg-1 -- New upstream's release.
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of the package "rush": Package name: rush Version : 1.8+dfsg-1 Upstream Author : Sergey Poznyakoff <g...@gnu.org.ua> URL : http://puszcza.gnu.org.ua/projects/rush/ License : GPL-3+ Section : shells It builds a single binary package: rush - restricted user shell Further information about this package upload is located at https://mentors.debian.net/package/rush A direct download of the package itself is simple: dget -x https://mentors.debian.net/debian/pool/main/r/rush/rush_1.8+dfsg-1.dsc Changes since last upload: * New upstream release. * Increase hardening level. + debian/rules: Updated. * Verifying original source archive while rebuilding it. + debian/upstream/signing-key.pgp: New file. + debian/source/include-binaries: New file. + debian/rules: Expand target 'get-orig-source' with a step that verifies the source archive fetched from upstream's location. * Review patches. + debian/patches/dfsg_reduction.diff: Updated. + debian/patches/tcpmux_service.diff: Updated, partially applied. + debian/patches/chroot_then_chdir.diff: Updated. + debian/patches/gets_removed.diff: Obsolete. + debian/patches/cve_2013_6889.diff: Removed, applied by Upstream. + debian/patches/help_text.diff: Likewise. + debian/patches/format_security.diff: New file. * Upstream author now provides manual pages. + debian/patches/manpages.diff: New file. + debian/rules: Preserve the manual pages during target get-orig-source. Override dh_installman. + debian/rush.manpages: Refreshed list. * debian/copyright: Updated. * [lintian] Mend spelling errors in README.Debian. Best regards, Mats Erik Andersson
Bug#836417: RFS: netsed/1.2-3 [RC] -- Resolve a FTBFS situation.
Package: sponsorship-requests Severity: important Dear mentors, in an attempt to resolve an FTBFS blocker I am looking for a sponsor of a new package revision of "netsed": Package name: netsed Version : 1.2-3 Upstream Author : Julien Viard de Galbert <jul...@silicone.homelinux.org> URL : http://silicone.homelinux.org/projects/netsed/ License : GPL-2+ Section : net It builds a single binary package: netsed - network packet-altering stream editor Information about this package is available at https://mentors.debian.net/package/netsed The package can be downloaded with dget in the usual manner: dget -x https://mentors.debian.net/debian/pool/main/n/netsed/netsed_1.2-3.dsc Changes since last upload: * Address FTBFS due to test suite failure. + debian/patches/use_calloc.diff: New file. (Closes: #818852, #831270) + debian/patches/ruby_issues.diff: New file. Regards, Mats Erik Andersson, maintainer of said binary package.
Bug#818852: FTBFS with libc 2.23: TypeError: no implicit conversion of nil into String
Söndag den 20:e mars 2016, klockan 22:06, skrev Martin Michlmayr detta: > This package fails to build with libc6 2.23 (2.23-0experimental0 from > experimental). It's not immediately obvious to me how that's related > to libc6 but I compiled the package several times and got the same > result whereas it built fine in a regular unstable chroot. The very same bug prevents package release 1.2-2 to enter Ubuntu's development branch. I have now pushed to the Git package repository what hopefully should delimit the problem, making the type conversion explicit. This change causes no build problem in our unstable branch, but I have to figure out how to initiate a build also on the experimental branch, which I did not manage in the first few tries. I will return on the subject, though M E Andersson
Bug#826234: RFS: xvt/2.1-20.2 [RC] [NMU] -- raise debhelper compatibility
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor of the package "xvt": Package name: xvt Version : 2.1-20.2 Upstream Author : John Bovey, University of Kent at Canterbury. URL : none License : permissive Section : x11 It builds a single binary package: xvt - X terminal-emulator similar to xterm, but smaller For information about the state of this packaging, see https://mentors.debian.net/package/xvt The package is downloaded in a standard manner: dget -x https://mentors.debian.net/debian/pool/main/x/xvt/xvt_2.1-20.2.dsc Observe, that the primary intent of this NMU is to avoid the removal of this software, since debhelper compatibility level 4 will be dis- allowed within very shortly, possibly in a fortnight. Changes since the last upload: * Non-maintainer upload. * Move to compatibility 5, which is the minimally available level in the present release cycle. Closes: #817740. * Disable menu file creation, but include a new desktop file. + debian/rules: Updated. + debian/xvt.desktop: New file. I have offered to assume maintainership of this package, but Sam Hocevar has not responded in any manner whatsoever. Regards, Mats Erik Andersson
Bug#823668: RFS: twofish/0.3-5
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of my package "twofish": Package name: twofish Version : 0.3-5 Upstream Author : Niels Ferguson <ni...@macfergus.com> URL : extinct License : liberal, demanding only copyright message Section : libdevel It builds two binary packages: libtwofish-dev - Niels Ferguson's Twofish cryptographic algorithm library libtwofish0- Niels Ferguson's Twofish cryptographic library -- runtime package Further information is available at https://mentors.debian.net/package/twofish The packaging is accessible in a standard manner: dget -x https://mentors.debian.net/debian/pool/main/t/twofish/twofish_0.3-5.dsc Changes since last upload are: * Step Standards-Version to 3.9.8, no changes. * Use debhelper in compatibility level 9. * debian/control: Use HTTPS transport for Vcs-Browser. * debian/copyright: Update my contribution including 2016. Rename license of packaging files, avoiding a name in duplicate. * debian/libtwofish0.lintian-overrides: Delete unused entry. * debian/libtwofish0.triggers: New file. * debian/libtwofish-dev.lintian-overrides: Delete unused entry. * debian/rules: Activate immediate bindings in so-library. Regards, Mats Erik Andersson
Bug#823457: RFS: webfs/1.21+ds1-12
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of my package "webfs": Package name: webfs Version : 1.21+ds1-12 Upstream Author : Gerd Knorr <kra...@bytesex.org> URL : http://linux.bytesex.org/misc/webfs.html License : GPL-2+ Section : httpd It builds a single binary package: webfs - lightweight HTTP server for static content Information about this package is available at https://mentors.debian.net/package/webfs A package download is standard: dget -x https://mentors.debian.net/debian/pool/main/w/webfs/webfs_1.21+ds1-12.dsc Changes since last upload are: * Step Standards-Version to 3.9.8, no changes. * debian/control: Remove obsolete build dependency on dpkg-dev. Reorder dependency lists. * debian/copyright: Update the time span of my contribution. * debian/rules: Do not set compiler flags. Activate all available hardening, even though not all consumed libraries do this. * Update debconf translation: + Dutch (Frans Spiesschaert). Closes: #821449 Regards, Mats Erik Andersson
Bug#821236: RFS: netsed/1.2-2
Söndag den 17:e april 2016, klockan 04:07, skrev Tiago Ilieve detta: > Hi Mats, > > I've reviewed your package. It's in a good state, but there's a few > things you might wanna take a look at: All are attended to in one manner, or the other. > * debian/watch: is not working, yelding an error "1.sig failed: 400 URL > must be absolute". Changing "\1" to "$1" in > "opts=pgpsigurlmangle=s|(.*).tar.gz$|\1.sig|" allows the signature to > be downloaded, but uscan fails to check it with "uscan warn: FAIL > Checking OpenPGP signature (no upstream tarball downloaded)." Are you > sure the key in "debian/upstream/signing-key.asc" is right? A bright observation! Upstream is not signing in the manner expected by uscan, so signature checking had to be disabled. Replacement pattern is corrected to perl-format, while being kept as a comment line. The package is ready for another round of scrutiny.
Bug#821236: RFS: netsed/1.2-2
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of the package "netsed": Package name: netsed Version : 1.2-2 Upstream Author : Julien Viard de Galbert <jul...@silicone.homelinux.org> URL : http://silicone.homelinux.org/release/netsed/ License : GPL-2+ Section : net The source package builds a single binary package: netsed - network packet-altering stream editor Package information is available at http://mentors.debian.net/package/netsed The standard access to the package is via a dget command: dget -x http://mentors.debian.net/debian/pool/main/n/netsed/netsed_1.2-2.dsc Changes since last upload: * Step Standards-Version to 3.9.8, no changes. * Use debhelper in compatibility level 9. * debian/control: Path correction in Vcs-Git. Use HTTPS transport for Vcs-Git as well as for Vcs-Browser. Regards, Mats Erik Andersson
Bug#820739: RFS: rush/1.7+dfsg-5
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of the package "rush" Package name: rush Version : 1.7+dfsg-5 Upstream Author : Sergey Poznyakoff <g...@gnu.org.ua> URL : http://puszcza.gnu.org.ua/projects/rush/ License : GPL-3+ Section : shells A single binary package is produced: rush - restricted user shell Information is available at http://mentors.debian.net/package/rush The direct access to the package descriptor is standard: dget -x http://mentors.debian.net/debian/pool/main/r/rush/rush_1.7+dfsg-5.dsc Changes since last upload: * Set Standards-Version to 3.9.8, no changes. * Use debhelper in compatibility level 9. * debian/copyright: Distinguish two different custom licenses by means of two different names and some small comments. * Prevent linking collision of identifier 'base_name'. (Closes: #751627) + debian/patches/duplicate_symbol.diff: New file. * debian/rules: Implement a target 'get-orig-source'. Regards, Mats Erik Andersson
Bug#820209: RFS: rgbpaint/0.8.7-6
Package: sponsorship-requests Severity: normal Dear mentors, I am searching for a sponsor of my source package "rgbpaint": Package name: rgbpaint Version : 0.8.7-6 Upstream Author : Dmitry Groshev <wjag...@users.sourceforge.net> URL : http://sourceforge.net/projects/mtpaint/files/rgbpaint/ License : GPL-2 Section : graphics It builds a single binary package: rgbpaint - simple pixel-based painting program Package information is available at http://mentors.debian.net/package/rgbpaint A direct download of the packaging is standard: dget -x http://mentors.debian.net/debian/pool/main/r/rgbpaint/rgbpaint_0.8.7-6.dsc Changes since last upload: * Set Standards-Version to 3.9.7, no changes. * debian/control: Give a secured Vcs-Browser target URL. * debian/rgbpaint.menu: Removed, as a desktop file is also provided. Best regards, Mats Erik Andersson
Bug#820122: RFS: nd/0.8.2-8
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of my source package "nd": Package name: nd Version : 0.8.2-8 Upstream Author : Yuuichi Teranishi <teran...@gohome.org> URL : http://www.gohome.org/nd/ License : MPL-1.1 or GPL-2.0 or LGPL-2.1 Section : net A single binary package is built from that: nd- small command line interface to WebDAV servers Information about and contents of this package release are available at: http://mentors.debian.net/package/nd The source can be accessed directly by means of a simple call: dget -x http://mentors.debian.net/debian/pool/main/n/nd/nd_0.8.2-8.dsc Changes since last upload: * Set Standards-Version to 3.9.7, no changes. * Use debhelper in compatibility level 9. * debian/control: Reference a VCS location via secure transmission. * debian/copyright: Fix spaces in short license names. Regards, Mats Erik Andersson
Bug#819834: RFS: webfs/1.21+ds1-11
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of my package "webfs": Package name: webfs Version : 1.21+ds1-11 Upstream Author : Gerd Knorr <kra...@bytesex.org> URL : http://linux.bytesex.org/misc/webfs.html License : GPL-2 Section : httpd It builds a single binary package: webfs - lightweight HTTP server for static content Further information about this package is available at http://mentors.debian.net/package/webfs As an alternate method, the package may be downloaded directly: dget -x http://mentors.debian.net/debian/pool/main/w/webfs/webfs_1.21+ds1-11.dsc Changes since last upload are as follows: * Step Standards-Version to 3.9.7, no changes. * Advance debhelper compatibility to 9. + debian/control, debian/compat: Updated. + debian/rules: Reduce rule set to use dh together with targets "override_dh_auto_build" and "override_dh_install". Include target "override_dh_auto_build" as no-op. * Suggested document root is already "/var/www/html". + debian/webfsd.conf: Updated. * Improve debconf questions. + debian/templates: Updated. Closes: #727803 * Update debconf translations: + Brazilian Portuguese (Adriano Rafael Gomes). Closes: #762473 + Danish (Joe Hansen). Closes: #765847 + French (Christian Perrier). Closes: #760259 + German (Holger Wansing). Closes: #761481 + Italian (Beatrice Torracca). Closes: #762344 + Japanese (Noritada Kobayashi): New file. + Portuguese (Pedro Ribeiro). Closes: #762495 + Russian (Yuri Kozlov). Closes: #760811 + Swedish (Per Andersson, Martin Bagge). Closes: #760194, #761976 Best regards, Mats Erik Andersson
Bug#818557: RFS: windowlab/1.40-3
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "windowlab" Package name: windowlab Version : 1.40-3 Upstream Author : Nick Gravgaard <m...@nickgravgaard.com> URL : http://nickgravgaard.com/windowlab/ License : GPL-2 and AEWM and 9WM Section : x11 It builds a single binary package, containing a windowmanager: windowlab - small and simple Amiga-like window manager Further information about this package: http://mentors.debian.net/package/windowlab The built package can be downloaded for inspection: dget -x http://mentors.debian.net/debian/pool/main/w/windowlab/windowlab_1.40-3.dsc Changes since last upload: * Step Standards-Version to 3.9.7, no changes. * Advance debhelper compatibility to 9. + debian/control, debian/compat: Updated. + debian/rules: Reduce rule set to use dh together with hooks "override_dh_install" and "override_dh_installwm". * debian/windowlab.postrm: New file. (Closes: #806403). * debian/copyright: Use single word names for licenses AEWM and 9WM. Correctly rebuild the default files stanza to be 9WM, AEWM and GPL-2, simultaneously, which is what the upstream author specifies. * [lintian] debian/control: Spelling error in description text. * [lintian] debian/windowlab.desktop: Add an entry for Keywords. Best regards, Mats Erik Andersson
Bug#801948: ftp-ssl downloaded files are 0 size
Hello again,
I wonder if this problem persists? The first report and all follow-ups
were made prior to the binary rebuild of the package ftp-ssl, which
happened on November 3rd, when version 0.17.33+0.2-1+b1 was made
available. This update was caused by a version step in libopenssl,
seemingly related to this problem becaus SSL3 was depreciated.
Attached are two patches that are pending for my next upload.
I hope to hear from you, and would like to express my appreciation
to both of you for your investigation.
I have yet to identify why and how the control socket becomes the
channel on which to transfer a copy of the received data file.
Best regards,
M E Andersson
Tisdag den 3:e november 2015, klockan 10:20, skrev Raphael Astier detta:
> Hello,
>
> I have made some investigations.
> I'm stuck, but I give status of these.
>
> > $ ./ftp mysite-ftp-ssl.xx
> >
> > 220 FTP SSL mysite-ftp-ssl.xx
> > 234 AUTH SSL exécuté avec succès
> > [SSL Cipher DHE-RSA-AES256-SHA]
> > 331 Mot de passe requis pour abcdef
> > 230-
> > 230-- FTP TLS SSL -
> > 230-- Only Passive Mode -
> > 230-
> > 230 Utilisateur abcdef authentifié
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> passive
> > Passive mode on.
> > ftp> ls
> > 227 Entering Passive Mode (12,33,44,55,252,31).
> > 150 Ouverture d'une connexion de données en mode ASCII pour file list
> > -rw--- 1 abcdef FTP 1141 Oct 23 19:38 netkit-ftp-ssl.txt
> > 226 Téléchargement terminé
> > ftp> get netkit-ftp-ssl.txt
> > local: netkit-ftp-ssl.txt remote: netkit-ftp-ssl.txt
> > 227 Entering Passive Mode (12,33,44,55,250,129).
> > 150 Opening BINARY mode data connection for netkit-ftp-ssl.txt (1141 bytes)
> > ftp: SSL_read DATA error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> > version number <--- here is the problem
> > 226 Téléchargement terminé
> > ftp> quit
> > 221 Au revoir.
> >
> > So, I know where the problem is, but I don't know HOW to solve it (for the
> > moment).
Description: Consistency of hashes and ticks.
Encrypted retrieval of binary files did not implement variable
size for hash marking. Also restrict hashes to RETR commands.
Support for the tick counter was missing!
Author: Mats Erik Andersson <deb...@gisladisker.se>
Forwarded: no
Last-Update: 2015-11-24
--- netkit-ftp-ssl-0.17.33+0.2/ftp/ftp.c.orig 2015-11-24 00:23:27.0 +0100
+++ netkit-ftp-ssl-0.17.33+0.2/ftp/ftp.c 2015-11-24 01:17:35.922740374 +0100
@@ -1206,13 +1206,18 @@
if ((d = write(fileno(fout), buf, c)) != c)
break;
bytes += c;
- if (hash) {
+ if (hash && is_retr) {
while (bytes >= hashbytes) {
(void) putchar('#');
- hashbytes += HASHBYTES;
+ hashbytes += hashstep;
}
(void) fflush(stdout);
}
+ if (tick && (bytes >= hashbytes) && is_retr) {
+printbytes(bytes);
+while (bytes >= hashbytes)
+ hashbytes += 10 * hashstep;
+ }
}
if ( c < -1 ) {
static char errbuf[1024];
Description: Broken detection of SSL errors.
During read of binary data, with active encryption, the detection
of failed calls with SSL_read() is incomplete. In addition, the
external variable 'errno' needs manual setting to EIO for proper
reporting.
.
Important problem analysis of code was contributed by Raphael Astier.
Bug-Debian: http://bugs.debian.org/801948
Author: Mats Erik Andersson <deb...@gisladisker.se>
Forwarded: no
Last-Update: 2015-11-24
--- netkit-ftp-ssl-0.17.33+0.2/ftp/ftp.c.orig2 2015-11-24 01:17:35.922740374 +0100
+++ netkit-ftp-ssl-0.17.33+0.2/ftp/ftp.c 2015-11-24 01:21:18.814739561 +0100
@@ -1219,7 +1219,7 @@
hashbytes += 10 * hashstep;
}
}
- if ( c < -1 ) {
+ if ( c < 0 ) {
static char errbuf[1024];
sprintf(errbuf,"ftp: SSL_read DATA error %s\n",
@@ -1228,6 +1228,9 @@
/* tell the user ... who else */
fprintf(stderr,"%s", errbuf);
fflush(stderr);
+
+ /* Make reports express something sensible. */
+ errno = EIO;
}
} else
#endif /* !USE_SSL */
Bug#801948: ftp-ssl downloaded files are 0 size
Onsdag den 28:e Oktober 2015, klockan 09:31, skrev Matus UHLAR - fantomas detta: > >Fredag den 16:e Oktober 2015, klockan 10:22, skrev Matus UHLAR - fantomas > >detta: > > > >produces a tcpdump file where the only clear text parts are > >"AUTH SSL", "AUTH SSL OK", and the plain text contained in > >the certificate, which the server sends to the client. > > did you also look at data connection? For both incoming and outgoing data? tcpdump -r ftpsession -i lo port ftp or port ftp-data > >Can you repeat your exchanges, clearly stating what options Please do state your call. I specifically want to know if you have any debugging turned which might upset socket use. Understood? > >you are feeding to the client. Do you observe a statement > >fairly early containing an encryption selector? This shows > >that encryption is active. > > I have re-tested the session again and the same happened > - the control connnection is encrypted. > - the data fetched through the data connection are encrypted > - the data are not written to the local file, but sent through the data >connection back to server unencrypted. > > what size was the downloaded file on your machine? Identical sizes and empty respons from 'diff'. /MEA
Bug#801948: ftp-ssl downloaded files are 0 size
Package: ftp-ssl Tags: moreinfo Fredag den 16:e Oktober 2015, klockan 10:22, skrev Matus UHLAR - fantomas detta: > > when downloading file via ssl connection, the results are of size 0 and I'm > getting "error" message: > "netin: Success" > > according to strace and tcpdump output, the file is written in plain form > back to the FTP server vi athe data connection instead of output file on > local disk. I can not reproduce this. A short session like $ ftp -z ssl,secure,verbose localhost ... logging in as myself ... ftp> lcd /tmp ftp> get .dput.cf _dput.cf ftp> bye produces a tcpdump file where the only clear text parts are "AUTH SSL", "AUTH SSL OK", and the plain text contained in the certificate, which the server sends to the client. Can you repeat your exchanges, clearly stating what options you are feeding to the client. Do you observe a statement fairly early containing an encryption selector? This shows that encryption is active. Hope to hear from you again, best regards Mats E Andersson
Bug#729666: inetutils-syslogd: Receiving kern.* logs from remote host ...
Hello there, I have just committed a change to the Git head of GNU Inetutils that takes care of this matter, but in itself it is of no con- sequence for the prebuilt packages of Debian. The remedy is to redefine the macro LOG_MAKEPRI in case it applies a bit shift. It is unfortunate that a message of this kind is not directed to the upstream project without mediators like this BTS. Thank you for the analysis of the matter at hand. Best regards, on behalf of GNU Inetutils Mats Erik Andersson
Bug#791813: RFS: ipband/0.8.1-4
Control: tag -1 - moreinfo A portion of utils.c (starting from line 176) seems to originate from glibc and is thus copyrighted by the FSF; this should be mentioned in d/copyright. You may also want to consider updating d/copyright to use DEP-5 [1] while you're at it. In fact I found references also to Richard Stevens and the ntop-project. These and FSF have now been encorporated in a DEP-5 formulation. A date of Stevens' contribution is not clear to me. As for Ntop I wents for '2001-2002' as it covers the time when ipband's author touched on the particular adaption, according to CHANGELOG. In addition, I happened to notice that 'styles.css' never was included in the package and that a minor update of 'examples/ipband.conf-simple' will avoid that a simple minded copy of the template creates '/ipband.txt'. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#791813: RFS: ipband/0.8.1-4
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor of my package ipband: Package name: ipband Version : 0.8.1-4 Upstream Author : Andrew Nevynniy anevy...@russelmetals.com URL : http://ipband.sourceforge.net/ License : GPL-2 Section : net Priority: optional It builds a single binary package: ipband -- daemon for subnet bandwidth monitoring with reporting via email Package information about this proposal is available at http://mentors.debian.net/package/ipband The package can be downloaded with dget, using a simple invocation: dget -x http://mentors.debian.net/debian/pool/main/i/ipband/ipband_0.8.1-4.dsc Changes since last upload are: * Updating to Standards 3.9.6, compatibility 9. * debian/control: Build depends on debhelper (= 9). * debian/compat: Updated. * Hardening of executables. + debian/patches/01_fix_makefile.diff: Renamed and updated. + debian/rules: Set and export CFLAGS, CPPFLAGS, and LDFLAGS. * Replace the date macro to achieve reproducible builds. + debian/patches/05_reproducible_timestamp.diff: New file. + debian/rules: Update CPPFLAGS. * Set formal user 'ipband' as origin of mail message. + debian/patches/04_check_mailer_strings.diff: Updated. * [lintian] Source the LSB collection of init-functions. + debian/ipband.init: Updated. Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#790692: wheezy-pu: package ftpd-ssl/0.17.33+0.3-1+deb7u1
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu
Hello all,
I would like to proceed with an update also to
oldstable/wheezy of the SSL-enhanced FTP server
built from linux-ftpd-ssl. It deals with the
same denial of service as was established in
the report #788331, and the remedy is identical
to the one applied to testing as well has been
queued for jessie-pu. The relevant debdiff is
herewith attached.
Best regards,
Mats Erik Andersson, present maintainer of linux-ftpd-ssl.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/changelog
linux-ftpd-ssl-0.17.33+0.3/debian/changelog
--- linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2011-04-20 03:47:23.0
+0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2015-06-30 01:04:24.0
+0200
@@ -1,3 +1,11 @@
+linux-ftpd-ssl (0.17.33+0.3-1+deb7u1) wheezy; urgency=medium
+
+ * QA Upload
+ * NLST of empty directory results in segfault. (Closes: #788331)
++ debian/patches/500-ssl.diff: Updated.
+
+ -- Mats Erik Andersson mats.anders...@gisladisker.se Tue, 30 Jun 2015
01:04:03 +0200
+
linux-ftpd-ssl (0.17.33+0.3-1) unstable; urgency=low
* Update to linux-ftpd 0.17-33.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff
linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff
--- linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2011-04-20
03:47:23.0 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2015-06-16
13:46:42.0 +0200
@@ -3,7 +3,7 @@
Origin:
ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz
Forwarded: not-needed
Author: Tim Hudson t...@cryptsoft.com
-Last-Update: 2010-06-21
+Last-Update: 2015-06-11
Index: linux-ftpd-ssl/ftpd/Makefile
===
@@ -917,10 +917,12 @@
byte_count += strlen(nbuf) + 1;
}
}
-@@ -2705,6 +3193,13 @@
+@@ -2704,8 +3193,16 @@
+ reply(226, Transfer complete.);
transflag = 0;
- if (dout != NULL)
+- if (dout != NULL)
++ if (dout != NULL) {
+#ifdef USE_SSL
+if (ssl_data_active_flag (ssl_data_con!=NULL)) {
+ SSL_free(ssl_data_con);
@@ -929,8 +931,10 @@
+ }
+#endif /* USE_SSL */
(void) fclose(dout);
++ }
data = -1;
pdata = -1;
+ out:
@@ -2792,3 +3287,223 @@
}
#endif/* TCPWRAPPERS */
Bug#778024: Patch for build failure
Monday den 29 June 2015 klockan 04:48 skrev Potter, Tim (Cloud Services) detta: tags 778024 + patch thanks Hi there. Here?s a quick patch to fix the build under g++-5. Not sure whether this should be an upstream patch or one in debian/patches. I have already applied an identical patch to an updated package 4.2-8, which sits at 'mentors.debian.net' awaiting a willing sponsor. The change is in 'debian/patches/30-ipv6.diff'. Thanks for the indirect verification of my action! Best regards, Mats E Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#790245: jessie-pu: package ftpd-ssl/0.17.33+0.3-1deb8u1
Saturday den 27 June 2015 klockan 23:11 skrev Adam D. Barratt detta: Please go ahead, thanks (bearing in mind the notes above). I have uploaded a built package to 'mentors.debian.net'. It is the only location known to be accessible to me. Tell me if I should deposit the package somewhere else. Well, it'll need to get to ftp-master in order to be accepted, but mentors is likely as good a place as any to make it available for potential sponsors. This reminds me that there is a short time window at ftp-master where my package is available also without an accepted GPG-key. I have just uploaded the built package to '/pub/UpLoadQueue/'. It remains to see whether it stays available long enough, and whether a suitable manual intervention is possible. Best regards, Mats E A -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#790245: jessie-pu: package ftpd-ssl/0.17.33+0.3-1deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Dear all,
the SSL-enhanced FTP server built from linux-ftpd-ssl
was recently uncovered to produce a denial of service,
as was demonstrated in #788331. The package has been
updated in testing and unstable, but since the error
is present ever since at least June, 2010 [sic!],
I would like to propose an update also to the stable
package release. The needed change can be made verbatim
with the alteration to unstable. The corresponding
debdiff output and a description is attached.
Best regards,
Mats Erik Andersson, present maintainer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This proposed change protects against #788331,
which in an identical form has been applied
to version 0.17.35+0.3+2, present in testing.
Observe that the update of the source patch
'debian/patches/500-ssl.diff' is the first
change during five years of time, so the very
same change is applicable to old-old-stable!
The problem is that the present server crashes
when the client asks for a name listing, using
the command 'nl', i.e., NLST, of an empty directory.
The cause is missing code block in the original
patch, which can cause the execution of 'fclose(NULL)'
and a segmentation fault. This results in a denial
of service since the server side executable dies.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/changelog
linux-ftpd-ssl-0.17.33+0.3/debian/changelog
- --- linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2011-04-20
03:47:23.0 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2015-06-16 14:00:05.0
+0200
@@ -1,3 +1,11 @@
+linux-ftpd-ssl (0.17.33+0.3-1deb8u1) jessie; urgency=medium
+
+ * QA Upload
+ * NLST of empty directory results in segfault.
++ debian/patches/500-ssl.diff: Updated.
+
+ -- Mats Erik Andersson mats.anders...@gisladisker.se Tue, 16 Jun 2015
13:47:15 +0200
+
linux-ftpd-ssl (0.17.33+0.3-1) unstable; urgency=low
* Update to linux-ftpd 0.17-33.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff
linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff
- --- linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff2011-04-20
03:47:23.0 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2015-06-16
13:46:42.0 +0200
@@ -3,7 +3,7 @@
Origin:
ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz
Forwarded: not-needed
Author: Tim Hudson t...@cryptsoft.com
- -Last-Update: 2010-06-21
+Last-Update: 2015-06-11
Index: linux-ftpd-ssl/ftpd/Makefile
===
@@ -917,10 +917,12 @@
byte_count += strlen(nbuf) + 1;
}
}
- -@@ -2705,6 +3193,13 @@
+@@ -2704,8 +3193,16 @@
+ reply(226, Transfer complete.);
transflag = 0;
- - if (dout != NULL)
+- if (dout != NULL)
++ if (dout != NULL) {
+#ifdef USE_SSL
+if (ssl_data_active_flag (ssl_data_con!=NULL)) {
+ SSL_free(ssl_data_con);
@@ -929,8 +931,10 @@
+ }
+#endif /* USE_SSL */
(void) fclose(dout);
++ }
data = -1;
pdata = -1;
+ out:
@@ -2792,3 +3287,223 @@
}
#endif/* TCPWRAPPERS */
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iEYEARECAAYFAlWJ6asACgkQG7N1M011A3anNwCgyPrqn5d2yohLGIFoywmPytA7
HaUAnRX79aB4IjjCY/RUpmUVXNIO81K0
=vgHI
-END PGP SIGNATURE-
Bug#790237: RFS: netpipes/4.2-8 [RC] -- avoid FTBFS with gcc-5.
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor of my package netpipes: Package name: netpipes Version : 4.2-8 Upstream Author : Robert Forsman th...@purplefrog.com URL : http://web.purplefrog.com/~toth/netpipes/ License : GPL Section : net Priority: optional It builds one binary package: netpipes - manipulate BSD TCP/IP stream sockets To get further information about this package, visit the URL: http://mentors.debian.net/package/netpipes Alternatively, the package can be downloaded with dget using the command: dget -x http://mentors.debian.net/debian/pool/main/n/netpipes/netpipes_4.2-8.dsc Changes since last upload are minimal: * Updating to Standards 3.9.6, compatibility 9. * FTBFS with gcc-5. (Closes: #778024) + debian/patches/30-support_ipv6.diff: Updated. The old package, of version 4.2-7, is scheduled for removal from testing on July 10th, so time is slightly limited. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#790237: RFS: netpipes/4.2-8 [RC] -- avoid FTBFS with gcc-5.
Saturday den 27 June 2015 klockan 21:04 skrev Andrew Shadura detta: On 27 June 2015 at 19:55, Mats Erik Andersson mats.anders...@gisladisker.se wrote: Package name: netpipes Version : 4.2-8 Upstream Author : Robert Forsman th...@purplefrog.com URL : http://web.purplefrog.com/~toth/netpipes/ License : GPL The homepage URL seems to be slightly outdated :) My misprint unfortunately makes it invalid, but the correct URL is valid, present, but very much dormant: http://web.purplefrog.com/~thoth/netpipes/ Note the correct user name 'thoth'! Sorry for that lapse. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#790245: jessie-pu: package ftpd-ssl/0.17.33+0.3-1deb8u1
Saturday den 27 June 2015 klockan 19:27 skrev Adam D. Barratt detta:
On Sat, 2015-06-27 at 19:47 +0200, Mats Erik Andersson wrote:
was recently uncovered to produce a denial of service,
as was demonstrated in #788331.
That bug should be closed in the changelog.
Right, for unstable it was closed by 0.17.35+0.3-2.
While at it, I added a 'found' also for the presently
relevant version 0.17.33+0.3-1.
+linux-ftpd-ssl (0.17.33+0.3-1deb8u1) jessie; urgency=medium
That should be 0.17.33+0.3-1+deb8u1.
Corrected.
since the error is present ever since at least June, 2010
[sic!], I would like to propose an update also to the stable
Please go ahead, thanks (bearing in mind the notes above).
I have uploaded a built package to 'mentors.debian.net'.
It is the only location known to be accessible to me.
Tell me if I should deposit the package somewhere else.
The new deb diff is attached.
Have you considered preparing updates for wheezy and squeeze-lts?
Yes, but I need to prepare clean build environments to do so.
Best regards,
Mats E A
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/changelog linux-ftpd-ssl-0.17.33+0.3/debian/changelog
--- linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2011-04-20 03:47:23.0 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/changelog 2015-06-27 22:27:06.0 +0200
@@ -1,3 +1,11 @@
+linux-ftpd-ssl (0.17.33+0.3-1+deb8u1) jessie; urgency=medium
+
+ * QA Upload
+ * NLST of empty directory results in segfault. (Closes: #788331)
++ debian/patches/500-ssl.diff: Updated.
+
+ -- Mats Erik Andersson mats.anders...@gisladisker.se Sat, 27 Jun 2015 22:17:53 +0200
+
linux-ftpd-ssl (0.17.33+0.3-1) unstable; urgency=low
* Update to linux-ftpd 0.17-33.
diff -Nru linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff
--- linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2011-04-20 03:47:23.0 +0200
+++ linux-ftpd-ssl-0.17.33+0.3/debian/patches/500-ssl.diff 2015-06-16 13:46:42.0 +0200
@@ -3,7 +3,7 @@
Origin: ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz
Forwarded: not-needed
Author: Tim Hudson t...@cryptsoft.com
-Last-Update: 2010-06-21
+Last-Update: 2015-06-11
Index: linux-ftpd-ssl/ftpd/Makefile
===
@@ -917,10 +917,12 @@
byte_count += strlen(nbuf) + 1;
}
}
-@@ -2705,6 +3193,13 @@
+@@ -2704,8 +3193,16 @@
+ reply(226, Transfer complete.);
transflag = 0;
- if (dout != NULL)
+- if (dout != NULL)
++ if (dout != NULL) {
+#ifdef USE_SSL
+if (ssl_data_active_flag (ssl_data_con!=NULL)) {
+ SSL_free(ssl_data_con);
@@ -929,8 +931,10 @@
+ }
+#endif /* USE_SSL */
(void) fclose(dout);
++ }
data = -1;
pdata = -1;
+ out:
@@ -2792,3 +3287,223 @@
}
#endif /* TCPWRAPPERS */
Bug#784193: debarchiver: Portuguese translation is still missing.
Package: debarchiver Version: 0.10.4 Severity: important The maintainer has forgotten to produce and to add the file po4a/debarchiver.add.pt causing the build target 'all' to fail completely, thus discarding all translated manual pages. In addition to the above file, clearly the setting in 'po4a/po4a.cfg' is so sensitive to the existence of all language templates mentioned in section 'type: pod', that a single missing file (./debarchiver.add.pt in this case) overthrows the production of all other language targets. Is the software 'po4a' to blame, or just this file 'po4a.cfg'? I am not confident enough with 'po4a' to pass a judgment. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#784183: debarchiver: Incomplete upstream version string.
Package: debarchiver
Version: 0.10.4
Severity: important
Hello there,
ever since version 0.6.3 was released, in 2006, the code
for checking duplicate upstream version has been defective.
The variable '$upstream_version' is populated with the
upstream version string of the original archive, but the
variable '$upver' is late queried for its content, which
is invariably empty! In practice this means that debarchiver
is more inclined to refuse the removal of the incoming archive,
than to carelessly remove it.
This coding error would have been elementary, should the
software have been written with strictures turned on.
Best regards,
Mats Erik Andersson
Index: src/debarchiver.pl
===
--- src/debarchiver.pl (revision 1)
+++ src/debarchiver.pl (arbetskopia)
@@ -2167,7 +2167,7 @@
# only do checks of processing source tarballs
if ($file =~ m/.tar.gz$/) {
my @upstream_version = split(/-/, $ver);
- $upstream_version = $upstream_version[0];
+ my $upver = $upstream_version[0];
# get list of remaining *.changes files of this package upstream
# version
Index: patches/multiple_packages_one_orig_v2.diff
===
--- patches/multiple_packages_one_orig_v2.diff (revision 1)
+++ patches/multiple_packages_one_orig_v2.diff (arbetskopia)
@@ -35,7 +35,7 @@
+ # only do checks of processing source tarballs
+ if ($file =~ m/.tar.gz$/) {
+ my @upstream_version = split(/-/, $ver);
-+ $upstream_version = $upstream_version[0];
++ my $upver = $upstream_version[0];
+
+ # get list of remaining *.changes files of this package
upstream
+ # version
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781061: inetutils-ftp: Please use alternatives subsystem.
Tuesday den 24 March 2015 klockan 18:16 skrev Guillem Jover detta: On Mon, 2015-03-23 at 23:28:57 +0100, Mats Erik Andersson wrote: The standard package 'ftp_0.17-32', now available in 'experimental', is using the alternatives subsystem for 'ftp', as is also 'ftp-ssl_0.17.32+0.2-1', likewise in experimental at the moment. It would be nice to see also this client adapted to that mechanism in due time, i.e., after next release when the above packages will progress to 'unstable'. Hmm, but inetutils-ftp is already using alternatives: Right, I was not accurate enough. As maintainer of netkit-ftp and netkit-ftp-ssl I have recently made sure that all of ftp, pftp, ftp.1.gz, pftp.1.gz, netrc.5.gz can be handed over to the alternatives subsystem, without conflicts. On the other hand, in my work as upstream developer of GNU Inetutils, I have also implemented the ability in the executable 'inetutils-ftp' to react properly when invoked as 'pftp'. This opens a possibility in letting the Debian package 'inetutils-ftp' broaden its use of the alternatives system beyond ftp, ftp.1.gz which is its only scope at the moment. My intention of this report was thus to see at least pftp, pftp.1.gz added to the alternatives handler also for this package. Unfortunately I have to admit that GNU Inetutils is not friendly enough to provide a separately accessible 'netrc.5', so the closest approximation is to equate 'inetutils-ftp.1' with 'netrc.5'. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#781061: inetutils-ftp: Please use alternatives subsystem.
Package: inetutils-ftp Version: 1.9.2.39.3a460-3 Severity: wishlist The standard package 'ftp_0.17-32', now available in 'experimental', is using the alternatives subsystem for 'ftp', as is also 'ftp-ssl_0.17.32+0.2-1', likewise in experimental at the moment. It would be nice to see also this client adapted to that mechanism in due time, i.e., after next release when the above packages will progress to 'unstable'. Best regards, Mats Erik Andersson, maintainer of netkit-ftp. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780885: inetutils-ftp: Unable to use alias name in netrc file.
Package: inetutils-ftp Version: 1.9.2.39.3a460-3 Severity: normal Hello there, it was recently observed by the upstream developer, after receiving a bug report, that all versions of the FTP client in GNU Inetutils are replacing any host alias by its canonical name just after having established the connection. This is best observed by the fact that a stanza in the netrc file specified for a host alias, different from the corresponding canonical host name, never will be accessed, so any special macro or commands tailored to the alias are ignored. The upstream development tree has mended this issue. Regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780884: inetutils-telnetd: Unable to allow autologin without authentication.
Package: inetutils-telnetd Version: 1.9.2.39.3a460-3 Severity: normal It was recently observed by the upstream developer, after a bug report, that the telnet server is unable to hand the user name over to login(1), when not using Kerberos authentication, which whould be need when the client desires autologin. This means that even when autologin is asked for, the client will still have to repeat his login name before seeing the prompt for his password. Thus this is of no security matter, only a minor nuisance for the remote client. Upstream's development tree has been updated with a solution. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#778315: convert: unrecognized color `darkred' @ warning/color.c/GetColorCompliance/1046.
fredag den 13 februari 2015 klockan 22:09 skrev Paul Wise detta: Processing triggers for menu (2.1.47) ... convert: unrecognized color `darkred' @ warning/color.c/GetColorCompliance/1046. convert: corrupt image `/usr/share/pixmaps/nettoe.xpm' @ error/xpm.c/ReadXPMImage/429. convert: no images defined `/var/lib/fvwm-crystal/icons/Default/22x22/apps/nettoe.png' @ error/convert.c/ConvertImageCommand/3210. Checking the source file desktop/ocross.xpm, two composite colour names are in use: darkblue and darkred with exactly this spelling. A quick look into /etc/X11/rgb.txt reveals the nameing conventions 0 0 139 DarkBlue 0 0 139 dark blue 139 00 DarkRed 139 00 dark red Still the thrown error only catches the red hue, when it should equally well stumble on the blue shade, would spelling be the only issue. Could there be some other artifact in play here? Regards, M E Andersson, upstream author and package maintainer. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#607415: telnetd not draining input from child
package telnetd tag 607415 + pending thanks A solution has been found! The signal handling of SIGCHLD needed to be changed. Regards M E Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#599502: telnetd enters busy loop when program exits too quickly
package telnetd tag 599502 + moreinfo thanks I am not able to reproduce this error with telnet_0.17-36 on a physical i386 system and on a virtual amd64 system. The first still uses the old init system, whereas the latter is running systemd. Both machines use xinetd as superserver. The disturbance does not appear with the experimental 0.17-37. Regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#237268: telnetd: Exported environment variables are not set.
package telnet reassign 237268 telnetd thanks The dominant cause for this behaviour lies within the server built from the same source package. In fact two causes are rather straightforward: 1. The server telnetd built from netkit-telnet is not able to process variables transmitted as USERVAR, as is specified in RFC 1572. A Solaris client would transmit $FOO, as in the initial report, as a USERVAR to the server, whereas our client built from netkit source, would denote it as VAR. This is an acceptable protocol variation. 2. The direct cause of failure is the fact that the original source for telnetd-0.17 maintains a short and hard-coded list of variable names to accept into the environment. All other variables are dis- carded! To be exact TERM, DISPLAY, USER, LOGNAME, POSIXLY_CORRECT are the only acceptable variables. 2'. The code for parsing ENVIRON in telnetd-0.17 is in fact adapted to the legacy BSD convention OLD-ENVIRON, except that a macro has been altered to run the same code only with NEW-ENVIRON, and other- wise to decline any processing of OLD-ENVIRON. An effort to rework said code portion to strictly follow the better protocol NEW-ENVIRON is a prerequisite before the hard-coded list should be relaxed. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774454: ftp-ssl: Continuation response from server is broken.
Package: ftp-ssl Version: 0.17.23+0.2-1+b1 Severity: normal The server can respond with so called continuation messages, i.e., multiline response on the control channel. These are broken in at least two cases during an SSL protected session. Remarkably they also display different behaviour in each case.i It is therefore not inconceivable that the server is partially to blame here, but this needs deeper analysis than is available at this moment. 1. Silently discarding a message contents of rstat: $ ftp -v -d localhost ... --- AUTH SSL 234 AUTH SSL OK [SSL Cipher AES256-GCM-SHA384] --- USER egon ... --- SYST 215 UNUX Type: L8 (Linux) Remote system type is UNIX. Using binary mode to transfer files. ftp rstat 211- dunder.example.com FTP server status: 211 End of status ftp 2. Correctly presenting one-lined response, but breaking down on continuation formed response: ftp rhelp auth --- HELP auth 214 Syntax: AUTH sp auth_type ftp ftp rhelp --- HELP 214- The following commands are recognized (* ='s unimplemented). ssl_getc: SSL_read failed -1 = 0 421 Service not available, remote server has closed connection ftp It should be added that these faults are unrelated to #774184, as this latter bug is mendable without any effects on the present complaints. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774455: ftp-ssl: Proxy connections are impossible with active SSL.
Package: ftp-ssl Version: 0.17.23+0.2-1+b1 Severity: important It has remained unobserved since years back, that once the main connection is protected by SSL, an attempt to build a proxy connection will block the proxy session: $ ftp -v -d localhost ... --- AUTH SSL 234 AUTH SSL OK. [SSL Cipher AES256-GCM-SHA384] --- USER egon ... --- SYST ... Using binary mode to transfer files. ftp proxy open vbox Connected to vbox. nl ^C ssl_getc: SSL_read failed -1 = 4 ftp The ordinary session is still functional, but the proxied connection attempt must be forcefully interrupted. Quickly perusing the source code, including SSL patching, makes it clear that exactly one control channel is available with SSL, and that the same connection context is applied also on the proxy session, thus unveiling the observed failure. In conclusion, major updates are needed to resolve the issue, including modification to pswitch() in order that the primary and proxy session are interchanged correctly as demand arises. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#774184: ftp-ssl: Failed SSL context during second connection.
Package: ftp-ssl Version: 0.17.23+0.2-1+b1 Severity: important I have discovered that the client is unable to initiate an SSL context for a new connection in the same session, when a first connection has been closed properly: $ ftp -d -v -n ftp open localhost ... --- AUTH SSL 234 AUTH SSL OK. [SSL Cipher AES256-GCM-SHA384] --- SYST 530 Please login with USER and PASS. ... ftp close --- QUIT 221 Goodbye. ftp open localhost Connected to localhost. ssl_getc: SSL_read failed -1 = 0 421 Service not available, remote server has closed connection ftp bye On the remote end I have ftpd-ssl_0.17.33+0.3-1 running. Best regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#635180: [ftpd-ssl] Configuration file /etc/ftpd-ssl/ftpd.pem not found.
It is in my opinion far better not to generate a default certificate at first install time, than to produce something prone to be an attack vector. Therefore the next packaging of ftpd-ssl will include some informational messages to inform about the missing certificate, and will also contribute an elementary discription for manual remedy of this fact. The bug will remain present for documental purposes. Regards, Mats Erik Andersson, the next maintainer of this package. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#761976: [INTL:sv] Swedish strings for webfs debconf
onsdag den 17 september 2014 klockan 14:11 skrev Martin Bagge detta: package: webfs severity: wishlist tags: patch l10n Please consider to add this file to translation of debconf. Can this be reconciled with #760194, which provides an alternate set of translations? Regards, Mats E Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746159: webfs: gcrypt dependency only needed for older gnutls versions
Thank you for the reference. An important consistency follows. söndag den 27 april 2014 klockan 16:07 skrev Andreas Metzler detta: [1] gnutls 2.12 release announcement: ** libgnutls: Added gnutls_global_set_mutex() to allow setting #if GNUTLS_VERSION_NUMBER = 0x020b00 gcry_control(...) #endif This rewrites as $ pkg-config --exists 'gnutls = 2.12' Your reference patch, as applied to xxxterm, primes these instances: +++ xxxterm-1.11.3/debian/changelog 2014-04-27 15:37:45.0 +0200 + * 0007-Unnecessary-gcrypt-requirement.diff: Only link against and #include +gcrypt for gnutls 2.12. +++ xxxterm-1.11.3/debian/patches/0007-Unnecessary-gcrypt-requirement.diff 2014-04-27 15:36:34.0 +0200 + Only link against and #include gcrypt for gnutls 2.12. ++REQUIREGCRYPT := $(shell if pkg-config --exists 'gnutls 2.12' ; then echo -lgcrypt ; fi ) The difference between pkg-config --exist 'gnutls 2.12' and #if GNUTLS_VERSION_NUMBER = 0x020b00 is non-empty, namely the single version 2.12. Can this be intended? Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745711: AW: downtimed -- monitor of downtime, shutdown, and crashes
fredag den 9 maj 2014 klockan 08:01 skrev John Paul Adrian Glaubitz detta: On 05/08/2014 01:26 PM, Stefan Bauer wrote: -Ursprüngliche Nachricht- Von:John Paul Adrian Glaubitz glaub...@physik.fu-berlin.de Unless the other person who you think should adopt the package is going to step up and do it right away, I have no problem in supporting Stefan's efforts and sponsoring his upload. Hi, a few days passed by but no response from either Mats or anyone else with the intention to do the adoption. :) It would be kind to get the package sponsored :) Yes, I agree. The package is set as orphan and you're the only one to step in. I will have a look at the package tomorrow. Today is a bit too busy. Jörg Frings-Fürst expressed his wish to adopt this package on April 24th, less than one day after my publication of the RFA. Stefan Bauer is clearly in a rush to get this package, inspite of a thorough analysis made by Paul Wise as to the the situation with two competing contenders for this package. His letter was sent to Bauer, Frings-Fürst and myself, so I see no reason to be in any hurry. I am not in a position to do any sponsoring, so you carry all responsibility in this matter. I do not care any longer. M E Andersson Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 -- Mats Erik Andersson, fil. dr mats.anders...@gisladisker.se 2459 41E9 C420 3F6D F68B 2E88 F768 4541 F25B 5D41 Abonnerar på: debian-mentors, debian-devel-games, debian-perl, debian-ipv6, debian-qa -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#732937: dpkg: fails somewhat regularly on kfreebsd-amd64
fredag den 9 maj 2014 klockan 14:16 skrev Stefano Rivera detta: This appears fixed with 1.0.3. I was getting it on almost every package installation, and now, with apt 1.0.3, I could complete a 300 odd package dist-upgrade without running into the bug. dpkg output is a bit mangled, as if it's missing a CR. No, the problem is that TIOCSCTTY is not automatic on FreeBSD, like it is with eglibc. The disturbing issue is this: Processing triggers for man-db (...) . ioctl(TIOCSCTTY) failed for fd: 18 Setting up ... I have not been able to figure out which component, to whom apt-get is delegating actions, would be the culprit in this matter. Regards, M E Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745711: RFA: downtimed -- monitor of downtime, shutdown, and crashes
Hello there, this is the previous maintainer talking. I object at the intent to adopt this package without my knowledge, since I already have found one candidate and whose name is ___not___ Stefan Brauer. As far as I understand the Debian policy documents and good conduct, the publication of an RFA does not declare a package to be public prey, to be handled by arbitrary means, ignoring the previous maintainer. Regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746369: AW: Bug#746369: RFS: downtimed/0.6.2
torsdag den 1 maj 2014 klockan 10:59 skrev Stefan Bauer detta: -Ursprüngliche Nachricht- Von: Cameron Norman camerontnor...@gmail.com One thing I noticed is that upstream has an Upstart job, but you are not shipping it. Simply making a symlink from debian/downtimed.upstart to startup-scripts/upstart-startup.conf should do the trick. Updated package is present on mentors with the appropriate upstart link. Nothing is settled as to Stefan Bauer being accepted as the new maintainer. Regards, Mats E Andersson, DM and present maintainer of downtimed. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745711: RFA: downtimed -- monitor of downtime, shutdown, and crashes
Package: wnpp Severity: normal I desire to hand maintainership over to somebody else. The upstream author is releasing updated archives slowly, but steadily, since not much needs updating. Regards, M E Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#736481: nettoe: FTBFS due to test suite failures
Hello there, Mats Erik Andersson, upstream author of Nettoe said the FTBFS is caused by a build environment lacking a defined TERM. The way to tell ./configure that TERM is not defined is to pass --without-terminfo to it. We decided that it was better to pass --without-terminfo to ./configure than to set TERM to something that could be incorrect. Well, then just always pass --without-terminfo to it? Okay, I'll do that. I'll prepare another NMU. Let me point out that I have published a new version in my capacity as the upstream author, and that I am also in this very moment beginning to prepare a new Debian package for 1.5.1-1. The upstream code has seen a change in test/terminfo.c to always succeed, even if TERM is unset in the environment. Furthermore, configure.ac has been modified to pass an explicit linking flag, which manages the inteded linking against libtinfo on GNU/Linux, FreeBSD, and OpenIndiana. The first issue takes care of the architecture discrepancies, and the second issue covers the work-around implemented by Ubuntu's package maintainer. Best regards, M E Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#740014: pf: Misplaced or missing manpage pf.os(5).
tisdag den 25 februari 2014 klockan 13:13 skrev Robert Millan detta: Hi Mats, On 24/02/2014 23:21, Mats Erik Andersson wrote: Package: pf Version: 9.2+ds1-1 9.2 is to be replaced soon. Have you checked in 10.0? As I somewhat cloudily said in the first report, the source of 10.0 does not contain pf.os.5.gz, because the upstream source directory release/10.0.0/contrib/pf/man no longer exists, which is what our freebsd-utils presupposes. This is due to the fact that upstream FreeBSD has rewritten pf(4) natively for SMP and thus has made pfctl(8) and pflogd(8) code of its own. The manual page claimed for this bug report do exists, but in a new location: release/10.0.0/shanre/man/man5/pf.os.5 as should be hoped for (but I did not realize yesterday!). Regards, Mats E A -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#740014: pf: Misplaced or missing manpage pf.os(5).
Package: pf Version: 9.2+ds1-1 Severity: normal The manual page pf.os(5) is of at least some importance for anyone using pf(4). However, the package pf is in versions 9.0+ds1 and 9.s+ds1 diverting the page to /usr/share/man/os/man/man5/pf.5.gz (observe the intermediary directory 'os' and the lack of the complete name 'pf.os.5.gz'). At the same time, said page is completely lacking in version 10.0. This latter fact is explained by the removal of src/contrib/pf/man from the source of FreeBSD-10. However, our source freebsd-utils_9.2+ds1.orig.tar.gz does really deliver freebsd-utils-9.2+ds1/src/contrib/pf/man/ freebsd-utils-9.2+ds1/src/contrib/pf/man/pf.os.5 freebsd-utils-9.2+ds1/src/contrib/pf/man/pf.conf.5 freebsd-utils-9.2+ds1/src/contrib/pf/man/pf.4 freebsd-utils-9.2+ds1/src/contrib/pf/man/pflog.4 freebsd-utils-9.2+ds1/src/contrib/pf/man/pfsync.4 but somehow debian/pf.manpages confuses dh_installman into rewriting pf.os.5 severely. I fail to understand the cause of this. Regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#737717: Please add securelevel(7).
Package: freebsd-manpages Version: 9.2+1-1 Severity: normal Please add the manual page securelevel(7) as it is an essential ingredient in any BSD system. We do not want users of kFreeBSD to be ignorant of those facts. Regards, Mats Erik Andersson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#736716: Please raise package priority.
Package: freebsd-manpages Version: 8.2-1 Severity: normal This package has priority optional, meaning it will not get installed except by a manual intervention of the system operator, in spite of the package containing information vital to the proper operation of a GNU/kFreeBSD system. Please raise the package priority to important and do also assign it to architecture kfreebsd-any in order that the users of GNU/Linux not complain too loudly. Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#736720: Interrelation between this package and Linux manpages.
Package: freebsd-manpages Version: 8.2-1 Severity: normal A standard installation of GNU/kFreeBSD, with a manual addition of freebsd-manpages, will result in a mixture of Linux-only manpages, FreeBSD manpages, and glibc manpages. A typical example is this: $ man -a -w socket /usr/share/man/man2/socket.2.gz(Linux oriented) /usr/share/man/man2/socket.2freebsd.gz /usr/share/man/man9/socket.9freebsd.gz /usr/share/man/man7/socket.7.gz(Linux oriented) /usr/share/man/man3/socket.3pm.gz Observe that a Linux oriented page is preferred. One mechanism to resolve this inconvenience is to manually insert 2freebsd and 4freebsd into the manpage search order, like so: ### /etc/manpath.config SECTION 1 n l 8 3 2freebsd 2 3posix 3pm 3perl 5 4freebsd 4 9 6 7 The only change to the official content is the insertion of the FreeBSD related sections. A loose idea would be to influence the package man-db to export such a line for kfreebsd-any. Another mode of attack would be to convince the package manpages to separate its Linux-only pages into a separate package, but this latter mode would still lead to some ambiguity concerning the ordering of FreeBSD and glibc pages. Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#736481: nettoe: FTBFS due to test suite failures
Let me for the record add a comment that the test suite
can fail of exactly one reason:
/* test/terminfo.c */
if ((sp = getenv(TERM)) == NULL) {
printf();
exit(EXIT_FAILURE);
}
Thus the observed FTBFS is caused by a build environment
lacking a defined TERM.
I am unable to reproduce the failure on i386 using
$ pbuilder --build --twice ...
Could it be that libtinfo-dev_5.9+20140118-1 is interfering?
But on the other hand, my pbuilder call generates the same
dependency on libncurses.
Regards,
Mats Erik Andersson, upstream author of Nettoe.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#736562: pu: package rush_1.7+dfsg-1+deb7u1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertag: pu
Dear supervisors,
I would like to pledge for an update of the package
rush_1.7+dfsg-1
within the stable release. The cause is CVE-2013-6889:
http://bugs.debian.org/733505
The matter concerns file access elevation due to SUID-bit
when running the software in test mode.
The issue has been resolved and uploaded to unstable in
rush_1.7+dfsg-4
and I propose the identical patching for the package kept
in the stable release. The upstream project has incorporated
my patch verbatim in its repository. The solution was to reset
the effective user identification then running in test mode,
thus cancelling all ill effects.
The complete debdiff of the package, as deposited at mentors.d.n,
is included below.
Best regards,
Mats Erik Andersson, maintainer of GNU Rush
diff -Nru rush-1.7+dfsg/debian/changelog rush-1.7+dfsg/debian/changelog
--- rush-1.7+dfsg/debian/changelog 2011-07-06 17:48:31.0 +0200
+++ rush-1.7+dfsg/debian/changelog 2014-01-24 22:10:50.0 +0100
@@ -1,3 +1,10 @@
+rush (1.7+dfsg-1+deb7u1) stable; urgency=high
+
+ * Attend to CVE-2013-6889, file access escalation.
++ debian/patches/cve_2013_6889.diff: New file.
+
+ -- Mats Erik Andersson mats.anders...@gisladisker.se Fri, 24 Jan 2014 22:01:24 +0100
+
rush (1.7+dfsg-1) unstable; urgency=low
* Initial release. (Closes: #515198)
diff -Nru rush-1.7+dfsg/debian/patches/cve_2013_6889.diff rush-1.7+dfsg/debian/patches/cve_2013_6889.diff
--- rush-1.7+dfsg/debian/patches/cve_2013_6889.diff 1970-01-01 01:00:00.0 +0100
+++ rush-1.7+dfsg/debian/patches/cve_2013_6889.diff 2014-01-19 16:42:45.0 +0100
@@ -0,0 +1,27 @@
+Description: CVE-2013-6889, elevated access.
+ The executable will, when used with SUID-bit set,
+ allow opening and reading access to every system
+ file also by an unprivileged user, whenever invocation
+ is done in testing mode, i.e., using '-t' without '-u'.
+ .
+ Prevent this mistake by resetting the effective user
+ identification to the real user identification when-
+ ever testing mode is asked for.
+Author: Mats Erik Andersson deb...@gisladisker.se
+Forwarded: yes
+Bug-Debian: http://bugs.debian.org/733505
+Last-update: 2014-01-16
+
+--- rush-1.7+dfsg.debian/src/rush.c
rush-1.7+dfsg/src/rush.c
+@@ -913,6 +913,10 @@ main(int argc, char **argv)
+ } else if (argc optind)
+ die(usage_error, NULL, _(invalid command line));
+
++ /* Step down from SUID when running in test mode. */
++ if (lint_option)
++ setuid(getuid());
++
+ if (test_user_name) {
+ struct passwd *pw = getpwnam(test_user_name);
+ if (!pw)
diff -Nru rush-1.7+dfsg/debian/patches/series rush-1.7+dfsg/debian/patches/series
--- rush-1.7+dfsg/debian/patches/series 2011-04-18 14:07:15.0 +0200
+++ rush-1.7+dfsg/debian/patches/series 2014-01-24 13:12:34.0 +0100
@@ -1,2 +1,3 @@
dfsg_reduction.diff
tcpmux_service.diff
+cve_2013_6889.diff
Bug#723840: wmaker: Position of flags for 'find'.
Package: wmaker Version: 0.95.3-2 Severity: minor Tags: patch Hello there the shell script wmaker uses the flags -mindepth and -maxdepth out-of-order for find(1). It results in two unnecessary warnings. Best regards, Mats Erik Andersson, DM --- usr/bin/wmaker.orig 2012-05-27 00:30:44.0 +0200 +++ usr/bin/wmaker 2013-09-20 12:36:09.0 +0200 @@ -63,7 +63,7 @@ if [ -f $gs_defaults/WMGLOBAL ] ; then $convertfonts --keep-xlfd $gs_defaults/WMGLOBAL fi -find $wm_styles -type f -print0 -mindepth 1 -maxdepth 1 | +find $wm_styles -mindepth 1 -maxdepth 1 -type f -print0 | xargs -0 -r -n 1 $convertfonts --keep-xlfd touch $wm_base/.fonts_converted fi -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722994: dwm: Unused patch 03-transparent-makefile.patch
Package: dwm Version: 6.0-5 Severity: important The maintainer has cunningly managed to reformat the patch 03-transparent-makefile.patch so far as to make it unused and even unable as a difference file. The file header must be formatted as Forwarded: not-needed --- a/Makefile +++ b/Makefile in order to be recognized, not the present Forwarded: not-needed--- a/Makefile +++ b/Makefile Better would be a blank line below Forwarded for clarity. This error is present is also in 6.0-4, i.e., on the source for Wheezy. Please amend this as soon as possible, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722994: dwm: Unused patch 03-transparent-makefile.patch
söndag den 15 september 2013 klockan 14:06 skrev Vasudev Kamath detta: Control: severity -1 normal On Sun, Sep 15, 2013 at 1:42 PM, Mats Erik Andersson mats.anders...@gisladisker.se wrote: The maintainer has cunningly managed to reformat the patch 03-transparent-makefile.patch so far as to make it unused and even unable as a difference file. Cunningly! I'm surprised by your words why would I cunningly do this please consider using appropriate word when reporting bugs. Now coming You edited the difference file and injured its functionality. The only relevant action is to add a documentation header on top of the patch, not to modify its inherent capability or format. to the part it indeed missed my eyes but patch still works. did you try applying it using quilt push -a? If not check below output It fails when executing # apt-get source dwm on a Wheezy system. That is enough to merit a bug report. Demanding a quilt push -a is beyond the standard behaviour. [vasudev@rudra: ~/Documents/Debian/collab-maint/dwm/ ]% quilt push -a Applying patch 03-transparent-makefile.patch patching file Makefile Applying patch 01-term-cmd-replace.patch patching file config.def.h Hunk #1 succeeded at 47 (offset 1 line). Applying patch 02-dpkg-buildflags.patch patching file config.mk and while building I: using cowbuilder as pbuilder dpkg-buildpackage: source package dwm dpkg-buildpackage: source version 6.0-5 dpkg-buildpackage: source distribution unstable dpkg-buildpackage: source changed by Vasudev Kamath kamathvasu...@gmail.com dpkg-source --before-build dwm dpkg-source: info: using options from dwm/debian/source/local-options: --unapply-patches --abort-on-upstream-changes dpkg-source: info: using options from dwm/debian/source/options: --compression=gzip --compression-level=9 dpkg-source: warning: diff `dwm/debian/patches/03-transparent-makefile.patch' doesn't contain any patch dpkg-source: warning: diff `dwm/debian/patches/03-transparent-makefile.patch' doesn't contain any patch Here goes: doesn't contain any patch The patch text was rejected. Case proved! dpkg-source: info: applying 03-transparent-makefile.patch dpkg-source: info: applying 01-term-cmd-replace.patch dpkg-source: info: applying 02-dpkg-buildflags.patch fakeroot debian/rules clean The file header must be formatted as Forwarded: not-needed --- a/Makefile +++ b/Makefile in order to be recognized, not the present Forwarded: not-needed--- a/Makefile +++ b/Makefile Better would be a blank line below Forwarded for clarity. This happened mainly because of not putting new line while editing patch using quilt header -e for the first time. Exactly! This is where you err, as I have pointed out. This error is present is also in 6.0-4, i.e., on the source for Wheezy. Please amend this as soon as possible, I will fix this in my next upload also I don't see any reson for bug to be marked as important [1] so I've downgraded it to normal. Fair enough. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722919: RFS: windowlab/1.40-2
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package windowlab Package name: windowlab Version : 1.40-2 Upstream Author : Nick Gravgaard m...@nickgravgaard.com URL : http://nickgravgaard.com/windowlab/ License : GPL-2 and original Aewm and 9wm. Section : x11 It builds this binary package: windowlab - small and simple Amiga-like window manager The package has been uploaded to http://mentors.debian.net/package/windowlab It is directly accessible via dget -x http://mentors.debian.net/debian/pool/main/w/windowlab/windowlab_1.40-2.dsc Two reported bugs are resolved, but most important is a correction to achieve full hardening of the executable. The changes since the last upload are as follows: * debian/control: + Standards 3.9.4: No changes. + Add build dependency on dpkg-dev (= 1.15.7). + Mend Homepage with correct server location. * debian/rules: + Add targets build-arch and build-indep. + Hardening flags. * debian/copyright: Update format and URL. + Cite 9wm's license from that package and express it separately from the license of aewm. * debian/watch: Correction to URL. * debian/windowlab.desktop: Conform with standards. * debian/patches/10_makefile.patch: Update. + Activate MWM hints. + Avoid explicit linking -L/usr/lib. (Closes: #722865) * debian/patches/30_root_focus.diff: New file. + Pointer visibility error. (Closes: #630494) Regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#721445: cfengine2: Init skript needs better reporting.
Package: cfengine2 Version: 2.2.10-5 Severity: normal Tags: patch As long as cfengine2 is deactivated in /etc/default/cfengine2, the message passing is severely disrupting the flow crafted by log_daemon_msg. Delaying that call until it is known that some part of cfengine2 is in demand will prettify output. Patch included. Best regards, Mats Erik Andersson, DM --- etc/init.d/cfengine2.orig 2012-03-20 21:39:58.0 + +++ etc/init.d/cfengine2 2013-08-25 23:44:06.0 + @@ -91,11 +91,12 @@ case $1 in start) RETVAL=0 - log_daemon_msg Starting cfengine2 case $RUN_CFENVD $RUN_CFEXECD $RUN_CFSERVD in *1*) ;; - *) exit 0;; + *) log_action_msg Cfengine2 is disabled in $DEFAULT + exit 0;; esac + log_daemon_msg Starting cfengine2 if [ $RUN_CFENVD = 1 ]; then ctrl_daemon start $CFENVD fi
Bug#721446: nfsiod: Init script needs output formatting.
Package: freebsd-nfs-common Version: 9.0+ds1-11~deb7u1 Severity: normal Tags: patch As nfsiod is started the executable emits some text. This upsets the message flow crafted by log_msg_*. The following patch silences that glitch. Regards, Mats Erik Andersson, DM --- etc/init.d/nfsiod.orig 2013-03-18 10:32:55.0 + +++ etc/init.d/nfsiod 2013-08-25 23:30:10.0 + @@ -43,7 +43,7 @@ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS \ + $DAEMON_ARGS /dev/null \ || return 2 # Add code here, if necessary, that waits for the process to be ready # to handle requests from services started subsequently which depend
Bug#721448: rpcbind: Init script prints disruptive text.
Package: rpcbind Version: 0.2.0-8 Severity: normal Tags: patch In case rpcbind is already running when the init script is used to issue a second start, the encapsulated use of log_begin_msg twice, makes a mess of output. It is better to delay the only call to log_begin_msg, and to report Already running via log_action_msg. Patch is included. Regards, Mats Erik Andersson, DM --- etc/init.d/rpcbind.orig 2012-06-15 13:57:30.0 + +++ etc/init.d/rpcbind 2013-08-26 15:25:29.0 + @@ -51,14 +51,13 @@ touch $STATEDIR/portmap.xdr fi [ -x /sbin/restorecon ] /sbin/restorecon $STATEDIR/*.xdr -log_begin_msg Starting rpcbind daemon... pid=$( pidofproc /sbin/rpcbind ) if [ -n $pid ] then -log_begin_msg Already running. -log_end_msg 0 +log_action_msg Already running: rcpbind exit 0 fi +log_begin_msg Starting rpcbind daemon... start-stop-daemon --start --quiet --oknodo --exec /sbin/rpcbind -- $@ pid=$( pidofproc /sbin/rpcbind ) echo -n $pid $PIDFILE
Bug#714256: packit: Off-by-one string error.
Package: packit Version: 1.0-2 Severity: important Tags: patch The package source allocates 17 bytes to strings intended for hardware addresses, where in fact 18 are needed due to the trailing null-character. The code is assigning a value to hwadd[17], so errors do happen. Patches are included. Please observe, that these two updating patches are conceived together with a new patch submitted to #652510, so I ask the maintainer to attend to both bugs. Taken together, the set of three patches were instrumental in debugging the package rarpd. Best regards, Mats Erik Andersson, DM From 1523448405c42d09079ec4a15a8f839657f0d14b Mon Sep 17 00:00:00 2001 From: Mats Erik Andersson g...@gisladisker.se Date: Mon, 3 Jun 2013 23:03:18 +0200 Subject: [PATCH 1/3] Off-by-one string error. Strings for hardware addresses are allocated with 17 characters only, neglecting the trailing null-character. Remove tabs for better readability. --- src/inject_defs.h | 10 +- src/print_arp_hdr.c | 4 ++-- src/print_injection.c | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/inject_defs.h b/src/inject_defs.h index b2c4774..e9a56cf 100644 --- a/src/inject_defs.h +++ b/src/inject_defs.h @@ -132,9 +132,9 @@ struct enethdr_opts u_int16_t rand_d_addr; u_int8_t *s_addr; /* source ethernet address string */ -u_int8_t shw_addr[17]; +u_int8_t shw_addr[18]; u_int8_t *d_addr; /* destination ethernet address string */ -u_int8_t dhw_addr[17]; +u_int8_t dhw_addr[18]; } ehdr_o; struct arphdr_opts @@ -153,8 +153,8 @@ struct arphdr_opts u_int8_t *r_eaddr; /* receiver ethernet address */ u_int16_t rand_r_eaddr; -u_int8_t shw_addr[17]; -u_int8_t rhw_addr[17]; +u_int8_t shw_addr[18]; +u_int8_t rhw_addr[18]; } ahdr_o; libnet_t *pkt_d; @@ -174,7 +174,7 @@ u_int16_t payload_len; u_int8_t *payload; u_int8_t hex_payload; u_int8_t *s_d_port; -u_int8_t hwaddr_p[17]; +u_int8_t hwaddr_p[18]; u_int8_t rawip; struct timeval bf_pcap; diff --git a/src/print_arp_hdr.c b/src/print_arp_hdr.c index 36c3fb8..24f52d2 100644 --- a/src/print_arp_hdr.c +++ b/src/print_arp_hdr.c @@ -39,11 +39,11 @@ print_arp_hdr(u_int8_t *packet) arp_hw_t = retrieve_arp_hw_type(htons(ahdr-ar_hrd)); fprintf(stdout, ARP header: Type: %s(%d)\n, arp_t, htons(ahdr-ar_op)); -fprintf(stdout, \t Hardware Format: %s Length: %d\n, +fprintf(stdout, Hardware Format: %s Length: %d\n, arp_hw_t, ahdr-ar_hln); -fprintf(stdout, \t Protocol Format: %d Length: %d\n, +fprintf(stdout, Protocol Format: %d Length: %d\n, ahdr-ar_pro, ahdr-ar_pln); diff --git a/src/print_injection.c b/src/print_injection.c index e019fca..a1d8cd8 100644 --- a/src/print_injection.c +++ b/src/print_injection.c @@ -179,11 +179,11 @@ print_injection_details() arp_t = retrieve_arp_type(ahdr_o.op_type); fprintf(stdout, ARP header: Type: %s(%d)\n, arp_t, ahdr_o.op_type); - fprintf(stdout, \t Sender: Protocol Address: %s Hardware Address: %s\n, + fprintf(stdout, Sender: Protocol Address: %s Hardware Address: %.17s\n, ahdr_o.s_paddr, ahdr_o.shw_addr); - fprintf(stdout, \t Target: Protocol Address: %s Hardware Address: %s\n, + fprintf(stdout, Target: Protocol Address: %s Hardware Address: %.17s\n, ahdr_o.r_paddr, ahdr_o.rhw_addr); -- 1.8.1 From 9517bdefdaf9be9b5905b2f11f0766d5a52a8630 Mon Sep 17 00:00:00 2001 From: Mats Erik Andersson g...@gisladisker.se Date: Thu, 27 Jun 2013 11:34:37 +0200 Subject: [PATCH 2/3] Allow contemporary autotools. --- configure.in| 2 +- src/Makefile.am | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 49edd02..5295a0b 100644 --- a/configure.in +++ b/configure.in @@ -25,7 +25,7 @@ dnl Copyright (c) 2002-2003 Darren Bounds dnl All rights reserved. AC_INIT(src/main.c) -AM_CONFIG_HEADER(config.h) +AC_CONFIG_HEADERS(config.h) PACKIT_VERSION=`cat VERSION` AC_MSG_RESULT(beginning auto-configuration process for packit-$PACKIT_VERSION...) AM_INIT_AUTOMAKE(packit, $PACKIT_VERSION) diff --git a/src/Makefile.am b/src/Makefile.am index 4ff931c..2af09a9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -61,7 +61,6 @@ packit_LDFLAGS= INCLUDES=@INCLUDES@ all: - #strip @BINS@ cp @BINS@ $(top_srcdir) clean: -- 1.8.1
Bug#652510: packit: Unable to inject correct RARP packages.
The initially submitted patch is unfortunately incomplete.
Here comes a more complete and hopefully more attractive
patch suggestion.
The patch is a git formatted text, built on top of #714256.
Please consider attending to both, as the present patch
version was instrumental in resolving #710403 for rarpd.
Regards,
Mats Erik Andersson, maintainer of rarpd, DM
From b1c6b5d4b1ca5da459fca5baebb97994cee9b15d Mon Sep 17 00:00:00 2001
From: Mats Erik Andersson g...@gisladisker.se
Date: Thu, 27 Jun 2013 11:36:00 +0200
Subject: [PATCH 3/3] Implement RARP packet support.
With limited modifications of existing
ARP code, it is possible to enhance the
source to produce and distinguish also
RARP packets.
---
man/packit.8.in | 15 ---
src/main.c | 17 +
src/print_arp_hdr.c | 7 ++-
src/print_capture.c | 6 --
src/print_injection.c| 10 +++---
src/shape_ethernet_hdr.c | 7 ---
src/shape_ethernet_hdr.h | 2 +-
src/shape_packet.c | 5 +++--
src/usage.c | 5 +++--
9 files changed, 53 insertions(+), 21 deletions(-)
diff --git a/man/packit.8.in b/man/packit.8.in
index 2f69b2f..f6d1b19 100644
--- a/man/packit.8.in
+++ b/man/packit.8.in
@@ -143,10 +143,11 @@ and general TCP/IP auditing.
Specify the type of packet to inject. Supported values are: \fBARP\fR,
.br
.ti +5
-\fBTCP\fR, \fBUDP\fR and \fBICMP\fR. This option defaults to \fBTCP\fR
+\fBRARP\fR, \fBTCP\fR, \fBUDP\fR and \fBICMP\fR.
+This option defaults to \fBTCP\fR in inject
.br
.ti +5
-in inject mode and ICMP in trace mode.
+mode and to \fBICMP\fR in trace mode.
.br
.SH PACKET INJECTION / TRACE GENERAL
@@ -683,13 +684,13 @@ Define the 32-bit transmit timestamp. This value is 0
by default.
.br
-.SH ARP HEADER OPTIONS
-This section documents the ARP header command-line options. In my opinion,
+.SH ARP AND RARP HEADER OPTIONS
+This section documents the ARP/RARP header command-line options. In my opinion,
these options have the ability to do the most damage with the least effort, especially
on large cable and DSL networks. Use with caution.
.br
-Packit only supports ARP protocol addresses in IPv4 format
+Packit only supports ARP/RARP protocol addresses in IPv4 format
\fB-A\fR \fIoperation type\fR
.br
@@ -701,13 +702,13 @@ are as follows:
.br
.ti +5
-- 1 : ARP Request
+- 1 : ARP Request (Default for ARP packages.)
.br
.ti +5
- 2 : ARP Reply
.br
.ti +5
-- 3 : Reverse ARP Request
+- 3 : Reverse ARP Request (Default for RARP packages.)
.br
.ti +5
- 4 : Reverse ARP Reply
diff --git a/src/main.c b/src/main.c
index 3cb3d5f..f7b6eea 100644
--- a/src/main.c
+++ b/src/main.c
@@ -158,6 +158,23 @@ parse_inject_options(int argc, char *argv[], u_int16_t iopt)
opts = A:b:c:e:E:i:p:Rs:S:vx:X:y:Y:;
}
else
+if(!strncasecmp(optarg, RARP, 4))
+{
+if(p_mode == M_TRACE)
+fatal_error(RARP is not supported with trace mode.);
+#ifdef DEBUG
+fprintf(stdout, DEBUG: RARP injection\n);
+#endif
+#ifdef MACOS
+fprintf(stderr, \nError: RARP injection is not yet supported on this OS platform.\n);
+exit(FAILURE);
+#endif
+injection_type = ETHERTYPE_REVARP;
+ahdr_o.op_type = ARPOP_REVREQUEST; /* Update init */
+init_type = 0;
+opts = A:b:c:e:E:i:p:Rs:S:vx:X:y:Y:;
+}
+else
if(!strncasecmp(optarg, RAWIP, 3))
{
if(p_mode == M_TRACE)
diff --git a/src/print_arp_hdr.c b/src/print_arp_hdr.c
index 24f52d2..85eeeb3 100644
--- a/src/print_arp_hdr.c
+++ b/src/print_arp_hdr.c
@@ -26,6 +26,7 @@ void
print_arp_hdr(u_int8_t *packet)
{
u_int8_t *arp_t, *arp_hw_t;
+u_int16_t frame_t;
struct libnet_arp_hdr *ahdr;
@@ -38,7 +39,11 @@ print_arp_hdr(u_int8_t *packet)
arp_t = retrieve_arp_type(htons(ahdr-ar_op));
arp_hw_t = retrieve_arp_hw_type(htons(ahdr-ar_hrd));
-fprintf(stdout, ARP header: Type: %s(%d)\n, arp_t, htons(ahdr-ar_op));
+frame_t = ntohs(*(u_int16_t *)(packet + hdr_len - sizeof(u_int16_t)));
+
+fprintf(stdout, %s header: Type: %s(%d)\n,
+(frame_t == ETHERTYPE_REVARP) ? RARP: ARP,
+arp_t, htons(ahdr-ar_op));
fprintf(stdout, Hardware Format: %s Length: %d\n,
arp_hw_t,
ahdr-ar_hln);
diff --git a/src/print_capture.c b/src/print_capture.c
index a59847b..a2d0d51 100644
--- a/src/print_capture.c
+++ b/src/print_capture.c
@@ -96,10 +96,12 @@ print_capture(struct pcap_pkthdr *pkthdr, u_int8_t *packet)
}
}
else
-if(ehdr-ether_type == htons(ETHERTYPE_ARP))
+if(ehdr-ether_type == htons(ETHERTYPE_ARP)
+ || ehdr-ether_type == htons(ETHERTYPE_REVARP
Bug#710403: rarpd: ARP mode is not working
package rarpd tags 710403 + fixed pending thanks This is a case of premature conclusions! Of course rarpd is not supposed to answer any ARP packaged request, once '-A' has been specified, but only ARPOP_RREQUEST packaged as packets of type ETHERTYPE_ARP. At closer examination, the required code is there, except for the server daemon actually polling the extra file descriptor set by '-A'. A fix has been prepared, and a new package is awaiting sponsorship. Regards, Mats Erik Andersson, maintainer of rarpd. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#713718: rgbpaint: FTBFS: ld: memory.o: undefined reference to symbol 'pow@@GLIBC_2.2.5'
package src:rgbpaint tags 713718 + fixed pending thanks The problem has already been identified by Daniel T Chen crim...@ubuntu.com. A fix is included in rgbpaint_0.8.7-4 which sits at mentors.debian.net awaiting sponsorship, as is so common within the Debian project. Regards, Mats Erik Andersson, maintainer of rgbpaint. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#710403: rarpd: ARP mode is not working
Package: rarpd Version: 0.981107-8 Severity: normal Let me for the record state that the code present in src:rarpd has never been able to respond to ARP requests, a capability which the command line switch '-A'indicates that the server would be able to do. There are multiple code pieces lacking for that ability. This report will stay open until the source package is amended with this questionable ability, or until I judge it better to remove the switch '-A', whichever happens first. Regards, Mats Erik Andersson, present maintainer of rarpd -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701417: rush: ftbfs with eglibc-2.17
package rush tags 701417 + fixed pending thanks A fixed package is waiting for upload. Regards, Mats Erik Andersson, DM and present maintainer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#709447: nettoe: Pending package of nettoe-1.4.2.
package nettoe version 1.3.2-1 tags pending thanks An updated package of nettoe-1.4.2 is pending. The nettoe-1.4.* series just needed some seasoning! Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#703186: bastille: Cannot detect Perl version.
Package: bastille
Version: 1:3.0.9-13
Severity: serious
Tags: patch
The script /usr/sbin/bastille is not able to compute
PERL_VERSION correctly, leaving the variable empty
on system with mixed testing-unstable. The implemented
commmand pipe chain is broken and amateurish!
A functional patch is herewith contibuted.
Regards,
Mats Erik Andersson, DM
--- /usr/sbin/bastille.orig 2010-09-19 16:17:26.0 +0200
+++ /usr/sbin/bastille 2013-03-16 15:02:33.989657752 +0100
@@ -150,10 +150,8 @@
# We check that the version is at least the minimum
PERL_VERSION=`${CURRENT_PERL_PATH}/perl -version |
-head -2 |# the second line contains the version
-tr\n | # split words into separate lines
-sed -e s/^v// |# to get rid of the v in v5.6.0
-grep ^[1-9]\. |# find a word that starts with number dot
+ # Extract version string only, on the second line!
+sed -n -e '2 s/.*(v\([1-9]\.[0-9]\{1,4\}\.[0-9]\{1,4\}\)).*/\1/p' |
sed -e s/_/./` # substitute _patchlevel with .patchlevel
# (used in 5.005_03 and prior)
Bug#701417: rush: ftbfs with eglibc-2.17
lördag den 23 februari 2013 klockan 11:35 skrev Matthias Klose detta: The package fails to build in a test rebuild on at least amd64 with eglibc-2.17, but succeeds to build with eglibc-2.13. The reason is that eglibc-2.17 has removed the macro `gets', but the gnulib template `gnu/stdio.in.h' is written under the assumption that C89 mandates the existence if said macro. On 2012-03-29 upstream GNU lib adapted to this change in eglibc. Thus any source using gnulib imported prior to that date is affected by this build failure, should the module stdio be in use. I obtained the same failure for rush on Arch Linux, where eglibc-2.17 and gcc-4.7.2 are in use. The conclusion is that eglibc and gnulib are to blame, not gcc. The work-around is to kill the statement /* gnu/stdio.in.h */ _GL_WARN_ON_USE (gets, gets is ); by making it into a comment. This was indirectly suggested in [1] by Eric Blake on the list bug-gnulib. Regards, Mats Erik Andersson, maintainer of GNU rush packaging. [1] http://lists.gnu.org/archive/html/bug-gnulib/2013-02/msg00126.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#342769: Support for group ID.
This has been implemented in upstream source, so will be available once a release 1.10 is made public. Regards, Mats Erik Andersson, member of GNU Inetutils -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#300281: telnet accepts invalid port numbers
This has now been mended in upstream's source tree. Observe that the reported behaviour is due to the implementation of getaddrinfo() in glibc. The library code will reduce values passed as its second argument modulo (USHRT_MAX + 1), i.e., modulo 65536. Regards, Mats Erik Andersson, on behalf of GNU Inetutils. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#691592: pam_syslog: Corrupts facility setting.
Package: src:pam Version: 1.1.1-6.1 Severity: normal According to pam_syslog(3), both of pam_syslog() and pam_vsyslog() are to accept a priority parameter composed from severity _and_ from facility. However, the source code contains /* libpam/pam_syslog.c, line 99 */ syslog (LOG_AUTHPRIV | priority, %s %s, ...); Including a facility in PRIORITY, differing from LOG_AUTHPRIV, will thus send two facility tags to syslog(), which in the implementation of libc6 is unpredictable at best since it applies neither alternatives correctly. A remedy would be to use an inline test: syslog ((priority ~LOG_PRIMASK) ? priority : LOG_AUTHPRIV|priority, ...); Another solution would be to rewrite the manual page! Regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#691008: pam_ftp: Broken handling of argument users=XXX,YYY.
Package: libpam-modules
Version: 1.1.3-7.1
Severity: normal
Tags: patch
The module pam_ftp.so seems to have been incapable of
correctly handling the use case
auth pam_ftp.so users=ftp,anonymous
since the beginning of this century. The effect has been
to reject more requests than intended, so there was never
a security issue involved.
The problem is that the module is incapable of rewriting
ftp or anonymous -- ftp
in the setting above. In addition, the documentation
misnames the option as ftp=XXX,YYY, where the source
code only accepts users=XXX,YYY. A patch is included.
Best regards,
Mats Erik Andersson, DM
Description: Incorrect handling of argument USERS.
The module pam_ftp.so implements a fully broken
helper function lookup(), when it is applied to
the module argument users=XXX,YYY,ZZZ.
.
Tke module fails to extract the correct replacing
user name, which the documentation states to be the
initial name in the list. Rewrite the manipulations.
.
The documentation erroneously names the optional argument
as ftp=XXX,YYY, Rename this oversight.
Author: Mats Erik Andersson deb...@gisladisker.se
Forwarded: no
Last-Update: 2012-10-20
--- pam-1.1.3/modules/pam_ftp/pam_ftp.c.orig 2009-03-27 11:46:11.0 +0100
+++ pam-1.1.3/modules/pam_ftp/pam_ftp.c 2012-10-20 02:30:07.0 +0200
@@ -78,18 +78,24 @@ static int lookup(const char *name, cons
*_user = name; /* this is the default */
if (list *list) {
const char *l;
- char *list_copy, *x;
+ char *list_copy, *x, *first = NULL;
char *sptr = NULL;
list_copy = x_strdup(list);
x = list_copy;
while (list_copy (l = strtok_r(x, ,, sptr))) {
- x = NULL;
+ if (x) {
+ first = x_strdup(l); /* Catch first name in list. */
+ x = NULL;
+ }
if (!strcmp(name, l)) {
- *_user = list;
+ *_user = first;
anon = 1;
+ break;
}
}
+ if (!anon)
+ free(first);
_pam_overwrite(list_copy);
_pam_drop(list_copy);
} else {
@@ -116,7 +122,7 @@ pam_sm_authenticate (pam_handle_t *pamh,
int argc, const char **argv)
{
int retval, anon=0, ctrl;
-const char *user;
+const char *user, *newuser = NULL;
const char *users = NULL;
/*
@@ -134,12 +140,12 @@ pam_sm_authenticate (pam_handle_t *pamh,
}
if (!(ctrl PAM_NO_ANON)) {
- anon = lookup(user, users, user);
+ anon = lookup(user, users, newuser);
}
if (anon) {
- retval = pam_set_item(pamh, PAM_USER, (const void *)user);
- if (retval != PAM_SUCCESS || user == NULL) {
+ retval = pam_set_item(pamh, PAM_USER, (const void *)newuser);
+ if (retval != PAM_SUCCESS || newuser == NULL) {
pam_syslog(pamh, LOG_ERR, user resetting failed);
return PAM_USER_UNKNOWN;
}
--- pam-1.1.3/modules/pam_ftp/pam_ftp.8.xml.orig 2009-06-01 09:03:20.0 +0200
+++ pam-1.1.3/modules/pam_ftp/pam_ftp.8.xml 2012-10-20 02:35:31.0 +0200
@@ -85,7 +85,7 @@
varlistentry
term
-optionftp=replaceableXXX,YYY,.../replaceable/option
+optionusers=replaceableXXX,YYY,.../replaceable/option
/term
listitem
para
--- pam-1.1.3/modules/pam_ftp/pam_ftp.8.orig 2010-10-27 15:37:04.0 +0200
+++ pam-1.1.3/modules/pam_ftp/pam_ftp.8 2012-10-20 02:35:06.0 +0200
@@ -205,7 +205,7 @@
Pay no attention to the email address of the user (if supplied)\.
.RE
.PP
-\fBftp=\fR\fB\fIXXX,YYY,\.\.\.\fR\fR
+\fBusers=\fR\fB\fIXXX,YYY,\.\.\.\fR\fR
.RS 4
Instead of
\fIftp\fR
--- pam-1.1.3/modules/pam_ftp/README.orig 2010-10-27 15:37:02.0 +0200
+++ pam-1.1.3/modules/pam_ftp/README 2012-10-20 02:33:30.0 +0200
@@ -25,7 +25,7 @@
Pay no attention to the email address of the user (if supplied).
-ftp=XXX,YYY,...
+users=XXX,YYY,...
Instead of ftp or anonymous, provide anonymous login to the comma separated
list of users: XXX,YYY, Should the applicant enter one of these
Bug#672473: downtimed: Not restarted after single mode transition.
package downtimed severity 672473 normal tags wontfix thanks The manual page init(8) provides the following information: On a Debian system, entering runlevel 1 causes all processes to be killed, except for kernel threads and the session active in executing the level changing script. As a consequence, it is not safe to return from runlevel 1 to a multi-user runlevel: daemons that were started in runlevel S, and are needed for normal operation, are no longer running. The system should be rebooted. This describes exactly the situation where I was hoping a recovery should be available. That hope now being explained as a naïve assumption, the present bug is tagged 'wont-fix'. Regards, M E Andersson, maintainer of this package. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#630494: Invisible pointer at start.
package windowlab tags 630494 + fixed pending thanks Explicitly declaring a default cursor using CWCursor resolves the issue in recent X11 releases. Letting the windows inherit focus from their parent seems to improve the outcome; at least it does no harm. Regards, M E Andersson, maintainer of this package. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#626004: tetzle: Irregular but frequent crashes
söndag den 22 juli 2012 klockan 11:23 skrev Bart Martens detta: Hi Mats, Can you confirm that you can no longer reproduce this bug with tetzle 1.2.1-1 and tetzle 2.0.1-1 ? I can confirm that tetzle_1.2.1-1, running on Squeeze, never was, and still is not crashing. On the other hand tetztle_2.0.1-1 on Wheezy/Testing is constantly consuming 85% to 99% load on a Pentium III, 800 MHz, so the game is not usable for me. At the time of filing the bug, a year ago, the version 1.2.1-? was indeed crashing on Wheeze/testing, which I believe was caused by the interplay with supporting libraries. My time is too limited to do test runs on stronger hardware. A game of this caliber should function also with machines from yesteryear. Regards, Mats E A, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#626004: tetzle: Irregular but frequent crashes
fredag den 27 juli 2012 klockan 18:49 skrev Bart Martens detta: On Fri, Jul 27, 2012 at 07:45:03PM +0200, Mats Erik Andersson wrote: At the time of filing the bug, a year ago, the version 1.2.1-? was indeed crashing on Wheeze/testing, which I believe was caused by the interplay with supporting libraries. I don't know what exactly interplay with supporting libraries means here. Do you see something changed to the libraries that fixed the crash ? Already when first observing the crashes, happening at image resizing and movement of the overview client, I believe that tetzle-1.2.1 handled some API in some dependency library with some carelessness, meaning that in the time span between release of Squeeze and the original bug report, the graphical libraries saw some updates that the old code in 1.2.1 was not up too. The present upgrade to tetzle-2.0.1 makes these observation almost irrelevant. The are sufficiently stored in the mail archive for now. Tracking down all updates between Summer 2011 and Summer 2012, of all the libraries referenced by tetzle-1.2.1, is to labour intensive to be worth the effort now. Best regards, Mats E A, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676126: netsed NMU
söndag den 8 juli 2012 klockan 16:46 skrev Sven Hoexter detta: tags 676126 patch thanks Hi Mats, I'm about to upload an NMU for #676126 (FTBFS due to some changes in Ruby 1.9). Go ahead! I have no 64-bit GNU/Linux system for testing this issue, nor am I proficient enough with Ruby. Reagards, Mats E A -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#679221: proftpd: Support for inetutils-inetd.
Package: src:proftpd-dfsg
Version: 1.3.4a-2
Severity: normal
Please consider the following modification to the init script
in order that also the superserver `inetutils-inetd' be supported.
Best regards,
Mats Erik Andersson, DM
From 1b0b8026e6f17c3ae70bc7d2fd5ce5748129f46f Mon Sep 17 00:00:00 2001
From: Mats Erik Andersson deb...@gisladisker.se
Date: Wed, 27 Jun 2012 11:16:44 +0200
Subject: [PATCH] Support inetutils-inetd.
---
debian/proftpd-basic.init | 10 ++
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/debian/proftpd-basic.init b/debian/proftpd-basic.init
index ab19b20..18851ee 100644
--- a/debian/proftpd-basic.init
+++ b/debian/proftpd-basic.init
@@ -46,9 +46,10 @@ test -f $DAEMON || exit 0
#
if ! egrep -qi ^[[:space:]]*ServerType.*standalone $CONFIG_FILE
then
- if egrep -qi server[[:space:]]*=[[:space:]]*/usr/sbin/proftpd /etc/xinetd.conf 2/dev/null || \
- egrep -qi server[[:space:]]*=[[:space:]]*/usr/sbin/proftpd /etc/xinetd.d/* 2/dev/null || \
- egrep -qi ^ftp.*/usr/sbin/proftpd /etc/inetd.conf 2/dev/null
+ if egrep -qi server[[:space:]]*=[[:space:]]*/usr/sbin/(in\.)?proftpd /etc/xinetd.conf 2/dev/null || \
+ egrep -qi server[[:space:]]*=[[:space:]]*/usr/sbin/(in\.)?proftpd /etc/xinetd.d/* 2/dev/null || \
+ egrep -qi ^ftp.*/usr/sbin/(in\.)?proftpd /etc/inetd.d/* 2/dev/null || \
+ egrep -qi ^ftp.*/usr/sbin/(in\.)?proftpd /etc/inetd.conf 2/dev/null
then
RUN=no
INETD=yes
@@ -70,7 +71,8 @@ fi
inetd_check()
{
- if [ ! -x /usr/sbin/inetd -a ! -x /usr/sbin/xinetd ]; then
+ if [ ! -x /usr/sbin/inetd -a ! -x /usr/sbin/xinetd -a \
+ ! -x /usr/sbin/inetutils-inetd ]; then
echo Neither inetd nor xinetd appears installed: check your configuration.
fi
}
--
1.7.2.5
Bug#677132: ftpd: Inaccurate PAM code.
Package: linux-ftpd
Version: 0.17-34
Severity: normal
Performing a round of code audit of the PAM code
found in the present source, I believe to have
located inaccurate and missing calls.
I am not in a possession of a refined enough use case
to verify that my suggestion is correctly reacting to
accurate accounting setups, but the new code works
as expected with respect to standard setups.
The suggested ordering between pam_setcred() and
pam_{open/close}_session() and WTMP actions is what
the standard manuals pledge for. The present code
does not follow these advices, so let us evaluate
my suggestions and then decide on appropriate measures.
Best regards,
Mats Erik Andersson, co-maintainer of linux-ftpd.
Description: PAM code corrections.
Some issues on ordering of the actions
related to PAM are corrected.
.
Credentials are established before opening
the new session, and the session is conversely
closed before credentials are revoked. This
assures proper resource accounting.
.
Similarly, all WTMP and Kerberos sign off
should be undertaken before the session
is closed, of accounting reasons again.
.
The seldom event that memory allocation fails,
must return the correct status PAM_BUF_ERR.
Author: Mats Erik Andersson deb...@gisladisker.se
Forwarded: no
Last-Update: 2012-06-08
diff -Naurp linux-ftpd-0.17.debian/ftpd/ftpd.c linux-ftpd-0.17/ftpd/ftpd.c
--- linux-ftpd-0.17.debian/ftpd/ftpd.c
+++ linux-ftpd-0.17/ftpd/ftpd.c
@@ -930,9 +930,6 @@ static void end_login(void)
if (logged_in) {
#ifdef USE_PAM
int error;
- error = pam_close_session(pamh, 0);
- pam_end(pamh, error);
- pamh = 0;
#endif
ftpdlogwtmp(ttyline, , , NULL);
if (doutmp)
@@ -941,6 +938,12 @@ static void end_login(void)
if (!notickets krbtkfile_env)
unlink(krbtkfile_env);
#endif
+#ifdef USE_PAM
+ error = pam_close_session(pamh, 0);
+ (void) pam_setcred(pamh, PAM_DELETE_CRED);
+ pam_end(pamh, error);
+ pamh = 0;
+#endif
}
pw = NULL;
logged_in = 0;
@@ -961,7 +964,7 @@ static int PAM_conv (int num_msg, const
#define GET_MEM \
if (!(repl = realloc(repl, size))) \
- return PAM_CONV_ERR; \
+ return PAM_BUF_ERR; \
size += sizeof(struct pam_response)
#define COPY_STRING(s) (s) ? strdup(s) : NULL
@@ -1055,10 +1058,10 @@ static int pam_doit(void)
/* Alright, we got it */
error = pam_acct_mgmt(pamh, 0);
if (error == PAM_SUCCESS)
- error = pam_open_session(pamh, 0);
- if (error == PAM_SUCCESS)
error = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (error == PAM_SUCCESS)
+ error = pam_open_session(pamh, 0);
+ if (error == PAM_SUCCESS)
error = pam_get_item(pamh, PAM_USER, vp);
if (error == PAM_SUCCESS) {
const char *user = vp;
Bug#644285: Re: Bug#644285: lsb-base: Disabled escape sequences
Do you intend to provide more info to this bug ? Without input, it will certainly not get fixed, either way. I am alive, but without access to my Debian developping machines. Twice I have written a response, but discarded the text. The problem here is that on one hand the dependency boot migration is playing russian roulette with booting messages, tossing them and tearing every coherence apartr. On the other hand the non-portability of built-in echo must be taken care of with /bin/echo. It would be meaningful to document the explicit and implicit means of formatting messages available today, but it also doubtful whether to announce such content which would by its very nature implicitly encourage authors to use such mechanisms, means of which you are rightfully skeptical. I am still pondering on this matter, though! Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#672473: downtimed: Not restarted after single mode transition.
Package: downtimed Version: 0.5-1 Severity: important This message is for documenting that on an i386 system that underwent a manual dependency boot rebasing, the chain of runlevel changes 2 -- S -- 2 will not restart downtimed as expected. This bug is to be left open until all sysvinit/update-rc.d and insserv are verified to restart downtimed in the above transition. Thank you for any help, Mats Erik Andersson, DM and maintainer of downtimed. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#671873: ftp with restart point 4GB fails on 32bit
onsdag den 9 maj 2012 klockan 09:37 skrev Martin Hicks detta: On Mon, May 7, 2012 at 4:41 PM, Mats Erik Andersson mats.anders...@gisladisker.se wrote: måndag den 7 maj 2012 klockan 14:46 skrev Martin Hicks detta: Package: ftp Version: 0.17-23 Using RESTart points 4GB followed by a STORe command fails because fseek() only takes long arguments instead of long long. Please try the following variation. I am at an OpenSolaris system, so I need your verification at the time of writing this reply. Hi Mats, This fixes it too: I still think my patch is more consistent with the approach used in the recv side restart_point at ftp.c:1103 Many thanks for your collaboration. I was interested in seeing fseeko() since it stays with a data stream, as the original did. Before committing any changes I will examine all other instances as well. Personally, I would have replaced the obsolete L_SET with SEEK_SET without a trace of hesitation. Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#671873: ftp with restart point 4GB fails on 32bit
måndag den 7 maj 2012 klockan 14:46 skrev Martin Hicks detta:
Package: ftp
Version: 0.17-23
Using RESTart points 4GB followed by a STORe command fails because
fseek() only takes long arguments instead of long long.
Please try the following variation. I am at an OpenSolaris system,
so I need your verification at the time of writing this reply.
Best regards,
Mats Erik Andersson, co-maintainer of netkit-ftp.
--- ftp/ftp.c.origt 2012-05-07 14:32:52.0 -0400
+++ ftp/ftp.c 2012-05-07 20:37:04.0 +0200
@@ -725,7 +725,7 @@
if (restart_point
(strcmp(cmd, STOR) == 0 || strcmp(cmd, APPE) == 0)) {
- if (fseek(fin, restart_point, 0) 0) {
+ if (fseeko(fin, restart_point, SEEK_SET) 0) {
fprintf(stderr, local: %s: %s\n, local,
strerror(errno));
restart_point = 0;
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#667902: RFS: downtimed/0.5-2
onsdag den 25 april 2012 klockan 11:45 skrev Arno Töll detta: Hi, is there still anything left to come from you? Yes, my time got consumed by other things. I need to investigate the effects update-rc.d has when it comes to activating runlevel switch into single mode and back on a running system. At the moment I am not convinced that insserv really is fully innocent in this matter, but that needs other verifications, not only on downtimed. A packaging 0.5-2 will not be ripe until I add some changes into the postinst script, and probably in the init script itself, but I must test this thoroughly first. Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669965: libpam-modules: typing errors in pam_rhosts.8.
Package: libpam-modules Version: 1:1.3-7 Severity: minor The page pam_rhosts(8) is in need of some typesetter's corrections and I propose the the following patch to the relevant Docbook source. Best regards, Mats Erik Andersson, DM --- pam-1.1.3/modules/pam_rhosts/pam_rhosts.8.xml.orig 2008-08-18 15:29:25.0 +0200 +++ pam-1.1.3/modules/pam_rhosts/pam_rhosts.8.xml 2012-04-22 04:35:10.0 +0200 @@ -28,11 +28,11 @@ para This module performs the standard network authentication for services, as used by traditional implementations of commandrlogin/command - and commandrsh/command etc. + and commandrsh/command et cetera. /para para The authentication mechanism of this module is based on the contents - of two files; filename/etc/hosts.equiv/filename (or + of two files: filename/etc/hosts.equiv/filename and filename~/.rhosts/filename. Firstly, hosts listed in the former file are treated as equivalent to the localhost. Secondly, entries in the user's own copy of the latter file is used to map @@ -44,9 +44,9 @@ /para para The module authenticates a remote user (internally specified by the - item parameterPAM_RUSER/parameter connecting from the remote - host (internally specified by the item commandPAM_RHOST/command). - Accordingly, for applications to be compatible this authentication + item parameterPAM_RUSER/parameter) connecting from the remote + host (internally specified by the item parameterPAM_RHOST/parameter). + Accordingly, for applications to be compatible with this authentication module they must set these items prior to calling functionpam_authenticate()/function. The module is not capable of independently probing the network connection for such information.
Bug#669651: login: failing to update utmp at console.
Package: login Version: 1:4.1.5-1 Severity: serious The recent update of 'login' is no longer able to make an entry in /var/run/utmp for any user logging in via a virtual terminal, i.e., text console, on my linux-i386 system. Downgrading to 1:4.1.4.2+svn3283-3 restores this vital element of system management. Please, take care to examine effects on WTMP and UTMP also for text consoles henceforth. I have repaired some terminal emulators myself, but login must never be misbehaving. Best regards, Mats Erik Andersson, DM -- Mats Erik Andersson, fil. dr mats.anders...@gisladisker.se 2459 41E9 C420 3F6D F68B 2E88 F768 4541 F25B 5D41 Abonnerar på: debian-mentors, debian-devel-games, debian-perl, debian-ipv6, debian-qa -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#667902: RFS: downtimed/0.5-2
Dear Arno,
söndag den 8 april 2012 klockan 14:59 skrev Arno Töll detta:
* You use dpkg-buildflags but you didn't declare a versioned
build-dependency against dpkg-dev which explicitly supports --export
*FLAGS (1.16.1 I think). My rule of thumb is to declare
build-dependencies against build-essential packages if you use features
not satisfied in stable. Otherwise you break backports and such without
notice.
You are correct in my omission of a build dependency in dpkg-dev (= 1.15.7),
but you are incorrect in the mechanisms invoked. I have used the explicit
make directive export in order to support stable/squeeze. I have not
used the switch --export from dpkg-buildflags. Thus version 1.15.7
is the correct level.
* Please document why you are overriding
init.d-script-possible-missing-stop. For the other Lintian tag you
override I can see your point, but I personally wouldn't bother since
you require $remote_fs in start anyway. If you want, that's fair enough.
* Not sure about your rationale to override dh_installinit either. The
whole point of LSB headers is to determine the dependencies out of them.
Both these are connected. Investigating this further, I observe incomplete
behaviour of update-rc.d caused by insserv. The serious problem is that
I am not able to reactivate the service after a sejour into runlevel 1.
A rebuilt package with
Default-Start: S 2 3 4 5
Default-Stop: 0 1 6
is never restarted after
# init 1
# exit
and in addition insserv is never admitting the new starting links
in /etc/rc{2,3,4,5}.d/S??downtimed. Ideas to resolve this? This
must be result in order to update the package properly, and to allow
downtimed to resume service after the administrator has temporarily
entered single-user mode. Had he gone into singel-user mode already
at boot time, then the mechanisms are already in place, but not from
within a running system. There is still an override needed to get S
as a runlevel for starting downtimed. I want to keep this in order
to have the service detect a booted system at the earliest possible
time.
Best regards,
Mats E A
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#667902: RFS: downtimed/0.5-2
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package downtimed Package name: downtimed Version : 0.5-2 Upstream Author : Janne Snabb opensou...@epipe.com URL : http://dist.epipe.com/downtimed/ License : 2-clause BSD, i.e., FreeBSD Section : admin It builds those binary packages: downtimed - monitor of downtime, shutdown, and crashes Information about this package is available at http://mentors.debian.net/package/downtimed Download of the package using dget: dget -x http://mentors.debian.net/debian/pool/main/d/downtimed/downtimed_0.5-2.dsc Changes since the last upload: * Corrections for GNU/Hurd * Use build flags, and hence build hardened. Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#667903: RFS: rarpd/0.981107-8 [ITA] -- reverse address resolver
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package rarpd Package name: rarpd Version : 0.981107-8 Upstream Author : Alexey Kutznetsov, Jakub Jelinek URL : (extinct) License : GPL-2 Section : net It builds this binary package: rarpd - Reverse Address Resolution Protocol daemon Package information available at http://mentors.debian.net/package/rarpd Package download using dget: dget -x http://mentors.debian.net/debian/pool/main/r/rarpd/rarpd_0.981107-8.dsc Changes since last upload: #627907: rarpd writes tons of 'recvfrom: Socket operation on non-socket' to syslog. #630612: package description #520268: ITA: rarpd Best regards, Mats Erik Andersson, DM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
