Bug#1004449: rfcomm busyloops taking 35% CPU due to needlessly low busy loop timeout
Package: bluez Version: all tools/rfcomm.c has a ppoll() with 200ns timeout. It just appears to be there to detect when the program should end, and takes about 35% CPU on a raspberry pi 4. If I change it to 10'000'000 (10ms) it seems to not have any functional impact aside from making the CPU problems go away. E.g. running: sudo tools/rfcomm watch hci0 1 getty rfcomm0 115200 vt100 doesn't take any CPU initially, but if one connects to the port it busyloops. It works, but it busyloops. The fix is simple. Change line 260 of tools/rfcomm.c to read: ts.tv_nsec = 1000;
Bug#980595: libcheck made a breaking change
libcheck made a breaking change.
Patch for arping to make it build:
https://github.com/ThomasHabets/arping/commit/e0773bc26ae14d4a19825023307d1496d7c7d0f1
I aim to release 2.22 tomorrow with this change.
But there are no changes between 2.21 and 2.22, so you can just patch in
the commit, if you prefer.
I see the tag is set to "serious". To be clear this is a failure of the
TEST to compile only. I agree that this should be seen as serious, but it's
just the test.
Tracking bug on arping (upstream) side:
https://github.com/ThomasHabets/arping/issues/39
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "tho...@habets.se " };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
Bug#955477: NetworkManager removes manually added addresses from interfaces
Package: network-manager Version: 1.14.6-2+deb10u1 NetworkManager removes manually added addresses from interfaces. E.g. if I attach a USB ethernet dongle and run "ip a a 192.0.2.1/24 dev eth0", some time later (it varies. A minuteā¦ sometimes an hour) the NetworkManager deletes that address, aborting my huge file transfer mid way. I have verified with netlink that it's indeed the NetworkManager process that removes the address.
Bug#941412: cpio -o -H tar allows anyone who can create files in tree to inject any tar content they want
Package: cpio This command looks safe, and is a reasonable "backup" command: find /home -type f | cpio -H tar -o > /var/backups/backup.tar But if /home/evil/foo.data is maliciously set up (size is >8GiB) then the tar file can be made to have arbitrary content, so a restore could overwrite /etc/passwd or anything else under the restore tree, using any permissions. A world writable /dev/sda would also be bad, as would many other fun variants. Like user controlling /home/evil can inject /home/friendly/.bashrc content too. Patch at https://cement.retrofitta.se/tmp/cpio-tar.patch Patch commit message: Check for size overflow in tar header fields. This prevents surprising outputs being created, e.g. this cpio tar output with more than one file: tar cf suffix.tar AUTHORS dd if=/dev/zero seek=16G bs=1 count=0 of=suffix.tar echo suffix.tar | cpio -H tar -o | tar tvf - -rw-r--r-- 1000/1000 0 2019-08-30 16:40 suffix.tar -rw-r--r-- thomas/thomas 161 2019-08-30 16:40 AUTHORS
Bug#687288: Working as intended
This bug should probably be closed. The default cpio format doesn't support
>2GiB files. Some other formats only support 4GiB, and the file in this
report is >4GiB.
See:
https://en.wikipedia.org/wiki/Cpio#POSIX_standardization
https://www.systutorials.com/docs/linux/man/1-cpio/
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "tho...@habets.se " };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
Bug#863707: Bug fixed in openssl?
https://github.com/openssl/openssl/issues/3615 says this has been
fixed in
https://github.com/openssl/openssl/commit/7dca72af91936d246700b78e06def16561a36028
and was an OpenSSL bug.
So should this issue be closed?
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "tho...@habets.se" };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
Bug#828579: This patch should fix it
Note that with this patch it builds with OpenSSL 1.1, but not 1.0. It
would not be hard to make it work with both, though, similar to
https://github.com/ThomasHabets/simple-tpm-pk11/commit/354f0cf3a193dbe8b1151059a08b0598531b645c
(I hope Debian bugs accept attachments)
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "tho...@habets.se" };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
From 6ec8e342f1aaaea0de8fe9aa349277e9f9abc2b9 Mon Sep 17 00:00:00 2001
From: Thomas Habets
Date: Tue, 1 Nov 2016 10:31:54 +
Subject: [PATCH 1/1] Add OpenSSL 1.1 support
---
src/tcs/crypto/openssl/crypto.c | 11 +++
src/trspi/crypto/openssl/hash.c | 17 +--
src/trspi/crypto/openssl/rsa.c | 41 +++---
src/trspi/crypto/openssl/symmetric.c | 56 +++-
4 files changed, 70 insertions(+), 55 deletions(-)
diff --git a/src/tcs/crypto/openssl/crypto.c b/src/tcs/crypto/openssl/crypto.c
index c02db27..b354f6f 100644
--- a/src/tcs/crypto/openssl/crypto.c
+++ b/src/tcs/crypto/openssl/crypto.c
@@ -31,13 +31,13 @@
TSS_RESULT
Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
{
- EVP_MD_CTX md_ctx;
+EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
unsigned int result_size;
int rv;
switch (HashType) {
case TSS_HASH_SHA1:
- rv = EVP_DigestInit(&md_ctx, EVP_sha1());
+ rv = EVP_DigestInit(md_ctx, EVP_sha1());
break;
default:
rv = TCSERR(TSS_E_BAD_PARAMETER);
@@ -50,19 +50,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
goto out;
}
- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
if (rv != EVP_SUCCESS) {
rv = TCSERR(TSS_E_INTERNAL_ERROR);
goto out;
}
- result_size = EVP_MD_CTX_size(&md_ctx);
- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
+ result_size = EVP_MD_CTX_size(md_ctx);
+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
if (rv != EVP_SUCCESS) {
rv = TCSERR(TSS_E_INTERNAL_ERROR);
} else
rv = TSS_SUCCESS;
out:
+EVP_MD_CTX_free(md_ctx);
return rv;
}
diff --git a/src/trspi/crypto/openssl/hash.c b/src/trspi/crypto/openssl/hash.c
index f6cf3dc..cdb2c11 100644
--- a/src/trspi/crypto/openssl/hash.c
+++ b/src/trspi/crypto/openssl/hash.c
@@ -56,13 +56,13 @@ int MGF1(unsigned char *, long, const unsigned char *, long);
TSS_RESULT
Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
{
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
unsigned int result_size;
int rv;
switch (HashType) {
case TSS_HASH_SHA1:
- rv = EVP_DigestInit(&md_ctx, EVP_sha1());
+ rv = EVP_DigestInit(md_ctx, EVP_sha1());
break;
default:
rv = TSPERR(TSS_E_BAD_PARAMETER);
@@ -75,14 +75,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
goto err;
}
- rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
+ rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
if (rv != EVP_SUCCESS) {
rv = TSPERR(TSS_E_INTERNAL_ERROR);
goto err;
}
- result_size = EVP_MD_CTX_size(&md_ctx);
- rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
+ result_size = EVP_MD_CTX_size(md_ctx);
+ rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
if (rv != EVP_SUCCESS) {
rv = TSPERR(TSS_E_INTERNAL_ERROR);
goto err;
@@ -94,6 +94,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
err:
DEBUG_print_openssl_errors();
out:
+EVP_MD_CTX_free(md_ctx);
return rv;
}
@@ -112,7 +113,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType)
break;
}
- if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
+ if ((ctx->ctx = EVP_MD_CTX_new()) == NULL)
return TSPERR(TSS_E_OUTOFMEMORY);
rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
@@ -142,7 +143,7 @@ Trspi_HashUpdate(Trspi_HashCtx *ctx, UINT32 size, BYTE *data)
rv = EVP_DigestUpdate(ctx->ctx, data, size);
if (rv != EVP_SUCCESS) {
DEBUG_print_openssl_errors();
- free(ctx->ctx);
+ EVP_MD_CTX_free(ctx->ctx);
ctx->ctx = NULL;
return TSPERR(TSS_E_INTERNAL_ERROR);
}
@@ -164,7 +165,7 @@ Trspi_HashFinal(Trspi_HashCtx *ctx, BYTE *digest)
if (rv != EVP_SUCCESS)
return TSPERR(TSS_E_INTERNAL_ERROR);
- free(ctx->ctx);
+ EVP_MD_CTX_free(ctx->ctx);
ctx->ctx = NULL;
return TSS_SUCCESS;
diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c
index 0bd1e89..78f99ed 100644
--- a/src/trspi/crypto/openssl/rsa.c
+++ b/src/trspi/crypto/openssl/rsa.c
@@ -67,12 +67,15 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
goto err;
}
- /* set the public key val
Bug#828544: Fixed in upstream in 0.05
Fixed in upstream in 0.05.
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "tho...@habets.se" };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
Bug#833960: Could you provide more details?
Could you provide a config (without secrets) that triggers this? Not being
too familiar with setting up IPsec it would save me a lot of time if you
could provide the steps needed to reproduce the problem.
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "tho...@habets.se " };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
Bug#820697: [Pkg-utopia-maintainers] Bug#820697: network-manager should support both 'arping' implementations
On 11 April 2016 at 17:45, Michael Biebl wrote: > > Which is why I'm suggesting that network-manager should be able to aware > > enough to work with either. > I don't think we want that. If arping and iputils-arping want to be > interchangable arping implementations, they should find a common interface. > These are both 16+ year old implementations, so I think the best to hope for is that a common interface subset can be used by network-manager. Or if there is a missing (common) feature or flag that can be implemented without breaking existing behaviour. I grepped the source but did not find the actual command invocation.
Bug#820697: [Pkg-utopia-maintainers] Bug#820697: network-manager should support both 'arping' implementations
On 11 April 2016 at 17:16, Michael Biebl wrote: > iputils-arping is the version supported by NM upstream. > Portability is no issue, since NM is Linux-only. > To clarify what I meant: network-manager is preventing `arping` from being installed, which means it's preventing people writing portable scripts. > Afair, there were issues with arping and iputils-arping not being fully > command line compatible, so we couldn't use arping. > Which is why I'm suggesting that network-manager should be able to aware enough to work with either.
Bug#521011: arping to hostname sometimes fails (fixed in upstream)
Package: arping Version: 2.07~pre1-2 All versions prior to 2.07 (and this includes 2.07pre1) that have a bug with address resolving. This bug causes arpings to a hostname to sometimes fail silently while arpinging the IP address works fine. I am the upstream author and this has been fixed for a long time. The code change from 2.07pre1 and 2.07 is pretty much just this, and the only change from 2.07 to 2.08 for code that is compiled for Linux is the version number, so I recommend (and ask) that lenny gets arping 2.08 because I periodically get bug reports about this. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#387205: xdm password length limit
Package: xdm
Version: 4.3.0.dfsg.1-1
Severity: important
xdm has a password length limit of 32, as seen in
xc/programs/xdm/greeter/Login.h
Note that I'm not sure about the version, since I run some backports stuff,
but the source was from sarge, not backports.
And don't say "nobody needs passwords that long", because that's wrong for
several reasons.
-
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "[EMAIL PROTECTED]" };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#330147: RTF FAQ
Q: I can't ping any/some MAC address on my LAN. A: Arping when pinging a MAC relies on the host to answer a broadcast ping (icmp echo request) properly (IIRC: not the windows way). If you want a host to pop up on MAC ping, you have to config it to respond to broadcast pings. (for linux, make sure /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts is 0) A: -T allows you to restrict the arping to a limited subnet, which may or may not work for you. For example if the box 00:01:02:03:04:05 is on 192.168.0.0/24 then the broadcast probably is 192.168.0.255, so try: # arping -T 192.168.0.255 00:01:02:03:04:05 Close this bug? pgppzKBK0e1Zf.pgp Description: PGP signature
Bug#210992: fixed in 2.05?
I'm unable to reproduce it with 2.05: sudo ./arping -q -c 1 -T $a.$b.$c.$d $TARGET_MAC arping: Can't resolve ..., or ... is broadcast. If it is, use -B instead of -T Obviously without the env stuff set this is the same as "arping -q -c 1 -T ...", and only "arping -T ..." is needed to segv 2.01. Since the parameter to -T is sent verbatim to libnet, the segv itself looks like it's in there. It looks like I didn't init libnet in 2.01 (mea culpa), however this is fixed in 2.05 (or possibly sooner. It's been a while), and I can't reproduce it with 2.05. Are you SURE it's still in 2.05? / Thomas Habets - the author of arping pgp8iKSt7V6WN.pgp Description: PGP signature
Bug#241673: Still fixed in upstream
Just generate a new deb from upstream and all will be well.
-
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "[EMAIL PROTECTED]" };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
pgpIIZb6KG2dq.pgp
Description: PGP signature
Bug#291228: Duplicate of bug 241673
Duplicate of bug 241673, and fixed in upstream version of arping some time
ago.
-
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "[EMAIL PROTECTED]" };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
pgpaIK21D2VZO.pgp
Description: PGP signature
Bug#292564: Fixed in arping 2.05
Fixed in the just-released arping 2.05.
-
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "[EMAIL PROTECTED]" };
char kernel[]= { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
pgpTEmvQrD4eC.pgp
Description: PGP signature
