Re: happy hacking welcome to tim rühsen
> Sorry, lost the ball on this -- stuff. > > I've pushed the entries for the ChangeLog, I suggest that Mats-Erik > amends them accordingly if he feels they could be improved. > > Which patch went with which CVE? Thanks, It applies to you too :-) IMO, the fixed bugs were so obvious for years (gcc even warns about them when building), that I wouldn't care about s CVEs. Some downstream managers might want to have a CVE as it helps their organization - and they are free to do so. Ah, I was under the imperssion that one or several of your patches fixed some known CVEs. I agree that getting an assigned CVE for any of the fixes is way too much work.
Re: happy hacking welcome to tim rühsen
On 04.04.20 23:14, Alfred M. Szmidt wrote: > Sorry, lost the ball on this -- stuff. > > I've pushed the entries for the ChangeLog, I suggest that Mats-Erik > amends them accordingly if he feels they could be improved. > > Which patch went with which CVE? Thanks, my question in a prior email was this: "Regarding mentioning a "CVE tag": Who is going to retrieve a CVE number ? Or has it been done already ?" IMO, the fixed bugs were so obvious for years (gcc even warns about them when building), that I wouldn't care about s CVEs. Some downstream managers might want to have a CVE as it helps their organization - and they are free to do so. Regards, Tim signature.asc Description: OpenPGP digital signature
Re: happy hacking welcome to tim rühsen
Sorry, lost the ball on this -- stuff. I've pushed the entries for the ChangeLog, I suggest that Mats-Erik amends them accordingly if he feels they could be improved. Which patch went with which CVE?
Re: happy hacking welcome to tim rühsen
Ping on this?
Re: happy hacking welcome to tim rühsen
I re-formatted it and slightly edited it. Mats, could you throw an eye too? 2020-02-29 Tim Rühsen uucpd: Fix buffer overflows. This fixes several missing string termination issues with strncpy. Also 'remotehost' with size NI_MAXHOST was strcpy'ed into 'line' which just had 32 bytes on the stack. * src/uucpd.c (dologout): Increase 'line' array in size. Use exisiting macro SCPYN instead of strncpy. 2020-02-29 Tim Rühsen uucpd: Fix heap buffer overflow. Usernames >= 56 bytes would overflow the char arrays Username and Logname. This change mitigates this, but still silently truncates these arrays. Silent truncation should be checked throughout the code possibly within a more comprehensive code review. * src/uucpd.c: Increase Username and Logname to 72 bytes. (doit): Use snprintf instead of sprintf. 2020-02-29 Tim Rühsen telnet: Use strdup instead malloc+strcpy. * telnet/commands.c (tn): Use strdup instead malloc+strcpy. 2020-02-29 Tim Rühsen telnet: Fix -Wsign-compare in suboption. * telnet/telnet.c (suboption): Explicit cast to int to silence -Wsign-compare. 2020-02-29 Tim Rühsen telnetd: Silence -Wimplicit-fallthrough. * telnetd/state.c (willoption): Use /* FALLTHROUGH */ to indicate fallthrough. 2020-02-29 Tim Rühsen telnetd: Silence unused warning for getterminaltype. * telnetd/utility.c (getterminaltype): Silence warning. 2020-02-29 Tim Rühsen ftp: Silence -Wimplicit-fallthrough warning. * ftp/domacro.c (domacro): Use /* FALLTHROUGH */ to indicate fallthrough. 2020-02-29 Tim Rühsen ftp: Silence -Wimplicit-fallthrough. * ftp/cmds.c (domap): Use /* FALLTHROUGH */ to indicate fallthrough. 2020-02-29 Tim Rühsen ftp: Fix multipliers for M(ega) and G(iga). This is *not* a fix as the git comment accidentally states. It is to silence -Wimplicit-fallthrough and to avoid multiple multiplications in case of a non-optimized build. The 'hashbytes' type needs to be reviewed later as g/G only allows digits 1 and 2 without integer overflow, which is undefined behavior. * ftp/cmds.c (sethash): Remove cascaded multiplications. 2020-02-29 Tim Rühsen ftp: Fix return value of remglob. * ftp/cmds.c (remglob): Turn around NULL check. 2020-02-29 Tim Rühsen ftp: Fix strncpy misuse (leading to buffer overflow). * ftp/ftp.c (hookup): Terminate string after strncpy. 2020-02-29 Tim Rühsen ftp: Fix 2x misuse of strncpy (read buffer overflow). * ftp/ftp.c (pswitch): Correctly set the terminating 0. 2020-02-29 Tim Rühsen talk: Fix uninitialized variable 'nready'. * talk/ctl_transact.c (ctl_transact): Initialize nready to 0. 2020-02-29 Tim Rühsen whois: Silence -Wimplicit-fallthrough. * whois/whois.c (main): Use /* FALLTHROUGH */ to indicate fallthrough. 2020-02-29 Tim Rühsen ping, ping6: Silence -Wimplicit-fallthrough. The comment /* FALLTHROUGH */ is well-known by several C/C++ compilers to indicate an explicit fallthrough. An alternative is the gcc attribute 'fallthrough' which is less compatible and thus not chosen here. * ping/ping.c (parse_opt): Use /* FALLTHROUGH */ to indicate fallthrough. * ping/ping6.c (parse_opt): Likewise. 2020-02-17 Tim Rühsen ping6: Fix memleak in ping_set_dest. * ping/ping6.c (ping_set_dest): Add 'const' to param 'host'. Rerrange code to avoid memory leak. * ping/ping6.h (ping_set_dest): Add 'const' to param 'host'. 2020-02-17 Tim Rühsen ping: Fix memleak in ping_set_dest. * ping/libping.c (ping_set_dest): Add 'const' to param 'host'. Rerrange code to avoid memory leak. * ping/ping.h (ping_set_dest): Add 'const' to param 'host'. 2020-02-16 Tim Rühsen libls: Remove unused variable kflag. * libls/ls.c (ls_main): Remove unused variable 'kflag'. 2020-02-16 Tim Rühsen ftpd: Fix multiple definition of 'errcatch' (gcc 10). * ftpd/extern.h: Remove 'extern' from 'errcatch'. 2020-02-16 Tim Rühsen telnetd: Fix multiple definition of 'not42' (gcc 10). * telnetd/utility.c: Remove 'extern' from 'not42'. 2020-02-16 Tim Rühsen * src/rcp.c (tolocal): Remove unused variable 'len'. 2020-02-16 Tim Rühsen telnet: Fix silent truncation (off-by-one check) If the DISPLAY variable had exactly 44 bytes, the SE byte (end sub negotiation) was silently truncated. * telnet/telnet.c (suboption): Use >= instead of >.
Re: happy hacking welcome to tim rühsen
@Mats My emails are bounced from your side with the following comment. Just want to let you know, no need to answer if this is on purpose (e.g. due to Spam policies). Regards, Tim This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: mats.anders...@gisladisker.se: SMTP error from remote server for RCPT TO command, host: mail.gisladisker.se (83.233.229.139) reason: 554 5.7.1 : Sender address rejected: You are refusing my server, so I ignore your server! ... signature.asc Description: OpenPGP digital signature
Re: happy hacking welcome to tim rühsen
The best course for a simple mistake is to correct it, so I suggest you draft a ChangeLog entry for the changes you did (one seperate for each commit), and post it here -- I think easiest is one single message with all the entries. (and that is punishment enough :-)
Re: happy hacking welcome to tim rühsen
On 01.03.20 10:53, Alfred M. Szmidt wrote: > Simple mistakes don't require extreme measures, which seems to be > prevaliant in the world today. We could equally blame it on the fact > that it wasn't communicated from me, or that it isn't written down > somewhere where it is viewable, etc etc. > > The best course for a simple mistake is to correct it, so I suggest > you draft a ChangeLog entry for the changes you did (one seperate for > each commit), and post it here -- I think easiest is one single > message with all the entries. Sorry I didn't mention it - of course I will create that ChangeLog entries. It's the least I can do now. > Then we can then enjoy some old fashioned nit-picking of forgotten > spaces after end-of-sentence periods. What about a git hook to reject any missing malformed ChangeLog entries ? Regards, Tim signature.asc Description: OpenPGP digital signature
Re: happy hacking welcome to tim rühsen
Simple mistakes don't require extreme measures, which seems to be prevaliant in the world today. We could equally blame it on the fact that it wasn't communicated from me, or that it isn't written down somewhere where it is viewable, etc etc. The best course for a simple mistake is to correct it, so I suggest you draft a ChangeLog entry for the changes you did (one seperate for each commit), and post it here -- I think easiest is one single message with all the entries. Then we can then enjoy some old fashioned nit-picking of forgotten spaces after end-of-sentence periods.
Re: happy hacking welcome to tim rühsen
On 01.03.20 09:19, Alfred M. Szmidt wrote: >I request that Tim Rühsen be suspended as a committer until >he learns to write every change into the Changelog file in >the same commit. He clearly needs to undergo a time of >supervision. > > Lets not go to extremes, and try to learn frm each other instead. > > Tim, can you please ammend the ChangeLog so that it contains the right > entries for your changes? We can't do much about the commit logs > since git reasons. Oh man - I am extremely sorry for that :-( Each GNU project I work on abandoned manually changes to the ChangeLog file. That's why the git commit messages aren't GNU style... I should have thought about that. Since Mats is extremely pissed - which I can fully understand - I suggest reverting all my commits and - as he suggests - remove me as committer. I believe that would possibly restore mental health on my side. Please forgive me bringing all this hassle. With Best Regards, Tim signature.asc Description: OpenPGP digital signature
Re: happy hacking welcome to tim rühsen
I request that Tim Rühsen be suspended as a committer until he learns to write every change into the Changelog file in the same commit. He clearly needs to undergo a time of supervision. Lets not go to extremes, and try to learn frm each other instead. Tim, can you please ammend the ChangeLog so that it contains the right entries for your changes? We can't do much about the commit logs since git reasons.
