Bug#1062930: openssh-client: ssh fails with "Connection corrupted" error when connecting to Oracle Linux systems

2024-02-06 Thread Mike Quin 
Some discussion of this on Oracle’s GitHub:
https://github.com/oracle/oracle-linux/issues/125

They’ve acknowledged a problem on their customer support forums and the faulty 
openssl-server package has been withdrawn from their repositories.

There may be nothing for Debian to do on this one.

Mike Quin





signature.asc
Description: Message signed with OpenPGP

Bug#1062930: openssh-client: ssh fails with "Connection corrupted" error when connecting to Oracle Linux systems

2024-02-03 Thread Mike Quin 
Package: openssh-client
Version: 1:9.2p1-2+deb12u2
Severity: normal
X-Debbugs-Cc: t...@security.debian.org

Dear Maintainer,

Following the upgrade of the openssh-client and related packages to 
1:9.2p1-2+deb12u2, ssh connections to Oracle Linux 8.9 systems running
their openssh server package 8.0p1-19.el8_9.2 have started to fail with:

Bad packet length 2605177462.
ssh_dispatch_run_fatal: Connection to REDACTED port 22: Connection corrupted

The number after "Bad packet length" changes with each connection attempt.

With the u1 version of openssh-client it was possible to connect to these 
systems.

Specifying that the aes256-...@openssh.com cipher be used rather than the 
chacha20-poly1...@openssh.com works around the problem.

On the Oracle side, the openssh server package has recent changes related to
a couple of CVEs that may be relevant:

- Forbid shell metasymbols in username/hostname
  Resolves: CVE-2023-51385
- Fix Terrapin attack
  Resolves: CVE-2023-48795


-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-client depends on:
ii  adduser   3.134
ii  libc6 2.36-9+deb12u4
ii  libedit2  3.1-20221030-2
ii  libfido2-11.12.0-2+b1
ii  libgssapi-krb5-2  1.20.1-2+deb12u1
ii  libselinux1   3.4-1+b6
ii  libssl3   3.0.11-1~deb12u2
ii  passwd1:4.13+dfsg1-1+b1
ii  zlib1g1:1.2.13.dfsg-1

Versions of packages openssh-client recommends:
ii  xauth  1:1.1.2-1

Versions of packages openssh-client suggests:
pn  keychain  
pn  libpam-ssh
pn  monkeysphere  
pn  ssh-askpass   

-- no debconf information

Bug#1032223: fbb: Segmentation fault when listing subdirectories using FBBDOS

2023-03-02 Thread Mike Quin 
Revised 05-fix-compile-warnings patch attached.

—
Mike Quin


05-fix-compile-warnings
Description: Binary data


signature.asc
Description: Message signed with OpenPGP

Bug#1032223: fbb: Segmentation fault when listing subdirectories using FBBDOS

2023-03-02 Thread Mike Quin 
I’ve now dug into this a little further.

On closer inspection, it appeared that the ‘st’ structure in ibm.c:format_ffblk 
wasn’t being populated with data at all.

This turned out to be due to debian/patches/05-fix-compile-warnings which, 
amongst other changes, removes line 208 " ret = lstat (filename, );” from 
ibm.c.

Reversing that patch allows a working package to be built without overriding 
CFLAGS, and the DIR command works as expected returning correct file sizes and 
modification time stamps.

—
Mike Quin


signature.asc
Description: Message signed with OpenPGP

Bug#1032223: fbb: Segmentation fault when listing subdirectories using FBBDOS

2023-03-01 Thread Mike Quin 
Package: fbb
Version: 7.011-1
Severity: normal
X-Debbugs-Cc: m...@elite.uk.com

Dear Maintainer,

I've run into a crash bug when using the FBBDOS feature of fbb.

Using the 'DIR' command to list files works in FBBDOS's root directory.
If any non-empty subdirectory is entered with the 'CD' command, as subsequent
'DIR' will crash fbb.

Additionally, where 'DIR' does work, the file sizes and date stamps are wrong.

---
01-Mar-23 22:52  FBBDOS V7.0.11

Format :
(1)= (1 connected station)
[543/0kb] = [downloaded 543kb until now/max allowed 0kb] in this period
C:\>   = drive and path (like in MSDOS)

(1) [543/0kb] C:\>dir
   8 11-10-59 changelog.Debian
 524158 M 11-02-20 yapp
25734537216 bytes free.

(1) [543/0kb] C:\>cd yapp

(1) [543/0kb] C:\yapp>dir
---

Running xfbbd in gdb produced the following:

---
Program received signal SIGSEGV, Segmentation fault.
0x0058e9d4 in format_ffblk (blk=blk@entry=0x6be050, 
dir=dir@entry=0x747de8) at ./src/ibm.c:232
232 year = tm->tm_year %100;

(gdb) backtrace -full 1
#0  0x0058e9d4 in format_ffblk (blk=blk@entry=0x6be050, 
dir=dir@entry=0x747de8) at ./src/ibm.c:232
year = 
st = {st_dev = 366505350216, st_ino = 366504693376, st_mode = 
4294963176, st_nlink = 127, st_uid = 4294963179, st_gid = 127, st_rdev = 
549755810520, __pad1 = 549755810476, st_size = 8, st_blksize = -48, __pad2 = 
-128, st_blocks = 366504644080, st_atim = {tv_sec = 363676312022575, 
tv_nsec = 7090406762945589045}, st_mtim = {tv_sec = 7023696974707647586, 
tv_nsec = -1098803875728}, st_ctim = {tv_sec = 549683298305, tv_nsec = 
366504662168}, __glibc_reserved = {1432442871, 85}}
tm = 0x0
base = 
"\222TaUU\000\000\000\222TaUU\000\000\000\222TaUU\000\000\000\222TaUU\000\000\000\367WaUU\000\000\000\260\353\377\377\177\000\000\000l\360\334\367\177\000\000\000\000\000\356\367\177\000\000\000`\307\376\367\177\000\000\000\060\200\000\000\000\000\000\000X\000\000\000\000\000\000\000\000`\356\367\177\000\000\000\270\307\376\367\177\000\000\000\330\362\377\377\177\000\000\000\254\362\377\377\177\000\000\000\b\000\000\000\000\000\000",
 
ext = "\222TaU"
filename = 
"/var/ax25/fbb/fbbdos//yapp/test\000\360\353\377\377\177\000\000\000\064D\337\367\177\000\000\000\n\000\000\000\000\000\000\000\000\200\000\000\000\000\000\000X\340kUU\000\000\000\070\360\377\377\177\000\000\000\350\357\377\377\177\000\000\000\353\357\377\377\177\000\000\000\240\354\377\377\177\000\000\000P\353XUU\000\000\000\200\250aUU\000\000\000P\340kUU\000\000\000\060\354\377\377\177\000\000\000\002\263\000\000\000\000\000\000\034\016\002\000\000\000\000\000\355A\000\000\002\000\000\000\353\003\000\000\353\003",
 '\000' , 
"\020\000\000\000\000\000\000\240\354\377\377\177\000\000\000"...
---

I was able to produce an xfbbd binary that could perform the above operaiton 
without crashing by using 
DEB_CFLAGS_SET=-D_GNU_SOURCE , but I don't know if that will have wider 
consequences. The file sizes 
and dates returned by 'DIR' are still wrong but, oddly, different.

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf

Kernel: Linux 6.1.13-v8+ (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fbb depends on:
ii  libax25  0.0.12-rc5+git20190411+b17ff36-4+b1
ii  libc62.36-8
ii  libncurses6  6.4-2
ii  libtinfo66.4-2

fbb recommends no packages.

fbb suggests no packages.

-- no debconf information