unhide.rb_13-1.1_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Dec 2012 12:58:03 +0100 Source: unhide.rb Binary: unhide.rb Architecture: source all Version: 13-1.1 Distribution: unstable Urgency: high Maintainer: Debian Forensics forensics-devel@lists.alioth.debian.org Changed-By: Cédric Boutillier bou...@debian.org Description: unhide.rb - Forensic tool to find processes hidden by rootkits Closes: 677650 Changes: unhide.rb (13-1.1) unstable; urgency=high . * Non-maintainer upload. * Set urgency to high, as a RC bug is fixed. * Use Ruby 1.8 instead of default Ruby 1.9 version. (Closes: #677650) + add debian/patches/use_ruby18.patch, changing the shebang of unhide.rb to /usr/bin/ruby1.8 as it contains code not compatible with Ruby 1.9, + Depends on ruby1.8 instead of ruby. Checksums-Sha1: 5880b1f6650c80f400f671220cdfb240b634ff80 1885 unhide.rb_13-1.1.dsc 9284e5106ec2edc478cec51755ff769ebd64cb4d 2520 unhide.rb_13-1.1.debian.tar.gz c24ebe4a663c698c81962a9c2b6885f217c4a40a 6506 unhide.rb_13-1.1_all.deb Checksums-Sha256: 3062fa7db911c0082e4d03c8dab00e1e629ccf1e5a8423909bbe7117244d95c6 1885 unhide.rb_13-1.1.dsc 36dbcfe6d4f8d75c398adff386ae8c2bfac0de81af58aefc2d941676c388ec93 2520 unhide.rb_13-1.1.debian.tar.gz 3be79b247d6e1fa8aea8f2e64759c68643b99723a911b797845941561a364423 6506 unhide.rb_13-1.1_all.deb Files: f5cbacafb7b787f9cc45b86731595c62 1885 admin extra unhide.rb_13-1.1.dsc 54e0711142a4237d59b12e0e5683833a 2520 admin extra unhide.rb_13-1.1.debian.tar.gz ee29831d64b83f9596d2c1f59eb97a4d 6506 admin extra unhide.rb_13-1.1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQvw+hAAoJENpJWPYR4Unp5loP/izWCa8ncy4QcGLh5KFzaGgC 0G6/ZDspa9LBca4d/pYcmTHBq9qZJLbIvClqUY9X+v5tRxg3HwJSVTFt0Rw1PEJk jpVeb8SstER6r+Hs3v7kRXydsvcsitkJoWtvdpYjohQz14nj4gaYdqvmP/62f+DE Re4LmVTEcG1qQQa/xms+bOLRm8QVoP9S/WYcrknY/igyoSveJYNQc9Tvm+BaK/hy rI5J5rlRaFw4HVKxsMZVS1pdbZkBEsqsjtvEtEJQjhpXgPM929vAE0vEALPJWrSb LfHmBhnBczfcAydpg/AeJZ5tCxG/Ob/AJvV+iCQGMWYn08/ESiC6LLAukr0T/JsO XK1VfkfP+IJN8qvA3q0/kNCiD7XkwEVMQVbsuKjhapeEHDmhYJRnzbHjFVOvBQR8 vARa4Z6bm/grSDOPhh9V1ipZ5daqRicRbh7z6NCodi+c7L8cpz3uPmobLALuWO9a cdo8C3u1tlb85xn09TaUWmDMVEUlhRbuxJALx8PnNg20OLSPy07ZOj/cZsLwv668 5d0Wl4tcdcrlPDFclbYF+fvLgpwuaftv9Xki4ApF2SYKwSSdPZRcE3ztWpLT/znB oTzwrqF3BGR3D1GGXRZRE4H64EmFHR/i6gUjZ60qt2rLKoiy1ZTmeCGv4wTh/s8B 94rbZG/5RZRR4BopwNeV =q/+u -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#677650: marked as done (unhide.rb: in `module:LibC': uninitialized constant DL::Importable (NameError))
Your message dated Thu, 06 Dec 2012 12:12:15 + with message-id e1tgajl-00084l...@franck.debian.org and subject line Bug#677650: fixed in unhide.rb 13-1.1 has caused the Debian Bug report #677650, regarding unhide.rb: in `module:LibC': uninitialized constant DL::Importable (NameError) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 677650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: unhide.rb Version: 13-1 Severity: important Tags: d-i Dear Maintainer, Unhide.rb used in rkhunter generate the next error in rkhunter.log: [18:15:27] Info: Starting test name 'hidden_procs' [18:15:27] Info: Unable to find the 'unhide' command [18:15:27] Info: Found the 'unhide.rb' command: /usr/bin/unhide.rb [18:15:27] Using command 'unhide.rb' [ Warning ] [18:15:27] Checking for hidden processes [ Warning ] [18:15:28] Warning: The 'unhide.rb' command gave an error: [18:15:28] /usr/bin/unhide.rb:130: warning: assigned but unused variable - exe [18:15:28] /usr/bin/unhide.rb:32:in `module:LibC': uninitialized constant DL::Importable (NameError) [18:15:28] from /usr/bin/unhide.rb:31:in `main' starting unhide.rb as root in a terminal emulator generates the same error: /usr/bin/unhide.rb:130: warning: assigned but unused variable - exe /usr/bin/unhide.rb:32:in `module:LibC': uninitialized constant DL::Importable (NameError) from /usr/bin/unhide.rb:31:in `main' It looks like unhide.rb dies in an error. Regards, Huck -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages unhide.rb depends on: ii ruby4.9 ii ruby1.8 [ruby] 1.8.7.358-4 unhide.rb recommends no packages. Versions of packages unhide.rb suggests: ii rkhunter 1.4.0-1 -- no debconf information ---End Message--- ---BeginMessage--- Source: unhide.rb Source-Version: 13-1.1 We believe that the bug you reported is fixed in the latest version of unhide.rb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 677...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier bou...@debian.org (supplier of updated unhide.rb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Dec 2012 12:58:03 +0100 Source: unhide.rb Binary: unhide.rb Architecture: source all Version: 13-1.1 Distribution: unstable Urgency: high Maintainer: Debian Forensics forensics-devel@lists.alioth.debian.org Changed-By: Cédric Boutillier bou...@debian.org Description: unhide.rb - Forensic tool to find processes hidden by rootkits Closes: 677650 Changes: unhide.rb (13-1.1) unstable; urgency=high . * Non-maintainer upload. * Set urgency to high, as a RC bug is fixed. * Use Ruby 1.8 instead of default Ruby 1.9 version. (Closes: #677650) + add debian/patches/use_ruby18.patch, changing the shebang of unhide.rb to /usr/bin/ruby1.8 as it contains code not compatible with Ruby 1.9, + Depends on ruby1.8 instead of ruby. Checksums-Sha1: 5880b1f6650c80f400f671220cdfb240b634ff80 1885 unhide.rb_13-1.1.dsc 9284e5106ec2edc478cec51755ff769ebd64cb4d 2520 unhide.rb_13-1.1.debian.tar.gz c24ebe4a663c698c81962a9c2b6885f217c4a40a 6506 unhide.rb_13-1.1_all.deb Checksums-Sha256: 3062fa7db911c0082e4d03c8dab00e1e629ccf1e5a8423909bbe7117244d95c6 1885 unhide.rb_13-1.1.dsc 36dbcfe6d4f8d75c398adff386ae8c2bfac0de81af58aefc2d941676c388ec93 2520 unhide.rb_13-1.1.debian.tar.gz 3be79b247d6e1fa8aea8f2e64759c68643b99723a911b797845941561a364423 6506 unhide.rb_13-1.1_all.deb Files: f5cbacafb7b787f9cc45b86731595c62 1885 admin extra unhide.rb_13-1.1.dsc 54e0711142a4237d59b12e0e5683833a 2520 admin extra unhide.rb_13-1.1.debian.tar.gz ee29831d64b83f9596d2c1f59eb97a4d 6506 admin extra unhide.rb_13-1.1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux)
Processing of ssdeep_2.7-2_amd64.changes
ssdeep_2.7-2_amd64.changes uploaded successfully to localhost along with the files: ssdeep_2.7-2.dsc ssdeep_2.7-2.debian.tar.gz ssdeep_2.7-2_amd64.deb libfuzzy2_2.7-2_amd64.deb libfuzzy2-dbg_2.7-2_amd64.deb libfuzzy-dev_2.7-2_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
ssdeep_2.7-2_amd64.changes REJECTED
ssdeep_2.7-2.dsc: Invalid size hash for ssdeep_2.7.orig.tar.gz: expected 335647, but got 336544. === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processing of ssdeep_2.7-2_amd64.changes
ssdeep_2.7-2_amd64.changes uploaded successfully to localhost along with the files: ssdeep_2.7-2.dsc ssdeep_2.7-2.debian.tar.gz ssdeep_2.7-2_amd64.deb libfuzzy2_2.7-2_amd64.deb libfuzzy2-dbg_2.7-2_amd64.deb libfuzzy-dev_2.7-2_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
ssdeep_2.7-2_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 06 Dec 2012 14:19:39 +0100 Source: ssdeep Binary: ssdeep libfuzzy2 libfuzzy2-dbg libfuzzy-dev Architecture: source amd64 Version: 2.7-2 Distribution: unstable Urgency: low Maintainer: Debian Forensics forensics-devel@lists.alioth.debian.org Changed-By: Michael Prokop m...@debian.org Description: libfuzzy-dev - Recursive piecewise hashing tool (development headers) libfuzzy2 - Recursive piecewise hashing tool (library) libfuzzy2-dbg - Recursive piecewise hashing tool (debugging symbols) ssdeep - Recursive piecewise hashing tool Changes: ssdeep (2.7-2) unstable; urgency=low . [ Christophe Monniez ] * [8c07aaa] Adding the missing Breaks+Replaces (Closes #694368). Checksums-Sha1: a007b7b755d22aac0e36306d13ba67723c4f87a8 1378 ssdeep_2.7-2.dsc d3f5563d180db7fa14e60539c80c236d25321e6b 3546 ssdeep_2.7-2.debian.tar.gz ce4247b1821ba196c1bb1302e82a11e6aba27ddf 22814 ssdeep_2.7-2_amd64.deb 3816a353532a5b5134ea01db043e23b31ddadb7a 12090 libfuzzy2_2.7-2_amd64.deb bc0c42a19ac1467e8f451ee6a55f95d975c544b6 45836 libfuzzy2-dbg_2.7-2_amd64.deb 6abf8550f8addef2884d968afeb83735c88a7e8d 7408 libfuzzy-dev_2.7-2_amd64.deb Checksums-Sha256: c6a2ca99d52f8f5f2b34a4886f541cdb3c816920a87502e420ca9128ef0ca594 1378 ssdeep_2.7-2.dsc d14c2c39d874b647b82ee1facc7ae09e5ac6e27ca8cfb89d53ba83c4de304d4c 3546 ssdeep_2.7-2.debian.tar.gz 6ecd1562c356f0d01534de2b37b60e46d52a5d06ad0f3f99c71f0ff30f871124 22814 ssdeep_2.7-2_amd64.deb 6fc64dd1d45c168c70dea2f1ce7659520223208279c3a8ea146188edd1eccd50 12090 libfuzzy2_2.7-2_amd64.deb 56fe28a39e4e3cebb17251af52f351351ba9bcb02cb4baad2e2bf87c43e9b662 45836 libfuzzy2-dbg_2.7-2_amd64.deb 4194e2ab55284733836b062e12e2d7a138c67414862ebd88909db3c07094e523 7408 libfuzzy-dev_2.7-2_amd64.deb Files: 0a67c01d1d8adffddc383e754227ea5e 1378 admin optional ssdeep_2.7-2.dsc 0c9140b98e4ddd6e9495163ec23bd305 3546 admin optional ssdeep_2.7-2.debian.tar.gz 29fc776fa7d03e08e5986b39f6534389 22814 admin optional ssdeep_2.7-2_amd64.deb bc44047663e5cb691fccc1923a95bb6b 12090 libs optional libfuzzy2_2.7-2_amd64.deb 5bef9c49ad5666dd16967a4c0bf51fcf 45836 debug extra libfuzzy2-dbg_2.7-2_amd64.deb 75c242fa717c07d66a2ca0670749aa91 7408 libdevel optional libfuzzy-dev_2.7-2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlDAoWcACgkQ2N9T+zficuiCKQCcC+7+mTNxuWX/b9e808yChtTK EuYAn2MG6M7hI7SINxzKnmeIlewD1gX1 =Mz9n -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#694368: libfuzzy{2, -dev}: missing Breaks+Replaces: ssdeep ( 2.6)
Hi Salvatore, the fix was just uploaded. Do we need a release excpetion for this to be accepeted ? -- Christophe Monniez christophe.monn...@fccu.be ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#694368: libfuzzy{2, -dev}: missing Breaks+Replaces: ssdeep ( 2.6)
Hi, I considered NMUing ssdeep to fix this bug. When debcheckout-ing the packaging repository I noticed that there is a changelog entry * Adding the missing Breaks+Replaces (Closes: #694368). for a not yet released version 2.9-1. Could you please confirm that you understood that you can not upload a new version but just need to apply the smallest possible change to the package currently in testing? Please tell me if you have some trouble with uploading / sponsering - I'd volunteer to help fixing this RC bug. Kind regards Andreas. -- http://fam-tille.de ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#694368: libfuzzy{2, -dev}: missing Breaks+Replaces: ssdeep ( 2.6)
Source: ssdeep Source-Version: 2.7-2 Hi Christophe On Thu, Dec 06, 2012 at 03:08:03PM +0100, Christophe Monniez wrote: the fix was just uploaded. Thanks! Do we need a release excpetion for this to be accepeted ? Just fill a bug for pseudopackage release.debian.org for a unblock request. Include the debdiff against the current version in testing. Best is to create the bugreport with reportbug. Does this helps? Regards, Salvatore signature.asc Description: Digital signature ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#694368: marked as done (libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6))
Your message dated Thu, 6 Dec 2012 19:13:24 +0100
with message-id 20121206181324.ga2...@elende.valinor.li
and subject line Re: Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces:
ssdeep ( 2.6)
has caused the Debian Bug report #694368,
regarding libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
694368: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694368
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libfuzzy2,libfuzzy-dev
Version: 2.6-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite
Architecture: amd64
Distribution: squeeze-wheezy (partial) upgrade
Hi,
automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:
Selecting previously deselected package ssdeep.
(Reading database ... 6286 files and directories currently installed.)
Unpacking ssdeep (from .../ssdeep_2.5-1_amd64.deb) ...
Setting up ssdeep (2.5-1) ...
Selecting previously deselected package libfuzzy2.
(Reading database ... 6359 files and directories currently installed.)
Unpacking libfuzzy2 (from .../libfuzzy2_2.7-1_amd64.deb) ...
dpkg: error processing /var/cache/apt/archives/libfuzzy2_2.7-1_amd64.deb
(--unpack):
trying to overwrite '/usr/lib/libfuzzy.so.2.0.0', which is also in package
ssdeep 2.5-1
Selecting previously deselected package libfuzzy-dev.
Unpacking libfuzzy-dev (from .../libfuzzy-dev_2.7-1_amd64.deb) ...
dpkg: error processing /var/cache/apt/archives/libfuzzy-dev_2.7-1_amd64.deb
(--unpack):
trying to overwrite '/usr/include/fuzzy.h', which is also in package ssdeep
2.5-1
This is a serious bug as it makes installation/upgrade fail, and
violates sections 7.6.1 and 10.1 of the policy.
As this problem can be demonstrated during partial upgrades from squeeze
to wheezy (but not within squeeze or wheezy itself), this indicates a
missing or insufficiently versioned Replaces+Breaks relationship.
But since this particular upgrade ordering is not forbidden by any
dependency relationship, it is possible that apt (or $PACKAGE_MANAGER)
will use this erroneus path on squeeze-wheezy upgrades.
Here is a list of files that are known to be shared by both packages
(according to the Contents files for squeeze and wheezy on amd64, which
may be slightly out of sync):
usr/lib/libfuzzy.so.2
usr/lib/libfuzzy.so.2.0.0
usr/include/fuzzy.h
usr/lib/libfuzzy.so
The library was moved to a separate package recently:
ssdeep (2.6-1) unstable; urgency=low
* Split the libfuzzy library from the ssdeep package.
The following relationships are currently defined:
Package: libfuzzy2, libfuzzy-dev
Conflicts: n/a
Breaks:n/a
Replaces: n/a
The following relationships should be added for a clean takeover of
these files
(http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces):
Package: libfuzzy2
Breaks: ssdeep ( 2.6)
Replaces: ssdeep ( 2.6)
Package: libfuzzy-dev
Breaks: ssdeep ( 2.6)
Replaces: ssdeep ( 2.6)
Cheers,
Andreas
PS: for more information about the detection of file overwrite errors
of this kind see http://edos.debian.net/file-overwrites/.
ssdeep=2.5-1_libfuzzy2=2.7-1.log.gz
Description: GNU Zip compressed data
---End Message---
---BeginMessage---
Source: ssdeep
Source-Version: 2.7-2
Closing, as fixed in 2.7-2 (did the close wrong in mail before).
Regards,
Salvatore---End Message---
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#677650: Here's a patch that APPEARS to work
I don't know Ruby AT ALL, but I did a bit of googling and this appears
to make unhide.rb work with 1.9:
--- unhide.rb.orig 2012-12-06 23:53:57.0 -0500
+++ unhide.rb 2012-12-06 23:52:51.0 -0500
@@ -29,7 +29,11 @@
# Support for libc functions not covered by the standard Ruby
# libraries
module LibC
- extend DL::Importable
+ if RUBY_VERSION =~ /^1\.8/
+extend DL::Importable
+ else
+extend DL::Importer
+ end
dlload libc.so.6
# PID scanning functions
@@ -147,7 +151,7 @@
$ps_pids[pid]
}],
- [/proc, proc { |pid|
+ [/proc, lambda { |pid|
# Is there a /proc entry for this pid?
unless File.directory?(/proc/#{pid})
break
The first hunk changes from DL::Importable to DL::Importer on versions
above 1.8. Since the only method actually used is extern(), and
the only change in 1.9 is addition optional flags, that's
all the change yo need.
Patch stolen from
https://github.com/mwotton/Hubris/commit/84515473e079e36f799b8210b424d61b7248798a
The second hunk deals with what appears to be a core change between
1.8 and 1.9. In 1.8, proc was an alias for lambda. In 1.9, there's a
difference: lambda creates a new function scope (which things like break
and return can jump to), while proc does not (so break and return try
to return from the caller's scope)
Explained at:
http://www.skorks.com/2010/05/ruby-procs-and-lambdas-and-the-difference-between-them/#difference
http://stackoverflow.com/questions/626/when-to-use-lambda-when-to-use-proc-new
http://railspikes.com/2008/9/8/lambda-in-ruby-1-9
The other methods don't use break or return, so there's no need to
change them. (I presume proc has somewhat less overhead.)
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
