Please upload: nasm-2.02-1
Upstream release. wget \ 'http://scarff.id.au/file/cygwin/nasm/nasm-2.02-1-src.tar.bz2' \ 'http://scarff.id.au/file/cygwin/nasm/nasm-2.02-1.tar.bz2' Thanks. -- Dean
Re: [ITA] inetutils-1.5-1
Corinna Vinschen wrote:
On Feb 24 22:07, Charles Wilson wrote:
I'm tossing my hat in for #3. It's basically a new port, using the
previous patches (1.3.2-37 vs. upstream 1.3.2) as a guide, because none of
the patches seemed to apply cleanly, and there were other issues as well.
Yippee! Charles, there is no number of gold stars in the known universe
to express my gratitude :)))
You're welcome.
For a start, maybe you should change the default motd. I just couldn't
think of something better way back when, but the message is rather
boring, isn't it?
OK. I hadn't really given those sorts of things much thought.
And, maybe it's time to start to be more cautious by default and
disable all service entries in /etc/defaults/etc/inetd.conf?
You're probably right. Existing users' inetd.confs will not get
overwritten -- but they will have to manually edit them anyway, given
the executable name changes. New users...will have to read the README.
Or perhaps I could make a REALLY smart iu-config
The 'chargen' service is blah blah blah...describe security issues...
Do you want to enable the 'chargen' service? [yes/no]
etc.
What do you think, further, of requiring tcp_wrappers, and having the
default inetd.conf file explicitly use /usr/sbin/tcpd (even if the line
is commented out and entirely disabled)?
A few minutes ago I found a security problem with rshd.c which I just
fixed by uploading 1.3.2-40, and which you copied verbatim into the 1.5
rshd.c:
Probably need something similar in rexecd, too. I'll take a look before
posting 1.5-2.
Since the check if seteuid fails is missing so far, you will run rsh
commands under the SYSTEM account for every user on 2003 upwards!
Urk. That's bad.
In -40 I changed the description in inetutils-1.3.2.README substantially
to explain this problem.
I will track all of your changes as we go forward (you probably saw I
copied in your README verbatim as inetutils.OLD-README).
(3) Added a new option to inetd: -T/--traditional-daemon, which does the
regular fork/daemonize behavior. This is used with the (also provided)
sysvinit-style startup script, so that inetd can be run under the control
of the sysvinit package's init daemon. So now, there are THREE ways to run
inetd as a service:
a) install as a service using cygrunsrv (with the -D option)
b) installed as a service under its own power
c) as a slave to the init service, using /etc/rc.d/init.d/inetd (which
uses the -T option when invoking inetd)
Given the problem with the SYSTEM account, maybe we should deprecate
usage b.
Well, I kinda wanted to avoid a huge "flag day" thing where stuff just
stopped working for people (well, except for the server executable names
thing).
But I could definitely see "method (b) is supported NT, 2000, and XP
only", encouraging people to use method (a) or (c).
Right now, neither your version nor my version of iu-config actually
installs (or even offers to install) inetd as a service. If the new
iu-config became more like syslogd-config or sshd-host-config, then I
could see it defaulting to method (a).
Maybe an install script (iu-config?) could do something
along the lines of the ssh-host-config script.
Hmmm...I've got an idea...cue ominous music...
I would be willing
to switch the ssh-host-config script from the "sshd_server" user name
to something like "cygwin_svc" or so.
How about a new package, "cygwin-services-helper" or somesuch, that contains
(1) a script [*] derived from the appropriate portion of
sshd-host-config, whose job is to create the appropriate priveleged user
(I like 'cygwin_svc') -- unless it already exists under either name
('cygwin_svc' or 'sshd_server').
(2) maybe another script [*] whose job is to ascertain whether such a
user already exists, and return its name (or "" if not).
It would be up to the calling foo-config to use these two scripts
appropriately. And, of course, the user might have to enter the
password for the priveleged user account twice: once when it is created,
and then again (by foo-config) to install the service 'foo'.
Then, openssh (and inetutils, and syslog-ng, and sysvinit, ...) could
all depend on the "cygwin-services-helper" package.
[*] or maybe a script function library somewhere like
/usr/lib/cygwin-services/ that foo-config could 'source', and then call
the functions directly. This would help the "enter the password twice"
problem...
And maybe the iu-config script
could re-use the sshd_server user if it already exists...
Right. See above.
BTW, with the new inetd.d/ support, sshd-host-config doesn't have to
edit the inetd.conf file directly. It can have a
/etc/defaults/etc/inetd.d/sshd
file, that it either installs to /etc/inetd.d/ or not. (ditto /etc/xinetd.d)
--
Chuck
Re: [ITA] inetutils-1.5-1
Christopher Faylor wrote: I doubt that this is the problem No, it's not. I can trace thru the parsing, and the ldesc is properly loaded into a std::string, as expected (both paragraphs). but you are making your ldesc's too wordy. It should just be a couple of sentences, not an advertisement for or against the use of the package. OK. When possible, I typically go by whatever mandriva's 'urpmi -q' tells me, and those can get pretty long winded -- even moreso than I normally am. I n this case, however, the various *nixes seem to have standardized on very fine-grained packages for the inetutils services: rshd, rsh, telnet, telnetd, etc, all in their own, private rpm. Since we're not doing that here, I couldn't rely on my 'urpmi -q' crutch. I'll just go with the first paragraph. -- Chuck
[ITP] ipcalc 0.41 -- Parameter calculator for IPv4 addresses
Included in Debian stable http://packages.debian.org/unstable/ipcalc Jari sdesc: "Parameter calculator for IPv4 addresses" ldesc: "Program takes an IP address and netmask in CIDR notation or dotted decimal notation and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. By giving a second netmask, you can design sub- and supernetworks. It is also intended to be a teaching tool and presents the results as easy-to-understand binary values." category: Utils Perl requires: cygwin perl a) manual wget\ http://cygwin.cante.net/ipcalc/ipcalc-0.41-1-src.tar.bz2 \ http://cygwin.cante.net/ipcalc/ipcalc-0.41-1.tar.bz2 \ http://cygwin.cante.net/ipcalc/setup.hint b) automated gpg --keyserver wwwkeys.pgp.net --recv-keys 955A92D8 mkdir ipcalc ; cd ipcalc rm -f get.sh get.sh.sig wgethttp://cygwin.cante.net/ipcalc/get.sh \ http://cygwin.cante.net/ipcalc/get.sh.sig && gpg --verify get.sh.sig get.sh && sh get.sh -- Welcome to FOSS revolution: we fix and modify until it shines
[ITP] urlgrabber 3.1.0 -- Python based URL grabber
Included in Debian stable http://packages.debian.org/python-urlgrabber Jari sdesc: "Python based URL grabber" ldesc: "Program dramatically simplifies the fetching of files. It is designed to be used in programs that need common (but not necessarily simple) url-fetching features. This package provides both a binary and a module, both of the name urlgrabber." category: Net Python requires: cygwin python a) manual wget\ http://cygwin.cante.net/urlgrabber/urlgrabber-3.1.0-1-src.tar.bz2 \ http://cygwin.cante.net/urlgrabber/urlgrabber-3.1.0-1.tar.bz2 \ http://cygwin.cante.net/urlgrabber/setup.hint b) automated gpg --keyserver wwwkeys.pgp.net --recv-keys 955A92D8 mkdir urlgrabber ; cd urlgrabber rm -f get.sh get.sh.sig wgethttp://cygwin.cante.net/urlgrabber/get.sh \ http://cygwin.cante.net/urlgrabber/get.sh.sig && gpg --verify get.sh.sig get.sh && sh get.sh -- Welcome to FOSS revolution: we fix and modify until it shines
[RFU] ddrescue-1.8-1
Please upload: wget \ http://franke.dvrdns.org/cygwin/release/ddrescue/ddrescue-1.8-1.tar.bz2 \ http://franke.dvrdns.org/cygwin/release/ddrescue/ddrescue-1.8-1-src.tar.bz2 and remove 1.4-1. setup.hint is unchanged. Christian
[ITP] planet 2.0 -- Flexible RDF, RSS and Atom feed aggregator
Icluded in Debian stable http://packages.debian.org/planet Jari sdesc: "Flexible RDF, RSS and Atom feed aggregator" ldesc: "Download news feeds published by web sites and aggregates their content together into a single combined feed, latest news first. Program uses Mark Pilgrim's Universal Feed Parser to read from RDF, RSS and Atom feeds; and Tomas Styblo's templating engine to output static files in any format you can dream up." category: Net Python requires: cygwin python a) manual wget\ http://cygwin.cante.net/planet/planet-2.0-1-src.tar.bz2 \ http://cygwin.cante.net/planet/planet-2.0-1.tar.bz2 \ http://cygwin.cante.net/planet/setup.hint b) automated gpg --keyserver wwwkeys.pgp.net --recv-keys 955A92D8 mkdir planet ; cd planet rm -f get.sh get.sh.sig wgethttp://cygwin.cante.net/planet/get.sh \ http://cygwin.cante.net/planet/get.sh.sig && gpg --verify get.sh.sig get.sh && sh get.sh -- Welcome to FOSS revolution: we fix and modify until it shines
[ITP] VOTE: ctorrent 1.3.4 -- BitTorrent client written in C++
Included in Debian testing. Need votes. http://packages.debian.org/ctorrent Jari sdesc: "BitTorrent client written in C++" ldesc: "This application is written in the C++ language and doesn't require any graphical component, such as an X server. Original ctorrent's upstream has stopped its development and now it's kept updated with new releases/bug fixes by a new developer. It's built as a console program and it can be even used remotely in a machine that provides outside ssh access." category: Net requires: cygwin openssl a) manual wget\ http://cygwin.cante.net/ctorrent/ctorrent-1.3.4-dnh3.2-1-src.tar.bz2 \ http://cygwin.cante.net/ctorrent/ctorrent-1.3.4-dnh3.2-1.tar.bz2 \ http://cygwin.cante.net/ctorrent/setup.hint b) automated gpg --keyserver wwwkeys.pgp.net --recv-keys 955A92D8 mkdir ctorrent ; cd ctorrent rm -f get.sh get.sh.sig wgethttp://cygwin.cante.net/ctorrent/get.sh \ http://cygwin.cante.net/ctorrent/get.sh.sig && gpg --verify get.sh.sig get.sh && sh get.sh -- Welcome to FOSS revolution: we fix and modify until it shines
Re: [ITA] sysvinit: A System-V Init Clone
On Feb 20 11:48, Corinna Vinschen wrote: > On Feb 19 23:03, Dr. Volker Zell wrote: > > Hi > > > > I would like to adopt and maintain the 'sysvinit' package from Sergey > > Okhapkin. > > [...] > > wget http://volkerzell.de/cygwin/ITP/sysvinit/setup.hint > > wget http://volkerzell.de/cygwin/ITP/sysvinit/sysvinit-2.86-1-src.tar.bz2 > > wget http://volkerzell.de/cygwin/ITP/sysvinit/sysvinit-2.86-1.tar.bz2 > > Packaging looks good to me. Thanks for taking over! > > I have prepared a new inetutils package which doesn't provide logger.exe > anymore. I uploaded the above package. I also uploaded a new inetutils package which was necessary due to a security problem in rshd. > Now we just need a new util-linux package without last.exe. :) This is still the case. We still need the new util-linux package without last.exe. Yaakov? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat
Re: [ITA] inetutils-1.5-1
On Feb 24 22:07, Charles Wilson wrote:
> As suggested by Corinna here:
> http://cygwin.com/ml/cygwin-apps/2008-02/msg00097.html
>> I won't update inetutils anymore, except for tiny fixes and packaging
>> stuff. Actually I'd rather OBSOLETE it entirely. syslogd is replaced
>> by syslog-ng and all other tools in inetutils are security holes all in
>> itself. Barring that, I could create a new inetutils package which
>> doesn't install logger. Logger has not even a single Cygwin specific
>> patch in it.
>> So, here's the choice:
>> 1. Remove logger from inetutils.
>> 2. Remove inetutils from the distro.
>> 3. Another maintainer creates a new inetutils package using the latest
>>upstream sources.
>
> I'm tossing my hat in for #3. It's basically a new port, using the
> previous patches (1.3.2-37 vs. upstream 1.3.2) as a guide, because none of
> the patches seemed to apply cleanly, and there were other issues as well.
Yippee! Charles, there is no number of gold stars in the known universe
to express my gratitude :)))
> Actually, I /agree/ with Corinna that none of these tools (with the
> possible exception of inetd itself, and syslogd [1]) should be used in a
> security-conscious installation. However, we live in the real world
Uh, that... Well, the real world is just *one* tiny place, no?
> telnet/rsh are not going away...and if cygwin lacks these tools, it will be
> viewed as a bug, not a feature.
>
> [1] which can be replaced by xinetd (although that is unmaintained) and
> syslog-ng
>
> http://cygwin.cwilson.fastmail.fm/ITP/inetutils-1.5-1.tar.bz2
> http://cygwin.cwilson.fastmail.fm/ITP/inetutils-1.5-1-src.tar.bz2
>
>[...]
> But that shouldn't stop you from d/l them, checking out the packaging,
> maybe testing individual .exe's, etc. When I /do/ upload these, they will
> be in test: for a good long while...
For a start, maybe you should change the default motd. I just couldn't
think of something better way back when, but the message is rather
boring, isn't it?
And, maybe it's time to start to be more cautious by default and
disable all service entries in /etc/defaults/etc/inetd.conf?
A few minutes ago I found a security problem with rshd.c which I just
fixed by uploading 1.3.2-40, and which you copied verbatim into the 1.5
rshd.c:
@@ -763,8 +799,12 @@
exit (1);
}
+#ifdef __CYGWIN__
+ seteuid(getuid());
+#endif
+
If seteuid fails, rshd should bail out. In 1.3.2-40 I changed that to
#ifdef __CYGWIN__
if (seteuid((uid_t)pwd->pw_uid)) {
error("Switching to user %s failed!\n", remuser);
exit(1);
}
#endif
This problem does not occur when you install inetd on NT4/2000/XP.
However, here's the awkward truth: rsh and rcp won't work anymore when
you're running inetd under SYSTEM starting with Windows 2003. The
reason is that services under SYSTEM don't have the "Create a process
token" user right anymore starting with 2K3. That's the whole reason I
intruduced the "sshd_server" user in the ssh-host-config script.
What's especially embarrassing with this is, that it *never* occured to
me until today, that this is also a problem for rshd :-P
Since the check if seteuid fails is missing so far, you will run rsh
commands under the SYSTEM account for every user on 2003 upwards!
In -40 I changed the description in inetutils-1.3.2.README substantially
to explain this problem.
> (3) Added a new option to inetd: -T/--traditional-daemon, which does the
> regular fork/daemonize behavior. This is used with the (also provided)
> sysvinit-style startup script, so that inetd can be run under the control
> of the sysvinit package's init daemon. So now, there are THREE ways to run
> inetd as a service:
> a) install as a service using cygrunsrv (with the -D option)
> b) installed as a service under its own power
> c) as a slave to the init service, using /etc/rc.d/init.d/inetd (which
> uses the -T option when invoking inetd)
Given the problem with the SYSTEM account, maybe we should deprecate
usage b. Maybe an install script (iu-config?) could do something
along the lines of the ssh-host-config script. I would be willing
to switch the ssh-host-config script from the "sshd_server" user name
to something like "cygwin_svc" or so. And maybe the iu-config script
could re-use the sshd_server user if it already exists...
Thanks again for doing this,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
Re: [ITP] codeville 0.8.0 -- A distributed version control system implemented in Python
On Feb 23 13:34, Jari Aalto wrote: > http://cygwin.cante.net/codeville/setup.hint \ > http://cygwin.cante.net/codeville/codeville-0.8.0-2-src.tar.bz2 \ > http://cygwin.cante.net/codeville/codeville-0.8.0-2.tar.bz2 Uploaded. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat
Re: [ITP] wiggle 0.6 -- A program for applying patches with conflicting changes
On Feb 23 00:53, Jari Aalto wrote: > http://cygwin.cante.net/wiggle/wiggle-0.6-1-src.tar.bz2 \ > http://cygwin.cante.net/wiggle/wiggle-0.6-1.tar.bz2 \ > http://cygwin.cante.net/wiggle/setup.hint Uploaded. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat
