Bug#1043037: "dead upstream", find a releasable fork

2023-08-04 Thread Christopher Knadle 
Package: mlmmj
Version: 1.3.0-4
Severity: wishlist
Tags: upstream

MLMMJ upstream is dead for a long time; development stopped in May 2017.
Baptiste Daroussin  and others are continuing to work on MLMMJ
in an external Git repository and have made a recent 1.4.0 b1 beta version
release for testing.

https://codeberg.org/mlmmj/mlmmj

This needs to be investigated to see if this can be released to Debian.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us

-- System Information:
Debian Release: 10.13
  APT prefers oldoldstable-updates
  APT policy: (500, 'oldoldstable-updates'), (500, 'oldoldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-24-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mlmmj depends on:
ii  debconf [debconf-2.0]  1.5.71+deb10u1
ii  exim4  4.92-8+deb10u7
ii  exim4-daemon-heavy [mail-transport-agent]  4.92-8+deb10u7
ii  libc6  2.28-10+deb10u2

mlmmj recommends no packages.

Versions of packages mlmmj suggests:
pn  mlmmj-php-web
pn  mlmmj-php-web-admin  

-- debconf information excluded

Bug#831184: mumble: FTBFS with GCC 6

2016-07-20 Thread Christopher Knadle 
Hello again, Lucas.

Thanks for reporting this bug.
Sorry for the delay in response: unfortunately the hard disk in my mail
server died on Thursday night and since then I've been scrambling to try to
recover what data I could and get it back up again after disk replacement.

I had a quick look at the bug and the build log, and I think you pointed
out the correct section of the log where the compile went awry.

I should be able to look more deeply at this on Monday.  Meanwhile I'll try
to inform upstream about the problem so that they're aware.

Thanks.

-- Chris

Bug#808901: wheezy-pu: package libssh/0.5.4-1+deb7u1

2015-12-24 Thread Christopher Knadle 
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu

Greetings.

I would like to update libssh in Wheezy via a sponsored NMU to fix
CVE-2015-3146 and CVE-2015-8132, which are non-DSA security bugs and so would
need to be fixed via stable-proposed-updates.  I updated libssh in Sid via
sponsored NMU for these in Nov 2015.

The patches used to fix this came from upstream at:

   https://www.libssh.org/security/patches/

Thanks.

  -- Chris

--
Chris Knadle
chris.kna...@coredump.us
diff -Nru libssh-0.5.4/debian/changelog libssh-0.5.4/debian/changelog
--- libssh-0.5.4/debian/changelog	2014-03-06 04:47:48.0 -0500
+++ libssh-0.5.4/debian/changelog	2015-12-04 09:31:06.0 -0500
@@ -1,3 +1,17 @@
+libssh (0.5.4-1+deb7u2) wheezy; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/patches:
+- Add 0005-security-fix-for-vulnerability-CVE-2014-8132.patch
+  Fix "Double free on dangling pointers in initial key exchange packet"
+  (Closes: #773577, CVE-2014-8132)
+- Add 0006-security-fix-for-vulnerability-CVE-2015-3146.patch
+  Fix "null pointer dereference due to a logical error in the handling of
+  a SSH_MSG_NEWKEYS and KEXDH_REPLY packets"
+  (Closes: #784404, CVE-2015-3146)
+
+ -- Christopher Knadle <chris.kna...@coredump.us>  Mon, 23 Nov 2015 04:08:05 -0500
+
 libssh (0.5.4-1+deb7u1) wheezy-security; urgency=high
 
   * debian/patches/0004-security-fix-for-vulnerability-CVE-2014-0017.patch:
diff -Nru libssh-0.5.4/debian/patches/0005-security-fix-for-vulnerability-CVE-2014-8132.patch libssh-0.5.4/debian/patches/0005-security-fix-for-vulnerability-CVE-2014-8132.patch
--- libssh-0.5.4/debian/patches/0005-security-fix-for-vulnerability-CVE-2014-8132.patch	1969-12-31 19:00:00.0 -0500
+++ libssh-0.5.4/debian/patches/0005-security-fix-for-vulnerability-CVE-2014-8132.patch	2015-11-23 08:55:39.0 -0500
@@ -0,0 +1,46 @@
+From f2e14e00ff0afdb7e45a595dc4c5f9e50d413b4d Mon Sep 17 00:00:00 2001
+From: Jon Simons <j...@jonsimons.org>
+Date: Sat, 18 Oct 2014 23:23:26 -0700
+Subject: [PATCH] CVE-2014-8132: Fixup error path in ssh_packet_kexinit()
+
+Before this change, dangling pointers can be unintentionally left in the
+respective next_crypto kex methods slots.  Ensure to set all slots to
+NULL in the error-out path.
+
+Signed-off-by: Jon Simons <j...@jonsimons.org>
+Reviewed-by: Andreas Schneider <a...@cryptomilk.org>
+
+(cherry picked from commit 2ced24ddd67a261dc364ad4d8958c068c1671ae7)
+Signed-off-by: Andreas Schneider <a...@cryptomilk.org>
+---
+ src/kex.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index dedf286..db35183 100644
+--- a/src/kex.c
 b/src/kex.c
+@@ -286,7 +286,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+   for (i = 0; i < 10; i++) {
+ str = buffer_get_ssh_string(packet);
+ if (str == NULL) {
+-  break;
++  goto error;
+ }
+ 
+ if (buffer_add_ssh_string(session->in_hashbuf, str) < 0) {
+@@ -333,6 +333,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+ error:
+   ssh_string_free(str);
+   for (i = 0; i < 10; i++) {
++if (server_kex) {
++  session->server_kex.methods[i] = NULL;
++} else {
++  session->client_kex.methods[i] = NULL;
++}
+ SAFE_FREE(strings[i]);
+   }
+ 
+-- 
+2.2.0
+
diff -Nru libssh-0.5.4/debian/patches/0006-security-fix-for-vulnerability-CVE-2015-3146.patch libssh-0.5.4/debian/patches/0006-security-fix-for-vulnerability-CVE-2015-3146.patch
--- libssh-0.5.4/debian/patches/0006-security-fix-for-vulnerability-CVE-2015-3146.patch	1969-12-31 19:00:00.0 -0500
+++ libssh-0.5.4/debian/patches/0006-security-fix-for-vulnerability-CVE-2015-3146.patch	2015-11-23 08:55:39.0 -0500
@@ -0,0 +1,98 @@
+From cadc76a8b450f4e2181009c8faa2c4dace9bcc2c Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <a...@0xbadc0de.be>
+Date: Wed, 15 Apr 2015 16:08:37 +0200
+Subject: [PATCH 1/2] CVE-2015-3146: Fix state validation in packet handlers
+
+The state validation in the packet handlers for SSH_MSG_NEWKEYS and
+SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.
+
+The issue has been found and reported by Mariusz Ziule.
+
+Signed-off-by: Aris Adamantiadis <a...@0xbadc0de.be>
+Reviewed-by: Andreas Schneider <a...@cryptomilk.org>
+---
+ src/client.c | 4 ++--
+ src/server.c | 1 +
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/client.c b/src/client.c
+index 0e50497..6919e7a 100644
+--- a/src/client.c
 b/src/client.c
+@@ -186,7 +186,7 @@ SSH_PACKET_CALLBACK(ssh_packet_dh_reply){
+   (void)type;
+   (void)user;
+   ssh_log(session,SSH_LOG_PROTOCOL,"Received SSH_KEXDH_REPLY");
+-  if(session->session_state!= SSH_SESSION_STATE_DH &&
++  if(session->session_state!= SSH_SESSION_STATE_DH ||
+ 		session->dh_handshake_state

Bug#801597: PIE and stack protection appear missing since update to GCC-5

2015-10-12 Thread Christopher Knadle 
Source: hardening-wrapper
Version: 2.7
Severity: important

It appears that the behavior of hardening-wrapper has changed recently, and
now PIE and stack protection are missing.  mumble got a binNMU for the GCC-5
upgrade relating to library transitions for protobuf and zeroc-ice after which
these protections were missing where they had them before the binNMU.

Looking at the snapshot:
http://snapshot.debian.org/archive/debian/20141110T040546Z/pool/main/m/mumble/mumble_1.2.8-2_amd64.deb
mumble_1.2.8-2_amd64 hardening check:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes

Looking at Sid:
http://ftp.us.debian.org/debian/pool/main/m/mumble/mumble_1.2.8-2+b1_amd64.deb
mumble_1.2.8-2+b1_amd64 hardening check:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes

Reporting this as these are unexpected differences.


Also: is hardening-wrapper being deprecated?  I ask because lintian is
reporting it as such.  (See #711193)

Thanks.
   -- Chris

Chris Knadle
chris.kna...@coredump.us



-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#317098: KMail broken, confusing bug

2005-08-08 Thread Christopher Knadle 
Hello all.

   After an upgrade a month ago KMail reliably segfalts.  [Kaffeine also 
segfaults upon quitting, or fails to quit and takes up 100% cpu until 
manually killed.]  I found this bug report already open, so I didn't write 
one at the time.

   What is confusing me is that all of the KDE-based libraries (with the 
exception of kdelibs4) and the version of KMail itself are common with the 
Debian Stable branch -- and yet it is reported that rebuilding the kdepim 
package seems to fix the problem in the Unstable branch.  Is there something 
wrong with the current binary of the kdepim package in Unstable?

   Rebuilding the kdepim package requires kdelibs4-dev which cannot be 
installed due to dependency conflicts with libfam0 and libfam0c102.

   Also as previously reported, Kontact seems to run just fine and seems to 
contain all of the functionality that KMail had.
   I thank the users that mentioned it, as I now have a workaround while I am 
unable to run KMail.

- Chris

-- 

Chris Knadle
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#296503: vegastrike: Vegastrike 0.4.3-1 segfaults on startup

2005-03-03 Thread Christopher Knadle 
Hey, Mike.

On Thursday 03 March 2005 06:48 pm, you wrote:
 Christopher Knadle wrote:
 |Let me know what you would like me to test next.
 |Thanks.

 Sorry for the delay in getting back to you.

   No worries.  I know these things take time -- don't sweat it.
   Thank you for your assistance and for letting me help with the issue.

 I built a version of the 
 main binary with all the debugging symbols which I uploaded here:
 http://people.debian.org/~mfurr/vs/vegastrike.dbg.bz2
 I bzip'd it since it weighs in at a hefty 161Megs!

   Ahh, okay -- I understand the need to recompile.  Thanks for doing that.

 Please run it in gdb to get a backtrace:
 $ bzip2 -d vegastrike.dgb.bz2
 $ gdb ./vegastrike.gdb
 (gdb) run

The only thing I added other than the above was a 'chmod u+x' on 
vegastrike.gdb.


(gdb) run
Starting program: /home/sipper/Desktop/vegastrike.dbg
[Thread debugging using libthread_db enabled]
[New Thread -1226120512 (LWP 12374)]
Vega Strike
See http://www.gnu.org/copyleft/gpl.html for license details.

GOT SUBDIR ARG =
Found data in /usr/share/games/vegastrike
Using /usr/share/games/vegastrike as data directory
Using .vegastrike.4.x as the home directory
Found MODDIR = /usr/share/games/vegastrike/mods
USING HOMEDIR : /home/sipper/.vegastrike.4.x As the home directory
CONFIGFILE - No config found in 
home : /home/sipper/.vegastrike.4.x/vegastrike.config
CONFIGFILE - No home config file found, using datadir config 
file : /usr/share/games/vegastrike/vegastrike.config
DATADIR - No datadir specified in config file, 
using ; /usr/share/games/vegastrike
SIMULATION_ATOM: 0.06
MISSION_NAME is empty using : explore_universe.mission
running import sys
print sys.path
sys.path = 
[r/usr/share/games/vegastrike/modules/builtin/,r/usr/share/games/vegastrike/modules/,r/usr/share/games/vegastrike/bases/]
['/usr/lib/python23.zip', '/usr/lib/python2.3', 
'/usr/lib/python2.3/plat-linux2', '/usr/lib/python2.3/lib-tk', 
'/usr/lib/python2.3/lib-dynload', '/usr/local/lib/python2.3/site-packages', 
'/usr/lib/python2.3/site-packages', 
'/usr/lib/python2.3/site-packages/Numeric', 
'/usr/lib/python2.3/site-packages/PIL', 
'/usr/lib/python2.3/site-packages/gtk-2.0', 
'/usr/lib/python2.3/site-packages/wx-2.5.3-gtk2-unicode', 
'/usr/lib/site-python']
testing VS randomrunning import sys
print sys.path
['/usr/share/games/vegastrike/modules/builtin/', 
'/usr/share/games/vegastrike/modules/', '/usr/share/games/vegastrike/bases/']
[New Thread -1229141072 (LWP 12377)]
vegastrike.dbg: arch/linux/lin_dsp.c:567: native_blitbuffer: Assertion `0' 
failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread -1229141072 (LWP 12377)]
0xb79987ab in raise () from /lib/tls/libc.so.6

 ...
 SEGV
 (gdb) bt

(gdb) bt
#0  0xb79987ab in raise () from /lib/tls/libc.so.6
#1  0xb7999f12 in abort () from /lib/tls/libc.so.6
#2  0xb799226f in __assert_fail () from /lib/tls/libc.so.6
#3  0xb7cd1695 in native_blitbuffer () from /usr/lib/libopenal.so.0
#4  0xb7cd5d42 in _alcDeviceWrite () from /usr/lib/libopenal.so.0
#5  0xb7cbe146 in async_mixer_iterate () from /usr/lib/libopenal.so.0
#6  0xb7cd44ce in _alFloatMul () from /usr/lib/libopenal.so.0
#7  0xb7ed6b63 in start_thread () from /lib/tls/libpthread.so.0
#8  0xb7a47c4a in clone () from /lib/tls/libc.so.6




One additional note:
Although I'm fairly sure it doesn't matter I'm just letting you know that 
the output above is from the same machine now running a 2.6.11 kernel.  
[Slightly modified from the 2.6.10 I had been using, mostly to allow setting 
DMA mode for the DVD drive.]  As before the OpenGL programs still work.



   Thanks again, and I hope this helps.  This is interesting, I'm learning 
some things.  :-)

 - Chris

-- 

Chris Knadle
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#296503: vegastrike: Vegastrike 0.4.3-1 segfaults on startup

2005-02-26 Thread Christopher Knadle 
Hey, Mike.

On Wednesday 23 February 2005 04:18 pm, you wrote:
 Chris Knadle wrote:
  NOTE:  I was remiss in not submitting a bug report for the _previous_
  version of Vegastrike, which also segfaulted on startup on this system.

 Hmm...that's unfortunate. :-(

   Let's just say I'm kicking myself for not sending a bug report earlier.

   0.3.9 was (I think) working for me and the next upgrade broke.  [The
confusion I have abot this has to do with whether I switched from 2.4 to 2.6
kernels at that time, so I'm not sure if this issue is actually older than
even I think it is.  :-/]  I vaguely remember having a 2.4 kernel that would
work with Vega Strike, but the 2.6 kernel I was using wouldn't.  I have to
double-check that.
   I tried loading a stock kernel from the Debian tree this morning to try
 it, but the nvidia-kernel version for 2.4 doesn't currently have a
 corresponding 2.4 kernel version to go with it, so I'm going to have to
 build a 2.4 kernel this evening to see if that works.

 What kind of graphics card do you have?  Which drivers are you using
 with it?

   Actually, it's now happened with two different Nvidia graphics cards,
 since I recently switched it and still have the same issue.  [A GeForce 4 MX
 440 64MB, and now a GeForce FX 5200 256MB.]  I changed the video card only
 because the GeForce4 MX does not have a vertex shader and I wanted to try a
 game which needed it (in Windoze).
   The drivers I'm using are the Nvidia  drivers [GLX] from the Debian tree,
and building the nvidia-kernel-source drivers for my custom kernel the
Debian way.  [The main reason for this is that I've been running 2.6 kernels
and there aren't kernels built with Nvidia drivers in the Debian tree.  A
secondary reason is because I like building in ext3 and hardware resources
into the kernel to avoid having to use an initrd image for bootup.]

 Are you able to use other 3D applications?

   Lots of them.  Armagetron, DoomLegacy (OpenGL), Povray, Tuxracer, VariCAD,
Blender, all of the OpenGL screensavers, etc.  You name it.  If there's
something specific you'd like me to try to test, just ask.



Anyway --  I'm here to help.  If you'd like an 'strace', want to see my
X11 config, an 'lsmod'...  etc.  One way or another there should be a way of
figuring out what it is specifically that's giving me a reliable segfault.
Right now this has the appearance of being an issue with Vega Strike, but you
can never tell for sure until the actual root cause is found.

   I'm going to try building a 2.4 kernel with Nvidia drivers this evening
 for starters and see how that goes.  If there's another direction for
 testing that you suggest, please let me know.

 - Chris

--

Chris Knadle
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#296503: vegastrike: Vegastrike 0.4.3-1 segfaults on startup

2005-02-26 Thread Christopher Knadle 
Hey, Mike.

   Last night I made a 2.4.29 kernel and got it running with OpenGL, and I
 had exactly the same problem -- Vega Strike segfaulted in exactly the same
 place. So unfortunately I'm incorrect -- at least on my system this doesn't
 seem to be a 2.4 vs 2.6 issue.
   I'll send along the kernel configs should you want them.

   Let me know what you would like me to test next.
   Thanks.

 - Chris

-- 

Chris Knadle
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]