Bug#1054021: ITP: golang-github-ffuf-pencode -- Complex payload encoder for golang (library)

[Thiago Andrade Marques]

Package: wnpp
Severity: wishlist
Owner: Thiago Andrade Marques 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: golang-github-ffuf-pencode
  Version : 0.3
  Upstream Contact: Joona Hoikkala 
* URL : https://github.com/ffuf/pencode
* License : MIT
  Programming Lang: GO Lang
  Description : Complex payload encoder for golang (library)

Pencode is a tool that helps you to create payload encoding chains.
It has been designed to be used in automation wherever it is required
to apply multiple encodings to a payload.

This package is dependency of ffuf(2.1.0). I intend to maintain it in go-team.

Bug#991993: scanssh: New upstream release

[Thiago Andrade Marques]

Package: scanssh
Severity: wishlist

Dear Maintainer,

Please update the package to new upstream version 2.1.2. [1]

Regards,
Thiago Andrade

[1] https://github.com/ofalk/scanssh/tags

Bug#991838: O: gip -- IP calculator for GNOME desktop environment

[Thiago Andrade Marques]

Package: wnpp
Severity: normal
Control: affects -1 src:gip

I intend to orphan the gip package.

The package description is:
 Gip provides system administrators with tools for IP address based
 calculations. For example, an administrator who needs to find out which IP
 prefix length equals the IP netmask 255.255.240.0, just types in the mask
 and gets the prefix length presented. But many more advanced calculations
 can be made. Gip can convert an address range into a list of prefix lengths.
 It can also split subnets using a given IP netmask or IP prefix length.
 Many more calculations are possible.

Bug#949198: (no subject)

[Thiago Andrade Marques]

Subject: ITP: parsero -- Audit tool for robots.txt of a site
Package: wnpp
Owner: Thiago Andrade Marques 
Severity: wishlist

* Package name: parsero
  Version : 0.0+git20140929.e5b585a
  Upstream Author : Javier Nieto 
* URL : https://github.com/behindthefirewalls/Parsero/
* License : (GPL-2+
  Programming Lang: Python3
  Description : Audit tool for robots.txt of a site

Parsero reads the Robots.txt file of a web server and looks at the Disallow 
entries.
The Disallow entries tell the search engines what directories or files hosted 
on a
web server must not be indexed. For example, "Disallow: /portal/login" means 
that the
content on www.example.com/portal/login it's not allowed to be indexed by 
crawlers
like Google, Bing, Yahoo... This is the way the administrator have to not share
sensitive or private information with the search engines.

Bug#946907: stretch-pu: package unhide/20130526-1+deb9u1

[Thiago Andrade Marques]

Package: release.debian.org
Severity: important
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Team,

I would like to upload the debdiff available below to fix a segmentation fault 
in unhide.
The reason for this behaviour is that the application is exhausting its stack 
by allocation an integer array with maxpid elements.

This issue is already fixed in Sid. For details, please see #945864.

Best regards,

Thiago Andrade

-- System Information:
Debian Release: 10.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to 
C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
diff -Nru unhide-20130526/debian/changelog unhide-20130526/debian/changelog
--- unhide-20130526/debian/changelog2015-11-02 20:51:16.0 -0200
+++ unhide-20130526/debian/changelog2019-12-17 14:08:41.0 -0300
@@ -1,3 +1,12 @@
+unhide (20130526-1+deb9u1) stretch; urgency=medium
+
+  * Team Upload.
+  * debian/patch/allocate-pid-arrays-from-heap.patch: Added to fix a stack
+exhausting. Thanks to Bernhard Übelacker .
+(Closes: #945864)
+
+ -- Thiago Andrade Marques   Tue, 17 Dec 2019 14:08:41 
-0300
+
 unhide (20130526-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch 
unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch
--- unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch  
1969-12-31 21:00:00.0 -0300
+++ unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch  
2019-12-17 14:08:41.0 -0300
@@ -0,0 +1,40 @@
+Description: Allocate pid arrays from the stack
+
+Author: Bernhard Übelacker 
+Bug-Debian: https://bugs.debian.org/945864
+Forwarded: no
+Last-Update: 2019-12-03
+
+--- unhide-20130526.orig/unhide-linux-bruteforce.c
 unhide-20130526/unhide-linux-bruteforce.c
+@@ -64,14 +64,20 @@ void *funcionThread (void *parametro)
+ void brute(void) 
+ {
+int i=0;
+-   int allpids[maxpid] ;
+-   int allpids2[maxpid] ;
++   int* allpids;
++   int* allpids2;
+int x;
+int y;
+int z;
+ 
+msgln(unlog, 0, "[*]Starting scanning using brute force against PIDS with 
fork()\n") ;
+ 
++   allpids = malloc(sizeof(int)*maxpid) ;
++   allpids2 = malloc(sizeof(int)*maxpid) ;
++   if (!allpids || !allpids2) {
++  die(unlog, "Error: Cannot allocate pid arrays ! Exiting.");
++   }
++
+// PID under 301 are reserved for kernel
+for(x=0; x < 301; x++) 
+{
+@@ -214,4 +220,7 @@ void brute(void)
+  }
+   }
+}
++
++   free(allpids);
++   free(allpids2);
+ }
diff -Nru unhide-20130526/debian/patches/series 
unhide-20130526/debian/patches/series
--- unhide-20130526/debian/patches/series   2015-10-24 16:48:13.0 
-0200
+++ unhide-20130526/debian/patches/series   2019-12-17 14:08:41.0 
-0300
@@ -1 +1,2 @@
 fix-man
+allocate-pid-arrays-from-heap.patch

Bug#946901: buster-pu: package unhide/20130526-3+deb10u1

[Thiago Andrade Marques]

Package: release.debian.org
Severity: important
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Team,

I would like to upload the debdiff available below to fix a segmentation fault 
in unhide.
The reason for this behaviour is that the application is exhausting its stack 
by allocation an integer array with maxpid elements.

This issue is already fixed in Sid. For details, please see #945864.

Best regards,

Thiago Andrade

-- System Information:
Debian Release: 10.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to 
C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
diff -Nru unhide-20130526/debian/changelog unhide-20130526/debian/changelog
--- unhide-20130526/debian/changelog2018-12-15 14:01:03.0 -0200
+++ unhide-20130526/debian/changelog2019-12-17 09:08:39.0 -0300
@@ -1,3 +1,12 @@
+unhide (20130526-3+deb10u1) buster; urgency=medium
+
+  * Team Upload.
+  * debian/patch/allocate-pid-arrays-from-heap.patch: Added to fix a stack
+exhausting. Thanks to Bernhard Übelacker .
+(Closes: #945864)
+
+ -- Thiago Andrade Marques   Tue, 17 Dec 2019 09:08:39 
-0300
+
 unhide (20130526-3) unstable; urgency=medium
 
   * Team upload.
diff -Nru unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch 
unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch
--- unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch  
1969-12-31 21:00:00.0 -0300
+++ unhide-20130526/debian/patches/allocate-pid-arrays-from-heap.patch  
2019-12-17 09:08:39.0 -0300
@@ -0,0 +1,40 @@
+Description: Allocate pid arrays from the stack
+
+Author: Bernhard Übelacker 
+Bug-Debian: https://bugs.debian.org/945864
+Forwarded: no
+Last-Update: 2019-12-03
+
+--- unhide-20130526.orig/unhide-linux-bruteforce.c
 unhide-20130526/unhide-linux-bruteforce.c
+@@ -64,14 +64,20 @@ void *funcionThread (void *parametro)
+ void brute(void) 
+ {
+int i=0;
+-   int allpids[maxpid] ;
+-   int allpids2[maxpid] ;
++   int* allpids;
++   int* allpids2;
+int x;
+int y;
+int z;
+ 
+msgln(unlog, 0, "[*]Starting scanning using brute force against PIDS with 
fork()\n") ;
+ 
++   allpids = malloc(sizeof(int)*maxpid) ;
++   allpids2 = malloc(sizeof(int)*maxpid) ;
++   if (!allpids || !allpids2) {
++  die(unlog, "Error: Cannot allocate pid arrays ! Exiting.");
++   }
++
+// PID under 301 are reserved for kernel
+for(x=0; x < 301; x++) 
+{
+@@ -214,4 +220,7 @@ void brute(void)
+  }
+   }
+}
++
++   free(allpids);
++   free(allpids2);
+ }
diff -Nru unhide-20130526/debian/patches/series 
unhide-20130526/debian/patches/series
--- unhide-20130526/debian/patches/series   2018-12-15 13:57:25.0 
-0200
+++ unhide-20130526/debian/patches/series   2019-12-17 09:08:39.0 
-0300
@@ -1 +1,2 @@
 fix-man
+allocate-pid-arrays-from-heap.patch

Bug#945298: O: fet -- timetable generator

[Thiago Andrade Marques]

Package: wnpp
Severity: normal

I intend to orphan the fet package.
The upstream is active, but the program takes a long time to build on my pc.

The package description is:
 FET is a program for automatically generating the timetable
 of a school, high-school or university.
 .
 Usually, FET is able to solve a complicated timetable in maximum 5-20 minutes.
 For simpler timetables, it may take a shorter time, under 5 minutes (in some
 cases, a matter of seconds). For extremely difficult timetables, it may take
 a longer time, a matter of hours.

Bug#942422: ITP: dothost -- dothost is a DNS lookup utility, which produces output in Graphviz format.

[Thiago Andrade Marques]

Package: wnpp
Severity: wishlist
Owner: Thiago Andrade Marques 

* Package name: dothost
  Version : 0.2
  Upstream Author : Jakub Wilk 
* URL : http://jwilk.net/software/dothost
* License : MIT
  Programming Lang: Python
  Description : dothost is a DNS lookup utility, which produces output in 
Graphviz format.

dothost is a DNS lookup utility, which produces output in Graphviz format.

Why is this package useful/relevant?
 This package provides a quick search of dns lookups and produce output in 
graphviz format as below:


┌───┐
│   
│
│   
│
  
┌─┼──┐  
  │
  │ ∨  
∨│
┏┓ ┌┐ ┌┐ 
┌───┐  │
┃ www.debian.org ┃ ──> │ 200.17.202.197 │ ──> │ debiansec.c3sl.ufpr.br │ ──> │ 
2801:82:80ff:8009:e61f:13ff:fe63:8e88 │ ─┘
┗┛ └┘ └┘ 
└───┘
 ∧  │
 └──┘

Bug#942158: rdate: packaging needs a new licensing

[Thiago Andrade Marques]

Package: rdate
Severity: normal

Hi all,

To support packaging interaction with upstream (BSD-4-Clause),
Rdate needs licensing to be changed from 'GPL-2+' to 'BSD-3-Clause'.


I am opening this bug with a CC to all previous Rdate maintainers in Debian to
ask if someone has any objection to change the licensing in Debian packaging
(to 'BSD-3-Clause'). In my opinion, this is the best option to interact
with the upstream.

I will wait 10 days to know if anyone has any objection.

Thanks!

Regards,

Thiago Andrade

Bug#919634: IP address blocked by wiki

[Thiago Andrade Marques]

Package: wiki.debian.org
Followup-For: Bug #919634

Dear Maintainer,

My ip 177.8.84.3 is locked to the Debian Wiki.
Forbiden 403

Would it be possible to unlock it?

Regards.

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#932390: ITA: rdate -- sets the system's date from a remote host

[Thiago Andrade Marques]

Package: rdate
Severity: normal

Package: wnpp
Severity: normal

I intend to adopt rdate as my first package in debian.

Thanks.