Bug#322869: fprobe: allocates all available memory
On Thu, 2005-10-06 at 02:50 +0300, Radu Spineanu wrote: > Steve Langasek wrote: > > In that case, could fprobe be turned into a dummy package that depends > > on fprobe-ng, or are there incompatibilties that make an automatic > > upgrade inappropriate? > Would it be ok if when doing the transition i would upload fprobe-ng as > fprobe and then ask ftpmasters to remove fprobe-ng from the archive ? Any news on this front? -- David Moreno Garza <[EMAIL PROTECTED]> | http://www.damog.net/ <[EMAIL PROTECTED]> | GPG: C671257D Si no vuelves por que no quieres, si no por que no tienes pa'l pasaje. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#322869: fprobe: allocates all available memory
On Thu, Oct 06, 2005 at 02:50:46AM +0300, Radu Spineanu wrote: > Steve Langasek wrote: > > In that case, could fprobe be turned into a dummy package that depends > > on fprobe-ng, or are there incompatibilties that make an automatic > > upgrade inappropriate? > Would it be ok if when doing the transition i would upload fprobe-ng as > fprobe and then ask ftpmasters to remove fprobe-ng from the archive ? If you mean source package names, yes, that's fine. If you mean binary package names, it would be helpful if both package names were kept around (one as a dummy package -- doesn't matter which one) to help make upgrades from sarge to etch smoother. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#322869: fprobe: allocates all available memory
Steve Langasek wrote: > In that case, could fprobe be turned into a dummy package that depends > on fprobe-ng, or are there incompatibilties that make an automatic > upgrade inappropriate? > Would it be ok if when doing the transition i would upload fprobe-ng as fprobe and then ask ftpmasters to remove fprobe-ng from the archive ? Radu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#322869: fprobe: allocates all available memory
Steve Langasek wrote: > > In that case, could fprobe be turned into a dummy package that depends > on fprobe-ng, or are there incompatibilties that make an automatic > upgrade inappropriate? > I don't see it being a problem. The old fprobe didn't have an init script or configuration file when i adopted it. fprobe-ng configures itself on installation and creates a file in /etc/default. On an upgrade fprobe would be uninstalled and the user prompted with the initial questions for fprobe-ng. There is a theoretical vuln in fprobe-ng that was reported by Florian Weimer[1]. I sent an email to upstream about this, he said it's highly unlikely it could be used in DoS. "Hmm. I've fixed this issue in 1.1. Each time fprobe start it use random CRC16 polynomial and random special 'shuffle' table, thus DoS attack is something purely hypothetical: intruder must know all random parameters (total 258 bytes- ~1077 variants) to success the DoS." However i asked him if he is still willing to fix this anyway by using Florian Weimer's suggestions. I am waiting for his reply. Thanks, Radu [1] #322699 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#322869: fprobe: allocates all available memory
Hi Radu, > Also i would suggest you use fprobe-ng. The last version of fprobe was > released in March of 2003, and from then upstream seemed reluctant to > fix whatever bugs i found. In that case, could fprobe be turned into a dummy package that depends on fprobe-ng, or are there incompatibilties that make an automatic upgrade inappropriate? Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#322869: fprobe: allocates all available memory
Hello Florian Weimer wrote: > Upon start, fprobe allocates all available memory and is killed by the > OOM handler. (This happens with very light network traffic.) > I can't seem to reproduce this. Could you give me some more information? How you ran fprobe, under what traffic circumstances etc. Also i would suggest you use fprobe-ng. The last version of fprobe was released in March of 2003, and from then upstream seemed reluctant to fix whatever bugs i found. On long term i would like to remove this package from main. Thanks, Radu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#322869: fprobe: allocates all available memory
Package: fprobe Version: 0.4-4 Severity: grave Justification: renders package unusable Upon start, fprobe allocates all available memory and is killed by the OOM handler. (This happens with very light network traffic.) -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (800, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13-rc6fw Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]