Re: ckrootkit - issues with patch number 27 (was Re: Offering to help - chkrootkit and rkhunter)
Hello Richard, I merged your (big) request and credited you in d/copyright. Many thanks for this great contribution! As you say that you are still working on some pending errors, I didn't upload a new package for now. Greetings, Marcos
Re: ckrootkit - issues with patch number 27 (was Re: Offering to help - chkrootkit and rkhunter)
Hi richard I will try to review it this week. You seem to have worked a lot! Greetings. arcos El jue, 28-10-2021 a las 20:51 +0100, RL escribió: > Marcos Fouces > writes: > > > Upstream was agree to do a deeper review of all patches in the > > package > > and include them (or not) in the next release. > > > > This is fantastic, I've been looking through bugs and what started as a > simple "allow the cron job to run under ionice" grew a bit - I decided > i > should add some autopkgtests and that led to spotting quite a few > things, some of which were already in the bug list and some were not > (but could be - i wasnt sure it was worth reporting, but i can do.) > > I've submitted a merge-request that fixes about 8 of the 16 bugs > reported. Unfortunately i needed to add a few more patches (but only to > fix things) > > The tests works for me when i build the package with gbp and sbuild, > however > * the salsa the ci system tries to run the autopkgtests but it hangs > running the chkrootkit binary. If i read the logs right, salsa is using > lxc and > bug #872379 does say chkrootkit hangs inside lxc. > > I will investigate but lxc but I thought i would submit the merge > request before expanding it further! > > Let me know what you think. > > Richard > > > Greetings, > > Marcos > > > > > > El dom, 03-10-2021 a las 01:18 +0100, RL escribió: > > > Marcos Fouces writes: > > > > > > > Hello Richard, > > > > > > > > i merged your requests for chkrootkit. > > > > > > > > IMHO, the best way to start contributing is exactly what you did! > > > > (Merge requests) > > > > > > Thanks, this is good news :). > > > > > > I started looking at the code and bugs, but got side-tracked: It > > > seems > > > to me that patch 27 (from july 2020) in debian/patches is > > > problematic. I > > > was not able to understand most of what patch 27 is trying to do, > > > but > > > it > > > seems to me that: > > > > > > 1. Patch 27 is re-introducing an "interesting feature" where > > > chkproc > > > (a C programme run by chkrootkit) sends kill signals to pid 1 > > > and 12345 see if they might be rootkits (!). These are in the > > > upsteam code, but in 2008 debian's patch #5 commented out that > > > code > > > to > > > fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457828 > > > > > > Patch 27 has apparently reversed this fix and the debian version > > > of > > > chkproc.c (after all debian's patching) includes the kill signals > > > again. (i think they occur less often than before, so maybe the > > > new > > > bug is less 'critical') > > > > > > 2. Patch 27 is also the sole cause of the "OooPS" messages reported > > > in > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982998 > > > > > > These come from MAX_PROCESSES in chkproc.c being too low. > > > upstream > > > has > > > set MAX_PROCESSES to > 4 million since 2014, but patch 27 > > > apparently > > > reset it back to 9. > > > > > > I think someone more knowledgable in C than me should look at this > > > patch > > > and see whether it is valid or not. > > > >
Re: ckrootkit - issues with patch number 27 (was Re: Offering to help - chkrootkit and rkhunter)
Hello Richard, the patch you mention was modified by the same author that send patches [28...51] to me. I also believed that a better review was needed so i forwarded all of them to original author. Upstream was agree to do a deeper review of all patches in the package and include them (or not) in the next release. Greetings, Marcos El dom, 03-10-2021 a las 01:18 +0100, RL escribió: > Marcos Fouces writes: > > > Hello Richard, > > > > i merged your requests for chkrootkit. > > > > IMHO, the best way to start contributing is exactly what you did! > > (Merge requests) > > Thanks, this is good news :). > > I started looking at the code and bugs, but got side-tracked: It > seems > to me that patch 27 (from july 2020) in debian/patches is > problematic. I > was not able to understand most of what patch 27 is trying to do, but > it > seems to me that: > > 1. Patch 27 is re-introducing an "interesting feature" where chkproc > (a C programme run by chkrootkit) sends kill signals to pid 1 > and 12345 see if they might be rootkits (!). These are in the > upsteam code, but in 2008 debian's patch #5 commented out that code > to > fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457828 > > Patch 27 has apparently reversed this fix and the debian version of > chkproc.c (after all debian's patching) includes the kill signals > again. (i think they occur less often than before, so maybe the new > bug is less 'critical') > > 2. Patch 27 is also the sole cause of the "OooPS" messages reported > in > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982998 > > These come from MAX_PROCESSES in chkproc.c being too low. upstream > has > set MAX_PROCESSES to > 4 million since 2014, but patch 27 > apparently > reset it back to 9. > > I think someone more knowledgable in C than me should look at this > patch > and see whether it is valid or not. >
Re: Offering to help - chkrootkit and rkhunter
Hello Richard, i merged your requests for chkrootkit. IMHO, the best way to start contributing is exactly what you did! (Merge requests) After some more contributions you should request write access to some of the pkg-security team's repo. Thanks! Marcos El vie, 01-10-2021 a las 13:54 +0100, RL escribió: > Hi, > > What is the best way to help contribute to chkrootkit and rkhunter? > > I've submitted some merge requests > - > https://salsa.debian.org/pkg-security-team/rkhunter/-/merge_requests/7 > - > https://salsa.debian.org/pkg-security-team/chkrootkit/-/merge_requests/5 > - > https://salsa.debian.org/pkg-security-team/chkrootkit/-/merge_requests/6 > > each of which fixes a bug in the BTS - see the links for details. > > Can i request someone review and apply these? (i'm sure there is a > high > change i am doing something wrong somewhere so please let me know how > if > so and i will amend) > > Thanks for considering (if these can get fixed i can help on other > bugs > in these packages, assuming that is helpful) >
Re: Bug#964399: Should ganglia be removed?
Hi Moritz! Yes, i uploaded it to salsa.d.o and i am waiting for Frontdesk aproval to become DD (that should happens in a few days) in order to upload it myself instead of asking for sponsorship. Its new home is here: https://salsa.debian.org/debian/ganglia. Thanks, Marcos El vie, 11-09-2020 a las 21:04 +0200, Moritz Mühlenhoff escribió: > Are you still interested in adopting ganglia? Otherwise I'll file an > RM bug soon. > > Cheers, > Moritz >
Re: DD Ping - New ncrack package
Hello Samuel, thanks for the quick reply! I tested the package with this patch and it performs well as far as i can tell. I also tested it with your suggestion (appending -fcommon CFLAG) and it also builds and seems to work properly. Meanwhile upstream does not adopt a solution, i would prefer to stick with this hack as the use of -fcommon flag seems to be discouraged at least by Gentoo distro devs [1] Greetings, Marcos [1] https://wiki.gentoo.org/wiki/Gcc_10_porting_notes/fno_common El jue, 06-08-2020 a las 19:04 +0100, Samuel Henrique escribió: > Hello Marcos, > > Hmm, I'm kinda wary of the patch you picked[0], it has not been > reviewed by upstream yet and it's removing the variable definition > instead of making use of a declaration with "external" on the other > instance, that's also not what Arch is doing[1] (submitter mentions > that they found the issue on Arch). > > Are you confident that this fix won't introduce any issues and have > you considered instead to fix it by making use of the "-fcommon" > CFLAG[2]? > > [0] https://github.com/nmap/ncrack/pull/83 > [1] > https://github.com/archlinux/svntogit-community/tree/packages/ncrack/trunk > [2] https://gcc.gnu.org/gcc-10/porting_to.html#common > > Thanks, > > > -- > Samuel Henrique
DD Ping - New ncrack package
Hi team! I prepared a new release of ncrack [1]. It fixes build with gcc-10. Please, review and upload. Thanks. Marcos. [1] https://salsa.debian.org/pkg-security-team/ncrack
Re: Bug#964399: Should ganglia be removed?
Hello Moritz I did some work time ago on ganglia [1] but i never get this work published due to unactive/unresponsive uploaders. I also done some work on ganglia-web and ganglia-linux-modules packages (also unpublished). I believe that it is still a good piece of software that deserve its place on Debian so i would like to step up as uploader (co-uploaders welcome!) if needed. I also would like to maintain it under pkg-security team umbrella. Please, let me know your thoughs. Greetings, Marcos [1] https://salsa.debian.org/mfouces-guest/ganglia El lun, 06-07-2020 a las 20:12 +0200, Moritz Muehlenhoff escribió: > Source: ganglia > Severity: serious > > Should ganglia be removed? It's dead upstream (last commits from over > three years ago, > last release from 2015), is now orphaned (last active maintainer is > no longer a DD, but > wasn't very actively maintained to begin with, the current packaged > version is from 2013), > most of the plugins depend on Python 2, there's unfixed security > issues dating back to > 2013 and doesn't even support ipv6 (730257). > > Unless anyone steps up for maintenance (and partly becomes upstream), > it should better > be removed. > > Cheers, > Moritz >
Re: DD Ping - New release for nmapsi4
Thanks! Marcos El sáb, 16-05-2020 a las 23:21 +0100, Samuel Henrique escribió: > Hello Marcos, > > dcut ftp-master dm --uid "marcos.fou...@gmail.com" --allow nmapsi4 > Uploading commands file to ftp.upload.debian.org (incoming: > /pub/UploadQueue/) > Picking DM Marcos Fouces with fingerprint > 7CB8AFFD56032FE35A347D2E6ACCBD0FA3B7447C > Uploading samueloph-1589667616.dak-commands to ftp-master > > Guess you can do this one yourself now, happy uploading :) > > Regards, >
DD Ping - New release for nmapsi4
Hello I packaged a new release of nmpasi4 with a new upstream release and some housekeeping. Please consider review and sponsor. BTW, it should be good to give me upload rights on the package. Thanks, Marcos.
Re: Granting janitor bot direct commit rights ?
Fine for me. Greetings, Marcos. El mar, 28-04-2020 a las 15:38 +0200, Raphael Hertzog escribió: > Hello, > > I have been approving more and more merge requests of the janitor > bot[1] > and I read recently that it's possible to grant commit rights to the > bot > so that I don't have to approve them manually. > > [1] example: > https://salsa.debian.org/pkg-security-team/ccrypt/-/merge_requests/1 > > While I didn't like this idea at the start, it's true that the > changes > proposed are rather unintrusive and they are well tested, the bot > ensures > that the package still builds and that there are no meaningful > differences > between both builds (with and without the patch). > > Thus I'm really tempted to grant commit rights. > > What do you think? > > Cheers, > > PS: salsa is currently down due to some hardware issue so the link > doesn't > work right now
Re: Maintaing proxytunnel through the team
> > If you add some more commits, you can add them as patches in > > d/patches > > and refer it in d/changelog. > > Or just release a new version? Or do you mean cherry-picking later > commits? > Yes, you can cherry-pick all the commits you want and add them to d/patches. I am thinking about forks on Github that could also contains interestings commits. This kind of situation would be near to imposible to reflect this way. Greetings, Marcos
Re: Maintaing proxytunnel through the team
Hi Julian and Samuel I found that there is 1493 binary packages that use the "git" string in the release number. There is some exotic variations (like this one 0.0~GOTK3~0~2~0+git20170418.0.96d4110-3) I believe that ".1." refered by Samuel could be considered as a kind of an epoch. This is useful because the characters of the commit cannot be used to sort releases. IMHO, there is no strong need to insert the date, some characters of commit id, a custom epoch... Using "git+date" should be enough in most cases. If you add some more commits, you can add them as patches in d/patches and refer it in d/changelog. Greetings, Marcos. El mié, 22-04-2020 a las 09:33 +0100, Julian Gilbey escribió: > On Wed, Apr 22, 2020 at 01:34:32AM +0100, Samuel Henrique wrote: > > Hello Sven, > > > > I believe the package is a fit for our team yes. > > > > The repository is created at > > https://salsa.debian.org/pkg-security-team/proxytunnel > > But before the push I'd like to ask you about the latest upstream > > release imported: 1.9.1+git20200123.1.eff4d41 > > > > What's up with the "1.eff4d41" part? I didn't investigate but I > > assume > > the last one is part of the git commit hash, but I don't know about > > the ".1.". > > I feel like I'm missing something, generally I prefer to use only a > > date for tarballs coming from git snapshots, and I believe they are > > more clean, though I recognize it's not as precise as having the > > commit id. > > Hello Samuel, > > There is no particular consensus for git-based version numbers. > > egrep 'Package:|Version:' /var/lib/apt/lists/ > ftp.uk.debian.org_debian_dists_testing_main_binary-amd64_Packages | > grep -B 1 '+git' | less > > shows a wide variety. But it is very common to include the first 7 > characters of the commit id. > > Best wishes, > >Julian >
Fix pending in Git repo
tags 953234 pending thanks Hello An updated release is on salsa.d.o repo: https://salsa.debian.org/pkg-security-team/recon-ng Just needs a sponsor review. Greetings, Marcos.
Re: Review of fierce
El dom, 12-04-2020 a las 20:45 -0300, Eriberto escribió: > > > > It is important to note that the current package is a complete > > rewrite. > > The original source is Perl code while this one is written in > > Python > > Please, add a Comment field to help the FTP-Masters and to guide > other > packagers in the future. Done. > > > > > - Please, use the texts from > > > /usr/share/debhelper/dh_make/licenses > > > for > > > license texts. Currently, neither Debian nor FSF uses street > > > addresses[2]. > > > > > > [2] https://www.gnu.org/licenses/gpl-3.0.en.html > > > > > > - In GPL-3 the text must be changed to remove the reference for > > > "later version". > > > > > > - Only to remember, the GPL-3 license text is pointing to GPL-2. > > > > Done. > > Not ready. ;-) > > - The GPL-3 text remains saying about "any later version" but the > license is not GPL-3+. > - The GPL-2+ text was not updated yet, I updated both texts from debhelper template and fixed the statement about "any later version" to fit with GPL-3. > > > - (optional) Is a good idea put the license texts after all > > > blocks to > > > make easier the conference of data. It is good for sponsors and > > > FTP-Masters. > > > > I believe that is already done. > > What I really meant was put the full license texts (for GPL-3 and > GPL2+) after the end of the block "Files: debian/*". It is to make > easier the view. Also, please, put the copyright years/names for > "Files: *" in chronological order, aligning the names vertically. > Please see an example here[10]. Ok, now i get the point. Done. > > Thank you. > > Eriberto Thanks again for your time and advice! Greetings, Marcos
Re: Review of fierce
El dom, 12-04-2020 a las 01:13 -0300, Eriberto Mota escribió: > Hi Marcos, > > I will review fierce now. I will use the package currently in Salsa. > > 1. debian/control: > > - The package should use the Section "net", not "utils". Please, see > here[1]. > > [1] https://packages.debian.org/unstable/ IMHO, this package also fits in "utils" section. Anyway, it is changed now. > > - The Build-Depends line is very long. Please, run wrap-and-sort > command in upstream place or break the lines by hand. Done. > > - (optional): I suggest put a point before the paragraph starting > with > "Because it uses" to create two distincts paragraphs. Done. > > > 2. debian/copyright > > - Where I can find the year 2007 for RSnake? It is in the original upstream release. This author don't maintain this tool, but you can see this date on some forks like this: * https://raw.githubusercontent.com/davidpepper/fierce-domain-scanner/master/fierce.pl Also in the Kali repo: * https://gitlab.com/kalilinux/packages/fierce/-/blob/kali/master/fierce.pl It is important to note that the current package is a complete rewrite. The original source is Perl code while this one is written in Python > > - Please, use the texts from /usr/share/debhelper/dh_make/licenses > for > license texts. Currently, neither Debian nor FSF uses street > addresses[2]. > > [2] https://www.gnu.org/licenses/gpl-3.0.en.html > > - In GPL-3 the text must be changed to remove the reference for > "later version". > > - Only to remember, the GPL-3 license text is pointing to GPL-2. Done. > > - (optional) Is a good idea put the license texts after all blocks to > make easier the conference of data. It is good for sponsors and > FTP-Masters. I believe that is already done. > > 3. debian/fierce.1 > > - (optional) Is a common practice in Debian put a section AUTHORS > saying the manpage can be used by others. Please, see here an > example[3]. > > [3] > https://salsa.debian.org/pkg-security-team/chaosreader/-/blob/debian/master/debian/manpage/chaosreader.1 > I did it with another tools i maintain but i decided not to do it anymore. I just formated a bit the "--help" output and i believe that this is not deserve this credit. Maybe if i write a good manpage. > > 4. The package doesn't build twice. I can see: > > dpkg-source: info: local changes detected, the modified files are: > fierce/fierce.egg-info/PKG-INFO > fierce/fierce.egg-info/SOURCES.txt > fierce/fierce.egg-info/dependency_links.txt > fierce/fierce.egg-info/entry_points.txt > fierce/fierce.egg-info/requires.txt > fierce/fierce.egg-info/top_level.txt > > Please, create a debian/clean file with the following content: > > fierce.egg-info/* Done. I added it in d/rules instead. > > > 5. (optional) Is a good idea include a basic CI test > (debian/tests/control). I can help you, if needed / if you want a > test. I need some time to write it. I prefer to do it for next release. > 6. The README.md file has several interesting examples of use. Can > you > add this file to the package or transcript the examples to manpage? Done. I transcripted the examples to manpage as README file contains no more useful info. > > Thanks a lot for your work! Thanks for your time and advice! > > Cheers, > > Eriberto
Re: Gitlab refuses my commits- Bug#956153: ITP: fierce -- Domain DNS scanner
Hello Eriberto I fixed it, but salsa.d.o still refuse to accept my commits: remote: GitLab: You are not allowed to push code to protected branches on this project. To salsa.debian.org:pkg-security-team/fierce.git ! [remote rejected] debian/master -> debian/master (pre-receive hook declined) Greetings, Marcos El mié, 08-04-2020 a las 19:23 -0300, Eriberto escribió: > I can review it tomorrow. However, the GPL-3 text is wrong (pointing > to GPL 2). Please, use this text: > /usr/share/debhelper/dh_make/licenses/gpl3 > > Cheers, > > Eriberto > > Em qua., 8 de abr. de 2020 às 19:05, Marcos Fouces > escreveu: > > Hi > > > > It is OK, now. Just need a sponsor :-) > > > > Thanks, > > Marcos. > > > > El mié, 08-04-2020 a las 17:56 -0300, Eriberto escribió: > > > Em qua., 8 de abr. de 2020 às 17:33, Marcos Fouces > > > escreveu: > > > > Hello Eriberto > > > > > > > > Thanks for your help. Right now i am obtaining the following > > > > error. > > > > Also this is the content o the remotes: > > > > > > > > 22:21:48 - marcos@debian:~/Debian/Packages/fierce$ git remote > > > > -v > > > > origin g...@salsa.debian.org:pkg-security-team/fierce.git > > > > (fetch) > > > > origin g...@salsa.debian.org:pkg-security-team/fierce.git > > > > (push) > > > > > > > > 22:22:10 - marcos@debian:~/Debian/Packages/fierce$ git push -- > > > > all > > > > kex_exchange_identification: Connection closed by remote host > > > > fatal: No se pudo leer del repositorio remoto. > > > > > > > > Por favor asegúrate que tienes los permisos de acceso correctos > > > > y que el repositorio existe. > > > > > > > > > > > > I attached the repo i just created. > > > > > > > > Greetings, > > > > Marcos. > > > > > > I got the same messages. So, I did: > > > > > > git remote rename origin old-origin > > > git remote add origin g...@salsa.debian.org:pkg-security- > > > team/fierce.git > > > > > > I just sent the repo to Salsa. Go ahead! > > > > > > Cheers, > > > > > > Eriberto
Re: DD-Ping - Bug#956153: ITP: fierce -- Domain DNS scanner
Hi It is OK, now. Just need a sponsor :-) Thanks, Marcos. El mié, 08-04-2020 a las 17:56 -0300, Eriberto escribió: > Em qua., 8 de abr. de 2020 às 17:33, Marcos Fouces > escreveu: > > Hello Eriberto > > > > Thanks for your help. Right now i am obtaining the following error. > > Also this is the content o the remotes: > > > > 22:21:48 - marcos@debian:~/Debian/Packages/fierce$ git remote -v > > origin g...@salsa.debian.org:pkg-security-team/fierce.git (fetch) > > origin g...@salsa.debian.org:pkg-security-team/fierce.git (push) > > > > 22:22:10 - marcos@debian:~/Debian/Packages/fierce$ git push --all > > kex_exchange_identification: Connection closed by remote host > > fatal: No se pudo leer del repositorio remoto. > > > > Por favor asegúrate que tienes los permisos de acceso correctos > > y que el repositorio existe. > > > > > > I attached the repo i just created. > > > > Greetings, > > Marcos. > > I got the same messages. So, I did: > > git remote rename origin old-origin > git remote add origin g...@salsa.debian.org:pkg-security- > team/fierce.git > > I just sent the repo to Salsa. Go ahead! > > Cheers, > > Eriberto
Re: Bug#956153: ITP: fierce -- Domain DNS scanner
Hi Eriberto Thanks for the answer but the error persist with your recipe. Greetings, Marcos El mar, 07-04-2020 a las 22:20 -0300, Eriberto escribió: > Hi Marcos, > > Em ter., 7 de abr. de 2020 às 18:25, Marcos Fouces > escreveu: > > Hi Team! > > > > I just created a repo [0] to upload this package but someone else > > should create the default branch before i can do this. > > Not needed. You can do: > > gbp import-dsc your-package.dsc > cd your-package > git remote add origin g...@salsa.debian.org:pkg-security- > team/fierce.git > git push -u origin --all > git push -u origin --tags > > Cheers, > > Eriberto
Fwd: Bug#956153: ITP: fierce -- Domain DNS scanner
Hi Team! I just created a repo [0] to upload this package but someone else should create the default branch before i can do this. [0] https://salsa.debian.org/pkg-security-team/fierce BTW: it is not exactly the same fierce package that is present in Kali but a a conversion to Python 3 to simplify and modernize the codebase. Greetings, Marcos --- Begin Message --- Package: wnpp Severity: wishlist Owner: Marcos Fouces * Package name: fierce Version : 1.4.0 Upstream Author : Mschwager <https://github.com/mschwager/> * URL : https://github.com/mschwager/fierce * License : GPL Programming Lang: Python Description : Domain DNS scanner Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware. Originally written by RSnake along with others at http://ha.ckers.org/. This is simply a conversion to Python 3 to simplify and modernize the codebase. --- End Message ---
Re: bbqsql: Python2 removal in sid/bullseye
Hello Moritz I believe that bbqsql could be removed. It has a very low popcon and i didn't see any repo on Github taking over from Neophasis. Greetings, Marcos. El jue, 26-03-2020 a las 23:05 +0100, Moritz Mühlenhoff escribió: > On Fri, Aug 30, 2019 at 07:11:19AM +, Matthias Klose wrote: > > Package: src:bbqsql > > Version: 1.1-4 > > Severity: normal > > Tags: sid bullseye > > User: debian-pyt...@lists.debian.org > > Usertags: py2removal > > > > Python2 becomes end-of-live upstream, and Debian aims to remove > > Python2 from the distribution, as discussed in > > https://lists.debian.org/debian-python/2019/07/msg00080.html > > > > Your package either build-depends, depends on Python2, or uses > > Python2 > > in the autopkg tests. Please stop using Python2, and fix this > > issue > > by one of the following actions. > > Hi Marcos, > bbqsql seems dead upstream, development mostly stopped in 2013 and > the > author mentions in https://github.com/Neohapsis/bbqsql/pull/61 "he > no > longer works for the company". > > Are you planning to port it to Python 3 yourself or should it be > removed? > > Cheers, > Moritz
Re: pyrit: Python2 removal in sid/bullseye
Hi Sandro My work was unsuccessful. With this patch, the package FTBFS and i am not in a position to fix this problem. Keep in mind that patch submiter highlights the need for more testing but nobody else steps forward for two months, even upstream developer. I am afraid that i cannot provide a Python3 pyrit in a timely manner. Greetings, Marcos. El jue, 26-03-2020 a las 23:55 -0400, Sandro Tosi escribió: > Hey Marcos, > > On Thu, Mar 19, 2020 at 7:33 AM Marcos Fouces < > marcos.fou...@gmail.com> wrote: > > Hello Sandro > > > > Upstream seems a bit stalled but there is a patch (by Kimocoder > > from > > aircrack project) to migrate it. You can see it here: > > > > https://github.com/JPaulMora/Pyrit/pull/593 > > > > As i have some time these days,i will try to test it a see if it is > > a > > valid approach. > > i wanted to check in to see how your tests are going: do you have > already a python3 pyrit? if not, how mich longer do you think it > would > take you? > > Cheers,
New release fixing RC bug in recon-ng - DD Ping
Hello I fixed an RC bug with the autopkgtest in recon-ng [0]. I tested it in an LXR container with current testing release and it worked properly. Please, review and upload, or give some feedback. Greetings, Marcos [0] https://salsa.debian.org/pkg-security-team/recon-ng
Attempt to migrate pyrit to Python3
Hi, I tried to use a patch from kimocoder to migrate Pyrit to Python3 but the result was unsucesfull as the package FTBFS. I created a separate branch (Python3Migration) in order to work on that [0]. Upstream stated that is rewriting pyrit from scratch but he still didn't react to this pull request [0] [0] https://github.com/JPaulMora/Pyrit/pull/593 Greetings, Marcos
Re: DD ping
Hello Sz Lin Oops! I didn't aware of this serious licencing bug. Apart of that, upstream developer of websploit (0x0ptim0us-guest) is a also a member of our team and would start commiting soon. He is aware of the patch. Thanks for your review! Greetings, Marcos. El dom, 22-03-2020 a las 22:52 +0800, SZ Lin (林上智) escribió: > Hi Marcos, > > Marcos Fouces 於 2020年3月19日 週四 上午1:34寫道: > > Hello > > > > I updated snoopy in order to fix a bug (and other minor > > housekeeping). > > > > Could you please, check and upload. > > Thanks for your contribution. > > I've reviewed the package and found a serious bug. > According to the content of the current license, the license > should be Expat [1] instead of GPL-3+ in the current d/copyright [2]. > > I've fixed this issue and pushed it to salsa [3], and I plan to > upload this > package these days. > > Apart from that, it will be great if you can send the d/patch and > manpage to the upstream. > > [1] > https://salsa.debian.org/pkg-security-team/websploit/-/blob/debian/master/LICENSE.txt > [2] > https://salsa.debian.org/pkg-security-team/websploit/-/blob/debian/master/debian/copyright > [3] > https://salsa.debian.org/pkg-security-team/websploit/-/commit/bbd0bfefdb9433b0408b414a1d54006401d996b3 > > SZ > > > Bonus: please give me upload right so i could avoid bother you with > > this in the future. > > > > Greetings, > > > > Marcos > >
DD Ping - New release of websploit migrated to Python 3
Hello I just uploaded a new release of websploit [0]. Upstream migrated it to Python 3. Please, check and review (and give me upload rights if you want). [0] https://salsa.debian.org/pkg-security-team/websploit Greetings, Marcos
DD ping
Hello I updated snoopy in order to fix a bug (and other minor housekeeping). Could you please, check and upload. Bonus: please give me upload right so i could avoid bother you with this in the future. Greetings, Marcos
Re: Review of proposed move of /var/log/account to /var/account
Good! I already uploaded a new release in the git repo: https://salsa.debian.org/pkg-security-team/acct It contains this and other changes. Any DD available for review and upload this new release. Thank you. Greetings Marcos El mié, 18-03-2020 a las 11:33 +, Sergio Gelato escribió: > Thank you for the feedback. I'm quite happy for the change not to > happen. It's certainly less work that way. > ________ > From: Marcos Fouces > Sent: Tuesday, March 17, 2020 18:48 > To: 922...@bugs.debian.org > Cc: Sergio Gelato > Subject: Re: Review of proposed move of /var/log/account to > /var/account > > Hello Sergio > > I am considering the fact that this change could do more harm than > good. The path for pacct* files was changed a long time ago and every > Debian user of acct is aware of it. > > The submiter himself has finally some doubts about it, so i believe > that it is pointless. > > I can't see any good reason to do this. > > I am all for listen to different point of view but i will close this > bug and revert this changes if no good reason arise. > > Greetings, > Marcos
DD ping [new release of polenum]
Hi team! I packaged a new release of polenum [0]. Could you review and upload? [0] https://salsa.debian.org/pkg-security-team/polenum Greetings, Marcos
Re: Access to Salsa please? Maintaining pyrit(-opencl)
El mar, 28-01-2020 a las 09:42 +0100, Raphael Hertzog escribió: > Hello Dmitry, > > On Tue, 28 Jan 2020, Dmitry Smirnov wrote: > > I'd like to join the team to eventually do some maintenance on > > "pyrit" > > package as my package "pyrit-opencl" has been incorporated into > > "pyrit" > > upstream. > > You have been added to the salsa group. Have a look a the few team > rules: > https://wiki.debian.org/Teams/pkg-security/ > > > Marcos, Sophie, may I join as co-maintainer please? > > Sure, we don't have "strong" ownership over here. Yes, we are always happy to receive help! > > Note that pyrit is currently affected by an RC bug, it would be nice > to > get it fixed shortly. There is currently a pull request on upstream repo that worths a look as it could fix Python3 migration: https://github.com/JPaulMora/Pyrit/pull/593 Greetings, Marcos
DD Ping - New arp-scan release
Hi Team! I just packaged a new upstream release of arp-scan (just minor changes) [0]. Could any DD review and upload? Greetings, Marcos [0] https://salsa.debian.org/pkg-security-team/arp-scan
DD Ping - New recon-ng release
Hi team! I packaged a new release of recon-ng [0]. It should not be uploaded directly due to new python modules dependencies that i also packaged [1] [2]. Could any DD review and upload them: [0] https://salsa.debian.org/pkg-security-team/recon-ng [1] https://salsa.debian.org/python-team/modules/python-flasgger [2] https://salsa.debian.org/python-team/modules/python-rq Greetings, Marcos
Re: Bug#944129: arp-scan: not returning any results
El jue, 07-11-2019 a las 16:35 -0300, Giovani Ferreira escribió: > Hi Marcos, > > I just reviewed and uploaded arp-scan. > > cheers, > Thanks a lot! Marcos
Re: Bug#944129: arp-scan: not returning any results
Hello I just uploaded a new release of arp-scan to git [0]. I tested it and it works well on my machine (Debian testing). Could some DD review and upload the package? Greetings, Marcos [0] https://salsa.debian.org/pkg-security-team/arp-scan El lun, 04-11-2019 a las 18:42 +0100, Reiner Herrmann escribió: > Package: arp-scan > Version: 1.9.5-1 > Severity: serious > Tags: fixed-upstream > > Dear maintainer, > > arp-scan is no longer returning any results in Debian sid. > > > # arp-scan 10.0.0.0/24 > > Interface: wlan0, datalink type: EN10MB (Ethernet) > > Starting arp-scan 1.9.5 with 256 hosts ( > > https://github.com/royhills/arp-scan) > > > > 14 packets received by filter, 0 packets dropped by kernel > > Ending arp-scan 1.9.5: 256 hosts scanned in 2.031 seconds (126.05 > > hosts/sec). 0 responded > > With wireshark I can actually see arp replies (and it sounds like > they > were also received ("14 packets received")), > With another machine that is running buster I can still see the > results, so it could have been introduced by a different libpcap > version? > > After noticing that the bug has also been filed in Ubuntu [0], > I also tested the version from git and got it running successfully. > This is the first commit at which it is returning results again: [1]. > It is contained in the new upstream release 1.9.6. > > Kind regards, > Reiner > > [0] https://bugs.launchpad.net/ubuntu/+source/arp-scan/+bug/1849740 > [1] https://github.com/royhills/arp-scan/commit/8513a18
Re: Upload to experimental for dnsrecon
Hello Samuel Thanks for your support and advice. In the following days (weeks) i will try to meet some more DD in order to get signatures for my key. Greetings. Marcos On 15/4/19 20:43, Samuel Henrique wrote: > Hello all, > > $ dcut ftp-master dm --uid "marcos.fou...@gmail.com > <mailto:marcos.fou...@gmail.com>" --allow dnsrecon > Uploading commands file to ftp.upload.debian.org > <http://ftp.upload.debian.org> (incoming: /pub/UploadQueue/) > Picking DM Marcos Fouces <mailto:marcos.fou...@gmail.com>> with fingerprint > 7CB8AFFD56032FE35A347D2E6ACCBD0FA3B7447C > Uploading samueloph-1555352551.dak-commands to ftp-master > > > Thanks for all your work Marcos, > > I've seen that you started the process for becoming a DD but you're > missing one more DD signature on your key[0], if you're planning to > attend DebConf19[1] by any chance, which is a good way of getting a > bunch of signatures, today is the last day to request for bursaries > (during the registration part). > > If not, you will have to find a way of getting one more DD signature > before starting the process. > > Regards, > > [0]https://nm.debian.org/process/613/keycheck > [1]https://debconf19.debconf.org/ > > -- > Samuel Henrique
Re: Upload to experimental for dnsrecon
On 12/4/19 10:53, Raphael Hertzog wrote: > >> BTW: you also could give me DM rights on this package if you feel it >> isappropriate. > Or you could apply to full DD status... I think you have been around for > long enough to deserve it. Even if you feel like that you lack some > skills/experience, you will still be able to ask for a review even if > you're a DD. :-) Thank you! I feel very honored. I'll follow your advice and i will apply for DD :-) > (I don't use dput-ng and handling DM rights is a pain without it, > but maybe Samuel can do it for you ;-)) > > Cheers, Greetings, Marcos
Upload to experimental for dnsrecon
Hello Sophie showed interest to include the new dnrecon [0] release in Kali. Could any DD review and upload it to experimental? BTW: you also could give me DM rights on this package if you feel it isappropriate. [0] https://salsa.debian.org/pkg-security-team/dnsrecon Greetings, Marcos.
Re: DD ping - Marcos Ourense Clave
On 14/3/19 22:43, Raphael Hertzog wrote: > > We're now too late in the freeze to be able to upload anything else > besides RC bug fixes. So you can continue your work in debian/master > but we will not upload this to unstable. If we have to upload an RC bug > fix to unstable, we will have to fork from the version in unstable and add > only the minimal set of changes. > > Cheers, OK, thanks for the explanation. Greetings, Marcos
Re: Request for DM rights for swatch
On 3/3/19 23:57, Samuel Henrique wrote: > Hello Marcos, > > I prepared a bugfix release for swatch [0] in order to close all its > open bugs (just two...). > > > There's only one bug being closed on d/changelog. Yes, the other one (#648024) will be already closed in this upload. I had to close it by mail. > > > Please, review and upload or give me DM rights on it so i can > upload it > myself. > > > Unfortunately, we're out of time for Buster[0], whatever we upload > from now on should be treated as a package for the full freeze and > must follow the given requirements[1], that is: I believed that packages uploaded before 2019-03-12 would be required 10 days to migrate and only packages uploaded after the deadline would be bounded to the full freeze policy. Thanks anyway. Greetings, Marcos.
Request for DM rights for swatch
Hello I prepared a bugfix release for swatch [0] in order to close all its open bugs (just two...). Please, review and upload or give me DM rights on it so i can upload it myself. Greetings, Marcos. [0] https://salsa.debian.org/pkg-security-team/swatch
Request for review/upload chkrootkit
Hello I applied a patch from François Marier in order to fix a bug in chkrootkit [0] Please, consider uploading. Greetings, Marcos. [0] https://salsa.debian.org/pkg-security-team/chkrootkit
Request review/upload recon-ng
Hello I prepared a new package for a (very minor) new upstream release of recon-ng [0]. It is so minor that I believe that it is very unlikely that it introduces new bugs so (IMHO) it could be safely uploaded. Greetings, Marcos. [0] https://salsa.debian.org/pkg-security-team/recon-ng
Re: DD ping - Marcos Ourense Clave
Hellos Samuel When i sent this email, i still did not fixed the bug you refer (#922563) but only the first one (#864242). I share your concern about this. Create a separate branch without this change would be a good idea? Greetings, Marcos On 24/2/19 2:07, Samuel Henrique wrote: > Hello Marcos, > > I did some work on acct package [0] that could go into Buster. Please, > review and upload (or point out improvements :-)). > > > Hmm, I saw the discussion on > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922533 and I think > this may not be a good idea for buster since we are late in the freeze. > > My opinion is that we should hold this one for after buster, well, at > least I don't have time to do enough testing to feel good about this > upload, but somebody else might. > > Regards, > > -- > Samuel Henrique
Re: request for review upload: braa
Hello Samuel Thanks for your sponsorship! Greetings, Marcos On 24/2/19 1:49, Samuel Henrique wrote: > Hello Marcos, > > Upstream fixed two bugs in braa [0]. > > > The two fixes that I can see on the package aren't upstream's, one is > yours and the other one is from Helmut, I'm assuming you mean these two. > > > Please review/upload. > > > Done, > > Thanks, > > > -- > Samuel Henrique
Re: Request for review/upload for snoopy
Hello Samuel Thanks for your sponsorship! Greetings, Marcos On 24/2/19 1:36, Samuel Henrique wrote: > Hello, > > Uploaded, > > Thanks, > > -- > Samuel Henrique
request for review upload: braa
Hello Upstream fixed two bugs in braa [0]. Please review/upload. Greetings, Marcos [0] https://salsa.debian.org/pkg-security-team/braa
Request for review/upload for snoopy
Hello Upstream fixed an important bug in snoopy [0] and added the fix in two patches (thanks to Lukas Schwaighofer!). Please review/upload. Greetings, Marcos [0] https://salsa.debian.org/pkg-security-team/snoopy
Re: pyrit package
On 6/2/19 17:57, Christian Kastner wrote: > On 2019-02-05 16:27, Sophie Brun wrote: >>> Please note that the problem itself is with the autopkgtest of the >>> package, build is ok, you will only spot it if you enable such tests. >>> That is: the package is not FTBFSing, but the autopkgtests are >>> failing. I took for granted that as dh_auto_test executes test_pyrit.py this was enough. In fact is the same set of tests executed by autopkgtests. For some reason, there was no need to create a $HOME dir with pbuilder environement. >> I push a fix for the autopkgtest today > Looks good! Fine to me, too. I don't know how to proceed with pyrit-opencl. As Christian mentioned, it surely depends on pyrit version and needs to be updated. Perhaps it is a good idea to ask maintainer to import it to pkg-security. Greetings, Marcos.
Re: pyrit package
Hello Samuel I don't use sbuild but pbuilder and the package built OK on my machine. Anyway, as buildd's use sbuild (AFAIK), i think that this issue needs to be investigated. I will try to put some time tomorrow. Greetings, Marcos On 4/2/19 22:11, Samuel Henrique wrote: > Hello, > > Tried to build 0.5.1+git20180801-1 from the git repo using sbuild[0] > but the tests from autopkgtest are not passing: > > autopkgtest [20:57:40]: test unittests-default: > [--- > Traceback (most recent call last): > File "test_pyrit.py", line 41, in > import cpyrit.config > File "/usr/lib/python2.7/dist-packages/cpyrit/config.py", line > 77, in > os.makedirs(configpath) > File "/usr/lib/python2.7/os.py", line 150, in makedirs > makedirs(head, mode) > File "/usr/lib/python2.7/os.py", line 157, in makedirs > mkdir(name, mode) > OSError: [Errno 13] Permission denied: '/home/samueloph' > autopkgtest [20:57:41]: test unittests-default: > ---] > autopkgtest [20:57:41]: test unittests-default: - - - - - - - - - > - results - - - - - - - - - - > unittests-default FAIL non-zero exit status 1 > autopkgtest [20:57:41]: summary > unittests-default FAIL non-zero exit status 1 > > E: Command 'autopkgtest > > /home/samueloph/packages/build-area/pyrit_0.5.1+git20180801-1_amd64.changes > -- schroot unstable-amd64-sbuild; aptexit=$?; if test $aptexit = > 8; then exit 0; else exit $aptexit; fi' failed to run. > > Finished processing commands. > > > I did not spend time trying to debug this, but it looks like the test > is trying to create a directory on the wrong place. > > Marcos, can you please check if this check is also failing on your > machine? This is a blocker for migration to testing, so without fixing > that, the package will not arrive to Buster. > > As the package has autopkgtests, it takes only 2 days to migrate to > Testing, so as long as the upload is made until ~8th February it > should be ok. > > [0]https://wiki.debian.org/sbuild#Using_autopkgtest > > Regards, > > -- > Samuel Henrique
Re: pyrit package
Hello Sophie I already uploaded the repo [0]. I tried to merge all the work on both distros (Kali and Debian). [0] https://salsa.debian.org/pkg-security-team/pyrit.git Thanks to Samuel to create it. Greetings, Marcos. On 2/2/19 14:36, Christian Kastner wrote: > Hi all, > > On 01.02.19 15:36, Sophie Brun wrote: >> It would be great to upload it quickly to have it in Buster. > Seeing as the time window for Buster was indeed extremely short, I went > ahead and uploaded a version that fixes the FTBFS from #906555 by > incorporating a simple patch taken from the other/newer upstream. > > I also did some housekeeping/updating, nothing unusual. A large part of > that work was already done by others (Sophie, thanks for the NMU fixing > that other FTBFS). > > I did not try building the 0.5-based version yet because I feel uneasy > switching upstreams or updating to a new version without having looked > at the code, or having run the program, at all. > > Furthermore, there seems to be 0.5 work done by both Sophie and Marcos > that should be merged first, if possible. > > However, seeing as Sophie has a working 0.5 for Kali, perhaps the > simplest solution would be just go from there? > > All my changes have been pushed to the current git repo within PAPT. > > I'm ready to hand off the package now, please let me know how you want > to proceed. If you need anything for Buster, my availability this week > is quite good. > > Regards, > Christian >
DD ping - Marcos Ourense Clave
Hello I did some work on acct package [0] that could go into Buster. Please, review and upload (or point out improvements :-)). [0] https://salsa.debian.org/pkg-security-team/acct.git Greetings, Marcos
Re: pyrit package
On 2/2/19 14:36, Christian Kastner wrote: > Hi all, > > On 01.02.19 15:36, Sophie Brun wrote: >> It would be great to upload it quickly to have it in Buster. > Seeing as the time window for Buster was indeed extremely short, I went > ahead and uploaded a version that fixes the FTBFS from #906555 by > incorporating a simple patch taken from the other/newer upstream. Good! i planned to upload the repo with my work tomorrow (sunday) and coordinate an upload to unstable with Sophie to also fit Kali needs. This way, pyrit will be included in Buster for sure even if we have not enough time for this. > I also did some housekeeping/updating, nothing unusual. A large part of > that work was already done by others (Sophie, thanks for the NMU fixing > that other FTBFS). I was not aware of this git repo so i did it myself from the ground with debsnaps. > I did not try building the 0.5-based version yet because I feel uneasy > switching upstreams or updating to a new version without having looked > at the code, or having run the program, at all. > Furthermore, there seems to be 0.5 work done by both Sophie and Marcos > that should be merged first, if possible. I tested the release 0.5.0 from the package i built and it seems to works. > However, seeing as Sophie has a working 0.5 for Kali, perhaps the > simplest solution would be just go from there? > > All my changes have been pushed to the current git repo within PAPT. > > I'm ready to hand off the package now, please let me know how you want > to proceed. If you need anything for Buster, my availability this week > is quite good. My suggestion is to take the PAPT repo and add the work of Sophie and mine to it. Sophie: what's your suggestion? > Regards, > Christian > Greetings, Marcos
pyrit package
Hello Christian and team, some time ago, we talk to you to ask that it should be good to import pyrit package to our team to take care of it because a RC bug -that is still open- is affecting the wifite package. As far as i remember, you expressed a full ACK to this. I did some work on the package and i would like to upload it to our repo. It should be very good if you, or someone else, could help me to co-maintain it. Could some "master" or "owner" of our Gitlab create a repo were i could upload it? Greetings, Marcos
Request for review/upload
Hi team! Because the freeze for Buster is coming, i am doing some housekeeping. this time, I did some work on three packages: * tcpick [1]: some minor improvements and housekeeping. * t50 [2]: update upstream release (minor changes.) * rfdump [3]: some minor improvements and housekeeping. [1] https://salsa.debian.org/pkg-security-team/tcpick [2] https://salsa.debian.org/pkg-security-team/t50 [3] https://salsa.debian.org/pkg-security-team/rfdump BTW: i recently finished the process to become DM so you could give me DM rights on these packages if you want to. Greetings, Marcos.
DD Ping (II)
Hi team! I did some housekeeping on nmapsi4 package [1]. Any DD could review and upload it? (if appropiate) Thanks, Marcos. [1] https://salsa.debian.org/pkg-security-team/nmapsi4.git
DD Ping
Hi team! I did some work on ncrack package [1] mostly based on nmap packaging done by Lukas. Any DD could review and upload it? (if appropiate) Thanks, Marcos. [1] https://salsa.debian.org/pkg-security-team/ncrack.git
Re: DD Ping
Hello Samuel Thanks for your review. I followed all your advices so i believe that packages are ready to upload. Greetings, Marcos On 03/11/18 09:15, Samuel Henrique wrote: > Hello Marcos, > > Here's my review: > > dsniff: > - d/changelog: In one of the commits you introduced a trailing > whitespace at #4 > - d/copyright: has trailing whitespaces at #10 and #22 > - d/rules: theres a tab at #8 which can be removed > > - if you use vim, adding this to your .vimrc will make it easier to > spot these kind of things: > > " highlight trailing whitespaces > highlight ExtraWhitespace ctermbg=red guibg=red > match ExtraWhitespace /\s\+$/ > > > libnids: > - I see you changed Section of the package libnids1.21 at this > commit: > https://salsa.debian.org/pkg-security-team/libnids/commit/6bf1e38caa6c0047140dcd339b1cbb8db0b5e93c > Please be aware that after the upload is made, you will have to > submit a request to override the existing section because the package > is already in Debian with a different section: > > https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#override-file > - I would recommend creating a better changelog entry other than "Set > proper package section name", you can use that line to tell exactly > what you've made, something like "Change Section of libnidsX.XX to libs" > > Other than that, changes on both packages are ok and I would be happy > to sponsor them for you, since we are approaching freeze, this type of > housekeeping is very appreciated, especially if there was no upload > after switching to salsa. > > Regards, > > -- > Samuel Henrique
DD Ping
Hi team I did some housekeeping on dsniff and libnids packages. Please, could you review them both? Thanks! Greetings, Marcos.
DD Ping - New t50 release
Hi team! I packaged a new upstream release of t50. Please, could you review and upload if appropiate?. Greetings, Marcos https://salsa.debian.org/pkg-security-team/t50/
DD ping - New arp-scan release
Hello team, I uploaded a new package with a newer upstream release of arp-scan [0]. Could you check it? Thanks! Marcos [0] https://salsa.debian.org/pkg-security-team/arp-scan
DD ping - new upstream release for dnsrecon
Hi team! I just uploaded a package with the new release of dnsrecon [1] .Also the new release of recon-ng could be uploaded as well [2] Please review and upload if appropiate. Greetings [1] https://salsa.debian.org/pkg-security-team/dnsrecon [2] https://salsa.debian.org/pkg-security-team/recon-ng