Re: Two bug fixes for ncrack
Dear Sven, On 2024-01-06 10:58:41 +0100, Sven Geuer wrote: On Fri, 2024-01-05 at 20:59 +, Peter Wienemann wrote: The suggested fix for #1048666 works but it is not particularly nice. If someone knows a smarter way how to address this issue, I am eager to learn about it. Instead of extending d/rules I propose to drop the offending files in advance by a patch. This way there is not need to save and restore them. Refer to [1] as an example. You can create such a patch easily via 'dquilt shell'. See [2] and [3] if you are not familiar with it [1] https://salsa.debian.org/debian-remote-team/tightvnc/-/blob/debian/master/debian/patches/remove-upstream-build-system.patch?ref_type=heads [2] https://www.debian.org/doc/manuals/debmake-doc/ch03.en.html#quilt-setup [3] https://manpages.debian.org/bookworm/quilt/quilt.1.en.html#shell many thanks for your suggestion and the illustrative example. Trying to use a patch to remove and restore the clobbered files has not come to my mind so far. What I like about your approach is that it is more straightforward. What makes me a bit hesitant in this particular case is the size of the needed patch to accomplish this: It is tens of thousands of lines. So at least in terms of diff size it is more invasive. Considering both options I do not have a clear preference. But maybe others do. :-) On 2024-01-06 11:28:30 +0100, Sven Geuer wrote: > An additional approach worth to explore is to patch upstream's > Makefile.in files to do the clean job correctly. Some parts are already > available as distclean targets. I think this approach can only solve issues caused by an incomplete clean-up of build remnants. However in the given case one needs to restore the original state of files modified during the build. Therefore I fear that this second approach does not solve the problem at hand. Thanks again for your input. It was very instructive. Best regards, Peter
Re: Two bug fixes for ncrack
Hi again, On Sat, 2024-01-06 at 10:58 +0100, Sven Geuer wrote: > Hi Peter, > > On Fri, 2024-01-05 at 20:59 +, Peter Wienemann wrote: > > Dear security tools packaging team, > > > > I pushed two commits to the ncrack repository [0] fixing two bugs: > > > > https://bugs.debian.org/1058286 > > https://bugs.debian.org/1048666 > > > > #1058286 is an RC bug. The suggested fix for #1048666 works but it > > is > > not particularly nice. If someone knows a smarter way how to > > address > > this issue, I am eager to learn about it. > > > > Instead of extending d/rules I propose to drop the offending files in > advance by a patch. This way there is not need to save and restore > them. Refer to [1] as an example. > > You can create such a patch easily via 'dquilt shell'. See [2] and > [3] if you are not familiar with it. > > [1] > https://salsa.debian.org/debian-remote-team/tightvnc/-/blob/debian/master/debian/patches/remove-upstream-build-system.patch?ref_type=heads > [2] https://www.debian.org/doc/manuals/debmake-doc/ch03.en.html#quilt-setup > [3] https://manpages.debian.org/bookworm/quilt/quilt.1.en.html#shell > > An additional approach worth to explore is to patch upstream's Makefile.in files to do the clean job correctly. Some parts are already available as distclean targets. Cheers, Sven -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585 signature.asc Description: This is a digitally signed message part
Re: Two bug fixes for ncrack
Hi Peter, On Fri, 2024-01-05 at 20:59 +, Peter Wienemann wrote: > Dear security tools packaging team, > > I pushed two commits to the ncrack repository [0] fixing two bugs: > > https://bugs.debian.org/1058286 > https://bugs.debian.org/1048666 > > #1058286 is an RC bug. The suggested fix for #1048666 works but it is > not particularly nice. If someone knows a smarter way how to address > this issue, I am eager to learn about it. > Instead of extending d/rules I propose to drop the offending files in advance by a patch. This way there is not need to save and restore them. Refer to [1] as an example. You can create such a patch easily via 'dquilt shell'. See [2] and [3] if you are not familiar with it [1] https://salsa.debian.org/debian-remote-team/tightvnc/-/blob/debian/master/debian/patches/remove-upstream-build-system.patch?ref_type=heads [2] https://www.debian.org/doc/manuals/debmake-doc/ch03.en.html#quilt-setup [3] https://manpages.debian.org/bookworm/quilt/quilt.1.en.html#shell > Best regards, > > Peter > > [0] https://salsa.debian.org/pkg-security-team/ncrack > Cheers, Sven -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585 signature.asc Description: This is a digitally signed message part
Two bug fixes for ncrack
Dear security tools packaging team, I pushed two commits to the ncrack repository [0] fixing two bugs: https://bugs.debian.org/1058286 https://bugs.debian.org/1048666 #1058286 is an RC bug. The suggested fix for #1048666 works but it is not particularly nice. If someone knows a smarter way how to address this issue, I am eager to learn about it. Best regards, Peter [0] https://salsa.debian.org/pkg-security-team/ncrack