Your message dated Sat, 8 Dec 2012 15:59:03 +0100 with message-id <20121208145903.GN5634@radis.cristau.org> and subject line Re: Bug#691293: unblock: mosh/1.2.3-1 has caused the Debian Bug report #691293, regarding unblock: mosh/1.2.3-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 691293: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691293 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: mosh/1.2.3-1
- From: Keith Winstein <keithw@mit.edu>
- Date: Tue, 23 Oct 2012 18:44:11 -0400
- Message-id: <20121023224411.18147.98504.reportbug@trolley>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Hello, We respectfully request that you unblock mosh 1.2.3-1 and include it in the wheezy release. A debdiff from mosh 1.2.2-1 is available at http://mosh.mit.edu/mosh_1.2.2-1_to_mosh-1.2.3-1.debdiff.txt . mosh 1.2.3 is an upstream microrelease that fixes several issues we learned about during the first six months of widespread use. It is well-tested and has passed the regressions tests. Most prominently, mosh now links against OpenSSL and uses OpenSSL's implementation of AES. Previously, Mosh 1.2.2 shipped its own AES reference implementation for licensing reasons. The reference implementation has been criticized for possible timing leakage, and it is preferable to avoid shipping a duplicate cipher implementation. Mosh 1.2.3 also includes several robustness fixes, including increased resilience when transiting problematic NATs and VPNs and compatibility with the KDE konsole and dual-stack IPv4/v6 sshds. More security and robustness improvements are listed in the changelog. I regret the lateness of this upstream release in the wheezy freeze cycle. But given the expected lifetime of wheezy as a stable release, upstream would much rather be supporting 1.2.3 instead of 1.2.2 for the long term. We appreciate your consideration of our request. unblock mosh/1.2.3-1
--- End Message ---
--- Begin Message ---
- To: Keith Winstein <keithw@mit.edu>, 691293-done@bugs.debian.org
- Subject: Re: Bug#691293: unblock: mosh/1.2.3-1
- From: Julien Cristau <jcristau@debian.org>
- Date: Sat, 8 Dec 2012 15:59:03 +0100
- Message-id: <20121208145903.GN5634@radis.cristau.org>
- In-reply-to: <20121023224411.18147.98504.reportbug@trolley>
- References: <20121023224411.18147.98504.reportbug@trolley>
On Tue, Oct 23, 2012 at 18:44:11 -0400, Keith Winstein wrote: > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > Hello, > > We respectfully request that you unblock mosh 1.2.3-1 and include it > in the wheezy release. A debdiff from mosh 1.2.2-1 is available at > http://mosh.mit.edu/mosh_1.2.2-1_to_mosh-1.2.3-1.debdiff.txt . > > mosh 1.2.3 is an upstream microrelease that fixes several issues we > learned about during the first six months of widespread use. It is > well-tested and has passed the regressions tests. > > Most prominently, mosh now links against OpenSSL and uses OpenSSL's > implementation of AES. Previously, Mosh 1.2.2 shipped its own AES > reference implementation for licensing reasons. The reference > implementation has been criticized for possible timing leakage, and it > is preferable to avoid shipping a duplicate cipher implementation. > > Mosh 1.2.3 also includes several robustness fixes, including increased > resilience when transiting problematic NATs and VPNs and compatibility > with the KDE konsole and dual-stack IPv4/v6 sshds. > > More security and robustness improvements are listed in the changelog. > > I regret the lateness of this upstream release in the wheezy freeze > cycle. But given the expected lifetime of wheezy as a stable release, > upstream would much rather be supporting 1.2.3 instead of 1.2.2 for > the long term. We appreciate your consideration of our request. > > unblock mosh/1.2.3-1 > This is on the too big side, but unblocked anyway. One comment though: > @@ -361,11 +396,25 @@ > /* close file descriptors */ > if ( !verbose ) { > /* Necessary to properly detach on old versions of sshd (e.g. RHEL/CentOS 5.0). */ > - fclose( stdin ); > - fclose( stdout ); > - fclose( stderr ); > + int nullfd; > + > + nullfd = open( "/dev/null", O_RDWR ); > + if ( nullfd == -1 ) { > + perror( "dup2" ); > + exit( 1 ); > + } > + > + if ( dup2 ( nullfd, STDIN_FILENO ) < 0 || > + dup2 ( nullfd, STDOUT_FILENO ) < 0 || > + dup2 ( nullfd, STDERR_FILENO ) < 0 ) { > + perror( "dup2" ); > + exit( 1 ); > + } > } > > + char utmp_entry[ 64 ] = { 0 }; > + snprintf( utmp_entry, 64, "mosh [%d]", getpid() ); > + > /* Fork child process */ > pid_t child = forkpty( &master, NULL, &child_termios, &window_size ); > This hunk seems to leak nullfd? Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---