From rjk at greenend.org.uk Sun May 8 15:12:37 2011 From: rjk at greenend.org.uk (Richard Kettlewell) Date: Sun, 08 May 2011 14:12:37 -0000 Subject: VCS 0.7 Message-ID: <4DC6A4D5.60604@greenend.org.uk> I have released VCS 0.7. What's VCS? =========== Do you find yourself typing bzr commit in Git branches, or cvs diff in your Perforce workspace? Then perhaps VCS is for you. VCS is a wrapper for version control systems. It presents an essentially uniform interface to the user, allowing ?muscle memory? to use vcs commands rather than adapt to the version control system currently in use. Of course, the downside is that you have yet another three-letter command to start using! The supported systems are Bazaar, Git, CVS, Subversion, Mercurial, Darcs and Perforce. More could be added. The supported commands are add, annotate (blame), clone, commit, diff, edit, log, remove, revert, status, update. Again, more could be added. Where Do I Get It? ================== http://www.greenend.org.uk/rjk/2009/vcs.html for source code, .deb files and git branches. What's New In VCS 0.7? ====================== * There is a new vcs rename command, which renames files under version control. This works with all the version control systems except CVS. * There is a new vcs show command, which shows the diff for an existing commit. You can use vcs diff -c to get the same effect. This works with all the version control systems except CVS and Darcs. * The following bugs have been fixed: #3 'vcs status' should distinguish files in need of 'p4 resolve' #4 vcs stat should distinguish edited but unmodified files #5 Please add --without-werror option to configure #6 iconv portability #7 Does not detect libiconv on Cygwin #9 could we have vcs rename? #10 'vcs revert FILENAME' does not work with git #11 vcs diff should emulate -N for p4 #12 Show historical changes (none) Awkward filenames (e.g. starting with -) are more reliably handled. (none) vcs -n ... never invokes a pager. ttfn/rjk From rjk at greenend.org.uk Sun May 8 15:26:59 2011 From: rjk at greenend.org.uk (Richard Kettlewell) Date: Sun, 08 May 2011 14:26:59 -0000 Subject: rjk-nntp-tools 0.21 Message-ID: <4DC6A833.7080509@greenend.org.uk> I have released rjk-nntp-tools 0.21. Description: This is a small collection of Usenet-related programs. * lj2news reads articles from Livejournal or Dreamwidth via RSS, formats them as plain text and posts them to a newsgroup. * bzr2news reads Bazaar and Git repositories and posts commit messages to a newsgroup. * spoolstats generates HTML reports about a news spool. Getting: http://www.greenend.org.uk/rjk/2006/newstools.html Recent changes: * git2news now supports using non-default branches. ttfn/rjk From rjk at greenend.org.uk Sun May 8 15:30:48 2011 From: rjk at greenend.org.uk (Richard Kettlewell) Date: Sun, 08 May 2011 14:30:48 -0000 Subject: rsbackup 0.2 Message-ID: <4DC6A917.4040604@greenend.org.uk> I have released rsbackup version 0.2. Description: rsbackup is a backup tool that uses rsync to back up your files to harddisks. It uses rsync's ability to hardlink unchanged files to keep multiple copies with at only the space cost of the directories. Backups may be taken from multiple machines (over SSH) and stored to multiple disks. Getting: http://www.greenend.org.uk/rjk/2010/rsbackup.html Changes in 0.2: rsbackup has been rewritten in C++. The behavior is largely same except as follows: * New --text option generates a plaintext version of the report. In addition the email report includes both the text and HTML versions. * --prune-unknown is removed. It is replaced by --retire, which is used to remove backups of volumes (and hosts) that are no longer in use and --retire-device which is used to remove logs for devices that are no longer in use. * The rsync command now includes the --delete option, meaning that interrupted backups no longer include stray files from the first attempt. * .incomplete files are no longer created. Instead the logs are used to distinguish complete from incomplete backups. * Various --warn- options to control what is warned about. * New always-up option to indicate that a host is expected to always be available to back up. ttfn/rjk From rjk at terraraq.org.uk Sun Jul 31 17:28:05 2011 From: rjk at terraraq.org.uk (Richard Kettlewell) Date: Sun, 31 Jul 2011 17:28:05 +0100 Subject: SECURITY: DisOrder 5.0.3 Message-ID: <4E358295.7080108@terraraq.org.uk> DisOrder 5.0.3 has been released. This release is a security fix, containing the following change: Local connections can no longer create and delete users unless they are properly authorized. To get the updated version please visit: http://www.greenend.org.uk/rjk/disorder/ ttfn/rjk (rather embarrassed) From rjk at greenend.org.uk Mon Aug 29 19:37:35 2011 From: rjk at greenend.org.uk (Richard Kettlewell) Date: Mon, 29 Aug 2011 19:37:35 +0100 Subject: Green End SFTP Server release 0.1 Message-ID: <4E5BDC6F.8000109@greenend.org.uk> This is to announce release 0.1 of my experimental SFTP server. It is possible to use it with the OpenSSH server as a drop-in replacement for the SFTP server that it ships with. It differs from the OpenSSH SFTP server in the following ways: * Support for protocol versions up to 6 * Several SFTP extensions * Concurrent handling of pipelined requests For more information please visit: http://www.greenend.org.uk/rjk/sftpserver/ ttfn/rjk From ijackson at chiark.greenend.org.uk Sat Dec 10 23:23:55 2011 From: ijackson at chiark.greenend.org.uk (Ian Jackson) Date: Sat, 10 Dec 2011 23:23:55 +0000 Subject: secnet 0.2.0 (major version) and 0.1.18.1 (obsolete, security fixes) Message-ID: <20195.59915.292070.507556@chiark.greenend.org.uk> We are pleased to announce the release of secnet 0.2.0. This is a fairly major update, including: * Support for multiple simultaneous udp ports. * New feature for better supporting "mobile" sites which have intermittent and/or variable connectivity. * Bugfixes. * Improved documentation. * Many portability fixes, including portability to MacOS X. * Much general cleanup of the code. * Some security-related fixes (see below). We are also releasing an update to the previously current release. 0.1.18.1 contains a number of security fixes: * Reducing the impact of bogus key setup packets sent by an attacker. * When dropping privilege, set the group and group list. * Fix failure to completely wipe a used md5 context struct. * Fix to a possible format string vulnerability in a call to "slilog". All of these are in 0.2.0 as well. We recommend that users upgrade to 0.2.0 if possible. 0.1.18.1 is provided in case this is not appropriate for some reason (for example, 0.2.0 is found not to work). 0.2.0 should be fully compatible with 0.1.18.1 (and 0.1.18, of course). Sources and .deb binaries (built on Debian lenny) can be found here: http://www.chiark.greenend.org.uk/~ianmdlvl/secnet/download/ The git repository is here: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/ chiark's secnet has already been upgraded to 0.2.0. Ian. From ijackson at chiark.greenend.org.uk Sun Dec 11 14:11:37 2011 From: ijackson at chiark.greenend.org.uk (Ian Jackson) Date: Sun, 11 Dec 2011 14:11:37 +0000 Subject: secnet 0.2.1 - authbind fix In-Reply-To: <20195.59915.292070.507556@chiark.greenend.org.uk> References: <20195.59915.292070.507556@chiark.greenend.org.uk> Message-ID: <20196.47641.609147.774338@chiark.greenend.org.uk> I wrote: > We are pleased to announce the release of secnet 0.2.0. secnet 0.2.0 contains a bug which makes it not work with authbind. (This same bug is in 0.1.16 to 0.1.18.1 inclusive.) This is fixed in secnet 0.2.1. A copy of the relevant patch is below, in case you need to apply it to 0.1.18.1; we do not currently plan to make a new 0.1.18.x release especially for this fix. Sources and .deb binaries (built on Debian lenny) can be found here: http://www.chiark.greenend.org.uk/~ianmdlvl/secnet/download/ The git repository is here: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/ chiark's secnet has already (really, this time) been upgraded to 0.2.1. Ian. commit 51b259535294bb46757a040596ab052e53f29483 Author: Ian Jackson Date: Sun Dec 11 12:40:37 2011 +0000 authbind: get endianness right (again) It appears that: * authbind's documentation authbind-helper(8) describes the endianness convention of authbind's helper program incorrectly. See Debian #651694. * The version of secnet 0.1.16 tagged as such in revision control contains a "fix" which was based on the authbind documentation but not apparently tested against authbind. Ie, this part from NEWS: 4) Change the endianess of the arguments to authbind-helper. sprintf("%04X") already translates from machine repesentation to most significant octet first so htons reversed it again. * The version of secnet 0.1.16 actually in service on chiark had an out-of-version-control change to udp.c to make it work with chiark's authbind 1.2.0. The actual code found has been recorded on the dead branch "chiark-0.1.16" in the master git repo, but the version of udp.c is exactly that from 0.1.15 so it looks like we just reverted to the previous udp.c during deployment of 0.1.16. * We (re)discovered all this after the release of secnet 0.2.0 because my attempt to deploy 0.2.0 on chiark was not actually effective. Therefore, undo the authbind endianness change introduced in secnet 0.1.16. This is most easily achieved by constructing the arguments to the helper from the sockaddr rather than the contents of "st". Thanks are due to Simon Tatham for the bug report. Signed-off-by: Ian Jackson diff --git a/udp.c b/udp.c index f420664..bbf8c64 100644 --- a/udp.c +++ b/udp.c @@ -241,8 +241,8 @@ static void udp_phase_hook(void *sst, uint32_t new_phase) } if (c==0) { char *argv[4], addrstr[9], portstr[5]; - sprintf(addrstr,"%08lX",(long)st->addr); - sprintf(portstr,"%04X",st->port); + sprintf(addrstr,"%08lX",(long)addr.sin_addr.s_addr); + sprintf(portstr,"%04X",addr.sin_port); argv[0]=st->authbind; argv[1]=addrstr; argv[2]=portstr;