601742 – net-analyzer/gnu-netcat-0.7.1-r3 - mask or move from stable to testing?

Bug 601742 - net-analyzer/gnu-netcat-0.7.1-r3 - mask or move from stable to testing?

Summary: net-analyzer/gnu-netcat-0.7.1-r3 - mask or move from stable to testing?

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Deadline:	2019-05-13
Assignee:	Gentoo Netmon project

URL:
Whiteboard:
Keywords:	PMASKED

Depends on:
Blocks:

Reported:	2016-12-05 22:59 UTC by Sebastian Pipping
Modified:	2019-05-15 20:08 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Pipping gentoo-dev

2016-12-05 22:59:30 UTC

Hi!

I ran into https://www.exploit-db.com/exploits/40866/ recently, confirmed it to work, found list of open bugs at https://sourceforge.net/p/netcat/bugs/?source=navbar, confirmed this https://sourceforge.net/p/netcat/bugs/62/ bug, see no commits after 2013 at https://sourceforge.net/p/netcat/code/HEAD/tree/branches/.

I'm unsure if that exploit is a severe thing (e.g. as it relies on option -T) but gnu-netcat looks a lot more dead and buggy to me than stable.  With multiple netcat's around in Gentoo, maybe that's something we want to communicate to Gentoo users.  How about masking it or moving it back to unstable?

Best



Sebastian

Comment 1 Michał Górny archtester

2019-04-13 08:31:52 UTC

@security, could you confirm what's the current state of affairs here?

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2019-04-13 09:42:28 UTC

(In reply to Michał Górny from comment #1)
> @security, could you confirm what's the current state of affairs here?

Last-rites are in order.

Comment 3 Larry the Git Cow gentoo-dev

2019-04-13 18:40:34 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1970be05736016d5cd4369a32756d395d01ed932

commit 1970be05736016d5cd4369a32756d395d01ed932
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-04-13 18:39:59 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-04-13 18:40:28 +0000

    package.mask: Last rite net-analyzer/gnu-netcat
    
    Bug: https://bugs.gentoo.org/601742
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 profiles/package.mask | 11 +++++++++++
 1 file changed, 11 insertions(+)

Comment 4 Larry the Git Cow gentoo-dev

2019-05-15 20:08:14 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df604b5e52c41cbe9b256a4d84ab42440986bd18

commit df604b5e52c41cbe9b256a4d84ab42440986bd18
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2019-05-15 20:06:49 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2019-05-15 20:07:58 +0000

    net-analyzer/gnu-netcat: Remove last-rited pkg
    
    Closes: https://bugs.gentoo.org/601742
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 net-analyzer/gnu-netcat/Manifest                   |  1 -
 .../gnu-netcat/files/gnu-netcat-LC_CTYPE.patch     | 19 ------------
 .../gnu-netcat/files/gnu-netcat-close.patch        | 16 ----------
 .../gnu-netcat/files/gnu-netcat-flagcount.patch    | 22 -------------
 net-analyzer/gnu-netcat/gnu-netcat-0.7.1-r3.ebuild | 36 ----------------------
 net-analyzer/gnu-netcat/gnu-netcat-0.7.1-r4.ebuild | 32 -------------------
 net-analyzer/gnu-netcat/metadata.xml               | 12 --------
 profiles/package.mask                              | 10 ------
 8 files changed, 148 deletions(-)