Thomas Osterried | 8 Nov 21:12 2011
Picon

Re: Compiling FBB


Am Dienstag, den 08. November 2011 um 21:05:24 Uhr, schrieb Patrick Ouellette <pouelle <at> debian.org> in <20111108200524.GE30829 <at> flying-gecko.net>:
> On Fri, Oct 21, 2011 at 02:04:00PM +0200, Thomas Osterried wrote:
> > 
> > On 2011-10-20 21:02:44 -0700, David Ranch <linux-hams <at> trinnet.net>
> > wrote in <4EA0EEE4.7050502 <at> trinnet.net>:
> > > 
> > > Hello Bernard, Ralf, Thomas,
> > > 
> > > I've been meaning to ask this question for a while now:  Do you know
> > > why the official version of the ax25 apps/libs/tools hasn't been
> > > updated in ages?
> > 
> > Unfortunately, there's no debian-developer who regulary builds new
> > packages from the CVS head of ax25-apps, -tools and libax25.
> 
> I used maintain ax25 for Debian to a long time ago.  Apparently I will be 
> picking up support in Debian again since no one else seems to want to and the
> "team maintainer" concept has fallen apart.  
> 
> The first order of business I have to attend to is the apparent need to rename
> the node package and binary to ax25-node.
> 
> www.linux-ax25.org is apparently down right now?

yes, it's currently under maintainance:

** PROBLEM Service Alert: linux-ax25/FTP is CRITICAL **
Von: 
root <at> mail-smt.osterried.it
(Continue reading)

Patrick Ouellette | 8 Nov 21:05 2011
Picon

Re: Compiling FBB

On Fri, Oct 21, 2011 at 02:04:00PM +0200, Thomas Osterried wrote:
> 
> On 2011-10-20 21:02:44 -0700, David Ranch <linux-hams <at> trinnet.net>
> wrote in <4EA0EEE4.7050502 <at> trinnet.net>:
> > 
> > Hello Bernard, Ralf, Thomas,
> > 
> > I've been meaning to ask this question for a while now:  Do you know
> > why the official version of the ax25 apps/libs/tools hasn't been
> > updated in ages?
> 
> Unfortunately, there's no debian-developer who regulary builds new
> packages from the CVS head of ax25-apps, -tools and libax25.

I used maintain ax25 for Debian to a long time ago.  Apparently I will be 
picking up support in Debian again since no one else seems to want to and the
"team maintainer" concept has fallen apart.  

The first order of business I have to attend to is the apparent need to rename
the node package and binary to ax25-node.

www.linux-ax25.org is apparently down right now?

(the Google repo mentioned is: http://code.google.com/p/linuxax25/ )

73,

Pat
--

-- 

(Continue reading)

Ralf Baechle DL5RB | 8 Nov 22:22 2011

Re: Compiling FBB

On Tue, Nov 08, 2011 at 03:05:24PM -0500, Patrick Ouellette wrote:

> I used maintain ax25 for Debian to a long time ago.  Apparently I will be 
> picking up support in Debian again since no one else seems to want to and the
> "team maintainer" concept has fallen apart.  
> 
> The first order of business I have to attend to is the apparent need to rename
> the node package and binary to ax25-node.
> 
> www.linux-ax25.org is apparently down right now?

I'm upgrading the VM.  All services are running again but there might be
a few more brief outages to the ftp service while I'm doing nasty things
to systemd.

  Ralf
--
To unsubscribe from this list: send the line "unsubscribe linux-hams" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Bill Vodall | 8 Nov 22:39 2011
Picon

Re: Compiling FBB

>> > I've been meaning to ask this question for a while now:  Do you know
>> > why the official version of the ax25 apps/libs/tools hasn't been
>> > updated in ages?
>>
>> Unfortunately, there's no debian-developer who regulary builds new
>> packages from the CVS head of ax25-apps, -tools and libax25.
>
> I used maintain ax25 for Debian to a long time ago.  Apparently I will be
> picking up support in Debian again since no one else seems to want to and the
> "team maintainer" concept has fallen apart.

Does this have any relationship to the ax25-* packages in the Ubuntu
LTS releases?   I had a frustrating experience last week getting ax25
going again on a system and was wondering what could be done to make
it work out of the box for the next user.

Thanks,
Bill - WA7NWP
--
To unsubscribe from this list: send the line "unsubscribe linux-hams" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patrick Ouellette | 8 Nov 23:09 2011
Picon

Re: Compiling FBB

On Tue, Nov 08, 2011 at 01:39:39PM -0800, Bill Vodall wrote:
> 
> Does this have any relationship to the ax25-* packages in the Ubuntu
> LTS releases?   I had a frustrating experience last week getting ax25
> going again on a system and was wondering what could be done to make
> it work out of the box for the next user.
> 

If Ubuntu does not have their own version of the ax25-* packages 
(usually they have -ubuntu- in the package name), then yes it does.

Pat
--

-- 

Patrick Ouellette                 pat <at> flying-gecko.net
ne4po (at) arrl (dot) net         Amateur Radio: NE4PO 

What kind of change have you been in the world today?
--
To unsubscribe from this list: send the line "unsubscribe linux-hams" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Ranch | 9 Nov 02:22 2011
Picon

Re: Compiling FBB


Hello Patrick,

Thanks for willing to take this back on!  One thing to regarding the 
node binary. The old "Linux Node" software evidently has several major 
security vulnerabilities in it that were resolved in a fork called 
Uronode.  See the Unode release nodes below for more details.

The HAM that wrote Uronode  has seemingly dropped of the map as all his 
domains no longer work, etc.  A different HAM (KD1ZD) has reposted that 
work as a new fork called Unode.   I would argue that the original Linux 
node software should be patched to be secure or better yet, be DROPPED 
from the ax25 suite in favor of this new Unode software which is "more" 
secure, has some additional features, etc.

    https://github.com/kd1zd/Unode

Just my $0.02

--David
KI6ZHD

Patrick Ouellette wrote:
> On Fri, Oct 21, 2011 at 02:04:00PM +0200, Thomas Osterried wrote:
>> On 2011-10-20 21:02:44 -0700, David Ranch <linux-hams <at> trinnet.net>
>> wrote in <4EA0EEE4.7050502 <at> trinnet.net>:
>>> Hello Bernard, Ralf, Thomas,
>>>
>>> I've been meaning to ask this question for a while now:  Do you know
>>> why the official version of the ax25 apps/libs/tools hasn't been
(Continue reading)

Marc Coevoet | 9 Nov 08:09 2011
Picon

Re: Compiling FBB

Op 09-11-11 02:22, David Ranch schreef:
> The old "Linux Node" software evidently has several major security 
> vulnerabilities in it 

Whoooh!  Security vulnerabilities.  What kind of?  What web site?

Marc

--

-- 
The "Penguin" has arrived - and he's not going away - ever.
What's on Shortwave guide: choose an hour, go!
http://shortwave.tk
700+ Radio Stations on SW http://swstations.tk
300+ languages on SW http://radiolanguages.tk

--
To unsubscribe from this list: send the line "unsubscribe linux-hams" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Tomi Manninen | 9 Nov 10:14 2011
Picon
Picon

Re: Compiling FBB

David Ranch [linux-hams <at> trinnet.net] kirjoitti: 

> Thanks for willing to take this back on!  One thing to regarding the 
> node binary. The old "Linux Node" software evidently has several major 
> security vulnerabilities in it that were resolved in a fork called 
> Uronode.  See the Unode release nodes below for more details.

I took a quick look, and the only security related thing I found was
in the CHANGES file where Morgan, SM6TKY's report was mentioned.

Most of those vulnerabilities were only present in AWZnode and UROnode. 
The ones in LinuxNode were fixed in version 0.3.2 that was released
23 Aug 2003, one day after Morgan's private report.

Also I remember that I fixed a *major* vulnerability in 0.2.6 (released 1999)
This one I noticed myself, it was a "brown paper bag" kind of a thing...

I don't know if that one is fixed in UROnode (which was forked from
AWZnode which was forked from LinuxNode -- but when, I don't know).

Other than those two, I'm not aware of any security vulnerabilities in
the original LinuxNode code. If there are any, they were simply never
reported to me.

> The HAM that wrote Uronode  has seemingly dropped of the map as all his 
> domains no longer work, etc.  A different HAM (KD1ZD) has reposted that 
> work as a new fork called Unode.   I would argue that the original Linux 
> node software should be patched to be secure or better yet, be DROPPED 
> from the ax25 suite in favor of this new Unode software which is "more" 
> secure, has some additional features, etc.
(Continue reading)

Thomas Osterried | 9 Nov 10:31 2011
Picon

Re: Compiling FBB


Am Mittwoch, den 09. November 2011 um 02:22:30 Uhr, schrieb David Ranch <linux-hams <at> trinnet.net> in <4EB9D5D6.50509 <at> trinnet.net>:
> 
> Hello Patrick,
> 
> Thanks for willing to take this back on!  One thing to regarding the 
> node binary. The old "Linux Node" software evidently has several major 
> security vulnerabilities in it that were resolved in a fork called 
> Uronode.  See the Unode release nodes below for more details.
> 
> The HAM that wrote Uronode  has seemingly dropped of the map as all his 
> domains no longer work, etc.  A different HAM (KD1ZD) has reposted that 
> work as a new fork called Unode.   I would argue that the original Linux 
> node software should be patched to be secure or better yet, be DROPPED 
> from the ax25 suite in favor of this new Unode software which is "more" 
> secure, has some additional features, etc.

The software project Node is not part or ax25-apps/-tools.

>     https://github.com/kd1zd/Unode
> 
> Just my $0.02
> 
> --David
> KI6ZHD
> 
> 
> Patrick Ouellette wrote:
> > On Fri, Oct 21, 2011 at 02:04:00PM +0200, Thomas Osterried wrote:
> >> On 2011-10-20 21:02:44 -0700, David Ranch <linux-hams <at> trinnet.net>
(Continue reading)

Marco Di Martino (IW2OHX | 9 Nov 10:36 2011
Picon

Re: Compiling FBB

Hi David,

thanks for the info.
I'm going to test unode at iw2ohx.ampr.org (telnet iw2ohx.ampr.org).
I searched for years a replacement of node. A part security issues, I had
problem with process node that sometimes eat a lot of CPU expecially 
when someone
doesn't close connection with "B" command. I hope this problem was fixed 
in Unode.

I appreciated flexd implementation, I teste it years ago with AWZNode.

I hope to post feedback here after configuring unode in my ham linux box.

Bye
Marco
iw2ohx

On 11/09/2011 02:22 AM, David Ranch wrote:
>
> Hello Patrick,
>
> Thanks for willing to take this back on!  One thing to regarding the 
> node binary. The old "Linux Node" software evidently has several major 
> security vulnerabilities in it that were resolved in a fork called 
> Uronode.  See the Unode release nodes below for more details.
>
> The HAM that wrote Uronode  has seemingly dropped of the map as all 
> his domains no longer work, etc.  A different HAM (KD1ZD) has reposted 
> that work as a new fork called Unode.   I would argue that the 
(Continue reading)


Gmane