Debian Bug report logs - #482145
silc segfaults if i delay accepting a server's key until after the server drops the connection

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: silc segfaults if i delay accepting a server's key until after the server drops the connection

Date: Tue, 20 May 2008 20:26:52 -0400

Package: silc
Version: 1.1.4-1+b1
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Using the regular silc client (built as a standalone, not with the
irssi plugin), if i connect to a new server, the server's fingerprint
is presented to me, with the "minibuffer" reading "Would you like to
accept the key (y/n)?"

If i wait a minute or two, the server will drop the connection.  If i
then go ahead and choose "y", i get a segmentation fault.

     --dkg

- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages silc depends on:
ii  libc6                     2.7-10         GNU C Library: Shared libraries
ii  libglib2.0-0              2.16.3-2       The GLib library of C routines
ii  libncurses5               5.6+20080308-1 Shared libraries for terminal hand
ii  libsilc-1.1-2             1.1.7-1        SILC library (silc-toolkit)

silc recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQIVAwUBSDNsS8zS7ZTSFznpAQIlyQ//XbRInZLrb7kzsR/Nk82JMaxGg/mIRgvv
aANPQ13HKzKmZs6sjhnoEcTu/C5GprnZ1OtjELUw7vKjeug/UUKkaE7xwsQsEUeS
2E4EdVPT7pRm/HWpEWks3cnTTmbLFwGI+L6kql7+P/ZaVXbxZLb8XABn2l1gk7e9
sW23gbldm84AwKrrkHxQ5vISt5opEjKVbl2BCecS6lOoGe7O7HVYeGM95CIF/EGc
l7d/p3jSXDlnqOQKyUSf8M1Kp83g0de6SN8azY44UH526wjQplioQihBQwA3uBbS
mqvDGs7ndAdkEHzHfynaf/p/9kxFl8svHIylv4g/Pg9pkTw6SlYn7lWyHR3ciPA+
VgUFSWbYvaHICw4XMblfntsomOJyKchDLF6CNNSXTeQ2W32PrvGeDNuH5pTV0jpn
09T2IDbOoAvBi4L5EWtq1z6vVHttvyCfVMMr07ZWqmXbZAUdT6aKDqD/7eCoQK3/
scNpTYXmFskGZsBIeKBf7DLztd9D2cZfUBo/xbGhOhvnBGcQcP5LBE+CwqrecQER
SzjWx2LasdqyAxSVdPYOSUZrBbhQosB+bvIUQz1GzBcDZbPhSnDqQ6Y9U4mOTcex
z63KrH9V/plSpuljX9yLYXcvLLTY7WTqRJd5bhb1lsSDfEt6buV4rr9BHE/PmUsC
3t7mcfNGp+Y=
=Y+HO
-----END PGP SIGNATURE-----

Message #10 received at submit@bugs.debian.org (full text, mbox, reply):

From: Micah Anderson <micah@riseup.net>

To: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>, 482145@bugs.debian.org

Cc: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: Bug#482145: silc segfaults if i delay accepting a server's key until after the server drops the connection

Date: Fri, 20 Jun 2008 13:52:58 -0400

[Message part 1 (text/plain, inline)]

* Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> [2008-06-20 17:51-0400]:
> Package: silc
> Version: 1.1.4-1+b1
> Severity: normal
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Using the regular silc client (built as a standalone, not with the
> irssi plugin), if i connect to a new server, the server's fingerprint
> is presented to me, with the "minibuffer" reading "Would you like to
> accept the key (y/n)?"
> 
> If i wait a minute or two, the server will drop the connection.  If i
> then go ahead and choose "y", i get a segmentation fault.

This same behavior happens with the irssi-plugin. Additionally, if you
choose 'n' you get the segfault, it just has to do with the server
timeout. You are forced to pick one of the two options even when the
server times out, and both produce a segfault. 

micah

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 482145@bugs.debian.org (full text, mbox, reply):

From: Jérémy Bobbio <lunar@debian.org>

To: silc-devel@lists.silcnet.org

Cc: 482145@bugs.debian.org

Subject: silc client segfaults if key is verified after disconnection

Date: Fri, 11 Jul 2008 21:22:03 +0200

[Message part 1 (text/plain, inline)]

Hi!

I have spent some time trying to fix the bug reported to the Debian SILC
package as #482145 [1], but solving this might require some pretty bad
tricks (or an API change).

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482145

In the silc client (or the irssi plugin), during the first connection
to an unknown server, the client asks the user about the key.  It's
pretty easy to start the connection and jump to do something else while
the client is connecting (especially if the network is slow).

If the answer takes too much time to come, the remote server will simply
drop the connection.  But the minibuffer is still asking for a reply,
and answering will result in a segfault.

This segfault will be triggered by
client_ops.c:verify_public_key_completion() when calling
silc_pkcs_save_public_key() with a free'd public_key.

I have tried to resolve the issue by trying to verify the connection
status in verify_public_key_completion().  But "verify->conn" is already
free'd as well.

The SILC_SERVER_REC has a "disconnected" field, which seems to be
updated when the server is disconnected.  So I thought about adding
another field of type SILC_SERVER_REC * to PublicKeyVerify, but there
seems to be no way to get a proper reference.

When the PublicKeyVerify structure is initialized in
silc_verify_public_key_internal(), SilcClientConnection has just been
created by silc_client_add_connection() and the caller of
silc_client_connect_to_server() has no way to set the context field at
that time.

So well, here's my current findings, and I don't think that I will be
able to solve this issue without some external help. :)

Cheers,
-- 
Jérémy Bobbio                        .''`. 
lunar@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   

[signature.asc (application/pgp-signature, inline)]

Message #25 received at 482145@bugs.debian.org (full text, mbox, reply):

From: Skywing <Skywing@valhallalegends.com>

To: Jérémy Bobbio <lunar@debian.org>, "silc-devel@lists.silcnet.org" <silc-devel@lists.silcnet.org>

Cc: "482145@bugs.debian.org" <482145@bugs.debian.org>

Subject: RE: silc client segfaults if key is verified after disconnection

Date: Fri, 11 Jul 2008 14:47:21 -0500

Kp <kp at valhallalegends.com> and myself have already been working (somewhat) on a fix for this as time permits.  There are some fundamental design problems, however, as the SilcClientConnection object is not referenced counted as it must be (as you have noticed).

All of the key confirmation prompts suffer from this flaw.  I've got a fix for /getkey being broken, other than the lack of reference counting for the SilcClient and SilcClientConnection objects.  There is nothing that can really be done about the SilcClient object not being refcounted - somewhat of a design problem in the exposed interface of the silc client library unfortunately - but as long as you don't unload the silc .so in irssi while it is running, you shouldn't run into trouble there.  The SilcClientConnection issue remains, but as that seems to have its lifetime more or less controlled by the library itself, it seems more feasible to fix (if somewhat of a pain to inject reference counting into things after the fact that should have been referenced counted in the first place.)

The other option is to modify irssi to add a way to cancel the keyboard input prompt, but this looked nontrivial, and even if that were done, there are still other issues with the key prompt system that need to be carefully looked at.

- S

-----Original Message-----
From: silc-devel-bounces@lists.silcnet.org [mailto:silc-devel-bounces@lists.silcnet.org] On Behalf Of Jérémy Bobbio
Sent: Friday, July 11, 2008 3:22 PM
To: silc-devel@lists.silcnet.org
Cc: 482145@bugs.debian.org
Subject: silc client segfaults if key is verified after disconnection

Hi!

I have spent some time trying to fix the bug reported to the Debian SILC package as #482145 [1], but solving this might require some pretty bad tricks (or an API change).

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482145

In the silc client (or the irssi plugin), during the first connection to an unknown server, the client asks the user about the key.  It's pretty easy to start the connection and jump to do something else while the client is connecting (especially if the network is slow).

If the answer takes too much time to come, the remote server will simply drop the connection.  But the minibuffer is still asking for a reply, and answering will result in a segfault.

This segfault will be triggered by
client_ops.c:verify_public_key_completion() when calling
silc_pkcs_save_public_key() with a free'd public_key.

I have tried to resolve the issue by trying to verify the connection status in verify_public_key_completion().  But "verify->conn" is already free'd as well.

The SILC_SERVER_REC has a "disconnected" field, which seems to be updated when the server is disconnected.  So I thought about adding another field of type SILC_SERVER_REC * to PublicKeyVerify, but there seems to be no way to get a proper reference.

When the PublicKeyVerify structure is initialized in silc_verify_public_key_internal(), SilcClientConnection has just been created by silc_client_add_connection() and the caller of
silc_client_connect_to_server() has no way to set the context field at that time.

So well, here's my current findings, and I don't think that I will be able to solve this issue without some external help. :)

Cheers,
--
Jérémy Bobbio                        .''`.
lunar@debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'`
                                      `-

Message #30 received at 482145@bugs.debian.org (full text, mbox, reply):

From: Pekka Riikonen <priikone@iki.fi>

To: Skywing <Skywing@valhallalegends.com>

Cc: Jérémy Bobbio <lunar@debian.org>, "silc-devel@lists.silcnet.org" <silc-devel@lists.silcnet.org>, "482145@bugs.debian.org" <482145@bugs.debian.org>

Subject: RE: silc client segfaults if key is verified after disconnection

Date: Sat, 12 Jul 2008 11:45:35 +0200 (CEST)

[Message part 1 (text/plain, inline)]

On Fri, 11 Jul 2008, Skywing wrote:

: All of the key confirmation prompts suffer from this flaw.  I've got a 
: fix for /getkey being broken, other than the lack of reference counting 
: for the SilcClient and SilcClientConnection objects.  There is nothing 
: that can really be done about the SilcClient object not being refcounted 
:
Both of you have stumbled to the fundamental problem of most asynchronous 
operations; the inability to control them.  That's why SILC's runtime 
provides the SILC Async Operation API (from 1.2 docs: 
http://srt.silc.fi/silcasync_hsilcutil2FAsync20Operation20Interface.html)

Here in a psuedo-code fashion is one way to fix this and all other prompt 
problems in SILC Client:

In this particular problem reported by Jérémy we can fix this by wrapping 
the keyboard_entry_redirect call to our own call that uses the 
SilcAyncOperation:

SilcAsyncOperation
my_keyboard_entry_redirect(SIGNAL_FUNC func,
                           SilcAsyncOperationAbort abort_callback,
                           const char *entry, int flags, void *data)
{
  SilcAsyncOperation op = silc_async_alloc(abort_callback, NULL, data);
  keyboard_entry_redirect(func, format, flags, data);
  return op;
}

The returned op would be saved to some location where it is globally 
available, say, inside SILC_SERVER_REC.  Some other context could be used 
too, but just for the purpose of this example let's use that.

To present user with the key verification prompt, we now would call:

  server->prompt_op = 
    my_keyboard_entry_redirect(verify_public_key_completion,
                               verify_public_key_abort,
                               format, 0, verify);

If the server connection is now closed or whatever happens that would 
invalidate the data inside the structure we used with the call above, we 
now call in whatever callback client library called to indicate the 
disconnection:

  silc_async_abort(server->prompt_op, NULL, NULL);

This will call the verify_public_key_abort which must now mark the 
operation aborted:

void verify_public_key_abort(SilcAsyncOperation op, void *context)
{
  PublicKeyVerify verify = context;
  verify->aborted = TRUE;
}

When the verify_public_key_completion is finally called when user actually 
answers the prompt, we check:

  if (verify->aborted) {
    /* We was aborted, do nothing */
    silc_free(verify);
    server->prompt_op = NULL;
    return;
  }

  /* We wasn't aborted, free operation and proceed */
  silc_async_free(server->prompt_op);
  server->prompt_op = NULL;

NULLing the operation is important to avoid using it accidentally.  Of 
course the operation context must be saved into some place that itself 
cannot be freed underneath the async call.  I'm not sure SILC_SERVE_REC is 
the correct place even though I used it in this example.

The SILC Client Library should use SilcAsyncOperations with all client ops 
it calls to application that take completion callbacks as argument so that 
the library itself could abort the client ops.  This however would require 
changing the SilcClientOperations API...

	Pekka
________________________________________________________________________
 Pekka Riikonen                                 priikone at silcnet.org
 Secure Internet Live Conferencing (SILC)       http://silcnet.org/

Message #35 received at 482145@bugs.debian.org (full text, mbox, reply):

From: Skywing <Skywing@valhallalegends.com>

To: Pekka Riikonen <priikone@iki.fi>

Cc: Jérémy Bobbio <lunar@debian.org>, "silc-devel@lists.silcnet.org" <silc-devel@lists.silcnet.org>, "482145@bugs.debian.org" <482145@bugs.debian.org>

Subject: RE: silc client segfaults if key is verified after disconnection

Date: Sat, 12 Jul 2008 10:44:32 -0500

This sounds reasonable enough (still has the problem where we can't safely unload the .so containing the callback, but don't think that is realistically getting fixed at this point).

I'll see about providing you with a patch that fixes this using the suggested method + does the additional work (above and beyond the SilcAsyncOperation wrappering) required to fix /getkey.

- S

-----Original Message-----
From: Pekka Riikonen [mailto:priikone@iki.fi]
Sent: Saturday, July 12, 2008 5:46 AM
To: Skywing
Cc: Jérémy Bobbio; silc-devel@lists.silcnet.org; 482145@bugs.debian.org
Subject: RE: silc client segfaults if key is verified after disconnection

On Fri, 11 Jul 2008, Skywing wrote:

: All of the key confirmation prompts suffer from this flaw.  I've got a
: fix for /getkey being broken, other than the lack of reference counting
: for the SilcClient and SilcClientConnection objects.  There is nothing
: that can really be done about the SilcClient object not being refcounted
:
Both of you have stumbled to the fundamental problem of most asynchronous
operations; the inability to control them.  That's why SILC's runtime
provides the SILC Async Operation API (from 1.2 docs:
http://srt.silc.fi/silcasync_hsilcutil2FAsync20Operation20Interface.html)

Here in a psuedo-code fashion is one way to fix this and all other prompt
problems in SILC Client:

In this particular problem reported by Jérémy we can fix this by wrapping
the keyboard_entry_redirect call to our own call that uses the
SilcAyncOperation:

SilcAsyncOperation
my_keyboard_entry_redirect(SIGNAL_FUNC func,
                           SilcAsyncOperationAbort abort_callback,
                           const char *entry, int flags, void *data)
{
  SilcAsyncOperation op = silc_async_alloc(abort_callback, NULL, data);
  keyboard_entry_redirect(func, format, flags, data);
  return op;
}

The returned op would be saved to some location where it is globally
available, say, inside SILC_SERVER_REC.  Some other context could be used
too, but just for the purpose of this example let's use that.

To present user with the key verification prompt, we now would call:

  server->prompt_op =
    my_keyboard_entry_redirect(verify_public_key_completion,
                               verify_public_key_abort,
                               format, 0, verify);

If the server connection is now closed or whatever happens that would
invalidate the data inside the structure we used with the call above, we
now call in whatever callback client library called to indicate the
disconnection:

  silc_async_abort(server->prompt_op, NULL, NULL);

This will call the verify_public_key_abort which must now mark the
operation aborted:

void verify_public_key_abort(SilcAsyncOperation op, void *context)
{
  PublicKeyVerify verify = context;
  verify->aborted = TRUE;
}

When the verify_public_key_completion is finally called when user actually
answers the prompt, we check:

  if (verify->aborted) {
    /* We was aborted, do nothing */
    silc_free(verify);
    server->prompt_op = NULL;
    return;
  }

  /* We wasn't aborted, free operation and proceed */
  silc_async_free(server->prompt_op);
  server->prompt_op = NULL;

NULLing the operation is important to avoid using it accidentally.  Of
course the operation context must be saved into some place that itself
cannot be freed underneath the async call.  I'm not sure SILC_SERVE_REC is
the correct place even though I used it in this example.

The SILC Client Library should use SilcAsyncOperations with all client ops
it calls to application that take completion callbacks as argument so that
the library itself could abort the client ops.  This however would require
changing the SilcClientOperations API...

        Pekka
________________________________________________________________________
 Pekka Riikonen                                 priikone at silcnet.org
 Secure Internet Live Conferencing (SILC)       http://silcnet.org/

Message #40 received at 482145@bugs.debian.org (full text, mbox, reply):

From: Skywing <Skywing@valhallalegends.com>

To: Pekka Riikonen <priikone@iki.fi>

Cc: Jérémy Bobbio <lunar@debian.org>, "silc-devel@lists.silcnet.org" <silc-devel@lists.silcnet.org>, "482145@bugs.debian.org" <482145@bugs.debian.org>

Subject: RE: silc client segfaults if key is verified after disconnection

Date: Sat, 12 Jul 2008 11:37:01 -0500

Just to note, things are a bit more complicated than this because irssi leaks memory if you overlap multiple keyboard input requests (it apparently stores it's state in a global and happily overwrites the pointer without freeing the old value if a new prompt comes in while the old one is there according to my examinations), so we need to block additional prompts until the actual underlying prompt callback is called by irssi.  However, my patch accounts for this.  I should have something to send later today after I finish testing.

- S

-----Original Message-----
From: Pekka Riikonen [mailto:priikone@iki.fi]
Sent: Saturday, July 12, 2008 5:46 AM
To: Skywing
Cc: Jérémy Bobbio; silc-devel@lists.silcnet.org; 482145@bugs.debian.org
Subject: RE: silc client segfaults if key is verified after disconnection

On Fri, 11 Jul 2008, Skywing wrote:

: All of the key confirmation prompts suffer from this flaw.  I've got a
: fix for /getkey being broken, other than the lack of reference counting
: for the SilcClient and SilcClientConnection objects.  There is nothing
: that can really be done about the SilcClient object not being refcounted
:
Both of you have stumbled to the fundamental problem of most asynchronous
operations; the inability to control them.  That's why SILC's runtime
provides the SILC Async Operation API (from 1.2 docs:
http://srt.silc.fi/silcasync_hsilcutil2FAsync20Operation20Interface.html)

Here in a psuedo-code fashion is one way to fix this and all other prompt
problems in SILC Client:

In this particular problem reported by Jérémy we can fix this by wrapping
the keyboard_entry_redirect call to our own call that uses the
SilcAyncOperation:

SilcAsyncOperation
my_keyboard_entry_redirect(SIGNAL_FUNC func,
                           SilcAsyncOperationAbort abort_callback,
                           const char *entry, int flags, void *data)
{
  SilcAsyncOperation op = silc_async_alloc(abort_callback, NULL, data);
  keyboard_entry_redirect(func, format, flags, data);
  return op;
}

The returned op would be saved to some location where it is globally
available, say, inside SILC_SERVER_REC.  Some other context could be used
too, but just for the purpose of this example let's use that.

To present user with the key verification prompt, we now would call:

  server->prompt_op =
    my_keyboard_entry_redirect(verify_public_key_completion,
                               verify_public_key_abort,
                               format, 0, verify);

If the server connection is now closed or whatever happens that would
invalidate the data inside the structure we used with the call above, we
now call in whatever callback client library called to indicate the
disconnection:

  silc_async_abort(server->prompt_op, NULL, NULL);

This will call the verify_public_key_abort which must now mark the
operation aborted:

void verify_public_key_abort(SilcAsyncOperation op, void *context)
{
  PublicKeyVerify verify = context;
  verify->aborted = TRUE;
}

When the verify_public_key_completion is finally called when user actually
answers the prompt, we check:

  if (verify->aborted) {
    /* We was aborted, do nothing */
    silc_free(verify);
    server->prompt_op = NULL;
    return;
  }

  /* We wasn't aborted, free operation and proceed */
  silc_async_free(server->prompt_op);
  server->prompt_op = NULL;

NULLing the operation is important to avoid using it accidentally.  Of
course the operation context must be saved into some place that itself
cannot be freed underneath the async call.  I'm not sure SILC_SERVE_REC is
the correct place even though I used it in this example.

The SILC Client Library should use SilcAsyncOperations with all client ops
it calls to application that take completion callbacks as argument so that
the library itself could abort the client ops.  This however would require
changing the SilcClientOperations API...

        Pekka
________________________________________________________________________
 Pekka Riikonen                                 priikone at silcnet.org
 Secure Internet Live Conferencing (SILC)       http://silcnet.org/

Message #45 received at 482145@bugs.debian.org (full text, mbox, reply):

From: Skywing <Skywing@valhallalegends.com>

To: "482145@bugs.debian.org" <482145@bugs.debian.org>

Subject: FW: [PATCH] Fix for crash on expired keyboard_redirect prompt (i.e. crash on confirm server key change after disconnect from server)

Date: Sun, 9 Nov 2008 01:12:25 -0600

[Message part 1 (text/plain, inline)]

Forwarding this on to the debian bug tracking system, as there’s now a patch available (upstream has been notified and asked to integrate it, but they haven’t checked mail yet today).

You can git pull the patch using the information specified below from valera’s git daemon.

- S

From: silc-devel-bounces@lists.silcnet.org [mailto:silc-devel-bounces@lists.silcnet.org] On Behalf Of Skywing
Sent: Saturday, November 08, 2008 7:17 PM
To: silc-devel@lists.silcnet.org
Cc: Kp
Subject: [PATCH] Fix for crash on expired keyboard_redirect prompt (i.e. crash on confirm server key change after disconnect from server)

Hello,

The following changes ( available for git pulling @ git://valera-ext.nynaeve.net/silc.git ) fix the problem where an expired keyboard_redirect prompt (e.g. to confirm a server key change) crashes the silc client due to use after free.  The fix did require substantial reworking of how keyboard redirection works in the silc irssi frontend / silc irssi plugin, as they’re now wrapped in a silc_async wrapper.

I left the initial prompt for private key passphrase at boot time alone, since it doesn’t really have a problem with expiration due to the nature of it.

If a keyboard prompt request is made while a stale prompt is still pending, the new request is denied.  Until the irssi folks fix their keyboard_input_redirect API, this is the best we can do, as there’s no way to cancel a pending keyboard_input_redirect call, and making a new such request while a previous one was pending is a memory leak.

A more elegant solution would have been to cancel the outstanding keyboard_input_redirect request, but that requires major changes to how irssi’s keyboard input redirect pluggable system works, so this will have to do for now.  (A bug about that API being kinda broken by design has been entered in irssi’s bug tracking system.)

--

commit 5e7b2671da238a39001d1c4eb79f87ac56c2add2
Author: Skywing <skywing@valhallalegends.com>
Date:   Sat Nov 8 17:54:03 2008 -0500

    Fix crash on expired keyboard prompts



The following commits are also recommended to be included if they’re not already:


commit 9ada9d21e5378510e745b837035eac5b7b73d14c
Author: Skywing <skywing@valhallalegends.com>
Date:   Sat Jun 28 00:21:51 2008 -0500

    Add reference counting to SilcClientEntry/SilcServerEntry for getkey response.

    This is necessary in case the entry goes away before the user responds to the
    keyboard input request.  (Fix for getkey crash if a user logs off before one
    responds to the getkey prompt.)

commit 6fbdb9acb4b8f4f90632c5b317c4daf81f7b2ec4
Author: Skywing <skywing@valhallalegends.com>
Date:   Sat Jun 28 00:12:18 2008 -0500

    Fix initialization/deinitialization of various Silc*Entry objects.

    A number of init/deinit cases were failing to clean up
    certain resources.

commit 9145000948d0df9c9db99beb8d2f0855ba88e40c
Author: Skywing <skywing@valhallalegends.com>
Date:   Fri Jun 27 23:44:03 2008 -0500

    Fix reference counting for SilcServerEntry objects,

    analogous to the previous fixes for the broken
    reference counting for SilcChannelEntry and
    SilcClientEntry objects.

- S

[Message part 2 (text/html, inline)]

[ATT00001.c (text/plain, attachment)]

Message #54 received at 482145-close@bugs.debian.org (full text, mbox, reply):

From: Jérémy Bobbio <lunar@debian.org>

To: 482145-close@bugs.debian.org

Subject: Bug#482145: fixed in silc-client 1.1.7-1

Date: Fri, 24 Jul 2009 23:00:18 +0000

Source: silc-client
Source-Version: 1.1.7-1

We believe that the bug you reported is fixed in the latest version of
silc-client, which is due to be installed in the Debian FTP archive:

irssi-plugin-silc-dbg_1.1.7-1_i386.deb
  to pool/main/s/silc-client/irssi-plugin-silc-dbg_1.1.7-1_i386.deb
irssi-plugin-silc_1.1.7-1_i386.deb
  to pool/main/s/silc-client/irssi-plugin-silc_1.1.7-1_i386.deb
silc-client_1.1.7-1.diff.gz
  to pool/main/s/silc-client/silc-client_1.1.7-1.diff.gz
silc-client_1.1.7-1.dsc
  to pool/main/s/silc-client/silc-client_1.1.7-1.dsc
silc-client_1.1.7.orig.tar.gz
  to pool/main/s/silc-client/silc-client_1.1.7.orig.tar.gz
silc_1.1.7-1_all.deb
  to pool/main/s/silc-client/silc_1.1.7-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 482145@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Bobbio <lunar@debian.org> (supplier of updated silc-client package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 26 Jun 2009 15:14:26 +0200
Source: silc-client
Binary: irssi-plugin-silc irssi-plugin-silc-dbg silc
Architecture: source i386 all
Version: 1.1.7-1
Distribution: unstable
Urgency: low
Maintainer: Debian SILC Team <pkg-silc-devel@lists.alioth.debian.org>
Changed-By: Jérémy Bobbio <lunar@debian.org>
Description: 
 irssi-plugin-silc - SILC plugin for irssi
 irssi-plugin-silc-dbg - debug symbols for the SILC plugin for irssi
 silc       - transitional package for the SILC client
Closes: 448186 476177 482145 522080
Changes: 
 silc-client (1.1.7-1) unstable; urgency=low
 .
   [ Jérémy Bobbio ]
   * New upstream release:
     - Fix crash on expired keyboard prompts.  (Closes: #482145)
   * Update Vcs-* field and document Git usage in README.source.
   * Update watch file.
   * Build-Depends on libsilc-dev instead of libsilc-1.1-2-dev, as provided by
     silc-toolkit 1.1.9-1.
   * Since Debian Policy 3.8.0, embedded code copy are officially not allowed in
     Debian anymore.  As it was a minor fork of irssi, the silc package
     providing the official SILC client has been discontinued.
   * Use a custom build system for the irssi plugin.  We now Build-Depends on
     irssi-dev instead of relying on irssi embedded code copy.
     (Closes: #448186, #522080)
   * Remove extra symlinks for irssi plugin.  (Closes: #476177)
   * Ship the silc package as a transitional package which depends
     on irssi and irssi-plugin-silc and contains a NEWS file.
   * Bump Standards-Version to 3.8.2, no further changes required.
 .
   [ Daniel Kahn Gillmor ]
   * cleaned up debian/control: thanks, Lintian!
 .
   [ Micah Anderson ]
   * Changed installation of upstream CHANGES to ChangeLog
   * Added debugging symbols package irssi-plugin-silc-dbg
Checksums-Sha1: 
 4c2b4155f0eeb90d1910f81d0c96f4544b26ef18 1346 silc-client_1.1.7-1.dsc
 9f86fc0e774acde43a28ffd9f271f8dc5bbc133b 1999852 silc-client_1.1.7.orig.tar.gz
 254f5b95563bffc771fc10ee027c75d15f88e492 12512 silc-client_1.1.7-1.diff.gz
 5dd9e08193758ba87ce0ba63d6a3c7ab3fd0257f 134916 irssi-plugin-silc_1.1.7-1_i386.deb
 5e561d960867ee5b50243c5c74ccb5f4c7426633 200220 irssi-plugin-silc-dbg_1.1.7-1_i386.deb
 8d55e898c657eb6966a69fdc6c24973ed36bacfb 11412 silc_1.1.7-1_all.deb
Checksums-Sha256: 
 94695b008b79d1177eae2e83fb3d9146620e0bd7534462446ecb20a968c6fa30 1346 silc-client_1.1.7-1.dsc
 2d9b9099550a475648260b713b9192d28656230d71d9fab12798df6ab4c2f9ad 1999852 silc-client_1.1.7.orig.tar.gz
 a7bc7e4cd6e87fb3e77dbae2d7372c49b995e95c04e644cb947165fb9379d25f 12512 silc-client_1.1.7-1.diff.gz
 e125388a1d03ffc6c41e9e33f3018b28a08f09becec5149a1473d6d6e47e2880 134916 irssi-plugin-silc_1.1.7-1_i386.deb
 d2653114e7fd7b2eb1a0c2b17e632c47b904e9f4762b7bc75550a549f1fbb0e7 200220 irssi-plugin-silc-dbg_1.1.7-1_i386.deb
 84b130ba4e49d47d78d5f296cf30953a722c626c1106af991e463a5a73f5fe98 11412 silc_1.1.7-1_all.deb
Files: 
 7f89e4f0b1b2c9d7fcc485971d754f64 1346 net optional silc-client_1.1.7-1.dsc
 1f92de53ea0e7a578210988620af97b2 1999852 net optional silc-client_1.1.7.orig.tar.gz
 f1fda9d3229cb9f3e35ee12f5a95f67f 12512 net optional silc-client_1.1.7-1.diff.gz
 fc8ba0001c5d6d392dcff07eee78655f 134916 net optional irssi-plugin-silc_1.1.7-1_i386.deb
 bb2e9c2d8b3c95b77f96f543ca5a1ef0 200220 debug extra irssi-plugin-silc-dbg_1.1.7-1_i386.deb
 d448dfad1c7e2b5252c5fc1941073f8b 11412 net optional silc_1.1.7-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpotbQACgkQ2PUjs9fQ72VnlQCgl+nNrL+uqgdgz0zeGxQ720te
+lcAoJdfqM8FMqJC3mBimbtCv7o8QMIn
=EdAz
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.