[Xastir] Xastir release 2.1.6 has been published.

Sat Apr 18 10:28:22 PDT 2020

Right, with SUID root, AX25 socket is connectable.

With this computer, it is the first time I use update-xastir script :

- I had an old Debian package purged (apt-get purge xastir) never used 
with AX25 port before switching to GIT
- Previous binary was first built from GIT
- Actual binary is built after use of update-xastir script

The real problem is probably the user (me...) because I do not remember 
if I changed permissions before the first use from GIT.

My AX.25 setup is :
- one "aprs" port described in /etc/ax25/axports
- the following startup (with systemd) script to use an old Baycom on a 
serial port

****************************************************
modprobe mkiss
modprobe hdlcdrv
modprobe baycom_ser_fdx
setserial /dev/ttyS0 uart none
sethdlc -p -i bcsf0 mode "ser12*" io 0x3f8 irq 4
sethdlc -i bcsf0 -a txd 200 slot 100 ppersist 40 half
ifconfig bcsf0 192.168.2.1 hw ax25 F4ACU-3 up
****************************************************

73

Matthieu
F4ACU

Le 18/04/2020 à 18:49, Tom Russo a écrit :
> On Sat, Apr 18, 2020 at 06:37:23PM +0200, we recorded a bogon-computron collision of the <mlhpub at free.fr> flavor, containing:
>> It was not :
>>
>> -rwxr-xr-x 1 root staff 1437288 avril 18 12:54 xastir
>>
>> And now :
>>
>> -rwxr-sr-x 1 root xastir-ax25 1437288 avril 18 12:54 xastir
>>
>> Does not change anything.
>>
>> Maybe I should remove the app and reinstall ?
> I would not expect that to help in any way.
>
> There is an issue with how your AX.25 setup is done, and it isn't Xastir's
> doing.  Without knowing that, it is hard to say what is wrong.  The most
> common set-up of AX.25 requires that Xastir be SUID root, but this has been
> discussed as "insecure" for so long that some systems have other solutions,
> including various group memberships (like, say, xastir-ax25?).
>
> You could try the more drastic measure of just setting Xastir to have SUID
> root, which *should* make it able to connect to AX.25 interfaces no matter
> how your system is configured.
>
>    sudo chmod u+s /usr/local/bin/xastir
>
> If that fixes things, you have to figure out why the supposedly more secure
> group membership issue wasn't working.  You'll also have to figure out what
> you did differently when you installed *this* binary compared to what you did
> the last time.  If you had it working before, doing the same thing you did
> to get it working before should have worked this time.
>
> The "update-xastir" script does none of this work for you --- it just builds
> and installs the binary.  You have to do the permissions/security stuff
> yourself.  These only impact AX.25 networking, which is the only thing Xastir
> needs special permissions to use.
>
> How had you installed Xastir previously?  Was it via a package, or via
> a source install?
>
>> Le 18/04/2020 ?? 17:50, Tom Russo a ??crit??:
>>> On Sat, Apr 18, 2020 at 03:08:05PM +0200, we recorded a bogon-computron collision of the <mlhpub at free.fr> flavor, containing:
>>>> Sorry, I forgot an important point : the user which run Xastir is still
>>>> member of xastir-ax25 and dialout groups.
>>> And are you sure that the binary you installed is sgid xastir-ax25?
>>>
>>> sudo chmod g+s /usr/local/bin/xastir
>>> sudo chown :xastir-ax25 /usr/local/bin/xastir
>>>
>>>> Le 18/04/2020 ?? 13:11, MLHPUB a ??crit??:
>>>>> Hi Tom,
>>>>>
>>>>> Thanks for update !
>>>>> I just have run ./update-xastir script which downloaded and installed
>>>>> v2.1.7.
>>>>>
>>>>> With this version, the TNC AX25 interface does not start anymore.
>>>>> I checked its name in /etc/ax25/axports where it is correct.
>>>>>
>>>>> Any idea ?
>>>>>
>>>>> 73 de F4ACU
>>>>>
>>>>> Matthieu
>>>>>
>>>>>
>>>>> Le 18/04/2020 ?? 00:51, Tom Russo a ??crit??:
>>>>>> I just pushed out a point release of Xastir 2.1.6.
>>>>>>
>>>>>> Users of the master branch code will see no difference --- it's just that
>>>>>> we need a numbered release available so that pacakge maintainer can get
>>>>>> the benefit of all the changes that have happened since 2.1.4 back
>>>>>> in July
>>>>>> of 2019.
>>>>>>
>>>>>> If you're a package maintainer for any distro and were stuck at version
>>>>>> 2.1.4, you might well want to update to 2.1.6 now --- especially if the
>>>>>> distro you're working on is getting ready to lock down package versions.
>>>>>>
>>>>>> Note that some optional features have been removed --- notably, dbfawk
>>>>>> is now required for shapelib support, which means pcre is not optional.
>>>>>> The "--with-dbfawk" and "--with-pcre" options of configure are removed.
>>>>>> If shapefile support is requested then pcre is required, and
>>>>>> automatically
>>>>>> enables dbfawk.?? These are all controlled by the single "--with-shapelib"
>>>>>> option.
>>>>>>
>>>>>> Release notes and downloadable source archives at:
>>>>>> https://github.com/Xastir/Xastir/releases/tag/Release-2.1.6
>>>>>>
>>>>>> Share and Enjoy.
>>>>>>
>>>>>> The master branch now identifies itself as version "2.1.7" (as is our
>>>>>> custom on this project, odd numbers mean "version of the day off master"
>>>>>> and even are tagged releases).
>>>>>>
>>>>> _______________________________________________
>>>>> Xastir mailing list
>>>>> Xastir at lists.xastir.org
>>>>> http://xastir.org/mailman/listinfo/xastir
>>>> _______________________________________________
>>>> Xastir mailing list
>>>> Xastir at lists.xastir.org
>>>> http://xastir.org/mailman/listinfo/xastir
>> _______________________________________________
>> Xastir mailing list
>> Xastir at lists.xastir.org
>> http://xastir.org/mailman/listinfo/xastir