Re: ITP: oqapy -- Photographic workflow application

[Andrew Shadura]

Hello,

On Thu, 01 Mar 2012 06:42:24 +0100
Vincent Vande Vyvre  wrote:

> This application is designed to handle large collection of image files
> with full support of metadatas include geolocalisation.

Sorry for this little pedantism, but data is already plural (singular
form is datum), so no need to add 's' to the word to pluralise it.

Please report this to upstream as I see they use 'datas' at least at
their website.

-- 
WBR, Andrew


signature.asc
Description: PGP signature

Re: Enabling hardened build flags for Wheezy

[Stefano Zacchiroli]

On Wed, Feb 29, 2012 at 02:57:03PM -0800, Russ Allbery wrote:
> It's a little tricky because hardening-check is prone to false
> positives (through no fault of its own; it's just a limitation of what
> one can check).

Didn't lintian split severity/certainty levels for use cases like this
one?

-- 
Stefano Zacchiroli zack@{upsilon.cc,pps.jussieu.fr,debian.org} . o .
Maître de conférences   ..   http://upsilon.cc/zack   ..   . . o
Debian Project Leader...   @zack on identi.ca   ...o o o
« the first rule of tautology club is the first rule of tautology club »


signature.asc
Description: Digital signature

Bug#661771: ITP: node-libravatar -- libravatar library for NodeJS

[Francois Marier]

Package: wnpp
Severity: wishlist
Owner: Francois Marier 

* Package name: node-libravatar
  Version : 1.1.0
  Upstream Author : Francois Marier 
* URL : https://github.com/fmarier/node-libravatar
* License : MIT
  Programming Lang: Javascript
  Description : libravatar library for NodeJS



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20120301080819.6652.11999.report...@isafjordur.dyndns.org

Re: upstart: please update to latest upstream version

[Goswin von Brederlow]

Marco d'Itri  writes:

> On Feb 29, Russell Coker  wrote:
>
>> One thing that would be really convenient in such situations is the ability 
>> to 
>> have the old and new versions of the package installed such that the new 
>> version would run the old version if appropriate.
> Yes. Except that this was not applicable to udev because the 
> system-facing interfaces too were different between different versions.
> As I already explained countless times.
> Next?

What would have been trivial to do is to have udev-x.y packages that are
coinstallable and a simple udev binary that checks the kernel version
and features and then starts the right udev-x.y. Examples for this kind
of flexibility would be xen or lvm.

But then again udev also broke udev rules so you had to change the
conffiles to match the udev version. But at least that only affected
some rules, not all of udev, and was a more gradual effect.

But you've all heard that before and (you and upstream) still ignore it
and udev will keep having these problems and keep sucking for that
reason. By now I don't expect that to change. So EOD.

Udevs shortcommings weren't the point anyway, just an example to show
that we shouldn't have all of Debian depend solely on something similar.

MfG
Goswin


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87ehtc3e8h.fsf@frosties.localnet

Re: Enabling hardened build flags for Wheezy

[Thijs Kinkhorst]

On Thu, March 1, 2012 00:11, Patrick Matthaei wrote:
> Am 29.02.2012 23:57, schrieb Russ Allbery:
>> Patrick Matthaei  writes:
>>
>>> I fully support the hardening goal.
>>> May it be an option to add lintian errors (also non-fatal errors on
>>> ftp-master side) about missing-hardening-build in the future?

> But maybe it still would be an option to add am lintian warning
> (regarding your above arguments throwing an error would not be the right
> solution) about "maybe-missing-hardening"?
> The maintainer would be aware about this potential problem, check his
> package and if it is realy a false positive he still could overwrite it.

There's already some discussion in this bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650536


Cheers,
Thijs


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/eae9c0b5a7201e0f0d64b86ae3249a2c.squir...@wm.kinkhorst.nl

Re: Multiarch file overlap summary and proposal

[Marco d'Itri]

On Mar 01, Russ Allbery  wrote:

> The situation with refcounting seems much less fragile than the situation
> without refcounting to me.
I totally agree.

Also, why does refcounting have to be "perfect"?
What would break if it did not actually check that the two files 
provided by the same package for different architectures are identical?

-- 
ciao,
Marco


signature.asc
Description: Digital signature

Re: Bug#661765: ITP: oqapy -- Photographic workflow application

[Vincent Vande Vyvre]

Le 01/03/12 09:05, Andrew Shadura a écrit :
> Hello,
> 
> On Thu, 01 Mar 2012 06:42:24 +0100
> Vincent Vande Vyvre  wrote:
> 
>> This application is designed to handle large collection of image files
>> with full support of metadatas include geolocalisation.
> 
> Sorry for this little pedantism, but data is already plural (singular
> form is datum), so no need to add 's' to the word to pluralise it.
> 
> Please report this to upstream as I see they use 'datas' at least at
> their website.
> 
Hi,

Fixed, thanks

-- 
Vincent V.V.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f4f57ef.1040...@swing.be

Re: Enabling hardened build flags for Wheezy

[Nikolaus Rath]

Moritz Muehlenhoff  writes:
> Hi,
>
> dpkg-buildflags allows a uniform setting of default build flags for
> code written in C and C++. 
>
> Using dpkg-build-flags in your rules files has a number of benefits:
>[...]

Should packages of Python extensions written in C and using
distribute/setuptools worry about this, or will the debian setuptools
package be patched to use dpkg-build-flags?


Best,

   -Nikolaus

-- 
 »Time flies like an arrow, fruit flies like a Banana.«

  PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6  02CF A9AD B7F8 AE4E 425C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87k434xtub@inspiron.ap.columbia.edu

Re: Enabling hardened build flags for Wheezy

[Joey Hess]

Moritz Muehlenhoff wrote:
> 1. dpkg-buildflags exports hardened build flags. These hardened build
> flags mitigate/nullify some classes of security vulnerabilities and
> make exploitation of security problems more difficult. 

At least temporarily. Are you familiar with Return Oriented Programming
and similar technologies for getting around these protections?

-- 
see shy jo


signature.asc
Description: Digital signature

Re: upstart: please excuse me - update to latest upstream version

[John D. Hendrickson and Sara Darnell]

please excuse.  my post days ago may have sounded like "downing systemd"

however my power supply failed i could not correct myself :)



my feeling is "it is neat - as long as its not integrated where I must use it" (same as I said for 
dbus).  and I think it's great debian allows "conflicts" to be in same distro rather than "DD 
eliminators choosing between".


The reason for my comment is, on a "Wikipedia" page I read, it said systemd is an incompatible 
replacement for init(1) and that all major GNU Linux are using and moving to it (according to 
article).  That may well be simple ms information on a wiki page.


however I think "systemd" could launch "init" (could work together) for obvious compatibility / 
pre-exists reasons - and from what i read it suggests no such plan or todo


Thank you very much, -- John


John Paul Adrian Glaubitz wrote:

On Feb 21, 2012, at 7:23 PM, Thomas Goirand  wrote:

=

I always wondered: what's the point in having upstart in
Debian, when we don't really use it?



--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f4f9874.4010...@cox.net

Bug#661823: ITP: dune -- toolbox for solving PDEs

[Ansgar Burchardt]

Package: wnpp
Severity: wishlist
Owner: Ansgar Burchardt 

* Package name: dune-common, dune-geometry, dune-grid, dune-istl,
dune-localfunctions
  Version : 2.1 or 2.2
* URL : http://www.dune-project.org/
* License : GPL-2 with runtime exception (like libstdc++)
  Programming Lang: C++
  Description : toolbox for solving PDEs

Source: dune-common
Description: toolbox for solving PDEs -- basic classes (development files)
 DUNE, the Distributed and Unified Numerics Environment is a modular toolbox
 for solving partial differential equations (PDEs) with grid-based methods.
 It supports the easy implementation of methods like Finite Elements (FE),
 Finite Volumes (FV), and also Finite Differences (FD).
 .
 This package contains the development files for the basic classes.

Source: dune-geometry
Description: toolbox for solving PDEs -- geometry classes (development files)
 [...]
 This package contains the development files for the geometry classes.

Source: dune-grid
Description: toolbox for solving PDEs -- grid interface (development files)
 [...]
 This package contains the development files for the grid interface.

Source: dune-istl
Description: toolbox for solving PDEs -- iterative solvers (development files)
 [...]
 This package contains the development files for the iterative solver template
 library.

Source: dune-localfunctions
Description: toolbox for solving PDEs -- local basis (development files)
 [...]
 This package contains the development files for the interface for the local
 basis and layout of the degrees of freedom.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20120301163032.5064.65600.report...@deep-thought.43-1.org

Bug#661824: ITP: jel -- library for evaluating algebraic expressions in Java

[Florian Rothmaier]

Package: wnpp
Severity: wishlist
Owner: Florian Rothmaier 


* Package name: jel
  Version : 2.0.1
  Upstream Author : Konstantin Metlov 
* URL : http://www.gnu.org/software/jel/
* License : GPL-3
  Programming Lang: Java
  Description : library for evaluating algebraic expressions in Java

The JEL library enables users to enter algebraic expressions into their
programme. Since JEL converts expressions directly into Java bytecode,
it significantly speeds up their evaluation time. If the user's Java
virtual machine has a JIT compiler, expressions are transparently
compiled into native machine code.

JEL may be a very useful tool for a variety of applications in science
involving user-defined functions, e.g. to create plots, to apply fits
to a data set and to solve integrals or differential equations.
Another relevant use case for JEL is given by algebraic operations
between two or more columns of a database table.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120301165110.8463.8061.reportbug@auva224

Re: Enabling hardened build flags for Wheezy

[Arno Töll]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

On 01.03.2012 17:01, Joey Hess wrote:
> Moritz Muehlenhoff wrote:
>> 1. dpkg-buildflags exports hardened build flags. These hardened
>> build flags mitigate/nullify some classes of security
>> vulnerabilities and make exploitation of security problems more
>> difficult.
> 
> At least temporarily. Are you familiar with Return Oriented
> Programming and similar technologies for getting around these
> protections?

ASLR and similar technologies can further mitigate effects of
return-to-libc and type of attacks. That would lead us back to the
grsecurity/PaX discussion we had a few weeks ago.

The vanilla kernel itself has some ASLR protection as well, although I
think it is still not enabled by default in Debian (and is perhaps
weaker than PaX).


- -- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPT63aAAoJEMcrUe6dgPNtkvcP/0WYSZkPKv04VQFS9ljgO+qP
wLtSXvOYvIoizIzwylhY+hkSzHVCJdOBoLM43WVaM4SKDcr6DXC9CUtdkVJ36mm6
gG1CUpBo3GggDk5RTPXUkJAOld4uvjfRuB6LeDo5bXRqX9az2QSuSc3nr1r35Jx9
ICsXKIm/q9ECakxarPtVNXWQi7Y6UQVDfZ9ZElnya9Q3E97096DAhWwtp9NjQKRx
y5e93uhBB6zSxmfMoXCjB4zkSGPIuN0SYfdQevPYRPxLGPl/ImoBRWQVMRZ8gdrG
nfPQh5A/pWfaqzHzcEWJyY0KNd/FPpL3LvOcznUg49kdb73JhRVcLAz6u4dBlBpo
cuxIrnBnP35KeMYjE9QuMr8gZRTixg/4oJ/X7cuGlQqzZc0zVHMt4UepG60a50Zw
1bhhs+3NvbrFa3KNl5QSoOxdYeD/Ix6QqbwdtDbiwHQ2frSbfZzvYi4ouS5Tij4f
qKzN2v3N+z1tX4g2Ke1JBEXkkxGljmpV/4saEkHVVBNJ5sY+kzkiWaMwbZAgGS/5
CVhtgEKO9s3Tj9XbV3cMtzmZJCvg9OJMRFC9XXvBVdTKf+TovNZuu5Kxxr1urasp
AXe1YhzA8yTlcQr/XwZg8kjeeO5Dje5DMeJtDKDiZ22HProMk5138hlBriwIwery
VoMBm+kGED44ev/Qpi9F
=SBxE
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f4fadda.9080...@toell.net

Re: Enabling hardened build flags for Wheezy

[Arno Töll]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01.03.2012 18:11, Arno Töll wrote:
> The vanilla kernel itself has some ASLR protection as well,
> although I think it is still not enabled by default in Debian (and
> is perhaps
  ^^

KiBi corrected me. It is, sorry.


- -- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPT67dAAoJEMcrUe6dgPNttYsP/iq7lEQjSurZ6eHMk/vLjGKW
W0/lIMHkXsIIfRTPr/yqIO/fQZxZfob69NhaGd+o9px7Fw9XET8Zurm/Ko7edZTK
oND7116ki8jQkNsLGhe1j4BiFaz8rwJ6DoyD1p0bj+4BOV9ktgykv1Q7w8NxI7Et
vyawFfMGdYcokHxUlxzMK50eAVvxGYULPiY7WypcX2vYB6JsxN6+KlFsOKY4Hjy6
djKcpKU6sOavjs99xUTzWMSDjAfQXzYxXG7VFwqKGAQDCZeNH6MFvhBITbp4Sxa7
+GpfIOb/ZzpDwc2mSMarrKLjp+dwRQ565sRDEu79hmAkNa2E1F5Q1IK0tr26iOWC
2Q9HuJluaCdZkdy4x3kr6Xpy3SYQZvmbSFO9Mp+bq7DEvn16G45S89z1wcKIoYVf
XfhclBkRxHcGlD56UnqURdjkv8hiqCW8erX9vJMnYzcC02g1ScBMkyketQNEBFB5
L8ZjheUYetdBCBaDuG9BECWTHuPrSU5W4LT9GOEXAWkbxlqoLT2mhvjBF+Oyp8JK
O4LzPbY7EVMJww6B/iYJBePgklTpGHzQsOe1Z4iwsHI588mbMA2r1ngeczob90yU
+j7gPXUqg/aqN6k5V7V80zrqxNGk01Wd3L/FUj/uO6HzjIijfuBGGtjKpmMi15Ed
8JOP7eR6VNTDU1jqGJG2
=Wsiz
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4f4faede.7060...@toell.net

Re: Enabling hardened build flags for Wheezy

[Russ Allbery]

Stefano Zacchiroli  writes:
> On Wed, Feb 29, 2012 at 02:57:03PM -0800, Russ Allbery wrote:

>> It's a little tricky because hardening-check is prone to false
>> positives (through no fault of its own; it's just a limitation of what
>> one can check).

> Didn't lintian split severity/certainty levels for use cases like this
> one?

Yeah, but I'm still reluctant to introduce tags that we *know* will
generate false positives.  But in this case it's probably important enough
to warrant it.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877gz4goie@windlord.stanford.edu

Re: Multiarch file overlap summary and proposal

[Russ Allbery]

m...@linux.it (Marco d'Itri) writes:
> On Mar 01, Russ Allbery  wrote:

>> The situation with refcounting seems much less fragile than the situation
>> without refcounting to me.

> I totally agree.

> Also, why does refcounting have to be "perfect"?
> What would break if it did not actually check that the two files 
> provided by the same package for different architectures are identical?

Well, it would break most of the things that make it less fragile.  :)

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87399sgog4@windlord.stanford.edu

Bug#661840: ITP: rfcdiff -- IETF Internet Draft Difference Tool

[Scott Kitterman]

Package: wnpp
Severity: wishlist
Owner: Scott Kitterman 


* Package name: rfcdiff
  Version : 1.41
  Upstream Author : Henrik Levkowetz 
* URL : http://tools.ietf.org/tools/rfcdiff/
* License : GPL v2 or later
  Programming Lang: Bash and Python
  Description : IETF Internet Draft Difference Tool
  Takes two RFCs or Internet-Drafts in text form as input, and
  produces output which indicates the differences found in one of various
  forms. In all cases, page headers and page footers are stripped before
  looking for changes.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20120301193838.5682.16439.reportbug@Scott-Latitude-E6320

Re: Rebuild of the Debian archive with clang

[Vincent Bernat]

OoO Lors de la soirée naissante du mercredi 29 février 2012, vers 17:19,
Sylvestre Ledru  disait :

> If you are looking for the raw list, I published the files:
> 2.9:
> http://clang.debian.net/scanlog-2.9-2011-09-11
> 3.0:
> http://clang.debian.net/scanlog-3.0-2012-01-12

Is  it possible to  find why  a package  has not  been considered  to be
built?
-- 
Vincent Bernat ☯ http://vincent.bernat.im

printk("What? oldfid != cii->c_fid. Call 911.\n");
2.4.3 linux/fs/coda/cnode.c


pgpTKjM2LqUhN.pgp
Description: PGP signature

Re: Bug#661840: ITP: rfcdiff -- IETF Internet Draft Difference Tool

[Thomas Koch]

Scott Kitterman:
> Package: wnpp
> Severity: wishlist
> Owner: Scott Kitterman 
> 
> 
> * Package name: rfcdiff
>   Version : 1.41
>   Upstream Author : Henrik Levkowetz 
> * URL : http://tools.ietf.org/tools/rfcdiff/
> * License : GPL v2 or later
>   Programming Lang: Bash and Python
>   Description : IETF Internet Draft Difference Tool
>   Takes two RFCs or Internet-Drafts in text form as input, and
>   produces output which indicates the differences found in one of various
>   forms. In all cases, page headers and page footers are stripped before
>   looking for changes.

Hi Scott,

I started to collect small tools related to standard documents that I might 
have time to package as a whole once:
https://github.com/thkoch2001/Standard-Document-Tools

Would you like to include rfcdiff in that collection and maintain the whole 
package with me? There are other examples of such tool collection packages 
like emacs-goodies or devscripts.

Best regards,

Thomas Koch, http://www.koch.ro


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201203012149.25030.tho...@koch.ro

Re: Bug#661824: ITP: jel -- library for evaluating algebraic expressions in Java

[Salvo Tomaselli]

> The JEL library enables users to enter algebraic expressions into their
> programme. 

> Since JEL converts expressions directly into Java bytecode, it significantly
> speeds up their evaluation time. If the user's Java virtual machine has a
> JIT compiler, expressions are transparently compiled into native machine
> code.
Were the overheads of loading a JVM, compiling an expression to java bytecode, 
considered?
I ask because i doubt there can be any speed up at all.

Bye

-- 
Salvo Tomaselli


signature.asc
Description: This is a digitally signed message part.

Re: Bug#661840: ITP: rfcdiff -- IETF Internet Draft Difference Tool

[Scott Kitterman]

On Thursday, March 01, 2012 09:49:24 PM Thomas Koch wrote:
> Scott Kitterman:
> > Package: wnpp
> > Severity: wishlist
> > Owner: Scott Kitterman 
> > 
> > 
> > * Package name: rfcdiff
> > 
> >   Version : 1.41
> >   Upstream Author : Henrik Levkowetz 
> > 
> > * URL : http://tools.ietf.org/tools/rfcdiff/
> > * License : GPL v2 or later
> > 
> >   Programming Lang: Bash and Python
> >   Description : IETF Internet Draft Difference Tool
> >   Takes two RFCs or Internet-Drafts in text form as input, and
> >   produces output which indicates the differences found in one of
> >   various
> >   forms. In all cases, page headers and page footers are stripped
> >   before
> >   looking for changes.
> 
> Hi Scott,
> 
> I started to collect small tools related to standard documents that I might
> have time to package as a whole once:
> https://github.com/thkoch2001/Standard-Document-Tools
> 
> Would you like to include rfcdiff in that collection and maintain the whole
> package with me? There are other examples of such tool collection packages
> like emacs-goodies or devscripts.

This particular tool is only aimed at one narrow audience, people who are 
active in developing IETF standards.  I don't think it would fit in with other 
tools. 

Scott K

signature.asc
Description: This is a digitally signed message part.

Work-needing packages report for Mar 2, 2012

[wnpp]

The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.

Total number of orphaned packages: 443 (new: 15)
Total number of packages offered up for adoption: 144 (new: 0)
Total number of packages requested help for: 60 (new: 3)

Please refer to http://www.debian.org/devel/wnpp/ for more information.



The following packages have been orphaned:

   foremost (#661488), orphaned 3 days ago
 Description: Forensics application to recover data
 Installations reported by Popcon: 974

   fracplanet (#661455), orphaned 3 days ago
 Description: Fractal planet generator
 Installations reported by Popcon: 89

   libfreebasic (#661453), orphaned 3 days ago
 Description: FreeBASIC support library files
 Installations reported by Popcon: 10

   mazeofgalious (#661454), orphaned 3 days ago
 Description: The Maze of Galious
 Reverse Depends: mazeofgalious
 Installations reported by Popcon: 208

   nel (#661456), orphaned 3 days ago
 Description: Massive multi-user 3D game environments library
 Installations reported by Popcon: 11

   supertransball2 (#661457), orphaned 3 days ago
 Description: Thrust type of game
 Reverse Depends: supertransball2
 Installations reported by Popcon: 140

   supertux (#661458), orphaned 3 days ago
 Description: Classic 2D jump 'n run sidescroller with Tux
 Reverse Depends: supertux
 Installations reported by Popcon: 2039

   ttf-engadget (#661490), orphaned 3 days ago
 Description: Modern font from John Stracke
 Installations reported by Popcon: 585

   ttf-radisnoir (#661459), orphaned 3 days ago
 Description: Font inspired by Universal de Bayer and Bauhaus
 Installations reported by Popcon: 545

   ttf-ubuntu-title (#661462), orphaned 3 days ago
 Description: The font used to create the Ubuntu logo
 Installations reported by Popcon: 685

   unadf (#661461), orphaned 3 days ago
 Description: Extract files from an Amiga Disk File dump (.adf)
 Installations reported by Popcon: 187

   unmo3 (#661460), orphaned 3 days ago
 Description: Uncompress and extract samples from MO3 modules
 Installations reported by Popcon: 249

   wmbutton (#661120), orphaned 6 days ago
 Description: dockapp displaying nine configurable buttons
 Installations reported by Popcon: 124

   wmcpuload (#661121), orphaned 6 days ago
 Description: Dockapp that displays the current CPU usage
 Installations reported by Popcon: 277

   xdms (#661463), orphaned 3 days ago
 Description: An uncompressor for Amiga DMS archives
 Installations reported by Popcon: 158

428 older packages have been omitted from this listing, see
http://www.debian.org/devel/wnpp/orphaned for a complete list.



No new packages have been given up for adoption, but a total of 144 packages
are awaiting adoption.  See http://www.debian.org/devel/wnpp/rfa_bypackage
for a complete list.



For the following packages help is requested:

[NEW] isdnutils (#661110), requested 6 days ago
 Description: ISDN utilities
 Reverse Depends: ant-phone asterisk-chan-capi capi4hylafax capiutils
   drdsl ibod ipppd isdnactivecards isdnlog isdnutils-xtools (6 more
   omitted)
 Installations reported by Popcon: 1919

[NEW] netdisco-mibs-installer (#661290), requested 5 days ago
 Description: Netdisco MIB bundle installer package
 Installations reported by Popcon: 90

[NEW] scim (#661106), requested 6 days ago
 Description: smart common input method platform
 Reverse Depends: libscim-dev mlterm-im-scim plasma-widgets-addons
   scim scim-anthy scim-array scim-bridge-agent scim-canna scim-chewing
   scim-dev (14 more omitted)
 Installations reported by Popcon: 10762

   apache2 (#646208), requested 131 days ago
 Description: Apache HTTP Server
 Reverse Depends: aegis-web apache2 apache2-dbg apache2-mpm-event
   apache2-mpm-itk apache2-mpm-prefork apache2-mpm-worker
   apache2-prefork-dev apache2-suexec apache2-suexec-custom (177 more
   omitted)
 Installations reported by Popcon: 62375

   apt-xapian-index (#567955), requested 759 days ago
 Description: maintenance tools for a Xapian index of Debian packages
 Reverse Depends: adept ept-cache fuss-launcher goplay packagesearch
 Installations reported by Popcon: 53417

   asymptote (#517342), requested 1098 days ago
 Description: script-based vector graphics language inspired by
   MetaPost
 Installations reported by Popcon: 3050

   athcool (#278442), requested 2683 days ago
 Description: Enable powersaving mode for Athlon/Duron processors
 Installations reported by Popcon: 85

   balsa (#6

Bug#661862: ITP: adlint -- source code static analyzer for C

[TANIGUCHI Takaki]

Package: wnpp
Owner: tak...@debian.org
Severity: wishlist

* Package name: adlint
  Version : 1.0.0
  Upstream Author : 2010-2012, OGIS-RI Co.,Ltd.
* URL or Web page : http://adlint.sourceforge.net/
* License : GPL
  Description : source code static analyzer for C

 AdLint is a source code static analyzer.  It can point out insecure
 or nonportable code fragments, and can measure variou s quality
 metrics of the source code.  It (currently) can analyze source code
 compliant with ANSI C89 / ISO C90 and pa rtly ISO C99.



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/874nu7vmgc.wl%tak...@asis.media-as.org

Linux kernel hardening - link restrictions

[Ben Hutchings]

The longstanding link restriction patches were recently accepted by
Andrew Morton and are likely to end up in Linux 3.4.  I've applied
these to src:linux-2.6 in svn and they should end up in the upcoming
version 3.2.9-1.

We know that these are going to break some programs, most notably
'at' (#597130, fixed in wheezy/sid).  But of course it's possible
to work around that by disabling the restriction, so I don't think
this should result in a 'Breaks' relation.

I'm therefore intending to warn about this with the following NEWS
entry in the linux-image metapackages:

Index: debian/linux-image.NEWS
===
--- debian/linux-image.NEWS (revision 18757)
+++ debian/linux-image.NEWS (working copy)
@@ -1,3 +1,18 @@
+linux-latest (44) unstable; urgency=low
+
+  * The new kernel version includes security restrictions on links, which
+are enabled by default.  These are specified in
+Documentation/sysctl/fs.txt in the linux-doc-3.2 and linux-source-3.2
+packages.
+  
+These restrictions may cause some legitimate programs to fail.
+In particular, if the 'at' package is installed, you should either:
+- Upgrade it to at least version 3.1.13-1 (or a backport of that)
+or:
+- Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf)
+
+ -- Ben Hutchings   Fri, 02 Mar 2012 04:58:24 +
+
 linux-latest-2.6 (26) unstable; urgency=low
 
   * The old IDE (PATA) drivers are no longer developed.  Most PATA
--- END ---

(Why in the metapackages, you ask?  Because apt-listchanges shows NEWS
from upgraded packages, not new packages.)

Does anyone have a better idea how to do this?  Know about other
packages that are affected?

Ben.

-- 
Ben Hutchings
One of the nice things about standards is that there are so many of them.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120302051158.gu12...@decadent.org.uk

Re: Linux kernel hardening - link restrictions

[Kees Cook]

On Fri, Mar 02, 2012 at 05:11:58AM +, Ben Hutchings wrote:
> The longstanding link restriction patches were recently accepted by
> Andrew Morton and are likely to end up in Linux 3.4.  I've applied
> these to src:linux-2.6 in svn and they should end up in the upcoming
> version 3.2.9-1.

That's excellent news! (I am biased, obviously.)

> We know that these are going to break some programs, most notably
> 'at' (#597130, fixed in wheezy/sid).  But of course it's possible
> to work around that by disabling the restriction, so I don't think
> this should result in a 'Breaks' relation.

FWIW, as some background, "at" is the only package that I'm aware of
breaking across 1.5 years of (a version of) this patch living in Ubuntu,
and in many more years living in Openwall Linux and grsecurity. So I
feel like "going to break some" is strong. :)

> I'm therefore intending to warn about this with the following NEWS
> entry in the linux-image metapackages:
> 
> Index: debian/linux-image.NEWS
> ===
> --- debian/linux-image.NEWS   (revision 18757)
> +++ debian/linux-image.NEWS   (working copy)
> @@ -1,3 +1,18 @@
> +linux-latest (44) unstable; urgency=low
> +
> +  * The new kernel version includes security restrictions on links, which
> +are enabled by default.  These are specified in
> +Documentation/sysctl/fs.txt in the linux-doc-3.2 and linux-source-3.2
> +packages.
> +  
> +These restrictions may cause some legitimate programs to fail.
> +In particular, if the 'at' package is installed, you should either:
> +- Upgrade it to at least version 3.1.13-1 (or a backport of that)
> +or:
> +- Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf)
> +
> + -- Ben Hutchings   Fri, 02 Mar 2012 04:58:24 +
> +

This seems like a sensible NEWS item to me. The use of "may break"
seems better than "going to break some".

>  linux-latest-2.6 (26) unstable; urgency=low
>  
>* The old IDE (PATA) drivers are no longer developed.  Most PATA
> --- END ---
> 
> (Why in the metapackages, you ask?  Because apt-listchanges shows NEWS
> from upgraded packages, not new packages.)
> 
> Does anyone have a better idea how to do this?  Know about other
> packages that are affected?

It's a trivial patch[1] to fix "at". How about just backporting that
change to stable, to avoid that known trouble too? This is what Ubuntu
did for the Lucid LTS release that was getting backported kernels (with
link restrictions) built for it.

-Kees

[1] 
http://anonscm.debian.org/gitweb/?p=collab-maint/at.git;a=commitdiff;h=f4114656c3a6c6f6070e315ffdf940a49eda3279

-- 
Kees Cook@debian.org


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120302054021.gu3...@outflux.net

Re: Linux kernel hardening - link restrictions

[Jonas Smedegaard]

On 12-03-02 at 05:11am, Ben Hutchings wrote:
> The longstanding link restriction patches were recently accepted by
> Andrew Morton and are likely to end up in Linux 3.4.  I've applied
> these to src:linux-2.6 in svn and they should end up in the upcoming
> version 3.2.9-1.
> 
> We know that these are going to break some programs, most notably
> 'at' (#597130, fixed in wheezy/sid).  But of course it's possible
> to work around that by disabling the restriction, so I don't think
> this should result in a 'Breaks' relation.
> 
> I'm therefore intending to warn about this with the following NEWS
> entry in the linux-image metapackages:
> 
> Index: debian/linux-image.NEWS
> ===
> --- debian/linux-image.NEWS   (revision 18757)
> +++ debian/linux-image.NEWS   (working copy)
> @@ -1,3 +1,18 @@
> +linux-latest (44) unstable; urgency=low
> +
> +  * The new kernel version includes security restrictions on links, which
> +are enabled by default.  These are specified in
> +Documentation/sysctl/fs.txt in the linux-doc-3.2 and linux-source-3.2
> +packages.
> +  
> +These restrictions may cause some legitimate programs to fail.
> +In particular, if the 'at' package is installed, you should either:
> +- Upgrade it to at least version 3.1.13-1 (or a backport of that)
> +or:
> +- Set sysctl fs.protected_hardlinks=0 (see /etc/sysctl.conf)
> +
> + -- Ben Hutchings   Fri, 02 Mar 2012 04:58:24 +
> +
>  linux-latest-2.6 (26) unstable; urgency=low
>  
>* The old IDE (PATA) drivers are no longer developed.  Most PATA
> --- END ---
> 
> (Why in the metapackages, you ask?  Because apt-listchanges shows NEWS
> from upgraded packages, not new packages.)
> 
> Does anyone have a better idea how to do this?  Know about other
> packages that are affected?

I suggest to add it to *both* metapackages and real packages: Some may 
not use the metapackages and may inspect the NEWS file by other means 
than via apt-listchanges (which I guess is what you are talking about).


Regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: Digital signature

Re: Enabling hardened build flags for Wheezy

[Kees Cook]

On Thu, Mar 01, 2012 at 09:44:15AM +0100, Thijs Kinkhorst wrote:
> On Thu, March 1, 2012 00:11, Patrick Matthaei wrote:
> > Am 29.02.2012 23:57, schrieb Russ Allbery:
> >> Patrick Matthaei  writes:
> >>
> >>> I fully support the hardening goal.
> >>> May it be an option to add lintian errors (also non-fatal errors on
> >>> ftp-master side) about missing-hardening-build in the future?
> 
> > But maybe it still would be an option to add am lintian warning
> > (regarding your above arguments throwing an error would not be the right
> > solution) about "maybe-missing-hardening"?
> > The maintainer would be aware about this potential problem, check his
> > package and if it is realy a false positive he still could overwrite it.
> 
> There's already some discussion in this bug:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650536

Progress is being made on this, but I've been slow. I got distracted by
some other things. I'm hoping to spend some time on it this weekend now
that all the infrastructure I need is in dpkg.

Speaking to the false positives problem, I've discussed with some
people the idea of having build flags be included in some sort of ELF
comment-like area that can be examined. That way it's becomes trivial to
answer "how was this built?" and all these crapy heuristic checks that
get thrown away. In the mean time, I'll continue to work on the crappy
heuristic checks. ;)

-Kees

-- 
Kees Cook@debian.org


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120302055202.gv3...@outflux.net

Re: Enabling hardened build flags for Wheezy

[Kees Cook]

On Thu, Mar 01, 2012 at 06:16:14PM +0100, Arno Töll wrote:
> On 01.03.2012 18:11, Arno Töll wrote:
> > The vanilla kernel itself has some ASLR protection as well,
> > although I think it is still not enabled by default in Debian (and
> > is perhaps
>   ^^
> 
> KiBi corrected me. It is, sorry.

FWIW, here's a quick way to see if stuff is running with ASLR. This will
show you what memory regions are _not_ being randomized:

$ diff -u <(cat /proc/self/maps) <(cat /proc/self/maps) | grep ^" "

 0040-0040d000 r-xp  fb:00 17301639   
/bin/cat
 0060d000-0060e000 r--p d000 fb:00 17301639   
/bin/cat
 0060e000-0060f000 rw-p e000 fb:00 17301639   
/bin/cat
 ff60-ff601000 r-xp  00:00 0  
[vsyscall]

In this case, the sections for the "cat" ELF are not randomized because
"cat" wasn't built with PIE. And the vsyscall on amd64, but that's not
very important, and there are even patches coming to randomize that too,
so no worries there.

Some architectures do not have mmap ASLR, so in that case, all the
libraries will be in the same place too. (And any arch without mmap ASLR
also has no text (PIE) ASLR.)

-Kees

-- 
Kees Cook@debian.org


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120302055627.gw3...@outflux.net

Re: Enabling hardened build flags for Wheezy

[Russ Allbery]

Kees Cook  writes:

> Speaking to the false positives problem, I've discussed with some people
> the idea of having build flags be included in some sort of ELF
> comment-like area that can be examined. That way it's becomes trivial to
> answer "how was this built?" and all these crapy heuristic checks that
> get thrown away. In the mean time, I'll continue to work on the crappy
> heuristic checks. ;)

That sounds complicated, since there are separate compiler flags for every
object (which may not match) and then the linker flags used to assemble
the final executable or shared object.  Does ELF give you object-specific
comment areas?

It sounds like it would need patches to both the compiler and the linker.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/878vjjilxc@windlord.stanford.edu

Re: Enabling hardened build flags for Wheezy

[Kees Cook]

On Thu, Mar 01, 2012 at 12:01:12PM -0400, Joey Hess wrote:
> Moritz Muehlenhoff wrote:
> > 1. dpkg-buildflags exports hardened build flags. These hardened build
> > flags mitigate/nullify some classes of security vulnerabilities and
> > make exploitation of security problems more difficult. 
> 
> At least temporarily. Are you familiar with Return Oriented Programming
> and similar technologies for getting around these protections?

This is why everyone should run 64-bit systems and build with hardening
fully enabled:

export DEB_BUILD_MAINT_OPTIONS = hardening=+all

In this situation, you've got NX for sure, full ASLR in a large memory
space, stack protector, and the libc fortifications in place. It'll
always be an arms race, but why knowingly be behind? :)

-Kees

-- 
Kees Cook@debian.org


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120302060021.gx3...@outflux.net

Bug#626424: Find singles for casual encounters or a threesome. Totally free of charge.

[JEFFREY DOUGLAS]

Find singles for casual encounters or a threesome. Totally free of charge.

http://w3b.cc/66i7h



























-
If you would like to not be contacted from us in the future please push on the 
link below:
http://w3b.cc/n3cvb

or write to:

P.O. Box 29, 72 St., Vancouver, Canada



--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2012030203.12...@web005.nyc1.bluetie.com

speed up /etc/cron.d/php5

[dmitrijs.samsonovs]

Hello, everybody!
I have server with php storing sessions in files.
Due to Debian changes session aging is managed by cron /etc/cron.d/ php5.
Which take a looong time (10-20m) to accomplish in my situation due to high 
session count (~10k).
The slowest part of cron is fuser call and if I understand this correctly the 
only purpose of it to avoid currently opened file deletion.

If so, is this workaround appropriate?
09,39 * * * * root   [ -x /usr/lib/php5/maxlifetime ] && [ -d 
/var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 
-ignore_readdir_race -type f -cmin +$(/usr/lib/php5/maxlifetime) `/usr/bin/lsof 
-F n +d /var/lib/php5/ | /bin/grep -o "sess_.*" | /usr/bin/tr -d "\n\r"| sed -e 
"s/sess_/ ! -name sess_/g"` -delete

The idea is to generate a list of additional options for find excluding from 
result all files which are currently opened by any process.
It may be not so good if there are many opened session files, but in my 
environment I can see only few at a time.

Thank you.
Dmitry Samsonov


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/061401ccf843$f46663f0$dd332bd0$@gmail.com

Re: Linux kernel hardening - link restrictions

[Lars Wirzenius]

On Fri, Mar 02, 2012 at 05:11:58AM +, Ben Hutchings wrote:
> +  * The new kernel version includes security restrictions on links, which
> +are enabled by default.  These are specified in
> +Documentation/sysctl/fs.txt in the linux-doc-3.2 and linux-source-3.2
> +packages.

It'd be helpful to also point at a web page where one can read that text.

-- 
All my predictions will turn out to be false


signature.asc
Description: Digital signature