Bug#990808: unblock: ganglia-modules-linux/1.3.4-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ganglia-modules-linux [ Reason ] Configs path are wrong. Users must manually fix the configuration files for all modules contained in this package. Upstream uses "/usr/lib/ganglia" as path for all cases. Debian package support multiarch, so paths must be adapted for each architecture, for example "/usr/lib/x86_64-linux-gnu/ganglia" for amd64. Modules are properly allocated at install time but the values in config files are wrong. This fix is done via dpkg-architecture DEB_HOST_MULTIARCH in d/rules file. There is no other change as you can check in the diff. [ Other info ] I still not uploaded the package to sid waiting for aproval. unblock ganglia-modules-linux/1.3.4-5 diff -Nru ganglia-modules-linux-1.3.6/debian/changelog ganglia-modules-linux-1.3.6/debian/changelog --- ganglia-modules-linux-1.3.6/debian/changelog 2021-01-17 11:43:42.0 +0100 +++ ganglia-modules-linux-1.3.6/debian/changelog 2021-07-12 00:22:06.0 +0200 @@ -1,3 +1,9 @@ +ganglia-modules-linux (1.3.6-5) unstable; urgency=medium + + * Fix multiarch support in *.conf files (Closes: #990808). + + -- Marcos Fouces Mon, 12 Jul 2021 00:22:06 +0200 + ganglia-modules-linux (1.3.6-4) unstable; urgency=medium * Remove version requirement for libganglia1-dev as 3.3.5 is older than diff -Nru ganglia-modules-linux-1.3.6/debian/rules ganglia-modules-linux-1.3.6/debian/rules --- ganglia-modules-linux-1.3.6/debian/rules 2021-01-17 11:43:42.0 +0100 +++ ganglia-modules-linux-1.3.6/debian/rules 2021-07-12 00:22:06.0 +0200 @@ -2,13 +2,20 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_CFLAGS_MAINT_APPEND = $(shell apr-1-config --cflags --cppflags --includes) -I/usr/include/tirpc/ export DEB_LDFLAGS_MAINT_APPEND = -ltirpc +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) %: dh $@ -override_dh_auto_install: +override_dh_auto_install: debian/ganglia-modules-linux/etc/ganglia/conf.d/mod_fs.conf-sample debian/ganglia-modules-linux/etc/ganglia/conf.d/mod_io.conf debian/ganglia-modules-linux/etc/ganglia/conf.d/mod_multicpu.conf-sample dh_auto_install - cp conf.d/mod_fs.conf debian/ganglia-modules-linux/etc/ganglia/conf.d/mod_fs.conf-sample - cp conf.d/mod_io.conf debian/ganglia-modules-linux/etc/ganglia/conf.d - cp conf.d/mod_multicpu.conf debian/ganglia-modules-linux/etc/ganglia/conf.d/mod_multicpu.conf-sample find debian/ \( -name "*.la" -o -name "*.a" -o -name "modmulticpu.so" \) -delete + +debian/ganglia-modules-linux/etc/ganglia/conf.d/mod_fs.conf-sample: conf.d/mod_fs.conf + sed 's/usr\/lib\/ganglia/usr\/lib\/$(DEB_HOST_MULTIARCH)\/ganglia/g' $< > $@ + +debian/ganglia-modules-linux/etc/ganglia/conf.d/mod_io.conf: conf.d/mod_io.conf + sed 's/usr\/lib\/ganglia/usr\/lib\/$(DEB_HOST_MULTIARCH)\/ganglia/g' $< > $@ + +debian/ganglia-modules-linux/etc/ganglia/conf.d/mod_multicpu.conf-sample: conf.d/mod_multicpu.conf + sed 's/usr\/lib\/ganglia/usr\/lib\/$(DEB_HOST_MULTIARCH)\/ganglia/g' $< > $@
Bug#980588: marked as pending in dsniff
Control: tag -1 pending Hello, Bug #980588 in dsniff reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/pkg-security-team/dsniff/-/commit/fa451a856a1b86bcafb139987545b46c8dae8500 Add 38_fix-pcap_init.patch (Closes: #980588) (this message was generated automatically) -- Greetings https://bugs.debian.org/980588
Bug#964399: Should ganglia be removed?
Hi Moritz! Yes, i uploaded it to salsa.d.o and i am waiting for Frontdesk aproval to become DD (that should happens in a few days) in order to upload it myself instead of asking for sponsorship. Its new home is here: https://salsa.debian.org/debian/ganglia. Thanks, Marcos El vie, 11-09-2020 a las 21:04 +0200, Moritz Mühlenhoff escribió: > Are you still interested in adopting ganglia? Otherwise I'll file an > RM bug soon. > > Cheers, > Moritz >
Bug#957860: marked as pending in tcpick
Control: tag -1 pending Hello, Bug #957860 in tcpick reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/pkg-security-team/tcpick/-/commit/41751739f4adefaad1d7757aeaba52318645503e Add fix-gcc-10.patch. (Closes: #957860). (this message was generated automatically) -- Greetings https://bugs.debian.org/957860
Bug#967205: No python package
Hi! I think that rfdump package is not related with Python. I think there is a mistake. Greetings, Marcos
Bug#957587: marked as pending in ncrack
Control: tag -1 pending Hello, Bug #957587 in ncrack reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/pkg-security-team/ncrack/-/commit/bb895ff9194ceaf3a9054fbd2898d731b9373eb9 Fix build with gcc-10 (Closes: #957587) (this message was generated automatically) -- Greetings https://bugs.debian.org/957587
Bug#957760: marked as pending in rfdump
Control: tag -1 pending Hello, Bug #957760 in rfdump reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/pkg-security-team/rfdump/-/commit/2db10d68e75a4490eb62f61ec88b3c64196f38a5 Add bug to close. (Closes: #957760) (this message was generated automatically) -- Greetings https://bugs.debian.org/957760
Bug#964399: Should ganglia be removed?
Hello Moritz I did some work time ago on ganglia [1] but i never get this work published due to unactive/unresponsive uploaders. I also done some work on ganglia-web and ganglia-linux-modules packages (also unpublished). I believe that it is still a good piece of software that deserve its place on Debian so i would like to step up as uploader (co-uploaders welcome!) if needed. I also would like to maintain it under pkg-security team umbrella. Please, let me know your thoughs. Greetings, Marcos [1] https://salsa.debian.org/mfouces-guest/ganglia El lun, 06-07-2020 a las 20:12 +0200, Moritz Muehlenhoff escribió: > Source: ganglia > Severity: serious > > Should ganglia be removed? It's dead upstream (last commits from over > three years ago, > last release from 2015), is now orphaned (last active maintainer is > no longer a DD, but > wasn't very actively maintained to begin with, the current packaged > version is from 2013), > most of the plugins depend on Python 2, there's unfixed security > issues dating back to > 2013 and doesn't even support ipv6 (730257). > > Unless anyone steps up for maintenance (and partly becomes upstream), > it should better > be removed. > > Cheers, > Moritz >
Bug#953234: Fix pending in Git repo
El jue, 16-04-2020 a las 13:50 +0200, Marcos Fouces escribió: > tags 953234 pending > thanks > > Hello > > An updated release is on salsa.d.o repo: > > https://salsa.debian.org/pkg-security-team/recon-ng > > Just needs a sponsor review. > > Greetings, > Marcos. > >
Bug#936188: bbqsql: Python2 removal in sid/bullseye
Hello Moritz I believe that bbqsql could be removed. It has a very low popcon and i didn't see any repo on Github taking over from Neophasis. Greetings, Marcos. El jue, 26-03-2020 a las 23:05 +0100, Moritz Mühlenhoff escribió: > On Fri, Aug 30, 2019 at 07:11:19AM +, Matthias Klose wrote: > > Package: src:bbqsql > > Version: 1.1-4 > > Severity: normal > > Tags: sid bullseye > > User: debian-pyt...@lists.debian.org > > Usertags: py2removal > > > > Python2 becomes end-of-live upstream, and Debian aims to remove > > Python2 from the distribution, as discussed in > > https://lists.debian.org/debian-python/2019/07/msg00080.html > > > > Your package either build-depends, depends on Python2, or uses > > Python2 > > in the autopkg tests. Please stop using Python2, and fix this > > issue > > by one of the following actions. > > Hi Marcos, > bbqsql seems dead upstream, development mostly stopped in 2013 and > the > author mentions in https://github.com/Neohapsis/bbqsql/pull/61 "he > no > longer works for the company". > > Are you planning to port it to Python 3 yourself or should it be > removed? > > Cheers, > Moritz
Bug#939260: websploit: Python2 removal in sid/bullseye
Hello Fardin I am the uploader of websploit in Debian distro. I am trying to package your new release but AFAIK one of the dependencies (python-wifi) is only for python2. Currently we cannot package new python2 modules in Debian. Please, let me know if i am wrong because i am all for packaging this release for Debian, Kali... Greetings, Marcos. El lun, 20-01-2020 a las 08:07 -0500, Optimous Prime escribió: > Hi RaphaelI just finished updating websploit. latest version now > available on github > https://github.com/websploit/websploit > Cheers > On Wed, Jan 15, 2020 at 5:00 AM 0X0Ptim0Us <0x0ptim...@gmail.com> > wrote: > > Hi Raphael > > I’m working on it and i will release new version before 24th. > > Thanks > > > > > > > > > On Jan 15, 2020 at 12:27 PM, wrote: > > > > > > Hello Fardin, > > > > > > > > > any update? > > > > > > > > > Due to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939260, > > > https://tracker.debian.org/pkg/websploit indicates that websploit > > > will > > > be auto-removed from Debian testing on January 24th. > > > > > > > > > It would be nice to have a Python 3 version until then. > > > > > > > > > Cheers, > > > > > > > > > On Sat, 21 Dec 2019, Optimous Prime wrote: > > > > Hi, i'm working on it, maybe 20 day . > > > > > > > > On Mon, Dec 16, 2019 at 8:28 AM Raphael Hertzog < > > > hert...@debian.org> wrote: > > > > > > > > > Hello, > > > > > > > > > > On Tue, 10 Dec 2019, 0X0Ptim0Us wrote: > > > > > > Got it, thank you. I will work on it > > > > > > > > > > Great. Looking forward to it. Do you have any idea how much > > > time you need > > > > > to complete this Python 3 port of websploit? > > > > > > > > > > Regards, > > > > > -- > > > > > ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog > > > > > ⣾⠁⢠⠒⠀⣿⡁ > > > > > ⢿⡄⠘⠷⠚⠋The Debian Handbook: > > > https://debian-handbook.info/get/ > > > > > > > > ⠈⠳⣄ Debian Long Term Support: https://deb.li/LTS > > > > > > > > > > > > > > > > > -- > > > ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog > > > ⣾⠁⢠⠒⠀⣿⡁ > > > ⢿⡄⠘⠷⠚⠋The Debian Handbook: > > > https://debian-handbook.info/get/ > > > > > > ⠈⠳⣄ Debian Long Term Support: https://deb.li/LTS > > >
Bug#944129: arp-scan: not returning any results
Hello I just uploaded a new release of arp-scan to git [0]. I tested it and it works well on my machine (Debian testing). Could some DD review and upload the package? Greetings, Marcos [0] https://salsa.debian.org/pkg-security-team/arp-scan El lun, 04-11-2019 a las 18:42 +0100, Reiner Herrmann escribió: > Package: arp-scan > Version: 1.9.5-1 > Severity: serious > Tags: fixed-upstream > > Dear maintainer, > > arp-scan is no longer returning any results in Debian sid. > > > # arp-scan 10.0.0.0/24 > > Interface: wlan0, datalink type: EN10MB (Ethernet) > > Starting arp-scan 1.9.5 with 256 hosts ( > > https://github.com/royhills/arp-scan) > > > > 14 packets received by filter, 0 packets dropped by kernel > > Ending arp-scan 1.9.5: 256 hosts scanned in 2.031 seconds (126.05 > > hosts/sec). 0 responded > > With wireshark I can actually see arp replies (and it sounds like > they > were also received ("14 packets received")), > With another machine that is running buster I can still see the > results, so it could have been introduced by a different libpcap > version? > > After noticing that the bug has also been filed in Ubuntu [0], > I also tested the version from git and got it running successfully. > This is the first commit at which it is returning results again: [1]. > It is contained in the new upstream release 1.9.6. > > Kind regards, > Reiner > > [0] https://bugs.launchpad.net/ubuntu/+source/arp-scan/+bug/1849740 > [1] https://github.com/royhills/arp-scan/commit/8513a18
Bug#944129: marked as pending in arp-scan
Control: tag -1 pending Hello, Bug #944129 in arp-scan reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/pkg-security-team/arp-scan/commit/b4ecad8da06c2bf484027ce41093b7846ba7400d New upstream release closes a nasty bug. (Closes: #944129) (this message was generated automatically) -- Greetings https://bugs.debian.org/944129
Bug#935042: Privacy Breach is not in policy
Hello Similar issues were discussed in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726998 You could also find that Lintian folks uses several levels of error tags to describe this problem, for instance: * https://lintian.debian.org/tags/privacy-breach-statistics-website.html. It is considered as "serious" * https://lintian.debian.org/tags/privacy-breach-generic.html. It is considered as "important" Both tags are related to the present issue. AFAIK, there is nothing in Debian Policy about this but it is plain common sense to avoid this kind of privacy breaches. Greetings, Marcos
Bug#935042: Privacy on Debian
Hello Michael, I am aware of the configuration option you mention but i decided to create a patch changing the CheckUpdates() function because i don't know if it is used in another part of the software. I also can understand your desire to know where and when an Lynis audit is performed but it shouldn't be done without user knowledge. It is up to the user to decide to check if an update is available or to decide if he wants to get informed about it. If users give consent to check for updates each time an audit is performed -which it must be done phoning home, for obvious reasons- then it is ok for you to use this info. Anyway, i believe that this function should be disabled in Debian. It does not make much sense for distros as they has their own updating system. Except for this matter, i believe that Lynis is a good piece of software. Greetings, Marcos
Bug#916977: snoopy w/ ld preload enabled breaks "apt upgrade" jessie-to-buster
Hello, I use testing and updated hundreds of package without any trouble. Please, could you give an example of a package that fails to upgrade? Greetings, Marcos. On 11/1/19 18:52, Adrian Bunk wrote: > On Thu, Dec 20, 2018 at 05:26:25PM -0500, deb...@mailinator.com wrote: >> Package: snoopy >> Version: 2.4.6-4 >> Severity: critical >> Justification: breaks unrelated software >> >> Dear Maintainer, >> >> With snoopy installed and enabled on jessie, apt upgrade to buster will >> break the upgrade process, as the snoopy library goes missing while the ld >> preload setting persists. This causes every command invocation to trigger >> an error message concerning the missing library. >> ... > Hw did you upgrade from jessie to buster? > > Skipping a release when upgrading is not supported, > only jessie -> stretch -> buster is supported. > > cu > Adrian >
Bug#844303: Working on it porting ncrack to OpenSSL 1.1
Hello Hilko! Great news! El 11/12/17 a las 01:14, Hilko Bengen escribió: > Hi, > > just a heads-up: I am working on porting ncrack to OpenSSL 1.1. There > are two main causes of issues: > > (1) OpenSSL-related checks in opensshlib/configure.ac are broken, they use > old SSLeay_* APIs, this is fixed easily. > > (2) The usual getter/setter mess. There's a lot of code and in > opensshlib/ that needs to be touched. Since this is more than just > search/replace, I'll try to get my patch reviewed by upstream before > making updates to the Debian package. > > Cheers, > -Hilko > > >
Bug#715646: Processed: Bug#715646 marked as pending
Hi Adrian, i agree to prepare a package for the next Jessie point release. I think these issues are not grave enough for a DSA. That is my opinon, but i would appreciate feedback. Greetings, Marcos El 11/05/17 a las 21:51, Adrian Bunk escribió: On Sun, Mar 12, 2017 at 09:06:34AM +0100, Marcos Fouces wrote: control: severity -1 grave This could lead to DOS or, even worst, remote code execution. Following Hilko Bengen's advice: i re-adjust the severity. Hi Marcos, thanks a lot for fixing this bug as well as the similar #716355, #716457 and #716458 in dsniff for stretch. If these issues are serious enough, please coordinate with the security team (added to Cc) for getting them to jessie as part of a DSA. If they are not serious enough for a DSA, it would be appreciated if you could prepare a package for the next jessie point release. Thanks Adrian
Bug#860611: dsniff: FTBFS: ld: cannot find -lmissing
Hello Lukas Maybe you should create a "debian/stretch" branch from 2.4b1+debian-24 tag and commit your patch here. If you want, you can add yourself as uploader and tag it as "2.4b1+debian-25" release. Later we will merge it with "debian/master" branch. I hope there's some DD willing to sponsor it. Thanks for your work! Greetings, Marcos El 19/04/17 a las 10:29, Lukas Schwaighofer escribió: Hi, I just checked the build log. I think the problem is that the Makefile does not properly enforce the correct build order: PROGS actually depend on libmissing.a. The build log shows that, at the time of the build error, libmissing.a is not yet build (but tried to link against). I suspect the problem surfaced due to the level of parallelism on the buildd (-j 64). I've prepared a minimal patch against version 2.4b1+debian-24 (currently in stretch) that should be suitable for an unblock, see attachment. If you want I can push that into our git repo, tag it as new release and then merge that commit into our development branch (bumping the version for the newer changes when merging the commit log). Thanks Lukas
Bug#850761: marked as pending
tag 850761 pending thanks Hello, Bug #850761 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: https://anonscm.debian.org/cgit/pkg-security/autolog.git/commit/?id=7814418 --- commit 7814418ede8b378aa522c544dbcaeee68b93ef22 Author: Marcos Fouces <mfou...@yahoo.es> Date: Fri Mar 17 23:54:45 2017 +0100 Fix piuparts issues on autolog.init file diff --git a/debian/changelog b/debian/changelog index 021df1f..092d8eb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +autolog (0.40+debian-2) UNRELEASED; urgency=medium + + * Reorder, refresh and rename patches properly + * Major rewrite of autolog.init file fixing piuparts issues +(closes: #605890, #850761) + + -- Marcos Fouces <mfou...@yahoo.es> Fri, 17 Mar 2017 23:31:57 +0100 + autolog (0.40+debian-1) unstable; urgency=medium * Rename version to 0.40+debian.
Bug#855869: Processed: Re: Bug#855869: dsniff: segfaults on portmapper messages
Anyone? El 09/03/17 a las 15:33, Marcos Fouces escribió: Hello Hilko I pushed a "debian/stretch" branch [1] to the repo without all changes i've made so far bug the patch that fixes this bug. It is still posible to get sniff in shape for stretch? If so, could you sponsor it or tell me what else to do? Thanks, Marcos [1] https://anonscm.debian.org/cgit/pkg-security/dsniff.git/log/?h=debian/stretch El 05/03/17 a las 15:39, Debian Bug Tracking System escribió: Processing control commands: severity -1 grave Bug #855869 [dsniff] dsniff: segfaults on portmapper messages Severity set to 'grave' from 'important'
Bug#855869: Processed: Re: Bug#855869: dsniff: segfaults on portmapper messages
Hello Hilko I pushed a "debian/stretch" branch [1] to the repo without all changes i've made so far bug the patch that fixes this bug. It is still posible to get sniff in shape for stretch? If so, could you sponsor it or tell me what else to do? Thanks, Marcos [1] https://anonscm.debian.org/cgit/pkg-security/dsniff.git/log/?h=debian/stretch El 05/03/17 a las 15:39, Debian Bug Tracking System escribió: Processing control commands: severity -1 grave Bug #855869 [dsniff] dsniff: segfaults on portmapper messages Severity set to 'grave' from 'important'
Bug#851060: libnids 1.23-2.1 NMU
El 26/02/17 a las 18:05, James Cowgill escribió: Well now that I've collected all the fixes together and tested it, I'm going to do the NMU anyway :) Good to read that! Now i will try to contact Vassillis. if he is MIA, then i incorporate libnids to pkg-security team. Cheers, Marcos Control: tags -1 patch pending Hi, On 25/02/17 18:00, James Cowgill wrote: On 23/02/17 22:44, Marcos Fouces wrote: I am agree with you, when i fix these bugs i will create a separate git branch, cherry-pick only freeze-allowed changes and try to get a package ready for stretch. Ok. Since I can now get dsniff working, I will happily NMU this unless you want to do it. Well now that I've collected all the fixes together and tested it, I'm going to do the NMU anyway :) Uploaded NMU attached. Thanks, James
Bug#851060: New dsniff revision
Hi James, El 23/02/17 a las 12:57, James Cowgill escribió: Hi, On 22/02/17 23:16, Marcos Fouces wrote: Hello I uploaded to repo a first attempt of libnids1.24 package wich aims to close its two critical bugs: #855602: fixed upstream in 1.24 release. As I wrote in the bugreport, the fix applied by upstream is not enough to fix this. You also need to apply the patch from Fedora otherwise dsniff will FTBFS on i386. I applied the patch you mentioned and after a rebuild of dsniff and libnids, it still seems to work properly at least on amd64 Please, check it: https://anonscm.debian.org/cgit/pkg-security/libnids.git #851060: i tried using -fno-strict-aliasing flag as reporter indicates. I didn't noticed any change on my amd64, but he talked about armhf arch. I built dsniff (1) against this new version of libnids-dev (2) and here is the result: * Run dsniff * Run the same test as bug reporter: curl -v --basic --user foo:bar http://neverssl.com/ dsniff says this: dsniff: listening on eth0 - 02/22/17 23:56:32 tcp 192.168.1.3.47942 -> s3-website-us-west-2.amazonaws.com.80 (http) GET / HTTP/1.1 Host: neverssl.com Authorization: Basic Zm9vOmJhcg== [foo:bar] So interestingly, after recompiling your new versions of both libnids and dsniff, things start working again. I'm not sure what happened before when I couldn't get anything to work. I really don't know, i couldn' t reproduce this bug at any time. (1) https://anonscm.debian.org/cgit/pkg-security/dsniff.git For stretch, I don't think dsniff needs to be changed. (2) https://anonscm.debian.org/cgit/pkg-security/libnids.git At the moment Debian is frozen and you've made a number of changes here which are not sutible for the freeze. These include: - Packaging a new version of libnids. - Breaking the ABI of libnids. - Bumping debhelper compat For stretch, the fixes need to be targeted so as to only change as much stuff as necessary to fix the two RC bugs. I am agree with you, when i fix these bugs i will create a separate git branch, cherry-pick only freeze-allowed changes and try to get a package ready for stretch. For buster, can I suggest you rewrite the rules file. I expect it could be simplified much more using dh. Sure Looking at the diff from upstream, I can't help but stare in disbelief at this: diff --git a/src/hash.c b/src/hash.c index 7e4c611..3eb28ca 100644 --- a/src/hash.c +++ b/src/hash.c @@ -57,7 +57,8 @@ mkhash (u_int src, u_short sport, u_int dest, u_short dport) u_int res = 0; int i; u_char data[12]; - *(u_int *) (data) = src; + u_int *stupid_strict_aliasing_warnings=(u_int*)data; + *stupid_strict_aliasing_warnings = src; *(u_int *) (data + 4) = dest; *(u_short *) (data + 8) = sport; *(u_short *) (data + 10) = dport; A minor note: as someone not part of the pkg-security team, I find it confusing to have both a "debian/master" and "master" branch in the same repository both referring to Debian packaging. I think you should remove the "master" branch (unless this is a team policy?) Thanks, James This is the default behaviour of gbp when creating a repo. In pkg-security team we don't use it but you can see it in some packages. Anyway, i deleted it. :-) Cheers, Marcos
Bug#851060: marked as pending
Hello Axel This compiler flag (-fno-strict-aliasing) is needed in libnids. You are right. I will revert this change in dsniff. I added the other flag (-g) in order to avoid creating an empty dbgsym package. I cannot reproduce this bug in amd64 with the current libnids package version (1.21). In fact, dsniff works as expected with this testcase. I built and installed libnids 1.24 (which fix another minor issue already solved in Ubuntu) with -fno-strict-aliasing. At least in amd64, dsniff still works as expected and i did not noticed any difference. If the current maintainer of libnids (CC'ed) gives me permission, i can import the package to pkg-security team repo, upload my work and maintain (or co-maintain) it by now. This makes sense as dsniff seems to be the only reverse dependence of libnids. I believe that in pkg-security team there are some people with access to armhf machines so testing should not be an issue. Unfortunately, i can do it myself. Greetings, Marcos El 17/02/17 a las 00:41, Axel Beckert escribió: Hi Marcos, Marcos Fouces wrote: +dsniff (2.4b1+debian-24) UNRELEASED; urgency=medium + + * Add -fno-strict-aliasing compiler flag in order to fix + TCP reassemble in some architectures as armhf. + Thanks to guent...@unix-ag.uni-kl.de (Closes: #851060) + * Add -g flag to compiler. So it does not need those compiler flags in libnids but in dsniff? Have you tested it on armhf? Because I tried recompiling libnids with these flags and noticed no difference. :-/ (But then again I could even reproduce the reported issue on amd64, so I'm not 100% sure if I actually reproduced it correctly.) Regards, Axel
Bug#851060: marked as pending
tag 851060 pending thanks Hello, Bug #851060 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=pkg-security/dsniff.git;a=commitdiff;h=0ab3416 --- commit 0ab3416139747f3eeb166622eb688911653c55fc Author: Marcos Fouces <mfou...@yahoo.es> Date: Thu Feb 16 00:00:33 2017 +0100 Add aditional compiler flags. diff --git a/debian/changelog b/debian/changelog index 185ef84..56d4db9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +dsniff (2.4b1+debian-24) UNRELEASED; urgency=medium + + * Add -fno-strict-aliasing compiler flag in order to fix + TCP reassemble in some architectures as armhf. + Thanks to guent...@unix-ag.uni-kl.de (Closes: #851060) + * Add -g flag to compiler. + + -- Marcos Fouces <mfou...@yahoo.es> Wed, 15 Feb 2017 23:42:16 +0100 + dsniff (2.4b1+debian-23) unstable; urgency=medium * Assign to pkg-security team (Closes: #847505)
Bug#828287: dsniff: FTBFS with openssl 1.1.0
A new revision of the package is hosted at pkg-security team. I did some improvements (i also add your patch) and the package is hopefully ready for upload. Just need a sponsor. Check it here: https://anonscm.debian.org/cgit/pkg-security/dsniff.git/ Cheers, Marcos El 20/12/16 a las 15:37, Christoph Biedl escribió: Christoph Biedl wrote... Adrian Bunk wrote... Can you make an NMU with your patch (or by changing it to libssl1.0-dev)? Can even, even upon short notice. However, dsniff got a new maintainer (#847505), included. This probably didn't work due to a local error, sorry. Marcos, do you want to take over? Personally, I'd switch to libssl1.0-dev, it's less intrusive and the package needs a lot of love anyway - which can wait until the stretch release. Marcos, I suggest to take over. That was also the opportunity to update the maintainer field so it will be correct for stretch. Adrian, find a debdiff attached, using the libssl1.0-dev package. I'd suggest to upload to delayed+2, so Marcos has some time to react. The frame is small I admit but time's almost up, and it's just to get dsniff into stretch, nothing else. All the best, Christoph
Bug#835787: marked as pending
tag 835787 pending thanks Hello, Bug #835787 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=pkg-security/ncrack.git;a=commitdiff;h=d94cce9 --- commit d94cce942eb8846497484efa5511e65d1100899e Author: Marcos Fouces <mfou...@yahoo.es> Date: Wed Aug 31 00:30:56 2016 +0200 Update changelog diff --git a/debian/changelog b/debian/changelog index 56eda46..7e6d719 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +ncrack (0.5-2) UNRELEASED; urgency=medium + + * Fix FTBS due to missing build-depends on zlib1g-dev (Closes: #835787). + Thanks to Kurt Roeckx. + + + -- Marcos Fouces <mfou...@yahoo.es> Wed, 31 Aug 2016 00:25:15 +0200 + ncrack (0.5-1) unstable; urgency=low * Debian initial release. (Closes: #830499)