Piece jointe refusee par le serveur anti-virus de l'academie de Poitiers (Probablement un virus) (Attachment Removal)
eManager Notification * The following mail was blocked since it contains sensitive content. Source mailbox: [EMAIL PROTECTED] Destination mailbox(es): [EMAIL PROTECTED] Policy: Attachment Removal Attachment file name: your_picture.pif - application/octet-stream Action: Replaced with text Les extensions suivantes sont refusees: .exe .bat .com .dll .vbs .vbe .vb .hta .js .jse .scr .pif .lnk .shs .shb. Si vous voulez quand meme faire parvenir ce fichier, veuillez le compresser ou le renommer et prevenez votre correspondant. *** End of message * Received: from ac-poitiers.fr (APoitiers-106-1-1-213.w193-253.abo.wanadoo.fr [193.253.190.213]) by matrix3.ac-poitiers.fr (Postfix) with ESMTP id 6F45D118076 for [EMAIL PROTECTED]; Wed, 10 Mar 2004 10:42:35 +0100 (CET) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Your picture Date: Wed, 10 Mar 2004 10:39:11 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0011_36E6.77D3 X-Priority: 3 X-MSMail-Priority: Normal Message-Id: [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
On Tue, Mar 09, 2004 at 11:59:01AM -0800, Matt Zimmerman wrote: Anyone with the time and ability can work on a project like this without joining the security team. Mozilla in particular is a huge amount of work to bring up to date and so far no one has found it critical enough relative to the effort required. Is there a list of such unresolved security problems which is accessible by people not in the security team? There was talk once about providing such a list, but AFAICT nothing happened - hmm, or is it the list of security-tagged bugs? Cheers, Richard -- __ _ |_) /| Richard Atterer | GnuPG key: | \/¯| http://atterer.net | 0x888354F7 ¯ '` ¯ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 04:58:14PM +1100, Russell Coker wrote: I suspect that the problem can be with old glibc (2.2.5) but I'm not sure. Because that I'd like to ask should I backport glibc from sarge? There have been some changes to the way libxattr works. From memory I think that you needed an extra -l option on the link command line when compiling with old libc6. I can't remember whether it was linking the PAM module or libselinux that needed it (or maybe both). I already found that -lattr should be added to Makefiles in policycoreutils-1.6 to build it and to Makefile for pam_unix module into libpam. I also think that the same should be done in libselinux1-1.6 and even looked through Makefiles there, but didn't found where and how to link libattr to libselinux1. That because I don't know how to build libraries i.e. I know ./configure make or fakeroot debian/rules binary for libraries but I don't know low-level work. So, the question: how can I link libattr to libselinux1? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, 10 Mar 2004 21:26, Milan P. Stanic [EMAIL PROTECTED] wrote: There have been some changes to the way libxattr works. From memory I think that you needed an extra -l option on the link command line when compiling with old libc6. I can't remember whether it was linking the PAM module or libselinux that needed it (or maybe both). I already found that -lattr should be added to Makefiles in policycoreutils-1.6 to build it and to Makefile for pam_unix module into libpam. I also think that the same should be done in libselinux1-1.6 and even looked through Makefiles there, but didn't found where and how to link libattr to libselinux1. That because I don't know how to build libraries i.e. I know ./configure make or fakeroot debian/rules binary for libraries but I don't know low-level work. So, the question: how can I link libattr to libselinux1? Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 10:04:38PM +1100, Russell Coker wrote: So, the question: how can I link libattr to libselinux1? Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO). That is. I just rebuilt policycoreutils and pam with libselinux1 which is linked with libattr and it was smooth. Now I have to backport coreutils and sysvinit, huh. Thank you, Russell. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
Jan Lühr wrote: So is mozilla the forgotten package? Considering how popular mozilla is, making it secure would be worth the effort - imho. How many of Mozilla's security bugs which are fix during routine upgrades are discussed publicly? Can they be backported easily? -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
Greetings, Am Mittwoch, 10. März 2004 17:06 schrieben Sie: Jan Lühr wrote: So is mozilla the forgotten package? Considering how popular mozilla is, making it secure would be worth the effort - imho. How many of Mozilla's security bugs which are fix during routine upgrades are discussed publicly? Can they be backported easily? I'm not in touch with the mozilla code. Thus I cannot say how easy it is to backport 'em. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
On Wed, Mar 10, 2004 at 05:06:12PM +0100, Florian Weimer wrote: Jan L?hr wrote: So is mozilla the forgotten package? Considering how popular mozilla is, making it secure would be worth the effort - imho. How many of Mozilla's security bugs which are fix during routine upgrades are discussed publicly? Can they be backported easily? A number of the bug reports and patches (in Bugzilla) are still not publicly accessible, even though the bugs have been known and released for quite some time. Some are straightforward to backport; others involve a lengthy search just to determine if the same problem exists in an older version. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
Jan Lühr wrote: Am Mittwoch, 10. März 2004 17:06 schrieben Sie: Jan Lühr wrote: So is mozilla the forgotten package? Considering how popular mozilla is, making it secure would be worth the effort - imho. How many of Mozilla's security bugs which are fix during routine upgrades are discussed publicly? Can they be backported easily? I'm not in touch with the mozilla code. Thus I cannot say how easy it is to backport 'em. Some of the known bugs are described at the following page: http://www.mozilla.org/projects/security/known-vulnerabilities.html Mandrake has recently released an advisory, maybe their patches could be used for the 1.0 backports. Hmm, has there been any Mozilla security update for woody? This looks like a *lot* of work. Maybe it's better to take some other distribution's Mozilla 1.4 package and ship that. 8- -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
On Wed, Mar 10, 2004 at 07:44:11PM +0100, Florian Weimer wrote: Hmm, has there been any Mozilla security update for woody? This looks like a *lot* of work. Maybe it's better to take some other distribution's Mozilla 1.4 package and ship that. 8- That's highly unlikely to happen. It's been discussed before. In fact, at one point somebody uploaded mozilla 1.0.2 to stable-proposed-updates, but that was rejected. Apparently, although the mozilla developers claimed they wouldn't do it, 1.0.2 broke compatibility with derivitive browsers like Galeon. I don't recall the details. When I was working on trying to construct a security upload for mozilla a while back, I was basing a lot of my work on mozilla 1.0.1 (1.0.2 wasn't out yet). By examining the list of bugs fixed in 1.0.1, I had a good place to start to try and track down some patches. Unfortunately, the changes were rather large and in many cases were not entirely self-contained and would have wound up pulling even more new code in. It was, generally, a fairly painful experience, and although I did get some patches applied (and tested!) I never felt like I made significant progress toward fixing all the known bugs. I haven't looked at the code in quite some time. Honestly, at this point, who uses Mozilla 1.0? Why? noah pgp0.pgp Description: PGP signature
Re: mozilla - the forgotten package?
Noah Meyerhans wrote: On Wed, Mar 10, 2004 at 07:44:11PM +0100, Florian Weimer wrote: Hmm, has there been any Mozilla security update for woody? This looks like a *lot* of work. Maybe it's better to take some other distribution's Mozilla 1.4 package and ship that. 8- That's highly unlikely to happen. It's been discussed before. In fact, at one point somebody uploaded mozilla 1.0.2 to stable-proposed-updates, but that was rejected. Apparently, although the mozilla developers claimed they wouldn't do it, 1.0.2 broke compatibility with derivitive browsers like Galeon. I don't recall the details. Okay, if that's the case, I'm going to start a campaign for including Mozilla 1.4 (plus fixes) in stable. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
On Wed, Mar 10, 2004 at 02:34:44PM -0500, Noah Meyerhans wrote: It was, generally, a fairly painful experience, and although I did get some patches applied (and tested!) I never felt like I made significant progress toward fixing all the known bugs. This was my feeling as well, applying some of the trivial patches to fix known bugs and holes was worthwhile in itself, but it seems rather half-hearted to release a security update which essentially says: This update fixes XX bugs, but YY security related bugs still exist. I haven't looked at the code in quite some time. Me neither right now, although one of the hardest parts about getting started was figuring out the build/package system - that was useful. Honestly, at this point, who uses Mozilla 1.0? Why? Everybody using Debian Stable? Although I'm not too sure of the number of people that would be. I know that all my servers are stable machiens, but they don't have much in the way of X11 libraries installed upon them, let alone Mozilla. Steve -- # Debian Security Audit Project http://www.shellcode.org/Audit/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
On Wed, Mar 10, 2004 at 08:48:02PM +0100, Florian Weimer wrote: Noah Meyerhans wrote: Hi, That's highly unlikely to happen. It's been discussed before. In fact, at one point somebody uploaded mozilla 1.0.2 to stable-proposed-updates, but that was rejected. Apparently, although the mozilla developers claimed they wouldn't do it, 1.0.2 broke compatibility with derivitive browsers like Galeon. I don't recall the details. Okay, if that's the case, I'm going to start a campaign for including Mozilla 1.4 (plus fixes) in stable. Well why just include 1.4 and not 1.6? I know that the backports.org mozilla packages are working at least on i386. (ok beside the fact that you're braking third party apps). Haven't checked what's in proposed-updates so far. Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - No sleep] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote: That is. I just rebuilt policycoreutils and pam with libselinux1 which is linked with libattr and it was smooth. Now I have to backport coreutils and sysvinit, huh. Hate to reply myself, but I'd like to inform you that I backported libselinux, selinux-utils, policycoreutils, pam, coreutils, sysvinit, checkpolicy and selinux-policy-default to woody. It works under UML. If someone needs them I can put it on the net or post somewhere, or maybe help if the help is needed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
Sven Hoexter wrote: Okay, if that's the case, I'm going to start a campaign for including Mozilla 1.4 (plus fixes) in stable. Well why just include 1.4 and not 1.6? AFAIK, 1.4 is the more stable branch, and fixes are still backported to it (at least by MandrakeSoft 8-). -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
* Sven Hoexter wrote: On Wed, Mar 10, 2004 at 08:48:02PM +0100, Florian Weimer wrote: [...] Okay, if that's the case, I'm going to start a campaign for including Mozilla 1.4 (plus fixes) in stable. Well why just include 1.4 and not 1.6? I know that the backports.org mozilla packages are working at least on i386. They aren't working on alpha. Norbert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Thu, 11 Mar 2004 08:22, Milan P. Stanic [EMAIL PROTECTED] wrote: On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote: That is. I just rebuilt policycoreutils and pam with libselinux1 which is linked with libattr and it was smooth. Now I have to backport coreutils and sysvinit, huh. Hate to reply myself, but I'd like to inform you that I backported libselinux, selinux-utils, policycoreutils, pam, coreutils, sysvinit, checkpolicy and selinux-policy-default to woody. It works under UML. If someone needs them I can put it on the net or post somewhere, or maybe help if the help is needed. If you could establish an apt repository for it then that would be very useful. Brian's SE Linux packages haven't been updated for a while. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mozilla - the forgotten package?
On Tue, Mar 09, 2004 at 11:59:01AM -0800, Matt Zimmerman wrote: Anyone with the time and ability can work on a project like this without joining the security team. Mozilla in particular is a huge amount of work to bring up to date and so far no one has found it critical enough relative to the effort required. Is there a list of such unresolved security problems which is accessible by people not in the security team? There was talk once about providing such a list, but AFAICT nothing happened - hmm, or is it the list of security-tagged bugs? Cheers, Richard -- __ _ |_) /| Richard Atterer | GnuPG key: | \/¯| http://atterer.net | 0x888354F7 ¯ '` ¯
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 04:58:14PM +1100, Russell Coker wrote: I suspect that the problem can be with old glibc (2.2.5) but I'm not sure. Because that I'd like to ask should I backport glibc from sarge? There have been some changes to the way libxattr works. From memory I think that you needed an extra -l option on the link command line when compiling with old libc6. I can't remember whether it was linking the PAM module or libselinux that needed it (or maybe both). I already found that -lattr should be added to Makefiles in policycoreutils-1.6 to build it and to Makefile for pam_unix module into libpam. I also think that the same should be done in libselinux1-1.6 and even looked through Makefiles there, but didn't found where and how to link libattr to libselinux1. That because I don't know how to build libraries i.e. I know ./configure make or fakeroot debian/rules binary for libraries but I don't know low-level work. So, the question: how can I link libattr to libselinux1?
Re: Backporting SELinux to woody
On Wed, 10 Mar 2004 21:26, Milan P. Stanic [EMAIL PROTECTED] wrote: There have been some changes to the way libxattr works. From memory I think that you needed an extra -l option on the link command line when compiling with old libc6. I can't remember whether it was linking the PAM module or libselinux that needed it (or maybe both). I already found that -lattr should be added to Makefiles in policycoreutils-1.6 to build it and to Makefile for pam_unix module into libpam. I also think that the same should be done in libselinux1-1.6 and even looked through Makefiles there, but didn't found where and how to link libattr to libselinux1. That because I don't know how to build libraries i.e. I know ./configure make or fakeroot debian/rules binary for libraries but I don't know low-level work. So, the question: how can I link libattr to libselinux1? Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 10:04:38PM +1100, Russell Coker wrote: So, the question: how can I link libattr to libselinux1? Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO). That is. I just rebuilt policycoreutils and pam with libselinux1 which is linked with libattr and it was smooth. Now I have to backport coreutils and sysvinit, huh. Thank you, Russell.
Re: mozilla - the forgotten package?
Jan Lühr wrote: So is mozilla the forgotten package? Considering how popular mozilla is, making it secure would be worth the effort - imho. How many of Mozilla's security bugs which are fix during routine upgrades are discussed publicly? Can they be backported easily? -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com.
Re: mozilla - the forgotten package?
Greetings, Am Mittwoch, 10. März 2004 17:06 schrieben Sie: Jan Lühr wrote: So is mozilla the forgotten package? Considering how popular mozilla is, making it secure would be worth the effort - imho. How many of Mozilla's security bugs which are fix during routine upgrades are discussed publicly? Can they be backported easily? I'm not in touch with the mozilla code. Thus I cannot say how easy it is to backport 'em. Keep smiling yanosz
Re: mozilla - the forgotten package?
On Wed, Mar 10, 2004 at 05:06:12PM +0100, Florian Weimer wrote: Jan L?hr wrote: So is mozilla the forgotten package? Considering how popular mozilla is, making it secure would be worth the effort - imho. How many of Mozilla's security bugs which are fix during routine upgrades are discussed publicly? Can they be backported easily? A number of the bug reports and patches (in Bugzilla) are still not publicly accessible, even though the bugs have been known and released for quite some time. Some are straightforward to backport; others involve a lengthy search just to determine if the same problem exists in an older version. -- - mdz
Re: mozilla - the forgotten package?
Jan Lühr wrote: Am Mittwoch, 10. März 2004 17:06 schrieben Sie: Jan Lühr wrote: So is mozilla the forgotten package? Considering how popular mozilla is, making it secure would be worth the effort - imho. How many of Mozilla's security bugs which are fix during routine upgrades are discussed publicly? Can they be backported easily? I'm not in touch with the mozilla code. Thus I cannot say how easy it is to backport 'em. Some of the known bugs are described at the following page: http://www.mozilla.org/projects/security/known-vulnerabilities.html Mandrake has recently released an advisory, maybe their patches could be used for the 1.0 backports. Hmm, has there been any Mozilla security update for woody? This looks like a *lot* of work. Maybe it's better to take some other distribution's Mozilla 1.4 package and ship that. 8- -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com.
Re: mozilla - the forgotten package?
On Wed, Mar 10, 2004 at 07:44:11PM +0100, Florian Weimer wrote: Hmm, has there been any Mozilla security update for woody? This looks like a *lot* of work. Maybe it's better to take some other distribution's Mozilla 1.4 package and ship that. 8- That's highly unlikely to happen. It's been discussed before. In fact, at one point somebody uploaded mozilla 1.0.2 to stable-proposed-updates, but that was rejected. Apparently, although the mozilla developers claimed they wouldn't do it, 1.0.2 broke compatibility with derivitive browsers like Galeon. I don't recall the details. When I was working on trying to construct a security upload for mozilla a while back, I was basing a lot of my work on mozilla 1.0.1 (1.0.2 wasn't out yet). By examining the list of bugs fixed in 1.0.1, I had a good place to start to try and track down some patches. Unfortunately, the changes were rather large and in many cases were not entirely self-contained and would have wound up pulling even more new code in. It was, generally, a fairly painful experience, and although I did get some patches applied (and tested!) I never felt like I made significant progress toward fixing all the known bugs. I haven't looked at the code in quite some time. Honestly, at this point, who uses Mozilla 1.0? Why? noah pgp3Ds4Z6Mgzu.pgp Description: PGP signature
Re: mozilla - the forgotten package?
Noah Meyerhans wrote: On Wed, Mar 10, 2004 at 07:44:11PM +0100, Florian Weimer wrote: Hmm, has there been any Mozilla security update for woody? This looks like a *lot* of work. Maybe it's better to take some other distribution's Mozilla 1.4 package and ship that. 8- That's highly unlikely to happen. It's been discussed before. In fact, at one point somebody uploaded mozilla 1.0.2 to stable-proposed-updates, but that was rejected. Apparently, although the mozilla developers claimed they wouldn't do it, 1.0.2 broke compatibility with derivitive browsers like Galeon. I don't recall the details. Okay, if that's the case, I'm going to start a campaign for including Mozilla 1.4 (plus fixes) in stable. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com.
Re: mozilla - the forgotten package?
On Wed, Mar 10, 2004 at 02:34:44PM -0500, Noah Meyerhans wrote: It was, generally, a fairly painful experience, and although I did get some patches applied (and tested!) I never felt like I made significant progress toward fixing all the known bugs. This was my feeling as well, applying some of the trivial patches to fix known bugs and holes was worthwhile in itself, but it seems rather half-hearted to release a security update which essentially says: This update fixes XX bugs, but YY security related bugs still exist. I haven't looked at the code in quite some time. Me neither right now, although one of the hardest parts about getting started was figuring out the build/package system - that was useful. Honestly, at this point, who uses Mozilla 1.0? Why? Everybody using Debian Stable? Although I'm not too sure of the number of people that would be. I know that all my servers are stable machiens, but they don't have much in the way of X11 libraries installed upon them, let alone Mozilla. Steve -- # Debian Security Audit Project http://www.shellcode.org/Audit/
Re: mozilla - the forgotten package?
On Wed, Mar 10, 2004 at 08:48:02PM +0100, Florian Weimer wrote: Noah Meyerhans wrote: Hi, That's highly unlikely to happen. It's been discussed before. In fact, at one point somebody uploaded mozilla 1.0.2 to stable-proposed-updates, but that was rejected. Apparently, although the mozilla developers claimed they wouldn't do it, 1.0.2 broke compatibility with derivitive browsers like Galeon. I don't recall the details. Okay, if that's the case, I'm going to start a campaign for including Mozilla 1.4 (plus fixes) in stable. Well why just include 1.4 and not 1.6? I know that the backports.org mozilla packages are working at least on i386. (ok beside the fact that you're braking third party apps). Haven't checked what's in proposed-updates so far. Sven -- If God passed a mic to me to speak I'd say stay in bed, world Sleep in peace [The Cardigans - No sleep]
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote: That is. I just rebuilt policycoreutils and pam with libselinux1 which is linked with libattr and it was smooth. Now I have to backport coreutils and sysvinit, huh. Hate to reply myself, but I'd like to inform you that I backported libselinux, selinux-utils, policycoreutils, pam, coreutils, sysvinit, checkpolicy and selinux-policy-default to woody. It works under UML. If someone needs them I can put it on the net or post somewhere, or maybe help if the help is needed.
Re: mozilla - the forgotten package?
Sven Hoexter wrote: Okay, if that's the case, I'm going to start a campaign for including Mozilla 1.4 (plus fixes) in stable. Well why just include 1.4 and not 1.6? AFAIK, 1.4 is the more stable branch, and fixes are still backported to it (at least by MandrakeSoft 8-). -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, freenet.de, hotmail.com, libero.it, netscape.net, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr, wanadoo.fr, yahoo.com.
Re: mozilla - the forgotten package?
* Sven Hoexter wrote: On Wed, Mar 10, 2004 at 08:48:02PM +0100, Florian Weimer wrote: [...] Okay, if that's the case, I'm going to start a campaign for including Mozilla 1.4 (plus fixes) in stable. Well why just include 1.4 and not 1.6? I know that the backports.org mozilla packages are working at least on i386. They aren't working on alpha. Norbert
Re: Backporting SELinux to woody
On Thu, 11 Mar 2004 08:22, Milan P. Stanic [EMAIL PROTECTED] wrote: On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote: That is. I just rebuilt policycoreutils and pam with libselinux1 which is linked with libattr and it was smooth. Now I have to backport coreutils and sysvinit, huh. Hate to reply myself, but I'd like to inform you that I backported libselinux, selinux-utils, policycoreutils, pam, coreutils, sysvinit, checkpolicy and selinux-policy-default to woody. It works under UML. If someone needs them I can put it on the net or post somewhere, or maybe help if the help is needed. If you could establish an apt repository for it then that would be very useful. Brian's SE Linux packages haven't been updated for a while. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
