Bug#1068773: Subject: blhc: Stack clash and branch protection flag issues in Debian Bookworm and older releases
Package: blhc X-Debbugs-Cc: car...@debian.org, aquilamac...@riseup.net Version: 0.13-5 Severity: normal Dear Maintainer, I am writing to report an issue that has been observed during the Salsa CI process for Debian Bookworm and older releases. The problem arises when checking for stack clash protection (-fstack-clash-protection) and branch protection (amd64: -fcf-protection, arm64: -mbranch-protection=standard). These checks were requested by Emanuele Rocca (Debian Bug #1050909 and #1050912). The issue manifests as a compilation error. For instance, you can see the error in this job: https://salsa.debian.org/kernel-team/linux/-/jobs/5496461. The issue was first noticed by @carnil during a routine check. The error message indicates that the CFLAGS are missing (-fstack-clash-protection -fcf-protection). The ${RELEASE} variable in the context of this issue refers to the specific Debian release being used during the Salsa CI process. One potential solution that has been considered is to ensure that blhc:${RELEASE} correctly handles the flags for each release. This approach could alleviate the compilation errors and ensure consistency across different Debian releases. For more details, you can check the issue in the Salsa CI repository at https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/340 Before proceeding with any changes, I would appreciate your input on this matter. Specifically, do you think it would be sensible to use blhc from each release? Your insights would be greatly appreciated. Cheers,
Bug#1067515: ITP: waymore -- Tool to discover extensive data from online archives
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Aquila Macedo Costa Severity: wishlist * Package name: waymore Version : 3.7 Upstream Contact: @xnl-h4ck3r * URL : https://github.com/xnl-h4ck3r/waymore * License : Expat Programming Lang: Python3 Description : Tool to discover extensive data from online archives waymore is a versatile tool designed to extract comprehensive information from various sources including the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, and VirusTotal. Whether you're searching for historical web data or analyzing security threats, waymore provides a seamless experience with its intuitive interface and extensive features. I'm writing to submit an Intention to Package (ITP) for waymore under the pkg-security team's umbrella.
Bug#1066829: ITP: assetfinder -- Find domains and subdomains related to a given domain
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Aquila Macedo Costa Severity: wishlist * Package name: assetfinder Version : 0.1.1 Upstream Contact: Tom Hudson * URL : https://github.com/tomnomnom/assetfinder * License : MIT Programming Lang: Golang Description : Find domains and subdomains related to a given domain assetfinder is a command-line tool to find domains and subdomains potentially related to a specified domain. Enhances domain discovery for comprehensive analysis. I'm writing to submit an Intention to Package (ITP) for assetfinder under the pkg-security team's umbrella.
Bug#1065812: ITP: paramspider -- Mining parameters from dark corners of Web Archives
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Aquila Macedo Costa Severity: wishlist * Package name: paramspider Version : 1.0.1 Upstream Contact: Devansh Batham * URL : https://github.com/devanshbatham/ParamSpider * License : MIT Programming Lang: Python3 Description : Mining parameters from dark corners of Web Archives paramspider allows you to fetch URLs related to any domain or a list of domains from Wayback Archives. It filters out "boring" URLs, allowing you to focus on the ones that matter the most. I'm writing to submit an Intention to Package (ITP) for paramspider under the pkg-security team's umbrella.
Bug#1065673: ITP: httprobe -- Take a list of domains and probe for working HTTP and HTTPS servers
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Aquila Macedo Costa Severity: wishlist * Package name: httprobe Version : 0.2 Upstream Contact: Tom Hudson * URL : https://github.com/tomnomnom/httprobe * License : MIT Programming Lang: Golang Description : Take a list of domains and probe for working HTTP and HTTPS servers httprobe is a versatile tool designed for probing and identifying working HTTP and HTTPS servers from a list of domains. I'm writing to submit an Intention to Package (ITP) for httprobe under the pkg-security team's umbrella.
Bug#1065670: ITP: exiflooter -- finds geolocation on all image urls and directories
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Aquila Macedo Costa Severity: wishlist * Package name: exiflooter Version : 1.0.0+git20231228.22e4700 Upstream Contact: Yunus AYDIN * URL : https://github.com/aydinnyunus/exiflooter * License : Apache-2.0 Programming Lang: Golang Description : finds geolocation on all image urls and directories ExifLooter finds geolocation on all image urls and directories also integrates with OpenStreetMap. I'm writing to submit an Intention to Package (ITP) for exiflooter under the pkg-security team's umbrella.
Bug#1065669: ITP: raven -- A lightweight http file upload service used for penetration testing and incident response.
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Aquila Macedo Costa Severity: wishlist * Package name: raven Version : 1.0.1 Upstream Contact: Tristram * URL : https://github.com/gh0x0st/raven * License : MIT Programming Lang: Python3 Description : A lightweight http file upload service used for penetration testing and incident response. This package contains a Python tool that extends the capabilities of the http.server Python module by offering a self-contained file upload web server. While the common practice is to use python3 -m http.server 80 to serve files for remote client downloads, Raven addresses the need for a similar solution when you need the ability to receive files from remote clients. This becomes especially valuable in scenarios such as penetration testing and incident response procedures when protocols such as SMB may not be a viable option. I'm writing to submit an Intention to Package (ITP) for raven under the pkg-security team's umbrella.