Re: loosing dependencies: Depends: on logrotate
On Tue, Jan 22, 2008 at 07:19:20PM -0800, Don Armstrong wrote:
> 0: And actually, it's not clear to me why syslog-ng doens't depend on
> logrotate.
I've ran plenty of machines logging directly to
.../$HOST/$/$MM/$DD/$SERVICE -- no rotation there.
--
:(){ :|:&};:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Grsec/PaX and Exec-shield
Peter Busser wrote: Summary: i can see no significant differences between the paxtest output - all the differences seem to be bogus, see the details below. Fact is: There is a difference in paxtest output between PaX and exec-shield. And it is not a difference in exec-shield's advantage. Peter, no one contested that there is a difference. Ingo contested the meaningfulnes of that difference. Now, it's your turn trying to explain *why* the difference is meaningful; not just that it exists. HTH, HAND.
Re: Bug#194705: ITP: yavipin -- daemon for creating secure tunnels
On Sun, May 25, 2003 at 08:49:06PM -0500, Graham Wilson wrote:
> * Package name: yavipin
How does it differ from OpenVPN?
--
:(){ :|:&};:
Re: reliable streams over UDP
On Fri, Nov 29, 2002 at 02:16:20PM +0100, Russell Coker wrote:
> Do we have a library in Debian that provides reliable stream based
> communication over UDP?
>
> I want to be able to deal with asymetric links and end-points that change IP
> address so TCP won't work.
Why would TCP have trouble with asymmetric links? And if you
mean links that only allow traffic to pass in one direction
(there is no alternative backchannel), you really can't have
reliability.
For end-points that change IP, either look at SCTP, or build
a protocol that allows you to establish new TCP connections and
switch the logical connection to another TCP connection.
There are _really_ good reasons for using TCP, and really quite
few for not using it. In most real world scenarios, you end up
reimplementing TCP bit-by-bit, in your own protocol, over UDP.
Also, apt-cache show rocks.
--
:(){ :|:&};:
Re: Security notification script
On Mon, Aug 26, 2002 at 09:31:34PM +0100, Rob Bradford wrote:
> I have written a python script that allows you to compares locally
> installed packages with those on security.debian.org. Furthermore it
> provides a description of the problem/DSA name if the package is
> mentioned in the DSA RDF.
>
> The script is intended to be run as a normal user in a crontab, and thus
> produces no output if the system is completely upto date.
>
> You will need to install python2.2 and python2.2-xml prior to using the
> script which can be found at
> http://www.robster.org.uk/files/security-update-check.py
Great.
Except that the DSA RDF starts with
space space newline, which chokes SAX:
[EMAIL PROTECTED] ~/bin]$ ./security-update-check
Traceback (most recent call last):
File "./security-update-check", line 85, in ?
for advisory in parseDSA():
File "./security-update-check", line 23, in parseDSA
dom = xml.dom.minidom.parse(rdf)
File "/usr/lib/python2.1/site-packages/_xmlplus/dom/minidom.py", line 962, in
parse
return _doparse(pulldom.parse, args, kwargs)
File "/usr/lib/python2.1/site-packages/_xmlplus/dom/minidom.py", line 954, in
_doparse
toktype, rootNode = events.getEvent()
File "/usr/lib/python2.1/site-packages/_xmlplus/dom/pulldom.py", line 265, in
getEvent
self.parser.feed(buf)
File "/usr/lib/python2.1/site-packages/_xmlplus/sax/expatreader.py", line
208, in feed
self._err_handler.fatalError(exc)
File "/usr/lib/python2.1/site-packages/_xmlplus/sax/handler.py", line 38, in
fatalError
raise exception
xml.sax._exceptions.SAXParseException: :2:0: xml processing
instruction not at start of external entity
zsh: 12193 exit 1 ./security-update-check
[EMAIL PROTECTED] ~/bin]$
It works just nicely with 2.1; on 2.2 it dies with
[EMAIL PROTECTED] ~/bin]$ python2.2 ./security-update-check
Traceback (most recent call last):
File "./security-update-check", line 85, in ?
for advisory in parseDSA():
File "./security-update-check", line 23, in parseDSA
dom = xml.dom.minidom.parse(rdf)
File "/usr/lib/python2.2/site-packages/_xmlplus/dom/minidom.py", line 962, in
parse
return _doparse(pulldom.parse, args, kwargs)
File "/usr/lib/python2.2/site-packages/_xmlplus/dom/minidom.py", line 954, in
_doparse
toktype, rootNode = events.getEvent()
File "/usr/lib/python2.2/site-packages/_xmlplus/dom/pulldom.py", line 265, in
getEvent
self.parser.feed(buf)
File "/usr/lib/python2.2/site-packages/_xmlplus/sax/expatreader.py", line
194, in feed
self.reset()
File "/usr/lib/python2.2/site-packages/_xmlplus/sax/expatreader.py", line
232, in reset
self._parser = expat.ParserCreate(None, " ", intern = self._interning)
TypeError: 'intern' is an invalid keyword argument for this function
zsh: 12189 exit 1 python2.2 ./security-update-check
[EMAIL PROTECTED] ~/bin]$
--
:(){ :|:&};:
Re: /dev/plex86 permissions
Russell Coker <[EMAIL PROTECTED]> writes:
> Currently /dev/plex86 defaults to mode 666 on devfs. Is this really desired?
>
> Perhaps we should have a plex86 group and make the device node default to
> mode 660 and group plex86?
Note to people who are unfamiliar with devfs..
Access modes for files come from two locations:
1. The kernel, from the code that creates the entry
2. From devfsd
The kernel has no knowledge of groups, and does not want to
set any policy, so the only thing the kernel can do is make
the gid be 0.
That means /dev/plex86 has to default to u=rw,go= (just about
equal to ug=rw,o=), or to ugo=rw (which I understand is
unwanted). Then devfsd can chgrp it and set it to be g+rw.
What does the kernel code currently register as the default
mode?
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
Re: Bug#126750: klogd should optionally be started from init(8)
Martin Schulze <[EMAIL PROTECTED]> writes:
> Florian Weimer wrote:
> > The package installation scripts should offer to run klogd from
> > inittab, since klogd regularly dies in OOM situations and is not
> > restarted if the current mechanism is used.
IMHO the right solution is to slowly replace sysvinit's init.d
with something that can monitor whether the children are still
alive. For _everything_.
I know many of you hate DJB, but his daemontools is a good
idea (though I do dislike the implementation, atleast parts of
it).
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
Re: Orphaning all packages -- adopting syslog-summary
Lars Wirzenius <[EMAIL PROTECTED]> writes:
> Package: syslog-summary
> Description: Summarize the contents of a syslog log file.
> This program summarizes the contents of a log file written by syslog,
> by displaying each unique (except for the time) line once, and also
> the number of times such a line occurs in the input. The lines are
> displayed in the order they occur in the input.
I use syslog-summary extensively, I can take it.
The question is -- can I do upstreamish things to it, too?
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
Re: isync vs mailsync
Brian May <[EMAIL PROTECTED]> writes:
> > > - delete message on client => gets transfered again on next download.
> > Not if you can set up your mail client properly. If using mutt, set
> > maildir_trash.
> I typed in "rm Maildir/cur/*" and all messages were copied over again
> from scratch. Nothing was deleted. This was with "-d" and expunge
> active.
Well, do what Joey suggested; use the flag "deleted".
mv Maildir/cur/foo:2,S Maildir/cur/foo:2,ST
There's no way to differentiate between a totally-removed
and a never-delivered message, in a maildir, and isync
stores no external state.
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
double a,b=4,c;main(){for(;++a<2e6;c-=(b=-b)/a++);printf("%f\n",c);}
Re: Packages not making it into testing
Anthony Towns writes:
> + mpg123 uploaded 125 days ago, out of date by 115 days!
> mpg123-alsa is uninstallable (needs alsa-base 0.4, which is no
> longer available?)
mpg123 won't work with the newer ALSA, and there seems to be
no real mpg123 activity. I'll drop ALSA support when I get time
to update the package (not very soon).
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | First snow, then silence.
kernel, TCP/IP, C, perl, free software, | This thousand dollar screen dies
mail, www, sw devel, unix admin, hacks. | so beautifully.
Re: egcs/gcc?
On Fri, Jan 05, 2001 at 06:08:44PM +, J.H.M. Dassen (Ray) wrote:
> On Fri, Jan 05, 2001 at 19:03:45 +0100, Wichert Akkerman wrote:
> > Previously J.H.M. Dassen (Ray) wrote:
> > > - x25tap
> > > - kerneli crypto patches
> > > - ReiserFS
> > In that case ReiserFS is a really bad example, it might never be in 2.2
> > and Linus said it will be added in the 2.4 series.
> All of them are "add-ons" to vanilla 2.2. My point is that even if vanilla
> 2.4 supports all that 2.2 supports, there are still a lot of feature patches
> outside vanilla 2.2 for which no 2.4 equivalent may be available for quite
> some time to come.
And you are pretty wrong there; reiserfs for 2.4 has
been there for a while.
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
Perl this: sub stack() {my @a; sub [EMAIL PROTECTED](@a,@_):pop(@a)}}
Re: What do you wish for in an package manager?
On Fri, Dec 29, 2000 at 11:47:44PM +, Mark Seaborn wrote:
> They are unrelated if they do not need to communicate (as an
> example). If they do not need to communicate, they may as well run on
> different machines, in which case they can use different versions of
> libc. But I want to be able to merge those two machines into one --
> this is what a multi-user system is all about -- and have the two
> programs continue to use different libcs.
s/libc/kernel/ and you have a big problem. Use
plex86, VMware or an IBM mainframe. Or a pile of
inexpensive PCs (but hey, you already had that!
How nice!)
> As I suggested before, it would be easy if different processes could
> have different views on the filesystem. This is feasible on the
> Hurd. Linux is not as flexible, unfortunately. I can envisage
You are not up to date; Al Viro has been a busy boy.
Expect process namespaces in 2.5; maybe even as an
additional patches in 2.4.x (x>=1). Most of the
groundwork is already there.
Or look at ClusterNFS. Or any of the zillion hacks that
do something similar, with varying levels of success.
> modifying libc so that it is possible to redirect files elsewhere on a
> per-process basis (ideally this would be done in a general manner so
> that a call to open() could be forwarded to a server in another
> process, which would then pass back opened fd).
libc ain't enough, really. You'd need to trick the
syscalls, too. For what you describe above, modifying
libc sounds just like extra work. LD_PRELOAD, perhaps.
But the real solution is a kernel-based one. And it's already
designed and waiting for someone like Al Viro to have a month
off. Anyone want to pay him a month worth of salary?-)
> (I'm very interested in user filesystems in general. I played with
> perlfs last year, but it was too unreliable, and it broke when I
> upgraded perl anyway. Modifying libc now seems the way to go, but I'm
> not prepared to hack libc on this level yet.)
My current collection of resources is at
http://tv.debian.net/linux/kernel/fs.html
(but that doesn't include most of the stacking material;
I haven't organized it yet)
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
Perl poetry: for ($tv) { s/blood/caffeine/ while /blood/ }
RFP: secret-agent -- ssh-agent-like system for GnuPG etc
Package: wnpp
Severity: wishlist
On Fri, Dec 29, 2000 at 07:43:59PM +, Cristian Ionescu-Idbohrn wrote:
> http://www.vibe.at/tools/secret-agent/
>
> GPL
>
> Secret Agent stores your secrets in a secure manner.
>
> Its main use at the moment is with GnuPG (an e-mail encryption/signation
> solution compatible to OpenPGP), or PGP 2.6. You can store your
> passphrase with Secret Agent, and have it provide that passphrase to
> GnuPG or PGP everytime it is needed.
>
> Happy New Year,
> Cristian
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I submitted that as a request for package in the
work needing and prospective packages system. Your
wish is now recorded.
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | With searching comes loss
kernel, TCP/IP, C, perl, free software, | and the presence of absence:
mail, www, sw devel, unix admin, hacks. | "My Novel" not found.
Re: test -d /usr/man && mail submit@bugs
On Thu, Dec 28, 2000 at 02:08:08PM +, Chad Miller wrote:
> I noticed that the FHS2.1 doesn't have /usr/man -- only /usr/share/man.
> On this box, there are...
>
> $ find /usr/man -exec dpkg -S {} \; |cut -d: -f1 |grep -v , |sort |uniq
[...]
> mpg123
Not.
[EMAIL PROTECTED] ~]$ dpkg -l mpg123; dlocate -L mpg123|grep man
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ NameVersion Description
+++-===-===-==
ii mpg123 0.59r-6 MPEG layer 1/2/3 audio player
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/mpg123-oss.1.gz
[EMAIL PROTECTED] ~]$
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
Perl poetry: for ($tv) { s/blood/caffeine/ while /blood/ }
Re: RFP: WayV -- gesture based user interface
On Sun, Sep 10, 2000 at 09:12:35PM +, Hamish Moffatt wrote:
> > 2. Initially some programs that work by extending the functionality of
> > the mouse to allow gestures to represent actions, i.e. draw a C and
> > xcalc starts, draw an N and Netscape starts, etc.
> I maintain a package called libstroke0 which is a free
> library that emulates this. The gEDA GPL electronics CAD suite
> (alpha software) has support for it. There are patches
> for an old version of FVWM available too -- you can use
> strokes to do things. I had N for Netscape, D for delete
> a window, downwards stroke for a new xterm, etc.
WayV does currently basically the same thing the
FVWM patches did, but with any window manager etc.
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Chaos reigns within.
kernel, TCP/IP, C, perl, free software, | Reflect, repent, and reboot.
mail, www, sw devel, unix admin, hacks. | Order shall return.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RFP: Test::Cmd (libtest-cmd-perl) -- automated testing framework
Package: wnpp
Severity: wishlist
The Perl module is in CPAN.
--8<--
[EMAIL PROTECTED] ~]$ perl -MCPAN -e shell;
...
cpan> i Test::Cmd
...
DESCRIPTION Portable test infrastructure for commands
CPAN_USERID KNIGHT (Steven Knight <[EMAIL PROTECTED]>)
CPAN_VERSION 1.01
CPAN_FILEK/KN/KNIGHT/Test-Cmd-1.01.tar.gz
DSLI_STATUS RdpO (released,developer,perl,object-oriented)
INST_FILE(not installed)
...
cpan> readme Test::Cmd
...
THE Test::Cmd MODULE
The Test::Cmd module provides a framework for portable automated testing
of executable commands and scripts (in any language, not just Perl),
especially commands and scripts that interace with the file system.
In addition to running tests and evaluating conditions, the Test::Cmd
module manages and cleans up one or more temporary workspace directories,
and provides methods for creating files and directories in those workspace
directories from in-line data (that is, here-documents), allowing tests
to be completely self-contained.
The Test::Cmd module inherits File::Spec methods (file_name_is_absolute(),
catfile(), etc.) to support writing tests portably across a variety of
operating and file systems.
The Test::Cmd module may be used with the Test module to report test
results for use with the Test::Harness module. Alternatively, the
Test::Cmd module provides pass(), fail(), and no_result() methods that
report test results for use with the Aegis change management system.
It is not a good idea to intermix these two reporting models.
...
--8<--
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Stay the patient course
kernel, TCP/IP, C, perl, free software, | Of little worth is your ire
mail, www, sw devel, unix admin, hacks. | The network is down
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RFP: LXR -- Linux Cross-Reference, web-based C source cross referencer
Package: wnpp
Severity: wishlist
http://lxr.linux.no/
(seems to be currently down - see google cache at
http://www.google.com/search?q=cache:lxr.linux.no/+lxr&hl=en)
--8<--
Motivation
The Linux Cross-Reference project is the testbed application of a
general hypertext cross-referencing tool. (Or the other way around.)
The main goal of the project is to create a versatile
cross-referencing tool for relatively large code repositories. The
project is based on stock web technology, so the codeview client may
be chosen from the full range of available web browsers. On the server
side, the prototype implementation is based on an Apache web server,
but any Unix-based web server with cgi-script capability should do
nicely. (The prototype implementaion is running on a dual Pentium Pro
Linux box.)
The main feature of the indexer is of course the ability to jump
easily to the declaration of any global identifier. Indeed, even all
references to global identifiers are indexed. Quick access to function
declarations, data (type) definitions and preprocessor macros makes
code browsing just that tad more convenient. At-a-glance overview of
e.g. which code areas that will be affected by changing a function or
type definition should also come in useful during development and
debugging.
Other bits of hypertextual sugar, such as e-mail and include file
links, are provided as well, but is on the whole, well, sugar. Some
minimal visual markup is also done. (Style sheets are considered as a
way to do this in the future.)
Technicalities
The index generator is written in Perl and relies heavily on Perl's
regular expression facilities. The algorithm used is very brute force
and extremely sloppy. The rationale behind the sloppiness is that too
little information renders the database useless, while too much
information simply means the users have to think and navigate at the
same time.
The Linux source code, with which the project has initially been
linked, presents the indexer with some very tough obstacles.
Specifically, the heavy use of preprocessor macros makes the parsing a
virtual nightmare. We want to index the information in the
preprocessor directives as well as the actual C code, so we have to
parse both at once, which leads to no end of trouble. (Strict parsing
is right out.) Still, we're pretty satisfied with what the indexer
manages to get out of it.
There's also the question of actually broken code. We want to
reasonably index all code portions, even if some of it is not entirely
syntactically valid. This is another reason for the sloppiness.
There are obviously disadvantages to this approach. No scope checking
is done, and the most annoying effect of this is mistaking local
identifers for references to global ones with the same name. This
particular problem (and others) can only be solved by doing (almost)
full parsing. The feasibility of combining this with the fuzzy way
indexing is currently done is being looked into.
An identifier is a macro, typedef, struct, enum, union, function,
function prototype or variable. For the Linux source code between
5 and 6 identifiers are collected. The individual files of the
sourcecode are formatted on the fly and presented with clickable
identifiers.
It is possible to search among the identifiers and the entire kernel
source text. The freetext search is implemented using Glimpse, so all
the capabilities of Glimpse are available. Especially the regular
expression search capabilities are useful.
--8<--
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Stay the patient course
kernel, TCP/IP, C, perl, free software, | Of little worth is your ire
mail, www, sw devel, unix admin, hacks. | The network is down
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RFP: WayV -- gesture based user interface
Package: wnpp
Severity: wishlist
http://wayv.sourceforge.net/
--8<--
1. Experiment with human computer interaction, especially gesture
based computing.
2. Initially some programs that work by extending the functionality of
the mouse to allow gestures to represent actions, i.e. draw a C and
xcalc starts, draw an N and Netscape starts, etc.
--8<--
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Stay the patient course
kernel, TCP/IP, C, perl, free software, | Of little worth is your ire
mail, www, sw devel, unix admin, hacks. | The network is down
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RFP: xxdiff -- graphical diff & merge
Package: wnpp
Severity: wishlist
http://xxdiff.sourceforge.net/
--8<--
What is xxdiff?
xxdiff is a file comparator and merge tool. It is an open-source
replacement for Rudy Wortel's xdiff which comes with SGI machines
(which was itself inspired by SGI's gdiff). The aim for version 1.0 of
xxdiff was to contain most of the features that are present in
xdiff-1.0, and to be compatible on the command line (e.g. for code
review scripts that have been written with xdiff in mind).
What would I use such a program for?
xxdiff can be used to graphically display differences between two
(eventually three) files. It can also be used to merge two files
together, by allowing the user to select regions and save the results
of the selection. It is also an aid in code reviewing, as it allows a
reviewer to look at the pieces of changed code and save selected
portions of the code to an editor to make comments (horizontal diffs
make reviewing much easier, especially for a long list of files).
Why another graphical diff viewer? Did you look at other similar programs?
>From the author: I wanted to add features to xdiff. I had found
mgdiff, which I wasted some time modifying to some extent to have the
same features as xdiff but the licensing prevents me from distributing
it as GNU GPL, which I think is important. Plus that old C code was
getting out of hand so a nice C++ rewrite was in order. All the other
free graphical diff programs were either missing some features or were
tied to a desktop environment, or were in unstable shape. xxdiff is
desktop agnostic, it will run anywhere that Qt and GNU diff do, as
long as you can compile ANSI C++.
--8<--
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Stay the patient course
kernel, TCP/IP, C, perl, free software, | Of little worth is your ire
mail, www, sw devel, unix admin, hacks. | The network is down
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RFP: iGal -- online Image GALlery generator
Package: wnpp
Severity: wishlist
iGal: online Image GALlery generator
http://www.stanford.edu/~epop/igal/
--8<--
[ What is iGal? ]
iGal is a Perl-based program that can generate and publish an entire
online picture show (HTML slides, thumbnails and index page
included) with just one command line invocation. If you've got a
directory (or several) full of image files that are waiting to be
put online and shared with friends, then iGal is for you.
[ Features ]
flexible, well documented handles JPG and GIF images 99%
configurable through command line options and two HTML template
files generated slides use a javascript trick to preload the next
image in the slide show (great for those viewing your gallery over
slow connections) relies on programs already included with most
Linux distributions (libjpeg [src, rpm] and ImageMagick [src, rpm],
the latter being optional), not on non-standard Perl modules should
easily install and work on any Unix-like OS
--8<--
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Three things are certain:
kernel, TCP/IP, C, perl, free software, | Death, taxes, and lost data.
mail, www, sw devel, unix admin, hacks. | Guess which has occurred.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ITP: freeswan
I intend to package FreeS/WAN, the Linux IPSec
framework, available at www.freeswan.org.
I can hopefully provide kernel-patch packages
for 2.0, 2.2 and 2.3 (2.4) kernels.
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Chaos reigns within.
kernel, TCP/IP, C, perl, free software, | Reflect, repent, and reboot.
mail, www, sw devel, unix admin, hacks. | Order shall return.
Need help with OpenSSH & X authorization
severity 59862 normal
thanks
To the Release Manager:
This is an RC bug I cannot reproduce, it seems rare
and probably relates to differences in local configuration
or something like that. I'm not very enthusiastic about
getting this fixed for potato (and Branden seems all out of
clues too); it does not seem (to me) that horrible to let
this one slip by. If you disagree, just say no.
To the submitter (developers, please read on):
This bug report contains mixed output from AIX ssh,
OpenSSH, etc. It also involves one buggy X version.
Could you please do the following:
-ensure you have upgraded to X 3.3.6-5, OpenSSH 1.2.2-1.4
-log in locally, via xdm
-show the output of:
printenv DISPLAY
printenv XAUTHORITY
xauth list
xauth list "$DISPLAY"
ltrace -s100 -S xset s on
ssh -v localhost
printenv DISPLAY
printenv XAUTHORITY
xauth list
xauth list "$DISPLAY"
ltrace -s100 -S xset s on
If you also see errors like
_X11TransSocketINETConnect: Can't connect: errno = 105
Error: Can't open display: ...:10.0
but with no ssh debug lines like
debug: Received X11 open request
debug: channel 0: new [X11 connection from ... port ...]
then it seems like the sshd is not creating a X11
sockets; in that case show output of
ltrace -s100 -S sshd -d -p
# change xterm/console
ssh -v localhost -p
printenv DISPLAY
xset s on
And please make sure there are no passwords in the
ltrace outputs.
I am pessimistic about finding this bug in time for the
freeze. I'm lowering the severity to normal; if someone
else can reproduce this bug, then I will upgrade it back
to release-critical.
To the developers:
Branden and I banged our heads together on this. No go.
If you can help, _PLEASE_ do. This used to be RC; I just
downgraded it.
Here's the current idea:
1) ssh grabs the first line of xauth list $DISPLAY
2) stores the proto and data
3) generates random fake data, same proto
4) sends proto+fake data to remote
5) remote sets up a remote:10 socket, /tmp/Xauth, with proto+fake data
6) any X requests coming in with proto+fake data get translated to
proto+real data
Some part of this seems to fail. If you read the bug report,
you will see that earlier it failed in stage 6, due to X -4
being buggy. But that does not explain the current weirdness,
now it does not seem to get all the way to item 5. The
"Can't connect" and no errors from ssh seems to indicate that
sshd did not create the socket at all -- this is why I requested
sshd -d and traces, to see the socket creation.
xdm started using XDM-AUTH-1 recently. It may be involved in
this, though it still creates a MIT-MAGIC-COOKIE-1, too -- and
it should accept it, too.
Please help; try to reproduce if nothing else.
--
[EMAIL PROTECTED],havoc,gaeshido}.fi,{debian,wanderer}.org,stonesoft.com}
unix, linux, debian, networks, security, | Serious error.
kernel, TCP/IP, C, perl, free software, | All shortcuts have disappeared.
mail, www, sw devel, unix admin, hacks. | Screen. Mind. Both are blank.
ITP: greg
I'm packaging greg, http://www.gnu.org/software/greg/ (naturally GPL) --8<-- The Greg testing framework Greg is a framework for testing other programs and libraries. Its purpose is to provide a single front end for all tests and to be a small, simple framework for writing tests. Greg leverages off the Guile language to provide all the power (and more) of other test frameworks with greater simplicity and ease of use. The simplicity of the Greg framework makes it easy to write tests for any program, but it was specifically written for use with GNUstep-Guile to permit direct testing of the GNUstep libraries without the necessity to run a separate driver program. The core functionality of Greg is a Guile module which can be loaded into any software with an embedded Guile interpreter. Any program which uses Guile as it's scripting language can therefore use Greg to test itself directly! For testing external programs, Greg provides a compiled module that may be dynamically linked into Guile to permit you to run an application as a child process on a pseudo-terminal. In conjunction with the standard Guile `expect' module, this lets you test external programs. Also provided is greg - a Guile script to invoke the Greg test framework in much the same way that runtest is used in DejaGNU. All tests have the same output format (enforced by the greg-testcase procedure). Greg's output is designed to be both readable and readily parsed by other software, so that it can be used as input to customised testing processes. Greg provides most of the functionality of DejaGNU but is rather simpler. It omits specific support for cross-platform/remote testing since this is really rather trivial to add where required and tends to vary from site to site so much that an attempt at a generic solution is pretty pointless. What Greg does do, is provide hooks to let you easily introduce site specific code for handling those sorts of situations. --8<-- -- Havoc Consulting | unix, linux, perl, mail, www, internet, security consulting +358 50 5486010 | software development, unix administration, training
Intent to package: ezbounce
I will package ezbounce (http://druglord.freelsd.org/ezbounce/) - an irc proxy that lets you detach from your session and reattach later. It's GPL. ETA today. -- Havoc Consulting | unix, linux, perl, mail, www, internet, security consulting +358 50 5486010 | software development, unix administration, training
Re: Intent to package: olex
On Wed, Jan 27, 1999 at 01:33:30PM -0200, Lalo Martins wrote: > While doing my necessary daily check of Slashdot and Freshmeat, > I noticed two programs I will most likely use - one is irssi, a > GTK IRC client that runs in the panel, but I can't package it > now because none of my GTK-1.1 stuff is working (figures I'll > have to give a nasty day to my poor low bandwidth to fix). If > anyone's interested in trying, its homepage is at > http://www.sicom.fi/~ikioma/irssi.html (wnpp - this may be added > to "software that should be packaged) and it's from the guy who > originally wrote yagirc. I'll package that, if you don't get your system to work. I'm using a privately .debbed irssi right now. -- foo | +358505486010 | [EMAIL PROTECTED] | mknod /dev/trash c 1 3
Re: Intent to package: daemontools (and cdb)
On Mon, Jan 18, 1999 at 07:06:21PM +, Edward Betts wrote: > > > According to the README in the CDB archive, the CDB C source is public > > > domain, so if you strip out the docs, etc. you could put it in main. > > Yes. But as that doesn't cover even the manpages, > > or pedantically even the Makefile, I don't think > > that's useful. > Well if it is only source code that is ok, the DFSG does not cover documentry > only source code, I don't know if that includes Makefiles, I guess it does. So > all you need to rewrite are the Makefiles, and then it could go into main. I know. I consider it a longer term project, volunteers accepted;) There is a small problem - the author's code is rather idiosyncratic (good, clean, but almost uglier than K&R C), and for copyright reasons you can't just copy (or even look for help) in his documents/Makefiles. That makes creating new ones from scratch a bit hard. > > It's more of a "if you want to use this in your > > own programs, go right ahead". > Could you contact the author and ask them to change the licence? Already did. He won't, as of now. The interface is still in development, and he doesn't want to end up supporting the old interface. When he finishes the interface, I think he will allow more freedom for the software. -- foo | +358505486010 | [EMAIL PROTECTED] | mknod /dev/trash c 1 3
Re: Intent to package: daemontools (and cdb)
On Mon, Jan 18, 1999 at 10:45:34AM +0200, Tommi Virtanen wrote: > > Also, Exim uses a GPL'ed CDB. From spec.txt.gz: > > . Support for the cdb (Constant DataBase) lookup method is > > provided by code contributed by Nigel Metheringham of Planet Online > > Ltd. which contains the following statements: > I'll search for that. Thank you for the hint. After a quick look at http://www.exim.org/exim-html-2.00/doc/html/spec_2.html#SEC9 it seems like the CDB code in Exim is just some of the functions of cdb grabbed from the source; that is, no command-line-utils and no docs. It might be interesting to write GPL'ed docs and manpages for CDB. -- foo | +358505486010 | [EMAIL PROTECTED] | mknod /dev/trash c 1 3
Re: Intent to package: daemontools (and cdb)
On Mon, Jan 18, 1999 at 09:34:43PM +1300, Carey Evans wrote: > According to the README in the CDB archive, the CDB C source is public > domain, so if you strip out the docs, etc. you could put it in main. Yes. But as that doesn't cover even the manpages, or pedantically even the Makefile, I don't think that's useful. It's more of a "if you want to use this in your own programs, go right ahead". > Also, Exim uses a GPL'ed CDB. From spec.txt.gz: > > . Support for the cdb (Constant DataBase) lookup method is > provided by code contributed by Nigel Metheringham of Planet Online > Ltd. which contains the following statements: I'll search for that. Thank you for the hint. -- foo | +358505486010 | [EMAIL PROTECTED] | mknod /dev/trash c 1 3
Re: dhcpcd should probably be in base and on the boot floppies
On Sat, Oct 10, 1998 at 10:32:22AM +0100, John Lines wrote: > > I believe this is adequate need to get dhcpcd moved into base, > > and onto the boot floppies. > Also in a corporate environment many people are running DHCP servers to > provide network information to Windows 95 systems. It would be great to be > able to let people try Linux without needing to know more about the details > of IP than that they should answer "Yes" to "Does your network use DHCP ?" And even more people try to use laptops that grab a DHCP address from whatever network you happen to be in. Last time I checked, pcmcia and dhcp didn't get along very well. Any ideas? (I'm interested in fixing this, but don't know where to start) -- [EMAIL PROTECTED] - it's a valid address w/o spam
Re: LyX: just about the only word processor in debian
On Sat, Jun 20, 1998 at 04:32:04PM -0700, [EMAIL PROTECTED] wrote: > My package database lists LyX in the "obsolete" category - IMO > this is a shame. If it has disappeared from debian, I believe something > *needs* to come up soon to replace it. There's LyX and KLyX, a KDE version of LyX.. Don't worry;) [EMAIL PROTECTED] ~]$ dpkg --status lyx Package: lyx Status: purge ok not-installed Priority: optional Section: contrib/text [EMAIL PROTECTED] ~]$ dpkg --status klyx Package: klyx Status: install ok installed Priority: extra Section: contrib/tex Installed-Size: 6696 Maintainer: Christian Hammers <[EMAIL PROTECTED]> Version: 0.9.3-1 Depends: kdelibs0g (>= 2:980419), libc6, libstdc++2.8 (>= 2.90.26-1), qt1g (>= 1.33-4), xlib6g (>= 3.3-5) Description: KDE latex frontend based on lyx klyx combines the comfortable interface of a WYSIWYG word processor with the high quality output of a real typesetting system. Lyx uses LaTeX, the most popular typesetting system available, but no deep knowledge about LaTeX is required. [EMAIL PROTECTED] ~]$ -- [EMAIL PROTECTED] - it's a valid address w/o spam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
URGENT: Uploaded ssh 1.2.25-0.1 (source i386) to non-us
I just uploaded an NMU of ssh to non-us. It fixes a nasty security bug where anyone could inject data into an encrypted ssh stream. I suggest you upgrade ASAP. The files can be found for now at ftp://nonus.debian.org/pub/incoming/debian-non-US/ PS. If you reply to this message, take care with the crossposts.. -BEGIN PGP SIGNED MESSAGE- Format: 1.5 Date: Sat, 13 Jun 1998 05:23:34 +0300 Source: ssh Binary: ssh ssh-askpass Architecture: source i386 Version: 1.2.25-0.1 Distribution: frozen unstable Urgency: high Maintainer: Tommi Virtanen <[EMAIL PROTECTED]> Description: ssh- a secure replacement for rlogin, rsh, and rcp ssh-askpass - under X, asks user for a pasphrase for ssh-add Changes: ssh (1.2.25-0.1) frozen unstable; urgency=high . * The upstream version now uses binaries ending in '1', and main executables are just symlinks (for upwards compability with v2). Had to adjust debian/ssh-askpass.files to add the version with '1' and debian/rules to make sure slogin's man page is symlinked correctly. * Made ssh-askpass.1.gz link to undocumented.7.gz * Non-maintainer release, new upstream version with security bugfixes where anyone could inject data into an ssh stream (#23452, #23456). Files: c656bd052c83556f22b7bcd2a4648ad8 623 non-us optional ssh_1.2.25-0.1.dsc f16c579f8d60d2f0eaabd3c30e46ca2c 1002828 non-us optional ssh_1.2.25.orig.tar.gz 0d700887f56c88f15d1ab0f0f03d389c 14976 non-us optional ssh_1.2.25-0.1.diff.gz cd7bcc98320357549f4cf42e90bf557b 431376 non-us optional ssh_1.2.25-0.1_i386.deb 3ec5b93c55ea7dcd26fe52c6af4a195b 38112 non-us optional ssh-askpass_1.2.25-0.1_i386.deb -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBNYJjnoAGLnzk1H7BAQGBaQQA2m1N9nDOdoap6lDjZH32FFwq7FbXFBiZ xpI6JceNzPMAS+f19jjC8AoYwVLI/F0djpJDZgR5c+UhoXVXgO3EEFJWIOMSMi5M hyRme+cCoKklP5SazfNvfG6dnsnb/UPWIT5TrpeHEESpZ1sKTeI59a0EUhlKc3r/ L8fEWALx6pA= =WlhN -END PGP SIGNATURE- -- [EMAIL PROTECTED] - it's a valid address w/o spam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ssl browsers
On Thu, Jun 11, 1998 at 03:37:11PM +0100, Luis Francisco Gonzalez wrote: > I wanted to know what ssl-enabled browsers we have in debian now. Also > does anybody know if ftps:// is a valid URL for ssl-enabled ftp? fortify (in non-US) can patch Netscapes to support reasonable crypto. It does weak crypto even without that. HTH. -- [EMAIL PROTECTED] - it's a valid address w/o spam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Opinions: Fortify to include files for Solaris etc.
Hi. Please see bug #21271, and give me your opinion in private Email - I'll summarize if necessary. Fortify is a program that binary-patches Netscape to support strong cryptography. It can patch Linux/i386 Netscapes, but also Solaris Netscapes and many others.. Should the Debian version of fortify exclude the datafiles for these other platforms? Pro excluding: -disk space saved (~ 1.3MB) (but note that Fortify really is an install-use-purge -type of a package, so the data files are not necessary and the whole package can be purged at will) Con excluding: -you can no longer patch your Solaris/whatever Netscape with it -harder maintenance, further away from upstream -should we then include a package fortify-extra with the rest of the datafiles, and make fortify suggest it? Bloaty. ..just wanted to hear your opinions before releasing the new upstream version.. -- [EMAIL PROTECTED] - it's a valid address w/o spam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: on forming a new Linux Distribution
On Wed, Apr 29, 1998 at 08:05:00PM -0700, Bruce Perens wrote: > 5. Open Development. > I am proposing development visible to all, but not a free-for-all. > A core group of limited size to maintain the base system and oversee > the rest probably _is_ necessary. I am not planning to copy the Debian > constitution - I'd rather have the Bazaar-Method management we used > for the first few years of the project. It ain't no bazaar if one can't walk into it. Read Eric S. Raymonds /Homesteading the Noosphere/. Re-read it. Think where you went wrong. Just my .02 -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: installation report of hamm 26.4.
On Wed, Apr 29, 1998 at 09:22:20PM +0200, Andreas Jellinghaus wrote: > g) cvs is in default ! no ! most people don't use it, and it contains a > server, that has to be configured. this is work, and for people who > don't know cvs its very confuseing. The casual user has no need for cvs, but cvs certainly does not require its pserver. It works best without the pserver, over ssh. I hope you filed these as bugs to the spesific packages? -- [EMAIL PROTECTED] - it's a valid address w/o spam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re^2: Debian 2.0 release requirements (8bits)
On Fri, Jan 09, 1998 at 08:11:10PM -0500, Alex Yukhimets wrote:
> Aren't you questioning my right to do that? :)
> > AY> While this can be of importance to some users, it can be quite
> > AY> annoying to others.
> > ??? Please remember, a lot of languages need 8 bit clean programs. Non 8
> > bit clean programs are very bad.
> True. Many users need support for the language other than English.
> Some of that users need 8-bit clean programs AND still some additional
> customization. Some languages even have many optionas as to customization.
> (Take Russian - several possible encodings AND keyboard layouts).
> For some languages it is even not enough to have 8-bit clean programs.
That's correct - but that's what Unicode is for. It should
be supported whenever it seems feasible (e.g. web browsers).
But talking about Unicode is not going to do any good until
the world is 8-bit clean (and preferably all programs understand
Latin-1, as Unicode can fall back to that IIRC).
> You can't satisfy all users anyway. In addition, I would hate to be
> able to switch to "russian" keyboard mode (by mistake) and enter some
> letters which look just like English ones in the editor I use for
> _programming_.
Oh come on. I'd hate to change to dvorak mode. Accidental
switching of keyboard maps is hardly a good argument.
I mean, loadkeys /usr/share/keytables/slovene.map.gz
- do you really type that by accident?
(Then again, if there is a program to switch keytables
and it's user interface does not have a usable undo
or testing mode, the program is broken)
> > AY> What it means is saying "good-bye" to clean
> > AY> ascii e-mail, etc.
> > ???
> Yes. I don't like when I see 8-bit charachters. In my
> "non-internationalized" configuration they look like ""
> highlighted (or something like that). So?
> (PLEASE, no flames for *this* - I also don't like very much PGP
> signatures as MIME attachements)
I will flame you. You will not see 8-bit chars unless
you read mail from someone who writes those. For example
my parents live on Väinöläntie. How's that for you?
No, 8-bits aren't bad in themselves - if you don't want
to see them, avoid using them and they won't show up anywhere.
But don't deny others the possibility. If a mail message
does not contain any 8-bit chars, it will be sent as 7bit.
This is what you want and what will happen. But if it does
contain 8-bits then it's sent as 8-bit (or, in this world
of stupid software, 7-bit Quoted-Unreadable, but that's another
story..)
It's a win-win scenario. If you don't use you don't use them.
> > AY> What is more important, *some* utilities,
> > AY> "less" most notably, *shouldn't* be 8-bit clean.
> > Why? I would like to see German Umlaute.
> Sure, but I would like to be able to do "less " safely.
> ("more" is not safe for this).
Aww fsck. Tell less to grok ISO Latin-1 and it will
- you know, there is a single function to check if the
character is displayable or not. If it isn't it will
be displayed as a hex code. Again, win-win.
> Finally, the only thing I am trying to tell is that it is probaly not
> very wise to put as a requirement for *every* package to be 8-bit
> clean. (Note my point with the editor used for programming). I would
> suggest to use individual approach and have options for the user
Every package should be 8-bit clean. If I type 8-bits
anywhere I expect the program not to strip the eight bit.
Just plain old Latin-1 is not *that* difficult (Unicode,
then again, is). You still have not demonstrated any single
case where that would be harmful.
PS. Background: I live in Finland. We have äöå and a bit
weird keyboard layout. On debian(&redhat) just about
everything works exactly as it should. It wasn't that
hard, was it? It didn't break anything (or did it?)
--
[EMAIL PROTECTED] - it's a valid address w/o spam | +358-50-5124907
f u cn rd ths, thn u cn rd perl 2 | rm -rf / && echo bye-bye. | --tv
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
Re: Self Referencing depends
On Wed, Jan 07, 1998 at 11:49:46AM +0100, Christian Schwarz wrote: > > > In my continuing testing of deity I have discovered a number of packages > > > that had/have a self referencing depends, ie: > > > > > I just want to be sure that this IS a packaging bug and not something done > > > deliberately. It looks like the packages I mentioned above are fixed in > > > hamm so this only effects bo users and upgrading.. > How does this affect upgrading from bo? I think, deity should support > these upgrades in a user friendly manner. Otherwise, people will hate > deity as they hate dselect from the first minute. Are we going to support upgrading from any level of previous install to hamm? Because the deity problems could be avoided by providing new bo-updates versions of packages that have a self-referential Depends: -line. Ugly, but it would work (Or so it seems). Would policy allow this? Do you think it would be too much trouble for upgraders? Why is this text a block? -- [EMAIL PROTECTED] - it's a valid address w/o spam | +358-50-5124907 f u cn rd ths, thn u cn rd perl 2 | rm -rf / && echo bye-bye. | --tv -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Re: ytalk up for adoption
On Sat, Jan 03, 1998 at 10:34:09PM -0700, Bdale Garbee wrote: > I've been maintaining 'ytalk'. I don't actually use it any more, and it's > the only X-based thing I maintain except xtrkcad, which is a binary-only > package that I don't have to futz with much. Therefore, I'd like to stop > maintaining ytalk... > > Anyone want it? There are a couple of open bugs, but I'm really not > motivated to put any more time into it. I'll take it. As soon as I can find a scanner to scan my ID card to get an account on master.. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
Can I take wml and eperl?
Current situation: Heiko Schlittermann <[EMAIL PROTECTED]> maintains wml and eperl. Last mentions of him in changelogs is Oct/Sep.. There are new versions out, both packages suffer a bug, etc. If no-one protests I'll make new versions of these (eperl is ready;) and upload - as soon as I can arrange an account on master, that is.. PS. Currently wml includes eperl, iselect, weblint, m4, txt2html etc. I intend to split these (atleast the bigger ones) to separate packages, and make wml depend on them. See /usr/doc/wml/COPYRIGHT.OTHER. No reason to have eperl or m4 installed twice.. But that cames *after* getting a working version out. -- [EMAIL PROTECTED] - it's a valid address w/o spam | +358-50-5124907 f u cn rd ths, thn u cn rd perl 2 | rm -rf / && echo bye-bye. | --tv -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
