Bug#1053569: ITP: python-mceliece -- Python wrapper around libmceliece library

[Jan Mojzis]

Package: wnpp
X-Debbugs-Cc: debian-de...@lists.debian.org
Owner: Jan Mojzis 
Severity: wishlist

* Package name: python-mceliece
  Version : 20231006
  Upstream Contact: Jan Mojzis 
* URL : https://github.com/janmojzis/python-mceliece
* License : CC0
  Programming Lang: Python
  Description : Python wrapper around libmceliece library


libmceliece is a Classic McEliece microlibrary.
libmceliece has a very simple stateless API based on the SUPERCOP API,
with wire-format inputs and outputs, providing functions that directly match
the KEM operations provided by Classic McEliece, such as functions

mceliece6960119.keypair()
mceliece6960119.enc()
mceliece6960119.dec()
for the mceliece6960119 KEM

This package is related to: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050531

I'm going to maintain the package using https://salsa.debian.org/
It is being prepared here: https://salsa.debian.org/janmojzis/python-mceliece
I need sponsor for the first upload (I'm DM).

Jan

Bug#1053568: ITP: python-lib25519 -- Python wrapper around lib25519 library

[Jan Mojzis]

Package: wnpp
X-Debbugs-Cc: debian-de...@lists.debian.org
Owner: Jan Mojzis 
Severity: wishlist

* Package name: python-lib25519
  Version : 20231006
  Upstream Contact: Jan Mojzis 
* URL : https://github.com/janmojzis/python-lib25519
* License : CC0
  Programming Lang: Python
  Description : Python wrapper around lib25519 library


lib25519 is a microlibrary for the X25519 encryption system and the Ed25519
signature system, both of which use the Curve25519 elliptic curve.

lib25519 has a very simple stateless API based on the SUPERCOP API, with
wire-format inputs and outputs, providing functions that directly match the
central cryptographic operations in X25519 and Ed25519:

lib25519.x25519.keypair(pk, sk): X25519 key generation
lib25519.x25519.dh(k, pk, sk): shared-secret generation
lib25519.ed25519.keypair(pk, sk): Ed25519 key generation
lib25519.ed25519.sign(sm, , m, mlen, sk): signing
lib25519.ed25519.open(m, , sm, smlen, pk): verification + message recovery

This package is related to: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051553


I'm going to maintain the package using https://salsa.debian.org/
It is being prepared here: https://salsa.debian.org/janmojzis/python-lib25519
I need sponsor for the first upload (I'm DM).

Jan

Bug#1051553: ITP: lib25519 -- X25519/Ed25519 microlibrary

[Jan Mojzis]

> 
> Great!
> 
> I have created it -- can you push everything there, and I will do a
> review via a merge request to that repository?
> 

Ready for the review:

Note:
- currently all ASM implementations are disabled,
so that we don't have a problem with a reproducible-build/symbols/PIC/etc... in 
the first phase

Jan

Bug#1051553: ITP: lib25519 -- X25519/Ed25519 microlibrary

[Jan Mojzis]

> I would be happy to help review, co-maintain and upload this package.

Great, thank You.


First prototype for review:
'https://salsa.debian.org/janmojzis/lib25519'

if it's ok
can you please create 'salsa.debian.org/debian/lib25519 
',
I will move it there.

Currently without autopkgtest,
I will add it when librandombytes package  arrives in unstable.


Thanks
Jan

Bug#1051553: ITP: lib25519 -- X25519/Ed25519 microlibrary

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: lix25519
  Version : 20230630
  Upstream Authort: Daniel J. Bernstein
* URL : https://lib25519.cr.yp.to/
* License : LicenseRef-PD-hp OR CC0-1.0 OR 0BSD OR MIT-0 OR MIT
  Programming Lang: C
  Description : X25519 microlibrary


lib25519 is a microlibrary for the X25519 encryption system and the Ed25519 
signature system, both of which use the Curve25519 elliptic curve. Curve25519 
is the fastest curve in TLS 1.3, and the only curve in Wireguard, Signal, and 
many other applications (see Nicolai Brown's page 
https://ianix.com/pub/curve25519-deployment.html).

lib25519 has a very simple stateless API based on the SUPERCOP API, with 
wire-format inputs and outputs, providing functions that directly match the 
central cryptographic operations in X25519 and Ed25519:

lib25519_dh_keypair(pk,sk): X25519 key generation
lib25519_dh(k,pk,sk): shared-secret generation
lib25519_sign_keypair(pk,sk): Ed25519 key generation
lib25519_sign(sm,,m,mlen,sk): signing
lib25519_sign_open(m,,sm,smlen,pk): verification + message recovery
Internally, lib25519 includes implementations designed for performance on 
various CPUs, implementations designed to work portably across CPUs, and 
automatic run-time selection of implementations.

lib25519 is intended to be called by larger multi-function libraries, including 
libraries in other languages via FFI. The idea is that lib25519 will take 
responsibility for the details of X25519/Ed25519 computation, including 
optimization, timing-attack protection, and eventually verification, freeing up 
the calling libraries to concentrate on application-specific needs such as 
protocol integration. Applications can also call lib25519 directly.

I'm using this library and I'm going to maintain using https://salsa.debian.org/
I need sponsor for the first upload (I'm DM).

Bug#1050531: ITP: libmceliece -- Classic McEliece microlibrary

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libmceliece
  Version : 20230612
  Upstream Authort: Daniel J. Bernstein
* URL : https://lib.mceliece.org
* License : CC0
  Programming Lang: C
  Description : Classic McEliece microlibrary


libmceliece is a Classic McEliece microlibrary.
libmceliece has a very simple stateless API based on the SUPERCOP API,
with wire-format inputs and outputs, providing functions that directly match
the KEM operations provided by Classic McEliece, such as functions

mceliece6960119_keypair
mceliece6960119_enc
mceliece6960119_dec
for the mceliece6960119 KEM.

Internally, libmceliece is based on the official Classic McEliece software,
specifically the vec implementation (designed to work portably across CPUs) and
he avx implementation (designed for higher performance on Intel/AMD CPUs with
AVX2 instructions). libmceliece includes automatic run-time selection
of implementations.

libmceliece is intended to be called by larger multi-function libraries
(such as traditional cryptographic libraries), including libraries in other
languages via FFI. The idea is that libmceliece takes responsibility for
the details of Classic McEliece computation, including optimization,
timing-attack protection, and (in ongoing work) verification,
freeing up the calling libraries to concentrate on application-specific
needs such as protocol integration. Applications can also call libmceliece
directly.


I'm using this library and I'm going to maintain using https://salsa.debian.org/
I need sponsor for the first upload (I'm DM).

Bug#1029842: ITP: randombytes -- Library generating fresh randomness

[Jan Mojzis]

> On 28. 1. 2023, at 21:42, Sam Hartman  wrote:
> 
>>>>>> "Jan" == Jan Mojzis  writes:
> 
> * Package name: randombytes
>  Version : 20230126
>  Upstream Author : Daniel J. Bernstein
> * URL : https://randombytes.cr.yp.to/
> * License : Public domain
> 
> Public domain is problematic  as a license.
> At least under US copyright law, there are very few circumstances when
> something can actually be public domain.
> One example is software written by US government employees.
> But I don't think any of those circumstances apply to this library.
> So I'm not sure the license is okay.

If I understand it correctly, CC0-style public-domain declaration in 
debian/copyright solves the problem.
(learned here: https://lists.debian.org/debian-mentors/2017/09/msg00171.html)

~~~
License: public-domain-CC0-1.0
 Public domain.
 .
 Upstream library is marked as public-domain 
https://randombytes.cr.yp.to/index.html.
 .
 Public-domain mark does not have the same meaning in all jurisdictions,
 to avoid confusion, please follow CC0 1.0 Universal.
 The complete text of the CC0 license, version 1.0,
 can be found in /usr/share/common-licenses/CC0-1.0.
~~~

Or am I wrong?

> 
> I'll  also admit to being skepticle of the utility of such a library
> given the getrandom() API in libc.

The library internally uses getrandom().
The primary bonus is in portability and usability. The library (namely 
randombytes-kernel) uses one of the variants
getrandom(), getentropy(), "/dev/urandom" and the user/aplication doesn't need 
to care what resource is on a given operating system available.
And the user/aplication also doesn't have to worry about whether the system has 
enough entropy (e.g. /dev/urandom initialized).
Randombytes() simply waits/blocks until there is enough entropy.

Jan

Bug#1029842: ITP: randombytes -- Library generating fresh randomness

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: randombytes
  Version : 20230126
  Upstream Author : Daniel J. Bernstein
* URL : https://randombytes.cr.yp.to/
* License : Public domain
  Programming Lang: C
  Description : Library generating fresh randomness


 librandombytes is a public-domain library providing a simple API for
 applications generating fresh randomness: include ,
 call randombytes(x, xbytes) whenever desired to generate fresh random bytes
 x[0], x[1], ..., x[xbytes-1], and link with -lrandombytes.
 .
 Random bytes are often used directly in applications. Random bytes are also
 the foundation of more complicated random objects, such as random integers
 in a limited interval, random floating-point numbers from a (nearly) normal
 distribution, and random keys used in public-key cryptosystems. librandombytes
 is dedicated to obtaining fresh random bytes in the first place, and leaves
 it to higher-level libraries to convert those bytes into other types of random
 objects.
 .
 librandombytes aims for the following stringent randomness goal: no feasible
 computation will ever be able to tell the difference between the output bytes
 and true randomness (independent uniformly distributed random bytes). This
 makes the randombytes() output suitable for use in applications ranging from
 simulations to cryptography.

I'm using this library and I'm going to maintain using https://salsa.debian.org/
I need sponsor for the first upload (I'm DM).

Bug#1001503: ITP: tlswrapper -- TLS encryption wrapper

[Jan Mojzis]

20221227 version released:
- LICENCE updated from public-domain to CC0
- updated examples and linked examples.md from README.md
- added more error log messages when proxy-protocol is used

+ in debian packaging I've temporary disabled two autopkg tests,
problem in newest curl 7.87.0 (curl --haproxy-protocol ... is currently broken),
... the curl problem is already fixed in the upstream 
https://github.com/curl/curl/commit/db5f833cc72a1ceb812dde55cf926858f61c086b

Bug#1001503: ITP: tlswrapper -- TLS encryption wrapper

[Jan Mojzis]

Hi,

> The examples are interesting, maybe tlswrapper documentation should include 
> them.
> I can sponsor this, but I have a feeling that won't be accepted before 
> freeze. Let's see.

Examples are taken from the upstream repo and from the manual pages,
I edited the upstream README.md to link to these examples.

> 
> For the salsa repo: let's keep using yours for now, and see in which team it 
> should go later.

OK

Bug#1001503: ITP: tlswrapper -- TLS encryption wrapper

[Jan Mojzis]

Hi,

Tlswrapper (similar to stunnel) adds TLS encryption functionality to programs 
without modifying their code.

The fundamental difference against stunnel is in the approach to security.
Tlswrapper s tries to defend against all possible bugs in the TLS library 
itself and
tries to mitigate the impact of such a bug.

It uses the capabilities that Unix OS has:

# Separate process for every connection
The tlswrapper is executed from systemd.socket/inetd/tcpserver/... which runs 
separate instance of tlswrapper for each TLS connection. It ensures that a 
vulnerability in the code (e.g. bug in the TLS library) can't be used to 
compromise the memory of another connection.

# Separate process for network connection and separate process for secret-key 
operation
To protect against secret-information leaks to the network connection (such 
Heartbleed) tlswrapper runs two independent processes for every TLS connection. 
One process holds secret-keys and runs secret-keys operations and second talks 
to the network. Processes communicate with each other through UNIX pipes.

# JAIL - Privilege separation, filesystem isolation, limits
The tlswrapper processes run under dedicated non-zero uid to prohibit kill, 
ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit 
filesystem access. Sets ulimits to prohibit new files, sockets, etc. Sets 
ulimits to prohibit forks.


Example of how to use tlswrapper to protect mail protocols:

- run dovecot IMAPS service on port 993, authorization using client certs, and 
run under user extracted from client certificate from commonName:
tcpserver -HRDl0 0.0.0.0 993 \
/usr/bin/tlswrapper -U commonName -f /etc/ssl/sslcert.pem -a /etc/ssl/ca.pem \
/usr/lib/dovecot/imap

- run old QMAIL qmail-smtpd SMTP service on port 25 with STARTTLS enabled 
(without patching QMAIL)
tcpserver -HRDl0 0 25 \
tlswrapper -v -n -f /etc/ssl/cert.pem \
tlswrapper-smtp -v -u qmaild \
qmail-smtpd

In the example is used tcpserver (from deb. package ucspi-tcp) but similary can 
be used from e.g. systemd/inetd/... etc. .

Jan


> On 23. 12. 2022, at 10:02, Jérémy Lal  wrote:
> 
> Package: wnpp
> Followup-For: Bug #1001503
> 
> Can you explain a bit more how one will be able to use tlswrapper ?
> 
> Maybe compare it to available solutions like stunnel ?
> 
> Thanks,
> 
> Jérémy

Bug#1025515: ITP: libnginx-mod-http-brotli -- Nginx module libnginx-mod-http-brotli

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-brotli
  Version : 1.0.0rc
  Upstream Author : Google Inc
* URL : https://github.com/google/ngx_brotli
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-brotli module for Nginx


libnginx-mod-http-brotli is new module for Nginx web server.
it is a set of two nginx modules:
libnginx-mod-http-brotli-filter - filter module - used to compress responses 
on-the-fly,
libnginx-mod-http-brotli-static - used to serve pre-compressed files.

I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-brotli

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024379: ITP: libnginx-mod-http-upstream-fair -- Nginx module libnginx-mod-http-upstream-fair

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-upstream-fair
  Version : git20120408
  Upstream Author : Grzegorz Nosek
* URL : https://github.com/gnosek/nginx-upstream-fair
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-upstream-fair module for Nginx


libnginx-mod-http-upstream-fair module is currently a part of Debian Nginx 
package.

I would like to move the module to the separate package 
libnginx-mod-http-upstream-fair.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-upstream-fair
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-upstream-fair

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024377: ITP: libnginx-mod-nchan -- Nginx module libnginx-mod-nchan

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-nchan
  Version : 1.3.5
  Upstream Author : Leo Ponomarev
* URL : https://github.com/slact/nchan
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-nchan module for Nginx


libnginx-mod-nchan module is currently a part of Debian Nginx package.

I would like to move the module to the separate package libnginx-mod-nchan.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-nchan
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-nchan

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024374: ITP: libnginx-mod-rtmp -- Nginx module libnginx-mod-rtmp

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-rtmp
  Version : 1.2.2
  Upstream Author : Roman Arutyunyan
* URL : https://github.com/arut/nginx-rtmp-module
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-rtmp module for Nginx


libnginx-mod-rtmp module is currently a part of Debian Nginx package.

I would like to move the module to the separate package libnginx-mod-rtmp.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-rtmp
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-rtmp

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024372: ITP: libnginx-mod-http-geoip2 -- Nginx module libnginx-mod-http-geoip2

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-geoip2
  Version : 3.4
  Upstream Author : Lee Valentine
* URL : https://github.com/leev/ngx_http_geoip2_module
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-geoip2 module for Nginx


libnginx-mod-http-geoip2 module is currently a part of Debian Nginx package.

I would like to move the module to the separate package 
libnginx-mod-http-geoip2.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-geoip2
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-geoip2

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024371: ITP: libnginx-mod-http-dav-ext -- Nginx module libnginx-mod-http-dav-ext

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-dav-ext
  Version : 3.0.0
  Upstream Author : Roman Arutyunyan
* URL : https://github.com/arut/nginx-dav-ext-module
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-dav-ext module for Nginx


libnginx-mod-http-dav-ext module is currently a part of Debian Nginx package.

I would like to move the module to the separate package 
libnginx-mod-http-dav-ext.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-dav-ext
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-dav-ext

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024370: ITP: libnginx-mod-http-subs-filter -- Nginx module libnginx-mod-http-subs-filter

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-subs-filter
  Version : 0.6.4
  Upstream Author : Weibin Yao
* URL : 
https://github.com/yaoweibin/ngx_http_substitutions_filter_module
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-subs-filter module for Nginx


libnginx-mod-http-subs-filter module is currently a part of Debian Nginx 
package.

I would like to move the module to the separate package 
libnginx-mod-http-subs-filter.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-subs-filter
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-subs-filter

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024369: ITP: libnginx-mod-http-fancyindex -- Nginx module libnginx-mod-http-fancyindex

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-fancyindex
  Version : 0.5.2
  Upstream Author : Adrian Perez
* URL : https://github.com/aperezdc/ngx-fancyindex
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-fancyindex module for Nginx


libnginx-mod-http-fancyindex module is currently a part of Debian Nginx package.

I would like to move the module to the separate package 
libnginx-mod-http-fancyindex.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-fancyindex
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-fancyindex

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024213: ITP: libnginx-mod-http-cache-purge -- Nginx module libnginx-mod-http-cache-purge

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-cache-purge
  Version : 2.3
  Upstream Author : FRiCKLE 
* URL : https://github.com/FRiCKLE/ngx_cache_purge
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-cache-purge module for Nginx


libnginx-mod-http-cache-purge module is currently a part of Debian Nginx 
package.

I would like to move the module to the separate package 
libnginx-mod-http-cache-purge.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-cache-purge
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-cache-purge

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024211: ITP: libnginx-mod-http-uploadprogress -- Nginx module libnginx-mod-http-uploadprogress

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-uploadprogress
  Version : 0.9.2
  Upstream Author : Brice Figureau
* URL : https://github.com/masterzen/nginx-upload-progress-module
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-uploadprogress module for Nginx


libnginx-mod-http-uploadprogress module is currently a part of Debian Nginx 
package.

I would like to move the module to the separate package 
libnginx-mod-http-uploadprogress.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-uploadprogress
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-uploadprogress

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024152: ITP: libnginx-mod-http-auth-pam -- Nginx module libnginx-mod-http-auth-pam

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-auth-pam
  Version : 1.5.3
  Upstream Author : Sergio Talens Oliag
* URL : https://github.com/sto/ngx_http_auth_pam_module
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-auth-pam module for Nginx


libnginx-mod-http-auth-pam module is currently a part of Debian Nginx package.

I would like to move the module to the separate package 
libnginx-mod-http-auth-pam.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-auth-pam
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-auth-pam

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024153: ITP: libnginx-mod-http-echo -- Nginx module libnginx-mod-http-echo

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-echo
  Version : 0.63
  Upstream Author : Yichun Zhang
* URL : https://github.com/agentzh/echo-nginx-module
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-echo module for Nginx


libnginx-mod-http-echo module is currently a part of Debian Nginx package.

I would like to move the module to the separate package libnginx-mod-http-echo.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-echo
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-echo

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024151: ITP: libnginx-mod-http-headers-more-filter -- Nginx module libnginx-mod-http-headers-more-filter

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-headers-more-filter
  Version : 0.34
  Upstream Author : Yichun Zhang
* URL : https://github.com/agentzh/headers-more-nginx-module
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-headers-more-filter module for Nginx


libnginx-mod-http-headers-more-filter module is currently a part of Debian 
Nginx package.

I would like to move the module to the separate package 
libnginx-mod-http-headers-more-filter.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-headers-more-filter
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-headers-more-filter

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1024150: ITP: libnginx-mod-http-ndk -- Nginx module libnginx-mod-http-ndk

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: libnginx-mod-http-ndk
  Version : 0.3.2
  Upstream Author : Marcus Clyne
* URL : https://github.com/simpl/ngx_devel_kit
* License : BSD
  Programming Lang: C
  Description : libnginx-mod-http-ndk module for Nginx


libnginx-mod-http-ndk module is currently a part of Debian Nginx package.

I would like to move the module to the separate package libnginx-mod-http-ndk.


I would like to maintain the package using 
https://salsa.debian.org/nginx-team/libnginx-mod-http-ndk
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/libnginx-mod-http-ndk

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1016866: ITP: ngx-lua -- Lua module for Nginx

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: ngx-lua
  Version : 0.10.21
  Upstream Author : Yichun Zhang (agentzh) 
* URL : https://github.com/openresty/lua-nginx-module
* License : BSD-2-clause
  Programming Lang: (C, Lua)
  Description : Lua module for Nginx


Lua module is currently a part of Debian Nginx package.

I would like to move the module to the separate package ngx-lua.


I would like to maintain the package using https://salsa.debian.org/
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/ngx-lua

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1016054: ITP: lua-resty-lrucache -- Simple LRU cache for the ngx_lua module

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: lua-resty-lrucache
  Version : 0.13
  Upstream Author : Yichun Zhang (agentzh) 
* URL : https://github.com/openresty/lua-resty-lrucache
* License : BSD
  Programming Lang: Lua
  Description : Simple LRU cache for the ngx_lua module

This library implements a Simple LRU cache for the ngx_lua module.

I'm currenlty maintaining NGINX package, and new ngx_lua module needs the 
lua-resty-lrucache package.

I would like to maintain the package using https://salsa.debian.org/
I would need to create a 
https://salsa.debian.org/debian/lua-team/lua-resty-lrucache repository before 
uploading.
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/lua-resty-lrucache

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1016053: ITP: lua-resty-core -- New FFI-based Lua API for NGINX lua module

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: lua-resty-core
  Version : 0.10.13
  Upstream Author : Yichun Zhang (agentzh) 
* URL : https://github.com/openresty/lua-resty-core
* License : BSD
  Programming Lang: Lua
  Description : New FFI-based Lua API for NGINX lua module

This library implements a New FFI-based Lua API for NGINX lua module.

I'm currenlty maintaining NGINX package, and new ngx_lua module needs the 
lua-resty-core package.

I would like to maintain the package using https://salsa.debian.org/
I would need to create a 
https://salsa.debian.org/debian/lua-team/lua-resty-core repository before 
uploading.
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/lua-resty-core

I need sponsor only for the first upload (I'm DM).
Thank You!

Bug#1009758: ITP: flask-restx -- Flask-RESTX is an extension for Flask that adds support for quickly building REST APIs

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 
X-Debbugs-Cc: debian-de...@lists.debian.org

* Package name: flask-restx
 Version : 0.5.1
 Upstream Author : python-restx Authors
* URL : https://github.com/python-restx/flask-restx
* License : BSD-3-Clause
 Programming Lang: Python
 Description : Flask-RESTX is an extension for Flask that adds support for 
quickly building REST APIs


Flask-RESTX is an extension for Flask that adds support for quickly
building REST APIs. Flask-RESTX encourages best practices with minimal setup.
If you are familiar with Flask, Flask-RESTX should be easy to pick up. It
provides a coherent collection of decorators and tools to describe your API and
expose its documentation properly using Swagger.

I would like to maintain the package using https://salsa.debian.org/
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/python-flask-restx

I need sponsor for the first upload (I'm DM).

Bug#1006908: O: daemontools -- collection of tools for managing UNIX services

[Jan Mojzis]

Package: wnpp
Severity: normal
Control: affects -1 src:daemontools

I planned to manage the daemontools package 
(new repo is here https://salsa.debian.org/debian/daemontools),
but I didn't get a sponsor.
I leave the packaging to someone else.

The package is orphaned.

Bug#1001503: ITP: tlswrapper -- TLS encryption wrapper

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 

* Package name: tlswrapper
  Version : 20211210
  Upstream Author : Name 
* URL : https://github.com/janmojzis/tlswrapper
* License : public-domain
  Programming Lang: C
  Description : TLS encryption wrapper

The tlswrapper is an TLS encryption wrapper between remote client and
local program prog.
.
Internet <--> tcpserver/inetd/systemd.socket/... <--> tlswrapper <--> prog
.
Separate process for every connection
.
The tlswrapper is executed from systemd.socket/inetd/tcpserver/... which
runs separate instance of tlswrapper for each TLS connection.
It ensures that a vulnerability in the code (e.g. bug in the TLS library)
can't be used to compromise the memory of another connection.
.
Separate process for network connection and for secret-key operation
.
To protect against secret-information leaks to the network connection
(such Heartbleed) tlswrapper runs two independent processes for every
TLS connection. One process holds secret-keys and runs secret-keys operations
and second talks to the network. Processes communicate with each other through
unix pipes.
.
Privilege separation, filesystem isolation, limits
.
The tlswrapper processes run  under dedicated non-zero uid to prohibit kill,
ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit
filesystem access. Sets ulimits to prohibit new files, sockets, etc.
Sets ulimits to prohibit forks.
.
TLS library
.
The tlswrapper is using BearSSL library which implements only secure
versions of TLS protocol (TLS1.0 - TLS1.2). And implements safe and
constant-time algorithms.

I'm using this software and I'm going to maintain using 
https://salsa.debian.org/
Currently is the Debian package maintained here 
https://salsa.debian.org/janmojzis/tlswrapper,
I would need to create a https://salsa.debian.org/debian/tlswrapper repository 
before uploading.
I need sponsor.

Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C

[Jan Mojzis]

Repacked version without exe-binary is in the git repository:
https://salsa.debian.org/debian/bearssl

Best regards,
Jan

> On 5 Oct 2021, at 19:44, Jan Mojzis  wrote:
> 
> Ok
> I understand,
> first i will contact ‘upstream’ to remove the binary from the package.
> 
> Jan
> 
>> On 5 Oct 2021, at 19:03, Bastian Germann  wrote:
>> 
>> Am 05.10.21 um 18:59 schrieb Jan Mojzis:
>>> Hello,
>>> I have removed the patch, it wasn’t good idea.
>>> The exe binary doesn’t affect debian package.
>>> So I just updates the d/source/include-binary file.
>> 
>> Hi Jan,
>> 
>> Actually, it does affect the source package legally. You cannot know without 
>> a long process of reverse engineering what is contained in the binary. Odds 
>> are that it violates the distribution permission of additional software that 
>> is included but not documented.
>> 
>> So if you want the package sponsored by me, you would have to repack, 
>> removing that file from the source package.
>> 
>> Thanks,
>> Bastian
>> 
> 

Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C

[Jan Mojzis]

Ok
I understand,
first i will contact ‘upstream’ to remove the binary from the package.

Jan

> On 5 Oct 2021, at 19:03, Bastian Germann  wrote:
> 
> Am 05.10.21 um 18:59 schrieb Jan Mojzis:
>> Hello,
>> I have removed the patch, it wasn’t good idea.
>> The exe binary doesn’t affect debian package.
>> So I just updates the d/source/include-binary file.
> 
> Hi Jan,
> 
> Actually, it does affect the source package legally. You cannot know without 
> a long process of reverse engineering what is contained in the binary. Odds 
> are that it violates the distribution permission of additional software that 
> is included but not documented.
> 
> So if you want the package sponsored by me, you would have to repack, 
> removing that file from the source package.
> 
> Thanks,
> Bastian
> 

Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C

[Jan Mojzis]

Hello,
I have removed the patch, it wasn’t good idea.
The exe binary doesn’t affect debian package.
So I just updates the d/source/include-binary file.

Thanks
Jan 

> On 1 Oct 2021, at 12:02, Bastian Germann  wrote:
> 
> On Sat, 06 Feb 2021 19:18:43 +0100 Jan Mojzis  wrote:
>> Package: wnpp
>> Severity: wishlist
>> Owner: Jan Mojzis 
>> * Package name: bearssl
>>  Version : 0.6
>>  Upstream Author : Thomas Pornin 
>> * URL : https://bearssl.org
>> * License : MIT
>>  Programming Lang: C
>>  Description : BearSSL is an implementation of the SSL/TLS protocol (RFC 
>> 5246) written in C
>> BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in 
>> C. It aims at offering the following features:
>> - Be correct and secure. In particular, insecure protocol versions and 
>> choices of algorithms are not supported, by design; cryptographic algorithm 
>> implementations are constant-time by default.
>> - Be small, both in RAM and code footprint. For instance, a minimal server 
>> implementation may fit in about 20 kilobytes of compiled code and 25 
>> kilobytes of RAM.
>> - Be highly portable. BearSSL targets not only “big” operating systems like 
>> Linux and Windows, but also small embedded systems and even special contexts 
>> like bootstrap code.
>> - Be feature-rich and extensible. SSL/TLS has many defined cipher suites and 
>> extensions; BearSSL should implement most of them, and allow extra algorithm 
>> implementations to be added afterwards, possibly  from third parties
>> Library doesn't have compatible API with mainstream OpenSSL.
>> And it's not intended as an OpenSSL 1-1 replacement.
>> I'm using this software and I'm going to maintain using 
>> https://salsa.debian.org/.
>> I need sponsor.
> 
> Please replace the exe removing patch with a Files-Excluded rule in 
> d/copyright. This is a repack then, which has to be reflected in the version 
> string.
> Else this looks good to me.
> 
> The usual process to ask for sponsors is filing an RFS. It will get more 
> attention then.

Bug#947696:

[Jan Mojzis]

Severity: normal

I intend to addopt daemontools.

Best Regards,
Jan Mojzis

Bug#982135: Acknowledgement (ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C)

[Jan Mojzis]

The packaging is ready in my personal repository:
https://salsa.debian.org/janmojzis/bearssl 


… and prefered final location is:
https://salsa.debian.org/debian/bearssl 


Jan

Bug#982136: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 

* Package name: bearssl
 Version : 0.6
 Upstream Author : Thomas Pornin 
* URL : https://bearssl.org
* License : MIT
 Programming Lang: C
 Description : BearSSL is an implementation of the SSL/TLS protocol (RFC 
5246) written in C


BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C. 
It aims at offering the following features:
- Be correct and secure. In particular, insecure protocol versions and choices 
of algorithms are not supported, by design; cryptographic algorithm 
implementations are constant-time by default.
- Be small, both in RAM and code footprint. For instance, a minimal server 
implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes 
of RAM.
- Be highly portable. BearSSL targets not only “big” operating systems like 
Linux and Windows, but also small embedded systems and even special contexts 
like bootstrap code.
- Be feature-rich and extensible. SSL/TLS has many defined cipher suites and 
extensions; BearSSL should implement most of them, and allow extra algorithm 
implementations to be added afterwards, possibly  from third parties

Library doesn't have compatible API with mainstream OpenSSL.
And it's not intended as an OpenSSL 1-1 replacement.

I'm using this software and I'm going to maintain using 
https://salsa.debian.org/.
I need sponsor.

Bug#982135: ITP: bearssl -- BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis 

* Package name: bearssl
  Version : 0.6
  Upstream Author : Thomas Pornin 
* URL : https://bearssl.org
* License : MIT
  Programming Lang: C
  Description : BearSSL is an implementation of the SSL/TLS protocol (RFC 
5246) written in C


BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C. 
It aims at offering the following features:
- Be correct and secure. In particular, insecure protocol versions and choices 
of algorithms are not supported, by design; cryptographic algorithm 
implementations are constant-time by default.
- Be small, both in RAM and code footprint. For instance, a minimal server 
implementation may fit in about 20 kilobytes of compiled code and 25 kilobytes 
of RAM.
- Be highly portable. BearSSL targets not only “big” operating systems like 
Linux and Windows, but also small embedded systems and even special contexts 
like bootstrap code.
- Be feature-rich and extensible. SSL/TLS has many defined cipher suites and 
extensions; BearSSL should implement most of them, and allow extra algorithm 
implementations to be added afterwards, possibly  from third parties

Library doesn't have compatible API with mainstream OpenSSL.
And it's not intended as an OpenSSL 1-1 replacement.

I'm using this software and I'm going to maintain using 
https://salsa.debian.org/.
I need sponsor.

Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid

[Jan Mojzis]

> "extremely outdated"?
> 
> This sounds like a hack from ~ 20 years ago when people realized that 
> running several programs at the same time as nobody does not isolate
> them from each other.
> 
> Much better solutions for restricting what a process can or cannot do 
> are now available.
> 

The basic idea is taken from extreme - sandboxing:
https://cr.yp.to/talks/2007.04.27/extremesandbox.c[1] 

My 2 tools currently making only small
part on this idea, only droping uids/gids.
I would like to improve my tools in the future, 

but I thing first step:
- running current daemons/cron scripts/... under differentd UIDs in the system
simply by using extremesetuidgid/extremeenvuidgid (instead of 
setuidgid/envuidgid)

second step:
- create (library ??) to use buggy libraries such openssl sandboxed using idea 
from
extreme sandbox


> tinysshd [1] is another worrisome example.
> 
> Writing an own "tiny" sshd from scratch, and the result is not even 
> smaller than the dropbear everyone else uses for that purpose.

dropbear is nice example here.
https://matt.ucc.asn.au/dropbear/CHANGES[2] 
First line in the changelog:
"""
Security: Message printout was vulnerable to format string injection.
"""

I'm trying in my software eliminate bugs such 'format string injection',
this is exactly why I'm not using  sprint*,vsprint*,... and other functions 
from libc,
and also trying to eliminate varargs functions.

> 
> To make the NIH complete, it uses own versions of standard C library
> string functions and an own (pretty primitive) build system.

Yes,
the build script (and also Makefile) is very small.
I'm following the rule "less code means less bugs"
Everyone can read what it does.
It simply works on Linux, *BSD, Solaris, AIX, ...

Jan


[1] https://cr.yp.to/talks/2007.04.27/extremesandbox.c
[2] https://matt.ucc.asn.au/dropbear/CHANGES

Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid

[Jan Mojzis]

>I read manpage on github, but did not understood, what exactly this
> program provides.  Can it replace creation system users for dropping
> privileges?

It's doesn't create users.
It only drops privileges (extremesetuidgid) or sets $UID/$GID env. variables 
(extremeenvuidgid).

For example:
extremesetuidgid -b 10 sleep 1

runs command 'sleep 1' under unprivileged uid/gid (computed getpid() +10) 
e.g. for:
pid=10 ... uid=gid=100010
pid=11 ... uid=gid=100011
pid=12 ... uid=gid=100011
...

Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid

[Jan Mojzis]

> It appears there is copies of GPLv3 code from NaCL in the source. I'm not a
> lawyer, but I think that is making the distribution as "public domain"
> pretty much illegal? Or am I missing something here?

Hello,
NaCl is not GPL3.
It's public-domain https://nacl.cr.yp.to/features.html[1] 

Jan


[1] http://nacl.cr.yp.to/features.html

Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid

[Jan Mojzis]

On Monday 17 of October 2016 19:57:53 Ben Hutchings wrote:
> Jan Mojzis <jan.moj...@gmail.com> wrote:
> [...]
> > I'm going to maintain the package using collab-maint.
> > I need sponsor.
> >
> > Debian package:
> >  - has autotest
> >  - is using debhelper
> >  - is using git-dpm https://anonscm.debian.org/cgit/collab-maint/extr
> emetools.git
> >  - lintian clean (no warnings)
> 
> However, the code:
> 
> - Has a silent failure mode
where?

> - Reinvents common C library functions like strtol(), getopt(),
> strerror()
I will NEVER use str* functions from libc in my code.

> - Defines many similar functions differing only in number of arguments,
> where a varargs function would be appropriate
Is it problem ?

> - Doesn't have a 'make install' rule
Is it problem ?

> - Has manually maintained dependencies on headers
Is it problem ?

> 
> I really think you should get a little more experience with C and
> makefiles, and a full code review, before packaging something that aims
> to be a security-critical tool.
> 
> Ben.

Bug#841113: ITP: extremetools -- tools for running processes under extreme uid and gid

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis <jan.moj...@gmail.com>

* Package name: extremetools
  Version : 20161017
  Upstream Author : Jan Mojžíš <jan.moj...@gmail.com>
* URL : https://github.com/janmojzis/extremetools
* License : public-domain
  Programming Lang: C
  Description : tools for running processes under extreme uid and gid

Extremetools consists of 2 simple tools extremesetuidgid and extremeenvuidgid.
 - extremesetuidgid runs program under unique (extreme) uid and gid
 - extremeenvuidgid runs program with environment variables indicating
   unique (extreme) uid and gid

This is useful for running processes in the system under unique (extreme) 
uids/gids.
So processes can't ptrace each other, can't send signal each other, etc ...

---

I'm going to maintain the package using collab-maint.
I need sponsor.

Debian package:
 - has autotest
 - is using debhelper
 - is using git-dpm 
https://anonscm.debian.org/cgit/collab-maint/extremetools.git
 - lintian clean (no warnings)

Bug#832611: ITP: tinyssh -- Tiny SSH server

[Jan Mojzis]

On Wednesday 27 of July 2016 18:05:01 Dmitry Bogatov wrote:
> [2016-07-27 16:13] Jan Mojzis <jan.moj...@gmail.com>
> >
> > Package: wnpp
> > Severity: wishlist
> > Owner: Jan Mojzis <jan.moj...@gmail.com>
> >
> > * Package name: tinyssh
> >   Version : 20160726
> >   Upstream Author : Jan Mojzis <jan.moj...@gmail.com>
> > * URL : https://tinyssh.org/
> > * License : public domain
> >   Programming Lang: C
> >   Description : Tiny SSH server
> >
> > This is tiny SSH server which implement 'less'.
> > TinySSH supports only secure crypto (min 128-bit security,
> > protected against cache-timing attacks).
> > Unnecessary features (such SSH1 protocol, compression, scp, sftp, ...),
> > unsafe crypto (such rsa, dsa, hmac-md5, hmac-sha1, 3des, arcfour, ...) and
> > unsafe features (such password or hostbased authentication)
> > are simply NOT implemented.
> > TinySSH has less than 10 words of code, so it's very easy auditable.
> 
> Sounds nice. How does it compare with dropbear?

Hello,
TinySSH not implements 100% of SSH protocol.
It has limited amount of features.

1. only safe crypto:

implemented:
ssh-ed25519, curve25519-sha...@libssh.org, chacha20-poly1...@openssh.com

also implemented older standard (but disabled by default)
ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes128-ctr, aes256-ctr, hmac-sha2-256

not implemented:
rsa, dsa, hmac-md5, hmac-sha1, 3des, arcfour, 

2. only safe protocol
implemented:
subset of SSHv2 features

not implemented:
SSHv1

3. only safe authentification
implemented:
only authorized_keys authentification

not implemented:
password or hostbased authentication

4. no unnecesary programs
scp (‘rsync -e ssh’ makes same job)
sftp (TinySSH doesn’t have sftp program, but can run e.g. OpenSSH 
/usr/libexec/openssh/sftp-server)


5.  TinySSH has less than 100.000 word of code
computed using shell command:
cat *.c *.h \
| (cpp -fpreprocessed || gcpp -fpreprocessed) \
| sed 's/[_a-zA-Z0-9][_a-zA-Z0-9]*/x/g' \
| tr -d ' \012' | wc -c | tr -d ' '

'word of code' idea is taken from:
https://cr.yp.to/qmail/qmailsec-20071101.pdf[1] 


Jan




[1] https://cr.yp.to/qmail/qmailsec-20071101.pdf

Bug#832611: ITP: tinyssh -- Tiny SSH server

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis <jan.moj...@gmail.com>

* Package name: tinyssh
  Version : 20160726
  Upstream Author : Jan Mojzis <jan.moj...@gmail.com>
* URL : https://tinyssh.org/
* License : public domain
  Programming Lang: C
  Description : Tiny SSH server

This is tiny SSH server which implement 'less'.
TinySSH supports only secure crypto (min 128-bit security,
protected against cache-timing attacks).
Unnecessary features (such SSH1 protocol, compression, scp, sftp, ...),
unsafe crypto (such rsa, dsa, hmac-md5, hmac-sha1, 3des, arcfour, ...) and
unsafe features (such password or hostbased authentication)
are simply NOT implemented.
TinySSH has less than 10 words of code, so it's very easy auditable.

I'm an upstream author and I'm going to maintain using collab-maint.
I need sponsor.

Bug#825174: ITP: dq -- DNS/DNSCurve query tool

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis <jan.moj...@gmail.com>

* Package name: dq
  Version : 20160523
  Upstream Author : Jan Mojzis <jan.moj...@gmail.com>
* URL : https://mojzis.com/software/dq/
* License : public domain
  Programming Lang: C
  Description : DNS/DNSCurve query tool

The dq package provides software for DNS/DNSCurve.
This software is derived from djbdns, adds DNSCurve protection and
support for IPv6.

Contains 2 programs dq and dqcache:

Dq is commandline tool similar to dnsq, dnsqr from djbdns.
Is used to query DNS/DNSCurve server for specific
type of records about a given domain name.

Dqcache is recursive DNS/DNSCurve server derived from dnscache.

---

This software implements DNSCurve (https://dnscurve.org/).
Adds strong end-to-end encryption into DNS comunication and
protect DNS packets against:
- espionage
- packet corruption
- sabotage


I'm using this software and I'm going to maintain using collab-maint.
I need sponsor.

Bug#459318: ITP: ucspi-tcp -- tcpclient, tcpserver and other TCP easy-use commandline-tools

[Jan Mojzis]

Package: wnpp
Severity: wishlist
Owner: Jan Mojzis [EMAIL PROTECTED]


* Package name: ucspi-tcp
  Version : 0.88
  Upstream Author : Daniel J. Bernstein
* URL : http://cr.yp.to/ucspi-tcp.html
* License : public domain
  Programming Lang: C
  Description : tcpclient, tcpserver and other TCP easy-use 
commandline-tools

 Written by Dan J. Bernstein, tcpclient and tcpserver are
 powerful easy-to-use command-line tools for building TCP
 client-server applications. tcpserver provides TCP access control
 features, similar to tcp-wrappers/tcpd's hosts.allow but much
 faster; it can run high-availability services much better than
 inetd.
 .
 Real-time Blocking List support is also included in tcpserver, so
 you can run qmail-smtpd with it and avoid a lot of SPAM.
 .
 tcpclient and tcpserver conform to UCSPI, the UNIX Client-Server
 Program Interface, using the TCP protocol.
 .

 For now is ucspi-tcp released into the public domain including distributing
 modified version.


 (I can help with packaging)
 Jan Mojzis
 [EMAIL PROTECTED]




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]