On Thu, Dec 08, 2011 at 11:50:19AM +0100, Jakub Wilk wrote:
> Currently ldd is used to discover which libc the binaries is linked
> to, in order to read symbol from the libc library. But this won't
> work, even when using readelf, for foreign architecture binaries,
> for the simple reason that such
On Thu, Dec 08, 2011 at 12:06:37PM +0100, Niels Thykier wrote:
> I was informed (and have verified) that hardening-check uses "ldd(1)".
> Unfortunately, ldd(1) appears to be (semi-)executing the binaries it
> is run on[1]. This smells like a CVE in the making, so would it be
> possible for you to
On Sat, Dec 03, 2011 at 11:20:05AM +0100, Niels Thykier wrote:
> On 2011-12-02 01:33, Kees Cook wrote:
> > 1) With these build tests added, all the other internal lintian tests
> >need to either:
> > a) add the new warnings to their "tags" file, or
> > b) have all their builds a
Processing commands for cont...@bugs.debian.org:
> #lintian (2.5.5) UNRELEASED; urgency=low
> #
> # * checks/files:
> #+ [JW,NT] Skip "Multi-Arch: same" check of gzip files if their
> # install path contains the architecture. (Closes: #650665)
> #+ [JW] Fixed a false-negative "empt
The following commit has been merged in the master branch:
commit f73500ebf5510212691c9d9bf33ba4226f24f65a
Author: Niels Thykier
Date: Thu Dec 8 23:06:41 2011 +0100
Allow fonts in packages starting with "fonts-"
This completes the fix for #646838.
Signed-off-by: Niels Thyk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2011-12-08 22:57, Nicholas Bamber wrote:
> Niels,
> I think the following steps should reproduce it:
>
> 1.) Take a package and run lintian against it.
> 2.) Then delete the package and but still run lintian against it.
>
>[...]
Sadly I s
Niels,
I think the following steps should reproduce it:
1.) Take a package and run lintian against it.
2.) Then delete the package and but still run lintian against it.
On 08/12/11 14:05, Niels Thykier wrote:
> On 2011-12-07 21:32, Nicholas Bamber wrote:
>> Package: lintian
>> Version: 2.
The following commit has been merged in the master branch:
commit 0dd28d6e5cb074cf42e60dca19e3c5213f8f96e7
Author: Niels Thykier
Date: Thu Dec 8 17:00:28 2011 +0100
Check etc/php5/conf.d/.ini is a file before opening it
Signed-off-by: Niels Thykier
diff --git a/checks/files b/che
The following commit has been merged in the master branch:
commit 92a5b55947ccdf72dd844052e75f58ef9f0936f9
Author: Niels Thykier
Date: Thu Dec 8 16:52:08 2011 +0100
file-info-helper: Skip non-files with .gz extension
If file(1) says that a non-file is not a .gz file, then it is
On 2011-12-08 15:34, Niels Thykier wrote:
> The following commit has been merged in the master branch:
> commit 07cc7a1cbef8d0bdebd9aa9aa68fce592f4511e5
> Author: Niels Thykier
> Date: Thu Dec 8 15:34:01 2011 +0100
>
> Made direct_dependencies properly handle udebs
>
> This fixes a
The following commit has been merged in the master branch:
commit 07cc7a1cbef8d0bdebd9aa9aa68fce592f4511e5
Author: Niels Thykier
Date: Thu Dec 8 15:34:01 2011 +0100
Made direct_dependencies properly handle udebs
This fixes an error that would cause lintian to skip some checks for
On 2011-12-07 21:32, Nicholas Bamber wrote:
> Package: lintian
> Version: 2.5.4
> Severity: minor
>
> Dear Maintainer,
>
Hi,
>* What led up to the situation?
> I have script that generates a private Debian package,
> builds it and runs lintian on the resulting changes file.
> I changed the
* Niels Thykier , 2011-12-08, 12:06:
I was informed (and have verified) that hardening-check uses "ldd(1)".
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it is
run on[1]. This smells like a CVE in the making,
AFAIUI, ldd in our libc is not vulnerable to arbitrary code exec
The following commit has been merged in the master branch:
commit 14a9bc50d150bb5488b418aede339510997976cd
Author: Niels Thykier
Date: Thu Dec 8 12:24:05 2011 +0100
Updated the estimate for an archive-wide in the manual
The new text is an overestimate. Current numbers suggest we c
Package: lintian
Version: 2.5.4
Severity: minor
This is the current message for unversioned-copyright-format-uri:
N:
N:Format URI of the machine-readable copyright file is not versioned.
N:
N:Please use
N:http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?revision= as the fo
Package: lintian
Version: 2.5.4
Followup-For: Bug #650536
Hi,
I was informed (and have verified) that hardening-check uses "ldd(1)".
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it
is run on[1]. This smells like a CVE in the making, so would it be
possible for you to update
The following commit has been merged in the master branch:
commit b08ea6174d0b057cae166fc8d020873aede6886a
Author: Evan Broder
Date: Thu Dec 8 11:21:43 2011 +0100
Check git and debian/changelog before showing dummy version number
This should ensure that lintian --version prints out
Hi!
Am 08.12.2011 10:13, schrieb Alexander Reichle-Schmehl:
> As you fellow backporter I took a quick glance at the hardening-wrapper
> package, and didn't spotted any problems so far (as in: I could create
> a backport, install it, and can still compile stuff). However, as I'm
> not very famil
Hi!
As you fellow backporter I took a quick glance at the hardening-wrapper
package, and didn't spotted any problems so far (as in: I could create
a backport, install it, and can still compile stuff). However, as I'm
not very familiar with it, I'll ping the maintainers for their opinion.
Also n
The following commit has been merged in the master branch:
commit 385c44b12c22c4615d0a1df3f3a96ca660d6f026
Author: Niels Thykier
Date: Thu Dec 8 10:38:35 2011 +0100
doc-pkg-depends-on-main-pkg should also be triggered with Depends
A mistake in the regex caused the tag only to be tr
20 matches
Mail list logo
