The following commit has been merged in the master branch:
commit 385c44b12c22c4615d0a1df3f3a96ca660d6f026
Author: Niels Thykier ni...@thykier.net
Date: Thu Dec 8 10:38:35 2011 +0100
doc-pkg-depends-on-main-pkg should also be triggered with Depends
A mistake in the regex caused the
Hi!
As you fellow backporter I took a quick glance at the hardening-wrapper
package, and didn't spotted any problems so far (as in: I could create
a backport, install it, and can still compile stuff). However, as I'm
not very familiar with it, I'll ping the maintainers for their opinion.
Also
Hi!
Am 08.12.2011 10:13, schrieb Alexander Reichle-Schmehl:
As you fellow backporter I took a quick glance at the hardening-wrapper
package, and didn't spotted any problems so far (as in: I could create
a backport, install it, and can still compile stuff). However, as I'm
not very familiar
The following commit has been merged in the master branch:
commit b08ea6174d0b057cae166fc8d020873aede6886a
Author: Evan Broder e...@ebroder.net
Date: Thu Dec 8 11:21:43 2011 +0100
Check git and debian/changelog before showing dummy version number
This should ensure that lintian
Package: lintian
Version: 2.5.4
Followup-For: Bug #650536
Hi,
I was informed (and have verified) that hardening-check uses ldd(1).
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it
is run on[1]. This smells like a CVE in the making, so would it be
possible for you to update
Package: lintian
Version: 2.5.4
Severity: minor
This is the current message for unversioned-copyright-format-uri:
N:
N:Format URI of the machine-readable copyright file is not versioned.
N:
N:Please use
N:http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?revision=revisi
N:
The following commit has been merged in the master branch:
commit 14a9bc50d150bb5488b418aede339510997976cd
Author: Niels Thykier ni...@thykier.net
Date: Thu Dec 8 12:24:05 2011 +0100
Updated the estimate for an archive-wide in the manual
The new text is an overestimate. Current
* Niels Thykier ni...@thykier.net, 2011-12-08, 12:06:
I was informed (and have verified) that hardening-check uses ldd(1).
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it is
run on[1]. This smells like a CVE in the making,
AFAIUI, ldd in our libc is not vulnerable to
On 2011-12-07 21:32, Nicholas Bamber wrote:
Package: lintian
Version: 2.5.4
Severity: minor
Dear Maintainer,
Hi,
* What led up to the situation?
I have script that generates a private Debian package,
builds it and runs lintian on the resulting changes file.
I changed the name of
On 2011-12-08 15:34, Niels Thykier wrote:
The following commit has been merged in the master branch:
commit 07cc7a1cbef8d0bdebd9aa9aa68fce592f4511e5
Author: Niels Thykier ni...@thykier.net
Date: Thu Dec 8 15:34:01 2011 +0100
Made direct_dependencies properly handle udebs
The following commit has been merged in the master branch:
commit 92a5b55947ccdf72dd844052e75f58ef9f0936f9
Author: Niels Thykier ni...@thykier.net
Date: Thu Dec 8 16:52:08 2011 +0100
file-info-helper: Skip non-files with .gz extension
If file(1) says that a non-file is not a .gz
The following commit has been merged in the master branch:
commit 0dd28d6e5cb074cf42e60dca19e3c5213f8f96e7
Author: Niels Thykier ni...@thykier.net
Date: Thu Dec 8 17:00:28 2011 +0100
Check etc/php5/conf.d/file.ini is a file before opening it
Signed-off-by: Niels Thykier
Niels,
I think the following steps should reproduce it:
1.) Take a package and run lintian against it.
2.) Then delete the package and but still run lintian against it.
On 08/12/11 14:05, Niels Thykier wrote:
On 2011-12-07 21:32, Nicholas Bamber wrote:
Package: lintian
Version: 2.5.4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2011-12-08 22:57, Nicholas Bamber wrote:
Niels,
I think the following steps should reproduce it:
1.) Take a package and run lintian against it.
2.) Then delete the package and but still run lintian against it.
[...]
Sadly I still
The following commit has been merged in the master branch:
commit f73500ebf5510212691c9d9bf33ba4226f24f65a
Author: Niels Thykier ni...@thykier.net
Date: Thu Dec 8 23:06:41 2011 +0100
Allow fonts in packages starting with fonts-
This completes the fix for #646838.
Processing commands for cont...@bugs.debian.org:
#lintian (2.5.5) UNRELEASED; urgency=low
#
# * checks/files:
#+ [JW,NT] Skip Multi-Arch: same check of gzip files if their
# install path contains the architecture. (Closes: #650665)
#+ [JW] Fixed a false-negative
On Sat, Dec 03, 2011 at 11:20:05AM +0100, Niels Thykier wrote:
On 2011-12-02 01:33, Kees Cook wrote:
1) With these build tests added, all the other internal lintian tests
need to either:
a) add the new warnings to their tags file, or
b) have all their builds adjusted to
On Thu, Dec 08, 2011 at 12:06:37PM +0100, Niels Thykier wrote:
I was informed (and have verified) that hardening-check uses ldd(1).
Unfortunately, ldd(1) appears to be (semi-)executing the binaries it
is run on[1]. This smells like a CVE in the making, so would it be
possible for you to
On Thu, Dec 08, 2011 at 11:50:19AM +0100, Jakub Wilk wrote:
Currently ldd is used to discover which libc the binaries is linked
to, in order to read symbol from the libc library. But this won't
work, even when using readelf, for foreign architecture binaries,
for the simple reason that such
19 matches
Mail list logo
