Bug#973795: ITP: hyperborg -- Decentralised and distributed home automation system

[Nagy Imre]

Package: wnpp
Severity: wishlist
Owner: Nagy Imre 

* Package name: hyperborg
  Version : 1.0.0
  Upstream Author : Imre Nagy 
* URL : https://github.com/hyperborg/hyperborg.git
* License : Apache-2.0
  Programming Lang: C++, Qt
  Description : Decentralised and distributed home automation system

Although Home Assistant and Domoticz are the key player in this area
they have certaind design consideration that makes them not easy-to-use or
not-fail-safe.

Official webpage: https://hyperborg.com

HyperBorg is a new contented in the area, focusing on primary decentralisation
and high speed communication and trires to create an easy alternative.

Using C++, Qt and WebAssembly framework it can deliver statility and performance
as well as state-of-the-art responsive GUI interfaces, multi-threaded execution
scalable from RPI1 to multi-CPU servers.

Its Scratch-like interface makes it easy to extend and imporove the setup and 
creating
functions and programs that is used for the automation.

HyperBorg is aiming mainly for home automation, but as a framework could be used
for other purposes too. (Collecting server telemetries, etc)

I am the author of HyperBorg, so currently the developement and maintanence 
would
be in the same hand, but I expect to gain larger user base as the project 
develops.

HyperBorg depends on Qt framework.

Sponsor might needed.

Best regards,
Imre

Re: CITL Releasing 7000 defects/vulnerabilities

[Craig Small]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I got my reports for two of my packages (I'm upstream for both too).

The first problem is I couldn't find what version of the program they found
the bug in.  I also looked closely at one specific example and it didn't
crash at all. Unless there was some underlying problem with a previous
version of atoi() I cannot actually see what sending it what it got would
do anything other than what I see (effectively "meh, you sent 0 Ill exit
now").

 - Craig

On 2020-11-01 at 23:34, calumlikesapple...@gmail.com wrote:
> On Sun, 2020-11-01 at 14:56 -0800, Russ Allbery wrote:
> > Utkarsh Gupta  writes:
> >
> > > That said, it'd be a bit weird if they don't report these issues and
ask
> > > for a CVE assignment against these.  Anyway, the security team might
> > > know more about this.
> >
> > It appears to be the output of automated fuzz testing, which based on
past
> > experience means that a large percentage of the crashes are probably
not
> > exploitable.
>
> Oh, it's definitely the result of automated fuzzing.  Their entire
website
> is about using automated fuzzers to find code defects.  Plus, I don't
think
> any sane person would spend their time concocting test cases for crashes
in
> 0x (a nokia firmware writer) without bothering to report the bugs
they
> found in binutils (a somewhat more common package).
>
> Further, I would argue that many of the crashes might not be just
> unexploitable, but appropriate.  If given highly unusual and bizarre
input,
> crashing with SIGABRT might be the most sane response.
>
> > The raw data is not hugely useful in aggregate unless you enjoy fixing
> > edge-case buffer management bugs that no one is likely to care about
(such
> > as in options parsing code).  It can be made useful by tracking down
where
> > the crash happens and then figuring out if that's part of an attack
> > surface, but that's quite a bit of work which they're clearly not
> > volunteering to do.
>
> That being said, I do think we should at least take a look.  A ton of
> security bugs are just buffer overflows, and it has been shown that even
> tiny bugs can lead to remote code execution.  I recently read
>
googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html

> which goes from writing a single null byte past the end of a linked list
to
> full privileges, despite security features like ASLR.  Even if none of
their
> test cases can be used to exploit modern packages, we'd at least know.
>
> I agree with Daniel Leidert that Debian should take charge of this,
rather
> than expecting each of the package maintainers to individually request
the
> CITL data and test it.  Perhaps QA could get the master copy, devise a
> script to find the unfixed test cases, and notify package maintainers.
>
>
> Thanks for taking the time to read my wall of words,
> Calum M
-BEGIN PGP SIGNATURE-
Version: FlowCrypt Email Encryption 7.9.7
Comment: Seamlessly send and receive encrypted email

wsFzBAEBCgAGBQJfo9SsACEJEAIhZsD/PITjFiEEXT3w9TizJ8CqeneiAiFm
wP88hOP8Xg/+LJYPcP0kP57uYkeQBF9l3eHQOkdRSSWWo5trijUrcva88y8U
kDjofUJUD2ok8PzHtBWgLe75zyjtBzyHdzTnjPRt7V2qXn8mlhw7mda2QJQK
SRJ+4qoEcZdnHgkqcAxCzE9VFh/Q9vD08IqDxLB4gIkOrA6WCIEnXdjaQ86i
N9cVST3obAWTYvgXlEdUv2m60aIxhYB0GEwxrM05ZqpZmx9K9uE2NFBNjVg0
S3aSS/9IBffLWv7wLJKaZc0xfSczB9y8S1dt/8CBOSDgxVtoI+b4cf4KiTuf
oniXYGJBz/P8bS5NnzaeNCrsmfNK5ugUGu7XJvnxsgpy75kBXoZciBtaqiJF
pvNYct2SLpbWyDF4+60ATFhhd6xdxCpv8eCgx8WpHvMenZ+vISCxSdVmvKna
xYd9HFyu0AZCRD9taA+CUYVs6NNeDlxQL8IE6km5FJRwSXbDo0EY2s7SySrt
HYEr4mFCSdHsdXTbvIRKHm0fUVmfKyVorvKPq9z3JR40HmdP9kCjtNRu2VYW
nVBoWA7LoehKbH4KtFNbNmunqefQrI6KjsKiML73BJCrirn0ITK40onxOi2h
Y5nG2hz6yYKD2ypSGWmcePcRxplhO/iQxHCI+2XEAQuoSGO0FHgP/pnn8L8m
6pkC/8fkJUDaXivNfr+zH4wJE6vTX54YMqw=
=DoyM
-END PGP SIGNATURE-


0x3938F96BDF50FEA5.asc
Description: application/pgp-keys

[no subject]

[Tor G Salte]

Sendt fra E-post for Windows 10

Bug#973820: ITP: golang-github-moby-term -- utilities for dealing with terminals

[Francisco Vilmar Cardoso Ruviaro]

Package: wnpp
Severity: wishlist
Owner: Francisco Vilmar Cardoso Ruviaro 
X-Debbugs-Cc: debian-devel@lists.debian.org, francisco.ruvi...@riseup.net

* Package name: golang-github-moby-term
  Version : 0.0~git20201101.25d840c-1
  Upstream Author : Moby Project
* URL : https://github.com/moby/term
* License : Apache-2.0
  Programming Lang: Go
  Description : utilities for dealing with terminals

term provides structures and helper functions to work with terminal
(state, sizes).

golang-github-moby-term-dev is one of the Build-Depends for tty-share.

Bug#973822: ITP: dosbox-staging -- DOSBox Staging is a full x86 CPU emulator (independent of host architecture), capable of running DOS programs that require real or protected mode.

[David Heidelberg]

Package: wnpp
Severity: wishlist
Owner: David Heidelberg 
X-Debbugs-Cc: debian-devel@lists.debian.org

* Package name: dosbox-staging
  Version : 0.76
  Upstream Author : The DOSBox Staging Team
* URL : https://dosbox-staging.github.io/
* License : GPL-2.0-or-later
  Programming Lang: C, C++
  Description : DOSBox Staging is a full x86 CPU emulator (independent of 
host architecture), capable of running DOS programs that require real or 
protected mode.


DOSBox Staging is a full x86 CPU emulator (independent of host
architecture), capable of running DOS programs that require real or
protected mode.
It features:
* A built-in DOS-like console
* Emulation of several PC variants: IBM PC, IBM PCjr, Tandy 1000),
  and CPUs (286, 386, 486, and Pentium I)
* Graphics chipsets: Hercules, CGA, EGA, VGA, and SVGA
* Audio solutions: PC Speaker, Tandy Sound System, Disney Sound Source,
  Sound Blaster series, and Gravis UltraSound
* CDROM and CD Digital Audio with audio optionally encoded as FLAC,
  Opus, OGG/Vorbis, MP3 or WAV
* Joystick emulation working with modern game controllers
* Serial port emulation including IPX over UDP and Telnet over TCP/IP
* Hardware-accelerated video output including integer (pixel-perfect)
  scaling, sharp-bilinear scaling, OpenGL shaders, and more

DOSBox Staging is highly configurable and sufficiently-optimized to run
any DOS game on a modern computer.

Q: why is this package useful/relevant?
A: Sucessor of DOSBox, which is already inside Debian

Current Debian WIP repository: https://salsa.debian.org/Feignint/dosbox-staging

Bug#973824: ITP: watchtower-clojure -- simple file/directory watcher library

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: watchtower-clojure
  Version : 0.1.1
  Upstream Author : Chris Granger 
* URL : https://github.com/ibdknox/watchtower
* License : EPL-1.0
  Programming Lang: Clojure
  Description : simple file/directory watcher library

 This package provides a simple file/directory watcher library. It can watch
 a file, or a folder, and filter what filename shall be watch in the folder.
 The rate for the polling can also be defined.

Note: This is part of the long dependency chain for puppet-server 6.

introducing an epoch when reintroducing scala-mode-el to Debian

[Nicholas D Steeves]

Hi,

I've been working with Sławomir Wójcik to reintroduce scala-mode-el to
Debian.  The version in Buster is: 20111005-2.1, whose source was:

  svn co 
http://lampsvn.epfl.ch/svn-repos/scala/scala-tool-support/trunk/src/emacs/ 
scala-mode
  https://www.scala-lang.org/old/node/354

The replacement for the scala-lang.org copy is the following, maintained
by Heikki Vesalainen's, and distributed on MELPA (3rd party repository
for Emacs packages):

   https://github.com/hvesalai/emacs-scala-mode
   https://stable.melpa.org/#/scala-mode

Vesalainen's copy is at version 1.1.0, thus I would like to reintroduce
scala-mode-el as version "1:1.1.0-1" so that apt will prefer 1.1.0 and
upgrade the package for existing users.

Regards,
Nicholas


signature.asc
Description: PGP signature

Bug#973828: ITP: golang-github-ianbruene-go-difflib -- partial port of Python difflib package to Go

[Anthony Fok]

Package: wnpp
Severity: wishlist
Owner: Anthony Fok 

* Package name: golang-github-ianbruene-go-difflib
  Version : 1.2.0-1
  Upstream Author : Patrick Mézard, Ian Bruene
* URL : https://github.com/ianbruene/go-difflib
* License : BSD-3-clause
  Programming Lang: Go
  Description : partial port of Python difflib package to Go

 Go-difflib is an as yet partial port of python 3's difflib package.
 Its main goal was to make unified and context diff available in pure Go,
 mostly for testing purposes.
 .
 The previous owner of this project (pmezard) did not have the time to
 continue working on it (github.com/pmezard/go-difflib), so ianbruene
 continues to develop it at github.com/ianbruene/go-difflib.

Reason for packaging: Required by new version of reposurgeon (4.19)

Bug#973841: ITP: callaudiod -- Call audio routing daemon

[Arnaud Ferraris]

Package: wnpp
Severity: wishlist
Owner: Arnaud Ferraris 
X-Debbugs-Cc: debian-devel@lists.debian.org, arnaud.ferra...@gmail.com

* Package name: callaudiod
  Version : 0.0.4
  Upstream Author : Arnaud Ferraris 
* URL : https://gitlab.com/mobian1/callaudiod
* License : GPL, LGPL
  Programming Lang: C
  Description : Call audio routing daemon

callaudiod is a daemon for routing audio during voice calls. It is
used by the latest version of gnome-calls and provides a D-bus
interface with methods allowing the following:
  * switch the card profile
  * route audio to the internal speaker or back to the earpiece
  * mute or unmute the microphone

This package will be maintained by the DebianOnMobile team.

Work-needing packages report for Nov 6, 2020

[wnpp]

The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.

Total number of orphaned packages: 1176 (new: 1)
Total number of packages offered up for adoption: 212 (new: 3)
Total number of packages requested help for: 63 (new: 0)

Please refer to https://www.debian.org/devel/wnpp/ for more information.



The following packages have been orphaned:

   dhex (#973686), orphaned 2 days ago
 Description: ncurses based hex editor with diff mode
 Installations reported by Popcon: 505
 Bug Report URL: https://bugs.debian.org/973686

1175 older packages have been omitted from this listing, see
https://www.debian.org/devel/wnpp/orphaned for a complete list.



The following packages have been given up for adoption:

   django-qr-code (#973705), offered 2 days ago
 Description: Tools for displaying QR codes on your Django site
 Installations reported by Popcon: 1
 Bug Report URL: https://bugs.debian.org/973705

   segno (#973704), offered 2 days ago
 Description: Python QR Code and Micro QR Code encoder
 Installations reported by Popcon: 1
 Bug Report URL: https://bugs.debian.org/973704

   tar (#973844), offered today
 Description: GNU version of the tar archiving utility
 Reverse Depends: awit-dbackup dpkg dpkg-dev dump engrampa
   lava-dispatcher obs-worker pristine-tar tar-scripts
 Installations reported by Popcon: 199849
 Bug Report URL: https://bugs.debian.org/973844

209 older packages have been omitted from this listing, see
https://www.debian.org/devel/wnpp/rfa_bypackage for a complete list.



For the following packages help is requested:

   album-data (#964105), requested 127 days ago (non-free)
 Description: themes, plugins and translations for album
 Installations reported by Popcon: 84
 Bug Report URL: https://bugs.debian.org/964105

   apache2 (#910917), requested 754 days ago
 Description: Apache HTTP Server
 Reverse Depends: apache2 apache2-ssl-dev apache2-suexec-custom
   apache2-suexec-pristine backuppc courier-webadmin cvsweb debbugs-web
   doc-central dwww (133 more omitted)
 Installations reported by Popcon: 94638
 Bug Report URL: https://bugs.debian.org/910917

   asciio (#968843), requested 75 days ago
 Description: dynamically create ASCII charts and graphs with GTK+2
 Installations reported by Popcon: 88
 Bug Report URL: https://bugs.debian.org/968843

   aufs (#963191), requested 138 days ago
 Description: driver for a union mount for Linux filesystems
 Reverse Depends: fsprotect
 Installations reported by Popcon: 14714
 Bug Report URL: https://bugs.debian.org/963191

   autopkgtest (#846328), requested 1436 days ago
 Description: automatic as-installed testing for Debian packages
 Reverse Depends: debci-worker qemu-sbuild-utils
 Installations reported by Popcon: 1214
 Bug Report URL: https://bugs.debian.org/846328

   balsa (#642906), requested 3329 days ago
 Description: An e-mail client for GNOME
 Installations reported by Popcon: 673
 Bug Report URL: https://bugs.debian.org/642906

   broadcom-sta (#886599), requested 1032 days ago (non-free)
 Description: Broadcom STA Wireless driver (non-free)
 Installations reported by Popcon: 1708
 Bug Report URL: https://bugs.debian.org/886599

   cargo (#860116), requested 1304 days ago
 Description: Rust package manager
 Reverse Depends: dh-cargo
 Installations reported by Popcon: 1729
 Bug Report URL: https://bugs.debian.org/860116

   cyrus-imapd (#921717), requested 636 days ago
 Description: Cyrus mail system - IMAP support
 Reverse Depends: cyrus-admin cyrus-caldav cyrus-clients cyrus-dev
   cyrus-imapd cyrus-murder cyrus-nntpd cyrus-pop3d cyrus-replication
 Installations reported by Popcon: 445
 Bug Report URL: https://bugs.debian.org/921717

   cyrus-sasl2 (#799864), requested 1870 days ago
 Description: authentication abstraction library
 Reverse Depends: 389-ds-base adcli autofs-ldap cyrus-caldav
   cyrus-clients cyrus-common cyrus-dev cyrus-imapd cyrus-imspd
   cyrus-murder (77 more omitted)
 Installations reported by Popcon: 198774
 Bug Report URL: https://bugs.debian.org/799864

   dbad (#947550), requested 313 days ago
 Description: dnsmasq-based ad-blocking using pixelserv
 Bug Report URL: https://bugs.debian.org/947550

   debtags (#962579), requested 148 days ago
 Description: Debian Package Tags support tools
 Reverse Depends: packagesearch
 Installations reported by Popcon: 1623
 Bug Report URL: https://bugs.debian.org/962579

   dee (#831388), requested 1574 days ago
 Descripti

Bug#971924: ITP: ironseed -- science-fiction exploration/strategy adventure game in space

[Matija Nalis]

Package: wnpp
Followup-For: Bug #971924
Owner: Matija Nalis 


* Package name: ironseed
  Version : 0.2.5
  Upstream Author : Matija Nalis 
* URL : https://github.com/mnalis/ironseed_fpc
* License : GPLv3
  Programming Lang: Pascal
  Description : science-fiction exploration/strategy adventure game in space

 It was originally both developed and published by Channel 7 for DOS in 1994.
 Gameplay is real-time, featuring trading, diplomacy, and strategy, and
 somewhat resembles Star Control 2 / Ur-Quan masters.
 DOS sources have been changed to make it possible to compile it with the
 freepascal compiler under Linux and SDL, and many bugs were fixed.

Wikipedia entry: https://en.wikipedia.org/wiki/Iron_Seed

The DOS version of the game was originally released under GPLv3 on
http://ironseed.net by original developers,
ported to SDL by https://github.com/y-salnikov/ironseed_fpc
and further improved by
https://github.com/nukebloodaxe/ironseed_fpc
and finally many bugs fixed (and currently maintained upstream) by:
https://github.com/mnalis/ironseed_fpc (disclaimer: myself)

I've done basic Debian packaging in github repo above (and package now
cleanly builds and works in pdebuild in Buster), but after reading 
https://wiki.debian.org/DebianMentorsFaq#What.27s_wrong_with_upstream_shipping_a_debian.2F_directory.3F
I'll be removing Debian stuff from Github upstream, and recreating it at Debian 
as
this seems to be much prefered.

If anyone wants to give it a try and provide feedback, I'd be grateful!

I'll be updating this bug with progress as it happens.