Package: wnpp
Severity: wishlist
Owner: Robin Krahl
* Package name: difference
Version : 2.0.0
Upstream Author : Johann Hofmann
* URL : https://github.com/johannhof/difference.rs
* License : MIT
Programming Lang: Rust
Description : text diffing tool
di
The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.
Total number of orphaned packages: 1399 (new: 70)
Total number of packages offered up for adoption: 154 (new: 1)
Total number of packages reque
Package: wnpp
Severity: wishlist
Owner: Robin Krahl
* Package name: rusty-tags
Version : 3.3.0
Upstream Author : Daniel Trstenjak
* URL : https://github.com/dan-t/rusty-tags
* License : BSD-3-Clause
Programming Lang: Rust
Description : generate tags for
On 2019-01-24 15:18:40 +, Ian Jackson wrote:
> Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> > The right answer is to fix the behaviour to be secure and sane by
> > default. We can arrange for an environment variable for people who
> > want to turn the crazy back on.
>
> To
Package: wnpp
Severity: wishlist
Owner: Antoine Beaupré
* Package name: golang-github-ivpusic-grpool
Version : 0.0~git20170804.28957a2-1
Upstream Author : Ivan Pusic
* URL : https://github.com/ivpusic/grpool
* License : MIT
Programming Lang: Go
Description
Package: wnpp
Severity: wishlist
Owner: Antoine Beaupré
* Package name: golang-github-intel-tfortools
Version : 0.2.0+git20180102.ec3334c-1
Upstream Author : Intel Corporation
* URL : https://github.com/intel/tfortools
* License : Apache-2.0
Programming Lang:
Package: wnpp
Severity: wishlist
Owner: Antoine Beaupré
* Package name: golang-github-keltia-archive
Version : 0.3.3-1
Upstream Author : Ollivier Robert
* URL : https://github.com/keltia/archive
* License : BSD-3-clause
Programming Lang: Go
Description
Package: wnpp
Severity: wishlist
Owner: Antoine Beaupré
* Package name: golang-github-proglottis-gpgme
Version : 0.0~git20181127.3b0be09-1
Upstream Author : James Fargher
* URL : https://github.com/proglottis/gpgme
* License : BSD-3-clause
Programming Lang: G
Package: wnpp
Severity: wishlist
Owner: Antoine Beaupre
* Package name: dmarc-cat
Version : 0.9.1
Upstream Author : Ollivier Robert
* URL : https://github.com/keltia/dmarc-cat/
* License : BSD-2-clause
Programming Lang: Golang
Description : decode the
On Thu, 2019-01-24 at 21:08:00 +, Niels Thykier wrote:
> Ian Jackson:
> > I asked codesearch about
> >while.*\<\>
> > and got 10780 results.
>
> I had a similar thought but tried a slightly more complex pattern:
>
> (while\s*|for(each)?\s*(my)?\s*\$.*)\(.*<>\s*\)
>
> The pattern also
Ian Jackson:
> Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
>> Even if we care only about scripts which are part of Debian, rather
>> than scripts which people merely expect to run on Debian (and where
>> they trust Debian to not blow their leg off), there will probably be
>> many
Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> Even if we care only about scripts which are part of Debian, rather
> than scripts which people merely expect to run on Debian (and where
> they trust Debian to not blow their leg off), there will probably be
> many thousands.
I asked
Mark Fowler writes ("Re: Potentially insecure Perl scripts"):
> Wouldn't a less drastic approach be to change the vulnerable scripts to use
> <<>> instead of <>?
That is surely a much more drastic change. It would invoke changing
probably literally millions of scripts.
Even if we care only about
On Thu, Jan 24, 2019 at 02:49:29PM -0500, Mark Fowler wrote:
> On Thu, Jan 24, 2019 at 10:18 AM Ian Jackson <
> ijack...@chiark.greenend.org.uk> wrote:
> > To the Debian Perl maintainers: if I make a patch to make
> > -p -n <>
> > use the 3-argument form of open (or equivalent), will you apply it
On Thu, Jan 24, 2019 at 03:18:40PM +, Ian Jackson wrote:
> To the Debian Perl maintainers: [...]
> To the Debian security team: [...]
I've read the whole thread and am surprised "talking to upstream" (and
fixing the issue there as well) hasn't really been on the table. :/ Did I
miss that?
--
On Thu, Jan 24, 2019 at 10:18 AM Ian Jackson <
ijack...@chiark.greenend.org.uk> wrote:
> To the Debian Perl maintainers: if I make a patch to make
> -p -n <>
> use the 3-argument form of open (or equivalent), will you apply it ?
>
> To the Debian security team: would you ship it in a security up
Package: wnpp
Severity: wishlist
Owner: Ralf Treinen
* Package name: morsmall
Version : 0.1
Upstream Author : Yann Régis-Gianas, Nicolas Jeannerod, Ralf Treinen
* URL : https://github.com/colis-anr/morsmall
* License : GPL3
Programming Lang: OCaml
Descripti
Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> The right answer is to fix the behaviour to be secure and sane by
> default. We can arrange for an environment variable for people who
> want to turn the crazy back on.
To the Debian Perl maintainers: if I make a patch to make
-p -
Guillem Jover writes ("Re: Potentially insecure Perl scripts"):
> Part of the problem might also be that perlcritic recommands this in its
> InputOutput::ProhibitExplicitStdin policy, you can see the description
> with «perlcritic --doc InputOutput::ProhibitExplicitStdin».
>
> For dpkg, for exampl
On 2019-01-24 11:18:06 +0100, Adam Borowski wrote:
> On Thu, Jan 24, 2019 at 04:41:29AM +, Ben Hutchings wrote:
> > On Wed, 2019-01-23 at 09:07 -0800, Russ Allbery wrote:
> > > Ian Jackson writes:
> > > > Apparently this has been klnown about for EIGHTEEN YEARS
> > > > https://rt.perl.org/Pu
On 2019-01-24 09:46:56 +0100, Ansgar wrote:
> But "<>" isn't the only problem, there are way too many uses of the
> two-argument form of Perl's "open" too...
Perhaps, but at least "open" had correctly been documented since the
beginning, and I quickly learnt to preprend "<" to the filename in
the
On 2019-01-24 11:12:43 +0100, Alex Mestiashvili wrote:
> On 1/24/19 2:40 AM, Vincent Lefevre wrote:
> But I disagree that a language can be considered insecure, just because
Note: just a feature, not the language itself.
> it lets you shoot in the foot.
> The first thing I learned when doing CGI
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: pkg-js-autopkgtest
Version : 0.1
Upstream Author : Xavier Guimard
* URL : https://salsa.debian.org/js-team/pkg-js-autopkgtest
* License : GPL2+
Programming Lang: Shell
Description :
Hi!
On Wed, 2019-01-23 at 14:05:54 +0100, Vincent Lefevre wrote:
> I've just reported
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269
>
> against gropdf (also reported upstream to bug-groff), about the use of
> the insecure null filehandle "<>" in Perl, which can lead to arbitrary
On Thu, Jan 24, 2019 at 04:41:29AM +, Ben Hutchings wrote:
> On Wed, 2019-01-23 at 09:07 -0800, Russ Allbery wrote:
> > Ian Jackson writes:
> > > Apparently this has been klnown about for EIGHTEEN YEARS
> > > https://rt.perl.org/Public/Bug/Display.html?id=2783
> > > and no-one has fixed it o
On 1/24/19 2:40 AM, Vincent Lefevre wrote:
> On 2019-01-23 17:23:10 +0100, Alex Mestiashvili wrote:
>> On 1/23/19 4:44 PM, Vincent Lefevre wrote:
>>> On 2019-01-23 15:32:00 +, Ian Jackson wrote:
This is completely mad and IMO the bug is in perl, not in all of the
millions of perl scri
Hi Marek,
Quoting Marek Mosiewicz (2019-01-24 09:49:35)
> I have been trying to have good looking fonts in Debian. What I found
> it seems that Firefox ignores dpkg-reconfigure fontconfig-config.
>
> It is not case for Chromium. After playing with native/autohinting
> configuration it seems tha
Hello,
I have been trying to have good looking fonts in Debian. What I found
it seems that Firefox ignores dpkg-reconfigure fontconfig-config.
It is not case for Chromium. After playing with native/autohinting
configuration it seems that it is difficult to have all apps looking
good, because some
Russ Allbery writes:
> Ben Hutchings writes:
>> People have said this about ASLR, protected symlinks, and many other
>> kinds of security hardening changes. We made them anyway and took the
>> temporary pain for a long-term security gain.
>
> Well, Perl has a deprecation mechanism with warnings an
29 matches
Mail list logo
