O: libsafe -- Protection against buffer overflow vulnerabilities

To: submit@bugs.debian.org, Ron Rademaker <ron@wep.tudelft.nl>
Cc: Matthias Klose <doko@cs.tu-berlin.de>, debian-devel@lists.debian.org
Subject: O: libsafe -- Protection against buffer overflow vulnerabilities
From: Martin Michlmayr <tbm@cyrius.com>
Date: Sun, 30 Dec 2001 21:58:19 +0100
Message-id: <[🔎] 20011230215819.A22963@fisch.cyrius.com>
In-reply-to: <[🔎] Pine.LNX.4.21.0112271416450.2065-100000@neo.rademaker.dhs.org>
References: <[🔎] 15403.6573.232115.816979@gargle.gargle.HOWL> <[🔎] Pine.LNX.4.21.0112271416450.2065-100000@neo.rademaker.dhs.org>

Package: wnpp
Severity: normal

The current maintainer of libsafe, Ron Rademaker <ron@wep.tudelft.nl>,
has orphaned this package.  If you want to be the new maintainer,
please take it -- retitle this bug from 'O:' to 'ITA:', fix the
outstanding bugs and upload a new version with your name in the
Maintainer: field and a

   * New maintainer (Closes: #thisbug)

in the changelog so this bug is closed.

Some information about this package:

Package: libsafe
Priority: optional
Section: libs
Installed-Size: 256
Maintainer: Ron Rademaker <ron@wep.tudelft.nl>
Architecture: i386
Version: 1.3-6
Depends: libc6 (>= 2.1.2), ldso (>= 1.8.5)
Suggests: ldso (>= 1.9.0), ld.so.preload-manager (>= 0.1)
Filename: pool/main/libs/libsafe/libsafe_1.3-6_i386.deb
Size: 147848
MD5sum: 5902ee9bca4d0d22b637a06f940e0ecc
Description: Protection against buffer overflow vulnerabilities
 Libsafe is a library that works with any pre-compiled executable and can be
 used transparently. Libsafe intercepts calls to functions known as
 vulnerable, libsafe uses a substitute version of the function that
 implements the same functionality, but makes sure any buffer overflows are
 contained within the current stack frame.

* Ron Rademaker <ron@wep.tudelft.nl> [20011227 14:17]:
> You're right that I haven't done anything about libsafe where I should
> have...
> 
> I guess the best thing to do right now is put libsafe up for adoption.

> On Thu, 27 Dec 2001, Matthias Klose wrote:
> 
> > Yotam Rubin writes:
> > > Greetings,
> > > 
> > > 	The last libsafe upload has been over a year ago. Since then, libsafe
> > > has accumulated a large number of bugs. The current Debian release doesn't
> > > seem to be very effective. I've packaged the latest libsafe and made it 
> > > available at: http://192.117.130.34/Fendor/debian/libsafe/
> > > Can someone NMU that? I've contacted the maintainer but received no reply.
> > > It's a shame that libsafe wouldn't be usable for Debian users.
> > 
> > - the upload isn't marked as a NMU
> > 
> > - the package does not build from source (calls ldconfig):
> > 
> > - the package does not build a -dev package. Correct?
> > 
> > - the package overwrites the old library? Correct, if it's an
> >   extension only. But then it needs to be marked in the shlibs file.
> >   Else you need to build a libsafe2 and libsafe-dev package.
> >   OTOH, no package depends on libsafe.
> > 
> > So it seems, we don't gain much to replace one buggy version with the
> > next buggy version.

> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
Martin Michlmayr
tbm@cyrius.com

Reply to:

Follow-Ups:
- Re: O: libsafe -- Protection against buffer overflow vulnerabilities
  - From: Shaul Karl <shaulka@bezeqint.net>

References:
- Re: Request to NMU libsafe
  - From: Matthias Klose <doko@cs.tu-berlin.de>
- Re: Request to NMU libsafe
  - From: Ron Rademaker <ron@wep.tudelft.nl>

Prev by Date: Bug 99208
Next by Date: Re: Preparing a Proposal: 3 DD needed for every NEW package
Previous by thread: Re: Request to NMU libsafe
Next by thread: Re: O: libsafe -- Protection against buffer overflow vulnerabilities
Index(es):
- Date
- Thread