Bug#127087: O: libsafe -- Protection against buffer overflow vulnerabilities
The current maintainer of libsafe, Ron Rademaker <email@example.com>,
has orphaned this package. If you want to be the new maintainer,
please take it -- retitle this bug from 'O:' to 'ITA:', fix the
outstanding bugs and upload a new version with your name in the
Maintainer: field and a
* New maintainer (Closes: #thisbug)
in the changelog so this bug is closed.
Some information about this package:
Maintainer: Ron Rademaker <firstname.lastname@example.org>
Depends: libc6 (>= 2.1.2), ldso (>= 1.8.5)
Suggests: ldso (>= 1.9.0), ld.so.preload-manager (>= 0.1)
Description: Protection against buffer overflow vulnerabilities
Libsafe is a library that works with any pre-compiled executable and can be
used transparently. Libsafe intercepts calls to functions known as
vulnerable, libsafe uses a substitute version of the function that
implements the same functionality, but makes sure any buffer overflows are
contained within the current stack frame.
* Ron Rademaker <email@example.com> [20011227 14:17]:
> You're right that I haven't done anything about libsafe where I should
> I guess the best thing to do right now is put libsafe up for adoption.
> On Thu, 27 Dec 2001, Matthias Klose wrote:
> > Yotam Rubin writes:
> > > Greetings,
> > >
> > > The last libsafe upload has been over a year ago. Since then, libsafe
> > > has accumulated a large number of bugs. The current Debian release doesn't
> > > seem to be very effective. I've packaged the latest libsafe and made it
> > > available at: http://184.108.40.206/Fendor/debian/libsafe/
> > > Can someone NMU that? I've contacted the maintainer but received no reply.
> > > It's a shame that libsafe wouldn't be usable for Debian users.
> > - the upload isn't marked as a NMU
> > - the package does not build from source (calls ldconfig):
> > - the package does not build a -dev package. Correct?
> > - the package overwrites the old library? Correct, if it's an
> > extension only. But then it needs to be marked in the shlibs file.
> > Else you need to build a libsafe2 and libsafe-dev package.
> > OTOH, no package depends on libsafe.
> > So it seems, we don't gain much to replace one buggy version with the
> > next buggy version.
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com