Bug#127087: marked as done (ITA: libsafe -- Protection against buffer overflow vulnerabilities)

To: David Coe <davidc@debian.org>
Cc: wnpp@debian.org
Subject: Bug#127087: marked as done (ITA: libsafe -- Protection against buffer overflow vulnerabilities)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 05 Jan 2002 14:19:18 -0600
Message-id: <[🔎] handler.127087.D127087.101026133010065.ackdone@bugs.debian.org>
In-reply-to: <E16Mx0k-00021K-00@auric.debian.org>
References: <E16Mx0k-00021K-00@auric.debian.org> <20011230215819.A22963@fisch.cyrius.com>

Your message dated Sat, 05 Jan 2002 15:01:46 -0500
with message-id <E16Mx0k-00021K-00@auric.debian.org>
and subject line Bug#127087: fixed in libsafe 2.0-9-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 30 Dec 2001 20:58:24 +0000
>From tbm@cyrius.com Sun Dec 30 14:58:24 2001
Return-path: <tbm@cyrius.com>
Received: from gtso-c3477b5b.dsl.mediaways.net (mail.frosty-geek.net) [195.71.123.91] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 16Kn2G-0005wG-00; Sun, 30 Dec 2001 14:58:24 -0600
Received: from nautilus.noreply.org (unknown [138.232.34.77])
	by mail.frosty-geek.net (Postfix) with ESMTP
	id 32A7146C197; Sun, 30 Dec 2001 21:58:21 +0100 (CET)
Received: by nautilus.noreply.org (Postfix, from userid 10)
	id A25FF357C4; Sun, 30 Dec 2001 21:58:20 +0100 (CET)
Received: by fisch.cyrius.com (Postfix, from userid 1000)
	id 0F2EE22940; Sun, 30 Dec 2001 21:58:19 +0100 (CET)
Date: Sun, 30 Dec 2001 21:58:19 +0100
From: Martin Michlmayr <tbm@cyrius.com>
To: submit@bugs.debian.org, Ron Rademaker <ron@wep.tudelft.nl>
Cc: Matthias Klose <doko@cs.tu-berlin.de>,
	debian-devel@lists.debian.org
Subject: O: libsafe -- Protection against buffer overflow vulnerabilities
Message-ID: <20011230215819.A22963@fisch.cyrius.com>
References: <15403.6573.232115.816979@gargle.gargle.HOWL> <Pine.LNX.4.21.0112271416450.2065-100000@neo.rademaker.dhs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.21.0112271416450.2065-100000@neo.rademaker.dhs.org>
User-Agent: Mutt/1.3.22i
Delivered-To: submit@bugs.debian.org

Package: wnpp
Severity: normal

The current maintainer of libsafe, Ron Rademaker <ron@wep.tudelft.nl>,
has orphaned this package.  If you want to be the new maintainer,
please take it -- retitle this bug from 'O:' to 'ITA:', fix the
outstanding bugs and upload a new version with your name in the
Maintainer: field and a

   * New maintainer (Closes: #thisbug)

in the changelog so this bug is closed.


Some information about this package:

Package: libsafe
Priority: optional
Section: libs
Installed-Size: 256
Maintainer: Ron Rademaker <ron@wep.tudelft.nl>
Architecture: i386
Version: 1.3-6
Depends: libc6 (>= 2.1.2), ldso (>= 1.8.5)
Suggests: ldso (>= 1.9.0), ld.so.preload-manager (>= 0.1)
Filename: pool/main/libs/libsafe/libsafe_1.3-6_i386.deb
Size: 147848
MD5sum: 5902ee9bca4d0d22b637a06f940e0ecc
Description: Protection against buffer overflow vulnerabilities
 Libsafe is a library that works with any pre-compiled executable and can be
 used transparently. Libsafe intercepts calls to functions known as
 vulnerable, libsafe uses a substitute version of the function that
 implements the same functionality, but makes sure any buffer overflows are
 contained within the current stack frame.



* Ron Rademaker <ron@wep.tudelft.nl> [20011227 14:17]:
> You're right that I haven't done anything about libsafe where I should
> have...
> 
> I guess the best thing to do right now is put libsafe up for adoption.

> On Thu, 27 Dec 2001, Matthias Klose wrote:
> 
> > Yotam Rubin writes:
> > > Greetings,
> > > 
> > > 	The last libsafe upload has been over a year ago. Since then, libsafe
> > > has accumulated a large number of bugs. The current Debian release doesn't
> > > seem to be very effective. I've packaged the latest libsafe and made it 
> > > available at: http://192.117.130.34/Fendor/debian/libsafe/
> > > Can someone NMU that? I've contacted the maintainer but received no reply.
> > > It's a shame that libsafe wouldn't be usable for Debian users.
> > 
> > - the upload isn't marked as a NMU
> > 
> > - the package does not build from source (calls ldconfig):
> > 
> > - the package does not build a -dev package. Correct?
> > 
> > - the package overwrites the old library? Correct, if it's an
> >   extension only. But then it needs to be marked in the shlibs file.
> >   Else you need to build a libsafe2 and libsafe-dev package.
> >   OTOH, no package depends on libsafe.
> > 
> > So it seems, we don't gain much to replace one buggy version with the
> > next buggy version.

> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
Martin Michlmayr
tbm@cyrius.com

---------------------------------------
Received: (at 127087-close) by bugs.debian.org; 5 Jan 2002 20:08:50 +0000
>From troup@auric.debian.org Sat Jan 05 14:08:50 2002
Return-path: <troup@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 16Mx7Z-0002cE-00; Sat, 05 Jan 2002 14:08:49 -0600
Received: from troup by auric.debian.org with local (Exim 3.12 1 (Debian))
	id 16Mx0k-00021K-00; Sat, 05 Jan 2002 15:01:46 -0500
From: David Coe <davidc@debian.org>
To: 127087-close@bugs.debian.org
X-Katie: $Revision: 1.66 $
Subject: Bug#127087: fixed in libsafe 2.0-9-2
Message-Id: <E16Mx0k-00021K-00@auric.debian.org>
Sender: James Troup <troup@auric.debian.org>
Date: Sat, 05 Jan 2002 15:01:46 -0500
Delivered-To: 127087-close@bugs.debian.org

We believe that the bug you reported is fixed in the latest version of
libsafe, which has been installed in the Debian FTP archive:

libsafe_2.0-9-2.diff.gz
  to pool/main/libs/libsafe/libsafe_2.0-9-2.diff.gz
libsafe_2.0-9-2.dsc
  to pool/main/libs/libsafe/libsafe_2.0-9-2.dsc
libsafe_2.0-9-2_i386.deb
  to pool/main/libs/libsafe/libsafe_2.0-9-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 127087@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Coe <davidc@debian.org> (supplier of updated libsafe package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  5 Jan 2002 00:18:58 -0500
Source: libsafe
Binary: libsafe
Architecture: source i386
Version: 2.0-9-2
Distribution: unstable
Urgency: low
Maintainer: David Coe <davidc@debian.org>
Changed-By: David Coe <davidc@debian.org>
Description: 
 libsafe    - Protection against buffer overflow vulnerabilities
Closes: 127087 127472
Changes: 
 libsafe (2.0-9-2) unstable; urgency=low
 .
   * new maintainer.
     Closes: #127087: ITA: libsafe
   * applied patch from Gerhard Tonn <GerhardTonn@swol.de>.
     Closes: #127472: does not build from source on powerpc and s390
   * added suppport for DEB_BUILD_OPTIONS.
   * corrected copyright text (Gnu Library -> Lesser, 2 -> 2.1) and
     upstream source location.
   * changed the 'libsafe' wrapper to exit with the wrapped program's
     exit status rather than 0.
   * chmod the exploit examples to 700 to help prevent local abuse.
   * removed custom postinst: everything it was doing was also being
     generated by debhelper (thanks, lintian).
   * improved prerm: exit with status 1 if an error is encountered,
     don't force exit 0 at the bottom (i.e. don't ignore debhelper-
     generated mistakes, should such a thing ever occur).
Files: 
 8d7fb3ecb6be7ede45be72de76f18450 605 libs optional libsafe_2.0-9-2.dsc
 c9a05e47e10ed5392f131da41486f545 8273 libs optional libsafe_2.0-9-2.diff.gz
 2d60874f9428da80a9411a950e6e853f 31712 libs optional libsafe_2.0-9-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8NpHusPfoxg/MJ8YRAkQxAKDI6KfiF6oKud3bwIgJMLbyaMxVrQCfQgcq
ls2Td/gP6ihPLwAyANe0Bpg=
=ETfm
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#127702: marked as done (ITA: libmng1 -- Multiple-image Network Graphics library)
Next by Date: Bug#117507: marked as done (ITP: libglibwww1 -- glibwww is a gnome addition to libwww0|libwww-ssl0)
Previous by thread: Bug#127028: marked as done (ITA: gtop -- Graphical TOP variant)
Next by thread: Bug#117507: marked as done (ITP: libglibwww1 -- glibwww is a gnome addition to libwww0|libwww-ssl0)
Index(es):
- Date
- Thread