packaging guidelines again
Reindl Harald
h.reindl at thelounge.net
Mon Oct 21 23:06:26 UTC 2013
Am 13.10.2013 22:04, schrieb Till Maas:
> On Mon, Sep 16, 2013 at 12:15:02PM +0200, Reindl Harald wrote:
>> i get somehow tired to report bugs for several packages,
>> refresh them at each release because maintainers
>> ignore guidelines all the time
>>
>> some of them responded and fixed their packages
>> some insist to ignore them
>
> thank you for your work. Can you please add pointers to the respective
> bug reports so that this can be escalated to FESCo?
>
>> [root at srv-rhsoft:~]$ checksec --proc-all | grep "No PIE"
>> X 21342 Partial RELRO Canary found NX enabled No PIE
>> login 26045 Partial RELRO Canary found NX enabled No PIE
>> alsactl 642 Partial RELRO Canary found NX enabled No PIE
>> mdadm 651 Partial RELRO Canary found NX enabled No PIE
>> upowerd 704 Partial RELRO Canary found NX enabled No PIE
>> avahi-daemon 705 Partial RELRO Canary found NX enabled No PIE
>> rtkit-daemon 718 Partial RELRO Canary found NX enabled No PIE
>> pulseaudio 869 Full RELRO Canary found NX enabled No PIE
>>
>
> Also it would be nice if you ask FESCo to update the list at
> https://fedoraproject.org/wiki/Hardened_Packages
> to include the packages you noticed are missing there
sorry for late answer, i was on the openssl party, but as "excuse"
some more security relevant bugsreports below
https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108
https://bugzilla.redhat.com/show_bug.cgi?id=1019390#c3
_____________________________________
here we go again for herdening issues
X:
https://bugzilla.redhat.com/show_bug.cgi?id=983604
login:
https://bugzilla.redhat.com/show_bug.cgi?id=984181
alsactl:
https://bugzilla.redhat.com/show_bug.cgi?id=1008385
mdadm:
https://bugzilla.redhat.com/show_bug.cgi?id=983615
upowerd:
https://bugzilla.redhat.com/show_bug.cgi?id=1008400
avahi-daemon:
unable to find my bugreport, pretty sure a made one
rtkit:
https://bugzilla.redhat.com/show_bug.cgi?id=996735
pulseaudio:
https://bugzilla.redhat.com/show_bug.cgi?id=983606
policykit:
https://bugzilla.redhat.com/show_bug.cgi?id=983623
perl:
https://bugzilla.redhat.com/show_bug.cgi?id=984185
mailgraph (perl, long running, root):
https://bugzilla.redhat.com/show_bug.cgi?id=990052
smokeping (perl, long running, root):
https://bugzilla.redhat.com/show_bug.cgi?id=990055
gpsd:
https://bugzilla.redhat.com/show_bug.cgi?id=1000643
firefox:
https://bugzilla.redhat.com/show_bug.cgi?id=973458
_____________________________________
in fact "Your package accepts/processes untrusted input" raises
again the question why not herden the complete distribution since
Browsers, PDF readers, office suites, imageviewers and so on all
are processing untrusted input at the end of the day
please keep also in mind that this is only a small subset
of processes running on my KDE homeserver while no graphical
login is active listed in a ssh-session
in fact there are *a lot* of more processes which can be considered
as "long running" after login in the GUI and on always-on machines
the KDE session is running for days
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131022/5e37489e/attachment.sig>
More information about the devel
mailing list