From bitdealer at gmail.com Tue Jul 1 19:35:53 2008 From: bitdealer at gmail.com (Stephan Kleine) Date: Tue, 1 Jul 2008 19:35:53 +0200 Subject: [Openvas-distro] openvas-libraries 1.0.2 breaks openvas-libnasl on Fedora and Mandriva Message-ID: Hello, I updated today openvas-libraries to 1.0.2 and openvas-libnasl to 1.0.1 which broke the builds of openvas-libnasl on Fedora and Mandriva. The reason is that nothing provides libresolv.so.2(GLIBC_PRIVATE). The following are the build logs for Fedora 9 i586: openvas-libraries-1.0.1: http://rafb.net/p/wIUkWF45.html openvas-libraries-1.0.2: http://rafb.net/p/SKFd2B32.html Note the changed "Requires:" lines: Requires on openvas-libraries-1.0.1 (line 816): Requires: libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.2.3) libc.so.6(GLIBC_2.3) libopenvas.so.1 libopenvas_hg.so.1 rtld(GNU_HASH) Requires on openvas-libraries-1.0.2 (line 862): Requires: libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.2.3) libc.so.6(GLIBC_2.3) libgnutls.so.13 libgnutls.so.13(GNUTLS_1_3) libnsl.so.1 libopenvas.so.1 libopenvas_hg.so.1 libpcap.so.0.9 libresolv.so.2 libresolv.so.2(GLIBC_2.0) libresolv.so.2(GLIBC_2.2) libresolv.so.2(GLIBC_PRIVATE) libutil.so.1 rtld(GNU_HASH) So please get somehow rid of that "libresolv.so.2(GLIBC_PRIVATE)" requirement. Also there are a few things wrong with the nessus/OpenVAS-Client.desktop file in openvas-client-1.0.4: 1. please get rid of the "X-SuSE-translate=false" line. I know that we asked you to include it but it was a mistake. My apologies for the inconvenience. 2. the used category is "Security;System" which doesn't exist according to the free desktop standards (http://standards.freedesktop.org/menu-spec/menu-spec-1.0.html#category-registry). IMHO "Utility;Security;" makes for sense and is standard compliant. 3. the "Categories=..." line needs a trailing ";" As always the complete build logs can be seen at https://build.opensuse.org/project/monitor?project=home%3Abitshuffler%3Aopenvas and I'm happy to apply any suggested patches to fix the builds on Fedora & Mandriva as well as to make some willing one of you co maintainer. Best regards Stephan From timb at nth-dimension.org.uk Wed Jul 2 00:07:55 2008 From: timb at nth-dimension.org.uk (Tim Brown) Date: Tue, 1 Jul 2008 23:07:55 +0100 Subject: [Openvas-distro] openvas-libraries 1.0.2 breaks openvas-libnasl on Fedora and Mandriva In-Reply-To: References: Message-ID: <200807012307.55433.timb@nth-dimension.org.uk> On Tuesday 01 July 2008 18:35:53 Stephan Kleine wrote: > 1. please get rid of the "X-SuSE-translate=false" line. I know that we > asked you to include it but it was a mistake. My apologies for the > inconvenience. > > 2. the used category is "Security;System" which doesn't exist > according to the free desktop standards > (http://standards.freedesktop.org/menu-spec/menu-spec-1.0.html#category-reg >istry). IMHO "Utility;Security;" makes for sense and is standard compliant. > > 3. the "Categories=..." line needs a trailing ";" These fixes have been applied. Cheers, Tim -- Tim Brown From timb at nth-dimension.org.uk Wed Jul 2 00:24:51 2008 From: timb at nth-dimension.org.uk (Tim Brown) Date: Tue, 1 Jul 2008 23:24:51 +0100 Subject: [Openvas-distro] Debian packaging / sponsoring In-Reply-To: <200807011132.53444.jan-oliver.wagner@intevation.de> References: <200807011104.41793.waja@cyconet.org> <200807011132.53444.jan-oliver.wagner@intevation.de> Message-ID: <200807012324.51973.timb@nth-dimension.org.uk> On Tuesday 01 July 2008 10:32:48 Jan-Oliver Wagner wrote: > Hello, > > On Dienstag, 1. Juli 2008, Jan Wagner wrote: > > I saw you have troubles getting packages uploaded into Debian. Since I'm > > also interested into getting them in there and was talking about some > > packaging issues of your packages with my sponsor about, he signaled he > > is also interested as well. > > If you want, you can contact Daniel Baumann and ask for sponsoring your > > packages ... but be prepared to have strict checking of the packages, > > which may lead into several rejects (and hints how to solve issues) by > > Daniel. This may look bothering at first, but it teaches you to produce a > > higher quality of packages and may prevent rejection in the NEW queue, > > which was a problem some times in the past afaik. > > > > If you have problems or want help with openvas packaging, feel free to > > contact me too, I'll see what I can do. This sounds like a promising lead. I know Maulkin had promised to give me a hand sponsoring packages on jfs absence but he's a busy man too. What I propose to do is grab the latest tarballs for each module, apply any fixes I have locally (openvas-server springs to mind) commit the changes to SVN and then dpkg-buildpackage them for a dupload to mentors. Jan, did I notice you saying a few message back that you'd got a build of openvas-plugins for Debian or was that my imagination? If you do, perhaps it might be a good idea to get it committed to SVN, even if it's not perfect it will give me a point from which to start. FTR, the hold up right now is openvas-libnasl (which has had changes applied to hopefully meet with the FTP masters approval, but which jfs has not had time to submit). This doesn't need a rebuild or update as it's already the latest version of the library, so might be a good place for Daniel to take a first look. AFAIK the only problem that has prevented it being accepted so far is copyright issues resulting from the original Nessus tree. Tim -- Tim Brown From jan-oliver.wagner at intevation.de Wed Jul 2 09:13:08 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 2 Jul 2008 09:13:08 +0200 Subject: [Openvas-distro] openvas-libraries 1.0.2 breaks openvas-libnasl on Fedora and Mandriva In-Reply-To: References: Message-ID: <200807020913.11848.jan-oliver.wagner@intevation.de> Michael, On Dienstag, 1. Juli 2008, Stephan Kleine wrote: > I updated today openvas-libraries to 1.0.2 and openvas-libnasl to > 1.0.1 which broke the builds of openvas-libnasl on Fedora and > Mandriva. > > The reason is that nothing provides libresolv.so.2(GLIBC_PRIVATE). > > The following are the build logs for Fedora 9 i586: > openvas-libraries-1.0.1: http://rafb.net/p/wIUkWF45.html > openvas-libraries-1.0.2: http://rafb.net/p/SKFd2B32.html > > Note the changed "Requires:" lines: > > Requires on openvas-libraries-1.0.1 (line 816): > Requires: libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) > libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.2.3) > libc.so.6(GLIBC_2.3) libopenvas.so.1 libopenvas_hg.so.1 rtld(GNU_HASH) > > Requires on openvas-libraries-1.0.2 (line 862): > Requires: libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) > libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.2.3) > libc.so.6(GLIBC_2.3) libgnutls.so.13 libgnutls.so.13(GNUTLS_1_3) > libnsl.so.1 libopenvas.so.1 libopenvas_hg.so.1 libpcap.so.0.9 > libresolv.so.2 libresolv.so.2(GLIBC_2.0) libresolv.so.2(GLIBC_2.2) > libresolv.so.2(GLIBC_PRIVATE) libutil.so.1 rtld(GNU_HASH) > > So please get somehow rid of that "libresolv.so.2(GLIBC_PRIVATE)" requirement. can you look into this? Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Wed Jul 2 09:17:19 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 2 Jul 2008 09:17:19 +0200 Subject: [Openvas-distro] Debian packaging / sponsoring In-Reply-To: <200807012324.51973.timb@nth-dimension.org.uk> References: <200807011104.41793.waja@cyconet.org> <200807011132.53444.jan-oliver.wagner@intevation.de> <200807012324.51973.timb@nth-dimension.org.uk> Message-ID: <200807020917.22131.jan-oliver.wagner@intevation.de> On Mittwoch, 2. Juli 2008, Tim Brown wrote: > Jan, did I notice you saying a few message back that you'd got a build of > openvas-plugins for Debian or was that my imagination? ?If you do, perhaps it > might be a good idea to get it committed to SVN, even if it's not perfect it > will give me a point from which to start. Tim: does it make sense to give Jan SVN write access? Jan: Would you be willing to commit directly? Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From timb at nth-dimension.org.uk Wed Jul 2 09:29:47 2008 From: timb at nth-dimension.org.uk (Tim Brown) Date: Wed, 2 Jul 2008 08:29:47 +0100 Subject: [Openvas-distro] Debian packaging / sponsoring In-Reply-To: <200807020917.22131.jan-oliver.wagner@intevation.de> References: <200807011104.41793.waja@cyconet.org> <200807012324.51973.timb@nth-dimension.org.uk> <200807020917.22131.jan-oliver.wagner@intevation.de> Message-ID: <200807020829.47562.timb@nth-dimension.org.uk> On Wednesday 02 July 2008 08:17:19 Jan-Oliver Wagner wrote: > On Mittwoch, 2. Juli 2008, Tim Brown wrote: > > Jan, did I notice you saying a few message back that you'd got a build of > > openvas-plugins for Debian or was that my imagination? ?If you do, > > perhaps it might be a good idea to get it committed to SVN, even if it's > > not perfect it will give me a point from which to start. > > Tim: does it make sense to give Jan SVN write access? > Jan: Would you be willing to commit directly? The more the merrier from my perspective :) Tim -- Tim Brown From waja at cyconet.org Wed Jul 2 14:54:21 2008 From: waja at cyconet.org (Jan Wagner) Date: Wed, 2 Jul 2008 14:54:21 +0200 Subject: [Openvas-distro] Debian packaging / sponsoring In-Reply-To: <200807012324.51973.timb@nth-dimension.org.uk> References: <200807011104.41793.waja@cyconet.org> <200807011132.53444.jan-oliver.wagner@intevation.de> <200807012324.51973.timb@nth-dimension.org.uk> Message-ID: <200807021454.24037.waja@cyconet.org> Hi Tim, On Wednesday 02 July 2008 00:24, Tim Brown wrote: > This sounds like a promising lead. I know Maulkin had promised to give me > a hand sponsoring packages on jfs absence but he's a busy man too. What I > propose to do is grab the latest tarballs for each module, apply any fixes > I have locally (openvas-server springs to mind) commit the changes to SVN > and then dpkg-buildpackage them for a dupload to mentors. > > Jan, did I notice you saying a few message back that you'd got a build of > openvas-plugins for Debian or was that my imagination? If you do, perhaps > it might be a good idea to get it committed to SVN, even if it's not > perfect it will give me a point from which to start. you maybe noticed that I commited my patches just a couple of minutes ago. :) > FTR, the hold up right now is openvas-libnasl (which has had changes > applied to hopefully meet with the FTP masters approval, but which jfs has > not had time to submit). This doesn't need a rebuild or update as it's > already the latest version of the library, so might be a good place for > Daniel to take a first look. AFAIK the only problem that has prevented it > being accepted so far is copyright issues resulting from the original > Nessus tree. I think it might be a good idea that you prepare the package for a upload and then send a mail to Daniel providing the .dsc for reviewing and (maybe) uploading it. With kind regards, Jan. -- Never write mail to , you have been warned! -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ ------END GEEK CODE BLOCK------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-distro/attachments/20080702/0b9c2b03/attachment.pgp From michael.wiegand at intevation.de Fri Jul 4 12:09:27 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 4 Jul 2008 12:09:27 +0200 Subject: [Openvas-distro] openvas-libraries 1.0.2 breaks openvas-libnasl on Fedora and Mandriva In-Reply-To: References: Message-ID: <200807041209.27344.michael.wiegand@intevation.de> Am Dienstag, 1. Juli 2008 19:35:53 schrieb Stephan Kleine: > I updated today openvas-libraries to 1.0.2 and openvas-libnasl to > 1.0.1 which broke the builds of openvas-libnasl on Fedora and > Mandriva. > > The reason is that nothing provides libresolv.so.2(GLIBC_PRIVATE). > > So please get somehow rid of that "libresolv.so.2(GLIBC_PRIVATE)" > requirement. This issue should be fixed as of SVN revision 1021. Stephan, could you trying building this revision and let me know if it works? Thanks! Regards, Michael -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bitdealer at gmail.com Fri Jul 4 14:18:40 2008 From: bitdealer at gmail.com (Stephan Kleine) Date: Fri, 4 Jul 2008 14:18:40 +0200 Subject: [Openvas-distro] openvas-libraries 1.0.2 breaks openvas-libnasl on Fedora and Mandriva In-Reply-To: <200807041209.27344.michael.wiegand@intevation.de> References: <200807041209.27344.michael.wiegand@intevation.de> Message-ID: > This issue should be fixed as of SVN revision 1021. Stephan, could you trying > building this revision and let me know if it works? Thanks! I tried r1023 and with that one Fedora & Mandriva build just fine (Mandriva 2007 is still broken but this is nothing new (as in not cause of a wrong requirement)). Two more things: 1. Would it please be possible to distribute your releases as tar.bz2 instead of tar.gz? This would make the files smaller and prevent rpmlint from jumping right in my face every time I build one ;) 2. (perhaps more fitting for openvas-discussion but I'm to lazy to register there as well) I recently stumbled about OSSIM (http://www.ossim.net/) which stands for Open Source Security Information Management and basically uses various open source tools to present a comprehensive security overview. The reason why I'm telling you this is that one of the tools they integrate is Nessus and the OSSIM devs aren't happy with the change of the licensing terms of Nessus' plugin feed and therefore decided to create a free feed (http://www.alienvault.com/home.php?id=nessus_feed_announcement). So, perhaps you might want to contact them to coordinate your work / ensure that this feed is compatible with OpenVAS and to propose to them to replace Nessus with OpenVAS in OSSIM ;) best regards Stephan From jan-oliver.wagner at intevation.de Fri Jul 4 15:59:53 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Fri, 4 Jul 2008 15:59:53 +0200 Subject: [Openvas-distro] openvas-libraries 1.0.2 breaks openvas-libnasl on Fedora and Mandriva In-Reply-To: References: <200807041209.27344.michael.wiegand@intevation.de> Message-ID: <200807041559.54599.jan-oliver.wagner@intevation.de> On Freitag, 4. Juli 2008, Stephan Kleine wrote: > > This issue should be fixed as of SVN revision 1021. Stephan, could you trying > > building this revision and let me know if it works? Thanks! > > I tried r1023 and with that one Fedora & Mandriva build just fine good. > 1. Would it please be possible to distribute your releases as tar.bz2 > instead of tar.gz? This would make the files smaller and prevent > rpmlint from jumping right in my face every time I build one ;) I vaguely remember a problem with bz2's on some distribution platforms. Does anyone else remember more specifically? Perhaps it was from ancient times. Except for this I do not see a problem to switch to bz2. I am not really in favour to maintain both as it creates more overhead work. > 2. (perhaps more fitting for openvas-discussion but I'm to lazy to > register there as well) I recently stumbled about OSSIM > (http://www.ossim.net/) which stands for Open Source Security > Information Management and basically uses various open source tools to > present a comprehensive security overview. > > The reason why I'm telling you this is that one of the tools they > integrate is Nessus and the OSSIM devs aren't happy with the change of > the licensing terms of Nessus' plugin feed and therefore decided to > create a free feed > (http://www.alienvault.com/home.php?id=nessus_feed_announcement). > > So, perhaps you might want to contact them to coordinate your work / > ensure that this feed is compatible with OpenVAS and to propose to > them to replace Nessus with OpenVAS in OSSIM ;) AFAIKT, these guys are aware of OpenVAS. Are you involved in this project? Perhaps send a reminder on OpenVAS. Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From timb at nth-dimension.org.uk Sat Jul 5 17:13:31 2008 From: timb at nth-dimension.org.uk (Tim Brown) Date: Sat, 5 Jul 2008 16:13:31 +0100 Subject: [Openvas-distro] openvas-libraries 1.0.2 breaks openvas-libnasl on Fedora and Mandriva In-Reply-To: References: <200807041209.27344.michael.wiegand@intevation.de> Message-ID: <200807051613.31982.timb@nth-dimension.org.uk> On Friday 04 July 2008 13:18:40 Stephan Kleine wrote: > 2. (perhaps more fitting for openvas-discussion but I'm to lazy to > register there as well) I recently stumbled about OSSIM > (http://www.ossim.net/) which stands for Open Source Security > Information Management and basically uses various open source tools to > present a comprehensive security overview. > > The reason why I'm telling you this is that one of the tools they > integrate is Nessus and the OSSIM devs aren't happy with the change of > the licensing terms of Nessus' plugin feed and therefore decided to > create a free feed > (http://www.alienvault.com/home.php?id=nessus_feed_announcement). > > So, perhaps you might want to contact them to coordinate your work / > ensure that this feed is compatible with OpenVAS and to propose to > them to replace Nessus with OpenVAS in OSSIM ;) They've now been pinged :). Thanks for the hint Stephan. Tim -- Tim Brown From joey at infodrom.org Thu Jul 3 18:27:12 2008 From: joey at infodrom.org (Joey Schulze) Date: Thu, 03 Jul 2008 16:27:12 -0000 Subject: [Openvas-distro] openvas-libnasl_1.0.0-5_i386.changes REJECTED In-Reply-To: <200806301543.35178.jan-oliver.wagner@intevation.de> References: <200806241231.01544.waja@cyconet.org> <200806241209.01060.timb@nth-dimension.org.uk> <200806301543.35178.jan-oliver.wagner@intevation.de> Message-ID: <20080703162209.GA19763@finlandia.home.infodrom.org> Hmm, seems nobody answered yet... Jan-Oliver Wagner wrote: > On Dienstag, 24. Juni 2008, Tim Brown wrote: > > http://mentors.debian.net/debian/pool/main/o/openvas-libnasl/openvas-libnasl_1.0.0-6.dsc, > > the only hold up for this has been some toing and froing regarding > > debian/copyright, which hopefully I have now resolved. Just FYI, the policy version could be upgraded: W: openvas-libnasl source: ancient-standards-version 3.7.2 (current is 3.8.0) > so, the blocker is that we need a mentor to approve? > Perhaps Javier is on vacation or in other way too busy. ... and Tim is not a maintainer yet? > What do the Debian people usually do in such cases? Ask on debian-mentors at lists.debian.org for a sponsor. See Matt's FAQ for details: > Is there a procedure how to ask another mentor to > do the upload? "Just ask" > > Regarding openvas-server, there isn't actually a build on mentors ATM, as I > > still have a number of new lintian problems to resolve. Once I have these > > nailed I'll commit to trunk and build a package for mentors. > > The other Jan has done some work in the packages -server and -plugins. > This might help to speed up things. Have you had a look at it so far? If you want to speed up development, committing early may be helpful, so that potential supporters have access to the current source earlier. Regards, Joey -- GNU does not eliminate all the world's problems, only some of them. -- The GNU Manifesto Please always Cc to me when replying to me on the lists.