nmap remote HEAD refers to nonexistent ref

Samuel Henrique samueloph at gmail.com
Sun Nov 13 17:00:36 UTC 2016 

* Hilko Bengen:

> As i don't want to start pushing without your ack, I just created a
> > new branch debian/samuel with my changes, so you can have a look at
> > them before i commit to debian/master, i appreciate any feedback.
>
> I don't quite see the point in fuzzing around with debian/changelog
> before actually preparing an upload
> (c36804cf7e02e90361901e718c95efe4ed87d5d3), the other changes look good
> to me.
>
> You may want to collapse related changes such as the bump to DH 10
> (f175818f6f05e89a0e9a1a1ad6a5477d0c4b43f9) and removal of --parallel
> (f74d5ced73d1647b7bf16cb3c7734aad2b720e6f) into one commit.


Done, pushed to debian/master and deleted debian/samuel.
The thing with d/changelog is a bad practice i was doing while packaging
with git, that became pretty clear since the first rebase conflict i've got
on d/changelog :).
>From now on, i'll update changelog separately.

* Gianfranco:

>You may want to collapse related changes such as the bump to DH 10
> >(f175818f6f05e89a0e9a1a1ad6a5477d0c4b43f9) and removal of --parallel
> >(f74d5ced73d1647b7bf16cb3c7734aad2b720e6f) into one commit.
>
>
> can you please also drop dh-autoreconf from build-dependencies?
> debhelper 10 runs it by default, for this reason it already have an
> explicit dependency
> on it
> https://packages.debian.org/unstable/debhelper


Done, thanks for pointing that out.
You may have noticed that i used my key to sign the changelog instead of
yours, because you're not an uploader and them we would have to a Team
Upload. I don't know if you're planning to add yourself as an uploader, if
so, please feel free to go ahead.

* All:

I started doing some bug triage, already closed 2 bugs on BTS and a few of
them on Launchpad.

There are still a lot of lintians to take care of in order to get a nice
packaging, though, most of them looks like an upstream problem with
autogenerated files: manpages and .desktop file. We should probably patch
them and send upstream.

If anyone is planning to help, i think the most important problems are
these ones:

W: nmap-dbgsym: debug-file-with-no-debug-symbols
> usr/lib/debug/.build-id/3a/38e7101667fa48176801e2dfa6764aa4f6b397.debug
> W: nmap-dbgsym: debug-file-with-no-debug-symbols
> usr/lib/debug/.build-id/8a/99c26fb602336b1ae73c3a57e605f58e8c61f9.debug
> W: nmap-dbgsym: debug-file-with-no-debug-symbols
> usr/lib/debug/.build-id/c1/53135488ace5425d9b4d78ef75d7e6b2decf9d.debug
>

​I didn't have time to look further into this, i hope this to be a
false-positive, as at a first glance it looks like we're using the -g flag.

​CXXFLAGS missing (-fPIE): g++ -c -I../libdnet-stripped/include -Wdate-time
> -D_FORTIFY_SOURCE=2 -I../nbase -I../nsock/include -g -O2
> -fdebug-prefix-map=/home/tmp/nmap-7.31=. -fstack-protector-strong -Wformat
> -Werror=format-security -Wall  -fno-strict-aliasing   -DHAVE_CONFIG_H
> -DNPING_NAME=\"Nping\" -DNPING_URL=\"https://nmap.org/nping\"
> -DNPING_PLATFORM=\"x86_64-pc-linux-gnu\" -D_FORTIFY_SOURCE=2 EchoHeader.cc
> -o EchoHeader.o
>

​"blhc --all" reports we're not using the -fPIE flag, i still didn't check
why and if we will have problems using it.

P: nmap source: no-dep5-copyright
>

Probably the least important of all, but it'd be nice to have nmap being
dep5 compliant, especially considering the importance of the package.
​

Samuel Henrique <samueloph>
​​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20161113/27d7986e/attachment.html>

More information about the Pkg-security-team mailing list