Debian Bug report logs - #509063
ITP: libproxy -- automatic proxy configuration management library

version graph

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Emilio Pozuelo Monfort <pochu@ubuntu.com>

Date: Thu, 18 Dec 2008 00:27:02 UTC

Owned by: Emilio Pozuelo Monfort <pochu@ubuntu.com>

Severity: wishlist

Fixed in version libproxy/0.2.3-1

Done: Emilio Pozuelo Monfort <pochu@ubuntu.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, pochu@ubuntu.com, debian-devel@lists.debian.org, <wnpp@debian.org>:
Bug#509063; Package wnpp. (Thu, 18 Dec 2008 00:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Emilio Pozuelo Monfort <pochu@ubuntu.com>:
New Bug report received and forwarded. Copy sent to pochu@ubuntu.com, debian-devel@lists.debian.org, <wnpp@debian.org>. (Thu, 18 Dec 2008 00:27:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Emilio Pozuelo Monfort <pochu@ubuntu.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ITP: libproxy -- automatic proxy configuration management library
Date: Thu, 18 Dec 2008 01:25:49 +0100
Package: wnpp
Severity: wishlist
Owner: Emilio Pozuelo Monfort <pochu@ubuntu.com>


* Package name    : libproxy
  Version         : 0.2.3
  Upstream Author : Nathaniel McCallum <nathaniel@natemccallum.com>
                    Alex Panait        <kippled@gmail.com>
* URL             : http://code.google.com/p/libproxy/
* License         : LGPL
  Programming Lang: C
  Description     : automatic proxy configuration management library

 libproxy is a lightweight library which makes it easy to develop
 applications proxy-aware with a simple and stable API.


-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Emilio Pozuelo Monfort <pochu@ubuntu.com>:
Bug#509063; Package wnpp. (Thu, 18 Dec 2008 08:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Emilio Pozuelo Monfort <pochu@ubuntu.com>. (Thu, 18 Dec 2008 08:33:02 GMT) Full text and rfc822 format available.

Message #10 received at 509063@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Emilio Pozuelo Monfort <pochu@ubuntu.com>
Cc: 509063@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#509063: ITP: libproxy -- automatic proxy configuration management library
Date: Thu, 18 Dec 2008 09:30:21 +0100
* Emilio Pozuelo Monfort:

>   Description     : automatic proxy configuration management library
>
>  libproxy is a lightweight library which makes it easy to develop
>  applications proxy-aware with a simple and stable API.

WPAD is a broken protocol with security issues inherent to the DNS
devolution mechanism (which is also performed by libproxy).  Please
don't add implementations to the Debian archive.




Tags added: pending Request was from Anibal Monsalve Salazar <anibal@debian.org> to control@bugs.debian.org. (Tue, 03 Mar 2009 07:06:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>, Emilio Pozuelo Monfort <pochu@ubuntu.com>:
Bug#509063; Package wnpp. (Tue, 24 Mar 2009 00:42:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Rottmann <a.rottmann@gmx.at>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>, Emilio Pozuelo Monfort <pochu@ubuntu.com>. (Tue, 24 Mar 2009 00:42:02 GMT) Full text and rfc822 format available.

Message #17 received at 509063@bugs.debian.org (full text, mbox):

From: Andreas Rottmann <a.rottmann@gmx.at>
To: 509063@bugs.debian.org, debian-devel@lists.debian.org, Florian Weimer <fw@deneb.enyo.de>
Subject: Upstream bug about WPAD security issues
Date: Tue, 24 Mar 2009 01:39:50 +0100
As I discovered that libsoup SVN trunk has libproxy as an optional build
dependency, I stumbled upon this ITP, and found out that upstream has
been made aware of this issue:

http://code.google.com/p/libproxy/issues/detail?id=21

Based on that bug, I assume that a future release release will offer
Debian these options:

1) Don't ship the offending plugin at all in a/the binary package, or
2) disable the use of the plugin via the default config file

I think admins should be free (and in general are, FWIW ;-)) to shoot
themselves and the users of the boxes they administer in the proverbial
foot, so I'd suggest going with (2).

However, I agree that until this "feature" can be reliably and
mandatorily disabled by the admin (and is disabled by a stock Debian
install), this package should not enter Debian.

Regards, Rotty




Information forwarded to debian-bugs-dist@lists.debian.org, <wnpp@debian.org>:
Bug#509063; Package wnpp. (Tue, 24 Mar 2009 09:33:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Emilio Pozuelo Monfort <pochu@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to <wnpp@debian.org>. (Tue, 24 Mar 2009 09:33:13 GMT) Full text and rfc822 format available.

Message #22 received at 509063@bugs.debian.org (full text, mbox):

From: Emilio Pozuelo Monfort <pochu@ubuntu.com>
To: Andreas Rottmann <a.rottmann@gmx.at>, 509063@bugs.debian.org
Cc: debian-devel@lists.debian.org, Florian Weimer <fw@deneb.enyo.de>
Subject: Re: Bug#509063: Upstream bug about WPAD security issues
Date: Tue, 24 Mar 2009 10:26:09 +0100
[Message part 1 (text/plain, inline)]
Andreas Rottmann wrote:
> As I discovered that libsoup SVN trunk has libproxy as an optional build
> dependency, I stumbled upon this ITP, and found out that upstream has
> been made aware of this issue:
> 
> http://code.google.com/p/libproxy/issues/detail?id=21
> 
> Based on that bug, I assume that a future release release will offer
> Debian these options:
> 
> 1) Don't ship the offending plugin at all in a/the binary package, or
> 2) disable the use of the plugin via the default config file
> 
> I think admins should be free (and in general are, FWIW ;-)) to shoot
> themselves and the users of the boxes they administer in the proverbial
> foot, so I'd suggest going with (2).
> 
> However, I agree that until this "feature" can be reliably and
> mandatorily disabled by the admin (and is disabled by a stock Debian
> install), this package should not enter Debian.

The package is already in NEW with WPAD fallback disabled, see

http://svn.debian.org/viewsvn/pkg-gnome/packages/unstable/libproxy/debian/patches/50_px-wpad-fallback-env-var.patch?rev=18581&view=auto

Emilio

[signature.asc (application/pgp-signature, attachment)]

Reply sent to Emilio Pozuelo Monfort <pochu@ubuntu.com>:
You have taken responsibility. (Fri, 24 Apr 2009 22:42:02 GMT) Full text and rfc822 format available.

Notification sent to Emilio Pozuelo Monfort <pochu@ubuntu.com>:
Bug acknowledged by developer. (Fri, 24 Apr 2009 22:42:02 GMT) Full text and rfc822 format available.

Message #27 received at 509063-close@bugs.debian.org (full text, mbox):

From: Emilio Pozuelo Monfort <pochu@ubuntu.com>
To: 509063-close@bugs.debian.org
Subject: Bug#509063: fixed in libproxy 0.2.3-1
Date: Fri, 24 Apr 2009 22:15:03 +0000
Source: libproxy
Source-Version: 0.2.3-1

We believe that the bug you reported is fixed in the latest version of
libproxy, which is due to be installed in the Debian FTP archive:

libproxy-dev_0.2.3-1_i386.deb
  to pool/main/libp/libproxy/libproxy-dev_0.2.3-1_i386.deb
libproxy-tools_0.2.3-1_i386.deb
  to pool/main/libp/libproxy/libproxy-tools_0.2.3-1_i386.deb
libproxy0_0.2.3-1_i386.deb
  to pool/main/libp/libproxy/libproxy0_0.2.3-1_i386.deb
libproxy_0.2.3-1.diff.gz
  to pool/main/libp/libproxy/libproxy_0.2.3-1.diff.gz
libproxy_0.2.3-1.dsc
  to pool/main/libp/libproxy/libproxy_0.2.3-1.dsc
libproxy_0.2.3.orig.tar.gz
  to pool/main/libp/libproxy/libproxy_0.2.3.orig.tar.gz
python-libproxy_0.2.3-1_all.deb
  to pool/main/libp/libproxy/python-libproxy_0.2.3-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 509063@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <pochu@ubuntu.com> (supplier of updated libproxy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 03 Mar 2009 01:11:35 +0100
Source: libproxy
Binary: libproxy0 libproxy-dev libproxy-tools python-libproxy
Architecture: source all i386
Version: 0.2.3-1
Distribution: unstable
Urgency: low
Maintainer: Emilio Pozuelo Monfort <pochu@ubuntu.com>
Changed-By: Emilio Pozuelo Monfort <pochu@ubuntu.com>
Description: 
 libproxy-dev - automatic proxy configuration management library (devel)
 libproxy-tools - automatic proxy configuration management library (tools)
 libproxy0  - automatic proxy configuration management library (shared)
 python-libproxy - automatic proxy configuration management library (python)
Closes: 509063
Changes: 
 libproxy (0.2.3-1) unstable; urgency=low
 .
   [ Emilio Pozuelo Monfort ]
   * Initial release (Closes: #509063).
   * Fix if/else logic and a wrong free in 50_px-wpad-fallback-env-var.
 .
   [ Loic Minier ]
   * Set libproxy-dev Arch: any; too small win to warrant installability issues
     on slow arches.
   * Drop shlibs:Depends from python-libproxy as it's Arch: all.
   * Drop gnome-get-source.mk include as it's not working by default.
   * Rename patch configure_check_for_dbus to 10_configure-check-for-dbus.
   * Run a full autoreconf instead of only autoconf.
     - New patch, 60_am-prog-cc-c-o, makes newer autoconfs happier.
     - New patch, 70_autotools, split autotools generated files here to force
       them to be applied last and avoid timestamp skews issues.
     Thanks S├ębastien Bacher and Ubuntu for the above.
   * New patch, 50_px-wpad-fallback-env-var, check PX_WPAD_FALLBACK env var to
     decide whether to fall back to wpad:// style autodetection or not,
     defaulting to not fallback when the env var isn't set.
Checksums-Sha1: 
 c0903b6aea9d6bedfcf431d65690f5da4b5446cc 1754 libproxy_0.2.3-1.dsc
 2b2b00a179740548035a1145bbae600db9b0a2ce 378773 libproxy_0.2.3.orig.tar.gz
 0aa4e1cccbacf89177201f0242a50faa89e5c14d 428026 libproxy_0.2.3-1.diff.gz
 9bbdc1324cb512ef09cd094439a0871dcfb94283 5356 python-libproxy_0.2.3-1_all.deb
 fd4acc7a8095e6929e316812a55648583aa7698e 27482 libproxy0_0.2.3-1_i386.deb
 ccc75caf320dbfc6c540eda72bd780cc9d0f6241 4922 libproxy-dev_0.2.3-1_i386.deb
 d0101653d8f5ea29dea505a8baaf0397a6c0ce37 6354 libproxy-tools_0.2.3-1_i386.deb
Checksums-Sha256: 
 341921c002e37cdaa0f430800f9abaa0e0efdbbe116adea81de7d81ffe2205d0 1754 libproxy_0.2.3-1.dsc
 59ded160b3547d29e37cc9d06359f7f37d94112214e4532430cd65e704c1339a 378773 libproxy_0.2.3.orig.tar.gz
 a3375cc79c471b9189e4a13f0bb049b30f09fff98797ca13036a8a9a06378d79 428026 libproxy_0.2.3-1.diff.gz
 366d285be63d34029b877b230d425900fb5b42ccd946d6375199293e21318de9 5356 python-libproxy_0.2.3-1_all.deb
 03112300549ba126e075f514c7951b36bb0f0e476f34b8b263d339bbb6444201 27482 libproxy0_0.2.3-1_i386.deb
 b45d846510b2eb5a546b104314d01bb3c12f7c3204ef46ac87a1b31475abbc0d 4922 libproxy-dev_0.2.3-1_i386.deb
 624dbd5c0e03f281315e23a7409c4490d018ecd4b81f6892a9dd90822f3e5e41 6354 libproxy-tools_0.2.3-1_i386.deb
Files: 
 0210dc2c0eb4ac1e991298efa6e0519f 1754 libs optional libproxy_0.2.3-1.dsc
 86b635e1eb2d665cfbef4c6134fe6604 378773 libs optional libproxy_0.2.3.orig.tar.gz
 fccdafdf66a6cd8a87cd2b6673ddca52 428026 libs optional libproxy_0.2.3-1.diff.gz
 3774490a9a339321b9b02ee6ac187fcd 5356 python optional python-libproxy_0.2.3-1_all.deb
 7ede55dc152e944d976fe511c203f194 27482 libs optional libproxy0_0.2.3-1_i386.deb
 a3980cbdb9ddf1a5f01287cfd79fd3f3 4922 libdevel optional libproxy-dev_0.2.3-1_i386.deb
 b50400e5bee8e2f9e1d7b99c301bb672 6354 libs optional libproxy-tools_0.2.3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJrH1LAAoJENIA6zCg+12mmYsH/jY1IOumd/1ve7azfMsIpwQd
Yix/ZyyR9SXnoSW5VVGOTWTNwxF9Ih8crFGaNSwDMQR1YHDMeY5JVh5DuZcjKlax
lpMnPUJkVce6v0bmLUBDecNP2jh2yFDWMVq1LDfYFNmy/7wO2NMAwzvEBhgweMZQ
p/Sq0eoBN/BUjWQPGPfak1Rr/qqGC2wl/qC0V12tZY1Bit071PKA4gxPVtPiUbS3
svyS4qMXeL0BMtf3Da0vcF/FP2HwkU68YCeG4AhPU9uFHcgzOcwZM/X+cay711ep
DA3q3ZHWD+d3yqO8qYkyUNtIszrj5oc25PElwHBI6JqfgNNSGp/QCZ6Yfa2dGTA=
=x0aq
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 23 May 2009 07:36:07 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:25:47 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.