Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 2 Jul 2019 10:28:51 +0200
From: Arnd Bergmann <arnd@...db.de>
To: musl@...ts.openwall.com
Subject: Re: Revisiting 64-bit time_t

On Tue, Jul 2, 2019 at 12:08 AM Rich Felker <dalias@...c.org> wrote:
> On Mon, Jul 01, 2019 at 11:12:20PM +0200, Arnd Bergmann wrote:
> >
> > There are 4288 packages that provide a file in /usr/include, and out of those,
> > 973 match the regular expression above, see the list at
> >
> > https://pastebin.com/Yu22pLqQ
> >
> > This took a few hours to run and could be done faster by running bits
> > in parallel.
> > I can send you the full output, but it's at 300kb compressed, it's a bit large
> > for the mailing list. The regex also wasn't great, so I'm sure there
> > are lots of false positives and negatives, but its' a start.
>
> OK. That sounds like a lot, but upon looking, a lot of them look like
> "libraries" whose main/sole consumer is a single application. So maybe
> it's not so bad.

I was trying to run 'build-rdeps' on each one to see how many packages
actually depend on them, but I could not get that working (I always
get an error "build-rdeps: unable to find sources files." but can't figure
out which file it is missing).

I would expect a distribution in which a few packages (e.g. libc) are
dependencies for thousands of others, while most packages are not
a dependency for anything else.

Looking only at direct built-dependencies instead, these are the packages
with the most dependencies:

while read i ; do echo `grep "Build-Depends.*\<$i\>"
/var/lib/apt/lists/httpredir.debian.org_debian_dists_testing_main_source_Sources
| wc -l` $i  ; done < all.list  | sort -nr | head -n 100

1026 libglib2.0-dev
848 qtbase5-dev
590 libgtk2.0-dev
583 libssl-dev
565 libgtk-3-dev
458 libpng-dev
315 libasound2-dev
307 libxt-dev
278 libreadline-dev
220 libcurl4-gnutls-dev
208 gawk
196 uuid-dev
174 libpam0g-dev
150 libgnutls28-dev
147 libpulse-dev
136 libpq-dev
129 libusb-1.0-0-dev
123 libqt4-dev
122 libcurl4-openssl-dev
118 libldap2-dev
110 libfontconfig1-dev
107 libicu-dev
101 libfuse-dev
100 libgstreamer1.0-dev
93 apache2-dev
89 libsoup2.4-dev
89 libgtest-dev
85 libpcap0.8-dev
79 qtbase5-private-dev
74 libevent-dev
73 libhdf5-dev
73 libeigen3-dev
66 libavutil-dev
65 libbsd-dev
59 libflac-dev
59 libarchive-dev
57 libglobus-common-dev
55 linux-libc-dev
54 libprotobuf-dev
51 libelf-dev
49 libgdal-dev
48 libcups2-dev
47 libdrm-dev
45 libmagic-dev
45 libgtkmm-2.4-dev
43 libmotif-dev
42 libv4l-dev
40 libkf5kdelibs4support-dev
38 libgeoip-dev
37 valgrind
36 nettle-dev
36 libfltk1.3-dev
33 libgtkmm-3.0-dev
33 dejagnu
32 kdelibs5-dev
31 tcl8.6-dev
30 libsnmp-dev
30 doctest-dev
29 libglibmm-2.4-dev
29 libapr1-dev
29 fcitx-libs-dev
28 libnm-dev
27 libgpgme-dev
26 libupower-glib-dev
26 libev-dev
25 libnspr4-dev
25 libkf5mime-dev
24 libxerces-c-dev
24 libpoppler-qt5-dev
24 libpoppler-glib-dev
24 libnl-3-dev
24 libical-dev
24 libaio-dev
23 libgnome-desktop-3-dev
23 libc6-dev
22 libzip-dev
22 libssh2-1-dev
22 libhiredis-dev
21 vdr-dev
20 libtelepathy-glib-dev
20 libkf5libkdepim-dev
20 libc-ares-dev
20 catch
19 libuv1-dev
19 libsmbclient-dev
19 libgsf-1-dev
19 libgphoto2-dev
18 libmemcached-dev
17 libtbb-dev
17 libpoppler-private-dev
17 libneon27-gnutls-dev
17 libibverbs-dev
17 libiberty-dev
17 libgimp2.0-dev
17 libclthreads-dev
17 guile-2.2-dev
17 binutils-dev
16 libtracker-sparql-2.0-dev
16 libparted-dev
16 libmbedtls-dev

about 300 packages have nothing build-depending on them in 'main', and only 155
packages that use time_t in a heade file have more than 10 source packages with
build dependencies on them.

I've looked at the first few, and there are usually only a few obscure functions
that use time_t, so we can use the debian code search to figure out what
needs those. Here are a few potentially nasty cases:

https://codesearch.debian.net/search?q=png_convert_from_time_t
https://codesearch.debian.net/search?q=g_bookmark_file_get
https://codesearch.debian.net/search?q=gtk_recent_info_get
https://codesearch.debian.net/search?q=snd_%28h%7C%29timestamp_t
https://codesearch.debian.net/search?q=history_get_time
https://codesearch.debian.net/search?q=curl_getdate
https://codesearch.debian.net/search?q=ldap_search_ext
https://codesearch.debian.net/search?q=pcap_pkthdr

      Arnd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.