DOCSLIB.ORG

Fuzzing Project, Funded by Linux Foundation's Core Infrastructure Initiative

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Fuzzing Project, Funded by Linux Foundation's Core Infrastructure Initiative FIX ALL THE BUGS AMERICAN FUZZY LOP AND ADDRESS SANITIZER Hanno Böck 1 INTRODUCTION Hanno Böck, freelance journalist and hacker. Writing for Golem.de and others. Author of monthly Bulletproof TLS Newsletter. Fuzzing Project, funded by Linux Foundation's Core Infrastructure Initiative. 2 BUG EXAMPLE (QT file src/plugins/platforminputcontexts/compose/qcomposeplatforminputcontext.cpp) 3 KDE / QT BUGS Use aer free in qmake Underflow / out of bounds read in QT / QCompose Out of bounds read in QtGui Out of bounds read in Kwin (last 2 not sure if I should blame Xorg/xcb API) 4 FOR FAIRNESS: GNOME #762417: Out of bounds read in glib / token parser #762483: Out of bounds read in glib / unicode parser #768441: Heap overflow in gnome-session parameter parsing #770027: Out of bounds read in pango / test suite 5 BUG EXAMPLE /* +2 for our new arguments, +1 for NULL */ new_argv = g_malloc (argc + 3 * sizeof (*argv)); (gnome-session 3.20.1, bug #768441) 6 ADDRESS SANITIZER (ASAN) All this bugs can be trivially found with Address Sanitizer. Just add -fsanitize=address to the compiler flags in GCC/CLANG. 7 FIND BUGS WITH ASAN ./configure CFLAGS="-fsanitize=address -g" \ CXXFLAGS="-fsanitize=address -g" \ LDFLAGS="-fsanitize=address" make make check 8 WHAT IS ASAN DOING? Shadow memory tracking which memory areas are valid. Finds out of bounds access (read/write) and use aer free bugs (and other less common issues). 9 OUT OF BOUNDS READ #include <stdio.h> int main() { int a[2] = {3,1}; int i = 2; printf("%i\n", a[i]); } 10 USE AFTER FREE #include <stdio.h> #include <stdlib.h> int main() { char *c = calloc(10,1); printf("%i\n", c[0]); free(c); printf("%i\n", c[1]); } 11 MISSION: TEST EVERYTING WITH ASAN Every project using C/C++ code should test with ASAN. 12 GENTOO WITH ASAN Why not build everything in a Linux system with ASAN? Gentoo + ASAN: It runs! Found bugs in Bash, Coreutils/Shred, man-db, Pidgin-OTR, Courier, Syslog-NG, Screen, Claws-Mail, ProFTPD ICU, TCL, Dovecot, Glib, GNOME, Qt, KDE, Libarchive, Squid, CMake, Gettext, SpamAssassin, ... 13 FUZZING Throw garbage at soware. 14 FUZZING Example: Image parser Take valid image, add random errors to it, see if parser crashes. 15 16 DARPA CYBER GRAND CHALLENGE DARPA's Cyber Grand Challenge: Early Highlights from the C... 17 RARELY TOLD STORY Most teams and all three winners of the Darpa Cyber Grand Challenge used American Fuzzy Lop (AFL) with some addons as a bug finding tool. 18 AMERICAN FUZZY LOP 19 FUZZING STRATEGIES Dumb fuzzing: Easy, but not very effective. Template-based fuzzing: More effective, lots of work, doesn't scale. Coverage-based fuzzing: Easy and effective. 20 AMERICAN FUZZY LOP American Fuzzy Lop (AFL) made the idea of coverage-based fuzzing popular. Step 1: Compile with afl-wrapper (afl-gcc or afl-clang-fast) Step 2: Fuzz 21 AFL IS EASY ./configure CC=afl-clang-fast CXX=afl-clang-fast++ --disable- shared; make [put sample file into directory in/] afl-fuzz -i in -o out [path_to_parser_executable] @@ 22 AMERICAN FUZZY LOP 23 AFL FOUND BUGS IN ... OpenSSL, OpenSSH, libjpeg-turbo, libpng, sqlite, GnuPG, Bash, Stagefright, BIND, NTPD, ... There isn't any major piece of C parser code where AFL hasn't found bugs. 24 FUZZING WITH SUPERPOWERS AFL finds bugs, ASAN finds more bugs. Best to combine AFL and ASAN. Set AFL_USE_ASAN=1 and add "-m none". 25 26 AFL/ASAN MEET HEARTBLEED Could Fuzzing find the Heartbleed bug? Experiment: Implement wrapper that accepts handshake messages as file input. Success aer ~ 6 hours. (Kostya Serebryany showed that LibFuzzer finds it in 5 minutes) 27 LIBFUZZER Also coverage based fuzzing. Part of LLVM/CLANG. AFL fuzzes executables, LibFuzzer fuzzes functions. Faster, but more initial work (write code). 28 LIBFUZZER EXAMPLE #include <stdint.h> #include <stddef.h> #include <openssl/asn1.h> extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { ASN1_STRING *out = 0; ASN1_mbstring_copy(&out, Data, Size, MBSTRING_BMP, 0); if (out!=0) ASN1_STRING_free(out); return 0; } 29 DIFFERENTIAL TESTING Typical fuzzing: look for crashes / memory corruption. Differential testing: Feed two different implementations doing the same thing the same input, compare the output. 30 DIFFERENTIAL TESTING ON MATH Crypto is important. Crypto uses mathematics - but is the math correct? 31 BN_SQR() BUG (CVE-2014-3570) OpenSSL had a bug in the squaring function. On very rare inputs (1 in 2^128) it produced wrong results. Surprising: AFL found this bug (first tested by Ralph-Philipp Weinmann). 32 AFL IS GOOD AT THIS OpenSSL / BN_mod_exp (CVE-2015-3193) Nettle / ECC (CVE-2015-8803, CVE-2015-8804) NSS / mp_div() / exptmod() (CVE-2016-1938) OpenSSL / Poly1305 MatrixSSL / pstm_exptmod (CVE-2016-6885, CVE-2016-6886, CVE-2016-6887) 33 WHAT IS A VULNERABILIT? The vast majority of bugs found with AFL+ASAN are heap out of bounds reads. Are these vulnerabilities? Sometimes (Heartbleed!) Be prepared for pointless discussions whether these should be called vulnerabilities. IMHO: Just fix them and skip that discussion. 34 MORE TOOLS 35 OTHER SANITIZERS Undefined Behavior Sanitizer (UBSAN) - easy to use, but finds many bugs, mostly not very interesting. Memory Sanitizer (MSAN) - finds uninitialized memory, tricky to use. Thread Sanitizer (TSAN) - mostly interesting for larger C++ projects. 36 UNDEFINED BEHAVIOR SANITIZER (UBSAN) #include <limits.h> int main() { int i = 10; int j = -1; i <<= j; i = INT_MAX; i++; } 37 MEMORY SANITIZER (MSAN) int main(int argc, char **argv) { int x[10]; x[1] = 1; if (x[argc]) return 1; } 38 KASAN, KUBSAN, KTSAN, SYZCALLER Sanitizers and coverage-based fuzzing have been adapted for the Linux Kernel. 39 NETWORK-FUZZING Tricky - no really good solution yet. Preeny - uses LD_PRELOADing. Patch from Doug Birdwell for AFL, fragile. Wrappers to parser functions. 40 AFL + SYMBOLIC EXECUTION Some work on this (e. g. in Darpa Challenge), but nothing easily usable yet. Will have to proove it's useful. 41 IT'S FREE All presented tools (AFL, LibFuzzer, ASAN, other Sanitizers, Preeny, KASAN, Syzcaller) are published as Free and Open Source Soware. 42 THE C/C++ PROBLEM Most fuzzing/ASAN-related bugs are typical C/C++ problems. Maybe we should just rewrite everything in Rust. 43 COMPARING VENDOR REACTIONS 44 DPKG 45 DPKG 2015-11-18: Reported 2 bugs in .deb parsing 2015-11-26: Debian and Ubuntu publish updates and security advisories (USN-2820-1, DSA-3407-1) 46 RPM 47 RPM 2015-11-20: Reported 3 bugs in .rpm parsing to Red Hat Answer: We already got 30 crash reports, may take some time. 48 RPM... RPM is an independent project since 2007, used by Red Hat, Suse and others. Or not? rpm.org belongs to Red Hat Inc. Red Hat Security: "However, we don't own rpm.org domain, it's upstream project, so there's not much we can do about it." 49 RPM.ORG Trac installation. Trying to register account: Certificate error. To create a bug you should ask for permission in IRC or on the mailing list. 50 RPM REPOSITORY RPM development happens on Github these days. The rpm.org webpage does not mention that. 51 WHAT'S THE LATEST VERSION OF RPM? According to rpm.org/releases: 4.12.0.1 According to Github repository: 4.12.0 According to Fedora: 4.13.0 52 STATUS RPM One Stack Buffer Overflow still unfixed in the latest Git Code. No release (that can be found) since 2014. There are more bugs, including ones that happen pre- signature-check. 53 ADVERTISEMENT BLOCK: BERLINSEC MEETUP Tomorrow (5th Sept) at Mozilla Berlin Community space https://berlinsec.github.io/ 54 THANKS FOR LISTENING Test with Address Sanitizer Fuzz your soware Questions? https://fuzzing-project.org/ 55.
Load more

Recommended publications
  • The Glib/GTK+ Development Platform
    The GLib/GTK+ Development Platform A Getting Started Guide Version 0.8 Sébastien Wilmet March 29, 2019 Contents 1 Introduction 3 1.1 License . 3 1.2 Financial Support . 3 1.3 Todo List for this Book and a Quick 2019 Update . 4 1.4 What is GLib and GTK+? . 4 1.5 The GNOME Desktop . 5 1.6 Prerequisites . 6 1.7 Why and When Using the C Language? . 7 1.7.1 Separate the Backend from the Frontend . 7 1.7.2 Other Aspects to Keep in Mind . 8 1.8 Learning Path . 9 1.9 The Development Environment . 10 1.10 Acknowledgments . 10 I GLib, the Core Library 11 2 GLib, the Core Library 12 2.1 Basics . 13 2.1.1 Type Definitions . 13 2.1.2 Frequently Used Macros . 13 2.1.3 Debugging Macros . 14 2.1.4 Memory . 16 2.1.5 String Handling . 18 2.2 Data Structures . 20 2.2.1 Lists . 20 2.2.2 Trees . 24 2.2.3 Hash Tables . 29 2.3 The Main Event Loop . 31 2.4 Other Features . 33 II Object-Oriented Programming in C 35 3 Semi-Object-Oriented Programming in C 37 3.1 Header Example . 37 3.1.1 Project Namespace . 37 3.1.2 Class Namespace . 39 3.1.3 Lowercase, Uppercase or CamelCase? . 39 3.1.4 Include Guard . 39 3.1.5 C++ Support . 39 1 3.1.6 #include . 39 3.1.7 Type Definition . 40 3.1.8 Object Constructor . 40 3.1.9 Object Destructor .
    [Show full text]
  • Learn Raspberry Pi with Linux
    For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to access them. Contents at a Glance About the Authors .............................................................................................................. xv About the Technical Reviewer .......................................................................................... xvii Acknowledgments ............................................................................................................. xix Introduction ....................................................................................................................... xxi ■ Chapter 1: Your First Bite of Raspberry Pi .........................................................................1 ■ Chapter 2: Surveying the Landscape ...............................................................................31 ■ Chapter 3: Getting Comfortable .......................................................................................53 ■ Chapter 4: The File-Paths to Success ..............................................................................69 ■ Chapter 5: Essential Commands ......................................................................................89 ■ Chapter 6: Editing Files on the Command Line ..............................................................109 ■ Chapter 7: Managing Your Pi .........................................................................................129 ■ Chapter 8: A
    [Show full text]
  • Gtk2-Perl: an Introduction
    Gtk2-Perl: An Introduction Gtk2-Perl: An Introduction Or How I Learned to Stop Worrying and Make Things Pretty Scott Paul Robertson http://spr.mahonri5.net [email protected] May 9, 2007 Gtk2-Perl: An Introduction Background What is Gtk2-Perl? Gtk2-Perl is the set of Perl bindings for Gtk2, and related libraries1. These allow you to code Gtk2 and Gnome applications in Perl. Gtk2-Perl is fairly easy to get started using, but has a few hang ups that can be difficult to discover, or sometimes the documentation is just not there. The developers are aware of the issue, and encourage users to provide documentation, reference guides, or tutorials. 1Glade, Glib, etc Gtk2-Perl: An Introduction Background Online Documentation There are a few major online sources for Gtk2-Perl documentation: ◮ Gtk2-Perl Tutorial - The offical tutorial. ◮ Gtk2-Perl Study Guide - Another excellent tutorial/reference ◮ Introduction to GUI Programming with Gtk2-Perl - As it says, it’s a good introduction to gui programming in general. ◮ Gtk2-Perl Pod Documentation - You might have these as man pages as well, very helpful. Gtk2-Perl: An Introduction Basic Application A Simple Window We’ll start with an example of a simple single button application. First we have to initalize Gtk2: #!/usr/bin/perl -w use strict; use Gtk2 ’-init’; use readonly TRUE => 1; use readonly FALSE => 0; ◮ The ’-init’ prepares the Gtk2 environment, otherwise we would have to do it ourselves later. ◮ Defining the constants is very helpful for code readability later. Gtk2-Perl: An Introduction Basic Application A Simple Window Now we set up the window object and a button.
    [Show full text]
  • Clutter Version 1.10.0, Updated 9 May 2012
    Guile-GNOME: Clutter version 1.10.0, updated 9 May 2012 Matthew Allum and OpenedHand LTD Intel Corporation This manual is for (gnome clutter) (version 1.10.0, updated 9 May 2012) Copyright 2006,2007,2008 OpenedHand LTD Copyright 2009,2010,2011,2012 Intel Corporation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. You may obtain a copy of the GNU Free Documentation License from the Free Software Foundation by visiting their Web site or by writing to: The Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA i Short Contents 1 Overview :::::::::::::::::::::::::::::::::::::::::::: 1 2 ClutterAction :::::::::::::::::::::::::::::::::::::::: 2 3 ClutterActorMeta ::::::::::::::::::::::::::::::::::::: 3 4 ClutterActor ::::::::::::::::::::::::::::::::::::::::: 5 5 ClutterAlignConstraint:::::::::::::::::::::::::::::::: 63 6 ClutterAlpha :::::::::::::::::::::::::::::::::::::::: 65 7 ClutterAnimatable ::::::::::::::::::::::::::::::::::: 68 8 Implicit Animations :::::::::::::::::::::::::::::::::: 69 9 ClutterAnimator ::::::::::::::::::::::::::::::::::::: 76 10 ClutterBackend :::::::::::::::::::::::::::::::::::::: 82 11 ClutterBinLayout :::::::::::::::::::::::::::::::::::: 84 12 ClutterBindConstraint :::::::::::::::::::::::::::::::: 87 13 Key Bindings:::::::::::::::::::::::::::::::::::::::: 90
    [Show full text]
  • Geanypy Documentation Release 1.0
    GeanyPy Documentation Release 1.0 Matthew Brush <[email protected]> February 17, 2017 Contents 1 Introduction 3 2 Installation 5 2.1 Getting the Source............................................5 2.2 Dependencies and where to get them..................................5 2.3 And finally ... installing GeanyPy....................................7 3 Getting Started 9 3.1 What the heck is GeanyPy, really?....................................9 3.2 Python Console..............................................9 3.3 Future Plans............................................... 10 4 Writing a Plugin - Quick Start Guide 11 4.1 The Plugin Interface........................................... 11 4.2 Real-world Example........................................... 12 4.3 Logging.................................................. 13 5 API Documentation 15 5.1 The app module............................................. 15 5.2 The dialogs module.......................................... 16 5.3 The document module......................................... 17 5.4 The geany package and module.................................... 19 6 Indices and tables 21 Python Module Index 23 i ii GeanyPy Documentation, Release 1.0 Contents: Contents 1 GeanyPy Documentation, Release 1.0 2 Contents CHAPTER 1 Introduction GeanyPy allows people to write their Geany plugins in Python making authoring a plugin much more accessible to non C programmers. What follows is a description of installing and using the GeanyPy plugin, paving the way for the rest of the documentation to covert the details of programming with the GeanyPy bindings of the Geany API. 3 GeanyPy Documentation, Release 1.0 4 Chapter 1. Introduction CHAPTER 2 Installation Currently there are no binary packages available for installing GeanyPy so it must be installed from source. The following instructions will describe how to do this. Getting the Source The best way currently to get GeanyPy is to check it out from it’s repository on GitHub.com.
    [Show full text]
  • Debian and Ubuntu
    Debian and Ubuntu Lucas Nussbaum lucas@{debian.org,ubuntu.com} lucas@{debian.org,ubuntu.com} Debian and Ubuntu 1 / 28 Why I am qualified to give this talk Debian Developer and Ubuntu Developer since 2006 Involved in improving collaboration between both projects Developed/Initiated : Multidistrotools, ubuntu usertag on the BTS, improvements to the merge process, Ubuntu box on the PTS, Ubuntu column on DDPO, . Attended Debconf and UDS Friends in both communities lucas@{debian.org,ubuntu.com} Debian and Ubuntu 2 / 28 What’s in this talk ? Ubuntu development process, and how it relates to Debian Discussion of the current state of affairs "OK, what should we do now ?" lucas@{debian.org,ubuntu.com} Debian and Ubuntu 3 / 28 The Ubuntu Development Process lucas@{debian.org,ubuntu.com} Debian and Ubuntu 4 / 28 Linux distributions 101 Take software developed by upstream projects Linux, X.org, GNOME, KDE, . Put it all nicely together Standardization / Integration Quality Assurance Support Get all the fame Ubuntu has one special upstream : Debian lucas@{debian.org,ubuntu.com} Debian and Ubuntu 5 / 28 Ubuntu’s upstreams Not that simple : changes required, sometimes Toolchain changes Bugfixes Integration (Launchpad) Newer releases Often not possible to do work in Debian first lucas@{debian.org,ubuntu.com} Debian and Ubuntu 6 / 28 Ubuntu Packages Workflow lucas@{debian.org,ubuntu.com} Debian and Ubuntu 7 / 28 Ubuntu Packages Workflow Ubuntu Karmic Excluding specific packages language-(support|pack)-*, kde-l10n-*, *ubuntu*, *launchpad* Missing 4% : Newer upstream
    [Show full text]
  • How to Run POSIX Apps in a Minimal Picoprocess Jon Howell, Bryan Parno, John R
    How to Run POSIX Apps in a Minimal Picoprocess Jon Howell, Bryan Parno, John R. Douceur Microsoft Research, Redmond, WA Abstract Libraries We envision a future where Web, mobile, and desktop Application Function # Examples applications are delivered as isolated, complete software Abiword word processor 63 Pango,Freetype stacks to a minimal, secure client host. This shift imbues Gimp raster graphics 55 Gtk,Gdk Gnucash personal finances 101 Gnome,Enchant app vendors with full autonomy to maintain their apps’ Gnumeric spreadsheet 54 Gtk,Gdk integrity. Achieving this goal requires shifting complex Hyperoid video game 6 svgalib behavior out of the client platform and into the vendors’ Inkscape vector drawing 96 Magick,Gnome isolated apps. We ported rich, interactive POSIX apps, Marble 3D globe 73 KDE, Qt such as Gimp and Inkscape, to a spartan host platform. Midori HTML/JS renderer 74 webkit We describe this effort in sufficient detail to support re- producibility. Table 1: A variety of rich, functional apps transplanted to run in a minimal native picoprocess. While these 1 Introduction apps are nearly fully functional, plugins that depend on fork() are not yet supported (§3.9). Numerous academic systems [5, 11, 13, 15, 19, 22, 25–28, 31] and deployed systems [1–3, 23] have started pushing towards a world in which Web, mobile, and multaneously [16]. It pushes the minimal client host in- desktop applications are strongly isolated by the client terface to an extreme, proposing a client host without kernel. A common theme in this work is that guarantee- TCP, a file system or even storage, and with a UI con- ing strong isolation requires simplifying the client, since strained to simple pixel blitting (i.e., copying pixel arrays complexity tends to breed vulnerability.
    [Show full text]
  • GTK Development Using Glade 3
    GTK Development Using Glade 3 GTK+ is a toolkit, or a collection of libraries, which developers can use to develop GUI applications for Linux, OSX, Windows, and any other platform on which GTK+ is available. Original Article by Micah Carrick Table of Contents Part 1 - Designing a User Interface Using Glade 3 ___________________________________________1 Quick Overview of GTK+ Concepts ______________________________________________________________1 Introduction to Glade3 _________________________________________________________________________3 Getting Familiar with the Glade Interface_______________________________________________________3 Manipulating Widget Properties________________________________________________________________5 Specifying Callback Functions for Signals _______________________________________________________6 Adding Widgets to the GtkWindow _____________________________________________________________9 How Packing Effects the Layout ______________________________________________________________ 13 Editing the Menu (or Toolbar) ________________________________________________________________ 15 Final Touches to the Main Window ___________________________________________________________ 18 Part 2 - Choosing a Programming Language for GT K+ Developm ent _____________ 19 Which is the BEST Language? ________________________________________________________________ 19 Language Choice Considerations _____________________________________________________________ 19 A Look at Python vs. C________________________________________________________________________
    [Show full text]
  • Replacing C Library Code with Rust
    Replacing C library code with Rust: What I learned with librsvg Federico Mena Quintero [email protected] GUADEC 2017 Manchester, UK What uses librsvg? GNOME platform and desktop: gtk+ indirectly through gdk-pixbuf thumbnailer via gdk-pixbuf eog gstreamer-plugins-bad What uses librsvg? Fine applications: gnome-games (gnome-chess, five-or-more, etc.) gimp gcompris claws-mail darktable What uses librsvg? Desktop environments mate-panel Evas / Enlightenment emacs-x11 What uses librsvg? Things you may not expect ImageMagick Wikipedia ← they have been awesome Long History ● First commit, Eazel, 2001 ● Experiment instead of building a DOM, stream in SVG by using libbxml2’s SAX parser ● Renderer used libart ● Gill → Sodipodi → Inkscape ● Librsvg was being written while the SVG spec was being written ● Ported to Cairo eventually – I’ll remove the last libart-ism any day now Federico takes over ● Librsvg was mostly unmaintained in 2015 ● Took over maintenance in February 2015 ● Started the Rust port in October 2016 Pain points: librsvg’s CVEs ● CVE-2011-3146 - invalid cast of RsvgNode type, crash ● CVE-2015-7557 - out-of-bounds heap read in list-of-points ● CVE-2015-7558 - Infinite loop / stack overflow from cyclic element references (thanks to Benjamin Otte for the epic fix) ● CVE-2016-4348 - NOT OUR PROBLEM - integer overflow when writing PNGs in Cairo (rowstride computation) ● CVE-2017-11464 - Division by zero in Gaussian blur code (my bad, sorry) ● Many non-CVEs found through fuzz testing and random SVGs on the net ● https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=librsvg
    [Show full text]
  • Upgrade Issues
    Upgrade issues Graph of new conflicts libsiloh5-0 libhdf5-lam-1.8.4 (x 3) xul-ext-dispmua (x 2) liboss4-salsa-asound2 (x 2) why sysklogd console-cyrillic (x 9) libxqilla-dev libxerces-c2-dev iceape xul-ext-adblock-plus gnat-4.4 pcscada-dbg Explanations of conflicts pcscada-dbg libpcscada2-dev gnat-4.6 gnat-4.4 Similar to gnat-4.4: libpolyorb1-dev libapq-postgresql1-dev adacontrol libxmlada3.2-dev libapq1-dev libaws-bin libtexttools2-dev libpolyorb-dbg libnarval1-dev libgnat-4.4-dbg libapq-dbg libncursesada1-dev libtemplates-parser11.5-dev asis-programs libgnadeodbc1-dev libalog-base-dbg liblog4ada1-dev libgnomeada2.14.2-dbg libgnomeada2.14.2-dev adabrowse libgnadecommon1-dev libgnatvsn4.4-dbg libgnatvsn4.4-dev libflorist2009-dev libopentoken2-dev libgnadesqlite3-1-dev libnarval-dbg libalog1-full-dev adacgi0 libalog0.3-base libasis2008-dbg libxmlezout1-dev libasis2008-dev libgnatvsn-dev libalog0.3-full libaws2.7-dev libgmpada2-dev libgtkada2.14.2-dbg libgtkada2.14.2-dev libasis2008 ghdl libgnatprj-dev gnat libgnatprj4.4-dbg libgnatprj4.4-dev libaunit1-dev libadasockets3-dev libalog1-base-dev libapq-postgresql-dbg libalog-full-dbg Weight: 5 Problematic packages: pcscada-dbg hostapd initscripts sysklogd Weight: 993 Problematic packages: hostapd | initscripts initscripts sysklogd Similar to initscripts: conglomerate libnet-akamai-perl erlang-base screenlets xlbiff plasma-widget-yawp-dbg fso-config- general gforge-mta-courier libnet-jifty-perl bind9 libplack-middleware-session-perl libmail-listdetector-perl masqmail libcomedi0 taxbird ukopp
    [Show full text]
  • Introduction to GTK+
    Introduction to GTK+ Ted Gould PLUG Developers Meeting August 4th, 2003 http:/ / gould.cx/ ted/ projects/ gtkintro/ Presentation Outline ● GTK+ and helper libraries ● Glib Object Model ● GTK+ Programming <break> ● GNOME Libraries ● References GTK+ Overview ● Developed to move The GIMP off of Motif ● Realized that C could be object oriented ● Created in C for compatibility (every modern language can load C libraries) ● Large number of bindings (Effiel, Java, Ruby...) ● GUI Interface designer: Glade ● License: LGPL ● Used in the GNOME project (and many others) Helping out GTK+ Pango Text Rendering Library ● Greek 'Pan' for 'All' and Japanese 'Go' for language ● Internationalized text rendering library – not actually GTK+ specific, but used by GTK+ ● Uses Unicode internally ● Focus on 'correct' rendering of anything ● Font system and toolkit independent ● For modern Linux uses XFT Accessibility Toolkit ● Hard to find documentation on :) ● Allows GTK (and other) programs to be used by screen readers, magnifiers, etc. ● Developed by the developers that built the accessibility for Java ● Required for many corporations (especially gov't) to use software GDK: Gimp Display Kit ● Library to perform the actual rendering to the display ● Abstracts out the display so that it can be X11 or Win32 or Cocoa or whatever ● Also provides some pixmap functions if you need those (not covered today) Glib C Utility Library ● Makes C 'easy to use' ● Provides much of the functionality that is replicated in many programs ● Has things like: memory allocation, linked
    [Show full text]
  • GUI Programming with GTK What Is GTK?
    LinuxFocus article number 295 http://linuxfocus.org GUI Programming with GTK by Özcan Güngör <ozcangungor(at)netscape.net> Abstract: About the author: In these article series, we will learn how to write graphical user I use Linux since interfaces (GUI) programs using GTK. I do not have any idea how long 1997.Freedom, flexibility it will last. In order to understand these articels, you should know the and opensource. These are followings about the C programming language: the properties I like. Variables Translated to English by: Functions Özcan Güngör Pointers <ozcangungor(at)netscape.net> _________________ _________________ _________________ What is GTK? GTK (GIMP Toolkit) is a library for creating Graphical User Interfaces. The library is available under the GPL license. Using this library, you can create open-source, free or commercial programs. The library has the name GIMP toolkit (GTK) because it was originally created for developing GIMP (General Image Manipulation Program). The authors of GTK are: Peter Mattis Spencer Kimball Josh MacDonald GTK is object-oriented application user interface. Although written in C, it uses idea of classes and callback functions. Compiling In oreder to compile GTK programs, you need to tell gcc what GTK libraries are and where they are. The gtk-config command is "knows" this. # gtk-config --cflags --libs The output of this command is something like following (depending on the system): -I/opt/gnome/include/gtk-1.2 -I/opt/gnome/include/glib-1.2 -I/opt/gnome/lib/glib /include -I/usr/X11R6/include -L/opt/gnome/lib -L/usr/X11R6/lib -lgtk -lgdk -rdynamic -lgmodule -lglib -ldl -l Xext -lX11 -lm Explanations of these parameters are: -l library: Searches for a library in the form like liblibrary.a in defined paths.
    [Show full text]