Processed: firmware-nonfree 20161130-4 flagged for acceptance
Processing control commands: > tags -1 + pending Bug #910969 [release.debian.org] stretch-pu: package firmware-nonfree/20161130-4 Ignoring request to alter tags of bug #910969 to the same tags previously set -- 910969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910969 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#910969: firmware-nonfree 20161130-4 flagged for acceptance
Control: tags -1 + pending Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian . Thanks for your contribution! Upload details == Package: firmware-nonfree Version: 20161130-4 Explanation: fix security issues in Broadcom wifi firmware [CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081]; re-add transitional packages for firmware-{adiralink}
Processed: firmware-nonfree 20161130-4 flagged for acceptance
Processing control commands: > tags -1 + pending Bug #910969 [release.debian.org] stretch-pu: package firmware-nonfree/20161130-4 Added tag(s) pending. -- 910969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910969 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: lastpass-cli: error: Peer certificate cannot be authenticated with given CA certificates
Processing commands for cont...@bugs.debian.org: > affects 911767 lastpass-cli Bug #911767 [release.debian.org] stable-pu: package lastpass-cli/1.0.0-1.2+deb9u1 Added indication that 911767 affects lastpass-cli > block 898940 by 911767 Bug #898940 {Done: Chris Lamb } [lastpass-cli] lastpass-cli: error: Peer certificate cannot be authenticated with given CA certificates 898940 was not blocked by any bugs. 898940 was not blocking any bugs. Added blocking bug(s) of 898940: 911767 > thanks Stopping processing here. Please contact me if you need assistance. -- 898940: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898940 911767: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911767 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#911767: stable-pu: package lastpass-cli/1.0.0-1.2+deb9u1
Package: release.debian.org Severity: normal Tags: stable User: release.debian@packages.debian.org Usertags: pu Dear stable release managers, Please consider lastpass-cli (1.0.0-1.2+deb9u1) for stable: lastpass-cli (1.0.0-1.2+deb9u1) stable; urgency=medium * Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect changes in hosted Lastpass.com service. (Closes: #898940) * Add missing ca-certificates to Depends. The full diff is attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- diff --git a/debian/changelog b/debian/changelog index a49b342..3283985 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +lastpass-cli (1.0.0-1.2+deb9u1) stable; urgency=medium + + * Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect +changes in hosted Lastpass.com service. (Closes: #898940) + * Add missing ca-certificates to Depends. + + -- Chris Lamb Wed, 24 Oct 2018 10:40:01 -0400 + lastpass-cli (1.0.0-1.2) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/control b/debian/control index 5d13597..64c4ed5 100644 --- a/debian/control +++ b/debian/control @@ -7,7 +7,7 @@ Standards-Version: 3.9.8.0 Package: lastpass-cli Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, binutils +Depends: ${shlibs:Depends}, ${misc:Depends}, binutils, ca-certificates Description: command line interface to LastPass.com This application is a command line interface to the LastPass.com services. It brings both better security and convenience by allowing you to access, add, diff --git a/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch b/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch new file mode 100644 index 000..60cab8d --- /dev/null +++ b/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch @@ -0,0 +1,26 @@ +From: Chris Lamb +Date: Wed, 24 Oct 2018 10:33:53 -0400 +Subject: Backport hardcoded certificate pins from lastpass 1.3.1 to reflect + changes in the hosted LastPass.com service. (Closes: #898940) + +--- + pins.h | 4 + 1 file changed, 4 insertions(+) + +diff --git a/pins.h b/pins.h +index e629b6f..7455574 100644 +--- a/pins.h b/pins.h +@@ -5,8 +5,12 @@ const char *PK_PINS[] = { + "HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=", + /* current lastpass.eu primary (AddTrust) */ + "lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=", ++ /* future lastpass root CA (GlobalSign R1) */ ++ "K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=", + /* future lastpass root CA (GlobalSign R2) */ + "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=", ++ /* future lastpass root CA (GlobalSign R3) */ ++ "cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=", + /* future lastpass.com primary (leaf) */ + "0hkr5YW/WE6Nq5hNTcApxpuaiwlwy5HUFiOt3Qd9VBc=", + /* future lastpass.com backup (leaf) */ diff --git a/debian/patches/series b/debian/patches/series index 45a126b..1e88d92 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ 0001-cipher-support-opaque-EVP_CIPHER_CTX.patch 0002-cipher-drop-p8inf-broken-flag-check.patch 0003-pbkdf2-support-openssl-1.1.patch +0004-backport-hardcoded-certificate-pins-from-1.3.1.patch
Bug#901015: transition: protobuf
On 10/24/18 3:54 PM, Mattia Rizzolo wrote: > If "a rebuild is required to make them compatible", you should add > Breaks against those versions, as it maeans the new protobuf is not > compatible to them and coinstallation should be prevented. > That would also hint britney to trigger autopkgtest with both the new > rebuilt rdep and the new protobuf, and migrate them in lockstep. > This was suggested earlier but rejected by protobuf maintainer. "1) Can libprotobuf10 and libprotobuf17 installed together and independent packages working correctly with these libraries? Yes, these are possible. I don't see the need to break the old libprotobuf10 package. 2) Packages that depend on each other, need to be compiled with the same ProtoBuf version. This should be expressed in those package dependencies." https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910964#29 Though the suggestion by protobuf maintainer was not acceptable to ignition-msgs maintainer https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900429#36 signature.asc Description: OpenPGP digital signature
Bug#901015: transition: protobuf
On Wed, Oct 24, 2018 at 03:47:47PM +0530, Pirate Praveen wrote: > I think these regressions should not add a delay to testing migration as > autopkgtests are passing in unstable and a rebuild is required to make > them compatible with new protobuf version. > > autopkgtest for gazebo/9.0.0+dfsg5-4.2: amd64: Regression ♻ > autopkgtest for ignition-msgs/1.0.0+dfsg1-5: amd64: Regression ♻ > autopkgtest for ignition-transport/4.0.0+dfsg-4: amd64: Regression ♻ > autopkgtest for ola/0.10.7.nojsmin-1: amd64: Regression ♻ > Required age increased by 18 days because of autopkgtest If "a rebuild is required to make them compatible", you should add Breaks against those versions, as it maeans the new protobuf is not compatible to them and coinstallation should be prevented. That would also hint britney to trigger autopkgtest with both the new rebuilt rdep and the new protobuf, and migrate them in lockstep. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Bug#901015: transition: protobuf
Hi Emilio, I think these regressions should not add a delay to testing migration as autopkgtests are passing in unstable and a rebuild is required to make them compatible with new protobuf version. autopkgtest for gazebo/9.0.0+dfsg5-4.2: amd64: Regression ♻ autopkgtest for ignition-msgs/1.0.0+dfsg1-5: amd64: Regression ♻ autopkgtest for ignition-transport/4.0.0+dfsg-4: amd64: Regression ♻ autopkgtest for ola/0.10.7.nojsmin-1: amd64: Regression ♻ Required age increased by 18 days because of autopkgtest signature.asc Description: OpenPGP digital signature
Bug#911740: nmu: freeimage_3.17.0+ds1-5+b5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu Hi Release team, I think that the binNMU for freeimage against libraw19 did not work; the package has downloaded and installed libraw16 during build, instead of *19. Can you please check if if needed re-issue the binNMU? (I did not check whether other packages are affected too.) Many thanks, tobi nmu freeimage_3.17.0+ds1-5+b5 . alpha . unstable . -m "Rebuild against libraw19." -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled