Processed: firmware-nonfree 20161130-4 flagged for acceptance

2018-10-24 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #910969 [release.debian.org] stretch-pu: package firmware-nonfree/20161130-4
Ignoring request to alter tags of bug #910969 to the same tags previously set

-- 
910969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910969
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#910969: firmware-nonfree 20161130-4 flagged for acceptance

2018-10-24 Thread Adam D Barratt 
Control: tags -1 + pending

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian .

Thanks for your contribution!

Upload details
==

Package: firmware-nonfree
Version: 20161130-4

Explanation: fix security issues in Broadcom wifi firmware [CVE-2016-0801 
CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 CVE-2017-13078 CVE-2017-13079 
CVE-2017-13080 CVE-2017-13081]; re-add transitional packages for 
firmware-{adiralink}

Processed: firmware-nonfree 20161130-4 flagged for acceptance

2018-10-24 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #910969 [release.debian.org] stretch-pu: package firmware-nonfree/20161130-4
Added tag(s) pending.

-- 
910969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910969
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: lastpass-cli: error: Peer certificate cannot be authenticated with given CA certificates

2018-10-24 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> affects 911767 lastpass-cli
Bug #911767 [release.debian.org] stable-pu: package 
lastpass-cli/1.0.0-1.2+deb9u1
Added indication that 911767 affects lastpass-cli
> block 898940 by 911767
Bug #898940 {Done: Chris Lamb } [lastpass-cli] lastpass-cli: 
error: Peer certificate cannot be authenticated with given CA certificates
898940 was not blocked by any bugs.
898940 was not blocking any bugs.
Added blocking bug(s) of 898940: 911767
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
898940: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898940
911767: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911767
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#911767: stable-pu: package lastpass-cli/1.0.0-1.2+deb9u1

2018-10-24 Thread Chris Lamb 
Package: release.debian.org
Severity: normal
Tags: stable
User: release.debian@packages.debian.org
Usertags: pu

Dear stable release managers,

Please consider lastpass-cli (1.0.0-1.2+deb9u1) for stable:
  
  lastpass-cli (1.0.0-1.2+deb9u1) stable; urgency=medium
  
* Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect
  changes in hosted Lastpass.com service. (Closes: #898940)
* Add missing ca-certificates to Depends.


The full diff is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
diff --git a/debian/changelog b/debian/changelog
index a49b342..3283985 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+lastpass-cli (1.0.0-1.2+deb9u1) stable; urgency=medium
+
+  * Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect
+changes in hosted Lastpass.com service. (Closes: #898940)
+  * Add missing ca-certificates to Depends.
+
+ -- Chris Lamb   Wed, 24 Oct 2018 10:40:01 -0400
+
 lastpass-cli (1.0.0-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 5d13597..64c4ed5 100644
--- a/debian/control
+++ b/debian/control
@@ -7,7 +7,7 @@ Standards-Version: 3.9.8.0
 
 Package: lastpass-cli
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, binutils
+Depends: ${shlibs:Depends}, ${misc:Depends}, binutils, ca-certificates
 Description: command line interface to LastPass.com
  This application is a command line interface to the LastPass.com services. It
  brings both better security and convenience by allowing you to access, add,
diff --git 
a/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch 
b/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch
new file mode 100644
index 000..60cab8d
--- /dev/null
+++ b/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch
@@ -0,0 +1,26 @@
+From: Chris Lamb 
+Date: Wed, 24 Oct 2018 10:33:53 -0400
+Subject: Backport hardcoded certificate pins from lastpass 1.3.1 to reflect
+ changes in the hosted LastPass.com service. (Closes: #898940)
+
+---
+ pins.h | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/pins.h b/pins.h
+index e629b6f..7455574 100644
+--- a/pins.h
 b/pins.h
+@@ -5,8 +5,12 @@ const char *PK_PINS[] = {
+   "HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=",
+   /* current lastpass.eu primary (AddTrust) */
+   "lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=",
++  /* future lastpass root CA (GlobalSign R1) */
++  "K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=",
+   /* future lastpass root CA (GlobalSign R2) */
+   "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=",
++  /* future lastpass root CA (GlobalSign R3) */
++  "cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=",
+   /* future lastpass.com primary (leaf) */
+   "0hkr5YW/WE6Nq5hNTcApxpuaiwlwy5HUFiOt3Qd9VBc=",
+   /* future lastpass.com backup (leaf) */
diff --git a/debian/patches/series b/debian/patches/series
index 45a126b..1e88d92 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 0001-cipher-support-opaque-EVP_CIPHER_CTX.patch
 0002-cipher-drop-p8inf-broken-flag-check.patch
 0003-pbkdf2-support-openssl-1.1.patch
+0004-backport-hardcoded-certificate-pins-from-1.3.1.patch

Bug#901015: transition: protobuf

2018-10-24 Thread Pirate Praveen 
On 10/24/18 3:54 PM, Mattia Rizzolo wrote:
> If "a rebuild is required to make them compatible", you should add
> Breaks against those versions, as it maeans the new protobuf is not
> compatible to them and coinstallation should be prevented.
> That would also hint britney to trigger autopkgtest with both the new
> rebuilt rdep and the new protobuf, and migrate them in lockstep.
> 

This was suggested earlier but rejected by protobuf maintainer.

"1) Can libprotobuf10 and libprotobuf17 installed together and
independent packages working correctly with these libraries? Yes,
these are possible. I don't see the need to break the old
libprotobuf10 package.

2) Packages that depend on each other, need to be compiled with the
same ProtoBuf version. This should be expressed in those package
dependencies."

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910964#29

Though the suggestion by protobuf maintainer was not acceptable to
ignition-msgs maintainer

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900429#36



signature.asc
Description: OpenPGP digital signature

Bug#901015: transition: protobuf

2018-10-24 Thread Mattia Rizzolo 
On Wed, Oct 24, 2018 at 03:47:47PM +0530, Pirate Praveen wrote:
> I think these regressions should not add a delay to testing migration as
> autopkgtests are passing in unstable and a rebuild is required to make
> them compatible with new protobuf version.
> 
> autopkgtest for gazebo/9.0.0+dfsg5-4.2: amd64: Regression ♻
> autopkgtest for ignition-msgs/1.0.0+dfsg1-5: amd64: Regression ♻
> autopkgtest for ignition-transport/4.0.0+dfsg-4: amd64: Regression ♻
> autopkgtest for ola/0.10.7.nojsmin-1: amd64: Regression ♻
> Required age increased by 18 days because of autopkgtest

If "a rebuild is required to make them compatible", you should add
Breaks against those versions, as it maeans the new protobuf is not
compatible to them and coinstallation should be prevented.
That would also hint britney to trigger autopkgtest with both the new
rebuilt rdep and the new protobuf, and migrate them in lockstep.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature

Bug#901015: transition: protobuf

2018-10-24 Thread Pirate Praveen 
Hi Emilio,

I think these regressions should not add a delay to testing migration as
autopkgtests are passing in unstable and a rebuild is required to make
them compatible with new protobuf version.

autopkgtest for gazebo/9.0.0+dfsg5-4.2: amd64: Regression ♻
autopkgtest for ignition-msgs/1.0.0+dfsg1-5: amd64: Regression ♻
autopkgtest for ignition-transport/4.0.0+dfsg-4: amd64: Regression ♻
autopkgtest for ola/0.10.7.nojsmin-1: amd64: Regression ♻
Required age increased by 18 days because of autopkgtest



signature.asc
Description: OpenPGP digital signature

Bug#911740: nmu: freeimage_3.17.0+ds1-5+b5

2018-10-24 Thread Tobias Frost 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hi Release team,

I think that the binNMU for freeimage against libraw19 did not work; the
package has downloaded and installed libraw16 during build, instead of
*19. Can you please check if if needed re-issue the binNMU?

(I did not check whether other packages are affected too.)

Many thanks,

tobi

nmu freeimage_3.17.0+ds1-5+b5 . alpha . unstable . -m "Rebuild against 
libraw19."

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled