Bug#918722: marked as done (debootstrap: says InRelease file expired)
Your message dated Wed, 09 Jan 2019 13:49:46 + with message-id and subject line Bug#918722: fixed in debootstrap 1.0.114 has caused the Debian Bug report #918722, regarding debootstrap: says InRelease file expired to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 918722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918722 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: debootstrap Version: 1.0.113 Severity: normal When bootstrapping Raspbian with debootstrap it fails since version 1.0.113: debootstrap --arch=armhf --foreign --verbose --keyring=raspbian.public.key.gpg stretch /my/directory http://mirrordirector.raspbian.org/raspbian/ The error message is E: InRelease file http://mirrordirector.raspbian.org/raspbian/dists/stretch/InRelease is expired since (Tue, 08 Jan 2019 00:00:00 +0100) Yesterday (on 07 Jan) the error message told me it was expired since 07 Jan. The problem does not occur with version 1.0.112 of debootstrap. I am not sure at all, if this is a problem within Raspbian or in debootstrap. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debootstrap depends on: ii wget 1.20.1-1 Versions of packages debootstrap recommends: ii arch-test 0.15-1 ii debian-archive-keyring 2018.1 ii gnupg 2.2.12-1 Versions of packages debootstrap suggests: pn squid-deb-proxy-client pn ubuntu-archive-keyring -- no debconf information --- End Message --- --- Begin Message --- Source: debootstrap Source-Version: 1.0.114 We believe that the bug you reported is fixed in the latest version of debootstrap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 918...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Cristau (supplier of updated debootstrap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 09 Jan 2019 14:00:04 +0100 Source: debootstrap Binary: debootstrap debootstrap-udeb Architecture: source Version: 1.0.114 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Julien Cristau Description: debootstrap - Bootstrap a basic Debian system debootstrap-udeb - Bootstrap the Debian system (udeb) Closes: 918722 Changes: debootstrap (1.0.114) unstable; urgency=medium . * Revert changes from 1.0.113 (closes: #918722) Checksums-Sha1: 76a96f5c20e1b674bbbcf5070b3b1e88dafc545c 1988 debootstrap_1.0.114.dsc 7f95d561dc51d753f955302f9f9a72c6aaa86d94 75613 debootstrap_1.0.114.tar.gz Checksums-Sha256: d62a4d86940ac9b9d6ad9aa87146353b6350ab76cdf0a43d1f487bb8c32f2018 1988 debootstrap_1.0.114.dsc a8e1456816a9ed55bf329de1cc93a199ad2099a21a66804b78e1aa0e170a9c92 75613 debootstrap_1.0.114.tar.gz Files: 7b341e654c81943abce2a33d7d18e733 1988 admin optional debootstrap_1.0.114.dsc 6f694bf6a25233f6fed84a6b7c9d4bed 75613 admin optional debootstrap_1.0.114.tar.gz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlw18bEACgkQnbAjVVb4 z62PKg/+O3mrZRrMxtGhYPVsBdy8QuxjEmTQdYLXV10hsRdyEtarzxiSiRj506Ap cdtge29EDX+EoL/TKV4i27CgbzMig0n32Of9qXcnzLhxElUZUKmSQkPzE+bb7Pu+ AyGUM62zoYPZQFBQyQ/hUrmAU30wNktt8FS7ZkroKFKwkjAsGlbGxlE0EhVTKUD/ kBNAIKXkLhMG2WrLqMSt3Rex6h47TlosCq3Y49kK/zKg11Ub1eguudqzg+FSEzR7 6cPnBk+Gjvj6RXzo7ouRhQS4foMA7as+Tb70/So4J9UmwdBP+7rE148+sif37iIe Iz/9P2dbFKGI2bNIPaJ8WxZ3Kx9XTwPIkzmXvDugmHSF+Pe6mSEyc8BXA7Jf1Dxq CwN3zS/byMQa5NEEg63F3TxjNWOKp6B8Y2m6WOoMiUIM86aSoMRnQv1O5GyLg5Ec Ug5dLNuGY1JaCv5gl75mQAgVe56gQMGF9O79glAJFYyw3/P9vWJ7oPLGEutejCg0 CnRHOiblCvWK43+Pz7AOh5K7slThfKa8KVKmJYNCOUFj6LUEQ6ATCshv0Ak5xTiS 77TCki1dpeiOaNh6OnCGIjTuZpGN5JLW9JYgJva8CxWE60yv6CJubqlRF596u/rA GHdce4414yEDdrDzVOnGyMsW8CeEJ4R+jPx3rPCuvP3mofnB7Do= =Esa/ -END PGP SIGNATURE End Message ---
debootstrap_1.0.114_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 09 Jan 2019 14:00:04 +0100 Source: debootstrap Binary: debootstrap debootstrap-udeb Architecture: source Version: 1.0.114 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team Changed-By: Julien Cristau Description: debootstrap - Bootstrap a basic Debian system debootstrap-udeb - Bootstrap the Debian system (udeb) Closes: 918722 Changes: debootstrap (1.0.114) unstable; urgency=medium . * Revert changes from 1.0.113 (closes: #918722) Checksums-Sha1: 76a96f5c20e1b674bbbcf5070b3b1e88dafc545c 1988 debootstrap_1.0.114.dsc 7f95d561dc51d753f955302f9f9a72c6aaa86d94 75613 debootstrap_1.0.114.tar.gz Checksums-Sha256: d62a4d86940ac9b9d6ad9aa87146353b6350ab76cdf0a43d1f487bb8c32f2018 1988 debootstrap_1.0.114.dsc a8e1456816a9ed55bf329de1cc93a199ad2099a21a66804b78e1aa0e170a9c92 75613 debootstrap_1.0.114.tar.gz Files: 7b341e654c81943abce2a33d7d18e733 1988 admin optional debootstrap_1.0.114.dsc 6f694bf6a25233f6fed84a6b7c9d4bed 75613 admin optional debootstrap_1.0.114.tar.gz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlw18bEACgkQnbAjVVb4 z62PKg/+O3mrZRrMxtGhYPVsBdy8QuxjEmTQdYLXV10hsRdyEtarzxiSiRj506Ap cdtge29EDX+EoL/TKV4i27CgbzMig0n32Of9qXcnzLhxElUZUKmSQkPzE+bb7Pu+ AyGUM62zoYPZQFBQyQ/hUrmAU30wNktt8FS7ZkroKFKwkjAsGlbGxlE0EhVTKUD/ kBNAIKXkLhMG2WrLqMSt3Rex6h47TlosCq3Y49kK/zKg11Ub1eguudqzg+FSEzR7 6cPnBk+Gjvj6RXzo7ouRhQS4foMA7as+Tb70/So4J9UmwdBP+7rE148+sif37iIe Iz/9P2dbFKGI2bNIPaJ8WxZ3Kx9XTwPIkzmXvDugmHSF+Pe6mSEyc8BXA7Jf1Dxq CwN3zS/byMQa5NEEg63F3TxjNWOKp6B8Y2m6WOoMiUIM86aSoMRnQv1O5GyLg5Ec Ug5dLNuGY1JaCv5gl75mQAgVe56gQMGF9O79glAJFYyw3/P9vWJ7oPLGEutejCg0 CnRHOiblCvWK43+Pz7AOh5K7slThfKa8KVKmJYNCOUFj6LUEQ6ATCshv0Ak5xTiS 77TCki1dpeiOaNh6OnCGIjTuZpGN5JLW9JYgJva8CxWE60yv6CJubqlRF596u/rA GHdce4414yEDdrDzVOnGyMsW8CeEJ4R+jPx3rPCuvP3mofnB7Do= =Esa/ -END PGP SIGNATURE- Thank you for your contribution to Debian.
Fw: control file: Priority for udeb packages
Forgot to add you to CC Holger Date: Mon, 7 Jan 2019 23:10:01 +0100 From: Holger Wansing To: debian-boot Subject: control file: Priority for udeb packages Hi, the Debian Policy is not strict there under https://www.debian.org/doc/debian-policy/ch-controlfields.html#priority so I better ask: Is there any sense in adding a Priority field for udeb packages? For example like this for cdebconf: snip--- Source: cdebconf Section: utils Priority: optional [...] Package: cdebconf Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, debconf, dpkg (>= 1.15.4) Provides: debconf-2.0 Suggests: cdebconf-gtk Priority: optional [...] Package: cdebconf-udeb Architecture: any Section: debian-installer Priority: standard Depends: ${shlibs:Depends}, ${misc:Depends} Provides: debconf-2.0 Package-Type: udeb [...] --snap- Source package has optional, also has the 'cdebconf' binary package, and the udeb has standard. I this somehow intended? Has is some effect? udebs are 'micro binary packages' by definition, so they don't need the Priority field themselves, they inherit the value from Source package, right? Any other intention, especially why the udeb has standard, while source has optional? Holger -- Holger Wansing PGP-Finterprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076 -- Holger Wansing PGP-Finterprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076
Processed: Re: Bug#918722: debootstrap: says InRelease file expired
Processing control commands: > severity -1 serious Bug #918722 [debootstrap] debootstrap: says InRelease file expired Severity set to 'serious' from 'normal' -- 918722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918722 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#918722: debootstrap: says InRelease file expired
On 1/8/19 7:46 PM, Michael Büsch wrote: > Package: debootstrap > Version: 1.0.113 > Severity: normal > > When bootstrapping Raspbian with debootstrap it fails since version 1.0.113: > > debootstrap --arch=armhf --foreign --verbose > --keyring=raspbian.public.key.gpg stretch /my/directory > http://mirrordirector.raspbian.org/raspbian/ > > The error message is > E: InRelease file > http://mirrordirector.raspbian.org/raspbian/dists/stretch/InRelease is > expired since (Tue, 08 Jan 2019 00:00:00 +0100) > > Yesterday (on 07 Jan) the error message told me it was expired since 07 Jan. > > The problem does not occur with version 1.0.112 of debootstrap. > > I am not sure at all, if this is a problem within Raspbian or in debootstrap. > Hideki, I reverted the 1.0.113 changes to unbreak this and uploaded 1.0.114. I'm happy to review an updated version when you get that working. Hope that's ok. Cheers, Julien
Processing of debootstrap_1.0.114_source.changes
debootstrap_1.0.114_source.changes uploaded successfully to localhost along with the files: debootstrap_1.0.114.dsc debootstrap_1.0.114.tar.gz Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#918846: busybox: CVE-2018-20679
Source: busybox Version: 1:1.27.2-3 Severity: normal Tags: patch security upstream Forwarded: https://bugs.busybox.net/show_bug.cgi?id=11506 Hi, The following vulnerability was published for busybox. CVE-2018-20679[0]: | An issue was discovered in BusyBox before 1.30.0. An out of bounds read | in udhcp components (consumed by the DHCP server, client, and relay) | allows a remote attacker to leak sensitive information from the stack | by sending a crafted DHCP message. This is related to verification in | udhcp_get_option() in networking/udhcp/common.c that 4-byte options are | indeed 4 bytes. Note that the only once commit initially referenced for CVE-2018-20679 is incomplete, but see security-tracker for further notes. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20679 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679 Please adjust the affected versions in the BTS as needed. Regards, Salvatore