Processing of codelite_2.8.0.4537~dfsg-4_amd64.changes
codelite_2.8.0.4537~dfsg-4_amd64.changes uploaded successfully to localhost along with the files: codelite_2.8.0.4537~dfsg-4.dsc codelite_2.8.0.4537~dfsg-4.debian.tar.gz codelite_2.8.0.4537~dfsg-4_amd64.deb codelite-plugins_2.8.0.4537~dfsg-4_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qylxg-0006w6...@franck.debian.org
codelite_2.8.0.4537~dfsg-4_amd64.changes ACCEPTED into unstable
Accepted: codelite-plugins_2.8.0.4537~dfsg-4_amd64.deb to main/c/codelite/codelite-plugins_2.8.0.4537~dfsg-4_amd64.deb codelite_2.8.0.4537~dfsg-4.debian.tar.gz to main/c/codelite/codelite_2.8.0.4537~dfsg-4.debian.tar.gz codelite_2.8.0.4537~dfsg-4.dsc to main/c/codelite/codelite_2.8.0.4537~dfsg-4.dsc codelite_2.8.0.4537~dfsg-4_amd64.deb to main/c/codelite/codelite_2.8.0.4537~dfsg-4_amd64.deb Override entries for your package: codelite-plugins_2.8.0.4537~dfsg-4_amd64.deb - optional devel codelite_2.8.0.4537~dfsg-4.dsc - source devel codelite_2.8.0.4537~dfsg-4_amd64.deb - optional devel Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qylcg-0007tj...@franck.debian.org
Processing of libast_0.7-6_amd64.changes
libast_0.7-6_amd64.changes uploaded successfully to localhost along with the files: libast_0.7-6.dsc libast_0.7-6.debian.tar.gz libast2_0.7-6_amd64.deb libast2-dev_0.7-6_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyo7h-mu...@franck.debian.org
Bug#639560: marked as done (symbol changes)
Your message dated Tue, 30 Aug 2011 13:17:23 + with message-id and subject line Bug#639560: fixed in libast 0.7-6 has caused the Debian Bug report #639560, regarding symbol changes to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 639560: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639560 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libast Version: 0.7-5 Severity: serious The package FTBFS'es on mips, powerpc, s390, sparc and the inofficial ports s390x and powerpcspe because of changes in the symbol set wrt the symbols file: --- debian/libast2.symbols (libast2_0.7-5_mips) +++ dpkg-gensymbolsqBZbvb 2011-08-26 17:23:07.0 + @@ -286,7 +286,7 @@ spifhash_fnv@Base 0.7 spifhash_jenkins32@Base 0.7 spifhash_jenkins@Base 0.7 - spifhash_jenkinsLE@Base 0.7 +#MISSING: 0.7-5# spifhash_jenkinsLE@Base 0.7 spifhash_one_at_a_time@Base 0.7 spifhash_rotating@Base 0.7 spifmem_calloc@Base 0.7 @@ -314,6 +314,8 @@ spiftool_hex_dump@Base 0.7 spiftool_join@Base 0.7 spiftool_num_words@Base 0.7 + spiftool_regexp_match@Base 0.7-5 + spiftool_regexp_match_r@Base 0.7-5 spiftool_safe_str@Base 0.7 spiftool_safe_strncat@Base 0.7 spiftool_safe_strncpy@Base 0.7 dh_makeshlibs: dpkg-gensymbols -plibast2 -Idebian/libast2.symbols -Pdebian/libast2 -edebian/libast2/usr/lib/mips-linux-gnu/libast.so.2.0.1 --- End Message --- --- Begin Message --- Source: libast Source-Version: 0.7-6 We believe that the bug you reported is fixed in the latest version of libast, which is due to be installed in the Debian FTP archive: libast2-dev_0.7-6_amd64.deb to main/liba/libast/libast2-dev_0.7-6_amd64.deb libast2_0.7-6_amd64.deb to main/liba/libast/libast2_0.7-6_amd64.deb libast_0.7-6.debian.tar.gz to main/liba/libast/libast_0.7-6.debian.tar.gz libast_0.7-6.dsc to main/liba/libast/libast_0.7-6.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 639...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Regis Boudin (supplier of updated libast package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 30 Aug 2011 13:55:36 +0100 Source: libast Binary: libast2 libast2-dev Architecture: source amd64 Version: 0.7-6 Distribution: unstable Urgency: low Maintainer: Debian QA Group Changed-By: Regis Boudin Description: libast2- Library of Assorted Spiffy Things libast2-dev - libast2 development files Closes: 639560 Changes: libast (0.7-6) unstable; urgency=low . * QA upload. * Pass --with-regexp=posix to have have a consistent build with the spiftool_regexp_match and spiftool_regexp_match_r symbols exported. * Stop shipping libast2.symbols for now, as the symbols list is not consistent between little and big endian architectures, and there is no official way to deal with it yet. Closes: #639560. Checksums-Sha1: 545e17baa99dcb07010f7ca7d5e54e3836e7dfb5 1071 libast_0.7-6.dsc 545bf1ee76c30629874f2efed2d3f368c22bb81c 4527 libast_0.7-6.debian.tar.gz 0fa966eadc9f4c68cd60f3738f77087bd11a7c9c 101782 libast2_0.7-6_amd64.deb 6f5185946ce582aa0ca8037e298b2583ea32b3aa 174764 libast2-dev_0.7-6_amd64.deb Checksums-Sha256: 9998fe499d42eef477ae32ebc62562c7f553b7ab659f9bec0d114eabdca6d91d 1071 libast_0.7-6.dsc 5d7296eef2d812de3d69e3a0f6ec80866678821c189ef4f805490aa9d1f01cf0 4527 libast_0.7-6.debian.tar.gz e15636cdd66c9a4f06bf09a0211ba36761be4806b31e42c93e2a18c457e6e8eb 101782 libast2_0.7-6_amd64.deb 6b53b445c1ad9a24213c6b179793d2d7b36a2f332defd7da2ee5a8bd76febb93 174764 libast2-dev_0.7-6_amd64.deb Files: 2cd1a7030c17ef410b1e61713e4273b0 1071 libs optional libast_0.7-6.dsc 75bc9ede735661bd0ffb8494db6efa8b 4527 libs optional libast_0.7-6.debian.tar.gz 93707f7aaa61e5a61ef03103b5d5abef 101782 libs optional libast2_0.7-6_amd64.deb 68556105c66e907e125f71304b4836c9 174764 libdevel optional libast2-dev_0.7-6_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk5c4GUACgkQVE17sLEtWVrR3QCg1zlcpM4T38/LBHTdOHrOpXZa atkAoMGnqNpn66fWtZeT92EeGWhN2xX9 =mZWw -END PGP SIGNATURE- --- End Message ---
libast_0.7-6_amd64.changes ACCEPTED into unstable
Accepted: libast2-dev_0.7-6_amd64.deb to main/liba/libast/libast2-dev_0.7-6_amd64.deb libast2_0.7-6_amd64.deb to main/liba/libast/libast2_0.7-6_amd64.deb libast_0.7-6.debian.tar.gz to main/liba/libast/libast_0.7-6.debian.tar.gz libast_0.7-6.dsc to main/liba/libast/libast_0.7-6.dsc Override entries for your package: libast2-dev_0.7-6_amd64.deb - optional libdevel libast2_0.7-6_amd64.deb - optional libs libast_0.7-6.dsc - source libs Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 639560 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyobv-fp...@franck.debian.org
Bug#625411: tla: I can't reproduce this bug
Hi, This package is building ok for me. I am using gcc version 4.6.1-8 in a pbuilder environment. Lookink at the logs, I think it is not using -Werror option. Maybe I'm missing something or we can close this bug? Thanks for your work! Mònica -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1314719263.8508.44.camel@celpetit
News about unixcw?
Hi Simon, Recently I've started using cwcp program from unixcw package to learn Morse code. I find it very useful, but I have also noticed that the program has some problems. Some of them have been addressed by patches created by Kamal Mostafa (https://launchpad.net/~kamalmostafa/+archive/unixcw-fixes). I have implemented some changes in my local copy of cwlib myself as well. I would like to ask you whether you still actively maintain this package, and if you accept any patches or other kind of help with the package. I'm adding in CC some people who may be interested in any news about the package. Have a nice day! Best regards, Kamil Ignacak -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e5d1867.4050...@wp.pl
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Tuesday 30 August 2011 01:08:29 Yves-Alexis Perez wrote: > On lun., 2011-08-29 at 20:24 -0700, Josh Triplett wrote: > > I understand that they'd have to manually load the lists, but perhaps it > > would make sense to standardize a location from which they should load > > them? Does OpenSSL or GnuTLS have any concept of a "revocation store" > > format, similar to a "certificate store", or would this need some > > special-purpose custom format? AFAIR they only know about CRL (Certificate Revocation List,) which only allows for one issuer per-file. What I can't tell for sure from the documentation is whether OpenSSL and GnuTLS do check the CRL's validity (signature and time.) It doesn't seem like they do. This is relevant if we were to ship them in ca-certificates. > And it'd be nice if nss could share that store... [...] > > By the way, shouldn't this bug be clone to libnss3-1d (and maybe > iceweasel and icedove if they ship the certificates themselves)? Perhaps it's time to start a discussion as to how we can properly deal with all this mess: * Multiple packages shipping their own certificates list * Probably no app except web browsers support CRLs and/or OCSP * configuration Yves, do you know how the CRL stuff is handled in nss? Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201108301229.26239.geiss...@debian.org
Processing of tijmp_0.8+dfsg-5_amd64.changes
tijmp_0.8+dfsg-5_amd64.changes uploaded successfully to localhost along with the files: tijmp_0.8+dfsg-5.dsc tijmp_0.8+dfsg-5.debian.tar.gz tijmp_0.8+dfsg-5_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qys70-0005fz...@franck.debian.org
tijmp_0.8+dfsg-5_amd64.changes ACCEPTED into unstable
Accepted: tijmp_0.8+dfsg-5.debian.tar.gz to main/t/tijmp/tijmp_0.8+dfsg-5.debian.tar.gz tijmp_0.8+dfsg-5.dsc to main/t/tijmp/tijmp_0.8+dfsg-5.dsc tijmp_0.8+dfsg-5_amd64.deb to main/t/tijmp/tijmp_0.8+dfsg-5_amd64.deb Override entries for your package: tijmp_0.8+dfsg-5.dsc - source devel tijmp_0.8+dfsg-5_amd64.deb - extra devel Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qysav-00074z...@franck.debian.org
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On mar., 2011-08-30 at 12:29 -0500, Raphael Geissert wrote: > On Tuesday 30 August 2011 01:08:29 Yves-Alexis Perez wrote: > > On lun., 2011-08-29 at 20:24 -0700, Josh Triplett wrote: > > > I understand that they'd have to manually load the lists, but perhaps it > > > would make sense to standardize a location from which they should load > > > them? Does OpenSSL or GnuTLS have any concept of a "revocation store" > > > format, similar to a "certificate store", or would this need some > > > special-purpose custom format? > > AFAIR they only know about CRL (Certificate Revocation List,) which only > allows > for one issuer per-file. > > What I can't tell for sure from the documentation is whether OpenSSL and > GnuTLS do check the CRL's validity (signature and time.) It doesn't seem like > they do. > This is relevant if we were to ship them in ca-certificates. > > > > And it'd be nice if nss could share that store... > [...] > > > > By the way, shouldn't this bug be clone to libnss3-1d (and maybe > > iceweasel and icedove if they ship the certificates themselves)? > > Perhaps it's time to start a discussion as to how we can properly deal with > all this mess: > * Multiple packages shipping their own certificates list > * Probably no app except web browsers support CRLs and/or OCSP > * configuration > > Yves, do you know how the CRL stuff is handled in nss? > (my first name is Yves-Alexis :) I have no idea. There's a crlutil (http://www.mozilla.org/projects/security/pki/nss/tools/crlutil.html) but it works on previous database version (bdb, cert8.db and key3.db) while at least evolution now uses the shared sqlite db (cert9.db and key4.db, see https://wiki.mozilla.org/NSS_Shared_DB). Maybe Mike has some more ideas (adding him to CC:) Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Processing of javatar_2.5+dfsg-5_amd64.changes
javatar_2.5+dfsg-5_amd64.changes uploaded successfully to localhost along with the files: javatar_2.5+dfsg-5.dsc javatar_2.5+dfsg-5.debian.tar.gz libjavatar-java_2.5+dfsg-5_all.deb libjavatar-java-doc_2.5+dfsg-5_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyusb-0007yy...@franck.debian.org
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Tue, Aug 30, 2011 at 09:58:18PM +0200, Yves-Alexis Perez wrote: > On mar., 2011-08-30 at 12:29 -0500, Raphael Geissert wrote: > > On Tuesday 30 August 2011 01:08:29 Yves-Alexis Perez wrote: > > > On lun., 2011-08-29 at 20:24 -0700, Josh Triplett wrote: > > > > I understand that they'd have to manually load the lists, but perhaps it > > > > would make sense to standardize a location from which they should load > > > > them? Does OpenSSL or GnuTLS have any concept of a "revocation store" > > > > format, similar to a "certificate store", or would this need some > > > > special-purpose custom format? > > > > AFAIR they only know about CRL (Certificate Revocation List,) which only > > allows > > for one issuer per-file. > > > > What I can't tell for sure from the documentation is whether OpenSSL and > > GnuTLS do check the CRL's validity (signature and time.) It doesn't seem > > like > > they do. > > This is relevant if we were to ship them in ca-certificates. > > > > > > > And it'd be nice if nss could share that store... > > [...] > > > > > > By the way, shouldn't this bug be clone to libnss3-1d (and maybe > > > iceweasel and icedove if they ship the certificates themselves)? > > > > Perhaps it's time to start a discussion as to how we can properly deal with > > all this mess: > > * Multiple packages shipping their own certificates list > > * Probably no app except web browsers support CRLs and/or OCSP > > * configuration > > > > Yves, do you know how the CRL stuff is handled in nss? > > > > (my first name is Yves-Alexis :) > > I have no idea. > > There's a crlutil > (http://www.mozilla.org/projects/security/pki/nss/tools/crlutil.html) > but it works on previous database version (bdb, cert8.db and key3.db) > while at least evolution now uses the shared sqlite db (cert9.db and > key4.db, see https://wiki.mozilla.org/NSS_Shared_DB). The NSS tools are supposed to work with whatever database version you use, since they use NSS ;) That being said, there is a huge problem with mitigation in basically all the SSL libraries. There simply is no way to handle the current situation[1] without modifying applications. Mike 1. Several fraudulent certificates whose fingerprint is unknown signed with several different intermediate certs that are cross-signed by other "safe" CAs (aiui). -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110830204811.ga17...@glandium.org
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On mar., 2011-08-30 at 22:48 +0200, Mike Hommey wrote: > > 1. Several fraudulent certificates whose fingerprint is unknown signed > with several different intermediate certs that are cross-signed by other > "safe" CAs (aiui). I missed that. What is the source for that? (i looked at the mozilla bug earlier but it lacks that level of precision) -- Yves-Alexis signature.asc Description: This is a digitally signed message part
javatar_2.5+dfsg-5_amd64.changes ACCEPTED into unstable
Accepted: javatar_2.5+dfsg-5.debian.tar.gz to main/j/javatar/javatar_2.5+dfsg-5.debian.tar.gz javatar_2.5+dfsg-5.dsc to main/j/javatar/javatar_2.5+dfsg-5.dsc libjavatar-java-doc_2.5+dfsg-5_all.deb to main/j/javatar/libjavatar-java-doc_2.5+dfsg-5_all.deb libjavatar-java_2.5+dfsg-5_all.deb to main/j/javatar/libjavatar-java_2.5+dfsg-5_all.deb Override entries for your package: javatar_2.5+dfsg-5.dsc - source java libjavatar-java-doc_2.5+dfsg-5_all.deb - optional doc libjavatar-java_2.5+dfsg-5_all.deb - optional java Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyvsh-0006ai...@franck.debian.org
Bug#465900: Removed package(s) from unstable
We believe that the bug you reported is now fixed; the following package(s) have been removed from unstable: perlsgml | 1:19970918-13 | source, all --- Reason --- RoQA; orphaned -- Note that the package(s) have simply been removed from the tag database and may (or may not) still be in the pool; this is not a bug. The package(s) will be physically removed automatically when no suite references them (and in the case of source, when no binary references it). Please also remember that the changes have been done on the master archive (ftp-master.debian.org) and will not propagate to any mirrors (ftp.debian.org included) until the next cron.daily run at the earliest. Packages are usually not removed from testing by hand. Testing tracks unstable and will automatically remove packages which were removed from unstable when removing them from testing causes no dependency problems. The release team can force a removal from testing if it is really needed, please contact them if this should be the case. We try to close Bugs which have been reported against this package automatically. But please check all old bugs, if they where closed correctly or should have been re-assign to another package. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 465...@bugs.debian.org. The full log for this bug can be viewed at http://bugs.debian.org/465900 This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org. Debian distribution maintenance software pp. Luca Falavigna (the ftpmaster behind the curtain) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyvsz-0006hp...@franck.debian.org
Bug#639859: apt-build fails to build packages ; it conflicts with apt
Package: apt-build
Version: 0.12.38
Severity: grave
Tags: sid wheezy patch
Justification: renders package unusable
Trying to install a package with apt-build, for example:
# apt-build install hello
it fails with:
>W: Failed to fetch
>file:/var/cache/apt-build/repository/dists/apt-build/Release Unable to find
>expected entry 'main/binary-amd64/Packages' in Release file (Wrong
>sources.list entry or malformed file)
>
>E: Some index files failed to download. They have been ignored, or old ones
>used instead.
>Reading package lists... Done
>E: The value 'apt-build' is invalid for APT::Default-Release as such a release
>is not available in the sources
Subsequently, 'apt-get update' gives:
W: Failed to fetch file:/var/cache/apt-build/repository/dists/apt-build/Release
Unable to find expected entry 'main/binary-amd64/Packages' in Release file
(Wrong sources.list entry or malformed file)
E: Some index files failed to download. They have been ignored, or old ones
used instead.
I erased "/var/cache/apt-build" and applied the following patch to get rid
of this problem:
---
diff -Naur apt-build-0.12.38.orig/apt-build apt-build-0.12.38/apt-build
--- apt-build-0.12.38.orig/apt-build2008-07-01 08:29:43.0 +0200
+++ apt-build-0.12.38/apt-build 2011-08-30 23:55:39.0 +0200
@@ -101,9 +101,9 @@
update-source - Update all sources and rebuild them
remove- Remove packages
build-repository - Rebuild the repository
- clean-sources - Clean up all object files in source directories
clean-build - Erase downloaded packages and temporary build files
- clean-repository - Erase downloaded packages and temporary build files
+ clean-repository - Erase built packages
+ clean-sources - Clean up all object files in source directories
world - Rebuild and reinstall all packages on your system
info - Build-related package information
@@ -337,10 +337,10 @@
chdir $conf->repository_dir;
my $arch = $_config->get("APT::Architecture");
-system "ln -s . main" unless -e "main";
-system "ln -s . apt-build" unless -e "apt-build";
-system "ln -s . dists" unless -e "dists";
-system "ln -s . binary-$arch" unless -e "binary-$arch";
+system "mkdir dists" unless -e "dists";
+system "mkdir dists/apt-build" unless -e "dists/apt-build";
+system "mkdir dists/apt-build/main" unless -e "dists/apt-build/main";
+system "ln -s ../../.. dists/apt-build/main/binary-$arch" unless -e
"dists/apt-build/main/binary-$arch";
make_release_file() unless -e "Release";
system "apt-ftparchive packages . | gzip -9 > Packages.gz";
diff -Naur apt-build-0.12.38.orig/debian/postinst
apt-build-0.12.38/debian/postinst
--- apt-build-0.12.38.orig/debian/postinst 2011-03-13 16:55:00.0
+0100
+++ apt-build-0.12.38/debian/postinst 2011-08-31 01:19:41.0 +0200
@@ -79,13 +79,8 @@
# Create repository_dir
if [ ! -e "$repository_dir" ]; then
- mkdir -p "$repository_dir"
- cd "$repository_dir"
- ln -s . stable
- ln -s . dists
- ln -s . apt-build
- ln -s . main
- ln -s . binary-`dpkg --print-architecture`
+ mkdir -p "$repository_dir"/dists/apt-build/main
+ ln -s ../../.. "$repository_dir"/dists/apt-build/main/binary-`dpkg
--print-architecture`
fi
sed s/__arch__/`dpkg --print-architecture`/
/usr/share/apt-build/Release > "$repository_dir/Release"
---
Unfortunately, it doesn't solve the problem.
"apt-get update" keeps saying:
E: The value 'apt-build' is invalid for APT::Default-Release as such a release
is not available in the sources
Maybe an apt bug rather than an apt-build bug ?
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (800, 'testing'), (750, 'stable'), (500, 'oldstable'), (50,
'experimental'), (50, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf-8, LC_CTYPE=fr_FR.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages apt-build depends on:
ii apt 0.8.15.6 Advanced front-end for dpkg
ii apt-utils 0.8.15.6 APT utility programs
ii debconf [debconf-2.0] 1.5.40 Debian configuration management sy
ii devscripts2.11.0 scripts to make the life of a Debi
ii dpkg-dev 1.16.0.3 Debian package development tools
ii g++ 4:4.6.1-2 GNU C++ compiler
ii gcc 4:4.6.1-2 GNU C compiler
ii libappconfig-perl 1.56-2 Perl module for configuration file
ii libapt-pkg-perl 0.1.24+b2 Perl interface to libapt-pkg
ii libc6
Processing of python-scientific_2.8-3_amd64.changes
python-scientific_2.8-3_amd64.changes uploaded successfully to localhost along with the files: python-scientific_2.8-3.dsc python-scientific_2.8-3.diff.gz python-scientific_2.8-3_all.deb python-scientific-doc_2.8-3_all.deb python-mpi_2.8-3_all.deb python-netcdf_2.8-3_amd64.deb mpich2python_2.8-3_amd64.deb openmpipython_2.8-3_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyzjm-y0...@franck.debian.org
python-scientific_2.8-3_amd64.changes is NEW
(new) mpich2python_2.8-3_amd64.deb optional python MPI-enhanced Python interpreter (MPICH2 based version) The package provides a python interpreter with MPI (Message Passing Interface, message-based parallel programming) support. (new) openmpipython_2.8-3_amd64.deb extra python MPI-enhanced Python interpreter (OpenMPI based version) The package provides a python interpreter with MPI (Message Passing Interface, message-based parallel programming) support. python-mpi_2.8-3_all.deb to main/p/python-scientific/python-mpi_2.8-3_all.deb python-netcdf_2.8-3_amd64.deb to main/p/python-scientific/python-netcdf_2.8-3_amd64.deb python-scientific-doc_2.8-3_all.deb to main/p/python-scientific/python-scientific-doc_2.8-3_all.deb python-scientific_2.8-3.diff.gz to main/p/python-scientific/python-scientific_2.8-3.diff.gz python-scientific_2.8-3.dsc to main/p/python-scientific/python-scientific_2.8-3.dsc python-scientific_2.8-3_all.deb to main/p/python-scientific/python-scientific_2.8-3_all.deb Changes: python-scientific (2.8-3) unstable; urgency=low . * QA upload. * Replace EOLed MPI implementations (LAM, MPICH1) with actively maintained implementations (OpenMPI, MPICH2). (Closes: #571452) * Break python-scientific/python-netcdf circular dependency by changing p-s to Recommend p-n. Override entries for your package: python-mpi_2.8-3_all.deb - optional python python-netcdf_2.8-3_amd64.deb - optional python python-scientific-doc_2.8-3_all.deb - optional doc python-scientific_2.8-3.dsc - source python python-scientific_2.8-3_all.deb - optional python Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 571452 Your package contains new components which requires manual editing of the override file. It is ok otherwise, so please be patient. New packages are usually added to the override file about once a week. You may have gotten the distribution wrong. You'll get warnings above if files already exist in other distributions. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyzqd-0001hw...@franck.debian.org
Processed: reassign 637125 to ca-certificates-java, forcibly merging 635571 637125
Processing commands for cont...@bugs.debian.org: > reassign 637125 ca-certificates-java Bug #637125 [ca-certificates] Exception in thread "main" java.security.ProviderException: Could not initialize NSS Bug reassigned from package 'ca-certificates' to 'ca-certificates-java'. > forcemerge 635571 637125 Bug#635571: ca-certificates-java: Fails in update-ca-certificates hook Bug#637125: Exception in thread "main" java.security.ProviderException: Could not initialize NSS Forcibly Merged 635571 637125. > thanks Stopping processing here. Please contact me if you need assistance. -- 637125: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637125 635571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635571 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.131475627526735.transcr...@bugs.debian.org
Processing of ca-certificates_20110502+nmu1_i386.changes
ca-certificates_20110502+nmu1_i386.changes uploaded successfully to localhost along with the files: ca-certificates_20110502+nmu1.dsc ca-certificates_20110502+nmu1.tar.gz ca-certificates_20110502+nmu1_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyau5-0004xw...@franck.debian.org
Bug#639744: marked as done (Compromised certificates for *.google.com issued by DigiNotar Root CA)
Your message dated Wed, 31 Aug 2011 02:47:56 + with message-id and subject line Bug#639744: fixed in ca-certificates 20110502+nmu1 has caused the Debian Bug report #639744, regarding Compromised certificates for *.google.com issued by DigiNotar Root CA to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 639744: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639744 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: ca-certificates Version: 20110502 Severity: critical Tags: security Please see the following: https://bugzilla.mozilla.org/show_bug.cgi?id=682956 http://pastebin.com/ff7Yg663 http://pastebin.com/SwCZqskV (or just search current news for "DigiNotar", optionally in conjunction with "gmail" or "google".) Whatever resolution Mozilla and others end up with (revocation of the certificate or of the entire CA), ca-certificates will likely need to do the same. - Josh Triplett --- End Message --- --- Begin Message --- Source: ca-certificates Source-Version: 20110502+nmu1 We believe that the bug you reported is fixed in the latest version of ca-certificates, which is due to be installed in the Debian FTP archive: ca-certificates_20110502+nmu1.dsc to main/c/ca-certificates/ca-certificates_20110502+nmu1.dsc ca-certificates_20110502+nmu1.tar.gz to main/c/ca-certificates/ca-certificates_20110502+nmu1.tar.gz ca-certificates_20110502+nmu1_all.deb to main/c/ca-certificates/ca-certificates_20110502+nmu1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 639...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphael Geissert (supplier of updated ca-certificates package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 30 Aug 2011 21:00:55 -0500 Source: ca-certificates Binary: ca-certificates Architecture: source all Version: 20110502+nmu1 Distribution: unstable Urgency: high Maintainer: Debian QA Group Changed-By: Raphael Geissert Description: ca-certificates - Common CA certificates Closes: 639744 Changes: ca-certificates (20110502+nmu1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Blacklist "DigiNotar Root CA" (Closes: #639744) Checksums-Sha1: b00627a9ffade9f740d120b5752fe0d407de0138 820 ca-certificates_20110502+nmu1.dsc 63943f2203893cb8f7ae2f8ec3a29ad121d3593c 276132 ca-certificates_20110502+nmu1.tar.gz 141c8bf62f46043c52442d9bb58cc9bf74ed1b4c 174242 ca-certificates_20110502+nmu1_all.deb Checksums-Sha256: f89e12fedc5bfe6d160f4380e5c4a6f1a6ea8a27ecb4724d4f072c570de71a3c 820 ca-certificates_20110502+nmu1.dsc 32349782ed419d88924f69e3feb1755a045dc15b8d0cfd15cdd9176f0596997d 276132 ca-certificates_20110502+nmu1.tar.gz d44284ee9b733b9890a54516f66b68a382ac5fb2c0bdceafed4cf229aa3b05a1 174242 ca-certificates_20110502+nmu1_all.deb Files: e4c5e4bb5bba6508898bcbfe8eda802a 820 misc optional ca-certificates_20110502+nmu1.dsc 13aed718a5cdd05b4086c93dafd4e1e2 276132 misc optional ca-certificates_20110502+nmu1.tar.gz 97e5972d2ef2531667e83df78a8f83a8 174242 misc optional ca-certificates_20110502+nmu1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk5dmcAACgkQYy49rUbZzlpZaACdEQpbuSDddjgSXwyZYdg/UPhm 7+kAn1EU6LRHjCRO1e0wbBHfeL0COLC+ =qQMo -END PGP SIGNATURE- --- End Message ---
ca-certificates_20110502+nmu1_i386.changes ACCEPTED into unstable
Accepted: ca-certificates_20110502+nmu1.dsc to main/c/ca-certificates/ca-certificates_20110502+nmu1.dsc ca-certificates_20110502+nmu1.tar.gz to main/c/ca-certificates/ca-certificates_20110502+nmu1.tar.gz ca-certificates_20110502+nmu1_all.deb to main/c/ca-certificates/ca-certificates_20110502+nmu1_all.deb Override entries for your package: ca-certificates_20110502+nmu1.dsc - source misc ca-certificates_20110502+nmu1_all.deb - optional misc Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 639744 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qyaqk-00045h...@franck.debian.org
Bug#193061: adopting lgeneral?
Hi, You mentioned you were planning to adopt lgeneral after squeeze's release and squeeze has been out for a couple of months now. I was just curious about the status of this. Thanks, Drew Daniels http://www.boxheap.net/ddaniels/blog -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/08abb60dce976b21f9d87e54835ccd02.squir...@webmail.dreamhost.com
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Tuesday 30 August 2011 15:48:11 Mike Hommey wrote: > On Tue, Aug 30, 2011 at 09:58:18PM +0200, Yves-Alexis Perez wrote: > > On mar., 2011-08-30 at 12:29 -0500, Raphael Geissert wrote: > > > What I can't tell for sure from the documentation is whether OpenSSL > > > and GnuTLS do check the CRL's validity (signature and time.) It > > > doesn't seem like they do. > > > This is relevant if we were to ship them in ca-certificates. Mike, without digging into the documentation I found this reference [2] regarding NSS and its CRL support. Do you know if any of what is said on that email has changed? namely how 'next update' dates are handled. [2]http://www.mail-archive.com/mozilla-crypto@mozilla.org/msg00890.html > > > Yves, do you know how the CRL stuff is handled in nss? > > > > (my first name is Yves-Alexis :) Oops, sorry. Please accept my apologies. > That being said, there is a huge problem with mitigation in basically > all the SSL libraries. There simply is no way to handle the current > situation[1] without modifying applications. [...] > 1. Several fraudulent certificates whose fingerprint is unknown signed > with several different intermediate certs that are cross-signed by other > "safe" CAs (aiui). Oh. Well, first thing first, I've NMUed ca-certs to remove the DigiNotar Root CA and will probably release a DSA with the change too (I'm afraid it will give a false sense of security.) What is to be done next should probably be discussed in -devel and have input from external people. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201108302249.12183.geiss...@debian.org
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Tue, Aug 30, 2011 at 10:48:11PM +0200, Mike Hommey wrote: > On Tue, Aug 30, 2011 at 09:58:18PM +0200, Yves-Alexis Perez wrote: > > On mar., 2011-08-30 at 12:29 -0500, Raphael Geissert wrote: > > > On Tuesday 30 August 2011 01:08:29 Yves-Alexis Perez wrote: > > > > On lun., 2011-08-29 at 20:24 -0700, Josh Triplett wrote: > > > > > I understand that they'd have to manually load the lists, but perhaps > > > > > it > > > > > would make sense to standardize a location from which they should load > > > > > them? Does OpenSSL or GnuTLS have any concept of a "revocation store" > > > > > format, similar to a "certificate store", or would this need some > > > > > special-purpose custom format? > > > > > > AFAIR they only know about CRL (Certificate Revocation List,) which only > > > allows > > > for one issuer per-file. > > > > > > What I can't tell for sure from the documentation is whether OpenSSL and > > > GnuTLS do check the CRL's validity (signature and time.) It doesn't seem > > > like > > > they do. > > > This is relevant if we were to ship them in ca-certificates. > > > > > > > > > > And it'd be nice if nss could share that store... > > > [...] > > > > > > > > By the way, shouldn't this bug be clone to libnss3-1d (and maybe > > > > iceweasel and icedove if they ship the certificates themselves)? > > > > > > Perhaps it's time to start a discussion as to how we can properly deal > > > with > > > all this mess: > > > * Multiple packages shipping their own certificates list > > > * Probably no app except web browsers support CRLs and/or OCSP > > > * configuration > > > > > > Yves, do you know how the CRL stuff is handled in nss? > > > > > > > (my first name is Yves-Alexis :) > > > > I have no idea. > > > > There's a crlutil > > (http://www.mozilla.org/projects/security/pki/nss/tools/crlutil.html) > > but it works on previous database version (bdb, cert8.db and key3.db) > > while at least evolution now uses the shared sqlite db (cert9.db and > > key4.db, see https://wiki.mozilla.org/NSS_Shared_DB). > > The NSS tools are supposed to work with whatever database version you > use, since they use NSS ;) > > That being said, there is a huge problem with mitigation in basically > all the SSL libraries. There simply is no way to handle the current > situation[1] without modifying applications. > > Mike > > 1. Several fraudulent certificates whose fingerprint is unknown signed > with several different intermediate certs that are cross-signed by other > "safe" CAs (aiui). So, I'll put that on tiredness. That'd be several fraudulent certificates which fingerprint is unknown (thus even CRL, OCSP and blacklists can't do anything), and the mitigation involves several different intermediate certs that are cross-signed, which makes it kind of hard. Plus, there is the problem that untrusting the DigiNotar root untrusts a separate PKI used by the Dutch government. Add to the above that untrusting a root still allows users to override in applications, and we have no central way to not allow that. Aiui, the mozilla update is going to block overrides as well, but that involves the application side. NSS won't deal with that. Mike -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110831042626.ga3...@glandium.org
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Wed, Aug 31, 2011 at 06:26:26AM +0200, Mike Hommey wrote: > On Tue, Aug 30, 2011 at 10:48:11PM +0200, Mike Hommey wrote: > > On Tue, Aug 30, 2011 at 09:58:18PM +0200, Yves-Alexis Perez wrote: > > > On mar., 2011-08-30 at 12:29 -0500, Raphael Geissert wrote: > > > > On Tuesday 30 August 2011 01:08:29 Yves-Alexis Perez wrote: > > > > > On lun., 2011-08-29 at 20:24 -0700, Josh Triplett wrote: > > > > > > I understand that they'd have to manually load the lists, but > > > > > > perhaps it > > > > > > would make sense to standardize a location from which they should > > > > > > load > > > > > > them? Does OpenSSL or GnuTLS have any concept of a "revocation > > > > > > store" > > > > > > format, similar to a "certificate store", or would this need some > > > > > > special-purpose custom format? > > > > > > > > AFAIR they only know about CRL (Certificate Revocation List,) which > > > > only allows > > > > for one issuer per-file. > > > > > > > > What I can't tell for sure from the documentation is whether OpenSSL > > > > and > > > > GnuTLS do check the CRL's validity (signature and time.) It doesn't > > > > seem like > > > > they do. > > > > This is relevant if we were to ship them in ca-certificates. > > > > > > > > > > > > > And it'd be nice if nss could share that store... > > > > [...] > > > > > > > > > > By the way, shouldn't this bug be clone to libnss3-1d (and maybe > > > > > iceweasel and icedove if they ship the certificates themselves)? > > > > > > > > Perhaps it's time to start a discussion as to how we can properly deal > > > > with > > > > all this mess: > > > > * Multiple packages shipping their own certificates list > > > > * Probably no app except web browsers support CRLs and/or OCSP > > > > * configuration > > > > > > > > Yves, do you know how the CRL stuff is handled in nss? > > > > > > > > > > (my first name is Yves-Alexis :) > > > > > > I have no idea. > > > > > > There's a crlutil > > > (http://www.mozilla.org/projects/security/pki/nss/tools/crlutil.html) > > > but it works on previous database version (bdb, cert8.db and key3.db) > > > while at least evolution now uses the shared sqlite db (cert9.db and > > > key4.db, see https://wiki.mozilla.org/NSS_Shared_DB). > > > > The NSS tools are supposed to work with whatever database version you > > use, since they use NSS ;) > > > > That being said, there is a huge problem with mitigation in basically > > all the SSL libraries. There simply is no way to handle the current > > situation[1] without modifying applications. > > > > Mike > > > > 1. Several fraudulent certificates whose fingerprint is unknown signed > > with several different intermediate certs that are cross-signed by other > > "safe" CAs (aiui). > > So, I'll put that on tiredness. That'd be several fraudulent > certificates which fingerprint is unknown (thus even CRL, OCSP and > blacklists can't do anything), and the mitigation involves several > different intermediate certs that are cross-signed, which makes it kind > of hard. Plus, there is the problem that untrusting the DigiNotar root > untrusts a separate PKI used by the Dutch government. > > Add to the above that untrusting a root still allows users to override > in applications, and we have no central way to not allow that. Aiui, the > mozilla update is going to block overrides as well, but that involves > the application side. NSS won't deal with that. See https://bugzilla.mozilla.org/show_bug.cgi?id=682927 which is now open. Mike -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110831043019.gb3...@glandium.org
Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Tue, Aug 30, 2011 at 10:49:04PM -0500, Raphael Geissert wrote: > On Tuesday 30 August 2011 15:48:11 Mike Hommey wrote: > > On Tue, Aug 30, 2011 at 09:58:18PM +0200, Yves-Alexis Perez wrote: > > > On mar., 2011-08-30 at 12:29 -0500, Raphael Geissert wrote: > > > > What I can't tell for sure from the documentation is whether OpenSSL > > > > and GnuTLS do check the CRL's validity (signature and time.) It > > > > doesn't seem like they do. > > > > This is relevant if we were to ship them in ca-certificates. > > Mike, without digging into the documentation I found this reference [2] > regarding NSS and its CRL support. Do you know if any of what is said on that > email has changed? namely how 'next update' dates are handled. > > [2]http://www.mail-archive.com/mozilla-crypto@mozilla.org/msg00890.html I think CRL handling is still mostly manual work. I don't know much more though. Mike -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110831050635.ga5...@glandium.org
Bug#639744: Accepted ca-certificates 20110502+nmu1 (source all)
On Wed, 31 Aug 2011, Raphael Geissert wrote: > Changes: > ca-certificates (20110502+nmu1) unstable; urgency=high > . >* Non-maintainer upload by the Security Team. >* Blacklist "DigiNotar Root CA" (Closes: #639744) Are we updating stable too? Cheers, weasel -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `-http://www.debian.org/ -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110831065538.gi11...@anguilla.noreply.org
