Bug#639744: [Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

2011-09-06 Thread Yves-Alexis Perez 
On mar., 2011-09-06 at 07:33 +0200, Mike Hommey wrote:
> On Mon, Sep 05, 2011 at 09:55:50PM +0200, Kurt Roeckx wrote:
> > On Mon, Sep 05, 2011 at 02:15:31PM -0500, Raphael Geissert wrote:
> > > On Sunday 04 September 2011 05:55:27 Kurt Roeckx wrote:
> > > > On Sun, Sep 04, 2011 at 12:02:48PM +0200, Kurt Roeckx wrote:
> > > > > Their is also openssl-blacklist, but it doesn't seem to have
> > > > > much users.
> > > 
> > > However, opensl-blacklist only includes a program that checks wether a 
> > > certificate is weak, nothing in it AFAICS actually blocks them. It's 
> > > basically 
> > > useless for this case.
> > 
> > It could theoreticly also be used to block any certificate if
> > we'd know the public key.  But I agree it's useless for this case.
> 
> Actually, if it was used at all levels of the cert chain, we could block
> the CA certificates we want. And we do know their public key, contrary
> to the rogue certs.
> 
In case this was missed:
http://www.f-secure.com/weblog/archives/2231.html

(sorry, pastebin seems to be under attack right now or slashdotted right
now, so http://pastebin.com/u/ComodoHacker is unavailable)

Regards,
-- 
Yves-Alexis


signature.asc
Description: This is a digitally signed message part

Re: News about unixcw?

2011-09-06 Thread Simon Baldwin 
Hi Kamil,

Thanks for the email, and your interest in Unixcw.

I haven't updated the package for a while now, and don't really expect to do 
anything to it in the way of improvement in the foreseeable future.  I know 
that Kamal has created a few patches for it to help to keep it up to date with 
current Linux releases, and I'm very grateful to him for doing this.  I guess 
the program is sort-of looking for a new owner at present, and if somebody 
wanted to take it over I'd be fine with that.

Best regards,

--S





From: Kamil Ignacak 
To: simon_bald...@yahoo.com
Cc: ka...@whence.com; packa...@qa.debian.org
Sent: Tuesday, 30 August 2011, 19:05
Subject: News about unixcw?

Hi Simon,

Recently I've started using cwcp program from unixcw package to learn Morse 
code. I find it very useful, but I have also noticed that the program has some 
problems. Some of them have been addressed by patches created by Kamal Mostafa 
(https://launchpad.net/~kamalmostafa/+archive/unixcw-fixes). I have implemented 
some changes in my local copy of cwlib myself as well.

I would like to ask you whether you still actively maintain this package, and 
if you accept any patches or other kind of help with the package.

I'm adding in CC some people who may be interested in any news about the 
package.

Have a nice day!

Best regards,
Kamil Ignacak

Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

2011-09-06 Thread Giuseppe Iuculano 
Hi,

On 09/04/2011 09:20 PM, Raphael Geissert wrote:
> NSS now ships modified certs of DigiNotar, their name is "Explicitly Disabled 
> DigiNotar "
> In chromium, for example, if you browse a DigiNotar-signed website and check 
> the certificate chain you will see the Explicitly Disabled cert there.
> 
> Giuseppe, do you already have plans for updating chromium? (more info on the 
> CCed bug.)

chromium uses libnss, please explain, what kind of update chromium
needs? did I miss something?

Cheers,
Giuseppe.



signature.asc
Description: OpenPGP digital signature

Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA

2011-09-06 Thread Mike Hommey 
On Tue, Sep 06, 2011 at 03:03:27PM +0200, Giuseppe Iuculano wrote:
> Hi,
> 
> On 09/04/2011 09:20 PM, Raphael Geissert wrote:
> > NSS now ships modified certs of DigiNotar, their name is "Explicitly 
> > Disabled 
> > DigiNotar "
> > In chromium, for example, if you browse a DigiNotar-signed website and 
> > check 
> > the certificate chain you will see the Explicitly Disabled cert there.
> > 
> > Giuseppe, do you already have plans for updating chromium? (more info on 
> > the 
> > CCed bug.)
> 
> chromium uses libnss, please explain, what kind of update chromium
> needs? did I miss something?

You missed the part where chromium uses libpkix (despite mozilla
saying it's not ready), and the libpkix path doesn't reject the certs
chaining to the Explicitly Disabled CAs.

Mike



-- 
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110906131927.ga23...@glandium.org

Bug#640696: ca-certificates: Exception in thread "main" java.security.KeyStoreException: jks not found

2011-09-06 Thread Ludovic Rousseau 
Package: ca-certificates
Version: 20110502+nmu1
Severity: normal


Hello,

When upgrading my testing/unstable system I get:

[...]
Préparation du remplacement de ca-certificates 20110502 (en utilisant 
.../ca-certificates_20110502+nmu1_all.deb) ...
[...]
Paramétrage de ca-certificates (20110502+nmu1) ...
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate 
certificate IGC_A.pem
WARNING: Skipping duplicate certificate IGC_A.pem
WARNING: Skipping duplicate certificate ca-certificates.crt
WARNING: Skipping duplicate certificate ca-certificates.crt
0 added, 1 removed; done.
Running hooks in /etc/ca-certificates/update.d
Exception in thread "main" java.security.KeyStoreException: jks not found
at java.security.KeyStore.getInstance(KeyStore.java:603)
at UpdateCertificates.createKeyStore(UpdateCertificates.java:58)
at UpdateCertificates.main(UpdateCertificates.java:51)
Caused by: java.security.NoSuchAlgorithmException: jks KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:696)
at java.security.KeyStore.getInstance(KeyStore.java:600)
... 2 more
E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
done.



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0] 1.5.41 Debian configuration management sy
ii  openssl   1.0.0d-3   Secure Socket Layer (SSL) binary a

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information:
  ca-certificates/title:
  ca-certificates/enable_crts: brasil.gov.br/brasil.gov.br.crt, 
cacert.org/cacert.org.crt, debconf.org/ca.crt, gouv.fr/cert_igca_dsa.crt, 
gouv.fr/cert_igca_rsa.crt, mozilla/ACEDICOM_Root.crt, 
mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/AddTrust_External_Root.crt, 
mozilla/AddTrust_Low-Value_Services_Root.crt, 
mozilla/AddTrust_Public_Services_Root.crt, 
mozilla/AddTrust_Qualified_Certificates_Root.crt, 
mozilla/America_Online_Root_Certification_Authority_1.crt, 
mozilla/America_Online_Root_Certification_Authority_2.crt, 
mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, 
mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, 
mozilla/ApplicationCA_-_Japanese_Government.crt, 
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, 
mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_CA_1.crt, 
mozilla/Buypass_Class_3_CA_1.crt, mozilla/CA_Disig.crt, 
mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, 
mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Certigna.crt, 
mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/certSIGN_ROOT_CA.crt, 
mozilla/Certum_Root_CA.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, 
mozilla/CNNIC_ROOT.crt, mozilla/Comodo_AAA_Services_root.crt, 
mozilla/COMODO_Certification_Authority.crt, 
mozilla/COMODO_ECC_Certification_Authority.crt, 
mozilla/Comodo_Secure_Services_root.crt, 
mozilla/Comodo_Trusted_Services_root.crt, mozilla/ComSign_CA.crt, 
mozilla/ComSign_Secured_CA.crt, mozilla/Cybertrust_Global_Root.crt, 
mozilla/Deutsche_Telekom_Root_CA_2.crt, 
mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Global_Root_CA.crt, 
mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, 
mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, 
mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, 
mozilla/DST_ACES_CA_X6.crt, mozilla/DST_Root_CA_X3.crt, 
mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt, 
mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, 
mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, 
mozilla/Entrust.net_Secure_Server_CA.crt, 
mozilla/Entrust_Root_Certification_Authority.crt, 
mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Equifax_Secure_CA.crt, 
mozilla/Equifax_Secure_eBusiness_CA_1.crt, 
mozilla/Equifax_Secure_eBusiness_CA_2.crt, 
mozilla/Equifax_Secure_Global_eBusiness_CA.crt, 
mozilla/Firmaprofesional_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, 
mozilla/GeoTrust_Global_CA.crt, 
mozilla/GeoTrust_Primary_Certification_Authority.crt, 
mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, 
mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, 
mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GeoTrust_Universal_CA.crt, 
mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/GlobalSign_Root_CA.crt, 
mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, 
mozilla/Go_Daddy_Class_2_CA.crt, mozilla/GTE_CyberTrust_Global_Root.crt, 
mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/IGC_A.crt, mozilla/Izenpe.com.crt, 
mozilla/Juur-SK.crt, mozilla/Microsec_e-Szigno_Root_CA_2

Re: News about unixcw?

2011-09-06 Thread Kamil Ignacak 

Hi Simon,

Thank you very much for the answer. In that case I will try to look 
further and see if anyone else is currently the main developer of the 
package already.


Kamal: could you please let me know if you consider yourself the owner 
of the package? If not then I would like to step in and take over this 
project. Please do let me know.


Best regards,
Kamil



On 06.09.2011 10:31, Simon Baldwin wrote:

Hi Kamil,

Thanks for the email, and your interest in Unixcw.

I haven't updated the package for a while now, and don't really expect
to do anything to it in the way of improvement in the foreseeable
future. I know that Kamal has created a few patches for it to help to
keep it up to date with current Linux releases, and I'm very grateful to
him for doing this. I guess the program is sort-of looking for a new
owner at present, and if somebody wanted to take it over I'd be fine
with that.

Best regards,

--S



*From:* Kamil Ignacak 
*To:* simon_bald...@yahoo.com
*Cc:* ka...@whence.com; packa...@qa.debian.org
*Sent:* Tuesday, 30 August 2011, 19:05
*Subject:* News about unixcw?

Hi Simon,

Recently I've started using cwcp program from unixcw package to learn
Morse code. I find it very useful, but I have also noticed that the
program has some problems. Some of them have been addressed by patches
created by Kamal Mostafa
(https://launchpad.net/~kamalmostafa/+archive/unixcw-fixes
). I have
implemented some changes in my local copy of cwlib myself as well.

I would like to ask you whether you still actively maintain this
package, and if you accept any patches or other kind of help with the
package.

I'm adding in CC some people who may be interested in any news about the
package.

Have a nice day!

Best regards,
Kamil Ignacak





--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4e6674fe.4020...@wp.pl

Bug#640719: nec2c: FTBFS with ld --as-needed

2011-09-06 Thread Dave Walker (Daviey) 
Package: nec2c
Version: 0.8-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu oneiric ubuntu-patch



  * Makefile: Move -lm to end of gcc command, resolving FTBFS.
Patch courtesy of John T. Nogatch. (LP: #770919)


Thanks for considering the patch.
diff -u nec2c-0.8/Makefile nec2c-0.8/Makefile
--- nec2c-0.8/Makefile
+++ nec2c-0.8/Makefile
@@ -9,7 +9,7 @@
 	  main.o matrix.o misc.o network.o radiation.o somnec.o
 
 $(PROJECT) : $(objects)
-	$(CC) -lm -o $(PROJECT) $(objects)
+	$(CC) -o $(PROJECT) $(objects) -lm
 
 $(objects) : nec2c.h

Re: News about unixcw?

2011-09-06 Thread Kamal Mostafa 
Hi Kamil and Simon-

On Tue, 2011-09-06 at 21:31 +0200, Kamil Ignacak wrote:
> Hi Simon,
> 
> Thank you very much for the answer. In that case I will try to look 
> further and see if anyone else is currently the main developer of the 
> package already.
> 
> Kamal: could you please let me know if you consider yourself the owner 
> of the package? If not then I would like to step in and take over this 
> project. Please do let me know.

No, I don't consider myself the owner of the package.  Given Simon's
blessing there, I think you can feel free to start bringing it back to
life again.  Please note that its "orphaned" status in Debian, and the
large number of outstanding bug reports:
http://packages.qa.debian.org/u/unixcw.html

I am a Debian Developer and a member of the Debian Hams group, and I
would quite willing to adopt and sponsor a Debian upload of a new
upstream package of unixcw if you do improve upon it (and I could help
with packaging issues as well, but I'm afraid I'm too swamped to take on
a more active role in development for it).

Thanks in advance for your efforts!

 -Kamal



> Best regards,
> Kamil
> 
> 
> 
> On 06.09.2011 10:31, Simon Baldwin wrote:
> > Hi Kamil,
> >
> > Thanks for the email, and your interest in Unixcw.
> >
> > I haven't updated the package for a while now, and don't really expect
> > to do anything to it in the way of improvement in the foreseeable
> > future. I know that Kamal has created a few patches for it to help to
> > keep it up to date with current Linux releases, and I'm very grateful to
> > him for doing this. I guess the program is sort-of looking for a new
> > owner at present, and if somebody wanted to take it over I'd be fine
> > with that.
> >
> > Best regards,
> >
> > --S
> >
> >
> > 
> > *From:* Kamil Ignacak 
> > *To:* simon_bald...@yahoo.com
> > *Cc:* ka...@whence.com; packa...@qa.debian.org
> > *Sent:* Tuesday, 30 August 2011, 19:05
> > *Subject:* News about unixcw?
> >
> > Hi Simon,
> >
> > Recently I've started using cwcp program from unixcw package to learn
> > Morse code. I find it very useful, but I have also noticed that the
> > program has some problems. Some of them have been addressed by patches
> > created by Kamal Mostafa
> > (https://launchpad.net/~kamalmostafa/+archive/unixcw-fixes
> > ). I have
> > implemented some changes in my local copy of cwlib myself as well.
> >
> > I would like to ask you whether you still actively maintain this
> > package, and if you accept any patches or other kind of help with the
> > package.
> >
> > I'm adding in CC some people who may be interested in any news about the
> > package.
> >
> > Have a nice day!
> >
> > Best regards,
> > Kamil Ignacak
> >
> >
> 



signature.asc
Description: This is a digitally signed message part