Bug#1008164: RM: obfs4proxy/0.0.8-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm Opening this bug after a recomendation from debian-security. Version 0.0.8 of obfs4proxy has a security bug, which has only been fixed in a later version (0.0.13, see bug number #1004374), and also suffers from incompatibilty issues with later versions of the package. Version 0.0.13 is already in bullseye-backports.
Bug#1005177: golang-filippo-edwards25519-dev: NMU version 1.0.0~rc1+git20210721-0.1
Package: golang-filippo-edwards25519-dev Severity: normal Control: tags 1005177 + patch Control: tags 1005177 + pending Dear maintainer, I've prepared an NMU for golang-filippo-edwards25519-dev with version 1.0.0~rc1+git20210721-0.1 and uploaded it to DELAYED/7. Let me know if I should cancel it. Thanks, Ana
Bug#1005177: golang-filippo-edwards25519-dev: needs partial update in order to update the latest version of obfs4proxy
Package: golang-filippo-edwards25519-dev Severity: normal Dear Maintainer, This package needs an update to git commit 3b510035a8ab40f08532bd0ce795c257fbfdaab9. This is needed to package golang-gitlab-yawning-edwards25519-extra (#1005173) and fix the security bug #1004374 on package obfs4proxy. -- System Information: Debian Release: 11.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#1005173: ITP: golang-gitlab-yawning-edwards25519-extra -- Extensions to the Go standard library's Ed25519 and curve25519 implementations
Package: wnpp Severity: wishlist Owner: Ana Custura * Package name: golang-gitlab-yawning-edwards25519-extra Version : 0.0~git20211229.2f91fcc-1 Upstream Author : Yawning Angel * URL : https://gitlab.com/yawning/edwards25519-extra * License : BSD-3 Programming Lang: Go Description : Extensions to the Go standard library's Ed25519 and curve25519 implementations This package provides extensions to the Go standard library's Ed25519 and curve25519 implementations, primarily extracted from curve25519-voi. This package is intended for interoperability with the standard library and the edwards25519 package as much as possible. * h2c: Hashing to Elliptic Curves (version 13) * vrf: Verifiable Random Functions (version 10) This package is required to update obfs4proxy in Debian.
Bug#1004374: [Pkg-privacy-maintainers] Bug#1004374: obfs4proxy: Traffic is trivially distinguishable (Elligator2 public key representative leak)
Hi, I've been in touch with Debian Security last week, they suggested an update to unstable first. I'm now working on packaging the dependencies for version 0.0.11 and shipping an update. Thanks, Ana On 26/01/2022 07:00, intrigeri wrote: Package: obfs4proxy Version: 0.0.8-1+b6 Severity: important Tags: security Hi, Please see https://lists.torproject.org/pipermail/anti-censorship-team/2022-January/000213.html tl;dr: All existing versions prior to the migration to the new code […] are fatally broken, and trivial to distinguish via some simple math. Given obfs4proxy's explicit traffic obfuscation goal, this looks like an important security issue to me. (For those who might be wondering: whether/when this bug is fixed in Debian does not impact Tails since we've switched to using the obfs4proxy binary from the Tor Browser tarball.) Thanks for maintaining obfs4proxy in Debian, cheers! ___ Pkg-privacy-maintainers mailing list pkg-privacy-maintain...@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-privacy-maintainers
Bug#995015: dnsdiag: diff for NMU version 1.7.0-1.1
Dear Adrian, Thank you for the upload, this is appreciated as I don't have much time atm. Ana On 23/11/2021 16:19, Adrian Bunk wrote: Control: tags 995015 + patch Control: tags 995015 + pending Dear maintainer, I've prepared an NMU for dnsdiag (versioned as 1.7.0-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. cu Adrian
Bug#957918: vor-0.5.8 upstream release
Hi Jason, Excellent, I packaged the new version and will upload shortly. I've updated the url and flag in the man page, thanks for spotting that! Also, the watch file now points at your github repo to scan for new releases :) Thank you again! Ana On 18/04/2020 03:16, Jason Woofenden wrote: > Hi! > > I'm psyched to have an active Debian package maintainer. > > I've released vor-0.5.8! > > This release builds with gcc-10 :) > > I also made a few little cleanup things that might need to be updated in > the package as well: > > I've updated the URLs: > > The home page is now: https://sametwice.com/vor > > Looks like you have that in debian/control, but please update the link in > debian/vor.6 to https. > > You wrote a man page! Thanks! Here's a tweak for it: > > It looks like it says `-l` for fullscreen, but the correct flag is `-f`. > > > I moved the canonical repo to github: https://github.com/JasonWoof/vor > > I also renamed the README and README.font files (to README.md and > README_font.md respectively) and added a little markdown formatting. > > > Thanks for packaging! > > - Jason
Bug#957918: looks like an easy fix
Hi Jason, Awesome, thank you! Ready to update the package as soon as you release. Ana On 17/04/2020 12:55, Jason Woofenden wrote: > Hi all, > > Upstream vor maintainer here. > > This error looks like just a missing "extern". > > I've just installeg gcc-10, and I should have time to get vor compiling > with gcc-10 and make a bugfix release in the next few days. > > - Jason
Bug#955827: Please remove me from uploaders
On 05/04/2020 12:46, jnq...@gmail.com wrote: > you can submit a merge request via salsa... Done, thanks! I should probably be removed from the salsa team too. Ana
Bug#955827: Please remove me from uploaders
Package: live-tasks Hi, I've not been involved in this for a while now, please remove me from the uploaders field in the next upload to keep the list accurate. Thank you, Ana
Bug#954209: Do we want to add a fork of utls (ITP #954209)?
Hi Ulrike and Cecylia, Thank you for looking at this! On 16/03/2020 18:12, Ulrike Uhlig wrote: > If I understand correctly from a quick look, Yawning distributes his > changes under GNU GPL, while uTLS upstream has a BSD 3-Clause license > [https://github.com/refraction-networking/utls/blob/master/LICENSE]. > > The BSD 3-Clause is in line with the Debian Free Software Guidelines > (DFSG)[https://wiki.debian.org/DFSGLicenses#The_BSD-3-clause_License]. > > From my understanding, in Debian packaging, licenses generally apply to > files but it also seems possible (I never encountered such a case) to > have several licenses for one file > [https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-syntax]. > Maybe someone could confirm that this is accepted. > > I'm now unsure to what we referred to previously when saying that there > might be licensing issues with Yawning's fork. It does not look like > there are. Or am I missing something crucial here? If I don't, then to move > forward, one would need to open an RFP or ITP > (Intent to Package) bug on the Debian bugtracker and then package this > fork of uTLS. To sum up the concerns that came from looking at it last time: golang-yawning-utls-dev is a fork of utls, which is itself a fork of the golang tls library. This is a hard fork, any improvements cannot be shipped upstream due to the difference in licensing that you've identified. The upstream is very active - go has >1500 contributors, uTLS has >50 contributors. The fork we want to package is maintained by very few people, if I'm not mistaken, Yawning is the only core contributor. I think there is a security implication here - if there is a security advisory for the golang library, the Debian Security team needs to work with the upstreams to apply security patches to it and all of its forks in Debian, meaning this one too. If the delta from upstream increases with every fork this could mean a lot of pain. However, my understanding of the dynamics could be entirely wrong, so let me know if I'm off the mark. Sending this to the Debian Security team, to ask if they see any problems here. Including the source link: https://gitlab.com/yawning/utls and ITP: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954209 If we're all good, I'd be very happy to help with packaging or even sponsoring this (I've recently completed the process to become DD, now under review!). > > → actually that package was uploaded to mentors.debian.org and could go > to experimental. Happy to update this to the latest policy and reupload if this is something we want to do. >> Hey, I'm new to the debian packaging space but am happy to help out here. Awesome, thank you for helping with this :) Thank you all, Ana signature.asc Description: OpenPGP digital signature
Bug#916478: (no subject)
Control: tags -1 + patch Hello, Here is a patch to solve this: * Drops references to package template (Closes: #916478) * Replaces references to Alioth with Salsa equivalents Thank you, Ana diff -Nru hamradio-maintguide-0.6/debian/changelog hamradio-maintguide-0.6+nmu1/debian/changelog --- hamradio-maintguide-0.6/debian/changelog2019-08-05 19:14:25.0 +0100 +++ hamradio-maintguide-0.6+nmu1/debian/changelog 2020-02-28 23:23:40.0 + @@ -1,3 +1,11 @@ +hamradio-maintguide (0.6+nmu1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Drops references to package template (Closes: #916478) + * Replaces references to Alioth with Salsa equivalents + + -- Ana Custura Fri, 28 Feb 2020 23:23:40 + + hamradio-maintguide (0.6) unstable; urgency=medium * Packaging: @@ -6,7 +14,7 @@ preferred over /var/lib/ax25 * Compat level bumped to 12 * d/control: - - Update dependency for texlive-plain-generic (Fixes: #933283) + - Update dependency for texlive-plain-generic (Closes: #933283) - Update standards-version to 4.4.0 * d/copyright: - Use secure URL for Format diff -Nru hamradio-maintguide-0.6/intro.rst hamradio-maintguide-0.6+nmu1/intro.rst --- hamradio-maintguide-0.6/intro.rst 2019-08-05 18:52:47.0 +0100 +++ hamradio-maintguide-0.6+nmu1/intro.rst 2020-02-28 23:23:40.0 + @@ -23,10 +23,10 @@ subscribe. You will have to reply to an email in order to confirm your subscription. -To sign up for an Alioth account, visit `the Alioth homepage -<https://alioth.debian.org/>`_ and register. You can then visit the `project +To sign up for an Salsa account, visit `the Salsa registration page +<https://signup.salsa.debian.org/>`_ and register. You can then visit the `project page for the Hamradio Maintainers team -<https://alioth.debian.org/projects/pkg-hamradio/>`_ and request to be added to +<https://salsa.debian.org/debian-hamradio-team/>`_ and request to be added to the team. Our IRC channel is `#debian-hams `_ on diff -Nru hamradio-maintguide-0.6/packaging.rst hamradio-maintguide-0.6+nmu1/packaging.rst --- hamradio-maintguide-0.6/packaging.rst 2019-08-05 19:08:00.0 +0100 +++ hamradio-maintguide-0.6+nmu1/packaging.rst 2020-02-28 23:23:40.0 + @@ -11,9 +11,10 @@ complies with `Debian Policy <https://www.debian.org/doc/debian-policy/>`_. See the `Debian New Maintainers Guide <http://www.debian.org/doc/manuals/maint-guide/>`_ for help on getting started -with packaging. You may also find our `package template -<http://anonscm.debian.org/viewvc/pkg-hamradio/trunk/package_template/>`_ -useful. +with packaging. You may also find our `salsa script +<https://salsa.debian.org/debian-hamradio-team/hamradio-maintguide/tree/master/salsa>`_ +useful for configuring new repositories if you have an account on +salsa.debian.org. Announcing intention to package --- @@ -64,7 +65,7 @@ +---+--+ | Homepage | Should be documented whenever possible. | +---+--+ -| Vcs-* | Please use the following template when using the team's Git repositories on Alioth: | +| Vcs-* | Please use the following template when using the team's Git repositories on Salsa: | | | :: | | | | | | Vcs-Browser: https://salsa.debian.org/debian-hamradio-team/ | diff -Nru hamradio-maintguide-0.6/vcs.rst hamradio-maintguide-0.6+nmu1/vcs.rst --- hamradio-maintguide-0.6/vcs.rst 2019-08-05 18:52:47.0 +0100 +++ hamradio-maintguide-0.6+nmu1/vcs.rst2020-02-28 23:23:40.0 + @@ -1,15 +1,14 @@ Version Control System == -The Debian Hamradio Maintainers team has a project on `Alioth -<http://alioth.debian.org/>`_. You are encouraged to use this for managing git +The Debian Hamradio Maintainers team has a project on `Salsa +<http://salsa.debian.org/>`_. You are encouraged to use this for managing git repositories for the source of your team packages. If you do not currently have -an account on Alioth or have not requested to be added to the project, you will +an account on Salsa or have not requested to be added to the project, you will need to do that before you can use this facility. To request to be added to the project, send an email to the `mailing list <https://lists.debian.org/debian-hams/>`_. In order to be able to push to the -repositories on Alioth, yo
Bug#903533: yapf FTBFS with Python 3.7 as supported version
Hi Nicholas, I'm on it Ana On 03/08/18 00:41, Nicholas D Steeves wrote: > I hope this bug is fixed before 21 Aug, because yapf is marked for > autoremoval on the 23rd, and this will result in elpy's autoremoval > that same day. > > Cheers, > Nicholas signature.asc Description: OpenPGP digital signature
Bug#891945: ITP: python3-transip -- API client for DNS provider Transip
Package: wnpp Severity: wishlist Owner: Ana Custura <a...@fsfe.org> * Package name: python3-transip Version : 0.3.0 Upstream Author : Ben Konrath * URL : https://github.com/benkonrath/transip-api * License : MIT Programming Lang: Python Description : API client for DNS provider Transip This package is an optional dependency of lexicon, a DNS manipulation library currently being packaged in Debian and used for Letsencrypt automation (bug number #00). This library aims to implement the TransIP API in Python, and provides both a library and a CLI.
Bug#891944: ITP: python3-pynamecheap -- API client for DNS provider Namecheap
Package: wnpp Severity: wishlist Owner: Ana Custura <a...@fsfe.org> * Package name: python3-pynamecheap Version : 0.0.3 Upstream Author : Bemmu Sepponen <m...@bemmu.com> * URL : https://github.com/Bemmu/PyNamecheap * License : MIT Programming Lang: Python Description : API client for DNS provider Namecheap This package is an optional dependency of lexicon, a DNS manipulation library currently being packaged in Debian and used for Letsencrypt automation (bug number #00). PyNamecheap is a Namecheap API client in Python, which supports: * Registering a domain * Checking domain name availability * Listing domains you have registered * Getting contact information for a domain * Setting DNS info to default values * Set DNS host records
Bug#835817: ITP: live-tasks -- Live environment support
Package: wnpp Severity: wishlist Owner: Ana Custura <a...@netstat.org.uk> * Package name: live-tasks Version : 1.0 Upstream Author : Ana Custura <a...@netstat.org.uk> * License : BSD Programming Lang: C Description : Live environment support This metapackage installs recommended packages and documentation to help support Debian live environments. This package will replace the live-support package.
Bug#833890: ITP: ampr-ripd -- Routing daemon for AMPRnet gateway announcements
Package: wnpp Severity: wishlist Owner: Ana Custura <a...@netstat.org.uk> * Package name: ampr-ripd Version : 1.13 Upstream Author : Marius Petrescu <mar...@yo2loj.ro> * URL : http://www.yo2loj.ro/hamprojects/ * License : GPL-2 Programming Lang: C Description : Routing daemon for AMPRnet gateway announcements AMPRnet RIPv4 Listener and route injector daemon, used for participating in the amateur radio 44/8 AMPRnet gateways tunnel network. It updates IPIP tunnel routes based on incoming RIP updates from a master server.
Bug#826729: ITP: python-cymruwhois -- python library for interfacing with the whois.cymru.com service
Package: wnpp Severity: wishlist Owner: Ana Custura <a...@netstat.org.uk> * Package name: python-cymruwhois Version : 1.5 Upstream Author : Justin Azoff <jaz...@uamail.albany.edu> * URL : https://github.com/JustinAzoff/python-cymruwhois * License : X11 Programming Lang: Python Description : python library for interfacing with the whois.cymru.com service I would like to package dnsdiag, which in turn depends on this library.
Bug#816159: www.debian.org: new introduction for blends page
Hi all, On 05/03/16 14:01, Jonas Smedegaard wrote: >> Of course, the information can be rephrased and moved if one wants to put >> less >> emphasis on it (for more emphasis elsewhere). For instance, we could add >> something like "Debian Pure Blends are developed, distributed and supported >> fully within Debian" at the end of the current "first paragraph". > > That sounds like a nice improvement to me. With regards to the second paragraph that was removed, 'forks' is not a concept most end users will be familiar with, but the idea that blends are entirely contained within Debian is important. I suggest we add a second paragraph: "Debian Pure Blends are developed, distributed and supported fully within Debian. Therefore, if you obtain a complete Debian distribution, you have all available Debian Pure Blends available for installation." How does this sound? Ana
Bug#816159: www.debian.org: new introduction for blends page
Hi Paul, On 05/03/16 07:12, Paul Wise wrote: >> > I don't think it's necessary to remove the second paragraph, it's >> > important to the concept of Pure Blends and is not covered in the first >> > paragraph. Ok, I'll remove that paragraph as well. Ana
Bug#816159: www.debian.org: new introduction for blends page
Control: owner -1 ! Hi all, On 05/03/16 05:02, Iain R. Learmonth wrote: > Ana (in CC) has been doing some work on the blends website. I will let > her make this change in the webwml repository so she can get some > exposure to the BTS. I'm looking at this now :) Ana