from:"Kurt Roeckx"

Re: New service: https://debuginfod.debian.net

2021-02-27 Thread Kurt Roeckx

On Thu, Feb 25, 2021 at 03:55:17PM -0500, Sergio Durigan Junior wrote:
> As I said in the announcement message, I have proposed a Merge Request
> against elfutils in order to enable the automatic usage of our
> debuginfod server.  I know that there are people who are not comfortable
> with having a debugger consult a remote server "behind their backs", so
> a possible mitigation to this issue would be to have a debconf question
> asking whether the user wants to enable system-wide debuginfod usage or
> not.

The other option is that the application asks before downloading
each time.


Kurt

Re: https://tracker.debian.org/pkg/dballe

2019-12-30 Thread Kurt Roeckx

On Mon, Dec 30, 2019 at 01:39:14PM +0100, Mattia Rizzolo wrote:
> On Mon, Dec 30, 2019 at 11:29:52AM +0100, Kurt Roeckx wrote:
> > Note that the name of the .changes file by the maintainer and the
> > buildd will be the same, and dak will reject it if that .changes
> > file already exists.
> 
> That's true only in case of policy queues nowadays.

What is a policy queue?

All the recent rejects I get seems to be stable/security uploads.


Kurt

Re: https://tracker.debian.org/pkg/dballe

2019-12-30 Thread Kurt Roeckx

On Mon, Dec 30, 2019 at 02:52:54AM +, Paul Wise wrote:
> On Sun, Dec 29, 2019 at 1:29 PM Roberto C. Sánchez wrote:
> 
> > Would it not be possible to eliminate the need for the second
> > unnecessary upload by requiring two signed .changes files to go into
> > NEW?  A signed binary changes which would form the basis of the FTP
> > master review and a signed source changes to enter the archive if the
> > package is approved?
> 
> Another approach is to simply have dak discard binaries from all
> sourceful uploads (in dak parlance that means .changes files that have
> a .dsc) (and save them to an audit directory). The buildds currently
> only produce non-sourceful uploads so all their binaries get accepted
> fine. For bootstrap scenarios, maintainers can just do an additional
> binary-only upload. See the patches myself/ivodd posted recently for a
> work in progress on this.

Is it .deb and .changes file that you would move?

Note that the name of the .changes file by the maintainer and the
buildd will be the same, and dak will reject it if that .changes
file already exists.


Kurt

Accepted openssl 1.1.1b-2 (source) into unstable

2019-04-16 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 16 Apr 2019 21:31:11 +0200
Source: openssl
Architecture: source
Version: 1.1.1b-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team 
Changed-By: Kurt Roeckx 
Closes: 923516 926315
Changes:
 openssl (1.1.1b-2) unstable; urgency=medium
 .
   * Fix BUF_MEM regression (Closes: #923516)
   * Fix error when config can't be opened (Closes: #926315)
   * Ship an openssl.cnf in libssl1.1-udeb.dirs
Checksums-Sha1:
 b188b210cd0138d919ca730ad7cb7dc253f1d436 2614 openssl_1.1.1b-2.dsc
 f74b62e6645be8db6c3f7a9e95a6f904f5be4292 87392 openssl_1.1.1b-2.debian.tar.xz
 d05412d063d01c067414bdf3b8840d1dd992b733 6983 openssl_1.1.1b-2_source.buildinfo
Checksums-Sha256:
 4596cc5147ce07cc9504c2ed65076f1556ced9b31c3d035b049035af0e72f6b4 2614 
openssl_1.1.1b-2.dsc
 2f29be77334f597dd0ffc59be036fe5ae9e01c760b38e1fbe92197eae6d90752 87392 
openssl_1.1.1b-2.debian.tar.xz
 2655e4cf5fa3f072d3c51a14471e531ff19e70cc790797059aca0532a44e07a3 6983 
openssl_1.1.1b-2_source.buildinfo
Files:
 603c59d73fa9eaf266b704b4b2a09e3f 2614 utils optional openssl_1.1.1b-2.dsc
 2ffa90b8210c33157e9e63ca8a3c2dd2 87392 utils optional 
openssl_1.1.1b-2.debian.tar.xz
 47c925025f3c51d635abb5f3516a76b8 6983 utils optional 
openssl_1.1.1b-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAly2Nq4ACgkQ48TdzR5M
EkQoyhAAs7tBfAz73ltpdNzdmsRiFbG21aDwNbI0bWyXBYEOxSHSla59gd4aE3Iy
pKAFr8R8vwJ7qKGR2S/L9Y+47KQbDWvCBTr/4PYRWgS7BjAw65PgvLX5IWBuHONR
UcAnc2SvvD2q4+876ybeo2HNh8KI6ciTIJcb9H6wced9fdEWicZ6KYZCJIjz99i0
WPCAVbw6B+LlN+fvO05TN3bPauqmLm0XAT9dNsh7k8m2FBhu9KY3x3/5KzkXHDjO
cm7AGCINNEF9u8WDJuKDM/kMpFR+wVeZSHEdm2PQj+kdCteBBcx5AyW2EyhANAf0
XsORI3NUn+8UxTpGxEnCa/Pn4wigzZZEBZASZMjmHz2IUsbIW0wkfVFsn4s9ZXZY
nmYLhoSMbi9/ug1BweZAKr9O/+c/emISS0eTVqTu8iUrtyVmE7sD0Fg/Fxo3kGu/
ztLmh4nIJo4tTMIfESup57M12ammkNrGl+obVDJthnFRKf9dzyNC/kaivdVCPBiE
+iWks7XXd56XN+Y1gF3V3FCh0hVwfLPtAy8j7HDI87oerlodP6ZKcV0T9WQvT97p
jvm/0UpDK1S1Gmo3PARyCcInT1yR9ciiRARVBy+xdIdzIxKvqaze1myQJesfDgax
HcaAEaopLBUhNC8BKkaZ+J2MpEj9JSoi3QnBRolm5VgiVc7B+Po=
=lwuV
-END PGP SIGNATURE-

Accepted madplay 0.15.2b-9 (source) into unstable

2019-03-10 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 10 Mar 2019 16:51:27 +0100
Source: madplay
Architecture: source
Version: 0.15.2b-9
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Changes:
 madplay (0.15.2b-9) unstable; urgency=medium
 .
   * Remove Sam Clegg from uploaders
   * Add upstream signing key
   * Update watch file to find the signature file
Checksums-Sha1:
 a02f055be602804f4a3728a9379260d33980ed7e 2082 madplay_0.15.2b-9.dsc
 29105eb27c1416aa33c8d1ab3404a8e5f0aecd3f 590929 madplay_0.15.2b.orig.tar.gz
 ce84c3f2208a87e04523d1a1de9bff8c47b951b1 174 madplay_0.15.2b.orig.tar.gz.asc
 04d0fa1349116d04c6c316487854008d76aac699 11071 madplay_0.15.2b-9.diff.gz
 41a8db1d85b519ad95c454db5c9e40fda44fbbfc 7578 
madplay_0.15.2b-9_source.buildinfo
Checksums-Sha256:
 28b3b6fbd474c937adafd6816309c20740a95aa9d08dbfd6aacbefddce161b20 2082 
madplay_0.15.2b-9.dsc
 5a79c7516ff7560dffc6a14399a389432bc619c905b13d3b73da22fa65acede0 590929 
madplay_0.15.2b.orig.tar.gz
 c044474e38f03913d10ebb1dc2cda594fe590a2224ce4d4daf422144110839fd 174 
madplay_0.15.2b.orig.tar.gz.asc
 e78f4aaab7f5fafcbebae07f204406003b409e06056b2b5a16dab6beb879817f 11071 
madplay_0.15.2b-9.diff.gz
 ae744ebd387424663b608b0ac530c2cd0ab7ccd7c2d94f94338c2a1cacf7bbe8 7578 
madplay_0.15.2b-9_source.buildinfo
Files:
 4ee60e9b7a88a0b3629f0e3720768e30 2082 sound optional madplay_0.15.2b-9.dsc
 6814b47ceaa99880c754c5195aa1aac1 590929 sound optional 
madplay_0.15.2b.orig.tar.gz
 24169bb01ad4e0b8dc152b7b81b845c5 174 sound optional 
madplay_0.15.2b.orig.tar.gz.asc
 1c5aaeac8a376d8896a8fd1c68f846b8 11071 sound optional madplay_0.15.2b-9.diff.gz
 406060b13eb25627497abebc5196c6c3 7578 sound optional 
madplay_0.15.2b-9_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlyFM04ACgkQ48TdzR5M
EkRY+hAAoy6fZyNJkbk2+3rIIKUjzIlsOamsCfsLAbwtercZ4vg87eqzsAOSk4hd
qZrfj59+iCZYpXWlK5wY15o7vBwOVxO16o538AsbM3Of65MPnWcf9icW+rxjeYOq
SIEC/r34cHnEWfmVs0hGZtXTdDtTSfHBKP6tuhSMwEUpy11HfKR4T1ydkPYKt5km
sO/mVlXk+TR//Uh+cQBfQLroODZSjarL6ypQZJtnQF4+e3zD5IxvDuXNvgr7FSkc
Dk2eUqvqn5bfRSXKjpbtnecAgDF+GDU1zr/dT2GCxGP1o7wezilBin43fAsHvemz
9qMzUvOm3q9vCj7nm8gfVRAQ2xeLDc2pBHCR13ZsBKiNTRw2eEKF6nETC02riygH
cVzusOpB7Q/I0bgGXQNjWGoxy5Vl7DV9WRJ2pyAVptnGLAMtU/35d46aPmav2DgK
iEnH17Mu2ERq2kvwrUoPQldw/+s0TMTO4oySs+POw09pOkzgvmgZpClSbj7revxT
CY43CJfMonkJYKxAX7DDQJ7JBhybsxevVxRkXQkI1TYbl4splNKXTb927tkvU9Dc
TBdwRS4fsS7H2OUQRlzjlXwGJKzDNI5bBjfmJtSTdVpCkcx2eZItOoVZpya6n9MJ
UPvQ1G+hY+3ugjnx8Xx+u7ZaSU22oR2ddi7EQjurmr0q2H63bmY=
=pJ/A
-END PGP SIGNATURE-

Accepted libmad 0.15.1b-10 (source) into unstable

2019-03-10 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 10 Mar 2019 16:42:14 +0100
Source: libmad
Architecture: source
Version: 0.15.1b-10
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Closes: 899582
Changes:
 libmad (0.15.1b-10) unstable; urgency=medium
 .
   * Remove old alioth list as maintainer (Closes: #899582)
   * Remove Sam Clegg from uploaders
   * Add upstream signing key
   * Update watch file to find the signature file
Checksums-Sha1:
 8e691534271d9cb84ae3d5a38fbea10cdb49b523 2009 libmad_0.15.1b-10.dsc
 cac19cd00e1a907f3150cc040ccc077783496d76 502379 libmad_0.15.1b.orig.tar.gz
 24c44ac7c96dca472e7305a7e59f1efd921a3499 189 libmad_0.15.1b.orig.tar.gz.asc
 38785dd8c5945b3e124efdfd72780d5e3624ecaf 18053 libmad_0.15.1b-10.diff.gz
 31f867add06512eacfb45624f94493ad4ab3cd6d 7378 
libmad_0.15.1b-10_source.buildinfo
Checksums-Sha256:
 26f95b62d9ac88835502db837a2963746bb907b53d7d619dc553b270c590c649 2009 
libmad_0.15.1b-10.dsc
 bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 502379 
libmad_0.15.1b.orig.tar.gz
 1059d6d131643a6b6c4a6e1141eb49c8e61f9759835973541140ba0963bd292c 189 
libmad_0.15.1b.orig.tar.gz.asc
 dfeabd5d2398bf902660edc31f87ad40600f0aa732b946f864d8ee6bbf56a99c 18053 
libmad_0.15.1b-10.diff.gz
 6807d6150e9b20c84b3dd823c15de0fb2e69e76947dec5b4ef5c135a9d2ed57f 7378 
libmad_0.15.1b-10_source.buildinfo
Files:
 1a0e80a93da2bbd7b2723605d29affe5 2009 sound optional libmad_0.15.1b-10.dsc
 1be543bc30c56fb6bea1d7bf6a64e66c 502379 sound optional 
libmad_0.15.1b.orig.tar.gz
 5ea85ec8437b340fbea219657fce2e4e 189 sound optional 
libmad_0.15.1b.orig.tar.gz.asc
 e10680dfd7e0cc100d59da70273c5f24 18053 sound optional libmad_0.15.1b-10.diff.gz
 a272a286f59a8e7296573ac458593c4e 7378 sound optional 
libmad_0.15.1b-10_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlyFMXkACgkQ48TdzR5M
EkQowA/+PC2Re5B+390/c4W8TuKh2ArEaJQDPvltHpRZXIY4EwUinr1N7tREjH4q
N6zqPVNqM+704NPLkkPWUjeVLDD3xfsPUwS+vtE+keTlFhfFYauUwQD/UTDICfUc
ZL0KMgYCXGPU/QbFr6ilBEEL+SjONz1HYNjnMMOKJpYgSDa9nkatGy15BE6AlY/a
4jxHPSkgMAiEijg/2LSRrp1LVKl3kJt1KO/L+9sLTNp8dWF2sqjwEc8DOiFvJ0Zx
dvkMJNZY4jG9gDBp7na39zy5pRGNfWKELTZPpNPi+jZHhCEmxL8HoC/T78Lem1/C
6lioXqOn/ZOSMydz7k8UnWqTleCe4z+QWj/I1NlHn9+fA3kEYv+h6PU2cJVeozvv
czPPdt6F9e70ZDwhmipyoYXzumxYvJ/+L/9nD0U5Ri2vwMG0OXhHr5SmG0g75bws
CTMJZIM7u9E3RvHIwAVlrT9bnlEG8g61z+v+4E/SD3UWRQbVP9rlyLMMVuzXPsZX
TLyiDoUKEuftapk6N4eLejw/43EgBH/bbAV3/ziqwuSVBw+cbwW1iKqSH9ia3PVm
xyVwS6quqxWV5Exzn4K4Mi1+t1WK2fDgnLj6UjhGDnDW8XWJnOLd9x9kY5wydn3w
nM6VS1YnpKItNePnqFkhrJwxfFJ2DTPMTIZ3AsZjme8fz9dDpuQ=
=RvaH
-END PGP SIGNATURE-

Accepted libid3tag 0.15.1b-14 (source) into unstable

2019-03-10 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 10 Mar 2019 16:35:25 +0100
Source: libid3tag
Architecture: source
Version: 0.15.1b-14
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Closes: 899861
Changes:
 libid3tag (0.15.1b-14) unstable; urgency=medium
 .
   * Remove old alioth list as maintainer (Closes: #899861)
   * Remove Sam Clegg from uploaders
   * Add upstream signing key
   * Update watch file to find the signature file
Checksums-Sha1:
 e14cd4b4be922b4b671ef0a09ef4bbb41899ef99 2076 libid3tag_0.15.1b-14.dsc
 4d867e8a8436e73cd7762fe0e85958e35f1e4306 338143 libid3tag_0.15.1b.orig.tar.gz
 b542d7d788d754315b0ad1082089e3af065c81c5 189 libid3tag_0.15.1b.orig.tar.gz.asc
 cfc69fd9d4c7ab8ac24ab60c1708277fbb75 11848 
libid3tag_0.15.1b-14.debian.tar.xz
 2c2d0c85d0b6cb55e97555df55e752d4196a01d5 7447 
libid3tag_0.15.1b-14_source.buildinfo
Checksums-Sha256:
 4c5da228039d7156c0e14a02f8982cf8e09f53c41f6236b4e3152567b6550bd1 2076 
libid3tag_0.15.1b-14.dsc
 63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151 338143 
libid3tag_0.15.1b.orig.tar.gz
 57672f4eca6ff78822a6635cd01769766a41c459856bc1ba1f7d10282b7e 189 
libid3tag_0.15.1b.orig.tar.gz.asc
 f174cafe02bef25a9ad8cb7f9ce80119147297a7036f50878e85ac0d7ae09c62 11848 
libid3tag_0.15.1b-14.debian.tar.xz
 479cce5aa2f11a5be655a0dc05655b852c9a61e3a408cc767cbd7a12c6d061fc 7447 
libid3tag_0.15.1b-14_source.buildinfo
Files:
 e45dc3ff6e8d0bca7cc302012dfd08e1 2076 sound optional libid3tag_0.15.1b-14.dsc
 e5808ad997ba32c498803822078748c3 338143 sound optional 
libid3tag_0.15.1b.orig.tar.gz
 930726db1570f84774a434b1e43ac3ad 189 sound optional 
libid3tag_0.15.1b.orig.tar.gz.asc
 c04d20e573ec3855258b5676b8f9620b 11848 sound optional 
libid3tag_0.15.1b-14.debian.tar.xz
 dfe01aacb42dc2de87962bd943b0bf71 7447 sound optional 
libid3tag_0.15.1b-14_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlyFL7gACgkQ48TdzR5M
EkScphAAkRS43Wi0+/71dW7e84zHIfupcK0TKlc+iJnTFI9PCysD8nAvuTlta0Fy
Y4NCn7nTyGkOTwfpPDSsu5p3cJ+IN2JsYmBODB7EHZ85QphyAF0ShENxXNAh5u/g
WzaYsKN6hsuSA9WHDavrDpiYsuvV7a0GK6OJ4M71EIFQXCcq5somWTzC6mX9UpVd
kDIfbUkWG/JHS0N7XmPicWqNubOxXiregRusl6Gq3i9y2vks6zefwmvRPO0ATabu
ZJlHbZWdSgLkUoj11pcFeiCpR5zp8NVLUNbwjhCgMWcaezHMId8Msce4dejGu5qI
6+H8oJZCdLYyWdJZhF3si4Z4VyNIpKU3tBYTQEBiDxmjIq+IstOECTpCa435bMJK
5+gplZxIKU1XJOT6eAUYXk4fPZvvK5U9tPL43NUic4C6qdFVmmfQCjwO66tjdWRi
pTolsr8ZYW4lnTNaX/m2h0ZEY6Om712xJRk78O7VLk5swruOg+O6wYIO8vj5gACe
KzwkE39AhdGj+WkxABLb8Q0OlfGTA2t2/29WBMKh/TrYIpu2psNZ8WgbErr4lDKN
Fe98Tckrs1uWhmiIDVvuxvMaYdtpZE55ZKd/iD1I/U8zC4zr6fiGZKh3eKLP0qxf
2ZdJlAsjkcx2barFv5E+UD5ocyOu1I9+kHyThp6W0ayGhyE1S8Q=
=m/v6
-END PGP SIGNATURE-

Re: FYI/RFC: early-rng-init-tools

2019-03-03 Thread Kurt Roeckx

On Sun, Mar 03, 2019 at 08:19:44PM +, Ben Hutchings wrote:
> On Sun, 2019-03-03 at 18:59 +0100, Kurt Roeckx wrote:
> [...]
> > Most people will actually have at least 2 hardware RNGs: One in
> > the CPU and one in the TPM. We can make the kernel trust those as
> > entropy source without using something in userspace to feed it.
> > I'm not sure in the kernel has the option to use the TPM directly
> > as source, but it makes it available as /dev/hwrng.
> [...]
> 
> If there is at least one hardware RNG with a non-zero "quality" then
> the kernel will start a thread (khwrngd) that reads from the hardware
> RNG and adds those bits to the core RNG, crediting each bit with
> quality/1024 bits of entropy.
> 
> Most hardware RNG drivers don't specify quality and it defaults to
> zero, but this can be overridden by setting the module parameter
> rng-core.default_quality.  Perhaps we should set a low but non-zero
> default value?

I think choas key is the exception to this, the kernel uses it by
default. Changing that is going to surprise people.

I don't know if we can find actually find out what quality the
RNG should provide for most devices. I think for some we can set
reasonable defaults. But at least with TPMs it can be one of
various manufacturers, so the quality might be totally different.

> There are potential problems with doing this: some of these hardware
> RNGs are probably quite weak, so we have to be very conservative, but
> then the less entropy we credit the more CPU time will be spent in the
> hardware RNG reader thread.

I gues that what I would like is that at the start it just gets
the entropy it needs, and then keeps feeding it at a low rate, for
instance a few bytes every few seconds. I don't know if that's
something that can be set, or that it currently does.

I have a FST-01 / NeuG, which I guess is like the worst RNG you
can get. It generates less then 0.03 bit / bit of entropy, but can
do this at 80 or 280 kB/s depending on the setting. With 0.03 bit
/ bit, it takes 533 byte to get to the 128 bit entropy level. At
80 kB/s, that takes 6.6 ms. So even if we set the quality very
low, it can still be very useful.

(The kernel does not recoginize it as an RNG, you need rng-tools
for it.)

Kurt

Re: FYI/RFC: early-rng-init-tools

2019-03-03 Thread Kurt Roeckx

I think the only sane things are:
- Use a hardware RNG (CPU, TPM, chaos key, ...)
- Credit a seed file stored during the previous boot
- Wait for new entropy from other sources

Note that is can be a combination of all 3.

We currently do not credit the seed file, for various good
reasons. We should provide an option to users that need it to
trust that file and credit that file. Note that it does not need
to be fully trusted, we could for instance say it only provides 64
bits of entropy.

Most people will actually have at least 2 hardware RNGs: One in
the CPU and one in the TPM. We can make the kernel trust those as
entropy source without using something in userspace to feed it.
I'm not sure in the kernel has the option to use the TPM directly
as source, but it makes it available as /dev/hwrng. (The TPM might
be disabled in the BIOS.) Some people don't trust them, I suggest
they buy something they do trust, and disable the ones they don't
trust. I think we should trust all hardware RNGs by default, and
then also actually extract data from all of them.

Note that the internal state of an RNG is only 256 bit / 32 byte.
If you make that output something, it can't have more than that 256
bit of entropy. It does not make sense to take more bytes of the RNG
than that to feed back in it. It can make sense to do this at
different times, after the RNG has reseeded, but both should be
limited to that 256 bit / 32 byte. It doesn't make sense to do
this at more than 2 different points in time.

There is no point in using an other RNG to stretch something. Just
use the kernel RNG to stretch it by just asking more data from it.

Do not feed the output of the kernel during boot back into the
kernel, even if you don't credit it. If there is something random
in it, the kernel will already have used that. If you do it, there
is no point in using something like md5, the kernel will take care
of that itself.

Other than the entropy you feed it, it can be useful to feed it
data that does not need to be secret but is very likely different
on each boot, including things like the current time, and an
incrementing counter. It would not be credited as having entropy.
The seed file currently acts as this. I have no idea if the kernel
does anything like that itself, like the mount count of a
filesystem. It might be useful that we feed it some boot counter.


Kurt

Accepted openssl 1.1.1b-1 (source) into unstable

2019-02-26 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 26 Feb 2019 19:52:12 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1b-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team 
Changed-By: Kurt Roeckx 
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 913558
Changes:
 openssl (1.1.1b-1) unstable; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Add Breaks on lighttpd (Closes: #913558).
 .
   [ Kurt Roeckx ]
   * New upstream version
   * Update symbol list
Checksums-Sha1:
 a249e516cd86428a5c04fe02180d71927aef448a 2614 openssl_1.1.1b-1.dsc
 e9710abf5e95c48ebf47991b10cbb48c09dae102 8213737 openssl_1.1.1b.orig.tar.gz
 2299f5f30f14e141b2649864c003dc9edd56c509 488 openssl_1.1.1b.orig.tar.gz.asc
 040edd8c5f58a30fb33ff84663d264db2668a856 83732 openssl_1.1.1b-1.debian.tar.xz
 1aa63fefa080ef746afbc187b592704d13c49799 7299 openssl_1.1.1b-1_source.buildinfo
Checksums-Sha256:
 b442c5845f44a36c32a49ae10818bee5b5564d340029547f90345799219b7e6c 2614 
openssl_1.1.1b-1.dsc
 5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b 8213737 
openssl_1.1.1b.orig.tar.gz
 eba898c33e1580089f8179edacd033beac01626c8a82adc701a2f964d0da0e8d 488 
openssl_1.1.1b.orig.tar.gz.asc
 c56ed6be110d67404f9964ca9738af5e8744174ac6d37b448884260e8047c480 83732 
openssl_1.1.1b-1.debian.tar.xz
 3dd734e04ffd5fab6af0ee77f14d05306ac05d3fdf7a0b84e1e9180313b12dc1 7299 
openssl_1.1.1b-1_source.buildinfo
Files:
 c735bc3a1697c320d155a081c10e78a7 2614 utils optional openssl_1.1.1b-1.dsc
 4532712e7bcc9414f5bce995e4e13930 8213737 utils optional 
openssl_1.1.1b.orig.tar.gz
 5f7ee479042174159b59ba0f7603413c 488 utils optional 
openssl_1.1.1b.orig.tar.gz.asc
 c3593f6981ba0531cd9e3095fd37d5f6 83732 utils optional 
openssl_1.1.1b-1.debian.tar.xz
 59b816b1db9f8f0aaae5dd218881aaf8 7299 utils optional 
openssl_1.1.1b-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlx1jrwACgkQ48TdzR5M
EkQpARAApUXGAAv/rFtpQ/tpb+dy96A2vb7+e2NtgzDfuL1ewGnJP5AWBkKsdK0o
9h2IxJ9N1sAqOlZcvC8ORKoCLIo+yRKSCHTeKEemJMDU05c83S2hQWgvzxFzLQ7H
k1puYkHQMhk/2t78YMlmNdyG9Eg25ImOBNGDi9R5W7R/pFLGS62letOOzGY0AuB6
NWK5yGnlgQ99qcbD9GExNnYhvVWaozh75ijIwk0Hi/B4uLLzH1oTSeqJ9mgFTylL
egtrurCu7hoY29JY30/bsZsAAx77rcz9CsowRyJR6JsO8NE8BVzdJ0wjZIy9XlgF
gAxU0YYTBEigXzuS5gO1fcmiYKJMJ7keO+TZ/NJHaBwgn8bliTIug/8+XytnH3E4
WmDYtsW6GeenyTn+akD1amOv4WFShrikfile/AeYAbeVNQ7IjCUDw9TvIU4KuoT4
7gkMu3+LMmjyNGVbEb0luwv6QQIDSlXyR9h8KK6E4wMf6CdCU5I/UBkWvB2+/S7J
sYxWzqeU3a7CxnsarhOUhTbd/4XuNzlcArSJ8k8+NDqLIaA/dUiVuboMFcl1V178
+8gORTFM0hJ2qa24G8Lu904XvF3o7H3dHK6BhQ9x0ID0pAEkTot9mIau8f4pFLaX
/EfFI2lmps/sKIxSKGN5DN3wq2klPW78ZBanF8O+rjy82cb3+RI=
=LlBp
-END PGP SIGNATURE-

Accepted elfutils 0.176-1 (source) into unstable

2019-02-16 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 16 Feb 2019 14:54:50 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.176-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Closes: 920909 920910 920911 921880 921881
Changes:
 elfutils (0.176-1) unstable; urgency=medium
 .
   * New upstream release
 - Fixes CVE-2019-7150 (Closes: #920909)
 - Fixes CVE-2019-7149 (Closes: #920910)
 - Fixes CVE-2019-7146 (Closes: #920911)
 - Fixes CVE-2019-7665 (Closes: #921880)
 - Fixes CVE-2019-7664 (Closes: #921881)
 - Fixes CVE-2019-7148
 - Drop 0001-tests-Call-test_cleanup-in-backtrace-subr.sh-check_u.patch,
   applied upstream.
   * Update upstream PGP key to new one
Checksums-Sha1:
 8347e18edde0262f8e14c1c4a41566005f1a4e02 2568 elfutils_0.176-1.dsc
 6511203cae7225ae780501834a7ccd234b14889a 8646075 elfutils_0.176.orig.tar.bz2
 6012c37ad5eeb16add7e5e1f0929c383ce0e00d4 455 elfutils_0.176.orig.tar.bz2.asc
 e90a5ed9fc1ba2e193c5316e487909c2ad29212b 31492 elfutils_0.176-1.debian.tar.xz
 a79a742dcc611e54c9a77a12a2f9f7e9d1e65d40 8044 elfutils_0.176-1_source.buildinfo
Checksums-Sha256:
 04188a6d3e83332d462a6b8f5add8fc5f37e4f95cf5d602ad74b574b6f61fc4f 2568 
elfutils_0.176-1.dsc
 eb5747c371b0af0f71e86215a5ebb88728533c3a104a43d4231963f308cd1023 8646075 
elfutils_0.176.orig.tar.bz2
 51474b579b25fc799de0777e241c83605427d2903f8d28524ef6af42f75931fd 455 
elfutils_0.176.orig.tar.bz2.asc
 f19d4982d9c98be2effac6846db55b67d99f152d52babb83592355e497f7dc71 31492 
elfutils_0.176-1.debian.tar.xz
 095be69b4b1f2594bde92deb58f627bf55a95c62fc5f76a49fc26d5fa87093ac 8044 
elfutils_0.176-1_source.buildinfo
Files:
 c9f86b92d2d6908fa135c359977d9763 2568 libs optional elfutils_0.176-1.dsc
 077e4f49320cad82bf17a997068b1db9 8646075 libs optional 
elfutils_0.176.orig.tar.bz2
 5296badecd902a6bf8fc7eb778cea932 455 libs optional 
elfutils_0.176.orig.tar.bz2.asc
 abe54f8d3ecf21759cc0348c8fdfbbde 31492 libs optional 
elfutils_0.176-1.debian.tar.xz
 6c5ddab71027c325f13b7bc2b4d452ae 8044 libs optional 
elfutils_0.176-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlxoGGEACgkQ48TdzR5M
EkTF/A//cOTqZVEHRLfdv8eQVYIGbPoEWaMxCLIIvzSvGk7JT7ZhdFRXsuGuu4gM
+lo/5LtgU6MkulhjewJmdRuWWPuqo5KonZZxVoaQ+tm4a37v0KDtV0KM8WPr/Vct
ZcQ4uuSvDf+ONijkJbnApBNRE8mcAJy2pvDt8mM4Nl+1aEcnpENu3U8qBWjCNk07
IYaDfH6y97kF/zhwweYAitJcXlQTkpGW9eiV8xTx3dnmKwtQdGbj+DijCFY3dIES
Q61wtJLSd7SsbfYbVbaPgx6JCbgZTpBCX7oG/nzyNdWfkSjjfP02IYYC9bXfCAB4
QoF841C5KDluTvP2ashHnlHGp66KkJ0kuGw2LNwRUj609S8FUU+7FsGqm3b3ASeu
9pAkU7Za5aIMQNAALDultvkwt32ymf7oXgVgZK7veY9s54Bih8hIoiph8yfTaDDA
JWWIeVXxN4eGcslmmSnO2d8CsS5IwTRLyr6oU+C28RlIJnBxFVelBymUjvbjQalr
yafmYdSxxJQ4PACf3s2tbgTFC8hG8qxNJpHTYx8z2rpOAlcdAlX3yf9E7901snj9
lIfI0oes91CrMOyX9ODhvxHH22btb9DPG+FhrHly/JkOTxzo+4ARrSwHPN/IoYbq
AX9xSXXifhFuWg7hmJfljw5Rh1s1hqU3bEcOWAu5yNIkHGvNoO4=
=wNMi
-END PGP SIGNATURE-

Accepted elfutils 0.175-2 (source) into unstable

2018-12-30 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 30 Dec 2018 15:02:01 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.175-2
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Changes:
 elfutils (0.175-2) unstable; urgency=medium
 .
   * Add support for the mips ABI CFI callback
   * Properly clean up in test suite on skipped tests
Checksums-Sha1:
 f3005c06bc6d1fca972f6478b75e82edbee566fb 2568 elfutils_0.175-2.dsc
 b4a6ac7f6d2577eb6015de140c745d52f7f9826a 38308 elfutils_0.175-2.debian.tar.xz
 f27e3e20bfd6f68e68a81beb89dd060f57ba31cf 8032 elfutils_0.175-2_source.buildinfo
Checksums-Sha256:
 d256b8eaf5a3b8390b0a66d215a7bb11375c01a5fe1eb2b32861432249a9d1af 2568 
elfutils_0.175-2.dsc
 e4c0cfd5381387964fbb1ccee085b3b37564b16100eb36588ba72bba7eff062d 38308 
elfutils_0.175-2.debian.tar.xz
 f742246021eaae301c33d230dac5f2d9ae1535c6e6ec9d5ed803143a95dfcffe 8032 
elfutils_0.175-2_source.buildinfo
Files:
 8ae42c9e2ac565b1964f2724bcc8ee64 2568 libs optional elfutils_0.175-2.dsc
 14cd2ae585b3e058c008549c49723724 38308 libs optional 
elfutils_0.175-2.debian.tar.xz
 31c074f3f65835d713716223d7ce51c7 8032 libs optional 
elfutils_0.175-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlwo0goACgkQ48TdzR5M
EkTpPBAAjUjG1PdqVuct5RFeAPhoiEqLPiuGbO5HCDeCDpm7/KoV4xjA9Xk9DHP0
rXv1qoMZOdI5KmbgsbQoRmeBpyv+Wayiy6FH+pb7wGcvH0WMtAsbRbcCaKpKS4Rh
r3ERp1A/nq/MZiIf4zWPEPpt6xBIJA3we6hMDwvG72QOolM0gmdE0m2riaBq5Ddm
Mjf7sqMmFFahkYUzxzQG5zAhlbW8IxLafWTVLhYQn7QvPJIs0HlkIUaDNaX1eRfn
idMso3GOmujvL8rxKm+ZT1/+IjXKega/2l12DkEuasNHzJB+1vhMxjGy2nGZhNUN
EG2VwwhbWAToU2TIp87UMTwHFQJEKaumnVtbsZ4ot2s2i79eFw+bpqvRZzVtPQoa
palO3+Xsr3CkvhuwdfGaTorxMZAWxDPK8oPp4qwOPTLtARuSj3WP8Pae0GqCz6jE
bX11lt5SNqhkgwwZ6bAPdOA44T9x1/zlwS2t57Ka/+H6eKmr1+GlJkYtXH2yysXP
9KTfih7NUF2K1zYgznf7puWwfO2Rb7G90b4ahwpULstAtCN/hjDDE+0ELmg7gWHz
zkH5fkvgh1pJDSW7Z9L/A7kuxZb/m0lJFNf+gBjqXiUDut1ghKG7vziZ4CbcaceI
GTiDWjDJtB/Jp6UYbJIVSmjVAzKzoUh/9gjvch44c0un9o6tHwU=
=5FjI
-END PGP SIGNATURE-

Bug#917366: RFP: postfix-mta-sts-resolver -- daemon that adds support for MTA-STS to postfix

2018-12-26 Thread Kurt Roeckx

Package: wnpp
Severity: wishlist

* Package name: postfix-mta-sts-resolver
  Version : 0.2.4
* URL : https://github.com/Snawoot/postfix-mta-sts-resolver
* License : MIT
  Programming Lang: python
  Description : Daemon which provides TLS client policy for
Postfix via socketmap, according to domain MTA-STS
policy.

Accepted elfutils 0.175-1 (source) into unstable

2018-11-19 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 18 Nov 2018 23:01:23 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.175-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Closes: 907562 911083 911276 911413 911414
Changes:
 elfutils (0.175-1) unstable; urgency=medium
 .
   * New upstream release
 - Build with gcc-8 (Closes: #911276)
 - Drop fix-gcc7-ftbfs.diff
 - Drop GNU_variable_value.patch
 - Drop locviews.patch
 - Update patches
   * Fixes CVE-2018-18521 (Closes: #911413)
   * Fixes CVE-2018-18520 (Closes: #911414)
   * Fixes CVE-2018-18310 (Closes: #911083)
   * Fixes CVE-2018-16403
   * Fixes CVE-2018-16402
   * Fixes CVE-2018-16062 (Closes: #907562)
Checksums-Sha1:
 a68e892c7347f0fe49158e9818e57607cb38c7c5 2568 elfutils_0.175-1.dsc
 361f835640ecffddc6d4543fb044eb53f673026f 8786600 elfutils_0.175.orig.tar.bz2
 a15f78114cad1c7dbe41b2c5710105563b83c481 488 elfutils_0.175.orig.tar.bz2.asc
 28eab328d1e8d8df41b13d9567c9d707dd5901d3 37404 elfutils_0.175-1.debian.tar.xz
 57e40bb1e428465522056af1907d7078559fc83e 8034 elfutils_0.175-1_source.buildinfo
Checksums-Sha256:
 32e42db07fa6c55697db27fb049b327b8bcee95e326c8b64498671dc9f3851ba 2568 
elfutils_0.175-1.dsc
 f7ef925541ee32c6d15ae5cb27da5f119e01a5ccdbe9fe57bf836730d7b7a65b 8786600 
elfutils_0.175.orig.tar.bz2
 103ae1a12d0b67e2d783f36dc780acd533d5c2a9d6241bcd62cfe1f6fa891a16 488 
elfutils_0.175.orig.tar.bz2.asc
 0de2c3f311d388a1dada67e4e37a41bd18fcf715c2a7bcb869d75f0815c70f23 37404 
elfutils_0.175-1.debian.tar.xz
 dd5c7a1153ee0bc3ede69fe22d30b9b939142f25f27dda99792fa8e3cc61 8034 
elfutils_0.175-1_source.buildinfo
Files:
 9b6749ac7b767a9df5861a5b13bacf6d 2568 libs optional elfutils_0.175-1.dsc
 9a02b0382b78cc2d515fb950275d4c02 8786600 libs optional 
elfutils_0.175.orig.tar.bz2
 54de34fe526466caf58f8dce879623b6 488 libs optional 
elfutils_0.175.orig.tar.bz2.asc
 c088129dfd51831d1ea2e664fac54eb8 37404 libs optional 
elfutils_0.175-1.debian.tar.xz
 d586e4cd298fec2e61a37ebf7bedfefd 8034 libs optional 
elfutils_0.175-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlvzKXgACgkQ48TdzR5M
EkQ0mhAAqvoR6fm5a4w67O57UO3j+PM2t+3Slt4qDsfmB2ochhuQ81J5MYO+7kO9
Jen2DB4LMYBW1z0pY7/xvS91EXfxkrJqjhhELFmds0+2g6uyJrvFJ3l+lmTRpvCW
ijRUa5/PssXT8gH4blEBDERPz8Sdr6A3cwzUD5vHTQxF9F12rnDa9ofFeuyaFUW+
rxnubsksysSY7rJ91GG1JLAB9/n/DI2PgQyNwVJ6fT87oJuS6pN70JV7RJOodvRq
fYggTl1RWiuD6wAPlXmspDox4esGw5aYdgvwRR2AEO2wODxCkoMAltlUU0fPW7X7
TWDK23zVci1wtj9blquX3DUPu+L/E6tHV7p8t/HG0xpqfysTXgORkqV511DOJM8D
y3gkAh+jK2P2C88lrgWoLvDOQyfo/V81zbge82/wQzA9LAEbYojlDv7Jqx6YPqzz
nGac1sPvrR7tYrMDXH1CFBgtkpj+8SaHc39FAmP+wi8bg20wxjjRv5Tul9ffe34V
vVvoNjr+dJ5tpC1KPBH3kfDNU+gLocNK5rw00Hifm9ub3EKPT6pYZUSUpRRfDw3C
0ZuIuVAh+OhIhuvHOs/roWco0i8+Db3Sj/VnFbLvZeSgHerOqqvE08KNY1T0OD1k
uB88KJg7VFigV65sKwbGSQ78CCFhtlX++wg+G96+GXA6cGxe8+U=
=Dwb4
-END PGP SIGNATURE-

Accepted openssl 1.1.1~~pre9-1 (source) into unstable

2018-08-21 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 21 Aug 2018 21:00:17 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1~~pre9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team 
Changed-By: Kurt Roeckx 
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.1~~pre9-1) unstable; urgency=medium
 .
   * New upstream version.
 - Support the final TLS 1.3 version (RFC 8446)
   * Upload to unstable
Checksums-Sha1:
 305a57f27672ca6c7eb8537c78d56b93018046f6 2664 openssl_1.1.1~~pre9-1.dsc
 01a42e93a34746340974b9fafe960226f7d10ff7 8411103 
openssl_1.1.1~~pre9.orig.tar.gz
 bc6581172625ed0a040c172d24ea575f7aae4e00 488 
openssl_1.1.1~~pre9.orig.tar.gz.asc
 69c518b36acc6c15ebbd2fa4cf846ec698dd2d7a 82920 
openssl_1.1.1~~pre9-1.debian.tar.xz
 17c86cf38681a1aeffa9c683b5ac8b3c2cbc6748 7358 
openssl_1.1.1~~pre9-1_source.buildinfo
Checksums-Sha256:
 06b4021d2fee5f7272f26bd122f2400de2daff450e4459bddd3356778d0f 2664 
openssl_1.1.1~~pre9-1.dsc
 95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c 8411103 
openssl_1.1.1~~pre9.orig.tar.gz
 f2d723353a9f9d2fc2699add7ed23a5b1c511684fd05d00e0ce8b4a619f8c6f3 488 
openssl_1.1.1~~pre9.orig.tar.gz.asc
 47e7e1b1c0a27f90f8b8fc804927fd87ed3f269c0d26116d9e1d20158442b36f 82920 
openssl_1.1.1~~pre9-1.debian.tar.xz
 52f170c5819aab6154ed62bb0b2ada45ad9c8bf4ff0364f39e8b43cc7b910793 7358 
openssl_1.1.1~~pre9-1_source.buildinfo
Files:
 d19f427d880e9956bfdba75a8b12600f 2664 utils optional openssl_1.1.1~~pre9-1.dsc
 6aa32e976e2c9a4aee858ced135d2573 8411103 utils optional 
openssl_1.1.1~~pre9.orig.tar.gz
 88daef7544218b30df8344d810a40807 488 utils optional 
openssl_1.1.1~~pre9.orig.tar.gz.asc
 a69fddac66c49a5121a569d92792fffc 82920 utils optional 
openssl_1.1.1~~pre9-1.debian.tar.xz
 6e7a0829cd10d5491d35ae6cbb2ed743 7358 utils optional 
openssl_1.1.1~~pre9-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIyBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlt8aVIACgkQ48TdzR5M
EkQS/w/2KDudxob8qWFaiUihxSmBUSJflDD94dOMyNXwZDEbq0ayGtGY3BZ+TkPC
UTfnW65IMJgZ+TrFKKZKeuO5UVSGAk/k0LqRA5A9CoQ7fIu4E4aA0CsIkqcx4GG5
H6T5VdkgAkQG0b7MIwYr7BEE38i20EcHLKsm2xbU3quR4fb/DzSnvVuo+knjSoGr
yG6h40yh1nIdJ8Tk4J5ROTinHgSrMxFiq2IuVZsbnZ61iDCtSIKa+ByDrsFLYSO7
3L3xk+ER7BzYhIMDFGpU7rl5Jd1bbAvEOcx8JXZmwYUFKVzxnBIb5TW1AbpNOPst
y3Rc+kGTZc9XCbbHJe9UfQkbwQERv1xPfyWA+tx2gANUm+2e8lnAbJEI1+JAzaHp
2l8/vRCTG5D/Czja5s3awwnxoGlqN7xYuzJzhaHfG3i+6ygP894hM7Cpy8KNoDoh
mrCAYVv+rBCczgVF8REs8oFAiVCHYGCvCIpy6s9gHQB2EFzA+C4JkTJC0cnjavrB
D/hyC4sgtjGtPCLTqFWh2M9kN0d2RTRmrZKJuvH/ZDDupEaLqn5AVDuHuuha06vZ
9s3VoN2qRovFEq6oxfm5c6lAVvb/fk0F3qki1UYsjpGaBfz2tEYC8rjuqUyBrwnM
r9Uv+ma/kVgKEzS2QU4M66cSQdbIUHzfkwp/m0N5R7nSNGph7w==
=KHTO
-END PGP SIGNATURE-

Bug#905994: O: libtool

2018-08-12 Thread Kurt Roeckx

Package: wnpp

I'm orphaning libtool.

It currently has 1 RC bug, and the last NMU at least seems to
cause a regression.


Kurt

Accepted openssl 1.1.1~~pre6-1 (source) into experimental

2018-05-01 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 16:00:55 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1~~pre6-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.1~~pre6-1) experimental; urgency=medium
 .
   * New upstream version
   * Increase default security level from 1 to 2. This moves from the 80 bit
 security level to the 112 bit securit level and will require 2048 bit RSA
 and DHE keys.
Checksums-Sha1:
 6f69ccd750a37fa0a8f4d16435e1dfcf46f0f8d1 2617 openssl_1.1.1~~pre6-1.dsc
 d9aa6121ea9e8bfc4632566c72b376620c68ece3 8286337 
openssl_1.1.1~~pre6.orig.tar.gz
 30b4162e2d8f3ed6f28cf460e2b5112fa2403109 455 
openssl_1.1.1~~pre6.orig.tar.gz.asc
 fa100a10a44466c5fc8c077275c473f9d3dd8d84 55188 
openssl_1.1.1~~pre6-1.debian.tar.xz
 09ba3db98f37a7c64fbef9fe0caf1a61e125bc1a 7040 
openssl_1.1.1~~pre6-1_source.buildinfo
Checksums-Sha256:
 2b3b9328e945eed8d34c32b40610ab2c089b4868fb3da03188454be327641d47 2617 
openssl_1.1.1~~pre6-1.dsc
 01f91c5370fe210f7172d863c5bdc5dee2450c3faa98b4af2627ee6f7e128d87 8286337 
openssl_1.1.1~~pre6.orig.tar.gz
 75c4bee76b9cb47e1c5a22f925a5df911661c4c9344f5127dab8302dabb0157b 455 
openssl_1.1.1~~pre6.orig.tar.gz.asc
 88619362fc94ae5ea35ced9bd2891cd73b25835904db406c6200661185f2cfd5 55188 
openssl_1.1.1~~pre6-1.debian.tar.xz
 1bd601973376a6e9b4f0dc31907c0ee7de67254a52ad2a1b51831385bdabc916 7040 
openssl_1.1.1~~pre6-1_source.buildinfo
Files:
 41328cf1437bcc89abd75c3aec3e7c6a 2617 utils optional openssl_1.1.1~~pre6-1.dsc
 da450acb7ac260021b75b978cd08964f 8286337 utils optional 
openssl_1.1.1~~pre6.orig.tar.gz
 bd04653957b9cd0589586a0bcc311f4a 455 utils optional 
openssl_1.1.1~~pre6.orig.tar.gz.asc
 41f0281175bf191f7e2e0ec2e9c68fa7 55188 utils optional 
openssl_1.1.1~~pre6-1.debian.tar.xz
 fdd1b60417cfeba7068f83cf67425846 7040 utils optional 
openssl_1.1.1~~pre6-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlrodkkACgkQ48TdzR5M
EkQm8Q//dxWruxFTWdo4OF8f2fuMraAH0MK2tT4PvyD5jyGdzwDRGvrSenNxznOJ
0wtxChS3EighdMSVxfEDVPjKPE7U331CuaNTpBFFNWrXOgRz9H41EHleiQwVRlNV
XgWIOFeIx5ozNrZ9C2JY42nzb5Yl9uUE9DP3D24p3oAlSIQ2yI14BSLmYaNF2maC
DacVNmKZsi7pNtLkPoxW0NGz4WzB6eF+u7gK/9ccpdDN/RK+XqlIvkvwY19p/y2J
f78NmhD0HO2YnOTeRw3KvS4hTgNFw3y+IrcrVehMJ8u9W+3nQCkriM0fOSqJcHe1
654Jwrkp8voQeGjFr1NEUI4d62KbX67+qIIscxGcx8PIBCsZEJN+eQ+/J9jQbvny
5lE0Mj5kb88d70a4iMuv5S71WX0P2exjrsHXsfIy/ltGdFqZBflbG4ZeLh43sSF0
PRax8k8s9l+Owv9yl88fxjKYRYZKif+hXrjNmrNbB48I7JWAdGbGn1xAzQ/LFMHZ
zOEwk20dokVWiX3a+TpmrvyK1JKL1NdRDVF6uaNZspTcop//gniz1wqd9DZdkFkO
z104xtXRsnC10qXkgMOA5H4iBQJBu2XPRnnsLRYotQQoiHJa2HLsVJWzGipOA5Ig
CNI/shE5VLK88XCgnbsdorBUxlqA+0S1Ecj5icWQrjYjbzFhaS0=
=aSjH
-END PGP SIGNATURE-

Accepted openssl 1.1.1~~pre6-2 (source) into experimental

2018-05-01 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 16:34:27 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1~~pre6-2
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.1~~pre6-2) experimental; urgency=medium
 .
   * Update libssl1.1.symbols
Checksums-Sha1:
 44f9bb449a1b761d4c18a91aae0bcbcb9355516a 2617 openssl_1.1.1~~pre6-2.dsc
 1fab907ee534f91bf768fec28ea46770d2ee91fc 55224 
openssl_1.1.1~~pre6-2.debian.tar.xz
 617420abc1aa15d9c35a0522f4022a65f9a09df7 7040 
openssl_1.1.1~~pre6-2_source.buildinfo
Checksums-Sha256:
 5979ef5d0ed550bf0b87b2e87f14e914ed307592c319a0bd2e105604eb51 2617 
openssl_1.1.1~~pre6-2.dsc
 95d0942da198e3f6906267efc0c4149a3ffdfdfd161454102029606c8e8219e6 55224 
openssl_1.1.1~~pre6-2.debian.tar.xz
 ea710e0ea72d05c52f79fff62554da8ecaa7c4eed5730a582441fab8c683441d 7040 
openssl_1.1.1~~pre6-2_source.buildinfo
Files:
 e178fe417d91e8ba3023eb2b46861f95 2617 utils optional openssl_1.1.1~~pre6-2.dsc
 c6dc901da50f998ef431baa220ae645c 55224 utils optional 
openssl_1.1.1~~pre6-2.debian.tar.xz
 4a78ead2780d55b64822b91c42fc1927 7040 utils optional 
openssl_1.1.1~~pre6-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlrofYQACgkQ48TdzR5M
EkTc9A//V7cTrsUslHXV0gTMw8Vf9+U8aRH0jGF9vXLEeDA0JIiM64D58fZ16YCd
JyqO5kCH1DUNTAbIWxNyMVFC5xsgYAqgqAquOQXoXZaS67oOmPYjLbCHldUptNff
g68YXeHuq7IL+c5GgM9aiP/T+gxMobblktIINV/nMfnTzdSUwT6gzO4CEx6fNYDP
mru8Rj5+UUr2SPeVzcWhT8TxU4So5J/aG6YqKXucye7nRv80RMlv+ep2PR0feuBa
wkuVXUmAI8gmBW+GD3M1RQo1qzx2zlkuLfJM+i5FFuP7IcNuiz89G2V7g6/A5c5/
cqSWOCwFdQ4Iqm5dBFIsCnUY+AKezuEhXjr7KXxLt8HFJZ6tuFHVnX1OMQFJFWUZ
PB7CizE9MG0/Cev7ENwQ501GuygI+zXUId4rbyv97DwmZTjTrSKNiMlPU3OHaqX7
iU7Vsxrr2app9Tf6rZMx+haExxlE0bokdTPfZNFyKtLPnzFmH3M/klyYOy+nKJtk
T93j+Zy33udhgaKvzPsJf2rm2cuiQ04LE3txMTgCNhhHb3wU+HRkH+VyPE3NQX1n
bNHNJkdEWbu/2PEHlvtA4//ux3SqEuLqiuFhTAR+JtwJRQA9/tah0s3OyXJIkbKF
ZSl2i1EtLHTrxabGQBXBXvoKNIk/zzudun4C+fvN2+wpbzti/Wk=
=kcpb
-END PGP SIGNATURE-

Accepted libmad 0.15.1b-9 (source) into unstable

2018-01-28 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 28 Jan 2018 16:28:46 +0100
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source
Version: 0.15.1b-9
Distribution: unstable
Urgency: high
Maintainer: Mad Maintainers <pkg-mad-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libmad0- MPEG audio decoder library
 libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
 libmad (0.15.1b-9) unstable; urgency=high
 .
   * Properly check the size of the main data. The previous patch
 only checked that it could fit in the buffer, but didn't ensure there
 was actually enough room free in the buffer. This was assigned both
 CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
 different way to detect it. (Closes: #287519)
   * Rewrite patch to check the size of buffer. It now checks it before reading
 it instead of afterwards checking that we did read too much. This now also
 covers parsing the frame and layer3, not just layer 1 and 2. This was
 original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
 57cdaf8db3f692fbb3ae676d2ba280c869a6f0f2 1860 libmad_0.15.1b-9.dsc
 0ab6e005cbc0e553d99784b520cd92f93eafc68a 13536 libmad_0.15.1b-9.diff.gz
 c11dc21dc3a20731221e31eb702e70f4bbc61128 6754 libmad_0.15.1b-9_source.buildinfo
Checksums-Sha256:
 4c0e95ae62cb51e2e9d80f47c967a9efbff5846c8076ba0ceddb1006fc6c58de 1860 
libmad_0.15.1b-9.dsc
 b538f3f2e1686623f571561949bbd190a398fd6c288badbe81ec28499b9672e3 13536 
libmad_0.15.1b-9.diff.gz
 a3251532ddda9fe1895c65ef1eba0acea6eed3436bbbe07233e744a3d8a81663 6754 
libmad_0.15.1b-9_source.buildinfo
Files:
 63450fb09c6fa823ba948bc8fd15a866 1860 sound optional libmad_0.15.1b-9.dsc
 0cfc29f958d2b3661c82f260a84fe356 13536 sound optional libmad_0.15.1b-9.diff.gz
 c9a57ab9def24a7377caf5454692 6754 sound optional 
libmad_0.15.1b-9_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlpuIeQACgkQ48TdzR5M
EkSgLA/+LNIJjwdIz9R3Y0dVN8Zpf3D+CgkjTHkGdBNjcix6VrIJ8LyXwp4JBOoS
ngtIherhIjGWmgj/u6/CedspusPsr6zA3/SFvFofc3pMqOynvisXfSbXazclTone
A2Y+ALMXdV8FARE6e3lDFmtWwEBujJXQhTpl+5kVrNY7yQbiZF6yvUp/ouOms8uF
29huwxRObaRx2sB5w3HULnLhuFpNAVFVMNV3EZ6ovX0qtmW5C6IR5GbSiCBSe7VV
OSdc3SrdABmhKAZ3s2bqXRvZrgQ9/qzz0HYs6UEk1m2cGkijPpgagNwH7LwKRNgL
WXWjRwM1PVQtdXg2rmP1anPnP9K7C4BFi8ccibW3u7RMcS1h1NBHTYJ8ZaAzHji9
e1bdw9AsOpPJ0Y0pUdyh/HS2x2nZEPM5Asn3ReZvtvpmg+UfVTEeV7W3XjCXu8P/
urTdSycP2+gyjNn+bncpqEv1JMDVTcQ/jJ+lRB7EomS2GvkaMpo3VeBJoZuPki5Y
POBFI44y9J5uV8ggNs1xeUDzuiO9UX7Gu7u5iBUzobtBRXNvknk1BZ2klJnLWiVR
NXVUGDxa5g3kMQObcfdaSyusfUwDUKFPJp1Shp24HUUsYM3gaQ2JeVOujcVDWxss
4gAzYeLAT1hI81uNEfhp4wIxSxR6PMZ0kXG+nwqFsCDhq5ZeqfQ=
=ZeFP
-END PGP SIGNATURE-

Accepted libid3tag 0.15.1b-13 (source) into unstable

2018-01-07 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 07 Jan 2018 12:33:47 +0100
Source: libid3tag
Binary: libid3tag0 libid3tag0-dev
Architecture: source
Version: 0.15.1b-13
Distribution: unstable
Urgency: medium
Maintainer: Mad Maintainers <pkg-mad-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libid3tag0 - ID3 tag reading library from the MAD project
 libid3tag0-dev - ID3 tag reading library from the MAD project
Closes: 808767 869598
Changes:
 libid3tag (0.15.1b-13) unstable; urgency=medium
 .
   * gperf now uses size_t instead of unsigned int (Closes: #869598)
   * Remove Clément Stenac from Uploaders (Closes: #808767)
Checksums-Sha1:
 ada887165d8e66c719f7c163d18db5d6b7b58f9f 1919 libid3tag_0.15.1b-13.dsc
 988b22ac0936058669d59e0d6843127975a0d0eb 7724 
libid3tag_0.15.1b-13.debian.tar.xz
 ab8a5e3117c27d866f4b8cdeda4336ddc13c5fb2 6819 
libid3tag_0.15.1b-13_source.buildinfo
Checksums-Sha256:
 d969b7a3a9dc08244169280c702a1b1c90155c5e945de274a28765d733133a76 1919 
libid3tag_0.15.1b-13.dsc
 400870971569812700caa954c3d5bff0c43b03d78c305bce6e1d113b62f6763a 7724 
libid3tag_0.15.1b-13.debian.tar.xz
 74b557c134fe17f6364c210a60ea9105d1d0b0739f824d49826e8480ad27ee8c 6819 
libid3tag_0.15.1b-13_source.buildinfo
Files:
 cd4c960c7403114456ea580b596c3bd7 1919 sound optional libid3tag_0.15.1b-13.dsc
 770c6af1b9f818ab7c2ea3208d70961a 7724 sound optional 
libid3tag_0.15.1b-13.debian.tar.xz
 044dacece2157828e6f307a846487b89 6819 sound optional 
libid3tag_0.15.1b-13_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlpSHZcACgkQ48TdzR5M
EkTEeA//fh3Tl/d8VpbJh5+b5sVElyIKn46/FjrK5x0n29nOmsMSe9O5+rrH0hkl
9gZHMvz+arey3T+bf4QjRfdgn/pJkZzH8rSP8B/88LSsNgidxWL2LkfzbWULhz04
1nholHOEebXxFOJM6joL+12h0OcZHK3cZYsqI8xwuo7KCd99DtdJq/SmSjKCw6Zu
dXWX7A94ReSnw48rIwO54WSD7gSVDkO4CAJnzqFMSLN+OfF4O4zc4nah67VSoZik
I1z/yag3dWPQTUq5h9XHKu2Qmx9fhnfuqcrrAlg767KwkI6vN/CnSLALabVMNjEH
7EPJjhYm/4+W/EMP7gbyEh36Jmcfe68fle/RGxDm+y4RSN+CArISq+aLvSCOCVNH
cnVoLfxMafZMo8BzJ9OylhfRmI8lqcHjXdv9wTPPCtTSMqD3Nx/itzxzYQLnXSA7
8T7O0wlZOltpvjR5keVFaT+ZMJ3DQWuORoxj7Y86SbFMjjX528D6X2Qm0+kwqrj5
uo6kbDtG3BnFV48//qLooVbotksXtVEGEnp/f2qOq4AkVquwWStHsN1TOAe1ABwt
sxDObQQ0xsTU706XTDUq7vcj+hf3dR/eaWp5ycCaX2Wej3zWoHDG+//clhrCAOXU
ujW4RuJJN7vhpFSaRKukbhOHYBh5egpY7QotRXfF2awKcpOcJn8=
=IJ6k
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2m-3 (source) into unstable

2017-11-05 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 05 Nov 2017 17:28:52 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2m-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Changes:
 openssl1.0 (1.0.2m-3) unstable; urgency=medium
 .
   * Avoid problems with aes and sha256 assembler on armhf using binutils 2.29
Checksums-Sha1:
 c802a3a166598eb4cd9b6245b20eede580ab12c6 2273 openssl1.0_1.0.2m-3.dsc
 2de2878df6c0eda6023fbf8db6bea629c0589e4f 77164 
openssl1.0_1.0.2m-3.debian.tar.xz
 3e746af9a37f33f953b71de5d77240c8c8cacf08 6753 
openssl1.0_1.0.2m-3_source.buildinfo
Checksums-Sha256:
 c9386f2a481b6c9a907bfdbae2cb12a6f0fa9546555b2fd3c21098adadde53fc 2273 
openssl1.0_1.0.2m-3.dsc
 4115e6022184843ad269e8f0ae00edef4bdc17fbf81978dc539caf1ba30113e6 77164 
openssl1.0_1.0.2m-3.debian.tar.xz
 05f09074b812dc8709ca9fdc53425db2317b4f0239f6954d7ac67778bb79 6753 
openssl1.0_1.0.2m-3_source.buildinfo
Files:
 b452e804645eb9c5367f60f23296d0cc 2273 utils optional openssl1.0_1.0.2m-3.dsc
 f90c0a09da1d8d5ea86e937baff8dc16 77164 utils optional 
openssl1.0_1.0.2m-3.debian.tar.xz
 da57dee5ac2f983a9484e066c495efe8 6753 utils optional 
openssl1.0_1.0.2m-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln/POIACgkQ48TdzR5M
EkTGKhAAisKopuZh59yoas6Lj4/tfth4cgcEOXX+w9RCjPEftsLmC0VJcrcI3QBU
KS/+72HMzVD9y/4eMWiA9OLvlNmDa03IA+cvU+rM0kc0eCe1/1g4gb9NpVDfvkPY
3oQxd7sHZUA+MCZ8DUoBaMQ3zwbu6mlc0JzazO5AFP/oJj8Wml0eJIp+gIZhsNOY
aACLygpq/06o4u1tJWx6oOW6hbVc39OLZieSyDGzgaWaaozZQIilcaC6x3x5h1ko
rrCvyqK0QkPItmb/TYuMFYs/YZEivoAV2j/dPb7FIT7njdWJ3uhZuKVernQUGhl8
G7DomKCOmtlkhHUSv6nNz67o+aBrhkIzcfhHtRSrr1lBkY8A9UaXQIiub03SJ/qx
9fKskfJahmB2MqBLbkrD8x/FzHXpZAHot1wwfuoy4y2Zy7JGPDSfQbgSkPQ4xSNK
Rn8SxB0HnnJK8YwEBMWa6LDacNBBlX7zMSh2KUvggoNQbcTz3D5BkV+2DCkBNsUh
iS5p53tR/Bh1eJBf3LOLWsurNr+U4mXsbWyyejw3iC9dAiUHNMP1vKYbYXRjOGKu
Gh/HIbBY+UZ8cf7aVz1B6uhzhujEjrYj+XUvwbgSJGVYn5plshBr4oyXjl5PSipV
kJgg0MXJQCgH84OTr9aGfnGOSkN9pLHRjXl8qvX//8kaSXKhQqI=
=s3/H
-END PGP SIGNATURE-

Accepted openssl 1.1.0g-2 (source) into unstable

2017-11-04 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 04 Nov 2017 12:48:13 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0g-2
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0g-2) unstable; urgency=high
 .
   * Avoid problems with aes assembler on armhf using binutils 2.29
Checksums-Sha1:
 89fdb89c7f12ad50412be68f8b4d7babb3fdd23d 2583 openssl_1.1.0g-2.dsc
 79878d474f24f0502f31e24d31736ccbbecc2cc2 59272 openssl_1.1.0g-2.debian.tar.xz
 5eb4c261cecb01109c3fcc873e282a53dab8b789 6751 openssl_1.1.0g-2_source.buildinfo
Checksums-Sha256:
 c247e6c03142617909613ceec367b0e8deda47745dc34196b0c7925805df238b 2583 
openssl_1.1.0g-2.dsc
 35d134692f170cd4625453e09edbcd23bb9147717d6274efe2647b9b320df390 59272 
openssl_1.1.0g-2.debian.tar.xz
 c38c01d964d5ff4d5f59b5c4b065e1f2a007a20198cf5601ae13f8a1a66e8075 6751 
openssl_1.1.0g-2_source.buildinfo
Files:
 2eb3761aaa82c0296f4a35cfc1299f5f 2583 utils optional openssl_1.1.0g-2.dsc
 938c35d2a0822cef893d79f6e729428c 59272 utils optional 
openssl_1.1.0g-2.debian.tar.xz
 2ad57adfdd4d0ab73ebebba9f3c273cd 6751 utils optional 
openssl_1.1.0g-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln9qaoACgkQ48TdzR5M
EkSDihAAibJLe1Fo+0FwDNALE1mTImSYlFNnYxmcB4z2hP+KSIsnt3GYMm5AU11s
QfpvPDtK7KwwQzXrB6NAqEf38mcaFJ8mbCTFjP36L7b09dXUKokyeHUG0wPXgnLH
0vQZx1gm1f+dZ0sC2LScj403h3te2Lg48dhQWESZ1VmnKodW9IkJncdvQ/79mEtq
17q1GYlgypGP1RtqP3zK+AQfj8xg0tF/GG2iigM6/JF9Op93y3PRmfbEOcXjESI3
7ZRJXw76Juvi+TyIBmLOO5x6ZMnf8PAi1FPKJ06wObsFUBf2zZ7rThgg6NWXOzVk
ANq26Kh6X1So6+eQBs50oFGHBBHA5gAkKuSl/Lo4FDiWzYbMMrgt9iE6kG8dn4/O
LAuMBgvFIlFtEmprxguaZF1dUXNDVF6e7y28t5jsDUFdbTfQBs+mFu9U4z3yRaoE
bLVDhjgaL0PHcVyPxFSCaeTDPvW6fTVVmQnzqIXq+vNWM1E1zkqTeIijX9fJ8YqM
jqMybRtEfprHIAWXpdpcS4BpBo+Cx+RiuKqzBJtN+UHn4ZD7vBooz+kXzY/4ckuN
39CJ+fhmhFAaJkXGx9dZz82cNLGd/9lWH39kJ2yMP8njKo0M4kbIIb1REU2q+SHQ
ZwC2fWGzEZHf+SY8HFOpbTm4VM6ixFokNOokSm2uYRsi4wLvhS0=
=3JID
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2m-2 (source) into unstable

2017-11-02 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 02 Nov 2017 19:00:50 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2m-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Changes:
 openssl1.0 (1.0.2m-2) unstable; urgency=medium
 .
   * Fix no-ssl3-method build
Checksums-Sha1:
 b3047c0369821fa7e17cd7bc2b0703a54387746b 2273 openssl1.0_1.0.2m-2.dsc
 58ef156ab557919eeb7568feb5c7b37f6a2ce37e 76332 
openssl1.0_1.0.2m-2.debian.tar.xz
 74af8d1f1f2f4cd844359b59d289e30461089ba0 6750 
openssl1.0_1.0.2m-2_source.buildinfo
Checksums-Sha256:
 6ebaad42ac46cec91890312d2d23598bbcb2741f396fc99f9b14f7f24dccfa2f 2273 
openssl1.0_1.0.2m-2.dsc
 861929308ed08a4b7b33ebe49e360268c9d99f5cdb04f94808cfc11ef1a286a7 76332 
openssl1.0_1.0.2m-2.debian.tar.xz
 2327e73bafdf42b042080a6d6fff777c3580848168a81d2b735bf83979a8e14d 6750 
openssl1.0_1.0.2m-2_source.buildinfo
Files:
 4c3e044d46cab979c66971269f9e01f9 2273 utils optional openssl1.0_1.0.2m-2.dsc
 9188f752207d09f0f62ae6a4b2a6dbf9 76332 utils optional 
openssl1.0_1.0.2m-2.debian.tar.xz
 2b5bf6fdedc1cb9161393ae47aa887c9 6750 utils optional 
openssl1.0_1.0.2m-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln7XdgACgkQ48TdzR5M
EkR9lg/9FtsEsrtd2gkhEmvEe7I2rLDG5hOIQ1IBF3adF+Mz24qTOiRg/ToFqmI+
svqOdvaUgwdEtc5lrQigXj6zKZk3TJx/J+Qk/7tyxfftwP76v2gePsvsjDd36uc7
zur8912X+yp39KRN7H9JxMSCER8rkGPYkc0sqmT/cCf+aJFfCR2o+5QG8YtAlxax
wDYpTOE2xpv6hyni4MROVlHEV5flgK0icdKr3BgZ18Hps9hjQq7TSBWCgAaMuP6V
qu3Lx64QfpgUWD+tcEn8C/n2+TulTlTZlqjzkpFLANLSKFnbTIdottFHVRCw4sYK
mDGR+r7pw3FJ7zz76XBvi1d68oNaCwvN7DU2oHKT/fEBl0obHh7/rkOLxYTY1NBk
xLrjlRKHG1Vq1fHLzUxf8afUshmjAQzRn2lWOlFb3kltibA7fpQ0E+cmBNpRXYmB
ZSu315MZM9oaxB0gUg7MgTzH4naMhfYV8jAZE0MIVC67ncISAvR+IcxbyVkILhcx
XCEvg1gtFqsQn9KGk8mt/F6ldAdfhiLCjmZ6g1NpYPimaWXJCGIpLt9M2DYhf30L
rD8ucvU5atMFWfijNdLOoGds3qjA4l84Y69AJWsLaPfksWYauVx1yl/LTUi3fQ9u
tTPaNo9ci/DxFysfVKeWyiDwe6XbP6dtNx5RUKF7AcjTXZOK6Vs=
=IYmx
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2m-1 (source) into unstable

2017-11-02 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 02 Nov 2017 14:30:51 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2m-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Closes: 874709
Changes:
 openssl1.0 (1.0.2m-1) unstable; urgency=high
 .
   [ Kurt Roeckx ]
   * New upstream version
 - Fixes CVE-2017-3735
 - Fixes CVE-2017-3736
 .
   [ Sebastian Andrzej Siewior]
   * Add support for arm64ilp32, Patch by Wookey (Closes: #874709).
Checksums-Sha1:
 94a33e8e06981cf8c16b2c281ca403fb47400952 2529 openssl1.0_1.0.2m-1.dsc
 27fb00641260f97eaa587eb2b80fab3647f6013b 5373776 openssl1.0_1.0.2m.orig.tar.gz
 8d383f6f0a55a715fec8c21d02319a88de8fbd30 455 openssl1.0_1.0.2m.orig.tar.gz.asc
 b137c652bd8d0f4ad80df3347b31e7978f1f0b5f 75972 
openssl1.0_1.0.2m-1.debian.tar.xz
 c0d5c7cf688c90cfe266d09b6e55e8a0e3c2db66 6750 
openssl1.0_1.0.2m-1_source.buildinfo
Checksums-Sha256:
 cdf298c572a5e2871db20f0c40f89270b79918a5a42eca3cf16e60a092ba6603 2529 
openssl1.0_1.0.2m-1.dsc
 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f 5373776 
openssl1.0_1.0.2m.orig.tar.gz
 8849091cce9d682069d9cd218a91c7b89e4cb7d0476b132d7276e2c5fffe9cb6 455 
openssl1.0_1.0.2m.orig.tar.gz.asc
 1c956935a181c81fe6de6151e0923dc4366f139862a02a0d41ad0ab163b8bb23 75972 
openssl1.0_1.0.2m-1.debian.tar.xz
 b38b5e06040e1375e2eddd0cba65175d0ef78a626abb540e27c3e8da2fa705a8 6750 
openssl1.0_1.0.2m-1_source.buildinfo
Files:
 d5f7283ee7111d8bc3fe69642cb5d7ac 2529 utils optional openssl1.0_1.0.2m-1.dsc
 10e9e37f492094b9ef296f68f24a7666 5373776 utils optional 
openssl1.0_1.0.2m.orig.tar.gz
 4af5073381fd3800fd8cfb7cdd8c91f0 455 utils optional 
openssl1.0_1.0.2m.orig.tar.gz.asc
 b3a27ae95ee19f8009001ad1fc8f0ebf 75972 utils optional 
openssl1.0_1.0.2m-1.debian.tar.xz
 3194382e74b45a86095572c14539284c 6750 utils optional 
openssl1.0_1.0.2m-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln7QVAACgkQ48TdzR5M
EkTerhAAmvNTqm0rzmvtjMxZ7sho9+XskfO6OfLvXE8j/Oa3wueUFnJP2q8mQY32
SFQkPPt52mYSayBeVnWniYJr/yyA8jzqaudNGvyEjNDMZJ94EWKIsbrF8jATsbuK
qIeTHAd6Ymns2ArDPQVZlXHS1833qMFTEePLpxRyb1WeHJ9ZON0/y7lP9zQGYkJl
WBzY8RcfexSyoMos7MRATQlWy6fXfty/xZe8tDU06F+2lIdtmfJDuxIQ3jbP/BzM
86vxTFC/i3kFp2BIiG5tFrX7xx0Kp/fQcX2zbZu/Vb1xh1Nk0tAF27tWL/8MQXXW
OM/lxMG77+dOUwxQjq382sIPlmzsSDNsISAwA0ydHcYSSrOFwo2hN8i89ZC08dQo
k1Rb0HOJWH38FOCG+lh6Iy4T6ORuaVDcxDYeVgWtIbBzylPNugluaETwqPlUaHpG
ek5+7JgFcjZiD8NWuzYwkmnaT6DY5nTn7R3wkhfArTutzucJlTRqoXaCYkRESRFg
ABP7N+ZSlsunwe9kh6RpB3cfghWKFxbycmhTW/vMl7ec2a2T8ixffQIF252pPEpX
x/2w++gaqVn/ugwmvoWc670Ucxck8wYf0buZR4fVU8OoGykoZyMZNIG+VZflo2/Y
7np87y9k79z36eeQc/8xmgHxW/Z30+myGzkzvIS98rhUgePUZnM=
=1/NW
-END PGP SIGNATURE-

Accepted openssl 1.1.0g-1 (source) into unstable

2017-11-02 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 02 Nov 2017 15:22:48 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0g-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0g-1) unstable; urgency=medium
 .
   * New upstream version
 - Fixes CVE-2017-3735
 - Fixes CVE-2017-3736
   * Remove patches applied upstream
   * Temporary enable TLS 1.0 and 1.1 again (#875423)
   * Attempt to fix testsuite race condition
   * update no-symbolic.patch to apply
Checksums-Sha1:
 42d3b7a9444b3b7c87d291eb74976b819e118c8d 2583 openssl_1.1.0g-1.dsc
 e8240a8be304d4317a750753321b073c664bfdd4 5404748 openssl_1.1.0g.orig.tar.gz
 efced52be9d3c5cd231c232a6cf294a46b68a9d9 455 openssl_1.1.0g.orig.tar.gz.asc
 ad729c7e2ec311e878b26d40df0b6fb59f685167 58576 openssl_1.1.0g-1.debian.tar.xz
 3713ebf0382a7b1f21773898b931620a5ae02771 6748 openssl_1.1.0g-1_source.buildinfo
Checksums-Sha256:
 20d61daa0efaf020d93e77c1f7a3353815f89c4f5a6951018de911f23fd9f1fe 2583 
openssl_1.1.0g-1.dsc
 de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af 5404748 
openssl_1.1.0g.orig.tar.gz
 2a7532e6722aab8989644049ba5c1d3a5fce417aa4b18235eec901224098bbed 455 
openssl_1.1.0g.orig.tar.gz.asc
 7d4571d74ea5be32330754a8098732f926d022fcd890d73522c8d0de9fa8ce3f 58576 
openssl_1.1.0g-1.debian.tar.xz
 2a4d1a12d31fbf06fe824ddd49c5721f9a69d0de2fcb7d4f422a3c280b309405 6748 
openssl_1.1.0g-1_source.buildinfo
Files:
 5b460de2a08d9e3863d16291c11c76f6 2583 utils optional openssl_1.1.0g-1.dsc
 ba5f1b8b835b88cadbce9b35ed9531a6 5404748 utils optional 
openssl_1.1.0g.orig.tar.gz
 99a7a7d7b55d9d12bb1fc5a31f95899a 455 utils optional 
openssl_1.1.0g.orig.tar.gz.asc
 b79d58c61f4a282ec0d340838984a7af 58576 utils optional 
openssl_1.1.0g-1.debian.tar.xz
 3c6c0fddd2a577117010f46d4ff5d9d3 6748 utils optional 
openssl_1.1.0g-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln7PW0ACgkQ48TdzR5M
EkToTw//QkVLga6M0hEpc95We6GVU/SGmrSydK2VPo7x/lB2MQwHvRjS+QBI8Q5Y
QDCafNve5HnAkYwkXRIS9jgpDDM2Iq4iJhMyYLqRTWTNIdjSBy+/CmiIlv4yJZ8h
hMExmDfzKLmMOy1NVxGA5n5CxiQTH0r/Vc5WIPGVdkpLI5uhSmGzgEADlnxyn0X3
gyzD3TEtUIfQEBfJCfSF/NPHwlA3QllvuLFopPlCI/gt6FwBNtus1N7EE8G0rmO4
T0Ib9IGv13n4IAhvIxpLxOTZCPSuR4pAPWQKRNVfdnxM9EYntgIoCuWoql+nzNmg
9bLQ/HWFBLJAiVIMHiJhxZ+lJmBGVgzzRgHTSnyEZNZZeBF4JoLegwk1StJlN8vG
tHg5MTWGzTMVfQYXbr27TfDz+0oiA2G3WYiP7vD07fgW8uQ6uRNABr9SkSxXvv8T
4u5YTKg3n6tP1hge4Cts9LHJwD63LSY7yYWiojLo+l9fYXSCZxAjWgl5BCH1biiE
MxpyCH3yoIhI1huKPoJPbcAluM/5bKaB2eWvOzAxZ+vOLfHnxrAJoE9+Cw4O1NDB
X0Xk5c8ZEZ/JSCGLu7wPZsWn7B0gdRsIf1LydQEpB0LBrgCfOnhGBS6sJjkgLw/k
W4IjuyWZPvJYAXR5vDu2vQ+AkVzw6QMY828jCCdMbu7W1S4Luqk=
=M3rT
-END PGP SIGNATURE-

Re: [Pkg-openssl-devel] Bug#754513: RFP: libressl -- SSL library, forked from OpenSSL

2017-10-16 Thread Kurt Roeckx

On Mon, Oct 16, 2017 at 05:29:09PM +0100, Colin Watson wrote:
> 
> While there does exist a skeletal compatibility layer linked from the
> upstream wiki [1], the OpenSSL developers explicitly don't want to
> maintain this properly [2], and the OpenSSH developers say that it is
> "unversioned, incomplete, barely documented, and seems to be
> unmaintained" [3].  Kurt Roeckx proposed a patch to add a compatibility
> shim [4], and a number of other projects have done something similar,
> but the OpenSSH developers have explicitly said that they do not want to
> take that approach [5].

My understanding is they would only be happy if we turn that file
into a library they can link to. It would require that all the
functions get renamed, which should be easy to do in a header
file.

> It's not currently clear to me whether anyone has explicitly talked with
> the OpenSSL developers about this problem from the point of view of the
> OpenSSH developers, rather than just as users trying to get OpenSSH to
> compile against the new version.

The question we got asked is to add that compatibility in the
openssl 1.0 package, which really doesn't solve anything.



Kurt

Accepted openssl 1.1.0f-5 (source) into unstable

2017-08-24 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 08 Aug 2017 16:13:54 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-5
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0f-5) unstable; urgency=medium
 .
   * Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
 version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by
 calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version().
Checksums-Sha1:
 c48a6c731f7c60d75819793f6728fb98181b733c 2583 openssl_1.1.0f-5.dsc
 246b9920ff7aa430586d0ac6e57337cae6ed1570 59536 openssl_1.1.0f-5.debian.tar.xz
 aee6b41fe06323c9d5374bb154e9510c11fb44df 5181 openssl_1.1.0f-5_source.buildinfo
Checksums-Sha256:
 44c38165dc9c99d069bb19c510d58778bb79e0530d5967cb74c556999f0b4b7e 2583 
openssl_1.1.0f-5.dsc
 7ae7fc632d259f1e4ed5e2475847d31db18d9bc6b96a6a3405a77cff7020b97e 59536 
openssl_1.1.0f-5.debian.tar.xz
 76da9afb1eb42dfbd5aca7daf7cb6a9ec683bd599717172a520dfff17cccda0f 5181 
openssl_1.1.0f-5_source.buildinfo
Files:
 e504390bbc06904ca6e4a3acfe522995 2583 utils optional openssl_1.1.0f-5.dsc
 18b618d61accb385f5f80ad22770cb84 59536 utils optional 
openssl_1.1.0f-5.debian.tar.xz
 62fdf718c2a601d7615ca68bbf2e2c20 5181 utils optional 
openssl_1.1.0f-5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlmfOdgACgkQ48TdzR5M
EkRzmA/8DBeggvzCiXmRteDkh4GzhccpareYOC+SEdRcgMul92FYb6ODTMiGEcU4
vWREMC7pa5oeCpnQ7en675uWXnBxMCm/b2Vg2kNbCgLzb7tw4fM2AsD5POGXS656
YTGZp49XCNvxeo18/XT1XuYGkOj+Gta3ZvJLkUR9EpKT3+U0u9/WqKC61tXuZRE5
ASaQqWeHHVGFfmUOkK+pq2axEetaSWF0F72r9xFuYC9F5VpULkbds89+cdM4SKxU
WK2zNk+AIiK00efqDpmt1xNBhiZyD+GY2RRdbBg/qkdw0oRubWlG/XMjh9lZ4zHX
O1sNDgr3mBmxVNEjqGF4UXg63Atsdp9XtDq40S4HWJhPXJ2nYHd80oVMVvf8sG26
NRVNQNV3Az6m1Ic3KSoz4dXlG2l8+HbqFy5QCl1srwnQMGgWh+sCSRO4Wdk4hbz7
LSoou6KmH3gclHxT/J2QrmSGyUAeS8tZt2pR2L+1rlJVxC91YmjUpP4CnFqqS+mJ
vWs0WDHPWFdFNCBfUNpfIk5W1tD6L+UVDv4JoVcQrAv86k3NrZ3bGVAeibJa6qU3
Y0VkkX4jUHnp1koU3M2hPFnASfNwE0dNp/+OvwoD6UHxYT38/v/q/ZJRGdQ6Agyb
3sneIHgVMb3I1RnpPr4syABkHAniVIBHZtxXMVtaKz0YvxXkV9g=
=hKaK
-END PGP SIGNATURE-

Re: Bug#833585: lintian: Check presence of upstream signature if signing key available

2017-08-21 Thread Kurt Roeckx

On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote:
>  ❦ 15 juillet 2017 23:06 +0100, Chris Lamb  :
> 
> > Dear Niels,
> >
> >> You need the $group parameter (the 5th parameter to the run sub).
> >
> > 
> >
> > Bingo, that works. Will tidy a bunch of things up and push it tomorrow.
> > Thanks again!
> 
> So, this adds a new Lintian "error". I am using gbp and I have no clue
> on how to include this signature file. Integration with uscan is not
> done either.

There is a bug against uscan to do this, I understand that it's
been commited just not uploaded yet.


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-20 Thread Kurt Roeckx

On Sun, Aug 20, 2017 at 09:14:47PM +0200, Michael Meskes wrote:
> > I might upload this soon. The intention is still to ship Buster
> > with TLS 1.0 and 1.1 completly disabled.
> 
> Disabled by configuration or disabled by not compiling it in?

With "completly disabled" I mean at build time.

> It'd be nice if, after all this discussion, you stated clearly whether
> you plan to change something or not.

Isn't that what I just did?


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-20 Thread Kurt Roeckx

On Mon, Aug 07, 2017 at 08:35:52PM +0200, Kurt Roeckx wrote:
> On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote:
> > I wonder if there is a middle way that ensures that all new stuff does
> > go TLS1.2 (or later, whenever), but does allow older stuff still to
> > work. Which isnt the case if they are just disabled.
> 
> I could change the default settings to set the minimum supported
> version as TLS 1.2. That is, act like
> SSL_CTX_set_min_proto_version() was called with TLS1_2_VERSION.
> That would allow applications to override this this by calling
> SSL_CTX_set_min_proto_version(). But then those are new
> functions in 1.1.0 and they probably aren't supported by many
> applications.

I have a patch for that at:
https://github.com/openssl/openssl/pull/4128

I might upload this soon. The intention is still to ship Buster
with TLS 1.0 and 1.1 completly disabled.


Kurt

Re: openssl/libssl1 in Debian now blocks offlineimap?

2017-08-15 Thread Kurt Roeckx

On Tue, Aug 15, 2017 at 10:43:08AM -0700, Michael Lustfield wrote:
> I don't think it was answered... Is there an actual reason that this needs
> to be handled urgently? Is TLSv1.0/v1.1 considered broken?

Yes.


Kurt

Re: openssl/libssl1 in Debian now blocks offlineimap?

2017-08-15 Thread Kurt Roeckx

On Tue, Aug 15, 2017 at 10:49:05PM +0900, Norbert Preining wrote:
> Hi Kurt,
> 
> I read your announcement on d-d-a, but due to moving places
> I couldn't answer.
> 
> I consider the unconditional deprecation of TLS 1.0 and 1.1
> a very wrong move.
> 
> Be strict with what you are sending out, but relaxed with what
> you receive.

https://tools.ietf.org/html/draft-thomson-postel-was-wrong-01

Also, if I would be strict in what I'm sending out, I would not
support TLS 1.0 and 1.1 for outgoing connections, only for incomming
connections? For the offlineimap case that would still be a
problem.

TLS doesn't actually work this way, but it's my best guess to
what you mean.

> This paradigm is hurt by this move and our users at Debian are hurt.
> In many cases they will not have a way to force the mail server to
> upgrade, and thus are bound to *not* reading emails or using 
> docker/downgrading/
> home-compiled solutions, which is the worst we can wish for.
> 
> Do you really think that big companies like cable provides give a 
>  about what Debian deprecates?  I was personally fighting with similar 
> problems in Firefox and the internal side at my university.

My problem is that if we don't do something, TLS 1.0 will be used
for an other 10 year, and that's just not acceptable. So I would
like to do something so that hopefully by the time Buster releases
you can disable TLS 1.0 by default, and that almost no users would
need to enable it again.

Having TLS 1.0 (and 1.1) enabled by default itself is not a
problem, it's actually using it that's a problem. There are
clearly still too many that don't support TLS 1.2, but it's
getting better.

Disabling the protocols is the only way I know how to identify
all the problems. And I would like to encourage everybody to
contact the other side if things break and get them to upgrade.

Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-11 Thread Kurt Roeckx

On Fri, Aug 11, 2017 at 08:41:10AM -0400, Wouter Verhelst wrote:
> On Mon, Aug 07, 2017 at 08:35:52PM +0200, Kurt Roeckx wrote:
> > On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote:
> > > I wonder if there is a middle way that ensures that all new stuff does
> > > go TLS1.2 (or later, whenever), but does allow older stuff still to
> > > work. Which isnt the case if they are just disabled.
> > 
> > I could change the default settings to set the minimum supported
> > version as TLS 1.2. That is, act like
> > SSL_CTX_set_min_proto_version() was called with TLS1_2_VERSION.
> > That would allow applications to override this this by calling
> > SSL_CTX_set_min_proto_version(). But then those are new
> > functions in 1.1.0 and they probably aren't supported by many
> > applications.
> > 
> > An other alternative is to use the deprecated SSL_CTX_set_options
> > options (SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1) by default, but then
> > there is probably no software that has support for clearing those
> > with SSL_CTX_clear_options()
> 
> Would it instead be possible to create an item in the openssl.conf file
> to disable TLS1.2 by default? That way, users can re-enable TLS1.{0,1}
> in cases where that's required, and you can drop TLS1.0 and 1.1 (and
> possibly 1.2 even, if 1.3 has enough traction) in bullseye.

I prefer this to be enabled on application basis, which is why I
suggested the above ways.

OpenSSL has support for setting such a mimimum in a config file,
I'm just not sure if it reads any section related to it by
default, I think it doesn't.


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-11 Thread Kurt Roeckx

On Fri, Aug 11, 2017 at 01:34:53PM +0200, Sven Hartge wrote:
> Marco d'Itri  wrote:
> > On Aug 09, Sven Hartge  wrote:
> 
> >> Looking at https://developer.android.com/about/dashboards/index.html
> >> there is still a marketshare of ~25% of smartphones based on Android
> >> 5.0 and 5.1 and 16% based on 4.4. So this change would (at the
> >> moment) block ~40% of Android smartphones from connecting to any WLAN
> >> using PEAP or TTLS.
> 
> > Android 5.x should support TLS 1.2:
> > http://caniuse.com/#search=TLS
> 
> The Browser, yes. But not the components doing the WPA stuff:
> 
> ,
> | Aug  9 20:09:13 ds9 radiusd[4179992]: (12924) Login incorrect (eap_ttls: 
> TLS Alert write:fatal:protocol version): [owehxperia] (from client ap01 port 
> 54 cli 30-39-26-xx-xx-xx)
> | Aug  9 20:09:24 ds9 radiusd[4179992]: (12928) eap_ttls: ERROR: TLS Alert 
> write:fatal:protocol version
> | Aug  9 20:09:24 ds9 radiusd[4179992]: tls: TLS_accept: Error in error
> `
> 
> Only recompiling openssl with TLS1.0 and TLS1.1 enabled allowed my phone
> to connect successfully.

Any idea if this actually works with newer android phones?

Could someone report this to Google? I consider everything broken
by this a security issue and hope that Google will fix it in all
releases they still support.


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-07 Thread Kurt Roeckx

On Mon, Aug 07, 2017 at 05:53:07PM +0200, Michael Meskes wrote:
> > > This will likely break certain things that for whatever reason
> > > still don't support TLS 1.2. I strongly suggest that if it's not
> > > supported that you add support for it, or get the other side to
> > > add support for it.
> > 
> > In many cases this isnt possible.
> 
> Wouldn't it make sense to start with experimental and test/file bug
> reports on stuff that doesn't? Let's make this clear, if you install
> the new packages chances are nearly 100% that something will break, at
> least that's my experience.

If I upload things to experimental and ask people to test it,
I will get no feedback at all.


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-07 Thread Kurt Roeckx

On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote:
> I wonder if there is a middle way that ensures that all new stuff does
> go TLS1.2 (or later, whenever), but does allow older stuff still to
> work. Which isnt the case if they are just disabled.

I could change the default settings to set the minimum supported
version as TLS 1.2. That is, act like
SSL_CTX_set_min_proto_version() was called with TLS1_2_VERSION.
That would allow applications to override this this by calling
SSL_CTX_set_min_proto_version(). But then those are new
functions in 1.1.0 and they probably aren't supported by many
applications.

An other alternative is to use the deprecated SSL_CTX_set_options
options (SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1) by default, but then
there is probably no software that has support for clearing those
with SSL_CTX_clear_options()

Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-07 Thread Kurt Roeckx

On Mon, Aug 07, 2017 at 09:59:20AM +0200, Leon Klingele wrote:
> Does this also apply for libssl?

This applies to libssl1.1 package and everything making use of it.


Kurt

Accepted openssl 1.1.0f-4 (source) into unstable

2017-08-06 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 07 Aug 2017 01:08:45 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-4
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 867240 869856
Changes:
 openssl (1.1.0f-4) unstable; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Add support for arm64ilp32, patch by Wookey (Closes: #867240)
 .
   [ Kurt Roeckx ]
   * Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
 version. This will likely break things, but the hope is that by
 the release of Buster everything will speak at least TLS 1.2. This will be
 reconsidered before the Buster release.
   * Fix a race condition in the test suite (Closes: #869856)
Checksums-Sha1:
 1443895e9e39527bd9043e08d152bce8d8a901fa 2583 openssl_1.1.0f-4.dsc
 eb6982dab3730c8611a3b83462ed72fe11b39476 55144 openssl_1.1.0f-4.debian.tar.xz
 c8d52e2aa051dfdc95b921a483ae7eb8b432d376 5143 openssl_1.1.0f-4_source.buildinfo
Checksums-Sha256:
 a9bad4f5bc7acc5784f23fc8a5f6f15e18570cf45caabe10dc84bb97ed724a36 2583 
openssl_1.1.0f-4.dsc
 e45a4e8318d4c4c9df4ae20008352046d843b866fd3eff0593187490768f2183 55144 
openssl_1.1.0f-4.debian.tar.xz
 8dec001b95ffdf984115b853a63ffb3e8ca29ee77abc487a54825da6dc33f8b8 5143 
openssl_1.1.0f-4_source.buildinfo
Files:
 2e8ab10011daec2a5b1fc63362ff1df6 2583 utils optional openssl_1.1.0f-4.dsc
 7afeb9b25792c14d279551fb2061faa9 55144 utils optional 
openssl_1.1.0f-4.debian.tar.xz
 07683c5715f5d74f596ca91e99b038aa 5143 utils optional 
openssl_1.1.0f-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlmHox4ACgkQ48TdzR5M
EkQ4FhAAszPMO5lQjzGdC9YzWmL6GgerfqAOnNLG01cPcxWjITkpbGbZQRCm/Tmr
Z1R3/Sv+8+aPa31PzAUUGxcc69o40CWA2lqf/NGAM9TAzrrv0psv/6A9T4cGR9dB
YKWBwFar1OLlb5sjoYHtwV1eK+u1UkENBZ+7betIVNmsg3B827zyx/0Dx/mE2GN6
RmawZvMpaVnTxVudEz32W9L7BD4P3jSGWRqA8VYiRH9VRMYLCDfxvouneC3rPBhY
MynGHlx9LRjFo6MVhhgWszvpckhwm6oGDEzE9hy3HhW89nkjfysFI9SySaGEzcbP
XzwWSndvTc++qqhWldtEZvvhHB+pv4PQSWtP6cScdcNST9LkfyzJXHHbYwHW6oYT
w1enI9zHCkqp6UO7Qvg8x0nihmMPH1KNQ3CjGZLYC3QFx0zB5KgZokimKy5HX3l5
M1398pDp8J3lukse7anIkO4pMPBKHYq3KVaPOAVW91ElEpK3TkPU+uDMxgwGcENZ
IHFR5Z9x0xS061SNQboBLRyA5uzd6A11Vtr0BzvaLuI6p75kB60WYY7XoYJ8HGTF
fQG/cskHAF2dmL7JIIlU1VzTfpatBuoSI7XFWJibcqGHYv9cz7PSNywuqb44OjIh
TNjRLvV+9rySvygGuKVJCrgrJa7yA4u3xIRvRlB4RsPwzh0M828=
=6Yc9
-END PGP SIGNATURE-

Accepted openssl 1.1.0f-3 (source) into unstable

2017-06-05 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 05 Jun 2017 11:40:42 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 863707
Changes:
 openssl (1.1.0f-3) unstable; urgency=medium
 .
   * Don't cleanup a thread-local key we didn't create it (Closes: #863707)
Checksums-Sha1:
 c0a0e380ccfb6fdda7986292f127a3b2fe1892a5 2583 openssl_1.1.0f-3.dsc
 7e367313f2b2fd9cc32ea9e1ab84961af0a55f6f 54152 openssl_1.1.0f-3.debian.tar.xz
 1b852fe6eb898e4a391cbea0d9937f2edd7955b7 5200 openssl_1.1.0f-3_source.buildinfo
Checksums-Sha256:
 a4d69ed8c10134374d86fee593e85bb5165e6d539ab86294e40532a3ed276642 2583 
openssl_1.1.0f-3.dsc
 2b1ca97264b073345375a69ee95e32a9850f0288462bc58e9054dfa769f14806 54152 
openssl_1.1.0f-3.debian.tar.xz
 0c7775dabc9d47f602d045cadf3b9fb58d0421a8d6013e5e0e5ca168e158a83e 5200 
openssl_1.1.0f-3_source.buildinfo
Files:
 f9a7835dd13f04630e5840fbf729e82a 2583 utils optional openssl_1.1.0f-3.dsc
 74f652d235fe17efd398afb949d74887 54152 utils optional 
openssl_1.1.0f-3.debian.tar.xz
 0769c0d26f45b543e9a76cc7239afb5b 5200 utils optional 
openssl_1.1.0f-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlk1NQ4ACgkQ48TdzR5M
EkTLCA//fBckq+OO0G42AQ9ZFZznrQAyPt8U7Ofih17GiI+Gx0mjC5G39Th/yDzE
fWOQx1vmhX1nGOOSoudinZO0DV3Dar34ShjP9benw0zT3hBW7O7LRmfomWvscZG3
uGkrnhLaIdwupED4znWaZVq1dX+T9x4V+QtJBZLoaJQrc4L3hPWQ1giAQVce/be8
0ADiM+btkpQFZGEGPZb5zOMAhlnvVa4XNCf9xkP8+fAzISLqvnoi299U9xc2iPBR
Bzuik6iYyw9Zd269gXFMQY7C6XBlW6RZJsvWYu3qkqftO9ym6+i+E3dxYjWNmAXh
ODEqCxOLrQhZKOhK9sfxViAGBVz0dTDUbPLQI17BpJKaTh9Wp6zB2HYJvPlwsOpe
GGqTpWV93WrzI1H34U/Nt4kyfBljsa9ijMgf8+IjSRli8+JnIO+UuwssmZhsZWyr
l9eT4kbSURenApWY7Zh6KZG2uUhezZr7O3pGn9vU3bAQlSJ07AKQC2IlR7SiKWGV
rlwIdICiAzHQE5YaFZ5MDPRsR1ZDYqE82SlmWJI61zztG322KibZSkWupkg0YGBM
3SjaTH5WpKC2Yw9nnQL7dJem/bxLpnb4Itoi3ACCoLCQ2PSfKkPY2j/vqKvB5WO7
jyMVh9tu+oDA/bb3C7dtum/zk8Te333JMDCOJTLR5nwJN4K/OBc=
=Ts5G
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2l-2 (source) into unstable

2017-06-04 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 04 Jun 2017 19:15:33 +0200
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2l-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Closes: 864081
Changes:
 openssl1.0 (1.0.2l-2) unstable; urgency=medium
 .
   * Make the udeb use a versioned depends (Closes: #864081)
Checksums-Sha1:
 4d993c36add915e3dfa332b0fe7006f830e2b05d 2529 openssl1.0_1.0.2l-2.dsc
 9a788b795e6e8e5f12a12ac90665b63aff5d4112 75888 
openssl1.0_1.0.2l-2.debian.tar.xz
 5c977a4ace7b1cf4ee33d1e390754ab655ec510e 5202 
openssl1.0_1.0.2l-2_source.buildinfo
Checksums-Sha256:
 51aa8afa8157b209a647f5476e72ba06720c33b8f6e46be79e91a0dc9349efcf 2529 
openssl1.0_1.0.2l-2.dsc
 8e0dc8d55df49bf85cc8a991774fbdf4186886307acc167054355edd7c77ed1e 75888 
openssl1.0_1.0.2l-2.debian.tar.xz
 4498c0fea2194ed534faf268ea33eba783a4b2a7e3c3c6e1b3ab3774198d12fc 5202 
openssl1.0_1.0.2l-2_source.buildinfo
Files:
 c30ab6c2a1ea79ad84d7a866a3efd49a 2529 utils optional openssl1.0_1.0.2l-2.dsc
 873e73da5c0062b4a64325377cfde130 75888 utils optional 
openssl1.0_1.0.2l-2.debian.tar.xz
 1b5efe972738ecf8e3aee723e5e208c4 5202 utils optional 
openssl1.0_1.0.2l-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlk0QrkACgkQ48TdzR5M
EkRb5RAAoACYnHBJhWAfIr0UvfI5nIkMu1ePtrUN6IxKPNz9z4C2RbckbmMf6KIf
o4kmIcjF0qI0bo0OxTKzNbLbuSS97CA2H/adtYuP/eE7Q38vLWE0h8BfCOYXpI9y
jZWsQLaH3QtG+rYYrGhPi9XJT+rdFrT8NyVQYMDddNTo/fLrVcDY6ThpGM73rwFT
PKI1+2msIiOA+ZoYLTAVmRt7ad4Xyz+aKvq/8mxMTQDSiux+JakksscFo5qruSsL
Nhj7S8n+ejJk5sLazwPDQ9rzHAP6Vza0lGpSodTFDDasvr4Brpe/KDbSZ6Tc/ndX
bh6mAbjBOXNR5fSKbG0xjK7EC5PJILGgWZUXM3m2bPHllG9ysfuoKqZ0Cs3u1G+P
KfoE4I7M8LEYSFoUSAuD2OqSS2/LJctpui/qs2XX8qLsZUSWE1/98dWKuPHaIh7O
XCd5nzm87jnyWNaz3R0PSB5yf2OhnoLzOYt3AI9hogsS05bMzGNORab1E/qQdI1K
3DxwZzF7wP/2V+QZ3Yowci+kSBOis6ViaiNVLnerIFoYaJ+2kTRSie9SGA+vGsdq
/AJ2O41UGQQ5CJX3+Vw6wQVhWxxNsMurAiiQBzaQB5JXDc4s9GYVoRheI7TMinIj
4bmR9Gzcgl2r4dTgVbpdh+xEle6sBQrIF+Ipfu2b+I967u8rIwM=
=KsYl
-END PGP SIGNATURE-

Accepted openssl 1.1.0f-2 (source) into unstable

2017-06-04 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 04 Jun 2017 12:07:38 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 863367 864080
Changes:
 openssl (1.1.0f-2) unstable; urgency=medium
 .
   * Make the udeb use a versioned depends (Closes: #864080)
   * Conflict with libssl1.0-dev (Closes: #863367)
Checksums-Sha1:
 01bb5adf098166a46f4ded22169be2dfcbaddf1f 2583 openssl_1.1.0f-2.dsc
 d792b6c7cf3e68def5a2cbd613e6d39e9c352702 53572 openssl_1.1.0f-2.debian.tar.xz
 c883c40b4d802e3ea63725add74ac0fa341e077f 5200 openssl_1.1.0f-2_source.buildinfo
Checksums-Sha256:
 9ae0f957bdfb83ddda991e557febec7e0a41dba1acb2c8dced450706d9f15814 2583 
openssl_1.1.0f-2.dsc
 6186707aeb7d4575035ad3f3b0bd525909124397a4fcdcfe05726b9765e83115 53572 
openssl_1.1.0f-2.debian.tar.xz
 75abe8ebc732b73d3cd8fe17c4685b915734d0396b4e1a200c964e2af0cb5a7d 5200 
openssl_1.1.0f-2_source.buildinfo
Files:
 4f32a663c8a5895e27cc3b2ddfd183f6 2583 utils optional openssl_1.1.0f-2.dsc
 bc36091c1abb2ea19dfce0680968c8a4 53572 utils optional 
openssl_1.1.0f-2.debian.tar.xz
 26a48eac3f657637e245fd44ebc1175c 5200 utils optional 
openssl_1.1.0f-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlk0P6oACgkQ48TdzR5M
EkTwUw//Yr+BJy6j6UUQCVWiNlPBB29b3mhpUxWQZp9o7jSmzzT1Z7kiNFrg+xiN
CpOpu2gd4lUZOXwyzYoz2ZXEYUh/FWDwdanQC7kHgD5qVO6fbugLFlwnBadVPIjJ
VDZoXP2DeMpp0AVmFYob00vavq+qipdVHXxlJa3WjnEWrx0B2VylX4/rKnZlSK7O
bavzVpzSCYpdhYbIPUCuYRJYKFLhMph3HwP2eqiF1pjmpbnOAHUQvG/ADfzqdAb8
RrldTJNJJoMFHrtcmd7WK/ksrf3T5hcq7ZvNSP4NjQXI78DqLYF8faYMk2Gs9phr
cnY8L8o+2Oq955DGEZY+96gJmo2khZ/jfunoqoFQDgare4/iV5etkXxU4XW9WKse
Cx8ohQKZqQr31LdHpLqexYv4RcWLgdvarAH4E9iliYbGCUrPTtvEAT8LlnXe5p98
LlCGtU1SwhiYyRPgd39i1RPzAh27VMezdAaYgU557PEQpkdKuuLBPa7QUENNGYc9
KwAbN0PoMlNmLb4bhIjHPmndGLOcEX0GydV2gJ3EIyUR6bpdvxgUDJbUPaWgXACi
r9gnsCUeKh1O7yFtkmXtK/S0vhHZob/O1nLR/NrjiSGGCBbuF2wV7YyGsQ5sgyGh
QpWLWa5WEZe4rGfsdK/7bwrLdf3S9WnUkhgTKD+Bbz5tAN+oTn0=
=N6k1
-END PGP SIGNATURE-

Accepted elfutils 0.168-1 (source) into unstable

2017-05-27 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 27 May 2017 15:05:37 +0200
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.168-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Closes: 859990 859991 859992 859993 859994 859995 859996
Changes:
 elfutils (0.168-1) unstable; urgency=medium
 .
   * Fix CVE-2017-7607 (Closes: #859996)
   * Fix CVE-2017-7608 (Closes: #859995)
   * Fix CVE-2017-7609 (Closes: #859994)
   * Fix CVE-2017-7610 (Closes: #859993)
   * Fix CVE-2017-7611 (Closes: #859992)
   * Fix CVE-2017-7612 (Closes: #859991)
   * Fix CVE-2017-7613 (Closes: #859990)
Checksums-Sha1:
 0867044ad2916bf3d5c2db274469562edc076de3 2549 elfutils_0.168-1.dsc
 53e486ddba572cf872d32e9aad4d7d7aa6e767ff 6840399 elfutils_0.168.orig.tar.bz2
 5326af61e2ecf811ef1ede808f9e788219295fc3 473 elfutils_0.168.orig.tar.bz2.asc
 098c14df4c0f3fbc918ac06ffb27b5c07baa6055 39964 elfutils_0.168-1.debian.tar.xz
 1c6bc5ab60ba56406ef1d3254129b6524bbb26b7 6099 elfutils_0.168-1_source.buildinfo
Checksums-Sha256:
 b29e03a3d515d9accd52019ff7c75762ae5e61285453518ff90d538e9878ad7f 2549 
elfutils_0.168-1.dsc
 b88d07893ba1373c7dd69a7855974706d05377766568a7d9002706d5de72c276 6840399 
elfutils_0.168.orig.tar.bz2
 f455fc014b59a0d80ab921935d20f26e64f411a424d4be29ec5bf3a1378f3002 473 
elfutils_0.168.orig.tar.bz2.asc
 5517922b1025d32903759c46f9a1f656e3e367c5ea036dc54b32cbbe68a5f300 39964 
elfutils_0.168-1.debian.tar.xz
 93412aa60a3ce37d2d2d2210895dc243c3fd7f5ab1b82ba2e06ff78e84874736 6099 
elfutils_0.168-1_source.buildinfo
Files:
 0bff5a8b0f6ba938b660826f365ec8de 2549 libs optional elfutils_0.168-1.dsc
 52adfa40758d0d39e5d5c57689bf38d6 6840399 libs optional 
elfutils_0.168.orig.tar.bz2
 7305e2dd0db220864ad7aa674d47c0e2 473 libs optional 
elfutils_0.168.orig.tar.bz2.asc
 76f927edf68a4d0e784f3e34fc8b54f6 39964 libs optional 
elfutils_0.168-1.debian.tar.xz
 26b392c9c05cb3c3f220dbc928f45466 6099 libs optional 
elfutils_0.168-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlkpfqsACgkQ48TdzR5M
EkTbBA/8DV4POCFvCKMoTl5Xh3SZC2sHEvQhx/CPrRuljXz5TwAjqeJHTI1IVFqq
M6BnDRZmdMcSETKDchywRf148Va4acsqnBL1dYwgNM0jJD+stzWkpPjbax/0B134
ZVu2v8CShJGKlg134X8xN6ZONd/KO9eylHaYpbK3snyik9gMJVQ/QCNo1yM3hcwy
RfiIaY3P+drGGdnSaCiQTUZnxzy9AY1eOSduxMmyWfBdOsHju3krdsygmgYkqFC5
ENOqk08ObIMoalQtUufIm2ftPyhuC1GJnM92yApRv/giXsoqID+T6a4bC0ayXg9E
A0q/HEzvNnBKaW7WcwCbRNTMs76WTFPebvbH8AQOl24ybLNABgO6vgYA16lxU8dv
Ihfz9/ezeCHdn94pkOrXmqEY+CVjUonwBvStsBYEDBjSI7dSKCRP18XN3J5gd9PZ
ZRtYtjPDzE/DrYDIuK4n1m54vhq1ctqkdgCAfgSUVru9CCmYnMa5MwEjra+gefDo
/kzTWT9tTntk4uxNAw2YWVUVnrPu9TI/SOsEd1kUA3M0sZISdoZhA39m/LfSwqzb
Vr9Snar3/tzFsif2NLLHCrpk4EocppEa3u74dK0MMlWYaTPAS2FnereFsqPf7PBF
UyBZR+rOHDtR35KJ799iGHZccWQ8+dUwe4Jvwmti8g7Z3BM0oTA=
=TqKI
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2l-1 (source) into unstable

2017-05-25 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 25 May 2017 22:53:57 +0200
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2l-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Closes: 861145
Changes:
 openssl1.0 (1.0.2l-1) unstable; urgency=medium
 .
   * New upstream release
 - Properly detect features on the AMD Ryzen processor (Closes: #861145)
   * Refresh valgrind.patch
Checksums-Sha1:
 fe8aaa4dbad1b59b17acf1f332e7f08a65899b30 2529 openssl1.0_1.0.2l-1.dsc
 b58d5d0e9cea20e571d903aafa853e2ccd914138 5365054 openssl1.0_1.0.2l.orig.tar.gz
 82a8013979d2aaa437bf58bf99355317b25e2e2a 455 openssl1.0_1.0.2l.orig.tar.gz.asc
 ca6f0436b7cfacf6b059a4a614a41222f2c71614 75856 
openssl1.0_1.0.2l-1.debian.tar.xz
 456ab978184f8a3c10fdb041968c27f46c66eaea 5202 
openssl1.0_1.0.2l-1_source.buildinfo
Checksums-Sha256:
 a691354d824009f58d3640a9103953b2ac21ae33b8c563d347b0e27510efedb6 2529 
openssl1.0_1.0.2l-1.dsc
 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c 5365054 
openssl1.0_1.0.2l.orig.tar.gz
 ad459d4de6c30c1889272e38144598847c8ba8e5f0892797543607e8d6d9be5f 455 
openssl1.0_1.0.2l.orig.tar.gz.asc
 68d30a3901c174d35c447d20c1c9ea8d0eea19e56c4d0bcf670e8cae71c81714 75856 
openssl1.0_1.0.2l-1.debian.tar.xz
 749aa91427517441dde6cb802c9bbebcac5b9a2af5c5885c6f49c443666740b8 5202 
openssl1.0_1.0.2l-1_source.buildinfo
Files:
 d53330656cdb3988bf8765a075902b8f 2529 utils optional openssl1.0_1.0.2l-1.dsc
 f85123cd390e864dfbe517e7616e6566 5365054 utils optional 
openssl1.0_1.0.2l.orig.tar.gz
 349b0b84fea6cdb910f59e3174a9167c 455 utils optional 
openssl1.0_1.0.2l.orig.tar.gz.asc
 6bc2851a25d91526fda35e33e9fb025e 75856 utils optional 
openssl1.0_1.0.2l-1.debian.tar.xz
 54a07c4c48c04934d5a69f8290b87bc9 5202 utils optional 
openssl1.0_1.0.2l-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlknSmEACgkQ48TdzR5M
EkTaRQ//Xr2chprRKQ5HlXorI8oH4hRNEzRnPhxyMgfospGdWM/kLVj6HEfGLw0G
VVb7rNqpAdQ7/H86p2dcchxNOHDuvlwVRWyRd/a6fk9FC/4PnCzpoGX9HY7InyC+
qyKjRjYTPSOlWB7g79RF459n8WCcv0h5EXSlQcYXMrT2ABSXGDt4mJjUZ+XXUOWi
2bW3pPfM0PDok9lrbOSOQNnV9LIQTdywn/bF2pkEGfHk7JaiBQzQMRMrrCwyNnmG
zO9sK+hZllzYQqPg7MTLCmJc6I8z1OxlZe/FlrH4F99yK+geP+5jvPYxo2HjUhcl
s2lKCqrUd9W+MAHSElf+//MC3fSLyTlusAjmuTcbEOqjAfuYBihiCg7NvJU0yqh+
llsybSiE1BGB48OM68hQhrToZSTphp6Iau7ERl39mlQeadL0n5VMFgbrLUONyVlX
Px/izfO0/LmOKm+xNXSJd6kN6xahLL+GcJGFCJ77+pBqdFwTW4aAPhTJ1PY85WcT
xGI6zYL5k2AJj1M7hSR4uW0c7EsOKBtO4Dm/SvGPv+WuHlAK2waZBnB10T8QIgJu
Q8QIny6CBVUPA2MpaNEaR7SCsVbZQS66Fgcz1f04BW2or+tq2IfewJei2tud4x1d
a1vAdMxrf3TRCYSoINGIGn1n6wsED6abpcydotBsnIm80DkflKI=
=pVJV
-END PGP SIGNATURE-

Accepted openssl 1.1.0f-1 (source) into unstable

2017-05-25 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 25 May 2017 18:29:01 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 839575 859191 861145
Changes:
 openssl (1.1.0f-1) unstable; urgency=medium
 .
   * New upstream version
 - Fix regression in req -x509 (Closes: #839575)
 - Properly detect features on the AMD Ryzen processor (Closes: #861145)
 - Don't mention -tls1_3 in the manpage (Closes: #859191)
   * Update libssl1.1.symbols for new symbols
   * Update man-section.patch
Checksums-Sha1:
 1278ae2b062e21d6733a690145ea35e2c71ca627 2583 openssl_1.1.0f-1.dsc
 9e3e02bc8b4965477a7a1d33be1249299a9deb15 5278176 openssl_1.1.0f.orig.tar.gz
 20caf5129e5791e14434e80f48e70b397c471c35 455 openssl_1.1.0f.orig.tar.gz.asc
 d912d8d9bd9517ca263a98196fd845193fa7f507 53460 openssl_1.1.0f-1.debian.tar.xz
 412406af3b846ace72ecbc2d20ac2e9d0a855daf 5200 openssl_1.1.0f-1_source.buildinfo
Checksums-Sha256:
 5cf2b7cb18228d5050e86d155f14d03fe2b2a17c7cdccfe7a235285fc45746fb 2583 
openssl_1.1.0f-1.dsc
 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 5278176 
openssl_1.1.0f.orig.tar.gz
 9f2feb0494ebcc1cf152d95a11bc966cb94bc1957d88650285db3966866801b0 455 
openssl_1.1.0f.orig.tar.gz.asc
 767136df6a4ddce89ea754dbcbfc59e47a7b442a7f8e428b7ec8299293d69ba4 53460 
openssl_1.1.0f-1.debian.tar.xz
 f0c7b27127be34f5745751e80e8ec2204a772c4172197f3bfa41f9430974bf28 5200 
openssl_1.1.0f-1_source.buildinfo
Files:
 d5d4351e78d035bfe07da6c5ca613e10 2583 utils optional openssl_1.1.0f-1.dsc
 7b521dea79ab159e8ec879d269fa 5278176 utils optional 
openssl_1.1.0f.orig.tar.gz
 f2299a5b1d38b4113eb909feb0603566 455 utils optional 
openssl_1.1.0f.orig.tar.gz.asc
 fee7fa5ebc564b1ea7314e6cd5554bd5 53460 utils optional 
openssl_1.1.0f-1.debian.tar.xz
 07cd26a236e163063c1a3c452cb21859 5200 utils optional 
openssl_1.1.0f-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlknSh0ACgkQ48TdzR5M
EkQFNBAAjwY6DRqFZ09Zp82pXoOq36cyd5mDKMxPyWtfRFG5ND9bZuRsJjN1c7AC
sLms9ioCzS3qKys30TIMTtfWxXZQAFj9NQe82e5XZKGq3HN/5Nuixopkpc8QHIBT
o1RrQ7WDEzDkq8WqZx5sslnBAbtnA/eRy5tgei46ToNM0nITakUql9Rnyi0DfN2t
F8WbpOZHUFHG9ZAtYUC7vc/Oce2P5HVqcnEc4fYZCyMNVhocB62a0TeFNdLJuIfI
BVRRvuGkDP+/6ObxEhwJaKA2fJNFfnNr52YTEvrBO03wgDCnHad9HC5DPRs/7zAH
s5+DADypYN5D8RZF17FQ/ZpI0gQfnwqvH9JP0iC4Q2xHvUccbG8FiZZdb52Js9g0
PErfGRzgSZII4oFm4k8/AOf6yse3Ri6xJyuzLbJGRKeqRcHRGLgAdORWWXMZzUlU
MIq/9LuzK7t17t91eP75pOEEl6kyD8xC6RSZd6+tgH4y7lavV3J+CW5GsKVn6HBM
5W6Ts9nHr8/fvDji6Z6X8SA7iZVuggayAFV3Wxrp0oYf68MjWusB3Cy5bdaCY14f
svbwuja0GfeDFiHO3r3N+arJZEyCvBGGvvAF1wV1Mw8aNN2jwp94Bo0YmPQDoQEd
V8uqptUo2allyD/JOqfMM358FPzrx13A6AaBzGQbwvjubNSrpG8=
=+YLU
-END PGP SIGNATURE-

Accepted ntp 1:4.2.8p10+dfsg-1 (source) into unstable

2017-03-22 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 22 Mar 2017 21:53:40 +0100
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source
Version: 1:4.2.8p10+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian NTP Team <pkg-ntp-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 ntp- Network Time Protocol daemon and utility programs
 ntp-doc- Network Time Protocol documentation
 ntpdate- client for setting system time from NTP servers
Changes:
 ntp (1:4.2.8p10+dfsg-1) unstable; urgency=high
 .
   * New upstream version
 - Fix security issues
   * Update openssl-disable-check.patch
Checksums-Sha1:
 c0e7a064edfba4396607b2e232912587eaae6cda 2266 ntp_4.2.8p10+dfsg-1.dsc
 735363c8501fbce1f12a5f2bed85f3a0907fa13d 4250528 ntp_4.2.8p10+dfsg.orig.tar.xz
 bdc290b5c9d2b5d8a8b4c2d8ff25aaeb5e7dfa73 54036 
ntp_4.2.8p10+dfsg-1.debian.tar.xz
 fde037257b35d658318f7e64f76785f08eee8c51 6807 
ntp_4.2.8p10+dfsg-1_source.buildinfo
Checksums-Sha256:
 47c2dd108159e09ebe9b53766ef6cff1f2cbeb24233cac42028b5964d8e5ae27 2266 
ntp_4.2.8p10+dfsg-1.dsc
 f5386e7ee483956899886508bba2297156573b4619c9237321798171842cdc8f 4250528 
ntp_4.2.8p10+dfsg.orig.tar.xz
 9596516aed5edc92bf398cb0db22774a6ef826d91491300350c1804606bff4a7 54036 
ntp_4.2.8p10+dfsg-1.debian.tar.xz
 c0b57c32c98085414b81bafc2de8c1672bbf70e481f92c5743a9ecfde18ae166 6807 
ntp_4.2.8p10+dfsg-1_source.buildinfo
Files:
 9c1eca18f86e6916677ab2b967ebf292 2266 net optional ntp_4.2.8p10+dfsg-1.dsc
 ce44b9cc122f8ed762e8e9652c2d30d8 4250528 net optional 
ntp_4.2.8p10+dfsg.orig.tar.xz
 92dc5148841d0f03f72e702248d6f695 54036 net optional 
ntp_4.2.8p10+dfsg-1.debian.tar.xz
 8427dc3763bd1483ab657e7e1ad7a41f 6807 net optional 
ntp_4.2.8p10+dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAljS6FIACgkQ48TdzR5M
EkSP2w//RBceKcO1uOpT1klaArzP++KgrVslfmek0yY28k6LlgfvB9OZ7bN+EFVj
nXLm/t+qGoAc7pb7TXfj0736MmF5UgYg/buvqnPINybRXU8d4fJdzrZ1Mo2xA18Z
fJELBngV1abZT4pRB7UTUzwHOfZqqRYfSLoid53ryph8MdFm9DW0rPn/TyfM2efC
Fbkm6KY6aeoCAq/E2ty08mxiF8jZkEgyqt+Ztuq6rZlPmYpnPdqW96iucSTW3++I
P7GP4C78FEnQ+Nq5BvdrulDUSGhfAtheSL/42YO0Dz386030CVA96XVO1IpVZzjh
zPgLNEnNxLXPqTp9MqVIq2lLqc3KO+wBiAA6WIMO8h5MRLqYoAzTCleRjxqDMM4L
AxaPqMCUpcizkvuzP/TfjKidk3lUjX1i3mdAHsnLmYjjYfCLwZPPIStPA6hbBV3M
oMo6ARfhRS9I3ema92pLUTrfNh9c4BiFeeKgm+tyayFMKbwVWqTi8yMGO+j00/Ir
3b70lJoU4jA0pLUVz1UtQ4l8ICO9P8R7gPI9WVMICXjSiR6CSNeBokUd9J/W/0Ba
gY8cdoNv+seHrpKeK5Mo/Mz3kN2j6f5z9hIFG6Q9IQxWi4b7/gL3HMZ5wm84lU9B
vncDSwDeaIg8JhKlbnPYTO3wmzcEdFVe1W9ecGjGh+Xzfni3VOE=
=T3Ms
-END PGP SIGNATURE-

Re: systemd, ntp, kernel and hwclock

2017-02-28 Thread Kurt Roeckx

On Tue, Feb 28, 2017 at 05:04:08AM +, Ben Hutchings wrote:
> On Mon, 2017-02-27 at 19:30 -0800, Russ Allbery wrote:
> > Ben Hutchings  writes:
> > > On Mon, 2017-02-27 at 16:09 -0800, Russ Allbery wrote:
> > > > Daniel Pocock  writes:
> > > > > However, at the time when I ran ntpdate, ntp was not running.  I had
> > > > > brought up the network manually due to an interface renaming issue on
> > > > > the first boot.  Maybe when somebody runs ntpdate in a scenario like
> > > > > that the kernel is not sending the new date/time to the hardware
> > > > > clock.
> > > > Right, ntpdate for some reason doesn't set the flag to do this.
> > > 
> > > [...]
> > > There is a very good reason, which is that without continuous
> > > adjustment the system clock cannot be assumed more stable than the RTC.
> > 
> > If you've literally just synced the system clock to a remote NTP server,
> > why could you not assume it was more accurate than the RTC?
> 
> For that instant, sure, and ntpdate could follow-up the one-shot system
> clock synch with a one-short RTC synch.  But the kernel doesn't provide
> a simple API for that, and it's easy enough to add "hwclock --systohc"
> to a script right after "ntpdate ...".

If anything, having ntpdate call hwclock might make sense.

Having ntpdate clear the unsynced flag doesn't make sense since it
would start writing a time to the RTC each 11 minutes, and as Ben
said you have no idea which of the 2 clocks is the most correct
one.

I can also understand that systemd doesn't set the clock for just
the same reason. Either the clock is synched and it's written, or
it's not suched, it's unknown which one is the most correct, and
it's not written.


Kurt

Bug#855342: RFH: ntp

2017-02-16 Thread Kurt Roeckx

Package: wnpp
Severity: normal

Hi,

I could really use some help with the ntp (network time protocol)
package. There have been various bugs filed, and I didn't have the
time to properly look at them and deal with them.

It's currently team maintained, but I've been the only one doing
anything the past few years.


Kurt

Accepted openssl 1.1.0e-1 (source) into unstable

2017-02-16 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 16 Feb 2017 18:57:58 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0e-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0e-1) unstable; urgency=high
 .
   * New upstream version
 - Fixes CVE-2017-3733
 - Remove patches that are applied upstream.
Checksums-Sha1:
 730a4e8c7a1ebb55c162a89d3be785bfdfe936d9 2583 openssl_1.1.0e-1.dsc
 8bbbaf36feffadd3cb9110912a8192e665ebca4b 5202247 openssl_1.1.0e.orig.tar.gz
 0702ac9dc65e2cd83b49095599e090f6443a1c9f 455 openssl_1.1.0e.orig.tar.gz.asc
 bf189e0d7b85fc17dd533520b4f65d74634c990c 52864 openssl_1.1.0e-1.debian.tar.xz
 5ce23a418d7500f542342c880827d1c8c41f7077 5525 openssl_1.1.0e-1_source.buildinfo
Checksums-Sha256:
 8d813e7a52b4732e0af7cf8cab1436ae7f00e012594c26c401c1eec0e82cfe64 2583 
openssl_1.1.0e-1.dsc
 57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6ebdee8975ad3874c 5202247 
openssl_1.1.0e.orig.tar.gz
 05ab4b1019da59963890509ad9ff3142c72df0b3baf4a38043392aff99e6a13d 455 
openssl_1.1.0e.orig.tar.gz.asc
 3063329a11696c03f3330991089d4c028c5b0a61ccc3e31e5189ca3b96cd5b3c 52864 
openssl_1.1.0e-1.debian.tar.xz
 43bec63fac2d979b393b457d747347ea9214f4e0a8edf973256c0c5bde4f06e5 5525 
openssl_1.1.0e-1_source.buildinfo
Files:
 2a2e1c51b8f88826484627daa47ce5ec 2583 utils optional openssl_1.1.0e-1.dsc
 51c42d152122e474754aea96f66928c6 5202247 utils optional 
openssl_1.1.0e.orig.tar.gz
 dbfe7b058365c8e1e477c2e7a4b7f492 455 utils optional 
openssl_1.1.0e.orig.tar.gz.asc
 3687d31ed8eb107018603950503d69f0 52864 utils optional 
openssl_1.1.0e-1.debian.tar.xz
 03403c09fcfdc48075c48b9beaa8b069 5525 utils optional 
openssl_1.1.0e-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlil7eQACgkQ48TdzR5M
EkRDow/9EzIB6rI9VTz43amOav49n3Lr2TUTmyg9xsvDDpEIeJZXs4JVGAklRWnX
XowrtZm/6ctBmJJj7aF9Is1hIZ2CobarUh0DL14hPQSlCroL+tbFCD7icsV1QN8F
IwoULTWHG5Ffpd+OTSDZ0lUPj4pVrz4r4KuxUA/e7FQb5Y13TzbSG5V6wGVeqy7v
CqHP7PHt4pxkV9WdgdB+yObS2/qAcn2EFaf9mO48qWVM8b73WFbpRbmpMpqwFUes
p2st2F7X50bf0l2tdbdBRNqsBkVGIpQI0GPQhpEOmTufAS+0GGSMiS0VY9L5LDPV
fgikT5PHjqaRBXycWm32+ir4Xc38e13NNZdhLE3Yru1ldz/oFO6e22zTZIcf9a23
d9TkH3PPkXiNWEkqcxpW8njOdCcwjdVdVo5r/BI5Ubkjn+xFQtB/GxbKMyAC2iv+
yn3tkfAAZd7XsGH3xoymXX5mh5W7I4ykHM9Gsqs9xGOazhTLEV8ciFqrnQXsJy+U
Bpk2S8eEpc/08MUGTzcxil4k+/zFsinrlBiHXUmPj+BXKEeJqJTGpDipqqzLUbgL
0Y2wHeyRJH/aQlQa6yEzlpBZrxcvp/sFXbOATOiNYSkEkisKgea+bYBphqXhIo2z
nxMeSrnbxsiC0/XyMZ9dFbfQ3HXMvrUUPSgCKQAioqAgo5LgmLc=
=eTg+
-END PGP SIGNATURE-

Re: armel after Stretch (was: Summary of the ARM ports BoF at DC16)

2016-12-13 Thread Kurt Roeckx

On Wed, Dec 07, 2016 at 03:53:31PM +, Steve McIntyre wrote:
> AFAIK there are potentially still similar problems with ARMv5 - lack
> of architcture-defined barrier primitives for C++11 atomics to
> work. (I'd love to be corrected on this if people know better!) This
> is one of the key points here. More and more software is expecting to
> use these primitives, and a lack of them is a major problem. To
> demonstrate using gcc, you can see that lock-free atomics only started
> appearing in ARMv6 and were improved in ARMv7:
> 
> $ for arch in 4 5 6 7-a; do echo ARMv${arch}; echo | g++ -march=armv${arch} 
> -dM -E - | grep -i lock_free; done
> ARMv4
> #define __GCC_ATOMIC_CHAR_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR32_T_LOCK_FREE 1
> #define __GCC_ATOMIC_BOOL_LOCK_FREE 1
> #define __GCC_ATOMIC_POINTER_LOCK_FREE 1
> #define __GCC_ATOMIC_INT_LOCK_FREE 1
> #define __GCC_ATOMIC_WCHAR_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LONG_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR16_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LLONG_LOCK_FREE 1
> #define __GCC_ATOMIC_SHORT_LOCK_FREE 1
> ARMv5
> #define __GCC_ATOMIC_CHAR_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR32_T_LOCK_FREE 1
> #define __GCC_ATOMIC_BOOL_LOCK_FREE 1
> #define __GCC_ATOMIC_POINTER_LOCK_FREE 1
> #define __GCC_ATOMIC_INT_LOCK_FREE 1
> #define __GCC_ATOMIC_WCHAR_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LONG_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR16_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LLONG_LOCK_FREE 1
> #define __GCC_ATOMIC_SHORT_LOCK_FREE 1
> ARMv6
> #define __GCC_ATOMIC_CHAR_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR32_T_LOCK_FREE 2
> #define __GCC_ATOMIC_BOOL_LOCK_FREE 1
> #define __GCC_ATOMIC_POINTER_LOCK_FREE 2
> #define __GCC_ATOMIC_INT_LOCK_FREE 2
> #define __GCC_ATOMIC_WCHAR_T_LOCK_FREE 2
> #define __GCC_ATOMIC_LONG_LOCK_FREE 2
> #define __GCC_ATOMIC_CHAR16_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LLONG_LOCK_FREE 1
> #define __GCC_ATOMIC_SHORT_LOCK_FREE 1
> ARMv7-a
> #define __GCC_ATOMIC_CHAR_LOCK_FREE 2
> #define __GCC_ATOMIC_CHAR32_T_LOCK_FREE 2
> #define __GCC_ATOMIC_BOOL_LOCK_FREE 2
> #define __GCC_ATOMIC_POINTER_LOCK_FREE 2
> #define __GCC_ATOMIC_INT_LOCK_FREE 2
> #define __GCC_ATOMIC_WCHAR_T_LOCK_FREE 2
> #define __GCC_ATOMIC_LONG_LOCK_FREE 2
> #define __GCC_ATOMIC_CHAR16_T_LOCK_FREE 2
> #define __GCC_ATOMIC_LLONG_LOCK_FREE 2
> #define __GCC_ATOMIC_SHORT_LOCK_FREE 2

What you're actually showing is that even for ARMv4 they are
sometimes lock free by using the kernel support.

> There are kernel helpers available to provide some atomic support, but
> they'll be very slow compared to real hardware support at this level.

I was under the impression that that's not the case:
https://lwn.net/Articles/314561/


Kurt

Re: OpenSSL 1.1.0

2016-11-23 Thread Kurt Roeckx

On Mon, Nov 21, 2016 at 11:30:13AM -0200, Henrique de Moraes Holschuh wrote:
> On Mon, Nov 21, 2016, at 11:06, Jan Niehusmann wrote:
> > On Mon, Nov 21, 2016 at 11:11:09AM +0100, Tino Mettler wrote:
> > > At the end I noticed that Qt will stay at 1.0 (by glancing into the
> > > changelog of the relevant upload) which means that my package also has
> > > to to stay at 1.0 and the whole excitement resulted in just a changed
> > > build-dep.
> > 
> > I'm not so sure about this any more:
> > 
> > In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844018 Stepan
> > Golosunov wrote that according to his understanding of dlsym(3), it
> > should be fine to link a program with OpenSSL 1.1 and Qt at the same
> > time, even though Qt links to OpenSSL 1.0.
> > 
> > Can somebody who knows OpenSSL, Qt and dlopen/dlsym well enough confirm
> > that?
> 
> The linking is fine, I believe even any eventual globals (if any) will
> be correctly handled in Debian nowadays.  What causes extremely nasty
> issues is layering violations causing openssl data structures to leak
> from something linked to one version of the library, to something else
> linked to another version of the library.
> 
>  If, at any point, internal data structures from openssl are exposed, or
>  OpenSSL contextes are passed between two libraries, or a library and an
>  application, *they must all be from the same openssl*.
> 
> This is not something the linker or dlopen/dlsym can enforce.  And you
> need to manually inspect the code to be sure... usually.

I've always had the impression that there are or used to be
probems using using dlopen()/dlsym(). Maybe related to some things
like RTDL_GLOBAL that causes the symbol lookup to go to the wrong
library. Do you know of any problems related to that?

Note that QT is one of those that uses dlopen()/dlsym() when
calling openssl functions (for license reasons).

> So, if Qt *ever* exposes its use of openssl anywere in its APIs, it
> might not be safe.   If it doesn't (i.e. at most you have a qt flag that
> says "use SSL", etc), then it should be fine.

It seems to be doing this in qtbase5-private-dev. Not sure if
there are actually any users of it.


Kurt

Accepted openssl 1.1.0c-2 (source) into unstable

2016-11-21 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 21 Nov 2016 22:20:00 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0c-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 844234 844715
Changes:
 openssl (1.1.0c-2) unstable; urgency=medium
 .
   * Revert behaviour of SSL_read() and SSL_write(), and update documentation.
 (Closes: #844234)
   * Add missing -zdelete on x32 (Closes: #844715)
   * Add a Breaks on salt-common. Addresses #844706
Checksums-Sha1:
 7e26a7d98166e6c8d0d0d50ca2dc989942de14af 2552 openssl_1.1.0c-2.dsc
 5b0556f53c427e14e660151b56b82d40dba65967 55392 openssl_1.1.0c-2.debian.tar.xz
Checksums-Sha256:
 a6ca664b8443ad1ed01cc90a9c8d8af8a079efa471536ec971a1bf2f5b8253a0 2552 
openssl_1.1.0c-2.dsc
 c47b1d2df11b061243bf91ecd95130840ebe7e6a84a6bf1b063d1953e9fddda5 55392 
openssl_1.1.0c-2.debian.tar.xz
Files:
 5a5f07499eb6dda464b325bda91f6a89 2552 utils optional openssl_1.1.0c-2.dsc
 60826b6aa69cd73a00c810f29a37bfe8 55392 utils optional 
openssl_1.1.0c-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYM2qCAAoJEOPE3c0eTBJEMpgP/itd/WDBSUqFLrjcYNXqwxNy
5eOhMC3o3Qmr63/vWjTM/vC284IgpHW3rfv5fJ1oZ8t07DtDdbVeqP3MzsZGsVcM
1vkqfQaeQsrO7fgoh4oZWmOOEiA48QaalupMHd3OxwW1Ld6B/TXrf5iAU4UlIemP
FsA2uoBGa7faRy05XvZMC5wJGVqzxcdoXxmDwUnyj4km6V5TFDuObfFzVEtBDUop
kWdTX7UfjNfgw5yKtnpNNdyQBhVT/TNYeJ1QBFksq7ZPhqaIhj60Z6swSEqSAt2x
smG2Xpr/hD1MnhoEbcZrTDj+FpDhXKFJd1oe1MxH+OnciQZEqJGI9Xjda+MNkljV
4LWjVwztkkDKQg8YUhXQHP8mz0BfdTJ0bGIXNNj2DQWK8F1SMyvxguNlduFz7zfP
P9bcUv7jBQQtzBMlIwSG73q/gQpAwG1hBPVIwPAr2m+4lf5Avi7IUuXdaYEaZP3V
sWF/hT14r/C8oNBxC5P29f3p20voVMFAgSKNRMdX6h2a7Z5QySLIeGD0gFE1MH2l
BUCXVzM78yJqyR252xg8GlzQlOHnMgYouurrrqnIC0Y5DvbPxgrBGVCoH5EhAoIK
/zJGQT7hgz2pOBE2hauEbzGxjp5NuNF1Kzk1I+OkeUaDqEUMh9RyEQjsFtlmv+x9
u3Irt4pCy6pFJMRh+7t5
=3YDj
-END PGP SIGNATURE-

Accepted ntp 1:4.2.8p9+dfsg-2 (source) into unstable

2016-11-21 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 21 Nov 2016 20:09:17 +0100
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source
Version: 1:4.2.8p9+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <pkg-ntp-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 ntp- Network Time Protocol daemon and utility programs
 ntp-doc- Network Time Protocol documentation
 ntpdate- client for setting system time from NTP servers
Closes: 839998
Changes:
 ntp (1:4.2.8p9+dfsg-2) unstable; urgency=medium
 .
   * CVE-2016-0727: NTP statsdir cleanup cronjob insecure (Closes: #839998)
 Patch by Salvatore Bonaccorso <car...@debian.org>. Patch was dropped
 in 1:4.2.8p9+dfsg-1.
Checksums-Sha1:
 8dde0a4b583d19cefbd5753667551e35f020d5d6 2227 ntp_4.2.8p9+dfsg-2.dsc
 5c198057a8f79d6b5f9606adc612bcce152f68c2 53900 ntp_4.2.8p9+dfsg-2.debian.tar.xz
Checksums-Sha256:
 16ed698d33884718a9f2c8f799215768e091b22e954b33ff17924e87007d350a 2227 
ntp_4.2.8p9+dfsg-2.dsc
 9cb06c11359f00f39376d3df43f62c9393ed788222e55e0edd368ee61bba04c8 53900 
ntp_4.2.8p9+dfsg-2.debian.tar.xz
Files:
 24820d1d18b1f9143935ce8344e24426 2227 net optional ntp_4.2.8p9+dfsg-2.dsc
 7e4f04cacd7904d91a985d94a5ff6ddf 53900 net optional 
ntp_4.2.8p9+dfsg-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYM0ckAAoJEOPE3c0eTBJEHqQQAIFPMyylKib6gkI7YzwAncUt
DjsHS5zuLrKX6GfWoJqB7dksAeL4KVwc7ifFXiVGie+HSP1wb1R9/6UcpwAWAbP3
qw3o0G0rtx0/xeLg6pMXSHmieVgR6FegIrPxGjco44e8Gxa0QdVTQizv1WJgAsOt
C1de2bsrr4PUKdaXSB7Ql26XGr8q96l6iOfBR8xK2P0WcwJ8nnNDZENxPueia+jh
AjiVI+sG7QK1NC6cjvdnvWz5ZK5J9shGpukUNvVOB4tg5ZfBmfLNROEpI67kBlrE
tficoJDtum9xWYFABTrO8FQsf8GGXtAwCroqcrkbZ+8LjDYbVLDtvnJEqCfNCOGV
aSBSsYUdnDYb6BuXiy08uWxhbLX6YqAFlNyHpUi2+2jnauFxFRvh0EZoy05byu+m
+R0sw3KWYItDUDu6rAIexKtW/prNfNOrkJNRUMzvt+VnuJD8xIY3M7GWWGF5UXEs
LeB3SMe8RjO4cUjLqdomHSFo0JTX2UcTjnK2nCqEXsqwecM/frCIeTADPT4YWFqK
mzn//3SWLTW898vJBuhDvzzcbDNbBbn2OyXJR6eeIYhtU8NIQRoCeE8vxIBEeNaJ
BfTFLRFf1IvQcPJuVFYPRjt5HvV16tTvW3D+wXVoejyKLSSlY5ZqVnD03PNlaazF
Clklwahtac6UCOnbNqRB
=tdbB
-END PGP SIGNATURE-

Accepted ntp 1:4.2.8p9+dfsg-1 (source) into unstable

2016-11-21 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 21 Nov 2016 19:30:02 +0100
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source
Version: 1:4.2.8p9+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <pkg-ntp-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 ntp- Network Time Protocol daemon and utility programs
 ntp-doc- Network Time Protocol documentation
 ntpdate- client for setting system time from NTP servers
Closes: 600661 617965 802040 823269 828461
Changes:
 ntp (1:4.2.8p9+dfsg-1) unstable; urgency=medium
 .
   * New usptream version
 - Adds OpenSSL 1.1.0 support (Closes: #828461)
 - Fix CVE-2016-9311
 - Fix CVE-2016-9310
 - Fix CVE-2016-7427
 - Fix CVE-2016-7428
 - Fix CVE-2016-9312
 - Fix CVE-2016-7431
 - Fix CVE-2016-7434
 - Fix CVE-2016-7429
 - Fix CVE-2016-7426
 - Fix CVE-2016-7433
   * Update watch for new version specific URL. Patch from
 Nicholas Luedtke <nicholas.lued...@hpe.com> (Closes: #823269)
   * Make ntpdate-debian use the DHCP servers. Patch from
 Christian Ehrhardt <christian.ehrha...@canonical.com> (Closes: #617965)
   * Move dhcp temporary files from /var/lib to /run. (Closes: #600661)
   * Wait for ntp to die in the stop target. Patch from Christoph Biedl
 <debian.a...@manchmal.in-ulm.de> (Closes: #802040)
Checksums-Sha1:
 4b7546d868bdefad1594d01684ea2d007abb6b6a 2227 ntp_4.2.8p9+dfsg-1.dsc
 45ec58a4b9ec1e814763305233e6f68f17b3ef71 4231056 ntp_4.2.8p9+dfsg.orig.tar.xz
 b0724578faa77a13b3caaad232e12194f5d84e10 53716 ntp_4.2.8p9+dfsg-1.debian.tar.xz
Checksums-Sha256:
 7204663c7485f98bec34a78068a37c444036925533b73359e0c1fe0fe7832a77 2227 
ntp_4.2.8p9+dfsg-1.dsc
 be24e8fa447366b9fbe4b51ff72a5da2deb5c48eddd59a97d395aebd52c1372c 4231056 
ntp_4.2.8p9+dfsg.orig.tar.xz
 50ab9d6fd08177efa41debe5ce8db7e721440625e9c5d4ab807371387159e43f 53716 
ntp_4.2.8p9+dfsg-1.debian.tar.xz
Files:
 b178a7d76e0326ea8c0ee4fa794949bb 2227 net optional ntp_4.2.8p9+dfsg-1.dsc
 979d47b6f0ad3e43ad481523930fc1c6 4231056 net optional 
ntp_4.2.8p9+dfsg.orig.tar.xz
 650025143c0ee77be86aab8da5361919 53716 net optional 
ntp_4.2.8p9+dfsg-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYMz49AAoJEOPE3c0eTBJEHbsQAJXKNDmsv+iiiM9laoh1+iJ/
wQWH7x9uz/u2PYLosu534nWjzZ7YXiQ+Nm1ghzriQ7xgaQ0wLsue0r0VWGJ0zEzx
ggRdpc6F1NGoNzK58k1zD9H9yU/kucZExMe7yZdM0wZA7xlsInNFgbJWzPI1NdpP
8kp2MmUhQF1PB5vWxf8uhyVUlF7Dh4+TQjg1V47P8W17YhH4+5JPGr1NEhSd2sEY
jFGCqxdrmSpWqnDM41LHjJsWOFzmUk/X/8WJVk7N0KnAiLockf8Bjt+QWRfPTijE
HaEOAeISgSmD1SG4RVnrn9Y0Z+UPENW9GACSpZpizTCZ5kBJGhvsuulZlMocZQkV
xnYO0wRLXu7PGvaHfpBFDm2kQmwzP/JrVnfPuItDWZ7tpgVyHbCqtUT7Q0omf/dS
Czgiez96C2rNWPvgXeXu9L1l0FMbgJlSn23PMWWR5xHJBuGlvAFevtRSGiZYb1No
WSNT29As/kHSDFZblevNmIT+EKkYoruoJPf1lM9glu6FRyKxRlHUx4wwshLdcgbQ
g3QfB43TVh1QEqt6TSOmxdYXumxjIZQYN6VxxNDhKWMIFB+CN/E0zUgwiob5JpWZ
bbqAMmDOxmZxUKq6ikNtPhbsr4+Yu+3tCd1MMLMqofmowJI0dStJ5DMF4y0FgWhN
Y1pfQbyREeL03h2QOGUw
=mmgp
-END PGP SIGNATURE-

Re: OpenSSL 1.1.0

2016-11-19 Thread Kurt Roeckx

On Sat, Nov 19, 2016 at 10:32:58PM +0100, Ondrej Novy wrote:
> Hi,
> 
> 2016-11-19 21:06 GMT+01:00 Kurt Roeckx <k...@roeckx.be>:
> 
> > Chacha20 would be a new feature. Following the policy that can't
> > be added in a 1.0.2 version, only bugs get fixed in it.
> >
> 
> yep, they don't add new feature, but break API between 1.1.0b->c  release:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844366
> https://github.com/openssl/openssl/issues/1903

This is being fixed.


Kurt

Re: OpenSSL 1.1.0

2016-11-19 Thread Kurt Roeckx

On Sat, Nov 19, 2016 at 06:30:06PM +0100, Bernd Zeimetz wrote:
> On 11/17/2016 12:40 AM, Kurt Roeckx wrote:
> > On Mon, Nov 14, 2016 at 07:10:00PM +, Niels Thykier wrote:
> >>
> >> The alternative for ChaCha20 would be to adopt Cloudflare's patches[1],
> >> but that sort of assumes that you are only interested in openssl 1.1 for
> >> ChaCha20 (and not the other changes).
> > 
> > I'm not willing to maintain such a patch.
> 
> Understandable. Did you talk to upstream about the issue? What do they say?

Chacha20 would be a new feature. Following the policy that can't
be added in a 1.0.2 version, only bugs get fixed in it.

We made a new release with new features, that version is 1.1.0.


Kurt

Re: testing OpenSSL 1.1.0 on jessie

2016-11-18 Thread Kurt Roeckx

On Fri, Nov 18, 2016 at 10:18:32PM +0100, Daniel Pocock wrote:
> 
> 
> On 18/11/16 22:12, Kurt Roeckx wrote:
> > On Fri, Nov 18, 2016 at 09:15:53PM +0100, Daniel Pocock wrote:
> >>
> >>
> >> On 18/11/16 21:10, Kurt Roeckx wrote:
> >>> On Fri, Nov 18, 2016 at 03:53:20PM +0100, Daniel Pocock wrote:
> >>>>
> >>>>
> >>>> I wanted to try compiling some upstream projects against OpenSSL 1.1.0
> >>>> on jessie, without installing the package though.
> >>>>
> >>>> I tried the following:
> >>>>
> >>>> dget -x
> >>>> http://http.debian.net/debian/pool/main/o/openssl/openssl_1.1.0c-1.dsc
> >>>>
> >>>> cd openssl-1.1.0c/
> >>>> dpkg-buildpackage -rfakeroot -j13
> >>>>
> >>>>
> >>>> and it builds but only 4 of the headers appear to install:
> >>>>
> >>>> ls debian/libssl-dev/usr/include/openssl/
> >>>> aes.h  asn1.h  asn1_mac.h  asn1t.h
> >>>>
> >>>> Is this correct?
> >>>
> >>> No it's not.
> >>>
> >>
> >> Could you suggest how I can get a build of OpenSSL 1.1 like this?
> > 
> > I can't actually reproduce your poblem, it just works for me (with
> > -j4, only have 4 cores.)
> > 
> >> I don't need to build .deb files, I just need it to be within the
> >> debian/ tree for me to refer to from other build trees.
> > 
> > You could also just point to openssl-1.1.0c/include/openssl/,
> > 
> > Please note that there is also:
> > debian/libssl-dev/usr/include/x86_64-linux-gnu/openssl/opensslconf.h
> > 
> > 
> 
> In my tree, that isn't there, this is all that I see:
> 
> $ find debian/ -name '*.h'
> debian/libssl-dev/usr/include/openssl/aes.h
> debian/libssl-dev/usr/include/openssl/asn1.h
> debian/libssl-dev/usr/include/openssl/asn1_mac.h
> debian/libssl-dev/usr/include/openssl/asn1t.h
> 
> 
> If it is working for you on jessie, maybe there is something different
> in my jessie system.  I have some packages from backports, could any of
> those impact this build?

It shouldn't.


Kurt

Re: testing OpenSSL 1.1.0 on jessie

2016-11-18 Thread Kurt Roeckx

On Fri, Nov 18, 2016 at 09:15:53PM +0100, Daniel Pocock wrote:
> 
> 
> On 18/11/16 21:10, Kurt Roeckx wrote:
> > On Fri, Nov 18, 2016 at 03:53:20PM +0100, Daniel Pocock wrote:
> >>
> >>
> >> I wanted to try compiling some upstream projects against OpenSSL 1.1.0
> >> on jessie, without installing the package though.
> >>
> >> I tried the following:
> >>
> >> dget -x
> >> http://http.debian.net/debian/pool/main/o/openssl/openssl_1.1.0c-1.dsc
> >>
> >> cd openssl-1.1.0c/
> >> dpkg-buildpackage -rfakeroot -j13
> >>
> >>
> >> and it builds but only 4 of the headers appear to install:
> >>
> >> ls debian/libssl-dev/usr/include/openssl/
> >> aes.h  asn1.h  asn1_mac.h  asn1t.h
> >>
> >> Is this correct?
> > 
> > No it's not.
> > 
> 
> Could you suggest how I can get a build of OpenSSL 1.1 like this?

I can't actually reproduce your poblem, it just works for me (with
-j4, only have 4 cores.)

> I don't need to build .deb files, I just need it to be within the
> debian/ tree for me to refer to from other build trees.

You could also just point to openssl-1.1.0c/include/openssl/,

Please note that there is also:
debian/libssl-dev/usr/include/x86_64-linux-gnu/openssl/opensslconf.h


Kurt

Re: testing OpenSSL 1.1.0 on jessie

2016-11-18 Thread Kurt Roeckx

On Fri, Nov 18, 2016 at 03:53:20PM +0100, Daniel Pocock wrote:
> 
> 
> I wanted to try compiling some upstream projects against OpenSSL 1.1.0
> on jessie, without installing the package though.
> 
> I tried the following:
> 
> dget -x
> http://http.debian.net/debian/pool/main/o/openssl/openssl_1.1.0c-1.dsc
> 
> cd openssl-1.1.0c/
> dpkg-buildpackage -rfakeroot -j13
> 
> 
> and it builds but only 4 of the headers appear to install:
> 
> ls debian/libssl-dev/usr/include/openssl/
> aes.h  asn1.h  asn1_mac.h  asn1t.h
> 
> Is this correct?

No it's not.


Kurt

Re: testing OpenSSL 1.1.0 on jessie

2016-11-18 Thread Kurt Roeckx

On Fri, Nov 18, 2016 at 02:22:23PM -0500, Zack Weinberg wrote:
> Daniel Pocock wrote:
> > I wanted to try compiling some upstream projects against OpenSSL 1.1.0
> > on jessie, without installing the package though. I tried the following:
> >
> > dget -x 
> > http://http.debian.net/debian/pool/main/o/openssl/openssl_1.1.0c-1.dsc
> >
> > cd openssl-1.1.0c/
> > dpkg-buildpackage -rfakeroot -j13
> >
> > and it builds but only 4 of the headers appear to install:
> 
> Start over from scratch with -j1.  Seriously.  I haven't tested 1.1.0,
> but the last time I built OpenSSL its makefiles were
> _catastrophically_ broken with any amount of parallelism.  You
> probably didn't even get a complete build, and the source code may
> have been damaged.

The Makefiles were completly changed in 1.1.0 and it should
support parallel building now.

You might want to try -J13 instead of -j13. I've never tried the
-j option. Maybe something is broken in the rules files.


Kurt

Re: OpenSSL 1.1.0

2016-11-16 Thread Kurt Roeckx

On Mon, Nov 14, 2016 at 07:10:00PM +, Niels Thykier wrote:
> 
> The alternative for ChaCha20 would be to adopt Cloudflare's patches[1],
> but that sort of assumes that you are only interested in openssl 1.1 for
> ChaCha20 (and not the other changes).

I'm not willing to maintain such a patch.


Kurt

Re: OpenSSL 1.1.0

2016-11-11 Thread Kurt Roeckx

On Fri, Nov 11, 2016 at 01:23:31PM +0100, Jan Niehusmann wrote:
> Hi,
> 
> But who knows which other packages are silently broken the same way?

At least something like that also came up with xmltooling.
It's probably caused by this:
curl_easy_setopt(easy, CURLOPT_SSL_CTX_FUNCTION, _cb);

You get an SSL_CTX from OpenSSL 1.1 and you call an OpenSSL 1.0
function with that handle. And libcurl really shouldn't have been
exposing such functions directly. If something like that is
really needed libcurl should have made a proper wrapper.

PS: Is there a reason zurl implements it's own hostname validation
checking an doesn't just use libcurls?

Kurt

Accepted openssl 1.1.0c-1 (source) into unstable

2016-11-10 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 10 Nov 2016 19:05:44 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0c-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0c-1) unstable; urgency=medium
 .
   * New upstrem release
 - Fix CVE-2016-7053
 - Fix CVE-2016-7054
 - Fix CVE-2016-7055
   * remove no-rpath.patch, applied upstream.
   * Remove old d2i test cases, use the one from the upstream tarball.
   * Update libssl1.1.symbols for new sysmbols.
Checksums-Sha1:
 808d55163035710bf221570f037cb2b938cf7fec 2552 openssl_1.1.0c-1.dsc
 920e6e7bdaccd94d7564af1097176f11900d20ca 5179668 openssl_1.1.0c.orig.tar.gz
 c1c17721e8685719d649d979ad440d110353b4c1 455 openssl_1.1.0c.orig.tar.gz.asc
 c3caa6e677de2f43bf2c1119326f7f4b85711876 52584 openssl_1.1.0c-1.debian.tar.xz
Checksums-Sha256:
 ee029c17de385db18fe331d6647b82f6e13eed58c56fafe47d5da5d8871a984c 2552 
openssl_1.1.0c-1.dsc
 fc436441a2e05752d31b4e46115eb89709a28aef96d4fe786abe92409b2fd6f5 5179668 
openssl_1.1.0c.orig.tar.gz
 818a933aa7a9a80f1959e0cfe170d34037b8ac6ccf57231b6540a341ff01ed37 455 
openssl_1.1.0c.orig.tar.gz.asc
 c473a7b727b164238bc3a9f8f76fc4c7c75c1a642e0b42e1a4517f2ac9729cd4 52584 
openssl_1.1.0c-1.debian.tar.xz
Files:
 0708864df837aae57c5a631fb1766e9a 2552 utils optional openssl_1.1.0c-1.dsc
 601e8191f72b18192a937ecf1a800f3f 5179668 utils optional 
openssl_1.1.0c.orig.tar.gz
 2be5e91f963afabcc87f03d0e9b71efc 455 utils optional 
openssl_1.1.0c.orig.tar.gz.asc
 cf4f52c3153140362c03aaad413f40cd 52584 utils optional 
openssl_1.1.0c-1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYJLdAAAoJEOPE3c0eTBJEU40QAJsh2BawxlDMeqmoMswWrij/
k2BomCCJo6Y9tQj4Qgb5ezAn9qLB3/6lWw1vp8LRWi3bAa1MIJpYWoSiFnE1d0e+
tNcCR69XGkkVgWUAtpA6M/FITTQorGJmX9kfU8IczW49rrgOAYQsySp/0NHG/uim
feKCFfD5Tr0aWQi1nwvVCkvsxOH8jFZtqhgJ6vFS/Ja6DAGvbXGveTq6rqr5sijh
3uTawZV/Hw2H3h/NaLsp/i1Wy2sJg/OePSKgYAPRuBqXU3bdKYUzo+j8znaN0Q+F
ZXHxjHMx5qmYz9mnRr2ladF6bRB/8y5cOgUTL0QWe2d06yvLVmbLI1M3AvBif6HU
u5FYD4OmL2eW5M6o7ZD3fD7Vn7siN2JBgeKc8+um9yh9em7mFGYgfBLBkMj3d1hk
P5Nc/N8cxpTjgmpF+dAGriRjiVdF5YysdywZ31vP+KJiar0dyxfOB3dctwfmOnuR
q/dcVned2mIuK9Wv91KMQfswL5oJ+ZfMkLDuYofvcFE0gt6q3empKBrG1Y3V1RHW
B+ZWEVrF4bBWTo6aQdv9F/HQaC8dHvIZfcaKJR2M1t42taSXmSmYxA/leslqsEmU
NlmC2gKVXl8sRPXCY6cxGMK50PFz00DIEjWnDFnv02EMT8fH/3nxAPqO9xR+EvSs
qUBAzvx2XuJfMDV12LhN
=h1ds
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2j-4 (source amd64) into unstable

2016-11-06 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 06 Nov 2016 12:07:19 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb 
libssl1.0.2-dbg
Architecture: source amd64
Version: 1.0.2j-4
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Changes:
 openssl1.0 (1.0.2j-4) unstable; urgency=medium
 .
   * Re-add udebs
Checksums-Sha1:
 0bca58608426618d9f4687f3449aaa0436858027 2468 openssl1.0_1.0.2j-4.dsc
 e8ddd597ed6db7829d2062b17c9368a5143bf216 74788 
openssl1.0_1.0.2j-4.debian.tar.xz
 c85ab61cf6b6654514566e0fd4c68d8dca708dbc 875138 
libcrypto1.0.2-udeb_1.0.2j-4_amd64.udeb
 4b8b1a6f04a93ea3af3eec2de297582aaf15db08 1555864 
libssl1.0-dev_1.0.2j-4_amd64.deb
 740508cfa987965834eabfe0faab70e585cb3088 3330870 
libssl1.0.2-dbg_1.0.2j-4_amd64.deb
 4d772af4e5f0adaf558b95d0b6fb05c15e0412b3 141438 
libssl1.0.2-udeb_1.0.2j-4_amd64.udeb
 c50d792adc85175abde3c9166380f0556637c3e4 1290904 libssl1.0.2_1.0.2j-4_amd64.deb
Checksums-Sha256:
 19d9da65e37d460b94cbfb7f7fd306ede46e2d57ea8c5d0fc040ace56ff98cf5 2468 
openssl1.0_1.0.2j-4.dsc
 591263249b907f9b39964bfa3fda94735f5f315b1bb47bf80d5f6e458a5262ef 74788 
openssl1.0_1.0.2j-4.debian.tar.xz
 0eca3da741ffdd355a55dbbdc85f63a928526cf5c47930dc92af3370ad01383d 875138 
libcrypto1.0.2-udeb_1.0.2j-4_amd64.udeb
 b843ad3ce9ee0ec8be6da5d1fa5af3feeef04675f92c9734b3b20ce1e0a4aa7f 1555864 
libssl1.0-dev_1.0.2j-4_amd64.deb
 e0f048437290ef2906857a4b051e9239a5b01fc48c0ea2ea1699bc4903e4b792 3330870 
libssl1.0.2-dbg_1.0.2j-4_amd64.deb
 d6e5e81672fb2585ab40f1dfef6fb300e6e55daa3e65e53c2e5a55abc22b9378 141438 
libssl1.0.2-udeb_1.0.2j-4_amd64.udeb
 8ee7b12254d19d56c195a245d1cb1e88251ca2101007a7a5ee5dc7e582eb12a4 1290904 
libssl1.0.2_1.0.2j-4_amd64.deb
Files:
 351d8f14d1551df8d1a594b8f2f3adc7 2468 utils optional openssl1.0_1.0.2j-4.dsc
 f447de86e9d43ccfa90c7f2bebc6a02f 74788 utils optional 
openssl1.0_1.0.2j-4.debian.tar.xz
 4c93f7716abf79da469c9dc0e10798e9 875138 debian-installer optional 
libcrypto1.0.2-udeb_1.0.2j-4_amd64.udeb
 d754f0f9f826f88edeadf3426a74cc63 1555864 libdevel optional 
libssl1.0-dev_1.0.2j-4_amd64.deb
 e0a66a6373e10eb6c04b8413f0af2040 3330870 debug extra 
libssl1.0.2-dbg_1.0.2j-4_amd64.deb
 3646b999c4e46c35db3605f4eb13edf4 141438 debian-installer optional 
libssl1.0.2-udeb_1.0.2j-4_amd64.udeb
 0f51b472993c29f0277e77175f56c9fc 1290904 libs important 
libssl1.0.2_1.0.2j-4_amd64.deb
Package-Type: udeb

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYHzKFAAoJEOPE3c0eTBJEFGUQAIEN2rRksZwGvi/L2+gBjfUw
X6CipY3Q6egEr8K5KruHKpm3FlB7hGEvQnTcCO18y+0Snlm599UcnjLq/gbvbDsI
EfKmU/jRZYXDDq36DPe/q6dGIRYxWFTmf8SQ/JSqkilzNZs+kN5DumdErjC1d40h
oRz3um1CG0Rt7Q6THyCRhAEyza+HmOzkbJwlzNYwURhaPj1pxgFPQn3b0yYKQSh3
lNLyyWukf5SbJ0E1qxmfII+qOK4ZtVAGQjLL7FbMZXIiiCl1NGienRT0BMB2yvja
jMxpuQtDp7xIE1ih293dAVZVmFZ4kIIKDpWwZc8reAbYX+Y2SBrhTXxAP1rhmaKu
wezUufUuZFbkw7OBK8iyBuCjf1be4p3KV3/NxJIyxdO8xRRNLplxsQl8UCsH0aSq
EvhtQCdW8E9po8SKjuYC3hOO8GvkCiGGgZHnURI8QTicoJXd/hrnH1OUt0+9o/HK
+VSO9/EvS9iKHZ9QL6xzOIUjxcoe7AV3KbnzIm4S2Y/JJWUHsAmshrAkuFLVw0Kl
FRjT9kHPZQ0+6DcUa03AvAyWBmwvSHjz8egtSwhyWuXAcelRUUfIerMod6oL1ElV
pGEvtzOzrutiJAuDERAeurdDu0hdDH0pHIbtKwd++uvGIH12LYqBDYO+lsw/Rn1v
USrTG63SG7YSwzBk8iMj
=YHJK
-END PGP SIGNATURE-

Re: OpenSSL 1.1.0

2016-11-02 Thread Kurt Roeckx

On Wed, Nov 02, 2016 at 02:02:52PM -0300, Lisandro Damián Nicanor Pérez Meyer 
wrote:
> On miércoles, 2 de noviembre de 2016 10:00:43 A. M. ART Bernhard Schmidt 
> wrote:
> > Kurt Roeckx <k...@roeckx.be> wrote:
> > 
> > Hi,
> > 
> > > There might also be packages for which the changes are more
> > > involved and that can't be fixed in time for the release. If you
> > > want to stay with OpenSSL 1.0.2 you need to change your Build-Depends
> > > from libssl-dev to libssl1.0-dev.
> > 
> > Almost expected, this fails where another build-dep pulls in libssl-dev,
> > i.e. adjusting build-dep for src:asterisk
> 
> Today we the Qt/KDE team were hit but this same thing in the middle of our 
> transition: libpq-dev pulls in libssl-dev which makes Qt5 FTBFS.
> 
> *Not impliying bad faith here:* moreoever when we started the transition we 
> depended upon libssl-dev so I don't know why the ssl transition got started. 
> Possibly a human mistake, which is fair.
> 
> It would have been much more simple if libssl1.1-dev was provided and libssl-
> dev be kept as it was.
> 
> Can this be considered?

I don't think having libssl1-1-dev vs libssl1.0-dev is going to
make much differences in the end. The build conflicts will always
have to be sorted out.


Kurt

Re: OpenSSL 1.1.0

2016-11-01 Thread Kurt Roeckx

On Tue, Nov 01, 2016 at 11:49:52PM +0100, Kurt Roeckx wrote:
> > > If you have any problems feel free to contact us.
> > 
> >  - are “you” <pkg-openssl-de...@lists.alioth.debian.org>?
> 
> Yes.

or openssl-us...@openssl.org


Kurt

Re: OpenSSL 1.1.0

2016-11-01 Thread Kurt Roeckx

On Tue, Nov 01, 2016 at 11:26:15PM +0100, Cyril Brulebois wrote:
> Hi,
> 
> Just random thoughts…
> 
> Kurt Roeckx <k...@roeckx.be> (2016-11-01):
> > I just uploaded OpenSSL 1.1.0 to unstable. There are still many
> > packages that fail to build using OpenSSL 1.1.0. For most packages
> > it should be easy to migrate 1.1.0. The most common problems when
> > going to OpenSSL 1.1.0 are:
> > - configure trying to detect a function that's now a macro.
> > - Accessing members of structures that have now become opaque. You
> >   now need to use function to get or set them.
> > 
> > The changes required are ussually very easy and do not take a long
> > time to implement.
> > 
> > Many upstream projects have already done the work or are working
> > on it. Fedora is also doing the OpenSSL 1.1.0 migration. So both
> > places are a good place to look at to see if they have already
> > done the work.
> > 
> > There might also be packages for which the changes are more
> > involved and that can't be fixed in time for the release. If you
> > want to stay with OpenSSL 1.0.2 you need to change your Build-Depends
> > from libssl-dev to libssl1.0-dev.
> > 
> > I would like to encourage that at least the packages that are
> > making use of libssl and not just libcrypto move to OpenSSL 1.1.0
> > because it contains important new features. It adds support for
> > among other things of:
> > - Extended master secret: This fixes the triple handshake problem
> >   in TLS.
> > - Chacha20-poly1305
> > - X25519
> 
> Things that work fine for this kind of transitions (hello, new gcc
> upstream releases) include:
>  - pointers to upstream release notes;
>  - pointers to porting guides;

All the filed bugs already contain a link to the porting guide.

>  - pointers to existing patches for common fixes if the former don't
>exist just yet (but then that would be a rather unprepared move).
> 
> (Mentioning “many upstream projects” and “Fedora” is better than nothing
> but isn't as helpful as what I've listed above.)
> 
> > If you have any problems feel free to contact us.
> 
>  - are “you” <pkg-openssl-de...@lists.alioth.debian.org>?

Yes.


Kurt

Accepted openssl1.0 1.0.2j-3 (source) into unstable

2016-11-01 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 01 Nov 2016 22:05:22 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libssl1.0.2-dbg
Architecture: source
Version: 1.0.2j-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information
Changes:
 openssl1.0 (1.0.2j-3) unstable; urgency=medium
 .
   * Upload to unstable
Checksums-Sha1:
 b9bee9edc629b1c696522c740a15744c626fc448 2310 openssl1.0_1.0.2j-3.dsc
 12af5dbb75275379756c60dd98273fb91eea8d9e 74316 
openssl1.0_1.0.2j-3.debian.tar.xz
Checksums-Sha256:
 457caa1a5e46fcf446416d09205cc94e93e5ad59257eb1e80d9f7688151a7552 2310 
openssl1.0_1.0.2j-3.dsc
 1d36e7cf62ea55cf40f3c47be78e76b05c9d0a9cebede324b06273ffc3907376 74316 
openssl1.0_1.0.2j-3.debian.tar.xz
Files:
 9fadcef090ea3ee5b4fa121b72f5fb3d 2310 utils optional openssl1.0_1.0.2j-3.dsc
 407c84d4251e149e7db84e0cbc92c3cb 74316 utils optional 
openssl1.0_1.0.2j-3.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYGQQQAAoJEOPE3c0eTBJEQdYP/j6kwm9jtqWsOWGloiKzQxmx
uIgAIZRSmxiv7DP+IOa1N+9kJMw0bcNrDnkaZFi8PGobkB276xzpUq8WVE37qe8A
LWxrrA7V2joSZzji1l5W9g59ZRIom1X22aoXgYpGlFlW7NybR06fg2whoMrVZjYb
5hTRLd+1EztboPDDFChOTAv8qyJBNH/K9bV4yzwDuwM9qYRpfLd2yOfhkqdBWhzC
7JNNKKwX/EZEfc2UHQN9SbxcW/GcojrqClMGCd8SSCyATPNVmhz/YV3hwGNO0sxe
LrCyDLbxzJ6VAU7QPl8TRKUGk1JQFJ9H1jn/ha3scjnufAIk2LVS9haeyexUhxLy
sPSuHBQA3yd/56cKUGCyS9qcoME2BOuzxy30WOi3EUzL/3owIZF44m08wN6w+cQ+
0hnZhKaNOj6owhU+MxZB5gArlfiCFiS45fX+RQDJ6Rm1btb+ohMxFbqfUT3iUxHf
/lMtwsCl4M1LpgIynjeRyR0fDFIWutWbbSbZ3mnJNWmuq8Qn6mYl+2851RlA7PbD
IwS8t/CvctCgrlO12BqQB0BXhwN0QN3T9PvXSHdQM5SG2d5cok2kRgJXhm6z4qxx
wwd9tABcvBvKP2AHeKhptws8HiKHTO8OHOc2yJlVjyLWtYPIDxx9sR7h4cZZJnZA
XdxQthz7krBYtXRxc4h+
=kFQ+
-END PGP SIGNATURE-

Accepted openssl 1.1.0b-2 (source) into unstable

2016-11-01 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 01 Nov 2016 22:02:32 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0b-2
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0b-2) unstable; urgency=low
 .
   * Upload to unstable
Checksums-Sha1:
 692187c0dacf7aa4dfb0144d1f60ebbcc10744ec 2552 openssl_1.1.0b-2.dsc
 f0cce23625b53453328882d8fabe6348e00f1465 53920 openssl_1.1.0b-2.debian.tar.xz
Checksums-Sha256:
 228701033ca49199dee3b46a166f70bd5380ab4e2d7a9c2e257227fe0d7c4f2e 2552 
openssl_1.1.0b-2.dsc
 e34fbc2c265b9798d136e4228adad6cf954ab4ff8ec826c511c0bfe5d10febc0 53920 
openssl_1.1.0b-2.debian.tar.xz
Files:
 55193025454b5fc9d2f0cb1798d58742 2552 utils optional openssl_1.1.0b-2.dsc
 4b0806a09fde73d7c33f3da107fec3f8 53920 utils optional 
openssl_1.1.0b-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYGQNqAAoJEOPE3c0eTBJE8eEP/j/PcXS3MRTkaAOvsimImp04
oiFUiUvUWlhW09ihZs5B5m3hrJviIZU3Njpc/BNVajLgw5gOwwRhksofdbqB1LEU
sVJM/oW8SgEVM3fKj2v39WYVhiIOqgtWOlbLyJuBV6PG5/Ei+EZlckj01Dg6338+
8yUIS7I4qQ/nerUXnPBC3IvcCJi4lt0Qje8fa6m+eiXuBlEs+a+xPtPyBnETXd6+
Xw23cJSBs2f9KJWWadv+ghmA6CgA/vSg6ayvGU7Z64Mq1VWZuylcY+yXSOmL7XbP
3xWY/N8Axp3nD7stQmtzxA1PLHqEM+R4h4WznPF/0QoVfu2IIWzTDkgVQLlkfbgH
QUoXBeCW6l8TfwbMiphMP90sV3B/7rwH/nplVz/sr9mH30e1uO9uSkQX7TbctUoR
gZqHqwHJhJA/GqiplVkuWNZDGly0MLsbbjq1T+IWT9hl4xHyxnD1sU0NANOz8a0F
sT+EjSH825Oa5GHZKKE2FeIk9rAKvWuA2dlMXLAJM3UGfRa22BVSnjTNFOHvwgw1
JH6jH9aUaNVDMmLGRY+kiF+vnkxkaCAV8lQwqTPJK6MwOvutlOkrBYCtVtFeD2bS
L0o6E47DH9MwssGMYUFDgxCHj1pBh48d7IbcEhrfGE/vauq2ONz6CNu02DBS85G6
iY0wIrW0z5K7593fK/9T
=hMmJ
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2j-2 (source amd64) into experimental, experimental

2016-10-30 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 27 Oct 2016 21:10:24 +0200
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libssl1.0.2-dbg
Architecture: source amd64
Version: 1.0.2j-2
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information
Changes:
 openssl1.0 (1.0.2j-2) experimental; urgency=medium
 .
   * Provide an 1.0.2 version of the library for Stretch.
Checksums-Sha1:
 cb19a55a0800dcde45d05236fd0fd2b56815ff32 2310 openssl1.0_1.0.2j-2.dsc
 bdfbdb416942f666865fa48fe13c2d0e588df54f 5307912 openssl1.0_1.0.2j.orig.tar.gz
 111eb6befb4561c14137b1b36db0ba8988c0ee87 473 openssl1.0_1.0.2j.orig.tar.gz.asc
 b4c4f18db9cabd8b93b2eeac1eaa689289db7510 74468 
openssl1.0_1.0.2j-2.debian.tar.xz
 6c4ed5b4b635da6572513b08573339f68c2b 1540540 
libssl1.0-dev_1.0.2j-2_amd64.deb
 a83c14a8c1ec5a5960772934f63a3b1f8096 3331174 
libssl1.0.2-dbg_1.0.2j-2_amd64.deb
 306edf93244b4f663c0634439074775e71ad9990 1291864 libssl1.0.2_1.0.2j-2_amd64.deb
Checksums-Sha256:
 3fccf49508a08cd8d91d7110b9d165ab3ab790e71f57b27ab6f3ec9810a73e88 2310 
openssl1.0_1.0.2j-2.dsc
 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 5307912 
openssl1.0_1.0.2j.orig.tar.gz
 b3551e17fef7df2eb901aa9c1cbc41e5cf7c9d5d10e546936145f24d1e52efdc 473 
openssl1.0_1.0.2j.orig.tar.gz.asc
 8aab8035c4b5c072258840ea6b893dc17f46ea79259851a3a079e99fddc730e6 74468 
openssl1.0_1.0.2j-2.debian.tar.xz
 0360dcf03f9a8821bf6db32c5fd0cf60332b445d1117397be1d9bdf596d9d66e 1540540 
libssl1.0-dev_1.0.2j-2_amd64.deb
 4275fbe87373a722cf0e4b98c349ce02735aea1327b18b766325364503c7a464 3331174 
libssl1.0.2-dbg_1.0.2j-2_amd64.deb
 3d6c2f5b800ecca8990df105593c338797f499cd033c11a2fbf3fb200307c0aa 1291864 
libssl1.0.2_1.0.2j-2_amd64.deb
Files:
 a7801b3a51e91d803292c3977201dbcb 2310 utils optional openssl1.0_1.0.2j-2.dsc
 96322138f0b69e61b7212bc53d5e912b 5307912 utils optional 
openssl1.0_1.0.2j.orig.tar.gz
 3db35372c8725eb4b4dfe2420fbc134c 473 utils optional 
openssl1.0_1.0.2j.orig.tar.gz.asc
 ba22d8a9e3d0590970698ed2b6c36689 74468 utils optional 
openssl1.0_1.0.2j-2.debian.tar.xz
 8e9595936a1d8db1fe4c69b475c1d751 1540540 libdevel optional 
libssl1.0-dev_1.0.2j-2_amd64.deb
 416f8eae3757f2fd50f42607c05a9d56 3331174 debug extra 
libssl1.0.2-dbg_1.0.2j-2_amd64.deb
 07188cbc678d7f289bb2c9ed7fcda271 1291864 libs important 
libssl1.0.2_1.0.2j-2_amd64.deb

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYEu7VAAoJEOPE3c0eTBJEYxsQAI6Wf/ELLOyBOq8nIABTsAEM
ZJctzpBs2n4W0bTlOppWnLeZt7DokUGd3w4pUNdbvrZtmL/S1MecQCbvgjPVbQm/
B9tpSws/ZUoflArBoUJT3H5AeVTP5BzQ7bjGR8XKF/B7McPAjP5caVCLJRHB18Zv
Qgcn4VMi9KTsPIeqXe6FwZlMJ6EZbL5YASDJ/fqVFRTmF7cAsYPwOg3EyCB/+9Ux
QtH8YwXE5E+XSr1DzA/V6gGlhN2bGOrFR9EYF/PvFLClQZWJTclWOXts2tN3LRQx
5PD7/66912d3RqLEqwAoob//3eeLe9NwZ/iAjG373fML4cvrnotSzCjJPGFLExdO
OYAGibW16VRfQ8p/rE3JYHj3enD1yV1efD7Wmhz1K7fBKw0XGMiCvL0tsjVXqykK
9nUetKQBdXYBNlDvWsGB6X5LNOJaA1NH0KGSijRpKVsS/Wb5lFI+xGyZ1/F2fBTO
k7g6C7j07Fd1x+kLmN6N8wNK8X/cF6tkbTt5ZZnKT5qM5iovgdVj139MtCx7XmMv
ogvPScocoxrmz3pNZ1pg36wl+OSU3q88U3SmkVHnm/wZfBcJmRdjX8he++empdwa
yMJgcrhBfiBUv08lEKk4p1oAcixcDMvgfH3XEgo9FXMPDsxY6gUJwusTFHY989kO
1TrQBBUvdX5BLvAY3L2j
=pJZ3
-END PGP SIGNATURE-

Accepted openssl 1.1.0b-1 (source) into experimental

2016-09-26 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 26 Sep 2016 18:21:09 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0b-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0b-1) experimental; urgency=medium
 .
   * New upstream release
 - Fixes CVE-2016-6309
Checksums-Sha1:
 23561a8ceaaebab1505ee53b089434a2aa41f398 2570 openssl_1.1.0b-1.dsc
 cbf391d0d68a9f144c24c5c3c5028c07fa00264c 5162355 openssl_1.1.0b.orig.tar.gz
 f18b8e7c7abdc103c06ccab61298e4149cd12160 473 openssl_1.1.0b.orig.tar.gz.asc
 b174e29e7b3ac937eb87f6b8f0147d18a874362f 53884 openssl_1.1.0b-1.debian.tar.xz
Checksums-Sha256:
 e4c98887bb1eb9444d8708113a29401562db40b1c5aa94fdbc6791761e825b2c 2570 
openssl_1.1.0b-1.dsc
 a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 5162355 
openssl_1.1.0b.orig.tar.gz
 c05f5de460013a98dcb1ab838388f459f9a0b9252329b816744f10b15d23c001 473 
openssl_1.1.0b.orig.tar.gz.asc
 a0fa94ce7e8c5930e2a3ea7ed948dbfd91bda73d172879b1a53ee53de85d101b 53884 
openssl_1.1.0b-1.debian.tar.xz
Files:
 d4dad9fbeb30acdb8cf168024d51186e 2570 utils optional openssl_1.1.0b-1.dsc
 77895d5d0fbccf3172ae5b9897a0dedc 5162355 utils optional 
openssl_1.1.0b.orig.tar.gz
 c13309fba2afd88f5a79b0651e067ab5 473 utils optional 
openssl_1.1.0b.orig.tar.gz.asc
 0325054b8764956762089336f95906a2 53884 utils optional 
openssl_1.1.0b-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJX6UxdAAoJEOPE3c0eTBJEtAwQAItczho6iuMsdlulEa9BHYe+
OMXA7o6J/alynEEQxtO10ex7n/KpIaDvPRQNE6dvvT736OLZ2RJS3YY9VQbJSpDd
iMGNKqmn9iF2pvH9AwqWAN6L2dlF9HABC+rGPQZOgZ2z18K+5GF/bWHgANXtyhzP
UFCctTThEeAsFEhXtFUDtAt+P+dnMqGmTI/Fm/iDcgzD6zRZ5pbLj3whqqNAD9HB
SJ50vH7/FESMMjb/LNLWEsYA/k1N7iF3jBA/IyBAWAyZ/IvPNd1KUrwDyiEbmnkb
che7vfW+F6lxEsDWKMAcy1CCHhZcEWy/XWtjvTy7TWhkgAVlOyEx/j0FfEm+z1of
DdEoW6cBQ8Xf+7UTWRA/Sr+VhYRUGGCMDz3hw5zRMkmaaZWQIddnGSNvR3PLUkkv
HFMyqZZ/HoLkW5RcGbRoQOGzjJyHX9IVjYme4qGdwt+FdA63zfX7RT+rYae6W8Lt
N+BQwq4y7baGveadc1zXvshF0u1tlhp/abxdrLvwtKGkcK/u72hd+JqRxuUtDCUC
Jzgw1YCA3yoPCluhY6ajkLRI70V+tDK3kTD+muMOIiMy649EMuT7CCGXIbHI/omw
7dDGVL/TBVp0oHHtTSOmFysmg6do/IEEt3Ef1Ym0o/fgN5pzYjHyohhZQoKMWntV
L1uUbxofPOjolXD5/h8x
=GRQN
-END PGP SIGNATURE-

Accepted openssl 1.0.2j-1 (source) into unstable

2016-09-26 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 26 Sep 2016 18:17:39 +0200
Source: openssl
Binary: openssl libssl1.0.2 libcrypto1.0.2-udeb libssl1.0.2-udeb libssl-dev 
libssl-doc libssl1.0.2-dbg
Architecture: source
Version: 1.0.2j-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.2j-1) unstable; urgency=medium
 .
   * New upstream release
 - Fixes CVE-2016-7052
Checksums-Sha1:
 9853860aae3a38ca2b3c7c828e2b85c654fc9fb1 2550 openssl_1.0.2j-1.dsc
 bdfbdb416942f666865fa48fe13c2d0e588df54f 5307912 openssl_1.0.2j.orig.tar.gz
 111eb6befb4561c14137b1b36db0ba8988c0ee87 473 openssl_1.0.2j.orig.tar.gz.asc
 bc95151b490f420adcefda3c5976689071475b4e 76404 openssl_1.0.2j-1.debian.tar.xz
Checksums-Sha256:
 9f68517da4791cd36e75f9a63fff4c703e9273c0c1af5cb9efd6bfb1d842dba6 2550 
openssl_1.0.2j-1.dsc
 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 5307912 
openssl_1.0.2j.orig.tar.gz
 b3551e17fef7df2eb901aa9c1cbc41e5cf7c9d5d10e546936145f24d1e52efdc 473 
openssl_1.0.2j.orig.tar.gz.asc
 91203925576731b63f1eb0e4d575db09d43c237aa4905ac660655eafcd47ba4f 76404 
openssl_1.0.2j-1.debian.tar.xz
Files:
 4b1314a8d768e313e84bc1d78e3e333e 2550 utils optional openssl_1.0.2j-1.dsc
 96322138f0b69e61b7212bc53d5e912b 5307912 utils optional 
openssl_1.0.2j.orig.tar.gz
 3db35372c8725eb4b4dfe2420fbc134c 473 utils optional 
openssl_1.0.2j.orig.tar.gz.asc
 5b0d168affac45d0501c86867a8faf68 76404 utils optional 
openssl_1.0.2j-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJX6UyoAAoJEOPE3c0eTBJEUM8P/2rheiowkikbkz6skBY7vbAh
EG1rHFu4FU86hRGwsNQFnxD89aPitHjstMoUbBUoj5uJKzRc0loC2jLBDI75FfGT
Qg5BfgkAVeOQ8za/ca+eqp6cP+u5wLOo6RtRleM3UvNut6y7Kl9r22kXqzR5oSJm
DoPKEJCyFBMdxEBFGMzeDQ3+zbzSzNzFDUXqHBT4o4dxWRi7tu985u74ATpvh4au
Y1ZPmhH5Ds9mbR5thWLOLmsIf3rs71+cWvmWqT181VGZEv3b6KwyUW8bJQCfkeeF
ZLeL//kPBouxVp9hI8Y5RmIQa1P87csNYvmF21D4EcAG5Kf1Wt0RRt3XxGwykzyN
BVyYzStQO6z2R/clYRZekg3arqR4Cxfl5Q624NqfRLMXtmv5iSY1bwEkuVQ7vZ93
EMvdEhhVALsUhZLR83ym9mXl/Ka+7d2a9fHt4rHf9TrtjEi0ca7hT+UDfRDknX7V
s83kyJHs5jnP1tyv/ig5+nV/UefoxRF4KIkvk317avMGZvCiLq4zaceLOsX9blWh
KV1+Qr3QE+f5zkxf4UoWlP+6UJ/CUZJofwfC4dgU/wsAslcmZAx4ar3qBcLigCT2
1o25d+jVYsI+ktbYUapV7CziHw3RCVxjjhxBacg5ohsEjiHscZaIq6LzL/yZ95/3
n8nsLhLIyHaMZ8GdE7iS
=7qH5
-END PGP SIGNATURE-

Accepted openssl 1.1.0a-1 (source) into experimental

2016-09-22 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 22 Sep 2016 20:13:59 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0a-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0a-1) experimental; urgency=medium
 .
   * New upstream release
 - Fix CVE-2016-6304
 - Fix CVE-2016-6305
 - Fix CVE-2016-6307
 - Fix CVE-2016-6308
   * Update c_rehash-compat.patch to apply to new version.
   * Update symbol file.
Checksums-Sha1:
 deb00801d927e3215c08491821d83eded43e39ab 2570 openssl_1.1.0a-1.dsc
 335d7168b612efd3cf16f621b09d4cd5af4232a6 5161414 openssl_1.1.0a.orig.tar.gz
 8ba7d73a140fabe1d14fee88ca4c571e13fda0e4 473 openssl_1.1.0a.orig.tar.gz.asc
 4a7b6aeb8497ed5571ccbbf869bca7064240ab4d 53880 openssl_1.1.0a-1.debian.tar.xz
Checksums-Sha256:
 636f674c99d011bd4a0ef057806212209a46b3cb7ea4a2468b98d2c291357ae1 2570 
openssl_1.1.0a-1.dsc
 c2e696e34296cde2c9ec5dcdad9e4f042cd703932591d395c389de488302442b 5161414 
openssl_1.1.0a.orig.tar.gz
 98cc9ac807abcc540e3e24aa0f50b660958723b45b95e3d86103df0c3faab1d0 473 
openssl_1.1.0a.orig.tar.gz.asc
 509b2daec7903038aa1602077986c5b1f17e3c4aff8187141994bffd14b8bcc8 53880 
openssl_1.1.0a-1.debian.tar.xz
Files:
 8a54e7f876c951239000910b1b2badba 2570 utils optional openssl_1.1.0a-1.dsc
 38a0bf2883ab4951acb15b1886b7f5aa 5161414 utils optional 
openssl_1.1.0a.orig.tar.gz
 bbd2728e0352ef31c002aaddb533663c 473 utils optional 
openssl_1.1.0a.orig.tar.gz.asc
 2af8fcd6dded38b9c21dae4e75d4ddfe 53880 utils optional 
openssl_1.1.0a-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJX5CCxAAoJEOPE3c0eTBJE1kkP/2k/goU/PR/l54Rq0cTyOVZs
tfRtwTLjIN6PfY+mFC7OW/L6xDYSf6iDDF9ry8h39W+xySEweG8NNEtShYIthem3
/vLtNERKWaDCBU1QAVyITi5oWXl+HVMVTFvGCKiaPt3mFFhB1OZRBR9ufRpKNG4c
Kc5RBjOyQa/YftdFT9sT51xB0SW+S/YJKy2G+cBtxpA3BZ3XVCX71h5nracPY3TG
fik8YRKwyIM/gahRP8fxABRHPA2C/BJrbQLmFl+qRawdOpw3WsZzPHY1dxGJN25A
iCJOS2lvopI+EYdz2sx8PiH0nSAtit2uNj6PHByEb9vdLp3c6LoU1E9YcD6jWQvt
jUU7urqwDSdF6hvAaZbQBjl9qNiDnkqLlgF9nWMclBrsn2hBxk3dU1KirNYqnNI/
/o862qs9XmvzDJQr3hj1D6CaAXRFek3OeoY1KktQo8oexYYHGdJzMsivycFn2U4S
cWpaSUIszDfFbiKtxwrkKZyiIayS/OqjJR3wPsLZjHGt0VCke0gM4uJodtu1iWyi
rHvHhXwYqxNDnxDvmXqcq2Fi23Jr0+LYerhS3JHx2j2PPmFKDhGHD57UZcNLiP+J
4VuZu1WwH/ZSvPRyltN9zzCHJKdHkfYpl5Jq7KCmpSUvtS4SkMcMKrajFvZiJobO
ZmOZ52HqzM0zXGMFcXXU
=LGPr
-END PGP SIGNATURE-

Accepted openssl 1.0.2i-1 (source) into unstable

2016-09-22 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 22 Sep 2016 19:39:36 +0200
Source: openssl
Binary: openssl libssl1.0.2 libcrypto1.0.2-udeb libssl1.0.2-udeb libssl-dev 
libssl-doc libssl1.0.2-dbg
Architecture: source
Version: 1.0.2i-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.2i-1) unstable; urgency=high
 .
   * New upstream version
 - Fix CVE-2016-2177
 - Fix CVE-2016-2178
 - Fix CVE-2016-2179
 - Fix CVE-2016-2180
 - Fix CVE-2016-2181
 - Fix CVE-2016-2182
 - Fix CVE-2016-2183
 - Fix CVE-2016-6302
 - Fix CVE-2016-6303
 - Fix CVE-2016-6304
 - Fix CVE-2016-6306
   * Drop ca.patch, option is now documented upstream
   * Update engines-path.patch to also update the libcrypto.pc, now that that
 has an enginesdir in it.
Checksums-Sha1:
 0ac16292db48f659bdee5df806795aa7a5ea3afd 2550 openssl_1.0.2i-1.dsc
 25a92574ebad029dcf2fa26c02e10400a0882111 5308232 openssl_1.0.2i.orig.tar.gz
 2a2ccda84f8ba9472c04ae1e1b37f1ed0642a9fb 473 openssl_1.0.2i.orig.tar.gz.asc
 6c7a5c3168aa66da2936d2939db114493ec07be3 76380 openssl_1.0.2i-1.debian.tar.xz
Checksums-Sha256:
 9e02f288f7250fdf6850b6b91e839a060d740f80ae293b700d0d2067e8fe1c1c 2550 
openssl_1.0.2i-1.dsc
 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f 5308232 
openssl_1.0.2i.orig.tar.gz
 4f350f0a6fea33cd31f413d2505939eff1b5540a0df0081107fb6f5d06d5c388 473 
openssl_1.0.2i.orig.tar.gz.asc
 e1999b8a93a0511b18478bfa98f367703edafd0281a87e393cd59d06ba010fbc 76380 
openssl_1.0.2i-1.debian.tar.xz
Files:
 02e0385ee5a7909a627ca14728b43400 2550 utils optional openssl_1.0.2i-1.dsc
 678374e63f8df456a697d3e5e5a931fb 5308232 utils optional 
openssl_1.0.2i.orig.tar.gz
 c1e3fea6443e4277932daf3dfda58d1b 473 utils optional 
openssl_1.0.2i.orig.tar.gz.asc
 4a062602eee20c733de98d34aaa0bed2 76380 utils optional 
openssl_1.0.2i-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJX5BpKAAoJEOPE3c0eTBJES40P/2G+80EgDaCTQGVl0dgnB8Pb
65kI+sdS4fUDI1AVCPq44L0PL/vo0+VE0JF9jagapR/agE7IvJ0zayWiLCzIEDrU
xmUKj2JRGcVNjpBl2Im+VBd/ymtA1tAMSP5M1Dm4BvH/rFy0gHSuXnDGESejs+T4
7rrybyszauAHYajzIGfzzBeNC0dRXXoMxmITsLkzUk/S7r4uXI1ASO8f1icXFFZF
gvSTYtlJkhdw8iHMsYKsOVimITFBsYIx/awLCz+xMuk3wsjOg+JE3zV9Elkf8wiR
49uw5m9A5yUfUy/GeJQjSWGGtgcgFVfsVUi3KUmdpxnPxl7h8kTpM+KBvOhLKRjt
pvyWm39Zmiz0ouj33xlX5JQpAtlmNh3XOnqwRqwzdCiem0l4UiQu4Puu++b9UT8P
Eg8cSTMkGNv9+RKUb1O3aGM8pQkAfRBfKEqpLhRoO2HjbxrwZYQgzviq6h3fX/AJ
9SD95zI1yAJla9o32S6ISFGg6ah+ZHCbBqHt89Dr9PDzOhzho2YEkOPauypPnPQ0
dazU2hojroJjXirp4QXamDsYnYOoTEh1dQNqHCve912Q1Bdm7Jfwlu4rCtVDrIS3
ltJjHQ9RS73fRuOCuAO0ioiN1EDwhqXW4LmpE6Y6akNYVE3tW0++MGUbHgJRWIob
joSHsXwC4dOdu1MWfOFY
=z+az
-END PGP SIGNATURE-

Accepted openssl 1.1.0-1 (source) into experimental

2016-08-25 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 25 Aug 2016 18:52:22 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 767207 827028
Changes:
 openssl (1.1.0-1) experimental; urgency=medium
 .
   [ Kurt Roeckx ]
   * New upstream version
   * Use Package-Type instead of XC-Package-Type
   * Remove "Priority: optional" in the binary packages.
   * Add Homepage
   * Use dpkg-buildflags's LDFLAGS also for building the shared libraries.
 .
   [ Sebastian Andrzej Siewior ]
   * drop config-hurd.patch, we don't use `config' and it works without the
 patch.
   * Drop depend on zlib1g-dev since we don't use it anymore (Closes: #767207)
   * Make the openssl package Multi-Arch: foregin (Closes: #827028)
Checksums-Sha1:
 984eaf4d988e92b984aad90d7382afd3a56b8272 2560 openssl_1.1.0-1.dsc
 15e651c40424abdaeba5d5c1a8658e8668e798c8 5146831 openssl_1.1.0.orig.tar.gz
 8af22aad80c354cdc71a74ea956aca59bfe66907 473 openssl_1.1.0.orig.tar.gz.asc
 705db3f0cf445f613c256605687e09b033aa4b3b 53832 openssl_1.1.0-1.debian.tar.xz
Checksums-Sha256:
 a683c994ac4985028bd2a6a2fa172fa02f5e6155cb40ca844cda17650314baf3 2560 
openssl_1.1.0-1.dsc
 f5c69ff9ac1472c80b868efc1c1c0d8dcfc746d29ebe563de2365dd56dbd8c82 5146831 
openssl_1.1.0.orig.tar.gz
 23667a9ce44377e6bbd4b9c92ad7bbc86d597b1870aef51bf6bbefe7ffdec06b 473 
openssl_1.1.0.orig.tar.gz.asc
 897beda0b4908fb088d6d9af035c51fd5cf8ca1ccf149b126f53982caf794013 53832 
openssl_1.1.0-1.debian.tar.xz
Files:
 9c9b87f49a78c9e5d8526bf96737f6af 2560 utils optional openssl_1.1.0-1.dsc
 dbef70de4a1a4bdd78ab7c6547e5211d 5146831 utils optional 
openssl_1.1.0.orig.tar.gz
 3fdc41ffb4833c2a6b6ef54d7b1977e3 473 utils optional 
openssl_1.1.0.orig.tar.gz.asc
 b7e8de2af4e37a607a84bf5e12f1ecea 53832 utils optional 
openssl_1.1.0-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXvyQxAAoJEOPE3c0eTBJEK8UQAJylGjWlyX5JWsnQBdIEXHxT
wFNoEUNM0U05n5qqOI775XtWWf7+gNEkDCC+RMZs+myzi3VvtqgNxwD4QsrmdLNS
hmi8OywTBF+Sg3MrDXEAzw2TA6pXyrMy+KO1usTrEZCQEe+a0D+fGFao2JmK2qWq
QH77NgLTU1y1cyz/zTiYIVJwjDcQV14sqLe+95SDVw7tgNndOqOkR9k7hP2dLuYF
s428mtxE/OvKMv52l7TZxI7/WpS6S/FzJKkeB3BiiLxMy/KtVLeYxEpIW1vyqIRR
z6NDXlj5pUwYcbdweHippRiYwFB7093Hko+IPoUs07E7vNhHYmlb3KEQMrC+3zn3
EzxKihDHZwifqeMW+JWMuBdYJdPtko/pkNQ0lD51K6uIMpwvveswnOQgIJ0e8UY4
ympX0+CzmhP1Q8lYbQN8UGbFgPhPHIarl3pEB66gufPjDBWmJSlbVv4r8kd31eR6
+OwhGRSrcBRC734QCZiufn42MfCRcbLaCKxSUnEy6Q50jtiCTojiVg7xWYlszm73
PcbwCMTvk2RQS7QVgU6gYRC6VxcVQ51iqcmrdPCPfUOinHR1TjdCAAGU15rMKxSU
adkXDC+P8vTGKm8Y3WpNMluxFbh94nA5uDMglsXmAfP7RpBOZtL7x78HmYHuwnfN
6gP1Mk6oif0MonnHRUoS
=pP9Q
-END PGP SIGNATURE-

Accepted libtool 2.4.6-2 (source) into unstable

2016-08-20 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 20 Aug 2016 14:34:31 +0200
Source: libtool
Binary: libtool libtool-bin libtool-doc libltdl7 libltdl-dev
Architecture: source
Version: 2.4.6-2
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libltdl-dev - System independent dlopen wrapper for GNU libtool
 libltdl7   - System independent dlopen wrapper for GNU libtool
 libtool- Generic library support script
 libtool-bin - Generic library support script (libtool binary)
 libtool-doc - Generic library support script
Closes: 832874
Changes:
 libtool (2.4.6-2) unstable; urgency=medium
 .
   * Don't show the debain version in --version, just in --help
 (Closes: #832874)
Checksums-Sha1:
 b6593dc2b98273603b7d7ee4635a03c6e83d09d3 2324 libtool_2.4.6-2.dsc
 5303c72034c92c43e72e8d709ad00f292d5c876b 36024 libtool_2.4.6-2.debian.tar.xz
Checksums-Sha256:
 caa2b9d5c32e491388d0627e2f808b6cb2f260dd1b0b9fdafc9bff957f05bb29 2324 
libtool_2.4.6-2.dsc
 6227fb1240a90ef06855567e71ee96e4950dd53c4399348f36c1ec39367cd8ea 36024 
libtool_2.4.6-2.debian.tar.xz
Files:
 57778f5c3d3d261b40a7cbc920dbbf15 2324 devel optional libtool_2.4.6-2.dsc
 7826ba39d3f0fc2cbb47aa4179eb63b4 36024 devel optional 
libtool_2.4.6-2.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXuFkmAAoJEOPE3c0eTBJEaJIP/iZFBlqUT3o0kFzSadTp7f7C
f+x7e88VA5vtdOvaA0KswsqqQOuvJNbRS5/IvpIcDmAwcp1GGnndNHX3IqmYjD+f
wm6X+9rXlOMY3sia4ur9zGjuIa75H/tKBBtWZxMV343ien0WgIQz1rAH/DDR9M2F
n9lEvW4mzGyXYUKMSvtdS9uSAtBVqsPYXGNNbxPyPwwXgZ1FeVFSzUha4HIC0LGa
IzTFXCQX/5Y/zlEYNFa8S1tlmBlh8YdyxHGv6foHCySzRU0Uxo7VxpUkZA6d+q04
NDr5SVSJIm2ZbSiwL/ULtW8lSl6EojSl6IVfMlyebLRbPhM7KUzgulf7WVf3s0Ba
vTSjf5JMn17sB+j2X7BiJOninwFyJqme0BHlsOXD6KkdCIOlyD7dXpEtu0gJWQ29
O+vKgqT9cHSSWDiHwS171DjYijs01exCXCrfwAUA8QgqmD5itz9Ieoi75623f7Yc
2RDp7hbN9N1qQAZ6CNbeZw7n6d+GSPv7RcV+3KqESpbFvD5oHs8/HOaVhnkrmt13
ZY1Rh6+DSUrEBZQovkOqsQnhMHzLAdrL1Qk/6d832bAJFedk20WCnKu7vNfKxKz4
zPhT52KLu8yiK35J85DzcxeTGNbzkTvfXc1DRLpoGBFQM/WVGdFc3G2zll26jJ2y
GWv26lFGizzEbk0xBQk6
=sipW
-END PGP SIGNATURE-

Re: Porter roll call for Debian Stretch

2016-08-17 Thread Kurt Roeckx

On Wed, Aug 17, 2016 at 10:05:06PM +0200, ni...@thykier.net wrote:
>  * If we were to enable -fPIE/-pie by default in GCC-6, should that change
>also apply to this port? [0]

If -fPIE is the default will -fPIC override it?

It will also default to tell the linker to use -pie, but then
don't do it when you want to create a shared library?

>From what I understand, depending on what the .o file is going to
be used for you want different things:
- shared library: -fPIC
- executable: -fPIC or -fPIE both work, but prefer -fPIE
- static library: Same as executables

For static libraries we now have a policy to not use -fPIC,
should that then get replaced by using -fPIE?

Kurt

Accepted lice5 1:5.3.0-1 (source) into unstable

2016-08-16 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Jul 2016 21:22:33 +0200
Source: lice5
Binary: epic5-script-lice
Architecture: source
Version: 1:5.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 epic5-script-lice - Very functional script for epic
Changes:
 lice5 (1:5.3.0-1) unstable; urgency=medium
 .
   * New upstream release
   * Add upstream signing key
Checksums-Sha1:
 61f35b7930a77a3a3726a29e61c25bfa53a7bf8b 1878 lice5_5.3.0-1.dsc
 5817e2ef5e339e3a324c174f092bf4e342f1426a 191762 lice5_5.3.0.orig.tar.gz
 23ef78cf049f1f57a97e33fc11823e6da8c3705f 490 lice5_5.3.0.orig.tar.gz.asc
 73b34ad8de7f879ea32ce59f4a375181ba601340 5964 lice5_5.3.0-1.debian.tar.xz
Checksums-Sha256:
 e99ffb943b3492296fa389dd4312a000260c3bdae3ac515d07662bff7d4b036d 1878 
lice5_5.3.0-1.dsc
 f2b73dba0f95ebd53d319e388c1078bfcea3464b70739b7501a2fd5aabea643c 191762 
lice5_5.3.0.orig.tar.gz
 7efb22f024b8b5c6eff0b7006aeee46e915f67a036a0786865a14772009bab4b 490 
lice5_5.3.0.orig.tar.gz.asc
 c0b5b7594b46a85e25b0d32fe77a8b1a95de5f1362f9d2f361bd0eca0ec5255f 5964 
lice5_5.3.0-1.debian.tar.xz
Files:
 35ef20b85fbfaa4b9a8751dc2970b12c 1878 net optional lice5_5.3.0-1.dsc
 a4a101ac668f8b91fed7bf0a1d737fb1 191762 net optional lice5_5.3.0.orig.tar.gz
 36106a1190b9c52c9065ed42fc111f41 490 net optional lice5_5.3.0.orig.tar.gz.asc
 7b50347d5f9088640c6be5fb1326e81f 5964 net optional lice5_5.3.0-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXs5VaAAoJEOPE3c0eTBJEtygQAJGfo0ol69iU4mp7Il2z6ITO
ktMf34R2SOg8lHDpPTPP5YgsfxOUky0j7jvRLcT/ZpM8GObbmqoe+5yUqeFWjd+D
skA5xrc2Jr/FUbJiBwX+kDmjRxw74J90cxE5B+ZWImlQq2ozmUypchK9poAeDf2e
MlWw3qPV8IeK7vZLM7S5UXj895sA0iaEp/7Q6YcJtJ/2f0DWf8RJBurXSExj4WwS
LjB/DHK24NyP3AdUioHf+0WqP4VX5VDoWETjrNMrI3QYHzn5GhYtOFSx0rPnTBKs
jxGZ0FKzno/TBZknoeroxtZjv+hS9fa4iOrdijyko4m+fjKP7ywWs0qxtdMgQw0d
ILdOOwwGHWXBNm1epxhihMkpAZnZPmRnXt7ZW2hmjP3tPzLdQGo1kanSAyS3/m7K
q5Sazi75qKTbnI8ACgPqR+Ujh6l4BMy5VYv1XR8D36r4fKY/Dr9ZTgdikRHCD++Q
u3gImhloKXqZV9IHsv++H2NwYQAMmAbH2Nggr+9+3aaqDavYofMcVFPniCggo8FE
kHjqGJDDyVPNZchTTMvdBycMtOh9ZxkcEGlzuRuH9TPpO9JVLEh7igE6ILDCyXMQ
3g2bw8drcKv1P/yNDDzaNgF4ZFU4DJXZSXUstvvAs9S6qoFCHLLOIdEPYY3zGYbd
Xjr01TSpMAIPz4OvXFAF
=vLGa
-END PGP SIGNATURE-

Accepted epic5 2.0.1-1 (source) into unstable

2016-08-15 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 15 Aug 2016 17:25:40 +0200
Source: epic5
Binary: epic5
Architecture: source
Version: 2.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 epic5  - epic irc client, version 5
Changes:
 epic5 (2.0.1-1) unstable; urgency=medium
 .
   * New upstream release
Checksums-Sha1:
 c52909ff3f75229dc78c5a3ba79af2ec1e7a0c78 1718 epic5_2.0.1-1.dsc
 00bb14643d2f2da133b00e1bf70916a1d1c492bd 808612 epic5_2.0.1.orig.tar.xz
 a9e9773da6132ad4e94577971280e81f3a5de71a 17224 epic5_2.0.1-1.debian.tar.xz
Checksums-Sha256:
 1ed35644713a1dd86af4671d78ad3937644044acd058547d61bf60ce31fe0bce 1718 
epic5_2.0.1-1.dsc
 55260fc832c76f7a4975bde2bd0d0805fd8012fc8908ac94ec8c6de24a1be7aa 808612 
epic5_2.0.1.orig.tar.xz
 43e0e85f6da8875e0ca12fd2801c18a0bab2eec433559f847d54ad01308b94f0 17224 
epic5_2.0.1-1.debian.tar.xz
Files:
 0384f818cd405d837646a7fa83e84555 1718 net optional epic5_2.0.1-1.dsc
 b8c92d45682e5c342e4a70925855ed0b 808612 net optional epic5_2.0.1.orig.tar.xz
 33f9dc08944f8c1619d1f5fa9f359241 17224 net optional epic5_2.0.1-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXsd8tAAoJEOPE3c0eTBJE4ZAP/3eB7qs//vkKq9Qr+j4MzFqn
xMlfkkty/LReG1LHzxaJr/ud0uPwjPqGmhRUPeukptnuli9wWKqwbylDyj9+SRDK
McTR/lHXx/bd31+E4rOtAKRmOxC9IK/UXYlbxmd10QZm0+pdWtu8HFy2DOxxU0Wb
ubYlq39t6pcJILPKvZlYXxfdeOhFWqfbKxQofHtUiSMZK9U+trm3RkoG+E/zjXy1
X8nnsHHb4Gs607iRUGkkOBbzjHR5eId96EtSpzjHt1VZNrW55Wqh/Y5seQAiVayI
YKeLsY/BrINas/kWG+McwaYZL6ph+jgbdpLpg0i9n21BEfJ+8GMpkffiDjeoYkBa
jajM8l7dLA4HzZIsnbWLD3OfsKWljJJGBTp9BXSJRFi+vOownnyKHj3GLhlyzLXK
edqYhyMPcTLPtMeKSXQbLL4bZUz4aod/fUDW2LxlstWhbXCRXipqZezPYfCOEohw
2bbTFcWAELco4VbtgbMTxB0sAuejQg7F/lB1F/usXFxj/czI4SNtre/LcGS5qR3F
lqH1ETvwZrStN6HCd/hYOnaZ70Lm0a724b8KzNi7WoXQ7eQAtOCtthG8u1/Iur1p
zrte09EKJjQV7AfGVEaVLNp/I3TQDcvIs71XWCx7BlqHea1sEAvIjBX67VQj3nms
GgGXY15ZUkzlqfmcrgaO
=cnEu
-END PGP SIGNATURE-

Re: Results for Declassifying debian-private

2016-08-13 Thread Kurt Roeckx

Please ignore this e-mail.  It never happened.


Kurt

Accepted openssl 1.1.0~pre6-1 (source) into experimental

2016-08-04 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 04 Aug 2016 18:33:24 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0~pre6-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0~pre6-1) experimental; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * drop engines-path.patch. Upstream uses a 1.1 suffixes now.
 .
   [ Kurt Roeckx ]
   * New upstream version
   * Drop upstream snapshot
   * Update symbols file
   * Use some https instead of http URLs
Checksums-Sha1:
 b9c694c4020611221c4c108916bd92d5bda2a3aa 2575 openssl_1.1.0~pre6-1.dsc
 b4c4b64c56813a4dd824b9bb2735ac15331845b8 5100538 openssl_1.1.0~pre6.orig.tar.gz
 a71a5474ebfd7c9fa4c914e4641b49a9a69c86a8 473 openssl_1.1.0~pre6.orig.tar.gz.asc
 73107c8cbd818ff9974b37029ab550c0a7e0c383 53832 
openssl_1.1.0~pre6-1.debian.tar.xz
Checksums-Sha256:
 1d89474e040d0afdc584e4df7cfafb6a005b12ac52d5d575538b122fc832aa0d 2575 
openssl_1.1.0~pre6-1.dsc
 ca869f843b8a947fb64ca7d7bebb2afe47a48d7bb5e9becc54d9c8fe674535c2 5100538 
openssl_1.1.0~pre6.orig.tar.gz
 c79546eda826e2a29b36997113184135c54816e277c0a9b97293dcad745a474e 473 
openssl_1.1.0~pre6.orig.tar.gz.asc
 471f9ada610a19bf6ff836bdcdb2b3cb0a38ba36fb8dc6c38eeea1b6ab2e9057 53832 
openssl_1.1.0~pre6-1.debian.tar.xz
Files:
 0f7621f06ea6b23abf349ee6d6cd0fa5 2575 utils optional openssl_1.1.0~pre6-1.dsc
 5073f45b5922992234396c7d8247196f 5100538 utils optional 
openssl_1.1.0~pre6.orig.tar.gz
 b058f63c644a6f5ed9f2fe9fb1a4f899 473 utils optional 
openssl_1.1.0~pre6.orig.tar.gz.asc
 66c92be714acca8855e4ec33a3f113db 53832 utils optional 
openssl_1.1.0~pre6-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXo4+HAAoJEOPE3c0eTBJE3W8QAIRedPEBVXIGeiutseuVx6XX
D+3x5La/kJ2XO/A60JT6/KENFxzn+qg45ykvVau2yCIb2VTO8F/g7GuCZlIAzIcD
F8fwNDkVNitwTMdgK0JaRF5hiPz8+APlSbtkrO1zrzVvXhjwQU4rI6zVrDeT3ZS0
73TmBbxLq1+B8i48ZAHWXElP242UXvGE8wQLbCRGGqYehu7Hxl/C3FeiTuYXK9Gv
feyIWxEWq5/XDkZROCVd4qH0gNMxBdGgsIIxh5YwiDR/kKzKYCjdaXQyK1uCU99M
FFK59jRHi2Y6gPNv0FE5KcGnwfdD9lU2gPjuFfNJxP1eD1DjSl613N24yoM883CV
KwBRK7OSX7ZACia1SZtmdkBJCQ+2C4SLbEvyXwa6nzWOWgcBD1/ih9xHI7iCguL5
xOvi75OjLEqyIBLVbCcMeGnrvVXgURldgLjKW96gCImndbN2SxlmV1HRLb5zQqbX
LFbXeJ81VirrHOJANDcoTtJN15/01pQVL1MIMc5Vey9X3dI5GkUDTFZvZSKwpCja
fGDzUpuQpuBuDIitTiRiq/me3IEAvvUhwVEPIoriO5YVTug26Q5pOKl7kvH+Xkl4
bAxquNmvnWJnGEetRJgy1K1HpsuI5ypWe/iZ3TlcAu4Js0HDUAiGYx4CukZ8cIOK
C8uFBPm3zLjVgdaru6VR
=wd/2
-END PGP SIGNATURE-

Accepted libtool 2.4.6-1 (source) into unstable

2016-07-25 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 25 Jul 2016 19:42:23 +0200
Source: libtool
Binary: libtool libtool-bin libtool-doc libltdl7 libltdl-dev
Architecture: source
Version: 2.4.6-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libltdl-dev - System independent dlopen wrapper for GNU libtool
 libltdl7   - System independent dlopen wrapper for GNU libtool
 libtool- Generic library support script
 libtool-bin - Generic library support script (libtool binary)
 libtool-doc - Generic library support script
Closes: 760328 819767
Changes:
 libtool (2.4.6-1) unstable; urgency=medium
 .
   * Add sparc64 to the nopic.patch (Closes: #760328)
   * Don't have a "Libtool was configured on host" line anymore
 (Closes: #819767)
   * Make the build-arch and build-indep target do the same thing.
 The libtool package is now arch all, so it makes little sense
 to just build the documentation in the build-indep target.  The
 binary-indep depends on install which depends on build anyway.
   * Add upstream signing key
   * Change clean target to remove all generated files.
   * Add --skip-po to bootstrap call
   * Remove git-version-gen and gitlog-to-changelog from bootstrap.conf
   * Update way of adding the Debian version to the files.
   * Build-Depend on gnulib and tell bootstrap where to found it.
   * Use --copy for bootstrap.  It defaults to creating symlinks.
Checksums-Sha1:
 b741170cf2390fdf88dcd57350df54b2a74893c0 2324 libtool_2.4.6-1.dsc
 3e7504b832eb2dd23170c91b6af72e15b56eb94e 973080 libtool_2.4.6.orig.tar.xz
 aed0e74f6c7510b6e09c138b68a09e8fe1643f5f 380 libtool_2.4.6.orig.tar.xz.asc
 aa73de2f2ce2dda72d6706cb1e80920093010898 36004 libtool_2.4.6-1.debian.tar.xz
Checksums-Sha256:
 af075d21261a06bd161e350657b61936e143236e1945a4aafa1c555e9bada4a6 2324 
libtool_2.4.6-1.dsc
 7c87a8c2c8c0fc9cd5019e402bed4292462d00a718a7cd5f11218153bf28b26f 973080 
libtool_2.4.6.orig.tar.xz
 ab68ebc45d60128a71fc36167cd29dcf3c3d6d639fd28663905ebaf3e2f43d6a 380 
libtool_2.4.6.orig.tar.xz.asc
 bac1b3a8798eb1a6e8e2e6b775b0d171cd24a235824379e32de6277ccc5c1a1f 36004 
libtool_2.4.6-1.debian.tar.xz
Files:
 ebcc24ec1011108a1cef5d1dd9db75dd 2324 devel optional libtool_2.4.6-1.dsc
 1bfb9b923f2c1339b4d2ce1807064aa5 973080 devel optional 
libtool_2.4.6.orig.tar.xz
 15b20e5c8f54a2f9847e714fed1e108a 380 devel optional 
libtool_2.4.6.orig.tar.xz.asc
 326a370c2da067899e6f2a1c9fa344eb 36004 devel optional 
libtool_2.4.6-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXllZAAAoJEOPE3c0eTBJEKtIP/2V5xaIa9DCYE6h9PlvMdMcu
J6lcSVa3GOXdORI2Kv6IoS3jJrGz5ppw+vU7UhT7Xs+JRrhSgoVxmtMR+Q9DUrax
8nSEftZR4L0kqeVQpbqNyXRqhK+KiuHcBX3i1VdbOqJ4x467i+TRvgYpHqDSlHNQ
3JQX54QiIR5LX8WZK8TYQEwYNW7Ef+WNNEsZhgMJaBa+1QTqIRxYxbZbWGi851oO
Ll0sqQMxXUjTrO5nJD+Ydnd0tF5iVG6U2MKmV6gzJMTWk7SAy+NO7Rs3aGHAMEfA
keJhRB6Goe1xB3cAglbTzlQ9h47Vp4JxW1x3e2/Hpb9zwEKf1xGBKC9foFu7/gKd
n0dk4OVqWUYNy1sx38gW/OeZjBsRMb3Cjdxyn/QYtW4j+3n/ykRdPWsDAEig/948
loVSWNg8fP6jmhNBW+J9oWvN0V/izE/d+V/i7TiEmY2Ncs+bCSQXgnjqEEKcsoBK
9OlkuBBjlIvQsBWK7iS7wkXuLx1eXqMiPVPCWxY/UX/WnGyX1U3iS7OChmPH9bx/
Iz92RxN6XEizDH8ESrYSxwGrHtoG9pH5FLcxfql0Iias/fTQDHf+Y8J3sl8gsNUv
4QrfEfHGH9VAIIX4Xgf49dAb7doZWJV1ur9S9DUpOVtWWcq55ZvKLejuvYOIov7I
3ATmaqj6nWYhjm0B7epn
=Cecv
-END PGP SIGNATURE-

Accepted lice 1:4.2.5i-2 (source) into unstable

2016-07-24 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Jul 2016 21:05:41 +0200
Source: lice
Binary: epic4-script-lice
Architecture: source
Version: 1:4.2.5i-2
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 epic4-script-lice - Very functional script for epic
Closes: 777006 817564
Changes:
 lice (1:4.2.5i-2) unstable; urgency=medium
 .
   * Switch to debhelper compatibility level 9 (Closes: #817564)
   * Use gzip -9 with -n to make it reproducible (Closes: #777006)
   * Use dh_prep instead of dh_clean -k
   * Add ${misc:Depends} to Depends
   * Add build-arch and build-indep targets
   * Use sh -e for postinst and prerm
Checksums-Sha1:
 f225220a33b819e56a39e450af010467c8a15ded 1614 lice_4.2.5i-2.dsc
 307c0296ab7fcc029a146996dd7a8ae6db73b341 6616 lice_4.2.5i-2.diff.gz
Checksums-Sha256:
 cf5a1e644f4ac1deaf4e0c3f4d3e7f3154ac454cac4c77c2d908b1af7d0c7749 1614 
lice_4.2.5i-2.dsc
 7ffb1231dd714c5e8d538d3ddc4f3e31e00ba335532d86ae9b308dc1bbb8f5a1 6616 
lice_4.2.5i-2.diff.gz
Files:
 b8dd49066476be18f467e2ac69e451f7 1614 net optional lice_4.2.5i-2.dsc
 d565d12967b0bdce287c6426d5e19608 6616 net optional lice_4.2.5i-2.diff.gz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXlRM2AAoJEOPE3c0eTBJE48IP/0MBVelF/IqHA6MCrVHth9Bb
KG0/++gY6UWOHMzEMUssFTdjI8hblRZ1oYe9kPcDo1NU5yAN9s0es1xIhktvN40K
wAaEY7ukcTnz5RDDiVouiMSq1MFXemLdxlZhiiWMNd0rEHsEnaN4nWt96gwWQBM4
MNwBTGtft/vUFEM4Qb0li6fmUvRAxF5T55TEQzLP8dnqxNjwlKhuJIyNpGZJEUCy
7ilkbT5ZzSU0dR/r3UU0qmvXaE5g383YFm65SM0HFeGQhLH/w1W0fkdv8oQvvc6t
4X/WTThheWWKYLJoC8XMA4jf/UN9IVdytl6FKr4P4aYz7tp7unTBID+IO1masuYI
7awkWRe+iCX0Tmji5K1PD/gc3r58p3nvHfzzVesvKf0vpS/yhGPNnva8DKVQdO84
Goxds+DN1PQ5W3MWU+Zehqy1dt+Mz9k1zMVGwQsHRiEpa4M1+bhTl/4/vdo8RmGd
OhY5p6g3iFihM8PQnH/ClXdTgrKV2dGVItV7fThXRne+WuN01Ms8jR5vTC/JHuRg
FVPA3BxLch8LympmpdlCI5ChftNM6T3mgkHWTTRAqqs3p5qAbo1W7/fCG8V1Jad6
6vlyWDyZvyO+pIpin4EGlAftwiwY5V6MLIqkF0N7C/B/A/BsS+0hgVG2dH83roEp
FWdchEdhJiyG22rNftco
=sxHI
-END PGP SIGNATURE-

Accepted lice5 1:5.2.7-2 (source) into unstable

2016-07-24 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Jul 2016 20:56:20 +0200
Source: lice5
Binary: epic5-script-lice
Architecture: source
Version: 1:5.2.7-2
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 epic5-script-lice - Very functional script for epic
Closes: 817565
Changes:
 lice5 (1:5.2.7-2) unstable; urgency=medium
 .
   * Switch to debhelper compatibility level 9 (Closes: #817565)
   * Replace dh_clean -k with dh_prep
Checksums-Sha1:
 e493bd2b5cd4d16b00861e4622b9e1fdf0c5bd55 1640 lice5_5.2.7-2.dsc
 62028865d4eecdd3b99c01a2d8153c6300f84180 4108 lice5_5.2.7-2.debian.tar.xz
Checksums-Sha256:
 a365ba7c63bc3f2199a7d2d0feb167fc5a16d40781b07a64c6ef6b9abbef9873 1640 
lice5_5.2.7-2.dsc
 1571abf05616852c74bef0056fba25f489ec241574735f57bc4173ff7fef4d07 4108 
lice5_5.2.7-2.debian.tar.xz
Files:
 ca6999afbd61911c1531f785f7779dbc 1640 net optional lice5_5.2.7-2.dsc
 a68c71c1db719cb9d9c03a77c38426b8 4108 net optional lice5_5.2.7-2.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXlQ+vAAoJEOPE3c0eTBJEuagP/RXiksqabkpaaqbgvKyZKI+4
lKkd5XeM8STmG9+zW+lGws1JdQY8Nu2LPo3gzSz63SonBGnop8uBfx29YmoGS8Ru
ImnMccc/ZUViVThn43OJJCgtYk3lq+370lMIa0w6buanIkuhlcR5nU/w5Yrd1r4M
0logKv19/Dq32wuzrH8XKdhPgniV5yShy16+OfZ7sWkrnmUyJCiGBunqQ1FgVtAU
0pWHx26drwRIliuL7zNrr8idIYInQXSYxW3VxzzwUmz2Z2r9Xdxi4ZqdNTuo8e5Q
WPu+tvezyveAr5gwyJpeH3t7OWZmIXqL0Y+3kOazGkB49tukRj+otkLf7FcXywIn
ZjJLqhDbea/8HQr6KcpeAOvRj3fUlsDtSG6lgsWiPGHbTAMDFWTtr37MG1o/ClBF
ipgkHN73hP8GT3d5xfVrePr263y/dIxgMJScW5551xCDyuE3F3f+BtMUS4YDzv34
kko37zciBgC2YYXPryEjpMj19Kvm+BaxeqWoW6FeF0vcE03AgR/7ifE8ABu1G+VC
DTPTXtSLpgX9UtwrAsce2Cwj946E6oNEVNgolHN9USiVwNwPfUzw9ynxh32wr8cK
Wpien3cpTJty1TKs5PpwDCGWruvVc8ch0CsNs5AnBSeNwNCTAt6oDJVOzpfg3/B1
nMDTSEDx/R5yvFTVJz78
=jQ8R
-END PGP SIGNATURE-

Accepted libid3tag 0.15.1b-12 (source) into unstable

2016-07-24 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Jul 2016 20:07:55 +0200
Source: libid3tag
Binary: libid3tag0 libid3tag0-dev
Architecture: source
Version: 0.15.1b-12
Distribution: unstable
Urgency: medium
Maintainer: Mad Maintainers <pkg-mad-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libid3tag0 - ID3 tag reading library from the MAD project
 libid3tag0-dev - ID3 tag reading library from the MAD project
Closes: 698959 723192 817527
Changes:
 libid3tag (0.15.1b-12) unstable; urgency=medium
 .
   * Switch to debhelper compat level 9 (Closes: #817527)
   * Add multiarch support. Patch from Frédéric Brière <fbri...@fbriere.net>
 (Closes: #698959, #723192)
   * Add ${misc:Depends} to the Depends lines
   * Switch to "3.0 (quilt)" source format.
   * Use ${binary:Version} instead of ${Source-Version}
   * Don't disable debugging.
   * Add symbols file
   * Remove libid3tag.la
Checksums-Sha1:
 16cbc7724e30ed7aae620047c0b281782196f9c4 1943 libid3tag_0.15.1b-12.dsc
 0298a6909886f760976e2a99c9f9b589ebdecc4f 7508 
libid3tag_0.15.1b-12.debian.tar.xz
Checksums-Sha256:
 0b4fdbfbf6764f1008c0a2082ed0cb0feac3931e97324eb73ae1b2edf4aba3c8 1943 
libid3tag_0.15.1b-12.dsc
 c14bebb05158526c4a5384122c8f850c856c13d3db5046966b5523d0f876af96 7508 
libid3tag_0.15.1b-12.debian.tar.xz
Files:
 31c5fd4330a10bd64a2a63018722474d 1943 sound optional libid3tag_0.15.1b-12.dsc
 e6bbaffa83e3902df64e254be5af890e 7508 sound optional 
libid3tag_0.15.1b-12.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXlQeTAAoJEOPE3c0eTBJEzoAQAIE5mWInkppl0z3KVExl17vP
ymjOl9TPdAeUiZfd39sS4/ynJwayAjn/6GODA5NeG/RfcoZkjH/fmAVzyB2pSS2j
vubmNi7mT7FIQvz+QX1QiC2Q5YNj85FnYmRz9ikSp5FwismJKUITCfBkmGXw5Xej
4GgtRZSXvqJjR4toCyU6XKt58CjBo/LYOqflsj6iaNxKtrtiVM49qjEJPy2iuxIc
uKd3T3Iu0H1Nzfv5THKCjEg/6Qy8DPnG/lwLymZbZJ+C9rSJk7QENy/02FzRiWZ5
uLmVJI+nrlb09iamOuCLQA0EAG/PI/O6zFLBypy9OulX1NBT0tPM74SFehIjnUSJ
LsihZYjYVbsl+XA3y6qnGDB+tEktWbr2azRt1rBxDNB/1rshuasrcbmis6YaCJTc
VckcY6tj5sG7zPYXjTuU7J6EfzwFwtKgj2FVz5lwmSByUIo5aA8AdBIIQIIoAnfs
rm8ccozvLaRgKsm5nJ1u0tICvhRYddqEqxn22KHyIfwfluLXGU4cLyt97fZi05o5
ZXUY9dGYSRDyhbeCSM3pgMzDJCcgb/d7XZEXbXXXbMtWPgTY6+7xvVBLaCOUl8Ui
dlbIRD+x6+hL/G5oP0ZgawdnN6K09YgZ5ihjMVY++0p6kr3aBr011pInoTuKv1T6
hAEBgLkHKSHQgBjbqfIT
=jSPt
-END PGP SIGNATURE-

Accepted epic4-help 1:2.0+20050315-3 (source) into unstable

2016-07-24 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Jul 2016 16:43:20 +0200
Source: epic4-help
Binary: epic4-help
Architecture: source
Version: 1:2.0+20050315-3
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 epic4-help - help files for epic4 IRC client
Closes: 828893
Changes:
 epic4-help (1:2.0+20050315-3) unstable; urgency=medium
 .
   [ Logan Rosen <lo...@ubuntu.com> ]
   * debian/rules:
 - Remove legacy DH_COMPAT export.
 - Move dh_clean to clean target.
   * debian/compat: Indicate compatibility level of 9. (Closes: #828893)
   * debian/control:
 - Build-depend on debhelper (>= 9).
 - Depend on ${misc:Depends}.
 .
   [ Kurt Roeckx ]
   * Turn it into a "3.0 (quilt)" source package
   * Add build-indep and build-arch targets
Checksums-Sha1:
 4976a6e5dbe250c59dfbd2dae792bd08b0298253 1712 epic4-help_2.0+20050315-3.dsc
 c043fdc1a5a9bf6b9582dd0c91be32f514283a34 3380 
epic4-help_2.0+20050315-3.debian.tar.xz
Checksums-Sha256:
 0cdf4c0f1c423a56112b8418a85a26755d42c9c4709c046a5ef1375da7b6b938 1712 
epic4-help_2.0+20050315-3.dsc
 e376bc5a07cbc787f3a8bd5dd0e69d664b91a738bc076aaac953f32be15316f9 3380 
epic4-help_2.0+20050315-3.debian.tar.xz
Files:
 0c5b4472652b6dc9c04c81e2d92acc42 1712 net optional 
epic4-help_2.0+20050315-3.dsc
 32caaa4e177ac6fcb1f48333d089b9aa 3380 net optional 
epic4-help_2.0+20050315-3.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXlNUgAAoJEOPE3c0eTBJEA3MP/2nb/JO/DCIyNs/62AkEOb54
cloA0jF5c/djKtcuvB4LYdKTmg8pVGnf3jMuE95yEzfW7TPgqrCf1EFJLUuWfhkP
zRk4pFzHQUqFok1zDPvJ1K58GsJyRW8od7aFLW4BkMmBzCysaY6ZSJXvfE47cjR/
inanf+/g64f3Acw6SihbYg2OhrRmBix3h64Lq9iEVIm6melQ5fcbsVXu0pqM8tiu
fV+qQlSuDcp8UN8Oj6LzLs/qqozKLwoiYRRfV13Z8jkkWJLFjv0KYTKEyQed6qLu
GdWYXfhJr9D+SZ6YcaNLRQoiafJC2Ikm8txr8g5JSCkNU2BN7rR3G0YKCv7vbyFo
1Z6iwSU/SFprM7p12AjynutQRj7hHaaDmlBfhCo5MMTNMGSoVYUSFWDBVLTAfgrV
OWtb2dXDp/BPQEKF3qDQbEeXU85pHFEKVRHYwAA2SL2V6E0Glr4DSBedEuRCn9pL
CyKY6P/B1pFXc08BW1AOfCbYiyIvVhnmzeDbtqOSHLEZJ4UFoxgThtCFu4bovxbf
LIp/55XRj0PAbdda4GQZa0iHTHKol29MSaJ4H7iaTJ4tEQ5vAKFGXlF16ZZQmO9K
tD4dC2Ax2O1v1LL7XPJzjb2OMre9/Wmolb7YoF+m0BwzTaZDerqcTL6l8sS5RzR4
NTXE/K+bUZXkCdYRJxJT
=6xnH
-END PGP SIGNATURE-

Accepted epic4 1:2.10.6-1 (source) into unstable

2016-07-24 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Jul 2016 15:58:12 +0200
Source: epic4
Binary: epic4
Architecture: source
Version: 1:2.10.6-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 epic4  - epic irc client, version 4
Closes: 829758
Changes:
 epic4 (1:2.10.6-1) unstable; urgency=medium
 .
   * New upstream release
   * Make the build reproducible.  Patch from Reiner Herrmann
 <rei...@reiner-h.de> (Closes: #829758)
   * Use dh_prep instead of dh_clean -k
   * Switch to the "3.0 (quilt)" source format.
   * Add build-arch and build-indep targets
   * Use dpkg-buildflags
Checksums-Sha1:
 37f2d8275778132016427f1cfad9acc433a64c64 1702 epic4_2.10.6-1.dsc
 c0f4928d1b9720016a4c1bb58fdfd2ad6fde90ba 585300 epic4_2.10.6.orig.tar.xz
 37f79be7f589362e3a60c0f351d1238e48204db1 16432 epic4_2.10.6-1.debian.tar.xz
Checksums-Sha256:
 3eb726ad2a3c843e469586fea19d4230515046b6f825e41e675f087132473c44 1702 
epic4_2.10.6-1.dsc
 eaa79efe6393525de9632cc796e6a6fb15b476baec71d270fdeb7e28186953c1 585300 
epic4_2.10.6.orig.tar.xz
 193b12344034ff1caf4cc458677359a1d426948d9469153a8586bc71840fca97 16432 
epic4_2.10.6-1.debian.tar.xz
Files:
 f5e62a4f20a0899478bbe15430976853 1702 net optional epic4_2.10.6-1.dsc
 1934d9dea697ac7d15cb085df96e8c2f 585300 net optional epic4_2.10.6.orig.tar.xz
 5d37aeebd8bb19bb46b0af6b8d634b8a 16432 net optional 
epic4_2.10.6-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXlM/3AAoJEOPE3c0eTBJEkuYP/2eHdDY9kzs/5sfPnxsCBVtK
bsNXKLCdes3SjKy2n149nH0oidUbdqJM/8EJ6LEJEL1iVROL46Rn7IxE8weNlnK2
M/ZjUwBSMp+cpDeFQNaXiBqcpw+QGlRgoFvs61M4ISr35Sv867Oq9XFDvpocPx0D
Bvvrl13yg6B8mmPKk2J4fi87QRHmsyadNfAkPHjUe5HD1w7VxJWYlHkI12qPCiSG
Me84fpbhU2l59IZQjhHPdZ1MtYdp3ggr82er/kWZ8st8FnfushIdFSPpm8Ht0zVC
XL1/Xndn/ndHyyUJC9RbtH+e51juoq6icjN05abHq0xyv/yh4Vsnnh8kpFNnwo6P
ODQsNKUzcva9GFOMozZSfwZk7AxVE72fttUrJ9g896j7YmEan5kr17TpvfoEgXJU
RKTe8t5hdVgbJGRfP0D1eJGQ8W21srk/OohgQUQCDFVaaCPp+aQjVV5PACHx5Gg2
ArBeCaq467wWG8BmAWaijcIDnfKBnSyio/Jzdn7/1kAlzIz9UToESTdNp479wQSB
w9pNCGCabP9VsvXb4g3WqdexqE31zzIwZE9QKoIID1J5VzF3MMNRx+iBhMqJvfAi
2FZMOWAgVG3geimufseACYxbQ7447Cl/zqk3CE8BFs1OrDFDbpOYgSD50/IK5Au7
rLr7dMRcs4gz8iDe6R3E
=Tll+
-END PGP SIGNATURE-

Accepted epic5 2.0-1 (source) into unstable

2016-07-24 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 24 Jul 2016 17:34:28 +0200
Source: epic5
Binary: epic5
Architecture: source
Version: 2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 epic5  - epic irc client, version 5
Closes: 828295 829761
Changes:
 epic5 (2.0-1) unstable; urgency=medium
 .
   * New upstream release
   * Add CPPFLAGS to the CFLAGS, remove -Wall
   * Make it build reproducible.  Patch from Reiner Herrmann
 <rei...@reiner-h.de> (Closes: #829761)
   * Update config.patch to apply and only have irc.debian.org as
 default.
   * Make it build using openssl 1.1 (Closes: #828295)
   * Use dh_prep instead of dh_clean -k
   * Add sh -e in the prerm
   * Use sh instead of bash in the preinst
Checksums-Sha1:
 c3962cab16fbe7c4aeefe00333ac516060ab7713 1704 epic5_2.0-1.dsc
 5aea2e85b7361429175212f349af5c1db58399dc 802756 epic5_2.0.orig.tar.xz
 25d28931e17ae4dc7ad12b8ccfbeae2a51370a65 17208 epic5_2.0-1.debian.tar.xz
Checksums-Sha256:
 17e77d7ac0f1c6e7018474eaf0588acd2574a1269bc478599103d90a4593981d 1704 
epic5_2.0-1.dsc
 c7f8aacfa9a81c76dc24c2cad355850327be428681415a2491a7bc8639feecdf 802756 
epic5_2.0.orig.tar.xz
 3e0ab2b3c4b5432eddc477e8d91f5b75a37e5eddd9df36dcb22f591b03feb836 17208 
epic5_2.0-1.debian.tar.xz
Files:
 9b2de32af311f941837f8509ccc6abf0 1704 net optional epic5_2.0-1.dsc
 15dc7a1103d162e841ac494c5d5017cb 802756 net optional epic5_2.0.orig.tar.xz
 e337662c4e23b328f58e3506554c417c 17208 net optional epic5_2.0-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXlOHTAAoJEOPE3c0eTBJE2iQP/2zrngLN/j4eNSiE14egU9Gz
DUIsWXDd+C5slXekLuWTIGRfPW2S7JJma3bk4nfWuc3kigI+2peZuVPmytRFi6Qb
RM/KAtE3ak05+AOQkimMcIB2yDMclpjiWrdVkDdPAsqHlRS5H8ldneZMIfBYzyC5
0px2AXS/RcU3+xP3jUFkwOAajpEAd6Tx1/JSFO2iCNF16Gk9Vrdi1WTXq/O2MBry
3z5p+wBL0y454e/j6PUJG+WW+VNTi+MuOxMQ5aDcfnEwbAuWipHj0t3rXAWEboWe
a8KY+WVPtY3XGwtnnz0xTbXDKhVDCx4jzgGQ7E8cIA8xLh6zPgFlkYnRHUSD75if
NC3ZKpXKGQIuKQrbGwd+ey5K4WneXjYl8ax3pMZBY8L3vNJiYmlJPDohq+1iyGV0
t9148TI7zwA7qgWLmoCXKFIGB+QlTwrgH0PcGgnA5nLuqOA5FXys2WR/Euch0Kxn
WuE9ZsTmYZEoPC/Jcm43W4SDmdWSx8zzqeSzX5gHhGTYcMjZ8/gZmzfREzH8RWR9
ouoSyy/ObNZyg7kKICKVsM9hYGvhnL5VO1NmY4HHwRsCPqkTrz2U3EVTiPdOPFJH
M8pqcH2E4wCX9yoPt2uiNRmwyFgobRlt9mPHgRaE32bJ5/58hsiDZE0cYenzko5w
nGgWivEAvatyO7NA7rWt
=Me4N
-END PGP SIGNATURE-

Accepted elfutils 0.166-2 (source) into unstable

2016-07-23 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 23 Jul 2016 18:46:20 +0200
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.166-2
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Changes:
 elfutils (0.166-2) unstable; urgency=medium
 .
   * Actually add ignore_strmerge.diff to the patch series.
Checksums-Sha1:
 b64ce10cf84b97d25fb9008ba21a7a97ad47313c 2510 elfutils_0.166-2.dsc
 73e3f0be3227f164a2408455ead8aa4e578c 38372 elfutils_0.166-2.debian.tar.xz
Checksums-Sha256:
 b61f7a80abd820e0ba5b391a6ac69e1efeb5d635fd7c57701e039e97fa1293dd 2510 
elfutils_0.166-2.dsc
 3813afd220305e45ce9864a25791abef5c86e7e605d7c7a3876fc983b82654ca 38372 
elfutils_0.166-2.debian.tar.xz
Files:
 35419594d43901d3acd943bb0b7d92d1 2510 libs optional elfutils_0.166-2.dsc
 85c0897282c6263e7da737b571ad0ef2 38372 libs optional 
elfutils_0.166-2.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXk6DgAAoJEOPE3c0eTBJEwEoP/3D7HtwhcCMSCc6ymHWtAYl3
jLfF12rI8uTq3fknqBcVV2V+gsdG2ghBP/5+BOeWrkCAXSDKmymSpyKlFwPy8UUJ
FqmOKrIbJCdqyGmCCwdw8DnyQEIsEjefaAYyA73N2w0BL2oUzpR74DNUS4BjD2/Q
9ie67tlkG6VewVFAEx4tnnDrBYxqNt33I2hZC5JjPy1uGqlcz8bsTBpbw+0E7Yev
0F7Iwrnln4ex8/JZpnme86cC/HlHdgE/JSCMv0eGe431xTCeDsqtWkV/+15Q7nM7
eBrnQCh+4dq5c/l8tGmzVb+QXnvv7SrshU1SQCys6NiRb4CKkdQKF6EwxvK9bEfz
tZZRXMFV7AjodLFGt5oHqt/EXDa95J8lqAnWui6WgP21mcf2G3cgoUr3p8ZwC+Cz
sA7b3K3Tz5QJz4j2t2Hww7ipJu4wHorfZjDkQ1U8IdeqmKybyeTlazkHC8qLU9Gt
vsn2jVL4zQ6WF29Av45sM4s9eIxRN0Odz3CixheuElLrAMFyAtJpwEHGCna44e98
N9OZ7fY/Yas5emIX58u84a4BSvXkFeWn9+Lu5t262uf/L1XETQ+OvSb4heKMPvqu
y16kWKhKC/wb/V4uUlC5ToioxfuBhTr/Wk/xk7KwP4NhDvzGAzxPdUKM+i9saDhr
68YwOZo1tThBZ9whIgGZ
=7Xre
-END PGP SIGNATURE-

Accepted elfutils 0.166-1 (source) into unstable

2016-07-23 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 23 Jul 2016 17:25:04 +0200
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.166-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Closes: 647918 682101 818099 818485 825747
Changes:
 elfutils (0.166-1) unstable; urgency=medium
 .
   * New upstream release
   * Ignore run-native-test on Hurd, the maps file doesn't have
 paths in it.  Patch from Samuel Thibault <sthiba...@debian.org>
 (Closes: #682101)
   * Make cross compilation actually work.  Patch from Helmut Grohne
 <hel...@subdivi.de>  (Closes: #818099)
   * Add libebl.a to libdw-dev (Closes: #825747, #647918)
   * Ignore strmerge test failured, needed on at least mips.  Patch
 from Jurica Stanojkovic <jurica.stanojko...@imgtec.com>
 (Closes: #818485)
   * Change versioned build-depends on debhelper from 8.1.3 to 9 to
 make lintian happy.
   * Update Standards-Version to 3.9.8, no changes required.
Checksums-Sha1:
 2b8fad260ab53adb299a921b84234a33d670256f 2510 elfutils_0.166-1.dsc
 00b678e1182c331ea75af982d666bbc38ef8b055 6496225 elfutils_0.166.orig.tar.bz2
 326064d25ac31ef696f9c53884532d785d98334e 479 elfutils_0.166.orig.tar.bz2.asc
 59f1882cb36bc2f8f86b9af80e4a3135fb56823e 38332 elfutils_0.166-1.debian.tar.xz
Checksums-Sha256:
 18307d0348afe76f45bcb3fddaf2b3c66a82520152293933635a587560f451cd 2510 
elfutils_0.166-1.dsc
 3c056914c8a438b210be0d790463b960fc79d234c3f05ce707cbff80e94cba30 6496225 
elfutils_0.166.orig.tar.bz2
 81a30e6ed226960d76d7bdbf5b1a65751ce48cf39a209fa5b820932b64e9d18b 479 
elfutils_0.166.orig.tar.bz2.asc
 23f240bcce7f54b0c9093f6b320663d2a91dfdcd4fd7425fc883611f96c9f496 38332 
elfutils_0.166-1.debian.tar.xz
Files:
 1ff61264db3baf280ce41b18035540b1 2510 libs optional elfutils_0.166-1.dsc
 d4e462b7891915dc5326bccefa2024ff 6496225 libs optional 
elfutils_0.166.orig.tar.bz2
 23f72a945ebe725334063b890ec5fd05 479 libs optional 
elfutils_0.166.orig.tar.bz2.asc
 ab517819160ffd1003647523893684d2 38332 libs optional 
elfutils_0.166-1.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXk4yRAAoJEOPE3c0eTBJEetEQALBNu95YgSbTJlYp1bo7E4XB
G/8rElZz9UFAzbt7AEntwvVSrciuyIWUzlHlyCYfyr6Ycx2INv6qKzExM95n+5gM
E+kmu5h+2abHCvJQCLrIp1wblPvxjMy1+YW/9F/8YF39yovo49MWD3GM0mcFyDi/
LlWANAuxVWPVUSnBNSA5P8PpEk7f4FZjuBH3XjSejTEsHq64IZbzSYFWuPVjQBUh
vNiygIBVBVsCWcA4vk3n0z2iP91AQzs/M6JmUBFPML/AHGpgqx53rETDlt98roYt
9tGryY3d3f0wtG6yC8cXtQNDJelh2o4j6z08tNreM6r05zMZ2WxnBYFMFJxPUA9B
mpd3/tIcTCgD96U1E+3YAIzSmdy/JSZ9/LLMsUCaJZJyCFAHibD1hwn2bE+4p9zs
sfYo3JlfEuKAN2XE4pYvcXvyxse3iCqfow1OWZwPRINRteqNNhCt6vxh/754Tedb
bBjUwu4GsLwVz/DwayEbJLtMU0U97+/lrpyRSE1BrlbWKWXAP0acdsF/4QRV/ZcR
Z5YTyKGfv47Jp6ycsVZ9NzWqNUU7BYwnwRCmAaHmDTJ/92DVZGLIX+QiA0kYtZIZ
YnR+3d5n4Y68385rncM8Oy3DnWqbJ9atSwW3RlJ83gaYcy/AAwUyM3+9wrRi2Mb0
3rHyeCsOziWxiUgExYFD
=aDld
-END PGP SIGNATURE-

Accepted dutch 1:2.10-5 (source all) into unstable

2016-07-23 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 23 Jul 2016 15:28:21 +0200
Source: dutch
Binary: idutch wdutch aspell-nl myspell-nl
Architecture: source all
Version: 1:2.10-5
Distribution: unstable
Urgency: medium
Maintainer: Thijs Kinkhorst <th...@debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 aspell-nl  - Dutch dictionary for Aspell
 idutch - Dutch dictionary for Ispell
 myspell-nl - Dutch dictionary for Hunspell
 wdutch - list of Dutch words
Changes:
 dutch (1:2.10-5) unstable; urgency=medium
 .
   * Set LC_ALL to C so that we have a fixed sort order in the aspell
 worldlist file.
Checksums-Sha1:
 07d363220a809d46f970a447201ef2e86e1fc302 2027 dutch_2.10-5.dsc
 7f424d759a0539f9a06fcf4284becad1985604de 23394 dutch_2.10-5.diff.gz
 fefd3ef2730aa1f7b2c343f04afa6b4529e701cb 719622 aspell-nl_2.10-5_all.deb
 7fabac5360582cebc9a9eb9d2e07068db0ed8b73 899504 idutch_2.10-5_all.deb
 adbb3e003bd2f188b1c097dc5464c93ee011ee53 683580 myspell-nl_2.10-5_all.deb
 e01f2bd81bedaa419682951150083adb23d0ad22 1142308 wdutch_2.10-5_all.deb
Checksums-Sha256:
 c476c57af6cd681ef936f4c34ce05902cf3bb0f5ed4d513b8e5a9e91dad0d8c5 2027 
dutch_2.10-5.dsc
 8c7ddccaec7c6f44d029bb574d62bfd39a02bc95a4cfc08d29e34d745ddb5363 23394 
dutch_2.10-5.diff.gz
 44a464465034422d1963df0de2f5a375ef06d6d4f36dbc31c04a1ca75ffc961b 719622 
aspell-nl_2.10-5_all.deb
 f5c97f5717c276255f3dddb493b9e085e166ff2c2652af674f161565a6a5a373 899504 
idutch_2.10-5_all.deb
 405682b6653e9c0ef9eda0ba68097e51125bb2904a265fa7048b7b14a20fcdc9 683580 
myspell-nl_2.10-5_all.deb
 8686e5c7cefd0c5d6642c08bb58f50d7d996fe63e48a16a10d0a3b401bff7d9b 1142308 
wdutch_2.10-5_all.deb
Files:
 d299c419227e812111ca6f7d8a383f6e 2027 text optional dutch_2.10-5.dsc
 74c09d189b3c579d82cbb78102e7dd77 23394 text optional dutch_2.10-5.diff.gz
 48340b47e738893cdeaaf4eaeb4f44fc 719622 text optional aspell-nl_2.10-5_all.deb
 4eb85db23f70540052ac4a284541bbcc 899504 text optional idutch_2.10-5_all.deb
 bfd3612acd3fd2716868fed823c2a312 683580 text optional myspell-nl_2.10-5_all.deb
 099c57316c0d63c08d8a8c54f3338f4d 1142308 text optional wdutch_2.10-5_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXk3NgAAoJEOPE3c0eTBJE31UP/0OAXQpBU2bYnFRYhnco5OhD
1AgDcrxEoJsTYBWJUlBKzdV5m7sGl0ZfyVcJkbdf1BPYD1ZBJfs2tOKFf8N93sHX
r0AnKdNP/eM59sajoo5w8yYI3pppBDShjXriLIwbc6iuk8NSYO4XE2tpT4VWwPKR
u2KudI/+ASYtEgRej6DXHg/tKSiZ4VJCyv2D5/+w9Vmlcma42ORPYaBtS5xWa5lD
/ycHM7wbWlkNewtVqzWYYvgsy2ADGDViaZTsaGA/Bt1H+AgVHYWOilEZvaYQp6lp
uikXTJhg/ZvOum/8a0mTycLz7TFg0GHi2C6N85Uk7z8/LbtpPbVdxd0+ty4MVw8P
I+oSUnzJRoYdcqRQ6KNeexQQuEw+ngHDOe++apbSa6Luwyx+QyELhgip48qwo1o1
dFm+dS2gy2EMJBkxpfJDnZssY5lUhEDG6DwonHnfI2nkwT/VNNUEmeCerBeKeoNt
sGvN8HyyIBmJrwkT0hECldqFBKxhNtc9Frf8NKNQVK99zMLXaz4ogOA4yyJraYcB
AhaX8cMfv7EGrMq2ESOQkwcVA5O3daIdcOQM8/WmNisd+Qr7cR2raH+VGi+Pbqcq
EvhqSIMdWTjgCJsIf3GbOOh7onSO+osO1NdY/zbK/ZAuOQCDgBUyBwAuegA5D6SV
cioSI8EmSlG0gCINf9JF
=eB6U
-END PGP SIGNATURE-

Accepted openssl 1.1.0~pre5-5 (source) into experimental

2016-07-02 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 02 Jul 2016 14:54:51 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0~pre5-5
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0~pre5-5) experimental; urgency=medium
 .
   * Update snapshot to commit fe964f0c88f6780fd30b26e306484b981b0a8480
Checksums-Sha1:
 ef988facba0f121c6a5c9756d8aa857e25331027 2318 openssl_1.1.0~pre5-5.dsc
 2043e3fc607dda2825c835ab45c8f7cc92af453b 852608 
openssl_1.1.0~pre5-5.debian.tar.xz
Checksums-Sha256:
 96dfff03a869930c672e1740e30887a3390db12a1e724cb6c0f874bf75f87498 2318 
openssl_1.1.0~pre5-5.dsc
 2d134c27cf6119fe6aa342f4dd9c930d950ad9e55ad883090955db70652320af 852608 
openssl_1.1.0~pre5-5.debian.tar.xz
Files:
 a31957529b0edaa042bc16c919f172f2 2318 utils optional openssl_1.1.0~pre5-5.dsc
 d00cdbb8a7c47dcc12a95aa48c6bb7b8 852608 utils optional 
openssl_1.1.0~pre5-5.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXd7otAAoJEOPE3c0eTBJEv3kP/1gjtB4V0pRcSfdnKH1MdHra
5J0s5Zxzaf+khPNb4t6mMyudS8K3KLKUkPbkzvnXigkltwJ9VafnoogIJY/qrk63
HUKGNXk6GjeBYw6F4fh2g5vZSrAUKIC44yesJzhJOYyXa/rYni2QeDqzm0iN7QAZ
OUG95cfjWCUyQQXonnveUGRIDbspot4k9lB9UyeiPKHJAOTeRpbUiPMls4H+LCY6
thfNvSYWlfm3fAdjuSNACWlKef6sPAoYIiIFSPN+ER05joS/XAPQJcYtAnsTe6FX
Emq6DU5UbjMa/i0YpA2JCq3nvYpJn7J+o4PNt0fvPiqWWwtO116scHFNOHq2pUlV
HpGswKnAPzDyc1LTJArn45+REgQfYa+yOVpD+mNHhH0akJNhM8SpMQEIOzk2xkiM
JoKDd7QP4859UHi9X06bCA7HdEaTL3oHc/nyxnR8xwQR63G5J204NcxfPsaW9UAZ
N0m+6DWtizjq5uAhhsMa2nogAbTTKt+6oNA/etQHtjLma1E7hNecQ6/FeHeokmhL
7/hQ5NKsPBt69imIITfDQD6v1F0Cms98vly3TLjaPn6z2zDqHtpJz+aiWtscvGz9
eUtZMUn0bgB6Wx9+AVzu8xqkSWd7+MovnrRXd6nuwzxdTtdkj9WI15h1pZqfsYWF
JdG1GKwZeFHnDF17GeOa
=FazF
-END PGP SIGNATURE-

Re: EVP_dss1 replacement? (was: OpenSSL 1.1.0)

2016-06-29 Thread Kurt Roeckx

On Wed, Jun 29, 2016 at 04:15:39AM +0200, Christian Seiler wrote:
> On 06/11/2016 02:30 PM, Kurt Roeckx wrote:
> > There is an upstream wiki page for this at:
> > https://wiki.openssl.org/index.php/1.1_API_Changes
> > 
> > If things aren't clear, you have questions, are there are missing
> > access functions please contact us.
> 
> I'm currently packaging a piece of software (open-isns, [1]) that uses
> libcrypto functions internally. While trying to make sure that it will
> compile against OpenSSL 1.1 (and hence be binNMU-able), most of the
> things were straight-forward (opaque structures now requiring getters),
> but I have encountered the following issue that doesn't appear to be
> completely trivial to me: the software uses DSA+SHA1 as its signature
> algoritm [2], and effectively boils down to the following code to
> generate signatures:
> 
> md_ctx = EVP_MD_CTX_new();
> EVP_SignInit(md_ctx, EVP_dss1());
> EVP_DigestUpdate(md_ctx, /* stuff */);
> EVP_SignFinal(md_ctx, signature, _len, pkey);
> EVP_MD_CTX_free(md_ctx);
> 
> (Verification is analogous with VerifyInit/VerifyFinal.)
> 
> The problem is that EVP_dss1() doesn't exist anymore in OpenSSL 1.1. If
> I understand the man page correctly, EVP_dss1 is a hack in really old
> OpenSSL versions (how old btw.?) to support SHA1 signatures with DSA,
> because back then the hash algorithms were tied to the public key
> algorithms.
> 
> So is it correct to simply replace EVP_dss1() with EVP_sha1() in the
> above code and it will still produce DSA signatures? Or do I have to do
> something else to achieve the same results?

I'm not sure why they were removed at this time and not just
replaced by a #define.

Using EVP_sha1() is the correct replacement for EVP_dss1(),
as the manpage says.


Kurt

Accepted openssl 1.1.0~pre5-4 (source) into experimental

2016-06-26 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jun 2016 15:07:48 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0~pre5-4
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0~pre5-4) experimental; urgency=medium
 .
   * Update snapshot to commit c32bdbf171ce6650ef045ec47b5abe0de7c264db
   * Remove utils-mkdir-p-check-if-dir-exists-also-after-mkdir-f.patch, applied
 upstream
Checksums-Sha1:
 0620bfc3c29a75a1be813d114e6e79a96edc1108 2318 openssl_1.1.0~pre5-4.dsc
 1091276835e548e0ba405fb2c852ec5c334dbcd5 770864 
openssl_1.1.0~pre5-4.debian.tar.xz
Checksums-Sha256:
 cdab18907144b3dcac4b95c9427558728faa564cee8f69c5d50ed734010a23e9 2318 
openssl_1.1.0~pre5-4.dsc
 dbf15384b9d8d8173e94f191619f12d89d600c406126612bb3d33414b458bff7 770864 
openssl_1.1.0~pre5-4.debian.tar.xz
Files:
 8038aeb6f2a4a971293f5fb241ce137e 2318 utils optional openssl_1.1.0~pre5-4.dsc
 ae355619e00fc74af0f0220d830a79a6 770864 utils optional 
openssl_1.1.0~pre5-4.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXb9X2AAoJEOPE3c0eTBJE5DQP+wUk+FKRW3/RivsqwD5lVQrp
s0dqkHF1KcWUfqkOW8meuFvsdm4x/QTrVzDtOfTeYf/8DJBI3Mq92M4XN9nQNS4u
xUs8gb39eDsmSWOR5CGRwi9ohS3OfnKhFgpPZme2ARsbrmBDLx3/KMQTXjCo35ZP
PtKaub73wIJ+fNryDxg3yl44X6ocIwJlN7cdKfkJMYCeQMLdPjUqA7eJAU97jWw4
KNFRARn81VQyV6jDf2FWAkSiUX+a6XzPBZhkMUvs3wtIvs0h1u7UPTc/fBG6XtAs
ynfl9iAeTZbTLu8gkYbG+QxqIid36nabPGGsncy6CRZaFZ7jUvGI62nYT+Vuw9C9
adon9BGrdqSDthaCqJLW8T6j7D4v62OXy8tVsglFp/tk9RMvOv99qqCD9yz0q8X9
hi/1xs5qOcw8LztDb81cZB7tQ+W1yoWBmCj8EWoLFpT5dTkmhgRSW94qFl33Jig9
aKprgfUupSbJ1UOsgZdZeNXDpFTQpW9sbls7V+S5eJPX43YXQIqMdIkpQ2igOMRN
+TSeW/ZK+YglrKqC6a+6wNbK67AVpFT2bG0iNruQpoSa58uzt7IO+fiqn3fx1tO2
kNK1SUyQmI92r2sbU0HGTAkps3eLwN5kw7eKpmb/smQLdqZzcWy4UkkhXLrFkJdD
fYwenyO6NzxwBiMO8IJk
=4LMX
-END PGP SIGNATURE-

Re: OpenSSL 1.1.0

2016-06-11 Thread Kurt Roeckx

On Sat, Jun 11, 2016 at 08:33:07PM +0300, Antti Jarvinen wrote:
> Kurt Roeckx writes:
>  > The release of OpenSSL 1.1.0 is getting nearer. 
> 
> Thanks for the warning, I'm finding myself listed.. For the
> problematic package I maintain the API changes are already fixed
> upstream but is there any idea about schedule when (at latest) the
> fixing version should be included? 

I have no schedule currently about when we're going to release
openssl.  We're already behind our own release schedule, but we're
only fixing things at the moment.

I don't want to maintain an openssl 1.0.2 package, so I assume
that soon after the transition starts you'll have to get your
package fixed to stay in testing, but that's clearly something I
need to discuss with the release team.

Kurt

Re: OpenSSL 1.1.0

2016-06-11 Thread Kurt Roeckx

On Sat, Jun 11, 2016 at 07:41:25PM +0200, Jérémy Lal wrote:
> 2016-06-11 14:30 GMT+02:00 Kurt Roeckx <k...@roeckx.be>:
> 
> >
> > Hi,
> >
> > The release of OpenSSL 1.1.0 is getting nearer.  Some packages
> > will no longer build with the new version without changes.  Most
> > of those changes should be trivial, like you can't allocate some
> > structures on the stack anymore and need to use the correct _new()
> > and _free() function.
> >
> > It can also mean that you can't directly access some members of
> > those structures anymore and need to use a function instead.
> >
> > There is an upstream wiki page for this at:
> > https://wiki.openssl.org/index.php/1.1_API_Changes
> >
> > If things aren't clear, you have questions, are there are missing
> > access functions please contact us.
> >
> > I've uploaded packages to experimental, so you can use those to
> > test things.
> >
> 
> 
> Is an openssl 1.1.0 transition scheduled before release freeze ?

I really would like it to make in the next release, so that would
be yes.


Kurt

OpenSSL 1.1.0

2016-06-11 Thread Kurt Roeckx

apd (U)
   cyrus-imapd-2.4 (U)

Hideki Yamane <henr...@debian.org>
   net-snmp (U)

Hilko Bengen <ben...@debian.org>
   bro
   nmap
   sslsplit
   yara (U)

Holger Levsen <hol...@debian.org>
   tlsdate (U)

HTCondor Developers <condor-deb...@cs.wisc.edu>
   condor

Ian Beckwith <i...@debian.org>
   ckermit
   linux-ftpd-ssl
   netkit-ftp-ssl
   netkit-telnet-ssl

Ian Haywood <i...@haywood.id.au>
   gambas3 (U)

Ian Jackson <ijack...@chiark.greenend.org.uk>
   curl (U)

Ivo De Decker <iv...@debian.org>
   libapache2-mod-auth-pubtkt

Jacob Appelbaum <ja...@appelbaum.net>
   tlsdate

Jaime Melis <j.me...@fdi.ucm.es>
   opennebula (U)

Jaime Robles <ja...@debian.org>
   trustedqsl (U)

Jaldhar H. Vyas <jald...@debian.org>
   dovecot (U)

James Marsh <deb...@jamesmarsh.net>
   utopia-documents (U)

James McCoy <james...@debian.org>
   racket (U)
   serf (U)

Jan Dittberner <ja...@debian.org>
   wpa (U)

Jan Hauke Rahm <j...@debian.org>
   bacula (U)

Jan Niehusmann <j...@debian.org>
   qca2 (U)

Jan Wagner <w...@cyconet.org>
   icinga2 (U)

Janos Guljas <ja...@debian.org>
   uwsgi
   uwsgi (U)

Jean Baptiste Favre <deb...@jbfavre.org>
   trafficserver (U)

Jelmer Vernooij <jel...@debian.org>
   dovecot (U)

Jeremy Lainé <jeremy.la...@m4x.org>
   asterisk (U)
   pjproject (U)

Jerome Benoit <calcu...@rezozer.net>
   libpam-ssh

Jerry Stueve <k4...@arrl.net>
   trustedqsl (U)

Jesse Rhodes <dr...@drubo.net>
   hexchat

Joachim Breitner <nome...@debian.org>
   haskell-hsopenssl (U)

Joao Eriberto Mota Filho <eribe...@debian.org>
   afflib (U)
   yara (U)

Jochen Friedrich <joc...@scram.de>
   isakmpd
   net-snmp (U)

Joel Johnson <mrj...@lixil.net>
   dovecot (U)

John Goerzen <jgoer...@complete.org>
   bacula

John V. Belmonte <jbelmo...@debian.org>
   xmlsec1

Jonas Smedegaard <d...@jones.dk>
   asterisk (U)
   bitcoin (U)
   kannel-sqlbox
   libsecp256k1 (U)
   nodejs (U)
   pinot
   pjproject (U)
   uwsgi (U)

Jonathan McDowell <nood...@earth.li>
   libtorrent (U)

Jonathan Yu <jaw...@cpan.org>
   libcrypt-openssl-rsa-perl (U)

Joost van Baal-Ilic <joos...@debian.org>
   validns (U)

Jorge Soares <j.s.soa...@gmail.com>
   iva (U)

Jose Carlos Garcia Sogo <js...@debian.org>
   yate (U)

Jose Luis Rivas <ghost...@debian.org>
   libtorrent

Jose Luis Tallon <jltal...@adv-solutions.net>
   up-imapproxy

Jose M Calhariz <jose.calha...@netvisao.pt>
   amanda

Jose M Calhariz <j...@calhariz.com>
   amanda

Jose Parrella <bure...@debian.org>
   nginx
   nginx (U)

Josip Rodin <joy-packa...@debian.org>
   freeradius

Josselin Mouette <j...@debian.org>
   balsa (U)
   xchat-gnome (U)

Josue Abarca <jmasli...@debian.org>
   siege

José L. Redrejo Rodríguez <jredr...@debian.org>
   gambas3 (U)

José Manuel Santamaría Lema <panfa...@gmail.com>
   kde4libs (U)

Juergen Salk <j...@debian.org>
   dcmtk (U)

Julien Kauffmann <julien.kauffm...@freelan.org>
   freelan (U)

Julián Moreno Patiño <jul...@debian.org>
   hydra
   ophcrack (U)

Jérémy Lal <kapo...@melix.org>
   mongodb (U)
   nodejs (U)

Jörg Frings-Fürst <deb...@jff-webhosting.net>
   ipmitool
   ipmiutil
   simutrans (U)

Jörgen Hägg <j...@debian.org>
   conserver

Kai Wasserbäch <cu...@debian.org>
   kvirc (U)

Kai-Chung Yan <seamli...@gmail.com>
   android-platform-system-core (U)

Kamal Mostafa <ka...@whence.com>
   trustedqsl (U)

Kari Pahula <k...@debian.org>
   tntnet

Kartik Mistry <kar...@debian.org>
   ayttm
   nginx
   nginx (U)

Kees Cook <k...@debian.org>
   duo-unix

Keith Winstein <kei...@mit.edu>
   mahimahi

Kel Modderman <k...@otaku42.de>
   wpa (U)

Keng-Yu Lin <ken...@lexical.tw>
   dogecoin

Kentaro Hayashi <haya...@clear-code.com>
   groonga (U)

Kevin Smith <ke...@kismith.co.uk>
   swift-im (U)

Khalid Aziz <kha...@debian.org>
   openhpi (U)

Kilian Krause <kil...@debian.org>
   asterisk (U)
   libexosip2 (U)
   libzrtpcpp (U)
   ptlib (U)
   stunserver (U)
   yate (U)

Klas Lindfors <k...@yubico.com>
   yubico-piv-tool (U)

Krzysztof Burghardt <krzysz...@burghardt.pl>
   poco

Krzysztof Krzyzaniak (eloy) <e...@debian.org>
   lighttpd (U)

Kurt Roeckx <k...@roeckx.be>
   epic5
   ntp (U)

LaMont Jones <lam...@debian.org>
   bind9
   postfix

Laszlo Boszormenyi (GCS) <g...@debian.hu>
   freerdp (U)
   syslog-ng (U)

Laszlo Boszormenyi (GCS) <g...@debian.org>
   android-tools (U)
   fetchmail
   grpc (U)
   libwebsockets (U)
   mongodb
   neon27
   ori (U)
   qpid-cpp
   rdesktop
   socat
   stunnel4 (U)
   sx
   syslog-ng (U)

Laszlo Kajan <lka...@debian.org>
   gridengine (U)

Laurent Bigonville <bi...@debian.org&g

Accepted ntp 1:4.2.8p8+dfsg-1 (source amd64 all) into unstable

2016-06-07 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 07 Jun 2016 22:29:17 +0200
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source amd64 all
Version: 1:4.2.8p8+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian NTP Team <pkg-ntp-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 ntp- Network Time Protocol daemon and utility programs
 ntp-doc- Network Time Protocol documentation
 ntpdate- client for setting system time from NTP servers
Changes:
 ntp (1:4.2.8p8+dfsg-1) unstable; urgency=high
 .
   * New usptream version
 - Fixes security issues
Checksums-Sha1:
 46c87dbe85fd41dc90cb1b55eea45ae7f25d12a6 2245 ntp_4.2.8p8+dfsg-1.dsc
 3c2565a01aed586c4ff60e6c6961919895a8ad35 4214004 ntp_4.2.8p8+dfsg.orig.tar.xz
 80f90fc509570157b11f10af7a6d688f1de17dbc 53736 ntp_4.2.8p8+dfsg-1.debian.tar.xz
 b19723dc98e40d09cf57f368eb2c70579db392e8 1501100 
ntp-dbgsym_4.2.8p8+dfsg-1_amd64.deb
 6bc948c9d0b53efa1a5d8ec20758abd9fb81a4e6 1190056 ntp-doc_4.2.8p8+dfsg-1_all.deb
 6854e47255a7b3c131b06d04e29bd36677890e52 526764 ntp_4.2.8p8+dfsg-1_amd64.deb
 ad9562f9b62bec233e1dc29efa22aea6cb8e291e 145566 
ntpdate-dbgsym_4.2.8p8+dfsg-1_amd64.deb
 30c22c003c308f7ed028c0ebb59c8af69302eac7 71054 ntpdate_4.2.8p8+dfsg-1_amd64.deb
Checksums-Sha256:
 8dadf34eba02b0dbc57b287182ac1d4997b774211d7e70beb7328ff6599dc7a5 2245 
ntp_4.2.8p8+dfsg-1.dsc
 73e19507784300c5ea24fddeb9779c9a5056e42b40457759a69549e1030a3894 4214004 
ntp_4.2.8p8+dfsg.orig.tar.xz
 a6c2a11a50eb36950994df2b62ad7e42046953d5662c2872c272505a7d1837ea 53736 
ntp_4.2.8p8+dfsg-1.debian.tar.xz
 f033cecc1e33389134550d44864038c125ae18ef98dfed4f5ea87bf5749ccd61 1501100 
ntp-dbgsym_4.2.8p8+dfsg-1_amd64.deb
 72e2a47fefa67684cf4d2326a127b29394cea9584d5b37e87a83aad37c13b6a5 1190056 
ntp-doc_4.2.8p8+dfsg-1_all.deb
 c347adff3c50f7be01e096ab423a35b46e37b47c519c6b1ab7019539a1e66871 526764 
ntp_4.2.8p8+dfsg-1_amd64.deb
 e1869d51a0948990849905a04a683bbcab2171e0bf0c3a0cf0afebb16fb59e7a 145566 
ntpdate-dbgsym_4.2.8p8+dfsg-1_amd64.deb
 46798cb7f528cb2b8e311298891d50dd9180a471999b9c71e55ab1912c94a244 71054 
ntpdate_4.2.8p8+dfsg-1_amd64.deb
Files:
 df80901902f53f682752f2ffd2eea5be 2245 net optional ntp_4.2.8p8+dfsg-1.dsc
 87d57e42f6ce32c66b9d3a96561e7166 4214004 net optional 
ntp_4.2.8p8+dfsg.orig.tar.xz
 4e6fbbbfaf5c2c0e822b6c22a2d6290a 53736 net optional 
ntp_4.2.8p8+dfsg-1.debian.tar.xz
 d097a547a4f8ce19318a25c2ad3544e9 1501100 debug extra 
ntp-dbgsym_4.2.8p8+dfsg-1_amd64.deb
 2134364d2dc7ce09ff7e6db97bd7be05 1190056 doc optional 
ntp-doc_4.2.8p8+dfsg-1_all.deb
 58159ded1813d48d45b86d93aa055901 526764 net optional 
ntp_4.2.8p8+dfsg-1_amd64.deb
 46367c3bccace508d2738ccc3586a6a7 145566 debug extra 
ntpdate-dbgsym_4.2.8p8+dfsg-1_amd64.deb
 6b7bc1ac25924b0fa952e3c7c5d1e620 71054 net optional 
ntpdate_4.2.8p8+dfsg-1_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXVzAQAAoJEOPE3c0eTBJEBqsP/RFO06rtgqJ9gbx2gHrkTs9n
3YrORr1suZpfnot80BKmc2M4ccvKjlqUVN59em0cnekgxQbjUjNtA/UaetjhLX1f
nKw09AaCYJKpqbOCFuFcmRkigLHdKC25thBG6SnwDSmt7t2Mthp4aV15ciQWoHiS
lyOBecMbxs6uVxmNKMsP/6bdToS1K6qp6yUg0kcnywcu8cQFaw2BaRLGobvvVhia
oLqrdHWWzdRe5QAUuVGLpqOfIdAh2YzQLVugs+TiHHv8kXG+FKxJoAB5KjyOr3vD
7EOn6Gjx/ERvN7xSGb/j8JRwlzpsPD/A2LfD/wuY2HzX7nb0GOI2KZbprZEUfGn0
b30dGyF3dE3qLniEZ8UDEgcfNz+Uq93tspeVW4HzhzSXO49Fh9glvkCG1Mz3ESwh
Wro3ySwiTFndYAUroUgPLB/vqao8znVaIpbX5eyPAc5Pv0nIordb/xZRgEDXvZT+
hEzQYwawiXAkt7GywgWS7qpWTGleFy0Yz89dIooMQdYbL4zLqTA/nKV3Zn8p7vIT
caqngPuZL6KmoSICflXPTucPD/BLCimrAuTiTGrB6fFVMJoqqejbjI3QUEpCTKBB
RBhDFi4lZYkcO20BWvMjteVtxxuhi+N7FKuQDyNvAPg7fNIjVgNQ4SHqcsA7nduX
FQJX0eIzGpo6TNuJAIIK
=4b1C
-END PGP SIGNATURE-

Accepted openssl 1.1.0~pre5-1 (source amd64 all) into experimental, experimental

2016-05-30 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 28 May 2016 20:58:31 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source amd64 all
Version: 1.1.0~pre5-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 813191 823774
Changes:
 openssl (1.1.0~pre5-1) experimental; urgency=medium
 .
   * New upstream version with soname change.  Upload to experimental.
 - Rename binary packages
 - Remove patches:
   - block_diginotar.patch: All cross certificates expired in 2013
   - block_digicert_malaysia.patch: intermediate certificates expired in
 2015
   - man-dir.patch: Fixed upstream
   - valgrind.patch: Upstream no longer adds the uninitialized data to the
 RNG
   - shared-lib-ext.patch: No longer needed
   - version-script.patch: Upstream does symbol versioning itself now
   - disable_freelist.patch: No longer needed
   - soname.patch: Was to change to the 1.0.2 soname that upstream never had
   - disable_sslv3_test.patch: Fixed upstream
   - libdoc-manpgs-pod-spell.patch: Fixed upstream (Closes: #813191)
 - Rewrite debian-targets.patch to work with the new configuration system.
 - Update other patches to apply
 - Update list of install docs
 - Use DESTDIR instead of INSTALL_PREFIX
 - Clean up more files
 - Remove the configure option enable-tlsext no-ssl2 since they're no
   longer supported.
   * Add upstream snapshot:
 - Add d2i-tests.tar to get new binary test files.
   * Don't build i686 optimized version anymore on i386, it's now the default.
 (Closes: #823774)
Checksums-Sha1:
 736b277014d4e7f0d069c31843fec9141191a6bd 2318 openssl_1.1.0~pre5-1.dsc
 1cbc066e471c831ae8c0661abb80361b4d211a70 5289112 openssl_1.1.0~pre5.orig.tar.gz
 6b6e1f2b69020fc2bad0ff74265c33e743e5bf45 481188 
openssl_1.1.0~pre5-1.debian.tar.xz
 092160f9946f2c7b29156d439ae7ccc3126b20c9 949170 
libcrypto1.1-udeb_1.1.0~pre5-1_amd64.udeb
 1f46191f65cd519dc277d4487e55ada96c8a2cc2 1559012 
libssl-dev_1.1.0~pre5-1_amd64.deb
 89253541db921a3d8539854899ac8fa77eb7a392 1434774 
libssl-doc_1.1.0~pre5-1_all.deb
 79719d444c98b9e7724e1b422a2283a2881460cc 2734360 
libssl1.1-dbg_1.1.0~pre5-1_amd64.deb
 8906ca217f59f0ecef798c48c1be021fcc9f4646 140650 
libssl1.1-udeb_1.1.0~pre5-1_amd64.udeb
 46dec50417efce0fe4e91246e0e3f84e4403 1328254 
libssl1.1_1.1.0~pre5-1_amd64.deb
 f5c8ca954a2ccec4789dc26fe93814436cc5be6c 442792 
openssl-dbgsym_1.1.0~pre5-1_amd64.deb
 d60ba977b3ee15ec081f4374751f2ea67953b6f1 694390 openssl_1.1.0~pre5-1_amd64.deb
Checksums-Sha256:
 99eb1372a0f8e4a555d4b51ec79bf9fe97aad13276905a5fe9feb0a2672c430d 2318 
openssl_1.1.0~pre5-1.dsc
 25acbdfa5e0259ed20159670e88ddb4257970f80ce923427bd201133e6e580db 5289112 
openssl_1.1.0~pre5.orig.tar.gz
 76496cd640d6ebab348cf25429147dad1faac879e2a2ce091fe66f8ff7c74d9d 481188 
openssl_1.1.0~pre5-1.debian.tar.xz
 2c67bccc0a96f8b30a0dd83c9bad829c11edd332cb28838847781dc8b2865111 949170 
libcrypto1.1-udeb_1.1.0~pre5-1_amd64.udeb
 3f7bb944842a178c5848c1887e671ba4573c822b647dc031994e5460f370d309 1559012 
libssl-dev_1.1.0~pre5-1_amd64.deb
 e5fb2f2fe0c331583b5e8a95a2cdb6649960f6f3a61d86e3b3cedf583afc32ce 1434774 
libssl-doc_1.1.0~pre5-1_all.deb
 e8652632299b38dc485b5fee77d48de7431e6e38a9b468c31a35f101632bc285 2734360 
libssl1.1-dbg_1.1.0~pre5-1_amd64.deb
 3cb7681234ddcee27da9e18d172f7ae28f0babe61bf81673b61591a63e5746b2 140650 
libssl1.1-udeb_1.1.0~pre5-1_amd64.udeb
 18a06bd792304ae59944c37fc211f179dccee1edec68a4e9023dc0be7a7205c8 1328254 
libssl1.1_1.1.0~pre5-1_amd64.deb
 e47c2a4ff32ab70302a64d226d1dd85479a9323293d5fc363c82160af16d808c 442792 
openssl-dbgsym_1.1.0~pre5-1_amd64.deb
 94a215648963e2a6d1f0e80d4edf734f0439492d2d3aaacadb03455320ac158f 694390 
openssl_1.1.0~pre5-1_amd64.deb
Files:
 9cf4eff594c47057b633317c74bc2e47 2318 utils optional openssl_1.1.0~pre5-1.dsc
 b8bc336df2bb0cea4bf2f5099481f702 5289112 utils optional 
openssl_1.1.0~pre5.orig.tar.gz
 94fea0764923065f48a8fa99bbaabdf3 481188 utils optional 
openssl_1.1.0~pre5-1.debian.tar.xz
 6e3a53a3fffe63d1c37eaf4f6d0bcd36 949170 debian-installer optional 
libcrypto1.1-udeb_1.1.0~pre5-1_amd64.udeb
 adc00c3b9d42ed3b1d3f3612897ac46b 1559012 libdevel optional 
libssl-dev_1.1.0~pre5-1_amd64.deb
 a2db577a9ee9ac366d9bbb6f36a67249 1434774 doc optional 
libssl-doc_1.1.0~pr

Accepted ntp 1:4.2.8p7+dfsg-4 (source amd64 all) into unstable

2016-05-19 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 19 May 2016 20:44:08 +0200
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source amd64 all
Version: 1:4.2.8p7+dfsg-4
Distribution: unstable
Urgency: high
Maintainer: Debian NTP Team <pkg-ntp-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 ntp- Network Time Protocol daemon and utility programs
 ntp-doc- Network Time Protocol documentation
 ntpdate- client for setting system time from NTP servers
Closes: 824767
Changes:
 ntp (1:4.2.8p7+dfsg-4) unstable; urgency=high
 .
   * Update apparmor-profiles-extra again now we now in which version they
 removed it.
   * Call dh_apparmor.  Add build-depends on dh-apparmor.  (Closes: #824767)
Checksums-Sha1:
 7f0c60003d9a216daf9e7f07b935942390cbfcc9 2248 ntp_4.2.8p7+dfsg-4.dsc
 31bda0a286c7ccd992b0ed4e46f19a512362d216 53692 ntp_4.2.8p7+dfsg-4.debian.tar.xz
 de97c281d676eb85a6108d0c6ee323ff381a9cf9 1501466 
ntp-dbgsym_4.2.8p7+dfsg-4_amd64.deb
 0b9c7982f6f33721c57234e6e27ec6ae7d289e9f 1189958 ntp-doc_4.2.8p7+dfsg-4_all.deb
 7187454789de4db6a4c4a04aaef333fdf981f881 526598 ntp_4.2.8p7+dfsg-4_amd64.deb
 e4e223f76de7097c8145aa606907924eabf68b6c 145628 
ntpdate-dbgsym_4.2.8p7+dfsg-4_amd64.deb
 0889a8cc43ec0b2bbc2dd63b16fddb3832b43cf3 70978 ntpdate_4.2.8p7+dfsg-4_amd64.deb
Checksums-Sha256:
 c9d19fb090c51b3c75db05482ed1d1fa50ea124ad8c90cd6584f2cf1c0f3a05a 2248 
ntp_4.2.8p7+dfsg-4.dsc
 d404a5a5a81741778cb16610731b626481cdc6b43111dae4f359ea2adc24270b 53692 
ntp_4.2.8p7+dfsg-4.debian.tar.xz
 599ff7abb3f78cfa3d7556f148564ab41a2ba4451f90572a1fa74bc1866ca178 1501466 
ntp-dbgsym_4.2.8p7+dfsg-4_amd64.deb
 2245260f1af2e8b8a00d98f0dc95a471a3779a68ed5c5d5146f6bbb2f6829754 1189958 
ntp-doc_4.2.8p7+dfsg-4_all.deb
 34a885187786f5fbcd18d3193cd3cccae04ea392d5667683e759ab1422486f9c 526598 
ntp_4.2.8p7+dfsg-4_amd64.deb
 e96088ad608d38d5b7edfacff6a8d14e5bacce9d6681eb0130036ae570c87eb1 145628 
ntpdate-dbgsym_4.2.8p7+dfsg-4_amd64.deb
 873a37be324bb24780afe7cf430c3a4a9cf257d962b5c8b83f76e1a599bfb277 70978 
ntpdate_4.2.8p7+dfsg-4_amd64.deb
Files:
 62193276c5acd20f2bae2135235fb336 2248 net optional ntp_4.2.8p7+dfsg-4.dsc
 9f6d5bccf80322273ea6ef0d73fe4c2c 53692 net optional 
ntp_4.2.8p7+dfsg-4.debian.tar.xz
 7942a08f6b2ed37bf9d930510b900b87 1501466 debug extra 
ntp-dbgsym_4.2.8p7+dfsg-4_amd64.deb
 f97f39e14b70bab3f3863a42f9c7da35 1189958 doc optional 
ntp-doc_4.2.8p7+dfsg-4_all.deb
 652c10559d2d98afd1d26209d3ccb87c 526598 net optional 
ntp_4.2.8p7+dfsg-4_amd64.deb
 e58c6af4f01bcede212878ce90e5e550 145628 debug extra 
ntpdate-dbgsym_4.2.8p7+dfsg-4_amd64.deb
 abd48a86f23033562cce12ad8aa005b8 70978 net optional 
ntpdate_4.2.8p7+dfsg-4_amd64.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXPg1DAAoJEOPE3c0eTBJEzggQAKoMnKerwHAsM6P7JiCqzeB9
9T/KTud8fWgj76wWRBwuk9yOve3uHUyAgzk63KgijObcWG0XsxDdVv2ni0D5sSl+
/9VV6B4rDnna0fQ8ImpqZuzttNH0uM99yNasoaS2FqIR/5NW0v1B8Blgr3gu4crO
ay/PRl/O3tmqmWEW/LCoFcjdxQ2/qcv8gDvBt2eHYxYUy7ustQEpUdKLSxRKCYK1
y1V062aALr8LlEkOFsZU9iADQNP6JY7v+HTm/y4HI29FAus5XZme0PpGMvVbKbQ6
m9t1eh4Kuy9Lai7ahHlUfXeC4tetCdqDLJbHHzWl3dAbvOBgtUF+VbRZLG26raOS
VP2BV+yRa4sdOGOVCBEKyFfpUW17qBUuzN/awdruoQqaqTm/d65DjwWkVJ8nGNBi
ETMpV9QQRaTnrXwBWOqD9GhXO+gjjIpxD3vZp7w617KbU/SOM0DB9VqsH/fMASfw
FAtSmdOkYh68CVbZi6gCxrbMZ40kXGJz4kNfok81pEvh9R6qhC6zxaK8rH0/k7Y/
dKk1lK62EOyssFtBGYM349mF7Odskz//35xmKFAcqyKa7XjkeyN6+r4AsmlpGO2d
12Q5wIjzzjZsxb/oQPiUAVLaIQW+/G4a/v14IiGZzgSgpoO//tGCKmR5PzOtL4L8
5py3EPG5/wzZGJmYaOrc
=aJQF
-END PGP SIGNATURE-

Accepted openssl 1.0.2h-1 (source amd64 all) into unstable

2016-05-03 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 03 May 2016 18:31:22 +0200
Source: openssl
Binary: openssl libssl1.0.2 libcrypto1.0.2-udeb libssl1.0.2-udeb libssl-dev 
libssl-doc libssl1.0.2-dbg
Architecture: source amd64 all
Version: 1.0.2h-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.2h-1) unstable; urgency=high
 .
   * New upstream version
 - Fixes CVE-2016-2107
 - Fixes CVE-2016-2105
 - Fixes CVE-2016-2106
 - Fixes CVE-2016-2109
 - Fixes CVE-2016-2176
Checksums-Sha1:
 04608d1cb01f5d34a3abd5f8b7e11f56f9229a87 2303 openssl_1.0.2h-1.dsc
 577585f5f5d299c44dd3c993d3c0ac7a219e4949 5274412 openssl_1.0.2h.orig.tar.gz
 86f7982ddd08dffe8755005a68eabbc859eced4a 76440 openssl_1.0.2h-1.debian.tar.xz
 7800028e4164dfeb59a725411b643ee474acb420 874806 
libcrypto1.0.2-udeb_1.0.2h-1_amd64.udeb
 a3f83d1bb0e9d8d34e206e41103fcef001a747c1 1543988 libssl-dev_1.0.2h-1_amd64.deb
 a72c622e71da1201e1c4134fda75707da7279a50 1267954 libssl-doc_1.0.2h-1_all.deb
 a50b9ee3bd1d7b2d41828cbc59e40f5082e99266 2989128 
libssl1.0.2-dbg_1.0.2h-1_amd64.deb
 18b9ee4b7eca82513116fd4e606effae9ad4e65b 141054 
libssl1.0.2-udeb_1.0.2h-1_amd64.udeb
 579246123b7a9f64691cf0f0e681cb5511207abe 1287374 libssl1.0.2_1.0.2h-1_amd64.deb
 b69e54d7f5d62773d40c2b7729b3c1e9ed054a19 577934 
openssl-dbgsym_1.0.2h-1_amd64.deb
 30fb7dc23f3095701ccd3cc7904912c94824052a 680752 openssl_1.0.2h-1_amd64.deb
Checksums-Sha256:
 deca464d2afbc06dd8dc06ffa33d2673fd36325417a8d6ff593e2fdf5628a992 2303 
openssl_1.0.2h-1.dsc
 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 5274412 
openssl_1.0.2h.orig.tar.gz
 0301f727deaf82d1c0dfc71b33821b1fd7a8c2a55f50fcb98e999d6e33818830 76440 
openssl_1.0.2h-1.debian.tar.xz
 148b7de85343d8a369b48f9620319083ee9720c0224e87dc250dac36e927a5d4 874806 
libcrypto1.0.2-udeb_1.0.2h-1_amd64.udeb
 9bede1f80e3074b135e91a54137924bfdc23b41f2bff286e110f6036c93b79a4 1543988 
libssl-dev_1.0.2h-1_amd64.deb
 3ad5405c7f475fe42d3c7a3fafbac53a172ec78d621ade8a3b96fa18d69059e6 1267954 
libssl-doc_1.0.2h-1_all.deb
 e22339e9bfc4bc36c851a9942f7b4504e478771f2c77118b669e00e8a8e37dea 2989128 
libssl1.0.2-dbg_1.0.2h-1_amd64.deb
 8709ec3602203b66f338ace3fb98eaaab81d72a7e18bc72f39584a7bbfd5 141054 
libssl1.0.2-udeb_1.0.2h-1_amd64.udeb
 83035ac443512f7d2d9867cd50c84bc8a8e7a62b93e1c0ec1b6b9f678a833e4f 1287374 
libssl1.0.2_1.0.2h-1_amd64.deb
 cc85c5bace9870417e4001d78fc0f75824f8c410028bcaa23bd121b7619b6156 577934 
openssl-dbgsym_1.0.2h-1_amd64.deb
 605c2ca88b26ca37968fccd39887820d3cd1d704c9604a3b38aa5a4fc1cf6bbf 680752 
openssl_1.0.2h-1_amd64.deb
Files:
 cbd33bb432d3dfea08d1df129defaf82 2303 utils optional openssl_1.0.2h-1.dsc
 9392e65072ce4b614c1392eefc1f23d0 5274412 utils optional 
openssl_1.0.2h.orig.tar.gz
 6ae270be3ac1a230a21738dd7c6e7da8 76440 utils optional 
openssl_1.0.2h-1.debian.tar.xz
 b52bd94a88f5ff82e970a5f96c0b98f7 874806 debian-installer optional 
libcrypto1.0.2-udeb_1.0.2h-1_amd64.udeb
 104f2b0f69ae0181ee221d1362afeae6 1543988 libdevel optional 
libssl-dev_1.0.2h-1_amd64.deb
 6be4225efd1cbb6c31e66b82fb5afe01 1267954 doc optional 
libssl-doc_1.0.2h-1_all.deb
 c6aa927bdc468be44940d6d3cef6476a 2989128 debug extra 
libssl1.0.2-dbg_1.0.2h-1_amd64.deb
 fc7be0f590b19698436132f978b4de1e 141054 debian-installer optional 
libssl1.0.2-udeb_1.0.2h-1_amd64.udeb
 06ccc3e96af8822f608b23c70bf2d1b8 1287374 libs important 
libssl1.0.2_1.0.2h-1_amd64.deb
 10f217597fd4782a3fb6a39bff668f54 577934 debug extra 
openssl-dbgsym_1.0.2h-1_amd64.deb
 74918f98ce4f3555ff1682c950f81425 680752 utils optional 
openssl_1.0.2h-1_amd64.deb
Package-Type: udeb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJXKNTyAAoJEOPE3c0eTBJEnIAP/1Fe+dpiaoP7Ri1hSqXMHNkp
rn2jm2VcAtQuUT2Zl89P1BqBHhM2uTKdsLEzVTOIaYzY3GxeOHJLGMMXIkdr/aO3
YccdTz7uxdsoHxJht0QxAgsJZmoPnlwMaOoqNrWMwoFvZfTCJHkeyodbQWLdNZgT
z/gpmTWwFkRbgnpFSPYT1mlf0Ami629d4lNHPdovrkqPSTV4istIqD2GAnYWCU6e
CPaa7HsELc7utf0gOUFGTtQ/OrUfvoNbKnGM4QdejGPMB8qQWrVeblz5rtAXXzRD
0wGWunedNsjpAa1L2bUc+nr0Zbr5ix2dtRkOsWnAuRX/hgkq8u2DThv7FV02S0T0
xQxGGzMZryagMjoj7x2YukcbipbhDhI6u4+u8O7Mz33Cqtq3JFSQ6KUbXF1ArR8J
5VeSSnl+B5H/35wVx1fJcMFSCKtcu6HJJxqj0HmuLzoenMDkoewi4gosTQcB0+uD
xWKn8T3xkSYw2qip2bu6cnuHTq2OIjO5/kFigU+lexnxsftIFtT8h4+4azjlsEKV
G2Xykvo3a0Vp4rctufI0Xj86u7kELkXfGQeOCDHxmdMeq4u3VlRBOKQBMXCJwWoU
X7vYsJD9PqVXTebd2YZDIApwp1X2afcsdCTT6yUr1ifRBJ+L69TvHzZMzK8eK5ze
2xg76eKFpjQc47

1 2 3 4 5 6 7 8 >

1 - 100 of 758 matches

Mail list logo