Your message dated Sat, 12 Nov 2011 13:32:25 +0000
with message-id <[email protected]>
and subject line Bug#630601: fixed in libnet-openid-server-perl 1.09-1
has caused the Debian Bug report #630601,
regarding libnet-openid-server-perl: use Digest::SHA instead of Digest::SHA1
and drop (Build-)Depends(-Indep) on libdigest-sha1-perl
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
630601: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630601
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libnet-openid-server-perl
Version: 1.02-1
Severity: normal
User: [email protected]
Usertags: digest-sha-perl-transition
Hi Dominic
We from the Debian Perl Group -- as you might read already -- would
like to drop libdigest-sha1-perl at some point, see [1]. Most of the
functionality (except sha1_transform) of Digest::SHA1 is also provided
by Digest::SHA.
Digest::SHA is in Perl core since version 5.9.3 and thus is in
Debian's perl since Lenny.
Changing use of Digest::SHA1 to Digest::SHA would thus reduce external
dependencies by one.
[1] http://deb.li/digestsha
This seems indeed "fixed" in developer release upstream, or adapted upstream in
version 1.030099_001:
1.030099_001 Nov 06 2010
* Use Crypt::DH::GMP over Crypt::DH for speed (Robert Norris)
* Set mode and claimed_id before redirect to setup in checkid_immediate.
Without this some implementations (Movable Type) do not have enough
context to understand what the client is trying to do (Adam Sjøgren)
* Fix potential timing attack when checking signatures (Adam Sjøgren)
(see
http://lists.openid.net/pipermail/openid-security/2010-July/001156.html)
* Support HMAC-SHA256 signatures (Adam Sjøgren)
* Merge get_args and post_args into single 'args' parameter. get_args &
post_args remain as deprecated parameters (Martin Atkins, Robert Norris)
With adding support for HMAC-SHA256 they changed module to use
Digest::SHA.
Would it be possible to update package version to this, if upstream
does not release new version in near future?
Bests,
Salvatore
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: libnet-openid-server-perl
Source-Version: 1.09-1
We believe that the bug you reported is fixed in the latest version of
libnet-openid-server-perl, which is due to be installed in the Debian FTP
archive:
libnet-openid-server-perl_1.09-1.debian.tar.gz
to
main/libn/libnet-openid-server-perl/libnet-openid-server-perl_1.09-1.debian.tar.gz
libnet-openid-server-perl_1.09-1.dsc
to main/libn/libnet-openid-server-perl/libnet-openid-server-perl_1.09-1.dsc
libnet-openid-server-perl_1.09-1_all.deb
to
main/libn/libnet-openid-server-perl/libnet-openid-server-perl_1.09-1_all.deb
libnet-openid-server-perl_1.09.orig.tar.gz
to
main/libn/libnet-openid-server-perl/libnet-openid-server-perl_1.09.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <[email protected]> (supplier of updated
libnet-openid-server-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 12 Nov 2011 11:37:24 +0000
Source: libnet-openid-server-perl
Binary: libnet-openid-server-perl
Architecture: source all
Version: 1.09-1
Distribution: unstable
Urgency: low
Maintainer: Dominic Hargreaves <[email protected]>
Changed-By: Dominic Hargreaves <[email protected]>
Description:
libnet-openid-server-perl - library for servers of OpenID identities
Closes: 630601
Changes:
libnet-openid-server-perl (1.09-1) unstable; urgency=low
.
* Add Vcs-* fields
* Switch to dpkg-source 3.0 (quilt) format
* Switch to minimal dh7 rules
* Update Standards-Version (no changes)
* New upstream release
* Adjust dependencies for new upstream release (closes: #630601)
Checksums-Sha1:
5372b918cbf9438c3f017b6907827994c6949777 1483
libnet-openid-server-perl_1.09-1.dsc
152495c73e4e09387de10d9dbd9527b52185f1d4 24890
libnet-openid-server-perl_1.09.orig.tar.gz
92b5d84fa910d5f9a2747fa9cbba4ab1adcbeec9 1997
libnet-openid-server-perl_1.09-1.debian.tar.gz
038ae596e828d3bb853a4ec9d22445b06d59565b 27222
libnet-openid-server-perl_1.09-1_all.deb
Checksums-Sha256:
e12efc2946d4a9fab6967511a8100e5c9e1ad800d155061c7a943201cd454634 1483
libnet-openid-server-perl_1.09-1.dsc
4a962ff593f66f276500535dbc7a018c098dfd166168df38cbeddb3c20128617 24890
libnet-openid-server-perl_1.09.orig.tar.gz
6e836157d9920be007bf769ce2711f190c773e3c6034fc3e5afde65f487af8de 1997
libnet-openid-server-perl_1.09-1.debian.tar.gz
c5a12b8c9da47060bf92c6ace853640f34161a84719e7833137e4b3716da07d8 27222
libnet-openid-server-perl_1.09-1_all.deb
Files:
eeac1dd57f059ecf55718662c1655db1 1483 perl optional
libnet-openid-server-perl_1.09-1.dsc
202fb0b735ad809ae7e9a923c24344f8 24890 perl optional
libnet-openid-server-perl_1.09.orig.tar.gz
4840a10ceddc4fdd64662476a975ad21 1997 perl optional
libnet-openid-server-perl_1.09-1.debian.tar.gz
3f5736bb4d058385746a67937a0bf182 27222 perl optional
libnet-openid-server-perl_1.09-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOvlqZYzuFKFF44qURAqGhAKC/nIDLosNxUl5S8Z3cPMlg9NSHJACgyQYj
KbXjENn4bATJnHrZnR1eHJU=
=aDR/
-----END PGP SIGNATURE-----
--- End Message ---
