Re: Bug#959469: buster-pu: package openssl/1.1.1g-1

[Adam D. Barratt]

On Sat, 2020-05-02 at 22:29 +0200, Sebastian Andrzej Siewior wrote:
> On 2020-05-02 20:32:01 [+0100], Adam D. Barratt wrote:
> > On Sat, 2020-05-02 at 18:36 +0200, Sebastian Andrzej Siewior wrote:
> > > I'm fairly late, I know.
> > 
> > Just a little. :-( Particularly as OpenSSL builds udebs.
> > 
> > CCing KiBi and -boot so they're aware of the discussion, but this
> > does
> > come quite late.
> 
> Yes, I know. I'm won't cry if this skips this pu, I just couldn't get
> earlier to it.

OK. To be honest, at this stage I would be happier looking at this for
10.5 than 10.4.

> > Do we have any feeling for how widespread such certificates might
> > be?
> > The fact that there have been two different upstream reports isn't
> > particularly comforting.
> 
> This is correct. I don't know if there is tooling that is generating
> broken certificates or just some individuals. I updated my two
> OpenVPN instances and I saw clients connecting again.

Thanks for the information.

Regards,

Adam

Re: buster-pu: package openssl/1.1.1g-1

[Sebastian Andrzej Siewior]

On 2020-05-02 20:32:01 [+0100], Adam D. Barratt wrote:
> On Sat, 2020-05-02 at 18:36 +0200, Sebastian Andrzej Siewior wrote:
> > I'm fairly late, I know.
> 
> Just a little. :-( Particularly as OpenSSL builds udebs.
> 
> CCing KiBi and -boot so they're aware of the discussion, but this does
> come quite late.

Yes, I know. I'm won't cry if this skips this pu, I just couldn't get
earlier to it.

> Do we have any feeling for how widespread such certificates might be?
> The fact that there have been two different upstream reports isn't
> particularly comforting.

This is correct. I don't know if there is tooling that is generating
broken certificates or just some individuals. I updated my two OpenVPN
instances and I saw clients connecting again.

> Regards,
> 
> Adam

Sebastian

Re: buster-pu: package openssl/1.1.1g-1

[Adam D. Barratt]

On Sat, 2020-05-02 at 18:36 +0200, Sebastian Andrzej Siewior wrote:
> I'm fairly late, I know.

Just a little. :-( Particularly as OpenSSL builds udebs.

CCing KiBi and -boot so they're aware of the discussion, but this does
come quite late.

> The last update was addressed via DSA providing only a patch for the
> CVE with severity high. This pu updates Buster's OpenSSL version from
> `d' to current `g' fixing CVE-2019-1551 which was earlier skipped due
> to its low severity. 
> The "EOF" bug-fix-regression introduced in `e' is reverted again in
> `g'.
> OpenSSL now checks certificates more strictly. There should be no
> problems with "officially" issued certificats but some certificates
> contain an invalid (combination of) attributes which are now. The `g'
> version is since 25th April in testing and received no bug reports
> but OpenSSL upstream received [0], [1] for custom issued OpenVPN
> certificates.
> Please find attached a compressed debdiff since last security update.
> 
> [0] https://github.com/openssl/openssl/issues/11456
> [1] https://github.com/openssl/openssl/issues/11625

Do we have any feeling for how widespread such certificates might be?
The fact that there have been two different upstream reports isn't
particularly comforting.

Regards,

Adam

Bug#959467: installation-reports: succesful installation on powermac G4 - powerpc

[Martin Hrebec]

Package: installation-reports
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- Package-specific info:

Boot method: CD
Image version: 
https://cdimage.debian.org/cdimage/ports/2020-04-19/debian-10.0-powerpc-NETINST1.iso
Date: 2020-05-02

Machine: PowerBook G4, PowerBook5,8, A1138
Partitions: 
Filesystem Type 1K-blocksUsed Available Use% Mounted on
udev   devtmpfs   1012380   0   1012380   0% /dev
tmpfs  tmpfs   206180 956205224   1% /run
/dev/sda4  ext4  60184256 4223440  52873876   8% /
tmpfs  tmpfs  1030888   0   1030888   0% /dev/shm
tmpfs  tmpfs 5120   4  5116   1% /run/lock
tmpfs  tmpfs  1030888   0   1030888   0% /sys/fs/cgroup
/dev/sda2  hfs 1249906676118314   6% /boot/grub
tmpfs  tmpfs   206176   0206176   0% /run/user/0
tmpfs  tmpfs   206176   8206168   1% /run/user/1000

Base System Installation Checklist:
[O] = OK, [E] = Error (please elaborate below), [ ] = didn't try it

Initial boot:   [O]
Detect network card:[O]
Configure network:  [O]
Detect media:   [O]
Load installer modules: [O]
Clock/timezone setup:   [O]
User/password setup:[O]
Detect hard drives: [O]
Partition hard drives:  [O]
Install base system:[O]
Install tasks:  [O]
Install boot loader:[O]
Overall install:[O]

Comments/Problems:



ALL ok
-- 

Please make sure that the hardware-summary log file, and any other
installation logs that you think would be useful are attached to this
report. Please compress large files using gzip.

Once you have filled out this report, mail it to sub...@bugs.debian.org.

==
Installer lsb-release:
==
DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="11 (bullseye) - installer build 20200315"
X_INSTALLATION_MEDIUM=cdrom

==
Installer hardware-summary:
==
uname -a: Linux powerbook 5.5.0-2-powerpc #1 Debian 5.5.17-1 (2020-04-15) ppc 
GNU/Linux
lspci -knn: lspci: Unable to load libkmod resources: error -12
lspci -knn: :00:0b.0 Host bridge [0600]: Apple Inc. Intrepid2 AGP Bridge 
[106b:0066]
lspci -knn: Kernel driver in use: agpgart-uninorth
lspci -knn: :00:10.0 VGA compatible controller [0300]: Advanced Micro 
Devices, Inc. [AMD/ATI] RV350/M10 / RV360/M11 [Mobility Radeon 9600 (PRO) / 
9700] [1002:4e50]
lspci -knn: Subsystem: Advanced Micro Devices, Inc. [AMD/ATI] RV350/M10 / 
RV360/M11 [Mobility Radeon 9600 (PRO) / 9700] [1002:4e50]
lspci -knn: Kernel driver in use: radeonfb
lspci -knn: 0001:10:0b.0 Host bridge [0600]: Apple Inc. Intrepid2 PCI Bridge 
[106b:0067]
lspci -knn: 0001:10:11.0 Network controller [0280]: Broadcom Inc. and 
subsidiaries BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller 
[14e4:4318] (rev 02)
lspci -knn: Subsystem: Apple Inc. Device [106b:4318]
lspci -knn: Kernel driver in use: b43-pci-bridge
lspci -knn: 0001:10:14.0 CardBus bridge [0607]: Texas Instruments PCI1510 PC 
card Cardbus Controller [104c:ac56]
lspci -knn: Kernel driver in use: yenta_cardbus
lspci -knn: 0001:10:15.0 USB controller [0c03]: NEC Corporation OHCI USB 
Controller [1033:0035] (rev 43)
lspci -knn: Subsystem: NEC Corporation OHCI USB Controller [1033:0035]
lspci -knn: Kernel driver in use: ohci-pci
lspci -knn: 0001:10:15.1 USB controller [0c03]: NEC Corporation OHCI USB 
Controller [1033:0035] (rev 43)
lspci -knn: Subsystem: NEC Corporation OHCI USB Controller [1033:0035]
lspci -knn: Kernel driver in use: ohci-pci
lspci -knn: 0001:10:15.2 USB controller [0c03]: NEC Corporation uPD72010x USB 
2.0 Controller [1033:00e0] (rev 04)
lspci -knn: Subsystem: NEC Corporation uPD72010x USB 2.0 Controller 
[1033:00e0]
lspci -knn: Kernel driver in use: ehci-pci
lspci -knn: 0001:10:17.0 Unassigned class [ff00]: Apple Inc. KeyLargo/Intrepid 
Mac I/O [106b:003e]
lspci -knn: Kernel driver in use: macio
lspci -knn: 0002:24:0b.0 Host bridge [0600]: Apple Inc. Intrepid2 PCI Bridge 
[106b:0068]
lspci -knn: 0002:24:0d.0 Unassigned class [ff00]: Apple Inc. Intrepid2 ATA/100 
[106b:0069]
lspci -knn: Kernel driver in use: pata-pci-macio
lspci -knn: 0002:24:0e.0 FireWire (IEEE 1394) [0c00]: Apple Inc. Intrepid2 
Firewire [106b:006a]
lspci -knn: Subsystem: Apple Inc. Device [106b:5811]
lspci -knn: Kernel driver in use: firewire_ohci
lspci -knn: 0002:24:0f.0 Ethernet controller [0200]: Apple Inc. Intrepid2 

Re: Bug#947442: buster-pu: package pango1.0/1.42.4-8~deb10u1

[Simon McVittie]

On Sat, 25 Apr 2020 at 20:02:24 +0100, Adam D. Barratt wrote:
> On Thu, 2019-12-26 at 21:43 +, Simon McVittie wrote:
> > We've been asked to fix a crash bug (#898960) in buster.
> 
> Sorry for the delay in replying. I'd be happy with the diff as
> presented, thanks.

Final build tested and uploaded (the only change vs. what you saw was to
finalize the changelog entry), now only waiting for d-i ack. Let me know
if anything is problematic from the d-i point of view, I can do a ~deb10u2
if necessary.

Original mail with the diff, for reference:
https://lists.debian.org/debian-release/2019/12/msg00403.html

smcv