from:"Kurt Roeckx"

Re: testing OpenSSL 1.1.0 on jessie

2016-11-18 Thread Kurt Roeckx

On Fri, Nov 18, 2016 at 09:15:53PM +0100, Daniel Pocock wrote:
> 
> 
> On 18/11/16 21:10, Kurt Roeckx wrote:
> > On Fri, Nov 18, 2016 at 03:53:20PM +0100, Daniel Pocock wrote:
> >>
> >>
> >> I wanted to try compiling some upstream projects against OpenSSL 1.1.0
> >> on jessie, without installing the package though.
> >>
> >> I tried the following:
> >>
> >> dget -x
> >> http://http.debian.net/debian/pool/main/o/openssl/openssl_1.1.0c-1.dsc
> >>
> >> cd openssl-1.1.0c/
> >> dpkg-buildpackage -rfakeroot -j13
> >>
> >>
> >> and it builds but only 4 of the headers appear to install:
> >>
> >> ls debian/libssl-dev/usr/include/openssl/
> >> aes.h  asn1.h  asn1_mac.h  asn1t.h
> >>
> >> Is this correct?
> > 
> > No it's not.
> > 
> 
> Could you suggest how I can get a build of OpenSSL 1.1 like this?

I can't actually reproduce your poblem, it just works for me (with
-j4, only have 4 cores.)

> I don't need to build .deb files, I just need it to be within the
> debian/ tree for me to refer to from other build trees.

You could also just point to openssl-1.1.0c/include/openssl/,

Please note that there is also:
debian/libssl-dev/usr/include/x86_64-linux-gnu/openssl/opensslconf.h


Kurt

Re: testing OpenSSL 1.1.0 on jessie

2016-11-18 Thread Kurt Roeckx

On Fri, Nov 18, 2016 at 02:22:23PM -0500, Zack Weinberg wrote:
> Daniel Pocock wrote:
> > I wanted to try compiling some upstream projects against OpenSSL 1.1.0
> > on jessie, without installing the package though. I tried the following:
> >
> > dget -x 
> > http://http.debian.net/debian/pool/main/o/openssl/openssl_1.1.0c-1.dsc
> >
> > cd openssl-1.1.0c/
> > dpkg-buildpackage -rfakeroot -j13
> >
> > and it builds but only 4 of the headers appear to install:
> 
> Start over from scratch with -j1.  Seriously.  I haven't tested 1.1.0,
> but the last time I built OpenSSL its makefiles were
> _catastrophically_ broken with any amount of parallelism.  You
> probably didn't even get a complete build, and the source code may
> have been damaged.

The Makefiles were completly changed in 1.1.0 and it should
support parallel building now.

You might want to try -J13 instead of -j13. I've never tried the
-j option. Maybe something is broken in the rules files.


Kurt

Re: testing OpenSSL 1.1.0 on jessie

2016-11-18 Thread Kurt Roeckx

On Fri, Nov 18, 2016 at 03:53:20PM +0100, Daniel Pocock wrote:
> 
> 
> I wanted to try compiling some upstream projects against OpenSSL 1.1.0
> on jessie, without installing the package though.
> 
> I tried the following:
> 
> dget -x
> http://http.debian.net/debian/pool/main/o/openssl/openssl_1.1.0c-1.dsc
> 
> cd openssl-1.1.0c/
> dpkg-buildpackage -rfakeroot -j13
> 
> 
> and it builds but only 4 of the headers appear to install:
> 
> ls debian/libssl-dev/usr/include/openssl/
> aes.h  asn1.h  asn1_mac.h  asn1t.h
> 
> Is this correct?

No it's not.


Kurt

Re: OpenSSL 1.1.0

2016-11-19 Thread Kurt Roeckx

On Sat, Nov 19, 2016 at 06:30:06PM +0100, Bernd Zeimetz wrote:
> On 11/17/2016 12:40 AM, Kurt Roeckx wrote:
> > On Mon, Nov 14, 2016 at 07:10:00PM +, Niels Thykier wrote:
> >>
> >> The alternative for ChaCha20 would be to adopt Cloudflare's patches[1],
> >> but that sort of assumes that you are only interested in openssl 1.1 for
> >> ChaCha20 (and not the other changes).
> > 
> > I'm not willing to maintain such a patch.
> 
> Understandable. Did you talk to upstream about the issue? What do they say?

Chacha20 would be a new feature. Following the policy that can't
be added in a 1.0.2 version, only bugs get fixed in it.

We made a new release with new features, that version is 1.1.0.


Kurt

Re: OpenSSL 1.1.0

2016-11-19 Thread Kurt Roeckx

On Sat, Nov 19, 2016 at 10:32:58PM +0100, Ondrej Novy wrote:
> Hi,
> 
> 2016-11-19 21:06 GMT+01:00 Kurt Roeckx <k...@roeckx.be>:
> 
> > Chacha20 would be a new feature. Following the policy that can't
> > be added in a 1.0.2 version, only bugs get fixed in it.
> >
> 
> yep, they don't add new feature, but break API between 1.1.0b->c  release:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844366
> https://github.com/openssl/openssl/issues/1903

This is being fixed.


Kurt

Accepted openssl1.0 1.0.2j-2 (source amd64) into experimental, experimental

2016-10-30 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 27 Oct 2016 21:10:24 +0200
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libssl1.0.2-dbg
Architecture: source amd64
Version: 1.0.2j-2
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information
Changes:
 openssl1.0 (1.0.2j-2) experimental; urgency=medium
 .
   * Provide an 1.0.2 version of the library for Stretch.
Checksums-Sha1:
 cb19a55a0800dcde45d05236fd0fd2b56815ff32 2310 openssl1.0_1.0.2j-2.dsc
 bdfbdb416942f666865fa48fe13c2d0e588df54f 5307912 openssl1.0_1.0.2j.orig.tar.gz
 111eb6befb4561c14137b1b36db0ba8988c0ee87 473 openssl1.0_1.0.2j.orig.tar.gz.asc
 b4c4f18db9cabd8b93b2eeac1eaa689289db7510 74468 
openssl1.0_1.0.2j-2.debian.tar.xz
 6c4ed5b4b635da6572513b08573339f68c2b 1540540 
libssl1.0-dev_1.0.2j-2_amd64.deb
 a83c14a8c1ec5a5960772934f63a3b1f8096 3331174 
libssl1.0.2-dbg_1.0.2j-2_amd64.deb
 306edf93244b4f663c0634439074775e71ad9990 1291864 libssl1.0.2_1.0.2j-2_amd64.deb
Checksums-Sha256:
 3fccf49508a08cd8d91d7110b9d165ab3ab790e71f57b27ab6f3ec9810a73e88 2310 
openssl1.0_1.0.2j-2.dsc
 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 5307912 
openssl1.0_1.0.2j.orig.tar.gz
 b3551e17fef7df2eb901aa9c1cbc41e5cf7c9d5d10e546936145f24d1e52efdc 473 
openssl1.0_1.0.2j.orig.tar.gz.asc
 8aab8035c4b5c072258840ea6b893dc17f46ea79259851a3a079e99fddc730e6 74468 
openssl1.0_1.0.2j-2.debian.tar.xz
 0360dcf03f9a8821bf6db32c5fd0cf60332b445d1117397be1d9bdf596d9d66e 1540540 
libssl1.0-dev_1.0.2j-2_amd64.deb
 4275fbe87373a722cf0e4b98c349ce02735aea1327b18b766325364503c7a464 3331174 
libssl1.0.2-dbg_1.0.2j-2_amd64.deb
 3d6c2f5b800ecca8990df105593c338797f499cd033c11a2fbf3fb200307c0aa 1291864 
libssl1.0.2_1.0.2j-2_amd64.deb
Files:
 a7801b3a51e91d803292c3977201dbcb 2310 utils optional openssl1.0_1.0.2j-2.dsc
 96322138f0b69e61b7212bc53d5e912b 5307912 utils optional 
openssl1.0_1.0.2j.orig.tar.gz
 3db35372c8725eb4b4dfe2420fbc134c 473 utils optional 
openssl1.0_1.0.2j.orig.tar.gz.asc
 ba22d8a9e3d0590970698ed2b6c36689 74468 utils optional 
openssl1.0_1.0.2j-2.debian.tar.xz
 8e9595936a1d8db1fe4c69b475c1d751 1540540 libdevel optional 
libssl1.0-dev_1.0.2j-2_amd64.deb
 416f8eae3757f2fd50f42607c05a9d56 3331174 debug extra 
libssl1.0.2-dbg_1.0.2j-2_amd64.deb
 07188cbc678d7f289bb2c9ed7fcda271 1291864 libs important 
libssl1.0.2_1.0.2j-2_amd64.deb

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYEu7VAAoJEOPE3c0eTBJEYxsQAI6Wf/ELLOyBOq8nIABTsAEM
ZJctzpBs2n4W0bTlOppWnLeZt7DokUGd3w4pUNdbvrZtmL/S1MecQCbvgjPVbQm/
B9tpSws/ZUoflArBoUJT3H5AeVTP5BzQ7bjGR8XKF/B7McPAjP5caVCLJRHB18Zv
Qgcn4VMi9KTsPIeqXe6FwZlMJ6EZbL5YASDJ/fqVFRTmF7cAsYPwOg3EyCB/+9Ux
QtH8YwXE5E+XSr1DzA/V6gGlhN2bGOrFR9EYF/PvFLClQZWJTclWOXts2tN3LRQx
5PD7/66912d3RqLEqwAoob//3eeLe9NwZ/iAjG373fML4cvrnotSzCjJPGFLExdO
OYAGibW16VRfQ8p/rE3JYHj3enD1yV1efD7Wmhz1K7fBKw0XGMiCvL0tsjVXqykK
9nUetKQBdXYBNlDvWsGB6X5LNOJaA1NH0KGSijRpKVsS/Wb5lFI+xGyZ1/F2fBTO
k7g6C7j07Fd1x+kLmN6N8wNK8X/cF6tkbTt5ZZnKT5qM5iovgdVj139MtCx7XmMv
ogvPScocoxrmz3pNZ1pg36wl+OSU3q88U3SmkVHnm/wZfBcJmRdjX8he++empdwa
yMJgcrhBfiBUv08lEKk4p1oAcixcDMvgfH3XEgo9FXMPDsxY6gUJwusTFHY989kO
1TrQBBUvdX5BLvAY3L2j
=pJZ3
-END PGP SIGNATURE-

Re: OpenSSL 1.1.0

2016-11-02 Thread Kurt Roeckx

On Wed, Nov 02, 2016 at 02:02:52PM -0300, Lisandro Damián Nicanor Pérez Meyer 
wrote:
> On miércoles, 2 de noviembre de 2016 10:00:43 A. M. ART Bernhard Schmidt 
> wrote:
> > Kurt Roeckx <k...@roeckx.be> wrote:
> > 
> > Hi,
> > 
> > > There might also be packages for which the changes are more
> > > involved and that can't be fixed in time for the release. If you
> > > want to stay with OpenSSL 1.0.2 you need to change your Build-Depends
> > > from libssl-dev to libssl1.0-dev.
> > 
> > Almost expected, this fails where another build-dep pulls in libssl-dev,
> > i.e. adjusting build-dep for src:asterisk
> 
> Today we the Qt/KDE team were hit but this same thing in the middle of our 
> transition: libpq-dev pulls in libssl-dev which makes Qt5 FTBFS.
> 
> *Not impliying bad faith here:* moreoever when we started the transition we 
> depended upon libssl-dev so I don't know why the ssl transition got started. 
> Possibly a human mistake, which is fair.
> 
> It would have been much more simple if libssl1.1-dev was provided and libssl-
> dev be kept as it was.
> 
> Can this be considered?

I don't think having libssl1-1-dev vs libssl1.0-dev is going to
make much differences in the end. The build conflicts will always
have to be sorted out.


Kurt

Re: OpenSSL 1.1.0

2016-11-01 Thread Kurt Roeckx

On Tue, Nov 01, 2016 at 11:26:15PM +0100, Cyril Brulebois wrote:
> Hi,
> 
> Just random thoughts…
> 
> Kurt Roeckx <k...@roeckx.be> (2016-11-01):
> > I just uploaded OpenSSL 1.1.0 to unstable. There are still many
> > packages that fail to build using OpenSSL 1.1.0. For most packages
> > it should be easy to migrate 1.1.0. The most common problems when
> > going to OpenSSL 1.1.0 are:
> > - configure trying to detect a function that's now a macro.
> > - Accessing members of structures that have now become opaque. You
> >   now need to use function to get or set them.
> > 
> > The changes required are ussually very easy and do not take a long
> > time to implement.
> > 
> > Many upstream projects have already done the work or are working
> > on it. Fedora is also doing the OpenSSL 1.1.0 migration. So both
> > places are a good place to look at to see if they have already
> > done the work.
> > 
> > There might also be packages for which the changes are more
> > involved and that can't be fixed in time for the release. If you
> > want to stay with OpenSSL 1.0.2 you need to change your Build-Depends
> > from libssl-dev to libssl1.0-dev.
> > 
> > I would like to encourage that at least the packages that are
> > making use of libssl and not just libcrypto move to OpenSSL 1.1.0
> > because it contains important new features. It adds support for
> > among other things of:
> > - Extended master secret: This fixes the triple handshake problem
> >   in TLS.
> > - Chacha20-poly1305
> > - X25519
> 
> Things that work fine for this kind of transitions (hello, new gcc
> upstream releases) include:
>  - pointers to upstream release notes;
>  - pointers to porting guides;

All the filed bugs already contain a link to the porting guide.

>  - pointers to existing patches for common fixes if the former don't
>exist just yet (but then that would be a rather unprepared move).
> 
> (Mentioning “many upstream projects” and “Fedora” is better than nothing
> but isn't as helpful as what I've listed above.)
> 
> > If you have any problems feel free to contact us.
> 
>  - are “you” <pkg-openssl-de...@lists.alioth.debian.org>?

Yes.


Kurt

Accepted openssl 1.1.0b-2 (source) into unstable

2016-11-01 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 01 Nov 2016 22:02:32 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev 
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0b-2
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0b-2) unstable; urgency=low
 .
   * Upload to unstable
Checksums-Sha1:
 692187c0dacf7aa4dfb0144d1f60ebbcc10744ec 2552 openssl_1.1.0b-2.dsc
 f0cce23625b53453328882d8fabe6348e00f1465 53920 openssl_1.1.0b-2.debian.tar.xz
Checksums-Sha256:
 228701033ca49199dee3b46a166f70bd5380ab4e2d7a9c2e257227fe0d7c4f2e 2552 
openssl_1.1.0b-2.dsc
 e34fbc2c265b9798d136e4228adad6cf954ab4ff8ec826c511c0bfe5d10febc0 53920 
openssl_1.1.0b-2.debian.tar.xz
Files:
 55193025454b5fc9d2f0cb1798d58742 2552 utils optional openssl_1.1.0b-2.dsc
 4b0806a09fde73d7c33f3da107fec3f8 53920 utils optional 
openssl_1.1.0b-2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYGQNqAAoJEOPE3c0eTBJE8eEP/j/PcXS3MRTkaAOvsimImp04
oiFUiUvUWlhW09ihZs5B5m3hrJviIZU3Njpc/BNVajLgw5gOwwRhksofdbqB1LEU
sVJM/oW8SgEVM3fKj2v39WYVhiIOqgtWOlbLyJuBV6PG5/Ei+EZlckj01Dg6338+
8yUIS7I4qQ/nerUXnPBC3IvcCJi4lt0Qje8fa6m+eiXuBlEs+a+xPtPyBnETXd6+
Xw23cJSBs2f9KJWWadv+ghmA6CgA/vSg6ayvGU7Z64Mq1VWZuylcY+yXSOmL7XbP
3xWY/N8Axp3nD7stQmtzxA1PLHqEM+R4h4WznPF/0QoVfu2IIWzTDkgVQLlkfbgH
QUoXBeCW6l8TfwbMiphMP90sV3B/7rwH/nplVz/sr9mH30e1uO9uSkQX7TbctUoR
gZqHqwHJhJA/GqiplVkuWNZDGly0MLsbbjq1T+IWT9hl4xHyxnD1sU0NANOz8a0F
sT+EjSH825Oa5GHZKKE2FeIk9rAKvWuA2dlMXLAJM3UGfRa22BVSnjTNFOHvwgw1
JH6jH9aUaNVDMmLGRY+kiF+vnkxkaCAV8lQwqTPJK6MwOvutlOkrBYCtVtFeD2bS
L0o6E47DH9MwssGMYUFDgxCHj1pBh48d7IbcEhrfGE/vauq2ONz6CNu02DBS85G6
iY0wIrW0z5K7593fK/9T
=hMmJ
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2j-3 (source) into unstable

2016-11-01 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 01 Nov 2016 22:05:22 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libssl1.0.2-dbg
Architecture: source
Version: 1.0.2j-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information
Changes:
 openssl1.0 (1.0.2j-3) unstable; urgency=medium
 .
   * Upload to unstable
Checksums-Sha1:
 b9bee9edc629b1c696522c740a15744c626fc448 2310 openssl1.0_1.0.2j-3.dsc
 12af5dbb75275379756c60dd98273fb91eea8d9e 74316 
openssl1.0_1.0.2j-3.debian.tar.xz
Checksums-Sha256:
 457caa1a5e46fcf446416d09205cc94e93e5ad59257eb1e80d9f7688151a7552 2310 
openssl1.0_1.0.2j-3.dsc
 1d36e7cf62ea55cf40f3c47be78e76b05c9d0a9cebede324b06273ffc3907376 74316 
openssl1.0_1.0.2j-3.debian.tar.xz
Files:
 9fadcef090ea3ee5b4fa121b72f5fb3d 2310 utils optional openssl1.0_1.0.2j-3.dsc
 407c84d4251e149e7db84e0cbc92c3cb 74316 utils optional 
openssl1.0_1.0.2j-3.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYGQQQAAoJEOPE3c0eTBJEQdYP/j6kwm9jtqWsOWGloiKzQxmx
uIgAIZRSmxiv7DP+IOa1N+9kJMw0bcNrDnkaZFi8PGobkB276xzpUq8WVE37qe8A
LWxrrA7V2joSZzji1l5W9g59ZRIom1X22aoXgYpGlFlW7NybR06fg2whoMrVZjYb
5hTRLd+1EztboPDDFChOTAv8qyJBNH/K9bV4yzwDuwM9qYRpfLd2yOfhkqdBWhzC
7JNNKKwX/EZEfc2UHQN9SbxcW/GcojrqClMGCd8SSCyATPNVmhz/YV3hwGNO0sxe
LrCyDLbxzJ6VAU7QPl8TRKUGk1JQFJ9H1jn/ha3scjnufAIk2LVS9haeyexUhxLy
sPSuHBQA3yd/56cKUGCyS9qcoME2BOuzxy30WOi3EUzL/3owIZF44m08wN6w+cQ+
0hnZhKaNOj6owhU+MxZB5gArlfiCFiS45fX+RQDJ6Rm1btb+ohMxFbqfUT3iUxHf
/lMtwsCl4M1LpgIynjeRyR0fDFIWutWbbSbZ3mnJNWmuq8Qn6mYl+2851RlA7PbD
IwS8t/CvctCgrlO12BqQB0BXhwN0QN3T9PvXSHdQM5SG2d5cok2kRgJXhm6z4qxx
wwd9tABcvBvKP2AHeKhptws8HiKHTO8OHOc2yJlVjyLWtYPIDxx9sR7h4cZZJnZA
XdxQthz7krBYtXRxc4h+
=kFQ+
-END PGP SIGNATURE-

Re: OpenSSL 1.1.0

2016-11-01 Thread Kurt Roeckx

On Tue, Nov 01, 2016 at 11:49:52PM +0100, Kurt Roeckx wrote:
> > > If you have any problems feel free to contact us.
> > 
> >  - are “you” <pkg-openssl-de...@lists.alioth.debian.org>?
> 
> Yes.

or openssl-us...@openssl.org


Kurt

Re: armel after Stretch (was: Summary of the ARM ports BoF at DC16)

2016-12-13 Thread Kurt Roeckx

On Wed, Dec 07, 2016 at 03:53:31PM +, Steve McIntyre wrote:
> AFAIK there are potentially still similar problems with ARMv5 - lack
> of architcture-defined barrier primitives for C++11 atomics to
> work. (I'd love to be corrected on this if people know better!) This
> is one of the key points here. More and more software is expecting to
> use these primitives, and a lack of them is a major problem. To
> demonstrate using gcc, you can see that lock-free atomics only started
> appearing in ARMv6 and were improved in ARMv7:
> 
> $ for arch in 4 5 6 7-a; do echo ARMv${arch}; echo | g++ -march=armv${arch} 
> -dM -E - | grep -i lock_free; done
> ARMv4
> #define __GCC_ATOMIC_CHAR_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR32_T_LOCK_FREE 1
> #define __GCC_ATOMIC_BOOL_LOCK_FREE 1
> #define __GCC_ATOMIC_POINTER_LOCK_FREE 1
> #define __GCC_ATOMIC_INT_LOCK_FREE 1
> #define __GCC_ATOMIC_WCHAR_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LONG_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR16_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LLONG_LOCK_FREE 1
> #define __GCC_ATOMIC_SHORT_LOCK_FREE 1
> ARMv5
> #define __GCC_ATOMIC_CHAR_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR32_T_LOCK_FREE 1
> #define __GCC_ATOMIC_BOOL_LOCK_FREE 1
> #define __GCC_ATOMIC_POINTER_LOCK_FREE 1
> #define __GCC_ATOMIC_INT_LOCK_FREE 1
> #define __GCC_ATOMIC_WCHAR_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LONG_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR16_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LLONG_LOCK_FREE 1
> #define __GCC_ATOMIC_SHORT_LOCK_FREE 1
> ARMv6
> #define __GCC_ATOMIC_CHAR_LOCK_FREE 1
> #define __GCC_ATOMIC_CHAR32_T_LOCK_FREE 2
> #define __GCC_ATOMIC_BOOL_LOCK_FREE 1
> #define __GCC_ATOMIC_POINTER_LOCK_FREE 2
> #define __GCC_ATOMIC_INT_LOCK_FREE 2
> #define __GCC_ATOMIC_WCHAR_T_LOCK_FREE 2
> #define __GCC_ATOMIC_LONG_LOCK_FREE 2
> #define __GCC_ATOMIC_CHAR16_T_LOCK_FREE 1
> #define __GCC_ATOMIC_LLONG_LOCK_FREE 1
> #define __GCC_ATOMIC_SHORT_LOCK_FREE 1
> ARMv7-a
> #define __GCC_ATOMIC_CHAR_LOCK_FREE 2
> #define __GCC_ATOMIC_CHAR32_T_LOCK_FREE 2
> #define __GCC_ATOMIC_BOOL_LOCK_FREE 2
> #define __GCC_ATOMIC_POINTER_LOCK_FREE 2
> #define __GCC_ATOMIC_INT_LOCK_FREE 2
> #define __GCC_ATOMIC_WCHAR_T_LOCK_FREE 2
> #define __GCC_ATOMIC_LONG_LOCK_FREE 2
> #define __GCC_ATOMIC_CHAR16_T_LOCK_FREE 2
> #define __GCC_ATOMIC_LLONG_LOCK_FREE 2
> #define __GCC_ATOMIC_SHORT_LOCK_FREE 2

What you're actually showing is that even for ARMv4 they are
sometimes lock free by using the kernel support.

> There are kernel helpers available to provide some atomic support, but
> they'll be very slow compared to real hardware support at this level.

I was under the impression that that's not the case:
https://lwn.net/Articles/314561/


Kurt

Accepted ntp 1:4.2.8p10+dfsg-1 (source) into unstable

2017-03-22 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 22 Mar 2017 21:53:40 +0100
Source: ntp
Binary: ntp ntpdate ntp-doc
Architecture: source
Version: 1:4.2.8p10+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian NTP Team <pkg-ntp-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 ntp- Network Time Protocol daemon and utility programs
 ntp-doc- Network Time Protocol documentation
 ntpdate- client for setting system time from NTP servers
Changes:
 ntp (1:4.2.8p10+dfsg-1) unstable; urgency=high
 .
   * New upstream version
 - Fix security issues
   * Update openssl-disable-check.patch
Checksums-Sha1:
 c0e7a064edfba4396607b2e232912587eaae6cda 2266 ntp_4.2.8p10+dfsg-1.dsc
 735363c8501fbce1f12a5f2bed85f3a0907fa13d 4250528 ntp_4.2.8p10+dfsg.orig.tar.xz
 bdc290b5c9d2b5d8a8b4c2d8ff25aaeb5e7dfa73 54036 
ntp_4.2.8p10+dfsg-1.debian.tar.xz
 fde037257b35d658318f7e64f76785f08eee8c51 6807 
ntp_4.2.8p10+dfsg-1_source.buildinfo
Checksums-Sha256:
 47c2dd108159e09ebe9b53766ef6cff1f2cbeb24233cac42028b5964d8e5ae27 2266 
ntp_4.2.8p10+dfsg-1.dsc
 f5386e7ee483956899886508bba2297156573b4619c9237321798171842cdc8f 4250528 
ntp_4.2.8p10+dfsg.orig.tar.xz
 9596516aed5edc92bf398cb0db22774a6ef826d91491300350c1804606bff4a7 54036 
ntp_4.2.8p10+dfsg-1.debian.tar.xz
 c0b57c32c98085414b81bafc2de8c1672bbf70e481f92c5743a9ecfde18ae166 6807 
ntp_4.2.8p10+dfsg-1_source.buildinfo
Files:
 9c1eca18f86e6916677ab2b967ebf292 2266 net optional ntp_4.2.8p10+dfsg-1.dsc
 ce44b9cc122f8ed762e8e9652c2d30d8 4250528 net optional 
ntp_4.2.8p10+dfsg.orig.tar.xz
 92dc5148841d0f03f72e702248d6f695 54036 net optional 
ntp_4.2.8p10+dfsg-1.debian.tar.xz
 8427dc3763bd1483ab657e7e1ad7a41f 6807 net optional 
ntp_4.2.8p10+dfsg-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAljS6FIACgkQ48TdzR5M
EkSP2w//RBceKcO1uOpT1klaArzP++KgrVslfmek0yY28k6LlgfvB9OZ7bN+EFVj
nXLm/t+qGoAc7pb7TXfj0736MmF5UgYg/buvqnPINybRXU8d4fJdzrZ1Mo2xA18Z
fJELBngV1abZT4pRB7UTUzwHOfZqqRYfSLoid53ryph8MdFm9DW0rPn/TyfM2efC
Fbkm6KY6aeoCAq/E2ty08mxiF8jZkEgyqt+Ztuq6rZlPmYpnPdqW96iucSTW3++I
P7GP4C78FEnQ+Nq5BvdrulDUSGhfAtheSL/42YO0Dz386030CVA96XVO1IpVZzjh
zPgLNEnNxLXPqTp9MqVIq2lLqc3KO+wBiAA6WIMO8h5MRLqYoAzTCleRjxqDMM4L
AxaPqMCUpcizkvuzP/TfjKidk3lUjX1i3mdAHsnLmYjjYfCLwZPPIStPA6hbBV3M
oMo6ARfhRS9I3ema92pLUTrfNh9c4BiFeeKgm+tyayFMKbwVWqTi8yMGO+j00/Ir
3b70lJoU4jA0pLUVz1UtQ4l8ICO9P8R7gPI9WVMICXjSiR6CSNeBokUd9J/W/0Ba
gY8cdoNv+seHrpKeK5Mo/Mz3kN2j6f5z9hIFG6Q9IQxWi4b7/gL3HMZ5wm84lU9B
vncDSwDeaIg8JhKlbnPYTO3wmzcEdFVe1W9ecGjGh+Xzfni3VOE=
=T3Ms
-END PGP SIGNATURE-

Re: openssl/libssl1 in Debian now blocks offlineimap?

2017-08-15 Thread Kurt Roeckx

On Tue, Aug 15, 2017 at 10:49:05PM +0900, Norbert Preining wrote:
> Hi Kurt,
> 
> I read your announcement on d-d-a, but due to moving places
> I couldn't answer.
> 
> I consider the unconditional deprecation of TLS 1.0 and 1.1
> a very wrong move.
> 
> Be strict with what you are sending out, but relaxed with what
> you receive.

https://tools.ietf.org/html/draft-thomson-postel-was-wrong-01

Also, if I would be strict in what I'm sending out, I would not
support TLS 1.0 and 1.1 for outgoing connections, only for incomming
connections? For the offlineimap case that would still be a
problem.

TLS doesn't actually work this way, but it's my best guess to
what you mean.

> This paradigm is hurt by this move and our users at Debian are hurt.
> In many cases they will not have a way to force the mail server to
> upgrade, and thus are bound to *not* reading emails or using 
> docker/downgrading/
> home-compiled solutions, which is the worst we can wish for.
> 
> Do you really think that big companies like cable provides give a 
>  about what Debian deprecates?  I was personally fighting with similar 
> problems in Firefox and the internal side at my university.

My problem is that if we don't do something, TLS 1.0 will be used
for an other 10 year, and that's just not acceptable. So I would
like to do something so that hopefully by the time Buster releases
you can disable TLS 1.0 by default, and that almost no users would
need to enable it again.

Having TLS 1.0 (and 1.1) enabled by default itself is not a
problem, it's actually using it that's a problem. There are
clearly still too many that don't support TLS 1.2, but it's
getting better.

Disabling the protocols is the only way I know how to identify
all the problems. And I would like to encourage everybody to
contact the other side if things break and get them to upgrade.

Kurt

Re: openssl/libssl1 in Debian now blocks offlineimap?

2017-08-15 Thread Kurt Roeckx

On Tue, Aug 15, 2017 at 10:43:08AM -0700, Michael Lustfield wrote:
> I don't think it was answered... Is there an actual reason that this needs
> to be handled urgently? Is TLSv1.0/v1.1 considered broken?

Yes.


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-11 Thread Kurt Roeckx

On Fri, Aug 11, 2017 at 01:34:53PM +0200, Sven Hartge wrote:
> Marco d'Itri  wrote:
> > On Aug 09, Sven Hartge  wrote:
> 
> >> Looking at https://developer.android.com/about/dashboards/index.html
> >> there is still a marketshare of ~25% of smartphones based on Android
> >> 5.0 and 5.1 and 16% based on 4.4. So this change would (at the
> >> moment) block ~40% of Android smartphones from connecting to any WLAN
> >> using PEAP or TTLS.
> 
> > Android 5.x should support TLS 1.2:
> > http://caniuse.com/#search=TLS
> 
> The Browser, yes. But not the components doing the WPA stuff:
> 
> ,
> | Aug  9 20:09:13 ds9 radiusd[4179992]: (12924) Login incorrect (eap_ttls: 
> TLS Alert write:fatal:protocol version): [owehxperia] (from client ap01 port 
> 54 cli 30-39-26-xx-xx-xx)
> | Aug  9 20:09:24 ds9 radiusd[4179992]: (12928) eap_ttls: ERROR: TLS Alert 
> write:fatal:protocol version
> | Aug  9 20:09:24 ds9 radiusd[4179992]: tls: TLS_accept: Error in error
> `
> 
> Only recompiling openssl with TLS1.0 and TLS1.1 enabled allowed my phone
> to connect successfully.

Any idea if this actually works with newer android phones?

Could someone report this to Google? I consider everything broken
by this a security issue and hope that Google will fix it in all
releases they still support.


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-11 Thread Kurt Roeckx

On Fri, Aug 11, 2017 at 08:41:10AM -0400, Wouter Verhelst wrote:
> On Mon, Aug 07, 2017 at 08:35:52PM +0200, Kurt Roeckx wrote:
> > On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote:
> > > I wonder if there is a middle way that ensures that all new stuff does
> > > go TLS1.2 (or later, whenever), but does allow older stuff still to
> > > work. Which isnt the case if they are just disabled.
> > 
> > I could change the default settings to set the minimum supported
> > version as TLS 1.2. That is, act like
> > SSL_CTX_set_min_proto_version() was called with TLS1_2_VERSION.
> > That would allow applications to override this this by calling
> > SSL_CTX_set_min_proto_version(). But then those are new
> > functions in 1.1.0 and they probably aren't supported by many
> > applications.
> > 
> > An other alternative is to use the deprecated SSL_CTX_set_options
> > options (SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1) by default, but then
> > there is probably no software that has support for clearing those
> > with SSL_CTX_clear_options()
> 
> Would it instead be possible to create an item in the openssl.conf file
> to disable TLS1.2 by default? That way, users can re-enable TLS1.{0,1}
> in cases where that's required, and you can drop TLS1.0 and 1.1 (and
> possibly 1.2 even, if 1.3 has enough traction) in bullseye.

I prefer this to be enabled on application basis, which is why I
suggested the above ways.

OpenSSL has support for setting such a mimimum in a config file,
I'm just not sure if it reads any section related to it by
default, I think it doesn't.


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-07 Thread Kurt Roeckx

On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote:
> I wonder if there is a middle way that ensures that all new stuff does
> go TLS1.2 (or later, whenever), but does allow older stuff still to
> work. Which isnt the case if they are just disabled.

I could change the default settings to set the minimum supported
version as TLS 1.2. That is, act like
SSL_CTX_set_min_proto_version() was called with TLS1_2_VERSION.
That would allow applications to override this this by calling
SSL_CTX_set_min_proto_version(). But then those are new
functions in 1.1.0 and they probably aren't supported by many
applications.

An other alternative is to use the deprecated SSL_CTX_set_options
options (SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1) by default, but then
there is probably no software that has support for clearing those
with SSL_CTX_clear_options()

Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-07 Thread Kurt Roeckx

On Mon, Aug 07, 2017 at 05:53:07PM +0200, Michael Meskes wrote:
> > > This will likely break certain things that for whatever reason
> > > still don't support TLS 1.2. I strongly suggest that if it's not
> > > supported that you add support for it, or get the other side to
> > > add support for it.
> > 
> > In many cases this isnt possible.
> 
> Wouldn't it make sense to start with experimental and test/file bug
> reports on stuff that doesn't? Let's make this clear, if you install
> the new packages chances are nearly 100% that something will break, at
> least that's my experience.

If I upload things to experimental and ask people to test it,
I will get no feedback at all.


Kurt

Accepted openssl 1.1.0f-4 (source) into unstable

2017-08-06 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 07 Aug 2017 01:08:45 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-4
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 867240 869856
Changes:
 openssl (1.1.0f-4) unstable; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Add support for arm64ilp32, patch by Wookey (Closes: #867240)
 .
   [ Kurt Roeckx ]
   * Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
 version. This will likely break things, but the hope is that by
 the release of Buster everything will speak at least TLS 1.2. This will be
 reconsidered before the Buster release.
   * Fix a race condition in the test suite (Closes: #869856)
Checksums-Sha1:
 1443895e9e39527bd9043e08d152bce8d8a901fa 2583 openssl_1.1.0f-4.dsc
 eb6982dab3730c8611a3b83462ed72fe11b39476 55144 openssl_1.1.0f-4.debian.tar.xz
 c8d52e2aa051dfdc95b921a483ae7eb8b432d376 5143 openssl_1.1.0f-4_source.buildinfo
Checksums-Sha256:
 a9bad4f5bc7acc5784f23fc8a5f6f15e18570cf45caabe10dc84bb97ed724a36 2583 
openssl_1.1.0f-4.dsc
 e45a4e8318d4c4c9df4ae20008352046d843b866fd3eff0593187490768f2183 55144 
openssl_1.1.0f-4.debian.tar.xz
 8dec001b95ffdf984115b853a63ffb3e8ca29ee77abc487a54825da6dc33f8b8 5143 
openssl_1.1.0f-4_source.buildinfo
Files:
 2e8ab10011daec2a5b1fc63362ff1df6 2583 utils optional openssl_1.1.0f-4.dsc
 7afeb9b25792c14d279551fb2061faa9 55144 utils optional 
openssl_1.1.0f-4.debian.tar.xz
 07683c5715f5d74f596ca91e99b038aa 5143 utils optional 
openssl_1.1.0f-4_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlmHox4ACgkQ48TdzR5M
EkQ4FhAAszPMO5lQjzGdC9YzWmL6GgerfqAOnNLG01cPcxWjITkpbGbZQRCm/Tmr
Z1R3/Sv+8+aPa31PzAUUGxcc69o40CWA2lqf/NGAM9TAzrrv0psv/6A9T4cGR9dB
YKWBwFar1OLlb5sjoYHtwV1eK+u1UkENBZ+7betIVNmsg3B827zyx/0Dx/mE2GN6
RmawZvMpaVnTxVudEz32W9L7BD4P3jSGWRqA8VYiRH9VRMYLCDfxvouneC3rPBhY
MynGHlx9LRjFo6MVhhgWszvpckhwm6oGDEzE9hy3HhW89nkjfysFI9SySaGEzcbP
XzwWSndvTc++qqhWldtEZvvhHB+pv4PQSWtP6cScdcNST9LkfyzJXHHbYwHW6oYT
w1enI9zHCkqp6UO7Qvg8x0nihmMPH1KNQ3CjGZLYC3QFx0zB5KgZokimKy5HX3l5
M1398pDp8J3lukse7anIkO4pMPBKHYq3KVaPOAVW91ElEpK3TkPU+uDMxgwGcENZ
IHFR5Z9x0xS061SNQboBLRyA5uzd6A11Vtr0BzvaLuI6p75kB60WYY7XoYJ8HGTF
fQG/cskHAF2dmL7JIIlU1VzTfpatBuoSI7XFWJibcqGHYv9cz7PSNywuqb44OjIh
TNjRLvV+9rySvygGuKVJCrgrJa7yA4u3xIRvRlB4RsPwzh0M828=
=6Yc9
-END PGP SIGNATURE-

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-07 Thread Kurt Roeckx

On Mon, Aug 07, 2017 at 09:59:20AM +0200, Leon Klingele wrote:
> Does this also apply for libssl?

This applies to libssl1.1 package and everything making use of it.


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-20 Thread Kurt Roeckx

On Sun, Aug 20, 2017 at 09:14:47PM +0200, Michael Meskes wrote:
> > I might upload this soon. The intention is still to ship Buster
> > with TLS 1.0 and 1.1 completly disabled.
> 
> Disabled by configuration or disabled by not compiling it in?

With "completly disabled" I mean at build time.

> It'd be nice if, after all this discussion, you stated clearly whether
> you plan to change something or not.

Isn't that what I just did?


Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

2017-08-20 Thread Kurt Roeckx

On Mon, Aug 07, 2017 at 08:35:52PM +0200, Kurt Roeckx wrote:
> On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote:
> > I wonder if there is a middle way that ensures that all new stuff does
> > go TLS1.2 (or later, whenever), but does allow older stuff still to
> > work. Which isnt the case if they are just disabled.
> 
> I could change the default settings to set the minimum supported
> version as TLS 1.2. That is, act like
> SSL_CTX_set_min_proto_version() was called with TLS1_2_VERSION.
> That would allow applications to override this this by calling
> SSL_CTX_set_min_proto_version(). But then those are new
> functions in 1.1.0 and they probably aren't supported by many
> applications.

I have a patch for that at:
https://github.com/openssl/openssl/pull/4128

I might upload this soon. The intention is still to ship Buster
with TLS 1.0 and 1.1 completly disabled.


Kurt

Accepted elfutils 0.168-1 (source) into unstable

2017-05-27 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 27 May 2017 15:05:37 +0200
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.168-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <k...@roeckx.be>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Closes: 859990 859991 859992 859993 859994 859995 859996
Changes:
 elfutils (0.168-1) unstable; urgency=medium
 .
   * Fix CVE-2017-7607 (Closes: #859996)
   * Fix CVE-2017-7608 (Closes: #859995)
   * Fix CVE-2017-7609 (Closes: #859994)
   * Fix CVE-2017-7610 (Closes: #859993)
   * Fix CVE-2017-7611 (Closes: #859992)
   * Fix CVE-2017-7612 (Closes: #859991)
   * Fix CVE-2017-7613 (Closes: #859990)
Checksums-Sha1:
 0867044ad2916bf3d5c2db274469562edc076de3 2549 elfutils_0.168-1.dsc
 53e486ddba572cf872d32e9aad4d7d7aa6e767ff 6840399 elfutils_0.168.orig.tar.bz2
 5326af61e2ecf811ef1ede808f9e788219295fc3 473 elfutils_0.168.orig.tar.bz2.asc
 098c14df4c0f3fbc918ac06ffb27b5c07baa6055 39964 elfutils_0.168-1.debian.tar.xz
 1c6bc5ab60ba56406ef1d3254129b6524bbb26b7 6099 elfutils_0.168-1_source.buildinfo
Checksums-Sha256:
 b29e03a3d515d9accd52019ff7c75762ae5e61285453518ff90d538e9878ad7f 2549 
elfutils_0.168-1.dsc
 b88d07893ba1373c7dd69a7855974706d05377766568a7d9002706d5de72c276 6840399 
elfutils_0.168.orig.tar.bz2
 f455fc014b59a0d80ab921935d20f26e64f411a424d4be29ec5bf3a1378f3002 473 
elfutils_0.168.orig.tar.bz2.asc
 5517922b1025d32903759c46f9a1f656e3e367c5ea036dc54b32cbbe68a5f300 39964 
elfutils_0.168-1.debian.tar.xz
 93412aa60a3ce37d2d2d2210895dc243c3fd7f5ab1b82ba2e06ff78e84874736 6099 
elfutils_0.168-1_source.buildinfo
Files:
 0bff5a8b0f6ba938b660826f365ec8de 2549 libs optional elfutils_0.168-1.dsc
 52adfa40758d0d39e5d5c57689bf38d6 6840399 libs optional 
elfutils_0.168.orig.tar.bz2
 7305e2dd0db220864ad7aa674d47c0e2 473 libs optional 
elfutils_0.168.orig.tar.bz2.asc
 76f927edf68a4d0e784f3e34fc8b54f6 39964 libs optional 
elfutils_0.168-1.debian.tar.xz
 26b392c9c05cb3c3f220dbc928f45466 6099 libs optional 
elfutils_0.168-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlkpfqsACgkQ48TdzR5M
EkTbBA/8DV4POCFvCKMoTl5Xh3SZC2sHEvQhx/CPrRuljXz5TwAjqeJHTI1IVFqq
M6BnDRZmdMcSETKDchywRf148Va4acsqnBL1dYwgNM0jJD+stzWkpPjbax/0B134
ZVu2v8CShJGKlg134X8xN6ZONd/KO9eylHaYpbK3snyik9gMJVQ/QCNo1yM3hcwy
RfiIaY3P+drGGdnSaCiQTUZnxzy9AY1eOSduxMmyWfBdOsHju3krdsygmgYkqFC5
ENOqk08ObIMoalQtUufIm2ftPyhuC1GJnM92yApRv/giXsoqID+T6a4bC0ayXg9E
A0q/HEzvNnBKaW7WcwCbRNTMs76WTFPebvbH8AQOl24ybLNABgO6vgYA16lxU8dv
Ihfz9/ezeCHdn94pkOrXmqEY+CVjUonwBvStsBYEDBjSI7dSKCRP18XN3J5gd9PZ
ZRtYtjPDzE/DrYDIuK4n1m54vhq1ctqkdgCAfgSUVru9CCmYnMa5MwEjra+gefDo
/kzTWT9tTntk4uxNAw2YWVUVnrPu9TI/SOsEd1kUA3M0sZISdoZhA39m/LfSwqzb
Vr9Snar3/tzFsif2NLLHCrpk4EocppEa3u74dK0MMlWYaTPAS2FnereFsqPf7PBF
UyBZR+rOHDtR35KJ799iGHZccWQ8+dUwe4Jvwmti8g7Z3BM0oTA=
=TqKI
-END PGP SIGNATURE-

Accepted openssl 1.1.0f-1 (source) into unstable

2017-05-25 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 25 May 2017 18:29:01 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 839575 859191 861145
Changes:
 openssl (1.1.0f-1) unstable; urgency=medium
 .
   * New upstream version
 - Fix regression in req -x509 (Closes: #839575)
 - Properly detect features on the AMD Ryzen processor (Closes: #861145)
 - Don't mention -tls1_3 in the manpage (Closes: #859191)
   * Update libssl1.1.symbols for new symbols
   * Update man-section.patch
Checksums-Sha1:
 1278ae2b062e21d6733a690145ea35e2c71ca627 2583 openssl_1.1.0f-1.dsc
 9e3e02bc8b4965477a7a1d33be1249299a9deb15 5278176 openssl_1.1.0f.orig.tar.gz
 20caf5129e5791e14434e80f48e70b397c471c35 455 openssl_1.1.0f.orig.tar.gz.asc
 d912d8d9bd9517ca263a98196fd845193fa7f507 53460 openssl_1.1.0f-1.debian.tar.xz
 412406af3b846ace72ecbc2d20ac2e9d0a855daf 5200 openssl_1.1.0f-1_source.buildinfo
Checksums-Sha256:
 5cf2b7cb18228d5050e86d155f14d03fe2b2a17c7cdccfe7a235285fc45746fb 2583 
openssl_1.1.0f-1.dsc
 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 5278176 
openssl_1.1.0f.orig.tar.gz
 9f2feb0494ebcc1cf152d95a11bc966cb94bc1957d88650285db3966866801b0 455 
openssl_1.1.0f.orig.tar.gz.asc
 767136df6a4ddce89ea754dbcbfc59e47a7b442a7f8e428b7ec8299293d69ba4 53460 
openssl_1.1.0f-1.debian.tar.xz
 f0c7b27127be34f5745751e80e8ec2204a772c4172197f3bfa41f9430974bf28 5200 
openssl_1.1.0f-1_source.buildinfo
Files:
 d5d4351e78d035bfe07da6c5ca613e10 2583 utils optional openssl_1.1.0f-1.dsc
 7b521dea79ab159e8ec879d269fa 5278176 utils optional 
openssl_1.1.0f.orig.tar.gz
 f2299a5b1d38b4113eb909feb0603566 455 utils optional 
openssl_1.1.0f.orig.tar.gz.asc
 fee7fa5ebc564b1ea7314e6cd5554bd5 53460 utils optional 
openssl_1.1.0f-1.debian.tar.xz
 07cd26a236e163063c1a3c452cb21859 5200 utils optional 
openssl_1.1.0f-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlknSh0ACgkQ48TdzR5M
EkQFNBAAjwY6DRqFZ09Zp82pXoOq36cyd5mDKMxPyWtfRFG5ND9bZuRsJjN1c7AC
sLms9ioCzS3qKys30TIMTtfWxXZQAFj9NQe82e5XZKGq3HN/5Nuixopkpc8QHIBT
o1RrQ7WDEzDkq8WqZx5sslnBAbtnA/eRy5tgei46ToNM0nITakUql9Rnyi0DfN2t
F8WbpOZHUFHG9ZAtYUC7vc/Oce2P5HVqcnEc4fYZCyMNVhocB62a0TeFNdLJuIfI
BVRRvuGkDP+/6ObxEhwJaKA2fJNFfnNr52YTEvrBO03wgDCnHad9HC5DPRs/7zAH
s5+DADypYN5D8RZF17FQ/ZpI0gQfnwqvH9JP0iC4Q2xHvUccbG8FiZZdb52Js9g0
PErfGRzgSZII4oFm4k8/AOf6yse3Ri6xJyuzLbJGRKeqRcHRGLgAdORWWXMZzUlU
MIq/9LuzK7t17t91eP75pOEEl6kyD8xC6RSZd6+tgH4y7lavV3J+CW5GsKVn6HBM
5W6Ts9nHr8/fvDji6Z6X8SA7iZVuggayAFV3Wxrp0oYf68MjWusB3Cy5bdaCY14f
svbwuja0GfeDFiHO3r3N+arJZEyCvBGGvvAF1wV1Mw8aNN2jwp94Bo0YmPQDoQEd
V8uqptUo2allyD/JOqfMM358FPzrx13A6AaBzGQbwvjubNSrpG8=
=+YLU
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2l-1 (source) into unstable

2017-05-25 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 25 May 2017 22:53:57 +0200
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2l-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Closes: 861145
Changes:
 openssl1.0 (1.0.2l-1) unstable; urgency=medium
 .
   * New upstream release
 - Properly detect features on the AMD Ryzen processor (Closes: #861145)
   * Refresh valgrind.patch
Checksums-Sha1:
 fe8aaa4dbad1b59b17acf1f332e7f08a65899b30 2529 openssl1.0_1.0.2l-1.dsc
 b58d5d0e9cea20e571d903aafa853e2ccd914138 5365054 openssl1.0_1.0.2l.orig.tar.gz
 82a8013979d2aaa437bf58bf99355317b25e2e2a 455 openssl1.0_1.0.2l.orig.tar.gz.asc
 ca6f0436b7cfacf6b059a4a614a41222f2c71614 75856 
openssl1.0_1.0.2l-1.debian.tar.xz
 456ab978184f8a3c10fdb041968c27f46c66eaea 5202 
openssl1.0_1.0.2l-1_source.buildinfo
Checksums-Sha256:
 a691354d824009f58d3640a9103953b2ac21ae33b8c563d347b0e27510efedb6 2529 
openssl1.0_1.0.2l-1.dsc
 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c 5365054 
openssl1.0_1.0.2l.orig.tar.gz
 ad459d4de6c30c1889272e38144598847c8ba8e5f0892797543607e8d6d9be5f 455 
openssl1.0_1.0.2l.orig.tar.gz.asc
 68d30a3901c174d35c447d20c1c9ea8d0eea19e56c4d0bcf670e8cae71c81714 75856 
openssl1.0_1.0.2l-1.debian.tar.xz
 749aa91427517441dde6cb802c9bbebcac5b9a2af5c5885c6f49c443666740b8 5202 
openssl1.0_1.0.2l-1_source.buildinfo
Files:
 d53330656cdb3988bf8765a075902b8f 2529 utils optional openssl1.0_1.0.2l-1.dsc
 f85123cd390e864dfbe517e7616e6566 5365054 utils optional 
openssl1.0_1.0.2l.orig.tar.gz
 349b0b84fea6cdb910f59e3174a9167c 455 utils optional 
openssl1.0_1.0.2l.orig.tar.gz.asc
 6bc2851a25d91526fda35e33e9fb025e 75856 utils optional 
openssl1.0_1.0.2l-1.debian.tar.xz
 54a07c4c48c04934d5a69f8290b87bc9 5202 utils optional 
openssl1.0_1.0.2l-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlknSmEACgkQ48TdzR5M
EkTaRQ//Xr2chprRKQ5HlXorI8oH4hRNEzRnPhxyMgfospGdWM/kLVj6HEfGLw0G
VVb7rNqpAdQ7/H86p2dcchxNOHDuvlwVRWyRd/a6fk9FC/4PnCzpoGX9HY7InyC+
qyKjRjYTPSOlWB7g79RF459n8WCcv0h5EXSlQcYXMrT2ABSXGDt4mJjUZ+XXUOWi
2bW3pPfM0PDok9lrbOSOQNnV9LIQTdywn/bF2pkEGfHk7JaiBQzQMRMrrCwyNnmG
zO9sK+hZllzYQqPg7MTLCmJc6I8z1OxlZe/FlrH4F99yK+geP+5jvPYxo2HjUhcl
s2lKCqrUd9W+MAHSElf+//MC3fSLyTlusAjmuTcbEOqjAfuYBihiCg7NvJU0yqh+
llsybSiE1BGB48OM68hQhrToZSTphp6Iau7ERl39mlQeadL0n5VMFgbrLUONyVlX
Px/izfO0/LmOKm+xNXSJd6kN6xahLL+GcJGFCJ77+pBqdFwTW4aAPhTJ1PY85WcT
xGI6zYL5k2AJj1M7hSR4uW0c7EsOKBtO4Dm/SvGPv+WuHlAK2waZBnB10T8QIgJu
Q8QIny6CBVUPA2MpaNEaR7SCsVbZQS66Fgcz1f04BW2or+tq2IfewJei2tud4x1d
a1vAdMxrf3TRCYSoINGIGn1n6wsED6abpcydotBsnIm80DkflKI=
=pVJV
-END PGP SIGNATURE-

Accepted openssl 1.1.0f-3 (source) into unstable

2017-06-05 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 05 Jun 2017 11:40:42 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 863707
Changes:
 openssl (1.1.0f-3) unstable; urgency=medium
 .
   * Don't cleanup a thread-local key we didn't create it (Closes: #863707)
Checksums-Sha1:
 c0a0e380ccfb6fdda7986292f127a3b2fe1892a5 2583 openssl_1.1.0f-3.dsc
 7e367313f2b2fd9cc32ea9e1ab84961af0a55f6f 54152 openssl_1.1.0f-3.debian.tar.xz
 1b852fe6eb898e4a391cbea0d9937f2edd7955b7 5200 openssl_1.1.0f-3_source.buildinfo
Checksums-Sha256:
 a4d69ed8c10134374d86fee593e85bb5165e6d539ab86294e40532a3ed276642 2583 
openssl_1.1.0f-3.dsc
 2b1ca97264b073345375a69ee95e32a9850f0288462bc58e9054dfa769f14806 54152 
openssl_1.1.0f-3.debian.tar.xz
 0c7775dabc9d47f602d045cadf3b9fb58d0421a8d6013e5e0e5ca168e158a83e 5200 
openssl_1.1.0f-3_source.buildinfo
Files:
 f9a7835dd13f04630e5840fbf729e82a 2583 utils optional openssl_1.1.0f-3.dsc
 74f652d235fe17efd398afb949d74887 54152 utils optional 
openssl_1.1.0f-3.debian.tar.xz
 0769c0d26f45b543e9a76cc7239afb5b 5200 utils optional 
openssl_1.1.0f-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlk1NQ4ACgkQ48TdzR5M
EkTLCA//fBckq+OO0G42AQ9ZFZznrQAyPt8U7Ofih17GiI+Gx0mjC5G39Th/yDzE
fWOQx1vmhX1nGOOSoudinZO0DV3Dar34ShjP9benw0zT3hBW7O7LRmfomWvscZG3
uGkrnhLaIdwupED4znWaZVq1dX+T9x4V+QtJBZLoaJQrc4L3hPWQ1giAQVce/be8
0ADiM+btkpQFZGEGPZb5zOMAhlnvVa4XNCf9xkP8+fAzISLqvnoi299U9xc2iPBR
Bzuik6iYyw9Zd269gXFMQY7C6XBlW6RZJsvWYu3qkqftO9ym6+i+E3dxYjWNmAXh
ODEqCxOLrQhZKOhK9sfxViAGBVz0dTDUbPLQI17BpJKaTh9Wp6zB2HYJvPlwsOpe
GGqTpWV93WrzI1H34U/Nt4kyfBljsa9ijMgf8+IjSRli8+JnIO+UuwssmZhsZWyr
l9eT4kbSURenApWY7Zh6KZG2uUhezZr7O3pGn9vU3bAQlSJ07AKQC2IlR7SiKWGV
rlwIdICiAzHQE5YaFZ5MDPRsR1ZDYqE82SlmWJI61zztG322KibZSkWupkg0YGBM
3SjaTH5WpKC2Yw9nnQL7dJem/bxLpnb4Itoi3ACCoLCQ2PSfKkPY2j/vqKvB5WO7
jyMVh9tu+oDA/bb3C7dtum/zk8Te333JMDCOJTLR5nwJN4K/OBc=
=Ts5G
-END PGP SIGNATURE-

Accepted openssl 1.1.0f-2 (source) into unstable

2017-06-04 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 04 Jun 2017 12:07:38 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 863367 864080
Changes:
 openssl (1.1.0f-2) unstable; urgency=medium
 .
   * Make the udeb use a versioned depends (Closes: #864080)
   * Conflict with libssl1.0-dev (Closes: #863367)
Checksums-Sha1:
 01bb5adf098166a46f4ded22169be2dfcbaddf1f 2583 openssl_1.1.0f-2.dsc
 d792b6c7cf3e68def5a2cbd613e6d39e9c352702 53572 openssl_1.1.0f-2.debian.tar.xz
 c883c40b4d802e3ea63725add74ac0fa341e077f 5200 openssl_1.1.0f-2_source.buildinfo
Checksums-Sha256:
 9ae0f957bdfb83ddda991e557febec7e0a41dba1acb2c8dced450706d9f15814 2583 
openssl_1.1.0f-2.dsc
 6186707aeb7d4575035ad3f3b0bd525909124397a4fcdcfe05726b9765e83115 53572 
openssl_1.1.0f-2.debian.tar.xz
 75abe8ebc732b73d3cd8fe17c4685b915734d0396b4e1a200c964e2af0cb5a7d 5200 
openssl_1.1.0f-2_source.buildinfo
Files:
 4f32a663c8a5895e27cc3b2ddfd183f6 2583 utils optional openssl_1.1.0f-2.dsc
 bc36091c1abb2ea19dfce0680968c8a4 53572 utils optional 
openssl_1.1.0f-2.debian.tar.xz
 26a48eac3f657637e245fd44ebc1175c 5200 utils optional 
openssl_1.1.0f-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlk0P6oACgkQ48TdzR5M
EkTwUw//Yr+BJy6j6UUQCVWiNlPBB29b3mhpUxWQZp9o7jSmzzT1Z7kiNFrg+xiN
CpOpu2gd4lUZOXwyzYoz2ZXEYUh/FWDwdanQC7kHgD5qVO6fbugLFlwnBadVPIjJ
VDZoXP2DeMpp0AVmFYob00vavq+qipdVHXxlJa3WjnEWrx0B2VylX4/rKnZlSK7O
bavzVpzSCYpdhYbIPUCuYRJYKFLhMph3HwP2eqiF1pjmpbnOAHUQvG/ADfzqdAb8
RrldTJNJJoMFHrtcmd7WK/ksrf3T5hcq7ZvNSP4NjQXI78DqLYF8faYMk2Gs9phr
cnY8L8o+2Oq955DGEZY+96gJmo2khZ/jfunoqoFQDgare4/iV5etkXxU4XW9WKse
Cx8ohQKZqQr31LdHpLqexYv4RcWLgdvarAH4E9iliYbGCUrPTtvEAT8LlnXe5p98
LlCGtU1SwhiYyRPgd39i1RPzAh27VMezdAaYgU557PEQpkdKuuLBPa7QUENNGYc9
KwAbN0PoMlNmLb4bhIjHPmndGLOcEX0GydV2gJ3EIyUR6bpdvxgUDJbUPaWgXACi
r9gnsCUeKh1O7yFtkmXtK/S0vhHZob/O1nLR/NrjiSGGCBbuF2wV7YyGsQ5sgyGh
QpWLWa5WEZe4rGfsdK/7bwrLdf3S9WnUkhgTKD+Bbz5tAN+oTn0=
=N6k1
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2l-2 (source) into unstable

2017-06-04 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 04 Jun 2017 19:15:33 +0200
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2l-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Closes: 864081
Changes:
 openssl1.0 (1.0.2l-2) unstable; urgency=medium
 .
   * Make the udeb use a versioned depends (Closes: #864081)
Checksums-Sha1:
 4d993c36add915e3dfa332b0fe7006f830e2b05d 2529 openssl1.0_1.0.2l-2.dsc
 9a788b795e6e8e5f12a12ac90665b63aff5d4112 75888 
openssl1.0_1.0.2l-2.debian.tar.xz
 5c977a4ace7b1cf4ee33d1e390754ab655ec510e 5202 
openssl1.0_1.0.2l-2_source.buildinfo
Checksums-Sha256:
 51aa8afa8157b209a647f5476e72ba06720c33b8f6e46be79e91a0dc9349efcf 2529 
openssl1.0_1.0.2l-2.dsc
 8e0dc8d55df49bf85cc8a991774fbdf4186886307acc167054355edd7c77ed1e 75888 
openssl1.0_1.0.2l-2.debian.tar.xz
 4498c0fea2194ed534faf268ea33eba783a4b2a7e3c3c6e1b3ab3774198d12fc 5202 
openssl1.0_1.0.2l-2_source.buildinfo
Files:
 c30ab6c2a1ea79ad84d7a866a3efd49a 2529 utils optional openssl1.0_1.0.2l-2.dsc
 873e73da5c0062b4a64325377cfde130 75888 utils optional 
openssl1.0_1.0.2l-2.debian.tar.xz
 1b5efe972738ecf8e3aee723e5e208c4 5202 utils optional 
openssl1.0_1.0.2l-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlk0QrkACgkQ48TdzR5M
EkRb5RAAoACYnHBJhWAfIr0UvfI5nIkMu1ePtrUN6IxKPNz9z4C2RbckbmMf6KIf
o4kmIcjF0qI0bo0OxTKzNbLbuSS97CA2H/adtYuP/eE7Q38vLWE0h8BfCOYXpI9y
jZWsQLaH3QtG+rYYrGhPi9XJT+rdFrT8NyVQYMDddNTo/fLrVcDY6ThpGM73rwFT
PKI1+2msIiOA+ZoYLTAVmRt7ad4Xyz+aKvq/8mxMTQDSiux+JakksscFo5qruSsL
Nhj7S8n+ejJk5sLazwPDQ9rzHAP6Vza0lGpSodTFDDasvr4Brpe/KDbSZ6Tc/ndX
bh6mAbjBOXNR5fSKbG0xjK7EC5PJILGgWZUXM3m2bPHllG9ysfuoKqZ0Cs3u1G+P
KfoE4I7M8LEYSFoUSAuD2OqSS2/LJctpui/qs2XX8qLsZUSWE1/98dWKuPHaIh7O
XCd5nzm87jnyWNaz3R0PSB5yf2OhnoLzOYt3AI9hogsS05bMzGNORab1E/qQdI1K
3DxwZzF7wP/2V+QZ3Yowci+kSBOis6ViaiNVLnerIFoYaJ+2kTRSie9SGA+vGsdq
/AJ2O41UGQQ5CJX3+Vw6wQVhWxxNsMurAiiQBzaQB5JXDc4s9GYVoRheI7TMinIj
4bmR9Gzcgl2r4dTgVbpdh+xEle6sBQrIF+Ipfu2b+I967u8rIwM=
=KsYl
-END PGP SIGNATURE-

Re: [Pkg-openssl-devel] Bug#754513: RFP: libressl -- SSL library, forked from OpenSSL

2017-10-16 Thread Kurt Roeckx

On Mon, Oct 16, 2017 at 05:29:09PM +0100, Colin Watson wrote:
> 
> While there does exist a skeletal compatibility layer linked from the
> upstream wiki [1], the OpenSSL developers explicitly don't want to
> maintain this properly [2], and the OpenSSH developers say that it is
> "unversioned, incomplete, barely documented, and seems to be
> unmaintained" [3].  Kurt Roeckx proposed a patch to add a compatibility
> shim [4], and a number of other projects have done something similar,
> but the OpenSSH developers have explicitly said that they do not want to
> take that approach [5].

My understanding is they would only be happy if we turn that file
into a library they can link to. It would require that all the
functions get renamed, which should be easy to do in a header
file.

> It's not currently clear to me whether anyone has explicitly talked with
> the OpenSSL developers about this problem from the point of view of the
> OpenSSH developers, rather than just as users trying to get OpenSSH to
> compile against the new version.

The question we got asked is to add that compatibility in the
openssl 1.0 package, which really doesn't solve anything.



Kurt

Accepted openssl 1.1.0f-5 (source) into unstable

2017-08-24 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 08 Aug 2017 16:13:54 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0f-5
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0f-5) unstable; urgency=medium
 .
   * Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
 version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by
 calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version().
Checksums-Sha1:
 c48a6c731f7c60d75819793f6728fb98181b733c 2583 openssl_1.1.0f-5.dsc
 246b9920ff7aa430586d0ac6e57337cae6ed1570 59536 openssl_1.1.0f-5.debian.tar.xz
 aee6b41fe06323c9d5374bb154e9510c11fb44df 5181 openssl_1.1.0f-5_source.buildinfo
Checksums-Sha256:
 44c38165dc9c99d069bb19c510d58778bb79e0530d5967cb74c556999f0b4b7e 2583 
openssl_1.1.0f-5.dsc
 7ae7fc632d259f1e4ed5e2475847d31db18d9bc6b96a6a3405a77cff7020b97e 59536 
openssl_1.1.0f-5.debian.tar.xz
 76da9afb1eb42dfbd5aca7daf7cb6a9ec683bd599717172a520dfff17cccda0f 5181 
openssl_1.1.0f-5_source.buildinfo
Files:
 e504390bbc06904ca6e4a3acfe522995 2583 utils optional openssl_1.1.0f-5.dsc
 18b618d61accb385f5f80ad22770cb84 59536 utils optional 
openssl_1.1.0f-5.debian.tar.xz
 62fdf718c2a601d7615ca68bbf2e2c20 5181 utils optional 
openssl_1.1.0f-5_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlmfOdgACgkQ48TdzR5M
EkRzmA/8DBeggvzCiXmRteDkh4GzhccpareYOC+SEdRcgMul92FYb6ODTMiGEcU4
vWREMC7pa5oeCpnQ7en675uWXnBxMCm/b2Vg2kNbCgLzb7tw4fM2AsD5POGXS656
YTGZp49XCNvxeo18/XT1XuYGkOj+Gta3ZvJLkUR9EpKT3+U0u9/WqKC61tXuZRE5
ASaQqWeHHVGFfmUOkK+pq2axEetaSWF0F72r9xFuYC9F5VpULkbds89+cdM4SKxU
WK2zNk+AIiK00efqDpmt1xNBhiZyD+GY2RRdbBg/qkdw0oRubWlG/XMjh9lZ4zHX
O1sNDgr3mBmxVNEjqGF4UXg63Atsdp9XtDq40S4HWJhPXJ2nYHd80oVMVvf8sG26
NRVNQNV3Az6m1Ic3KSoz4dXlG2l8+HbqFy5QCl1srwnQMGgWh+sCSRO4Wdk4hbz7
LSoou6KmH3gclHxT/J2QrmSGyUAeS8tZt2pR2L+1rlJVxC91YmjUpP4CnFqqS+mJ
vWs0WDHPWFdFNCBfUNpfIk5W1tD6L+UVDv4JoVcQrAv86k3NrZ3bGVAeibJa6qU3
Y0VkkX4jUHnp1koU3M2hPFnASfNwE0dNp/+OvwoD6UHxYT38/v/q/ZJRGdQ6Agyb
3sneIHgVMb3I1RnpPr4syABkHAniVIBHZtxXMVtaKz0YvxXkV9g=
=hKaK
-END PGP SIGNATURE-

Re: Bug#833585: lintian: Check presence of upstream signature if signing key available

2017-08-21 Thread Kurt Roeckx

On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote:
>  ❦ 15 juillet 2017 23:06 +0100, Chris Lamb  :
> 
> > Dear Niels,
> >
> >> You need the $group parameter (the 5th parameter to the run sub).
> >
> > 
> >
> > Bingo, that works. Will tidy a bunch of things up and push it tomorrow.
> > Thanks again!
> 
> So, this adds a new Lintian "error". I am using gbp and I have no clue
> on how to include this signature file. Integration with uscan is not
> done either.

There is a bug against uscan to do this, I understand that it's
been commited just not uploaded yet.


Kurt

Accepted openssl1.0 1.0.2m-3 (source) into unstable

2017-11-05 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 05 Nov 2017 17:28:52 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2m-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Changes:
 openssl1.0 (1.0.2m-3) unstable; urgency=medium
 .
   * Avoid problems with aes and sha256 assembler on armhf using binutils 2.29
Checksums-Sha1:
 c802a3a166598eb4cd9b6245b20eede580ab12c6 2273 openssl1.0_1.0.2m-3.dsc
 2de2878df6c0eda6023fbf8db6bea629c0589e4f 77164 
openssl1.0_1.0.2m-3.debian.tar.xz
 3e746af9a37f33f953b71de5d77240c8c8cacf08 6753 
openssl1.0_1.0.2m-3_source.buildinfo
Checksums-Sha256:
 c9386f2a481b6c9a907bfdbae2cb12a6f0fa9546555b2fd3c21098adadde53fc 2273 
openssl1.0_1.0.2m-3.dsc
 4115e6022184843ad269e8f0ae00edef4bdc17fbf81978dc539caf1ba30113e6 77164 
openssl1.0_1.0.2m-3.debian.tar.xz
 05f09074b812dc8709ca9fdc53425db2317b4f0239f6954d7ac67778bb79 6753 
openssl1.0_1.0.2m-3_source.buildinfo
Files:
 b452e804645eb9c5367f60f23296d0cc 2273 utils optional openssl1.0_1.0.2m-3.dsc
 f90c0a09da1d8d5ea86e937baff8dc16 77164 utils optional 
openssl1.0_1.0.2m-3.debian.tar.xz
 da57dee5ac2f983a9484e066c495efe8 6753 utils optional 
openssl1.0_1.0.2m-3_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln/POIACgkQ48TdzR5M
EkTGKhAAisKopuZh59yoas6Lj4/tfth4cgcEOXX+w9RCjPEftsLmC0VJcrcI3QBU
KS/+72HMzVD9y/4eMWiA9OLvlNmDa03IA+cvU+rM0kc0eCe1/1g4gb9NpVDfvkPY
3oQxd7sHZUA+MCZ8DUoBaMQ3zwbu6mlc0JzazO5AFP/oJj8Wml0eJIp+gIZhsNOY
aACLygpq/06o4u1tJWx6oOW6hbVc39OLZieSyDGzgaWaaozZQIilcaC6x3x5h1ko
rrCvyqK0QkPItmb/TYuMFYs/YZEivoAV2j/dPb7FIT7njdWJ3uhZuKVernQUGhl8
G7DomKCOmtlkhHUSv6nNz67o+aBrhkIzcfhHtRSrr1lBkY8A9UaXQIiub03SJ/qx
9fKskfJahmB2MqBLbkrD8x/FzHXpZAHot1wwfuoy4y2Zy7JGPDSfQbgSkPQ4xSNK
Rn8SxB0HnnJK8YwEBMWa6LDacNBBlX7zMSh2KUvggoNQbcTz3D5BkV+2DCkBNsUh
iS5p53tR/Bh1eJBf3LOLWsurNr+U4mXsbWyyejw3iC9dAiUHNMP1vKYbYXRjOGKu
Gh/HIbBY+UZ8cf7aVz1B6uhzhujEjrYj+XUvwbgSJGVYn5plshBr4oyXjl5PSipV
kJgg0MXJQCgH84OTr9aGfnGOSkN9pLHRjXl8qvX//8kaSXKhQqI=
=s3/H
-END PGP SIGNATURE-

Accepted openssl 1.1.0g-1 (source) into unstable

2017-11-02 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 02 Nov 2017 15:22:48 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0g-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0g-1) unstable; urgency=medium
 .
   * New upstream version
 - Fixes CVE-2017-3735
 - Fixes CVE-2017-3736
   * Remove patches applied upstream
   * Temporary enable TLS 1.0 and 1.1 again (#875423)
   * Attempt to fix testsuite race condition
   * update no-symbolic.patch to apply
Checksums-Sha1:
 42d3b7a9444b3b7c87d291eb74976b819e118c8d 2583 openssl_1.1.0g-1.dsc
 e8240a8be304d4317a750753321b073c664bfdd4 5404748 openssl_1.1.0g.orig.tar.gz
 efced52be9d3c5cd231c232a6cf294a46b68a9d9 455 openssl_1.1.0g.orig.tar.gz.asc
 ad729c7e2ec311e878b26d40df0b6fb59f685167 58576 openssl_1.1.0g-1.debian.tar.xz
 3713ebf0382a7b1f21773898b931620a5ae02771 6748 openssl_1.1.0g-1_source.buildinfo
Checksums-Sha256:
 20d61daa0efaf020d93e77c1f7a3353815f89c4f5a6951018de911f23fd9f1fe 2583 
openssl_1.1.0g-1.dsc
 de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af 5404748 
openssl_1.1.0g.orig.tar.gz
 2a7532e6722aab8989644049ba5c1d3a5fce417aa4b18235eec901224098bbed 455 
openssl_1.1.0g.orig.tar.gz.asc
 7d4571d74ea5be32330754a8098732f926d022fcd890d73522c8d0de9fa8ce3f 58576 
openssl_1.1.0g-1.debian.tar.xz
 2a4d1a12d31fbf06fe824ddd49c5721f9a69d0de2fcb7d4f422a3c280b309405 6748 
openssl_1.1.0g-1_source.buildinfo
Files:
 5b460de2a08d9e3863d16291c11c76f6 2583 utils optional openssl_1.1.0g-1.dsc
 ba5f1b8b835b88cadbce9b35ed9531a6 5404748 utils optional 
openssl_1.1.0g.orig.tar.gz
 99a7a7d7b55d9d12bb1fc5a31f95899a 455 utils optional 
openssl_1.1.0g.orig.tar.gz.asc
 b79d58c61f4a282ec0d340838984a7af 58576 utils optional 
openssl_1.1.0g-1.debian.tar.xz
 3c6c0fddd2a577117010f46d4ff5d9d3 6748 utils optional 
openssl_1.1.0g-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln7PW0ACgkQ48TdzR5M
EkToTw//QkVLga6M0hEpc95We6GVU/SGmrSydK2VPo7x/lB2MQwHvRjS+QBI8Q5Y
QDCafNve5HnAkYwkXRIS9jgpDDM2Iq4iJhMyYLqRTWTNIdjSBy+/CmiIlv4yJZ8h
hMExmDfzKLmMOy1NVxGA5n5CxiQTH0r/Vc5WIPGVdkpLI5uhSmGzgEADlnxyn0X3
gyzD3TEtUIfQEBfJCfSF/NPHwlA3QllvuLFopPlCI/gt6FwBNtus1N7EE8G0rmO4
T0Ib9IGv13n4IAhvIxpLxOTZCPSuR4pAPWQKRNVfdnxM9EYntgIoCuWoql+nzNmg
9bLQ/HWFBLJAiVIMHiJhxZ+lJmBGVgzzRgHTSnyEZNZZeBF4JoLegwk1StJlN8vG
tHg5MTWGzTMVfQYXbr27TfDz+0oiA2G3WYiP7vD07fgW8uQ6uRNABr9SkSxXvv8T
4u5YTKg3n6tP1hge4Cts9LHJwD63LSY7yYWiojLo+l9fYXSCZxAjWgl5BCH1biiE
MxpyCH3yoIhI1huKPoJPbcAluM/5bKaB2eWvOzAxZ+vOLfHnxrAJoE9+Cw4O1NDB
X0Xk5c8ZEZ/JSCGLu7wPZsWn7B0gdRsIf1LydQEpB0LBrgCfOnhGBS6sJjkgLw/k
W4IjuyWZPvJYAXR5vDu2vQ+AkVzw6QMY828jCCdMbu7W1S4Luqk=
=M3rT
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2m-1 (source) into unstable

2017-11-02 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 02 Nov 2017 14:30:51 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2m-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Closes: 874709
Changes:
 openssl1.0 (1.0.2m-1) unstable; urgency=high
 .
   [ Kurt Roeckx ]
   * New upstream version
 - Fixes CVE-2017-3735
 - Fixes CVE-2017-3736
 .
   [ Sebastian Andrzej Siewior]
   * Add support for arm64ilp32, Patch by Wookey (Closes: #874709).
Checksums-Sha1:
 94a33e8e06981cf8c16b2c281ca403fb47400952 2529 openssl1.0_1.0.2m-1.dsc
 27fb00641260f97eaa587eb2b80fab3647f6013b 5373776 openssl1.0_1.0.2m.orig.tar.gz
 8d383f6f0a55a715fec8c21d02319a88de8fbd30 455 openssl1.0_1.0.2m.orig.tar.gz.asc
 b137c652bd8d0f4ad80df3347b31e7978f1f0b5f 75972 
openssl1.0_1.0.2m-1.debian.tar.xz
 c0d5c7cf688c90cfe266d09b6e55e8a0e3c2db66 6750 
openssl1.0_1.0.2m-1_source.buildinfo
Checksums-Sha256:
 cdf298c572a5e2871db20f0c40f89270b79918a5a42eca3cf16e60a092ba6603 2529 
openssl1.0_1.0.2m-1.dsc
 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f 5373776 
openssl1.0_1.0.2m.orig.tar.gz
 8849091cce9d682069d9cd218a91c7b89e4cb7d0476b132d7276e2c5fffe9cb6 455 
openssl1.0_1.0.2m.orig.tar.gz.asc
 1c956935a181c81fe6de6151e0923dc4366f139862a02a0d41ad0ab163b8bb23 75972 
openssl1.0_1.0.2m-1.debian.tar.xz
 b38b5e06040e1375e2eddd0cba65175d0ef78a626abb540e27c3e8da2fa705a8 6750 
openssl1.0_1.0.2m-1_source.buildinfo
Files:
 d5f7283ee7111d8bc3fe69642cb5d7ac 2529 utils optional openssl1.0_1.0.2m-1.dsc
 10e9e37f492094b9ef296f68f24a7666 5373776 utils optional 
openssl1.0_1.0.2m.orig.tar.gz
 4af5073381fd3800fd8cfb7cdd8c91f0 455 utils optional 
openssl1.0_1.0.2m.orig.tar.gz.asc
 b3a27ae95ee19f8009001ad1fc8f0ebf 75972 utils optional 
openssl1.0_1.0.2m-1.debian.tar.xz
 3194382e74b45a86095572c14539284c 6750 utils optional 
openssl1.0_1.0.2m-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln7QVAACgkQ48TdzR5M
EkTerhAAmvNTqm0rzmvtjMxZ7sho9+XskfO6OfLvXE8j/Oa3wueUFnJP2q8mQY32
SFQkPPt52mYSayBeVnWniYJr/yyA8jzqaudNGvyEjNDMZJ94EWKIsbrF8jATsbuK
qIeTHAd6Ymns2ArDPQVZlXHS1833qMFTEePLpxRyb1WeHJ9ZON0/y7lP9zQGYkJl
WBzY8RcfexSyoMos7MRATQlWy6fXfty/xZe8tDU06F+2lIdtmfJDuxIQ3jbP/BzM
86vxTFC/i3kFp2BIiG5tFrX7xx0Kp/fQcX2zbZu/Vb1xh1Nk0tAF27tWL/8MQXXW
OM/lxMG77+dOUwxQjq382sIPlmzsSDNsISAwA0ydHcYSSrOFwo2hN8i89ZC08dQo
k1Rb0HOJWH38FOCG+lh6Iy4T6ORuaVDcxDYeVgWtIbBzylPNugluaETwqPlUaHpG
ek5+7JgFcjZiD8NWuzYwkmnaT6DY5nTn7R3wkhfArTutzucJlTRqoXaCYkRESRFg
ABP7N+ZSlsunwe9kh6RpB3cfghWKFxbycmhTW/vMl7ec2a2T8ixffQIF252pPEpX
x/2w++gaqVn/ugwmvoWc670Ucxck8wYf0buZR4fVU8OoGykoZyMZNIG+VZflo2/Y
7np87y9k79z36eeQc/8xmgHxW/Z30+myGzkzvIS98rhUgePUZnM=
=1/NW
-END PGP SIGNATURE-

Accepted openssl1.0 1.0.2m-2 (source) into unstable

2017-11-02 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 02 Nov 2017 19:00:50 +0100
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2m-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Changes:
 openssl1.0 (1.0.2m-2) unstable; urgency=medium
 .
   * Fix no-ssl3-method build
Checksums-Sha1:
 b3047c0369821fa7e17cd7bc2b0703a54387746b 2273 openssl1.0_1.0.2m-2.dsc
 58ef156ab557919eeb7568feb5c7b37f6a2ce37e 76332 
openssl1.0_1.0.2m-2.debian.tar.xz
 74af8d1f1f2f4cd844359b59d289e30461089ba0 6750 
openssl1.0_1.0.2m-2_source.buildinfo
Checksums-Sha256:
 6ebaad42ac46cec91890312d2d23598bbcb2741f396fc99f9b14f7f24dccfa2f 2273 
openssl1.0_1.0.2m-2.dsc
 861929308ed08a4b7b33ebe49e360268c9d99f5cdb04f94808cfc11ef1a286a7 76332 
openssl1.0_1.0.2m-2.debian.tar.xz
 2327e73bafdf42b042080a6d6fff777c3580848168a81d2b735bf83979a8e14d 6750 
openssl1.0_1.0.2m-2_source.buildinfo
Files:
 4c3e044d46cab979c66971269f9e01f9 2273 utils optional openssl1.0_1.0.2m-2.dsc
 9188f752207d09f0f62ae6a4b2a6dbf9 76332 utils optional 
openssl1.0_1.0.2m-2.debian.tar.xz
 2b5bf6fdedc1cb9161393ae47aa887c9 6750 utils optional 
openssl1.0_1.0.2m-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln7XdgACgkQ48TdzR5M
EkR9lg/9FtsEsrtd2gkhEmvEe7I2rLDG5hOIQ1IBF3adF+Mz24qTOiRg/ToFqmI+
svqOdvaUgwdEtc5lrQigXj6zKZk3TJx/J+Qk/7tyxfftwP76v2gePsvsjDd36uc7
zur8912X+yp39KRN7H9JxMSCER8rkGPYkc0sqmT/cCf+aJFfCR2o+5QG8YtAlxax
wDYpTOE2xpv6hyni4MROVlHEV5flgK0icdKr3BgZ18Hps9hjQq7TSBWCgAaMuP6V
qu3Lx64QfpgUWD+tcEn8C/n2+TulTlTZlqjzkpFLANLSKFnbTIdottFHVRCw4sYK
mDGR+r7pw3FJ7zz76XBvi1d68oNaCwvN7DU2oHKT/fEBl0obHh7/rkOLxYTY1NBk
xLrjlRKHG1Vq1fHLzUxf8afUshmjAQzRn2lWOlFb3kltibA7fpQ0E+cmBNpRXYmB
ZSu315MZM9oaxB0gUg7MgTzH4naMhfYV8jAZE0MIVC67ncISAvR+IcxbyVkILhcx
XCEvg1gtFqsQn9KGk8mt/F6ldAdfhiLCjmZ6g1NpYPimaWXJCGIpLt9M2DYhf30L
rD8ucvU5atMFWfijNdLOoGds3qjA4l84Y69AJWsLaPfksWYauVx1yl/LTUi3fQ9u
tTPaNo9ci/DxFysfVKeWyiDwe6XbP6dtNx5RUKF7AcjTXZOK6Vs=
=IYmx
-END PGP SIGNATURE-

Accepted openssl 1.1.0g-2 (source) into unstable

2017-11-04 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 04 Nov 2017 12:48:13 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0g-2
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0g-2) unstable; urgency=high
 .
   * Avoid problems with aes assembler on armhf using binutils 2.29
Checksums-Sha1:
 89fdb89c7f12ad50412be68f8b4d7babb3fdd23d 2583 openssl_1.1.0g-2.dsc
 79878d474f24f0502f31e24d31736ccbbecc2cc2 59272 openssl_1.1.0g-2.debian.tar.xz
 5eb4c261cecb01109c3fcc873e282a53dab8b789 6751 openssl_1.1.0g-2_source.buildinfo
Checksums-Sha256:
 c247e6c03142617909613ceec367b0e8deda47745dc34196b0c7925805df238b 2583 
openssl_1.1.0g-2.dsc
 35d134692f170cd4625453e09edbcd23bb9147717d6274efe2647b9b320df390 59272 
openssl_1.1.0g-2.debian.tar.xz
 c38c01d964d5ff4d5f59b5c4b065e1f2a007a20198cf5601ae13f8a1a66e8075 6751 
openssl_1.1.0g-2_source.buildinfo
Files:
 2eb3761aaa82c0296f4a35cfc1299f5f 2583 utils optional openssl_1.1.0g-2.dsc
 938c35d2a0822cef893d79f6e729428c 59272 utils optional 
openssl_1.1.0g-2.debian.tar.xz
 2ad57adfdd4d0ab73ebebba9f3c273cd 6751 utils optional 
openssl_1.1.0g-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAln9qaoACgkQ48TdzR5M
EkSDihAAibJLe1Fo+0FwDNALE1mTImSYlFNnYxmcB4z2hP+KSIsnt3GYMm5AU11s
QfpvPDtK7KwwQzXrB6NAqEf38mcaFJ8mbCTFjP36L7b09dXUKokyeHUG0wPXgnLH
0vQZx1gm1f+dZ0sC2LScj403h3te2Lg48dhQWESZ1VmnKodW9IkJncdvQ/79mEtq
17q1GYlgypGP1RtqP3zK+AQfj8xg0tF/GG2iigM6/JF9Op93y3PRmfbEOcXjESI3
7ZRJXw76Juvi+TyIBmLOO5x6ZMnf8PAi1FPKJ06wObsFUBf2zZ7rThgg6NWXOzVk
ANq26Kh6X1So6+eQBs50oFGHBBHA5gAkKuSl/Lo4FDiWzYbMMrgt9iE6kG8dn4/O
LAuMBgvFIlFtEmprxguaZF1dUXNDVF6e7y28t5jsDUFdbTfQBs+mFu9U4z3yRaoE
bLVDhjgaL0PHcVyPxFSCaeTDPvW6fTVVmQnzqIXq+vNWM1E1zkqTeIijX9fJ8YqM
jqMybRtEfprHIAWXpdpcS4BpBo+Cx+RiuKqzBJtN+UHn4ZD7vBooz+kXzY/4ckuN
39CJ+fhmhFAaJkXGx9dZz82cNLGd/9lWH39kJ2yMP8njKo0M4kbIIb1REU2q+SHQ
ZwC2fWGzEZHf+SY8HFOpbTm4VM6ixFokNOokSm2uYRsi4wLvhS0=
=3JID
-END PGP SIGNATURE-

Accepted openssl 1.1.1~~pre6-2 (source) into experimental

2018-05-01 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 16:34:27 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1~~pre6-2
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.1~~pre6-2) experimental; urgency=medium
 .
   * Update libssl1.1.symbols
Checksums-Sha1:
 44f9bb449a1b761d4c18a91aae0bcbcb9355516a 2617 openssl_1.1.1~~pre6-2.dsc
 1fab907ee534f91bf768fec28ea46770d2ee91fc 55224 
openssl_1.1.1~~pre6-2.debian.tar.xz
 617420abc1aa15d9c35a0522f4022a65f9a09df7 7040 
openssl_1.1.1~~pre6-2_source.buildinfo
Checksums-Sha256:
 5979ef5d0ed550bf0b87b2e87f14e914ed307592c319a0bd2e105604eb51 2617 
openssl_1.1.1~~pre6-2.dsc
 95d0942da198e3f6906267efc0c4149a3ffdfdfd161454102029606c8e8219e6 55224 
openssl_1.1.1~~pre6-2.debian.tar.xz
 ea710e0ea72d05c52f79fff62554da8ecaa7c4eed5730a582441fab8c683441d 7040 
openssl_1.1.1~~pre6-2_source.buildinfo
Files:
 e178fe417d91e8ba3023eb2b46861f95 2617 utils optional openssl_1.1.1~~pre6-2.dsc
 c6dc901da50f998ef431baa220ae645c 55224 utils optional 
openssl_1.1.1~~pre6-2.debian.tar.xz
 4a78ead2780d55b64822b91c42fc1927 7040 utils optional 
openssl_1.1.1~~pre6-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlrofYQACgkQ48TdzR5M
EkTc9A//V7cTrsUslHXV0gTMw8Vf9+U8aRH0jGF9vXLEeDA0JIiM64D58fZ16YCd
JyqO5kCH1DUNTAbIWxNyMVFC5xsgYAqgqAquOQXoXZaS67oOmPYjLbCHldUptNff
g68YXeHuq7IL+c5GgM9aiP/T+gxMobblktIINV/nMfnTzdSUwT6gzO4CEx6fNYDP
mru8Rj5+UUr2SPeVzcWhT8TxU4So5J/aG6YqKXucye7nRv80RMlv+ep2PR0feuBa
wkuVXUmAI8gmBW+GD3M1RQo1qzx2zlkuLfJM+i5FFuP7IcNuiz89G2V7g6/A5c5/
cqSWOCwFdQ4Iqm5dBFIsCnUY+AKezuEhXjr7KXxLt8HFJZ6tuFHVnX1OMQFJFWUZ
PB7CizE9MG0/Cev7ENwQ501GuygI+zXUId4rbyv97DwmZTjTrSKNiMlPU3OHaqX7
iU7Vsxrr2app9Tf6rZMx+haExxlE0bokdTPfZNFyKtLPnzFmH3M/klyYOy+nKJtk
T93j+Zy33udhgaKvzPsJf2rm2cuiQ04LE3txMTgCNhhHb3wU+HRkH+VyPE3NQX1n
bNHNJkdEWbu/2PEHlvtA4//ux3SqEuLqiuFhTAR+JtwJRQA9/tah0s3OyXJIkbKF
ZSl2i1EtLHTrxabGQBXBXvoKNIk/zzudun4C+fvN2+wpbzti/Wk=
=kcpb
-END PGP SIGNATURE-

Accepted openssl 1.1.1~~pre6-1 (source) into experimental

2018-05-01 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 16:00:55 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1~~pre6-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.1~~pre6-1) experimental; urgency=medium
 .
   * New upstream version
   * Increase default security level from 1 to 2. This moves from the 80 bit
 security level to the 112 bit securit level and will require 2048 bit RSA
 and DHE keys.
Checksums-Sha1:
 6f69ccd750a37fa0a8f4d16435e1dfcf46f0f8d1 2617 openssl_1.1.1~~pre6-1.dsc
 d9aa6121ea9e8bfc4632566c72b376620c68ece3 8286337 
openssl_1.1.1~~pre6.orig.tar.gz
 30b4162e2d8f3ed6f28cf460e2b5112fa2403109 455 
openssl_1.1.1~~pre6.orig.tar.gz.asc
 fa100a10a44466c5fc8c077275c473f9d3dd8d84 55188 
openssl_1.1.1~~pre6-1.debian.tar.xz
 09ba3db98f37a7c64fbef9fe0caf1a61e125bc1a 7040 
openssl_1.1.1~~pre6-1_source.buildinfo
Checksums-Sha256:
 2b3b9328e945eed8d34c32b40610ab2c089b4868fb3da03188454be327641d47 2617 
openssl_1.1.1~~pre6-1.dsc
 01f91c5370fe210f7172d863c5bdc5dee2450c3faa98b4af2627ee6f7e128d87 8286337 
openssl_1.1.1~~pre6.orig.tar.gz
 75c4bee76b9cb47e1c5a22f925a5df911661c4c9344f5127dab8302dabb0157b 455 
openssl_1.1.1~~pre6.orig.tar.gz.asc
 88619362fc94ae5ea35ced9bd2891cd73b25835904db406c6200661185f2cfd5 55188 
openssl_1.1.1~~pre6-1.debian.tar.xz
 1bd601973376a6e9b4f0dc31907c0ee7de67254a52ad2a1b51831385bdabc916 7040 
openssl_1.1.1~~pre6-1_source.buildinfo
Files:
 41328cf1437bcc89abd75c3aec3e7c6a 2617 utils optional openssl_1.1.1~~pre6-1.dsc
 da450acb7ac260021b75b978cd08964f 8286337 utils optional 
openssl_1.1.1~~pre6.orig.tar.gz
 bd04653957b9cd0589586a0bcc311f4a 455 utils optional 
openssl_1.1.1~~pre6.orig.tar.gz.asc
 41f0281175bf191f7e2e0ec2e9c68fa7 55188 utils optional 
openssl_1.1.1~~pre6-1.debian.tar.xz
 fdd1b60417cfeba7068f83cf67425846 7040 utils optional 
openssl_1.1.1~~pre6-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlrodkkACgkQ48TdzR5M
EkQm8Q//dxWruxFTWdo4OF8f2fuMraAH0MK2tT4PvyD5jyGdzwDRGvrSenNxznOJ
0wtxChS3EighdMSVxfEDVPjKPE7U331CuaNTpBFFNWrXOgRz9H41EHleiQwVRlNV
XgWIOFeIx5ozNrZ9C2JY42nzb5Yl9uUE9DP3D24p3oAlSIQ2yI14BSLmYaNF2maC
DacVNmKZsi7pNtLkPoxW0NGz4WzB6eF+u7gK/9ccpdDN/RK+XqlIvkvwY19p/y2J
f78NmhD0HO2YnOTeRw3KvS4hTgNFw3y+IrcrVehMJ8u9W+3nQCkriM0fOSqJcHe1
654Jwrkp8voQeGjFr1NEUI4d62KbX67+qIIscxGcx8PIBCsZEJN+eQ+/J9jQbvny
5lE0Mj5kb88d70a4iMuv5S71WX0P2exjrsHXsfIy/ltGdFqZBflbG4ZeLh43sSF0
PRax8k8s9l+Owv9yl88fxjKYRYZKif+hXrjNmrNbB48I7JWAdGbGn1xAzQ/LFMHZ
zOEwk20dokVWiX3a+TpmrvyK1JKL1NdRDVF6uaNZspTcop//gniz1wqd9DZdkFkO
z104xtXRsnC10qXkgMOA5H4iBQJBu2XPRnnsLRYotQQoiHJa2HLsVJWzGipOA5Ig
CNI/shE5VLK88XCgnbsdorBUxlqA+0S1Ecj5icWQrjYjbzFhaS0=
=aSjH
-END PGP SIGNATURE-

Accepted libid3tag 0.15.1b-13 (source) into unstable

2018-01-07 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 07 Jan 2018 12:33:47 +0100
Source: libid3tag
Binary: libid3tag0 libid3tag0-dev
Architecture: source
Version: 0.15.1b-13
Distribution: unstable
Urgency: medium
Maintainer: Mad Maintainers <pkg-mad-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libid3tag0 - ID3 tag reading library from the MAD project
 libid3tag0-dev - ID3 tag reading library from the MAD project
Closes: 808767 869598
Changes:
 libid3tag (0.15.1b-13) unstable; urgency=medium
 .
   * gperf now uses size_t instead of unsigned int (Closes: #869598)
   * Remove Clément Stenac from Uploaders (Closes: #808767)
Checksums-Sha1:
 ada887165d8e66c719f7c163d18db5d6b7b58f9f 1919 libid3tag_0.15.1b-13.dsc
 988b22ac0936058669d59e0d6843127975a0d0eb 7724 
libid3tag_0.15.1b-13.debian.tar.xz
 ab8a5e3117c27d866f4b8cdeda4336ddc13c5fb2 6819 
libid3tag_0.15.1b-13_source.buildinfo
Checksums-Sha256:
 d969b7a3a9dc08244169280c702a1b1c90155c5e945de274a28765d733133a76 1919 
libid3tag_0.15.1b-13.dsc
 400870971569812700caa954c3d5bff0c43b03d78c305bce6e1d113b62f6763a 7724 
libid3tag_0.15.1b-13.debian.tar.xz
 74b557c134fe17f6364c210a60ea9105d1d0b0739f824d49826e8480ad27ee8c 6819 
libid3tag_0.15.1b-13_source.buildinfo
Files:
 cd4c960c7403114456ea580b596c3bd7 1919 sound optional libid3tag_0.15.1b-13.dsc
 770c6af1b9f818ab7c2ea3208d70961a 7724 sound optional 
libid3tag_0.15.1b-13.debian.tar.xz
 044dacece2157828e6f307a846487b89 6819 sound optional 
libid3tag_0.15.1b-13_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlpSHZcACgkQ48TdzR5M
EkTEeA//fh3Tl/d8VpbJh5+b5sVElyIKn46/FjrK5x0n29nOmsMSe9O5+rrH0hkl
9gZHMvz+arey3T+bf4QjRfdgn/pJkZzH8rSP8B/88LSsNgidxWL2LkfzbWULhz04
1nholHOEebXxFOJM6joL+12h0OcZHK3cZYsqI8xwuo7KCd99DtdJq/SmSjKCw6Zu
dXWX7A94ReSnw48rIwO54WSD7gSVDkO4CAJnzqFMSLN+OfF4O4zc4nah67VSoZik
I1z/yag3dWPQTUq5h9XHKu2Qmx9fhnfuqcrrAlg767KwkI6vN/CnSLALabVMNjEH
7EPJjhYm/4+W/EMP7gbyEh36Jmcfe68fle/RGxDm+y4RSN+CArISq+aLvSCOCVNH
cnVoLfxMafZMo8BzJ9OylhfRmI8lqcHjXdv9wTPPCtTSMqD3Nx/itzxzYQLnXSA7
8T7O0wlZOltpvjR5keVFaT+ZMJ3DQWuORoxj7Y86SbFMjjX528D6X2Qm0+kwqrj5
uo6kbDtG3BnFV48//qLooVbotksXtVEGEnp/f2qOq4AkVquwWStHsN1TOAe1ABwt
sxDObQQ0xsTU706XTDUq7vcj+hf3dR/eaWp5ycCaX2Wej3zWoHDG+//clhrCAOXU
ujW4RuJJN7vhpFSaRKukbhOHYBh5egpY7QotRXfF2awKcpOcJn8=
=IJ6k
-END PGP SIGNATURE-

Accepted libmad 0.15.1b-9 (source) into unstable

2018-01-28 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 28 Jan 2018 16:28:46 +0100
Source: libmad
Binary: libmad0 libmad0-dev
Architecture: source
Version: 0.15.1b-9
Distribution: unstable
Urgency: high
Maintainer: Mad Maintainers <pkg-mad-maintain...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
 libmad0- MPEG audio decoder library
 libmad0-dev - MPEG audio decoder development library
Closes: 287519
Changes:
 libmad (0.15.1b-9) unstable; urgency=high
 .
   * Properly check the size of the main data. The previous patch
 only checked that it could fit in the buffer, but didn't ensure there
 was actually enough room free in the buffer. This was assigned both
 CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
 different way to detect it. (Closes: #287519)
   * Rewrite patch to check the size of buffer. It now checks it before reading
 it instead of afterwards checking that we did read too much. This now also
 covers parsing the frame and layer3, not just layer 1 and 2. This was
 original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
Checksums-Sha1:
 57cdaf8db3f692fbb3ae676d2ba280c869a6f0f2 1860 libmad_0.15.1b-9.dsc
 0ab6e005cbc0e553d99784b520cd92f93eafc68a 13536 libmad_0.15.1b-9.diff.gz
 c11dc21dc3a20731221e31eb702e70f4bbc61128 6754 libmad_0.15.1b-9_source.buildinfo
Checksums-Sha256:
 4c0e95ae62cb51e2e9d80f47c967a9efbff5846c8076ba0ceddb1006fc6c58de 1860 
libmad_0.15.1b-9.dsc
 b538f3f2e1686623f571561949bbd190a398fd6c288badbe81ec28499b9672e3 13536 
libmad_0.15.1b-9.diff.gz
 a3251532ddda9fe1895c65ef1eba0acea6eed3436bbbe07233e744a3d8a81663 6754 
libmad_0.15.1b-9_source.buildinfo
Files:
 63450fb09c6fa823ba948bc8fd15a866 1860 sound optional libmad_0.15.1b-9.dsc
 0cfc29f958d2b3661c82f260a84fe356 13536 sound optional libmad_0.15.1b-9.diff.gz
 c9a57ab9def24a7377caf5454692 6754 sound optional 
libmad_0.15.1b-9_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlpuIeQACgkQ48TdzR5M
EkSgLA/+LNIJjwdIz9R3Y0dVN8Zpf3D+CgkjTHkGdBNjcix6VrIJ8LyXwp4JBOoS
ngtIherhIjGWmgj/u6/CedspusPsr6zA3/SFvFofc3pMqOynvisXfSbXazclTone
A2Y+ALMXdV8FARE6e3lDFmtWwEBujJXQhTpl+5kVrNY7yQbiZF6yvUp/ouOms8uF
29huwxRObaRx2sB5w3HULnLhuFpNAVFVMNV3EZ6ovX0qtmW5C6IR5GbSiCBSe7VV
OSdc3SrdABmhKAZ3s2bqXRvZrgQ9/qzz0HYs6UEk1m2cGkijPpgagNwH7LwKRNgL
WXWjRwM1PVQtdXg2rmP1anPnP9K7C4BFi8ccibW3u7RMcS1h1NBHTYJ8ZaAzHji9
e1bdw9AsOpPJ0Y0pUdyh/HS2x2nZEPM5Asn3ReZvtvpmg+UfVTEeV7W3XjCXu8P/
urTdSycP2+gyjNn+bncpqEv1JMDVTcQ/jJ+lRB7EomS2GvkaMpo3VeBJoZuPki5Y
POBFI44y9J5uV8ggNs1xeUDzuiO9UX7Gu7u5iBUzobtBRXNvknk1BZ2klJnLWiVR
NXVUGDxa5g3kMQObcfdaSyusfUwDUKFPJp1Shp24HUUsYM3gaQ2JeVOujcVDWxss
4gAzYeLAT1hI81uNEfhp4wIxSxR6PMZ0kXG+nwqFsCDhq5ZeqfQ=
=ZeFP
-END PGP SIGNATURE-

Bug#905994: O: libtool

2018-08-12 Thread Kurt Roeckx

Package: wnpp

I'm orphaning libtool.

It currently has 1 RC bug, and the last NMU at least seems to
cause a regression.


Kurt

Accepted openssl 1.1.1~~pre9-1 (source) into unstable

2018-08-21 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 21 Aug 2018 21:00:17 +0200
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1~~pre9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team 
Changed-By: Kurt Roeckx 
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.1~~pre9-1) unstable; urgency=medium
 .
   * New upstream version.
 - Support the final TLS 1.3 version (RFC 8446)
   * Upload to unstable
Checksums-Sha1:
 305a57f27672ca6c7eb8537c78d56b93018046f6 2664 openssl_1.1.1~~pre9-1.dsc
 01a42e93a34746340974b9fafe960226f7d10ff7 8411103 
openssl_1.1.1~~pre9.orig.tar.gz
 bc6581172625ed0a040c172d24ea575f7aae4e00 488 
openssl_1.1.1~~pre9.orig.tar.gz.asc
 69c518b36acc6c15ebbd2fa4cf846ec698dd2d7a 82920 
openssl_1.1.1~~pre9-1.debian.tar.xz
 17c86cf38681a1aeffa9c683b5ac8b3c2cbc6748 7358 
openssl_1.1.1~~pre9-1_source.buildinfo
Checksums-Sha256:
 06b4021d2fee5f7272f26bd122f2400de2daff450e4459bddd3356778d0f 2664 
openssl_1.1.1~~pre9-1.dsc
 95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c 8411103 
openssl_1.1.1~~pre9.orig.tar.gz
 f2d723353a9f9d2fc2699add7ed23a5b1c511684fd05d00e0ce8b4a619f8c6f3 488 
openssl_1.1.1~~pre9.orig.tar.gz.asc
 47e7e1b1c0a27f90f8b8fc804927fd87ed3f269c0d26116d9e1d20158442b36f 82920 
openssl_1.1.1~~pre9-1.debian.tar.xz
 52f170c5819aab6154ed62bb0b2ada45ad9c8bf4ff0364f39e8b43cc7b910793 7358 
openssl_1.1.1~~pre9-1_source.buildinfo
Files:
 d19f427d880e9956bfdba75a8b12600f 2664 utils optional openssl_1.1.1~~pre9-1.dsc
 6aa32e976e2c9a4aee858ced135d2573 8411103 utils optional 
openssl_1.1.1~~pre9.orig.tar.gz
 88daef7544218b30df8344d810a40807 488 utils optional 
openssl_1.1.1~~pre9.orig.tar.gz.asc
 a69fddac66c49a5121a569d92792fffc 82920 utils optional 
openssl_1.1.1~~pre9-1.debian.tar.xz
 6e7a0829cd10d5491d35ae6cbb2ed743 7358 utils optional 
openssl_1.1.1~~pre9-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIyBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlt8aVIACgkQ48TdzR5M
EkQS/w/2KDudxob8qWFaiUihxSmBUSJflDD94dOMyNXwZDEbq0ayGtGY3BZ+TkPC
UTfnW65IMJgZ+TrFKKZKeuO5UVSGAk/k0LqRA5A9CoQ7fIu4E4aA0CsIkqcx4GG5
H6T5VdkgAkQG0b7MIwYr7BEE38i20EcHLKsm2xbU3quR4fb/DzSnvVuo+knjSoGr
yG6h40yh1nIdJ8Tk4J5ROTinHgSrMxFiq2IuVZsbnZ61iDCtSIKa+ByDrsFLYSO7
3L3xk+ER7BzYhIMDFGpU7rl5Jd1bbAvEOcx8JXZmwYUFKVzxnBIb5TW1AbpNOPst
y3Rc+kGTZc9XCbbHJe9UfQkbwQERv1xPfyWA+tx2gANUm+2e8lnAbJEI1+JAzaHp
2l8/vRCTG5D/Czja5s3awwnxoGlqN7xYuzJzhaHfG3i+6ygP894hM7Cpy8KNoDoh
mrCAYVv+rBCczgVF8REs8oFAiVCHYGCvCIpy6s9gHQB2EFzA+C4JkTJC0cnjavrB
D/hyC4sgtjGtPCLTqFWh2M9kN0d2RTRmrZKJuvH/ZDDupEaLqn5AVDuHuuha06vZ
9s3VoN2qRovFEq6oxfm5c6lAVvb/fk0F3qki1UYsjpGaBfz2tEYC8rjuqUyBrwnM
r9Uv+ma/kVgKEzS2QU4M66cSQdbIUHzfkwp/m0N5R7nSNGph7w==
=KHTO
-END PGP SIGNATURE-

Bug#917366: RFP: postfix-mta-sts-resolver -- daemon that adds support for MTA-STS to postfix

2018-12-26 Thread Kurt Roeckx

Package: wnpp
Severity: wishlist

* Package name: postfix-mta-sts-resolver
  Version : 0.2.4
* URL : https://github.com/Snawoot/postfix-mta-sts-resolver
* License : MIT
  Programming Lang: python
  Description : Daemon which provides TLS client policy for
Postfix via socketmap, according to domain MTA-STS
policy.

Accepted elfutils 0.175-1 (source) into unstable

2018-11-19 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 18 Nov 2018 23:01:23 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.175-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Closes: 907562 911083 911276 911413 911414
Changes:
 elfutils (0.175-1) unstable; urgency=medium
 .
   * New upstream release
 - Build with gcc-8 (Closes: #911276)
 - Drop fix-gcc7-ftbfs.diff
 - Drop GNU_variable_value.patch
 - Drop locviews.patch
 - Update patches
   * Fixes CVE-2018-18521 (Closes: #911413)
   * Fixes CVE-2018-18520 (Closes: #911414)
   * Fixes CVE-2018-18310 (Closes: #911083)
   * Fixes CVE-2018-16403
   * Fixes CVE-2018-16402
   * Fixes CVE-2018-16062 (Closes: #907562)
Checksums-Sha1:
 a68e892c7347f0fe49158e9818e57607cb38c7c5 2568 elfutils_0.175-1.dsc
 361f835640ecffddc6d4543fb044eb53f673026f 8786600 elfutils_0.175.orig.tar.bz2
 a15f78114cad1c7dbe41b2c5710105563b83c481 488 elfutils_0.175.orig.tar.bz2.asc
 28eab328d1e8d8df41b13d9567c9d707dd5901d3 37404 elfutils_0.175-1.debian.tar.xz
 57e40bb1e428465522056af1907d7078559fc83e 8034 elfutils_0.175-1_source.buildinfo
Checksums-Sha256:
 32e42db07fa6c55697db27fb049b327b8bcee95e326c8b64498671dc9f3851ba 2568 
elfutils_0.175-1.dsc
 f7ef925541ee32c6d15ae5cb27da5f119e01a5ccdbe9fe57bf836730d7b7a65b 8786600 
elfutils_0.175.orig.tar.bz2
 103ae1a12d0b67e2d783f36dc780acd533d5c2a9d6241bcd62cfe1f6fa891a16 488 
elfutils_0.175.orig.tar.bz2.asc
 0de2c3f311d388a1dada67e4e37a41bd18fcf715c2a7bcb869d75f0815c70f23 37404 
elfutils_0.175-1.debian.tar.xz
 dd5c7a1153ee0bc3ede69fe22d30b9b939142f25f27dda99792fa8e3cc61 8034 
elfutils_0.175-1_source.buildinfo
Files:
 9b6749ac7b767a9df5861a5b13bacf6d 2568 libs optional elfutils_0.175-1.dsc
 9a02b0382b78cc2d515fb950275d4c02 8786600 libs optional 
elfutils_0.175.orig.tar.bz2
 54de34fe526466caf58f8dce879623b6 488 libs optional 
elfutils_0.175.orig.tar.bz2.asc
 c088129dfd51831d1ea2e664fac54eb8 37404 libs optional 
elfutils_0.175-1.debian.tar.xz
 d586e4cd298fec2e61a37ebf7bedfefd 8034 libs optional 
elfutils_0.175-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlvzKXgACgkQ48TdzR5M
EkQ0mhAAqvoR6fm5a4w67O57UO3j+PM2t+3Slt4qDsfmB2ochhuQ81J5MYO+7kO9
Jen2DB4LMYBW1z0pY7/xvS91EXfxkrJqjhhELFmds0+2g6uyJrvFJ3l+lmTRpvCW
ijRUa5/PssXT8gH4blEBDERPz8Sdr6A3cwzUD5vHTQxF9F12rnDa9ofFeuyaFUW+
rxnubsksysSY7rJ91GG1JLAB9/n/DI2PgQyNwVJ6fT87oJuS6pN70JV7RJOodvRq
fYggTl1RWiuD6wAPlXmspDox4esGw5aYdgvwRR2AEO2wODxCkoMAltlUU0fPW7X7
TWDK23zVci1wtj9blquX3DUPu+L/E6tHV7p8t/HG0xpqfysTXgORkqV511DOJM8D
y3gkAh+jK2P2C88lrgWoLvDOQyfo/V81zbge82/wQzA9LAEbYojlDv7Jqx6YPqzz
nGac1sPvrR7tYrMDXH1CFBgtkpj+8SaHc39FAmP+wi8bg20wxjjRv5Tul9ffe34V
vVvoNjr+dJ5tpC1KPBH3kfDNU+gLocNK5rw00Hifm9ub3EKPT6pYZUSUpRRfDw3C
0ZuIuVAh+OhIhuvHOs/roWco0i8+Db3Sj/VnFbLvZeSgHerOqqvE08KNY1T0OD1k
uB88KJg7VFigV65sKwbGSQ78CCFhtlX++wg+G96+GXA6cGxe8+U=
=Dwb4
-END PGP SIGNATURE-

Accepted elfutils 0.175-2 (source) into unstable

2018-12-30 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 30 Dec 2018 15:02:01 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.175-2
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Changes:
 elfutils (0.175-2) unstable; urgency=medium
 .
   * Add support for the mips ABI CFI callback
   * Properly clean up in test suite on skipped tests
Checksums-Sha1:
 f3005c06bc6d1fca972f6478b75e82edbee566fb 2568 elfutils_0.175-2.dsc
 b4a6ac7f6d2577eb6015de140c745d52f7f9826a 38308 elfutils_0.175-2.debian.tar.xz
 f27e3e20bfd6f68e68a81beb89dd060f57ba31cf 8032 elfutils_0.175-2_source.buildinfo
Checksums-Sha256:
 d256b8eaf5a3b8390b0a66d215a7bb11375c01a5fe1eb2b32861432249a9d1af 2568 
elfutils_0.175-2.dsc
 e4c0cfd5381387964fbb1ccee085b3b37564b16100eb36588ba72bba7eff062d 38308 
elfutils_0.175-2.debian.tar.xz
 f742246021eaae301c33d230dac5f2d9ae1535c6e6ec9d5ed803143a95dfcffe 8032 
elfutils_0.175-2_source.buildinfo
Files:
 8ae42c9e2ac565b1964f2724bcc8ee64 2568 libs optional elfutils_0.175-2.dsc
 14cd2ae585b3e058c008549c49723724 38308 libs optional 
elfutils_0.175-2.debian.tar.xz
 31c074f3f65835d713716223d7ce51c7 8032 libs optional 
elfutils_0.175-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlwo0goACgkQ48TdzR5M
EkTpPBAAjUjG1PdqVuct5RFeAPhoiEqLPiuGbO5HCDeCDpm7/KoV4xjA9Xk9DHP0
rXv1qoMZOdI5KmbgsbQoRmeBpyv+Wayiy6FH+pb7wGcvH0WMtAsbRbcCaKpKS4Rh
r3ERp1A/nq/MZiIf4zWPEPpt6xBIJA3we6hMDwvG72QOolM0gmdE0m2riaBq5Ddm
Mjf7sqMmFFahkYUzxzQG5zAhlbW8IxLafWTVLhYQn7QvPJIs0HlkIUaDNaX1eRfn
idMso3GOmujvL8rxKm+ZT1/+IjXKega/2l12DkEuasNHzJB+1vhMxjGy2nGZhNUN
EG2VwwhbWAToU2TIp87UMTwHFQJEKaumnVtbsZ4ot2s2i79eFw+bpqvRZzVtPQoa
palO3+Xsr3CkvhuwdfGaTorxMZAWxDPK8oPp4qwOPTLtARuSj3WP8Pae0GqCz6jE
bX11lt5SNqhkgwwZ6bAPdOA44T9x1/zlwS2t57Ka/+H6eKmr1+GlJkYtXH2yysXP
9KTfih7NUF2K1zYgznf7puWwfO2Rb7G90b4ahwpULstAtCN/hjDDE+0ELmg7gWHz
zkH5fkvgh1pJDSW7Z9L/A7kuxZb/m0lJFNf+gBjqXiUDut1ghKG7vziZ4CbcaceI
GTiDWjDJtB/Jp6UYbJIVSmjVAzKzoUh/9gjvch44c0un9o6tHwU=
=5FjI
-END PGP SIGNATURE-

Re: FYI/RFC: early-rng-init-tools

2019-03-03 Thread Kurt Roeckx

On Sun, Mar 03, 2019 at 08:19:44PM +, Ben Hutchings wrote:
> On Sun, 2019-03-03 at 18:59 +0100, Kurt Roeckx wrote:
> [...]
> > Most people will actually have at least 2 hardware RNGs: One in
> > the CPU and one in the TPM. We can make the kernel trust those as
> > entropy source without using something in userspace to feed it.
> > I'm not sure in the kernel has the option to use the TPM directly
> > as source, but it makes it available as /dev/hwrng.
> [...]
> 
> If there is at least one hardware RNG with a non-zero "quality" then
> the kernel will start a thread (khwrngd) that reads from the hardware
> RNG and adds those bits to the core RNG, crediting each bit with
> quality/1024 bits of entropy.
> 
> Most hardware RNG drivers don't specify quality and it defaults to
> zero, but this can be overridden by setting the module parameter
> rng-core.default_quality.  Perhaps we should set a low but non-zero
> default value?

I think choas key is the exception to this, the kernel uses it by
default. Changing that is going to surprise people.

I don't know if we can find actually find out what quality the
RNG should provide for most devices. I think for some we can set
reasonable defaults. But at least with TPMs it can be one of
various manufacturers, so the quality might be totally different.

> There are potential problems with doing this: some of these hardware
> RNGs are probably quite weak, so we have to be very conservative, but
> then the less entropy we credit the more CPU time will be spent in the
> hardware RNG reader thread.

I gues that what I would like is that at the start it just gets
the entropy it needs, and then keeps feeding it at a low rate, for
instance a few bytes every few seconds. I don't know if that's
something that can be set, or that it currently does.

I have a FST-01 / NeuG, which I guess is like the worst RNG you
can get. It generates less then 0.03 bit / bit of entropy, but can
do this at 80 or 280 kB/s depending on the setting. With 0.03 bit
/ bit, it takes 533 byte to get to the 128 bit entropy level. At
80 kB/s, that takes 6.6 ms. So even if we set the quality very
low, it can still be very useful.

(The kernel does not recoginize it as an RNG, you need rng-tools
for it.)

Kurt

Re: FYI/RFC: early-rng-init-tools

2019-03-03 Thread Kurt Roeckx

I think the only sane things are:
- Use a hardware RNG (CPU, TPM, chaos key, ...)
- Credit a seed file stored during the previous boot
- Wait for new entropy from other sources

Note that is can be a combination of all 3.

We currently do not credit the seed file, for various good
reasons. We should provide an option to users that need it to
trust that file and credit that file. Note that it does not need
to be fully trusted, we could for instance say it only provides 64
bits of entropy.

Most people will actually have at least 2 hardware RNGs: One in
the CPU and one in the TPM. We can make the kernel trust those as
entropy source without using something in userspace to feed it.
I'm not sure in the kernel has the option to use the TPM directly
as source, but it makes it available as /dev/hwrng. (The TPM might
be disabled in the BIOS.) Some people don't trust them, I suggest
they buy something they do trust, and disable the ones they don't
trust. I think we should trust all hardware RNGs by default, and
then also actually extract data from all of them.

Note that the internal state of an RNG is only 256 bit / 32 byte.
If you make that output something, it can't have more than that 256
bit of entropy. It does not make sense to take more bytes of the RNG
than that to feed back in it. It can make sense to do this at
different times, after the RNG has reseeded, but both should be
limited to that 256 bit / 32 byte. It doesn't make sense to do
this at more than 2 different points in time.

There is no point in using an other RNG to stretch something. Just
use the kernel RNG to stretch it by just asking more data from it.

Do not feed the output of the kernel during boot back into the
kernel, even if you don't credit it. If there is something random
in it, the kernel will already have used that. If you do it, there
is no point in using something like md5, the kernel will take care
of that itself.

Other than the entropy you feed it, it can be useful to feed it
data that does not need to be secret but is very likely different
on each boot, including things like the current time, and an
incrementing counter. It would not be credited as having entropy.
The seed file currently acts as this. I have no idea if the kernel
does anything like that itself, like the mount count of a
filesystem. It might be useful that we feed it some boot counter.


Kurt

Accepted openssl 1.1.1b-1 (source) into unstable

2019-02-26 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 26 Feb 2019 19:52:12 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.1b-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team 
Changed-By: Kurt Roeckx 
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl- Secure Sockets Layer toolkit - cryptographic utility
Closes: 913558
Changes:
 openssl (1.1.1b-1) unstable; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Add Breaks on lighttpd (Closes: #913558).
 .
   [ Kurt Roeckx ]
   * New upstream version
   * Update symbol list
Checksums-Sha1:
 a249e516cd86428a5c04fe02180d71927aef448a 2614 openssl_1.1.1b-1.dsc
 e9710abf5e95c48ebf47991b10cbb48c09dae102 8213737 openssl_1.1.1b.orig.tar.gz
 2299f5f30f14e141b2649864c003dc9edd56c509 488 openssl_1.1.1b.orig.tar.gz.asc
 040edd8c5f58a30fb33ff84663d264db2668a856 83732 openssl_1.1.1b-1.debian.tar.xz
 1aa63fefa080ef746afbc187b592704d13c49799 7299 openssl_1.1.1b-1_source.buildinfo
Checksums-Sha256:
 b442c5845f44a36c32a49ae10818bee5b5564d340029547f90345799219b7e6c 2614 
openssl_1.1.1b-1.dsc
 5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b 8213737 
openssl_1.1.1b.orig.tar.gz
 eba898c33e1580089f8179edacd033beac01626c8a82adc701a2f964d0da0e8d 488 
openssl_1.1.1b.orig.tar.gz.asc
 c56ed6be110d67404f9964ca9738af5e8744174ac6d37b448884260e8047c480 83732 
openssl_1.1.1b-1.debian.tar.xz
 3dd734e04ffd5fab6af0ee77f14d05306ac05d3fdf7a0b84e1e9180313b12dc1 7299 
openssl_1.1.1b-1_source.buildinfo
Files:
 c735bc3a1697c320d155a081c10e78a7 2614 utils optional openssl_1.1.1b-1.dsc
 4532712e7bcc9414f5bce995e4e13930 8213737 utils optional 
openssl_1.1.1b.orig.tar.gz
 5f7ee479042174159b59ba0f7603413c 488 utils optional 
openssl_1.1.1b.orig.tar.gz.asc
 c3593f6981ba0531cd9e3095fd37d5f6 83732 utils optional 
openssl_1.1.1b-1.debian.tar.xz
 59b816b1db9f8f0aaae5dd218881aaf8 7299 utils optional 
openssl_1.1.1b-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlx1jrwACgkQ48TdzR5M
EkQpARAApUXGAAv/rFtpQ/tpb+dy96A2vb7+e2NtgzDfuL1ewGnJP5AWBkKsdK0o
9h2IxJ9N1sAqOlZcvC8ORKoCLIo+yRKSCHTeKEemJMDU05c83S2hQWgvzxFzLQ7H
k1puYkHQMhk/2t78YMlmNdyG9Eg25ImOBNGDi9R5W7R/pFLGS62letOOzGY0AuB6
NWK5yGnlgQ99qcbD9GExNnYhvVWaozh75ijIwk0Hi/B4uLLzH1oTSeqJ9mgFTylL
egtrurCu7hoY29JY30/bsZsAAx77rcz9CsowRyJR6JsO8NE8BVzdJ0wjZIy9XlgF
gAxU0YYTBEigXzuS5gO1fcmiYKJMJ7keO+TZ/NJHaBwgn8bliTIug/8+XytnH3E4
WmDYtsW6GeenyTn+akD1amOv4WFShrikfile/AeYAbeVNQ7IjCUDw9TvIU4KuoT4
7gkMu3+LMmjyNGVbEb0luwv6QQIDSlXyR9h8KK6E4wMf6CdCU5I/UBkWvB2+/S7J
sYxWzqeU3a7CxnsarhOUhTbd/4XuNzlcArSJ8k8+NDqLIaA/dUiVuboMFcl1V178
+8gORTFM0hJ2qa24G8Lu904XvF3o7H3dHK6BhQ9x0ID0pAEkTot9mIau8f4pFLaX
/EfFI2lmps/sKIxSKGN5DN3wq2klPW78ZBanF8O+rjy82cb3+RI=
=LlBp
-END PGP SIGNATURE-

Accepted libid3tag 0.15.1b-14 (source) into unstable

2019-03-10 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 10 Mar 2019 16:35:25 +0100
Source: libid3tag
Architecture: source
Version: 0.15.1b-14
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Closes: 899861
Changes:
 libid3tag (0.15.1b-14) unstable; urgency=medium
 .
   * Remove old alioth list as maintainer (Closes: #899861)
   * Remove Sam Clegg from uploaders
   * Add upstream signing key
   * Update watch file to find the signature file
Checksums-Sha1:
 e14cd4b4be922b4b671ef0a09ef4bbb41899ef99 2076 libid3tag_0.15.1b-14.dsc
 4d867e8a8436e73cd7762fe0e85958e35f1e4306 338143 libid3tag_0.15.1b.orig.tar.gz
 b542d7d788d754315b0ad1082089e3af065c81c5 189 libid3tag_0.15.1b.orig.tar.gz.asc
 cfc69fd9d4c7ab8ac24ab60c1708277fbb75 11848 
libid3tag_0.15.1b-14.debian.tar.xz
 2c2d0c85d0b6cb55e97555df55e752d4196a01d5 7447 
libid3tag_0.15.1b-14_source.buildinfo
Checksums-Sha256:
 4c5da228039d7156c0e14a02f8982cf8e09f53c41f6236b4e3152567b6550bd1 2076 
libid3tag_0.15.1b-14.dsc
 63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151 338143 
libid3tag_0.15.1b.orig.tar.gz
 57672f4eca6ff78822a6635cd01769766a41c459856bc1ba1f7d10282b7e 189 
libid3tag_0.15.1b.orig.tar.gz.asc
 f174cafe02bef25a9ad8cb7f9ce80119147297a7036f50878e85ac0d7ae09c62 11848 
libid3tag_0.15.1b-14.debian.tar.xz
 479cce5aa2f11a5be655a0dc05655b852c9a61e3a408cc767cbd7a12c6d061fc 7447 
libid3tag_0.15.1b-14_source.buildinfo
Files:
 e45dc3ff6e8d0bca7cc302012dfd08e1 2076 sound optional libid3tag_0.15.1b-14.dsc
 e5808ad997ba32c498803822078748c3 338143 sound optional 
libid3tag_0.15.1b.orig.tar.gz
 930726db1570f84774a434b1e43ac3ad 189 sound optional 
libid3tag_0.15.1b.orig.tar.gz.asc
 c04d20e573ec3855258b5676b8f9620b 11848 sound optional 
libid3tag_0.15.1b-14.debian.tar.xz
 dfe01aacb42dc2de87962bd943b0bf71 7447 sound optional 
libid3tag_0.15.1b-14_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlyFL7gACgkQ48TdzR5M
EkScphAAkRS43Wi0+/71dW7e84zHIfupcK0TKlc+iJnTFI9PCysD8nAvuTlta0Fy
Y4NCn7nTyGkOTwfpPDSsu5p3cJ+IN2JsYmBODB7EHZ85QphyAF0ShENxXNAh5u/g
WzaYsKN6hsuSA9WHDavrDpiYsuvV7a0GK6OJ4M71EIFQXCcq5somWTzC6mX9UpVd
kDIfbUkWG/JHS0N7XmPicWqNubOxXiregRusl6Gq3i9y2vks6zefwmvRPO0ATabu
ZJlHbZWdSgLkUoj11pcFeiCpR5zp8NVLUNbwjhCgMWcaezHMId8Msce4dejGu5qI
6+H8oJZCdLYyWdJZhF3si4Z4VyNIpKU3tBYTQEBiDxmjIq+IstOECTpCa435bMJK
5+gplZxIKU1XJOT6eAUYXk4fPZvvK5U9tPL43NUic4C6qdFVmmfQCjwO66tjdWRi
pTolsr8ZYW4lnTNaX/m2h0ZEY6Om712xJRk78O7VLk5swruOg+O6wYIO8vj5gACe
KzwkE39AhdGj+WkxABLb8Q0OlfGTA2t2/29WBMKh/TrYIpu2psNZ8WgbErr4lDKN
Fe98Tckrs1uWhmiIDVvuxvMaYdtpZE55ZKd/iD1I/U8zC4zr6fiGZKh3eKLP0qxf
2ZdJlAsjkcx2barFv5E+UD5ocyOu1I9+kHyThp6W0ayGhyE1S8Q=
=m/v6
-END PGP SIGNATURE-

Accepted libmad 0.15.1b-10 (source) into unstable

2019-03-10 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 10 Mar 2019 16:42:14 +0100
Source: libmad
Architecture: source
Version: 0.15.1b-10
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Closes: 899582
Changes:
 libmad (0.15.1b-10) unstable; urgency=medium
 .
   * Remove old alioth list as maintainer (Closes: #899582)
   * Remove Sam Clegg from uploaders
   * Add upstream signing key
   * Update watch file to find the signature file
Checksums-Sha1:
 8e691534271d9cb84ae3d5a38fbea10cdb49b523 2009 libmad_0.15.1b-10.dsc
 cac19cd00e1a907f3150cc040ccc077783496d76 502379 libmad_0.15.1b.orig.tar.gz
 24c44ac7c96dca472e7305a7e59f1efd921a3499 189 libmad_0.15.1b.orig.tar.gz.asc
 38785dd8c5945b3e124efdfd72780d5e3624ecaf 18053 libmad_0.15.1b-10.diff.gz
 31f867add06512eacfb45624f94493ad4ab3cd6d 7378 
libmad_0.15.1b-10_source.buildinfo
Checksums-Sha256:
 26f95b62d9ac88835502db837a2963746bb907b53d7d619dc553b270c590c649 2009 
libmad_0.15.1b-10.dsc
 bbfac3ed6bfbc2823d3775ebb931087371e142bb0e9bb1bee51a76a6e0078690 502379 
libmad_0.15.1b.orig.tar.gz
 1059d6d131643a6b6c4a6e1141eb49c8e61f9759835973541140ba0963bd292c 189 
libmad_0.15.1b.orig.tar.gz.asc
 dfeabd5d2398bf902660edc31f87ad40600f0aa732b946f864d8ee6bbf56a99c 18053 
libmad_0.15.1b-10.diff.gz
 6807d6150e9b20c84b3dd823c15de0fb2e69e76947dec5b4ef5c135a9d2ed57f 7378 
libmad_0.15.1b-10_source.buildinfo
Files:
 1a0e80a93da2bbd7b2723605d29affe5 2009 sound optional libmad_0.15.1b-10.dsc
 1be543bc30c56fb6bea1d7bf6a64e66c 502379 sound optional 
libmad_0.15.1b.orig.tar.gz
 5ea85ec8437b340fbea219657fce2e4e 189 sound optional 
libmad_0.15.1b.orig.tar.gz.asc
 e10680dfd7e0cc100d59da70273c5f24 18053 sound optional libmad_0.15.1b-10.diff.gz
 a272a286f59a8e7296573ac458593c4e 7378 sound optional 
libmad_0.15.1b-10_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlyFMXkACgkQ48TdzR5M
EkQowA/+PC2Re5B+390/c4W8TuKh2ArEaJQDPvltHpRZXIY4EwUinr1N7tREjH4q
N6zqPVNqM+704NPLkkPWUjeVLDD3xfsPUwS+vtE+keTlFhfFYauUwQD/UTDICfUc
ZL0KMgYCXGPU/QbFr6ilBEEL+SjONz1HYNjnMMOKJpYgSDa9nkatGy15BE6AlY/a
4jxHPSkgMAiEijg/2LSRrp1LVKl3kJt1KO/L+9sLTNp8dWF2sqjwEc8DOiFvJ0Zx
dvkMJNZY4jG9gDBp7na39zy5pRGNfWKELTZPpNPi+jZHhCEmxL8HoC/T78Lem1/C
6lioXqOn/ZOSMydz7k8UnWqTleCe4z+QWj/I1NlHn9+fA3kEYv+h6PU2cJVeozvv
czPPdt6F9e70ZDwhmipyoYXzumxYvJ/+L/9nD0U5Ri2vwMG0OXhHr5SmG0g75bws
CTMJZIM7u9E3RvHIwAVlrT9bnlEG8g61z+v+4E/SD3UWRQbVP9rlyLMMVuzXPsZX
TLyiDoUKEuftapk6N4eLejw/43EgBH/bbAV3/ziqwuSVBw+cbwW1iKqSH9ia3PVm
xyVwS6quqxWV5Exzn4K4Mi1+t1WK2fDgnLj6UjhGDnDW8XWJnOLd9x9kY5wydn3w
nM6VS1YnpKItNePnqFkhrJwxfFJ2DTPMTIZ3AsZjme8fz9dDpuQ=
=RvaH
-END PGP SIGNATURE-

Accepted madplay 0.15.2b-9 (source) into unstable

2019-03-10 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 10 Mar 2019 16:51:27 +0100
Source: madplay
Architecture: source
Version: 0.15.2b-9
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Changes:
 madplay (0.15.2b-9) unstable; urgency=medium
 .
   * Remove Sam Clegg from uploaders
   * Add upstream signing key
   * Update watch file to find the signature file
Checksums-Sha1:
 a02f055be602804f4a3728a9379260d33980ed7e 2082 madplay_0.15.2b-9.dsc
 29105eb27c1416aa33c8d1ab3404a8e5f0aecd3f 590929 madplay_0.15.2b.orig.tar.gz
 ce84c3f2208a87e04523d1a1de9bff8c47b951b1 174 madplay_0.15.2b.orig.tar.gz.asc
 04d0fa1349116d04c6c316487854008d76aac699 11071 madplay_0.15.2b-9.diff.gz
 41a8db1d85b519ad95c454db5c9e40fda44fbbfc 7578 
madplay_0.15.2b-9_source.buildinfo
Checksums-Sha256:
 28b3b6fbd474c937adafd6816309c20740a95aa9d08dbfd6aacbefddce161b20 2082 
madplay_0.15.2b-9.dsc
 5a79c7516ff7560dffc6a14399a389432bc619c905b13d3b73da22fa65acede0 590929 
madplay_0.15.2b.orig.tar.gz
 c044474e38f03913d10ebb1dc2cda594fe590a2224ce4d4daf422144110839fd 174 
madplay_0.15.2b.orig.tar.gz.asc
 e78f4aaab7f5fafcbebae07f204406003b409e06056b2b5a16dab6beb879817f 11071 
madplay_0.15.2b-9.diff.gz
 ae744ebd387424663b608b0ac530c2cd0ab7ccd7c2d94f94338c2a1cacf7bbe8 7578 
madplay_0.15.2b-9_source.buildinfo
Files:
 4ee60e9b7a88a0b3629f0e3720768e30 2082 sound optional madplay_0.15.2b-9.dsc
 6814b47ceaa99880c754c5195aa1aac1 590929 sound optional 
madplay_0.15.2b.orig.tar.gz
 24169bb01ad4e0b8dc152b7b81b845c5 174 sound optional 
madplay_0.15.2b.orig.tar.gz.asc
 1c5aaeac8a376d8896a8fd1c68f846b8 11071 sound optional madplay_0.15.2b-9.diff.gz
 406060b13eb25627497abebc5196c6c3 7578 sound optional 
madplay_0.15.2b-9_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlyFM04ACgkQ48TdzR5M
EkRY+hAAoy6fZyNJkbk2+3rIIKUjzIlsOamsCfsLAbwtercZ4vg87eqzsAOSk4hd
qZrfj59+iCZYpXWlK5wY15o7vBwOVxO16o538AsbM3Of65MPnWcf9icW+rxjeYOq
SIEC/r34cHnEWfmVs0hGZtXTdDtTSfHBKP6tuhSMwEUpy11HfKR4T1ydkPYKt5km
sO/mVlXk+TR//Uh+cQBfQLroODZSjarL6ypQZJtnQF4+e3zD5IxvDuXNvgr7FSkc
Dk2eUqvqn5bfRSXKjpbtnecAgDF+GDU1zr/dT2GCxGP1o7wezilBin43fAsHvemz
9qMzUvOm3q9vCj7nm8gfVRAQ2xeLDc2pBHCR13ZsBKiNTRw2eEKF6nETC02riygH
cVzusOpB7Q/I0bgGXQNjWGoxy5Vl7DV9WRJ2pyAVptnGLAMtU/35d46aPmav2DgK
iEnH17Mu2ERq2kvwrUoPQldw/+s0TMTO4oySs+POw09pOkzgvmgZpClSbj7revxT
CY43CJfMonkJYKxAX7DDQJ7JBhybsxevVxRkXQkI1TYbl4splNKXTb927tkvU9Dc
TBdwRS4fsS7H2OUQRlzjlXwGJKzDNI5bBjfmJtSTdVpCkcx2eZItOoVZpya6n9MJ
UPvQ1G+hY+3ugjnx8Xx+u7ZaSU22oR2ddi7EQjurmr0q2H63bmY=
=pJ/A
-END PGP SIGNATURE-

Accepted elfutils 0.176-1 (source) into unstable

2019-02-16 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 16 Feb 2019 14:54:50 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.176-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx 
Changed-By: Kurt Roeckx 
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1- library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1 - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1- library to read and write ELF files
Closes: 920909 920910 920911 921880 921881
Changes:
 elfutils (0.176-1) unstable; urgency=medium
 .
   * New upstream release
 - Fixes CVE-2019-7150 (Closes: #920909)
 - Fixes CVE-2019-7149 (Closes: #920910)
 - Fixes CVE-2019-7146 (Closes: #920911)
 - Fixes CVE-2019-7665 (Closes: #921880)
 - Fixes CVE-2019-7664 (Closes: #921881)
 - Fixes CVE-2019-7148
 - Drop 0001-tests-Call-test_cleanup-in-backtrace-subr.sh-check_u.patch,
   applied upstream.
   * Update upstream PGP key to new one
Checksums-Sha1:
 8347e18edde0262f8e14c1c4a41566005f1a4e02 2568 elfutils_0.176-1.dsc
 6511203cae7225ae780501834a7ccd234b14889a 8646075 elfutils_0.176.orig.tar.bz2
 6012c37ad5eeb16add7e5e1f0929c383ce0e00d4 455 elfutils_0.176.orig.tar.bz2.asc
 e90a5ed9fc1ba2e193c5316e487909c2ad29212b 31492 elfutils_0.176-1.debian.tar.xz
 a79a742dcc611e54c9a77a12a2f9f7e9d1e65d40 8044 elfutils_0.176-1_source.buildinfo
Checksums-Sha256:
 04188a6d3e83332d462a6b8f5add8fc5f37e4f95cf5d602ad74b574b6f61fc4f 2568 
elfutils_0.176-1.dsc
 eb5747c371b0af0f71e86215a5ebb88728533c3a104a43d4231963f308cd1023 8646075 
elfutils_0.176.orig.tar.bz2
 51474b579b25fc799de0777e241c83605427d2903f8d28524ef6af42f75931fd 455 
elfutils_0.176.orig.tar.bz2.asc
 f19d4982d9c98be2effac6846db55b67d99f152d52babb83592355e497f7dc71 31492 
elfutils_0.176-1.debian.tar.xz
 095be69b4b1f2594bde92deb58f627bf55a95c62fc5f76a49fc26d5fa87093ac 8044 
elfutils_0.176-1_source.buildinfo
Files:
 c9f86b92d2d6908fa135c359977d9763 2568 libs optional elfutils_0.176-1.dsc
 077e4f49320cad82bf17a997068b1db9 8646075 libs optional 
elfutils_0.176.orig.tar.bz2
 5296badecd902a6bf8fc7eb778cea932 455 libs optional 
elfutils_0.176.orig.tar.bz2.asc
 abe54f8d3ecf21759cc0348c8fdfbbde 31492 libs optional 
elfutils_0.176-1.debian.tar.xz
 6c5ddab71027c325f13b7bc2b4d452ae 8044 libs optional 
elfutils_0.176-1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlxoGGEACgkQ48TdzR5M
EkTF/A//cOTqZVEHRLfdv8eQVYIGbPoEWaMxCLIIvzSvGk7JT7ZhdFRXsuGuu4gM
+lo/5LtgU6MkulhjewJmdRuWWPuqo5KonZZxVoaQ+tm4a37v0KDtV0KM8WPr/Vct
ZcQ4uuSvDf+ONijkJbnApBNRE8mcAJy2pvDt8mM4Nl+1aEcnpENu3U8qBWjCNk07
IYaDfH6y97kF/zhwweYAitJcXlQTkpGW9eiV8xTx3dnmKwtQdGbj+DijCFY3dIES
Q61wtJLSd7SsbfYbVbaPgx6JCbgZTpBCX7oG/nzyNdWfkSjjfP02IYYC9bXfCAB4
QoF841C5KDluTvP2ashHnlHGp66KkJ0kuGw2LNwRUj609S8FUU+7FsGqm3b3ASeu
9pAkU7Za5aIMQNAALDultvkwt32ymf7oXgVgZK7veY9s54Bih8hIoiph8yfTaDDA
JWWIeVXxN4eGcslmmSnO2d8CsS5IwTRLyr6oU+C28RlIJnBxFVelBymUjvbjQalr
yafmYdSxxJQ4PACf3s2tbgTFC8hG8qxNJpHTYx8z2rpOAlcdAlX3yf9E7901snj9
lIfI0oes91CrMOyX9ODhvxHH22btb9DPG+FhrHly/JkOTxzo+4ARrSwHPN/IoYbq
AX9xSXXifhFuWg7hmJfljw5Rh1s1hqU3bEcOWAu5yNIkHGvNoO4=
=wNMi
-END PGP SIGNATURE-

Accepted openssl 1.1.1b-2 (source) into unstable

2019-04-16 Thread Kurt Roeckx

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 16 Apr 2019 21:31:11 +0200
Source: openssl
Architecture: source
Version: 1.1.1b-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team 
Changed-By: Kurt Roeckx 
Closes: 923516 926315
Changes:
 openssl (1.1.1b-2) unstable; urgency=medium
 .
   * Fix BUF_MEM regression (Closes: #923516)
   * Fix error when config can't be opened (Closes: #926315)
   * Ship an openssl.cnf in libssl1.1-udeb.dirs
Checksums-Sha1:
 b188b210cd0138d919ca730ad7cb7dc253f1d436 2614 openssl_1.1.1b-2.dsc
 f74b62e6645be8db6c3f7a9e95a6f904f5be4292 87392 openssl_1.1.1b-2.debian.tar.xz
 d05412d063d01c067414bdf3b8840d1dd992b733 6983 openssl_1.1.1b-2_source.buildinfo
Checksums-Sha256:
 4596cc5147ce07cc9504c2ed65076f1556ced9b31c3d035b049035af0e72f6b4 2614 
openssl_1.1.1b-2.dsc
 2f29be77334f597dd0ffc59be036fe5ae9e01c760b38e1fbe92197eae6d90752 87392 
openssl_1.1.1b-2.debian.tar.xz
 2655e4cf5fa3f072d3c51a14471e531ff19e70cc790797059aca0532a44e07a3 6983 
openssl_1.1.1b-2_source.buildinfo
Files:
 603c59d73fa9eaf266b704b4b2a09e3f 2614 utils optional openssl_1.1.1b-2.dsc
 2ffa90b8210c33157e9e63ca8a3c2dd2 87392 utils optional 
openssl_1.1.1b-2.debian.tar.xz
 47c925025f3c51d635abb5f3516a76b8 6983 utils optional 
openssl_1.1.1b-2_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAly2Nq4ACgkQ48TdzR5M
EkQoyhAAs7tBfAz73ltpdNzdmsRiFbG21aDwNbI0bWyXBYEOxSHSla59gd4aE3Iy
pKAFr8R8vwJ7qKGR2S/L9Y+47KQbDWvCBTr/4PYRWgS7BjAw65PgvLX5IWBuHONR
UcAnc2SvvD2q4+876ybeo2HNh8KI6ciTIJcb9H6wced9fdEWicZ6KYZCJIjz99i0
WPCAVbw6B+LlN+fvO05TN3bPauqmLm0XAT9dNsh7k8m2FBhu9KY3x3/5KzkXHDjO
cm7AGCINNEF9u8WDJuKDM/kMpFR+wVeZSHEdm2PQj+kdCteBBcx5AyW2EyhANAf0
XsORI3NUn+8UxTpGxEnCa/Pn4wigzZZEBZASZMjmHz2IUsbIW0wkfVFsn4s9ZXZY
nmYLhoSMbi9/ug1BweZAKr9O/+c/emISS0eTVqTu8iUrtyVmE7sD0Fg/Fxo3kGu/
ztLmh4nIJo4tTMIfESup57M12ammkNrGl+obVDJthnFRKf9dzyNC/kaivdVCPBiE
+iWks7XXd56XN+Y1gF3V3FCh0hVwfLPtAy8j7HDI87oerlodP6ZKcV0T9WQvT97p
jvm/0UpDK1S1Gmo3PARyCcInT1yR9ciiRARVBy+xdIdzIxKvqaze1myQJesfDgax
HcaAEaopLBUhNC8BKkaZ+J2MpEj9JSoi3QnBRolm5VgiVc7B+Po=
=lwuV
-END PGP SIGNATURE-

Re: https://tracker.debian.org/pkg/dballe

2019-12-30 Thread Kurt Roeckx

On Mon, Dec 30, 2019 at 02:52:54AM +, Paul Wise wrote:
> On Sun, Dec 29, 2019 at 1:29 PM Roberto C. Sánchez wrote:
> 
> > Would it not be possible to eliminate the need for the second
> > unnecessary upload by requiring two signed .changes files to go into
> > NEW?  A signed binary changes which would form the basis of the FTP
> > master review and a signed source changes to enter the archive if the
> > package is approved?
> 
> Another approach is to simply have dak discard binaries from all
> sourceful uploads (in dak parlance that means .changes files that have
> a .dsc) (and save them to an audit directory). The buildds currently
> only produce non-sourceful uploads so all their binaries get accepted
> fine. For bootstrap scenarios, maintainers can just do an additional
> binary-only upload. See the patches myself/ivodd posted recently for a
> work in progress on this.

Is it .deb and .changes file that you would move?

Note that the name of the .changes file by the maintainer and the
buildd will be the same, and dak will reject it if that .changes
file already exists.


Kurt

Re: https://tracker.debian.org/pkg/dballe

2019-12-30 Thread Kurt Roeckx

On Mon, Dec 30, 2019 at 01:39:14PM +0100, Mattia Rizzolo wrote:
> On Mon, Dec 30, 2019 at 11:29:52AM +0100, Kurt Roeckx wrote:
> > Note that the name of the .changes file by the maintainer and the
> > buildd will be the same, and dak will reject it if that .changes
> > file already exists.
> 
> That's true only in case of policy queues nowadays.

What is a policy queue?

All the recent rejects I get seems to be stable/security uploads.


Kurt

Re: New service: https://debuginfod.debian.net

2021-02-27 Thread Kurt Roeckx

On Thu, Feb 25, 2021 at 03:55:17PM -0500, Sergio Durigan Junior wrote:
> As I said in the announcement message, I have proposed a Merge Request
> against elfutils in order to enable the automatic usage of our
> debuginfod server.  I know that there are people who are not comfortable
> with having a debugger consult a remote server "behind their backs", so
> a possible mitigation to this issue would be to have a debconf question
> asking whether the user wants to enable system-wide debuginfod usage or
> not.

The other option is that the application asks before downloading
each time.


Kurt

Re: Naming of non-uploading DDs (Was: GR: welcome non-packaging contributors as Debian project members)

2010-09-18 Thread Secretary - Kurt Roeckx

On Sat, Sep 18, 2010 at 11:40:07AM +0200, Stefano Zacchiroli wrote:
 
 I'm hereby introducing two changes:
 
 a) dropping the name Debian Contributor
(attachment 0001-remove-the-term-Debian-Contributor.patch)
 
 b) fixing punctuation as suggested by Kumar Appaiah [1], thanks!
(attachment 0002-Add-punctuation-and-fix-some-pronouns.patch)
 
 The text applying both patches is attached as well (attachment
 debian-contributors.txt). Everything has been pushed to [2].
 
 I believe (b) falls for sure under §A.1.6.
 
 I believe that also (a) falls under §A.1.6, but it's your call.
 *If* you disagree with that interpretation, I hereby formally introduce
 it as an amendment and, as the GR proposer, I hereby also accept it.

I believe the text has the same intentions as the orignal, but
that it does alter the meaning.  Which means I'm resetting the
discussion period.

It would be nice that people could confirm that they have
no problem with this changed text so that there is no doubt that
this text has enough seconds.


Kurt



signature.asc
Description: Digital signature

< 3 4 5 6 7 8

701 - 758 of 758 matches

Mail list logo