Re: tomb: RC bug fixed, please review and upload

2019-03-14 Thread Sven Geuer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thursday 14.03.2019, 22:38 +0100 Raphael Hertzog wrote:
> 
> Unfortunately we're now in deep freeze and we should only upload
> mimimal set of changes. You have made more changes than just adding
> the missing recommends/suggests so the package can't go
> to buster. It could be uploaded to unstable but it would not be
> unblocked
> for testing/buster. Furthermore, I believe that #924042 is not
> really release critical and I demoted it to important.
> 
> The release team prefers that we don't upload to unstable packages
> that
> can't go into buster so that any future RC bugfix that we have to
> handle
> can be handled through unstable.

Understood. I also doubted it being a real RC bug. Thank you, Raphaël.

Cheers,
Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAlyK1yIACgkQrfUO2vit
1YVghw/9EpFZXwH2KCSke+et0j+Eqs/hXbb5RUm82dvV6NfH4zpK+4wOBgAvjZtn
5QGmnZ4292vw0YIusZDTL11QNMNBgbzWsU8yG+jlTbhe8eNTQoZZeR7yHeOiJcff
zzUGJQtVMIbegfo6L+b3ZfBsH7jEVEFzd3eGOf41hRYwUClUOO2ozdR/hGoTFHxF
x49bP5TUcq7jGRU4nGdda04N8llTRYMXmxaGQ8jNUjffNTwMfTc+8yUPkG6RnoNj
TFBAg1/EnrAvC6gmk8+J9zhdZLHzShNoehLSug/widc29/0Drje9GIBfk5VbV237
STfgXMRfs5z355bkgN6i7YerNX9XxTuBw8EEipQE+KNKh5l+NRyCDkb7A7eYfZIt
R47RuzPPEVJOAvLFt1hhLmCM319CpgWb/Amm3N2W0fO+VR3aSHMLIkj5xjofuZo3
pR+Ycm81FFRabXJIROjWzKQGE9/YOfr3WeOWeHSSoT2YlOPxTKoMZaeBQWjrHnay
5c+jsdlI5lRiHoWaIaRA+Gb4vLpb8ofhN16UlLVtgl6nBCMQOhLqYDv66U9oj3Qo
/URU7+SrcNcfmicwU7dAii7474VR07TiMDHdrzLHyalrVh3CUZkvBw/c0s0tzpM9
ZnuGbZ2f3zrQkdVjxwU+ulPUzOAFvsTqClGPil8iIIYjU0HVer8=
=ALVs
-END PGP SIGNATURE-

Re: tomb: RC bug fixed, please review and upload

2019-03-14 Thread Raphael Hertzog 
Hello Sven,

On Sun, 10 Mar 2019, Sven Geuer wrote:
> I fixed bug #924042 in tomb [1]. Please review and upload.

Unfortunately we're now in deep freeze and we should only upload
mimimal set of changes. You have made more changes than just adding
the missing recommends/suggests so the package can't go
to buster. It could be uploaded to unstable but it would not be unblocked
for testing/buster. Furthermore, I believe that #924042 is not
really release critical and I demoted it to important.

The release team prefers that we don't upload to unstable packages that
can't go into buster so that any future RC bugfix that we have to handle
can be handled through unstable.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Re: tomb: RC bug fixed, please review and upload

2019-03-13 Thread Sven Geuer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Team,

is there still a chance to get this into buster?

Can someone please review and upload the fix?

Sven

On Sunday, 10.03.2019, 12:57 +0100 Sven Geuer wrote:
> Hello Team,
> 
> I fixed bug #924042 in tomb [1]. Please review and upload.
> 
> Cheers,
> Sven 
> 
> [1] https://salsa.debian.org/pkg-security-team/tomb
> 
> On Friday, 08.03.2019, 20:34 +0100 Axel Beckert wrote:
> > Package: tomb
> > Version: 2.5+dfsg1-2
> > Severity: serious
> > 
> > tomb's exhume subcommand calls steghide:
> > 
> > ~ → tomb exhume /tmp/example.jpg
> > tomb [E] Steghide not installed: cannot exhume keys from images.
> > ~ → dgrep steghide tomb
> > /usr/bin/tomb:  _deps=(gettext dcfldd shred steghide)
> > /usr/bin/tomb:  # Check for steghide
> > /usr/bin/tomb:  command -v steghide 1>/dev/null 2>/dev/null ||
> > STEGHIDE=0
> > /usr/bin/tomb:# Requires steghide(1) to be installed
> > /usr/bin/tomb:  | steghide embed --embedfile - --coverfile
> > ${imagefile} \
> > /usr/bin/tomb:  _warning "Encoding error: steghide reports
> > problems."
> > /usr/bin/tomb:  TOMBKEY=$(steghide extract -sf $imagefile
> > -p
> > $tombpass -xf -)
> > /usr/bin/tomb:  steghide extract -sf $imagefile -p ${tombpass} -xf
> > $destkey
> > 
> > But steghide is neither in a Recommends or Suggests header.
> > 
> > And when looking at that grep output above, it becomes clear that
> > there
> > are even more optional dependencies missing. Citing from tomb's
> > source
> > code:
> > 
> > _list_optional_tools() {
> > typeset -a _deps
> > _deps=(gettext dcfldd shred steghide)
> > _deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv
> > lsof)
> > for d in $_deps; do
> > _print "`which $d`"
> > done
> > return 0
> > }
> > 
> > So the following packages are missing in tomb's package relations.
> > I
> > leave the package maintainers to decide, which of them go into
> > Suggests
> > and which into Recommends:
> > 
> > * gettext-base: /usr/bin/gettext
> > * dcfldd: /usr/bin/dcfldd
> > * steghide: /usr/bin/steghide
> > * qrencode: /usr/bin/qrencode
> > * unoconv: /usr/bin/unoconv
> > * lsof: /usr/bin/lsof
> > * swish-e: /usr/bin/swish-e
> > 
> > Will file a separate bug report for the missing tomb-kdb-pbkdf2
> > binary.
> > 
> > -- System Information:
> > Debian Release: buster/sid
> >   APT prefers unstable
> >   APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-
> > debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1,
> > 'experimental-debug'), (1, 'buildd-experimental')
> > Architecture: amd64 (x86_64)
> > 
> > Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
> > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8),
> > LANGUAGE=C.UTF-8 (charmap=UTF-8)
> > Shell: /bin/sh linked to /bin/dash
> > Init: sysvinit (via /sbin/init)
> > LSM: AppArmor: enabled
> > 
> > Versions of packages tomb depends on:
> > ii  cryptsetup-bin  2:2.1.0-2
> > ii  e2fsprogs   1.44.6-1
> > ii  gnupg   2.2.13-1
> > ii  pinentry-curses [pinentry]  1.1.0-1+b1
> > ii  pinentry-fltk [pinentry]1.1.0-1+b1
> > ii  pinentry-gnome3 [pinentry]  1.1.0-1+b1
> > ii  pinentry-gtk2 [pinentry]1.1.0-1+b1
> > ii  pinentry-qt [pinentry]  1.1.0-1+b1
> > ii  pinentry-tty [pinentry] 1.1.0-1+b1
> > ii  sudo1.8.27-1
> > ii  zsh 5.7.1-1
> > 
> > tomb recommends no packages.
> > 
> > tomb suggests no packages.
> > 
> > -- no debconf information
> > 
> > 
> 
> 
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAlyJT9oACgkQrfUO2vit
1YVbcw//cXdjsN2+pojZGQphu41iwbx2NMwnKqyexRksYFL/M/DJXQVdv7GUsvG7
4iJXvrIP6MF29u+2DJ78lidr96BPdSC0Kx/IVmBJjVAHpB7qVF7/WQCZ9DKHnmxV
v920cp/gvTIecNHEPJ7/cn9rQOnS+7MZjFhY4/KJ7ONZ07GWq3quVj87F1i3T3N9
OuUKh7dovlGAreNQTxuvJlOLnhA0nV8LoU9vc6tapLAGbxQSoJHRVr/sIJE0xQz2
duns5CMiBAcVJXW7GjXKEMGb+0OhRRRW0pQWnJl7Zrtex9UXhvXoJXkNJ07DFl8a
Kv6vTrn5ssMAfwHCm3eTs037BTv7Jom6/m74cmOtHp0eQMQ7DwJnpAyQOMaypluJ
wvRKhQrvQq7TaSP3zRxHBxaOuOdNoFgC4gQw/xMwph4MgsPBAbSbgLZKQ21qBRbx
4v1fKFFtSQTxmnl6fv26HcSzUvRb/cPH7FsML8iNYMk+JADH+cieZ//9qgTAejki
7QjwlyniyaVZS9988MWlY8JCFelzFvi8D31B0ci/XpGyiHEtRH9Szp094H7mGzzB
OHJ7DPaKF5crNwVPfmSqAnhyWEMFPS7UChSuDbRP7ElV4Fz9AHRfzl5G13S9HtHw
qmEQNXk5x853vcmNyhALtfKR7ntfplNo5YY4b/UeMdWZF3hkvYU=
=FKTr
-END PGP SIGNATURE-