Your message dated Wed, 05 Oct 2011 17:47:40 +0000
with message-id <e1rbvze-0003ej...@franck.debian.org>
and subject line Bug#644189: fixed in libcrypt-dsa-perl 1.17-3
has caused the Debian Bug report #644189,
regarding libcrypt-dsa-perl: signing leaks secret key on systems
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
644189: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644189
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libcrypt-dsa-perl
Version: 1.17-1
Severity: wishlist
Hi,
IMHO the package has an unneccesary dependency on Data::Random.
Crypt::DSA's Makefile.PL states:
requires 'Data::Random' => '0.05' if win32;
Obviously my system isn't windows ;-)
I checked the code, and AFAICS Data::Random is only necessary if the system
does not have a /dev/random.
Is this the case for any of the kernels that Debian works on?
If yes, would it b possible to add the dependency on Data::Random only for
these kernels?
Thanks in advance for giving it a thought &
also thanks for maintaining Crypt::DSA in Debian
Peter
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libcrypt-dsa-perl depends on:
ii libconvert-asn1-perl 0.22-2
ii libconvert-pem-perl 0.08-1
ii libdata-buffer-perl 0.04-1.1
ii libfile-which-perl 1.08-1
ii perl 5.12.4-4
ii perl-modules [libfile-spec-perl] 5.12.4-4
Versions of packages libcrypt-dsa-perl recommends:
ii libdata-random-perl 0.05-4
ii libmath-bigint-gmp-perl 1.37-1
libcrypt-dsa-perl suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libcrypt-dsa-perl
Source-Version: 1.17-3
We believe that the bug you reported is fixed in the latest version of
libcrypt-dsa-perl, which is due to be installed in the Debian FTP archive:
libcrypt-dsa-perl_1.17-3.debian.tar.gz
to main/libc/libcrypt-dsa-perl/libcrypt-dsa-perl_1.17-3.debian.tar.gz
libcrypt-dsa-perl_1.17-3.dsc
to main/libc/libcrypt-dsa-perl/libcrypt-dsa-perl_1.17-3.dsc
libcrypt-dsa-perl_1.17-3_all.deb
to main/libc/libcrypt-dsa-perl/libcrypt-dsa-perl_1.17-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Harlan Lieberman-Berg <h.liebermanb...@gmail.com> (supplier of updated
libcrypt-dsa-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 03 Oct 2011 14:39:15 -0400
Source: libcrypt-dsa-perl
Binary: libcrypt-dsa-perl
Architecture: source all
Version: 1.17-3
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Harlan Lieberman-Berg <h.liebermanb...@gmail.com>
Description:
libcrypt-dsa-perl - Perl module for DSA Signatures and Key Generation
Closes: 644189
Changes:
libcrypt-dsa-perl (1.17-3) unstable; urgency=low
.
* Team upload.
* Add patch to remove fallback to Data::Random (Closes: #644189).
Checksums-Sha1:
3e2234ed9d78bb56030df46e070ec9f3c6359e62 2203 libcrypt-dsa-perl_1.17-3.dsc
c6f233d280e5fe5a310e25edcd3f8ef436f79159 2441
libcrypt-dsa-perl_1.17-3.debian.tar.gz
7c0103589c31f0e643473fbdd7d3edef4973da3a 34648 libcrypt-dsa-perl_1.17-3_all.deb
Checksums-Sha256:
1b957388ee17ab260ba4ed770aa5a2bed074af6dcb8cba7aeca92cfb12d7242a 2203
libcrypt-dsa-perl_1.17-3.dsc
a2291829b1d0883964b1f456e2b2e4b2655f28b661e55976f389bf1be3b0a34e 2441
libcrypt-dsa-perl_1.17-3.debian.tar.gz
8a963f0912f314d5ba01956410cd4f48466a1ca1cfcbcd980c0e664ed1802585 34648
libcrypt-dsa-perl_1.17-3_all.deb
Files:
aac3d0b7095f362aee414af73c622789 2203 perl optional
libcrypt-dsa-perl_1.17-3.dsc
037830c436dc94b5f012b1204e151b29 2441 perl optional
libcrypt-dsa-perl_1.17-3.debian.tar.gz
2b32bfe72a1d214e9c29e5cd3c2ab4fc 34648 perl optional
libcrypt-dsa-perl_1.17-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOjJczAAoJELs6aAGGSaoGL7QP/2MX/N/AECFGMGhn8BkcQPSQ
5l/lgRmObv9Ytn+Hty0qGh9M2GIcC+3sC1Uozwtx7uIsfKUqCfXPZ4Vu4epEz2cu
rmxwl44jJPzeqvxkTbWxWc+hE1r2PBi6Y/ZnF9DAeamM5UdTvxHvl1dk0pkKzN7y
tV33ElxQNn5TbZ3om+ogD6RHCaSYQLLNocIcHbgO4IHUgaHGYG+g73VhGKK1pJsQ
wYHQk+PAjMOGlcaxn3Xz07SquJXmCKpjL4Dj2Ss2fwqLYr27QiN9TyH2pNl7WA7F
iCwYmkTKyqIGeStkhMjCeesHrOtjjq0SwKIM+OXbR81Mo+1AKKtY2XmHJ8ACRUaN
Z1/EfaM03XA39fz00+ITOqaLMMNgk8DMXbz6v4xVPL6RD8RR10xZB2YYp200Tir2
E8tJa8RM+blPrqQRQRpJ/tDxnUePwIFDAJv+lR5tkrm8m/dMkIx9OPPfHPmcTJek
Iy2iJyCW14zGdCLPlVeABNELcEdMseerz9B3zRsD/qwuTWevqxpf0HEU7kOpymiS
n+KM7b4vnyuCmF4sk+SC14MXVK203wF+6OChJD0q73jE8BNSQxp85Rq7mOu73ZGo
iAD5fWDXVhgrDEgXcu5vOsZslg0YXIFVuuCj7RslLQ3veYloy0mq6orKa1Pqy2nl
5te+gljno1xqoVNmHeWR
=wZgX
-----END PGP SIGNATURE-----
--- End Message ---
