Bug#643703: marked as done (asterisk: SHA-1 code is doesn't allow modification)

Sun, 18 Mar 2012 00:21:37 -0700 

Your message dated Sun, 18 Mar 2012 07:17:42 +0000
with message-id <e1s9an4-0000yg...@franck.debian.org>
and subject line Bug#643703: fixed in asterisk 1:1.8.10.0~dfsg-1
has caused the Debian Bug report #643703,
regarding asterisk: SHA-1 code is doesn't allow modification
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
643703: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643703
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: asterisk
Version: 1:1.6.2.9-2+squeeze3
Severity: serious
Tags: upstream
Justification: Policy 2.1.3
User: gnewsense-...@nongnu.org
Usertags: gnewsense libreplanet

File main/sha1.c has this license notice:

 *  This document and translations of it may be copied and furnished to
 *  others, and derivative works that comment on or otherwise explain it
 *  or assist in its implementation may be prepared, copied, published
 *  and distributed, in whole or in part, without restriction of any
 *  kind, provided that the above copyright notice and this paragraph are
 *  included on all such copies and derivative works.  However, this
 *  document itself may not be modified in any way, such as by removing
 *  the copyright notice or references to the Internet Society or other
 *  Internet organizations, except as needed for the purpose of
 *  developing Internet standards in which case the procedures for
 *  copyrights defined in the Internet Standards process must be
 *  followed, or as required to translate it into languages other than
 *  English.

To my understanding that means you can extend, but not modify the text/
code in this file. This violates DFSG.

It looks like this code was copied straight from RFC 3174. I found a
discussion [2] on debian-legal from a few years back that says that
RFC texts are non-free (except for the first 1000 or so). A summary
about copyright on RFC Editor [3] says that derivative works are
allowed, but doesn't go into detail.

[1] http://www.rfc-editor.org/rfc/rfc3174.txt
[2] http://lists.debian.org/debian-legal/2006/04/msg00223.html
[3] http://www.rfc-editor.org/copyright.17Feb04.html

-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: asterisk
Source-Version: 1:1.8.10.0~dfsg-1

We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive:

asterisk-config_1.8.10.0~dfsg-1_all.deb
  to main/a/asterisk/asterisk-config_1.8.10.0~dfsg-1_all.deb
asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb
asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb
asterisk-dev_1.8.10.0~dfsg-1_all.deb
  to main/a/asterisk/asterisk-dev_1.8.10.0~dfsg-1_all.deb
asterisk-doc_1.8.10.0~dfsg-1_all.deb
  to main/a/asterisk/asterisk-doc_1.8.10.0~dfsg-1_all.deb
asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb
asterisk-modules_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-modules_1.8.10.0~dfsg-1_amd64.deb
asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb
asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb
asterisk-ooh323_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-ooh323_1.8.10.0~dfsg-1_amd64.deb
asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb
asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb
asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb
asterisk_1.8.10.0~dfsg-1.debian.tar.gz
  to main/a/asterisk/asterisk_1.8.10.0~dfsg-1.debian.tar.gz
asterisk_1.8.10.0~dfsg-1.dsc
  to main/a/asterisk/asterisk_1.8.10.0~dfsg-1.dsc
asterisk_1.8.10.0~dfsg-1_amd64.deb
  to main/a/asterisk/asterisk_1.8.10.0~dfsg-1_amd64.deb
asterisk_1.8.10.0~dfsg.orig.tar.gz
  to main/a/asterisk/asterisk_1.8.10.0~dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 643...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Purcell <m...@debian.org> (supplier of updated asterisk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 18 Mar 2012 16:47:35 +1100
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail 
asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 
asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev 
asterisk-dbg asterisk-config
Architecture: source all amd64
Version: 1:1.8.10.0~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
Changed-By: Mark Purcell <m...@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the 
Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the 
Asterisk PBX
Closes: 402991 481702 531759 542741 577686 610811 612147 632518 643703 660240 
661974 663998 664086 664411
Changes: 
 asterisk (1:1.8.10.0~dfsg-1) unstable; urgency=low
 .
   [ Tzafrir Cohen ]
   * New upstrean release.
   * Build-depend on sqlite3 as well (Closes: #531759).
 .
   [ Paul Belanger ]
   * debian/patch/chan_iax2-detach-thread-on-non-stop-exit:
     - Dropped; merged upstream
 .
   [ Mark Purcell ]
   * New Release:
     - Fixes "SHA-1 code is doesn't allow modification" (Closes: #643703)
     - Fixes "[CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and
     AST-2012-003 flaws" (Closes: #664411)
     - Fixes "Placing calls on hold fails with some IP phones" (Closes: #632518)
     - Fixes "Pass the correct value to ast_timer_set_rate() for IAX2
     trunking." (Closes: #661974)
     - Fixes "Call quality on IAX significantly worse than SIP" (Closes: 
#481702)
     - Fixes "New upstream release: 1.8.2.2" (Closes: #610811)
     - Fixes "asterisk german number pronunciation" (Closes: #402991)
     - Fixes "Why using version 1.6.2.9 - it's not LTS" (Closes: #612147)
     - Fixes "SRTP/ZRTP support for Asterisk" (Closes: #577686)
     - Fixes "fails to register SIP channels on ARM"  (Closes: #660240)
   * Fix "Planned gmime 2.4 removal" Updated Build-Depends: (Closes: #663998)
   * export CFLAGS LDFLAGS
     - Fixes "Hardening flags missing for menuselect" (Closes: #664086)
     - Fixes "enable hardening options" (Closes: #542741)
Checksums-Sha1: 
 be233aba0b6a45069d7cf71a1ba046d805eb4920 2997 asterisk_1.8.10.0~dfsg-1.dsc
 c2b3fcc7ae8572f64178557fd9af02142189fd70 7747334 
asterisk_1.8.10.0~dfsg.orig.tar.gz
 f5d292bc061411637678144bdb71d235aa6b051a 348661 
asterisk_1.8.10.0~dfsg-1.debian.tar.gz
 e2b785412342fe19624283dca4e23b32ce9d968d 1954614 
asterisk-doc_1.8.10.0~dfsg-1_all.deb
 59e1be58d5896b28d68ff9087b978f63bd26255e 918532 
asterisk-dev_1.8.10.0~dfsg-1_all.deb
 a03608d0b91f41569cf9df7d07ac67a276d6410e 969774 
asterisk-config_1.8.10.0~dfsg-1_all.deb
 aa73d3be7f69aef05182651fdc62fd41ead52fe0 1713248 
asterisk_1.8.10.0~dfsg-1_amd64.deb
 2cf40492210cb39b0d68dcc3bfbb4bf9b7ccad03 2785926 
asterisk-modules_1.8.10.0~dfsg-1_amd64.deb
 b99a368f59331cf5360738e3347b49a5738a8fbb 876612 
asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb
 a103cbaef98c4f2baf2e48c5d27fb17252947413 653348 
asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb
 b74a145fe04cec6e64e405c3f8e43e7e3f7edccb 668776 
asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb
 5af85a6f72045a1ec40862eef5d35ea0a0459567 659368 
asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb
 0f966200edbe645048e11bed999e6a9c5375697b 999460 
asterisk-ooh323_1.8.10.0~dfsg-1_amd64.deb
 c9c84fee2cc71c93cb912f00abb62bab8707d247 595280 
asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb
 da501021605c860a51208388a6e143f332391da5 619478 
asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb
 deea35a0b189021512233a9218250f33043377bd 608376 
asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb
 1e37586250414981cd033e39258d43bb7821460b 29393664 
asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb
Checksums-Sha256: 
 055c98ea823df7bda9f05716590da227bae2773572a6f50d76e5386cf6e33281 2997 
asterisk_1.8.10.0~dfsg-1.dsc
 e50f83a31ae6c3915b6694c3b919c7fc53f9399cb229e83b6e5f81c2f6acf8dc 7747334 
asterisk_1.8.10.0~dfsg.orig.tar.gz
 f4ceb37a073f659a6d3a71a4cc63f5df41277ec07211dbda87c65ffed52f1fd1 348661 
asterisk_1.8.10.0~dfsg-1.debian.tar.gz
 af42dfc7e9f8834b9076d1f9e302431d27318a9c62c926daf61b5aa8897ba578 1954614 
asterisk-doc_1.8.10.0~dfsg-1_all.deb
 41f347c395c20e1a508c476e2382781ad3777e1facc3b005ccfbba1cb387dfdb 918532 
asterisk-dev_1.8.10.0~dfsg-1_all.deb
 bc1ece02937776ae6148863ca5713bff7754b32b4bc9632d2511c33d7b88d4c1 969774 
asterisk-config_1.8.10.0~dfsg-1_all.deb
 511e7228f0b5b9c0919692423f504debb3607bd31ee472625cd6422cd3f8d84e 1713248 
asterisk_1.8.10.0~dfsg-1_amd64.deb
 45b08e0ea49d073991a8f025d183f345688e209685451fb97977b11ff1f1d89a 2785926 
asterisk-modules_1.8.10.0~dfsg-1_amd64.deb
 9bbb4be1c9a1fe35c4ca35741071b695ed44853a48b3d4abaaf8207c6e421f2f 876612 
asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb
 21c545bd483dd4bd8c48fb9e78154771bfa81953be89f882d9a78e3fb937050d 653348 
asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb
 643c3450285d00cafbba695e09b9e083d44c2f0b44bb80e7a11136db7ec8910d 668776 
asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb
 b388beba43059ab0949db1a1f3e436b75ffea8507a2bb83ddfaca3bc14c0b8ce 659368 
asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb
 44d120042d79e347f75a4db169472a35533a91f2013c147d5f9a28cfc8863157 999460 
asterisk-ooh323_1.8.10.0~dfsg-1_amd64.deb
 21245dab1d1fded03bff37604f981638a5a92cf39dbbafc8d9b78eaeba97fbbc 595280 
asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb
 42d537ad8ffeabf15c9a6fe8d32515369c25a1d93167e62dba8ae2b78fda6e8c 619478 
asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb
 5a7cdd23c1cdc32016495265ca1b03bf266bd00e772f9854940cdc7d6b9eb00a 608376 
asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb
 3786b85ecec168d7795f34d6255295eeb9ffa2c72262275b933602bf31eab00e 29393664 
asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb
Files: 
 2d8618299412698e2daee79787433115 2997 comm optional 
asterisk_1.8.10.0~dfsg-1.dsc
 f2b0546cce25a91ebeb76c552e60aa85 7747334 comm optional 
asterisk_1.8.10.0~dfsg.orig.tar.gz
 a699bd24129a3118ddfcccbc0d223681 348661 comm optional 
asterisk_1.8.10.0~dfsg-1.debian.tar.gz
 1c6d3b06e7ceab68062a26eae85a2978 1954614 doc extra 
asterisk-doc_1.8.10.0~dfsg-1_all.deb
 bbde718305160cecb03274e64d931c91 918532 devel extra 
asterisk-dev_1.8.10.0~dfsg-1_all.deb
 8b065bcdecd98e7e28859792dc166825 969774 comm optional 
asterisk-config_1.8.10.0~dfsg-1_all.deb
 41dab9aea5c7afd786b66be47153cd4f 1713248 comm optional 
asterisk_1.8.10.0~dfsg-1_amd64.deb
 fd1b58d8774f1c6841c5bf4b1d760606 2785926 libs optional 
asterisk-modules_1.8.10.0~dfsg-1_amd64.deb
 0a0c958d3f44a2403dda1cb5f35a2a5d 876612 comm optional 
asterisk-dahdi_1.8.10.0~dfsg-1_amd64.deb
 5bdefe0cd0cb48c924f5d91c4ae24fc5 653348 comm optional 
asterisk-voicemail_1.8.10.0~dfsg-1_amd64.deb
 7b5963858e40908550aeb81f19c5f8ba 668776 comm optional 
asterisk-voicemail-imapstorage_1.8.10.0~dfsg-1_amd64.deb
 1770002373c9370dbfaa77e9a55d3fda 659368 comm optional 
asterisk-voicemail-odbcstorage_1.8.10.0~dfsg-1_amd64.deb
 9dd57ea1bc9b0bdd37cfc5aa58c74395 999460 comm optional 
asterisk-ooh323_1.8.10.0~dfsg-1_amd64.deb
 9f37426382a7de8034b45cd867e4415b 595280 comm optional 
asterisk-mp3_1.8.10.0~dfsg-1_amd64.deb
 89a89ca0ea76cd78eadeca53b355b7ed 619478 comm optional 
asterisk-mysql_1.8.10.0~dfsg-1_amd64.deb
 b54d8ee2fa3ad2145d23d8c4e937588a 608376 comm optional 
asterisk-mobile_1.8.10.0~dfsg-1_amd64.deb
 a61a9f168c75efba058e57912133d361 29393664 debug extra 
asterisk-dbg_1.8.10.0~dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk9lhFIACgkQoCzanz0IthKpFACdErTExK1rMv7wtgTqRxiYnepr
Y4wAn2e8O0ICBveqYGFe3UtMfaJwqzzd
=9E42
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to