Your message dated Sun, 05 Mar 2017 11:33:53 +0000 with message-id <e1ckuqd-0003pu...@fasolo.debian.org> and subject line Bug#856210: fixed in libdebian-installer 0.109 has caused the Debian Bug report #856210, regarding libdebian-installer: please parse SHA256 field and add it to di_* structs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 856210: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856210 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libdebian-installer Version: 0.108 Severity: serious Tags: security X-Debbugs-Cc: secur...@debian.org User: debian-rele...@lists.debian.org Usertags: bsp-2017-02-de-Berlin Hi, The 'etch' release (2007) added to the Release file, a field for SHA256 sums to authenticate Packages files. But to date, libdebian-installer does not parse it, so anna (which fetches .udeb installer component) and cdebootstrap (which fetches .deb base system packages) can not yet verify the SHA256 sums. http://sources.debian.net/src/libdebian-installer/0.108/include/debian-installer/release.h/#L43 http://sources.debian.net/src/libdebian-installer/0.108/include/debian-installer/release.h/#L58 http://sources.debian.net/src/libdebian-installer/0.108/include/debian-installer/package.h/#L115 Further context and an overview of related bugs will be published at: https://wiki.debian.org/InstallerDebacle This bug is not itself RC, but it will be a blocking issue for RC bugs I'm about to file. I intend to submit a patch for this shortly. Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: libdebian-installer Source-Version: 0.109 We believe that the bug you reported is fixed in the latest version of libdebian-installer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 856...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Blank <wa...@debian.org> (supplier of updated libdebian-installer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 05 Mar 2017 11:02:27 +0000 Source: libdebian-installer Binary: libdebian-installer4 libdebian-installer4-dev libdebian-installer4-udeb libdebian-installer-extra4 libdebian-installer-extra4-udeb Architecture: source Version: 0.109 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team <debian-b...@lists.debian.org> Changed-By: Bastian Blank <wa...@debian.org> Description: libdebian-installer-extra4 - Library of some extra debian-installer functions libdebian-installer-extra4-udeb - Library of some extra debian-installer functions (udeb) libdebian-installer4 - Library of common debian-installer functions libdebian-installer4-dev - Library of common debian-installer functions libdebian-installer4-udeb - Library of common debian-installer functions (udeb) Closes: 853489 856210 Changes: libdebian-installer (0.109) unstable; urgency=medium . [ Samuel Thibault ] * Fix build with gcc-7. Closes: #853489 . [ Steven Chamberlain ] * Parse SHA256 fields in Packages files. (closes: #856210) * Parse SHA256 fields in Release files. . [ Bastian Blank ] * Update versions for changed symbols. - Add Breaks on cdebootrap. Checksums-Sha1: 651339f4a8613b3bb186f153077bd30e18111acc 1877 libdebian-installer_0.109.dsc ed1faa09fbd711c1c2e31aa415b733981b22daff 78960 libdebian-installer_0.109.tar.xz 097747ca7cfe2deb3f49a0675bb3be24c648ffd4 4570 libdebian-installer_0.109_source.buildinfo Checksums-Sha256: 50255aa8202f1a4fb2d42f43211cc68f4600fe7b0ba909187f8055066f77ef60 1877 libdebian-installer_0.109.dsc ac3025dadda656716045b7901c551abfa0b339ae47429471df1f5c75976c4b73 78960 libdebian-installer_0.109.tar.xz 3e0f4deda32b4cc6c0d8e41ac5d3b1103882efa2b4180aee09633806acc97f07 4570 libdebian-installer_0.109_source.buildinfo Files: a8de0535b202a6f24c61e82938b8429d 1877 libs optional libdebian-installer_0.109.dsc abbe45edaf66741e8c8019869d7e9d2a 78960 libs optional libdebian-installer_0.109.tar.xz c403b6d945d8d4b3e7319f86e88d46ee 4570 libs optional libdebian-installer_0.109_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEER3HMN63jdS1rqjxLbZOIhYpp/lEFAli79LUACgkQbZOIhYpp /lEV1wgAiKoXA9ZsOY6gBZmDBzj39K7Udps74XeivkdzjAUUMRWRP8dIkQVFBw6B DGUK+drhQ6lXNAgTyMupQcKIp38VRR4c1jywewFSAHnNNvz8DN8//sSrCdDM+1jJ pLCZN9lSjvCKtPH934MtT9jZVZh4/L0xrRa+ZkgN3ncG5ajA2Jmf6/ZOrkyNETDa miu4FFr103z9JdFG82NG6ZJGdMRlkCGj5SDZkxEb58PfmEwU6CoOMRDB9hXE1hT4 z0SMsDPJJxBpmX4dSjOqMNlfoSCZhnIJixLeeUloQ71JEXLiv/tKg01YdJtQ4p9+ /R6ESqSa+97pXl/2eNdSkF+3WbICnQ== =zzKV -----END PGP SIGNATURE-----
--- End Message ---
