Bug#818604: marked as done (Relies on MD5SUM and SHA1SUM to download d-i images in a trustful way)

To: Didier Raboud <odyx@debian.org>
Subject: Bug#818604: marked as done (Relies on MD5SUM and SHA1SUM to download d-i images in a trustful way)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 21 Apr 2016 22:00:27 +0000
Message-id: <[🔎] handler.818604.D818604.146127582616389.ackdone@bugs.debian.org>
References: <E1atMav-0006lu-OS@franck.debian.org> <145831471084.8732.9389388037833082069.reportbug@gyllingar>

Your message dated Thu, 21 Apr 2016 21:57:05 +0000
with message-id <E1atMav-0006lu-OS@franck.debian.org>
and subject line Bug#818604: fixed in win32-loader 0.8.0
has caused the Debian Bug report #818604,
regarding Relies on MD5SUM and SHA1SUM to download d-i images in a trustful way
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
818604: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818604
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Relies on MD5SUM and SHA1SUM to download d-i images in a trustful way

From: Didier 'OdyX' Raboud <odyx@debian.org>

Date: Fri, 18 Mar 2016 16:25:10 +0100

Message-id: <145831471084.8732.9389388037833082069.reportbug@gyllingar>
Package: win32-loader
Version: 0.7.14
Severity: important
Tags: d-i
Control: blocks 818463 by -1

win32-loader (its standalone version, available from debian/tools/ ) currently
relies exclusively on MD5 and SHA1 to trustfully download the d-i images.
--- End Message ---

--- Begin Message ---

To: 818604-close@bugs.debian.org
Subject: Bug#818604: fixed in win32-loader 0.8.0
From: Didier Raboud <odyx@debian.org>
Date: Thu, 21 Apr 2016 21:57:05 +0000
Message-id: <E1atMav-0006lu-OS@franck.debian.org>

Source: win32-loader
Source-Version: 0.8.0

We believe that the bug you reported is fixed in the latest version of
win32-loader, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 818604@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated win32-loader package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Apr 2016 23:22:22 +0200
Source: win32-loader
Binary: win32-loader
Architecture: source
Version: 0.8.0
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
 win32-loader - Debian-Installer loader for win32
Closes: 775055 818604
Changes:
 win32-loader (0.8.0) unstable; urgency=low
 .
   * The « Κρυπτεία σκυτάλη » release
 .
   * Refresh the crypto management code:
    - Replace the sha1sum.c NSIS with a more generic libgcrypt_hash.c plugin,
      therefore Build-Depend on libgcrypt-mingw-w64-dev for static linking, and
      add these to the Built-Using list
    - Rewrite the NSIS code to be more hash-independent
    - Use SHA256SUMS instead of MD5SUMS everywhere possible (Closes: #818604)
    - Remove all MD5-checking code
 .
   * Bump Build-Depends against nsis to 2.48 as it fixes a privilege escalation
     in generated installers
   * Update the non-Linux comments for the stretch release
   * Lift constraint on Windows versions; all >= Win7 versions use bcdedit.exe
     apparently (Closes: #775055)
   * Specify msgid-bugs-address in xgettext call to avoid noisy diffs
   * Bump Standards-Version to 3.9.8 without changes needed
Checksums-Sha1:
 fd448908e5b40dacb0e1edd2cae4a0dcdd5f7fff 1792 win32-loader_0.8.0.dsc
 504970ede064bcc1dbd7d63f909d354e7189fa57 240753 win32-loader_0.8.0.tar.bz2
Checksums-Sha256:
 35eaa2d3523084ee037289006b811e0925159121d1717596a4ba8ad9a0f6e9f0 1792 win32-loader_0.8.0.dsc
 22e10184b07143814be80d0688446317feb94731956f7f49507dc35a1a3f1d96 240753 win32-loader_0.8.0.tar.bz2
Files:
 0ce559073f005b0a74b8247432a807b6 1792 utils extra win32-loader_0.8.0.dsc
 3f00f444e5b6e1a45c745fd0919a70ca 240753 utils extra win32-loader_0.8.0.tar.bz2

-----BEGIN PGP SIGNATURE-----

iQGcBAEBCgAGBQJXGUdAAAoJEIvPpx7KFjRVepgL/jln0Hj3co5Wrn8VfZdj4y0L
MyqfAXEeYYk2HixrGMKAUhnHuIru012Op0hpsagDd79EzclbDvU+3YsF8uq0ytDd
zXtkaOOA/EeZY4+JFzWztOuG5Jkm4zj7y5+fjWsJig3E8x6EtjwoLsFUNkL11rtu
zGz+6ogNVYWRQCviu9ihZMYvboKoDZ/vph9dUYy82BLS/4iduDQwwBtXKvlraPC5
Sgj9xjMTBSTwqEDf9l3Z+GGVc/LKruwPSrAQ8RnCIyuciwc7RJ2+RMc0KFfmYWQ+
ki0c0y39f9pXs34h/zImbmRwQKi9KPJ+5UMBPptH5U9YYXmJaOreRXzhzlUPNqFy
wJJAizWKxd97SPxDB0QJE08RiLHnGieFJEYXKkjJFKte/EahoR7Bn3/bJhM1SkDg
0eNW4wZH6T5/lr1YfJMtJrr3VvPDIjbGzrYPMeozTPuGywy36Jd/0RYbU7nPjz8z
WYKhiUd6xVQVQ6ekifkCeRwZOHlpKoK7I5c/D6XwQQ==
=GWse
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#775055: marked as done (win32-loader: Support new versions of Windows)
Next by Date: win32-loader_0.8.0_source.changes ACCEPTED into unstable
Previous by thread: Bug#775055: marked as done (win32-loader: Support new versions of Windows)
Next by thread: win32-loader_0.8.0_source.changes ACCEPTED into unstable
Index(es):
- Date
- Thread