Bug#879161: marked as done (jessie-pu: package dns-root-data/2017072601~deb8u2)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#879161: marked as done (jessie-pu: package dns-root-data/2017072601~deb8u2)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 23 Jun 2018 11:36:11 +0000
Message-id: <[🔎] handler.879161.D879161.15297536246923.ackdone@bugs.debian.org>
Reply-to: 879161@bugs.debian.org
References: <1529753533.11744.69.camel@adam-barratt.org.uk> <150845258351.27883.510505649188462645.reportbug@alice.fifthhorseman.net>

Your message dated Sat, 23 Jun 2018 12:32:13 +0100
with message-id <1529753533.11744.69.camel@adam-barratt.org.uk>
and subject line Closing bugs for requests included in the EoL jessie point release
has caused the Debian Bug report #879161,
regarding jessie-pu: package dns-root-data/2017072601~deb8u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
879161: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879161
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: jessie-pu: package dns-root-data/2017072601~deb8u2
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 19 Oct 2017 18:36:23 -0400
Message-id: <150845258351.27883.510505649188462645.reportbug@alice.fifthhorseman.net>

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Control: affects -1 dns-root-data
Control: blocks 877683 -1

the version of dns-root-data in jessie (2017072601~deb8u1) only ships
one entry in /usr/share/root.ds.  see https://bugs.debian.org/877683

I've cherry-picked a few changes from the master branch which
accomodate the new situation at ICANN and use a different toolchain to
produce root.ds that can handle multiple keys.  This should probably
go into jessie sooner rather than later, though we have a bit of a
reprieve since the root key rollover has been postponed for the moment.

You can see that work on the master-jessie branch at
https://anonscm.debian.org/git/pkg-dns/dns-root-data.git

I'm attaching the debdiff here as well.

    --dkg

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru dns-root-data-2017072601~deb8u1/debian/changelog dns-root-data-2017072601~deb8u2/debian/changelog
--- dns-root-data-2017072601~deb8u1/debian/changelog	2017-08-23 03:09:51.000000000 -0400
+++ dns-root-data-2017072601~deb8u2/debian/changelog	2017-10-19 18:27:04.000000000 -0400
@@ -1,3 +1,15 @@
+dns-root-data (2017072601~deb8u2) jessie-updates; urgency=medium
+
+  [ Ondřej Surý ]
+  * Update IANA DNSSEC files to 2017-02-02 versions
+  * Strip the GPG verification (IANA doesn't provide it anymore)
+  * Rewrite DS creation check (Closes: #877683)
+
+  [ Daniel Kahn Gillmor ]
+  * added myself to uploaders
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 19 Oct 2017 18:25:06 -0400
+
 dns-root-data (2017072601~deb8u1) jessie; urgency=high
 
   * Add KSK-2017 to root.key file
diff -Nru dns-root-data-2017072601~deb8u1/debian/control dns-root-data-2017072601~deb8u2/debian/control
--- dns-root-data-2017072601~deb8u1/debian/control	2017-08-23 03:09:51.000000000 -0400
+++ dns-root-data-2017072601~deb8u2/debian/control	2017-10-19 18:19:07.000000000 -0400
@@ -2,13 +2,13 @@
 Section: misc
 Priority: optional
 Maintainer: Ondřej Surý <ondrej@debian.org>
-Uploaders: Robert Edmonds <edmonds@debian.org>
+Uploaders: Robert Edmonds <edmonds@debian.org>,
+           Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 Build-Depends: debhelper (>= 8.0.0),
 	       unbound-anchor,
 	       openssl,
-	       gnupg2,
-	       bind9utils,
-	       libxml2-utils
+	       ldnsutils,
+	       xml2
 Standards-Version: 3.9.5
 Homepage: https://data.iana.org/root-anchors/
 #Vcs-Git: git://git.debian.org/collab-maint/dns-root-data.git
diff -Nru dns-root-data-2017072601~deb8u1/debian/rules dns-root-data-2017072601~deb8u2/debian/rules
--- dns-root-data-2017072601~deb8u1/debian/rules	2017-08-23 03:09:51.000000000 -0400
+++ dns-root-data-2017072601~deb8u2/debian/rules	2017-10-19 18:19:07.000000000 -0400
@@ -14,25 +14,11 @@
 	# Verify root-anchors.xml using OpenSSL
 	openssl smime -verify -noverify -inform DER -in root-anchors.p7s -content root-anchors.xml
 
-	# Verify root-anchors.xml using OpenPGP
-	mkdir -m 0700 -p $(CURDIR)/.gnupg/
-	GNUPGHOME=$(CURDIR)/.gnupg/ gpg2 --quiet --import $(CURDIR)/icann.pgp
-	echo "2FBB91BCAAEE0ABE1F8031C7D1AFBCE00F6C91D2:6:" | \
-	GNUPGHOME=$(CURDIR)/.gnupg/ gpg2 --quiet --import-ownertrust
-	GNUPGHOME=$(CURDIR)/.gnupg/ gpg2 --quiet --verify root-anchors.asc root-anchors.xml
-	rm -rf .gnupg/
-
 	# Create key from validated root-anchors.xml
-	echo \
-	"$$(xmllint --xpath '//TrustAnchor/Zone/text()' root-anchors.xml) IN DS" \
-	"$$(xmllint --xpath '//TrustAnchor/KeyDigest/KeyTag/text()' root-anchors.xml)" \
-	"$$(xmllint --xpath '//TrustAnchor/KeyDigest/Algorithm/text()' root-anchors.xml)" \
-	"$$(xmllint --xpath '//TrustAnchor/KeyDigest/DigestType/text()' root-anchors.xml)" \
-	"$$(xmllint --xpath '//TrustAnchor/KeyDigest/Digest/text()' root-anchors.xml)" > \
-	root-anchors.ds
+	./parse-root-anchors.sh < root-anchors.xml > root-anchors.ds
 
 	# Create key from downloaded root.key
-	/usr/sbin/dnssec-dsfromkey -2 root.key > root.ds
+	/usr/bin/ldns-key2ds -n -2 root.key > root.ds
 
 	# Compare the DS from root.key and from root-anchors.xml
 	diff root-anchors.ds root.ds
diff -Nru dns-root-data-2017072601~deb8u1/icannbundle.pem dns-root-data-2017072601~deb8u2/icannbundle.pem
--- dns-root-data-2017072601~deb8u1/icannbundle.pem	2017-08-23 03:09:51.000000000 -0400
+++ dns-root-data-2017072601~deb8u2/icannbundle.pem	2017-10-19 18:19:07.000000000 -0400
@@ -78,92 +78,12 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 2 (0x2)
+        Serial Number: 11 (0xb)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
         Validity
-            Not Before: Dec 23 04:45:04 2009 GMT
-            Not After : Dec 22 04:45:04 2014 GMT
-        Subject: O=ICANN, CN=ICANN DNSSEC CA/emailAddress=dnssec@icann.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:c0:bf:e2:b4:ee:12:46:36:3b:7c:d2:46:21:64:
-                    5a:93:e1:e3:02:10:25:bb:a5:30:70:19:89:98:7e:
-                    9e:db:8e:0f:ac:c8:48:66:0e:1a:f8:81:e5:2d:3c:
-                    7b:39:39:76:28:8f:ee:0a:a7:dd:64:e9:5f:87:25:
-                    b1:64:e5:59:03:fc:bc:29:3b:63:37:c8:d7:46:9a:
-                    b6:ce:87:55:cd:cf:e2:ab:e9:c7:8a:53:2e:25:87:
-                    b0:98:d6:20:a3:a8:ec:87:b0:39:a3:c4:c5:75:59:
-                    3c:fb:91:03:fa:ee:7f:e9:2b:b6:70:88:69:2c:e6:
-                    f1:4f:fc:d0:47:b4:e9:a0:2c:fa:0c:c3:84:eb:be:
-                    73:5a:bc:16:ed:d0:83:02:2d:eb:6a:21:02:51:70:
-                    29:1e:4f:c9:69:03:9f:91:32:5c:2c:1a:9f:5e:45:
-                    48:2a:50:ee:72:14:ec:17:29:fc:20:95:7d:22:6a:
-                    c6:6f:83:a2:58:8e:b1:64:c8:73:23:54:6c:69:1d:
-                    66:1f:df:f8:4f:24:a1:a8:ae:00:7f:e9:89:41:a6:
-                    e3:88:1d:3a:e1:b3:3a:ef:29:45:32:9b:94:2e:b7:
-                    6c:1e:fe:31:40:13:e1:bd:52:67:d0:d8:c3:3e:03:
-                    84:48:72:9d:bd:8a:48:a0:f2:72:35:b6:03:4b:c6:
-                    e9:05
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
-
-            X509v3 Subject Key Identifier: 
-                8F:B2:42:69:C3:9D:E4:3C:FA:13:B9:FF:F2:C0:A4:EF:D8:0F:E8:22
-    Signature Algorithm: sha256WithRSAEncryption
-        4a:78:a2:47:7e:3f:2e:4d:78:68:ab:06:5c:ff:da:01:04:45:
-        92:20:20:88:f3:dc:4e:70:01:9b:cb:f3:13:61:34:04:09:15:
-        d0:be:99:1c:be:fc:97:e9:2d:73:e1:b3:2b:a6:b9:3a:41:33:
-        f3:83:3d:64:1b:64:95:bf:ae:cd:20:df:18:e0:62:8d:fa:9c:
-        f7:d8:a9:3c:25:2b:8e:cf:10:e5:29:b9:af:1a:7f:62:64:75:
-        e7:c6:fd:9b:6d:71:c0:a9:b3:0f:9a:b7:7a:fe:53:04:18:cd:
-        04:06:d9:bf:01:0e:cc:04:84:84:51:a3:e9:06:2a:a3:25:73:
-        4e:8d:62:19:13:25:5b:de:0b:dc:d0:69:01:ca:41:0a:96:13:
-        cf:6a:11:fe:2b:9a:3f:fd:56:3d:73:3d:58:49:c2:71:83:20:
-        23:6d:46:99:6e:37:91:9f:76:2a:9c:b0:69:3f:64:9f:05:bb:
-        38:c8:1e:ca:d8:6c:fd:56:3e:a6:85:a2:53:80:c6:42:b6:79:
-        c6:43:0b:e0:6c:ea:9f:cf:b0:2a:2c:01:50:c3:d8:0f:a0:7e:
-        a1:73:a8:5c:84:27:5b:c9:4b:5a:13:e9:69:25:1c:59:11:d2:
-        01:dc:da:e7:c8:44:34:a2:e4:99:25:b4:c3:23:b5:f8:2d:48:
-        e5:8d:06:73
------BEGIN CERTIFICATE-----
-MIIDhjCCAm6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
-TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
-BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0NDUwNFoX
-DTE0MTIyMjA0NDUwNFowSzEOMAwGA1UEChMFSUNBTk4xGDAWBgNVBAMTD0lDQU5O
-IEROU1NFQyBDQTEfMB0GCSqGSIb3DQEJARMQZG5zc2VjQGljYW5uLm9yZzCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMC/4rTuEkY2O3zSRiFkWpPh4wIQ
-JbulMHAZiZh+ntuOD6zISGYOGviB5S08ezk5diiP7gqn3WTpX4clsWTlWQP8vCk7
-YzfI10aats6HVc3P4qvpx4pTLiWHsJjWIKOo7IewOaPExXVZPPuRA/ruf+krtnCI
-aSzm8U/80Ee06aAs+gzDhOu+c1q8Fu3QgwIt62ohAlFwKR5PyWkDn5EyXCwan15F
-SCpQ7nIU7Bcp/CCVfSJqxm+DoliOsWTIcyNUbGkdZh/f+E8koaiuAH/piUGm44gd
-OuGzOu8pRTKblC63bB7+MUAT4b1SZ9DYwz4DhEhynb2KSKDycjW2A0vG6QUCAwEA
-AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAf4wHwYDVR0jBBgw
-FoAUulLpSYMkhlIvx5nN/I1raQhNwFAwHQYDVR0OBBYEFI+yQmnDneQ8+hO5//LA
-pO/YD+giMA0GCSqGSIb3DQEBCwUAA4IBAQBKeKJHfj8uTXhoqwZc/9oBBEWSICCI
-89xOcAGby/MTYTQECRXQvpkcvvyX6S1z4bMrprk6QTPzgz1kG2SVv67NIN8Y4GKN
-+pz32Kk8JSuOzxDlKbmvGn9iZHXnxv2bbXHAqbMPmrd6/lMEGM0EBtm/AQ7MBISE
-UaPpBiqjJXNOjWIZEyVb3gvc0GkBykEKlhPPahH+K5o//VY9cz1YScJxgyAjbUaZ
-bjeRn3YqnLBpP2SfBbs4yB7K2Gz9Vj6mhaJTgMZCtnnGQwvgbOqfz7AqLAFQw9gP
-oH6hc6hchCdbyUtaE+lpJRxZEdIB3NrnyEQ0ouSZJbTDI7X4LUjljQZz
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 6 (0x6)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
-        Validity
-            Not Before: Dec 23 05:21:16 2009 GMT
-            Not After : Dec 22 05:21:16 2014 GMT
+            Not Before: Nov  8 23:39:47 2016 GMT
+            Not After : Nov  6 23:39:47 2026 GMT
         Subject: O=ICANN, CN=ICANN EMAIL CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -192,33 +112,33 @@
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
+                Certificate Sign, CRL Sign
             X509v3 Authority Key Identifier: 
                 keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
 
             X509v3 Subject Key Identifier: 
                 7B:3F:BA:CE:A1:B3:A6:13:2E:5A:82:84:D4:D2:EA:A5:24:F1:CD:B4
     Signature Algorithm: sha256WithRSAEncryption
-        50:07:a5:61:39:e4:3b:e3:bc:1c:b4:a7:b2:ab:a1:fb:47:bf:
-        b4:1c:32:ac:3c:46:b0:02:26:2f:16:3e:89:70:e2:87:e9:76:
-        99:61:0b:91:c5:48:7a:e5:aa:24:0b:39:e0:4f:26:03:d4:5b:
-        01:8a:4d:b6:98:cc:16:fa:e2:12:4a:88:b9:53:bb:50:2d:c7:
-        37:b8:a3:82:2d:52:05:3e:46:a7:db:97:82:73:8d:7d:ed:dd:
-        9e:37:73:68:6b:90:cd:62:d8:77:ff:32:53:bb:d3:a1:b9:cb:
-        7d:32:29:70:fb:2e:90:4b:27:12:6d:99:a5:e6:d4:ef:13:32:
-        c1:2f:b5:ae:6e:11:0e:50:56:a4:56:5b:76:b0:c0:99:2e:5a:
-        94:17:ee:2b:c1:b6:9c:8b:68:ac:55:95:31:8c:66:2b:35:43:
-        a5:13:04:1b:50:44:1c:55:7f:4c:d0:1a:50:80:53:45:a8:e3:
-        d3:a8:74:ad:7d:6a:d6:e9:9a:d3:25:7d:83:e2:57:64:1a:94:
-        7e:bc:cb:ef:79:b5:54:6a:f1:b0:c3:81:26:90:e5:40:87:ed:
-        75:7d:83:63:5b:ab:45:c0:34:04:27:e8:d8:12:26:7c:5e:c0:
-        48:b6:33:7d:4b:db:23:8a:f7:13:24:bc:be:7b:74:cb:c4:ed:
-        ed:42:eb:2f
+        0e:8a:c9:ea:6f:9c:e9:23:b6:9c:a6:a4:c2:d1:b1:ee:25:18:
+        24:2b:79:d4:a8:f2:99:b9:5c:91:4d:e6:2b:32:2e:01:f5:87:
+        95:64:fc:6d:f1:87:fa:24:b4:43:4b:49:f3:84:54:44:eb:af:
+        41:ab:49:ab:c8:b7:32:6c:14:83:5b:d7:2c:41:f9:89:d5:c4:
+        2b:9a:55:c5:b6:ad:17:d5:4d:bc:41:58:56:72:0d:db:b7:7d:
+        57:c6:a2:9c:7e:6b:67:ae:26:f8:26:45:bb:c4:95:2e:ea:71:
+        e3:b4:7a:69:95:a4:8a:80:f8:59:dc:88:6e:e1:a7:fc:bb:8e:
+        b2:aa:a8:b6:1b:2f:2c:97:a5:12:d5:82:ae:a0:e8:a6:15:fd:
+        d1:e0:5d:e4:84:b1:76:db:0a:e2:ca:58:2e:d3:df:48:4e:46:
+        ac:c6:35:79:17:99:ce:e9:be:2c:e4:c2:50:ff:5b:96:15:cd:
+        64:ac:1b:db:fe:d2:ac:43:61:c8:5f:ee:24:b6:a4:3b:d2:ff:
+        0a:f4:0c:88:58:a1:9d:a4:c1:1f:6a:6c:67:90:98:e8:1f:5e:
+        2d:55:60:91:26:2a:b1:66:80:e4:e6:0e:05:2c:75:a9:ca:0b:
+        e4:a0:8f:e1:47:a8:8f:61:5d:7c:ce:09:60:88:48:c3:46:bf:
+        be:7e:36:be
 -----BEGIN CERTIFICATE-----
-MIIDZDCCAkygAwIBAgIBBjANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
+MIIDZDCCAkygAwIBAgIBCzANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
 TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
-BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA1MjExNloX
-DTE0MTIyMjA1MjExNlowKTEOMAwGA1UEChMFSUNBTk4xFzAVBgNVBAMTDklDQU5O
+BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTE2MTEwODIzMzk0N1oX
+DTI2MTEwNjIzMzk0N1owKTEOMAwGA1UEChMFSUNBTk4xFzAVBgNVBAMTDklDQU5O
 IEVNQUlMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hkeImkz
 9qTSdsWAEXWO0Ohvv4n4KmraioUoQLrFI19H7XLijtNcyIo6malXLAorIvNUe4v3
 jCGiUAFPi68033L8eDHQHeu8m+b6wYTQBQeKdFOlYJ7rdZ6oXTLIAjLkv8uXm3r6
@@ -226,24 +146,24 @@
 ImcIIzzPpRA4cjCXkm8gSrokTErISqXcKkShKXi0n/6E/ydbOnLqMcGtBiLWRKBK
 VzKc8kZH0IluICMs6rCDfsHz6trd42NZlyH6GxE5J8+Ci1YV1DaSDKV+gOAYyVAI
 QgrflzycuApNsQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIB/jAfBgNVHSMEGDAWgBS6UulJgySGUi/Hmc38jWtpCE3AUDAdBgNVHQ4EFgQU
-ez+6zqGzphMuWoKE1NLqpSTxzbQwDQYJKoZIhvcNAQELBQADggEBAFAHpWE55Dvj
-vBy0p7KroftHv7QcMqw8RrACJi8WPolw4ofpdplhC5HFSHrlqiQLOeBPJgPUWwGK
-TbaYzBb64hJKiLlTu1Atxze4o4ItUgU+Rqfbl4JzjX3t3Z43c2hrkM1i2Hf/MlO7
-06G5y30yKXD7LpBLJxJtmaXm1O8TMsEvta5uEQ5QVqRWW3awwJkuWpQX7ivBtpyL
-aKxVlTGMZis1Q6UTBBtQRBxVf0zQGlCAU0Wo49OodK19atbpmtMlfYPiV2QalH68
-y+95tVRq8bDDgSaQ5UCH7XV9g2Nbq0XANAQn6NgSJnxewEi2M31L2yOK9xMkvL57
-dMvE7e1C6y8=
+AwIBBjAfBgNVHSMEGDAWgBS6UulJgySGUi/Hmc38jWtpCE3AUDAdBgNVHQ4EFgQU
+ez+6zqGzphMuWoKE1NLqpSTxzbQwDQYJKoZIhvcNAQELBQADggEBAA6KyepvnOkj
+tpympMLRse4lGCQredSo8pm5XJFN5isyLgH1h5Vk/G3xh/oktENLSfOEVETrr0Gr
+SavItzJsFINb1yxB+YnVxCuaVcW2rRfVTbxBWFZyDdu3fVfGopx+a2euJvgmRbvE
+lS7qceO0emmVpIqA+FnciG7hp/y7jrKqqLYbLyyXpRLVgq6g6KYV/dHgXeSEsXbb
+CuLKWC7T30hORqzGNXkXmc7pvizkwlD/W5YVzWSsG9v+0qxDYchf7iS2pDvS/wr0
+DIhYoZ2kwR9qbGeQmOgfXi1VYJEmKrFmgOTmDgUsdanKC+Sgj+FHqI9hXXzOCWCI
+SMNGv75+Nr4=
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 3 (0x3)
+        Serial Number: 10 (0xa)
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
         Validity
-            Not Before: Dec 23 05:07:29 2009 GMT
-            Not After : Dec 22 05:07:29 2014 GMT
+            Not Before: Nov  8 23:38:16 2016 GMT
+            Not After : Nov  6 23:38:16 2026 GMT
         Subject: O=ICANN, CN=ICANN SSL CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -272,33 +192,33 @@
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
+                Certificate Sign, CRL Sign
             X509v3 Authority Key Identifier: 
                 keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
 
             X509v3 Subject Key Identifier: 
                 6E:77:A8:40:10:4A:D8:9C:0C:F2:B7:5A:3A:A5:2F:79:4A:61:14:D8
     Signature Algorithm: sha256WithRSAEncryption
-        18:42:62:df:aa:8e:44:e6:87:10:4d:d9:a6:b2:c3:97:37:43:
-        2e:ce:f3:e0:3c:c2:2f:e1:78:60:41:a9:2b:5d:f4:24:f5:f6:
-        57:a2:08:ec:9c:89:e5:54:50:a8:30:c6:20:e5:8a:c7:8b:bd:
-        fd:98:b6:0c:7d:1a:1f:01:a1:4a:4e:ec:0d:2a:aa:9f:fd:a9:
-        20:0d:b3:5c:0f:36:c0:2c:2b:c6:75:22:29:66:a3:34:bd:93:
-        3d:f6:28:da:90:d5:7e:91:df:d3:06:f6:69:8b:80:9b:a5:34:
-        af:6a:02:5b:e4:52:7d:56:4d:99:6e:fe:e9:d0:36:99:58:d9:
-        af:cd:79:9b:e5:d2:4c:35:90:d3:e0:68:b2:88:2b:18:39:2e:
-        bc:0b:d9:82:84:7f:24:12:92:d2:b9:13:4f:64:bc:46:e1:5c:
-        6a:ed:f7:b0:d4:66:27:25:21:86:b4:3a:5e:19:a3:c7:8b:4b:
-        93:b9:2e:37:e2:6d:8b:46:ee:68:39:21:75:e8:fe:2a:a7:85:
-        fd:68:26:96:bd:dd:f9:f1:fe:99:5f:b4:a4:97:1b:50:18:fa:
-        21:90:54:0c:8b:30:28:94:70:19:34:9e:5c:e1:e5:48:93:af:
-        aa:a3:b4:95:b2:f5:4c:97:50:44:58:97:e1:ff:e7:b2:10:dd:
-        2c:fe:c0:ed
+        47:46:4f:c7:5f:46:e3:d1:dc:fc:2b:f8:fc:65:ce:36:b1:f4:
+        5f:ee:14:75:a3:d9:5f:de:75:4b:fa:7b:88:9f:10:8c:2e:97:
+        cc:35:1b:ce:24:d3:36:60:95:d5:ae:11:b6:3f:8b:f4:12:69:
+        85:b5:3b:2a:b6:ab:7a:81:85:c2:55:57:ed:d0:b5:e7:4f:54:
+        37:51:24:c9:d5:07:3a:ef:b6:c5:1a:3e:14:29:a7:a6:f8:08:
+        2a:0b:26:79:f9:62:85:4a:e5:ea:90:ca:71:38:16:91:4e:7e:
+        fd:e3:b3:f3:55:8f:5a:d0:86:cf:33:94:88:f1:90:99:cb:81:
+        e2:81:92:68:2f:c3:61:d5:52:8d:e6:9a:5b:00:83:42:27:88:
+        f6:d9:fa:d1:bc:bb:b0:bc:b5:14:0b:4e:1a:54:ef:fa:d6:9d:
+        c4:0c:fc:ed:15:ab:21:4b:45:b5:d9:3b:ed:3c:d5:1e:2e:7a:
+        83:6f:24:45:d4:4c:b4:ef:60:43:18:d0:84:5d:16:7b:f5:50:
+        80:b1:a9:c2:8f:3b:c8:90:08:fd:aa:17:13:19:38:19:d1:8e:
+        85:7c:1e:57:16:8c:f9:8a:e8:29:25:38:cd:bb:55:8e:4a:6a:
+        6f:e5:7d:fc:d7:55:d6:ae:38:07:96:c1:97:ff:e5:2b:4f:99:
+        2d:70:f2:08
 -----BEGIN CERTIFICATE-----
-MIIDYjCCAkqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
+MIIDYjCCAkqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
 TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
-BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA1MDcyOVoX
-DTE0MTIyMjA1MDcyOVowJzEOMAwGA1UEChMFSUNBTk4xFTATBgNVBAMTDElDQU5O
+BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTE2MTEwODIzMzgxNloX
+DTI2MTEwNjIzMzgxNlowJzEOMAwGA1UEChMFSUNBTk4xFTATBgNVBAMTDElDQU5O
 IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3Gq798Zp2z
 K5YAFMdgeo1iWyZLMNezTIJpxk1Nc/PUkSFdqzXwyAQO9KM14uEYqZgSA1j4n+t3
 VFuJgSbJqsL0yQyCVypeBelhF8wZGHHrNYPBhp3s8WvK3aGWC5XU4Q+eJG/cPNAo
@@ -306,12 +226,12 @@
 kB+8yXuiZdcR6YvwOlq3FwffaeNuuVRqjjqqlH8sCqGturfZYGInp3FAO46whHu4
 yGfvZro9rMOF5Ya7p5z9tuHAEFM91H4bCeafIlynJwl+JxIz+t+bIC8U9xfA5B4H
 kR/5ms2o4sUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-Af4wHwYDVR0jBBgwFoAUulLpSYMkhlIvx5nN/I1raQhNwFAwHQYDVR0OBBYEFG53
-qEAQSticDPK3WjqlL3lKYRTYMA0GCSqGSIb3DQEBCwUAA4IBAQAYQmLfqo5E5ocQ
-TdmmssOXN0MuzvPgPMIv4XhgQakrXfQk9fZXogjsnInlVFCoMMYg5YrHi739mLYM
-fRofAaFKTuwNKqqf/akgDbNcDzbALCvGdSIpZqM0vZM99ijakNV+kd/TBvZpi4Cb
-pTSvagJb5FJ9Vk2Zbv7p0DaZWNmvzXmb5dJMNZDT4GiyiCsYOS68C9mChH8kEpLS
-uRNPZLxG4Vxq7few1GYnJSGGtDpeGaPHi0uTuS434m2LRu5oOSF16P4qp4X9aCaW
-vd358f6ZX7SklxtQGPohkFQMizAolHAZNJ5c4eVIk6+qo7SVsvVMl1BEWJfh/+ey
-EN0s/sDt
+AQYwHwYDVR0jBBgwFoAUulLpSYMkhlIvx5nN/I1raQhNwFAwHQYDVR0OBBYEFG53
+qEAQSticDPK3WjqlL3lKYRTYMA0GCSqGSIb3DQEBCwUAA4IBAQBHRk/HX0bj0dz8
+K/j8Zc42sfRf7hR1o9lf3nVL+nuInxCMLpfMNRvOJNM2YJXVrhG2P4v0EmmFtTsq
+tqt6gYXCVVft0LXnT1Q3USTJ1Qc677bFGj4UKaem+AgqCyZ5+WKFSuXqkMpxOBaR
+Tn7947PzVY9a0IbPM5SI8ZCZy4HigZJoL8Nh1VKN5ppbAINCJ4j22frRvLuwvLUU
+C04aVO/61p3EDPztFashS0W12TvtPNUeLnqDbyRF1Ey072BDGNCEXRZ79VCAsanC
+jzvIkAj9qhcTGTgZ0Y6FfB5XFoz5iugpJTjNu1WOSmpv5X3811XWrjgHlsGX/+Ur
+T5ktcPII
 -----END CERTIFICATE-----
diff -Nru dns-root-data-2017072601~deb8u1/parse-root-anchors.sh dns-root-data-2017072601~deb8u2/parse-root-anchors.sh
--- dns-root-data-2017072601~deb8u1/parse-root-anchors.sh	1969-12-31 19:00:00.000000000 -0500
+++ dns-root-data-2017072601~deb8u2/parse-root-anchors.sh	2017-10-19 17:56:15.000000000 -0400
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+unset ZONE KTAG ALGO DTYPE DIGEST
+
+TTL=172800
+
+export IFS="="
+xml2 | while read KEY VAL; do
+    case "$KEY" in
+	"/TrustAnchor/Zone") ZONE="$VAL";;
+	"/TrustAnchor/KeyDigest/KeyTag") KTAG="$VAL";;
+	"/TrustAnchor/KeyDigest/Algorithm") ALGO="$VAL";;
+	"/TrustAnchor/KeyDigest/DigestType") DTYPE="$VAL";;
+	"/TrustAnchor/KeyDigest/Digest")
+	    DIGEST="$(echo "$VAL" | tr "[A-Z]" "[a-z]")"
+	    if [ -z "$ZONE" -o -z "$KTAG" -o -z "$ALGO" -o -z "$DTYPE" ]; then
+		echo "Missing some KeyDigest parameter"
+		exit 1
+	    fi
+	    echo "$ZONE\t$TTL\tIN\tDS\t$KTAG $ALGO $DTYPE $DIGEST"
+	    unset KTAG ALGO DTYPE DIGEST
+	    ;;
+    esac
+done
+exit 0
Binary files /tmp/QrU23AQjcp/dns-root-data-2017072601~deb8u1/root-anchors.p7s and /tmp/kyO_QpQvw1/dns-root-data-2017072601~deb8u2/root-anchors.p7s differ
diff -Nru dns-root-data-2017072601~deb8u1/root-anchors.xml dns-root-data-2017072601~deb8u2/root-anchors.xml
--- dns-root-data-2017072601~deb8u1/root-anchors.xml	2017-08-23 03:09:51.000000000 -0400
+++ dns-root-data-2017072601~deb8u2/root-anchors.xml	2017-10-19 18:19:07.000000000 -0400
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<TrustAnchor id="AD42165F-3B1A-4778-8F42-D34A1D41FD93" source="http://data.iana.org/root-anchors/root-anchors.xml";>
+<TrustAnchor id="0AF79DEA-A7CD-43DC-9EDD-AD241CA63AE2" source="http://data.iana.org/root-anchors/root-anchors.xml";>
 <Zone>.</Zone>
 <KeyDigest id="Kjqmt7v" validFrom="2010-07-15T00:00:00+00:00">
 <KeyTag>19036</KeyTag>
@@ -7,4 +7,10 @@
 <DigestType>2</DigestType>
 <Digest>49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5</Digest>
 </KeyDigest>
+<KeyDigest id="Klajeyz" validFrom="2017-02-02T00:00:00+00:00">
+<KeyTag>20326</KeyTag>
+<Algorithm>8</Algorithm>
+<DigestType>2</DigestType>
+<Digest>E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D</Digest>
+</KeyDigest>
 </TrustAnchor>

--- End Message ---

--- Begin Message ---

To: 831459-done@bugs.debian.org, 837458-done@bugs.debian.org, 862030-done@bugs.debian.org, 876944-done@bugs.debian.org, 879161-done@bugs.debian.org, 885533-done@bugs.debian.org, 885584-done@bugs.debian.org, 885619-done@bugs.debian.org, 887047-done@bugs.debian.org, 887138-done@bugs.debian.org, 887559-done@bugs.debian.org, 887857-done@bugs.debian.org, 888019-done@bugs.debian.org, 888553-done@bugs.debian.org, 888767-done@bugs.debian.org, 891611-done@bugs.debian.org, 891974-done@bugs.debian.org, 893507-done@bugs.debian.org, 893804-done@bugs.debian.org, 893970-done@bugs.debian.org, 895144-done@bugs.debian.org, 895887-done@bugs.debian.org, 895935-done@bugs.debian.org, 896841-done@bugs.debian.org, 896919-done@bugs.debian.org, 896942-done@bugs.debian.org, 897369-done@bugs.debian.org, 897447-done@bugs.debian.org, 897911-done@bugs.debian.org, 899018-done@bugs.debian.org, 899030-done@bugs.debian.org, 901194-done@bugs.debian.org, 901276-done@bugs.debian.org, 901425-done@bugs.debian.org, 901613-done@bugs.debian.org, 901645-done@bugs.debian.org

Subject: Closing bugs for requests included in the EoL jessie point release

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 23 Jun 2018 12:32:13 +0100

Message-id: <1529753533.11744.69.camel@adam-barratt.org.uk>
Version: 8.11

Hi,

The updates referenced by these bugs were included in today's EoL point
release for jessie (8.11).

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#876944: marked as done (jessie-pu: package bwm-ng/0.6-3.1)
Next by Date: Bug#885533: marked as done (jessie-pu: package soundtouch/1.8.0-1+deb8u1)
Previous by thread: Bug#876944: marked as done (jessie-pu: package bwm-ng/0.6-3.1)
Next by thread: Bug#885533: marked as done (jessie-pu: package soundtouch/1.8.0-1+deb8u1)
Index(es):
- Date
- Thread