[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#910969: marked as done (stretch-pu: package firmware-nonfree/20161130-4)

Your message dated Sat, 10 Nov 2018 10:42:56 +0000
with message-id <1541846576.3542.38.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.6
has caused the Debian Bug report #910969,
regarding stretch-pu: package firmware-nonfree/20161130-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
910969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910969
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

This update addresses three sets of bugs:

- The firmware-{adi,ralink} pckages were supposed to be replaced by
  firmware-misc-nonfree between jessie and stretch, but I failed to
  include transitional packages to make this work (#907320).

- Security vulnerabilities in packet processing in Broadcom wifi
  firmware (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417, #869639,
  a.k.a. "Broadpwn").

- Security vulnerabilities in WPA2 key handling in Broadcom wifi
  firmware (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
  CVE-2017-13080, CVE-2017-13081, a.k.a. "KRACK").

(The security vulnerabilities went unfixed for a long time so it
doesn't make much difference if the fixes wait for the next point
release.)

The following source diff excludes generated files debian/control,
debian/firmware-*.copyright, and debian/rules.gen.

Ben.

---
diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py
index 491bbe329c54..b087b7e602d5 100755
--- a/debian/bin/gencontrol.py
+++ b/debian/bin/gencontrol.py
@@ -1,9 +1,10 @@
 #!/usr/bin/env python3
 
-import os, re, sys, codecs
+import os, re, sys, locale
 
 sys.path.insert(0, "debian/lib/python")
 sys.path.append(sys.argv[1] + "/lib/python")
+locale.setlocale(locale.LC_CTYPE, "C.UTF-8")
 
 from config import Config
 from debian_linux.debian import Package, PackageRelation
@@ -92,7 +93,7 @@ Package._fields['Description'] = PackageDescription
         for dir in self.dirs:
             filename = "%s/%s.in" % (dir, name)
             if os.path.exists(filename):
-                f = codecs.open(filename, 'r', 'utf-8')
+                f = open(filename, 'r')
                 if prefix == 'control':
                     return read_control(f)
                 elif prefix == 'templates':
@@ -145,7 +146,7 @@ Package._fields['Description'] = PackageDescription
         makefile = Makefile()
 
         self.do_source(packages)
-        self.do_meta(packages, makefile)
+        self.do_extra(packages, makefile)
         self.do_main(packages, makefile)
 
         self.write(packages, makefile)
@@ -154,17 +155,17 @@ Package._fields['Description'] = PackageDescription
         source = self.templates["control.source"]
         packages['source'] = self.process_package(source[0], ())
 
-    def do_meta(self, packages, makefile):
+    def do_extra(self, packages, makefile):
         config_entry = self.config['base',]
         vars = {}
         vars.update(config_entry)
 
-        for entry in self.templates["control.binary.meta"]:
+        for entry in self.templates["control.extra"]:
             package_binary = self.process_package(entry, {})
             assert package_binary['Package'].startswith('firmware-')
             package = package_binary['Package'].replace('firmware-', '')
 
-            f = open('debian/copyright.meta')
+            f = open('debian/copyright.debian')
             open("debian/firmware-%s.copyright" % package, 'w').write(f.read())
 
             makeflags = MakeFlags()
@@ -203,8 +204,8 @@ Package._fields['Description'] = PackageDescription
             f = open('%s/copyright' % package_dir)
             open("debian/firmware-%s.copyright" % package, 'w').write(f.read())
         else:
-            vars['license'] = codecs.open("%s/LICENSE" % package_dir, 'r', 'utf-8').read()
-            codecs.open("debian/firmware-%s.copyright" % package, 'w', 'utf-8').write(self.substitute(copyright, vars))
+            vars['license'] = open("%s/LICENSE" % package_dir, 'r').read()
+            open("debian/firmware-%s.copyright" % package, 'w').write(self.substitute(copyright, vars))
 
         try:
             os.unlink('debian/firmware-%s.bug-presubj' % package)
@@ -308,19 +309,19 @@ Package._fields['Description'] = PackageDescription
 
         if 'initramfs-tools' in config_entry.get('support', []):
             postinst = self.templates['postinst.initramfs-tools']
-            codecs.open("debian/firmware-%s.postinst" % package, 'w', 'utf-8').write(self.substitute(postinst, vars))
+            open("debian/firmware-%s.postinst" % package, 'w').write(self.substitute(postinst, vars))
 
         if 'license-accept' in config_entry:
-            license = codecs.open("%s/LICENSE.install" % package_dir, 'r', 'utf-8').read()
+            license = open("%s/LICENSE.install" % package_dir, 'r').read()
             preinst = self.templates['preinst.license']
             preinst_filename = "debian/firmware-%s.preinst" % package
-            codecs.open(preinst_filename, 'w', 'utf-8').write(self.substitute(preinst, vars))
+            open(preinst_filename, 'w').write(self.substitute(preinst, vars))
 
             templates = self.process_templates(self.templates['templates.license'], vars)
             license_split = re.split(r'\n\s*\n', license)
             templates[0]['Description'].extend(license_split)
             templates_filename = "debian/firmware-%s.templates" % package
-            self.write_rfc822(codecs.open(templates_filename, 'w', 'utf-8'), templates)
+            self.write_rfc822(open(templates_filename, 'w'), templates)
 
             desc = packages_binary[0]['Description']
             desc.append(
@@ -336,7 +337,7 @@ You must agree to the terms of this license before it is installed."""
         vars['firmware-list'] = ''.join(firmware_meta_list)
         package_meta_temp = self.templates["metainfo.xml"]
         # XXX Might need to escape some characters
-        codecs.open("debian/firmware-%s.metainfo.xml" % package, 'w', 'utf-8').write(self.substitute(package_meta_temp, vars))
+        open("debian/firmware-%s.metainfo.xml" % package, 'w').write(self.substitute(package_meta_temp, vars))
 
     def process_template(self, in_entry, vars):
         e = Template()
@@ -370,10 +371,10 @@ You must agree to the terms of this license before it is installed."""
         self.write_makefile(makefile)
 
     def write_control(self, list):
-        self.write_rfc822(codecs.open("debian/control", 'w', 'utf-8'), list)
+        self.write_rfc822(open("debian/control", 'w'), list)
 
     def write_makefile(self, makefile):
-        f = codecs.open("debian/rules.gen", 'w', 'utf-8')
+        f = open("debian/rules.gen", 'w')
         makefile.write(f)
         f.close()
 
diff --git a/debian/changelog b/debian/changelog
index 745d4613345b..af2adeb54d68 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,26 @@
+firmware-nonfree (20161130-4) stretch; urgency=medium
+
+  * debian/bin/gencontrol.py: Set encoding to UTF-8 globally
+  * Add back firmware-{adi,ralink} as transitional packages (Closes: #907320)
+  * debian/control: Point Vcs URLs to Salsa
+  * Update to linux-support 4.9.0-8
+  * firmware-brcm80211: Update Broadcom wifi firmware to fix security issues
+    (Closes: #869639):
+    - BCM4339 (CVE-2016-0801)
+    - BCM4354 (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417, CVE-2017-13077,
+      CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081)
+    - BCM4356-PCIe (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417,
+      CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
+      CVE-2017-13081)
+    - BCM43340 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
+      CVE-2017-13081) (also fixes issues when operating in 5GHz band)
+    - BCM43362 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
+      CVE-2017-13081)
+    - BCM43430 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
+      CVE-2017-13081)
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Sat, 13 Oct 2018 20:27:06 +0100
+
 firmware-nonfree (20161130-3) unstable; urgency=medium
 
   * misc-nonfree: Include Intel OPA Gen1 firmware (Closes: #862458)
diff --git a/debian/config/brcm80211/brcm/brcmfmac43340-sdio.bin b/debian/config/brcm80211/brcm/brcmfmac43340-sdio.bin
new file mode 100644
index 000000000000..a945f80dbeb6
Binary files /dev/null and b/debian/config/brcm80211/brcm/brcmfmac43340-sdio.bin differ
diff --git a/debian/config/brcm80211/brcm/brcmfmac43362-sdio.bin b/debian/config/brcm80211/brcm/brcmfmac43362-sdio.bin
new file mode 100644
index 000000000000..62b3643420ed
Binary files /dev/null and b/debian/config/brcm80211/brcm/brcmfmac43362-sdio.bin differ
diff --git a/debian/config/brcm80211/brcm/brcmfmac4339-sdio.bin b/debian/config/brcm80211/brcm/brcmfmac4339-sdio.bin
new file mode 100644
index 000000000000..bc8316d80f32
Binary files /dev/null and b/debian/config/brcm80211/brcm/brcmfmac4339-sdio.bin differ
diff --git a/debian/config/brcm80211/brcm/brcmfmac43430-sdio.bin b/debian/config/brcm80211/brcm/brcmfmac43430-sdio.bin
new file mode 100644
index 000000000000..4b2945eaca56
Binary files /dev/null and b/debian/config/brcm80211/brcm/brcmfmac43430-sdio.bin differ
diff --git a/debian/config/brcm80211/brcm/brcmfmac4354-sdio.bin b/debian/config/brcm80211/brcm/brcmfmac4354-sdio.bin
new file mode 100644
index 000000000000..e2f7b1f04fbb
Binary files /dev/null and b/debian/config/brcm80211/brcm/brcmfmac4354-sdio.bin differ
diff --git a/debian/config/brcm80211/brcm/brcmfmac4356-pcie.bin b/debian/config/brcm80211/brcm/brcmfmac4356-pcie.bin
new file mode 100644
index 000000000000..3bf706e08c3b
Binary files /dev/null and b/debian/config/brcm80211/brcm/brcmfmac4356-pcie.bin differ
diff --git a/debian/config/misc-nonfree/defines b/debian/config/misc-nonfree/defines
index 907c2e98a95e..c06c0a1d150c 100644
--- a/debian/config/misc-nonfree/defines
+++ b/debian/config/misc-nonfree/defines
@@ -3,8 +3,8 @@ desc: various drivers in the Linux kernel
 longdesc:
  various drivers in the Linux kernel. This is a collection of firmware blobs
  which are not individually large enough to warrant a standalone package
-replaces: firmware-linux (<< 0.19), firmware-ivtv (<< 0.38~), firmware-linux-nonfree (<< 20151018-1~), firmware-adi, firmware-ralink
-breaks: firmware-linux (<< 0.19), firmware-ivtv (<< 0.38~), firmware-linux-nonfree (<< 20151018-1~), firmware-adi, firmware-ralink
+replaces: firmware-linux (<< 0.19), firmware-ivtv (<< 0.38~), firmware-linux-nonfree (<< 20151018-1~), firmware-adi (<< 20151018-1~), firmware-ralink (<< 20151018-1~)
+breaks: firmware-linux (<< 0.19), firmware-ivtv (<< 0.38~), firmware-linux-nonfree (<< 20151018-1~), firmware-adi (<< 20151018-1~), firmware-ralink (<< 20151018-1~)
 provides: firmware-adi, firmware-ralink
 files:
  3com/typhoon.bin
diff --git a/debian/copyright.meta b/debian/copyright.debian
similarity index 100%
rename from debian/copyright.meta
rename to debian/copyright.debian
diff --git a/debian/rules.defs b/debian/rules.defs
index 021b3c43a799..68526d069c09 100644
--- a/debian/rules.defs
+++ b/debian/rules.defs
@@ -1 +1 @@
-KERNELVERSION := 4.9.0-1
+KERNELVERSION := 4.9.0-8
diff --git a/debian/source/include-binaries b/debian/source/include-binaries
index 3d9c8c1471b8..db82e0ae2a96 100644
--- a/debian/source/include-binaries
+++ b/debian/source/include-binaries
@@ -1,4 +1,10 @@
 debian/config/amd-graphics/radeon/si58_mc.bin
+debian/config/brcm80211/brcm/brcmfmac4339-sdio.bin
+debian/config/brcm80211/brcm/brcmfmac4354-sdio.bin
+debian/config/brcm80211/brcm/brcmfmac4356-pcie.bin
+debian/config/brcm80211/brcm/brcmfmac43340-sdio.bin
+debian/config/brcm80211/brcm/brcmfmac43362-sdio.bin
+debian/config/brcm80211/brcm/brcmfmac43430-sdio.bin
 debian/config/ipw2x00/ipw2100-1.3-i.fw
 debian/config/ipw2x00/ipw2100-1.3-p.fw
 debian/config/ipw2x00/ipw2100-1.3.fw
diff --git a/debian/templates/control.binary.meta.in b/debian/templates/control.extra.in
similarity index 59%
rename from debian/templates/control.binary.meta.in
rename to debian/templates/control.extra.in
index 4971599202eb..be0be449cf3b 100644
--- a/debian/templates/control.binary.meta.in
+++ b/debian/templates/control.extra.in
@@ -18,3 +18,18 @@ Description: Binary firmware for various drivers in the Linux kernel (meta-packa
  This package depends on non-free firmware which may be used with drivers
  in the Linux kernel.
 
+Package: firmware-adi
+Section: non-free/oldlibs
+Architecture: all
+Depends: firmware-misc-nonfree, ${misc:Depends}
+Description: Binary firmware for Analog Devices Inc. DSL modem chips (dummmy package)
+ This is a dummy transitional package.  It can be safely removed.
+Multi-Arch: foreign
+
+Package: firmware-ralink
+Section: non-free/oldlibs
+Architecture: all
+Depends: firmware-misc-nonfree, ${misc:Depends}
+Description: Binary firmware for Ralink wireless cards (dummmy package)
+ This is a dummy transitional package.  It can be safely removed.
+Multi-Arch: foreign
diff --git a/debian/templates/control.source.in b/debian/templates/control.source.in
index 6d5c4505592a..7ae4c1c45b6b 100644
--- a/debian/templates/control.source.in
+++ b/debian/templates/control.source.in
@@ -5,6 +5,6 @@ Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
 Uploaders: Bastian Blank <waldi@debian.org>, Steve Langasek <vorlon@debian.org>, maximilian attems <maks@debian.org>, Ben Hutchings <ben@decadent.org.uk>
 Build-Depends: debhelper (>= 9)
 Standards-Version: 3.9.8
-Vcs-Git: https://anonscm.debian.org/git/kernel/firmware-nonfree.git
-Vcs-Browser: https://anonscm.debian.org/cgit/kernel/firmware-nonfree.git
+Vcs-Git: https://salsa.debian.org/kernel-team/firmware-nonfree.git
+Vcs-Browser: https://salsa.debian.org/kernel-team/firmware-nonfree
 XS-Autobuild: yes

--- End Message ---
--- Begin Message --- 
Version: 9.6

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam

--- End Message ---
Reply to: