Bug#911767: stable-pu: package lastpass-cli/1.0.0-1.2+deb9u1
Package: release.debian.org
Severity: normal
Tags: stable
User: release.debian.org@packages.debian.org
Usertags: pu
Dear stable release managers,
Please consider lastpass-cli (1.0.0-1.2+deb9u1) for stable:
lastpass-cli (1.0.0-1.2+deb9u1) stable; urgency=medium
* Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect
changes in hosted Lastpass.com service. (Closes: #898940)
* Add missing ca-certificates to Depends.
The full diff is attached.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
diff --git a/debian/changelog b/debian/changelog
index a49b342..3283985 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+lastpass-cli (1.0.0-1.2+deb9u1) stable; urgency=medium
+
+ * Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect
+ changes in hosted Lastpass.com service. (Closes: #898940)
+ * Add missing ca-certificates to Depends.
+
+ -- Chris Lamb <lamby@debian.org> Wed, 24 Oct 2018 10:40:01 -0400
+
lastpass-cli (1.0.0-1.2) unstable; urgency=medium
* Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 5d13597..64c4ed5 100644
--- a/debian/control
+++ b/debian/control
@@ -7,7 +7,7 @@ Standards-Version: 3.9.8.0
Package: lastpass-cli
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, binutils
+Depends: ${shlibs:Depends}, ${misc:Depends}, binutils, ca-certificates
Description: command line interface to LastPass.com
This application is a command line interface to the LastPass.com services. It
brings both better security and convenience by allowing you to access, add,
diff --git a/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch b/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch
new file mode 100644
index 0000000..60cab8d
--- /dev/null
+++ b/debian/patches/0004-backport-hardcoded-certificate-pins-from-1.3.1.patch
@@ -0,0 +1,26 @@
+From: Chris Lamb <lamby@debian.org>
+Date: Wed, 24 Oct 2018 10:33:53 -0400
+Subject: Backport hardcoded certificate pins from lastpass 1.3.1 to reflect
+ changes in the hosted LastPass.com service. (Closes: #898940)
+
+---
+ pins.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/pins.h b/pins.h
+index e629b6f..7455574 100644
+--- a/pins.h
++++ b/pins.h
+@@ -5,8 +5,12 @@ const char *PK_PINS[] = {
+ "HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=",
+ /* current lastpass.eu primary (AddTrust) */
+ "lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=",
++ /* future lastpass root CA (GlobalSign R1) */
++ "K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=",
+ /* future lastpass root CA (GlobalSign R2) */
+ "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=",
++ /* future lastpass root CA (GlobalSign R3) */
++ "cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=",
+ /* future lastpass.com primary (leaf) */
+ "0hkr5YW/WE6Nq5hNTcApxpuaiwlwy5HUFiOt3Qd9VBc=",
+ /* future lastpass.com backup (leaf) */
diff --git a/debian/patches/series b/debian/patches/series
index 45a126b..1e88d92 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
0001-cipher-support-opaque-EVP_CIPHER_CTX.patch
0002-cipher-drop-p8inf-broken-flag-check.patch
0003-pbkdf2-support-openssl-1.1.patch
+0004-backport-hardcoded-certificate-pins-from-1.3.1.patch
Reply to: