| Commit message (Expand) | Author | Age |
|---|
| ... | |
| * | Bug#686410: pbuilder: [INTL:es] Spanish translation update of debconf message... | David Martínez Moreno | 2012-09-11 |
| * | Bug#686004: [INTL: it] Italian translation of debconf messages - pbuilder | Beatrice Torracca | 2012-09-11 |
| * | 0.212 release. | Junichi Uekawa | 2012-08-24 |
| * | update copyright file to be more machine-process-able, and move homepage info... | Junichi Uekawa | 2012-05-31 |
| * | 0.211 release | Junichi Uekawa | 2012-05-30 |
| * | update changelog | Junichi Uekawa | 2012-05-29 |
| * | first draft of a useful changelog | Junichi Uekawa | 2012-05-29 |
| * | For testsuite, do not depend on approx instance. It's not always reliable and...•••Just trust autoconfiguration result here.
| Junichi Uekawa | 2012-05-28 |
| * | policy 3.9.1 probably does not require any change.•••I wasn't sure if I needed to do something for the following, but maybe not:
7.1
Architecture restrictions and wildcards are also allowed in
binary package relationships provided that the binary package is
not architecture-independent.
| Junichi Uekawa | 2012-04-24 |
| * | reviewed upgrading checklist for 3.9.0 compatibility. | Junichi Uekawa | 2012-04-24 |
| * | release 0.210 | Junichi Uekawa | 2012-03-31 |
| * | prepare 0.210 | Junichi Uekawa | 2012-03-31 |
| * | 0.209 | Junichi Uekawa | 2012-03-30 |
| * | prepare for release | Junichi Uekawa | 2012-03-30 |
| * | 0.208 | Junichi Uekawa | 2012-03-13 |
| * | 0.207 | Junichi Uekawa | 2012-03-10 |
| * | add changelog with git dch -a to prepare for 0.207 release. | Junichi Uekawa | 2012-03-09 |
| * | Bug#579028: pbuilder: installs untrusted packages without asking•••Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new option --keyring (APTKEYRINGS) to add
additional keyrings, which are then used to verify the (local)
signed repositories. This way no untrusted packages can be
installed.
To still allow untrusted/unsigned repositories - they are a very
bad idea and allow remote attackers performing a MITM to take
over the system, including all built packages - the new option
- --allow-untrusted (ALLOWUNTRUSTED) was added.
I tested it with the official Debian repository, signed and
unsigned local repositories and it works fine for me. But I'm
only a "normal" pbuilder user, so I might have missed something.
Please test the patch.
I haven't tested it with cdebootstrap, but it should work as
well.
The old PBUILDERSATISFYDEPENDSOPT --check-key option was
deprecated and is no longer used (it emits a warning now) as
validation is the default now.
The patch also contains documentation updates for the new
options/variables and updates for the NEWS file describing the
necessary changes to continue using untrusted packages (but
please don't do that - especially as a Debian developer).
Please have a look and include the patch as soon as possible to
fix this security issue.
Regards,
Simon
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.2.1
ii debootstrap 1.0.38
ii dpkg-dev 1.16.1.2
ii wget 1.13.4-2
Versions of packages pbuilder recommends:
pn devscripts 2.11.4
pn fakeroot 1.18.2-1
pn sudo <none>
Versions of packages pbuilder suggests:
pn cowdancer <none>
pn gdebi-core <none>
pn pbuilder-uml <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
oF3CcmlykKX4SYzhUI/e
=6EPj
-----END PGP SIGNATURE-----
>From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org>
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 6 Mar 2012 02:00:48 +0100
Subject: [PATCH] Enforce valid signed repositories by default.
| Simon Ruderich | 2012-03-09 |
| * | 0.206 | Junichi Uekawa | 2012-01-28 |
| * | Bug#598316: pbuilder: mirrorsite is not preseedable•••tag 598316 +patch
usertags 598316 +patch-supplied
thanks
Attached are three patches fixing the three issues reported in this bug.
Hopefully it should be fairly self-explanatory which one is for which.
- Matt
>From 3631bcda0a9bf0011d02268942ebc7756fd03ada Mon Sep 17 00:00:00 2001
From: Matt Palmer <mpalmer@hezmatt.org>
Date: Mon, 13 Dec 2010 17:04:45 +1100
Subject: [PATCH] Allow arbitrary whitespace in sources.list. Ref: #598316
An overly restrictive regex means that people who like very neat
sources.list files get penalised. Not any more.
| Matthew Palmer | 2012-01-27 |
| * | release 0.205 | Junichi Uekawa | 2011-12-25 |
| * | pbuilder: [INTL:pt_BR] Brazilian Portuguese debconf templates translation (cl... | Flamarion Jorge | 2011-12-24 |
| * | add dpkg-dev to pbuilder dependency (closes: 623623)•••There's a missing dependency: 'dpkg-architecture' is in dpkg-dev and
pbuilder now depends on it.
Sort the dependency in alpha order on the way.
| Junichi Uekawa | 2011-12-23 |
| * | release 0.204 | Junichi Uekawa | 2011-12-04 |
| * | installation preparation of packages. | Junichi Uekawa | 2011-12-04 |
| * | revert change to changelog | Junichi Uekawa | 2011-12-04 |
| * | Merge branch 'master' of ssh://git.debian.org/git/pbuilder/pbuilder | Junichi Uekawa | 2011-12-04 |
| |\ |
|
| | * | Bug#569917: Support base.tar.xz/bz2 as well as tgz•••Package: pbuilder
Version: 0.203
Followup-For: Bug #569917
I cooked a little patch that adds a --compressprog command line option and
COMPRESSPROG option in pbuilderrc.
Tested with pigz, to get multithreaded, and therefore much faster
compression/decompression, and xz.
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-00002-g5eeb7f9 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.0.4
ii debootstrap 1.0.38
ii wget 1.13.4-1
Versions of packages pbuilder recommends:
ii devscripts 2.11.2
ii fakeroot 1.18.1-1
ii sudo 1.8.3p1-2
Versions of packages pbuilder suggests:
pn cowdancer 0.65
pn gdebi-core <none>
pn pbuilder-uml <none>
-- debconf information:
pbuilder/mirrorsite: http://ftp.de.debian.org/debian/
pbuilder/nomirror:
pbuilder/rewrite: false
| Tino Keitel | 2011-11-29 |
| * | | check for pdebuild in regression test too, just in case. | Junichi Uekawa | 2011-12-04 |
| |/ |
|
| * | pbuilder: [INTL:sk] Slovak po-debconf translation | Slavko | 2011-11-29 |
| * | release 0.203 | Junichi Uekawa | 2011-09-22 |
| * | start 0.203 development. | Junichi Uekawa | 2011-08-30 |
| * | 0.202 | Junichi Uekawa | 2011-08-30 |
| * | open up 0.202 development | Junichi Uekawa | 2011-08-02 |
| * | release 0.201 | Junichi Uekawa | 2011-08-02 |
| * | prepare 0.201 changelog from git changelog. | Junichi Uekawa | 2011-08-02 |
| * | Dutch translation of debconf templates (closes: #631123) | Jeroen Schot | 2011-07-29 |
| * | Serbian cyrillic translation of debconf templates. (closes: #635217, #635277)•••Serbian latin translation of debconf templates.
| Zlatan Todoric | 2011-07-29 |
| * | open up 0.201 development. | Junichi Uekawa | 2011-06-29 |
| * | release 0.200 | Junichi Uekawa | 2011-06-26 |
| * | Merge branch '0.199nmu'•••Conflicts:
debian/changelog
| Junichi Uekawa | 2011-06-25 |
| |\ |
|
| | * | From: Thorsten Glaser•••tags 620730 + patch pending
tags 626431 + patch pending
tags 627086 + patch pending
tags 603420 + patch pending
tags 601250 + patch pending
tags 603881 = unreproducible
tags 400848 = unreproducible
tags 622624 = unreproducible
thanks
Dear Junichi, Matt and others,
I’ve prepared an NMU for pbuilder (versioned as 0.199+nmu4) and uploaded
it to Debian unstable, with a two-day delay as per devref §5.11.1 since
this fixes an RC bug older than seven days. The debdiff is attached; it
closes five bugs. I’m also tagging three other bugs as unreproducible as
pbuilder itself (obviously) doesn’t FTBFS on my system and the test pak-
kage I used didn’t exhibit problems with either comment blocks or hori-
zontal tabulator characters in the control file. I’m also attaching the
test package (absolutely minimal, but that’s what you get).
I mostly used patches from the bugs closed as baseline for my changes,
but did a bit more usually. I’m a heavy user of cowbuilder, because on
m68k there’s currently no buildd and cowbuilder is all I know (and love,
really… someone should make a buildd flavour that uses cowbuilder in-
stead of sbuild, if it goes by my will).
Cheers.
| Junichi Uekawa | 2011-06-24 |
| | * | From: Luca Falavigna <dktrkranz@debian.org>•••tags 542837 + patch pending
thanks
Dear Junichi,
I've prepared an NMU for pbuilder (versioned as 0.199+nmu3) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.
I tested this patchset on both kfreebsd-i386 and kfreebsd-amd64, and I
can confirm they work as expected.
Regards,
| Junichi Uekawa | 2011-06-24 |
| | * | Bug#606699: pbuilder NMU•••Hi,
I talked to Junichi and he told me it was fine if I NMU'ed pbuilder to fix these
bugs. This is the debdiff for my NMU.
Regards,
Emilio
| Emilio Pozuelo Monfort | 2011-06-24 |
| | * | Bug#542915: NMU patch•••Hi,
The patch for this NMU is as follows.
| Steve M. Robbins | 2011-06-24 |
| * | | start 0.200 | Junichi Uekawa | 2010-07-05 |
| |/ |
|
| * | release 0.199 | Junichi Uekawa | 2010-07-05 |
| * | release 0.198 | Junichi Uekawa | 2010-06-24 |
| * | open 0.198 | Junichi Uekawa | 2010-06-23 |
| * | release 0.197 | Junichi Uekawa | 2010-06-23 |