[blog] 01/01: ENH: 137: add my bugs filed and archlinux imap

Santiago Torres-Arias sangy-guest at moszumanska.debian.org
Tue Dec 5 00:35:10 UTC 2017


This is an automated email from the git hooks/post-receive script.

sangy-guest pushed a commit to branch master
in repository blog.

commit 78835b02daf8668a499dfea307a7204cc6d3ebf3
Author: Santiago Torres <torresariass at gmail.com>
Date:   Mon Dec 4 19:34:58 2017 -0500

    ENH: 137: add my bugs filed and archlinux imap
---
 drafts/137.mdwn | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/drafts/137.mdwn b/drafts/137.mdwn
index fb2eb6a..06b2da4 100644
--- a/drafts/137.mdwn
+++ b/drafts/137.mdwn
@@ -1,12 +1,29 @@
+logo discussion https://lists.reproducible-builds.org/pipermail/rb-general/2017-December/000741.html
+
+Packages reviewed and fixed, and bugs filed
+-------------------------------------------
+
+* Bernhard M. Wiedemann:
+  * [openSUSE/neovim](https://build.opensuse.org/request/show/547886) hostname,username
+
+* Santiago Torres-Arias:
+  * [Make gnu-apl reproducible](https://savannah.gnu.org/bugs/index.php?52586)
+  * fbnews: sorry, there is no public record of the bug. you can see the patch [here](https://ptpb.pw/CfGQ/diff) though
+
 lede/openwrt package feeds
 	lynxis did: 
 		https://github.com/openwrt/packages/pull/5216
         	https://github.com/openwrt/packages/pull/5217 
 		https://github.com/openwrt/packages/pull/5218
 
+Arch Linux imap key leakage
+---------------------------
 
-* Bernhard M. Wiedemann:
-  * [openSUSE/neovim](https://build.opensuse.org/request/show/547886) hostname,username
+A [security issue](https://bugs.archlinux.org/task/56484) was found on the imap
+package for Arch Linux thanks to the reproducible builds efforts. Due to a
+hardcoded key-generation routine in the build() step of imap's PKGBUILD (the
+standard packaging file for Arch Linux pakcages), a default secret key was
+generated and leaked on all imap installations. 
 
-
-logo discussion https://lists.reproducible-builds.org/pipermail/rb-general/2017-December/000741.html
+This was prompty reviewed, confirmed and fixed by the Arch Linux package
+maintainers.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/blog.git



More information about the Reproducible-commits mailing list