On Tue, Oct 08, 2019 at 10:15:33PM +0200, Ondřej Surý wrote:
> The one package particularly hit by this is PHP.
>
> The openssl_get_cipher_methods() function does list the hmac variants with
> 1.1.1c, but it doesn’t with 1.1.1d, so there’s definitely a regression
> somewhere.
Is this something
There are no HMAC based ciphers, see:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
Kurt
On Wed, Oct 02, 2019 at 11:36:55PM -0400, Theodore Y. Ts'o wrote:
> On Wed, Oct 02, 2019 at 06:55:33PM +0200, Kurt Roeckx wrote:
> >
> > But it seems people are now thinking about breaking getrandom() too,
> > to let it return data when it's not initialized by defa
On Thu, Oct 03, 2019 at 07:56:54PM +, Sylvain Rochet wrote:
>
> Dear Maintainer,
>
> Upgrading from openssl 1.1.1c-1 to openssl 1.1.1d-0+deb10u1 on Debian
> Buster breaks openssh login on systems running old kernels (3.16.x at
> least).
>
> This is due to the missing getrandom syscall on
On Thu, Oct 03, 2019 at 04:11:57PM +0200, fab...@maintenancia.com wrote:
> It might be related to the fact that my system is a VPS running on an
> old kernel (3.16.0-4).
openssl does a new call to shm* related calls on such old kernels, and
openssh has a seccomp fileter that doesn't allow those
On Wed, Oct 02, 2019 at 03:17:31PM -0700, Paul Walsh wrote:
> >> In separate research, CAs have shown data to demonstrate that website
> >> owners want to have their identity verified.
> >
> > They have not. In fact, I would say that most website owners are perfectly
> > happy with DV
On Wed, Oct 02, 2019 at 02:48:56PM -0700, Paul Walsh wrote:
> On Oct 2, 2019, at 12:52 AM, Kurt Roeckx via dev-security-policy
> wrote:
> >
> > On 2019-10-02 09:20, Kurt Roeckx wrote:
> >> On 2019-10-02 02:39, Paul Walsh wrote:
> >>>
> >>>
Hi,
As OpenSSL, we want cryptograhic secure random numbers. Before
getrandom(), Linux never provided a good API for that, both
/dev/random and /dev/urandom have problems. getrandom() fixed
that, so we switched to it were available.
It was possible to combine /dev/random and /dev/urandom, and get
On 2019-10-02 09:20, Kurt Roeckx wrote:
On 2019-10-02 02:39, Paul Walsh wrote:
According to Ellis, the goal for a customer survey is to get feedback
from people who had recently experienced "real usage" of the product.
The key question in the survey for these people accordin
On 2019-10-02 02:39, Paul Walsh wrote:
According to Ellis, the goal for a customer survey is to get feedback from people who had
recently experienced "real usage" of the product. The key question in the
survey for these people according to Ellis, is:
"How would you feel if you could no
Author: Kurt Roeckx
Date: Sat Sep 28 14:59:32 2019 +0200
Add defines for __NR_getrandom for all Linux architectures
Fixes: #10015
Reviewed-by: Bernd Edlinger
GH: #10044
(cherry picked from commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02
The branch master has been updated
via 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 (commit)
from dfe1752c8414840b25bf094db2f24f810fefce85 (commit)
- Log -
commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02
Author: Kurt
On Mon, Sep 23, 2019 at 02:53:26PM -0700, Andy Warner via dev-security-policy
wrote:
>
> 1. The new text added to the Mozilla Recommended and Required Practices for
> this topic states only OCSP status is required for precertificates. Many CAs
> provide both CRLs and OCSP services and it would
On Sun, Sep 22, 2019 at 11:06:17PM +, Debian Bug Tracking System wrote:
> - Add smtp_tls_CApath using /usr/share/ca-certificates/ to default TLS
>configuration so postfix smtp client can use the system certificate
>store to verify smtp server certificates, add
Author: Kurt Roeckx
Date: Fri Sep 20 20:26:42 2019 +0200
Use the correct maximum indent
Found by OSS-Fuzz
Reviewed-by: Richard Levitte
Reviewed-by: Paul Dale
GH: #9959
(cherry picked from commit a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d
The branch master has been updated
via a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d (commit)
from ec87a649dd2128bde780f6e34a4833d9469f6b4d (commit)
- Log -
commit a6105ef40d65b35818f2b8ae8ca9e57ca6956d1d
Author: Kurt
described in the fuzzing
README. Update it to reflect all this.
Fixes #8768.
Reviewed-by: Matt Caswell
Reviewed-by: Kurt Roeckx
GH: #8891
---
Summary of changes:
fuzz/README.md | 75
On Tue, Sep 17, 2019 at 08:32:28AM +0200, Sebastian Andrzej Siewior wrote:
> Package: python-cryptography
> Version: 2.6.1-3
> Severity: serious
>
> The upload of latest openssl 1.1.1d triggert three testsuite failures in
> python-cryptography [0]
>
> - _
On Tue, Sep 17, 2019 at 08:32:28AM +0200, Sebastian Andrzej Siewior wrote:
> Package: python-cryptography
> Version: 2.6.1-3
> Severity: serious
>
> The upload of latest openssl 1.1.1d triggert three testsuite failures in
> python-cryptography [0]
>
> - _
On 2019-09-16 14:02, Rob Stradling wrote:
ISTM that this "certificate presumed to exist" concept doesn't play
nicely with the current wording of BR 4.9.10:
'If the OCSP responder receives a request for status of a certificate
that has not been issued, then the responder SHOULD NOT
On Sun, Sep 15, 2019 at 06:23:42PM +0200, Spielwarenkontor wrote:
>
> Same here in Debian stable - just upgraded from stable stretch to the
> new stable buster and broke production fetchmail system.
>
> client
> Sep 15 18:14:01 boark fetchmail[4250]: OpenSSL berichtete:
> error:141A318A:SSL
On 2019-09-04 14:14, Matt Palmer wrote:
If EV information is of use in anti-phishing efforts, then it would be best
for the providers of anti-phishing services to team up with CAs to describe
the advantages of continuing to provide an EV certificate. If site owners,
who are presumably smart
On 2019-08-30 12:14, Jakob Bohm wrote:
On 30/08/2019 01:36, Jacob Hoffman-Andrews wrote:
Also filed at https://bugzilla.mozilla.org/show_bug.cgi?id=1577652
On 2019.08.28 we read Apple’s bug report at
https://bugzilla.mozilla.org/show_bug.cgi?id=1577014 about DigiCert’s OCSP
responder
On Thu, Aug 22, 2019 at 04:00:57PM +0200, Mattia Rizzolo wrote:
> On Wed, Aug 21, 2019 at 06:38:43PM +0200, Kurt Roeckx wrote:
> > On Wed, Aug 21, 2019 at 10:10:50AM +0200, Mattia Rizzolo wrote:
> > > a
> > > somewhat less authoritative method is checking the statu
On Wed, Aug 21, 2019 at 09:47:09AM -0700, nbi wrote:
> Some progress. I found a reference to a MTU size issue possibly impacting
> this. I'm using channel bonding provided by the ifenslave package. It turns
> out ifenslave has a bug that causes it to not set the MTU size correctly on
> the active
On Wed, Aug 21, 2019 at 10:10:50AM +0200, Mattia Rizzolo wrote:
> a
> somewhat less authoritative method is checking the status of the user in
> ldap, but that might lag behind DAM decisions, etc.
There is no way to check if someone is a DD or not in ldap, there
never was.
Kurt
On Mon, Aug 19, 2019 at 02:57:14PM -0700, nbi wrote:
> Package: libssl1.0.0,libssl1.0.2,libssl1.1,openssl
> Version:
> libssl1.0.0 1.0.2l-1~bpo8+1
> libssl1.0.2 1.0.2q-2
> libssl1.1 1.1.1c-1
> openssl 1.1.1c-1
>
> After booting a distribution (sparkylinux.org) based on "testing" everything
>
On Fri, Aug 16, 2019 at 12:42:35PM -0700, tim--- via dev-security-policy wrote:
>
> By way of background, until recently almost all phishing and malware was on
> unencrypted http sites. They received a neutral UI, and the bad guys didn’t
> have to spend time and money getting a certificate,
On Thu, Aug 15, 2019 at 08:27:40PM +0200, Sakirnth Nagarasa wrote:
> Package: openssl
> Version: 3.0.0
> Severity: wishlist
>
> Hi,
>
> Could someone upload OpenSSL version 3.0.0 to expermiental please. I'm
> packaging ngtcp2 and it needs OpenSSL version 3.0.0 + a patch to build
> properly. It
On Wed, Aug 14, 2019 at 11:52:46PM -0700, Daniel Marschall via
dev-security-policy wrote:
> In old Firefox, I get a green bar if I visit google.com and paypal.com,
> telling me that this is a well-known company that got the EV certificate.
> The other fake domains goog1e.com and paypa1.com only
On Tue, Aug 13, 2019 at 09:09:35PM +0200, Sebastian Andrzej Siewior wrote:
> Yes, please. As an openssl dev you might have more luck. With a template
> I would ping the ssllabs folks :)
I've opened https://github.com/ssllabs/ssllabs-scan/issues/740
I think they're actually know enough about TLS
This problem is still present in buster.
The relevant strace output seems to be:
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=0,
inheritable=0}) = 0
access("/var/lib/nfs/nfsdcltrack", W_OK) = -1 ENOENT
This problem is still present in buster.
The relevant strace output seems to be:
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=0,
inheritable=0}) = 0
access("/var/lib/nfs/nfsdcltrack", W_OK) = -1 ENOENT
On 2019-08-13 05:27, Peter Gutmann wrote:
Wayne Thayer via dev-security-policy
writes:
Mozilla has announced that we plan to relocate the EV UI in Firefox 70, which
is expected to be released on 22-October. Details below.
Just out of interest, how are the CAs taking this? If there's no
On Mon, Aug 12, 2019 at 10:04:11PM +0200, Sebastian Andrzej Siewior wrote:
> On 2019-08-12 18:22:38 [+0200], Kurt Roeckx wrote:
> > On Mon, Aug 12, 2019 at 10:42:06AM +0200, Johannes Schauer wrote:
> > > > > curl: (35) error:1414D172:SSL
> > > > >
On Mon, Aug 12, 2019 at 10:42:06AM +0200, Johannes Schauer wrote:
> > > curl: (35) error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong
> > > signature type
>
> thanks to juliank on #debian-devel I found out that this issue seems to be a
> duplicate of #912759?
>
> If so, what should I
Note that systemd created an option so you can say you trust the
file. But in Debian we don't want to enable that by default. If
you need this in stable, I suggest talk to the systemd maintainer.
On Tue, Jul 30, 2019 at 12:41:16PM +0200, Matthias St. Pierre wrote:
> On 30.07.19 11:59, Kurt Roeckx wrote:
> > On Tue, Jul 30, 2019 at 12:42:33PM +1000, Dr Paul Dale wrote:
> > > Overly simplified, the problem boils down to the CTR DRBG needing an AES
> > > CTR ci
On Tue, Jul 30, 2019 at 12:42:33PM +1000, Dr Paul Dale wrote:
> Overly simplified, the problem boils down to the CTR DRBG needing an AES CTR
> cipher context to work. When creating the former, a recursive call is made
> to get the latter.
I'm not sure what you mean with "CTR" both times.
Are
On Tue, Jul 23, 2019 at 09:15:22PM +, Dr. Matthias St. Pierre wrote:
> It looks like currently two jobs of every travis build are failing on master,
> each with two different tests.
> Since this affect the builds of the pull requests, it would be nice if they
> could be fixed. Is anybody
On Mon, Jul 22, 2019 at 11:17:21PM +0200, Mattia Rizzolo wrote:
> [ now with a valid address in Cc... ]
>
> On Mon, Jul 22, 2019 at 10:38:36PM +0200, Uwe Kleine-König wrote:
> > it seems the voters on https://www.debian.org/vote/2019/vote_001 are not
> > recognised on contributors.debian.org.
>
On Wed, Jul 17, 2019 at 11:19:18PM -0300, Pablo Mestre wrote:
> People!!
>
> Leonel and I are planing do a small excersice/workshop of salsa dance
> https://wiki.debian.org/DebConf/19/InformalEvents#Salsa_Dancing_Workshop.
> We want to know who are interesting?
I am.
Kurt
On Tue, Jul 16, 2019 at 03:06:28PM -0400, Viktor Dukhovni wrote:
> On Mon, Jul 15, 2019 at 02:27:44PM +, Salz, Rich wrote:
>
> > >>DSA
> > >
> > > What is the cryptographic weakness of DSA that you are avoiding?
> >
> > It's a good question. I don't recall the
On Tue, Jul 16, 2019 at 12:12:57PM -0700, Kathleen Wilson via
dev-security-policy wrote:
> Mozilla: Overdue Audit Statements
> CA Owner: LuxTrust
> Root Certificates:
>LuxTrust Global Root 2
> Standard Audit:
> https://www.lsti-certification.fr/images/LSTI--11085-57-AL-V1.0_LUXTRUST.pdf
>
The branch master has been updated
via e3a0d367299ee9f384ef912c644dbb5ef195798d (commit)
from da0201814380144151293811e9cd63732e0e0c3e (commit)
- Log -
commit e3a0d367299ee9f384ef912c644dbb5ef195798d
Author: Kurt
On Mon, Jul 15, 2019 at 02:58:42PM +0200, Tomas Mraz wrote:
> Wouldn't it be better to make the legacy provider opt-out? I.E. require
> explicit configuration or explicit API call to not load the legacy
> provider.
I'm not even sure why they need to move to a different provider
(at this time).
On Tue, Jul 16, 2019 at 10:25:20AM -0400, Jordy wrote:
> Package: libmad0
>
>
> I found a security vulnerability in libmad, I could not contact the vendor so
> I figured I'd just send it to you guys as it's a dependency for a lot of
> packages (At Least 68).
Have you actually tried this with
On Thu, Jun 13, 2019 at 05:06:16PM +1000, Dr Paul Dale wrote:
>
> The second suggestion is broadly similar but requires a file containing
> entropy that persists across reboots. This alternative requires a more
> management: the entropy file once read needs to be rewritten immediately (and
>
On Fri, Jun 07, 2019 at 02:18:49PM +0200, Pierre Parmentier wrote:
> Hello,
>
> I just read this "L’Administration Générale de la Documentation
> Patrimoniale du SPF Finances a été désignée par les autres institutions
> comme étant la source authentique de ces limites administratives belges et
>
Package: gnupg
Severity: wishlist
Hi,
Could you switch from using /dev/random to using either
getentropy() or getrandom()?
Kurt
On Sat, Jun 08, 2019 at 12:26:30AM +0200, Giovanni Fontana wrote:
> */usr/bin/ld:libcrypto.map:0: syntax error in VERSION scriptcollect2:
There seems to be a problem generating the libcrypto.map file for
you. What does the file look like? Which perl version are you
using? Which libc do you use?
On Fri, Jun 07, 2019 at 05:14:23PM -0400, Lewis G. Pringle, Jr. wrote:
> When I run valgrind, I get thousands of errors (exactly like I used to get
> before I turned on -Dpurify).
You probably need commit 15d7e7997e219fc5fef3f6003cc6bd7b2e7379d4
Kurt
On Fri, Jun 07, 2019 at 07:04:57PM -0400, Viktor Dukhovni wrote:
> On Sat, Jun 08, 2019 at 12:54:36AM +0200, Kurt Roeckx wrote:
>
> > On Fri, Jun 07, 2019 at 03:37:07PM -0400, Viktor Dukhovni wrote:
> > > > On Jun 7, 2019, at 3:25 PM, Kurt Roeckx wrote:
> > >
On Fri, Jun 07, 2019 at 03:37:07PM -0400, Viktor Dukhovni wrote:
> > On Jun 7, 2019, at 3:25 PM, Kurt Roeckx wrote:
> >
> > For older kernels you install rng-tools that feeds the hwrng in
> > the kernel.
>
> Which works for me, and is pretty much the point I'm try
On Fri, Jun 07, 2019 at 07:01:30PM +, Salz, Rich wrote:
>
> >The kernel actually already does this in recent versions, if
> configured to do it.
>
> "The" kernel. Which one is that? Which operating system?
>
> Modern Linux is fine. Is that all we care about?
This whole
On Fri, Jun 07, 2019 at 03:08:24PM -0400, Viktor Dukhovni wrote:
> > On Jun 7, 2019, at 2:41 PM, Kurt Roeckx wrote:
> >
> >> This is not the sort of thing to bolt into the kernel, but is not
> >> unreasonable for systemd and the like.
> >
> > The k
On Fri, Jun 07, 2019 at 02:31:54PM -0400, Viktor Dukhovni wrote:
>
> That's a different issue. What I was suggesting was a service that
> waits for seeding to be ready. So that other services can depend
> on that service, with that service using various sources to adequately
> seed the kernel
On Fri, Jun 07, 2019 at 01:28:30PM -0400, Viktor Dukhovni wrote:
>
> I think that having the RNG behaviour capriciously different on
> different systems based on the whims of whoever built the library
> for that system is not a good idea. OpenSSL should provide an RNG
> that does not block
On Fri, Jun 07, 2019 at 10:18:32AM +0200, Tomas Mraz wrote:
>
> From the point of view of distribution maintainer of OpenSSL I would
> say what we had in 1.1.1 before the introduction of DEVRANDOM_WAIT had
> no real problems for us.
Introducing DEVRANDOM_WAIT didn't cause any change for us,
severity 930061 normal
thanks
This was fixed upstream in:
commit 15d7e7997e219fc5fef3f6003cc6bd7b2e7379d4
Author: Pauli
Date: Fri Mar 29 09:24:07 2019 +1000
Fix broken change from b3d113e.
Reviewed-by: Tim Hudson
(Merged from https://github.com/openssl/openssl/pull/8606)
-
commit 7ed66e2634e6cfbb16a1ef975572e79a479217a8
Author: Kurt Roeckx
Date: Wed Dec 19 00:36:40 2018 +0100
Change EVP_MAC method from copy to dup
Reviewed-by: Tomas Mraz
GH: #7651
commit be5fc053ed40bb714944f93e2d35265d2096f71f
Author: Kurt Roeckx
Date: Sun Nov 4 19:16:20 2018
On Tue, Jun 04, 2019 at 02:24:12PM +0200, Matěj Cepl wrote:
> Sebastian Andrzej Siewior píše v Út 04. 06. 2019 v 14:15 +0200:
> > Let me ping upstream: Matěj, could you please take a look at
> > https://bugs.debian.org/929903
> >
> > and check if it is okay the test no longer fails or if
On Tue, Jun 04, 2019 at 02:24:12PM +0200, Matěj Cepl wrote:
> Sebastian Andrzej Siewior píše v Út 04. 06. 2019 v 14:15 +0200:
> > Let me ping upstream: Matěj, could you please take a look at
> > https://bugs.debian.org/929903
> >
> > and check if it is okay the test no longer fails or if
On Tue, Jun 04, 2019 at 12:46:07AM +0200, Sebastian Andrzej Siewior wrote:
>
> So if I decoded it right, it does
>
> | fbuf = sha1("The magic words are squeamish ossifrage."); /* 0xbf, 0xf0,
> 0x04 … */
> | flen = RSA_public_encrypt(20, fbuf, tobuf, )
> | /* flen -> 128 */
> | r
On Tue, Jun 04, 2019 at 12:46:07AM +0200, Sebastian Andrzej Siewior wrote:
>
> So if I decoded it right, it does
>
> | fbuf = sha1("The magic words are squeamish ossifrage."); /* 0xbf, 0xf0,
> 0x04 … */
> | flen = RSA_public_encrypt(20, fbuf, tobuf, )
> | /* flen -> 128 */
> | r
t; | Fix memory overrun in rsa padding check functions
> |
> | Fixes #8364 and #8357
> |
> | Reviewed-by: Kurt Roeckx
> | (Merged from https://github.com/openssl/openssl/pull/8365)
> |
> | (cherry picked from commit d7f5e5ae6d53f1387a42d210806cf5e9ed0882d6)
>
t; | Fix memory overrun in rsa padding check functions
> |
> | Fixes #8364 and #8357
> |
> | Reviewed-by: Kurt Roeckx
> | (Merged from https://github.com/openssl/openssl/pull/8365)
> |
> | (cherry picked from commit d7f5e5ae6d53f1387a42d210806cf5e9ed0882d6)
>
On Tue, May 28, 2019 at 01:40:12PM +0200, Karsten Merker wrote:
> On Sat, May 11, 2019 at 10:26:37PM +0200, Karsten Merker wrote:
>
> > elfutils currently FTBFS for riscv64 and this is the last remaining
> > blocker to get a working debian-installer for riscv64. As already
> > discussed together
Author: Kurt Roeckx
Date: Sat Apr 13 12:32:48 2019 +0200
Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger
Reviewed-by: Richard Levitte
GH: #8741
(cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e
Author: Kurt Roeckx
Date: Sat Apr 13 12:32:48 2019 +0200
Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger
Reviewed-by: Richard Levitte
GH: #8741
(cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e
Author: Kurt Roeckx
Date: Sat Apr 13 12:32:48 2019 +0200
Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger
Reviewed-by: Richard Levitte
GH: #8741
(cherry picked from commit 70b0b977f73cd70e17538af3095d18e0cf59132e
, DSA and DH
+ generation apps to use 2048 bits by default.
+ [Kurt Roeckx]
+
*) Added command 'openssl kdf' that uses the EVP_KDF API.
[Shane Lontis]
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 3497915..f630fd3 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh
-
commit b506b4fae6ec2661f12c2ae522c83c2f4fc051b3
Author: Kurt Roeckx
Date: Sat Dec 8 20:12:01 2018 +0100
Update security policy
commit 947d03ee10750815f8cf7a2e597dfb6441857295
Author: Mark J. Cox
Date: Thu Nov 29 15:27:27 2018 +
Discussed at the OMC face to face that we should make
Hi,
I would like to propose the following vote:
All public votes should be discussed on the openssl-project list
before a vote is called. The minimum time between a proposal
and calling for a vote is 1 week. If the proposal is changed, the
1 week period restarts.
On Sun, May 05, 2019 at 10:18:56AM +0200, Andrej Shadura wrote:
> Hu Kurt,
>
> On Thu, 2 May 2019 09:03:53 +0200 Kurt Roeckx wrote:
> > I've been told that there are federation issues in 0.99.2 and that
> > I should upgrade to 0.99.3.
>
> I have asked the upstrea
Package: matrix-synapse
Version: 0.99.2-3
Severity: important
Hi,
I've been told that there are federation issues in 0.99.2 and that
I should upgrade to 0.99.3.
Kurt
Package: apt
Version: 1.8.0
I have this in my apt keyring:
/etc/apt/trusted.gpg
pub rsa4096 2015-06-11 [SC]
C35E B17E 1EAE 708E 6603 A9B3 AD05 92FE 47F0 DF61
uid [ unknown] matrix.org (Debian signing key)
sub rsa4096 2015-06-11 [E]
But I know that that
On Wed, Apr 24, 2019 at 06:22:04PM -0400, Soppy bear wrote:
> omg... i cant believe u just closed that ticket... :u
>
> pls let me explain.
>
> 1. This is a Debian problem because the end user should be able to use TLS
> without having
> to import/use certificates without any practical use for
|322 | 57 | 30.320 | 6.58729 |
| 2018 | 1001 | 47.457 | 343 |333 | 53 | 33.266 | 7.01674 |
| 2019 | 1003 | 47.505 | 389 |378 | 59 | 37.687 | 7.95701 |
|--+--++---++-++---|
Kurt Roeckx
Debian Project Secretary
|322 | 57 | 30.320 | 6.58729 |
| 2018 | 1001 | 47.457 | 343 |333 | 53 | 33.266 | 7.01674 |
| 2019 | 1003 | 47.505 | 389 |378 | 59 | 37.687 | 7.95701 |
|--+--++---++-++---|
Kurt Roeckx
Debian Project Secretary
Hi,
It seems that the automatic mail didn't get send. The winner is
Sam Hartman. I will send an official mail later.
Kurt
signature.asc
Description: PGP signature
an openssl.cnf in libssl1.1-udeb.dirs
+
+ -- Kurt Roeckx Tue, 16 Apr 2019 21:31:11 +0200
+
openssl (1.1.1b-1) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
diff -Nru openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
--- openssl-1.1.1b/debian
an openssl.cnf in libssl1.1-udeb.dirs
+
+ -- Kurt Roeckx Tue, 16 Apr 2019 21:31:11 +0200
+
openssl (1.1.1b-1) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
diff -Nru openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
--- openssl-1.1.1b/debian
an openssl.cnf in libssl1.1-udeb.dirs
+
+ -- Kurt Roeckx Tue, 16 Apr 2019 21:31:11 +0200
+
openssl (1.1.1b-1) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
diff -Nru openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
--- openssl-1.1.1b/debian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 16 Apr 2019 21:31:11 +0200
Source: openssl
Architecture: source
Version: 1.1.1b-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team
Changed-By: Kurt Roeckx
Closes: 923516 926315
Changes:
openssl (1.1.1b
The branch master has been updated
via 3e3dcf9ab8a2fc0214502dad56d94fd95bcbbfd5 (commit)
from 72eb100f8a38c5b3822d7751eddaa2f3f4576fa1 (commit)
- Log -
commit 3e3dcf9ab8a2fc0214502dad56d94fd95bcbbfd5
Author: Kurt
On Thu, Apr 11, 2019 at 04:51:50PM -0400, Jeffrey Walton wrote:
> On Thu, Apr 11, 2019 at 11:24 AM peter green wrote:
> >
> > I got a report from a user about "openssl sha1 " not working for
> > large files on raspbian stretch.
> >
> > I investigated the problem and found that when I tried to
On Tue, Apr 09, 2019 at 07:10:04PM +0200, Kurt Roeckx wrote:
> On Tue, Apr 09, 2019 at 10:19:10AM +0200, Mathias Behrle wrote:
> > Hi all,
> >
> > I have set up an expiry on my GPG key:
> > - originally set to 2019-04-07
> > - updated on 2019-04-08 to 2021-04-06
On Tue, Apr 09, 2019 at 10:19:10AM +0200, Mathias Behrle wrote:
> Hi all,
>
> I have set up an expiry on my GPG key:
> - originally set to 2019-04-07
> - updated on 2019-04-08 to 2021-04-06 and pushed to various keyservers
> including keyring.debian.org.
>
> But nevertheless my ballot is
Hi,
This is the first call for votes on the DPL election of 2019.
Voting period starts 2019-04-07 00:00:00 UTC
Votes must be received by 2019-04-20 23:59:59 UTC
This vote is being conducted as required by the Debian Constitution.
You may see the constitution at
This is the draft ballot.
Voting period starts 2019-04-07 00:00:00 UTC
Votes must be received by 2019-04-20 23:59:59 UTC
This vote is being conducted as required by the Debian Constitution.
You may see the constitution at https://www.debian.org/devel/constitution.
For voting
On Thu, Apr 04, 2019 at 12:48:22AM +0200, Cyril Brulebois wrote:
> Hi,
>
> And thanks for digging…
>
> Kurt Roeckx (2019-04-04):
> > On Thu, Apr 04, 2019 at 12:07:37AM +0200, Kurt Roeckx wrote:
> > > On Wed, Apr 03, 2019 at 11:57:12PM +0200, Kurt Roeckx wrote:
>
On Thu, Apr 04, 2019 at 12:48:22AM +0200, Cyril Brulebois wrote:
> Hi,
>
> And thanks for digging…
>
> Kurt Roeckx (2019-04-04):
> > On Thu, Apr 04, 2019 at 12:07:37AM +0200, Kurt Roeckx wrote:
> > > On Wed, Apr 03, 2019 at 11:57:12PM +0200, Kurt Roeckx wrote:
>
On Thu, Apr 04, 2019 at 12:07:37AM +0200, Kurt Roeckx wrote:
> On Wed, Apr 03, 2019 at 11:57:12PM +0200, Kurt Roeckx wrote:
> > On Wed, Apr 03, 2019 at 11:23:19PM +0200, Cyril Brulebois wrote:
> > > 1726 write(2, "Disabling SSL due to encountered errors.\n", 41)
On Thu, Apr 04, 2019 at 12:07:37AM +0200, Kurt Roeckx wrote:
> On Wed, Apr 03, 2019 at 11:57:12PM +0200, Kurt Roeckx wrote:
> > On Wed, Apr 03, 2019 at 11:23:19PM +0200, Cyril Brulebois wrote:
> > > 1726 write(2, "Disabling SSL due to encountered errors.\n", 41)
On Wed, Apr 03, 2019 at 11:57:12PM +0200, Kurt Roeckx wrote:
> On Wed, Apr 03, 2019 at 11:23:19PM +0200, Cyril Brulebois wrote:
> > 1726 write(2, "Disabling SSL due to encountered errors.\n", 41) = 41
>
> wget in buster actually seems to be linked to gnutls, and tr
On Wed, Apr 03, 2019 at 11:57:12PM +0200, Kurt Roeckx wrote:
> On Wed, Apr 03, 2019 at 11:23:19PM +0200, Cyril Brulebois wrote:
> > 1726 write(2, "Disabling SSL due to encountered errors.\n", 41) = 41
>
> wget in buster actually seems to be linked to gnutls, and tr
On Wed, Apr 03, 2019 at 11:23:19PM +0200, Cyril Brulebois wrote:
> 1726 write(2, "Disabling SSL due to encountered errors.\n", 41) = 41
Looking at the source, about the only reason I can see to get that
is that SSL_CTX_new() failed.
If I understand correctly, it's actually a change in
On Wed, Apr 03, 2019 at 11:23:19PM +0200, Cyril Brulebois wrote:
> 1726 write(2, "Disabling SSL due to encountered errors.\n", 41) = 41
Looking at the source, about the only reason I can see to get that
is that SSL_CTX_new() failed.
If I understand correctly, it's actually a change in
On Wed, Apr 03, 2019 at 10:03:13PM +0200, Sebastian Andrzej Siewior wrote:
> On 2019-04-03 11:14:54 [+0100], Dimitri John Ledkov wrote:
> > $ wget https://google.com
> >
> > fails in Buster alpha installer, when used from a booted netinst iso
> > in a tty. It also means that fetch-url fails, and
701 - 800 of 14770 matches
Mail list logo