Bug#918717: [Pkg-openssl-devel] Bug#918717: Bug#918717: openssl: wrong signature type on a specific website with openssl.cnf shipped in debian

On Tue, Jan 08, 2019 at 07:30:01PM +0100, Sebastian Andrzej Siewior wrote: > On 2019-01-08 17:40:04 [+0100], Jérémy Lal wrote: > > Package: openssl > > Version: 1.1.1a-1 > > Severity: normal > > > > Hi, > > > > curl https://portal.gexpertise.fr/GexPortal > > returns an error, > > > > however

Bug#918717: [Pkg-openssl-devel] Bug#918717: openssl: wrong signature type on a specific website with openssl.cnf shipped in debian

On Tue, Jan 08, 2019 at 05:40:04PM +0100, Jérémy Lal wrote: > Package: openssl > Version: 1.1.1a-1 > Severity: normal > > Hi, > > curl https://portal.gexpertise.fr/GexPortal > returns an error, They are running an ancient OpenSSL version with known security vulnerabilities, and an old bug you

Re: Appeal procedure for DAM actions

On Mon, Jan 07, 2019 at 11:27:35PM +0100, Joerg Jaspert wrote: > > we waive the time limit defined in §1 for the cases > from the last 6 months. Would it make sense to have them 1 week from publishing this instead? Kurt

Re: [openssl-users] RNG behavior by default

On Sat, Jan 05, 2019 at 08:33:18PM +0100, Steffen Nurpmeso wrote: > > (I am also really interested and will look into OpenSSL to see if > the abort() that seems to happen if the initial seed fails is in > a linker-resolved constructor, and if not, why later failures do > not also abort. We do

Re: [openssl-users] RNG behavior by default

On Sat, Jan 05, 2019 at 08:45:37AM +1000, Dr Paul Dale wrote: > I’m not sure about the quality of Android’s sources, but would expect them to > be decent. Android is just a Linux kernel. It always had /dev/urandom. Oreo (8.0) requires at least Linux kernel 4.4. There were no requirements for the

Re: [openssl-users] RNG behavior by default

On Fri, Jan 04, 2019 at 02:48:48PM +0100, Steffen Nurpmeso wrote: > Dr. Matthias St. Pierre wrote in <450169f8ca7c43d1841c4c8052e78c72@Ex13.\ > ncp.local>: > |> So my concerns are: > |> 1. Whether I really can count on getting a high-entropy PRNG across \ > |> these various platforms, without

Re: [openssl-users] RFC 7919 DH parameters and OpenSSL DH_check()

On Thu, Jan 03, 2019 at 12:18:05PM -0800, Andy Schmidt wrote: > I am adding the RFC 7919 Diffie-Hellman parameters to our TLS servers, and > I've found that these parameters won't pass OpenSSL's Diffie Hellman > parameter check function DH_check(). The return code is > DH_NOT_SUITABLE_GENERATOR.

Re: [openssl-users] RNG behavior by default

On Thu, Jan 03, 2019 at 11:03:01AM -0500, Mike Blaguszewski wrote: > I am using the EVP API (version 1.1.1) for performing public key and > symmetric key operations across a variety of platforms (macOS, Windows, > Linux, iOS and Android). I am currently not doing anything to explicitly seed >

Re: Yet more undisclosed intermediates

On 2019-01-03 16:25, Jakob Bohm wrote: There is the date fields in the SubCA certificate itself, as well as any embedded CT data (assuming the parent CA is correctly CT-logged). Do you expect precertificates for CA certificates? I currently don't know if there are any requirements for logging

Bug#883778: problems building guile-2.0 on armel

I've enabled guile-2.0 and 2.2 again on armel yesterday, and it seems to build without issues now.

Bug#883778: problems building guile-2.0 on armel

I've enabled guile-2.0 and 2.2 again on armel yesterday, and it seems to build without issues now.

Bug#918057: gnucash: FTBFS: test suite failure

Source: gnucash Version: 1:3.3-2 Severity: serious Gnucash has a test suite problem. There is a log here: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/gnucash.html showing: [pass] line:641, test: dual amount column, grand totals available [fail] line:644, test: dual amount

Bug#918057: gnucash: FTBFS: test suite failure

Source: gnucash Version: 1:3.3-2 Severity: serious Gnucash has a test suite problem. There is a log here: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/gnucash.html showing: [pass] line:641, test: dual amount column, grand totals available [fail] line:644, test: dual amount

Re: Please give back meep on mipsel

On Tue, Jan 01, 2019 at 08:35:40PM +0100, Kurt Roeckx wrote: > On Tue, Jan 01, 2019 at 04:59:17PM +0100, Thorsten Alteholz wrote: > > Hi, > > > > the mipsel buildd marked meep as "unsatisfiable Build-Depends(-Arch) on > > mipsel: mpb-dev". > > As mpb

Re: Please give back meep on mipsel

On Tue, Jan 01, 2019 at 04:59:17PM +0100, Thorsten Alteholz wrote: > Hi, > > the mipsel buildd marked meep as "unsatisfiable Build-Depends(-Arch) on > mipsel: mpb-dev". > As mpb-dev is finally available on mipsel, please give meep back: > >gb meep_1.7.0-2 . mipsel Build-Depends are checked

Re: [openssl-users] Authentication over ECDHE

On Mon, Dec 31, 2018 at 02:11:56PM +, Matt Caswell wrote: > > Well, you have vocally complained about the state of the documentation. You > have > the benefit of being a new OpenSSL user. You know what things were confusing > or > unclear in the documentation. More experienced OpenSSL

Accepted elfutils 0.175-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 30 Dec 2018 15:02:01 +0100 Source: elfutils Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev Architecture: source Version: 0.175-2 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx Changed

Bug#917366: RFP: postfix-mta-sts-resolver -- daemon that adds support for MTA-STS to postfix

Package: wnpp Severity: wishlist * Package name: postfix-mta-sts-resolver Version : 0.2.4 * URL : https://github.com/Snawoot/postfix-mta-sts-resolver * License : MIT Programming Lang: python Description : Daemon which provides TLS client policy for

Bug#917366: RFP: postfix-mta-sts-resolver -- daemon that adds support for MTA-STS to postfix

Package: wnpp Severity: wishlist * Package name: postfix-mta-sts-resolver Version : 0.2.4 * URL : https://github.com/Snawoot/postfix-mta-sts-resolver * License : MIT Programming Lang: python Description : Daemon which provides TLS client policy for

Bug#917366: RFP: postfix-mta-sts-resolver -- daemon that adds support for MTA-STS to postfix

Package: wnpp Severity: wishlist * Package name: postfix-mta-sts-resolver Version : 0.2.4 * URL : https://github.com/Snawoot/postfix-mta-sts-resolver * License : MIT Programming Lang: python Description : Daemon which provides TLS client policy for

Re: Online exposed keys database

On Wed, Dec 19, 2018 at 10:08:51AM +0100, Kurt Roeckx via dev-security-policy wrote: > On 2018-12-18 11:44, Matt Palmer wrote: > > It's currently loaded with great piles of Debian weak keys (from multiple > > architectures, etc), as well as some keys I've picked up at various time

Bug#916873: python-twisted-core: Incorrect versioned dependency on python-attr

Package: python-twisted-core Version: 18.7.0-2~bpo9+1 Severity: serious Hi, With python-twisted-core and python-attr 16.3.0-1, I get the following error: [...] File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 100, in from twisted.internet import interfaces, protocol,

[Python-modules-team] Bug#916873: python-twisted-core: Incorrect versioned dependency on python-attr

Package: python-twisted-core Version: 18.7.0-2~bpo9+1 Severity: serious Hi, With python-twisted-core and python-attr 16.3.0-1, I get the following error: [...] File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 100, in from twisted.internet import interfaces, protocol,

Bug#916873: python-twisted-core: Incorrect versioned dependency on python-attr

Package: python-twisted-core Version: 18.7.0-2~bpo9+1 Severity: serious Hi, With python-twisted-core and python-attr 16.3.0-1, I get the following error: [...] File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 100, in from twisted.internet import interfaces, protocol,

Re: Online exposed keys database

On 2018-12-19 10:55, Matt Palmer wrote: On Wed, Dec 19, 2018 at 10:08:51AM +0100, Kurt Roeckx via dev-security-policy wrote: On 2018-12-18 11:44, Matt Palmer wrote: It's currently loaded with great piles of Debian weak keys (from multiple architectures, etc), as well as some keys I've picked

Re: Online exposed keys database

On 2018-12-18 11:44, Matt Palmer wrote: It's currently loaded with great piles of Debian weak keys (from multiple architectures, etc), as well as some keys I've picked up at various times. I'm also developing scrapers for various sites where keys routinely get dropped. You might for instance

[openssl-commits] [openssl] master update

The branch master has been updated via 6e94b5aecd619afd25e3dc25902952b1b3194edf (commit) from 04cd70c6899c6b36517b2b07d7a12b2cceba1bef (commit) - Log - commit 6e94b5aecd619afd25e3dc25902952b1b3194edf Author: Kurt

[openssl-commits] [openssl] master update

- commit 04cd70c6899c6b36517b2b07d7a12b2cceba1bef Author: Kurt Roeckx Date: Tue Sep 18 22:17:14 2018 +0200 Deprecate TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION Fixes: #7183 Reviewed-by: Matt Caswell GH: #7260 commit 5c587fb6b996d47771bcaecd71489e4849103f56

Re: [TLS] ETSI releases standards for enterprise security and data centre management

On Wed, Dec 05, 2018 at 07:07:30AM +0300, Daniel Kahn Gillmor wrote: > One mitigating factor of the ETSI standard, i suppose, is that the > CABForum's Baseline Requirements forbid issuance of a certificate with > any subjectAltName other than dNSName or iPAddress, so otherName looks > like it must

Re: [openssl-project] Vote to update the security policy

On Thu, Nov 29, 2018 at 03:34:29PM +, Mark J Cox wrote: > Changes to policies require an OMC vote which I've called to approve an > update to the security policy. This was as discussed at the face to face > and the details and diff are at https://github.com/openssl/web/pull/96 > >

Bug#915612: [Pkg-openssl-devel] Bug#915612: openssl: "genrsa" changed command line interface in stretch-security update

On Wed, Dec 05, 2018 at 10:03:50PM +0100, Sebastian Andrzej Siewior wrote: > On 2018-12-05 11:09:25 [+0100], Manuel Montecelo wrote: > > the subcommand genrsa changed interface from its previous version, and does > > not > > accept -config or -batch options anymore: > … > > > I worked around the

[openssl-commits] [web] master update

The branch master has been updated via 0d92547742c3da2f066f4babaacf8a51bb2f5e3c (commit) from be4639ae76f20fccfd718dea2aaa7def1dbe8a55 (commit) - Log - commit 0d92547742c3da2f066f4babaacf8a51bb2f5e3c Author: Kurt

Re: Incident report Certum CA: Corrupted certificates

On Tue, Dec 04, 2018 at 01:14:44PM -0500, Ryan Sleevi via dev-security-policy wrote: > > > All issued certificates were unusable due to corrupted signature. > > > > Could you speak to more about how you assessed this? An incorrect signature > on the CRL would not necessarily prevent the

Re: Elfutils mips support

On Mon, Nov 26, 2018 at 05:54:51PM +0800, YunQiang Su wrote: > Let me have a try and then maybe ask somebody help inner MIPS. Any update on this? Kurt

Re: Incident report Certum CA: Corrupted certificates

On 2018-12-04 10:25, Wojciech Trapczyński wrote: On 04.12.2018 10:01, Kurt Roeckx via dev-security-policy wrote: On 2018-12-04 7:24, Wojciech Trapczyński wrote: Question 1: Was there a period during which this issuing CA had no    validly signed non-expired CRL due to this incident? Between

Re: Incident report Certum CA: Corrupted certificates

On 2018-12-04 7:24, Wojciech Trapczyński wrote: Question 1: Was there a period during which this issuing CA had no    validly signed non-expired CRL due to this incident? Between 10.11.2018 01:05 (UTC±00:00) and 14.11.2018 07:35 (UTC±00:00) we were serving one CRL with corrupted signature.

Bug#900160: closed by Didier Raboud (Bug#900160: fixed in ruby-eventmachine 1.0.7-4.1)

On Sun, Dec 02, 2018 at 11:36:06PM +0100, gregor herrmann wrote: > On Sun, 02 Dec 2018 23:18:38 +0100, Sebastian Andrzej Siewior wrote: > > > On 2018-12-02 13:06:04 [+], Debian Bug Tracking System wrote: > > > #900160: ruby-eventmachine: FTBFS against openssl 1.1.1 > > > ruby-eventmachine

[DRE-maint] Bug#900160: closed by Didier Raboud (Bug#900160: fixed in ruby-eventmachine 1.0.7-4.1)

On Sun, Dec 02, 2018 at 11:36:06PM +0100, gregor herrmann wrote: > On Sun, 02 Dec 2018 23:18:38 +0100, Sebastian Andrzej Siewior wrote: > > > On 2018-12-02 13:06:04 [+], Debian Bug Tracking System wrote: > > > #900160: ruby-eventmachine: FTBFS against openssl 1.1.1 > > > ruby-eventmachine

Bug#900160: closed by Didier Raboud (Bug#900160: fixed in ruby-eventmachine 1.0.7-4.1)

On Sun, Dec 02, 2018 at 11:36:06PM +0100, gregor herrmann wrote: > On Sun, 02 Dec 2018 23:18:38 +0100, Sebastian Andrzej Siewior wrote: > > > On 2018-12-02 13:06:04 [+], Debian Bug Tracking System wrote: > > > #900160: ruby-eventmachine: FTBFS against openssl 1.1.1 > > > ruby-eventmachine

Bug#907015: [Pkg-openssl-devel] Bug#907015: woraround for mbsync?

On Wed, Nov 28, 2018 at 02:35:42PM +, Christoph Groth wrote: > My mbsync (isync package) setup stopped working for a particular IMAP server > because of this bug. I get the following error message: > > Socket error: secure connect to imap.server.com (1.2.3.4:993): > error:141A318A:SSL

Bug#907015: [Pkg-openssl-devel] Bug#907015: woraround for mbsync?

On Wed, Nov 28, 2018 at 02:35:42PM +, Christoph Groth wrote: > My mbsync (isync package) setup stopped working for a particular IMAP server > because of this bug. I get the following error message: > > Socket error: secure connect to imap.server.com (1.2.3.4:993): > error:141A318A:SSL

Bug#914806: [Pkg-openssl-devel] Bug#914806: TLSv1.0/1.1 still apparently disabled in Debian testing

On Tue, Nov 27, 2018 at 07:59:39AM -0700, Ivan Stanton wrote: > Package: openssl > Version: 1.1.1a-1 > > I'm using openssl=1.1.1a-1:amd64, which according to this archive > should now support TLS 1.0/1.1, but I still have issues connecting to > the EAP network at my school because it is using TLS

Re: Elfutils mips support

On Mon, Nov 26, 2018 at 05:54:51PM +0800, YunQiang Su wrote: > Let me have a try and then maybe ask somebody help inner MIPS. I have an upstream bug at: https://sourceware.org/bugzilla/show_bug.cgi?id=23902 Maybe it contains useful information for you. Kurt

Elfutils mips support

Hi, Elfutils is currently failing to build on mips* because it added a new feature and the new callback abi_cfi is not implemented in the mips backend. Is there someone that can write that? Kurt

Bug#914492: libc0.1-dev: Has Linux-only mremap in headers on non-Linux

Source: glibc Version: 2.25-2 Hi, On kfreebsd-* and hurd I'm getting a linker failure that mremap() doesn't exist. It exists in sys/mman.h. Kurt

Bug#914492: libc0.1-dev: Has Linux-only mremap in headers on non-Linux

Source: glibc Version: 2.25-2 Hi, On kfreebsd-* and hurd I'm getting a linker failure that mremap() doesn't exist. It exists in sys/mman.h. Kurt

Bug#914477: Acknowledgement (rspamd: autopkgtest is flaky)

The difference between a good and bad test seems to be how many processes are running. Maybe it needs to wait longer before running the test, or retry with some timeout.

Bug#914477: rspamd: autopkgtest is flaky

Source: rspamd Version: 1.8.1-2 Severity: impotant Hi, It seems the autopkgtest randomly fails, see: https://ci.debian.net/packages/r/rspamd/testing/amd64/ Kurt

Re: [openssl-users] OpenSSL 1.0.2: CVE-2018-0735

On Tue, Nov 06, 2018 at 04:19:36PM -0600, Misaki Miyashita wrote: > Hi, > > According to the vulnerabilities website[1], OpenSSL 1.1.i and earlier and > 1.1.1 are affected by CVE-2018-0735. > Is it safe to assume that OpenSSL 1.0.2 is not affected by the CVE? My understanding is that the code

Re: Audit Reminder Email Summary

On Tue, Oct 23, 2018 at 02:35:37PM -0700, Kathleen Wilson via dev-security-policy wrote: > > > Mozilla: Audit Reminder > > > Root Certificates: > > > Certinomis - Root CA > > > Standard Audit: > > > https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 > > > Audit Statement Date:

Re: elfutils 0.175 released

On Fri, Nov 16, 2018 at 02:00:46PM +0100, Mark Wielaard wrote: > ELFUTILS 0.175 - http://elfutils.org/ > > A new release of elfutils is available at: > ftp://sourceware.org/pub/elfutils/0.175/ > or https://sourceware.org/elfutils/ftp/0.175/ I'm gettings errors on riscv64:

Accepted elfutils 0.175-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 18 Nov 2018 23:01:23 +0100 Source: elfutils Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev Architecture: source Version: 0.175-1 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx Changed

Re: elfutils 0.175 released

On Mon, Nov 19, 2018 at 07:53:07AM +0100, Mark Wielaard wrote: > On Sun, Nov 18, 2018 at 11:46:29PM +0100, Kurt Roeckx wrote: > > On Fri, Nov 16, 2018 at 02:00:46PM +0100, Mark Wielaard wrote: > > > ELFUTILS 0.175 - http://elfutils.org/ > > > > > > A

Bug#847096: Bug#905230: elfutils: FTBFS on x32 due to bugs in testsuite

On Thu, Aug 02, 2018 at 11:11:24PM +0200, Thorsten Glaser wrote: > > Given #847096 it might be wise to just *always* disable the biarch stuff > since Debian does not normally use biarch *anyway*, and since we test it > on all architectures during their native build anyway. I'm not conviced that

Re: elfutils 0.175 released

On Fri, Nov 16, 2018 at 02:00:46PM +0100, Mark Wielaard wrote: > ELFUTILS 0.175 - http://elfutils.org/ > > A new release of elfutils is available at: > ftp://sourceware.org/pub/elfutils/0.175/ > or https://sourceware.org/elfutils/ftp/0.175/ Trying to build this on Debian, I get 8 failures, but

Bug#913959: kde4libs: Build-Depends on libssl1.0-dev

Source: kde4libs Version: 4:4.14.38-2 Severity: serious Hi, It seems that kde4libs Build-Depends on libssl1.0-dev as a result of #828363. There are currently no packages depending on libssl1.0.2 left in testing, but this source package is the only one that has a Build-Depends against

Bug#913959: kde4libs: Build-Depends on libssl1.0-dev

Source: kde4libs Version: 4:4.14.38-2 Severity: serious Hi, It seems that kde4libs Build-Depends on libssl1.0-dev as a result of #828363. There are currently no packages depending on libssl1.0.2 left in testing, but this source package is the only one that has a Build-Depends against

Bug#913959: kde4libs: Build-Depends on libssl1.0-dev

Source: kde4libs Version: 4:4.14.38-2 Severity: serious Hi, It seems that kde4libs Build-Depends on libssl1.0-dev as a result of #828363. There are currently no packages depending on libssl1.0.2 left in testing, but this source package is the only one that has a Build-Depends against

Bug#905230: elfutils: FTBFS on x32 due to bugs in testsuite

On Mon, Nov 12, 2018 at 11:15:48AM +, Laurence Parry wrote: > This seems to be blocking me from building a x32 chroot using the > documented process for doing so, because the ELF library is a required > package (iproute2 depends on libelf-dev as of 4.6.0-2; see #812774). I > appreciate that

Bug#913535: sfcgal: large dependency chain

On Mon, Nov 12, 2018 at 07:22:26AM +0100, Sebastiaan Couwenberg wrote: > fixed 913535 sfcgal/1.3.1-1~exp1 > thanks > > On 11/11/18 11:34 PM, Kurt Roeckx wrote: > > Clearly I don't need all of this just for postgis. > > > > Most of this seems to be a dependency

Bug#913535: sfcgal: large dependency chain

On Mon, Nov 12, 2018 at 07:22:26AM +0100, Sebastiaan Couwenberg wrote: > fixed 913535 sfcgal/1.3.1-1~exp1 > thanks > > On 11/11/18 11:34 PM, Kurt Roeckx wrote: > > Clearly I don't need all of this just for postgis. > > > > Most of this seems to be a dependency

Bug#913535: sfcgal: large dependency chain

Package: libsfcgal1 Hi, When trying to install postgis, I get: The following NEW packages will be installed: fonts-droid-fallback fonts-noto-mono ghostscript gsfonts i965-va-driver libaacs0 libaec0 libarmadillo7 libarpack2 libasound2 libasound2-data libass5 libasyncns0 libaudio2 libavc1394-0

Bug#913535: sfcgal: large dependency chain

Package: libsfcgal1 Hi, When trying to install postgis, I get: The following NEW packages will be installed: fonts-droid-fallback fonts-noto-mono ghostscript gsfonts i965-va-driver libaacs0 libaec0 libarmadillo7 libarpack2 libasound2 libasound2-data libass5 libasyncns0 libaudio2 libavc1394-0

Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)

On Sat, Nov 10, 2018 at 11:34:41PM +0100, BERTRAND Joël wrote: > > I have changed _both_ values and I cannot connect to orange.fr or > hotmail.com with sendmail. If I use stable package, sendmail runs as > expected. hotmail.com works with the default settings, it actually supports TLS 1.2

Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)

On Sat, Nov 10, 2018 at 11:34:41PM +0100, BERTRAND Joël wrote: > > I have changed _both_ values and I cannot connect to orange.fr or > hotmail.com with sendmail. If I use stable package, sendmail runs as > expected. hotmail.com works with the default settings, it actually supports TLS 1.2

[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Author: Tomas Mraz Date: Fri Oct 12 17:24:14 2018 +0200 Unbreak SECLEVEL 3 regression causing it to not accept any ciphers. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte GH: #7391 (cherry picked from commit 75b68c9e4e8591a4ebe083cb207aeb121baf549f

[openssl-commits] [openssl] master update

Mraz Date: Fri Oct 12 17:24:14 2018 +0200 Unbreak SECLEVEL 3 regression causing it to not accept any ciphers. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte GH: #7391 --- Summary of changes: ssl

Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)

On Sat, Nov 10, 2018 at 08:17:19PM +0100, BERTRAND Joël wrote: > Kurt Roeckx a écrit : > > On Thu, Nov 08, 2018 at 06:36:52PM +0100, Kurt Roeckx wrote: > >> On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote: > >>> Kurt Roeckx a écrit : > >>>

Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)

On Thu, Nov 08, 2018 at 06:36:52PM +0100, Kurt Roeckx wrote: > On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote: > > Kurt Roeckx a écrit : > > > On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote: > > >> Nov 7 09:17:31 rayleigh sm-mta[10148]:

Bug#858938: fixed in kopete 4:18.04.1-1

On Sat, Nov 10, 2018 at 03:48:37PM +0100, Pino Toscano wrote: > In data sabato 10 novembre 2018 13:30:19 CET, Kurt Roeckx ha scritto: > > On Sun, Oct 28, 2018 at 11:29:43PM +0100, Sebastian Andrzej Siewior wrote: > > > On 2018-10-21 12:31:45 [+0200], Kurt Roeckx wrote: > >

Bug#858938: fixed in kopete 4:18.04.1-1

On Sat, Nov 10, 2018 at 03:48:37PM +0100, Pino Toscano wrote: > In data sabato 10 novembre 2018 13:30:19 CET, Kurt Roeckx ha scritto: > > On Sun, Oct 28, 2018 at 11:29:43PM +0100, Sebastian Andrzej Siewior wrote: > > > On 2018-10-21 12:31:45 [+0200], Kurt Roeckx wrote: > >

Bug#858938: fixed in kopete 4:18.04.1-1

On Sat, Nov 10, 2018 at 03:48:37PM +0100, Pino Toscano wrote: > In data sabato 10 novembre 2018 13:30:19 CET, Kurt Roeckx ha scritto: > > On Sun, Oct 28, 2018 at 11:29:43PM +0100, Sebastian Andrzej Siewior wrote: > > > On 2018-10-21 12:31:45 [+0200], Kurt Roeckx wrote: > >

Bug#858938: fixed in kopete 4:18.04.1-1

On Sun, Oct 28, 2018 at 11:29:43PM +0100, Sebastian Andrzej Siewior wrote: > On 2018-10-21 12:31:45 [+0200], Kurt Roeckx wrote: > > On Tue, Sep 25, 2018 at 11:29:28PM +0200, Sebastian Andrzej Siewior wrote: > > > On 2018-08-25 10:33:54 [+0200], Kurt Roeckx wrote: > > > &

Bug#858938: fixed in kopete 4:18.04.1-1

On Sun, Oct 28, 2018 at 11:29:43PM +0100, Sebastian Andrzej Siewior wrote: > On 2018-10-21 12:31:45 [+0200], Kurt Roeckx wrote: > > On Tue, Sep 25, 2018 at 11:29:28PM +0200, Sebastian Andrzej Siewior wrote: > > > On 2018-08-25 10:33:54 [+0200], Kurt Roeckx wrote: > > > &

Re: Bug#858938: fixed in kopete 4:18.04.1-1

On Sun, Oct 28, 2018 at 11:29:43PM +0100, Sebastian Andrzej Siewior wrote: > On 2018-10-21 12:31:45 [+0200], Kurt Roeckx wrote: > > On Tue, Sep 25, 2018 at 11:29:28PM +0200, Sebastian Andrzej Siewior wrote: > > > On 2018-08-25 10:33:54 [+0200], Kurt Roeckx wrote: > > > &

Bug#907219: Fwd: [ANN] M2Crypto 0.31.0 ... plenty of bugfixes (and support for OpenSSL 1.1.1)

--- Begin Message --- Hi, everybody, there is a new release of M2Crypto, most complete Python bindings for OpenSSL (from 1.0.1e to 1.1.1), supporting both Python 2 (2.6 and 2.7) and Python 3 (from 3.4 upwards). This is mostly bugfix release, including: - support for OpenSSL 1.1.1 - Fixes

Bug#907219: Fwd: [ANN] M2Crypto 0.31.0 ... plenty of bugfixes (and support for OpenSSL 1.1.1)

--- Begin Message --- Hi, everybody, there is a new release of M2Crypto, most complete Python bindings for OpenSSL (from 1.0.1e to 1.1.1), supporting both Python 2 (2.6 and 2.7) and Python 3 (from 3.4 upwards). This is mostly bugfix release, including: - support for OpenSSL 1.1.1 - Fixes

Bug#913129: [Pkg-openssl-devel] Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)

On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote: > Kurt Roeckx a écrit : > > On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote: > >> Nov 7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, > >> arg1=smtp-in.orange.fr, relay=smtp-in.

Bug#913129: [Pkg-openssl-devel] Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)

On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote: > Nov 7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, > arg1=smtp-in.orange.fr, relay=smtp-in.orange.fr, reject=550 5.7.1 > ... do not try TLS with smtp-in.orange.fr [80.12.242.9] > Nov 7 09:17:31 rayleigh sm-mta[10148]:

Bug#900152: nsca-ng: FTBFS against openssl 1.1.1

On Mon, Nov 05, 2018 at 12:28:50AM +0100, Sebastian Andrzej Siewior wrote: > > No, it is not. It is a TLS1.3 issue. If I limit max protocol to TLS1.2 > then the testsuite passes. The problem with TLS1.3 could be that > SSL_read() could return SSL_ERROR_WANT_READ asking to do the same. Was > there

Bug#900152: nsca-ng: FTBFS against openssl 1.1.1

On Mon, Nov 05, 2018 at 12:28:50AM +0100, Sebastian Andrzej Siewior wrote: > > No, it is not. It is a TLS1.3 issue. If I limit max protocol to TLS1.2 > then the testsuite passes. The problem with TLS1.3 could be that > SSL_read() could return SSL_ERROR_WANT_READ asking to do the same. Was > there

Bug#912864: [Pkg-openssl-devel] Bug#912864: openssl: new version of openssl breaks some openvpn clients

On Sun, Nov 04, 2018 at 12:49:48PM -0800, James Bottomley wrote: > On Sun, 2018-11-04 at 21:30 +0100, Kurt Roeckx wrote: > > On Sun, Nov 04, 2018 at 12:13:43PM -0800, James Bottomley wrote: > > > > > > No, I'm saying with no client tls-version-min specified at all (the

Bug#912864: [Pkg-openssl-devel] Bug#912864: openssl: new version of openssl breaks some openvpn clients

On Sun, Nov 04, 2018 at 12:13:43PM -0800, James Bottomley wrote: > > No, I'm saying with no client tls-version-min specified at all (the > usual default openvpn config) it fails in 1.1.1 and works with 1.1.0 > > With client tls-version-min set to 1.0 it works with both. Yes, and that's totally

Bug#912864: [Pkg-openssl-devel] Bug#912864: openssl: new version of openssl breaks some openvpn clients

On Sun, Nov 04, 2018 at 11:39:59AM -0800, James Bottomley wrote: > > > > On which side do you use tls-version-min? > > client > > > Can you please give the version of both openvpn and openssl on both > > sides. > > Client is openwrt, server is debian testing. The package of the server > was

Bug#912864: [Pkg-openssl-devel] Bug#912864: openssl: new version of openssl breaks some openvpn clients

On Sun, Nov 04, 2018 at 11:19:41AM -0800, James Bottomley wrote: > On Sun, 2018-11-04 at 20:15 +0100, Kurt Roeckx wrote: > > This is not at all how the version negiotation in TLS 1.2 and > > below works. The client just indicates the highest version it > > supports, so for i

Bug#912864: [Pkg-openssl-devel] Bug#912864: openssl: new version of openssl breaks some openvpn clients

On Sun, Nov 04, 2018 at 10:19:00AM -0800, James Bottomley wrote: > On Sun, 2018-11-04 at 18:43 +0100, Kurt Roeckx wrote: > > Older versions of openvpn only support TLS 1.0 because they told > > OpenSSL to only use TLS 1.0. Adding the --tls-version-min 1.0 > > should ma

Bug#912864: [Pkg-openssl-devel] Bug#912864: openssl: new version of openssl breaks some openvpn clients

On Sun, Nov 04, 2018 at 08:59:05AM -0800, James Bottomley wrote: > Package: openssl > Version: 1.1.1-2 > Severity: important > > I've applied all the downgrades recommended to the openssl.cnf file > and most services are now working again with the exception of openvpn. > > The only failure seems

Bug#912759: [Pkg-openssl-devel] Bug#912759: "wrong signature type" with working websites

On Sat, Nov 03, 2018 at 07:18:06PM +0100, Nicolas George wrote: > > Thanks for the work-around. Can you tell me how I could find this by > myself using the documentation and error message? It is mentioned in the NEWS file that we increased the security level, and that that disabled SHA1. It does

Bug#912759: [Pkg-openssl-devel] Bug#912759: "wrong signature type" with working websites

On Sat, Nov 03, 2018 at 05:44:50PM +0100, Nicolas George wrote: > > I suggest you try to contact your bank so that they update their > > software. > > No need, I already know what they will answer: "use Chrome, it works". I suggest that you try anyway. If that doesn't work, you can try to

Bug#912759: [Pkg-openssl-devel] Bug#912759: "wrong signature type" with working websites

On Sat, Nov 03, 2018 at 04:20:59PM +0100, Nicolas George wrote: > Package: openssl > Version: 1.1.1-2 > Severity: important > > Hi. > > OpenSSL fails to connect with my bank's server: > > openssl s_client -connect voscomptesenligne.labanquepostale.fr:443 > > fails with: > >

Re: [Imports] Import of Flemish Government data (building footprints and addresses)

On Sat, Nov 03, 2018 at 01:37:52PM +0100, Mateusz Konieczny wrote: > 1. Nov 2018 16:30 by kevin.b.ke...@gmail.com : > > > > In both use cases, the major purpose of the foreign key is to avoid manual > > review in the case where OSM will not be updated. If an

Bug#912737: [Pkg-openssl-devel] Bug#912737: openssl: SSL_read: error:1408F119:SSL routines:ssl3_get_record:decryption failed

On Sat, Nov 03, 2018 at 11:12:37AM +0100, Julien Lecomte wrote: > Package: openssl > Version: 1.1.1-2 > Severity: serious > Justification: makes unrelated software on the system (or the whole system) > break > > Dear Maintainer, > > On a fresh install of Debian/Buster via the alpha3 dvd ISO,

Bug#912737: [Pkg-openssl-devel] Bug#912737: openssl: SSL_read: error:1408F119:SSL routines:ssl3_get_record:decryption failed

On Sat, Nov 03, 2018 at 11:12:37AM +0100, Julien Lecomte wrote: > Package: openssl > Version: 1.1.1-2 > Severity: serious > Justification: makes unrelated software on the system (or the whole system) > break > > Dear Maintainer, > > On a fresh install of Debian/Buster via the alpha3 dvd ISO,

Bug#912650: openvpn: Version in jessie only does TLS 1.0 by default, breaking connections with version from testing

Package: openvpn Version: 2.3.4-5+deb8u2 Severity: important Hi, The version in jessie only does TLS 1.0 by default. If you specify "tls-version-min 1.0" in the config file, it will also support TLS 1.0, 1.1 and 1.2. The OpenSSL version currently in testing only supports TLS 1.2+ by default, so

Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1

On Thu, Nov 01, 2018 at 07:50:35PM -0400, Theodore Y. Ts'o wrote: > On Thu, Nov 01, 2018 at 11:18:14PM +0100, Sebastian Andrzej Siewior wrote: > > Okay. So you wrote what can be done for a system with HW-RNG/kvm. On > > bare metal with nothing fancy I have: > > [3.544985] systemd[1]: systemd

Re: Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1

On Thu, Nov 01, 2018 at 07:50:35PM -0400, Theodore Y. Ts'o wrote: > On Thu, Nov 01, 2018 at 11:18:14PM +0100, Sebastian Andrzej Siewior wrote: > > Okay. So you wrote what can be done for a system with HW-RNG/kvm. On > > bare metal with nothing fancy I have: > > [3.544985] systemd[1]: systemd

Re: Bug#912087: openssh-server: Slow startup after the upgrade to 7.9p1

On Thu, Nov 01, 2018 at 07:50:35PM -0400, Theodore Y. Ts'o wrote: > On Thu, Nov 01, 2018 at 11:18:14PM +0100, Sebastian Andrzej Siewior wrote: > > Okay. So you wrote what can be done for a system with HW-RNG/kvm. On > > bare metal with nothing fancy I have: > > [3.544985] systemd[1]: systemd

Bug#912604: [Pkg-openssl-devel] Bug#912604: Bug#912604: libssl1.1: libssl version 1.1.1 breaks burp backup buster clients with stretch server

On Thu, Nov 01, 2018 at 09:52:12PM +0100, Sebastian Andrzej Siewior wrote: > |$ openssl x509 -in 912604.cert -text | grep Signature > |Signature Algorithm: sha1WithRSAEncryption > |Signature Algorithm: sha1WithRSAEncryption > > The point is that your server certificate is signed with

Bug#912439: [Pkg-openssl-devel] Bug#912439: OpenSSL in Debian Testing breaks SSL connectivity in some cases with hexchat/irssi

On Wed, Oct 31, 2018 at 11:08:18AM -0400, Justin Piszcz wrote: > Package: openssl > Version: 1.1.1-2 > > Bug: Connection failed (20337260938) error:141A318A:SSL > routines:tls_process_ske_dhe:dh key too small) During the upgrade you should have received the following message: Following

Re: Questions regarding the qualifications and competency of TUVIT

On 2018-10-31 16:42, Wiedenhorst, Matthias wrote: In several emails, we answered to his complaint, explained our procedures and justified the classification of the encoding error as minor (non-critical) non-conformity. I think we never consider encoding errors as a minor error. Kurt

<    5   6   7   8   9   10   11   12   13   14   >