Your message dated Fri, 09 May 2014 21:20:58 +0000 with message-id <[email protected]> and subject line Bug#732728: fixed in quassel 0.10.0-1 has caused the Debian Bug report #732728, regarding quassel-core: 1024 bit key is not secure to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 732728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732728 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: quassel-core Version: 0.9.2-1 Severity: normal Tags: patch When installing quassel-core a 1024 bit private RSA key is generated, but a 1024 bit key is considered not sufficient for quite some time now. In the postinst script the nbits value is explicitly set to 1024 and I see no reason why. According to man:req "The argument takes one of several forms. rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size. If nbits is omitted, i.e. -newkey rsa specified, the default key size, specified in the configuration file is used." So by not specifying the nbits part, the default (currently 2048) is used, so the following patch does exactly that. diff --git a/postinst b/postinst index b53ac33..87dba5e 100755 --- a/postinst +++ b/postinst @@ -40,7 +40,7 @@ fi # FIXME: Not over-writing existing certs, but need to (someday) replace # old certs if [ ! -e $QUASSEL_CERT ] ; then echo "Generating SSL certificate as $QUASSEL_CERT ..." - openssl req -x509 -nodes -batch -days 680 -newkey rsa:1024 -keyout \ + openssl req -x509 -nodes -batch -days 680 -newkey rsa -keyout \ $QUASSEL_CERT -out $QUASSEL_CERT chown $QUASSEL_USER:$QUASSEL_GROUP $QUASSEL_CERT fi Cheers, Diederik -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.11-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages quassel-core depends on: ii adduser 3.113+nmu3 ii libc6 2.17-97 ii libgcc1 1:4.8.2-1 ii libqca2 2.0.3-5 ii libqt4-network 4:4.8.5+git192-g085f851+dfsg-2 ii libqt4-script 4:4.8.5+git192-g085f851+dfsg-2 ii libqt4-sql 4:4.8.5+git192-g085f851+dfsg-2 ii libqt4-sql-sqlite 4:4.8.5+git192-g085f851+dfsg-2 ii libqtcore4 4:4.8.5+git192-g085f851+dfsg-2 ii libstdc++6 4.8.2-1 ii lsb-base 4.1+Debian12 ii openssl 1.0.1e-4 quassel-core recommends no packages. quassel-core suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: quassel Source-Version: 0.10.0-1 We believe that the bug you reported is fixed in the latest version of quassel, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Mueller <[email protected]> (supplier of updated quassel package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 09 May 2014 17:42:19 +0200 Source: quassel Binary: quassel-core quassel-client quassel quassel-data quassel-client-kde4 quassel-kde4 quassel-data-kde4 Architecture: source amd64 all Version: 0.10.0-1 Distribution: unstable Urgency: low Maintainer: Thomas Mueller <[email protected]> Changed-By: Thomas Mueller <[email protected]> Description: quassel - distributed IRC client - Qt-based monolithic core+client quassel-client - distributed IRC client - Qt-based client component quassel-client-kde4 - distributed IRC client - KDE-based client quassel-core - distributed IRC client - core component quassel-data - distributed IRC client - shared data (Qt version) quassel-data-kde4 - distributed IRC client - shared data (KDE4 version) quassel-kde4 - distributed IRC client - KDE-based monolithic core+client Closes: 701943 732728 Changes: quassel (0.10.0-1) unstable; urgency=low . * New upstream release * Debian policy to 3.9.5 * Don't create 1024 bit key (Closes: #732728) * Start quaselcore after databases (Closes: #701943) Checksums-Sha1: d449297b22c44601d2a4e0390a60ab067c685f7c 1729 quassel_0.10.0-1.dsc 305d56774b1af2a891775a5637174d9048d875a7 2873233 quassel_0.10.0.orig.tar.bz2 8ddace29338568600c6361e1bc8fcec0536bffc5 16116 quassel_0.10.0-1.debian.tar.xz 387fb1201b693b239369db9b294ab985c647154a 1618658 quassel-core_0.10.0-1_amd64.deb 926c536d8e4f1638b7aafa732498d7ca149eb733 2408480 quassel-client_0.10.0-1_amd64.deb d75a3a0ddbadff0456363a13faa5495c7b8358d5 2797142 quassel_0.10.0-1_amd64.deb 51683032bdf92e9894ee8a8d429d2fa143db25e9 21936 quassel-data_0.10.0-1_all.deb d2ad1af21f3a46c87eea69d52704d31427a4b1ab 815786 quassel-client-kde4_0.10.0-1_amd64.deb 08180e576ae42b4c136476abc49f356fa3e4d242 1045138 quassel-kde4_0.10.0-1_amd64.deb 7d975ba48d09d893811f626325e809524b8175cc 624886 quassel-data-kde4_0.10.0-1_all.deb Checksums-Sha256: 8df45d56d3b9ca244b3227bd1a7ad414b23e52413ee9a0ffd5b13485abbf5d55 1729 quassel_0.10.0-1.dsc 68228ce23aa3a992add3d00cb1e8b4863d8ca64bea99c881edf6d16ff9ec7c23 2873233 quassel_0.10.0.orig.tar.bz2 01cc95d0ce80d948abe02335ebc19199abb8b69273424de09d62d28c3d4c2ad8 16116 quassel_0.10.0-1.debian.tar.xz 4aeea3f2cdcd5930f1da6342ae3222879c2584f00d306a1acab4c166ae4d0fac 1618658 quassel-core_0.10.0-1_amd64.deb 4e24fbff1819b1c4288f4053ab7589a5785f73e051e8eb7199d986c2421ebb3d 2408480 quassel-client_0.10.0-1_amd64.deb 0746b5297019e40b0df258f2b936568b0255efb5dc3383c4e089204a3dd23813 2797142 quassel_0.10.0-1_amd64.deb 81953d661e6edf30672682ce517df93b927b131c440d18f3a8d5f2dc5d006cb0 21936 quassel-data_0.10.0-1_all.deb 1fa146065b6e82195b592affb501d21fc98a097037cf74b8ed906bb2e9afb7aa 815786 quassel-client-kde4_0.10.0-1_amd64.deb 5c8f8b873c15264b9cfe6d3ae430a1dd23d7e7e97c099a8858d650462e7f5576 1045138 quassel-kde4_0.10.0-1_amd64.deb 654f0b416e24f5f38288ba684d61ee8b665c62831f71f7d64ff0ed37fb7bc3dc 624886 quassel-data-kde4_0.10.0-1_all.deb Files: daab37bab1c5cf83033d230c8b37ed73 1618658 net optional quassel-core_0.10.0-1_amd64.deb 8c817aa62a83884092ef6f81c8b6d72f 2408480 net optional quassel-client_0.10.0-1_amd64.deb 9cd0ec501bc308856966c8b041f86194 2797142 net optional quassel_0.10.0-1_amd64.deb 3cffaef173d55f3b0a450cafdde525e7 21936 net optional quassel-data_0.10.0-1_all.deb 51e571940ab1360cf56313bf8991817f 815786 net optional quassel-client-kde4_0.10.0-1_amd64.deb eaf06dedbc0a8f0bc3451c5f38178826 1045138 net optional quassel-kde4_0.10.0-1_amd64.deb 6ec7fa7441ab7b1c9ae4f71b3328b91b 624886 net optional quassel-data-kde4_0.10.0-1_all.deb d04c9551f44a22f1354332df2a742ead 1729 net optional quassel_0.10.0-1.dsc 382466a7790979c172b7d7edf10a2981 2873233 net optional quassel_0.10.0.orig.tar.bz2 d34f56f1f3a05cecd479bd04cf63c633 16116 net optional quassel_0.10.0-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlNtMf8ACgkQOB0qx4EksQBMTACfVVZw3DSpJSjV70nLtsZUzeAZ Jg4AoIztmBnsLufBJt9AnHegrVWz6HOp =3Do/ -----END PGP SIGNATURE-----
--- End Message ---
