Your message dated Fri, 02 Jan 2015 12:40:16 +0000
with message-id <[email protected]>
and subject line Bug#767610: Removed package(s) from unstable
has caused the Debian Bug report #610806,
regarding libgnutls26 appears to mis-parse GeneralizedTime objects that use a
non-UTC time
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
610806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610806
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libgnutls26
Version: 2.10.4-1
Severity: normal
it looks like gnutls is not appropriately parsing generalizedTime
objects (e.g. in Validity|notBefore and Validity|notAfter fields in
X.509 certificates).
Attached are two (invalid) X.509 certificates. one contains Validity
timestamps using generalizedTime with TZ=UTC. the other contains
Validity timestamps using generalizedTime with TZ=Americas/New_York
(suffixed with "-0500" instead of "Z"):
0 dkg@pip:~$ < UTC.pem grep -v ^- | base64 -d | strings
0%1#0!
fake test cert with TZ UTC0"
20110122183419Z
20120122183419Z0%1#0!
fake test cert with TZ UTC0
0 dkg@pip:~$ < America.New_York.pem grep -v ^- | base64 -d | strings
02100.
'fake test cert with TZ America/New_York0*
20110122133408-0500
20120122133408-050002100.
'fake test cert with TZ America/New_York0
0 dkg@pip:~/src/monkeysphere/fakex509$
OpenSSL seems to parse the timestamps in the certificate correctly;
GnuTLS reports them as (time_t)-1:
0 dkg@pip:~/src/monkeysphere/fakex509$ < America.New_York.pem openssl x509
-text | grep -A2 Validity
Validity
Not Before: Jan 22 13:34:08 2011
Not After : Jan 22 13:34:08 2012
0 dkg@pip:~/src/monkeysphere/fakex509$ < UTC.pem openssl x509 -text | grep -A2
Validity
Validity
Not Before: Jan 22 18:34:19 2011 GMT
Not After : Jan 22 18:34:19 2012 GMT
0 dkg@pip:~/src/monkeysphere/fakex509$ < America.New_York.pem certtool -i |
grep -A2 Validity
Validity:
Not Before: Wed Dec 31 23:59:59 UTC 1969
Not After: Wed Dec 31 23:59:59 UTC 1969
0 dkg@pip:~/src/monkeysphere/fakex509$ < UTC.pem certtool -i | grep -A2 Validity
Validity:
Not Before: Sat Jan 22 18:34:19 UTC 2011
Not After: Sun Jan 22 18:34:19 UTC 2012
0 dkg@pip:~/src/monkeysphere/fakex509$
I'm not sure of the appropriate place to fix this, but i suspect it's
within libgnutls. If you feel it should be reassigned to libtasn1,
that might be reasonable too.
If i'm totally wrong and generalizedTime fields shouldn't be able to
contain time zones like this, i'd appreciate a reference to that; then
i'll go file bugs against several other tools :)
Regards,
--dkg
-- System Information: Debian Release: 6.0 APT prefers testing APT
policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.37-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libgnutls26 depends on:
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libgcrypt11 1.4.6-4 LGPL Crypto library - runtime libr
ii libgpg-error0 1.10-0.2 library for common error values an
ii libtasn1-3 2.7-1 Manage ASN.1 structures (runtime)
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
libgnutls26 recommends no packages.
Versions of packages libgnutls26 suggests:
ii gnutls-bin 2.10.4-1 the GNU TLS library - commandline
-- no debconf information
-----BEGIN CERTIFICATE-----
MIIBwjCCASugAwIBAgIBATANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQLExpmYWtl
IHRlc3QgY2VydCB3aXRoIFRaIFVUQzAiGA8yMDExMDEyMjE4MzQxOVoYDzIwMTIw
MTIyMTgzNDE5WjAlMSMwIQYDVQQDExpmYWtlIHRlc3QgY2VydCB3aXRoIFRaIFVU
QzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAACAwEAATANBgkqhkiG9w0BAQUFAAOBgQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB5DCCAU2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAyMTAwLgYDVQQLEydmYWtl
IHRlc3QgY2VydCB3aXRoIFRaIEFtZXJpY2EvTmV3X1lvcmswKhgTMjAxMTAxMjIx
MzM0MDgtMDUwMBgTMjAxMjAxMjIxMzM0MDgtMDUwMDAyMTAwLgYDVQQDEydmYWtl
IHRlc3QgY2VydCB3aXRoIFRaIEFtZXJpY2EvTmV3X1lvcmswgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA=
-----END CERTIFICATE-----
--- End Message ---
--- Begin Message ---
Version: 2.12.23-17+rm
Dear submitter,
as the package gnutls26 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/767610
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
