Bug#947734: marked as done (tf5 and GNUtls interaction, breaks in TLS1.3 connections seemingly!)

Sat, 14 Nov 2020 17:06:23 -0800 

Your message dated Sun, 15 Nov 2020 01:03:27 +0000
with message-id <[email protected]>
and subject line Bug#947734: fixed in tf5 5.0beta8-9
has caused the Debian Bug report #947734,
regarding tf5 and GNUtls interaction, breaks in TLS1.3 connections seemingly!
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
947734: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947734
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: tf5
Version: 5.0beta8-7
Severity: important
Tags: upstream

Dear Maintainer,


As per brief discussion with Russ Allberry, I posting this bug report.

tf5 in testing/sid and also debian buster, along with GNUtls versions thereby
provided, has some undeseriable interaction/bug.
Specifically, attempting a connection to a TLS1.3 enabled stunnel4 host fails.
When using  tf5  and then  /connect -x [host] [TLS port]  ... the result
is :-

% Connected to (unnamed1) using cipher ECDHE_RSA_AES_256_GCM_SHA384.
% Connection to (unnamed1) closed by foreign host.

On the server-side, is possible to disable TLS1.3, and then things work fine
with TLS1.2 connectivity.  Have not tested specifically different cipher suites
and so-on, however.

Older versions of tf5+gnutls (e.g. all current Ubuntu-LTS, and Debian before
buster) do not seem to have the issue, presumably because of lacking TLS1.3
support!.


My suggestion is that may make best sense for tf5 to (if possible) disable
TLS1.3 usage until this is sorted out in gnutls-land, or indeed, openssl 2.0
reaches debian and can just be used with tf5 instead!

May also be appropriate to post a bug into GNUTLS once some further
investigation
done?


With thanks,

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-72-generic (SMP w/2 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages tf5 depends on:
ii  libc6                2.29-6
ii  libgnutls-openssl27  3.6.11.1-2
ii  libpcre3             2:8.39-12+b1
ii  libtinfo6            6.1+20191019-1
ii  zlib1g               1:1.2.11.dfsg-1+b1

tf5 recommends no packages.

Versions of packages tf5 suggests:
pn  spell  <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: tf5
Source-Version: 5.0beta8-9
Done: Russ Allbery <[email protected]>

We believe that the bug you reported is fixed in the latest version of
tf5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Russ Allbery <[email protected]> (supplier of updated tf5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Nov 2020 16:37:34 -0800
Source: tf5
Architecture: source
Version: 5.0beta8-9
Distribution: unstable
Urgency: medium
Maintainer: Russ Allbery <[email protected]>
Changed-By: Russ Allbery <[email protected]>
Closes: 947734
Changes:
 tf5 (5.0beta8-9) unstable; urgency=medium
 .
   * Build against OpenSSL instead of GnuTLS, given the new ftp-master
     policy that OpenSSL can be treated as a system library and thus
     GPL-licensed software may be linked with it.  (Closes: #947734)
   * Add lintian overrides for possible-gpl-code-linked-with-openssl and
     for tags asking for various things to be forwarded to upstream (since
     upstream is quite dead).
Checksums-Sha1:
 7cb18a62fa57a132b30680920fa874038079af0c 1638 tf5_5.0beta8-9.dsc
 e74d83cac001f09f46f006cfb642755d7736400c 11788 tf5_5.0beta8-9.debian.tar.xz
Checksums-Sha256:
 49d94dc1b077f6004ea7b17994c0bfd898fc44f6473244a4aec1dc0c9ea03b80 1638 
tf5_5.0beta8-9.dsc
 66bf88023535046ca5e85b77afee84be0d5163b0012bab79e2101045e7518ebc 11788 
tf5_5.0beta8-9.debian.tar.xz
Files:
 fa1cc99a411fb580a49f4deba6a69c38 1638 net optional tf5_5.0beta8-9.dsc
 4dbe286419398ae5fb7c73cd013df3b7 11788 net optional 
tf5_5.0beta8-9.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE1zk0tJZ0z1zNmsJ4fYAxXFc23nUFAl+weNAACgkQfYAxXFc2
3nXlPgf+OPm7UIMH3zbJ1UaN7aEUiUWD+L6gBiXMCjFIRWR2Z2b72o8QzGX79lK4
RjtIrrvukQ4uxn8z29VW+pRugIb6EITk3DEXVmMXxv+hjg3r0JwwHdTDdbKXZ3Y+
OoHHSK1rgIFOBt49lyPCmDv7wcQ0fC97SpKzlW5SKBtM5qrGv8VBbb9O8Vs7feve
J+3MabU7y8Q5G7Rw85XXFvz8ubq/XSF2TF816sUaJkGRiKTb7KRID07RwS19MI2N
Tl2twHTGG+xS39p2X2jtOYXXHS/ETSqWBlwJEZvlvUV5uqc5k5ZZMDtBbo7GODEI
Rj/YAvk68k9JspGSUSZyG91+EcxO4Q==
=p74O
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to