Your message dated Wed, 12 Jun 2019 18:03:47 +0000 with message-id <e1hb7b9-0003rq...@fasolo.debian.org> and subject line Bug#929907: fixed in gnutls28 3.6.7-4 has caused the Debian Bug report #929907, regarding libgnutls30: Connections to older GnUTLS servers break to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929907: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929907 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libgnutls30 Version: 3.6.7-3 Severity: grave Justification: renders package unusable The update to 3.6.7-3 reproducibly breaks ldap-utils (or, maybe,the ldap client library) when connecting to a server with the previous 3.6.6-2 version. I am afraid it breaks more than that. GnuTLS-secured connections are just closed with no visible reason. Seen on more than 12 systems, then went to a system that had not got the update yet. An ldapsearch works with 3.6.6-2, and fails after updating to 3.6.7-3 with the connection just being closed after reading some data from the LDAP server setill on 3.6.6-2. Upgrading GnuTLS to 3.6.7-3 on the server made the problem go away. I am setting this critical as I cannot imagine it is expected that GnuTLS clients require the server to be the exact same version. -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libgnutls30 depends on: ii libc6 2.28-10 ii libgmp10 2:6.1.2+dfsg-4 ii libhogweed4 3.4.1-1 ii libidn2-0 2.0.5-1 ii libnettle6 3.4.1-1 ii libp11-kit0 0.23.15-2 ii libtasn1-6 4.13-3 ii libunistring2 0.9.10-1 libgnutls30 recommends no packages. Versions of packages libgnutls30 suggests: pn gnutls-bin <none> -- no debconf information
--- End Message ---
--- Begin Message ---Source: gnutls28 Source-Version: 3.6.7-4 We believe that the bug you reported is fixed in the latest version of gnutls28, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametz...@debian.org> (supplier of updated gnutls28 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 12 Jun 2019 19:21:23 +0200 Source: gnutls28 Architecture: source Version: 3.6.7-4 Distribution: unstable Urgency: medium Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametz...@debian.org> Closes: 929907 Changes: gnutls28 (3.6.7-4) unstable; urgency=medium . * Cherry-pick important bug-fixes from 3.6.8: + 40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch The gnutls_srp_set_server_credentials_function can be used with the 8192 parameters as well. https://gitlab.com/gnutls/gnutls/issues/761 + 40_rel3.6.8_05-lib-nettle-fix-carry-flag-in-Streebog-code.patch Fix calculation of Streebog digests (incorrect carry operation in 512 bit addition). + 40_rel3.6.8_10-ext-record_size_limit-distinguish-sending-and-receiv.patch Fix compatibility of GnuTLS 3.6.[456] server with GnuTLS 3.6.7 client. Closes: #929907 + 40_rel3.6.8_15-Apply-STD3-ASCII-rules-in-gnutls_idna_map.patch Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain crafting via IDNA conversion. https://gitlab.com/gnutls/gnutls/issues/720 + 40_rel3.6.8_20-pubkey-remove-deprecated-TLS1_RSA-flag-check.patch Fixed bug preventing the use of gnutls_pubkey_verify_data2() and gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag. https://gitlab.com/gnutls/gnutls/issues/754 Checksums-Sha1: 405d4ec39e90160436e9f6dce356d8b28fbba1bf 3322 gnutls28_3.6.7-4.dsc f4c7014c5653ea59b5778e6a0770087e1aa21efb 72820 gnutls28_3.6.7-4.debian.tar.xz Checksums-Sha256: ff2e35284ef8002260f628ef2aef82f8f9859ff9ed125e087a97b5490e5ee338 3322 gnutls28_3.6.7-4.dsc fac0e4910dff5eddc6e25709438f3b3c70239b202f079c4466e81a6fd4cb8a82 72820 gnutls28_3.6.7-4.debian.tar.xz Files: 0050731f170e0d4251afd1d58bf2d69b 3322 libs optional gnutls28_3.6.7-4.dsc 61b86dfcb696d1cf003b9e0a193bd834 72820 libs optional gnutls28_3.6.7-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl0BOOsACgkQpU8BhUOC FITyOA//Qk3aL25v/IDxmexqtCVp8PGyCK27YhfvJQkCvCh+L0teVIhFKrmWpIvs JtoGraBVYi6NR7+Ua//Z8Pha72CxcpV64+kdgj08qDmA1UE6kCWdupv7kgZT9j9s FN+v4IWHY9MIYadOd8U3XLtfJjjHv7BA01orpzvXCwTc+B86MYEdJFndsDoMljOD +elBRWTOAwI0hZRJyyVYmsugb4QOMf3/dfZUvJ12KTr5uhp0G2uAjfDntmDwxVQE 5mkgJ9S7ZhXaP6ml/dLTJzdPWqNKFxK0AnxN2FNtYxY5NyonbjgF8DrWCACEK9dU Q7FHa7x+pEaR4xXFSYlgrMmn2Q9ThJpCgo1Ju5dNfJm+NdIsmaMtn54sc6gMtdPz nynafzofpcrnlOC9k0u5MQvZ8eEsIjXfnfuDBvWnO/wQuXtvkHxH6VIo+3Xlh9Za CrJ5igON1E42y54SdTGZy3ajXLmiJT5FFdPXNd3VCK4XaLXzOuaeMCBJ3G5AFndc oIgGF9+QOKiYNrDIgp4zq/7eNy+V7NB5mcpNByUz0sO7WTRPZdk+5HqjEWV4logu Zov4akNAZFhqybggFwlv/TQsletvz0jHMDbILUA1G0fhIIxIqjKL6+0QZ5JUTzz+ F72g/IjPSfMfK418l8AheNOSMtdpdtjtfZGFZ2uA0LnAcDVHe6Y= =rGW2 -----END PGP SIGNATURE-----
--- End Message ---
