Bug#1032385: Acknowledgement (smtp: SSL_CTX_load_verify_locations: No such file or directory)
Sorry, I accidentally sent the report twice (duplicate is #1032384 with a minor typo). How do I fix this? -- Felix Dietrich
Bug#1032385: smtp: SSL_CTX_load_verify_locations: No such file or directory
Package: opensmtpd
Version: 6.8.0p2-3
Severity: normal
Tags: patch
On Debian Bullseye attempting to send a test mail from the command line
using the “smtp” program included in the “opensmtpd” package results in
the error message:
smtp: SSL_CTX_load_verify_locations: No such file or directory
The cause of this error message is a missing “/usr/lib/ssl/cert.pem”
file, which was, according to its changelog, only added to the “openssl”
package in version 3.0.5-3 [1]; this version is not available in the stable
archive. The path “/usr/lib/ssl/cert.pem” is passed to
“SSL_CTX_load_verify_locations in “smtpc.c:145” (it is the result of the
call to “X509_get_default_cert_file” [2]):
if (!SSL_CTX_load_verify_locations(ssl_ctx,
X509_get_default_cert_file(), NULL))
fatal("SSL_CTX_load_verify_locations");
One solution to this issue would be to backport the addition of the
“/usr/lib/ssl/cert.pem” symlink to the “openssl” package to the older
version available in stable. This would likely also require an
additional dependency on the “ca-certificates” package so that the
symlink “/usr/lib/ssl/cert.pem” to “/etc/ssl/certs/ca-certificates.crt”
can actually be correctly resolved to a file. For this solution,
presumably, a bug report against the “openssl” has to be created.
Another solution would call instead of “SSL_CTX_load_verify_locations”
the function “SSL_CTX_set_default_verify_paths” as it does not consider
missing default locations an error [3]. It also has the advantage of
allowing the user to customise the certificates used by setting the
environment variables SSL_CERT_DIR and SSL_CERT_FILE. For this solution
I have attached a patch.
Footnotes:
[1] openssl (3.0.5-3) unstable; urgency=medium
* Add cert.pem symlink pointing to ca-certificates' ca-certificates.crt
(Closes: #805646).
* Compile with OPENSSL_TLS_SECURITY_LEVEL=2 (Closes: #918727).
-- Sebastian Andrzej Siewior Sun, 18 Sep 2022
21:48:05 +0200
[2] Compilation of this mini program to print the default certificate
file requires linking against libcrypto
(gcc src.c -o print_cert_file -lcrypto):
#include
#include
#include
int main(int argc, char *argv[])
{
printf("%s\n", X509_get_default_cert_file());
return EXIT_SUCCESS;
}
[3]
Index: opensmtpd-6.8.0p2/usr.sbin/smtpd/smtpc.c
===
--- opensmtpd-6.8.0p2.orig/usr.sbin/smtpd/smtpc.c 2020-12-24 14:42:21.0 +0100
+++ opensmtpd-6.8.0p2/usr.sbin/smtpd/smtpc.c 2023-03-05 12:49:26.390962737 +0100
@@ -142,9 +142,8 @@
event_init();
ssl_ctx = ssl_ctx_create(NULL, NULL, 0, NULL);
- if (!SSL_CTX_load_verify_locations(ssl_ctx,
- X509_get_default_cert_file(), NULL))
- fatal("SSL_CTX_load_verify_locations");
+ if (!SSL_CTX_set_default_verify_paths(ssl_ctx))
+ fatal("SSL_CTX_set_default_verify_paths");
if (!SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method()))
fatal("SSL_CTX_set_ssl_version");
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE , NULL);
Bug#1032384: smtp: SSL_CTX_load_verify_locations: No suck file or directory
Package: opensmtpd
Version: 6.8.0p2-3
Severity: normal
Tags: patch
On Debian Bullseye attempting to send a test mail from the command line
using the “smtp” program included in the “opensmtpd” package results in
the error message:
smtp: SSL_CTX_load_verify_locations: No suck file or directory
The cause of this error message is a missing “/usr/lib/ssl/cert.pem”
file, which was, according to its changelog, only added to the “openssl”
package in version 3.0.5-3 [1]; this version is not available in the stable
archive. The path “/usr/lib/ssl/cert.pem” is passed to
“SSL_CTX_load_verify_locations in “smtpc.c:145” (it is the result of the
call to “X509_get_default_cert_file” [2]):
if (!SSL_CTX_load_verify_locations(ssl_ctx,
X509_get_default_cert_file(), NULL))
fatal("SSL_CTX_load_verify_locations");
One solution to this issue would be to backport the addition of the
“/usr/lib/ssl/cert.pem” symlink to the “openssl” package to the older
version available in stable. This would likely also require an
additional dependency for the “opensmtpd” package on “ca-certificates”
so that the symlink “/usr/lib/ssl/cert.pem” to
“/etc/ssl/certs/ca-certificates.crt” can actually be correctly resolved
to a file. For this solution, presumably, a bug report against the
“openssl” has to be created. An ad-hoc solution creates the symlink
manually:
ln -s /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem
Another solution would call instead of “SSL_CTX_load_verify_locations”
the function “SSL_CTX_set_default_verify_paths” as it does not consider
missing default locations an error [3]. It also has the advantage of
allowing the user to customise the certificates used by setting the
environment variables SSL_CERT_DIR and SSL_CERT_FILE. For this solution
I have attached a patch. There may, however, have been reasonable
motivation for the use of one function over the other and for producing
an error in the absence of a certificates file, that I am not aware of.
Footnotes:
[1] The changelog entry:
openssl (3.0.5-3) unstable; urgency=medium
* Add cert.pem symlink pointing to ca-certificates' ca-certificates.crt
(Closes: #805646).
* Compile with OPENSSL_TLS_SECURITY_LEVEL=2 (Closes: #918727).
-- Sebastian Andrzej Siewior Sun, 18 Sep 2022
21:48:05 +0200
[2] Compilation of this mini program to print the default certificate
path requires linking against libcrypto:
gcc print_cert_file.c -o print_cert_file -lcrypto
/* print_cert_file.c start */
#include
#include
#include
int main(int argc, char *argv[])
{
printf("%s\n", X509_get_default_cert_file());
return EXIT_SUCCESS;
}
/* print_cert_file.c end */
[3]
<https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_load_verify_locations.html>
--
Felix Dietrich
Index: opensmtpd-6.8.0p2/usr.sbin/smtpd/smtpc.c
===
--- opensmtpd-6.8.0p2.orig/usr.sbin/smtpd/smtpc.c 2020-12-24 14:42:21.0 +0100
+++ opensmtpd-6.8.0p2/usr.sbin/smtpd/smtpc.c 2023-03-05 12:49:26.390962737 +0100
@@ -142,9 +142,8 @@
event_init();
ssl_ctx = ssl_ctx_create(NULL, NULL, 0, NULL);
- if (!SSL_CTX_load_verify_locations(ssl_ctx,
- X509_get_default_cert_file(), NULL))
- fatal("SSL_CTX_load_verify_locations");
+ if (!SSL_CTX_set_default_verify_paths(ssl_ctx))
+ fatal("SSL_CTX_set_default_verify_paths");
if (!SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method()))
fatal("SSL_CTX_set_ssl_version");
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE , NULL);
Bug#861292: python-cherrypy3: URL in description leads to 404-page
Package: python-cherrypy3 Version: 3.5.0-2 Severity: minor The URL [1] mentioned in the package's description leads to a 404-page. [1] http://www.cherrypy.org/wiki/UpgradeTo30 -- Felix Dietrich
Bug#783929: mnemosyne: easyness not updated according to SM2 algorithm
The upstream developer has updated the documentation on the projects website and expressed that he is currently not interested in changing the scheduling algorithm without an analysis of the data gathered: it is, for now, working as he intended. Can this bug report therefore be closed, or is further work on it necessary? -- Felix
Bug#808198: markdown-calibre: ImportError: No module named markdown.__main__
Package: calibre
Version: 2.45.0+dfsg-1
Severity: important
Tags: patch
Invocating markdown-calibre fails with an ImportError:
Traceback (most recent call last):
File "/usr/bin/markdown-calibre", line 19, in
from calibre.ebooks.markdown.__main__ import run
ImportError: No module named markdown.__main__
this happens because the command fixing the import statements for
calibre.ebooks.markdown in debian/rules:
find debian/tmp/ -name '*.py' | xargs sed -i
's/calibre.ebooks.markdown/markdown/g'
only affects files having a .py extension which the executable
/usr/bin/markdown-calibre does not have so that markdown-calibre
continues to be included in the package with the wrong import statement.
In case markdown-calibre should continue to be part of the calibre
package (it does not appear to do more than /usr/bin/markdown_py from
the python-markdown package) I created an updated
use_system_markdown.patch file that I appended.
Alternatively one could adjust the aforementioned find command in
debian/rules to also list the markdown-calibre file:
find debian/tmp -name "*.py" -or -name "markdown-calibre" | ...
I do not know which is to be preferred and am wondering: is there a
reason to motify the imports both via a patch file and by using sed in
debian/rules?
Another option might be to remove the calibre-markdown executable – if
it in fact does the same thing as markdown_py from python-markdown –
from the package as I did not find invocations of markdown-calibre in
the source using grep (grep -r markdown-calibre .).
--
Felix Dietrich
Author: Dmitry Shachnev
Description: use system python-markdown
Forwarded: not-needed
Last-Update: 2013-04-04
Index: calibre-2.45.0+dfsg/src/calibre/library/comments.py
===
--- calibre-2.45.0+dfsg.orig/src/calibre/library/comments.py
+++ calibre-2.45.0+dfsg/src/calibre/library/comments.py
@@ -150,7 +150,7 @@ def sanitize_html(html):
return serializer.render(stream)
def sanitize_comments_html(html):
-from calibre.ebooks.markdown import Markdown
+from markdown import Markdown
text = html2text(html)
md = Markdown()
html = md.convert(text)
Index: calibre-2.45.0+dfsg/src/calibre/linux.py
===
--- calibre-2.45.0+dfsg.orig/src/calibre/linux.py
+++ calibre-2.45.0+dfsg/src/calibre/linux.py
@@ -20,7 +20,7 @@ entry_points = {
'ebook-meta = calibre.ebooks.metadata.cli:main',
'ebook-convert = calibre.ebooks.conversion.cli:main',
'ebook-polish = calibre.ebooks.oeb.polish.main:main',
- 'markdown-calibre = calibre.ebooks.markdown.__main__:run',
+ 'markdown-calibre = markdown.__main__:run',
'web2disk = calibre.web.fetch.simple:main',
'calibre-server = calibre.library.server.main:main',
'lrf2lrs= calibre.ebooks.lrf.lrfparser:main',
Bug#807104: python-apt-doc: Use of print statements not compatible with python3
Julian Andres Klode writes:
> I'd rather prefer to use print(..., file=sys.stderr) instead of
> sys.stderr.write().
> Importing print_function from __future__ should make it
> work in both Python 2 and 3.
I attached another patch that uses the print function.
> This might need more changes though: I'm not sure if the
> pep8 test accepts this (tests/testmanual_pep8.py).
Oh, you are right. I hadn't run the test before: pep8 complained about
a line that got to long.
>> >From 331782006251adb25118cd1343c74a1765280b4f Mon Sep 17 00:00:00 2001
>
> There is an extra > in front of the first attachement line, causing
> git am to fail applying it.
Not sure were that came from; I hope it works this time.
--
Felix Dietrich
>From 2af29dfc532987e0161eb18cd43feff6d028d648 Mon Sep 17 00:00:00 2001
From: Felix Dietrich
Date: Sun, 6 Dec 2015 13:56:47 +0100
Subject: [PATCH] Use print function from __future__ in examples
---
doc/source/examples/cache-packages.py| 8
doc/source/examples/cache-pkgfile.py | 16
doc/source/examples/dpkg-contents.py | 6 --
doc/source/examples/dpkg-extract.py | 8 ++--
doc/source/examples/dpkg-info.py | 7 +--
doc/source/examples/missing-deps.py | 10 +-
doc/source/examples/update-print-uris.py | 2 +-
doc/source/library/apt.cache.rst | 2 +-
doc/source/library/apt.package.rst | 6 +++---
doc/source/library/apt_pkg.rst | 8
doc/source/tutorials/apt-get.rst | 2 +-
11 files changed, 42 insertions(+), 33 deletions(-)
mode change 100644 => 100755 doc/source/examples/cache-packages.py
mode change 100644 => 100755 doc/source/examples/cache-pkgfile.py
mode change 100644 => 100755 doc/source/examples/dpkg-contents.py
mode change 100644 => 100755 doc/source/examples/dpkg-extract.py
mode change 100644 => 100755 doc/source/examples/dpkg-info.py
mode change 100644 => 100755 doc/source/examples/missing-deps.py
mode change 100644 => 100755 doc/source/examples/update-print-uris.py
diff --git a/doc/source/examples/cache-packages.py b/doc/source/examples/cache-packages.py
old mode 100644
new mode 100755
index 7253430..0a4c34e
--- a/doc/source/examples/cache-packages.py
+++ b/doc/source/examples/cache-packages.py
@@ -9,14 +9,14 @@ def main():
apt_pkg.init_config()
apt_pkg.init_system()
cache = apt_pkg.Cache()
-print "Essential packages:"
+print("Essential packages:")
for pkg in cache.packages:
if pkg.essential:
-print " ", pkg.name
-print "Important packages:"
+print(" ", pkg.name)
+print("Important packages:")
for pkg in cache.packages:
if pkg.important:
-print " ", pkg.name
+print(" ", pkg.name)
if __name__ == "__main__":
main()
diff --git a/doc/source/examples/cache-pkgfile.py b/doc/source/examples/cache-pkgfile.py
old mode 100644
new mode 100755
index 10216c1..bbf9b61
--- a/doc/source/examples/cache-pkgfile.py
+++ b/doc/source/examples/cache-pkgfile.py
@@ -7,23 +7,23 @@ def main():
apt_pkg.init()
cache = apt_pkg.Cache()
for pkgfile in cache.file_list:
-print 'Package-File:', pkgfile.filename
-print 'Index-Type:', pkgfile.index_type # 'Debian Package Index'
+print('Package-File:', pkgfile.filename)
+print('Index-Type:', pkgfile.index_type) # 'Debian Package Index'
if pkgfile.not_source:
-print 'Source: None'
+print('Source: None')
else:
if pkgfile.site:
# There is a source, and a site, print the site
-print 'Source:', pkgfile.site
+print('Source:', pkgfile.site)
else:
# It seems to be a local repository
-print 'Source: Local package file'
+print('Source: Local package file')
if pkgfile.not_automatic:
# The system won't be updated automatically (eg. experimental)
-print 'Automatic: No'
+print('Automatic: No')
else:
-print 'Automatic: Yes'
-print
+print('Automatic: Yes')
+print()
if __name__ == '__main__':
main()
diff --git a/doc/source/examples/dpkg-contents.py b/doc/source/examples/dpkg-contents.py
old mode 100644
new mode 100755
index 47a50e0..1308172
--- a/doc/source/examples/dpkg-contents.py
+++ b/doc/source/examples/dpkg-contents.py
@@ -1,6 +1,8 @@
#!/usr/bin/python
"""Emulate dpkg --contents"""
+from __future__ import print_function
+
import grp
import pwd
Bug#807103: python-apt-doc: Documentation describes removed functions
Package: python-apt-doc Version: 1.1.0~beta1 Severity: important The documentation describes, as well as uses these in its examples, functions that are no longer part of the python-apt modules (such as apt_inst.debExtract). While these are usually marked as deprecated and the description points to the superseding functions, examples fail to run with errors making it harder to get started with python-apt. I am interested to work on documentation and examples or help whomever is currently at it, but I am uncertain how to deal with the now removed functions in the describing part of the documentation: Should their describtions simply be deleted? Moved to another section of the documentation archiving the old interface? Amended with a note stating that these functions have been removed and the versionnumber corresponding to the removal? -- Felix Dietrich
Bug#807104: python-apt-doc: Use of print statements not compatible with python3
Package: python-apt-doc
Version: 1.1.0~beta1
Severity: normal
Tags: patch
The examples make use of the print statements such that it is
incompatible with python3, e.g.:
print "Essential packages:"
print >> sys.stderr, "need filename argument"
The attached patch modifies these lines to read:
print("Essential packages:")
sys.stderr.write("need filename argument\n")
--
>From 331782006251adb25118cd1343c74a1765280b4f Mon Sep 17 00:00:00 2001
From: Felix Dietrich
Date: Thu, 3 Dec 2015 13:34:07 +0100
Subject: [PATCH] Convert print statements so they work in python3
---
doc/source/examples/cache-packages.py| 8
doc/source/examples/cache-pkgfile.py | 16
doc/source/examples/dpkg-contents.py | 4 ++--
doc/source/examples/dpkg-extract.py | 4 ++--
doc/source/examples/dpkg-info.py | 4 ++--
doc/source/examples/missing-deps.py | 10 +-
doc/source/examples/update-print-uris.py | 2 +-
doc/source/library/apt.cache.rst | 2 +-
doc/source/library/apt.package.rst | 6 +++---
doc/source/library/apt_pkg.rst | 8
doc/source/tutorials/apt-get.rst | 2 +-
11 files changed, 33 insertions(+), 33 deletions(-)
mode change 100644 => 100755 doc/source/examples/cache-packages.py
mode change 100644 => 100755 doc/source/examples/cache-pkgfile.py
mode change 100644 => 100755 doc/source/examples/dpkg-contents.py
mode change 100644 => 100755 doc/source/examples/dpkg-extract.py
mode change 100644 => 100755 doc/source/examples/dpkg-info.py
mode change 100644 => 100755 doc/source/examples/missing-deps.py
mode change 100644 => 100755 doc/source/examples/update-print-uris.py
diff --git a/doc/source/examples/cache-packages.py b/doc/source/examples/cache-packages.py
old mode 100644
new mode 100755
index 7253430..0a4c34e
--- a/doc/source/examples/cache-packages.py
+++ b/doc/source/examples/cache-packages.py
@@ -9,14 +9,14 @@ def main():
apt_pkg.init_config()
apt_pkg.init_system()
cache = apt_pkg.Cache()
-print "Essential packages:"
+print("Essential packages:")
for pkg in cache.packages:
if pkg.essential:
-print " ", pkg.name
-print "Important packages:"
+print(" ", pkg.name)
+print("Important packages:")
for pkg in cache.packages:
if pkg.important:
-print " ", pkg.name
+print(" ", pkg.name)
if __name__ == "__main__":
main()
diff --git a/doc/source/examples/cache-pkgfile.py b/doc/source/examples/cache-pkgfile.py
old mode 100644
new mode 100755
index 10216c1..bbf9b61
--- a/doc/source/examples/cache-pkgfile.py
+++ b/doc/source/examples/cache-pkgfile.py
@@ -7,23 +7,23 @@ def main():
apt_pkg.init()
cache = apt_pkg.Cache()
for pkgfile in cache.file_list:
-print 'Package-File:', pkgfile.filename
-print 'Index-Type:', pkgfile.index_type # 'Debian Package Index'
+print('Package-File:', pkgfile.filename)
+print('Index-Type:', pkgfile.index_type) # 'Debian Package Index'
if pkgfile.not_source:
-print 'Source: None'
+print('Source: None')
else:
if pkgfile.site:
# There is a source, and a site, print the site
-print 'Source:', pkgfile.site
+print('Source:', pkgfile.site)
else:
# It seems to be a local repository
-print 'Source: Local package file'
+print('Source: Local package file')
if pkgfile.not_automatic:
# The system won't be updated automatically (eg. experimental)
-print 'Automatic: No'
+print('Automatic: No')
else:
-print 'Automatic: Yes'
-print
+print('Automatic: Yes')
+print()
if __name__ == '__main__':
main()
diff --git a/doc/source/examples/dpkg-contents.py b/doc/source/examples/dpkg-contents.py
old mode 100644
new mode 100755
index 9497cf8..ec730c4
--- a/doc/source/examples/dpkg-contents.py
+++ b/doc/source/examples/dpkg-contents.py
@@ -38,13 +38,13 @@ def callback(what, name, link, mode, uid, gid, size, mtime, major, minor):
s_name = name.startswith(".") and name or ("./" + name)
if link:
s_name += " link to %s" % link
-print s_mode, s_owner, s_size, s_time, s_name
+print(s_mode, s_owner, s_size, s_time, s_name)
def main():
"""Main function"""
if len(sys.argv) < 2:
-print >> sys.stderr, "need filename argumnet"
+
Bug#807105: python-apt-doc: typo in tutorials/apt-cdrom.rst
Package: python-apt-doc
Version: 1.1.0~beta1
Severity: minor
Tags: patch
I found a rather minor typo in tutorials/apt-cdrom.rst ("mount pint" -->
"mount point").
>From 3cfa0e50216a39cf10fe26be3c9cf32bd5372286 Mon Sep 17 00:00:00 2001
From: Felix Dietrich
Date: Thu, 3 Dec 2015 11:29:34 +0100
Subject: [PATCH] Fix typo
---
doc/source/tutorials/apt-cdrom.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/source/tutorials/apt-cdrom.rst b/doc/source/tutorials/apt-cdrom.rst
index 5dd8874..7e1d794 100644
--- a/doc/source/tutorials/apt-cdrom.rst
+++ b/doc/source/tutorials/apt-cdrom.rst
@@ -95,7 +95,7 @@ it is a boolean argument. Afterwards you could use
``apt_pkg.config.find_b("help")`` to see whether ``--help`` was specified. In
``('d',"cdrom","Acquire::cdrom::mount","HasArg")`` the fourth field is
``"HasArg"``. This means that the option has an argument, in this case the
-location of the mount pint. ``('c',"config-file","","ConfigFile")`` shows how
+location of the mount point. ``('c',"config-file","","ConfigFile")`` shows how
to include configuration files. This option takes a parameter which points to
a configuration file which will be added to the configuration space.
``('o',"option","","ArbItem")`` is yet another type of option, which allows users
--
2.6.2
