Bug#916683: libgnutls30: breaks msmtp 1.6.7-1
On 2018-12-18 Andreas Metzler wrote: > On 2018-12-17 Jonas Smedegaard wrote: [...] > > The hosts I experienced problems with are mail.jones.dk and > > mail.homebase.dk - both running Postfix on Debian stable (which made me [...] > Thanks! FWIW as a temporary workaround you can invoke msmtp with > --tls-priorities=NORMAL:-VERS-TLS1.3 I have just tested with msmtp 1.8.1, it works. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#916683: libgnutls30: breaks msmtp 1.6.7-1
The issue is caused by a bug in msmtp which is already fixed in 1.8.1 https://gitlab.marlam.de/marlam/msmtp/issues/21 After I removed the patch in debian/patches that fixes only some typos in the manpage but does not apply any longer with 1.8.1 sources the package builds just fine. So hopefully the maintainer finds some time to package the new release soon. Until then just grab the sources from the repo and fetch the new upstream sources with uscan, remove the patch and build it locally. Best regards Fritz -- Fritz Reichwald Linux Consultant Tel: +49 160 8452444 Mail: reichw...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 signature.asc Description: PGP signature
Bug#916683: libgnutls30: breaks msmtp 1.6.7-1
On 2018-12-17 Jonas Smedegaard wrote: > Quoting Andreas Metzler (2018-12-17 19:37:05) [msmtp / GnuTLS 3.6 breaks] >> FWIW I have had successful connections against exim4 (gnutls 3.5 and >> 3.6). Which host are you trying to connect to? > Sorry for exaggerating! Not at all. > The hosts I experienced problems with are mail.jones.dk and > mail.homebase.dk - both running Postfix on Debian stable (which made me > rule out them as cause for blame, but...) both of them managed by myself > with various attempts at tightening security, so I realize now that I > may possibly have exposed bugs in unusual setups rather than common > ones. It might be the other way round, GnuTLS servers the only ones not triggering the issue. > Both systems are running in production so I am not happy doing drastic > experiments on them - but on the other hand they are public accessible > so available for testing this bug if needed. Thanks! FWIW as a temporary workaround you can invoke msmtp with --tls-priorities=NORMAL:-VERS-TLS1.3 cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#916683: libgnutls30: breaks msmtp 1.6.7-1
Quoting Andreas Metzler (2018-12-17 19:37:05) > On 2018-12-17 Jonas Smedegaard wrote: > > I use msmtp, and it worked fine until few days ago, > > with msmtp 1.6.7-1 and libgnutls30 3.5.19-1+b1. > > > Upgrading to libgnutls30 3.6.5-2 breaks msmtp: > > Any attempt at connecting to a TLS-secured site gets disconnected. > > FWIW I have had successful connections against exim4 (gnutls 3.5 and > 3.6). Which host are you trying to connect to? Sorry for exaggerating! The hosts I experienced problems with are mail.jones.dk and mail.homebase.dk - both running Postfix on Debian stable (which made me rule out them as cause for blame, but...) both of them managed by myself with various attempts at tightening security, so I realize now that I may possibly have exposed bugs in unusual setups rather than common ones. Both systems are running in production so I am not happy doing drastic experiments on them - but on the other hand they are public accessible so available for testing this bug if needed. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#916683: libgnutls30: breaks msmtp 1.6.7-1
Quoting Andreas Metzler (2018-12-17 19:37:05) > On 2018-12-17 Jonas Smedegaard wrote: > > I use msmtp, and it worked fine until few days ago, > > with msmtp 1.6.7-1 and libgnutls30 3.5.19-1+b1. > > > Upgrading to libgnutls30 3.6.5-2 breaks msmtp: > > Any attempt at connecting to a TLS-secured site gets disconnected. > > FWIW I have had successful connections against exim4 (gnutls 3.5 and > 3.6). Which host are you trying to connect to? > > > Seems liek backwards-incompatible ABI change to me, which I believe > > should be handled in coordination with its reverse dependencies. > > Hence the severity. > > It is not an API change but a side effect of different handshake with > TLS1.3, now GNUTLS_E_AGAIN can be returned for blocking sockets. > > See > https://github.com/marlam/msmtp-mirror/commit/ec043e5375d0ecd5ab987e53d0ebfecfc1de0858 Ahh, thanks a lot for digging deeper. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Processed: Re: Bug#916683: libgnutls30: breaks msmtp 1.6.7-1
Processing control commands: > reassign -1 msmtp 1.6.7-1 Bug #916683 [libgnutls30] libgnutls30: breaks msmtp 1.6.7-1 Bug reassigned from package 'libgnutls30' to 'msmtp'. No longer marked as found in versions gnutls28/3.6.5-2. Ignoring request to alter fixed versions of bug #916683 to the same values previously set Bug #916683 [msmtp] libgnutls30: breaks msmtp 1.6.7-1 Marked as found in versions msmtp/1.6.7-1. > tags -1 fixed-upstream Bug #916683 [msmtp] libgnutls30: breaks msmtp 1.6.7-1 Added tag(s) fixed-upstream. -- 916683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916683 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#916683: libgnutls30: breaks msmtp 1.6.7-1
Control: reassign -1 msmtp 1.6.7-1 Control: tags -1 fixed-upstream On 2018-12-17 Jonas Smedegaard wrote: > Package: libgnutls30 > Version: 3.6.5-2 > Severity: serious > Justification: Policy 3.5 > I use msmtp, and it worked fine until few days ago, > with msmtp 1.6.7-1 and libgnutls30 3.5.19-1+b1. > Upgrading to libgnutls30 3.6.5-2 breaks msmtp: > Any attempt at connecting to a TLS-secured site gets disconnected. FWIW I have had successful connections against exim4 (gnutls 3.5 and 3.6). Which host are you trying to connect to? > Seems liek backwards-incompatible ABI change to me, > which I believe should be handled in coordination with its > reverse dependencies. Hence the severity. It is not an API change but a side effect of different handshake with TLS1.3, now GNUTLS_E_AGAIN can be returned for blocking sockets. See https://github.com/marlam/msmtp-mirror/commit/ec043e5375d0ecd5ab987e53d0ebfecfc1de0858 cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' signature.asc Description: PGP signature
Bug#916683: libgnutls30: breaks msmtp 1.6.7-1
Package: libgnutls30 Version: 3.6.5-2 Severity: serious Justification: Policy 3.5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I use msmtp, and it worked fine until few days ago, with msmtp 1.6.7-1 and libgnutls30 3.5.19-1+b1. Upgrading to libgnutls30 3.6.5-2 breaks msmtp: Any attempt at connecting to a TLS-secured site gets disconnected. Seems liek backwards-incompatible ABI change to me, which I believe should be handled in coordination with its reverse dependencies. Hence the severity. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlwXhkIACgkQLHwxRsGg ASE9yxAAhKWYFkAKdHem+DVzuK5vcym4ZgiGoK12JIkRpTkX7g/CdgoA4lXyszNJ sdV87pI6ViiE6Y4ZTl+/81vhiJ52TnDq6XJnwGlHp8+BeXHc87ERMHkC4wbdoqxa vZgpBkQ8Nb7gsZ6JA5ZEgVBbJ826zcdTvaCQseVsFghfE6RGUfOMba2U4k0D9YHZ DPWDVHyJhIDgRmM9wm27xBFTPmHQ8llJbnkgoP+DcnTC9HC49vq50el5HtS1tkq8 tUsR3imRQc9AFqSv8d5Q5HOr9aE0UoDt43fPsa/3SNhAos7CYhYiCkELdj1fwmo9 Mea7rk4Huxn6BgXJPY/F4UADs3+rueMSi/Te6PEHERM1Zb0HFOoGQNI4E+F/y6bF l3ArA8ZncmOmKe29ES3CIQ4T329O68RlEcL/UEJp76l1wsV9kXTZ0234gzCkrsUr 7OkqYtHGetSikBlknN2v5qBWPUJ9QiueTfVwNqg8vlfxBL3NhC0KmMpcEhbgRgqH 50Il1fKutIqO2n7U+DKpvzJ/WiKB1W9bTKqM4KLdEixYF1ie1HTMgxMvN+pCrMRD IIAUOg23hMmHfoxoUCqNYlZBGogqYsThvziAQOBbLugWlKroAO3t/X5dQWS0igBr qcCr19oAvsio4BUWBpKlgi+3YUY9o9g9Y/tp4mRtV+iAdWaUKi4= =fl8q -END PGP SIGNATURE-
