Bug#828572: tkrat: FTBFS with openssl 1.1.0

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian

Bug#851069: cjose: Please migrate to openssl1.1 in buster

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian

Bug#850888: kdelibs4support: Please migrate to openssl1.1 in buster

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian

Bug#828441: moonshot-trust-router: FTBFS with openssl 1.1.0

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian

Bug#828483: osslsigncode: FTBFS with openssl 1.1.0

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian

Bug#828449: net-snmp: Please migrate to openssl1.1 in buster

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian

Bug#828451: netty-tcnative: FTBFS with openssl 1.1.0

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian

Bug#828420: libzypp: FTBFS with openssl 1.1.0

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian

Bug#871427: argyll: please switch to SSLv23_… or TLS_…_method

On 2017-10-11 21:10:20 [-0400], Jeremy Bicha wrote: > Control: reopen -1 > > I'm reopening this bug because I think you picked the wrong choice here. > > SSLv2 and SSLv3 are deprecated and not recommended. > > Please use TLS 1.2 instead unless you have a good reason not to. What is the

Bug#874709: [Pkg-openssl-devel] Bug#874709: Bug#874709: openssl1.0: Please add arm64ilp32 support

control: tags -1 pending On 2017-09-09 09:59:02 [+0200], Kurt Roeckx wrote: > Plese note that the openssl1.0 package is supposed to be removed > by the release of Buster's, so I didn't plan to do much uploads > for this. However, we'll probably have a security release at some > point and I might

Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1

On 2017-10-07 02:14:10 [+0200], Gedalya wrote: > This is affecting EAP with wpa_supplicant. > See https://bugs.debian.org/877904 You need to do two steps in wpa supplicant: - Add an option to set minimum TLS version - if that option is set, forwarded its value (1.0 or 1.1) to

Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)

On 2017-09-22 11:12:52 [+0200], Raphael Hertzog wrote: > Hi, > > On Thu, 21 Sep 2017, Sebastian Andrzej Siewior wrote: > > The changes Kurt asked about is something that openssl upstream supports > > and is something that openssl 1.1 considers the right way of doing &g

Bug#876314: stretch-pu: package trace-cmd/2.6-0.1+b1

On 23 September 2017 18:52:20 CEST, Jonathan Wiltshire wrote: >I appreciate your diligence. Please go ahead. thanks, uploaded. > >Thanks, Sebastian

Bug#876403: Ship ct_log_list.cnf so -ct works

On 2017-09-21 12:03:19 [-0700], Josh Triplett wrote: > Attempting to use "openssl s_client -ct" produces this error: > > 139776622486784:error:02001002:system library:fopen:No such file or > directory:../crypto/bio/bss_file.c:74:fopen('/usr/lib/ssl/ct_log_list.cnf','rb') >

Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)

On 2017-09-11 12:30:30 [+0200], Raphael Hertzog wrote: > Yes, I'm aware of that but Kurt never said that he would be willing to > back off from completely disabling it before the buster release and > I don't see any benefit in modifying all server applications to re-enable > the protocols that we

Bug#871056: transition: openssl

On 2017-09-13 18:51:43 [+0200], Emilio Pozuelo Monfort wrote: > tags 871056 confirmed > thanks just noticed that this bug has been confirmed. Does this mean anything for the openssl transition? Usually this confirmed comes with "Go ahead" which leads to an upload to unstable and the severity of

Bug#871056: Qt4 in the context of OpenSSL 1.0 removal

On 2017-08-26 16:44:34 [-0300], Lisandro Damián Nicanor Pérez Meyer wrote: > Hi! src:qt4-x11 is not listed in the transition but it's definitely using > libssl (although trough dllopen). It is. The other qt-related bugs are: #828522 [i| |♔] [src:qt4-x11] qt4-x11: FTBFS with openssl 1.1.0

Bug#876314: stretch-pu: package trace-cmd/2.6-0.1+b1

upload. + * Fix segfault while processing certain trace files (Closes: #867440). + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Wed, 20 Sep 2017 21:51:23 +0200 + trace-cmd (2.6-0.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru trace-cmd-2.6/debian/patche

Bug#844770: xzcmp: SIGPIPE is raised because CMP does exit while the XZ commands are still writing to the pipe

On 2016-11-18 22:51:29 [+0100], ViaThinkSoft wrote: > Version: 5.1.1alpha+20120614-2+b3 > I noticed that xzcmp returns status code 2 (error) for a few file pairs, > especially if they differ in size. can you please check if current 5.2.2 is affected and if so provide a testcase? Sebastian

Bug#875349: libp11: Please migrate to openssl1.1 in Buster

Package: libp11 Version: 0.4.7-1 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Control: block 871056 by -1 Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#874699: node-evp-bytestokey: Please migrate to openssl1.1 in Buster

Package: node-evp-bytestokey Version: 1.0.3-1 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Control: block 871056 by -1 Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#825646: trace-cmd: New upstream release 2.6

On 2016-05-28 15:17:16 [+0200], Javi Merino wrote: > trace-cmd has a new version upstream: 2.6. I have prepared an update > for it, find it attached. You could close that one since you uploaded it. Could you however update it to 2.6.1 which would address #867440? Sebastian

Bug#385907: [Pkg-openssl-devel] Bug#385907: marked as done (openssl: missing purging at remove-time)

On 4 September 2017 22:08:27 CEST, Kurt Roeckx wrote: >> >> Since >> https://piuparts.debian.org/stretch/source/o/openssl.html >> >> says "successfully-tested 1.1.0f-3" I think that we are done here. > >I think it's other packages that call openssl from the maintainer >scripts

Bug#742240: libssl1.0.0: TLSv1_client_method()/SSL_Connect() heap overrun

On 2014-03-21 02:04:11 [-0400], Brandon wrote: > When creating a client context with SSL_CTX_new(TLSv1_client_method()), > SSL_Connect() triggers a heap overrun with the following output from valgrind: Does this still occur as of 1.1.0f? > Thanks, > Brandon Sebastian

Bug#689529: libssl1.0.0: Cannot connect to www.labanquepostale.fr:443

On 2012-10-04 00:17:45 [+0200], Kurt Roeckx wrote: > For reference, BigIP tracks this as Bug 376483. It is fixed in > the BIG-IP LTM 10.2.4 software release. > > An other site that seems to be affected by this is > my.t-mobile.com:443. closing. This BigIP issue should be solved and even

Bug#873978: sendmail-base: Please check for /usr/share/sendmail/dynamic before sourcing it

Package: sendmail-base Version: 8.15.2-8 Severity: serious I had sendmail installed. Then I removed it including sendmail-base. I used "apt-get remove" instead of "purge" and this did not end well. The log was quickly filled with this: |Sep 1 21:28:02 debbuildd dhclient[3221]: DHCPREQUEST of

Bug#867877: clamav-daemon: please respect manual configuration

On 2017-08-21 15:22:49 [+0200], Luca Capello wrote: > Hi there, Hi, > Given that no documentation was available, not even in the upstream > files, I was lost, so this would be the first improvement. > > I was not aware that upstream chose the "full-systemd path", so I guess > changing that is a

Bug#868766: clamav-freshclam: please update logcheck rules

control: found -1 0.99.2+dfsg-0+deb7u2 control: found -1 0.99.2+dfsg-6 control: tags -1 pending On 2017-07-18 13:08:19 [+0200], Václav Ovsík wrote: > > Dear Maintainer, > there is a tiny improvement to logcheck file please: thanks. Sebastian

Bug#824817: [Pkg-clamav-devel] Bug#824817: Bug#824817: Please include bytecode.cvd in one .deb

On 2016-08-09 21:58:50 [+0200], To Mathieu Parent (Debian) wrote: > On 2016-05-22 12:14:29 [+0200], Sebastian Andrzej Siewior wrote: > > Ah. You scan for the eicar sample. Okay. So you try to do something like > > we do in [0] ? Because that shouldn't work: > > |$ s

Bug#873647: libshout: Please migrate to openssl1.1 in Buster

Package: libshout Version: 2.4.1-1 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Control: block 871056 by -1 Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#873574: openssh-ssh1: Please migrate to openssl1.1 in Buster

Package: openssh-ssh1 Version: 1:7.5p1-8 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Control: block 871056 by -1 Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#870253: clamav-milter: disengaging debconf management destroys config

On 2017-08-28 17:04:51 [+0900], Marc Dequènes (Duck) wrote: > Quack, Hi, > Thanks. > > I can help you test if you provide a test package. as you wish. At https://breakpoint.cc/clamav/ you can find a .dsc file of what we have currently in git on alioth and a prebuilt binary for amd64.

Bug#870253: clamav-milter: disengaging debconf management destroys config

On 2017-08-22 21:21:14 [+0200], To Marc Dequènes wrote: > @team: any opinion here? I am going to drop that part where the debconf created file gets overwritten with the sample file. Need to test before I commit it… Sebastian

Bug#871987: back to dovecot

uild/dovecot/ > Kurt Sebastian >From fb214b15c5b6bf60da7781bae55b659bcb86db75 Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Date: Sat, 26 Aug 2017 17:04:59 +0200 Subject: [PATCH] Add support for lower TLS version than default The openssl li

Bug#871918: libssl1.1: tls_process_server_hello:unsupported protocol

On 2017-08-23 09:32:12 [+0200], Michal Palenik wrote: > it look like a something strange with libssl1.1 version 1.1.0f-4 and > some of the certificates. > > openssl s_client -connect mail7.hostmaster.sk:465 (and port 995) > > gives some buggy output (including connections with postfix or >

Bug#868092: Acknowledgement (clamav-freshclam: clean up legacy conf files)

On 2017-08-20 21:50:32 [+0200], Christoph Anton Mitterer wrote: > Hey. Hi, > Nothing special, I never manually changed the config, only via debconf. > > What seems to be the case here is the following: > > /etc/logrotate.d/clamav-freshclam seems to have been once a "conffile" > (i.e. a config

Bug#870253: clamav-milter: disengaging debconf management destroys config

On 2017-08-22 16:52:12 [+0900], Marc Dequènes (Duck) wrote: > Quack, Hi, > This may be what people using ucf expect, and in this case you might > probably close the bug, but I don't find this a nice behavior. To me > disengaging debconf mean: leave as it is, I'll take care of it from now > on. I

Bug#872885: netty-tcnative-1.1: Please migrate to openssl1.1 in Buster

Package: netty-tcnative-1.1 Version: 1.1.33.Fork26-2 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Control: block 871056 by -1 Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#868092: Acknowledgement (clamav-freshclam: clean up legacy conf files)

On 2017-07-12 01:54:01 [+0200], Christoph Anton Mitterer wrote: > On Wed, 2017-07-12 at 01:39 +0200, Christoph Anton Mitterer wrote: > > Sorry, haven't seen it was created via debconf =) > > Reverting this... it's still technically a bug, even though you create > the file, as it's marked as a

Bug#867877: clamav-daemon: please respect manual configuration

On 2017-07-10 23:39:53 [+0200], To Luca Capello wrote: > On 2017-07-10 11:40:20 [+0200], Luca Capello wrote: > > Hi there, > Hi, > > > while debugging why the TCP socket was not responding, I discovered that > > everything was fine if clamd was manually started via the CLI. And then > > I found

Bug#870253: clamav-milter: disengaging debconf management destroys config

On 2017-07-31 19:38:58 [+0900], Marc Dequènes wrote: > Quack, Hi, > I configured this package using debconf and it worked nicely. I then wanted > to handle the file via configuration management and to do so I disengaged > debconf, replying "no" to the question "Handle the configuration file >

Bug#845193: dpkg: recent -specs PIE changes break openssl

On 2016-11-21 12:01:21 [+0100], Thorsten Glaser wrote: > I’m suspecting it tries to compile library code (which must > be PIC) as PIE, or something. I got this advice from the > openssl maintainer: This is currently still open against openssl1.0, the package is built without a log so I assume

Bug#872594: clamav: please use system libmspack instead of embedded copy

control: tags -1 pending On 2017-08-19 07:48:28 [+0900], Marc Dequènes wrote: > Quack, Hi, > I can see there was some work to use the library instead of the embedded > code, and that upstream even added the changes, which is nice, unfortunately > the resulting packages do not depend on it. > >

Bug#871987: openssl breaks dovecot

On 2017-08-16 07:46:14 [-0700], James Bottomley wrote: > When you run a system for others, you don't get to dictate tools. I do :) >  However, from the complaints it seems to be android 2.3.7 and any > embedded system still using openssl 0.9.8, which must be using TLS 1.0 so basically everything

Bug#871987: openssl breaks dovecot

On 2017-08-14 10:46:04 [-0700], James Bottomley wrote: > Just a me too on this: on upgrade, both dovecot and a stunnel based web > application got broken for an older android client.  Downgrading > to 1.1.0f-3 fixes the problem for both dovecot and stunnel4 So what are we talking about? Android 4

Bug#868956: libmspack: CVE-2017-11423

On 2017-08-15 05:55:49 [+0900], Marc Dequènes (Duck) wrote: > Quack, Hi, > I was at DebConf in Canada, so I was busy meeting people :-). > It should be done before or after flying back home. No worries. We got the two CVEs sorted out and a release in the meantime. I see an unstable upload almost

Bug#871987: openssl breaks dovecot

On 2017-08-13 11:13:25 [+0200], Harald Dunkel wrote: > Since the upgrade to 1.1.0f-4 I cannot read EMails via imap from > my old ipad anymore (unless I disable encryption). Moving back to > 1.1.0f-3 fixes the problem. is blue mail working? Sebastian

Bug#871813: isync: please allow the usage of TLS1.1+ by default

On 2017-08-12 12:11:20 [+0200], Oswald Buddenhagen wrote: > this should be considered a duplicate of Bug#871765. > > the patch is rather incomplete in the compat wrapper part. but my own > patch does not touch it at all, and i think i'll leave it at that > (introducing new features to the compat

Bug#871263: libmspack: CVE-2017-6419

On 2017-08-12 00:42:06 [+0100], Stuart Caie wrote: > On 11/08/17 19:07, Sebastian Andrzej Siewior wrote: > > > [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 > > > [1] > >

Bug#871939: pam-p11: Please migrate to openssl1.1 in Buster

Package: pam-p11 Version: 0.1.6-2 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Please migrate to libssl-dev in the Buster cycle. I somehow got confused with another package which was tracked in #859547 and I forgot about this

Bug#871813: isync: please allow the usage of TLS1.1+ by default

oblemm as well. Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc> --- src/compat/isync.h | 2 ++ src/compat/main.c | 4 ++-- src/drv_imap.c | 4 ++-- src/mbsync.1 | 3 +-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/compat/isync.h b/src/compat/i

Bug#871263: libmspack: CVE-2017-6419

+ Stuart On 2017-08-07 15:21:48 [+0200], Salvatore Bonaccorso wrote: > Source: libmspack > Version: 0.5-1 > Severity: grave > Tags: security upstream > > Hi, > > the following vulnerability was published for libmspack. > > CVE-2017-6419[0]: > | mspack/lzxd.c in libmspack 0.5alpha, as used in

Bug#871514: clamav: FTBFS on mips64el

control: reassign -1 gcc-7 7.1.0-12 control: affects -1 clamav On 2017-08-09 16:43:29 [+0200], Aurelien Jarno wrote: > I got a quick look. It's indeed a regression introduced by GCC 7. It can > be workarounded by building the file with -O0, but already appears with > -O1 optimization. > > I got

Bug#871514: clamav: FTBFS on mips64el

On 2017-08-08 20:34:37 [+0200], To sub...@bugs.debian.org wrote: … > returned (the important part): > |LibClamAV debug: parseEmailBody() rc 1 infect 0 > |LibClamAV debug: parseEmailBody() returning 3 … > The exp build passed with gcc-6_6.4.0-1 [0]. Is there an easy way to > downgrade the compiler

Bug#871514: clamav: FTBFS on mips64el

Package: clamav Version: 0.99.2+dfsg-6 Severity: serious The last build of clamav (0.99.3~beta1+dfsg-1) failed on mips64el. However the build in experimtal (0.99.3~snapshot…) succeeded and code change is very minimal (almost non-existing). The I tried 0.99.2+dfsg-6 on eller and it failed, too but

Bug#871477: upgrade of libssl1.1 to breaks dovecot imap via tls: kmail from debian stable/unstable cannot connect to dovecot any more

On 2017-08-08 12:44:09 [+0200], Wolfgang Walter wrote: > Package: libssl1.1 > Version: 1.1.0f-4 > Severity: important > > After upgrading a server to libssl1.1 1.1.0f-4 kmail on debian/stable could > not connect to dovecot on debian/unstable any more (kmail on debian/unstable > can't connect,

Bug#871436: uhub: please switch to SSLv23_… or TLS_…_method

Package: uhub Version: 0.4.1-3.1 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work because it

Bug#871435: sofia-sip: please switch to SSLv23_… or TLS_…_method

Package: sofia-sip Version: 1.12.11+20110422.1-2.1 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't

Bug#871434: rdesktop: please switch to SSLv23_… or TLS_…_method

Package: rdesktop Version: 1.8.3-2 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work because it

Bug#871433: poco: please switch to SSLv23_… or TLS_…_method

Package: poco Version: 1.7.6+dfsg1-5 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work because

Bug#871431: libexosip2: please switch to SSLv23_… or TLS_…_method

Package: libexosip2 Version: 4.1.0-2.1 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work because

Bug#871432: nmh: please switch to SSLv23_… or TLS_…_method

Package: nmh Version: 1.6-16 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work because it

Bug#871430: elog: please switch to SSLv23_… or TLS_…_method

Package: elog Version: 3.1.3-1-1 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work because it

Bug#871429: dma: please switch to SSLv23_… or TLS_…_method

Package: dma Version: 0.11-1 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work because it

Bug#871428: dcap: please switch to SSLv23_… or TLS_…_method

Package: dcap Version: 2.47.10-3 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work because it

Bug#871427: argyll: please switch to SSLv23_… or TLS_…_method

Package: argyll Version: 1.9.2+repack-1 Severity: important User: pkg-openssl-de...@lists.alioth.debian.org Usertags: TLS1.0_1.1_removal Your packages uses a function which requests a TLS1.0 and/or TLS1.1 only connection. Since openssl 1.1.0f-4 (currently in unstable) this means won't work

Bug#802658: libesmtp: Should support TLS 1.1+

On 2017-08-07 21:00:05 [+0200], Salvatore Bonaccorso wrote: > Hi Sebastian Hi Salvatore, > Thanks for review. The reason I did that is indeed, to have a patch > which is most acceptable for upstream to include, independent on > Debian, although upstream since I initially pinged never replied to

Bug#871403: RM: clamav/experimental -- NVIU; lower version in unstable

Package: ftp.debian.org Severity: normal The experimental suite for clamav has 0.99.3~snapshot20170704+dfsg-1 and unstable 0.99.3~beta1+dfsg-1 and this makes the unstable version appear to be lower than the version in experimental. Therefore I am asking for its removal from experimental. The

Bug#802658: libesmtp: Should support TLS 1.1+

On 2017-08-07 14:26:07 [+0200], Salvatore Bonaccorso wrote: > Control: severity important as in SSL not working anymore in unstable for libesmtp. > Hi Jeremy, Hi Salvatore, > Please find attached a (refreshed) patch which is still valid to add > the proper support for TLSv1.1+ Description: Add

Bug#871056: transition: openssl

Package: release.debian.org User: release.debian@packages.debian.org Usertags: transition Severity: normal This transition should be the final one to get libssl1.0.2 out of unstable for Buster and move all libssl1.0-dev users back to libssl-dev. There are new 1.0-users comming from to time.

Bug#868956: libmspack: CVE-2017-11423

On 2017-08-06 10:22:11 [+0100], Stuart Caie wrote: > Commited a fix: > https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38 > > I'll put out a release in the near future. thank you Stuart. Marc do plan you upload something to unstable/security soon, wait for a new

Bug#869856: openssl: FTBFS: Testsuite failures

On 5 August 2017 23:31:33 CEST, Kurt Roeckx wrote: >I planned to break things by disabling TLS 1.0 and 1.1, which I >might upload soon. I guess I can fix that at the same time. Do you intend a transition like we had for SSLv2 removal or do you plan just to disable it? I

Bug#869856: openssl: FTBFS: Testsuite failures

control: tags -1 patch fixed-upstream pending control: forwaded -1 https://github.com/openssl/openssl/issues/3562 On 2017-07-27 19:06:19 [-0700], Daniel Schepler wrote: > It appears so. (Though I did have to apply it by hand as there was no > "clientsession" line for patch to sync to in hunk

Bug#870777: casync: Please migrate to openssl1.1 in Buster

On 2017-08-05 11:16:06 [-0400], Felipe Sateler wrote: > Hi Sebastian, Hi Felipe, > I still have the libssl1.0-dev fallback in order to be able to build > in my sid workstation (nodejs-dev still requires libssl1.0), but > uploads are whenever possible source-only, and if not, built in a > fresh

Bug#870779: pev: Please migrate to openssl1.1 in Buster

Package: pev Version: 0.80-3 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#870777: casync: Please migrate to openssl1.1 in Buster

Package: casync Version: 2-1 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#870778: libtgvoip: Please migrate to openssl1.1 in Buster

Package: libtgvoip Version: 1.0~git20170704.445433f-2 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#870775: boxbackup: Please migrate to openssl1.1 in Buster

Package: boxbackup Version: 0.12~gitcf52058f-3 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#868956: libmspack: CVE-2017-11423

On 2017-07-23 16:52:16 [+0100], Stuart Caie wrote: > Hello, Hi Stuart, > https://github.com/kyz/libmspack/commit/3e3436af6010ac245d7a390c6798e2b81ce09191 > > 2015-05-10 Stuart Caie > > * cabd_read_string(): correct rejection of empty strings. Thanks to > > Hanno Böck for

Bug#867240: [Pkg-openssl-devel] Bug#867240: openssl: Please add support for arm64ilp32 architecture

control: tags -1 pending On 2017-07-05 03:39:45 [+0100], Wookey wrote: > This package FTBFS on arm64ilp32. The package has upstream support > already. It just needs the correct debian target conf information adding. > "debian-arm64ilp32" => { > inherit_from => [

Bug#867877: clamav-daemon: please respect manual configuration

On 2017-07-10 11:40:20 [+0200], Luca Capello wrote: > Hi there, Hi, > while debugging why the TCP socket was not responding, I discovered that > everything was fine if clamd was manually started via the CLI. And then > I found . > > Please, this is becoming

Bug#867440: trace-cmd: segfaults while processing certain trace files

Package: trace-cmd Version: 2.6-0.1 Severity: important Tags: fixed-upstream upstream patch Hi, I record a trace with trace-cmd start -e sched_switch; sleep 2; trace-cmd stop; trace-cmd extract; and then dump it and this crashes trace-cmd report trace.dat |

Bug#867328: jessie-pu: package libclamunrar/0.99-0+deb8u3

) oldstable; urgency=medium + + * Cherry pick fix for arbitrary memory write. CVE-2012-6706 +(Closes: #867223). + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Wed, 05 Jul 2017 21:20:40 +0200 + libclamunrar (0.99-0+deb8u2) stable; urgency=medium * Add patches from up

Bug#867248: stretch-pu: package libclamunrar/0.99-3+deb9u1

) stable; urgency=medium + + * Cherry pick fix for arbitrary memory write. CVE-2012-6706 +(Closes: #867223). + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Wed, 05 Jul 2017 08:30:54 +0200 + libclamunrar (0.99-3) unstable; urgency=medium * Add a fixup for bb11601. dif

Bug#867209: libreoffice: Letter wizard can't find wizardi templates

On 2017-07-04 21:59:17 [+0200], Rene Engelhard wrote: > > -- System Information: > > Debian Release: buster/sid > > APT prefers unstable > > APT policy: (500, 'unstable') > > How did you get this version on your system if you don't have experimental > in your sources.list? I have it

Bug#867209: libreoffice: Letter wizard can't find wizardi templates

Package: libreoffice Version: 1:5.4.0~rc1-1 Severity: normal I clickety clack File -> Wizards -> Letter and nothing happens. Except for the console where I read: Traceback (most recent call last): File "/usr/lib/libreoffice/program/wizards/letter/LetterWizardDialogImpl.py", line 87,

Bug#867140: cqrlog: Please migrate to openssl1.1 in Buster

Package: cqrlog Version: 2.0.5-1 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#859740: tcpdump: Please migrate to openssl1.1 in Buster

On 2017-07-02 11:56:19 [+0200], Romain Francoise wrote: > OpenSSL 1.1 is not supported upstream yet. It builds, but the resulting > tcpdump binary segfaults when running the ESP test suite, which is why I > changed the package to target OpenSSL 1.0 in stretch. I am not talkig about Stretch here.

Bug#863568: cfengine3: Please migrate to openssl1.1 in Buster

Package: cfengine3 Version: 3.9.1-4.2 Severity: important Tags: sid buster User: pkg-openssl-de...@lists.alioth.debian.org Usertags: openssl-1.1-trans Please migrate to libssl-dev in the Buster cycle. Sebastian

Bug#861686: unblock: openssl/1.1.0e-2

On 2017-05-07 16:39:00 [+], Niels Thykier wrote: > Sebastian Andrzej Siewior: > > uploaded and built on all releases architectures. > > Ack/RT unblock, CC'ing KiBi for a d-i ack. I don't want to rush or anything but in case it got forgotten, we are still waiting for the d-i

Bug#862862: sogo: calendar sharing is not working

Package: sogo Version: 3.2.6-2 Severity: important It took me a while to setup this. In the end I went for postgresql as database including auth backend. I tried very hard to share a calendar between two users. It just won't happen. If I click on a calendar, preferences, share then there is

Bug#862229: libssl1.0.2: Illegal instruction on a PowerPC G4 (32 bits) "in OPENSSL_crypto207_probe () at ppccpuid.s:20"

On 2017-05-10 08:48:14 [+0200], Kurt Roeckx wrote: > This is normal and expected. This is only something you see in > a debugger, and is covered in the FAQ. Please just "continue". https://www.openssl.org/docs/faq.html#PROG17 >From looking at

Bug#830482: [Pkg-clamav-devel] Bug#830482: Fresh installation causes freshclam to to fail

On 2017-05-04 22:11:02 [+0200], To T. Joseph Carter wrote: > I will try to reproduce this myself over the weekend. The original > reported never came back to me. Just for the record: You run stable or > testing? And all you did was just a plain install? And you do have > systemd as default. You

Bug#830482: [Pkg-clamav-devel] Bug#830482: Fresh installation causes freshclam to to fail

On 2017-04-02 23:27:38 [-0700], T. Joseph Carter wrote: > ​​I don't know if I will hit upon the issue in this bug or not, but I'll > offer what I've just found in case it may be useful: > > I found freshclam to fail freshly installed with the error message > indicated in this bug. Here is my

Bug#861145: [Pkg-openssl-devel] Bug#861145: openssl: SHA Extension routine is not called on new AMD cpu "Ryzen".

control: tags -1 fixed-upstream control: forwarded -1 https://github.com/openssl/openssl/issues/2848 On 2017-04-24 22:29:17 [-0400], Eric Desrochers wrote: > AMD added support in their processors for SHA Extensions[1] (CPU flag: > sha_ni[2]) starting with Ryzen[3] CPU. > Note that Ryzen CPU

Bug#861686: unblock: openssl/1.1.0e-2

Control: tag -1 - moreinfo On 2017-05-02 20:24:19 [+0100], Jonathan Wiltshire wrote: > > Yes, please go ahead and remove the moreinfo tag when it is ready to > unblock. uploaded and built on all releases architectures. Sebastian

Bug#861686: unblock: openssl/1.1.0e-2

.0e/debian/changelog --- openssl-1.1.0e/debian/changelog 2017-02-16 18:57:58.0 +0100 +++ openssl-1.1.0e/debian/changelog 2017-05-01 21:50:37.0 +0200 @@ -1,3 +1,9 @@ +openssl (1.1.0e-2) unstable; urgency=medium + + * Make openssl depend on perl-base (Closes: #860254) + +

Bug#860254:

On 2017-04-27 21:32:42 [+0200], Kurt Roeckx wrote: > I'm not suggesting to add libwww-curl-perl. > > I'm not sure why we have things in /usr/lib/ssl/misc/, which > doesn't sound like a useful place to put things. > > Note that there are actually manpages for them, so maybe we should > move them

Bug#860254:

On 2017-04-27 18:18:50 [+0200], Kurt Roeckx wrote: > > Yes, so perl-base should be find for c_rehash and CA.pl, but tsget > requires libwww-curl-perl and we already don't depend on it. So what is that you are saying? We keep perl as is and add libwww-curl-perl (and if so is it RC and so testing

Bug#861285: [Pkg-openssl-devel] Bug#861285: openssl enc -k path-for-keyphrase-file ...c does not fail if the keyphrase-file is missing.

On 2017-04-27 08:46:10 [+0900], ISHIKAWA,chiaki wrote: > KFILE=path-for-passphrase-file (say, ~/mypass) > BNAME=file-to-be-encrypted > > openssl enc -k ${KFILE} -in ${BNAME} -out ${BNAME}.enc -aes-256-cbc > > To my surprise if ${KFILE} is missing, openssl does not complain > and seems to

<    5   6   7   8   9   10   11   12   13   14   >