Your message dated Mon, 21 Nov 2016 21:50:11 +0000
with message-id <e1c8wtb-000f6e...@fasolo.debian.org>
and subject line Bug#844234: fixed in openssl 1.1.0c-2
has caused the Debian Bug report #844234,
regarding libssl1.1: 1.1.0c broke Python
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
844234: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844234
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libssl1.1
Version: 1.1.0c-1
Severity: critical
Tags: upstream
Justification: breaks unrelated software
Hi,
update to 1.1.0c broke Python ssl wrapper. I have first faced the issue
with offlineimap, which would crash with the [Errno 0] Error and the
following stack-trace when trying to refresh OAuth2 token from google:
Traceback:
File "/usr/share/offlineimap/offlineimap/accounts.py", line 271, in syncrunner
self.__sync()
File "/usr/share/offlineimap/offlineimap/accounts.py", line 334, in __sync
remoterepos.getfolders()
File "/usr/share/offlineimap/offlineimap/repository/IMAP.py", line 452, in
getfolders
imapobj = self.imapserver.acquireconnection()
File "/usr/share/offlineimap/offlineimap/imapserver.py", line 540, in
acquireconnection
self.__authn_helper(imapobj)
File "/usr/share/offlineimap/offlineimap/imapserver.py", line 406, in
__authn_helper
if func(imapobj):
File "/usr/share/offlineimap/offlineimap/imapserver.py", line 340, in
__authn_xoauth2
imapobj.authenticate('XOAUTH2', self.__xoauth2handler)
File "/usr/lib/python2.7/dist-packages/imaplib2.py", line 705, in authenticate
typ, dat = self._simple_command('AUTHENTICATE', mechanism.upper())
File "/usr/lib/python2.7/dist-packages/imaplib2.py", line 1692, in
_simple_command
return self._command_complete(self._command(name, *args), kw)
File "/usr/lib/python2.7/dist-packages/imaplib2.py", line 1418, in _command
literal = literator(data, rqb)
File "/usr/lib/python2.7/dist-packages/imaplib2.py", line 2283, in process
ret = self.mech(self.decode(data))
File "/usr/share/offlineimap/offlineimap/imapserver.py", line 239, in
__xoauth2handler
six.reraise(type(e), type(e)(msg), exc_info()[2])
File "/usr/share/offlineimap/offlineimap/imapserver.py", line 233, in
__xoauth2handler
self.oauth2_request_url, urllib.urlencode(params)).read()
File "/usr/lib/python2.7/socket.py", line 355, in read
data = self._sock.recv(rbufsize)
File "/usr/lib/python2.7/ssl.py", line 766, in recv
return self.read(buflen)
File "/usr/lib/python2.7/ssl.py", line 653, in read
v = self._sslobj.read(len)
These seem to be relevant upstream bugs:
* https://github.com/openssl/openssl/issues/1919 (which was merged to 1903)
* https://github.com/openssl/openssl/issues/1903
Downgrading to 1.1.0b (by installing libssl1.1_1.1.0b-2_amd64.deb from
snapshots) resolves the issue (and introduces back the vulnerability).
Best,
Antonin
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libssl1.1 depends on:
ii debconf [debconf-2.0] 1.5.59
ii libc6 2.24-5
libssl1.1 recommends no packages.
libssl1.1 suggests no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: openssl
Source-Version: 1.1.0c-2
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 844...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <k...@roeckx.be> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 21 Nov 2016 22:20:00 +0100
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev
libssl-doc libssl1.1-dbg
Architecture: source
Version: 1.1.0c-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description:
libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl1.1 - Secure Sockets Layer toolkit - shared libraries
libssl1.1-dbg - Secure Sockets Layer toolkit - debug information
libssl1.1-udeb - ssl shared library - udeb (udeb)
openssl - Secure Sockets Layer toolkit - cryptographic utility
Closes: 844234 844715
Changes:
openssl (1.1.0c-2) unstable; urgency=medium
.
* Revert behaviour of SSL_read() and SSL_write(), and update documentation.
(Closes: #844234)
* Add missing -zdelete on x32 (Closes: #844715)
* Add a Breaks on salt-common. Addresses #844706
Checksums-Sha1:
7e26a7d98166e6c8d0d0d50ca2dc989942de14af 2552 openssl_1.1.0c-2.dsc
5b0556f53c427e14e660151b56b82d40dba65967 55392 openssl_1.1.0c-2.debian.tar.xz
Checksums-Sha256:
a6ca664b8443ad1ed01cc90a9c8d8af8a079efa471536ec971a1bf2f5b8253a0 2552
openssl_1.1.0c-2.dsc
c47b1d2df11b061243bf91ecd95130840ebe7e6a84a6bf1b063d1953e9fddda5 55392
openssl_1.1.0c-2.debian.tar.xz
Files:
5a5f07499eb6dda464b325bda91f6a89 2552 utils optional openssl_1.1.0c-2.dsc
60826b6aa69cd73a00c810f29a37bfe8 55392 utils optional
openssl_1.1.0c-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYM2qCAAoJEOPE3c0eTBJEMpgP/itd/WDBSUqFLrjcYNXqwxNy
5eOhMC3o3Qmr63/vWjTM/vC284IgpHW3rfv5fJ1oZ8t07DtDdbVeqP3MzsZGsVcM
1vkqfQaeQsrO7fgoh4oZWmOOEiA48QaalupMHd3OxwW1Ld6B/TXrf5iAU4UlIemP
FsA2uoBGa7faRy05XvZMC5wJGVqzxcdoXxmDwUnyj4km6V5TFDuObfFzVEtBDUop
kWdTX7UfjNfgw5yKtnpNNdyQBhVT/TNYeJ1QBFksq7ZPhqaIhj60Z6swSEqSAt2x
smG2Xpr/hD1MnhoEbcZrTDj+FpDhXKFJd1oe1MxH+OnciQZEqJGI9Xjda+MNkljV
4LWjVwztkkDKQg8YUhXQHP8mz0BfdTJ0bGIXNNj2DQWK8F1SMyvxguNlduFz7zfP
P9bcUv7jBQQtzBMlIwSG73q/gQpAwG1hBPVIwPAr2m+4lf5Avi7IUuXdaYEaZP3V
sWF/hT14r/C8oNBxC5P29f3p20voVMFAgSKNRMdX6h2a7Z5QySLIeGD0gFE1MH2l
BUCXVzM78yJqyR252xg8GlzQlOHnMgYouurrrqnIC0Y5DvbPxgrBGVCoH5EhAoIK
/zJGQT7hgz2pOBE2hauEbzGxjp5NuNF1Kzk1I+OkeUaDqEUMh9RyEQjsFtlmv+x9
u3Irt4pCy6pFJMRh+7t5
=3YDj
-----END PGP SIGNATURE-----
--- End Message ---
