Re: testing OpenSSL 1.1.0 on jessie

On Fri, Nov 18, 2016 at 09:15:53PM +0100, Daniel Pocock wrote: > > > On 18/11/16 21:10, Kurt Roeckx wrote: > > On Fri, Nov 18, 2016 at 03:53:20PM +0100, Daniel Pocock wrote: > >> > >> > >> I wanted to try compiling some upstream projects against OpenSS

Re: testing OpenSSL 1.1.0 on jessie

On Fri, Nov 18, 2016 at 02:22:23PM -0500, Zack Weinberg wrote: > Daniel Pocock wrote: > > I wanted to try compiling some upstream projects against OpenSSL 1.1.0 > > on jessie, without installing the package though. I tried the following: > > > > dget -x > >

Re: testing OpenSSL 1.1.0 on jessie

On Fri, Nov 18, 2016 at 03:53:20PM +0100, Daniel Pocock wrote: > > > I wanted to try compiling some upstream projects against OpenSSL 1.1.0 > on jessie, without installing the package though. > > I tried the following: > > dget -x >

Re: OpenSSL 1.1.0

On Sat, Nov 19, 2016 at 06:30:06PM +0100, Bernd Zeimetz wrote: > On 11/17/2016 12:40 AM, Kurt Roeckx wrote: > > On Mon, Nov 14, 2016 at 07:10:00PM +, Niels Thykier wrote: > >> > >> The alternative for ChaCha20 would be to adopt Cloudflare's patches[1], > >&g

Re: OpenSSL 1.1.0

On Sat, Nov 19, 2016 at 10:32:58PM +0100, Ondrej Novy wrote: > Hi, > > 2016-11-19 21:06 GMT+01:00 Kurt Roeckx <k...@roeckx.be>: > > > Chacha20 would be a new feature. Following the policy that can't > > be added in a 1.0.2 version, only bugs get fixed in it. &g

Accepted openssl1.0 1.0.2j-2 (source amd64) into experimental, experimental

pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug informa

Re: OpenSSL 1.1.0

On Wed, Nov 02, 2016 at 02:02:52PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote: > On miércoles, 2 de noviembre de 2016 10:00:43 A. M. ART Bernhard Schmidt > wrote: > > Kurt Roeckx <k...@roeckx.be> wrote: > > > > Hi, > > > > > There might al

Re: OpenSSL 1.1.0

On Tue, Nov 01, 2016 at 11:26:15PM +0100, Cyril Brulebois wrote: > Hi, > > Just random thoughts… > > Kurt Roeckx <k...@roeckx.be> (2016-11-01): > > I just uploaded OpenSSL 1.1.0 to unstable. There are still many > > packages that fail to build using OpenSSL 1.1.0

Accepted openssl 1.1.0b-2 (source) into unstable

: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets L

Accepted openssl1.0 1.0.2j-3 (source) into unstable

-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries libssl1.0.2-dbg - Secure Sockets Layer toolkit - debug information Changes:

Re: OpenSSL 1.1.0

On Tue, Nov 01, 2016 at 11:49:52PM +0100, Kurt Roeckx wrote: > > > If you have any problems feel free to contact us. > > > > - are “you” <pkg-openssl-de...@lists.alioth.debian.org>? > > Yes. or openssl-us...@openssl.org Kurt

Re: armel after Stretch (was: Summary of the ARM ports BoF at DC16)

On Wed, Dec 07, 2016 at 03:53:31PM +, Steve McIntyre wrote: > AFAIK there are potentially still similar problems with ARMv5 - lack > of architcture-defined barrier primitives for C++11 atomics to > work. (I'd love to be corrected on this if people know better!) This > is one of the key points

Accepted ntp 1:4.2.8p10+dfsg-1 (source) into unstable

org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: ntp- Network Time Protocol daemon and utility programs ntp-doc- Network Time Protocol documentation ntpdate- client for setting system time from NTP servers Changes: ntp (1:4.2.8p10+dfsg-1) unstable; urgency=high

Re: openssl/libssl1 in Debian now blocks offlineimap?

On Tue, Aug 15, 2017 at 10:49:05PM +0900, Norbert Preining wrote: > Hi Kurt, > > I read your announcement on d-d-a, but due to moving places > I couldn't answer. > > I consider the unconditional deprecation of TLS 1.0 and 1.1 > a very wrong move. > > Be strict with what you are sending out, but

Re: openssl/libssl1 in Debian now blocks offlineimap?

On Tue, Aug 15, 2017 at 10:43:08AM -0700, Michael Lustfield wrote: > I don't think it was answered... Is there an actual reason that this needs > to be handled urgently? Is TLSv1.0/v1.1 considered broken? Yes. Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

On Fri, Aug 11, 2017 at 01:34:53PM +0200, Sven Hartge wrote: > Marco d'Itri wrote: > > On Aug 09, Sven Hartge wrote: > > >> Looking at https://developer.android.com/about/dashboards/index.html > >> there is still a marketshare of ~25% of smartphones based on

Re: OpenSSL disables TLS 1.0 and 1.1

On Fri, Aug 11, 2017 at 08:41:10AM -0400, Wouter Verhelst wrote: > On Mon, Aug 07, 2017 at 08:35:52PM +0200, Kurt Roeckx wrote: > > On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote: > > > I wonder if there is a middle way that ensures that all new stuff does > &g

Re: OpenSSL disables TLS 1.0 and 1.1

On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote: > I wonder if there is a middle way that ensures that all new stuff does > go TLS1.2 (or later, whenever), but does allow older stuff still to > work. Which isnt the case if they are just disabled. I could change the default settings

Re: OpenSSL disables TLS 1.0 and 1.1

On Mon, Aug 07, 2017 at 05:53:07PM +0200, Michael Meskes wrote: > > > This will likely break certain things that for whatever reason > > > still don't support TLS 1.2. I strongly suggest that if it's not > > > supported that you add support for it, or get the other side to > > > add support for

Accepted openssl 1.1.0f-4 (source) into unstable

OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit -

Re: OpenSSL disables TLS 1.0 and 1.1

On Mon, Aug 07, 2017 at 09:59:20AM +0200, Leon Klingele wrote: > Does this also apply for libssl? This applies to libssl1.1 package and everything making use of it. Kurt

Re: OpenSSL disables TLS 1.0 and 1.1

On Sun, Aug 20, 2017 at 09:14:47PM +0200, Michael Meskes wrote: > > I might upload this soon. The intention is still to ship Buster > > with TLS 1.0 and 1.1 completly disabled. > > Disabled by configuration or disabled by not compiling it in? With "completly disabled" I mean at build time. >

Re: OpenSSL disables TLS 1.0 and 1.1

On Mon, Aug 07, 2017 at 08:35:52PM +0200, Kurt Roeckx wrote: > On Mon, Aug 07, 2017 at 05:22:51PM +0200, Joerg Jaspert wrote: > > I wonder if there is a middle way that ensures that all new stuff does > > go TLS1.2 (or later, whenever), but does allow older stuff still to >

Accepted elfutils 0.168-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 27 May 2017 15:05:37 +0200 Source: elfutils Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev Architecture: source Version: 0.168-1 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx &l

Accepted openssl 1.1.0f-1 (source) into unstable

OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit -

Accepted openssl1.0 1.0.2l-1 (source) into unstable

<pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer tool

Accepted openssl 1.1.0f-3 (source) into unstable

OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit -

Accepted openssl 1.1.0f-2 (source) into unstable

OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit -

Accepted openssl1.0 1.0.2l-2 (source) into unstable

<pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer tool

Re: [Pkg-openssl-devel] Bug#754513: RFP: libressl -- SSL library, forked from OpenSSL

t; "unversioned, incomplete, barely documented, and seems to be > unmaintained" [3]. Kurt Roeckx proposed a patch to add a compatibility > shim [4], and a number of other projects have done something similar, > but the OpenSSH developers have explicitly said that they do not wan

Accepted openssl 1.1.0f-5 (source) into unstable

OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit -

Re: Bug#833585: lintian: Check presence of upstream signature if signing key available

On Mon, Aug 21, 2017 at 09:30:41AM +0200, Vincent Bernat wrote: > ❦ 15 juillet 2017 23:06 +0100, Chris Lamb  : > > > Dear Niels, > > > >> You need the $group parameter (the 5th parameter to the run sub). > > > > > > > > Bingo, that works. Will tidy a bunch of things up and

Accepted openssl1.0 1.0.2m-3 (source) into unstable

<pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer tool

Accepted openssl 1.1.0g-1 (source) into unstable

OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit -

Accepted openssl1.0 1.0.2m-1 (source) into unstable

<pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer tool

Accepted openssl1.0 1.0.2m-2 (source) into unstable

<pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer tool

Accepted openssl 1.1.0g-2 (source) into unstable

Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit -

Accepted openssl 1.1.1~~pre6-2 (source) into experimental

: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets L

Accepted openssl 1.1.1~~pre6-1 (source) into experimental

: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets L

Accepted libid3tag 0.15.1b-13 (source) into unstable

ain...@lists.alioth.debian.org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libid3tag0 - ID3 tag reading library from the MAD project libid3tag0-dev - ID3 tag reading library from the MAD project Closes: 808767 869598 Changes: libid3tag (0.15.1b-13) unstable; urgency=medium . * gperf now uses si

Accepted libmad 0.15.1b-9 (source) into unstable

org> Changed-By: Kurt Roeckx <k...@roeckx.be> Description: libmad0- MPEG audio decoder library libmad0-dev - MPEG audio decoder development library Closes: 287519 Changes: libmad (0.15.1b-9) unstable; urgency=high . * Properly check the size of the main data. The previous patch

Bug#905994: O: libtool

Package: wnpp I'm orphaning libtool. It currently has 1 RC bug, and the last NMU at least seems to cause a regression. Kurt

Accepted openssl 1.1.1~~pre9-1 (source) into unstable

OpenSSL Team Changed-By: Kurt Roeckx Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.1 - Secure Sockets Layer

Bug#917366: RFP: postfix-mta-sts-resolver -- daemon that adds support for MTA-STS to postfix

Package: wnpp Severity: wishlist * Package name: postfix-mta-sts-resolver Version : 0.2.4 * URL : https://github.com/Snawoot/postfix-mta-sts-resolver * License : MIT Programming Lang: python Description : Daemon which provides TLS client policy for

Accepted elfutils 0.175-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 18 Nov 2018 23:01:23 +0100 Source: elfutils Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev Architecture: source Version: 0.175-1 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx Changed

Accepted elfutils 0.175-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 30 Dec 2018 15:02:01 +0100 Source: elfutils Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev Architecture: source Version: 0.175-2 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx Changed

Re: FYI/RFC: early-rng-init-tools

On Sun, Mar 03, 2019 at 08:19:44PM +, Ben Hutchings wrote: > On Sun, 2019-03-03 at 18:59 +0100, Kurt Roeckx wrote: > [...] > > Most people will actually have at least 2 hardware RNGs: One in > > the CPU and one in the TPM. We can make the kernel trust those as > > entr

Re: FYI/RFC: early-rng-init-tools

I think the only sane things are: - Use a hardware RNG (CPU, TPM, chaos key, ...) - Credit a seed file stored during the previous boot - Wait for new entropy from other sources Note that is can be a combination of all 3. We currently do not credit the seed file, for various good reasons. We

Accepted openssl 1.1.1b-1 (source) into unstable

OpenSSL Team Changed-By: Kurt Roeckx Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.1 - Secure Sockets Layer toolkit

Accepted libid3tag 0.15.1b-14 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 10 Mar 2019 16:35:25 +0100 Source: libid3tag Architecture: source Version: 0.15.1b-14 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx Changed-By: Kurt Roeckx Closes: 899861 Changes: libid3tag (0.15.1b-14

Accepted libmad 0.15.1b-10 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 10 Mar 2019 16:42:14 +0100 Source: libmad Architecture: source Version: 0.15.1b-10 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx Changed-By: Kurt Roeckx Closes: 899582 Changes: libmad (0.15.1b-10) unstable

Accepted madplay 0.15.2b-9 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 10 Mar 2019 16:51:27 +0100 Source: madplay Architecture: source Version: 0.15.2b-9 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx Changed-By: Kurt Roeckx Changes: madplay (0.15.2b-9) unstable; urgency=medium

Accepted elfutils 0.176-1 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 16 Feb 2019 14:54:50 +0100 Source: elfutils Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev Architecture: source Version: 0.176-1 Distribution: unstable Urgency: medium Maintainer: Kurt Roeckx Changed

Accepted openssl 1.1.1b-2 (source) into unstable

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 16 Apr 2019 21:31:11 +0200 Source: openssl Architecture: source Version: 1.1.1b-2 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSL Team Changed-By: Kurt Roeckx Closes: 923516 926315 Changes: openssl (1.1.1b

Re: https://tracker.debian.org/pkg/dballe

On Mon, Dec 30, 2019 at 02:52:54AM +, Paul Wise wrote: > On Sun, Dec 29, 2019 at 1:29 PM Roberto C. Sánchez wrote: > > > Would it not be possible to eliminate the need for the second > > unnecessary upload by requiring two signed .changes files to go into > > NEW? A signed binary changes

Re: https://tracker.debian.org/pkg/dballe

On Mon, Dec 30, 2019 at 01:39:14PM +0100, Mattia Rizzolo wrote: > On Mon, Dec 30, 2019 at 11:29:52AM +0100, Kurt Roeckx wrote: > > Note that the name of the .changes file by the maintainer and the > > buildd will be the same, and dak will reject it if that .changes > >

Re: New service: https://debuginfod.debian.net

On Thu, Feb 25, 2021 at 03:55:17PM -0500, Sergio Durigan Junior wrote: > As I said in the announcement message, I have proposed a Merge Request > against elfutils in order to enable the automatic usage of our > debuginfod server. I know that there are people who are not comfortable > with having

Re: Naming of non-uploading DDs (Was: GR: welcome non-packaging contributors as Debian project members)

On Sat, Sep 18, 2010 at 11:40:07AM +0200, Stefano Zacchiroli wrote: I'm hereby introducing two changes: a) dropping the name Debian Contributor (attachment 0001-remove-the-term-Debian-Contributor.patch) b) fixing punctuation as suggested by Kumar Appaiah [1], thanks! (attachment

<    3   4   5   6   7   8