D?coration et Design - Soldes jusqu'? -60% en juillet 2010

From jinxingxgea at sohu.com Fri Mar 2 21:27:50 2012 From: jinxingxgea at sohu.com (=?big5?B?sKq2sqpO?=) Date: Sat, 3 Mar 2012 05:27:50 +0800 Subject: [Pkg-openssl-devel] =?big5?b?Pz8/seRkZw==?= Message-ID: <0D01A9352BCE65F3C8EBD322D372644C@jabetj> pkg-openssl-devel? ! {%%RECEIVER%??????, ?????, ? ? ? ? ? ? -28532442 ? -rzi ? -61 ? -ncax7npec ??? I36 -2096 -1556 (am QQ 2858553583 ?? (enxgdesxi ????????????????? 76 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: em07[1].gif Type: image/gif Size: 1022 bytes Desc: not available URL: From owner at bugs.debian.org Sun Mar 4 10:15:18 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sun, 04 Mar 2012 10:15:18 +0000 Subject: [Pkg-openssl-devel] Bug#440538: marked as done (openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure.) References: <20120304095042.GB8222@kibibi> <20070902153722.GA8475@roeckx.be> Message-ID: Your message dated Sun, 4 Mar 2012 10:50:42 +0100 with message-id <20120304095042.GB8222 at kibibi> and subject line Re: Bug#440538: openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure. has caused the Debian Bug report #440538, regarding openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 440538: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440538 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure. Date: Sun, 2 Sep 2007 17:37:22 +0200 Size: 2078 URL: -------------- next part -------------- An embedded message was scrubbed... From: Sebastian Andrzej Siewior Subject: Re: Bug#440538: openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure. Date: Sun, 4 Mar 2012 10:50:42 +0100 Size: 2183 URL: From Amir_Mekawy at carnatiol.info Sat Mar 10 18:55:02 2012 From: Amir_Mekawy at carnatiol.info (Amir Mekawy) Date: Sat, 10 Mar 2012 20:55:02 +0200 Subject: [Pkg-openssl-devel] =?cp1256?q?Discover_Network_World=2E=2Eand_mo?= =?cp1256?q?re?= Message-ID: <20120310-20550204-4c0@carnatiol.info>

Discover Network World..

إكتشف عالم الشبكات

N+ عن طريق إحتراف

مع مدربين محترفين

الدورة القادمة
17-03-2012

عدد الساعات: 32

فقط 750 جنيه

للحجز إضغط هنا

If you Wish to receive future messages from us, click here to subscribe
If you do not wish to receive any updates, click here to unsubscribe.

-------------- next part -------------- An HTML attachment was scrubbed... URL: From luciano at debian.org Mon Mar 12 22:14:30 2012 From: luciano at debian.org (Luciano Bello) Date: Mon, 12 Mar 2012 23:14:30 +0100 Subject: [Pkg-openssl-devel] Bug#663642: [CVE-2012-1165] openssl: possible NULL dereference on bad MIME headers Message-ID: <201203122314.36318.luciano@debian.org> Package: openssl Severity: grave Tags: security patch The following vulnerability had been reported against openssl: http://www.openwall.com/lists/oss-security/2012/03/12/3 The patch can be found here: http://cvs.openssl.org/chngview?cn=22252 Please use CVE-2012-1165 for this issue. Cheers, /luciano -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From mail at mailde.ru Tue Mar 13 10:38:54 2012 From: mail at mailde.ru (=?UTF-8?B?0KHQtdGA0LPQtdC5?=) Date: Tue, 13 Mar 2012 13:38:54 +0300 Subject: [Pkg-openssl-devel] =?utf-8?b?c2FsaW90aGJpYW4gIDog0L7RgtC00LU=?= =?utf-8?b?0Lsg0LvQvtCz0LjRgdGC0LjQutC4INC40LvQuCDRgdC90LDQsdC20LU=?= =?utf-8?b?0L3QuNGP?= Message-ID: ????????? ???? ? ???????, ?? ??? ????? ? ??????, ?????? ????????, ???????? ???? ??? ????? ?????: 1 ????? 16 ??. ????? ?? ???? ????????????. ? ??.?????? ??????? ???????? ???? ????? ????? ???????? ????? ?? ????? garantaorder at mail.ru This message was delivered by MDaemon - http://www.altn.com/MDaemon/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From ftpmaster at ftp-master.debian.org Tue Mar 13 20:44:14 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 13 Mar 2012 20:44:14 +0000 Subject: [Pkg-openssl-devel] Processing of openssl_1.0.0h-1_amd64.changes Message-ID: openssl_1.0.0h-1_amd64.changes uploaded successfully to localhost along with the files: openssl_1.0.0h-1.dsc openssl_1.0.0h.orig.tar.gz openssl_1.0.0h-1.debian.tar.gz libssl-doc_1.0.0h-1_all.deb openssl_1.0.0h-1_amd64.deb libssl1.0.0_1.0.0h-1_amd64.deb libcrypto1.0.0-udeb_1.0.0h-1_amd64.udeb libssl-dev_1.0.0h-1_amd64.deb libssl1.0.0-dbg_1.0.0h-1_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) From ftpmaster at ftp-master.debian.org Tue Mar 13 21:27:40 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 13 Mar 2012 21:27:40 +0000 Subject: [Pkg-openssl-devel] openssl_1.0.0h-1_amd64.changes ACCEPTED into unstable Message-ID: Accepted: libcrypto1.0.0-udeb_1.0.0h-1_amd64.udeb to main/o/openssl/libcrypto1.0.0-udeb_1.0.0h-1_amd64.udeb libssl-dev_1.0.0h-1_amd64.deb to main/o/openssl/libssl-dev_1.0.0h-1_amd64.deb libssl-doc_1.0.0h-1_all.deb to main/o/openssl/libssl-doc_1.0.0h-1_all.deb libssl1.0.0-dbg_1.0.0h-1_amd64.deb to main/o/openssl/libssl1.0.0-dbg_1.0.0h-1_amd64.deb libssl1.0.0_1.0.0h-1_amd64.deb to main/o/openssl/libssl1.0.0_1.0.0h-1_amd64.deb openssl_1.0.0h-1.debian.tar.gz to main/o/openssl/openssl_1.0.0h-1.debian.tar.gz openssl_1.0.0h-1.dsc to main/o/openssl/openssl_1.0.0h-1.dsc openssl_1.0.0h-1_amd64.deb to main/o/openssl/openssl_1.0.0h-1_amd64.deb openssl_1.0.0h.orig.tar.gz to main/o/openssl/openssl_1.0.0h.orig.tar.gz Changes: openssl (1.0.0h-1) unstable; urgency=high . * New upstream version - Fixes CVE-2012-0884 - Properly fix CVE-2011-4619 - pkg-config.patch applied upstream, remove it. * Enable assembler for all i386 arches. The assembler does proper detection of CPU support, including cpuid support. This should fix a problem with AES 192 and 256 with the padlock engine because of the difference in NO_ASM between the between the i686 optimized library and the engine. Override entries for your package: libcrypto1.0.0-udeb_1.0.0h-1_amd64.udeb - optional debian-installer libssl-dev_1.0.0h-1_amd64.deb - optional libdevel libssl-doc_1.0.0h-1_all.deb - optional doc libssl1.0.0-dbg_1.0.0h-1_amd64.deb - extra debug libssl1.0.0_1.0.0h-1_amd64.deb - important libs openssl_1.0.0h-1.dsc - source libs openssl_1.0.0h-1_amd64.deb - optional utils Announcing to debian-devel-changes at lists.debian.org Thank you for your contribution to Debian. From back at mistralwamp.net Wed Mar 14 12:43:37 2012 From: back at mistralwamp.net (Aurelia service pub) Date: Wed, 14 Mar 2012 13:43:37 +0100 (CET) Subject: [Pkg-openssl-devel] Des Chocolats aux couleurs de votre entreprise Message-ID: Si vous ne pouvez pas lire cet email, suivre ce lien (http://front.mistralwamp.net/php/emailing/view_mail.php?CODE=69BVFY2C_24469&HASH=cd65ab868db5ae45f3236c9ec9dbae8c) Emailing My MMS M&M's? - ENTREPRISE - VOTRE MESSAGE SUR DES M&M's? LAISSEZ UN SOUVENIR ORIGINAL ET DURABLE DE VOTRE COMMUNICATION D'ENTREPRISE M&M's? - MON LOGO ENTREPRISE - ? partir de 1,75? HT NOUVEAU PRODUIT M Votre propre message sur l'authentique chocolat M&M's? aux couleurs de votre entreprise dans un pack estampill? de votre logo. VOTRE DEVIS ICI 3D swim, STECO AUDICO, COYOTE, Berliner Sparkasse, 2012 DIGICOLOR GROUPE ANN?E SUCR?E www.mymms.fr/business Pour votre sant?, pratiquez une activit? physique r?guli?re www.mangerbouger.fr Copyright 2012 - MARS CHOCOLAT France SAS - RCS Strasbourg 494 887 854 Conform?ment ? la loi ? informatique et libert?s ? du 6/01/1978, modifi?e par la loi du 6/10/2004, vous b?n?ficiez d'un droit d'acc?s, de rectification et de suppression des informations qui vous concernent, dont seule Mars Chocolat France? est destinataire. Pour exercer ces droits, il vous suffit de contacter notre Service Relation Client en cliquant ici Si vous voulez vous désinscrire, suivre ce lien (http://front.mistralwamp.net/php/emailing/u.php?CODE=69BVFY2C_24469&HASH=cd65ab868db5ae45f3236c9ec9dbae8c) -------------- next part -------------- An HTML attachment was scrubbed... URL: From russell at coker.com.au Wed Mar 14 14:10:00 2012 From: russell at coker.com.au (Russell Coker) Date: Thu, 15 Mar 2012 01:10:00 +1100 Subject: [Pkg-openssl-devel] Bug#663977: libssl1.0.0: execmod failure on 1.0.0h-1 but not on 1.0.0g-1 Message-ID: <201203150110.01410.russell@coker.com.au> Package: libssl1.0.0 Version: 1.0.0h-1 Severity: normal # eu-findtextrel /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 either the file containing the function 'OPENSSL_DIR_end' or the file containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC either the file containing the function 'OPENSSL_DIR_end' or the file containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC either the file containing the function 'OPENSSL_DIR_end' or the file containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC The above shows one of the symptoms. With the way this library is compiled on i386 applications which use it must have more access to memory, my blog post at the following URL has the details: http://etbe.coker.com.au/2008/09/11/execmod-and-se-linux-i386-must-die/ This doesn't just affect SE Linux. I will try and provide a patch for this shortly. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-2-686-pae (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libssl1.0.0 depends on: ii debconf [debconf-2.0] 1.5.41 ii libc6 2.13-27 ii multiarch-support 2.13-27 ii zlib1g 1:1.2.6.dfsg-2 libssl1.0.0 recommends no packages. libssl1.0.0 suggests no packages. -- debconf information excluded From kurt at roeckx.be Wed Mar 14 22:47:25 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Wed, 14 Mar 2012 23:47:25 +0100 Subject: [Pkg-openssl-devel] Bug#663977: Bug#663977: libssl1.0.0: execmod failure on 1.0.0h-1 but not on 1.0.0g-1 In-Reply-To: <201203150110.01410.russell@coker.com.au> References: <201203150110.01410.russell@coker.com.au> Message-ID: <20120314224725.GA7237@roeckx.be> On Thu, Mar 15, 2012 at 01:10:00AM +1100, Russell Coker wrote: > Package: libssl1.0.0 > Version: 1.0.0h-1 > Severity: normal > > # eu-findtextrel /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 > either the file containing the function 'OPENSSL_DIR_end' or the file > containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC > either the file containing the function 'OPENSSL_DIR_end' or the file > containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC > either the file containing the function 'OPENSSL_DIR_end' or the file > containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC Which is weird since nothing seems to have changed related to it. I also can't find mem_clr.c being compiled, while it used to be. It used to have: # CPUID module collects small commonly used assembler snippets CPUID_OBJ= mem_clr.o Which really doesn't make sense to me, and it's not doing that anymore in the latest version. > The above shows one of the symptoms. With the way this library is compiled > on i386 applications which use it must have more access to memory, my blog > post at the following URL has the details: I do know what this all means, text relocations really aren't acceptable. Kurt From kurt at roeckx.be Wed Mar 14 22:59:23 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Wed, 14 Mar 2012 23:59:23 +0100 Subject: [Pkg-openssl-devel] Bug#663977: Bug#663977: Bug#663977: libssl1.0.0: execmod failure on 1.0.0h-1 but not on 1.0.0g-1 In-Reply-To: <20120314224725.GA7237@roeckx.be> References: <201203150110.01410.russell@coker.com.au> <20120314224725.GA7237@roeckx.be> Message-ID: <20120314225923.GB7237@roeckx.be> On Wed, Mar 14, 2012 at 11:47:25PM +0100, Kurt Roeckx wrote: > On Thu, Mar 15, 2012 at 01:10:00AM +1100, Russell Coker wrote: > > Package: libssl1.0.0 > > Version: 1.0.0h-1 > > Severity: normal > > > > # eu-findtextrel /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 > > either the file containing the function 'OPENSSL_DIR_end' or the file > > containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC > > either the file containing the function 'OPENSSL_DIR_end' or the file > > containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC > > either the file containing the function 'OPENSSL_DIR_end' or the file > > containing the function 'OPENSSL_cleanse' is not compiled with -fpic/-fPIC > > Which is weird since nothing seems to have changed related to it. > > I also can't find mem_clr.c being compiled, while it used to be. > > It used to have: > # CPUID module collects small commonly used assembler snippets > CPUID_OBJ= mem_clr.o > > Which really doesn't make sense to me, and it's not doing that > anymore in the latest version. So the problem obviously is that x86cpuid.pl's OPENSSL_cleanse is not PIC. x86cpuid.pl is now used for all versions of the library, but it should already have been present in the i686 version. I wonder why it never showed up before. Kurt From russell at coker.com.au Wed Mar 14 23:05:04 2012 From: russell at coker.com.au (Russell Coker) Date: Thu, 15 Mar 2012 10:05:04 +1100 Subject: [Pkg-openssl-devel] Bug#663977: Bug#663977: libssl1.0.0: execmod failure on 1.0.0h-1 but not on 1.0.0g-1 In-Reply-To: <20120314224725.GA7237@roeckx.be> References: <201203150110.01410.russell@coker.com.au> <20120314224725.GA7237@roeckx.be> Message-ID: <201203151005.04972.russell@coker.com.au> On Thu, 15 Mar 2012, Kurt Roeckx wrote: > > # eu-findtextrel /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 > > either the file containing the function 'OPENSSL_DIR_end' or the file > > containing the function 'OPENSSL_cleanse' is not compiled with > > -fpic/-fPIC either the file containing the function 'OPENSSL_DIR_end' or > > the file containing the function 'OPENSSL_cleanse' is not compiled with > > -fpic/-fPIC either the file containing the function 'OPENSSL_DIR_end' or > > the file containing the function 'OPENSSL_cleanse' is not compiled with > > -fpic/-fPIC > > Which is weird since nothing seems to have changed related to it. root at unstable32:/usr/src/openssl-1.0.0h# eu-findtextrel ./i686/cmov/libcrypto.so /usr/src/openssl-1.0.0h/crypto/x86cpuid.s not compiled with -fpic/-fPIC root at unstable32:/usr/src/openssl-1.0.0h# eu-findtextrel ./i586/libcrypto.so /usr/src/openssl-1.0.0h/crypto/x86cpuid.s not compiled with -fpic/-fPIC From the above test on a build tree it seems that the x86cpuid.s file is the problem, but the detail is apparently stripped when the .deb is produced. > I do know what this all means, text relocations really aren't > acceptable. That is the first time I've received such a response from a DD. In the past I've seen little indication that maintainers of such packages know what it's about and a great aversion to fixing things. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From kurt at roeckx.be Thu Mar 15 21:45:34 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Thu, 15 Mar 2012 22:45:34 +0100 Subject: [Pkg-openssl-devel] Bug#663977: Bug#663977: libssl1.0.0: execmod failure on 1.0.0h-1 but not on 1.0.0g-1 In-Reply-To: <201203151005.04972.russell@coker.com.au> References: <201203150110.01410.russell@coker.com.au> <20120314224725.GA7237@roeckx.be> <201203151005.04972.russell@coker.com.au> Message-ID: <20120315214534.GA28603@roeckx.be> On Thu, Mar 15, 2012 at 10:05:04AM +1100, Russell Coker wrote: > On Thu, 15 Mar 2012, Kurt Roeckx wrote: > > > # eu-findtextrel /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 > > > either the file containing the function 'OPENSSL_DIR_end' or the file > > > containing the function 'OPENSSL_cleanse' is not compiled with > > > -fpic/-fPIC either the file containing the function 'OPENSSL_DIR_end' or > > > the file containing the function 'OPENSSL_cleanse' is not compiled with > > > -fpic/-fPIC either the file containing the function 'OPENSSL_DIR_end' or > > > the file containing the function 'OPENSSL_cleanse' is not compiled with > > > -fpic/-fPIC > > > > Which is weird since nothing seems to have changed related to it. > > root at unstable32:/usr/src/openssl-1.0.0h# eu-findtextrel > ./i686/cmov/libcrypto.so > /usr/src/openssl-1.0.0h/crypto/x86cpuid.s not compiled with -fpic/-fPIC > root at unstable32:/usr/src/openssl-1.0.0h# eu-findtextrel ./i586/libcrypto.so > /usr/src/openssl-1.0.0h/crypto/x86cpuid.s not compiled with -fpic/-fPIC > > From the above test on a build tree it seems that the x86cpuid.s file is the > problem, but the detail is apparently stripped when the .deb is produced. If you install libssl1.0.0-dbg and rename /usr/lib/debug/usr/lib/i386-linux-gnu/libcrypto.so.1.0.0 to /usr/lib/debug/usr/lib/i386-linux-gnu/libcrypto.so.1.0.0.debug It will say the same. This look like a regression in elfutils. Anyway, the problem is the usage of OPENSSL_ia32cap_P in x86cpuid as far as I can see. > > I do know what this all means, text relocations really aren't > > acceptable. > > That is the first time I've received such a response from a DD. In the past > I've seen little indication that maintainers of such packages know what it's > about and a great aversion to fixing things. This is one of the reasons policy says to build with -fPIC. Kurt From sebastian at urbach.org Fri Mar 16 15:59:11 2012 From: sebastian at urbach.org (Sebastian Urbach) Date: Fri, 16 Mar 2012 16:59:11 +0100 Subject: [Pkg-openssl-devel] OpenSSL 1.0.1 Message-ID: <20120316155918.081071006005F@ccc-hanau.de> Hi, May someone build a OpenSSL 1.0.1 packages please. Thanks -- Mit freundlichen Gr??en / Yours sincerely Sebastian Urbach -------------------------------------------------------- Religion is something left over from the infancy of our intelligence, it will fade away as we adopt reason and science as our guidelines. -------------------------------------------------------- Bertrand Arthur William Russell (1872-1970), British philosopher, logician, mathematician, historian, and social critic. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From kurt at roeckx.be Fri Mar 16 16:13:29 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Fri, 16 Mar 2012 17:13:29 +0100 Subject: [Pkg-openssl-devel] OpenSSL 1.0.1 In-Reply-To: <20120316155918.081071006005F@ccc-hanau.de> References: <20120316155918.081071006005F@ccc-hanau.de> Message-ID: <20120316161329.GA2629@roeckx.be> On Fri, Mar 16, 2012 at 04:59:11PM +0100, Sebastian Urbach wrote: > Hi, > > May someone build a OpenSSL 1.0.1 packages please. It's already on my list of things to do. Hopefully this weekend. Kurt From noreply at release.debian.org Fri Mar 16 16:39:06 2012 From: noreply at release.debian.org (Debian testing watch) Date: Fri, 16 Mar 2012 16:39:06 +0000 Subject: [Pkg-openssl-devel] openssl 1.0.0h-1 MIGRATED to testing Message-ID: FYI: The status of the openssl source package in Debian's testing distribution has changed. Previous version: 1.0.0g-1 Current version: 1.0.0h-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. From owner at bugs.debian.org Sat Mar 17 15:18:34 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sat, 17 Mar 2012 15:18:34 +0000 Subject: [Pkg-openssl-devel] Processed: closing 663642, closing 663642 In-Reply-To: <20120317151731.6E1D1EAECC@intrepid.roeckx.be> References: <20120317151731.6E1D1EAECC@intrepid.roeckx.be> Message-ID: Processing commands for control at bugs.debian.org: > close 663642 1.0.0h-1 Bug #663642 [openssl] [CVE-2012-1165] openssl: possible NULL dereference on bad MIME headers Marked as fixed in versions openssl/1.0.0h-1. Bug #663642 [openssl] [CVE-2012-1165] openssl: possible NULL dereference on bad MIME headers Marked Bug as done > close 663642 0.9.8o-4squeeze9 Bug #663642 {Done: kurt at roeckx.be (Kurt Roeckx)} [openssl] [CVE-2012-1165] openssl: possible NULL dereference on bad MIME headers There is no source info for the package 'openssl' at version '0.9.8o-4squeeze9' with architecture '' Unable to make a source version for version '0.9.8o-4squeeze9' Marked as fixed in versions 0.9.8o-4squeeze9. Bug #663642 {Done: kurt at roeckx.be (Kurt Roeckx)} [openssl] [CVE-2012-1165] openssl: possible NULL dereference on bad MIME headers Bug 663642 is already marked as done; not doing anything. > thanks Stopping processing here. Please contact me if you need assistance. -- 663642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663642 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From nmav at gnutls.org Sat Mar 17 20:42:50 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Mar 2012 21:42:50 +0100 Subject: [Pkg-openssl-devel] Bug#664454: [openssl] debian openssl's behavior is different than original Message-ID: <4F64F74A.4000503@gnutls.org> Package: openssl Version: 1.0.0h-1 Severity: important --- Please enter the report below this line. --- The debian distributed openssl negotiated SSL 3.0 if TLS 1.2 is offered while the original openssl 1.0.0h negotiates TLS 1.0 if offered the same client hello. This is a really weird difference. To reproduce: /usr/bin/openssl s_server -cert x509/cert-rsa.pem -key x509/key-rsa.pem -port 5556 Using default temp DH parameters Using default temp ECDH parameters ACCEPT $ ./gnutls-cli localhost -p 5556 --insecure --priority PERFORMANCE ... - Version: SSL3.0 ... and the original behavior: $ /home/nmav/cvs/openssl-1.0.0h/apps/openssl s_server -cert x509/cert-rsa.pem -key x509/key-rsa.pem -port 5556 Using default temp DH parameters Using default temp ECDH parameters ACCEPT $ ./gnutls-cli localhost -p 5556 --insecure --priority PERFORMANCE ... - Version: TLS1.0 ... --- System information. --- Architecture: amd64 Kernel: Linux 3.0.0-1-amd64 Debian Release: wheezy/sid 500 testing ftp.be.debian.org 500 stable ftp.be.debian.org --- Package information. --- Depends (Version) | Installed ============================-+-============= libc6 (>= 2.7) | 2.13-27 libssl1.0.0 (>= 1.0.0) | 1.0.0h-1 zlib1g (>= 1:1.1.4) | 1:1.2.6.dfsg-2 Package's Recommends field is empty. Suggests (Version) | Installed ==============================-+-=========== ca-certificates | 20120212 From nmav at gnutls.org Sat Mar 17 22:13:04 2012 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 17 Mar 2012 23:13:04 +0100 Subject: [Pkg-openssl-devel] Bug#664454: why it is important Message-ID: <4F650C70.5030400@gnutls.org> And why I think this bug is important, is because the debian behavior causes incompatibility problems with gnutls (and possibly others). More information at: http://rt.openssl.org/Ticket/Display.html?id=2765&user=guest&pass=guest From kurt at roeckx.be Sat Mar 17 23:42:06 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Sun, 18 Mar 2012 00:42:06 +0100 Subject: [Pkg-openssl-devel] Bug#664454: Bug#664454: why it is important In-Reply-To: <4F650C70.5030400@gnutls.org> References: <4F650C70.5030400@gnutls.org> Message-ID: <20120317234205.GA534@roeckx.be> forwarded 664454 http://rt.openssl.org/Ticket/Display.html?id=2765&user=guest&pass=guest thanks On Sat, Mar 17, 2012 at 11:13:04PM +0100, Nikos Mavrogiannopoulos wrote: > And why I think this bug is important, is because the debian behavior > causes incompatibility problems with gnutls (and possibly others). More > information at: > > http://rt.openssl.org/Ticket/Display.html?id=2765&user=guest&pass=guest I already saw a few of the mails about this bug earlier today, but I didn't see it was Debian specific before. I'll watch that bug. Kurt From owner at bugs.debian.org Sat Mar 17 23:45:09 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sat, 17 Mar 2012 23:45:09 +0000 Subject: [Pkg-openssl-devel] Processed: Re: Bug#664454: why it is important In-Reply-To: <20120317234205.GA534@roeckx.be> References: <20120317234205.GA534@roeckx.be> Message-ID: Processing commands for control at bugs.debian.org: > forwarded 664454 http://rt.openssl.org/Ticket/Display.html?id=2765&user=guest&pass=guest Bug #664454 [openssl] [openssl] debian openssl's behavior is different than original Set Bug forwarded-to-address to 'http://rt.openssl.org/Ticket/Display.html?id=2765&user=guest&pass=guest'. > thanks Stopping processing here. Please contact me if you need assistance. -- 664454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664454 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From owner at bugs.debian.org Sun Mar 18 15:21:07 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sun, 18 Mar 2012 15:21:07 +0000 Subject: [Pkg-openssl-devel] Bug#557261: marked as done (libssl0.9.8: Updating from version k-5 to k-6 breaks client auth with stunnel4) References: <20120318151937.GA5223@roeckx.be> <20091120202502.3948.5249.reportbug@nova.lingbrae> Message-ID: Your message dated Sun, 18 Mar 2012 16:19:37 +0100 with message-id <20120318151937.GA5223 at roeckx.be> and subject line Re: libssl0.9.8: Updating from version k-5 to k-6 breaks client auth with stunnel4 has caused the Debian Bug report #557261, regarding libssl0.9.8: Updating from version k-5 to k-6 breaks client auth with stunnel4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 557261: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557261 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Dick Middleton Subject: libssl0.9.8: Updating from version k-5 to k-6 breaks client auth with stunnel4 Date: Fri, 20 Nov 2009 20:25:02 +0000 Size: 3485 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Re: libssl0.9.8: Updating from version k-5 to k-6 breaks client auth with stunnel4 Date: Sun, 18 Mar 2012 16:19:37 +0100 Size: 1630 URL: From owner at bugs.debian.org Sun Mar 18 15:39:03 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sun, 18 Mar 2012 15:39:03 +0000 Subject: [Pkg-openssl-devel] Bug#561558: marked as done (libssl0.9.8: Some SSL connections to hang up) References: <20120318153646.GA7360@roeckx.be> <4B2B3A6F.70407@mail.ru> Message-ID: Your message dated Sun, 18 Mar 2012 16:36:46 +0100 with message-id <20120318153646.GA7360 at roeckx.be> and subject line Re: libssl0.9.8: Some SSL connections to hang up has caused the Debian Bug report #561558, regarding libssl0.9.8: Some SSL connections to hang up to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 561558: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561558 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: =?UTF-8?B?0J7Qu9C10LM=?= Subject: libssl0.9.8: Some SSL connections to hang up Date: Fri, 18 Dec 2009 11:16:47 +0300 Size: 3735 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Re: libssl0.9.8: Some SSL connections to hang up Date: Sun, 18 Mar 2012 16:36:46 +0100 Size: 1555 URL: From kurt at roeckx.be Sun Mar 18 15:45:30 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Sun, 18 Mar 2012 16:45:30 +0100 Subject: [Pkg-openssl-devel] Bug#660895: Bug#660895: openssl: FTBFS on squeeze In-Reply-To: <1329993990-sup-6957@virtual.ruk.cuni.cz> References: <20120222175821.30834.74793.reportbug@virtual.ruk.cuni.cz> <20120222181202.GA2614@roeckx.be> <1329993990-sup-6957@virtual.ruk.cuni.cz> Message-ID: <20120318154530.GA7506@roeckx.be> On Thu, Feb 23, 2012 at 11:47:18AM +0100, Michal Suchanek wrote: > Excerpts from Kurt Roeckx's message of Wed Feb 22 19:12:02 +0100 2012: > > On Wed, Feb 22, 2012 at 06:58:22PM +0100, Michal Suchanek wrote: > > > Package: openssl > > > Version: 1 > > > Severity: normal > > > > > > > > > Hello, > > > > > > since recent ca-certificates require openssl 1 I tried to build openssl > > > 1 from source. > > > > > > This does not work. > > > > That's probably since you're trying to build this on stable and > > not testing or unstable. What version of debhelper are you using? > > debhelper 9.20120115~bpo60+1 > > There was no dependency issue reported by dpkg. So your log shows: Use of uninitialized value $_[0] in sprintf at /usr/share/perl5/Dpkg/ErrorHandling.pm line 48. What dpkg, libdpkg-perl and dpkg-dev version are you using? Anyway, I think this is either a local problem on your side, or one of the packages from backports is broken. Kurt From owner at bugs.debian.org Sun Mar 18 16:03:13 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sun, 18 Mar 2012 16:03:13 +0000 Subject: [Pkg-openssl-devel] Bug#642524: marked as done (libssl1.0.0: crash when using DTLS1) References: <20120318155837.GA7841@roeckx.be> <20110923124555.24836.43470.reportbug@nomad.lan> Message-ID: Your message dated Sun, 18 Mar 2012 16:58:37 +0100 with message-id <20120318155837.GA7841 at roeckx.be> and subject line Re: [Pkg-openssl-devel] Bug#642524: Bug#642524: libssl1.0.0: crash when using DTLS1 has caused the Debian Bug report #642524, regarding libssl1.0.0: crash when using DTLS1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 642524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642524 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Nikos Mavrogiannopoulos Subject: libssl1.0.0: crash when using DTLS1 Date: Fri, 23 Sep 2011 14:45:55 +0200 Size: 6888 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Re: [Pkg-openssl-devel] Bug#642524: Bug#642524: libssl1.0.0: crash when using DTLS1 Date: Sun, 18 Mar 2012 16:58:37 +0100 Size: 2026 URL: From michal.suchanek at ruk.cuni.cz Mon Mar 19 11:34:13 2012 From: michal.suchanek at ruk.cuni.cz (Michal Suchanek) Date: Mon, 19 Mar 2012 12:34:13 +0100 Subject: [Pkg-openssl-devel] Bug#660895: Bug#660895: openssl: FTBFS on squeeze In-Reply-To: <20120318154530.GA7506@roeckx.be> References: <20120222175821.30834.74793.reportbug@virtual.ruk.cuni.cz> <20120222181202.GA2614@roeckx.be> <1329993990-sup-6957@virtual.ruk.cuni.cz> <20120318154530.GA7506@roeckx.be> Message-ID: <1332156610-sup-9544@virtual.ruk.cuni.cz> Excerpts from Kurt Roeckx's message of Sun Mar 18 16:45:30 +0100 2012: > On Thu, Feb 23, 2012 at 11:47:18AM +0100, Michal Suchanek wrote: > > Excerpts from Kurt Roeckx's message of Wed Feb 22 19:12:02 +0100 2012: > > > On Wed, Feb 22, 2012 at 06:58:22PM +0100, Michal Suchanek wrote: > > > > Package: openssl > > > > Version: 1 > > > > Severity: normal > > > > > > > > > > > > Hello, > > > > > > > > since recent ca-certificates require openssl 1 I tried to build openssl > > > > 1 from source. > > > > > > > > This does not work. > > > > > > That's probably since you're trying to build this on stable and > > > not testing or unstable. What version of debhelper are you using? > > > > debhelper 9.20120115~bpo60+1 > > > > There was no dependency issue reported by dpkg. > > So your log shows: > Use of uninitialized value $_[0] in sprintf at > /usr/share/perl5/Dpkg/ErrorHandling.pm line 48. > > What dpkg, libdpkg-perl and dpkg-dev version are you using? > > Anyway, I think this is either a local problem on your side, or > one of the packages from backports is broken. Hello, there was a round of perl updates recently so I tried again and now both testing and unstable openssl builds. ii dpkg-dev 1.16.1.2 Debian package development tools ii libdpkg-perl 1.16.1.2 Dpkg perl modules Thanks Michal From owner at bugs.debian.org Mon Mar 19 17:12:05 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 19 Mar 2012 17:12:05 +0000 Subject: [Pkg-openssl-devel] Bug#660895: marked as done (openssl: FTBFS on squeeze) References: <20120319170857.GA1399@roeckx.be> <20120222175821.30834.74793.reportbug@virtual.ruk.cuni.cz> Message-ID: Your message dated Mon, 19 Mar 2012 18:08:57 +0100 with message-id <20120319170857.GA1399 at roeckx.be> and subject line Re: [Pkg-openssl-devel] Bug#660895: openssl: FTBFS on squeeze has caused the Debian Bug report #660895, regarding openssl: FTBFS on squeeze to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 660895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660895 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Michal Suchanek Subject: openssl: FTBFS on squeeze Date: Wed, 22 Feb 2012 18:58:22 +0100 Size: 5226 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Re: [Pkg-openssl-devel] Bug#660895: openssl: FTBFS on squeeze Date: Mon, 19 Mar 2012 18:08:57 +0100 Size: 2026 URL: From ftpmaster at ftp-master.debian.org Mon Mar 19 17:47:18 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 19 Mar 2012 17:47:18 +0000 Subject: [Pkg-openssl-devel] Processing of openssl_1.0.1-1_amd64.changes Message-ID: openssl_1.0.1-1_amd64.changes uploaded successfully to localhost along with the files: openssl_1.0.1-1.dsc openssl_1.0.1.orig.tar.gz openssl_1.0.1-1.debian.tar.gz libssl-doc_1.0.1-1_all.deb openssl_1.0.1-1_amd64.deb libssl1.0.0_1.0.1-1_amd64.deb libcrypto1.0.0-udeb_1.0.1-1_amd64.udeb libssl-dev_1.0.1-1_amd64.deb libssl1.0.0-dbg_1.0.1-1_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) From ftpmaster at ftp-master.debian.org Mon Mar 19 18:05:28 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 19 Mar 2012 18:05:28 +0000 Subject: [Pkg-openssl-devel] openssl_1.0.1-1_amd64.changes ACCEPTED into unstable Message-ID: Accepted: libcrypto1.0.0-udeb_1.0.1-1_amd64.udeb to main/o/openssl/libcrypto1.0.0-udeb_1.0.1-1_amd64.udeb libssl-dev_1.0.1-1_amd64.deb to main/o/openssl/libssl-dev_1.0.1-1_amd64.deb libssl-doc_1.0.1-1_all.deb to main/o/openssl/libssl-doc_1.0.1-1_all.deb libssl1.0.0-dbg_1.0.1-1_amd64.deb to main/o/openssl/libssl1.0.0-dbg_1.0.1-1_amd64.deb libssl1.0.0_1.0.1-1_amd64.deb to main/o/openssl/libssl1.0.0_1.0.1-1_amd64.deb openssl_1.0.1-1.debian.tar.gz to main/o/openssl/openssl_1.0.1-1.debian.tar.gz openssl_1.0.1-1.dsc to main/o/openssl/openssl_1.0.1-1.dsc openssl_1.0.1-1_amd64.deb to main/o/openssl/openssl_1.0.1-1_amd64.deb openssl_1.0.1.orig.tar.gz to main/o/openssl/openssl_1.0.1.orig.tar.gz Changes: openssl (1.0.1-1) unstable; urgency=low . * New upstream version - Remove kfreebsd-pipe.patch, fixed upstream - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for the new functions. - AES-NI support (Closes: #644743) * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup hidden on amd64, no need to access it PIC anymore. * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977) * Enable hardening using dpkg-buildflags (Closes: #653495) * s_client and s_server were forcing SSLv3 only connection when SSLv2 was disabled instead of the SSLv2 with upgrade method. (Closes: #664454) * Add Beaks on openssh < 1:5.9p1-4, it has a too strict version check. Override entries for your package: libcrypto1.0.0-udeb_1.0.1-1_amd64.udeb - optional debian-installer libssl-dev_1.0.1-1_amd64.deb - optional libdevel libssl-doc_1.0.1-1_all.deb - optional doc libssl1.0.0-dbg_1.0.1-1_amd64.deb - extra debug libssl1.0.0_1.0.1-1_amd64.deb - important libs openssl_1.0.1-1.dsc - source libs openssl_1.0.1-1_amd64.deb - optional utils Announcing to debian-devel-changes at lists.debian.org Closing bugs: 644743 653495 663977 664454 Thank you for your contribution to Debian. From owner at bugs.debian.org Mon Mar 19 18:09:08 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 19 Mar 2012 18:09:08 +0000 Subject: [Pkg-openssl-devel] Bug#644743: marked as done (Add support for AES-NI) References: <20111008164115.1054.54099.reportbug@neo.luffy.cx> Message-ID: Your message dated Mon, 19 Mar 2012 18:05:28 +0000 with message-id and subject line Bug#644743: fixed in openssl 1.0.1-1 has caused the Debian Bug report #644743, regarding Add support for AES-NI to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 644743: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644743 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Vincent Bernat Subject: Add support for AES-NI Date: Sat, 08 Oct 2011 18:41:15 +0200 Size: 3878 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Bug#644743: fixed in openssl 1.0.1-1 Date: Mon, 19 Mar 2012 18:05:28 +0000 Size: 8239 URL: From owner at bugs.debian.org Mon Mar 19 18:09:10 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 19 Mar 2012 18:09:10 +0000 Subject: [Pkg-openssl-devel] Bug#653495: marked as done (Please enabled hardened build flags) References: <20111228215547.14947.13607.reportbug@pisco.westfalen.local> Message-ID: Your message dated Mon, 19 Mar 2012 18:05:28 +0000 with message-id and subject line Bug#653495: fixed in openssl 1.0.1-1 has caused the Debian Bug report #653495, regarding Please enabled hardened build flags to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 653495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653495 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Moritz Muehlenhoff Subject: Please enabled hardened build flags Date: Wed, 28 Dec 2011 22:55:47 +0100 Size: 2041 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Bug#653495: fixed in openssl 1.0.1-1 Date: Mon, 19 Mar 2012 18:05:28 +0000 Size: 8238 URL: From owner at bugs.debian.org Mon Mar 19 18:09:13 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 19 Mar 2012 18:09:13 +0000 Subject: [Pkg-openssl-devel] Bug#663977: marked as done (libssl1.0.0: execmod failure on 1.0.0h-1 but not on 1.0.0g-1) References: <201203150110.01410.russell@coker.com.au> Message-ID: Your message dated Mon, 19 Mar 2012 18:05:28 +0000 with message-id and subject line Bug#663977: fixed in openssl 1.0.1-1 has caused the Debian Bug report #663977, regarding libssl1.0.0: execmod failure on 1.0.0h-1 but not on 1.0.0g-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 663977: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663977 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Russell Coker Subject: libssl1.0.0: execmod failure on 1.0.0h-1 but not on 1.0.0g-1 Date: Thu, 15 Mar 2012 01:10:00 +1100 Size: 3601 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Bug#663977: fixed in openssl 1.0.1-1 Date: Mon, 19 Mar 2012 18:05:28 +0000 Size: 8238 URL: From owner at bugs.debian.org Mon Mar 19 18:09:16 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 19 Mar 2012 18:09:16 +0000 Subject: [Pkg-openssl-devel] Bug#664454: marked as done ([openssl] debian openssl's behavior is different than original) References: <4F64F74A.4000503@gnutls.org> Message-ID: Your message dated Mon, 19 Mar 2012 18:05:28 +0000 with message-id and subject line Bug#664454: fixed in openssl 1.0.1-1 has caused the Debian Bug report #664454, regarding [openssl] debian openssl's behavior is different than original to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 664454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664454 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Nikos Mavrogiannopoulos Subject: [openssl] debian openssl's behavior is different than original Date: Sat, 17 Mar 2012 21:42:50 +0100 Size: 4102 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Bug#664454: fixed in openssl 1.0.1-1 Date: Mon, 19 Mar 2012 18:05:28 +0000 Size: 8214 URL: From ftpmaster at ftp-master.debian.org Mon Mar 19 19:07:40 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 19 Mar 2012 19:07:40 +0000 Subject: [Pkg-openssl-devel] Processing of openssl_1.0.1-2_amd64.changes Message-ID: openssl_1.0.1-2_amd64.changes uploaded successfully to localhost along with the files: openssl_1.0.1-2.dsc openssl_1.0.1-2.debian.tar.gz libssl-doc_1.0.1-2_all.deb openssl_1.0.1-2_amd64.deb libssl1.0.0_1.0.1-2_amd64.deb libcrypto1.0.0-udeb_1.0.1-2_amd64.udeb libssl-dev_1.0.1-2_amd64.deb libssl1.0.0-dbg_1.0.1-2_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) From ftpmaster at ftp-master.debian.org Mon Mar 19 19:21:00 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 19 Mar 2012 19:21:00 +0000 Subject: [Pkg-openssl-devel] openssl_1.0.1-2_amd64.changes ACCEPTED into unstable Message-ID: Accepted: libcrypto1.0.0-udeb_1.0.1-2_amd64.udeb to main/o/openssl/libcrypto1.0.0-udeb_1.0.1-2_amd64.udeb libssl-dev_1.0.1-2_amd64.deb to main/o/openssl/libssl-dev_1.0.1-2_amd64.deb libssl-doc_1.0.1-2_all.deb to main/o/openssl/libssl-doc_1.0.1-2_all.deb libssl1.0.0-dbg_1.0.1-2_amd64.deb to main/o/openssl/libssl1.0.0-dbg_1.0.1-2_amd64.deb libssl1.0.0_1.0.1-2_amd64.deb to main/o/openssl/libssl1.0.0_1.0.1-2_amd64.deb openssl_1.0.1-2.debian.tar.gz to main/o/openssl/openssl_1.0.1-2.debian.tar.gz openssl_1.0.1-2.dsc to main/o/openssl/openssl_1.0.1-2.dsc openssl_1.0.1-2_amd64.deb to main/o/openssl/openssl_1.0.1-2_amd64.deb Changes: openssl (1.0.1-2) unstable; urgency=low . * Properly quote the new cflags in Configure Override entries for your package: libcrypto1.0.0-udeb_1.0.1-2_amd64.udeb - optional debian-installer libssl-dev_1.0.1-2_amd64.deb - optional libdevel libssl-doc_1.0.1-2_all.deb - optional doc libssl1.0.0-dbg_1.0.1-2_amd64.deb - extra debug libssl1.0.0_1.0.1-2_amd64.deb - important libs openssl_1.0.1-2.dsc - source libs openssl_1.0.1-2_amd64.deb - optional utils Announcing to debian-devel-changes at lists.debian.org Thank you for your contribution to Debian. From secure at private-invitation.info Wed Mar 21 07:54:35 2012 From: secure at private-invitation.info (admin) Date: Wed, 21 Mar 2012 08:54:35 +0100 Subject: [Pkg-openssl-devel] (no subject) Message-ID: <125603781187523128112639@Oracle-PC> An HTML attachment was scrubbed... URL: From kapouer at melix.org Thu Mar 22 19:59:45 2012 From: kapouer at melix.org (=?UTF-8?B?SsOpcsOpbXkgTGFs?=) Date: Thu, 22 Mar 2012 20:59:45 +0100 Subject: [Pkg-openssl-devel] digest too big for rsa key 512 bits and openssl 1.0.1 Message-ID: <4F6B84B1.4030007@melix.org> Hi, http://bugs.debian.org/665093#15 was caused by upgrading /usr/bin/openssl from 1.0.0h to 1.0.1-2. Is it a known problem ? Could it be an openssl bug ? J?r?my. From kurt at roeckx.be Thu Mar 22 20:06:56 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Thu, 22 Mar 2012 21:06:56 +0100 Subject: [Pkg-openssl-devel] digest too big for rsa key 512 bits and openssl 1.0.1 In-Reply-To: <4F6B84B1.4030007@melix.org> References: <4F6B84B1.4030007@melix.org> Message-ID: <20120322200656.GB4372@roeckx.be> On Thu, Mar 22, 2012 at 08:59:45PM +0100, J?r?my Lal wrote: > Hi, > http://bugs.debian.org/665093#15 > was caused by upgrading /usr/bin/openssl from 1.0.0h to 1.0.1-2. > > Is it a known problem ? Not to me, didn't see anything in the upstream bug reports about it either. > Could it be an openssl bug ? Sure. It would be nice if you could file a bug upstream by sending a mail to rt at openssl.org Kurt From kapouer at melix.org Thu Mar 22 20:51:53 2012 From: kapouer at melix.org (=?ISO-8859-1?Q?J=E9r=E9my_Lal?=) Date: Thu, 22 Mar 2012 21:51:53 +0100 Subject: [Pkg-openssl-devel] digest too big for rsa key 512 bits and openssl 1.0.1 In-Reply-To: <20120322200656.GB4372@roeckx.be> References: <4F6B84B1.4030007@melix.org> <20120322200656.GB4372@roeckx.be> Message-ID: <4F6B90E9.2010706@melix.org> On 22/03/2012 21:06, Kurt Roeckx wrote: > On Thu, Mar 22, 2012 at 08:59:45PM +0100, J?r?my Lal wrote: >> Hi, >> http://bugs.debian.org/665093#15 >> was caused by upgrading /usr/bin/openssl from 1.0.0h to 1.0.1-2. >> >> Is it a known problem ? > > Not to me, didn't see anything in the upstream bug reports about > it either. > >> Could it be an openssl bug ? > > Sure. It would be nice if you could file a bug upstream by > sending a mail to rt at openssl.org Done. I'll keep you informed in case it happens to be an openssl bug. J?r?my. From phaoost at gmail.com Fri Mar 23 06:04:01 2012 From: phaoost at gmail.com (Yevgeny Kosarzhevsky) Date: Fri, 23 Mar 2012 13:04:01 +0700 Subject: [Pkg-openssl-devel] Bug#665333: openssl: aesni engine is not available Message-ID: <20120323060401.1055.84459.reportbug@wbook> Package: openssl Version: 1.0.1-2 Severity: normal Dear Maintainer, aesni engine isn't showing as available though my CPU has aes support: ~$ grep aesni /proc/cpuinfo ~$ grep aes /proc/cpuinfo flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt aes lahf_lm ida arat dts tpr_shadow vnmi flexpriority ept vpid flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt aes lahf_lm ida arat dts tpr_shadow vnmi flexpriority ept vpid flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt aes lahf_lm ida arat dts tpr_shadow vnmi flexpriority ept vpid flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt aes lahf_lm ida arat dts tpr_shadow vnmi flexpriority ept vpid -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (700, 'testing'), (650, 'stable'), (600, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.6 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.13-27 ii libssl1.0.0 1.0.1-2 ii zlib1g 1:1.2.6.dfsg-2 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20120212 -- no debconf information From owner at bugs.debian.org Fri Mar 23 08:18:04 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Fri, 23 Mar 2012 08:18:04 +0000 Subject: [Pkg-openssl-devel] Bug#665333: marked as done (openssl: aesni engine is not available) References: <20120323081358.GA15396@roeckx.be> <20120323060401.1055.84459.reportbug@wbook> Message-ID: Your message dated Fri, 23 Mar 2012 09:13:58 +0100 with message-id <20120323081358.GA15396 at roeckx.be> and subject line Re: [Pkg-openssl-devel] Bug#665333: openssl: aesni engine is not available has caused the Debian Bug report #665333, regarding openssl: aesni engine is not available to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 665333: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665333 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Yevgeny Kosarzhevsky Subject: openssl: aesni engine is not available Date: Fri, 23 Mar 2012 13:04:01 +0700 Size: 3992 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Re: [Pkg-openssl-devel] Bug#665333: openssl: aesni engine is not available Date: Fri, 23 Mar 2012 09:13:58 +0100 Size: 2083 URL: From kapouer at melix.org Fri Mar 23 13:45:35 2012 From: kapouer at melix.org (=?ISO-8859-1?Q?J=E9r=E9my_Lal?=) Date: Fri, 23 Mar 2012 14:45:35 +0100 Subject: [Pkg-openssl-devel] digest too big for rsa key 512 bits and openssl 1.0.1 In-Reply-To: <20120322200656.GB4372@roeckx.be> References: <4F6B84B1.4030007@melix.org> <20120322200656.GB4372@roeckx.be> Message-ID: <4F6C7E7F.2020603@melix.org> On 22/03/2012 21:06, Kurt Roeckx wrote: > On Thu, Mar 22, 2012 at 08:59:45PM +0100, J?r?my Lal wrote: >> Hi, >> http://bugs.debian.org/665093#15 >> was caused by upgrading /usr/bin/openssl from 1.0.0h to 1.0.1-2. >> >> Is it a known problem ? > > Not to me, didn't see anything in the upstream bug reports about > it either. > >> Could it be an openssl bug ? > > Sure. It would be nice if you could file a bug upstream by > sending a mail to rt at openssl.org Here is their answer. It's not a bug, but it would have been great to have that explained somewhere in upstream's, and debian's, changelog. J?r?my. -------------- next part -------------- An embedded message was scrubbed... From: "Stephen Henson via RT" Subject: [openssl.org #2769] problem with openssl 1.0.1 and 512bits rsa key Date: Fri, 23 Mar 2012 13:25:12 +0100 (CET) Size: 3527 URL: From calvin at debian.org Sat Mar 24 11:23:37 2012 From: calvin at debian.org (Bastian Kleineidam) Date: Sat, 24 Mar 2012 12:23:37 +0100 Subject: [Pkg-openssl-devel] Bug#665452: libssl1.0.0: breaks HTTPS download of some sites (eg. https://sourceforge.net) Message-ID: <20120324112337.27364.74323.reportbug@rum.fritz.box> Package: libssl1.0.0 Version: 1.0.1-2 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, installing the newest version breaks curl (and other download tools using libssl like perl GET) on https://sourceforge.net/ Downgrading to 1.0.0h solves the problem. Attached are curl --trace outputs with version 1.0.0h and 1.0.1. Since the SSL error message is not very helpful, I could not match this problem to any of the existing bugs. So feel free to ask for more info about this. Regards, Bastian - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.12rum1 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libssl1.0.0 depends on: ii debconf [debconf-2.0] 1.5.42 ii libc6 2.13-27 ii multiarch-support 2.13-27 ii zlib1g 1:1.2.6.dfsg-2 libssl1.0.0 recommends no packages. libssl1.0.0 suggests no packages. - -- debconf information: libssl1.0.0/restart-failed: libssl1.0.0/restart-services: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk9trrQACgkQeBwlBDLsbz5QTwCg0/CiAMF15IWsTSmgQU0Moany +44AoKJ6cmESgDyoWCPsspfDseAB8UHx =YMwi -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: curl_sourceforge.net_1.0.0h.log Type: application/octet-stream Size: 17098 bytes Desc: not available URL: -------------- next part -------------- % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0== Info: About to connect() to sourceforge.net port 443 (#0) == Info: Trying 216.34.181.60... == Info: connected == Info: Connected to sourceforge.net (216.34.181.60) port 443 (#0) == Info: successfully set certificate verify locations: == Info: CAfile: none CApath: /etc/ssl/certs == Info: SSLv3, TLS handshake, Client hello (1): => Send SSL data, 335 bytes (0x14f) 0000: 01 00 01 4b 03 03 4f 6d ac aa 95 b9 d6 ff f3 11 ...K..Om........ 0010: f6 70 ca 18 45 4c 97 84 34 a7 84 2b 8d b6 22 59 .p..EL..4..+.."Y 0020: a5 8a dc 9d f4 8f 00 00 9e c0 30 c0 2c c0 28 c0 ..........0.,.(. 0030: 24 c0 14 c0 0a c0 22 c0 21 00 a3 00 9f 00 6b 00 $.....".!.....k. 0040: 6a 00 39 00 38 00 88 00 87 c0 32 c0 2e c0 2a c0 j.9.8.....2...*. 0050: 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 12 c0 &.......=.5..... 0060: 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 ................ 0070: 2f c0 2b c0 27 c0 23 c0 13 c0 09 c0 1f c0 1e 00 /.+.'.#......... 0080: a2 00 9e 00 67 00 40 00 33 00 32 00 9a 00 99 00 ....g. at .3.2..... 0090: 45 00 44 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 E.D.1.-.).%..... 00a0: 9c 00 3c 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 ..<./...A....... 00b0: 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 ................ 00c0: 08 00 06 00 03 00 ff 02 01 00 00 83 00 00 00 14 ................ 00d0: 00 12 00 00 0f 73 6f 75 72 63 65 66 6f 72 67 65 .....sourceforge 00e0: 2e 6e 65 74 00 0b 00 04 03 00 01 02 00 0a 00 34 .net...........4 00f0: 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 .2.............. 0100: 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 ................ 0110: 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f ................ 0120: 00 10 00 11 00 0d 00 22 00 20 06 01 06 02 06 03 .......". ...... 0130: 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 ................ 0140: 03 03 02 01 02 02 02 03 01 01 00 0f 00 01 01 ............... curl: (35) Unknown SSL protocol error in connection to sourceforge.net:443 == Info: Unknown SSL protocol error in connection to sourceforge.net:443 == Info: Closing connection #0 From kurt at roeckx.be Sat Mar 24 11:39:03 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Sat, 24 Mar 2012 12:39:03 +0100 Subject: [Pkg-openssl-devel] Bug#665452: Bug#665452: libssl1.0.0: breaks HTTPS download of some sites (eg. https://sourceforge.net) In-Reply-To: <20120324112337.27364.74323.reportbug@rum.fritz.box> References: <20120324112337.27364.74323.reportbug@rum.fritz.box> Message-ID: <20120324113903.GA24129@roeckx.be> On Sat, Mar 24, 2012 at 12:23:37PM +0100, Bastian Kleineidam wrote: > Package: libssl1.0.0 > Version: 1.0.1-2 > Severity: important > > Hi, > > installing the newest version breaks curl (and other download tools > using libssl like perl GET) on https://sourceforge.net/ > Downgrading to 1.0.0h solves the problem. > > Attached are curl --trace outputs with version 1.0.0h and 1.0.1. > > Since the SSL error message is not very helpful, I could not match > this problem to any of the existing bugs. > So feel free to ask for more info about this. I can reproduce it, and it doesn't make much sense to me at this time. sourceforge just doesn't seem to reply. The biggest change in 1.0.1 is that it supports TLS 1.1 and 1.2. But using s_client with -no_tls1_1 -no_tls1_2 still doesn't get me a connection. On the other hand "gnutls-cli sourceforge.net" does work as expected. And forcing an SSL3 or TLS1 connection using s_client also works. So I think someone at sourceforge will have to take a look at this. Kurt From calvin at debian.org Sat Mar 24 18:45:51 2012 From: calvin at debian.org (Bastian Kleineidam) Date: Sat, 24 Mar 2012 19:45:51 +0100 Subject: [Pkg-openssl-devel] Bug#665452: Bug#665452: libssl1.0.0: breaks HTTPS download of some sites (eg. https://sourceforge.net) In-Reply-To: <20120324113903.GA24129@roeckx.be> References: <20120324112337.27364.74323.reportbug@rum.fritz.box> <20120324113903.GA24129@roeckx.be> Message-ID: <201203241945.55889.calvin@debian.org> Hello Kurt, Am Saturday, 24. March 2012, 12:39:03 schrieb Kurt Roeckx: > And forcing an SSL3 or TLS1 connection using s_client also works. Can I configure this somehow to be the default for all applications using libssl? > On the other hand "gnutls-cli sourceforge.net" does work as > expected. Yes, there are some gnutls alternatives. Unfortunately the Perl and Python https libraries are using libssl. In fact that is when I first noticed the bug: my custom python script could not login to Sourceforge anymore. > So I think someone at sourceforge will have to take a look at this. This upstream bug seems to be the same problem: http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest Unfortunately the developer does not seem to see that as a regression :-/ I guess the best choice for me right now is to keep using v1.0.0h. Regards, Bastian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From kurt at roeckx.be Sun Mar 25 02:01:13 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Sun, 25 Mar 2012 04:01:13 +0200 Subject: [Pkg-openssl-devel] Bug#665452: Bug#665452: libssl1.0.0: breaks HTTPS download of some sites (eg. https://sourceforge.net) In-Reply-To: <201203241945.55889.calvin@debian.org> References: <20120324112337.27364.74323.reportbug@rum.fritz.box> <20120324113903.GA24129@roeckx.be> <201203241945.55889.calvin@debian.org> Message-ID: <20120325020113.GA2942@roeckx.be> On Sat, Mar 24, 2012 at 07:45:51PM +0100, Bastian Kleineidam wrote: > Hello Kurt, > > Am Saturday, 24. March 2012, 12:39:03 schrieb Kurt Roeckx: > > And forcing an SSL3 or TLS1 connection using s_client also works. > Can I configure this somehow to be the default for all applications > using libssl? Not that I know, as far as I know they all need to set this up themself. > > On the other hand "gnutls-cli sourceforge.net" does work as > > expected. > Yes, there are some gnutls alternatives. Unfortunately the Perl and > Python https libraries are using libssl. In fact that is when I first > noticed the bug: my custom python script could not login to Sourceforge > anymore. > > > So I think someone at sourceforge will have to take a look at this. > This upstream bug seems to be the same problem: > http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest > Unfortunately the developer does not seem to see that as a regression :-/ That bug report mentions owa.mit.edu, which also responds with: Server: BigIP Kurt From owner at bugs.debian.org Mon Mar 26 15:06:08 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 26 Mar 2012 15:06:08 +0000 Subject: [Pkg-openssl-devel] Processed: reassign 665836 to libssl1.0.0 References: <1332774100-2195-bts-cjwatson@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > reassign 665836 libssl1.0.0 Bug #665836 [openssh-server] openssh-server: segfault error 6 in libcrypto.so.1.0.0 Bug reassigned from package 'openssh-server' to 'libssl1.0.0'. No longer marked as found in versions openssh/1:5.9p1-4. Ignoring request to alter fixed versions of bug #665836 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 665836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665836 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From kurt at roeckx.be Mon Mar 26 16:25:23 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Mon, 26 Mar 2012 18:25:23 +0200 Subject: [Pkg-openssl-devel] Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: <20120326132047.10918.28233.reportbug@maru.md5i.com> References: <20120326132047.10918.28233.reportbug@maru.md5i.com> Message-ID: <20120326162523.GA7458@roeckx.be> On Mon, Mar 26, 2012 at 09:20:47AM -0400, Michael Welsh Duggan wrote: > Package: openssh-server > Version: 1:5.9p1-4 > Severity: important > > Dear Maintainer, > > When connecting to my home machine while forwarding ports, I keep getting > segfaults in sshd whenever the forwarded ports are used. This includes > X forwarding. The errors that appear in my syslog look like this: > > Mar 26 09:11:41 maru kernel: sshd[9320]: segfault at b8749000 ip b752f678 sp bfde6de0 error 6 in libcrypto.so.1.0.0[b74c6000+1a3000] > Mar 26 09:11:52 maru kernel: sshd[10647]: segfault at b81fa008 ip b753b678 sp bf9d42d0 error 6 in libcrypto.so.1.0.0[b74d2000+1a3000] > Mar 26 09:11:56 maru kernel: sshd[10680]: segfault at b8563000 ip b759b678 sp bfdff0a0 error 6 in libcrypto.so.1.0.0[b7532000+1a3000] I'm unable to reproduce this. I've tried using openssh-server 1:5.9p1-4 and libssl1.0.0 1.0.1-2 on the server side, openssh-client 1:5.9p1-3 and libssl1.0.0 1.0.0h-1 on the client side, and used ssh -X. I then upgraded the client side to use 1:5.9p1-4/1.0.0h-1 but that didn't change anything. I'm using an RSA key if that has anything to do with it. I didn't try anything like -L or -R, should I try those? Kurt From mwd at cert.org Mon Mar 26 17:03:31 2012 From: mwd at cert.org (Michael Welsh Duggan) Date: Mon, 26 Mar 2012 13:03:31 -0400 Subject: [Pkg-openssl-devel] Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: <20120326162523.GA7458@roeckx.be> (Kurt Roeckx's message of "Mon, 26 Mar 2012 12:25:23 -0400") References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> Message-ID: Kurt Roeckx writes: > On Mon, Mar 26, 2012 at 09:20:47AM -0400, Michael Welsh Duggan wrote: >> Package: openssh-server >> Version: 1:5.9p1-4 >> Severity: important >> >> Dear Maintainer, >> >> When connecting to my home machine while forwarding ports, I keep getting >> segfaults in sshd whenever the forwarded ports are used. This includes >> X forwarding. The errors that appear in my syslog look like this: >> >> Mar 26 09:11:41 maru kernel: sshd[9320]: segfault at b8749000 ip >> b752f678 sp bfde6de0 error 6 in libcrypto.so.1.0.0[b74c6000+1a3000] >> Mar 26 09:11:52 maru kernel: sshd[10647]: segfault at b81fa008 ip >> b753b678 sp bf9d42d0 error 6 in libcrypto.so.1.0.0[b74d2000+1a3000] >> Mar 26 09:11:56 maru kernel: sshd[10680]: segfault at b8563000 ip >> b759b678 sp bfdff0a0 error 6 in libcrypto.so.1.0.0[b7532000+1a3000] > > I'm unable to reproduce this. > > I've tried using openssh-server 1:5.9p1-4 and libssl1.0.0 1.0.1-2 on the > server side, openssh-client 1:5.9p1-3 and libssl1.0.0 1.0.0h-1 on > the client side, and used ssh -X. I am using OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 on the client side. (This client worked in previous versions.) > I'm using an RSA key if that has anything to do with it. I am using a DSA key. > I didn't try anything like -L or -R, should I try those? Did you attempt to pull use the tunneled X connection? Nothing failed for me until I did. -- Michael Welsh Duggan (mwd at cert.org) From kurt at roeckx.be Mon Mar 26 17:45:08 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Mon, 26 Mar 2012 19:45:08 +0200 Subject: [Pkg-openssl-devel] Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> Message-ID: <20120326174508.GA23479@roeckx.be> On Mon, Mar 26, 2012 at 01:03:31PM -0400, Michael Welsh Duggan wrote: > Kurt Roeckx writes: > > > On Mon, Mar 26, 2012 at 09:20:47AM -0400, Michael Welsh Duggan wrote: > >> Package: openssh-server > >> Version: 1:5.9p1-4 > >> Severity: important > >> > >> Dear Maintainer, > >> > >> When connecting to my home machine while forwarding ports, I keep getting > >> segfaults in sshd whenever the forwarded ports are used. This includes > >> X forwarding. The errors that appear in my syslog look like this: > >> > >> Mar 26 09:11:41 maru kernel: sshd[9320]: segfault at b8749000 ip > >> b752f678 sp bfde6de0 error 6 in libcrypto.so.1.0.0[b74c6000+1a3000] > >> Mar 26 09:11:52 maru kernel: sshd[10647]: segfault at b81fa008 ip > >> b753b678 sp bf9d42d0 error 6 in libcrypto.so.1.0.0[b74d2000+1a3000] > >> Mar 26 09:11:56 maru kernel: sshd[10680]: segfault at b8563000 ip > >> b759b678 sp bfdff0a0 error 6 in libcrypto.so.1.0.0[b7532000+1a3000] > > > > I'm unable to reproduce this. > > > > I've tried using openssh-server 1:5.9p1-4 and libssl1.0.0 1.0.1-2 on the > > server side, openssh-client 1:5.9p1-3 and libssl1.0.0 1.0.0h-1 on > > the client side, and used ssh -X. > > I am using OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 on the client side. > (This client worked in previous versions.) > > > I'm using an RSA key if that has anything to do with it. > > I am using a DSA key. > > > I didn't try anything like -L or -R, should I try those? > > Did you attempt to pull use the tunneled X connection? Nothing failed > for me until I did. I started a remote xterm and closed it, and then closed the ssh session. I've set up a tunnel using -L, and then used that tunnel. I tried to close the tunnel connection first, try to log out (and hang) first, just closed the ssh connection (~.) ... I'm not sure what else I can try. I'm not sure what you mean with "to pull use". Kurt From kurt at roeckx.be Mon Mar 26 18:30:28 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Mon, 26 Mar 2012 20:30:28 +0200 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: <20120326174508.GA23479@roeckx.be> References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> <20120326174508.GA23479@roeckx.be> Message-ID: <20120326183028.GA24649@roeckx.be> On Mon, Mar 26, 2012 at 07:45:08PM +0200, Kurt Roeckx wrote: > On Mon, Mar 26, 2012 at 01:03:31PM -0400, Michael Welsh Duggan wrote: > > Kurt Roeckx writes: > > > > > On Mon, Mar 26, 2012 at 09:20:47AM -0400, Michael Welsh Duggan wrote: > > >> Package: openssh-server > > >> Version: 1:5.9p1-4 > > >> Severity: important > > >> > > >> Dear Maintainer, > > >> > > >> When connecting to my home machine while forwarding ports, I keep getting > > >> segfaults in sshd whenever the forwarded ports are used. This includes > > >> X forwarding. The errors that appear in my syslog look like this: > > >> > > >> Mar 26 09:11:41 maru kernel: sshd[9320]: segfault at b8749000 ip > > >> b752f678 sp bfde6de0 error 6 in libcrypto.so.1.0.0[b74c6000+1a3000] > > >> Mar 26 09:11:52 maru kernel: sshd[10647]: segfault at b81fa008 ip > > >> b753b678 sp bf9d42d0 error 6 in libcrypto.so.1.0.0[b74d2000+1a3000] > > >> Mar 26 09:11:56 maru kernel: sshd[10680]: segfault at b8563000 ip > > >> b759b678 sp bfdff0a0 error 6 in libcrypto.so.1.0.0[b7532000+1a3000] > > > > > > I'm unable to reproduce this. > > > > > > I've tried using openssh-server 1:5.9p1-4 and libssl1.0.0 1.0.1-2 on the > > > server side, openssh-client 1:5.9p1-3 and libssl1.0.0 1.0.0h-1 on > > > the client side, and used ssh -X. > > > > I am using OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 on the client side. > > (This client worked in previous versions.) > > > > > I'm using an RSA key if that has anything to do with it. > > > > I am using a DSA key. > > > > > I didn't try anything like -L or -R, should I try those? > > > > Did you attempt to pull use the tunneled X connection? Nothing failed > > for me until I did. > > I started a remote xterm and closed it, and then closed the ssh > session. > > I've set up a tunnel using -L, and then used that tunnel. I tried > to close the tunnel connection first, try to log out (and hang) > first, just closed the ssh connection (~.) ... > > I'm not sure what else I can try. > > I'm not sure what you mean with "to pull use". Can you attach gdb to the sshd, and then make it crash and send me a backtrace? Kurt From mwd at cert.org Mon Mar 26 20:36:33 2012 From: mwd at cert.org (Michael Welsh Duggan) Date: Mon, 26 Mar 2012 16:36:33 -0400 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: <20120326183028.GA24649@roeckx.be> (Kurt Roeckx's message of "Mon, 26 Mar 2012 14:30:28 -0400") References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> <20120326174508.GA23479@roeckx.be> <20120326183028.GA24649@roeckx.be> Message-ID: Kurt Roeckx writes: > On Mon, Mar 26, 2012 at 07:45:08PM +0200, Kurt Roeckx wrote: >> On Mon, Mar 26, 2012 at 01:03:31PM -0400, Michael Welsh Duggan wrote: >> > Kurt Roeckx writes: >> > >> > > On Mon, Mar 26, 2012 at 09:20:47AM -0400, Michael Welsh Duggan wrote: >> > >> Package: openssh-server >> > >> Version: 1:5.9p1-4 >> > >> Severity: important >> > >> >> > >> Dear Maintainer, >> > >> >> > >> When connecting to my home machine while forwarding ports, I keep getting >> > >> segfaults in sshd whenever the forwarded ports are used. This includes >> > >> X forwarding. The errors that appear in my syslog look like this: >> > >> >> > >> Mar 26 09:11:41 maru kernel: sshd[9320]: segfault at b8749000 ip >> > >> b752f678 sp bfde6de0 error 6 in libcrypto.so.1.0.0[b74c6000+1a3000] >> > >> Mar 26 09:11:52 maru kernel: sshd[10647]: segfault at b81fa008 ip >> > >> b753b678 sp bf9d42d0 error 6 in libcrypto.so.1.0.0[b74d2000+1a3000] >> > >> Mar 26 09:11:56 maru kernel: sshd[10680]: segfault at b8563000 ip >> > >> b759b678 sp bfdff0a0 error 6 in libcrypto.so.1.0.0[b7532000+1a3000] >> > > >> > > I'm unable to reproduce this. >> > > >> > > I've tried using openssh-server 1:5.9p1-4 and libssl1.0.0 1.0.1-2 on the >> > > server side, openssh-client 1:5.9p1-3 and libssl1.0.0 1.0.0h-1 on >> > > the client side, and used ssh -X. >> > >> > I am using OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 on the client side. >> > (This client worked in previous versions.) >> > >> > > I'm using an RSA key if that has anything to do with it. >> > >> > I am using a DSA key. >> > >> > > I didn't try anything like -L or -R, should I try those? >> > >> > Did you attempt to pull use the tunneled X connection? Nothing failed >> > for me until I did. >> >> I started a remote xterm and closed it, and then closed the ssh >> session. >> >> I've set up a tunnel using -L, and then used that tunnel. I tried >> to close the tunnel connection first, try to log out (and hang) >> first, just closed the ssh connection (~.) ... >> >> I'm not sure what else I can try. >> >> I'm not sure what you mean with "to pull use". > > Can you attach gdb to the sshd, and then make it crash and > send me a backtrace? I'll attempt to do this, but it may take a while. I can't do it from here, as I am using ssh to log onto the machine running sshd, and causing sshd to crash kills my ssh session. -- Michael Welsh Duggan (mwd at cert.org) From kurt at roeckx.be Mon Mar 26 20:48:21 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Mon, 26 Mar 2012 22:48:21 +0200 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> <20120326174508.GA23479@roeckx.be> <20120326183028.GA24649@roeckx.be> Message-ID: <20120326204821.GA28158@roeckx.be> On Mon, Mar 26, 2012 at 04:36:33PM -0400, Michael Welsh Duggan wrote: > Kurt Roeckx writes: > > > On Mon, Mar 26, 2012 at 07:45:08PM +0200, Kurt Roeckx wrote: > >> On Mon, Mar 26, 2012 at 01:03:31PM -0400, Michael Welsh Duggan wrote: > >> > Kurt Roeckx writes: > >> > > >> > > On Mon, Mar 26, 2012 at 09:20:47AM -0400, Michael Welsh Duggan wrote: > >> > >> Package: openssh-server > >> > >> Version: 1:5.9p1-4 > >> > >> Severity: important > >> > >> > >> > >> Dear Maintainer, > >> > >> > >> > >> When connecting to my home machine while forwarding ports, I keep getting > >> > >> segfaults in sshd whenever the forwarded ports are used. This includes > >> > >> X forwarding. The errors that appear in my syslog look like this: > >> > >> > >> > >> Mar 26 09:11:41 maru kernel: sshd[9320]: segfault at b8749000 ip > >> > >> b752f678 sp bfde6de0 error 6 in libcrypto.so.1.0.0[b74c6000+1a3000] > >> > >> Mar 26 09:11:52 maru kernel: sshd[10647]: segfault at b81fa008 ip > >> > >> b753b678 sp bf9d42d0 error 6 in libcrypto.so.1.0.0[b74d2000+1a3000] > >> > >> Mar 26 09:11:56 maru kernel: sshd[10680]: segfault at b8563000 ip > >> > >> b759b678 sp bfdff0a0 error 6 in libcrypto.so.1.0.0[b7532000+1a3000] > >> > > > >> > > I'm unable to reproduce this. > >> > > > >> > > I've tried using openssh-server 1:5.9p1-4 and libssl1.0.0 1.0.1-2 on the > >> > > server side, openssh-client 1:5.9p1-3 and libssl1.0.0 1.0.0h-1 on > >> > > the client side, and used ssh -X. > >> > > >> > I am using OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 on the client side. > >> > (This client worked in previous versions.) > >> > > >> > > I'm using an RSA key if that has anything to do with it. > >> > > >> > I am using a DSA key. > >> > > >> > > I didn't try anything like -L or -R, should I try those? > >> > > >> > Did you attempt to pull use the tunneled X connection? Nothing failed > >> > for me until I did. > >> > >> I started a remote xterm and closed it, and then closed the ssh > >> session. > >> > >> I've set up a tunnel using -L, and then used that tunnel. I tried > >> to close the tunnel connection first, try to log out (and hang) > >> first, just closed the ssh connection (~.) ... > >> > >> I'm not sure what else I can try. > >> > >> I'm not sure what you mean with "to pull use". > > > > Can you attach gdb to the sshd, and then make it crash and > > send me a backtrace? > > I'll attempt to do this, but it may take a while. I can't do it from > here, as I am using ssh to log onto the machine running sshd, and > causing sshd to crash kills my ssh session. You could always run the gdb in a screen. Or I'll just be patient. :) Kurt From mwd at cert.org Mon Mar 26 21:22:36 2012 From: mwd at cert.org (Michael Welsh Duggan) Date: Mon, 26 Mar 2012 17:22:36 -0400 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: <20120326183028.GA24649@roeckx.be> (Kurt Roeckx's message of "Mon, 26 Mar 2012 14:30:28 -0400") References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> <20120326174508.GA23479@roeckx.be> <20120326183028.GA24649@roeckx.be> Message-ID: Kurt Roeckx writes: > On Mon, Mar 26, 2012 at 07:45:08PM +0200, Kurt Roeckx wrote: >> On Mon, Mar 26, 2012 at 01:03:31PM -0400, Michael Welsh Duggan wrote: >> > Kurt Roeckx writes: >> > >> > > On Mon, Mar 26, 2012 at 09:20:47AM -0400, Michael Welsh Duggan wrote: >> > >> Package: openssh-server >> > >> Version: 1:5.9p1-4 >> > >> Severity: important >> > >> >> > >> Dear Maintainer, >> > >> >> > >> When connecting to my home machine while forwarding ports, I keep getting >> > >> segfaults in sshd whenever the forwarded ports are used. This includes >> > >> X forwarding. The errors that appear in my syslog look like this: >> > >> >> > >> Mar 26 09:11:41 maru kernel: sshd[9320]: segfault at b8749000 ip >> > >> b752f678 sp bfde6de0 error 6 in libcrypto.so.1.0.0[b74c6000+1a3000] >> > >> Mar 26 09:11:52 maru kernel: sshd[10647]: segfault at b81fa008 ip >> > >> b753b678 sp bf9d42d0 error 6 in libcrypto.so.1.0.0[b74d2000+1a3000] >> > >> Mar 26 09:11:56 maru kernel: sshd[10680]: segfault at b8563000 ip >> > >> b759b678 sp bfdff0a0 error 6 in libcrypto.so.1.0.0[b7532000+1a3000] >> > > >> > > I'm unable to reproduce this. >> > > >> > > I've tried using openssh-server 1:5.9p1-4 and libssl1.0.0 1.0.1-2 on the >> > > server side, openssh-client 1:5.9p1-3 and libssl1.0.0 1.0.0h-1 on >> > > the client side, and used ssh -X. >> > >> > I am using OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 on the client side. >> > (This client worked in previous versions.) >> > >> > > I'm using an RSA key if that has anything to do with it. >> > >> > I am using a DSA key. >> > >> > > I didn't try anything like -L or -R, should I try those? >> > >> > Did you attempt to pull use the tunneled X connection? Nothing failed >> > for me until I did. >> >> I started a remote xterm and closed it, and then closed the ssh >> session. >> >> I've set up a tunnel using -L, and then used that tunnel. I tried >> to close the tunnel connection first, try to log out (and hang) >> first, just closed the ssh connection (~.) ... >> >> I'm not sure what else I can try. >> >> I'm not sure what you mean with "to pull use". > > Can you attach gdb to the sshd, and then make it crash and > send me a backtrace? Unfortunately, no. Here is the sequence of events I tested: 1) I re-installed libssl-1.0.0 version 1.0.1-1 2) I started gdb on /usr/bin/sshd as root 3) I ran sshd from gdb using -d -p 2222 4) I connected to that port from my Redhat box. 5) I started an xterm. 6) I exited the exterm with ^D. At the instant step 6 happened, I got an ordinary shutdown of sshd from within gdb, with the following messages: debug1: do_cleanup debug1: PAM: cleanup debug1: PAM: closing session debug1: PAM: deleting credentials debug1: session_pty_cleanup: session 0 release /dev/pts/5 [Inferior 1 (process 21113) exited with code 0377] In my syslog, I get the following line: Mar 26 17:09:47 maru kernel: sshd[21123]: segfault at 800ef000 ip b7e2d678 sp bfffeec0 error 6 in libcrypto.so.1.0.0[b7dc4000+1a3000] So, although sshd exited properly, it emitted a error *saying* segfault in my syslog. This may explain why I seem to have been unable to get a core file. I have included the full log below. In order to reproduce this from where I am currently (behind a firewall), I tunneled 2222 though my primary ssh to the ssh host machine. Full log: md5i at maru:~$ sudo gdb /usr/sbin/sshd GNU gdb (GDB) 7.4-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/sbin/sshd...(no debugging symbols found)...done. warning: not using untrusted file ".gdbinit" (gdb) run -p 2222 -d Starting program: /usr/sbin/sshd -p 2222 -d [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". debug1: sshd version OpenSSH_5.9p1 Debian-4 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-1024 debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: private host key: #2 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-p' debug1: rexec_argv[2]='2222' debug1: rexec_argv[3]='-d' Set /proc/self/oom_score_adj from 0 to -1000 debug1: Bind to port 2222 on 0.0.0.0. Server listening on 0.0.0.0 port 2222. debug1: Bind to port 2222 on ::. Server listening on :: port 2222. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 process 21113 is executing new program: /usr/sbin/sshd [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". debug1: inetd sockets after dupping: 3, 3 Connection from 127.0.0.1 port 39719 debug1: Client protocol version 2.0; client software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_5.9p1 Debian-4 debug1: permanently_set_uid: 100/65534 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes256-cbc hmac-md5 none [preauth] debug1: kex: server->client aes256-cbc hmac-md5 none [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth] debug1: userauth-request for user md5i service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: PAM: initializing for "md5i" debug1: PAM: setting PAM_RHOST to "maru.md5i.com" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user md5i service ssh-connection method publickey [preauth] debug1: attempt 1 failures 0 [preauth] debug1: test whether pkalg/pkblob are acceptable [preauth] debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/md5i/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: restore_uid: 0/0 Failed publickey for md5i from 127.0.0.1 port 39719 ssh2 debug1: userauth-request for user md5i service ssh-connection method publickey [preauth] debug1: attempt 2 failures 1 [preauth] debug1: test whether pkalg/pkblob are acceptable [preauth] debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-2048 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/md5i/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: matching key found: file /home/md5i/.ssh/authorized_keys, line 1 Found matching DSA key: 34:05:aa:24:28:96:f7:60:7e:da:fa:fc:3b:86:97:dc debug1: restore_uid: 0/0 Postponed publickey for md5i from 127.0.0.1 port 39719 ssh2 [preauth] debug1: userauth-request for user md5i service ssh-connection method publickey [preauth] debug1: attempt 3 failures 1 [preauth] debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-2048 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/md5i/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: matching key found: file /home/md5i/.ssh/authorized_keys, line 1 Found matching DSA key: 34:05:aa:24:28:96:f7:60:7e:da:fa:fc:3b:86:97:dc debug1: restore_uid: 0/0 debug1: ssh_dss_verify: signature correct debug1: do_pam_account: called Accepted publickey for md5i from 127.0.0.1 port 39719 ssh2 debug1: monitor_read_log: child log fd closed debug1: monitor_child_preauth: md5i has been authenticated by privileged process debug1: PAM: establishing credentials User child is on pid 21123 debug1: SELinux support disabled debug1: PAM: establishing credentials debug1: permanently_set_uid: 1000/1000 debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request x11-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug1: channel 1: new [X11 inet listener] debug1: channel 2: new [X11 inet listener] debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_new: session 0 debug1: SELinux support disabled debug1: session_pty_req: session 0 alloc /dev/pts/5 debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: Setting controlling tty using TIOCSCTTY. debug1: X11 connection requested. debug1: channel 3: new [X11 connection from 127.0.0.1 port 40916] debug1: do_cleanup debug1: PAM: cleanup debug1: PAM: closing session debug1: PAM: deleting credentials debug1: session_pty_cleanup: session 0 release /dev/pts/5 [Inferior 1 (process 21113) exited with code 0377] -- Michael Welsh Duggan (mwd at cert.org) From kurt at roeckx.be Mon Mar 26 21:58:36 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Mon, 26 Mar 2012 23:58:36 +0200 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> <20120326174508.GA23479@roeckx.be> <20120326183028.GA24649@roeckx.be> Message-ID: <20120326215836.GA29525@roeckx.be> On Mon, Mar 26, 2012 at 05:22:36PM -0400, Michael Welsh Duggan wrote: > > Can you attach gdb to the sshd, and then make it crash and > > send me a backtrace? > > Unfortunately, no. Here is the sequence of events I tested: > > 1) I re-installed libssl-1.0.0 version 1.0.1-1 > 2) I started gdb on /usr/bin/sshd as root > 3) I ran sshd from gdb using -d -p 2222 > 4) I connected to that port from my Redhat box. > 5) I started an xterm. > 6) I exited the exterm with ^D. Which is exactly what I tried before. > At the instant step 6 happened, I got an ordinary shutdown of sshd from > within gdb, with the following messages: > > debug1: do_cleanup > debug1: PAM: cleanup > debug1: PAM: closing session > debug1: PAM: deleting credentials > debug1: session_pty_cleanup: session 0 release /dev/pts/5 > [Inferior 1 (process 21113) exited with code 0377] > > In my syslog, I get the following line: > > Mar 26 17:09:47 maru kernel: sshd[21123]: segfault at 800ef000 ip b7e2d678 sp bfffeec0 error 6 in libcrypto.so.1.0.0[b7dc4000+1a3000] 21123 != 21113. Notice that it says this in the log: > User child is on pid 21123 You need to attach to the right pid. Kurt From mwd at cert.org Mon Mar 26 22:21:43 2012 From: mwd at cert.org (Michael Welsh Duggan) Date: Mon, 26 Mar 2012 18:21:43 -0400 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: <20120326215836.GA29525@roeckx.be> (Kurt Roeckx's message of "Mon, 26 Mar 2012 17:58:36 -0400") References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> <20120326174508.GA23479@roeckx.be> <20120326183028.GA24649@roeckx.be> <20120326215836.GA29525@roeckx.be> Message-ID: Kurt Roeckx writes: > On Mon, Mar 26, 2012 at 05:22:36PM -0400, Michael Welsh Duggan wrote: >> > Can you attach gdb to the sshd, and then make it crash and >> > send me a backtrace? >> >> Unfortunately, no. Here is the sequence of events I tested: >> >> 1) I re-installed libssl-1.0.0 version 1.0.1-1 >> 2) I started gdb on /usr/bin/sshd as root >> 3) I ran sshd from gdb using -d -p 2222 >> 4) I connected to that port from my Redhat box. >> 5) I started an xterm. >> 6) I exited the exterm with ^D. > > Which is exactly what I tried before. > >> At the instant step 6 happened, I got an ordinary shutdown of sshd from >> within gdb, with the following messages: >> >> debug1: do_cleanup >> debug1: PAM: cleanup >> debug1: PAM: closing session >> debug1: PAM: deleting credentials >> debug1: session_pty_cleanup: session 0 release /dev/pts/5 >> [Inferior 1 (process 21113) exited with code 0377] >> >> In my syslog, I get the following line: >> >> Mar 26 17:09:47 maru kernel: sshd[21123]: segfault at 800ef000 ip >> b7e2d678 sp bfffeec0 error 6 in libcrypto.so.1.0.0[b7dc4000+1a3000] > > 21123 != 21113. > > Notice that it says this in the log: >> User child is on pid 21123 > > You need to attach to the right pid. Mea culpa. Digits looked too similar. I have a backtrace, but it's not really useful without symbols. I didn't see a -dbg package, so I guess I have to rebuild with debugging turned on. I'll start working on that, but if you have a better solution, let me know. -- Michael Welsh Duggan (mwd at cert.org) From mwd at cert.org Mon Mar 26 23:01:48 2012 From: mwd at cert.org (Michael Welsh Duggan) Date: Mon, 26 Mar 2012 19:01:48 -0400 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: <20120326215836.GA29525@roeckx.be> (Kurt Roeckx's message of "Mon, 26 Mar 2012 17:58:36 -0400") References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> <20120326174508.GA23479@roeckx.be> <20120326183028.GA24649@roeckx.be> <20120326215836.GA29525@roeckx.be> Message-ID: I'm stuck. When I attach, I get a valid backtrace with symbols. But when I let it continue until it crashes, the resulting backtrace has no symbols. I am up for suggestions. -- Michael Welsh Duggan (mwd at cert.org) From kurt at roeckx.be Mon Mar 26 23:08:50 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Tue, 27 Mar 2012 01:08:50 +0200 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: References: <20120326132047.10918.28233.reportbug@maru.md5i.com> <20120326162523.GA7458@roeckx.be> <20120326174508.GA23479@roeckx.be> <20120326183028.GA24649@roeckx.be> <20120326215836.GA29525@roeckx.be> Message-ID: <20120326230850.GA30831@roeckx.be> On Mon, Mar 26, 2012 at 07:01:48PM -0400, Michael Welsh Duggan wrote: > I'm stuck. When I attach, I get a valid backtrace with > symbols. But when I let it continue until it crashes, the resulting > backtrace has no symbols. I am up for suggestions. Try strace and ltrace on it? Kurt From ldm at apartia.fr Tue Mar 27 08:42:18 2012 From: ldm at apartia.fr (Louis-David Mitterrand) Date: Tue, 27 Mar 2012 10:42:18 +0200 Subject: [Pkg-openssl-devel] Bug#665452: openssl: 'upgrade' also breaks https://www.paypal.com Message-ID: <20120327084218.GA18879@apartia.fr> Package: openssl Version: 1.0.1-2 Followup-For: Bug #665452 I can no longer contact paypal on its ssl port with that 'upgrade' with perl, wget, w3m, etc. (all clients using openssl). Going back to 1.0.0h fixes it. Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these lines *** -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (499, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.3.0-1-pyrrhus (SMP w/4 CPU cores) Locale: LANG=en_CA, LC_CTYPE=fr_FR at euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages openssl depends on: ii libc6 2.13-27 ii libssl1.0.0 1.0.1-2 ii zlib1g 1:1.2.6.dfsg-2 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20120212 -- no debconf information From kurt at roeckx.be Tue Mar 27 19:39:50 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Tue, 27 Mar 2012 21:39:50 +0200 Subject: [Pkg-openssl-devel] Bug#665452: Bug#665452: openssl: 'upgrade' also breaks https://www.paypal.com In-Reply-To: <20120327084218.GA18879@apartia.fr> References: <20120327084218.GA18879@apartia.fr> Message-ID: <20120327193950.GA13115@roeckx.be> On Tue, Mar 27, 2012 at 10:42:18AM +0200, Louis-David Mitterrand wrote: > Package: openssl > Version: 1.0.1-2 > Followup-For: Bug #665452 > > I can no longer contact paypal on its ssl port with that 'upgrade' with > perl, wget, w3m, etc. (all clients using openssl). This seems to be a different issue that has the same effect. > Going back to 1.0.0h fixes it. > > Dear Maintainer, > *** Please consider answering these questions, where appropriate *** > > * What led up to the situation? > * What exactly did you do (or not do) that was effective (or > ineffective)? > * What was the outcome of this action? > * What outcome did you expect instead? > > *** End of the template - remove these lines *** Why are you asking me those questions? Anyway, there seems to be 3 different problems: - Servers that report BigIP as server. They don't reply to ClientHello requests that are bigger than 255 bytes. Examples include sourceforge.net and owa.mit.edu. - Servers that don't tolerate verion numbers they don't support while they are supposed to negiotate a lower version. Examples include boekhuis.nl - paypal which currently isn't clear what the problem really is, it seems to support TLS1.2, but reacts weird to 1.1. All problems can be worked around by disabling the TLS 1.1 and 1.2 protocols. The first can also be worked around by disabling ciphersuites that are send, so you get a smaller ClientHello. It can also be triggered by the 1.0.0h version by adding extra options like -servername. Due to a bug fixed upstream disabling TLS 1.1 and 1.2 might currently not fix the first issue, but that should get fixed in the next version. In any case you should contact affected sites or venders about this issue, else we're never going to get those protocols deployed. Kurt From kurt at roeckx.be Tue Mar 27 19:52:57 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Tue, 27 Mar 2012 21:52:57 +0200 Subject: [Pkg-openssl-devel] Bug#665452: Bug#665452: Bug#665452: openssl: 'upgrade' also breaks https://www.paypal.com In-Reply-To: <20120327193950.GA13115@roeckx.be> References: <20120327084218.GA18879@apartia.fr> <20120327193950.GA13115@roeckx.be> Message-ID: <20120327195257.GA14386@roeckx.be> On Tue, Mar 27, 2012 at 09:39:50PM +0200, Kurt Roeckx wrote: > > Anyway, there seems to be 3 different problems: > - Servers that report BigIP as server. They don't reply to > ClientHello requests that are bigger than 255 bytes. Examples > include sourceforge.net and owa.mit.edu. > - Servers that don't tolerate verion numbers they don't support > while they are supposed to negiotate a lower version. Examples > include boekhuis.nl > - paypal which currently isn't clear what the problem really is, > it seems to support TLS1.2, but reacts weird to 1.1. So paypal really also seems to be the first case type, but acting a little weird. Kurt From ldm at apartia.fr Wed Mar 28 07:03:01 2012 From: ldm at apartia.fr (Louis-David Mitterrand) Date: Wed, 28 Mar 2012 09:03:01 +0200 Subject: [Pkg-openssl-devel] Bug#665452: Bug#665452: Bug#665452: openssl: 'upgrade' also breaks https://www.paypal.com In-Reply-To: <20120327195257.GA14386@roeckx.be> References: <20120327084218.GA18879@apartia.fr> <20120327193950.GA13115@roeckx.be> <20120327195257.GA14386@roeckx.be> Message-ID: <20120328070301.GB6791@apartia.fr> On Tue, Mar 27, 2012 at 09:52:57PM +0200, Kurt Roeckx wrote: > On Tue, Mar 27, 2012 at 09:39:50PM +0200, Kurt Roeckx wrote: > > > > Anyway, there seems to be 3 different problems: > > - Servers that report BigIP as server. They don't reply to > > ClientHello requests that are bigger than 255 bytes. Examples > > include sourceforge.net and owa.mit.edu. > > - Servers that don't tolerate verion numbers they don't support > > while they are supposed to negiotate a lower version. Examples > > include boekhuis.nl > > - paypal which currently isn't clear what the problem really is, > > it seems to support TLS1.2, but reacts weird to 1.1. > > So paypal really also seems to be the first case type, but acting > a little weird. Just to add some context to the paypal problem: many scripting languages use openssl and so this breaks the paypal payment API for any website using these languages (in my case perl). From okravc at gmail.com Wed Mar 28 08:25:54 2012 From: okravc at gmail.com (Oleg Kravchenko) Date: Wed, 28 Mar 2012 12:25:54 +0400 Subject: [Pkg-openssl-devel] Bug#666051: openssl 1.0.1-2 can't connect facebook Message-ID: <20120328082554.32130.6064.reportbug@localhost.localdomain> Package: openssl Version: 1.0.0h-1 Severity: normal how to repeat: $ openssl s_client -connect graph.facebook.com:443 does not connect anymore, last working version is 1.0.0h-1 also broken auth in FB applications running at localhost temporary solution is downgrade openssl package and libraries -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.13-27 ii libssl1.0.0 ii zlib1g 1:1.2.6.dfsg-2 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20120212 -- no debconf information From owner at bugs.debian.org Wed Mar 28 08:33:11 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Wed, 28 Mar 2012 08:33:11 +0000 Subject: [Pkg-openssl-devel] Processed: Re: Bug#666012: libssl: Version 1.0.1-2 makes emesene unusable References: <871uod9le4.fsf@algernon.balabit> Message-ID: Processing commands for control at bugs.debian.org: > reassign 666012 libssl1.0.0 1.0.1-2 Bug #666012 [libssl] libssl: Version 1.0.1-2 makes emesene unusable Warning: Unknown package 'libssl' Bug reassigned from package 'libssl' to 'libssl1.0.0'. No longer marked as found in versions libssl1.0.0. Ignoring request to alter fixed versions of bug #666012 to the same values previously set Bug #666012 [libssl1.0.0] libssl: Version 1.0.1-2 makes emesene unusable Marked as found in versions openssl/1.0.1-2. > thanks Stopping processing here. Please contact me if you need assistance. -- 666012: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666012 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From cjwatson at ubuntu.com Thu Mar 29 11:41:01 2012 From: cjwatson at ubuntu.com (Colin Watson) Date: Thu, 29 Mar 2012 12:41:01 +0100 Subject: [Pkg-openssl-devel] Bug#665452: Bug#665452: openssl: 'upgrade' also breaks https://www.paypal.com In-Reply-To: <20120327193950.GA13115@roeckx.be> References: <20120327084218.GA18879@apartia.fr> <20120327193950.GA13115@roeckx.be> Message-ID: <20120329114101.GA6354@riva.dynamic.greenend.org.uk> On Tue, Mar 27, 2012 at 09:39:50PM +0200, Kurt Roeckx wrote: > Anyway, there seems to be 3 different problems: > - Servers that report BigIP as server. They don't reply to > ClientHello requests that are bigger than 255 bytes. Examples > include sourceforge.net and owa.mit.edu. > - Servers that don't tolerate verion numbers they don't support > while they are supposed to negiotate a lower version. Examples > include boekhuis.nl > - paypal which currently isn't clear what the problem really is, > it seems to support TLS1.2, but reacts weird to 1.1. There are some more examples in this Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371 I'm not sure which category www.mediafire.com falls into. -- Colin Watson [cjwatson at ubuntu.com] From kurt at roeckx.be Thu Mar 29 19:43:17 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Thu, 29 Mar 2012 21:43:17 +0200 Subject: [Pkg-openssl-devel] Bug#665452: Bug#665452: openssl: 'upgrade' also breaks https://www.paypal.com In-Reply-To: <20120329114101.GA6354@riva.dynamic.greenend.org.uk> References: <20120327084218.GA18879@apartia.fr> <20120327193950.GA13115@roeckx.be> <20120329114101.GA6354@riva.dynamic.greenend.org.uk> Message-ID: <20120329194317.GA24300@roeckx.be> On Thu, Mar 29, 2012 at 12:41:01PM +0100, Colin Watson wrote: > On Tue, Mar 27, 2012 at 09:39:50PM +0200, Kurt Roeckx wrote: > > Anyway, there seems to be 3 different problems: > > - Servers that report BigIP as server. They don't reply to > > ClientHello requests that are bigger than 255 bytes. Examples > > include sourceforge.net and owa.mit.edu. > > - Servers that don't tolerate verion numbers they don't support > > while they are supposed to negiotate a lower version. Examples > > include boekhuis.nl > > - paypal which currently isn't clear what the problem really is, > > it seems to support TLS1.2, but reacts weird to 1.1. > > There are some more examples in this Ubuntu bug: > > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371 > > I'm not sure which category www.mediafire.com falls into. The second case. This can also be tested on https://www.ssllabs.com/ssldb/ And facebook seems to fall in the first case. I'm guessing this is some kind of firewall issue. Kurt From ast at mugami.com Fri Mar 30 11:48:37 2012 From: ast at mugami.com (=?UTF-8?Q?Asbj=C3=B8rn?= Sloth =?UTF-8?Q?T=C3=B8nnesen?=) Date: Fri, 30 Mar 2012 11:48:37 +0000 Subject: [Pkg-openssl-devel] Bug#666051: Long hello hang Message-ID: <4F759D95.1010803@mugami.com> forwarded 666051 http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest retitle 666051 Long hello hang (can't connect to Facebook, Paypal, etc.) thanks With 1.0.0h the hello was shorter, with 1.0.1 it exceeds some limit. Known affected servers: - graph.facebook.com - api-aa-3t.paypal.com - www.national-lottery.co.uk Thread about the same problem in Arch: https://bbs.archlinux.org/viewtopic.php?id=138103 -- Best regards Asbj?rn Sloth T?nnesen Mugami From owner at bugs.debian.org Fri Mar 30 11:57:28 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Fri, 30 Mar 2012 11:57:28 +0000 Subject: [Pkg-openssl-devel] Processed (with 2 errors): Long hello hang References: <4F759D95.1010803@mugami.com> Message-ID: Processing commands for control at bugs.debian.org: > forwarded 666051 Unknown command or malformed arguments to command. > http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest Unknown command or malformed arguments to command. > retitle 666051 Long hello hang (can't connect to Facebook, Paypal, etc.) Bug #666051 [openssl] openssl 1.0.1-2 can't connect facebook Changed Bug title to 'Long hello hang (can't connect to Facebook, Paypal, etc.)' from 'openssl 1.0.1-2 can't connect facebook' > thanks Stopping processing here. Please contact me if you need assistance. -- 666051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From owner at bugs.debian.org Fri Mar 30 12:36:52 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Fri, 30 Mar 2012 12:36:52 +0000 Subject: [Pkg-openssl-devel] Processed: Shorter forward link without embedded authentication References: <4F75A651.7030705@mugami.com> Message-ID: Processing commands for control at bugs.debian.org: > forwarded 666051 http://rt.openssl.org/Ticket/Display.html?id=2771 Bug #666051 [openssl] Long hello hang (can't connect to Facebook, Paypal, etc.) Set Bug forwarded-to-address to 'http://rt.openssl.org/Ticket/Display.html?id=2771'. > thanks Stopping processing here. Please contact me if you need assistance. -- 666051: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From sileht at sileht.net Fri Mar 30 14:09:10 2012 From: sileht at sileht.net (Mehdi ABAAKOUK) Date: Fri, 30 Mar 2012 16:09:10 +0200 Subject: [Pkg-openssl-devel] Bug#666405: openssl: dovecot (imap-login) segfault on libcrypto.so.1.0.0 (1.0.1-2) Message-ID: <20120330140910.15582.80348.reportbug@ks39714.kimsufi.com> Package: openssl Version: 1.0.1-2 Severity: important When some imap client use SSL or TLS connection to connect my dovecot imap server, the daemon imap-login segfault. To workaround the problem, I have downgrade libssl to wheezy version (1.0.0h-1). Below the backtrace with version 1.0.1-2 Without symbols: #0 0x00007fe2b98b8431 in RC4 () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 #1 0x000000000000012d in ?? () #2 0x00000000000000df in ?? () #3 0x0000000001ff16a0 in ?? () #4 0x00007fe2b991e9c9 in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 #5 0x00007fe2b9c26b8f in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 #6 0x00007fe2b9c1de18 in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 #7 0x00007fe2b9c1e144 in ?? () from /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 #8 0x00007fe2ba0ef0cf in ?? () from /usr/lib/dovecot/libdovecot-login.so.0 #9 0x00007fe2ba0ef1c8 in ?? () from /usr/lib/dovecot/libdovecot-login.so.0 #10 0x00007fe2b9ea4488 in io_loop_call_io () from /usr/lib/dovecot/libdovecot.so.0 #11 0x00007fe2b9ea5517 in io_loop_handler_run () from /usr/lib/dovecot/libdovecot.so.0 #12 0x00007fe2b9ea4418 in io_loop_run () from /usr/lib/dovecot/libdovecot.so.0 #13 0x00007fe2b9e92623 in master_service_run () from /usr/lib/dovecot/libdovecot.so.0 #14 0x00007fe2ba0e8022 in main () from /usr/lib/dovecot/libdovecot-login.so.0 #15 0x00007fe2b92a6ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #16 0x0000000000402349 in ?? () #17 0x00007fffce1fdf48 in ?? () #18 0x000000000000001c in ?? () #19 0x0000000000000002 in ?? () #20 0x00007fffce1ffeba in ?? () #21 0x00007fffce1ffecd in ?? () #22 0x0000000000000000 in ?? () With symbols (ie: libssl1.0.0-dbg:amd64) #0 RC4 () at rc4-x86_64.s:343 warning: Source file is more recent than executable. 343 movl (%rdi,%rax,4),%edx (gdb) bt #0 RC4 () at rc4-x86_64.s:343 #1 0x000000000000012d in ?? () #2 0x00000000000000df in ?? () #3 0x00000000020b5660 in ?? () #4 0x00007fc075f6a9c9 in rc4_hmac_md5_cipher (ctx=, out=0x20aae98 ".\324\300\377?|#\242\300\233\025T\341\002}\237\242\240\273G\260\257\214z\321\001HK?RA\257HC0\"0\257N*1C/,$\252-N1&%&1\261\"/0C*'C\246-\"!/&C*\nb% SO\261\067\303\060,17^'*\260\063/\":C7+\261&\"'^1&%\246\061&- &0C\267+1&\"'^1\246%0C.6/7\252\"33&-'C\266-0&/& 7\303 +*/'1&\255C-\".&03\242 &C6*'3\257\066\060C/*07\316&;7&-'&\247C*R[-/&\265&/^RC ,\255"..., in=, len=0) at e_rc4_hmac_md5.c:163 #5 0x00007fc076272b8f in tls1_enc (s=0x209c120, send=1) at t1_enc.c:828 #6 0x00007fc076269e18 in do_ssl3_write (s=0x209c120, type=23, buf=0x209cf34 "2 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CON"..., len=285, create_empty_fragment=0) at s3_pkt.c:808 #7 0x00007fc07626a144 in ssl3_write_bytes (s=0x209c120, type=23, buf_=0x209cf34, len=) at s3_pkt.c:605 #8 0x00007fc07673b0cf in ?? () from /usr/lib/dovecot/libdovecot-login.so.0 #9 0x00007fc07673b1c8 in ?? () from /usr/lib/dovecot/libdovecot-login.so.0 #10 0x00007fc0764f0488 in io_loop_call_io () from /usr/lib/dovecot/libdovecot.so.0 #11 0x00007fc0764f1517 in io_loop_handler_run () from /usr/lib/dovecot/libdovecot.so.0 #12 0x00007fc0764f0418 in io_loop_run () from /usr/lib/dovecot/libdovecot.so.0 #13 0x00007fc0764de623 in master_service_run () from /usr/lib/dovecot/libdovecot.so.0 #14 0x00007fc076734022 in main () from /usr/lib/dovecot/libdovecot-login.so.0 #15 0x00007fc0758f2ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #16 0x0000000000402349 in ?? () #17 0x00007fffbca25e78 in ?? () #18 0x000000000000001c in ?? () #19 0x0000000000000002 in ?? () #20 0x00007fffbca27eb9 in ?? () #21 0x00007fffbca27ecc in ?? () #22 0x0000000000000000 in ?? () -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8 at euro, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.13-27 ii libssl1.0.0 1.0.1-2 ii zlib1g 1:1.2.6.dfsg-2 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20120212 -- no debconf information From quarl+keyword+debbugs.533ecf at nospam.quarl.org Fri Mar 30 14:17:57 2012 From: quarl+keyword+debbugs.533ecf at nospam.quarl.org (Karl Chen) Date: Fri, 30 Mar 2012 10:17:57 -0400 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 Message-ID: I have the same problem as Kurt with libcrypto1.0.0 from libssl1.0.0 version 1.0.1-2. The same happens on two different i386 hosts. Among other ways, here are two ways to reproducibly cause libcrypto to segfault: - Sshing to a host with libssl1.0.0 1.0.1-2 and running 'ssh-add -l' there causes the sshd process to segfault - Sshing from a host with libssl1.0.0 1.0.1-2 to another host causes the ssh client to segfault after authentication In both cases the segfault happens in /usr/lib/i386-Linux-gnu/i686/cmov/libcrypto.so.1.0.0 in vpaes-x86.s, somewhere in vpaes_cbc_encrypt(). The ssh-add segfault happens with an RSA key. If I don't forward the ssh agent connection (or don't use one at all), 'ssh-add -l' doesn't cause a segfault. Kernel log: Mar 30 08:44:43 kernel: sshd[19995]: segfault at b8911000 ip b756c678 sp bfe85f00 error 6 in libcrypto.so.1.0.0[b7503000+1a3000] Mar 30 08:44:43 kernel: ssh[20661]: segfault at b7ba8000 ip b756e0cd sp bfd4d44c error 4 in libcrypto.so.1.0.0[b7505000+1a3000] Strace and ltrace don't show anything useful. strace: read(3, "...", 16384) = 72 --- SIGSEGV (Segmentation fault) @ 0 (0) --- ltrace: 23942 --- SIGSEGV (Segmentation fault) --- 23942 +++ killed by SIGSEGV +++ Gdb backtrace (with libssl1.0.0-dbg version 1.0.1-2 installed): (gdb) bt #0 vpaes_cbc_encrypt () at vpaes-x86.s:646 1 0xc585e35b #in ?? () The outbound openssh-client segfaults trying to connect to target hosts of various older openssh versions, even with ssh agent and X forwarding disabled. debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: ... debug1: Trying private key: ... debug1: Trying private key: ... debug1: Next authentication method: password xxx at xxx's password: zsh: segmentation fault command ssh -a -x -v xxx Strace/ltrace don't show anything useful. Gdb backtrace: (gdb) bt #0 _vpaes_decrypt_core () at vpaes-x86.s:221 #1 0xb7e4c665 in vpaes_cbc_encrypt () at vpaes-x86.s:641 #2 0x34e2e746 in ?? () I've downgraded to libssl1.0.0 version 1.0.0h-1 which works. From aleh at vaolix.com Fri Mar 30 15:44:08 2012 From: aleh at vaolix.com (aleh at vaolix.com) Date: Fri, 30 Mar 2012 08:44:08 -0700 (PDT) Subject: [Pkg-openssl-devel] Bug#666051: openssl 1.0.1-2 can't connect facebook In-Reply-To: References: Message-ID: <16942742.277.1333122248584.JavaMail.geo-discussion-forums@vbyo22> Looks like it is broken in upstream, here are more details: https://bbs.archlinux.org/viewtopic.php?id=138168 It works for me with -ssl3 argument On Wednesday, March 28, 2012 4:40:02 AM UTC-4, Oleg Kravchenko wrote: > Package: openssl > Version: 1.0.0h-1 > Severity: normal > > how to repeat: > $ openssl s_client -connect graph.facebook.com:443 > does not connect anymore, last working version is 1.0.0h-1 > also broken auth in FB applications running at localhost > temporary solution is downgrade openssl package and libraries > > > > -- System Information: > Debian Release: wheezy/sid > APT prefers unstable > APT policy: (500, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages openssl depends on: > ii libc6 2.13-27 > ii libssl1.0.0 > ii zlib1g 1:1.2.6.dfsg-2 > > openssl recommends no packages. > > Versions of packages openssl suggests: > ii ca-certificates 20120212 > > -- no debconf information > > > > -- > To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST at lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org From noreply at release.debian.org Fri Mar 30 16:39:05 2012 From: noreply at release.debian.org (Debian testing watch) Date: Fri, 30 Mar 2012 16:39:05 +0000 Subject: [Pkg-openssl-devel] openssl 1.0.1-2 MIGRATED to testing Message-ID: FYI: The status of the openssl source package in Debian's testing distribution has changed. Previous version: 1.0.0h-1 Current version: 1.0.1-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. From kurt at roeckx.be Fri Mar 30 21:06:44 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Fri, 30 Mar 2012 23:06:44 +0200 Subject: [Pkg-openssl-devel] Bug#665836: Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 In-Reply-To: References: Message-ID: <20120330210644.GA13291@roeckx.be> forwarded 665836 http://rt.openssl.org/Ticket/Display.html?id=2775&user=guest&pass=guest On Fri, Mar 30, 2012 at 10:17:57AM -0400, Karl Chen wrote: > > I have the same problem as Kurt with libcrypto1.0.0 from > libssl1.0.0 version 1.0.1-2. The same happens on two > different i386 hosts. I'm the one that can't reproduce it. > Among other ways, here are two ways to reproducibly cause > libcrypto to segfault: > - Sshing to a host with libssl1.0.0 1.0.1-2 and running > 'ssh-add -l' there causes the sshd process to segfault > - Sshing from a host with libssl1.0.0 1.0.1-2 to another > host causes the ssh client to segfault after > authentication > > In both cases the segfault happens in > /usr/lib/i386-Linux-gnu/i686/cmov/libcrypto.so.1.0.0 in > vpaes-x86.s, somewhere in vpaes_cbc_encrypt(). I've also seen upstream bug report about it that looks very simular to your case. See the forwarded url. Kurt From owner at bugs.debian.org Fri Mar 30 21:12:27 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Fri, 30 Mar 2012 21:12:27 +0000 Subject: [Pkg-openssl-devel] Processed (with 5 errors): Re: Bug#665836: Bug#665836: openssh-server: segfault error 6 in libcrypto.so.1.0.0 References: <20120330210644.GA13291@roeckx.be> Message-ID: Processing commands for control at bugs.debian.org: > forwarded 665836 http://rt.openssl.org/Ticket/Display.html?id=2775&user=guest&pass=guest Bug #665836 [libssl1.0.0] openssh-server: segfault error 6 in libcrypto.so.1.0.0 Set Bug forwarded-to-address to 'http://rt.openssl.org/Ticket/Display.html?id=2775&user=guest&pass=guest'. > On Fri, Mar 30, 2012 at 10:17:57AM -0400, Karl Chen wrote: Unknown command or malformed arguments to command. > > Unknown command or malformed arguments to command. > > I have the same problem as Kurt with libcrypto1.0.0 from Unknown command or malformed arguments to command. > > libssl1.0.0 version 1.0.1-2. The same happens on two Unknown command or malformed arguments to command. > > different i386 hosts. Unknown command or malformed arguments to command. Too many unknown commands, stopping here. Please contact me if you need assistance. -- 665836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665836 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From matiasbellone+debian at gmail.com Fri Mar 30 21:23:35 2012 From: matiasbellone+debian at gmail.com (Matias Bellone) Date: Fri, 30 Mar 2012 18:23:35 -0300 Subject: [Pkg-openssl-devel] Bug#665836: openssh-client: segfault error 4 in libcrypto.so.1.0.0 Message-ID: <20120330212335.2298.56550.reportbug@eternia.local> Package: libssl1.0.0 Version: 1.0.1-2 Followup-For: Bug #665836 Dear Maintainer, After upgrading libssl1.0.0 today I stopped being able to make ssh connections. Every time I try to SSH to another server I get a segfault after entering the password. ~$ ssh matias at XXX.XXX.XXX.XXX matias at XXX.XXX.XXX.XXX's password: Segmentation fault /var/log/messages shows a line as follows: Mar 30 18:11:09 eternia kernel: [ 115.864335] ssh[2264]: segfault at b83ed008 ip b75300cd sp bf8fd7cc error 4 in libcrypto.so.1.0.0[b74c7000+1a3000] This also happens with other applications that use libssl, like remmina: ~$ remmina Remmina plugin RDP (type=Protocol) registered. Remmina plugin RDPF (type=File) registered. Remmina plugin RDPS (type=Preference) registered. Remmina plugin SFTP (type=Protocol) registered. Remmina plugin SSH (type=Protocol) registered. Segmentation fault /var/log/messages shows a line as follows: Mar 30 18:14:22 eternia kernel: [ 309.380815] remmina[2692]: segfault at 4 ip 0806522b sp bfe71d60 error 4 in remmina[8048000+4d000] If I install the libssl1.0.0-dbg and run said programs in GDB a backtrace shows exactly the same thing as Karl Chen which isn't of much help. Same thing with strace, it segfaults after a read. I can reproduce this issue every time when running libssl1.0.0 version 1.0.1-2, even after a re-start, but it starts working immediately after downgrading to 1.0.0h-1 Just in case, server is running: (remote-server) $ ssh -V OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f Let me know if I can be of any assistance to keep debugging this issue -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (900, 'testing'), (100, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libssl1.0.0 depends on: ii debconf [debconf-2.0] 1.5.42 ii libc6 2.13-27 ii multiarch-support 2.13-27 ii zlib1g 1:1.2.6.dfsg-2 libssl1.0.0 recommends no packages. libssl1.0.0 suggests no packages. -- debconf information: libssl1.0.0/restart-failed: libssl1.0.0/restart-services: From owner at bugs.debian.org Fri Mar 30 21:45:06 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Fri, 30 Mar 2012 21:45:06 +0000 Subject: [Pkg-openssl-devel] Processed: severity of 665836 is serious References: <20120330214350.E1D76EACD8@intrepid.roeckx.be> Message-ID: Processing commands for control at bugs.debian.org: > severity 665836 serious Bug #665836 [libssl1.0.0] openssh-server: segfault error 6 in libcrypto.so.1.0.0 Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 665836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665836 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From owner at bugs.debian.org Fri Mar 30 21:48:03 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Fri, 30 Mar 2012 21:48:03 +0000 Subject: [Pkg-openssl-devel] Processed: severity of 665836 is serious References: <20120330214605.6CF5AEACD8@intrepid.roeckx.be> Message-ID: Processing commands for control at bugs.debian.org: > severity 665836 serious Bug #665836 [libssl1.0.0] openssh-server: segfault error 6 in libcrypto.so.1.0.0 Ignoring request to change severity of Bug 665836 to the same value. > thanks Stopping processing here. Please contact me if you need assistance. -- 665836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665836 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From bene at mara.spranger.biz Sat Mar 31 08:19:49 2012 From: bene at mara.spranger.biz (Benedikt Spranger) Date: Sat, 31 Mar 2012 10:19:49 +0200 (CEST) Subject: [Pkg-openssl-devel] Bug#327739: IDEA patent expired Message-ID: Dear maintainer, according to EPA and USPTO the IDEA patent expired at 11/28/2011 and 01/07/2012. EPA: https://register.epo.org/espacenet/regviewer?AP=91908542&CY=EP&LG=de&DB=REG USPTO: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN/5214703 Therefor there is no reason to castigate ourself for this patent reason any more. Please enable IDEA support. Regards Benedikt Spranger From kurt at roeckx.be Sat Mar 31 09:20:18 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Sat, 31 Mar 2012 11:20:18 +0200 Subject: [Pkg-openssl-devel] Bug#327739: Bug#327739: IDEA patent expired In-Reply-To: References: Message-ID: <20120331092018.GA32756@roeckx.be> On Sat, Mar 31, 2012 at 10:19:49AM +0200, Benedikt Spranger wrote: > > Please enable IDEA support. Why do you want to use IDEA? I see no use of it. Kurt From bene at mara.spranger.biz Sat Mar 31 11:17:59 2012 From: bene at mara.spranger.biz (Benedikt Spranger) Date: Sat, 31 Mar 2012 13:17:59 +0200 (CEST) Subject: [Pkg-openssl-devel] Bug#327739: Bug#327739: IDEA patent expired In-Reply-To: <20120331092018.GA32756@roeckx.be> References: <20120331092018.GA32756@roeckx.be> Message-ID: On Sat, 31 Mar 2012, Kurt Roeckx wrote: > On Sat, Mar 31, 2012 at 10:19:49AM +0200, Benedikt Spranger wrote: >> Please enable IDEA support. > Why do you want to use IDEA? I see no use of it. me too, but there are people still using it. The use of idea have been declined, bat hits me round about once a month. therefor it would be handy to have the support enabled. regards Benedikt Spranger From law_ence.dev at ntlworld.com Sat Mar 31 13:44:39 2012 From: law_ence.dev at ntlworld.com (ael) Date: Sat, 31 Mar 2012 14:44:39 +0100 Subject: [Pkg-openssl-devel] libssl1 upgrade breaks offlineimap Message-ID: <20120331134439.GA8525@elf.conquest> The problem seems to be libssl1.0.0_1.xxx. Downgrading from libssl1.0.0_1.0.1-2_i386.deb to libssl1.0.0_1.0.0h-1_i386.deb *does* cure the problem. ael From kurt at roeckx.be Sat Mar 31 13:58:54 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Sat, 31 Mar 2012 15:58:54 +0200 Subject: [Pkg-openssl-devel] libssl1 upgrade breaks offlineimap In-Reply-To: <20120331134439.GA8525@elf.conquest> References: <20120331134439.GA8525@elf.conquest> Message-ID: <20120331135854.GA4871@roeckx.be> On Sat, Mar 31, 2012 at 02:44:39PM +0100, ael wrote: > The problem seems to be libssl1.0.0_1.xxx. Downgrading from > > libssl1.0.0_1.0.1-2_i386.deb > to > libssl1.0.0_1.0.0h-1_i386.deb > > *does* cure the problem. Can you please show the hostnames and port numbers of all affected sites? Note that this is not really a problem with openssl, but with a broken implementation on the other side. See http://bugs.debian.org/665452 I saw imap.ntlworld.com:993, but that seems to work for me. Kurt From kurt at roeckx.be Sat Mar 31 14:01:32 2012 From: kurt at roeckx.be (Kurt Roeckx) Date: Sat, 31 Mar 2012 16:01:32 +0200 Subject: [Pkg-openssl-devel] Bug#666012: libssl: Version 1.0.1-2 makes emesene unusable In-Reply-To: <20120327194646.4120.50210.reportbug@debian> References: <20120327194646.4120.50210.reportbug@debian> Message-ID: <20120331140132.GA5001@roeckx.be> On Tue, Mar 27, 2012 at 04:46:46PM -0300, Marco wrote: > Package: libssl > Version: libssl1.0.0 > Severity: important > > Dear Maintainer, > > When I upgraded to the latest version of libssl1.0.1-2 it made the package emesene unusable. Can you please describe what stopped working, what kind of error message you get? Do you know to which server and port you try to connect? Kurt From ftpmaster at ftp-master.debian.org Sat Mar 31 16:57:39 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 31 Mar 2012 16:57:39 +0000 Subject: [Pkg-openssl-devel] Processing of openssl_1.0.1-3_amd64.changes Message-ID: openssl_1.0.1-3_amd64.changes uploaded successfully to localhost along with the files: openssl_1.0.1-3.dsc openssl_1.0.1-3.debian.tar.gz libssl-doc_1.0.1-3_all.deb openssl_1.0.1-3_amd64.deb libssl1.0.0_1.0.1-3_amd64.deb libcrypto1.0.0-udeb_1.0.1-3_amd64.udeb libssl-dev_1.0.1-3_amd64.deb libssl1.0.0-dbg_1.0.1-3_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) From ftpmaster at ftp-master.debian.org Sat Mar 31 17:04:48 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 31 Mar 2012 17:04:48 +0000 Subject: [Pkg-openssl-devel] openssl_1.0.1-3_amd64.changes ACCEPTED into unstable Message-ID: Accepted: libcrypto1.0.0-udeb_1.0.1-3_amd64.udeb to main/o/openssl/libcrypto1.0.0-udeb_1.0.1-3_amd64.udeb libssl-dev_1.0.1-3_amd64.deb to main/o/openssl/libssl-dev_1.0.1-3_amd64.deb libssl-doc_1.0.1-3_all.deb to main/o/openssl/libssl-doc_1.0.1-3_all.deb libssl1.0.0-dbg_1.0.1-3_amd64.deb to main/o/openssl/libssl1.0.0-dbg_1.0.1-3_amd64.deb libssl1.0.0_1.0.1-3_amd64.deb to main/o/openssl/libssl1.0.0_1.0.1-3_amd64.deb openssl_1.0.1-3.debian.tar.gz to main/o/openssl/openssl_1.0.1-3.debian.tar.gz openssl_1.0.1-3.dsc to main/o/openssl/openssl_1.0.1-3.dsc openssl_1.0.1-3_amd64.deb to main/o/openssl/openssl_1.0.1-3_amd64.deb Changes: openssl (1.0.1-3) unstable; urgency=high . * Fix crash in vpaes (Closes: #665836) * use client version when deciding whether to send supported signature algorithms extension Override entries for your package: libcrypto1.0.0-udeb_1.0.1-3_amd64.udeb - optional debian-installer libssl-dev_1.0.1-3_amd64.deb - optional libdevel libssl-doc_1.0.1-3_all.deb - optional doc libssl1.0.0-dbg_1.0.1-3_amd64.deb - extra debug libssl1.0.0_1.0.1-3_amd64.deb - important libs openssl_1.0.1-3.dsc - source libs openssl_1.0.1-3_amd64.deb - optional utils Announcing to debian-devel-changes at lists.debian.org Closing bugs: 665836 Thank you for your contribution to Debian. From owner at bugs.debian.org Sat Mar 31 17:06:09 2012 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sat, 31 Mar 2012 17:06:09 +0000 Subject: [Pkg-openssl-devel] Bug#665836: marked as done (openssh-server: segfault error 6 in libcrypto.so.1.0.0) References: <20120326132047.10918.28233.reportbug@maru.md5i.com> Message-ID: Your message dated Sat, 31 Mar 2012 17:04:48 +0000 with message-id and subject line Bug#665836: fixed in openssl 1.0.1-3 has caused the Debian Bug report #665836, regarding openssh-server: segfault error 6 in libcrypto.so.1.0.0 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 665836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665836 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Michael Welsh Duggan Subject: openssh-server: segfault error 6 in libcrypto.so.1.0.0 Date: Mon, 26 Mar 2012 09:20:47 -0400 Size: 4393 URL: -------------- next part -------------- An embedded message was scrubbed... From: Kurt Roeckx Subject: Bug#665836: fixed in openssl 1.0.1-3 Date: Sat, 31 Mar 2012 17:04:48 +0000 Size: 7186 URL: From ftpmaster at ftp-master.debian.org Sat Mar 31 19:08:17 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 31 Mar 2012 19:08:17 +0000 Subject: [Pkg-openssl-devel] Processing of openssl_1.0.1-4_amd64.changes Message-ID: openssl_1.0.1-4_amd64.changes uploaded successfully to localhost along with the files: openssl_1.0.1-4.dsc openssl_1.0.1-4.debian.tar.gz libssl-doc_1.0.1-4_all.deb openssl_1.0.1-4_amd64.deb libssl1.0.0_1.0.1-4_amd64.deb libcrypto1.0.0-udeb_1.0.1-4_amd64.udeb libssl-dev_1.0.1-4_amd64.deb libssl1.0.0-dbg_1.0.1-4_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) From ftpmaster at ftp-master.debian.org Sat Mar 31 19:21:07 2012 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 31 Mar 2012 19:21:07 +0000 Subject: [Pkg-openssl-devel] openssl_1.0.1-4_amd64.changes ACCEPTED into unstable Message-ID: Accepted: libcrypto1.0.0-udeb_1.0.1-4_amd64.udeb to main/o/openssl/libcrypto1.0.0-udeb_1.0.1-4_amd64.udeb libssl-dev_1.0.1-4_amd64.deb to main/o/openssl/libssl-dev_1.0.1-4_amd64.deb libssl-doc_1.0.1-4_all.deb to main/o/openssl/libssl-doc_1.0.1-4_all.deb libssl1.0.0-dbg_1.0.1-4_amd64.deb to main/o/openssl/libssl1.0.0-dbg_1.0.1-4_amd64.deb libssl1.0.0_1.0.1-4_amd64.deb to main/o/openssl/libssl1.0.0_1.0.1-4_amd64.deb openssl_1.0.1-4.debian.tar.gz to main/o/openssl/openssl_1.0.1-4.debian.tar.gz openssl_1.0.1-4.dsc to main/o/openssl/openssl_1.0.1-4.dsc openssl_1.0.1-4_amd64.deb to main/o/openssl/openssl_1.0.1-4_amd64.deb Changes: openssl (1.0.1-4) unstable; urgency=low . * Use official patch for the vpaes problem, also covering amd64. Override entries for your package: libcrypto1.0.0-udeb_1.0.1-4_amd64.udeb - optional debian-installer libssl-dev_1.0.1-4_amd64.deb - optional libdevel libssl-doc_1.0.1-4_all.deb - optional doc libssl1.0.0-dbg_1.0.1-4_amd64.deb - extra debug libssl1.0.0_1.0.1-4_amd64.deb - important libs openssl_1.0.1-4.dsc - source libs openssl_1.0.1-4_amd64.deb - optional utils Announcing to debian-devel-changes at lists.debian.org Thank you for your contribution to Debian.