Bug#422024: marked as done (gnutls13: default list of supported protocols doesn't match documentation)

[Debian Bug Tracking System]

Your message dated Mon, 28 May 2007 12:02:08 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#422024: fixed in gnutls13 1.7.9-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: libgnutls13
Version: 1.7.7-1
Tags: experimental

Hi,

code and documentation seem to have diverged when TLS1.2 was introduced:

-> lib/gnutls_priority.c, lines 252 ff., gnutls_set_default_priority()

] [...]
]   * The order is TLS 1.2, TLS 1.1, TLS 1.0, SSL3 for protocols.
]   * RSA, DHE_DSS, DHE_RSA for key exchange 
]   * algorithms. SHA, MD5 and RIPEMD160 for MAC algorithms.
]   * AES_128_CBC, 3DES_CBC, 
]   * and ARCFOUR_128 for ciphers.
] [...]
]   static const int protocol_priority[] = { GNUTLS_TLS1_2, GNUTLS_TLS1_1, 
GNUTLS_SSL3, 0 };
]   static const int kx_priority[] =
]     { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, 0 };
]   static const int cipher_priority[] = {
]     GNUTLS_CIPHER_AES_128_CBC,
]     GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, 0
]   };
]   static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 };
]   static const int mac_priority[] =
]     { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, 0 };
] [...]

TLS1.0 and MAC_RIPEMD are gone... I guess this is intentional, but it
should be documented accordingly, because I've just crept for hours through
an application's source code searching for the magic call that disables
TLS1.0... ;-)


Regards,

Jan

PS: This (upstream) change makes the package description look a bit absurd,
advertising TLS1.0 support when it's deactivated by default...

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: gnutls13
Source-Version: 1.7.9-1

We believe that the bug you reported is fixed in the latest version of
gnutls13, which is due to be installed in the Debian FTP archive:

gnutls-bin_1.7.9-1_i386.deb
  to pool/main/g/gnutls13/gnutls-bin_1.7.9-1_i386.deb
gnutls-doc_1.7.9-1_all.deb
  to pool/main/g/gnutls13/gnutls-doc_1.7.9-1_all.deb
gnutls13_1.7.9-1.diff.gz
  to pool/main/g/gnutls13/gnutls13_1.7.9-1.diff.gz
gnutls13_1.7.9-1.dsc
  to pool/main/g/gnutls13/gnutls13_1.7.9-1.dsc
gnutls13_1.7.9.orig.tar.gz
  to pool/main/g/gnutls13/gnutls13_1.7.9.orig.tar.gz
libgnutls-dev_1.7.9-1_i386.deb
  to pool/main/g/gnutls13/libgnutls-dev_1.7.9-1_i386.deb
libgnutls13-dbg_1.7.9-1_i386.deb
  to pool/main/g/gnutls13/libgnutls13-dbg_1.7.9-1_i386.deb
libgnutls13_1.7.9-1_i386.deb
  to pool/main/g/gnutls13/libgnutls13_1.7.9-1_i386.deb
libgnutlsxx13_1.7.9-1_i386.deb
  to pool/main/g/gnutls13/libgnutlsxx13_1.7.9-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <[EMAIL PROTECTED]> (supplier of updated gnutls13 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 28 May 2007 08:36:42 +0200
Source: gnutls13
Binary: libgnutls-dev libgnutlsxx13 libgnutls13 gnutls-bin gnutls-doc 
libgnutls13-dbg
Architecture: source i386 all
Version: 1.7.9-1
Distribution: experimental
Urgency: low
Maintainer: Debian GnuTLS Maintainers <[EMAIL PROTECTED]>
Changed-By: Andreas Metzler <[EMAIL PROTECTED]>
Description: 
 gnutls-bin - the GNU TLS library - commandline utilities
 gnutls-doc - the GNU TLS library - documentation and examples
 libgnutls-dev - the GNU TLS library - development files
 libgnutls13 - the GNU TLS library - runtime library
 libgnutls13-dbg - GNU TLS library - debugger symbols
 libgnutlsxx13 - the GNU TLS library - C++ runtime library
Closes: 422024 423332 424357
Changes: 
 gnutls13 (1.7.9-1) experimental; urgency=low
 .
   * Switch to liblzo2. (Thanks, Peter Eisentraut) (Closes: #423332)
   * New upstream version.
     - Uses opencdk10 (0.6.x).
     - Improved gnutls_set_default_priority() priorities, with matching correct
       docs. (Closes: #422024)
     - bumped shlibs.
   * Do not delete doc/gnutls.pdf on clean, allowing to run dpkg-buildpackage
     twice in a row on the same sourcetree. (Closes: #424357) Document what is
     needed to rebuild doc/gnutls.pdf in README.source_and_patches.
Files: 
 ba01e265cf0717a414ad2c9d4573eda7 953 devel optional gnutls13_1.7.9-1.dsc
 167c57464ef3b15cd91cea43205463db 5336434 devel optional 
gnutls13_1.7.9.orig.tar.gz
 bbc6536afe282c218f3fd8cb2dea9266 18144 devel optional gnutls13_1.7.9-1.diff.gz
 3c16bda154fc92473cd7e517ec4a762d 2535270 doc optional 
gnutls-doc_1.7.9-1_all.deb
 a5d50de5afd22dc26cb4de28ed4425aa 424406 libdevel optional 
libgnutls-dev_1.7.9-1_i386.deb
 5683adb717b9a23145e135d3fb909308 346144 libs important 
libgnutls13_1.7.9-1_i386.deb
 20043fbb7508782c240b06d9e5579e96 799886 devel extra 
libgnutls13-dbg_1.7.9-1_i386.deb
 bb50a0fdff57ed1971139009ab316bba 211586 net optional 
gnutls-bin_1.7.9-1_i386.deb
 0ca914d0e138e50d48cd9648b21808d4 114494 libs optional 
libgnutlsxx13_1.7.9-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGWsBhHTOcZYuNdmMRAqbvAJ9wtXGTcsCceQCCfSPfmV5NToBEQgCeJjBO
xY+uYC4WgFUfctISp8/tzJ8=
=dH+3
-----END PGP SIGNATURE-----

--- End Message ---