Your message dated Wed, 26 Jun 2013 10:48:22 +0000
with message-id <[email protected]>
and subject line Bug#714050: fixed in curl 7.31.0-2
has caused the Debian Bug report #714050,
regarding libcurl4-openssl-dev: SSL/TLS broken.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
714050: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714050
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libcurl4-openssl-dev
Version: 7.31.0-1
Severity: important
Tags: upstream patch
OpenSSL usage in this new version is not done properly, and SSL/TLS fails to
work in many cases.
This bug is reported in full upstream, along with a test case:
https://sourceforge.net/p/curl/bugs/1249/
There is already a patch merged in upstream:
https://github.com/bagder/curl/commit/8a7a277c086199b37c07a8e01165168037866f3e
Can this patch be backported?
Thank you!
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (700, 'unstable'), (650, 'testing'), (600, 'stable'), (500,
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libcurl4-openssl-dev depends on:
ii libc6-dev [lib 2.17-5 Embedded GNU C Library: Developmen
ii libcurl3 7.31.0-1 easy-to-use client-side URL transf
ii libidn11-dev 1.25-2 Development files for GNU Libidn,
ii libkrb5-dev 1.10.1+dfsg-5 Headers and development libraries
ii libldap2-dev 2.4.31-1+nmu2 OpenLDAP development libraries
ii librtmp-dev 2.4+20121230.gitdf6c518-1 toolkit for RTMP streams (developm
ii libssh2-1-dev 1.4.3-1 SSH2 client-side library (developm
ii libssl-dev 1.0.1e-3 SSL development libraries, header
ii zlib1g-dev 1:1.2.8.dfsg-1 compression library - development
libcurl4-openssl-dev recommends no packages.
Versions of packages libcurl4-openssl-dev suggests:
pn libcurl3-dbg <none> (no description available)
pn libcurl4-doc <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.31.0-2
We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <[email protected]> (supplier of updated curl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 26 Jun 2013 11:47:00 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev
libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source amd64 all
Version: 7.31.0-2
Distribution: unstable
Urgency: high
Maintainer: Alessandro Ghedini <[email protected]>
Changed-By: Alessandro Ghedini <[email protected]>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4-doc - documentation for libcurl
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS
flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS
flavour)
libcurl4-openssl-dev - development files and documentation for libcurl
(OpenSSL flavour)
Closes: 714050
Changes:
curl (7.31.0-2) unstable; urgency=high
.
* Add 09_openssl-recv.patch to fix incorrect OpenSSL usage (Closes: #714050)
* Set urgency=high because of the security fix in the previous upload
Checksums-Sha1:
1cc63d4e21e69fd33e2622f407ac2762071dc990 2564 curl_7.31.0-2.dsc
c1d50599982476adb210d802b64b14dac8316ecf 29085 curl_7.31.0-2.debian.tar.gz
cdfadd3fbcd6485bdccefaff5b86f46fa435cbb6 207314 curl_7.31.0-2_amd64.deb
e2a8d54bdd79ddd91b034de14e6dcdb2ec520aa6 286894 libcurl3_7.31.0-2_amd64.deb
9fb9760d006edeaceac09b980ae1f053f6ea7b1b 278676
libcurl3-gnutls_7.31.0-2_amd64.deb
2db4543e566d64d56979892cd208fe7be17cef10 284714 libcurl3-nss_7.31.0-2_amd64.deb
7c39c19a7ce9ac08b09161ba306b747f2d31cb5f 409698
libcurl4-openssl-dev_7.31.0-2_amd64.deb
5714ae88a4a4abd13138ab7138babab01ef695ac 399448
libcurl4-gnutls-dev_7.31.0-2_amd64.deb
1ae6b01b58f47d02e53ed529a4de9b999f8e5fe6 406770
libcurl4-nss-dev_7.31.0-2_amd64.deb
1c8b037762a2f5c70729d685bdce8070c445439d 3429000
libcurl3-dbg_7.31.0-2_amd64.deb
e9bc62c84df98484171767ed1608802e01b44e27 1032644 libcurl4-doc_7.31.0-2_all.deb
Checksums-Sha256:
ae7b5f1da9a3c6b0a03850919615ad7080211827b0115d31df95e57a9b601508 2564
curl_7.31.0-2.dsc
92d1c288f46e79021ff5a3ba37449a23c7f771de802cfaa00a4495369135693a 29085
curl_7.31.0-2.debian.tar.gz
ad504f7a18a1f9e9cbf6d8580d5bba86b6e38b265fafce6e83cc8d822536eef3 207314
curl_7.31.0-2_amd64.deb
06f6e91016632f233da47c6d26fcc43ecf81d71d3154f7dc3251cfa34ab8d510 286894
libcurl3_7.31.0-2_amd64.deb
366c7fb46d5e80d27e0eb1773db6c7bc1539eb2c28366a658c73d7f184533bdb 278676
libcurl3-gnutls_7.31.0-2_amd64.deb
ae60e1f09eb2b059148cc9de432bd24b7b5ec0ffcbcb25dfa59225181bc6a1f2 284714
libcurl3-nss_7.31.0-2_amd64.deb
cfc7ec467c0c26efa4a7aea644adc2ef84d4bf092cd5f7e1d7f603233769dd3b 409698
libcurl4-openssl-dev_7.31.0-2_amd64.deb
a2167efb4a60a6092f2ed59f34d4154c257b43e1da171a21d64c37dc3e444c9a 399448
libcurl4-gnutls-dev_7.31.0-2_amd64.deb
33a53996d8c83c57ab9b923d1afe7ded17077db47dac3d0a335b77d2ce31247a 406770
libcurl4-nss-dev_7.31.0-2_amd64.deb
36701ac72afff4efd825f8a7a795985ed7e72dd0d27a5adfe89c43ca1fa0cce9 3429000
libcurl3-dbg_7.31.0-2_amd64.deb
779a9dfa8fe075f4a1551209d3054de66c150bd2b0e6d29b9586c75a92373b9b 1032644
libcurl4-doc_7.31.0-2_all.deb
Files:
65d39591f39c15cf0c1bf1b5bee626ec 2564 web optional curl_7.31.0-2.dsc
93e9e6105cd4d9dca2368fdf85fa7e78 29085 web optional curl_7.31.0-2.debian.tar.gz
04d320dfdefdf327c150f6f5e8c09cc2 207314 web optional curl_7.31.0-2_amd64.deb
4135ef5b8943b6a070c0f5ce2077e0c7 286894 libs optional
libcurl3_7.31.0-2_amd64.deb
2c35b2ad96b8e958a0df8af48cb02cd6 278676 libs optional
libcurl3-gnutls_7.31.0-2_amd64.deb
5121388494001ac348b6917eaa9fa4b7 284714 libs optional
libcurl3-nss_7.31.0-2_amd64.deb
64e937780ae17a8d03673eac38e766ec 409698 libdevel optional
libcurl4-openssl-dev_7.31.0-2_amd64.deb
5319fe3813d137622faa661425ef8e40 399448 libdevel optional
libcurl4-gnutls-dev_7.31.0-2_amd64.deb
416bb22165c249292ec5be43fccbbbe8 406770 libdevel optional
libcurl4-nss-dev_7.31.0-2_amd64.deb
8a7532e83896dbeb2e9ca77e69c950bb 3429000 debug extra
libcurl3-dbg_7.31.0-2_amd64.deb
e2b6c92706a54be885318e03d8b37bb4 1032644 doc optional
libcurl4-doc_7.31.0-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJRysBcAAoJEK+lG9bN5XPLuVsQAKjSYVCYR5L1KXB7x/Inrm+r
dCN38kSSAQnLolQ0SL8hjy3HNNqQvwA+dFT+kbzAfj3SCaGfQ0aJHJG2FMDpMP7G
cPjhq0qKVcyK2PwbHwfcEZPQXWnNgXo8ehbwtowYXEd5gFqN5nIRrT2v7Iuxd2B7
gYUs0dLBCdvW+MCZHG74vX4Z4fG64zqF1Zv4IX40He3L7j5sWjeYe+HcslxDh4YW
hi0uBkBG8j0GWKqgfbLcpznD6TY5Q2nMwSFyfhtB871wgjB52gSHBxGklSrLVys7
/dyDV448B75Xn0a5Dd4hIOi2xjIzGQXv4I7FcEsrdVIiSUjVlfMxFME1MfO/4EtJ
+LP1hcbMxULGnss/4cB2br1cBHHTFRVLAOdSFoZcVznsHiLlTVE6WxtKQ6J6+vlU
+aRNUbdgcrcIgLUAXfDFgtb1xlf0bK6RXXCpd3AWw91uM08GnMzfZbDIwNLtVHFg
+BdbNWYJFlCpPXukagNwnHfW94XuQvaYvcH9SW7o5gr8THq0oq82eAVN5YW7Yokp
c2ZnQg+ub30UPEhjZVFPLDYY9Kwjj5FJQ+jxD/W9cpc+8/A8Jf8/0+zW1d1Q2BVa
jzqy1gfjDnpE9SNFZz7FRFzOPAyOdKXVdbKUVFyAEudfpwjcVjH9CsE8cNifWXss
UiZuzkNqjtP/3adQaIH9
=a1RE
-----END PGP SIGNATURE-----
--- End Message ---
