Your message dated Mon, 19 Jun 2006 03:32:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#372105: fixed in netkit-telnet-ssl 0.17.24+0.1-11
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: telnetd-ssl
Version: 0.17.24+0.1-7.1
Severity: important
postsinst script of telnetd-ssl package contains call to
openssl req command to generate temporary self-signed certificate.
It invokes openssl with its default configuration file (without
specifying something else with -config command line option) and
simulates user input by passing some responses to stdin of this command.
But number and order of the questions which openssl req asks during
certificate signing request generation can be altered in the OpenSSL
configuration file.
So, if user changed something in the [ req_distinguished_name ] or
[ req_attributes ] sections of /etc/ssl/openssl.conf, postinst script
might fail with very cryptic diagnostics.
I've had to run postinst script manually using sh -x to find cause of
problem.
Better solution is to generate temporary config file with all
certificate info filled in from postinst script and then run
openssl req in non-interactive mode (with -batch and -config switches).
As intermediate fix script can check whether /etc/ssl/telnetd.pem was
actually generated, and if not so, display error message telling user
"Certificate generation failed, probably due to non-standard OpenSSL
configuration.
Please create telnetd.pem file manually and then reconfigure package"
And if telnetd.pem exists, script have to check (and may be fix) its
permissions and rehash it.
Moreover, script uses incorrect command to create symlink to the
certificate based on its hash value.
ln -sf telnetd.pem `openssl x509 -noout -hash < telnetd.pem`.0
Really OpenSSL adds .0 .1 etc suffixes to these links to avoid clash
if there exists other certificate with same hash value.
This command fpricbliy uses .0 suffix which might conflict with other
CA certificate, and make it unaccessable by OpenSSL.
Better to use c_rehash utility from OpenSSL package or
Debian update-ca-certificates script
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.16-athlon
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Versions of packages telnetd-ssl depends on:
ii adduser 3.63 Add and remove users and groups
ii base-files 3.1.2 Debian base system miscellaneous f
ii dpkg 1.10.28 Package maintenance system for Deb
ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an
ii libncurses5 5.4-4 Shared libraries for terminal hand
ii libssl0.9.8 0.9.8b-1 SSL shared libraries
ii netbase 4.21 Basic TCP/IP networking system
ii openssl 0.9.8b-1 Secure Socket Layer (SSL) binary a
ii passwd 1:4.0.3-31sarge5 change and administer password and
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: netkit-telnet-ssl
Source-Version: 0.17.24+0.1-11
We believe that the bug you reported is fixed in the latest version of
netkit-telnet-ssl, which is due to be installed in the Debian FTP archive:
netkit-telnet-ssl_0.17.24+0.1-11.diff.gz
to pool/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.24+0.1-11.diff.gz
netkit-telnet-ssl_0.17.24+0.1-11.dsc
to pool/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.24+0.1-11.dsc
telnet-ssl_0.17.24+0.1-11_i386.deb
to pool/main/n/netkit-telnet-ssl/telnet-ssl_0.17.24+0.1-11_i386.deb
telnetd-ssl_0.17.24+0.1-11_i386.deb
to pool/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.24+0.1-11_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ian Beckwith <[EMAIL PROTECTED]> (supplier of updated netkit-telnet-ssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 16 Jun 2006 19:10:02 +0100
Source: netkit-telnet-ssl
Binary: telnet-ssl telnetd-ssl
Architecture: source i386
Version: 0.17.24+0.1-11
Distribution: unstable
Urgency: low
Maintainer: Ian Beckwith <[EMAIL PROTECTED]>
Changed-By: Ian Beckwith <[EMAIL PROTECTED]>
Description:
telnet-ssl - The telnet client with SSL encryption support
telnetd-ssl - The telnet server with SSL encryption support
Closes: 368416 372105
Changes:
netkit-telnet-ssl (0.17.24+0.1-11) unstable; urgency=low
.
* Move telnetd.pem to /etc/telnetd-ssl (Closes: #368416):
* Use private copy of openssl.cnf (from openssl_0.9.8b-2) (Closes: #372105).
* Set Common Name to FQDN when generating certificate.
* Standards-Version: 3.7.2 (No changes).
Files:
4185af0c6db289eca33addf897bad031 1007 net extra
netkit-telnet-ssl_0.17.24+0.1-11.dsc
24515308f683ef64fb3ed8ce68a72931 29849 net extra
netkit-telnet-ssl_0.17.24+0.1-11.diff.gz
dd08351a2e4e4e81aad4c4c2b41eec9c 83126 net extra
telnet-ssl_0.17.24+0.1-11_i386.deb
b3af3c13c05482a55b7ca6df62f05072 56872 net extra
telnetd-ssl_0.17.24+0.1-11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBRJZ48m4/9k35XC9tAQLRJwgAxCG6WXGA/ujl/xlQkannRjXi024A3XLX
0D4n9X7qP+YtMJ9fYyUbR1LbKW3Pun1TamFNBsT1ll8uRi+85JphMYIpWIVAToN+
04em+gPHgaD6Uu8EkobMpRr7/7FD40+6kU4zhti8mFbU5xkXlDZDeQX4uMK3Qy+E
PQO7qcyEBuiaqlfFLk+a8bD3KkOHbmWbWRW3s6GFSZf1Fjbk6bjPTHL0uLZXXtNZ
eBxOW++520VjLBS8tdrJ0hwpKJX1bfIkOeC7t78PvDqDSSNUw0aKepHbmXpHgOgT
1jenwRjo9u0vz2EJq9b3qoG9Iw560xO7ev0Q8ra6Py4DqrRH3ypWEQ==
=x2fJ
-----END PGP SIGNATURE-----
--- End Message ---
