Your message dated Sun, 02 Nov 2025 23:02:35 +0000
with message-id <[email protected]>
and subject line Bug#1110816: fixed in libvirt 11.3.0-3+deb13u1
has caused the Debian Bug report #1110816,
regarding Libvirt TLS: Key Encipherment extension should not be enforced in
certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110816
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvirt-daemon
Version: 11.3.0-3
Libvirt currently enforces the Key Encipherment certificate extension to be
present in configured TLS certificates.
This goes against the specification that ECDSA certificates should never
contain the Key Encipherment extension.
Dropping the requirement altogether is the better option, as it is no longer a
requirement with modern ciphers.
Upstream references:
This requirement was dropped for ECDSA certificates in 11.5.0:
https://gitlab.com/libvirt/libvirt/-/commit/11867b0224a2b8dc34755ff0ace446b6842df1c1
The requirement was dropped altogether in 11.6.0:
https://gitlab.com/libvirt/libvirt/-/commit/8cecd3249e5fa5478a7c53567971b4d969274ea3
Tests were corrected in:
https://gitlab.com/libvirt/libvirt/-/commit/e67952b0e612c9ad3c3eec8bb692589602953ee8
Thanks in advance,
Karel Van Hecke
--- End Message ---
--- Begin Message ---
Source: libvirt
Source-Version: 11.3.0-3+deb13u1
Done: Andrea Bolognani <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrea Bolognani <[email protected]> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 02 Nov 2025 16:54:31 +0100
Source: libvirt
Architecture: source
Version: 11.3.0-3+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<[email protected]>
Changed-By: Andrea Bolognani <[email protected]>
Closes: 1110816 1110963 1112481
Changes:
libvirt (11.3.0-3+deb13u1) trixie; urgency=medium
.
* [6a549fc] patches: Add backports
- backport/tlscert-Don-t-force-keyEncipherment[...]
- backport/tls-Don-t-require-keyEncipherment-[...]
- backport/tests-[...]-Drop-use-of-GNUTLS_KEY_KEY_ENCIPHERM[...]
- Removes the requirement to have keyEncipherment enabled
for TLS certificates
- Closes: #1110816
* [8b355a8] patches: Add backports
- backport/daemon-Drop-log-level-of-VIR_ERR_NO_SUPPORT-[...]
- Prevents journal spam when using the LXC driver
- Closes: #1110963
* [f5079ab] patches: Add backports
- backport/qemu-capabilities-Check-if-cpuModels-is-not-NULL-[...]
- Fixes a daemon crash that occurs when probing capabilities
for a QEMU binary that doesn't report information about
CPU models
- Closes: #1112481
Checksums-Sha1:
8000fb2c616b64904bd2d0802338fdecc9389e6b 7803 libvirt_11.3.0-3+deb13u1.dsc
a65e48c18f1c551b366e00ab6fb0c391e78d16a6 101684
libvirt_11.3.0-3+deb13u1.debian.tar.xz
714940b6cfe7afd7bc0e892f66c2c77fb6113f3e 13899
libvirt_11.3.0-3+deb13u1_source.buildinfo
Checksums-Sha256:
4d8f0523b6367384d7b95123c0b68f7b3e205424bbe8c7b73af9ad84daf10772 7803
libvirt_11.3.0-3+deb13u1.dsc
cf336b6130526ff8419a290c1a5e9cce18493f9dcbf2aa329bcbbab27c3410d6 101684
libvirt_11.3.0-3+deb13u1.debian.tar.xz
70251abf51c2bc07be951a2cd0100060feada12382837cde6e46ea81be835ef1 13899
libvirt_11.3.0-3+deb13u1_source.buildinfo
Files:
13e74e383fbb177fc7aa5a205f7c5a4d 7803 libs optional
libvirt_11.3.0-3+deb13u1.dsc
b36909f3498527a965c9123a3f2be542 101684 libs optional
libvirt_11.3.0-3+deb13u1.debian.tar.xz
699e0d40207a53a09ed214d2055a2e1b 13899 libs optional
libvirt_11.3.0-3+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEO48t9niVypx3EjLf954fxUKFg6wFAmkHll0PHGVvZkBraXl1
a28ub3JnAAoJEPeeH8VChYOsAT8QANC5lVq7Ordj4edv2KxTqx0nfLhwedjP4KNW
72ThYLq5cVi6KmHDvIHT1a/N/WdpBlWliNURl1oJSyBvkjwrBR8D79p3P1DBV9Mt
LIG3T5oJqiilZiwsSA4HEcoSSNug0iR7D8oVpnB2PODfqfJcpIvb2pY2CKiS2C7N
bunhuNIn5JB1+Ro3Ck3KZkQly/hhBCRivSFGih804NePxcUDzcZ1G99xWhayGbg0
OgjEwJOnT58Jkk+H63BcX0Bgf3ha3uQzS3p3H7cKu2+Wcyzo0Nh0+wqNyeVCuRzD
23i9WNyOD8QLqCY7Pv35H3vzoNqBW58uNS9hSMV3rJ7Yr+wswe6HvUSWgVyCpXkN
P4GKa+IVg6YptqyM0AjoKCVEkwb2xWsCIVkVLXMexS0X43oAjCCRF3m94k3bWiuS
/ZKkFUPY7sQ1UZB48Uret8n3pB0EszVbg4i72GqKxWXAL1wp65qbx3oyp+N8ml/m
VDarLa1UAqyTGietme4F8/QDjsSdc8OBfCh1xIJJKYOStgZP19EPoaPI2Vg1ND5g
gqno3TPlT8bKbZuvKH/9o4Vs9NdXrF9p/FEUCB6GbaYGGVuIAZaOtECzUDRznoK9
FdPRRjJ14bI/fL2mFl8YeCgWfrz4AYxEWF6KIODW/QTDjd60iOSmX3b0xKnD0cSn
YDoRiuDN
=XjPi
-----END PGP SIGNATURE-----
pgp9R6uaicG1E.pgp
Description: PGP signature
--- End Message ---
