Your message dated Sat, 21 Jan 2006 08:32:13 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#338006: fixed in openssl 0.9.8a-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Nov 2005 19:24:04 +0000
>From [EMAIL PROTECTED] Mon Nov 07 11:24:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 84-217-29-140.tn.glocalnet.net (mulder.hem.za.org)
[84.217.29.140]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EZCb5-0003hb-00; Mon, 07 Nov 2005 11:24:04 -0800
Received: from skinner.hem.za.org ([fec0::202:44ff:fe1d:d021])
by mulder.hem.za.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1EZCb1-000340-NY; Mon, 07 Nov 2005 20:23:59 +0100
Received: from mikael by skinner.hem.za.org with local (Exim 4.52)
id 1EZCax-0007tO-CT; Mon, 07 Nov 2005 20:23:55 +0100
Date: Mon, 7 Nov 2005 20:23:55 +0100
From: Mikael Magnusson <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: libssl0.9.8: bad record mac because of wrong
SSL_OP_TLS_BLOCK_PADDING_BUG handling
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.17
User-Agent: Mutt/1.5.9i
Sender: Mikael Magnusson <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: libssl0.9.8
Version: 0.9.8a-3
Severity: important
Use of SSL_OP_TLS_BLOCK_PADDING_BUG, which is included in SSL_OP_ALL,
triggers a bug in OpenSSL if both the client and server is using version 0.9.8.
Upstream bug report:
http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1204
The bug can be demonstrated with the following execution of s_server and
s_client.
Server:
# openssl s_server -accept 5061 -cert /etc/apache/ssl.crt/snakeoil-dsa.crt -key
/etc/apache/ssl.key/snakeoil-dsa.key -CAfile
/etc/apache/ssl.crt/snakeoil-ca-dsa.crt -no_ssl2
Client:
$ openssl s_client -connect skinner:5061 -no_ssl2 -bugs
CONNECTED(00000003)
depth=1 /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Certificate
Authority (DSA)/CN=Snake Oil CA/[EMAIL PROTECTED]
verify error:num=19:self signed certificate in certificate chain
verify return:0
29985:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac:s3_pkt.c:426:
Sometimes the connection succeeds, but it fails most of the times.
Regards,
Mikael
-- System Information:
Debian Release: testing/unstable
APT prefers stable
APT policy: (871, 'stable'), (50, 'testing'), (30, 'unstable'), (10,
'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-vserver-k7
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Versions of packages libssl0.9.8 depends on:
ii debconf [debconf-2.0] 1.4.57 Debian configuration management sy
ii libc6 2.3.5-7 GNU C Library: Shared libraries an
ii zlib1g 1:1.2.3-6 compression library - runtime
libssl0.9.8 recommends no packages.
-- debconf information:
libssl0.9.8/restart-services:
---------------------------------------
Received: (at 338006-close) by bugs.debian.org; 21 Jan 2006 16:41:04 +0000
>From [EMAIL PROTECTED] Sat Jan 21 08:41:04 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F0Lev-0003kJ-6K; Sat, 21 Jan 2006 08:32:13 -0800
From: Kurt Roeckx <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#338006: fixed in openssl 0.9.8a-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 21 Jan 2006 08:32:13 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: openssl
Source-Version: 0.9.8a-6
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:
libcrypto0.9.8-udeb_0.9.8a-6_i386.udeb
to pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-6_i386.udeb
libssl-dev_0.9.8a-6_i386.deb
to pool/main/o/openssl/libssl-dev_0.9.8a-6_i386.deb
libssl0.9.8-dbg_0.9.8a-6_i386.deb
to pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-6_i386.deb
libssl0.9.8_0.9.8a-6_i386.deb
to pool/main/o/openssl/libssl0.9.8_0.9.8a-6_i386.deb
openssl_0.9.8a-6.diff.gz
to pool/main/o/openssl/openssl_0.9.8a-6.diff.gz
openssl_0.9.8a-6.dsc
to pool/main/o/openssl/openssl_0.9.8a-6.dsc
openssl_0.9.8a-6_i386.deb
to pool/main/o/openssl/openssl_0.9.8a-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[EMAIL PROTECTED]> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 21 Jan 2006 16:25:41 +0100
Source: openssl
Binary: libssl-dev openssl libssl0.9.8-dbg libcrypto0.9.8-udeb libssl0.9.8
Architecture: source i386
Version: 0.9.8a-6
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSL Team <[EMAIL PROTECTED]>
Changed-By: Kurt Roeckx <[EMAIL PROTECTED]>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypt
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 338006
Changes:
openssl (0.9.8a-6) unstable; urgency=low
.
* Remove empty postinst/preinst/prerm scripts. There is no need
to have empty ones, debhelper will add them when needed.
* Remove the static pic libraries. Nobody should be linking
it's shared libraries static to libssl or libcrypto.
This was added for opensc who now links to it shared.
* Do not assume that in case the sequence number is 0 and the
packet has an odd number of bytes that the other side has
the block padding bug, but try to check that it actually
has the bug. The wrong detection of this bug resulted
in an "decryption failed or bad record mac" error in case
both sides were using zlib compression. (Closes: #338006)
Files:
c131ce8b682ecfb00e621e067d54d08e 796 utils optional openssl_0.9.8a-6.dsc
c152659ff1525dbd5f411918eca4fc25 32486 utils optional openssl_0.9.8a-6.diff.gz
75c5aef075a45f10b9d1c891c3442d74 982844 utils optional
openssl_0.9.8a-6_i386.deb
711d05ea0c1368827ced13e51fa99d57 2692286 libs important
libssl0.9.8_0.9.8a-6_i386.deb
04d4fcd3e804e5ec9f3f1e55623cf9a5 545170 debian-installer optional
libcrypto0.9.8-udeb_0.9.8a-6_i386.udeb
7a2b123873aa86043ca3d0cc0800846d 2075736 libdevel optional
libssl-dev_0.9.8a-6_i386.deb
85ab4b29fa4ea4bdfb4ab895f40665e2 5175844 libdevel extra
libssl0.9.8-dbg_0.9.8a-6_i386.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD0l5cQdwckHJElwsRAsioAJ4ygEu6T0ohKUb37p5T939cxqpRXgCeMeqn
+9g6Xej7p6C2TVhNVoGcwfY=
=vOby
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
