Bug#970332: libcurl4: Public key authentication failure
Package: libcurl4 Version: 7.72.0-1 Severity: normal Dear maintainer The version of libcurl4 in testing (7.72.0-1) fails to successfully negotiate public key authentication and closes the connection early. I have tested using the attached script against both stable and testing versions of openssh-server (1:7.9p1-10+deb10u2 and 1:8.3p1-1). Testing with the same script and the stable version of libcurl4 (7.64.0-4+deb10u1) is successful so this looks like a regression? I have attached openssh-server logs from a machine running openssh-server 1:8.3p1-1, showing success from "old" libcurl4 and "failure" from new libcurl4. (Note that the stable version was tested using a TCP connection to localhost so the IPs of server and client are the same in that case.) Not sure what the next diagnostic / debugging steps are here but happy to provide any assistance? Many thanks, Sam Kemp -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-3-amd64 (SMP w/4 CPU threads) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libcurl4 depends on: ii libbrotli11.0.9-2 ii libc6 2.31-3 ii libgssapi-krb5-2 1.17-10 ii libidn2-0 2.3.0-1 ii libldap-2.4-2 2.4.53+dfsg-1 ii libnghttp2-14 1.41.0-3 ii libpsl5 0.21.0-1.1 ii librtmp1 2.4+20151223.gitfa8646d.1-2+b2 ii libssh2-1 1.8.0-2.1 ii libssl1.1 1.1.1g-1 ii zlib1g1:1.2.11.dfsg-2 Versions of packages libcurl4 recommends: ii ca-certificates 20200601 libcurl4 suggests no packages. -- no debconf information debug3: oom_adjust_restore debug1: Set /proc/self/oom_score_adj to 0 debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from [CLIENT IP] port [CLIENT PORT] on [SERVER IP] port 22 debug1: Client protocol version 2.0; client software version libssh2_1.8.0 debug1: no match: libssh2_1.8.0 debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 20979 debug3: preauth child monitor started debug3: privsep user:group 106:65534 [preauth] debug1: permanently_set_uid: 106/65534 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug3: receive packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: local server KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth] debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com [preauth] debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com [preauth] debug2: MACs ctos: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,z...@openssh.com [preauth] debug2: compression stoc: none,z...@openssh.com [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: peer client KEXINIT proposal [preauth] debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] debug2: host key algorithms: ssh-rsa,ssh-dss [preauth] debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [pre
Bug#964959: mpack: Non-standard headers risk mail being marked as spam
Package: mpack Version: 1.6-15 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Maintainer, When sending a file which does not require splitting across emails, mpack creates the header "Mime-Version" rather than "MIME-Version" as used in RFC 2045. Although the RFC does not specify case-sensitivity, this behaviour does cause spam scoring for some recipients (e.g., those using rspamd) so the behaviour should be amended. This will also make behaviour consistent within the package, as when splitting files across emails the header "MIME-Version" is already used. The necessary change is at encode.c.124 -- apologies but I am not sure on what the most helpful patch format to supply here would be. Sam - -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mpack depends on: ii libc6 2.30-8 mpack recommends no packages. Versions of packages mpack suggests: pn inews ii postfix [mail-transport-agent] 3.5.4-1 - -- no debconf information -BEGIN PGP SIGNATURE- iQFIBAEBCAAyFiEEpNktSs6Yz6ACYTv0nBYn1jXHAa4FAl8MR/0UHGRlYmlhbkBz ZGtlbXAuY28udWsACgkQnBYn1jXHAa4leAf/aNZbG8McFuNLlnLh3MiTvCzSpBpA osLDTx/DyfLFyQqNuWx8EQZqAfF4tR9oyOHcXV1OCxM7ZofsizalOrgd5ZVNUK1L OO1Jd4oDeJp7BjjxwEtELFkAdC10elyojRMl91LurnkWE31+zkOpdF3yJyesgrWq X6damLp4n+N661+kpJvgkLTwSrpMCMMxQ6hfHNyWzmXOjGPHEb5bCWvF7Wvyn5yX TY9OxKekqjLTOBE/+AHBntaQohbp7tVQag1IWaRANqsiiKsSu148E4g3kHl5sUlM cLwCCSxilGwUQkrJDVCQB6qEcrNWq1MugAM9x4Q9rKU+ZPEx5HEQF1NjsA== =5BTS -END PGP SIGNATURE-
Bug#529962: mpack doesn't allow to specify a sender address
Package: mpack Version: 1.6-15 Followup-For: Bug #529962 Dear Maintainer, I believe that this bug (529962) is a duplicate of 211657 and should be merged into the latter. Thanks Sam -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mpack depends on: ii libc6 2.30-8 mpack recommends no packages. Versions of packages mpack suggests: pn inews ii postfix [mail-transport-agent] 3.5.4-1 -- no debconf information
Bug#926185: mailman: Provided apache.conf does not expose archives under mod_authz
Package: mailman Version: 1:2.1.29-1 Severity: normal Tags: patch Dear Maintainer, List archives are by default located under /var/lib and are therefore not visible through the web server under the default Debian apache2.conf. The provided configuration template installed at /etc/mailman/apache.conf fixes this issue in a standard installation, but not in the (commented) section for a dedicated virtual host. Patch attached to remedy this. Would it be worth considering splitting the template file into two, in any case, to allow more thorough commenting of the two scenarios? I'd be happy to take that on if confirmed. Sam -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mailman depends on: pn apache2 | httpd ii cron [cron-daemon] 3.0pl1-132 ii debconf [debconf-2.0] 1.5.71 ii libc6 2.28-8 ii logrotate 3.14.0-4 ii lsb-base 10.2019031300 ii python 2.7.15-4 pn python-dnspython ii ucf3.0038+nmu1 Versions of packages mailman recommends: ii exim4-daemon-light [mail-transport-agent] 4.92-2 Versions of packages mailman suggests: pn listadmin pn lynx pn mailman3-full pn spamassassin --- apache.conf~2019-04-01 17:47:59.116512727 +0100 +++ apache.conf 2019-04-01 17:52:55.544641572 +0100 @@ -50,6 +50,7 @@ # #Options FollowSymLinks #AllowOverride None +#Require all granted # # #Alias /pipermail/ /var/lib/mailman/archives/public/ --- apache.conf~2019-04-01 17:47:59.116512727 +0100 +++ apache.conf 2019-04-01 17:52:55.544641572 +0100 @@ -50,6 +50,7 @@ # #Options FollowSymLinks #AllowOverride None +#Require all granted # # #Alias /pipermail/ /var/lib/mailman/archives/public/ --- apache.conf~2019-04-01 17:47:59.116512727 +0100 +++ apache.conf 2019-04-01 17:52:55.544641572 +0100 @@ -50,6 +50,7 @@ # #Options FollowSymLinks #AllowOverride None +#Require all granted # # #Alias /pipermail/ /var/lib/mailman/archives/public/ --- apache.conf~2019-04-01 17:47:59.116512727 +0100 +++ apache.conf 2019-04-01 17:52:55.544641572 +0100 @@ -50,6 +50,7 @@ # #Options FollowSymLinks #AllowOverride None +#Require all granted # # #Alias /pipermail/ /var/lib/mailman/archives/public/
