Your message dated Thu, 27 Jun 2019 08:54:59 +0200
with message-id <ffa17de1-2488-d3d7-30d9-0c3a0ad75...@debian.org>
and subject line Re: Bug#930975: unblock: libmojolicious-perl/8.12+dfsg-2
has caused the Debian Bug report #930975,
regarding unblock: libmojolicious-perl/8.12+dfsg-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
930975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package libmojolicious-perl
As of Debian 10 "buster" the system-wide default minimum supported TLS
level is 1.2. The upstream mojolicious source provides an SSL key intended
for local development testing (/CN=localhost) which does not support TLS 1.2
(it was created with RSA:1024 and SHA1 digests).
New installations of buster and migrations from stretch using the updated
openssl configuration will be affected.
Please see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929675 for the
Debian bug report.
The patch provided in libmojolicious-perl 8.12+dfsg-2 replaces the upstream
RSA:1024/SHA1 key with a new key generated for localhost using RSA:4096/SHA256
that supports TLS 1.3. No code changes are made.
$ debdiff libmojolicious-perl_8.12+dfsg-1.dsc
libmojolicious-perl_8.12+dfsg-2.dsc
dpkg-source: warning: extracting unsigned source package
(/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-1.dsc)
dpkg-source: warning: extracting unsigned source package
(/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-2.dsc)
diff -Nru libmojolicious-perl-8.12+dfsg/debian/changelog
libmojolicious-perl-8.12+dfsg/debian/changelog
--- libmojolicious-perl-8.12+dfsg/debian/changelog 2019-02-05
17:58:40.000000000 +0000
+++ libmojolicious-perl-8.12+dfsg/debian/changelog 2019-06-23
19:51:20.000000000 +0100
@@ -1,3 +1,9 @@
+libmojolicious-perl (8.12+dfsg-2) unstable; urgency=medium
+
+ * d/patches: add update-ssl-tls-certificate (Closes: #929675)
+
+ -- Nick Morrott <knowledgejun...@gmail.com> Sun, 23 Jun 2019 19:51:20 +0100
+
libmojolicious-perl (8.12+dfsg-1) unstable; urgency=medium
* Import upstream version 8.12+dfsg.
diff -Nru libmojolicious-perl-8.12+dfsg/debian/patches/series
libmojolicious-perl-8.12+dfsg/debian/patches/series
--- libmojolicious-perl-8.12+dfsg/debian/patches/series 1970-01-01
01:00:00.000000000 +0100
+++ libmojolicious-perl-8.12+dfsg/debian/patches/series 2019-06-23
19:51:20.000000000 +0100
@@ -0,0 +1 @@
+update-ssl-tls-certificate
diff -Nru
libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate
libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate
--- libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate
1970-01-01 01:00:00.000000000 +0100
+++ libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate
2019-06-23 19:51:20.000000000 +0100
@@ -0,0 +1,143 @@
+Description: Update default https certificate to support TLS 1.2+
+ This patch replaces the upstream https certificate (RSA:1024, SHA1) that is
+ used for local development (CN=localhost) with a new certificate
+ (RSA:4096, SHA256) that supports the updated TLS 1.2 minimum-default-supported
+ TLS level on buster.
+Author: Nick Morrott <knowledgejun...@gmail.com>
+Forwarded: https://github.com/mojolicious/mojo/pull/1371
+Last-Update: 2019-06-23
+---
+--- a/lib/Mojo/IOLoop/TLS.pm
++++ b/lib/Mojo/IOLoop/TLS.pm
+@@ -14,8 +14,8 @@
+
+ has reactor => sub { Mojo::IOLoop->singleton->reactor }, weak => 1;
+
+-# To regenerate the certificate run this command (18.04.2012)
+-# openssl req -new -x509 -keyout server.key -out server.crt -nodes -days 7300
++# To regenerate the certificate run this command (22.06.2019)
++# openssl req -x509 -newkey rsa:4096 -nodes -sha256 -out server.crt -keyout
server.key -days 7300 -subj '/CN=localhost'
+ my $CERT = path(__FILE__)->sibling('resources', 'server.crt')->to_string;
+ my $KEY = path(__FILE__)->sibling('resources', 'server.key')->to_string;
+
+--- a/lib/Mojo/IOLoop/resources/server.crt
++++ b/lib/Mojo/IOLoop/resources/server.crt
+@@ -1,21 +1,29 @@
+ -----BEGIN CERTIFICATE-----
+-MIIDaTCCAtKgAwIBAgIJAI+AzotR68CTMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD
+-VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjESMBAGA1UEBxMJSGFtYmVy
+-Z2VuMRQwEgYDVQQKEwtNb2pvbGljaW91czESMBAGA1UEAxMJbG9jYWxob3N0MRsw
+-GQYJKoZIhvcNAQkBFgxzcmlAY3Bhbi5vcmcwHhcNMTIwNDE4MTczOTU5WhcNMzIw
+-NDEzMTczOTU5WjCBgDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hz
+-ZW4xEjAQBgNVBAcTCUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQ
+-BgNVBAMTCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMc3JpQGNwYW4ub3JnMIGf
+-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCohcU0qG+hHn6JK8XdygAJo7EuRqG2
+-5GSHaRRMyYgd89tEluInMH86tVcktJ1s/0VVvr5anAp8L7Pgu01Wr13OfgIzBxCz
+-51ZIFxq4DtimBftXs9Z9M0sui2NuIPDrMEjkYUhUsxMEZcDSp2KJjDosZjSYUiiF
+-G2ACvVGXSrS16QIDAQABo4HoMIHlMB0GA1UdDgQWBBSrZ+hIlPTgV7xx2O9wzdIO
+-/d4osDCBtQYDVR0jBIGtMIGqgBSrZ+hIlPTgV7xx2O9wzdIO/d4osKGBhqSBgzCB
+-gDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xEjAQBgNVBAcT
+-CUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQBgNVBAMTCWxvY2Fs
+-aG9zdDEbMBkGCSqGSIb3DQEJARYMc3JpQGNwYW4ub3JnggkAj4DOi1HrwJMwDAYD
+-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAq6MXA7ZeO7B7vAcWxQKeLPKSy
+-Jzkb1bC/agaISDbOwuZ1AoQSj6OQHKhNIdY5v/oLQJ0B8wB0dIigqn1WVacDtPgu
+-PKSrxpqieDCh2bJ7+dyQIzQHgtZqPHi5k1PyNNXQxC94kPWdFp6PpF0M/y97aCxC
+-ZQjKgDfncFWY3FHqUw==
++MIIFCTCCAvGgAwIBAgIUKG1VkDD+euOxwJ5EE1XFMxfrwEQwDQYJKoZIhvcNAQEL
++BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDYyMjIyMTUzN1oXDTM5MDYx
++NzIyMTUzN1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEA254eaczkm1l/gFgxaDZvHPAWyR/Bxm3rlEQ5X4+n5fvD
++SvZKInHoidh5AcVbvprE3GgwG5IJM8tsKo0Q6h9TSKm8+tBW8oAirbI2WTEj4EFm
++yWpZcxpVpB07Sqx9WlU/1lMnSFR9AyKEpvTwign4iWCKrfJlh2p8cZ1j0y4brdtF
++mBsueJcyAx5ZW+4lBohF83f4tmX/h5zfGRblV6V7EpjMMWCtqBZ5snJxC1QS/nVb
++UrNqapztW1xwtNZxPmf6YArMPTJ0yRjMpEUbhPz3JjWQQmujgLf/KdyAh1L6LE0q
++PtxTfo3Bi2IORVpOJqMxUSkFNYS/Ami/J8+uX8CUDaBFUyff50ws1r2SHXUOSrUd
++kmlNjX5YZlejUku5nc4ouZ7bgDOaKmBNtesrj2wCbULJwEOZKAvBEZqI4ZyDFDoB
++c/y9YOq8qlUGYtIs46VpApN8kjQnuYziR3ZlPNdpKrEn3VEOwb+9NXSNHa5GxiE+
++wzcGvGyPL/CZGZ9dwMty3I+ssxSdqdo/RnfQxWcjOexTCWz59II4wd3XhU+BkiSO
++2GK8103umWBd/0l1rvTyPgV+O+YP/o2u8V+wh6bOQ8EGahc3mOlJfWRegtFelGOY
+++Y+hIMsNqI+WmcTmhRkNbXHcetOvDW1TLj6gTx8sagqTvmuJa5DYzyY1ahSbmfkC
++AwEAAaNTMFEwHQYDVR0OBBYEFD4OORwa3/UhbMhJjPayxNf5vuZzMB8GA1UdIwQY
++MBaAFD4OORwa3/UhbMhJjPayxNf5vuZzMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
++hvcNAQELBQADggIBANiwCKr8zCPr8UP0KwxnTR6HBosDFzONF1WtiMk2Kq9/W3Rh
++qCzG9novw1dhGsuB23E+roxlaw5El+E41TIQ+APnUWwMq+CyaTP+jA1TNLQ5Y/cm
++euCDrQ35QI7I6vhzg82O+s5oX0u33q7M8DByYkXqCLmJ+oZ3dVunNJ0OSMM19tlf
++2wl5iCKwoIE+uVDTZgZlKIDbXmbmr6cH29qTIrQ1xijmk9VZxBxUm7toOiPEK86K
++blMbH6v2cozAMdp3jn8e6EFkug9S+X5VS77BAu6TpewxhOr4kotewB07WckRaGYe
++sIE2UaoBC/8uyrXIXA8XDYEEs1wDFVxlEcBaAQ977SlhLN2RVa1p/4mXU7y2apXQ
++EcEXWM/Z8DKCiKj034zafTOB+9XDjjtluUSm6ECt8QTlaxOXZmQ0kmSfFqEEXdBf
++RyGqzvHIBOspxIg8PWo9WeGh7yUrCO7uJyewUmH77PwMi+LBMXa24en3N+S7p4wk
++ao7BEf/h80g9XmY3kQGTGa4Pc0Bhla9mP61+BG2orl1K7meqZxBvF29c6qx4orQ0
++eux0xKRiSuvsAptyTzGa5+wHCqYrGlKaC+rjqRVKHvyZWeJ5fnrB2CFPSzezG3EE
++emSP/BgDUdQQXDWgAET/nb6n1eCnYKZqwsp+HPNR/42ibQvwh0a6wnmHDeCD
+ -----END CERTIFICATE-----
+--- a/lib/Mojo/IOLoop/resources/server.key
++++ b/lib/Mojo/IOLoop/resources/server.key
+@@ -1,15 +1,52 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIICXAIBAAKBgQCohcU0qG+hHn6JK8XdygAJo7EuRqG25GSHaRRMyYgd89tEluIn
+-MH86tVcktJ1s/0VVvr5anAp8L7Pgu01Wr13OfgIzBxCz51ZIFxq4DtimBftXs9Z9
+-M0sui2NuIPDrMEjkYUhUsxMEZcDSp2KJjDosZjSYUiiFG2ACvVGXSrS16QIDAQAB
+-AoGALSdqp6lZ/7nD/c0Uv1CYofySROv3+KFJrl6hadG1/xCP99jVz9pWvMxKBTO/
+-2qyrT0ZEitK0nIHLmLOXDVr/rxzbxP/kHmkOLKj45jW31BSap89tUpFjFQXFfjwT
+-YnOgOB4+eqQuGwigCqabcQPtFC4fU7Qzk7pdz/kO4FjR0GECQQDdXthCKgS7E5Zy
+-qqzjepxYvKgkWPD3G9H6I8LOtiVBdcehflF8Y61OGsEST3pbOhrijhY281VnD1AG
+-pNL1rOhDAkEAwuKKTN+2GF3m1mPtGW9jpkP8gU2zcO945U0jxpn2srjQ9oIoB45Y
+-gqtE6yybRY4BBd+hMdgeH5dXSwsZW+FMYwJASrFy5LhKylisndoq5cJ8OJDHZyQ/
+-ghF4Ax/H3nmlDnZQOpRlqEP1uPHcDXKVxWxQn/rzUe0+9rw681Lv/4ctAwJAfyLO
+-2muvHaJUr1QtH0S9m4AKwEfyYiC3m8+BIVTbzagoGki62IMSVtxob4uAGBYVsME9
+-JYk5zZ4rgndRKdGGxQJBAIpbdLBKArvnpbYIqNJGG83mUZ/VZaQl0G+S3zGkgre9
+-KjIuz10nNMNAKmGRrTbClLtvAQ9MVa3Xjnp+XmxPFho=
+------END RSA PRIVATE KEY-----
++-----BEGIN PRIVATE KEY-----
++MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDbnh5pzOSbWX+A
++WDFoNm8c8BbJH8HGbeuURDlfj6fl+8NK9koiceiJ2HkBxVu+msTcaDAbkgkzy2wq
++jRDqH1NIqbz60FbygCKtsjZZMSPgQWbJallzGlWkHTtKrH1aVT/WUydIVH0DIoSm
++9PCKCfiJYIqt8mWHanxxnWPTLhut20WYGy54lzIDHllb7iUGiEXzd/i2Zf+HnN8Z
++FuVXpXsSmMwxYK2oFnmycnELVBL+dVtSs2pqnO1bXHC01nE+Z/pgCsw9MnTJGMyk
++RRuE/PcmNZBCa6OAt/8p3ICHUvosTSo+3FN+jcGLYg5FWk4mozFRKQU1hL8CaL8n
++z65fwJQNoEVTJ9/nTCzWvZIddQ5KtR2SaU2NflhmV6NSS7mdzii5ntuAM5oqYE21
++6yuPbAJtQsnAQ5koC8ERmojhnIMUOgFz/L1g6ryqVQZi0izjpWkCk3ySNCe5jOJH
++dmU812kqsSfdUQ7Bv701dI0drkbGIT7DNwa8bI8v8JkZn13Ay3Lcj6yzFJ2p2j9G
++d9DFZyM57FMJbPn0gjjB3deFT4GSJI7YYrzXTe6ZYF3/SXWu9PI+BX475g/+ja7x
++X7CHps5DwQZqFzeY6Ul9ZF6C0V6UY5j5j6Egyw2oj5aZxOaFGQ1tcdx6068NbVMu
++PqBPHyxqCpO+a4lrkNjPJjVqFJuZ+QIDAQABAoICAGjl2nMAicTl96+O8HJtZZ81
++0jxYrc6gnCBigeDyFekU2tAIWZqgO8jzm8DLyql89UCthyT0GO8jX9PnM0gQlFAl
++uv013AHSUD4U3D636QHpWzYjVPxUfMl5qONfBjTKeUZey2mR6XBA4Yl5fxb/8jVz
++5ml1WSdYJn6CBbdN06y0Cka/3O9+kEXLDjWJxyeamYbUK/i7OVVGCY3LUNoPUXyt
++fQKsweWCbrhcT0Bw9O2Tkn4q8k5gDENSIQdPUiHTulR7c9hbLEsNTFm+JInd5hLb
++DL+c+Ci4Oel9x+pbKOFWLjJ+PGc7QFHaESTxIFj2I803QaSxdiapb3yNhyV3L398
++IKQoR8+1CHmDoJ/AqO9Otve7B4mEZpv/005xoGiE/svSbVi4bQgq0CuMJvv8dMn6
++uImveMLJyGSqzV9LOH+gnf9ZK1T8xRHTtiBlmxaAp7nfuBdhk6Hh1VI6THOuOYvc
++ikhLxKqCoTJFOOcgCEPQOwT+YrREVuWM6rJkALgU7mNIq10JI/jjRONEgMLANNQm
++QIuaWAi+OUv8kq5We/8cf+t8o331CUo5A5oypiprYQe9NG5X1jQgLqDZcfo5KiXx
++6cARt0ar81EmrBas8fHbmvfjueQF/ELRwooF+Vxt8fRHmF7eGcAuMfP9fZK8xGE6
++tWZmgwTAvEyshfOT9wEtAoIBAQDwZpUJy1Hhh+7jpnUKEcHV1lvw4u0vUoBMXG+I
++rrOdI2Wp5CHNzUVFeqwaqnEV4o5FodZEqIeq9ZCwgWzzswpb+ilLM+URLDG46e4Z
++vh40BJe7gHuQm6V195C0FKuIc5jW/qpJewxqRbuROOx/fCu7dRt3Ve5TxHG/ZW2V
++WCaMm1T0etG5Xe5gowGTLzYnIsv/Eq/lSfXb3o/3skG1sbbLZ62llQSrXVJIklHt
++UQP7vdIaYDdJBw1/tZ4elRaxF3EAYcGN5jt1sT3FdPqyJ8jz7sMl5qdKKXdxYbAk
++0bLu3FSPrrATfz5Wh7QBKuHrrxj1ctHIdbw1En30jwVGxpfXAoIBAQDp3kx3d7X7
++sKMF9WlJ4kqS9SZX10B4PWJKc1C71sL9i4pt+giaTlViM0inD7pD5bRihQTLprf1
++mkrF+sdgWRKRYMCrestp/3GHgsWJ9en6DAQABFbfYu44kXURNjWs1YshCiPgByHW
++v70oapKkX5XazUB2wJupdjTd1xOkZDCpFp0yLq9gMlgwyThLqshNCGqhXF6C7C9f
++fQ57B/iCBN7rBJLVb8TkNhj9h2VwfMliKtooXrw6AnkYOR9fJZnoFAMb+qKaexx5
++dWJi1W9qX8j6bs11FvJgk8clRyCHchbXnTO6Uk/OF7rwRlYGEEkoRr59JB8BwG3x
++krOegxqz4uKvAoIBAC9MH3qD1CJJOkjz0QcgI0DNId2s5/ltg+yCKzd7F7+M3U2l
++orj47+4Ripbcfc9OeatdgeiUN8z873CqpiL0UM9z0ngHR8QvK8Ez1TKfYxXc6XVs
++e+MhnFYvVPr5Lh50j9eM1zgJy5GFErgpuO4EIh6JldPOxksY1UBQ1lSRuVPko7xO
++BcEwp9u/dmnc2gytHfGbXZwBBywxB6Y2HhN/WXV/enyfawHEJJI+p3vHer8mw5WI
++5JermY5Mz0U5E/PXptXqZchjScOIEZ0tvL0ccr77dM2aKcO/kM5v59X2o/u2wbRb
++LC1J1Zv0qwenxjc2hfSUmI2WDGdssfdRxDn+jJUCggEBAOmD29pWH9Hmd4EVoEHz
++v/6o5dZDyc3FjQVFy1EjiaNc16YkSL66hKr/BgY5wATXsZvFshoeqASGQS8ZzkY3
++6kBa2Ubf34hBVXy3aMLuVugjY0MZEh0PTUoSg0/iTwn6V2dwFo400Ob6oMdgUnfq
++MVk+JKXuf/9fVj5D6Qr2N1g+ikt3LgnhewmLgbicGFBCnSXtczlK16qC1himxs4c
++SvFjqbGQXop4Mc/Eh9cf4n0wyJASt+M8YOl88AQzKU//23LuebnCP5ZPTSPedddD
++OQxF4sSNWwpvxCNGuAZGNuSnxOTAF4tzSmdr860uSb37lWyiyosXNzBFCTC3O8xu
++OWUCggEBAJGYdDmEaYEZLTgL10QfgNFKm0JWXKJJJ3WU+Bcv2lJyIYKqDdQueFSA
++aMNF/84xrEWR7F+4V3r+Ba5OxAiK9wF/KcsHRAJ6aeFtZl+0mPnaCL3NQgmvacGH
++5947mGHwPc/Lc2m03Is4pgHZuntGfDV2gFjvUgzXyFqbxkUb+pykXOF8fezogUB4
++yJ0m1Z653VlsC0TxoDGqBNs7RXevtlTywFH/4dk38pU3K8U5pBd3i3sy3a85uqLK
++YMpCGdtsAqKNZP6Jyn6dqmW/BW1G49jm4IE5LExR9seUc8o8x1DMkkpADwsfdHEt
++yJAem0VCWqqMK02V9nOZ/ZGTPYVnXds=
++-----END PRIVATE KEY-----
unblock libmojolicious-perl/8.12+dfsg-2
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (600, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Hi Nick,
On 23-06-2019 21:38, Nick Morrott wrote:
> unblock libmojolicious-perl/8.12+dfsg-2
Unstable and testing have the same -1 version. As the package had to be
ready last Tuesday to be part of the initial release of buster, I am
closing this bug as there is nothing to do for us. If you care enough,
please prepare your fix for the first point release.
Paul
signature.asc
Description: OpenPGP digital signature
--- End Message ---
