Your message dated Thu, 27 Jun 2019 08:54:59 +0200 with message-id <ffa17de1-2488-d3d7-30d9-0c3a0ad75...@debian.org> and subject line Re: Bug#930975: unblock: libmojolicious-perl/8.12+dfsg-2 has caused the Debian Bug report #930975, regarding unblock: libmojolicious-perl/8.12+dfsg-2 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 930975: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930975 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock Severity: normal Please unblock package libmojolicious-perl As of Debian 10 "buster" the system-wide default minimum supported TLS level is 1.2. The upstream mojolicious source provides an SSL key intended for local development testing (/CN=localhost) which does not support TLS 1.2 (it was created with RSA:1024 and SHA1 digests). New installations of buster and migrations from stretch using the updated openssl configuration will be affected. Please see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929675 for the Debian bug report. The patch provided in libmojolicious-perl 8.12+dfsg-2 replaces the upstream RSA:1024/SHA1 key with a new key generated for localhost using RSA:4096/SHA256 that supports TLS 1.3. No code changes are made. $ debdiff libmojolicious-perl_8.12+dfsg-1.dsc libmojolicious-perl_8.12+dfsg-2.dsc dpkg-source: warning: extracting unsigned source package (/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-1.dsc) dpkg-source: warning: extracting unsigned source package (/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-2.dsc) diff -Nru libmojolicious-perl-8.12+dfsg/debian/changelog libmojolicious-perl-8.12+dfsg/debian/changelog --- libmojolicious-perl-8.12+dfsg/debian/changelog 2019-02-05 17:58:40.000000000 +0000 +++ libmojolicious-perl-8.12+dfsg/debian/changelog 2019-06-23 19:51:20.000000000 +0100 @@ -1,3 +1,9 @@ +libmojolicious-perl (8.12+dfsg-2) unstable; urgency=medium + + * d/patches: add update-ssl-tls-certificate (Closes: #929675) + + -- Nick Morrott <knowledgejun...@gmail.com> Sun, 23 Jun 2019 19:51:20 +0100 + libmojolicious-perl (8.12+dfsg-1) unstable; urgency=medium * Import upstream version 8.12+dfsg. diff -Nru libmojolicious-perl-8.12+dfsg/debian/patches/series libmojolicious-perl-8.12+dfsg/debian/patches/series --- libmojolicious-perl-8.12+dfsg/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libmojolicious-perl-8.12+dfsg/debian/patches/series 2019-06-23 19:51:20.000000000 +0100 @@ -0,0 +1 @@ +update-ssl-tls-certificate diff -Nru libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate --- libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate 1970-01-01 01:00:00.000000000 +0100 +++ libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate 2019-06-23 19:51:20.000000000 +0100 @@ -0,0 +1,143 @@ +Description: Update default https certificate to support TLS 1.2+ + This patch replaces the upstream https certificate (RSA:1024, SHA1) that is + used for local development (CN=localhost) with a new certificate + (RSA:4096, SHA256) that supports the updated TLS 1.2 minimum-default-supported + TLS level on buster. +Author: Nick Morrott <knowledgejun...@gmail.com> +Forwarded: https://github.com/mojolicious/mojo/pull/1371 +Last-Update: 2019-06-23 +--- +--- a/lib/Mojo/IOLoop/TLS.pm ++++ b/lib/Mojo/IOLoop/TLS.pm +@@ -14,8 +14,8 @@ + + has reactor => sub { Mojo::IOLoop->singleton->reactor }, weak => 1; + +-# To regenerate the certificate run this command (18.04.2012) +-# openssl req -new -x509 -keyout server.key -out server.crt -nodes -days 7300 ++# To regenerate the certificate run this command (22.06.2019) ++# openssl req -x509 -newkey rsa:4096 -nodes -sha256 -out server.crt -keyout server.key -days 7300 -subj '/CN=localhost' + my $CERT = path(__FILE__)->sibling('resources', 'server.crt')->to_string; + my $KEY = path(__FILE__)->sibling('resources', 'server.key')->to_string; + +--- a/lib/Mojo/IOLoop/resources/server.crt ++++ b/lib/Mojo/IOLoop/resources/server.crt +@@ -1,21 +1,29 @@ + -----BEGIN CERTIFICATE----- +-MIIDaTCCAtKgAwIBAgIJAI+AzotR68CTMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD +-VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjESMBAGA1UEBxMJSGFtYmVy +-Z2VuMRQwEgYDVQQKEwtNb2pvbGljaW91czESMBAGA1UEAxMJbG9jYWxob3N0MRsw +-GQYJKoZIhvcNAQkBFgxzcmlAY3Bhbi5vcmcwHhcNMTIwNDE4MTczOTU5WhcNMzIw +-NDEzMTczOTU5WjCBgDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hz +-ZW4xEjAQBgNVBAcTCUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQ +-BgNVBAMTCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMc3JpQGNwYW4ub3JnMIGf +-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCohcU0qG+hHn6JK8XdygAJo7EuRqG2 +-5GSHaRRMyYgd89tEluInMH86tVcktJ1s/0VVvr5anAp8L7Pgu01Wr13OfgIzBxCz +-51ZIFxq4DtimBftXs9Z9M0sui2NuIPDrMEjkYUhUsxMEZcDSp2KJjDosZjSYUiiF +-G2ACvVGXSrS16QIDAQABo4HoMIHlMB0GA1UdDgQWBBSrZ+hIlPTgV7xx2O9wzdIO +-/d4osDCBtQYDVR0jBIGtMIGqgBSrZ+hIlPTgV7xx2O9wzdIO/d4osKGBhqSBgzCB +-gDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xEjAQBgNVBAcT +-CUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQBgNVBAMTCWxvY2Fs +-aG9zdDEbMBkGCSqGSIb3DQEJARYMc3JpQGNwYW4ub3JnggkAj4DOi1HrwJMwDAYD +-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAq6MXA7ZeO7B7vAcWxQKeLPKSy +-Jzkb1bC/agaISDbOwuZ1AoQSj6OQHKhNIdY5v/oLQJ0B8wB0dIigqn1WVacDtPgu +-PKSrxpqieDCh2bJ7+dyQIzQHgtZqPHi5k1PyNNXQxC94kPWdFp6PpF0M/y97aCxC +-ZQjKgDfncFWY3FHqUw== ++MIIFCTCCAvGgAwIBAgIUKG1VkDD+euOxwJ5EE1XFMxfrwEQwDQYJKoZIhvcNAQEL ++BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDYyMjIyMTUzN1oXDTM5MDYx ++NzIyMTUzN1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF ++AAOCAg8AMIICCgKCAgEA254eaczkm1l/gFgxaDZvHPAWyR/Bxm3rlEQ5X4+n5fvD ++SvZKInHoidh5AcVbvprE3GgwG5IJM8tsKo0Q6h9TSKm8+tBW8oAirbI2WTEj4EFm ++yWpZcxpVpB07Sqx9WlU/1lMnSFR9AyKEpvTwign4iWCKrfJlh2p8cZ1j0y4brdtF ++mBsueJcyAx5ZW+4lBohF83f4tmX/h5zfGRblV6V7EpjMMWCtqBZ5snJxC1QS/nVb ++UrNqapztW1xwtNZxPmf6YArMPTJ0yRjMpEUbhPz3JjWQQmujgLf/KdyAh1L6LE0q ++PtxTfo3Bi2IORVpOJqMxUSkFNYS/Ami/J8+uX8CUDaBFUyff50ws1r2SHXUOSrUd ++kmlNjX5YZlejUku5nc4ouZ7bgDOaKmBNtesrj2wCbULJwEOZKAvBEZqI4ZyDFDoB ++c/y9YOq8qlUGYtIs46VpApN8kjQnuYziR3ZlPNdpKrEn3VEOwb+9NXSNHa5GxiE+ ++wzcGvGyPL/CZGZ9dwMty3I+ssxSdqdo/RnfQxWcjOexTCWz59II4wd3XhU+BkiSO ++2GK8103umWBd/0l1rvTyPgV+O+YP/o2u8V+wh6bOQ8EGahc3mOlJfWRegtFelGOY +++Y+hIMsNqI+WmcTmhRkNbXHcetOvDW1TLj6gTx8sagqTvmuJa5DYzyY1ahSbmfkC ++AwEAAaNTMFEwHQYDVR0OBBYEFD4OORwa3/UhbMhJjPayxNf5vuZzMB8GA1UdIwQY ++MBaAFD4OORwa3/UhbMhJjPayxNf5vuZzMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI ++hvcNAQELBQADggIBANiwCKr8zCPr8UP0KwxnTR6HBosDFzONF1WtiMk2Kq9/W3Rh ++qCzG9novw1dhGsuB23E+roxlaw5El+E41TIQ+APnUWwMq+CyaTP+jA1TNLQ5Y/cm ++euCDrQ35QI7I6vhzg82O+s5oX0u33q7M8DByYkXqCLmJ+oZ3dVunNJ0OSMM19tlf ++2wl5iCKwoIE+uVDTZgZlKIDbXmbmr6cH29qTIrQ1xijmk9VZxBxUm7toOiPEK86K ++blMbH6v2cozAMdp3jn8e6EFkug9S+X5VS77BAu6TpewxhOr4kotewB07WckRaGYe ++sIE2UaoBC/8uyrXIXA8XDYEEs1wDFVxlEcBaAQ977SlhLN2RVa1p/4mXU7y2apXQ ++EcEXWM/Z8DKCiKj034zafTOB+9XDjjtluUSm6ECt8QTlaxOXZmQ0kmSfFqEEXdBf ++RyGqzvHIBOspxIg8PWo9WeGh7yUrCO7uJyewUmH77PwMi+LBMXa24en3N+S7p4wk ++ao7BEf/h80g9XmY3kQGTGa4Pc0Bhla9mP61+BG2orl1K7meqZxBvF29c6qx4orQ0 ++eux0xKRiSuvsAptyTzGa5+wHCqYrGlKaC+rjqRVKHvyZWeJ5fnrB2CFPSzezG3EE ++emSP/BgDUdQQXDWgAET/nb6n1eCnYKZqwsp+HPNR/42ibQvwh0a6wnmHDeCD + -----END CERTIFICATE----- +--- a/lib/Mojo/IOLoop/resources/server.key ++++ b/lib/Mojo/IOLoop/resources/server.key +@@ -1,15 +1,52 @@ +------BEGIN RSA PRIVATE KEY----- +-MIICXAIBAAKBgQCohcU0qG+hHn6JK8XdygAJo7EuRqG25GSHaRRMyYgd89tEluIn +-MH86tVcktJ1s/0VVvr5anAp8L7Pgu01Wr13OfgIzBxCz51ZIFxq4DtimBftXs9Z9 +-M0sui2NuIPDrMEjkYUhUsxMEZcDSp2KJjDosZjSYUiiFG2ACvVGXSrS16QIDAQAB +-AoGALSdqp6lZ/7nD/c0Uv1CYofySROv3+KFJrl6hadG1/xCP99jVz9pWvMxKBTO/ +-2qyrT0ZEitK0nIHLmLOXDVr/rxzbxP/kHmkOLKj45jW31BSap89tUpFjFQXFfjwT +-YnOgOB4+eqQuGwigCqabcQPtFC4fU7Qzk7pdz/kO4FjR0GECQQDdXthCKgS7E5Zy +-qqzjepxYvKgkWPD3G9H6I8LOtiVBdcehflF8Y61OGsEST3pbOhrijhY281VnD1AG +-pNL1rOhDAkEAwuKKTN+2GF3m1mPtGW9jpkP8gU2zcO945U0jxpn2srjQ9oIoB45Y +-gqtE6yybRY4BBd+hMdgeH5dXSwsZW+FMYwJASrFy5LhKylisndoq5cJ8OJDHZyQ/ +-ghF4Ax/H3nmlDnZQOpRlqEP1uPHcDXKVxWxQn/rzUe0+9rw681Lv/4ctAwJAfyLO +-2muvHaJUr1QtH0S9m4AKwEfyYiC3m8+BIVTbzagoGki62IMSVtxob4uAGBYVsME9 +-JYk5zZ4rgndRKdGGxQJBAIpbdLBKArvnpbYIqNJGG83mUZ/VZaQl0G+S3zGkgre9 +-KjIuz10nNMNAKmGRrTbClLtvAQ9MVa3Xjnp+XmxPFho= +------END RSA PRIVATE KEY----- ++-----BEGIN PRIVATE KEY----- ++MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDbnh5pzOSbWX+A ++WDFoNm8c8BbJH8HGbeuURDlfj6fl+8NK9koiceiJ2HkBxVu+msTcaDAbkgkzy2wq ++jRDqH1NIqbz60FbygCKtsjZZMSPgQWbJallzGlWkHTtKrH1aVT/WUydIVH0DIoSm ++9PCKCfiJYIqt8mWHanxxnWPTLhut20WYGy54lzIDHllb7iUGiEXzd/i2Zf+HnN8Z ++FuVXpXsSmMwxYK2oFnmycnELVBL+dVtSs2pqnO1bXHC01nE+Z/pgCsw9MnTJGMyk ++RRuE/PcmNZBCa6OAt/8p3ICHUvosTSo+3FN+jcGLYg5FWk4mozFRKQU1hL8CaL8n ++z65fwJQNoEVTJ9/nTCzWvZIddQ5KtR2SaU2NflhmV6NSS7mdzii5ntuAM5oqYE21 ++6yuPbAJtQsnAQ5koC8ERmojhnIMUOgFz/L1g6ryqVQZi0izjpWkCk3ySNCe5jOJH ++dmU812kqsSfdUQ7Bv701dI0drkbGIT7DNwa8bI8v8JkZn13Ay3Lcj6yzFJ2p2j9G ++d9DFZyM57FMJbPn0gjjB3deFT4GSJI7YYrzXTe6ZYF3/SXWu9PI+BX475g/+ja7x ++X7CHps5DwQZqFzeY6Ul9ZF6C0V6UY5j5j6Egyw2oj5aZxOaFGQ1tcdx6068NbVMu ++PqBPHyxqCpO+a4lrkNjPJjVqFJuZ+QIDAQABAoICAGjl2nMAicTl96+O8HJtZZ81 ++0jxYrc6gnCBigeDyFekU2tAIWZqgO8jzm8DLyql89UCthyT0GO8jX9PnM0gQlFAl ++uv013AHSUD4U3D636QHpWzYjVPxUfMl5qONfBjTKeUZey2mR6XBA4Yl5fxb/8jVz ++5ml1WSdYJn6CBbdN06y0Cka/3O9+kEXLDjWJxyeamYbUK/i7OVVGCY3LUNoPUXyt ++fQKsweWCbrhcT0Bw9O2Tkn4q8k5gDENSIQdPUiHTulR7c9hbLEsNTFm+JInd5hLb ++DL+c+Ci4Oel9x+pbKOFWLjJ+PGc7QFHaESTxIFj2I803QaSxdiapb3yNhyV3L398 ++IKQoR8+1CHmDoJ/AqO9Otve7B4mEZpv/005xoGiE/svSbVi4bQgq0CuMJvv8dMn6 ++uImveMLJyGSqzV9LOH+gnf9ZK1T8xRHTtiBlmxaAp7nfuBdhk6Hh1VI6THOuOYvc ++ikhLxKqCoTJFOOcgCEPQOwT+YrREVuWM6rJkALgU7mNIq10JI/jjRONEgMLANNQm ++QIuaWAi+OUv8kq5We/8cf+t8o331CUo5A5oypiprYQe9NG5X1jQgLqDZcfo5KiXx ++6cARt0ar81EmrBas8fHbmvfjueQF/ELRwooF+Vxt8fRHmF7eGcAuMfP9fZK8xGE6 ++tWZmgwTAvEyshfOT9wEtAoIBAQDwZpUJy1Hhh+7jpnUKEcHV1lvw4u0vUoBMXG+I ++rrOdI2Wp5CHNzUVFeqwaqnEV4o5FodZEqIeq9ZCwgWzzswpb+ilLM+URLDG46e4Z ++vh40BJe7gHuQm6V195C0FKuIc5jW/qpJewxqRbuROOx/fCu7dRt3Ve5TxHG/ZW2V ++WCaMm1T0etG5Xe5gowGTLzYnIsv/Eq/lSfXb3o/3skG1sbbLZ62llQSrXVJIklHt ++UQP7vdIaYDdJBw1/tZ4elRaxF3EAYcGN5jt1sT3FdPqyJ8jz7sMl5qdKKXdxYbAk ++0bLu3FSPrrATfz5Wh7QBKuHrrxj1ctHIdbw1En30jwVGxpfXAoIBAQDp3kx3d7X7 ++sKMF9WlJ4kqS9SZX10B4PWJKc1C71sL9i4pt+giaTlViM0inD7pD5bRihQTLprf1 ++mkrF+sdgWRKRYMCrestp/3GHgsWJ9en6DAQABFbfYu44kXURNjWs1YshCiPgByHW ++v70oapKkX5XazUB2wJupdjTd1xOkZDCpFp0yLq9gMlgwyThLqshNCGqhXF6C7C9f ++fQ57B/iCBN7rBJLVb8TkNhj9h2VwfMliKtooXrw6AnkYOR9fJZnoFAMb+qKaexx5 ++dWJi1W9qX8j6bs11FvJgk8clRyCHchbXnTO6Uk/OF7rwRlYGEEkoRr59JB8BwG3x ++krOegxqz4uKvAoIBAC9MH3qD1CJJOkjz0QcgI0DNId2s5/ltg+yCKzd7F7+M3U2l ++orj47+4Ripbcfc9OeatdgeiUN8z873CqpiL0UM9z0ngHR8QvK8Ez1TKfYxXc6XVs ++e+MhnFYvVPr5Lh50j9eM1zgJy5GFErgpuO4EIh6JldPOxksY1UBQ1lSRuVPko7xO ++BcEwp9u/dmnc2gytHfGbXZwBBywxB6Y2HhN/WXV/enyfawHEJJI+p3vHer8mw5WI ++5JermY5Mz0U5E/PXptXqZchjScOIEZ0tvL0ccr77dM2aKcO/kM5v59X2o/u2wbRb ++LC1J1Zv0qwenxjc2hfSUmI2WDGdssfdRxDn+jJUCggEBAOmD29pWH9Hmd4EVoEHz ++v/6o5dZDyc3FjQVFy1EjiaNc16YkSL66hKr/BgY5wATXsZvFshoeqASGQS8ZzkY3 ++6kBa2Ubf34hBVXy3aMLuVugjY0MZEh0PTUoSg0/iTwn6V2dwFo400Ob6oMdgUnfq ++MVk+JKXuf/9fVj5D6Qr2N1g+ikt3LgnhewmLgbicGFBCnSXtczlK16qC1himxs4c ++SvFjqbGQXop4Mc/Eh9cf4n0wyJASt+M8YOl88AQzKU//23LuebnCP5ZPTSPedddD ++OQxF4sSNWwpvxCNGuAZGNuSnxOTAF4tzSmdr860uSb37lWyiyosXNzBFCTC3O8xu ++OWUCggEBAJGYdDmEaYEZLTgL10QfgNFKm0JWXKJJJ3WU+Bcv2lJyIYKqDdQueFSA ++aMNF/84xrEWR7F+4V3r+Ba5OxAiK9wF/KcsHRAJ6aeFtZl+0mPnaCL3NQgmvacGH ++5947mGHwPc/Lc2m03Is4pgHZuntGfDV2gFjvUgzXyFqbxkUb+pykXOF8fezogUB4 ++yJ0m1Z653VlsC0TxoDGqBNs7RXevtlTywFH/4dk38pU3K8U5pBd3i3sy3a85uqLK ++YMpCGdtsAqKNZP6Jyn6dqmW/BW1G49jm4IE5LExR9seUc8o8x1DMkkpADwsfdHEt ++yJAem0VCWqqMK02V9nOZ/ZGTPYVnXds= ++-----END PRIVATE KEY----- unblock libmojolicious-perl/8.12+dfsg-2 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (600, 'testing'), (200, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Hi Nick, On 23-06-2019 21:38, Nick Morrott wrote: > unblock libmojolicious-perl/8.12+dfsg-2 Unstable and testing have the same -1 version. As the package had to be ready last Tuesday to be part of the initial release of buster, I am closing this bug as there is nothing to do for us. If you care enough, please prepare your fix for the first point release. Paulsignature.asc
Description: OpenPGP digital signature
--- End Message ---