Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock Severity: normal
Please unblock package libmojolicious-perl As of Debian 10 "buster" the system-wide default minimum supported TLS level is 1.2. The upstream mojolicious source provides an SSL key intended for local development testing (/CN=localhost) which does not support TLS 1.2 (it was created with RSA:1024 and SHA1 digests). New installations of buster and migrations from stretch using the updated openssl configuration will be affected. Please see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929675 for the Debian bug report. The patch provided in libmojolicious-perl 8.12+dfsg-2 replaces the upstream RSA:1024/SHA1 key with a new key generated for localhost using RSA:4096/SHA256 that supports TLS 1.3. No code changes are made. $ debdiff libmojolicious-perl_8.12+dfsg-1.dsc libmojolicious-perl_8.12+dfsg-2.dsc dpkg-source: warning: extracting unsigned source package (/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-1.dsc) dpkg-source: warning: extracting unsigned source package (/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-2.dsc) diff -Nru libmojolicious-perl-8.12+dfsg/debian/changelog libmojolicious-perl-8.12+dfsg/debian/changelog --- libmojolicious-perl-8.12+dfsg/debian/changelog 2019-02-05 17:58:40.000000000 +0000 +++ libmojolicious-perl-8.12+dfsg/debian/changelog 2019-06-23 19:51:20.000000000 +0100 @@ -1,3 +1,9 @@ +libmojolicious-perl (8.12+dfsg-2) unstable; urgency=medium + + * d/patches: add update-ssl-tls-certificate (Closes: #929675) + + -- Nick Morrott <knowledgejun...@gmail.com> Sun, 23 Jun 2019 19:51:20 +0100 + libmojolicious-perl (8.12+dfsg-1) unstable; urgency=medium * Import upstream version 8.12+dfsg. diff -Nru libmojolicious-perl-8.12+dfsg/debian/patches/series libmojolicious-perl-8.12+dfsg/debian/patches/series --- libmojolicious-perl-8.12+dfsg/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libmojolicious-perl-8.12+dfsg/debian/patches/series 2019-06-23 19:51:20.000000000 +0100 @@ -0,0 +1 @@ +update-ssl-tls-certificate diff -Nru libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate --- libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate 1970-01-01 01:00:00.000000000 +0100 +++ libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate 2019-06-23 19:51:20.000000000 +0100 @@ -0,0 +1,143 @@ +Description: Update default https certificate to support TLS 1.2+ + This patch replaces the upstream https certificate (RSA:1024, SHA1) that is + used for local development (CN=localhost) with a new certificate + (RSA:4096, SHA256) that supports the updated TLS 1.2 minimum-default-supported + TLS level on buster. +Author: Nick Morrott <knowledgejun...@gmail.com> +Forwarded: https://github.com/mojolicious/mojo/pull/1371 +Last-Update: 2019-06-23 +--- +--- a/lib/Mojo/IOLoop/TLS.pm ++++ b/lib/Mojo/IOLoop/TLS.pm +@@ -14,8 +14,8 @@ + + has reactor => sub { Mojo::IOLoop->singleton->reactor }, weak => 1; + +-# To regenerate the certificate run this command (18.04.2012) +-# openssl req -new -x509 -keyout server.key -out server.crt -nodes -days 7300 ++# To regenerate the certificate run this command (22.06.2019) ++# openssl req -x509 -newkey rsa:4096 -nodes -sha256 -out server.crt -keyout server.key -days 7300 -subj '/CN=localhost' + my $CERT = path(__FILE__)->sibling('resources', 'server.crt')->to_string; + my $KEY = path(__FILE__)->sibling('resources', 'server.key')->to_string; + +--- a/lib/Mojo/IOLoop/resources/server.crt ++++ b/lib/Mojo/IOLoop/resources/server.crt +@@ -1,21 +1,29 @@ + -----BEGIN CERTIFICATE----- +-MIIDaTCCAtKgAwIBAgIJAI+AzotR68CTMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD +-VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjESMBAGA1UEBxMJSGFtYmVy +-Z2VuMRQwEgYDVQQKEwtNb2pvbGljaW91czESMBAGA1UEAxMJbG9jYWxob3N0MRsw +-GQYJKoZIhvcNAQkBFgxzcmlAY3Bhbi5vcmcwHhcNMTIwNDE4MTczOTU5WhcNMzIw +-NDEzMTczOTU5WjCBgDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hz +-ZW4xEjAQBgNVBAcTCUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQ +-BgNVBAMTCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMc3JpQGNwYW4ub3JnMIGf +-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCohcU0qG+hHn6JK8XdygAJo7EuRqG2 +-5GSHaRRMyYgd89tEluInMH86tVcktJ1s/0VVvr5anAp8L7Pgu01Wr13OfgIzBxCz +-51ZIFxq4DtimBftXs9Z9M0sui2NuIPDrMEjkYUhUsxMEZcDSp2KJjDosZjSYUiiF +-G2ACvVGXSrS16QIDAQABo4HoMIHlMB0GA1UdDgQWBBSrZ+hIlPTgV7xx2O9wzdIO +-/d4osDCBtQYDVR0jBIGtMIGqgBSrZ+hIlPTgV7xx2O9wzdIO/d4osKGBhqSBgzCB +-gDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xEjAQBgNVBAcT +-CUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQBgNVBAMTCWxvY2Fs +-aG9zdDEbMBkGCSqGSIb3DQEJARYMc3JpQGNwYW4ub3JnggkAj4DOi1HrwJMwDAYD +-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAq6MXA7ZeO7B7vAcWxQKeLPKSy +-Jzkb1bC/agaISDbOwuZ1AoQSj6OQHKhNIdY5v/oLQJ0B8wB0dIigqn1WVacDtPgu +-PKSrxpqieDCh2bJ7+dyQIzQHgtZqPHi5k1PyNNXQxC94kPWdFp6PpF0M/y97aCxC +-ZQjKgDfncFWY3FHqUw== ++MIIFCTCCAvGgAwIBAgIUKG1VkDD+euOxwJ5EE1XFMxfrwEQwDQYJKoZIhvcNAQEL ++BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDYyMjIyMTUzN1oXDTM5MDYx ++NzIyMTUzN1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF ++AAOCAg8AMIICCgKCAgEA254eaczkm1l/gFgxaDZvHPAWyR/Bxm3rlEQ5X4+n5fvD ++SvZKInHoidh5AcVbvprE3GgwG5IJM8tsKo0Q6h9TSKm8+tBW8oAirbI2WTEj4EFm ++yWpZcxpVpB07Sqx9WlU/1lMnSFR9AyKEpvTwign4iWCKrfJlh2p8cZ1j0y4brdtF ++mBsueJcyAx5ZW+4lBohF83f4tmX/h5zfGRblV6V7EpjMMWCtqBZ5snJxC1QS/nVb ++UrNqapztW1xwtNZxPmf6YArMPTJ0yRjMpEUbhPz3JjWQQmujgLf/KdyAh1L6LE0q ++PtxTfo3Bi2IORVpOJqMxUSkFNYS/Ami/J8+uX8CUDaBFUyff50ws1r2SHXUOSrUd ++kmlNjX5YZlejUku5nc4ouZ7bgDOaKmBNtesrj2wCbULJwEOZKAvBEZqI4ZyDFDoB ++c/y9YOq8qlUGYtIs46VpApN8kjQnuYziR3ZlPNdpKrEn3VEOwb+9NXSNHa5GxiE+ ++wzcGvGyPL/CZGZ9dwMty3I+ssxSdqdo/RnfQxWcjOexTCWz59II4wd3XhU+BkiSO ++2GK8103umWBd/0l1rvTyPgV+O+YP/o2u8V+wh6bOQ8EGahc3mOlJfWRegtFelGOY +++Y+hIMsNqI+WmcTmhRkNbXHcetOvDW1TLj6gTx8sagqTvmuJa5DYzyY1ahSbmfkC ++AwEAAaNTMFEwHQYDVR0OBBYEFD4OORwa3/UhbMhJjPayxNf5vuZzMB8GA1UdIwQY ++MBaAFD4OORwa3/UhbMhJjPayxNf5vuZzMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI ++hvcNAQELBQADggIBANiwCKr8zCPr8UP0KwxnTR6HBosDFzONF1WtiMk2Kq9/W3Rh ++qCzG9novw1dhGsuB23E+roxlaw5El+E41TIQ+APnUWwMq+CyaTP+jA1TNLQ5Y/cm ++euCDrQ35QI7I6vhzg82O+s5oX0u33q7M8DByYkXqCLmJ+oZ3dVunNJ0OSMM19tlf ++2wl5iCKwoIE+uVDTZgZlKIDbXmbmr6cH29qTIrQ1xijmk9VZxBxUm7toOiPEK86K ++blMbH6v2cozAMdp3jn8e6EFkug9S+X5VS77BAu6TpewxhOr4kotewB07WckRaGYe ++sIE2UaoBC/8uyrXIXA8XDYEEs1wDFVxlEcBaAQ977SlhLN2RVa1p/4mXU7y2apXQ ++EcEXWM/Z8DKCiKj034zafTOB+9XDjjtluUSm6ECt8QTlaxOXZmQ0kmSfFqEEXdBf ++RyGqzvHIBOspxIg8PWo9WeGh7yUrCO7uJyewUmH77PwMi+LBMXa24en3N+S7p4wk ++ao7BEf/h80g9XmY3kQGTGa4Pc0Bhla9mP61+BG2orl1K7meqZxBvF29c6qx4orQ0 ++eux0xKRiSuvsAptyTzGa5+wHCqYrGlKaC+rjqRVKHvyZWeJ5fnrB2CFPSzezG3EE ++emSP/BgDUdQQXDWgAET/nb6n1eCnYKZqwsp+HPNR/42ibQvwh0a6wnmHDeCD + -----END CERTIFICATE----- +--- a/lib/Mojo/IOLoop/resources/server.key ++++ b/lib/Mojo/IOLoop/resources/server.key +@@ -1,15 +1,52 @@ +------BEGIN RSA PRIVATE KEY----- +-MIICXAIBAAKBgQCohcU0qG+hHn6JK8XdygAJo7EuRqG25GSHaRRMyYgd89tEluIn +-MH86tVcktJ1s/0VVvr5anAp8L7Pgu01Wr13OfgIzBxCz51ZIFxq4DtimBftXs9Z9 +-M0sui2NuIPDrMEjkYUhUsxMEZcDSp2KJjDosZjSYUiiFG2ACvVGXSrS16QIDAQAB +-AoGALSdqp6lZ/7nD/c0Uv1CYofySROv3+KFJrl6hadG1/xCP99jVz9pWvMxKBTO/ +-2qyrT0ZEitK0nIHLmLOXDVr/rxzbxP/kHmkOLKj45jW31BSap89tUpFjFQXFfjwT +-YnOgOB4+eqQuGwigCqabcQPtFC4fU7Qzk7pdz/kO4FjR0GECQQDdXthCKgS7E5Zy +-qqzjepxYvKgkWPD3G9H6I8LOtiVBdcehflF8Y61OGsEST3pbOhrijhY281VnD1AG +-pNL1rOhDAkEAwuKKTN+2GF3m1mPtGW9jpkP8gU2zcO945U0jxpn2srjQ9oIoB45Y +-gqtE6yybRY4BBd+hMdgeH5dXSwsZW+FMYwJASrFy5LhKylisndoq5cJ8OJDHZyQ/ +-ghF4Ax/H3nmlDnZQOpRlqEP1uPHcDXKVxWxQn/rzUe0+9rw681Lv/4ctAwJAfyLO +-2muvHaJUr1QtH0S9m4AKwEfyYiC3m8+BIVTbzagoGki62IMSVtxob4uAGBYVsME9 +-JYk5zZ4rgndRKdGGxQJBAIpbdLBKArvnpbYIqNJGG83mUZ/VZaQl0G+S3zGkgre9 +-KjIuz10nNMNAKmGRrTbClLtvAQ9MVa3Xjnp+XmxPFho= +------END RSA PRIVATE KEY----- ++-----BEGIN PRIVATE KEY----- ++MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDbnh5pzOSbWX+A ++WDFoNm8c8BbJH8HGbeuURDlfj6fl+8NK9koiceiJ2HkBxVu+msTcaDAbkgkzy2wq ++jRDqH1NIqbz60FbygCKtsjZZMSPgQWbJallzGlWkHTtKrH1aVT/WUydIVH0DIoSm ++9PCKCfiJYIqt8mWHanxxnWPTLhut20WYGy54lzIDHllb7iUGiEXzd/i2Zf+HnN8Z ++FuVXpXsSmMwxYK2oFnmycnELVBL+dVtSs2pqnO1bXHC01nE+Z/pgCsw9MnTJGMyk ++RRuE/PcmNZBCa6OAt/8p3ICHUvosTSo+3FN+jcGLYg5FWk4mozFRKQU1hL8CaL8n ++z65fwJQNoEVTJ9/nTCzWvZIddQ5KtR2SaU2NflhmV6NSS7mdzii5ntuAM5oqYE21 ++6yuPbAJtQsnAQ5koC8ERmojhnIMUOgFz/L1g6ryqVQZi0izjpWkCk3ySNCe5jOJH ++dmU812kqsSfdUQ7Bv701dI0drkbGIT7DNwa8bI8v8JkZn13Ay3Lcj6yzFJ2p2j9G ++d9DFZyM57FMJbPn0gjjB3deFT4GSJI7YYrzXTe6ZYF3/SXWu9PI+BX475g/+ja7x ++X7CHps5DwQZqFzeY6Ul9ZF6C0V6UY5j5j6Egyw2oj5aZxOaFGQ1tcdx6068NbVMu ++PqBPHyxqCpO+a4lrkNjPJjVqFJuZ+QIDAQABAoICAGjl2nMAicTl96+O8HJtZZ81 ++0jxYrc6gnCBigeDyFekU2tAIWZqgO8jzm8DLyql89UCthyT0GO8jX9PnM0gQlFAl ++uv013AHSUD4U3D636QHpWzYjVPxUfMl5qONfBjTKeUZey2mR6XBA4Yl5fxb/8jVz ++5ml1WSdYJn6CBbdN06y0Cka/3O9+kEXLDjWJxyeamYbUK/i7OVVGCY3LUNoPUXyt ++fQKsweWCbrhcT0Bw9O2Tkn4q8k5gDENSIQdPUiHTulR7c9hbLEsNTFm+JInd5hLb ++DL+c+Ci4Oel9x+pbKOFWLjJ+PGc7QFHaESTxIFj2I803QaSxdiapb3yNhyV3L398 ++IKQoR8+1CHmDoJ/AqO9Otve7B4mEZpv/005xoGiE/svSbVi4bQgq0CuMJvv8dMn6 ++uImveMLJyGSqzV9LOH+gnf9ZK1T8xRHTtiBlmxaAp7nfuBdhk6Hh1VI6THOuOYvc ++ikhLxKqCoTJFOOcgCEPQOwT+YrREVuWM6rJkALgU7mNIq10JI/jjRONEgMLANNQm ++QIuaWAi+OUv8kq5We/8cf+t8o331CUo5A5oypiprYQe9NG5X1jQgLqDZcfo5KiXx ++6cARt0ar81EmrBas8fHbmvfjueQF/ELRwooF+Vxt8fRHmF7eGcAuMfP9fZK8xGE6 ++tWZmgwTAvEyshfOT9wEtAoIBAQDwZpUJy1Hhh+7jpnUKEcHV1lvw4u0vUoBMXG+I ++rrOdI2Wp5CHNzUVFeqwaqnEV4o5FodZEqIeq9ZCwgWzzswpb+ilLM+URLDG46e4Z ++vh40BJe7gHuQm6V195C0FKuIc5jW/qpJewxqRbuROOx/fCu7dRt3Ve5TxHG/ZW2V ++WCaMm1T0etG5Xe5gowGTLzYnIsv/Eq/lSfXb3o/3skG1sbbLZ62llQSrXVJIklHt ++UQP7vdIaYDdJBw1/tZ4elRaxF3EAYcGN5jt1sT3FdPqyJ8jz7sMl5qdKKXdxYbAk ++0bLu3FSPrrATfz5Wh7QBKuHrrxj1ctHIdbw1En30jwVGxpfXAoIBAQDp3kx3d7X7 ++sKMF9WlJ4kqS9SZX10B4PWJKc1C71sL9i4pt+giaTlViM0inD7pD5bRihQTLprf1 ++mkrF+sdgWRKRYMCrestp/3GHgsWJ9en6DAQABFbfYu44kXURNjWs1YshCiPgByHW ++v70oapKkX5XazUB2wJupdjTd1xOkZDCpFp0yLq9gMlgwyThLqshNCGqhXF6C7C9f ++fQ57B/iCBN7rBJLVb8TkNhj9h2VwfMliKtooXrw6AnkYOR9fJZnoFAMb+qKaexx5 ++dWJi1W9qX8j6bs11FvJgk8clRyCHchbXnTO6Uk/OF7rwRlYGEEkoRr59JB8BwG3x ++krOegxqz4uKvAoIBAC9MH3qD1CJJOkjz0QcgI0DNId2s5/ltg+yCKzd7F7+M3U2l ++orj47+4Ripbcfc9OeatdgeiUN8z873CqpiL0UM9z0ngHR8QvK8Ez1TKfYxXc6XVs ++e+MhnFYvVPr5Lh50j9eM1zgJy5GFErgpuO4EIh6JldPOxksY1UBQ1lSRuVPko7xO ++BcEwp9u/dmnc2gytHfGbXZwBBywxB6Y2HhN/WXV/enyfawHEJJI+p3vHer8mw5WI ++5JermY5Mz0U5E/PXptXqZchjScOIEZ0tvL0ccr77dM2aKcO/kM5v59X2o/u2wbRb ++LC1J1Zv0qwenxjc2hfSUmI2WDGdssfdRxDn+jJUCggEBAOmD29pWH9Hmd4EVoEHz ++v/6o5dZDyc3FjQVFy1EjiaNc16YkSL66hKr/BgY5wATXsZvFshoeqASGQS8ZzkY3 ++6kBa2Ubf34hBVXy3aMLuVugjY0MZEh0PTUoSg0/iTwn6V2dwFo400Ob6oMdgUnfq ++MVk+JKXuf/9fVj5D6Qr2N1g+ikt3LgnhewmLgbicGFBCnSXtczlK16qC1himxs4c ++SvFjqbGQXop4Mc/Eh9cf4n0wyJASt+M8YOl88AQzKU//23LuebnCP5ZPTSPedddD ++OQxF4sSNWwpvxCNGuAZGNuSnxOTAF4tzSmdr860uSb37lWyiyosXNzBFCTC3O8xu ++OWUCggEBAJGYdDmEaYEZLTgL10QfgNFKm0JWXKJJJ3WU+Bcv2lJyIYKqDdQueFSA ++aMNF/84xrEWR7F+4V3r+Ba5OxAiK9wF/KcsHRAJ6aeFtZl+0mPnaCL3NQgmvacGH ++5947mGHwPc/Lc2m03Is4pgHZuntGfDV2gFjvUgzXyFqbxkUb+pykXOF8fezogUB4 ++yJ0m1Z653VlsC0TxoDGqBNs7RXevtlTywFH/4dk38pU3K8U5pBd3i3sy3a85uqLK ++YMpCGdtsAqKNZP6Jyn6dqmW/BW1G49jm4IE5LExR9seUc8o8x1DMkkpADwsfdHEt ++yJAem0VCWqqMK02V9nOZ/ZGTPYVnXds= ++-----END PRIVATE KEY----- unblock libmojolicious-perl/8.12+dfsg-2 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (600, 'testing'), (200, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled