Bug#833494: [Letsencrypt-devel] Bug#833494: acmetool: Does not correctly respond to changes in an ACME server's preferred agreement

2016-08-05 Thread Peter Colberg 
Control: severity -1 serious
Control: tag -1 fixed-upstream

Hi Uwe, Hugo,

On Fri, Aug 05, 2016 at 08:35:42AM +0200, Uwe Steinmann wrote:
> Fixes #191, whereby acmetool did not correctly respond to changes in an
> ACME server's preferred agreement. This is an important update and should
> be applied promptly, as it causes autorenewal to fail (though by design,
> acmetool requires intervention to agree to new agreements anyway).

I am fully aware of the severity of this bug, since I am affected
the same as every other Debian user with an existing LE registration.

Unfortunately the versions of acmetool that contain this fix depend on
three new golang packages that do not contain any mention of their
license in the source tree, and would therefore be rejected by Debian
ftp-masters if I attempted to upload them (with the help of sponsors).

Uwe, if you like, please let the author of acmetool know how important
this issue is to Debian users by supporting the requests [1-3] for
adding the license information to these golang packages.

[1] https://github.com/hlandau/goutils/issues/1
[3] https://github.com/hlandau/buildinfo/issues/1
[2] https://github.com/hlandau/dexlogconfig/issues/1

Hugo, I would be grateful if you could address the three issues by
appending a license declaration to each README.md. acmetool is a
well-written client that would be dearly missed by users of Debian
and Debian derivatives.

Regards,
Peter

Bug#833494: acmetool: Does not correctly respond to changes in an ACME server's preferred agreement

2016-08-05 Thread Uwe Steinmann 
Package: acmetool
Version: 0.0.54-1
Severity: important

Dear Maintainer,

Current version of acmetool has a problem with the agreement.

20160805081346 [CRITICAL] acmetool: fatal: reconcile: the following errors 
occurred:
error satisfying 
Target(xxx;https://acme-v01.api.letsencrypt.org/directory;0):
HTTP error: 400 Bad Request
map[Server:[nginx] Content-Type:[application/problem+json]
Boulder-Request-Id:[a8pizmxmElGgUHEUJwrrXaRRBPe-0updqBrZuKCauHo]
Pragma:[no-cache] Date:[Fri, 05 Aug 2016 06:13:46 GMT]
Content-Length:[265] Boulder-Requester:[1885796]
Replay-Nonce:[sKseTFb9KB-a6mkcMJs6ugOG3XwzaA-fUrwleqYiy38] Expires:[Fri,
05 Aug 2016 06:13:46 GMT] Cache-Control:[max-age=0, no-cache, no-store]]
{
  "type": "urn:acme:error:malformed",
  "detail": "Provided agreement URL

[https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf]
does not match current agreement URL

[https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf];,
  "status": 400
}

This seems to have the same source as #86 and acmetool 0.0.55 fixes
it according to the changelog:

Fixes #191, whereby acmetool did not correctly respond to changes in an
ACME server's preferred agreement. This is an important update and should
be applied promptly, as it causes autorenewal to fail (though by design,
acmetool requires intervention to agree to new agreements anyway).


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages acmetool depends on:
ii  libc62.23-4
ii  libcap2  1:2.25-1

Versions of packages acmetool recommends:
ii  dialog  1.3-20160424-1

acmetool suggests no packages.

-- no debconf information