Your message dated Mon, 08 Apr 2024 17:19:41 +0000 with message-id <e1rtsej-00dtg2...@fasolo.debian.org> and subject line Bug#1068644: fixed in gnutls28 3.8.5-2 has caused the Debian Bug report #1068644, regarding gnutls-bin: "Fatal error: The encryption algorithm is not supported" appeared with 3.8.5 upgrade to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068644: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068644 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gnutls-bin Version: 3.8.5-1 Severity: normal X-Debbugs-Cc: none, Sanjoy Mahajan <san...@mit.edu> File: /usr/bin/gnutls-cli After dist-upgrading today, exim4 could no longer talk to my usual outgoing mail server. I reproduced the problem using just gnutls-cli. The problem started after today's upgrade of the various gnutls packages. They were upgraded from 3.8.4-2 to 3.8.5-1. The following command with the given input lines reproduces the problem: $ gnutls-cli -V -d 9 --starttls --crlf --port 587 -V outgoing.mit.edu EHLO randomhost STARTTLS ctrl-D [to send EOF] It fails with "*** Fatal error: The encryption algorithm is not supported." (I haven't tried it with other outgoing servers, but this one definitely shows the problem.) The problem goes away after downgrading the relevant packages to 3.8.4-2 : # apt install gnutls-bin=3.8.4-2 gnutls-doc=3.8.4-2 libgnutls-dane0t64=3.8.4-2 libgnutls-openssl27t64=3.8.4-2 libgnutls28-dev=3.8.4-2 libgnutls30t64=3.8.4-2 (My sources.list includes the snapshots repos deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20240329T213539Z/ unstable main deb-src [check-valid-until=no] http://snapshot.debian.org/archive/debian/20240329T213539Z/ unstable main ) The lines around the fatal error message with 3.8.5-1 are: |<4>| HSK[0x5632451d5260]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0 |<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1130 |<3>| ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1374 |<3>| ASSERT: ../../../lib/nettle/pk.c[_wrap_nettle_pk_encrypt]:773 |<3>| ASSERT: ../../../lib/auth/rsa.c[_gnutls_gen_rsa_client_kx]:288 |<3>| ASSERT: ../../lib/kx.c[_gnutls_send_client_kx_message]:379 |<3>| ASSERT: ../../lib/handshake.c[handshake_client]:3183 *** Fatal error: The encryption algorithm is not supported. |<5>| REC: Sending Alert[2|80] - Internal error |<5>| REC[0x5632451d5260]: Preparing Packet Alert(21) with length: 2 and min pad: 0 |<9>| ENC[0x5632451d5260]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 |<5>| REC[0x5632451d5260]: Sent Packet[2] Alert(21) in epoch 0 and length: 7 *** Handshake has failed |<5>| REC[0x5632451d5260]: Start of epoch cleanup |<5>| REC[0x5632451d5260]: End of epoch cleanup |<5>| REC[0x5632451d5260]: Epoch #0 freed |<5>| REC[0x5632451d5260]: Epoch #1 freed I've kept my packages at 3.8.4-2 for now,n but I can do more debug tests if needed (by upgrading, testing, and downgrading). -Sanjoy -- System Information: Debian Release: sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gnutls-bin depends on: ii libc6 2.37-15.1 ii libgnutls-dane0t64 3.8.5-1 ii libgnutls30t64 3.8.5-1 ii libtasn1-6 4.19.0-3+b2 gnutls-bin recommends no packages. gnutls-bin suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: gnutls28 Source-Version: 3.8.5-2 Done: Andreas Metzler <ametz...@debian.org> We believe that the bug you reported is fixed in the latest version of gnutls28, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <ametz...@debian.org> (supplier of updated gnutls28 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 08 Apr 2024 18:27:17 +0200 Source: gnutls28 Architecture: source Version: 3.8.5-2 Distribution: unstable Urgency: medium Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametz...@debian.org> Closes: 1068644 Changes: gnutls28 (3.8.5-2) unstable; urgency=medium . * Add 45_Revert_Add-option-to-disable-RSAES-PKCS1-v1_5.patch, reverting upstream commit 10ebc37e41343cb5b18ee9f0b8e2c45c3d83e8c7. Closes: #1068644 Checksums-Sha1: 6e975f54131b56a36b3abce1a2a4bf88304d9752 3268 gnutls28_3.8.5-2.dsc 6d2b8436d4a52976c4e87e9ea32f6f882ae81f36 79356 gnutls28_3.8.5-2.debian.tar.xz Checksums-Sha256: ff96a5441cb3e65cfff2dcde9995ea2dec71eab45abc0fe3c595679867a2ef93 3268 gnutls28_3.8.5-2.dsc 5a29cdcec8bc2cee41a179041063f0df762f6f43c83757f1e8c290f0606088de 79356 gnutls28_3.8.5-2.debian.tar.xz Files: ef99739b2c6fa9077fcbae0981261408 3268 libs optional gnutls28_3.8.5-2.dsc dd9cd11239af310f5bb8f09ae3e56e0f 79356 libs optional gnutls28_3.8.5-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmYUIfMACgkQpU8BhUOC FISnkA//dEhFeWfPv57AjYwQRIVAnJM10U8P1lkNWPHN50PpQ0hUJCEyqr9mPCGE eckYC8nzeYkVyw3OfYWrsdXBbPdZ2swyENUtR51lNZ/pTsU2QW+jAA57WHFyQvTs 6F+Q0awtY9hq4n9MRcbt7/0pYGh7Qg3gWizeqUM8TLxzfBRcRHvmg8dANb7sSPOU vGrNVR5iz8ryzNtzIMiopm41T0tZkm6CshG9ZhHa9avLJysF26yLAU28s3Eg4W45 1JZ1HtD5mBoa0Y7m6+PU5qtdNVGSiQnEZt2NkxVOM7uxsIzYEQc1OPOUdIC51UKp +qO0N64IIMVuyx8uCeILRalJZrTrdlyahA6ywofPC9YthrHeCmxv9vAqEKIx92Cg S91TOQO/X08NxdUxdn5yAVJJhvLLlpTw8YLPv36TJYveicN5BB8ci6+UUcQjc706 ubcdXnSFyL/WUWqpwYVNMlMqsr16ZyRXB5TC4h/PHwn43vBicfwa1f4ZBCH7vqAp krP2P91zwoaDZe1fBOQDQwuZmFC+mgIopxDnnhZRSieNgwsqWwASKDLOjgzusFZq fbxh36RccDL8zcNm3wlecNho0vZAGkeKRv+U7HCmf4Vpi5sgiivxoPD7MJmm+Sq1 7pfcDw1tzv0kSZisgLbwHoCNXjxMPazaAZ5YwvR3Cw43+9XArkQ= =8PJR -----END PGP SIGNATURE-----pgpubNOZ5WOTd.pgp
Description: PGP signature
--- End Message ---