Your message dated Mon, 08 Apr 2024 17:19:41 +0000
with message-id <e1rtsej-00dtg2...@fasolo.debian.org>
and subject line Bug#1068644: fixed in gnutls28 3.8.5-2
has caused the Debian Bug report #1068644,
regarding gnutls-bin: "Fatal error: The encryption algorithm is not supported"
appeared with 3.8.5 upgrade
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1068644: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068644
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnutls-bin
Version: 3.8.5-1
Severity: normal
X-Debbugs-Cc: none, Sanjoy Mahajan <san...@mit.edu>
File: /usr/bin/gnutls-cli
After dist-upgrading today, exim4 could no longer talk to my usual
outgoing mail server. I reproduced the problem using just gnutls-cli.
The problem started after today's upgrade of the various gnutls
packages. They were upgraded from 3.8.4-2 to 3.8.5-1.
The following command with the given input lines reproduces the problem:
$ gnutls-cli -V -d 9 --starttls --crlf --port 587 -V outgoing.mit.edu
EHLO randomhost
STARTTLS
ctrl-D [to send EOF]
It fails with "*** Fatal error: The encryption algorithm is not supported."
(I haven't tried it with other outgoing servers, but this one definitely
shows the problem.)
The problem goes away after downgrading the relevant packages to 3.8.4-2 :
# apt install gnutls-bin=3.8.4-2 gnutls-doc=3.8.4-2
libgnutls-dane0t64=3.8.4-2 libgnutls-openssl27t64=3.8.4-2
libgnutls28-dev=3.8.4-2 libgnutls30t64=3.8.4-2
(My sources.list includes the snapshots repos
deb [check-valid-until=no]
http://snapshot.debian.org/archive/debian/20240329T213539Z/ unstable main
deb-src [check-valid-until=no]
http://snapshot.debian.org/archive/debian/20240329T213539Z/ unstable main
)
The lines around the fatal error message with 3.8.5-1 are:
|<4>| HSK[0x5632451d5260]: SERVER HELLO DONE (14) was received. Length 0[0],
frag offset 0, frag length: 0, sequence: 0
|<3>| ASSERT: ../../lib/buffers.c[get_last_packet]:1130
|<3>| ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1374
|<3>| ASSERT: ../../../lib/nettle/pk.c[_wrap_nettle_pk_encrypt]:773
|<3>| ASSERT: ../../../lib/auth/rsa.c[_gnutls_gen_rsa_client_kx]:288
|<3>| ASSERT: ../../lib/kx.c[_gnutls_send_client_kx_message]:379
|<3>| ASSERT: ../../lib/handshake.c[handshake_client]:3183
*** Fatal error: The encryption algorithm is not supported.
|<5>| REC: Sending Alert[2|80] - Internal error
|<5>| REC[0x5632451d5260]: Preparing Packet Alert(21) with length: 2 and min
pad: 0
|<9>| ENC[0x5632451d5260]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
|<5>| REC[0x5632451d5260]: Sent Packet[2] Alert(21) in epoch 0 and length: 7
*** Handshake has failed
|<5>| REC[0x5632451d5260]: Start of epoch cleanup
|<5>| REC[0x5632451d5260]: End of epoch cleanup
|<5>| REC[0x5632451d5260]: Epoch #0 freed
|<5>| REC[0x5632451d5260]: Epoch #1 freed
I've kept my packages at 3.8.4-2 for now,n but I can do more debug tests
if needed (by upgrading, testing, and downgrading).
-Sanjoy
-- System Information:
Debian Release: sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500,
'testing-debug'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gnutls-bin depends on:
ii libc6 2.37-15.1
ii libgnutls-dane0t64 3.8.5-1
ii libgnutls30t64 3.8.5-1
ii libtasn1-6 4.19.0-3+b2
gnutls-bin recommends no packages.
gnutls-bin suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.8.5-2
Done: Andreas Metzler <ametz...@debian.org>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1068...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametz...@debian.org> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 08 Apr 2024 18:27:17 +0200
Source: gnutls28
Architecture: source
Version: 3.8.5-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametz...@debian.org>
Closes: 1068644
Changes:
gnutls28 (3.8.5-2) unstable; urgency=medium
.
* Add 45_Revert_Add-option-to-disable-RSAES-PKCS1-v1_5.patch, reverting
upstream commit 10ebc37e41343cb5b18ee9f0b8e2c45c3d83e8c7.
Closes: #1068644
Checksums-Sha1:
6e975f54131b56a36b3abce1a2a4bf88304d9752 3268 gnutls28_3.8.5-2.dsc
6d2b8436d4a52976c4e87e9ea32f6f882ae81f36 79356 gnutls28_3.8.5-2.debian.tar.xz
Checksums-Sha256:
ff96a5441cb3e65cfff2dcde9995ea2dec71eab45abc0fe3c595679867a2ef93 3268
gnutls28_3.8.5-2.dsc
5a29cdcec8bc2cee41a179041063f0df762f6f43c83757f1e8c290f0606088de 79356
gnutls28_3.8.5-2.debian.tar.xz
Files:
ef99739b2c6fa9077fcbae0981261408 3268 libs optional gnutls28_3.8.5-2.dsc
dd9cd11239af310f5bb8f09ae3e56e0f 79356 libs optional
gnutls28_3.8.5-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmYUIfMACgkQpU8BhUOC
FISnkA//dEhFeWfPv57AjYwQRIVAnJM10U8P1lkNWPHN50PpQ0hUJCEyqr9mPCGE
eckYC8nzeYkVyw3OfYWrsdXBbPdZ2swyENUtR51lNZ/pTsU2QW+jAA57WHFyQvTs
6F+Q0awtY9hq4n9MRcbt7/0pYGh7Qg3gWizeqUM8TLxzfBRcRHvmg8dANb7sSPOU
vGrNVR5iz8ryzNtzIMiopm41T0tZkm6CshG9ZhHa9avLJysF26yLAU28s3Eg4W45
1JZ1HtD5mBoa0Y7m6+PU5qtdNVGSiQnEZt2NkxVOM7uxsIzYEQc1OPOUdIC51UKp
+qO0N64IIMVuyx8uCeILRalJZrTrdlyahA6ywofPC9YthrHeCmxv9vAqEKIx92Cg
S91TOQO/X08NxdUxdn5yAVJJhvLLlpTw8YLPv36TJYveicN5BB8ci6+UUcQjc706
ubcdXnSFyL/WUWqpwYVNMlMqsr16ZyRXB5TC4h/PHwn43vBicfwa1f4ZBCH7vqAp
krP2P91zwoaDZe1fBOQDQwuZmFC+mgIopxDnnhZRSieNgwsqWwASKDLOjgzusFZq
fbxh36RccDL8zcNm3wlecNho0vZAGkeKRv+U7HCmf4Vpi5sgiivxoPD7MJmm+Sq1
7pfcDw1tzv0kSZisgLbwHoCNXjxMPazaAZ5YwvR3Cw43+9XArkQ=
=8PJR
-----END PGP SIGNATURE-----
pgpubNOZ5WOTd.pgp
Description: PGP signature
--- End Message ---
