On Sun, Jun 05, 2022 at 08:44:22PM +0200, Sebastian Andrzej Siewior wrote:
> On 2022-06-05 19:42:43 [+0200], Sebastian Ramacher wrote:
> > Hi Sebastian
> Hi Sebastian,
>
> > > Otherwise I'd fear that the only other options are openssl breaking
> > > libssl1.1 or renaming /etc/ssl/openssl.cnf to
On Thu, May 26, 2022 at 06:26:57PM +0200, Sebastian Ramacher wrote:
>
> That leaves #1011051. What's your view on that bug?
So my understanding is that 1.1.1 doesn't understand the new
configuration file and tries to load an engine (instead of a
provider).
We could ship a file that's comptabile
On Tue, Mar 22, 2022 at 10:13:25PM +0100, Sebastian Andrzej Siewior wrote:
> On 2022-03-22 21:47:52 [+0100], Kurt Roeckx wrote:
> > On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote:
> > > OpenSSL signature algorith
On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote:
> OpenSSL signature algorithm check tightening
> =
>
> The OpenSSL update included in this point release includes a change to
> ensure that the requested signature algorithm is supported
On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote:
> Is the note below accurate?
Yes.
Kurt
On Tue, Mar 22, 2022 at 07:37:00PM +, Adam D. Barratt wrote:
> On Mon, 2022-03-21 at 00:12 +0100, Sebastian Andrzej Siewior wrote:
> > The change in openssl is commit
> >cc7c6eb8135b ("Check that the default signature type is allowed")
> >
> > Before the commit in question it connects as:
On Mon, Mar 21, 2022 at 12:12:11AM +0100, Sebastian Andrzej Siewior wrote:
>
> The change in openssl is commit
>cc7c6eb8135b ("Check that the default signature type is allowed")
So that's:
commit cc7c6eb8135be665d0acc176a5963e1eaf52e4e2
Author: Kurt Roeckx
Date: Thu
On Sun, Mar 20, 2022 at 10:00:15PM +0100, Paul Gevers wrote:
> Dear Sebastian, Kurt,
>
> On 19-03-2022 12:33, Adam D Barratt wrote:
> > Upload details
> > ==
> >
> > Package: openssl
> > Version: 1.1.1n-0+deb10u1
> >
> > Explanation: new upstream release
>
> We're seeing a
On Fri, Mar 18, 2022 at 10:22:57PM +0100, Sebastian Andrzej Siewior wrote:
> On 2022-03-18 14:51:32 [+], Adam D. Barratt wrote:
> > Boo. Hope you're doing better.
>
> Thanks, yes.
>
> > > I would also do the upload for Buster, would that work? I remember
> > > that
> > > the packages, that
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hi,
We would like to transition to OpenSSL 3.0.0. It's currently in
experimental. It has an soname change, so the binary packages got
renamed and binNMUs will be required.
We did a
On Thu, Jan 14, 2021 at 07:03:37PM +0100, Kurt Roeckx wrote:
> There are a whole bunch of other issues and pull requests related to
> this. I hope this is the end of the regressions in the X509 code.
So there is something else now:
https://github.com/openssl/openssl/issues/13931
On Thu, Jan 14, 2021 at 09:13:49PM +0100, Sebastian Andrzej Siewior wrote:
> On 2021-01-14 19:03:37 [+0100], Kurt Roeckx wrote:
> > > Do you have pointers to upstream issues?
> >
> > There are a whole bunch of other issues and pull requests related to
> >
On Thu, Jan 14, 2021 at 05:43:00PM +, Adam D. Barratt wrote:
> Hi,
>
> On Fri, 2021-01-08 at 23:59 +0100, Kurt Roeckx wrote:
> > On Fri, Jan 08, 2021 at 11:39:13PM +0100, Sebastian Andrzej Siewior
> > wrote:
> [...]
> > > The i release in unsta
On Fri, Jan 08, 2021 at 11:39:13PM +0100, Sebastian Andrzej Siewior wrote:
> On 2020-11-24 20:18:15 [+], Adam D. Barratt wrote:
>
> > At some point, could we please have a combined / single diff between
> > the current 1.1.1d-0+deb10u3 and the proposed 1.1.1h-0+deb10u1 (I
> > assume)?
>
>
an openssl.cnf in libssl1.1-udeb.dirs
+
+ -- Kurt Roeckx Tue, 16 Apr 2019 21:31:11 +0200
+
openssl (1.1.1b-1) unstable; urgency=medium
[ Sebastian Andrzej Siewior ]
diff -Nru openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
openssl-1.1.1b/debian/libcrypto1.1-udeb.dirs
--- openssl-1.1.1b/debian
On Thu, Oct 18, 2018 at 04:05:32PM +0200, Mattia Rizzolo wrote:
> On Thu, Oct 18, 2018 at 04:01:59PM +0300, Niko Tyni wrote:
> > On Wed, Oct 17, 2018 at 09:21:29PM +0200, Kurt Roeckx wrote:
> > > On Wed, Oct 17, 2018 at 09:22:35PM +0300, Niko Tyni wrote:
> >
> > &
On Tue, Sep 04, 2018 at 04:41:32PM +0200, Moritz Mühlenhoff wrote:
>
> (I've been deploying customs debs of the 1.0.2x and 1.1.0x openssl releases
> at work and I haven't run into any compatibility issues/API issues during
> that).
We should really do upload all the latest point releases to all
On Sat, Nov 18, 2017 at 06:28:03PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Sat, 2017-11-11 at 14:36 +0100, Kurt Roeckx wrote:
> > I would like to upload python2.7 to fix a problem that it can't
> > talk to SSL/TLS sites that use an ECDSA certi
+ * Support all groups in TLS communication (Closes: #868143)
+
+ -- Kurt Roeckx <k...@roeckx.be> Thu, 09 Nov 2017 21:58:19 +0100
+
python2.7 (2.7.13-2) unstable; urgency=medium
* Lower priority of interpreter packages to optional.
diff -u python2.7-2.7.13/debian/patches/series.in
python2.7-
On Fri, Jul 21, 2017 at 04:47:23PM -0400, Antoine Beaupré wrote:
> On 2017-07-21 22:19:20, Philipp Kern wrote:
> > My point was that you state what your delta is and essentially boils
> > down to attach the diff of what will actually happen to the .deb. I
> > think it's generally fine to add new
On Mon, Jun 05, 2017 at 11:33:57AM +0200, Cyril Brulebois wrote:
> Kurt Roeckx <k...@roeckx.be> (2017-06-04):
> > So I've uploaded openssl 1.1.0f-2
>
> Source debdiff lgtm from -1, and installation over https works fine,
> ACK.
So I actually have a new version I want to u
On Sun, Jun 04, 2017 at 06:53:29PM +0200, Cyril Brulebois wrote:
> Kurt Roeckx <k...@roeckx.be> (2017-06-04):
> > So I changed it this instead:
> > dh_makeshlibs -a -V --add-udeb="libcrypto1.1-udeb" -Xengines
> >
> > the shlib files now looks l
On Sun, Jun 04, 2017 at 11:09:00AM +, Niels Thykier wrote:
> Kurt Roeckx:
> > [...]
> >>
> >> Maybe file this as an RC bug against openssl so that it isn't forgotten
> >> about, but ignore it for r0?
> >
> > So I have prepared an update. Shoul
On Sun, Jun 04, 2017 at 05:29:21AM +0200, Cyril Brulebois wrote:
> Niels Thykier <ni...@thykier.net> (2017-06-03):
> > Kurt Roeckx:
> > > Package: release.debian.org
> > > User: release.debian@packages.debian.org
> > > Usertags: unblock
> > >
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hi,
I've uploaded a new version of elfutils which fixes security
issues:
elfutils (0.168-1) unstable; urgency=medium
* Fix CVE-2017-7607 (Closes: #859996)
* Fix CVE-2017-7608 (Closes:
On Sat, May 27, 2017 at 04:00:58PM +0200, David Kalnischkies wrote:
> Control: reassign -1 libssl-dev 1.1.0e-2
> Control: retitle -1 libssl-dev: declare conflict with libssl1.0-dev to help
> apt find solutions
[...]
> Not being installable is the problem of the package which isn't
> installable –
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hi,
I've uploaded a new upstream version of openssl1.0 that contains bug
fixes. The Debian changelog says:
* New upstream release
- Properly detect features on the AMD Ryzen
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Hi,
I've uploaded a new upstream version of openssl that contains bug
fixes. The Debian changelog says:
* New upstream version
- Fix regression in req -x509 (Closes: #839575)
-check.patch
-- Kurt Roeckx <k...@roeckx.be> Wed, 22 Mar 2017 21:53:40 +0100
The upstream changes are:
(4.2.8p10)
* [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
(Pentest report 01.2017) <perlin...@ntp.org>
* [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock
(Pentest re
On Sun, Feb 19, 2017 at 07:33:20AM +0100, Cyril Brulebois wrote:
> Kurt Roeckx <k...@roeckx.be> (2017-02-18):
> > On Sat, Feb 18, 2017 at 06:16:28PM +0100, Cyril Brulebois wrote:
> > > How soon do you want to see this package in testing? Given I've just
> > > fi
On Sat, Feb 18, 2017 at 06:16:28PM +0100, Cyril Brulebois wrote:
> Hi,
>
> Niels Thykier <ni...@thykier.net> (2017-02-18):
> > Kurt Roeckx:
> > > Package: release.debian.org
> > > User: release.debian@packages.debian.org
> > > Usertags
-2017-3733
- Remove patches that are applied upstream.
-- Kurt Roeckx <k...@roeckx.be> Thu, 16 Feb 2017 18:57:58 +0100
I've attached the full debdiff between the version in testing and
unstable.
Kurt
diff -Nru openssl-1.1.0d/apps/openssl.c openssl-1.1.0e/apps/openssl.c
--- openssl-1.1.0
On Sun, Jan 01, 2017 at 04:37:48PM +0100, Raphael Hertzog wrote:
> On Sat, 31 Dec 2016, Julien Cristau wrote:
> > On Thu, Dec 22, 2016 at 13:37:11 +0100, Sebastian Andrzej Siewior wrote:
> >
> > > tl;dr: Has anyone a problem if sslscan embeds openssl 1.0.2 in its
> > > source?
> > >
> > >
On Mon, Nov 07, 2016 at 08:54:49PM +, Ian Jackson wrote:
> Kurt Roeckx writes ("Re: failed armhf build of xen 4.8.0~rc3-1 [and 1 more
> messages]"):
> > On Mon, Nov 07, 2016 at 08:05:22PM +, Ian Jackson wrote:
> > > Have I done something wron
On Mon, Nov 07, 2016 at 08:05:22PM +, Ian Jackson wrote:
> Debian buildds writes ("failed armhf build of xen 4.8.0~rc3-1"):
> > * Source package: xen
> > * Version: 4.8.0~rc3-1
> > * Architecture: armhf
> > * State: failed
> > * Suite: sid
> > * Builder: hartmann.debian.org
> > * Build
On Sun, Oct 30, 2016 at 10:18:32PM +0200, Adrian Bunk wrote:
>
> If everything that is important in 1.1.0 should be used by all
> users of OpenSSL in stretch, then the best solution for stretch
> is to ship only 1.0.2 and add all desired features there.
And I guess you're going to add all those
On Wed, Oct 26, 2016 at 10:55:19AM +0200, Emilio Pozuelo Monfort wrote:
> Control: tags -1 confirmed
>
> On 25/10/16 20:09, Moritz Muehlenhoff wrote:
> > On Wed, Oct 19, 2016 at 10:44:08PM +0200, Kurt Roeckx wrote:
> >> On Mon, Oct 17, 2016 at 08:52:31PM +0200, Emil
On Wed, Oct 26, 2016 at 08:53:56PM +0200, Emilio Pozuelo Monfort wrote:
>
> Adrian Bunk asked whether mixing both OpenSSL versions into the same address
> space works fine. Is OpenSSL using symbol versioning?
Yes, and all symbols have a different version name in 1.0.2 and
1.1.0. (What is
On Mon, Oct 17, 2016 at 08:52:31PM +0200, Emilio Pozuelo Monfort wrote:
>
> I'm sorry but I'm going to have to nack this for Stretch, as much as I like to
> approve transitions and get new stuff in. I have looked at the opened bugs and
> I'm afraid this still is too disruptive. I have noticed
On Sun, Sep 18, 2016 at 09:33:43PM +0200, Kurt Roeckx wrote:
> On Sat, Jun 11, 2016 at 09:42:59PM +0200, Kurt Roeckx wrote:
> > On Sat, Jun 11, 2016 at 09:31:17PM +0200, Emilio Pozuelo Monfort wrote:
> > > On 11/06/16 20:59, Kurt Roeckx wrote:
> > > > OpenSSL wi
On Sat, Jun 11, 2016 at 09:42:59PM +0200, Kurt Roeckx wrote:
> On Sat, Jun 11, 2016 at 09:31:17PM +0200, Emilio Pozuelo Monfort wrote:
> > On 11/06/16 20:59, Kurt Roeckx wrote:
> > > OpenSSL will soon release a new upstream version with a new
> > > soname. This new
On Thu, Sep 15, 2016 at 11:44:42PM +0200, Christoph Berg wrote:
> Re: Kurt Roeckx 2016-06-11 <20160611194259.ga6...@roeckx.be>
> > > > If I'm ready to upload it to unstable, can I start this
> > > > transition? Are there things you want me to do?
> > >
On Tue, Aug 23, 2016 at 09:47:22PM +0200, Kurt Roeckx wrote:
> The current debdiff we'd like to upload is:
> diff -Nru openssl-1.0.1t/debian/changelog openssl-1.0.1t/debian/changelog
> --- openssl-1.0.1t/debian/changelog 2016-05-15 21:16:55.0 +0200
> +++ openssl-1.0.1t/debi
(1.0.1t-1+deb8u3) jessie; urgency=medium
+
+ [ Kurt Roeckx ]
+ * Fix length check for CRLs. (Closes: #826552)
+
+ [ Sebastian Andrzej Siewior ]
+ * Enable asm optimisation for s390x. Patch by Dimitri John Ledkov.
+(Closes: #833156).
+
+ -- Kurt Roeckx <k...@roeckx.be> Sat, 11 Jun 2016
On Sat, Jul 30, 2016 at 08:45:25PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + pending
>
> On Sat, 2016-07-30 at 10:51 +0200, Kurt Roeckx wrote:
> > On Fri, Jul 29, 2016 at 01:40:17PM +0200, Julien Cristau wrote:
> > > Control: tag -1 confirmed
> > >
>
On Wed, Aug 17, 2016 at 10:05:06PM +0200, ni...@thykier.net wrote:
> * If we were to enable -fPIE/-pie by default in GCC-6, should that change
>also apply to this port? [0]
If -fPIE is the default will -fPIC override it?
It will also default to tell the linker to use -pie, but then
don't do
On Fri, Jul 29, 2016 at 01:40:17PM +0200, Julien Cristau wrote:
> Control: tag -1 confirmed
>
> On Mon, Jul 25, 2016 at 23:28:14 +0200, Kurt Roeckx wrote:
>
> > Package: release.debian.org
> > Tags: jessie
> > User: release.debian@packages.debian.org
> >
Package: release.debian.org
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I would like to fix #800446 in stable. It was caused by the
uploader not using the current version of automake when uploading
the binary package. The i386 and amd64 version need to be build
I guess I should just keep the SSLv2 symbols. I assume you don't
have a problem with the other change?
Kurt
On Thu, Jun 23, 2016 at 10:58:54AM +0200, Yann Soubeyrand wrote:
> Package: openssl
> Severity: normal
> Version: 1.0.1t-1+deb8u2
> X-Debbugs-CC: debian-release@lists.debian.org
> X-Debbugs-CC: debian-b...@lists.debian.org
>
> Hi,
>
> Marga Manterola provided a patch to build a libssl udeb as
On Mon, Jun 13, 2016 at 10:19:29AM +0200, Julien Cristau wrote:
> On Mon, Jun 13, 2016 at 00:50:05 +0200, Kurt Roeckx wrote:
>
> > I should probably add that I don't intend to fix this in
> > testing/unstable. There are probably reverse dependencies that
> > saw tho
On Sat, Jun 11, 2016 at 11:35:24PM +0200, Kurt Roeckx wrote:
> On Sat, Jun 11, 2016 at 09:57:29PM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Sat, 2016-06-11 at 19:38 +0200, Kurt Roeckx wrote:
> > > The SSLv2 methods actually di
On Sat, Jun 11, 2016 at 09:57:29PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Sat, 2016-06-11 at 19:38 +0200, Kurt Roeckx wrote:
> > The SSLv2 methods actually didn't exist in jessie, but some
> > defaults where changed and the SSLv2 methods now in j
On Sat, Jun 11, 2016 at 09:31:17PM +0200, Emilio Pozuelo Monfort wrote:
> On 11/06/16 20:59, Kurt Roeckx wrote:
> > OpenSSL will soon release a new upstream version with a new
> > soname. This new version will break various packages, see:
> > https://lists.debian.org/debian-d
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hi,
OpenSSL will soon release a new upstream version with a new
soname. This new version will break various packages, see:
https://lists.debian.org/debian-devel/2016/06/msg00205.html
:02.0 +0200
@@ -1,3 +1,11 @@
+openssl (1.0.1t-1+deb8u3) jessie; urgency=medium
+
+ * Disable SSLv2 methods again, changes upstream has split no-ssl2 into
+no-ssl2 and no-ssl2-method
+ * Fix length check for CRLs. (Closes: #826552)
+
+ -- Kurt Roeckx <k...@roeckx.be> Sat, 11 Jun 2016 19
On Sun, May 15, 2016 at 08:09:06PM +0100, Adam D. Barratt wrote:
> On Wed, 2016-05-11 at 23:48 +0200, Sebastian Andrzej Siewior wrote:
> > control: retitle -1 jessie-pu: package openssl/1.0.1t-1+deb8u2
> >
> > On 2016-05-06 16:07:15 [+0200], Kurt Roeckx wrote:
> &
correct digest when exporting keying material (Closes: #807057)
+- Fix CVE-2015-3197 (not affected, SSLv2 disabled)
+- Fix CVE-2015-1793 (1.0.1n+ is affected and last upload was k)
+
+ -- Kurt Roeckx <k...@roeckx.be> Fri, 06 May 2016 15:56:09 +0200
+
openssl (1.0.1k-3+deb8u5) jessie-se
On Thu, May 05, 2016 at 04:58:05PM +0200, Julien Cristau wrote:
> Closing this as resolved, there will not be any further updates to
> wheezy, and jessie updates will be handled in separate bugs.
You mean I should file an other bug for just the same question?
Kurt
On Wed, Apr 13, 2016 at 09:36:49PM +0100, Adam D. Barratt wrote:
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar to other packages for which we ship upstream
> stable trees -
On Tue, Jan 26, 2016 at 06:38:31AM +, Adam D. Barratt wrote:
> On Thu, 2015-12-17 at 23:38 +, Adam D. Barratt wrote:
> > However 1.0.1q hasn't been in stable at all, which is presumably what
> > you'd be proposing introducing to oldstable at this juncture. (and which
> > we'd therefore
On Mon, Mar 21, 2016 at 10:20:43PM +0100, Julien Cristau wrote:
> I don't think dlopen(libssl) vs gcc -lssl makes any difference
> licensing-wise, I suspect either they're both ok or they're both not
> ok...
I assume the problem is not with Qt itself, but with other
applications making use of Qt.
ption of the changes between 1.0.1k and 1.0.1q,
> > according to NEWS/CHANGES don't immediately look crazy.
>
> Comparing those against the package changelog and Security Tracker and
> ignoring changes which are apparently only relevant if SSLv2 is enabled
> leaves us with:
&g
On Sun, Dec 06, 2015 at 11:46:01AM +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd
> like to add an additional data point to the discussion:
>
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
> release, but the
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
>
> Even a naively filtered diff - excluding documentation and tests -
> between the 1.0.1k tag and HEAD on upstream's stable branch is much
> larger than I'd imagined (1091 files changed, 73609+, 68591-), but
> paging through it
On Tue, Dec 15, 2015 at 08:00:59PM +, Adam D. Barratt wrote:
> [dropped explicit CCs to RT and TC members]
>
> On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > > So from what I'm gathering
On Wed, Nov 04, 2015 at 11:57:00AM -0600, Don Armstrong wrote:
>
> In this specific case, the specific set of changes which have been made,
> coupled with documenting the policy of upstream for testing and making
> changes to openssl would be a good start.
I've pointed to upstream's policy
On Sat, Nov 07, 2015 at 12:30:11PM +0100, Emilio Pozuelo Monfort wrote:
> All the rdeps have been binNMUed at this stage. Now bugs need to be reported
> so
> the buggy packages are either fixed or leave testing.
I'll work on it when I have time.
Kurt
On Sun, Nov 01, 2015 at 06:52:08PM +0100, Emilio Pozuelo Monfort wrote:
> >> Do the rdeps build against the new version? IOW, are there any users of the
> >> removed methods?
> >
> > There are users of the removed method. But all known ones should
> > have been changed to either not use it
On Sun, Nov 01, 2015 at 03:22:29PM +0100, Emilio Pozuelo Monfort wrote:
> On 26/10/15 23:28, Emilio Pozuelo Monfort wrote:
> > On 24/10/15 11:22, Kurt Roeckx wrote:
> >> On Wed, Sep 16, 2015 at 10:17:10PM +0100, Jonathan Wiltshire wrote:
> >>> On Wed, Sep 09, 2015 at
On Sat, Oct 31, 2015 at 02:20:22PM +, Adam D. Barratt wrote:
> On Sun, 2015-06-14 at 11:52 +0200, Kurt Roeckx wrote:
> > On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
> > > Is the policy for what gets included in the stable branches described
> > &g
On Sat, Oct 31, 2015 at 02:22:04PM +, Adam D. Barratt wrote:
> On Sat, 2015-10-31 at 00:02 +0100, Kurt Roeckx wrote:
> > On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > > If there's something spe
On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > If there's something specific that you'd like the CTTE to try to do
> > beyond what I've just reported now, let me know.
>
> Let me know if you'd like the CTTE to do something beyond
On Wed, Sep 16, 2015 at 10:17:10PM +0100, Jonathan Wiltshire wrote:
> On Wed, Sep 09, 2015 at 12:25:16PM +0200, Kurt Roeckx wrote:
> > On Thu, Sep 03, 2015 at 10:36:33PM +0100, Jonathan Wiltshire wrote:
> > > > So do I start with an soname change and upload that to
On Tue, Oct 20, 2015 at 09:57:04AM -0500, Don Armstrong wrote:
> On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > I've been waiting for the release team for a while to make a decision
> > on #765639 for a year now. Could you help in getting a decision?
> >
> > I've actua
On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> On Tue, 20 Oct 2015, Don Armstrong wrote:
> > On Sat, 17 Oct 2015, Kurt Roeckx wrote:
> > > I've been waiting for the release team for a while to make a decision
> > > on #765639 for a year now. Could you
Package: tech-ctte
Hi,
I've been waiting for the release team for a while to make a
decision on #765639 for a year now. Could you help in getting a
decision?
I've actually been waiting for longer than that, I can't directly
find all links, but previous discussions about it are at least:
On Fri, Aug 21, 2015 at 07:31:53PM +0200, Kurt Roeckx wrote:
> On Sun, Jun 14, 2015 at 11:52:07AM +0200, Kurt Roeckx wrote:
> > On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
> > > Is the policy for what gets included in the stable branches described
> > &g
On Thu, Sep 03, 2015 at 10:36:33PM +0100, Jonathan Wiltshire wrote:
> > So do I start with an soname change and upload that to
> > experimental?
>
> Yes please.
So that has passed the new queue now. Please let me know when I
can start this in unstable.
Kurt
Package: release.debian.org
Hi,
I would like to remove the last support for SSLv3 in openssl.
This means that I'll be dropping 3 symbols from the shared
library:
SSLv3_method();
SSLv3_server_method();
SSLv3_client_method();
Those can still be used to set up SSLv3 connections, while using
the
On Thu, Sep 03, 2015 at 10:06:17PM +0200, Julien Cristau wrote:
> On Thu, Sep 3, 2015 at 20:51:05 +0200, Kurt Roeckx wrote:
>
> > - Just drop the symbols, adding Breaks on at least some
> > packages like curl and python that are known to need a rebuild
> > aga
On Sun, Jun 14, 2015 at 11:52:07AM +0200, Kurt Roeckx wrote:
On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
Is the policy for what gets included in the stable branches described
somewhere?
It's documented at:
https://www.openssl.org/about/releasestrat.html
What kind
On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
Is the policy for what gets included in the stable branches described
somewhere?
It's documented at:
https://www.openssl.org/about/releasestrat.html
What kind of automated or manual regression (or other)
testing is done on the
On Sat, Dec 27, 2014 at 06:05:49PM +0100, Kurt Roeckx wrote:
On Thu, Oct 16, 2014 at 10:12:16PM +0200, Kurt Roeckx wrote:
I would really like to upload new upstream openssl versions from
the 1.0.1-stable branch to wheezy.
Could someone please say something about this request?
I'm still
On Sat, Mar 21, 2015 at 07:51:32PM +, Adam D. Barratt wrote:
Control: tags -1 + d-i
On Sat, 2015-03-21 at 10:40 +0100, Kurt Roeckx wrote:
1.0.1k-2 contains security fixes. Could you please unblock it?
Unblocked but needs a d-i ack as usual.
I've just make an upload of 1.0.1k-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
1.0.1k-2 contains security fixes. Could you please unblock it?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
On Thu, Mar 05, 2015 at 01:38:29PM +0300, Michael Tokarev wrote:
But once I
uploaded a next release of busybox to the archive, it was rebuilt
using older, unfixed glibc, and the original problem reappeared.
I didn't see any request to make sure the chroots are updated.
Not having read the
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
ntp 1:4.2.6.p5+dfsg-5 has 2 security fixes. Can you please
unblock it?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe.
Hi,
Can you ACK that, or is there someone else in the d-i team that
can do that?
Kurt
On Wed, Jan 14, 2015 at 05:52:58PM +0100, Niels Thykier wrote:
Control: tags -1 d-i
On 2015-01-10 12:01, Kurt Roeckx wrote:
Package: release.debian.org
Severity: normal
User: release.debian
On Sat, Jan 10, 2015 at 12:01:33PM +0100, Kurt Roeckx wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
I've uploaded a new upstream version of openssl to unstable. This
contains fixes for 7 security issues affecting
On Wed, Jan 14, 2015 at 12:00:52AM +0100, Julien Cristau wrote:
Kurt,
On Tue, Jan 13, 2015 at 23:22:08 +0100, Kurt Roeckx wrote:
On Sat, Jan 10, 2015 at 12:01:33PM +0100, Kurt Roeckx wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
I've uploaded a new upstream version of openssl to unstable. This
contains fixes for 7 security issues affecting jessie. It also
contains a lot of other bug fixes.
Can you please
(yet).
+
+ -- Kurt Roeckx k...@roeckx.be Wed, 31 Dec 2014 13:45:07 +0100
+
openssl (1.0.1e-2+deb7u13) wheezy-security; urgency=medium
* Fixes CVE-2014-3513
diff -Nru openssl-1.0.1e/debian/patches/disable_sslv3.patch openssl-1.0.1e/debian/patches/disable_sslv3.patch
--- openssl-1.0.1e/debian
On Wed, Dec 31, 2014 at 02:00:23PM +, Adam D. Barratt wrote:
Control: tags -1 + moreinfo
On Wed, 2014-12-31 at 13:52 +0100, Kurt Roeckx wrote:
I would like to disable SSLv3 by default in wheezy.
Do we know how well other packages in wheezy cope with that? (I'm going
to guess
On Thu, Oct 16, 2014 at 10:12:16PM +0200, Kurt Roeckx wrote:
I would really like to upload new upstream openssl versions from
the 1.0.1-stable branch to wheezy.
Could someone please say something about this request?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
This has no effect in jessie. SSLv2 and SSLv3 are disabled if you
use the SSLv23_* methods.
On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
On 08/12/14 11:12, Kurt Roeckx wrote:
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
Hi all,
I've made some changes to TLS code in reSIProcate
- setting OpenSSL's SSL_OP_NO_SSLv3 by default when using
On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
Just one other point: if somebody is trying sending the client hello
using SSL v2 record layer but indicating support for TLS v1.0, should
TLSv1_method or SSLv23_method accept that?
I would expect that both should support that.
On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
I have no idea what technology is in use in the remote/client system.
If my server socket is using TLSv1_method it is rejecting the connection
and logging those errors on my server:
error:1408F10B:SSL
On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
Will the TLSv1 method be removed in jessie or while jessie is still
supported?
This is something post jessie.
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
1 - 100 of 261 matches
Mail list logo
