On Fri, Oct 17, 2014 at 12:20:02AM +0100, Steven Chamberlain wrote:
> Hi,
>
> On 16/10/14 21:12, Kurt Roeckx wrote:
> > This would actually make things for me much more simple. I
> > sometimes run into problems because of missing bug fixes that have
> > been done ea
Package: release.debian.org
Severity: normal
Hi,
I would like to upload the new upstream release of openssl 1.0.2
to unstable to get it into jessie. I know I'm a little late with
this. It's actually not released yet, but it should be real soon
now. (It's been in experimental for a while.)
Thi
Package: release.debian.org
Severity: normal
Hi,
SSLv3 has been disabled in jessie already, at least for normal
usage. But there is a way to explictly create a socket that only
support SSLv3 and I would like to disable that too.
This is done by the functions SSLv3_method(),
SSLv3_server_method(
On Sat, Nov 08, 2014 at 03:38:35PM +, Julien Cristau wrote:
> On Sat, Nov 1, 2014 at 20:21:21 +0100, Kurt Roeckx wrote:
>
> > Package: release.debian.org
> > Severity: normal
> >
> > Hi,
> >
> > SSLv3 has been disabled in jessie already, at least
On Sat, Nov 08, 2014 at 09:19:18PM +, Emilio Pozuelo Monfort wrote:
> On 08/11/14 18:55, Kurt Roeckx wrote:
> >On Sat, Nov 08, 2014 at 03:38:35PM +, Julien Cristau wrote:
> >>On Sat, Nov 1, 2014 at 20:21:21 +0100, Kurt Roeckx wrote:
> >>
> >>>Pa
Can you please clarify your position on the RC-ness of security
issues related to the use of SSLv3? It's my understanding that
you're happy to ignore them for jessie and that you don't want me
to try and find them.
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock openssl/1.0.1c-4
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
A
On Mon, Jul 30, 2012 at 08:46:13PM +0200, Kurt Roeckx wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock openssl/1.0.1c-4
Here is the debdiff between the versions:
diff -Nru ope
On Thu, Oct 16, 2014 at 10:12:16PM +0200, Kurt Roeckx wrote:
> I would really like to upload new upstream openssl versions from
> the 1.0.1-stable branch to wheezy.
Could someone please say something about this request?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debi
sl3 option (yet).
+
+ -- Kurt Roeckx Wed, 31 Dec 2014 13:45:07 +0100
+
openssl (1.0.1e-2+deb7u13) wheezy-security; urgency=medium
* Fixes CVE-2014-3513
diff -Nru openssl-1.0.1e/debian/patches/disable_sslv3.patch openssl-1.0.1e/debian/patches/disable_sslv3.patch
--- openssl-1.0.1e/debi
On Wed, Dec 31, 2014 at 02:00:23PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Wed, 2014-12-31 at 13:52 +0100, Kurt Roeckx wrote:
> > I would like to disable SSLv3 by default in wheezy.
>
> Do we know how well other packages in wheezy cope with that?
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
I've uploaded a new upstream version of openssl to unstable. This
contains fixes for 7 security issues affecting jessie. It also
contains a lot of other bug fixes.
Can you please unb
On Sat, Jan 10, 2015 at 12:01:33PM +0100, Kurt Roeckx wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Hi,
>
> I've uploaded a new upstream version of openssl to unstable. This
> cont
On Wed, Jan 14, 2015 at 12:00:52AM +0100, Julien Cristau wrote:
> Kurt,
>
> On Tue, Jan 13, 2015 at 23:22:08 +0100, Kurt Roeckx wrote:
>
> > On Sat, Jan 10, 2015 at 12:01:33PM +0100, Kurt Roeckx wrote:
> > > Package: release.debian.org
> > > Severit
Hi,
Can you ACK that, or is there someone else in the d-i team that
can do that?
Kurt
On Wed, Jan 14, 2015 at 05:52:58PM +0100, Niels Thykier wrote:
> Control: tags -1 d-i
>
> On 2015-01-10 12:01, Kurt Roeckx wrote:
> > Package: release.debian.org
> > Severity: normal
>
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
ntp 1:4.2.6.p5+dfsg-5 has 2 security fixes. Can you please
unblock it?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Tr
On Thu, Mar 05, 2015 at 01:38:29PM +0300, Michael Tokarev wrote:
> But once I
> uploaded a next release of busybox to the archive, it was rebuilt
> using older, unfixed glibc, and the original problem reappeared.
I didn't see any request to make sure the chroots are updated.
Not having read the wh
On Sat, Nov 08, 2014 at 10:38:48PM +0100, Kurt Roeckx wrote:
> On Sat, Nov 08, 2014 at 09:19:18PM +, Emilio Pozuelo Monfort wrote:
> > On 08/11/14 18:55, Kurt Roeckx wrote:
> > >Will you accept patches for other packages that stop using the
> > >SSLv3 methods?
On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
>
> Hi all,
>
> I've made some changes to TLS code in reSIProcate
>
> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
This has no effect in jessie. SSLv2 and SSLv3 are disabled if you
use the SSLv23_* meth
On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
> On 08/12/14 11:12, Kurt Roeckx wrote:
> > On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
> >> Hi all,
> >>
> >> I've made some changes to TLS code in reSIProcate
> &g
On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote:
> >> Just one other point: if somebody is trying sending the client hello
> >> using SSL v2 record layer but indicating support for TLS v1.0, should
> >> TLSv1_method or SSLv23_method accept that?
> > I would expect that both should sup
On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
>
> I have no idea what technology is in use in the remote/client system.
>
> If my server socket is using TLSv1_method it is rejecting the connection
> and logging those errors on my server:
>
> error:1408F10B:SSL routines:SSL3_GET_
On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote:
>
> Will the TLSv1 method be removed in jessie or while jessie is still
> supported?
This is something post jessie.
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble
On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote:
>
> Is it something that is going to happen with Ubuntu releases next year
> (e.g. April 2015)?
>
> If so, it means that the repro package in jessie won't talk to a repro
> package in Ubuntu.
I think there is some misunderstanding.
On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote:
>
> If I understand your reply correctly, the version in Ubuntu and Fedora
> will still talk TLS 1.0 with the version now waiting in jessie?
Yes.
> Do you believe it would be reasonable for me to request a smaller
> unblock that just
Hi,
Someone has requested CMS to be enabled in openssl, and I'm not
sure you find such a change acceptable at this time in the release
process.
See http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
The only change in the source package this requires is
a configure option. As far as I can
Hi,
I would like to add rfc5746 support to openssl in stable, so that
CVE-2009-3555 can be fixed. But adding that support means that
the old renegotiation doesn't work anymore unless you set an
option. This has the potentional to break both client and server
applications making use of openssl.
Hi,
Could openssl 0.9.8o-3 please be unblocked? It contains a
security fix.
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101117172722.ga24...@roeckx.be
Hi,
I've recently uploaded a new major version of the dutch spelling
check files. The changes are rather large and should give better
support for spellchecking for Dutch. They are also generated
differently upstream, so reviewing the changes between the 2
versions isn't easy.
Please consider ap
On Sat, Dec 04, 2010 at 03:57:16PM +0100, Kurt Roeckx wrote:
> Hi,
>
> I've recently uploaded a new major version of the dutch spelling
> check files. The changes are rather large and should give better
> support for spellchecking for Dutch. They are also generated
> d
Hi,
You've filed some bugs requesting to drop support for python
2.1/2.2. Would it be useful if there were some NMU's done for
this?
Should those bug be marked as release critical instead?
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [
Hi,
Can dash please be pushed to testing?
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
Could the following packages be hinted into testing? They all
have a udeb, and are currently missing on amd64.
expat
freetype
dash
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, May 09, 2006 at 05:00:06PM -0400, Nathanael Nerode wrote:
> # 350688
> # Yes, really. GCC 2.95 is now a leaf package.
> remove gcc-2.95/2.95.4.ds15-22
There seem to be 2 packages build depending on gcc-2.95: silo and
kernel-image-2.4.27-m68k
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PR
Hi,
Can xfsprogs be pushed to testing? It has a udeb.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
Can usbutils be pushed to testing? It has a udeb.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
Could you please hint openssl 0.9.8b-3 in testing?
Note that it contains a udeb, so it's frozen.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
Could you please hint openssl to testing? It's frozen because it has
udebs.
It contains some security fixes I'd like to see in testing.
Kurt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Fri, Sep 29, 2006 at 08:02:16PM -0700, Steve Langasek wrote:
> On Sat, Sep 30, 2006 at 02:46:17AM +0200, Kurt Roeckx wrote:
>
> > Could you please hint openssl to testing? It's frozen because it has
> > udebs.
>
> Already done, will go in as soon as it's
On Mon, Oct 02, 2006 at 09:46:42AM +0200, Andreas Barth wrote:
> * Kurt Roeckx ([EMAIL PROTECTED]) [061002 08:38]:
> > On Fri, Sep 29, 2006 at 08:02:16PM -0700, Steve Langasek wrote:
> > > On Sat, Sep 30, 2006 at 02:46:17AM +0200, Kurt Roeckx wrote:
> > >
> > >
On Mon, Oct 16, 2006 at 09:48:32PM +0200, Roman Zippel wrote:
> > As a result, the bts is already ignoring m68k in calculating a bug's
> > applicability for the testing distribution, at the release team's request.
>
> As someone who has recently looked at and fixed many problems, I must say
> the
On Sun, Jan 07, 2007 at 02:46:42PM -0700, Bdale Garbee wrote:
>
> As I've stated before, I'm not sure that fixing this bug for etch is
> really useful. Of course, if there's a reason to update the tar in etch
> for a security bug or something similar, fixing this too would make good
> sense. But
On Sun, Feb 04, 2007 at 11:54:47PM +, Stephen Gran wrote:
>
> [EMAIL PROTECTED]:~$ dpkg -x maildrop_2.0.3-1_amd64.deb tmp/maildrop/
> [EMAIL PROTECTED]:~$ objdump -x tmp/maildrop/usr/bin/maildrop | grep auth
> NEEDED libcourierauth.so.0
> RPATH /usr/lib:/usr/lib/courier-authlib
On Tue, Feb 06, 2007 at 02:22:06PM +0100, Josip Rodin wrote:
> >
> > BTW, couldn't this also be addressed just by adding a
> > -l/usr/lib/courier-authlib option to dh_shlibdeps?
That seems to work too.
> Why does this only happen on amd64? I don't really want an
> architecture-specific kludge in
On Tue, Apr 17, 2012 at 09:59:09AM +0200, Michael Vogt wrote:
> > > Problems reported so far include:
> > >
> > > E: Method http has died unexpectedly!
> > > E: Sub-process http received signal 10.
> >
> > This is #669061
>
> This appears to be Sparc only, right? We do had trouble with
> alignme
On Fri, Jun 01, 2012 at 11:07:44AM +0200, Cyril Brulebois wrote:
> Salvatore Bonaccorso (01/06/2012):
> > It was reported [1], that libnet-ssleay-perl does not report the
> > correct constant value for SSL_OP_NO_TLSv1_1. There was the following
> > change in openssl 1.0.1b-1:
> >
> > openssl (1.
On Sun, Jun 03, 2012 at 01:34:05AM +0200, Cyril Brulebois wrote:
> Hi,
>
> Kurt Roeckx (02/06/2012):
> > This change was made to make sure applications build against
> > 1.0.0 can talk to a server that does TLS 1.1 but not TLS 1.2,
> > as the changelog says. This
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Hi,
1.0.1k-2 contains security fixes. Could you please unblock it?
Kurt
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? C
On Sat, Mar 21, 2015 at 07:51:32PM +, Adam D. Barratt wrote:
> Control: tags -1 + d-i
>
> On Sat, 2015-03-21 at 10:40 +0100, Kurt Roeckx wrote:
> > 1.0.1k-2 contains security fixes. Could you please unblock it?
>
> Unblocked but needs a d-i ack as usual.
I've jus
On Sat, Dec 27, 2014 at 06:05:49PM +0100, Kurt Roeckx wrote:
> On Thu, Oct 16, 2014 at 10:12:16PM +0200, Kurt Roeckx wrote:
> > I would really like to upload new upstream openssl versions from
> > the 1.0.1-stable branch to wheezy.
>
> Could someone please say something abo
On Sun, Jun 14, 2015 at 12:22:52PM +1000, Julien Cristau wrote:
> Is the policy for what gets included in the stable branches described
> somewhere?
It's documented at:
https://www.openssl.org/about/releasestrat.html
> What kind of automated or manual regression (or other)
> testing is done on th
cpu's that don't set ecx (Closes: #699692)
+ * Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
+ * Fix problem with DTLS version check (Closes: #701826)
+ * Fix segfault in SSL_get_certificate (Closes: #703031)
+
+ -- Kurt Roeckx Mon, 18 Mar 2013
On Sat, Jun 22, 2013 at 09:21:29PM +0200, Arnaud Patard wrote:
> Martin Zobel-Helas writes:
>
> > * armel: no remote management (being worked on); no archive kernel for
> > the machines we use.
>
>
> afair buildd are:
> marvell DB-78x00 -> should be supported by armel kernel flavour mx78xx0
>
On Sat, Jun 22, 2013 at 09:45:17PM +0200, Arnaud Patard wrote:
> Kurt Roeckx writes:
>
> > On Sat, Jun 22, 2013 at 09:21:29PM +0200, Arnaud Patard wrote:
> >> Martin Zobel-Helas writes:
> >>
> >> > * armel: no remote management (being worked on); no a
On Mon, Jun 24, 2013 at 12:19:03AM -0700, Vincent Cheng wrote:
> Dear wanna-build team,
>
> Please give back 0ad on amd64 on a buildd other than barber (i.e.
> retry until some other buildd takes it).
I understand that the issue is in nvidia-texture-tools (#713966),
and maybe we should wait for t
On Tue, Jun 25, 2013 at 03:36:42AM -0700, Vincent Cheng wrote:
> On Mon, Jun 24, 2013 at 12:41 PM, Kurt Roeckx wrote:
> > On Mon, Jun 24, 2013 at 12:19:03AM -0700, Vincent Cheng wrote:
> >> Dear wanna-build team,
> >>
> >> Please give back 0ad on amd6
On Sun, Jul 21, 2013 at 09:06:31PM +0200, Bernd Zeimetz wrote:
> On 06/22/2013 07:26 PM, Martin Zobel-Helas wrote:
> > * sparc: no working nflog (mild concern); no stable kernels in stable
> > (compiling clisp for instance crashes the kernel reliably on smetana). We
> > need to run sparc with olds
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Severity: normal
Hi,
I would like to move some of the changes in openssl 1.0.1e-3 to
stable. The changes between -2 and -3 that I would like to
move to stable are:
* Add Polish translation (Closes: #658162)
On Sun, Sep 22, 2013 at 08:11:10PM +0100, Adam D. Barratt wrote:
> Hi,
>
> The next point release for "wheezy" (7.2) is scheduled for Saturday
> October 12th. Stable NEW will be frozen during the preceding weekend.
Can you please clarify what is acceptable for uploads to proposed
updates to get
On Mon, Sep 23, 2013 at 05:35:23AM +0200, Cyril Brulebois wrote:
> Hi Kurt,
>
> Kurt Roeckx (2013-08-21):
> > Package: release.debian.org
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > Severity: normal
> >
> > Hi,
> &g
On Mon, Sep 30, 2013 at 01:46:41AM +0200, Cyril Brulebois wrote:
> Control: tag -1 moreinfo
>
> Kurt Roeckx (2013-09-23):
> > I actually consider the arm assembler and nistp curves to be
> > important, even if the bugs might only be filed at severity
> > level wish
On Mon, Sep 30, 2013 at 07:06:33PM +0200, Kurt Roeckx wrote:
> On Mon, Sep 30, 2013 at 01:46:41AM +0200, Cyril Brulebois wrote:
> > Control: tag -1 moreinfo
> >
> > Kurt Roeckx (2013-09-23):
> > > I actually consider the arm assembler and nistp curves to be
>
On Thu, Nov 21, 2013 at 09:35:20PM +0100, Kurt Roeckx wrote:
> On Mon, Sep 30, 2013 at 07:06:33PM +0200, Kurt Roeckx wrote:
> > On Mon, Sep 30, 2013 at 01:46:41AM +0200, Cyril Brulebois wrote:
> > > Control: tag -1 moreinfo
> > >
> > > Kurt Roeckx (2013-09-
On Sat, Dec 14, 2013 at 03:34:03PM +0100, Kurt Roeckx wrote:
> > So can someone please do something about this request?
>
> Ping?
I'll be makeing an upload to either stable-security or stable
soon. If you do not want this speak up now.
Kurt
--
To UNSUBSCRIBE, email to de
On Mon, Dec 23, 2013 at 04:38:27PM +0100, Julien Cristau wrote:
> On Tue, Dec 24, 2013 at 00:55:08 +1100, AnĂbal Monsalve Salazar wrote:
>
> > Hello,
> >
> > Please give-back libblocksruntime_0.1-1 on mips mipsel.
> >
> > I just built libblocksruntime_0.1-1 on mips and mipsel using pbuilder
> >
Hi,
I think in general we are either too strict in what we allow as
updates to stable or people think it's not going to be allowed and
so don't even try to get updates to stable.
The last time I asked about this, I got this as reply:
https://lists.debian.org/debian-devel/2013/09/msg00466.html
I
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Severity: normal
Hi,
I would like to see apache in stable support ECDHE. This was
added somewhere in a 2.3 version and so only part of a stable
release in 2.4.
The reason I want to see is ECDHE is that we want
On Mon, Dec 30, 2013 at 01:41:31PM +0100, Cyril Brulebois wrote:
> Stefan Fritsch (2013-12-30):
> > Am Sonntag, 29. Dezember 2013, 23:58:54 schrieb Kurt Roeckx:
> > > Adding ECDHE support in apache will probably require backporting the
> > > patches for that. I'
On Sat, Dec 14, 2013 at 03:34:03PM +0100, Kurt Roeckx wrote:
> > >
> > > I wouldn't bother trying to get those to stable if I didn't think
> > > they were important.
> >
> > So can someone please do something about this request?
>
> Ping
On Thu, Jan 30, 2014 at 08:09:44PM +, Adam D. Barratt wrote:
> On Mon, 2013-09-23 at 09:05 +0200, Kurt Roeckx wrote:
> > On Mon, Sep 23, 2013 at 05:35:23AM +0200, Cyril Brulebois wrote:
> > > Kurt Roeckx (2013-08-21):
> > > > * Add Polish translation (Cl
On Thu, Feb 13, 2014 at 04:38:36PM +0300, Cyril Brulebois wrote:
> [ TL;DR: d-i FTBFS on sparc, what do we do now? ]
>
> Thomas Schmitt (2013-12-10):
> > Cyril Brulebois wrote:
> > > genisoimage: Error: './tmp/miniiso/cd_tree/boot/.' and
> > > './tmp/miniiso/cd_tree/boot/..' have the same ISO9660
On Mon, Apr 14, 2014 at 09:57:21PM +0200, Stefan Fritsch wrote:
> Am Montag, 14. April 2014, 21:18:46 schrieb Philipp Kern:
> > So I'd say that we should go and add ECDHE support to Apache as
> > suggested and also patch OpenSSL for the OS X bug as the
> > fingerprinting landed upstream and we woul
On Mon, Apr 14, 2014 at 10:07:30PM +0200, Kurt Roeckx wrote:
> On Mon, Apr 14, 2014 at 09:57:21PM +0200, Stefan Fritsch wrote:
> > Am Montag, 14. April 2014, 21:18:46 schrieb Philipp Kern:
> > > So I'd say that we should go and add ECDHE support to Apache as
> > >
On Sun, Apr 27, 2014 at 03:39:13PM +0200, Philipp Kern wrote:
> Hi,
>
> On Thu, Apr 17, 2014 at 06:46:00PM +0200, Kurt Roeckx wrote:
> > I would like to also add support for the padding extention in
> > stable. It's part of the 1.0.1g release.
>
> NACK, at
also adds the SSL_OP_SAFARI_ECDHE_ECDSA_BUG option.
+ * Actually restart the services when restart-without-asking is set.
+(Closes: #745801)
+
+ -- Kurt Roeckx Thu, 01 May 2014 15:06:05 +0200
+
openssl (1.0.1e-2+deb7u7) wheezy-security; urgency=high
* Non-maintainer upload by the Security
On Wed, May 07, 2014 at 10:34:43PM +0100, Adam D. Barratt wrote:
> On Thu, 2014-05-01 at 15:59 +0200, Kurt Roeckx wrote:
> > On Mon, Apr 14, 2014 at 09:57:21PM +0200, Stefan Fritsch wrote:
> > > Am Montag, 14. April 2014, 21:18:46 schrieb Philipp Kern:
> > > > So I&#
201 - 276 of 276 matches
Mail list logo
