** No longer affects: ssmtp (Ubuntu Trusty)
** No longer affects: ssmtp (Ubuntu Xenial)
** No longer affects: ssmtp (Ubuntu Zesty)
** No longer affects: ssmtp (Ubuntu Artful)
** No longer affects: gnutls26 (Ubuntu Xenial)
** No longer affects: gnutls26 (Ubuntu Zesty)
** No longer affects:
I agree with juliank's assessment in comment #22. The 2nd Trusty debdiff
allows md5 to be used throughout the entire cert chain which is
apparently not what Simon intended. I don't think it is the right
approach.
--
You received this bug notification because you are a member of Ubuntu
Touch
I see the NM one passes now, thanks for retrying it. The aria2 armhf
problem reliably fails though. I guess I'll have to setup a QEMU VM for
that arch and manually run the test to see what's going on.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
If you look at http://people.canonical.com/~ubuntu-archive/proposed-
migration/xenial/update_excuses.html#gnutls28 you'll see that aria2
failed on armhf, and network-manager on amd64.
network-manager looks like a temporary failure, I just retried that; and
aria2 - well, it fails to read CA
You can also look at http://people.canonical.com/~ubuntu-archive
/pending-sru.html of course, that lists all SRUs in any -proposed suite
and mention regressions in autopkgtest in the left column.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
@juliank, thanks for the update. I wasn't aware of the autopkgtest
failing for some reverse dependencies. Any pointers to those? I'm
determined to see this one though, but on Monday ;)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
@sdeziel we just hurried the zesty one up yesterday to make place for a
new SRU in zesty. And now it is weekend, and I'm not sure, but I don't
think updates are released during weekends. You could try pinging in
#ubuntu-release on Monday.
--
You received this bug notification because you are a
@sdeziel One problem here probably being that the updates are stuck due
to reverse dependencies failing autopkgtest and you not convincing
people that these failures are unrelated. If you don't push hard on that
kind of stuff, nothing really happens.
--
You received this bug notification because
The Xenial fix is identical to what went in Artful and Zesty so it
shouldn't be subject to any more review.
The review was requested to check if the different fix proposed for
Trusty was OK.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Ignore my last comment. You were asking about Xenial but it was the
Trusty SRU that was blocked on ubuntu-security review.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
@sdeziel ubuntu-security was asked to comment on it a few days ago. I've
just freed up enough to take a look.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1709193
Title:
It's been a while since the Xenial -proposed package have been
successfully validated. Is there anything preventing it from entering
-updates?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
@ubuntu-security -- could we have an oppinion on this patch which is
enabling %VERIFY_ALLOW_SIGN_RSA_MD5 for trusty. Looking to understand
if this is overly broad and therefore a security issue.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
So, I believe the proposed 2nd trusty might accidentally allow MD5
everywhere, when the problem only is root certificates with MD5 self
signatures. I believe this might be related:
https://gitlab.com/gnutls/gnutls/commit/b93ae1abf1b84fdc094f2474f1b2e4848081810e
But I'm not sure if it fixes the
This bug was fixed in the package gnutls28 - 3.5.6-4ubuntu4.2
---
gnutls28 (3.5.6-4ubuntu4.2) zesty; urgency=medium
* use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
which includes TLS1.2
On Truty with 2.12.23-12ubuntu2.9, the sSMTP client would abort the
StartTLS connection complaining it didn't support the signature
algorithm in use.
When validating I used a mail relay with a RSA-SHA256 cert signed by
CAcert.org. CAcert.org is (self-signed) RSA-MD5. It turned out that
Trusty
The trusty-proposed version (2.12.23-12ubuntu2.9) doesn't work and
introduces a regression preventing successful TLS/SSL connections. I'll
check if there is an easy fix for gnutls26.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Verified on Zesty with:
$ apt-cache policy libgnutls-openssl27:amd64
libgnutls-openssl27:
Installed: 3.5.6-4ubuntu4.2
Candidate: 3.5.6-4ubuntu4.2
Version table:
*** 3.5.6-4ubuntu4.2 500
500 http://archive.ubuntu.com/ubuntu zesty-proposed/main amd64 Packages
100
Verified on Xenial with:
$ apt-cache policy libgnutls-openssl27:amd64
libgnutls-openssl27:
Installed: 3.4.10-4ubuntu1.4
Candidate: 3.4.10-4ubuntu1.4
Version table:
*** 3.4.10-4ubuntu1.4 500
500 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages
100
Hello Simon, or anyone else affected,
Accepted gnutls28 into zesty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/gnutls28/3.5.6-4ubuntu4.2 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
This bug was fixed in the package gnutls28 - 3.5.8-6ubuntu2
---
gnutls28 (3.5.8-6ubuntu2) artful; urgency=medium
* use_normal_priority_for_openssl_sslv23.diff by Andreas Metzler:
OpenSSL wrapper: SSLv23_*_method translates to NORMAL GnuTLS priority,
which includes TLS1.2
** Description changed:
+ [Impact]
+
+ Applications using GnuTLS OpenSSL compat layer [1] are be unable to use
+ modern TLS versions (1.1 and 1.2) when relying on the
+ SSLv23_{client,server}_method functions.
+
+ There is an industry-wide push to use modern TLS versions, see [2] and
+ [3] for
ACK on the trusty, xenial and zesty debdiffs. Uploaded for processing by
the SRU team. Thanks!
** Changed in: gnutls26 (Ubuntu Trusty)
Status: Confirmed => In Progress
** Changed in: gnutls28 (Ubuntu Xenial)
Status: Confirmed => In Progress
** Changed in: gnutls28 (Ubuntu Zesty)
ACK on the artful debdiff. I've uploaded it now with a slight adjustment
to put the bug numbers in the patch tags. Thanks!
** Changed in: gnutls28 (Ubuntu Artful)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
** Also affects: ssmtp (Ubuntu Artful)
Importance: Undecided
Status: Invalid
** Also affects: gnutls26 (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: gnutls28 (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: ssmtp (Ubuntu
** Changed in: gnutls28 (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1709193
Title:
Unable to use TLSv1.1 or 1.2 with
** Patch added: "lp1709193-14.04.debdiff"
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1709193/+attachment/4930182/+files/lp1709193-14.04.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in
** Patch added: "lp1709193-17.04.debdiff"
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1709193/+attachment/4930181/+files/lp1709193-17.04.debdiff
** Also affects: gnutls26 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a
28 matches
Mail list logo
