Bug#611102: marked as done (openssl: backwards-incompatible changes in c_rehash)

Wed, 13 Apr 2011 15:45:20 -0700 

Your message dated Wed, 13 Apr 2011 22:43:13 +0000
with message-id <e1qa8mh-0008bv...@franck.debian.org>
and subject line Bug#611102: fixed in openssl 1.0.0d-2
has caused the Debian Bug report #611102,
regarding openssl: backwards-incompatible changes in c_rehash
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
611102: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611102
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: openssl
Version: 1.0.0c-2
Severity: important

From x509(1ssl) manpage:

| The hash algorithm used in the -subject_hash and -issuer_hash options before
| OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding of 
the
| distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical
| version of the DN using SHA1. This means that any directories using the old
| form must have their links rebuilt using c_rehash or similar.
Unfortunately that also means that if c_rehash is run on /etc/ssl/certs/ (e.g. by ca-certificates postinst), packages using GnuTLS or older OpenSSL won't be able to find certificates anymore. 

Here's a proposed patch:
http://rt.openssl.org/Ticket/Display.html?id=2272&user=guest&pass=guest
(Though IMO compatibility symlinks should be created unconditionally.)

--
Jakub Wilk

--- End Message ---
--- Begin Message --- 
Source: openssl
Source-Version: 1.0.0d-2

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:

libcrypto1.0.0-udeb_1.0.0d-2_amd64.udeb
  to main/o/openssl/libcrypto1.0.0-udeb_1.0.0d-2_amd64.udeb
libssl-dev_1.0.0d-2_amd64.deb
  to main/o/openssl/libssl-dev_1.0.0d-2_amd64.deb
libssl-doc_1.0.0d-2_all.deb
  to main/o/openssl/libssl-doc_1.0.0d-2_all.deb
libssl1.0.0-dbg_1.0.0d-2_amd64.deb
  to main/o/openssl/libssl1.0.0-dbg_1.0.0d-2_amd64.deb
libssl1.0.0_1.0.0d-2_amd64.deb
  to main/o/openssl/libssl1.0.0_1.0.0d-2_amd64.deb
openssl_1.0.0d-2.debian.tar.gz
  to main/o/openssl/openssl_1.0.0d-2.debian.tar.gz
openssl_1.0.0d-2.dsc
  to main/o/openssl/openssl_1.0.0d-2.dsc
openssl_1.0.0d-2_amd64.deb
  to main/o/openssl/openssl_1.0.0d-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 611...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <k...@roeckx.be> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Apr 2011 22:36:49 +0200
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc 
libssl1.0.0-dbg
Architecture: source all amd64
Version: 1.0.0d-2
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <k...@roeckx.be>
Description: 
 libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl-doc - SSL development documentation documentation
 libssl1.0.0 - SSL shared libraries
 libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 611102
Changes: 
 openssl (1.0.0d-2) unstable; urgency=high
 .
   * Make c_rehash also generate the old subject hash.  Gnutls applications
     seem to require it.  (Closes: #611102)
Checksums-Sha1: 
 c81c91a8e87b80a685ec6ee335a33702b593a012 1952 openssl_1.0.0d-2.dsc
 72ccc9720bfa517d5c2437f7d4fc4a2edfe05f53 79205 openssl_1.0.0d-2.debian.tar.gz
 5cdd305ba78a716f37d39f90fb01dc8b70964942 1192494 libssl-doc_1.0.0d-2_all.deb
 ffa1a8edbb0371a74f36152306e6454ea9eb10c0 686870 openssl_1.0.0d-2_amd64.deb
 440e7e8ca00b949a63a798bd35fc412c8cddc072 1147472 libssl1.0.0_1.0.0d-2_amd64.deb
 e5b77fcb1b2b5cdbb34d43794d6417ac2914346c 726410 
libcrypto1.0.0-udeb_1.0.0d-2_amd64.udeb
 8b569d6c2d646376c79e5f0240c81619ec0836ab 1643204 libssl-dev_1.0.0d-2_amd64.deb
 e3c89302f73c59736e7fd33378d793a8df1651c7 2229788 
libssl1.0.0-dbg_1.0.0d-2_amd64.deb
Checksums-Sha256: 
 9ee62da640de7e62c36cede4c8732e2d19b85743f3c87f679a8f47c7ff510802 1952 
openssl_1.0.0d-2.dsc
 1afe99ed97b4076e26d8a8278d89709cbb3c17d26213a045cb386e1907ab6081 79205 
openssl_1.0.0d-2.debian.tar.gz
 f037cf2eecdf97286ebd6252c38302e5a551760c072060777b7949425c54177a 1192494 
libssl-doc_1.0.0d-2_all.deb
 8e2c121735621904a899a1aaf4ceb201708caa3695f36ac60643ae3e51d8420c 686870 
openssl_1.0.0d-2_amd64.deb
 50602dbc5a8a7b4c78b191a80d23ecdcde7d8971c6895d348ea890336cf16555 1147472 
libssl1.0.0_1.0.0d-2_amd64.deb
 e9290b5562794b9706e3244c475b7e7c4558260586ef9fbca96b1cebc15b635f 726410 
libcrypto1.0.0-udeb_1.0.0d-2_amd64.udeb
 390dbede557dee7c860177dc9b95ab4a84e7faf360792541b4bc96eea67a8ae3 1643204 
libssl-dev_1.0.0d-2_amd64.deb
 ec2444d276e6138df322a62a01a3d628a32bc9df1d7d4fcf0aeea5a7df77cb03 2229788 
libssl1.0.0-dbg_1.0.0d-2_amd64.deb
Files: 
 4163a003ec6c472c648e7096c36bb963 1952 utils optional openssl_1.0.0d-2.dsc
 be7ff183ae9235985883ac9c76519026 79205 utils optional 
openssl_1.0.0d-2.debian.tar.gz
 a211db5c50b7822491c5a0e844038615 1192494 doc optional 
libssl-doc_1.0.0d-2_all.deb
 a8bf3c820cecd9202c7364939cb82d68 686870 utils optional 
openssl_1.0.0d-2_amd64.deb
 06a2b3d3a8056b14205ec362618adda2 1147472 libs important 
libssl1.0.0_1.0.0d-2_amd64.deb
 6cb10236228b7c8ea970c855493b52c7 726410 debian-installer optional 
libcrypto1.0.0-udeb_1.0.0d-2_amd64.udeb
 4eb897f5c5a0eb736f1428e51aa0f7a9 1643204 libdevel optional 
libssl-dev_1.0.0d-2_amd64.deb
 c7425644747b66cbabc25ac25e5aec30 2229788 debug extra 
libssl1.0.0-dbg_1.0.0d-2_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJNpg8uAAoJEGpMZM6DE7XwGJUP/Aygya76L/cE2KZBFanjANeL
flKCVmpXWKL6DIdDW2mhH2Lhb/YyQNdOAd5FgdvaqRYzjX8aLNWWGEdUTnMLDwmp
VSbpk2Hlb6weMVdmzwS6RHWePahSLPlPNplJoiti+2Jv2t+e9t58zTujMRhqcDnh
4EZAhHFZ25h0VUWMwL2X222EFVik+Epo9Il/5Pp+hGeIRNRJz63hAoNor0pKu5ps
8G12+uDIIwzh7oKL7ki69QRvd3vERoMT4A7+LbR4WmbowzERB5M18suvINxsgssz
WOG8Z4FIMAR0o+EmSVIm7W2sdq7tZg5Yb69xcvTZ4XZIpPq0klHDBuzwvbjh34MF
poKRENDXalKYeoEzOkAPWhO47awn4Lm3iwqKDufiEqdy/5/gOta19e2VMreVU9/m
J+92uB+hbfp6zXPDy3BdhLdbG9qSTNlVxhg0lnYmYsDYxRmss6ccv6Hee2llb16f
lS95ZotMlQwMfvRK7Aj9UmvRXKj3do32F6zTogocxCgYrKu2ayVpD2mFR/qXXrxA
nSUY4RmB79fyBEczXqxc4v88d33QDMlLWe4S11A0eOeuXL/f7edChYY8VXCmurvQ
N4eN9fHEvdVoBQpr/XiA0s01mB2K0PHU2rqJGdD2poq38WBFxnxcAfJMJzav/YOg
EKfVFbfNKVA3ymSqP//3
=o/WF
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to