Your message dated Tue, 27 Mar 2012 18:48:16 +0000
with message-id <e1scbri-0000mg...@franck.debian.org>
and subject line Bug#658276: fixed in curl 7.25.0-1
has caused the Debian Bug report #658276,
regarding libcurl3: No more compatible with older SSL implementations
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
658276: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658276
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libcurl3
Version: 7.21.0-2.1+squeeze1, 7.24.0-1
Severity: grave
Hi,
After the upgrade from 7.21.0-2 or 7.23.1-3 some sites stop to
work while others continue to work.
My guess is that this is related to the CVE-2011-3389 change.
If my memory is any good, the reason why openssl still does
something with that option is because not all implementations
work without it. I think I at least saw a blog post about
the state of that issue a few months ago.
I can reproduce this with:
$ curl https://www.eboekhuis.nl
curl: (52) Empty reply from server
Downgrading libcurl3 fixes my issue.
Kurt
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.25.0-1
We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive:
curl_7.25.0-1.debian.tar.gz
to main/c/curl/curl_7.25.0-1.debian.tar.gz
curl_7.25.0-1.dsc
to main/c/curl/curl_7.25.0-1.dsc
curl_7.25.0-1_i386.deb
to main/c/curl/curl_7.25.0-1_i386.deb
curl_7.25.0.orig.tar.gz
to main/c/curl/curl_7.25.0.orig.tar.gz
libcurl3-dbg_7.25.0-1_i386.deb
to main/c/curl/libcurl3-dbg_7.25.0-1_i386.deb
libcurl3-gnutls_7.25.0-1_i386.deb
to main/c/curl/libcurl3-gnutls_7.25.0-1_i386.deb
libcurl3-nss_7.25.0-1_i386.deb
to main/c/curl/libcurl3-nss_7.25.0-1_i386.deb
libcurl3_7.25.0-1_i386.deb
to main/c/curl/libcurl3_7.25.0-1_i386.deb
libcurl4-gnutls-dev_7.25.0-1_i386.deb
to main/c/curl/libcurl4-gnutls-dev_7.25.0-1_i386.deb
libcurl4-nss-dev_7.25.0-1_i386.deb
to main/c/curl/libcurl4-nss-dev_7.25.0-1_i386.deb
libcurl4-openssl-dev_7.25.0-1_i386.deb
to main/c/curl/libcurl4-openssl-dev_7.25.0-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 658...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <al3x...@gmail.com> (supplier of updated curl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 23 Mar 2012 16:24:51 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev
libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg
Architecture: source i386
Version: 7.25.0-1
Distribution: unstable
Urgency: low
Maintainer: Ramakrishnan Muthukrishnan <rkrish...@debian.org>
Changed-By: Alessandro Ghedini <al3x...@gmail.com>
Description:
curl - command line tool for transferring data with URL syntax
libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour)
libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS
flavour)
libcurl4-nss-dev - development files and documentation for libcurl (NSS
flavour)
libcurl4-openssl-dev - development files and documentation for libcurl
(OpenSSL flavour)
Closes: 658276 659591
Changes:
curl (7.25.0-1) unstable; urgency=low
.
* New upstream release
- Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (Closes: #658276)
- Allow negative numbers as option value (Closes: #659591)
* Add libssh2-1-dev to libcurl4-gnutls-dev and libcurl4-nss-dev Depends
* Bump debhelper compat level to 9
- Make *.links files executable to simplify rules file
* Pass --as-needed ld flag to avoid unneeded dependencies
- Add workaround_as_needed_bug to workaround a libtool bug
- Drop dont_link_to_krb5 (not needed because of --as-needed)
* Do some clean-up in debian/rules
* Update debian/copyright format as in Debian Policy 3.9.3
* Bump Standards-Version to 3.9.3
* Explicit Conflicts in -dev packages (fixes binaries-have-file-conflict)
* Add openssh-server to build depends to enable some more tests
* Update upstream copyright years
* Refresh patches
Checksums-Sha1:
cbdb81e41db82b1c80a5c78afbf9595bcc520d98 1913 curl_7.25.0-1.dsc
5711ab08be96910b5ad8354a4331b17ffdd5876d 3064610 curl_7.25.0.orig.tar.gz
3bf6c79bc1bdaa97314a4686f4cc7349c84b1524 29819 curl_7.25.0-1.debian.tar.gz
82a6c6beab994cef3f85f1a5f0f7ee13ee9aff2f 270388 curl_7.25.0-1_i386.deb
173e5a1d7104d25aea92f569f92f00c7acb8fb26 341984 libcurl3_7.25.0-1_i386.deb
05b6ab05024e89b5af0086def9b5bc288e338957 333028
libcurl3-gnutls_7.25.0-1_i386.deb
23192f106933a5459db27bfd62ebfbeb12a27894 338778 libcurl3-nss_7.25.0-1_i386.deb
c04b4a2ef0ef331913b890f22204fee26e99cec8 1238986
libcurl4-openssl-dev_7.25.0-1_i386.deb
0dad37661b07c04e3defcc1216d86fb956427bee 1231570
libcurl4-gnutls-dev_7.25.0-1_i386.deb
c15c65fbc9b50c8fd4f683895ed46f997da7e8a3 1236402
libcurl4-nss-dev_7.25.0-1_i386.deb
fdd719f28ff55f335b62a1fed332717954ed84fa 2823026 libcurl3-dbg_7.25.0-1_i386.deb
Checksums-Sha256:
846dd6415936247a4cd02c892fd1b51542818c6c5c32c8ca832ee7d5ebb46625 1913
curl_7.25.0-1.dsc
622d571aac4f0176890bd79cc62dbd217e3e3a8997de6ded229024fe39ce635f 3064610
curl_7.25.0.orig.tar.gz
0907ac61f5191b436c8699e1d3cbf296b539c6d7068b9725ae0de78193645b10 29819
curl_7.25.0-1.debian.tar.gz
73bca4ba932b900575f1d4fabcd249b27732dd7abd03d4d79efea45ef98bb90c 270388
curl_7.25.0-1_i386.deb
a1b87d6509932ec0c989af49148df97a877ea1b9a3fb34450836256154d8dce4 341984
libcurl3_7.25.0-1_i386.deb
c1b348de9d98f1e49aa55829727a62f7df0e0c61a1b26260abd7691bc32b5ee7 333028
libcurl3-gnutls_7.25.0-1_i386.deb
1103f13e3774580b6e5015c02b63a0628fabf7fd8b20c0dc1d7b5206d4c2df6f 338778
libcurl3-nss_7.25.0-1_i386.deb
257da78c24bb7a583f830ab957fa6ebf0a6fb5e1cade3a3d73bdc65ed71da686 1238986
libcurl4-openssl-dev_7.25.0-1_i386.deb
ae20638976dd9b0930d784cc8113f97fc3c80f79e8065e970cc171aa81dd066f 1231570
libcurl4-gnutls-dev_7.25.0-1_i386.deb
e5e80eebb5cd5a88404abf2c425cab441afca99f905931ad0c09f41b4dffa82f 1236402
libcurl4-nss-dev_7.25.0-1_i386.deb
3399af41daf01c52f572db422258a3a746f1908e9b1822925f2c9550bb193833 2823026
libcurl3-dbg_7.25.0-1_i386.deb
Files:
fc38daa1a8c152fda24199d8dae21507 1913 web optional curl_7.25.0-1.dsc
a56cbe2778b09769f8a5ba17d8f4d92a 3064610 web optional curl_7.25.0.orig.tar.gz
aa9d396e5958528c3c08051846482408 29819 web optional curl_7.25.0-1.debian.tar.gz
0ba7de04a945bb09aeb6841cb0a2dc72 270388 web optional curl_7.25.0-1_i386.deb
c72c0f0da71655cbe4cedfe8bd55ab80 341984 libs optional
libcurl3_7.25.0-1_i386.deb
9bc6dcbeef3e6fb7b0651f1ea6244950 333028 libs optional
libcurl3-gnutls_7.25.0-1_i386.deb
94fe7d21d4716982d7a1a40c6eb9dd64 338778 libs optional
libcurl3-nss_7.25.0-1_i386.deb
0a9ebd6509318208d6553a16419fb288 1238986 libdevel optional
libcurl4-openssl-dev_7.25.0-1_i386.deb
5e830b7dc27a67de2e5a35b174fd8921 1231570 libdevel optional
libcurl4-gnutls-dev_7.25.0-1_i386.deb
ac052d4e8a1065498c3261c49e1d7d5f 1236402 libdevel optional
libcurl4-nss-dev_7.25.0-1_i386.deb
ea45353ea4a898510f6e2ef8652d5de8 2823026 debug extra
libcurl3-dbg_7.25.0-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk9yCIIACgkQ5UTeB5t8Mo3ZjwCgjlvX4o899M1Qg6Qm2hzSJQ/n
aNYAn2PTMcrgaFhum7giC2Xh6bqk6Xkh
=K4uu
-----END PGP SIGNATURE-----
--- End Message ---
