Bug#732972: marked as done (New openssl breaks ssh)

[Debian Bug Tracking System]

Your message dated Mon, 23 Dec 2013 13:47:27 +0100
with message-id <20131223124727.ga17...@roeckx.be>
and subject line Re: [Pkg-openssl-devel] Bug#732972: New openssl breaks ssh
has caused the Debian Bug report #732972,
regarding New openssl breaks ssh
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
732972: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732972
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package: openssl
Version: 1.0.1e-5
Severity: critical

The newest openssl breaks ssh. Afterwards no login is possible anymore
to the system via ssh!

   OpenSSL version mismatch. Built against 1000105f, you have 10001060

- -- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (800, 'unstable'), (600, 'oldstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11.6 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to 
de_DE)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc6        2.17-97
ii  libssl1.0.0  1.0.1e-5

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20130906

- -- Configuration Files:
/etc/ssl/openssl.cnf changed:
HOME                    = .
RANDFILE                = $ENV::HOME/.rnd
oid_section             = new_oids
[ new_oids ]
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
[ ca ]
default_ca      = CA_default            # The default ca section
[ CA_default ]
dir             = ./demoCA              # Where everything is kept
certs           = $dir/certs            # Where the issued certs are kept
crl_dir         = $dir/crl              # Where the issued crl are kept
database        = $dir/index.txt        # database index file.
                                        # several ctificates with same subject.
new_certs_dir   = $dir/newcerts         # default place for new certs.
certificate     = $dir/cacert.pem       # The CA certificate
serial          = $dir/serial           # The current serial number
crlnumber       = $dir/crlnumber        # the current crl number
                                        # must be commented out to leave a V1 
CRL
crl             = $dir/crl.pem          # The current CRL
private_key     = $dir/private/cakey.pem# The private key
RANDFILE        = $dir/private/.rand    # private random number file
x509_extensions = usr_cert              # The extentions to add to the cert
name_opt        = ca_default            # Subject Name options
cert_opt        = ca_default            # Certificate field options
default_days    = 1095                  # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md      = sha1                  # use public key default MD
preserve        = no                    # keep passed DN ordering
policy          = policy_match
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
[ req ]
default_bits            = 4096
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = utf8only
[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = CH
countryName_min                 = 2
countryName_max                 = 2
commonName                      = Common Name (e.g. server FQDN or YOUR name)
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_max                = 64
emailAddress_default            = kl...@ethgen.de
[ req_attributes ]
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment                       = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
basicConstraints=CA:FALSE
nsComment                       = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
[ tsa ]
default_tsa = tsa_config1       # the default TSA section
[ tsa_config1 ]
dir             = ./demoCA              # TSA root directory
serial          = $dir/tsaserial        # The current serial number (mandatory)
crypto_device   = builtin               # OpenSSL engine to use for signing
signer_cert     = $dir/tsacert.pem      # The TSA signing certificate
                                        # (optional)
certs           = $dir/cacert.pem       # Certificate chain to include in reply
                                        # (optional)
signer_key      = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy  = tsa_policy1           # Policy if request did not specify it
                                        # (optional)
other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
digests         = md5, sha1             # Acceptable message digests (mandatory)
accuracy        = secs:1, millisecs:500, microsecs:100  # (optional)
clock_precision_digits  = 0     # number of digits after dot. (optional)
ordering                = yes   # Is ordering defined for timestamps?
                                # (optional, default: no)
tsa_name                = yes   # Must the TSA name be included in the reply?
                                # (optional, default: no)
ess_cert_id_chain       = no    # Must the ESS cert id chain be included?
                                # (optional, default: no)


- -- no debconf information

- -- 
Klaus Ethgen                              http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16   Klaus Ethgen <kl...@ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQGcBAEBCgAGBQJSuCVmAAoJEKZ8CrGAGfasFw8MAMB49PRI6dZO771eV1nHQZ9n
9K0guI7K02VyQT9SI5BUJm5csLI6Sp83FCz09/sNarMpLN1vWsZjLAwOBaTmlbGs
hZvfEBqy6AZlztLhlfLwj7aoXigGJAOk4ipc3onTwp0FXgfBcP3jMRzuoytj4KqP
0eAqmqu9aSD9UPZblsrPTd+CbDtTrICpIlGx3K2cypGiPp0fdNOqcl42PChYvYoI
bEk45opFGXNOXomWAGPLSPjlJLbqGHYKzGQ+7kobYqpsPRC1PQ3DvRcX1J9n+8NC
2kYtwwaIR8gM0meDMqk2tVVsxl60zVhbpvF6B35ydxXlo3GcrVd2oJh4V4byqN08
CpNZn0SfMV9eJxVloIMNVRu30LqbQwVdbqjBpuk42h8DFfkzkDgswC+Yt/rOwikM
J28hM0/VdTlrt1UUZ3rpsDEqGZZyuEkpsd315FGS5G8glxGhTSk2dHqAI1edi5Ii
uLyayk60A4TiSCmJn/6DeqKEKY8JGZ3Xj2xkt4YqEA==
=t5jE
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

On Mon, Dec 23, 2013 at 12:58:33PM +0100, Klaus Ethgen wrote:
> Package: openssl
> Version: 1.0.1e-5
> Severity: critical
> 
> The newest openssl breaks ssh. Afterwards no login is possible anymore
> to the system via ssh!
> 
>    OpenSSL version mismatch. Built against 1000105f, you have 10001060

Please upgrade your openssh packages or downgrade your libssl1.0.0
package.


Kurt

--- End Message ---