Bug#766397: marked as done (emacs/gnus: Uses s_client to for SSL.)

[Debian Bug Tracking System]

Your message dated Sat, 22 Apr 2017 21:07:22 +0000
with message-id <e1d22fw-0006g5...@fasolo.debian.org>
and subject line Bug#766397: fixed in emacs24 24.5+1-10
has caused the Debian Bug report #766397,
regarding emacs/gnus: Uses s_client to for SSL.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
766397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: emacs23
Severity: serious
Tags: security

Hi,

It has come to my attention that Gnus is using s_client to set up
SSL connections to retrieve email.  Please stop using that.
s_client is a debug tool, it does not set up a secure connection,
it ignores all errors and just continues.  It also doesn't do
checks it should be doing.  This is all documented behaviour.

Please get rid of all documentation, configurations and examples
that tell you how to set it up using s_client.

I've also seen examples adding -ssl2 and -ssl3 which is really
really broken.


Kurt

--- End Message ---

--- Begin Message ---

Source: emacs24
Source-Version: 24.5+1-10

We believe that the bug you reported is fixed in the latest version of
emacs24, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 766...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rob Browning <r...@defaultvalue.org> (supplier of updated emacs24 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 22 Apr 2017 12:33:05 -0500
Source: emacs24
Binary: emacs24-lucid emacs24-lucid-dbg emacs24-nox emacs24-nox-dbg emacs24 
emacs24-dbg emacs24-bin-common emacs24-common emacs24-el
Architecture: source amd64 all
Version: 24.5+1-10
Distribution: unstable
Urgency: medium
Maintainer: Rob Browning <r...@defaultvalue.org>
Changed-By: Rob Browning <r...@defaultvalue.org>
Description:
 emacs24    - GNU Emacs editor (with GTK+ GUI support)
 emacs24-bin-common - GNU Emacs editor's shared, architecture dependent files
 emacs24-common - GNU Emacs editor's shared, architecture independent 
infrastructur
 emacs24-dbg - Debugging symbols for emacs24
 emacs24-el - GNU Emacs LISP (.el) files
 emacs24-lucid - GNU Emacs editor (with Lucid GUI support)
 emacs24-lucid-dbg - Debugging symbols for emacs24-lucid
 emacs24-nox - GNU Emacs editor (without GUI support)
 emacs24-nox-dbg - Debugging symbols for emacs24-nox
Closes: 766397
Changes:
 emacs24 (24.5+1-10) unstable; urgency=medium
 .
   * Don't segfault if gcc expects -nopie instead of -no-pie.
     Add 0027-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch, a
     backport from emacs25 (that closed #841551) to fix the problem.
     Thanks to Lucas Nussbaum and Aaron M. Ucko for reporting the
     problem, and Sven Joachim for tracking down the upstream patch.
 .
   * Don't offer/use openssl s_client by default: "s_client is a debug
     tool, it does not set up a secure connection, it ignores all
     errors and just continues.  It also doesn't do checks it should be
     doing.  This is all documented behaviour." -- Kurt Roeckx
     Add these patches to fix the problem:
       0028-IMAP-connections-no-longer-use-openssl-s_client.patch
       0029-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch
     Thanks to Kurt Roeckx for reporting the issue. (Closes: #766397)
Checksums-Sha1:
 8cf46365fb37790480d42eb93a9011f9e82b5f7d 2735 emacs24_24.5+1-10.dsc
 08998050ad3a0baf2990cfa29705c8b77f81adad 80488 emacs24_24.5+1-10.debian.tar.xz
 73831fabf035d35ae220601a0c390a80c08dd64f 259908 
emacs24-bin-common-dbgsym_24.5+1-10_amd64.deb
 bbaed360f046864c23f93ff6b60904f92a7adb7e 257522 
emacs24-bin-common_24.5+1-10_amd64.deb
 e33d55979450bafdc96601dd573da12011901e1f 12975482 
emacs24-common_24.5+1-10_all.deb
 fd55bc96c1524027aa71776cb9ca8977fa2c2cfc 4895070 
emacs24-dbg_24.5+1-10_amd64.deb
 594f49b2258e617f7cb259a074d5662c84667e79 15442082 emacs24-el_24.5+1-10_all.deb
 7f7dcc76f27bb83b6d2f7d38ce78a1c0c1e593c8 4945610 
emacs24-lucid-dbg_24.5+1-10_amd64.deb
 31139e74c85e434647f8d5b9e6550626fb68a27c 3549922 
emacs24-lucid_24.5+1-10_amd64.deb
 d0fdcfbc143010adc7e55638928289a6224704a1 3589510 
emacs24-nox-dbg_24.5+1-10_amd64.deb
 c63bd03f1472c7cfa954059d6c1de82f93a61e01 3136970 
emacs24-nox_24.5+1-10_amd64.deb
 d5186c51e03ccde265264841350f3c1b6e84d641 19247 
emacs24_24.5+1-10_amd64.buildinfo
 5efea7018819906d5253e14ec621fb7b50e0348f 3540550 emacs24_24.5+1-10_amd64.deb
Checksums-Sha256:
 ea65a9ffa987a698f1e143a62c3c470cba0a94e239737f573ee2002b540f095a 2735 
emacs24_24.5+1-10.dsc
 27ff288faf2f043e8fbdcd7a92ec4f2cd2fdad05a0f9b95c9b9583d5e1a3639a 80488 
emacs24_24.5+1-10.debian.tar.xz
 3f2e23623cb0871a71780a866623e5c47dccf8271e748860ec36e59f466b3045 259908 
emacs24-bin-common-dbgsym_24.5+1-10_amd64.deb
 6907422f8cbb19b659a8ad74d505891fa110e31c5f72c033b2b0f885321af7a4 257522 
emacs24-bin-common_24.5+1-10_amd64.deb
 5de75e1df0c66d141769e11e64761d7c01a8680d83db412444be34037b33cf3c 12975482 
emacs24-common_24.5+1-10_all.deb
 688f425beae1d4207482b4d3d772af185c888ad587bfd1fc235ce1c863777b65 4895070 
emacs24-dbg_24.5+1-10_amd64.deb
 52974ebfd0bc32837c8419153872b194d260893dbda703aa2ad9d60aba73e29b 15442082 
emacs24-el_24.5+1-10_all.deb
 f0f134fde1a345be6206be520962a0a71fb073d71bd86e315dc08846e231bc43 4945610 
emacs24-lucid-dbg_24.5+1-10_amd64.deb
 a4c466ee47f5b7dc406b53b320de884ffb0230ebdd5345edd70bbd69cbe5aa08 3549922 
emacs24-lucid_24.5+1-10_amd64.deb
 22315a9810cd4861e5437dc3702d9883e3c01c2642e24d8971359e8856dad698 3589510 
emacs24-nox-dbg_24.5+1-10_amd64.deb
 79a70f722ba15fc5daab08c0560807369c3f0bea2fbdd565cdb1297babccdb8c 3136970 
emacs24-nox_24.5+1-10_amd64.deb
 4a183ebb3aeb76bff583f0554d6e042b32d61d27ef1cd6eb4d5d8d6915623baa 19247 
emacs24_24.5+1-10_amd64.buildinfo
 db696bedf376c1cd812fa9db640acf66abdc3ec295d2655c3ff4f31d8ea649a7 3540550 
emacs24_24.5+1-10_amd64.deb
Files:
 7b7ef7a0a2a9277f14ea8c23ed62699c 2735 editors optional emacs24_24.5+1-10.dsc
 9b78aaf62b2efebc30aa91b17be8485a 80488 editors optional 
emacs24_24.5+1-10.debian.tar.xz
 7fafc2501b6fb80dde49b2cd8f7a9243 259908 debug extra 
emacs24-bin-common-dbgsym_24.5+1-10_amd64.deb
 27de80d2c350a90269a54a374550fc89 257522 editors optional 
emacs24-bin-common_24.5+1-10_amd64.deb
 09911f96b147eba8c2e58c74ec69add7 12975482 editors optional 
emacs24-common_24.5+1-10_all.deb
 433eb8e24b1e1c22a3cd072a7e1649b1 4895070 debug extra 
emacs24-dbg_24.5+1-10_amd64.deb
 cc6afb933af1fb304ee723bef5676c0e 15442082 editors optional 
emacs24-el_24.5+1-10_all.deb
 60947ea98d70cd6f8de7d6827f1b9aa8 4945610 debug extra 
emacs24-lucid-dbg_24.5+1-10_amd64.deb
 8cb9c7c1ba72394b40153c88011132b0 3549922 editors optional 
emacs24-lucid_24.5+1-10_amd64.deb
 04b179a51400774596d30e6850dfd171 3589510 debug extra 
emacs24-nox-dbg_24.5+1-10_amd64.deb
 d023485a562d4de82b323f866393da15 3136970 editors optional 
emacs24-nox_24.5+1-10_amd64.deb
 13f99a13d111ab5785c421251811eb2b 19247 editors optional 
emacs24_24.5+1-10_amd64.buildinfo
 1b081bd49ba04efcb3302be865c215fd 3540550 editors optional 
emacs24_24.5+1-10_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEPTFSABe5ruOuhW+97vEWxVpaQvEFAlj7siIVHHJsYkBkZWZh
dWx0dmFsdWUub3JnAAoJEO7xFsVaWkLxvw0P/0bAPQPC29MB67VPo0to8WHCMW2x
KihyU+dCn9z7w++9Zmlt/2jY7ZWdwDQGKIqQ1tRSogE8Dn6MegzIg7/YBAdoFnCK
PZhNKo2zUMXldLMPkNjqVokjunB/ahnlxVaQiv5sHoGr9UjLMh24YvIGa3tQF/hF
Yxp+qlqgArzFlADtdi7JLK0Kfu9w6NPjQTHAzQgJmL36Nm6WLucIzruq2wBFnkc8
UAPQMJKm3qFhtvXuRoXblNH2O6Qd0GFXMnG/POLMJJAW96Bm/tUESodkWB0k70y3
hJXl0dYwuhD5CoExe9fHL9Ir/sI5Fdh+61KCe+Bv8K4P3sQ+o2GfJCoaiDsGtLvK
QyEvu9fyfVdE8Zamn9GB5J/FBcP0Mt1VikRPSGU1e5XNNVbnHZmYALbzt+/WT2v2
4H9PKxIubB0jsDxsIzkAZEja73kjSbOC4ZCSkIwK4ChujtAUMvCyt7RFgtMKuOep
ZxITuU7L4WJqpnaqsC1r5O0ypv+nwKZHqdRojxWgSMo7mu25ZOSO8Jo1yX18kIgq
i0bo/P2INqNi99m81fHGVPLRhtpdqUdsipML0moyajZECV874RCXFPka3JnJORbU
BWdG4pPQkJ1Ml1RhvmZyxjC1kRLGyf74mdkAZ278eHucgFoBJs8qnc1KtiZgla4b
3Qz1NY8lxm1N7CgC
=ILiW
-----END PGP SIGNATURE-----

--- End Message ---