Bug#916683: libgnutls30: breaks msmtp 1.6.7-1

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#916683: libgnutls30: breaks msmtp 1.6.7-1

Jonas Smedegaard
Package: libgnutls30
Version: 3.6.5-2
Severity: serious
Justification: Policy 3.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I use msmtp, and it worked fine until few days ago,
with msmtp 1.6.7-1 and libgnutls30 3.5.19-1+b1.

Upgrading to libgnutls30 3.6.5-2 breaks msmtp:
Any attempt at connecting to a TLS-secured site gets disconnected.

Seems liek backwards-incompatible ABI change to me,
which I believe should be handled in coordination with its
reverse dependencies.  Hence the severity.

 - Jonas

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlwXhkIACgkQLHwxRsGg
ASE9yxAAhKWYFkAKdHem+DVzuK5vcym4ZgiGoK12JIkRpTkX7g/CdgoA4lXyszNJ
sdV87pI6ViiE6Y4ZTl+/81vhiJ52TnDq6XJnwGlHp8+BeXHc87ERMHkC4wbdoqxa
vZgpBkQ8Nb7gsZ6JA5ZEgVBbJ826zcdTvaCQseVsFghfE6RGUfOMba2U4k0D9YHZ
DPWDVHyJhIDgRmM9wm27xBFTPmHQ8llJbnkgoP+DcnTC9HC49vq50el5HtS1tkq8
tUsR3imRQc9AFqSv8d5Q5HOr9aE0UoDt43fPsa/3SNhAos7CYhYiCkELdj1fwmo9
Mea7rk4Huxn6BgXJPY/F4UADs3+rueMSi/Te6PEHERM1Zb0HFOoGQNI4E+F/y6bF
l3ArA8ZncmOmKe29ES3CIQ4T329O68RlEcL/UEJp76l1wsV9kXTZ0234gzCkrsUr
7OkqYtHGetSikBlknN2v5qBWPUJ9QiueTfVwNqg8vlfxBL3NhC0KmMpcEhbgRgqH
50Il1fKutIqO2n7U+DKpvzJ/WiKB1W9bTKqM4KLdEixYF1ie1HTMgxMvN+pCrMRD
IIAUOg23hMmHfoxoUCqNYlZBGogqYsThvziAQOBbLugWlKroAO3t/X5dQWS0igBr
qcCr19oAvsio4BUWBpKlgi+3YUY9o9g9Y/tp4mRtV+iAdWaUKi4=
=fl8q
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Processed: Re: Bug#916683: libgnutls30: breaks msmtp 1.6.7-1

Debian Bug Tracking System
Processing control commands:

> reassign -1 msmtp 1.6.7-1
Bug #916683 [libgnutls30] libgnutls30: breaks msmtp 1.6.7-1
Bug reassigned from package 'libgnutls30' to 'msmtp'.
No longer marked as found in versions gnutls28/3.6.5-2.
Ignoring request to alter fixed versions of bug #916683 to the same values previously set
Bug #916683 [msmtp] libgnutls30: breaks msmtp 1.6.7-1
Marked as found in versions msmtp/1.6.7-1.
> tags -1 fixed-upstream
Bug #916683 [msmtp] libgnutls30: breaks msmtp 1.6.7-1
Added tag(s) fixed-upstream.

--
916683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916683
Debian Bug Tracking System
Contact [hidden email] with problems

Reply | Threaded
Open this post in threaded view
|

Bug#916683: libgnutls30: breaks msmtp 1.6.7-1

Jonas Smedegaard
In reply to this post by Jonas Smedegaard
Quoting Andreas Metzler (2018-12-17 19:37:05)
> On 2018-12-17 Jonas Smedegaard <[hidden email]> wrote:
> > I use msmtp, and it worked fine until few days ago,
> > with msmtp 1.6.7-1 and libgnutls30 3.5.19-1+b1.
>
> > Upgrading to libgnutls30 3.6.5-2 breaks msmtp:
> > Any attempt at connecting to a TLS-secured site gets disconnected.
>
> FWIW I have had successful connections against exim4 (gnutls 3.5 and
> 3.6). Which host are you trying to connect to?

Sorry for exaggerating!

The hosts I experienced problems with are mail.jones.dk and
mail.homebase.dk - both running Postfix on Debian stable (which made me
rule out them as cause for blame, but...) both of them managed by myself
with various attempts at tightening security, so I realize now that I
may possibly have exposed bugs in unusual setups rather than common
ones.

Both systems are running in production so I am not happy doing drastic
experiments on them - but on the other hand they are public accessible
so available for testing this bug if needed.


 - Jonas

--
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#916683: libgnutls30: breaks msmtp 1.6.7-1

Andreas Metzler-2
On 2018-12-17 Jonas Smedegaard <[hidden email]> wrote:
> Quoting Andreas Metzler (2018-12-17 19:37:05)
[msmtp / GnuTLS 3.6 breaks]
>> FWIW I have had successful connections against exim4 (gnutls 3.5 and
>> 3.6). Which host are you trying to connect to?

> Sorry for exaggerating!

Not at all.

> The hosts I experienced problems with are mail.jones.dk and
> mail.homebase.dk - both running Postfix on Debian stable (which made me
> rule out them as cause for blame, but...) both of them managed by myself
> with various attempts at tightening security, so I realize now that I
> may possibly have exposed bugs in unusual setups rather than common
> ones.

It might be the other way round, GnuTLS servers the only ones not
triggering the issue.

> Both systems are running in production so I am not happy doing drastic
> experiments on them - but on the other hand they are public accessible
> so available for testing this bug if needed.

Thanks! FWIW as a temporary workaround you can invoke msmtp with
--tls-priorities=NORMAL:-VERS-TLS1.3

cu Andreas

--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Reply | Threaded
Open this post in threaded view
|

Bug#916683: libgnutls30: breaks msmtp 1.6.7-1

Fritz Reichwald-2
The issue is caused by a bug in msmtp which is already fixed in 1.8.1
https://gitlab.marlam.de/marlam/msmtp/issues/21

After I removed the patch in debian/patches that fixes only some typos
in the manpage but does not apply any longer with 1.8.1 sources the
package builds just fine. So hopefully the maintainer finds some time to
package the new release soon.

Until then just grab the sources from the repo and fetch the new
upstream sources with uscan, remove the patch and build it locally.

Best regards
Fritz

--
Fritz Reichwald
Linux Consultant
Tel: +49 160 8452444
Mail: [hidden email]

B1 Systems GmbH
Osterfeldstra├če 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#916683: libgnutls30: breaks msmtp 1.6.7-1

Andreas Metzler-2
In reply to this post by Andreas Metzler-2
On 2018-12-18 Andreas Metzler <[hidden email]> wrote:
> On 2018-12-17 Jonas Smedegaard <[hidden email]> wrote:
[...]
> > The hosts I experienced problems with are mail.jones.dk and
> > mail.homebase.dk - both running Postfix on Debian stable (which made me
[...]
> Thanks! FWIW as a temporary workaround you can invoke msmtp with
> --tls-priorities=NORMAL:-VERS-TLS1.3

I have just tested with msmtp 1.8.1, it works.

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Reply | Threaded
Open this post in threaded view
|

Bug#916683: marked as done (libgnutls30: breaks msmtp 1.6.7-1)

Debian Bug Tracking System
In reply to this post by Jonas Smedegaard
Your message dated Mon, 07 Jan 2019 17:22:24 +0000
with message-id <[hidden email]>
and subject line Bug#916683: fixed in msmtp 1.8.1-1
has caused the Debian Bug report #916683,
regarding libgnutls30: breaks msmtp 1.6.7-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
916683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916683
Debian Bug Tracking System
Contact [hidden email] with problems

Package: libgnutls30
Version: 3.6.5-2
Severity: serious
Justification: Policy 3.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I use msmtp, and it worked fine until few days ago,
with msmtp 1.6.7-1 and libgnutls30 3.5.19-1+b1.

Upgrading to libgnutls30 3.6.5-2 breaks msmtp:
Any attempt at connecting to a TLS-secured site gets disconnected.

Seems liek backwards-incompatible ABI change to me,
which I believe should be handled in coordination with its
reverse dependencies.  Hence the severity.

 - Jonas

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlwXhkIACgkQLHwxRsGg
ASE9yxAAhKWYFkAKdHem+DVzuK5vcym4ZgiGoK12JIkRpTkX7g/CdgoA4lXyszNJ
sdV87pI6ViiE6Y4ZTl+/81vhiJ52TnDq6XJnwGlHp8+BeXHc87ERMHkC4wbdoqxa
vZgpBkQ8Nb7gsZ6JA5ZEgVBbJ826zcdTvaCQseVsFghfE6RGUfOMba2U4k0D9YHZ
DPWDVHyJhIDgRmM9wm27xBFTPmHQ8llJbnkgoP+DcnTC9HC49vq50el5HtS1tkq8
tUsR3imRQc9AFqSv8d5Q5HOr9aE0UoDt43fPsa/3SNhAos7CYhYiCkELdj1fwmo9
Mea7rk4Huxn6BgXJPY/F4UADs3+rueMSi/Te6PEHERM1Zb0HFOoGQNI4E+F/y6bF
l3ArA8ZncmOmKe29ES3CIQ4T329O68RlEcL/UEJp76l1wsV9kXTZ0234gzCkrsUr
7OkqYtHGetSikBlknN2v5qBWPUJ9QiueTfVwNqg8vlfxBL3NhC0KmMpcEhbgRgqH
50Il1fKutIqO2n7U+DKpvzJ/WiKB1W9bTKqM4KLdEixYF1ie1HTMgxMvN+pCrMRD
IIAUOg23hMmHfoxoUCqNYlZBGogqYsThvziAQOBbLugWlKroAO3t/X5dQWS0igBr
qcCr19oAvsio4BUWBpKlgi+3YUY9o9g9Y/tp4mRtV+iAdWaUKi4=
=fl8q
-----END PGP SIGNATURE-----

Source: msmtp
Source-Version: 1.8.1-1

We believe that the bug you reported is fixed in the latest version of
msmtp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [hidden email],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bouthenot <[hidden email]> (supplier of updated msmtp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [hidden email])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 06 Jan 2019 22:47:53 +0000
Source: msmtp
Binary: msmtp msmtp-gnome msmtp-mta
Architecture: source amd64
Version: 1.8.1-1
Distribution: unstable
Urgency: medium
Maintainer: Emmanuel Bouthenot <[hidden email]>
Changed-By: Emmanuel Bouthenot <[hidden email]>
Description:
 msmtp      - light SMTP client with support for server profiles
 msmtp-gnome - light SMTP client with support for server profiles - with GNOME k
 msmtp-mta  - light SMTP client with support for server profiles - the regular
Closes: 883354 913121 916683 917559
Changes:
 msmtp (1.8.1-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #913121)
     * Add support for TLS Server Name Indication (Closes: #917559)
     * Fix some issues with TLS 1.3 (Closes: #916683)
     * Provides a minimal msmtp daemon which pipes mails to msmtp
       program
   * Move msmtp-mta package from arch:all to arch:any (a minimal
     smtp daemon is now included)
   * Ship an Apparmor profile for msmtp, thanks to Simon Deziel for the
     patch (Closes: #883354)
   * Bump Standards-Version to 4.3.0
   * Switch debhelper compatibility to 12
   * Refresh patches (manpages typos)
Checksums-Sha1:
 55bbd14a8d5122dbdd1d6fdb2c4f70200a6b9d96 1992 msmtp_1.8.1-1.dsc
 2bad34ef4580bf6931d121db68561cf455b1bf5a 224617 msmtp_1.8.1.orig.tar.gz
 7826dab87f2b2e605a2834365a7ebfa3c8e782f9 16848 msmtp_1.8.1-1.debian.tar.xz
 8d65479aeac9c7f9511919e4c4ccc59f26e9b160 103044 msmtp-dbgsym_1.8.1-1_amd64.deb
 9546d328b0481464fdf1a8a2a1006d8036b3ba73 106588 msmtp-gnome-dbgsym_1.8.1-1_amd64.deb
 b596830cd18404471a36b45c0eeaa1b5e654afef 44132 msmtp-gnome_1.8.1-1_amd64.deb
 ed4b4a655b833874d84959e8ace1f295ae592ad9 14168 msmtp-mta-dbgsym_1.8.1-1_amd64.deb
 e71a43e0ab86017ec31943854ae11028e8873d63 17668 msmtp-mta_1.8.1-1_amd64.deb
 e3a4d2bf42ad1a1a21d8fc45eabaee27091db216 9221 msmtp_1.8.1-1_amd64.buildinfo
 70b976beea0e4805dcdf0e25a52d11ac0969722d 122212 msmtp_1.8.1-1_amd64.deb
Checksums-Sha256:
 9091fc89e771d818cb857ea57739f5762eb54fdaf4280836be8167db2c9b7ec8 1992 msmtp_1.8.1-1.dsc
 3c38e6bc29d129005085173bdd0e2ac9e61341b41bc5fb70fb4f9e8ab9d3ffee 224617 msmtp_1.8.1.orig.tar.gz
 faa2a903135ecbe96e9b7314566215370cc541f762aa81f8b1cdc5debb107b6d 16848 msmtp_1.8.1-1.debian.tar.xz
 2d570605254920b796023a45941b02a22547407f0a1a21d2833bace46767ba70 103044 msmtp-dbgsym_1.8.1-1_amd64.deb
 025dd61170579f2d4844bac5d58c582e0d4896287a5b179f8e607a538701e3f3 106588 msmtp-gnome-dbgsym_1.8.1-1_amd64.deb
 f89b214b3d79cc7f924e63e84bf933c987de96e29045250ef2562a6330fc85e5 44132 msmtp-gnome_1.8.1-1_amd64.deb
 21ed14a0acf958b1b59d22ebb165555ca5c8006456aa63228d3122deb68cc140 14168 msmtp-mta-dbgsym_1.8.1-1_amd64.deb
 9095d4c38f00bce1237f41b059043298ff86cf00c1e2ae0a67efcaa55bdc8755 17668 msmtp-mta_1.8.1-1_amd64.deb
 f99ccafce328be7fa0e6e4d6fe52554e7e403a98655f8c7522c1fc95ed4e2bb7 9221 msmtp_1.8.1-1_amd64.buildinfo
 18bb8681b650fb2b1691444fa6266e03c7b58935f92fc1c52a57a499026368df 122212 msmtp_1.8.1-1_amd64.deb
Files:
 1ddfb0c8cd91a0a390f7ab05ff7ed539 1992 mail optional msmtp_1.8.1-1.dsc
 55d2225e8387ec4cbab8a4bebd10ee48 224617 mail optional msmtp_1.8.1.orig.tar.gz
 069b9d8d925c78c584c0a6cffb05b688 16848 mail optional msmtp_1.8.1-1.debian.tar.xz
 2b1fcb46f870ac2cfb09876beb80690a 103044 debug optional msmtp-dbgsym_1.8.1-1_amd64.deb
 bcfb821633761111a43b6db6fcee7074 106588 debug optional msmtp-gnome-dbgsym_1.8.1-1_amd64.deb
 a0a4b475b4afa09e0d2b6a1239c615f7 44132 mail optional msmtp-gnome_1.8.1-1_amd64.deb
 ba2d82ec9eb4a9b69e543282a17c03af 14168 debug optional msmtp-mta-dbgsym_1.8.1-1_amd64.deb
 dd2f5fc509c621a8c5119ef40bbe483c 17668 mail optional msmtp-mta_1.8.1-1_amd64.deb
 52d45f300283edebd92543bba3c1f5a5 9221 mail optional msmtp_1.8.1-1_amd64.buildinfo
 3bc48def1a475558861b0bef8348b24e 122212 mail optional msmtp_1.8.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQ1Tfow3vJnf8QuHSwd3I5KdQsMFAlwzhC4ACgkQSwd3I5Kd
QsO1KQ/+JgQ/sqeh7nWLW7uyG41tRkU5fYox+jsgY1afQCnORNjGcA+G/tb1nptp
7eMW263dwmzHcY1K5C+0NfRgqYu+BNb3z2O2l8W0IWAYMCfjlBMKIVD+4HrUlzGu
tcBFCehC7sO39CZcWM76e2zQ7JZiWuTbHoVPoNxIVNbnYf4D8tEVVeOf/M/UKpuw
PgLDHdstCelXQR1zFdChH1oZReTnCv5/ijZhxRYCNDhq0pYFGDD0bvoAl/xtQaex
WczIVPxzvDt+HpyGGvjsR4ZYkRNK8nM7SSm3ITToxZ5upKHT33Fd08JsREkLI4MF
O0loULnJ4SQg5kY6WhgXlOEILbhzibE0UDPvqmDjx2MTpk7MCkxbdaZ/ZqsFCzkg
mJBzIWNLTd+UmE1IIynJvjUnHBQbn41dKJM11O8QCSCVWw4JwsJ1T5h+kYO85cGC
VgrWuIBRcKNRE1rvWF6v90gj8yqwq9HzGHuFrRU0hoeHGq2I0OIqfPCDIV7Czwkb
hamuw8u3+FOQjQTJHpPum5XkR9owGQbsrcrZfYj41LVLFiRSMHw5W97+mMvoanW+
3ByakhLma1YR3GuzK0E3EjLzk7Kx+WRYjp/VdX6fW3JEQLTAsyFcXT9o+f6ySX1P
u9NXbZzLi2FoBfVrIIwHWYdM65LFWRVH7PhHitaqs1qnh5CWRRQ=
=QAM8
-----END PGP SIGNATURE-----