Debian Bug report logs - #325971
slapd: sporadic errors in SSL connections ("bad record mac") fromm libnss-ldap and exim4 (gnutls11)

Package: gnutls11; Maintainer for gnutls11 is (unknown);

Reported by: Daniel Hermann <hermann+bugreport@tkm.physik.uni-karlsruhe.de>

Date: Wed, 31 Aug 2005 23:48:03 UTC

Severity: important

Tags: fixed

Done: James Westby <jw+debian@jameswestby.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Torsten Landschoff <torsten@debian.org>:
Bug#325971; Package slapd. Full text and rfc822 format available.

Acknowledgement sent to Daniel Hermann <hermann+bugreport@tkm.physik.uni-karlsruhe.de>:
New Bug report received and forwarded. Copy sent to Torsten Landschoff <torsten@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Daniel Hermann <hermann+bugreport@tkm.physik.uni-karlsruhe.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: slapd: sporadic errors in SSL connections ("bad record mac") fromm libnss-ldap and exim4 (gnutls11)
Date: Thu, 01 Sep 2005 01:44:32 +0200
Package: slapd
Version: 2.2.23-8
Severity: important


Hi,

We use openldap as authentication service and user information
database, using it together with libpam-ldap/libnss-ldap and, on the
mail server, with exim4.

Now I encountered frequent sporadic SSL errors (approx. each 500th
connection with libnss-ldap) about "bad record mac" (see debug output
below). That happens when calling "id someuser" (no nscd
running). Similar errors happen sporadically for exim4 when it
extracts mail information from the LDAP server.

I checked whether the errors are reproducible with "openssl s_client"
or ldapsearch (e.g. "ldapsearch -x uid=someuser uid"), but both work
perfectly without any errors with 10000 or more connections.

Could this be a problem of clients linked against gnutls (libnss-ldap,
exim4), whereas clients linked against openssl (ldap-utils) don't have
these problems?

I'd be glad if someone could give me some hints what's going wrong
here and where (e.g. on what mailing list?) I could discuss this issue.

Thanks,

Daniel


The debug (slapd -d 1) output of such an SSL error is as follows:
...
connection_get(11): got connid=657
connection_read(11): checking for input on id=657
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(11): got connid=657
connection_read(11): checking for input on id=657
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL3 alert write:fatal:bad record mac
TLS trace: SSL_accept:error in SSLv3 read certificate verify A
TLS: can't accept.
TLS: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac s3_pkt.c:424
connection_read(11): TLS accept error error=-1 id=657, closing
connection_closing: readying conn=657 sd=11 for close
connection_close: conn=657 sd=11
...


A successful connection looks like this:


connection_get(11): got connid=656
connection_read(11): checking for input on id=656
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(11): got connid=656
connection_read(11): checking for input on id=656
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_read(11): unable to get TLS client DN, error=49 id=656
connection_get(11): got connid=656
connection_read(11): checking for input on id=656
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_get_next
do_bind
ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=656 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 11
do_bind: v3 anonymous bind
... (skipped further details)
connection_get(11): got connid=656
connection_read(11): checking for input on id=656
ber_get_next
ber_get_next on fd 11 failed errno=0 (Success)
connection_read(11): input error=-2 id=656, closing.
connection_closing: readying conn=656 sd=11 for close
connection_close: conn=656 sd=11
TLS trace: SSL3 alert write:warning:close notify
...

My /etc/ldap/ldap.conf contains the following:

BASE dc=mydomain,dc=de
URI ldaps://ldap.mydomain.de
TLS_REQCERT allow

My /etc/ldap/slapd.conf TLS/SSL configuration reads:

TLSCipherSuite  HIGH:MEDIUM:+SSLv2
TLSCertificateFile  /etc/ssl/certs/mycert.pem
TLSCertificateKeyFile /etc/ssl/private/mycert-key.pem


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-ath64.ws
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages slapd depends on:
ii  coreutils [fileutils]       5.2.1-2      The GNU core utilities
ii  debconf                     1.4.30.13    Debian configuration management sy
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libdb4.2                    4.2.52-18    Berkeley v4.2 Database Libraries [
pn  libiodbc2                                Not found.
ii  libldap-2.2-7               2.2.23-8     OpenLDAP libraries
ii  libltdl3                    1.5.6-6      A system independent dlopen wrappe
ii  libperl5.8                  5.8.4-8      Shared Perl library
ii  libsasl2                    2.1.19-1.5   Authentication abstraction library
ii  libslp1                     1.0.11a-2    OpenSLP libraries
ii  libssl0.9.7                 0.9.7e-3     SSL shared libraries
ii  libwrap0                    7.6.dbs-8    Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-perl]  5.8.4-8      Larry Wall's Practical Extraction 
ii  psmisc                      21.5-1       Utilities that use the proc filesy



Information forwarded to debian-bugs-dist@lists.debian.org, Torsten Landschoff <torsten@debian.org>:
Bug#325971; Package slapd. Full text and rfc822 format available.

Acknowledgement sent to Daniel Hermann <hermann@tkm.physik.uni-karlsruhe.de>:
Extra info received and forwarded to list. Copy sent to Torsten Landschoff <torsten@debian.org>. Full text and rfc822 format available.

Message #10 received at 325971@bugs.debian.org (full text, mbox):

From: Daniel Hermann <hermann@tkm.physik.uni-karlsruhe.de>
To: 325971@bugs.debian.org
Cc: smurf@debian.org
Subject: slapd: sporadic errors in SSL connections (reproducible)
Date: Sun, 4 Sep 2005 02:51:07 +0200
Hi again,

I have found a way to reproduce this bug relatively easily using
gnutls-cli (all packages from sarge):

1) $ apt-get install slapd gnutls-bin
    ... set up a simple empty ldap directory (dc=mydomain,dc=de) ...
2) $ openssl req -newkey rsa:1024 -keyout /etc/ssl/private/mycert-key.pem \
     -out /etc/ssl/certs/mycert.pem -nodes -x509 -days 365
    ...
3) /etc/ldap/slapd.conf:
    ...
    TLSCipherSuite  HIGH:MEDIUM:+SSLv2
    TLSCertificateFile      /etc/ssl/certs/mycert.pem
    TLSCertificateKeyFile   /etc/ssl/private/mycert-key.pem
    ...
4) /etc/default/slapd
    ...
    SLAPD_SERVICES="ldaps:///"
    ...
5) $ /etc/init.d/slapd restart

6) $ cat > /etc/ldap/ldap.conf
     BASE    dc=mydomain,dc=de
     URI     ldaps://ldap.mydomain.de
     TLS_REQCERT     allow
     ^D

7) $ cat > /tmp/gnutls-test
     #!/bin/sh
     gnutls-cli ldap.mydomain.de -p 636 < /dev/null > /tmp/gnutls$1 &
     ^D

8) $ for i in $( seq 1 1000 ); do
       echo -n $i
       /tmp/gnutls-test $i
       sleep 1
       killall gnutls-cli
     done


This produces sporadic errors of the form:

...
504Connecting to '172.22.169.186:636'...
505Connecting to '172.22.169.186:636'...
*** Fatal error: A TLS fatal alert has been received.
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.
gnutls-cli: no process killed
506Connecting to '172.22.169.186:636'...
...

The file /tmp/gnutls505 then contains:
  Resolving 'ldap.mydomain.de'...
  *** Received alert [20]: Bad record MAC


All this seems to be independent of whether the gnutls client runs on
the same machine as the ldap server or not.

As mentioned in the previous mail, I don't get similar errors when using
openssl s_client. Therefore I cc this mail to Matthias Urlichs (gnutls
maintainer).


regards

	Daniel

-- 
-----------------------------------------------------------------
Daniel Hermann,   Institut fuer Theorie der Kondensierten Materie
Universitaet Karlsruhe                  Tel: ++49 (0)721 608-3588
Postfach 6980                           Fax: ++49 (0)721 608-7779
76128 Karlsruhe, Germany      email: hermann@tkm.uni-karlsruhe.de
-----------------------------------------------------------------



Information forwarded to debian-bugs-dist@lists.debian.org, Torsten Landschoff <torsten@debian.org>:
Bug#325971; Package slapd. Full text and rfc822 format available.

Acknowledgement sent to Daniel Hermann <hermann@tfp.uni-karlsruhe.de>:
Extra info received and forwarded to list. Copy sent to Torsten Landschoff <torsten@debian.org>. Full text and rfc822 format available.

Message #15 received at 325971@bugs.debian.org (full text, mbox):

From: Daniel Hermann <hermann@tfp.uni-karlsruhe.de>
To: 325971@bugs.debian.org
Cc: smurf@debian.org
Subject: slapd: sporadic errors in SSL connections (solution)
Date: Sat, 22 Oct 2005 22:12:12 +0200
[Message part 1 (text/plain, inline)]
Hi,

first of all: could you please reassign this bug to libgnutls11?
Thanks.

I found the reason for the errors after checking newer versions of
gnutls (newer than the sarge version, which is based on 1.0.16).
Version 1.0.20 solved the problem:

http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000719.html
http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000712.html

The fix in 1.0.20 was not backported into the sarge gnutls package. I
append it for simplicity.

It would be nice if this fix could be incorporated somehow into sarge
since libgnutls11 in sarge is broken without it.

regards,

	Daniel

-- 
-----------------------------------------------------------------
Daniel Hermann,   Institut fuer Theorie der Kondensierten Materie
Universitaet Karlsruhe                  Tel: ++49 (0)721 608-7328
Postfach 6980                           Fax: ++49 (0)721 608-7779
76128 Karlsruhe, Germany      email: hermann@tkm.uni-karlsruhe.de
-----------------------------------------------------------------
[diff.1.0.19-1.0.20 (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Torsten Landschoff <torsten@debian.org>:
Bug#325971; Package slapd. Full text and rfc822 format available.

Acknowledgement sent to Matthias Urlichs <smurf@smurf.noris.de>:
Extra info received and forwarded to list. Copy sent to Torsten Landschoff <torsten@debian.org>. Full text and rfc822 format available.

Message #20 received at 325971@bugs.debian.org (full text, mbox):

From: Matthias Urlichs <smurf@smurf.noris.de>
To: Daniel Hermann <hermann@tfp.uni-karlsruhe.de>
Cc: 325971@bugs.debian.org, control@bugs.debian.org
Subject: Re: slapd: sporadic errors in SSL connections (solution)
Date: Sat, 22 Oct 2005 23:22:46 +0200
[Message part 1 (text/plain, inline)]
tag 325971 +pending
tag 325971 +patch
reassign 325971 gnutls11
thanks

> I found the reason for the errors after checking newer versions of
> gnutls (newer than the sarge version, which is based on 1.0.16).

Thanks for the report+patch; will upload to s-p-u ASAP.

-- 
Matthias Urlichs   |   {M:U} IT Design @ m-u-it.de   |  smurf@smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
 - -
A conference is a gathering of important people who singly can do nothing
but together can decide that nothing can be done.
		-- Fred Allen
[signature.asc (application/pgp-signature, inline)]

Tags added: pending Request was from Matthias Urlichs <smurf@smurf.noris.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: patch Request was from Matthias Urlichs <smurf@smurf.noris.de> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `slapd' to `gnutls11'. Request was from Matthias Urlichs <smurf@smurf.noris.de> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Matthias Urlichs <smurf@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Daniel Hermann <hermann+bugreport@tkm.physik.uni-karlsruhe.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #31 received at 325971-close@bugs.debian.org (full text, mbox):

From: Matthias Urlichs <smurf@debian.org>
To: 325971-close@bugs.debian.org
Subject: Bug#325971: fixed in gnutls11 1.0.16-14
Date: Thu, 27 Oct 2005 14:02:24 -0700
Source: gnutls11
Source-Version: 1.0.16-14

We believe that the bug you reported is fixed in the latest version of
gnutls11, which is due to be installed in the Debian FTP archive:

gnutls11_1.0.16-14.diff.gz
  to pool/main/g/gnutls11/gnutls11_1.0.16-14.diff.gz
gnutls11_1.0.16-14.dsc
  to pool/main/g/gnutls11/gnutls11_1.0.16-14.dsc
libgnutls11-dbg_1.0.16-14_i386.deb
  to pool/main/g/gnutls11/libgnutls11-dbg_1.0.16-14_i386.deb
libgnutls11-dev_1.0.16-14_i386.deb
  to pool/main/g/gnutls11/libgnutls11-dev_1.0.16-14_i386.deb
libgnutls11_1.0.16-14_i386.deb
  to pool/main/g/gnutls11/libgnutls11_1.0.16-14_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 325971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Urlichs <smurf@debian.org> (supplier of updated gnutls11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Changed-By: Matthias Urlichs <smurf@debian.org>
Date: Tue, 25 Oct 2005 19:31:09 +0200
Version: 1.0.16-14
Distribution: unstable
Source: gnutls11
Urgency: high
Maintainer: Matthias Urlichs <smurf@debian.org>
Binary: libgnutls11 libgnutls11-dbg libgnutls11-dev
Architecture: i386 source
Closes: 325971
Changes:
 gnutls11 (1.0.16-14) unstable; urgency=high
 .
   * Ack NMU.
   * High priority because it needs to propagate to testing in order to
     allow a bugfix for stable-p-u to be uploaded. :-/
   * Fix occasional SSL connection setup error. Closes:#325971
   * Drop gnutls-bin, it's provided by gnutls12 now.
Description:
 libgnutls11-dbg - GNU TLS library - debugger symbols
 libgnutls11 - GNU TLS library - runtime library
 libgnutls11-dev - GNU TLS library - development files
Files:
 73e20e3a615a86e5de9ec3810b2c4562 444488 devel optional libgnutls11-dbg_1.0.16-14_i386.deb
 1541c9aeef83be37c91e53af91001759 290294 libs important libgnutls11_1.0.16-14_i386.deb
 bb8e6348431e49e7c1732339ea3ce13c 335269 devel optional gnutls11_1.0.16-14.diff.gz
 134393b3c8cbf40d260e421c028acede 356854 libdevel optional libgnutls11-dev_1.0.16-14_i386.deb
 f06bf50ba83fd10e1a509f66e85809b0 753 devel optional gnutls11_1.0.16-14.dsc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD4DBQFDYSJ88+hUANcKr/kRAmXSAJYq2EOPGQ2UbhXZRJ846g/IplaPAJ4xxiqA
beHi+a0rtgd3oQcETpYccw==
=POVO
-----END PGP SIGNATURE-----




Reply sent to Matthias Urlichs <smurf@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Daniel Hermann <hermann+bugreport@tkm.physik.uni-karlsruhe.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #36 received at 325971-close@bugs.debian.org (full text, mbox):

From: Matthias Urlichs <smurf@debian.org>
To: 325971-close@bugs.debian.org
Subject: Bug#325971: fixed in gnutls11 1.0.16-13.1sarge1
Date: Tue, 15 Nov 2005 18:17:07 -0800
Source: gnutls11
Source-Version: 1.0.16-13.1sarge1

We believe that the bug you reported is fixed in the latest version of
gnutls11, which is due to be installed in the Debian FTP archive:

gnutls-bin_1.0.16-13.1sarge1_i386.deb
  to pool/main/g/gnutls11/gnutls-bin_1.0.16-13.1sarge1_i386.deb
gnutls11_1.0.16-13.1sarge1.diff.gz
  to pool/main/g/gnutls11/gnutls11_1.0.16-13.1sarge1.diff.gz
gnutls11_1.0.16-13.1sarge1.dsc
  to pool/main/g/gnutls11/gnutls11_1.0.16-13.1sarge1.dsc
libgnutls11-dbg_1.0.16-13.1sarge1_i386.deb
  to pool/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.1sarge1_i386.deb
libgnutls11-dev_1.0.16-13.1sarge1_i386.deb
  to pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1sarge1_i386.deb
libgnutls11_1.0.16-13.1sarge1_i386.deb
  to pool/main/g/gnutls11/libgnutls11_1.0.16-13.1sarge1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 325971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Urlichs <smurf@debian.org> (supplier of updated gnutls11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Changed-By: Matthias Urlichs <smurf@debian.org>
Date: Sat, 22 Oct 2005 23:17:20 +0200
Version: 1.0.16-13.1sarge1
Distribution: stable
Source: gnutls11
Urgency: medium
Maintainer: Matthias Urlichs <smurf@debian.org>
Binary: gnutls-bin libgnutls11 libgnutls11-dbg libgnutls11-dev
Architecture: i386 source
Closes: 325971
Changes:
 gnutls11 (1.0.16-13.1sarge1) stable; urgency=medium
 .
   * Fix occasional SSL connection setup error. Closes:#325971
Description:
 gnutls-bin - GNU TLS library - commandline utilities
 libgnutls11 - GNU TLS library - runtime library
 libgnutls11-dev - GNU TLS library - development files
 libgnutls11-dbg - GNU TLS library - debugger symbols
Files:
 7cdfca199a119c5366d27a435285d355 369770 libdevel optional libgnutls11-dev_1.0.16-13.1sarge1_i386.deb
 b1c980fb24d324cc2d8575531607834f 812 devel optional gnutls11_1.0.16-13.1sarge1.dsc
 29ce1b37a46ee9964fefa13378f42da9 206388 net optional gnutls-bin_1.0.16-13.1sarge1_i386.deb
 b2be5a5e7c1a3781291e62d72ff3acf5 346211 devel optional gnutls11_1.0.16-13.1sarge1.diff.gz
 24bd8a0384652b0448540c505128f69a 301312 libs important libgnutls11_1.0.16-13.1sarge1_i386.deb
 a9a92cf2fd88f3f658d4c233ced8eae2 557658 devel optional libgnutls11-dbg_1.0.16-13.1sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDepKJ8+hUANcKr/kRAqwcAJ9hgoPMEIkqxmXXmPGKhLUbP8iEugCfYVG1
UaAzzbxxX2REngZLMml/RyM=
=/nMP
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Matthias Urlichs <smurf@debian.org>:
Bug#325971; Package gnutls11. Full text and rfc822 format available.

Acknowledgement sent to Len Sorensen <lennartsorensen@ruggedcom.com>:
Extra info received and forwarded to list. Copy sent to Matthias Urlichs <smurf@debian.org>. Full text and rfc822 format available.

Message #41 received at 325971@bugs.debian.org (full text, mbox):

From: Len Sorensen <lennartsorensen@ruggedcom.com>
To: 325971@bugs.debian.org
Subject: This package seems to have gone missing
Date: Mon, 9 Jan 2006 11:35:06 -0500
This fixed package used to be in proposed updates, but it seems to have
disappeared.  Was it lost during the 3.1r1 update somehow?  Was it
removed for some other reason?  Should it be put back?

It is rather weird to have some machines running with 1.0.16-13.1sarge1
and others more recently installed only using 1.0.16-13.1

Len Sorensen



Information forwarded to debian-bugs-dist@lists.debian.org, Matthias Urlichs <smurf@debian.org>:
Bug#325971; Package gnutls11. Full text and rfc822 format available.

Acknowledgement sent to Daniel Hermann <hermann@tfp.uni-karlsruhe.de>:
Extra info received and forwarded to list. Copy sent to Matthias Urlichs <smurf@debian.org>. Full text and rfc822 format available.

Message #46 received at 325971@bugs.debian.org (full text, mbox):

From: Daniel Hermann <hermann@tfp.uni-karlsruhe.de>
To: 325971@bugs.debian.org
Subject: please reopen this bug for Sarge
Date: Sun, 29 Jan 2006 14:30:17 +0100
Hi,

after the rejection of the fixed gnutls11 package for the sarge update
in december, this (in my eyes very grave) bug is still present in
Sarge. Could you please reopen the bug for Sarge. Thanks.

best regards

Daniel

PS: IMHO this fix should really make it into Sarge ASAP. This is the
kind of bug that kills administrators. I can just say that, as an
example, without the fix, exim4 in combination with LDAP is severely
broken and is unusable in production environments (Mails are rejected
sporadically!). Is there a way to forward this to the security (or
QA?) team? They should at least know of this.

-- 
-----------------------------------------------------------------
Daniel Hermann,      Institut fuer Theoretische Festkoerperphysik
Universitaet Karlsruhe                  Tel: ++49 (0)721 608-7328
Postfach 6980                           Fax: ++49 (0)721 608-7779
76128 Karlsruhe, Germany      email: hermann@tfp.uni-karlsruhe.de
-----------------------------------------------------------------



Bug reopened, originator not changed. Request was from Daniel Hermann <hermann@tfp.uni-karlsruhe.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: sarge Request was from Daniel Hermann <hermann@tfp.uni-karlsruhe.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Matthias Urlichs <smurf@debian.org>:
Bug#325971; Package gnutls11. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Matthias Urlichs <smurf@debian.org>. Full text and rfc822 format available.

Message #55 received at 325971@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: debian-release@lists.debian.org
Cc: 325971@bugs.debian.org
Subject: Re: [sarge] Fixing #325971 in gnutls11
Date: Tue, 6 Jun 2006 20:53:25 +0200
On 2006-06-06 Julien Danjou <acid@debian.org> wrote:
> On Mon, Jun 05, 2006 at 01:04:09PM +0200, Andreas Metzler wrote:

>> #325971 is still open in sarge, Matthias tried to fix it in
>> 1.0.16-13.1sarge1 but the upload was rejected for 3.1r1 because the
>> diff was not clean.
>> 
>> I have rectified this and produced 1.0.16-13.2sarge1 based on the
>> security upload 1.0.16-13.2. Patch attached. - Would it be ok for me
>> to upload this?

> /me puts his SRMa hat on

> That's ok, the patch is pretty clean and short. So go ahead.

Splendid. Queued to be done (after a little testing).
thanks, cu andreas



Tags added: pending Request was from Andreas Metzler <ametzler@downhill.at.eu.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Matthias Urlichs <smurf@debian.org>:
Bug#325971; Package gnutls11. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Matthias Urlichs <smurf@debian.org>. Full text and rfc822 format available.

Message #62 received at 325971@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Cedar Cox <cox@waterstoneinc.com>
Cc: 325971@bugs.debian.org
Subject: Re: [sarge] Fixing #325971 in gnutls11
Date: Thu, 6 Jul 2006 19:10:45 +0200
On 2006-07-06 Cedar Cox <cox@waterstoneinc.com> wrote:
> Andreas Metzler wrote:
[...]
>> Splendid, thank you. I could use it.

>> I have just uploaded the fix to sarge's proposed updates.

> This still shows up as "Pending Upload" on
>   http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=gnutls11

> Now, I'm no Debian developer so perhaps I don't understand what sarge's 
> proposed updates is, but it seems that this hasn't actually been 
> uploaded yet, or I don't know where to find it.  Could you enlighten me?

Since recently[1] proposed updates works like the "new queue", I upload
it and it goes into a (not publically visible/browsable) waiting
queue where one of the stable release managers checks it and either
rejects it or accepts it as part of the next stable release (3.1r3).
Once it is accepted I think it should appear on 
http://ftp.de.debian.org/debian/dists/sarge-proposed-updates/

hth, cu andreas

[1] http://lists.debian.org/debian-devel-announce/2006/06/msg00007.html
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde



Tags added: fixed Request was from Andreas Metzler <ametzler@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags set to: fixed Request was from Andreas Metzler <ametzler@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags set to: fixed Request was from Andreas Metzler <ametzler@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to James Westby <jw+debian@jameswestby.net>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Daniel Hermann <hermann+bugreport@tkm.physik.uni-karlsruhe.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #73 received at 325971-done@bugs.debian.org (full text, mbox):

From: James Westby <jw+debian@jameswestby.net>
To: 325971-done@bugs.debian.org
Subject: Re: Bug#325971: slapd: sporadic errors in SSL connections ("bad record mac") fromm libnss-ldap and exim4 (gnutls11)
Date: Sun, 15 Oct 2006 16:23:19 +0100
Hi,

I am closing this bug, as it is fixed, and gnutls11 is not part of etch
so we are having a clean up.

The bug is fixed, but the bug report is not closed as it was done in an
NMU. This can be considered an ack of the NMU.

James

-- 
  James Westby   --    GPG Key ID: B577FE13    --     http://jameswestby.net/
  seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 18 Jun 2007 16:27:58 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 05:16:27 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.