Your message dated Sat, 05 Sep 2015 14:33:54 +0100 with message-id <1441460034.2151.33.camel@adam-barratt.org.uk> and subject line Closing bugs for 7.9 has caused the Debian Bug report #795892, regarding wheezy-pu: package ssl-cert/1.0.32+deb7u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 795892: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795892 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: wheezy-pu: package ssl-cert/1.0.32+deb7u1
- From: Stefan Fritsch <sf@sfritsch.de>
- Date: Sun, 16 Aug 2015 13:43:06 +0200
- Message-id: <E1ZROst-0004oV-74@eru.sfritsch.de>
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian.org@packages.debian.org Usertags: pu Please review ssl-cert_1.0.32+deb7u1 for inclusion in oldstable. The main change is switching from sha1 to sha256 for new certificates because browsers start marking sha1 as insecure. ssl-cert (1.0.32+deb7u1) wheezy; urgency=medium * Switch to SHA2 for newly generated certificates. Closes: #733255, #773815 * Set umask to make sure that the generated key is not world-readable for a short timespan while make-ssl-cert runs. Closes: #780828 -- Stefan Fritsch <sf@debian.org> Sun, 16 Aug 2015 13:27:23 +0200 Debdiff is attacheddiff -Nru ssl-cert-1.0.32/debian/changelog ssl-cert-1.0.32+deb7u1/debian/changelog --- ssl-cert-1.0.32/debian/changelog 2012-08-26 19:45:06.000000000 +0200 +++ ssl-cert-1.0.32+deb7u1/debian/changelog 2015-08-16 13:38:05.000000000 +0200 @@ -1,3 +1,11 @@ +ssl-cert (1.0.32+deb7u1) wheezy; urgency=medium + + * Switch to SHA2 for newly generated certificates. Closes: #733255, #773815 + * Set umask to make sure that the generated key is not world-readable + for a short timespan while make-ssl-cert runs. Closes: #780828 + + -- Stefan Fritsch <sf@debian.org> Sun, 16 Aug 2015 13:27:23 +0200 + ssl-cert (1.0.32) unstable; urgency=low * Update Brazilian Portuguese, thanks to J. S. Júnior. Closes: #685887 diff -Nru ssl-cert-1.0.32/make-ssl-cert ssl-cert-1.0.32+deb7u1/make-ssl-cert --- ssl-cert-1.0.32/make-ssl-cert 2012-06-09 20:25:20.000000000 +0200 +++ ssl-cert-1.0.32+deb7u1/make-ssl-cert 2015-08-16 13:38:05.000000000 +0200 @@ -99,8 +99,10 @@ # create the certificate. +umask 077 + if [ "$1" != "generate-default-snakeoil" ]; then - if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \ + if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \ -out $output -keyout $output > $TMPOUT 2>&1 then echo Could not create certificate. Openssl output was: >&2 @@ -112,7 +114,7 @@ cd $(dirname $output) ln -sf $(basename $output) $(openssl x509 -hash -noout -in $(basename $output)) else - if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes \ + if ! openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -sha256 \ -out /etc/ssl/certs/ssl-cert-snakeoil.pem \ -keyout /etc/ssl/private/ssl-cert-snakeoil.key > $TMPOUT 2>&1 then
--- End Message ---
--- Begin Message ---
- To: 725661-done@bugs.debian.org, 770955-done@bugs.debian.org, 773796-done@bugs.debian.org, 774773-done@bugs.debian.org, 774820-done@bugs.debian.org, 774850-done@bugs.debian.org, 774921-done@bugs.debian.org, 775380-done@bugs.debian.org, 775603-done@bugs.debian.org, 775664-done@bugs.debian.org, 775825-done@bugs.debian.org, 776095-done@bugs.debian.org, 776734-done@bugs.debian.org, 776781-done@bugs.debian.org, 776884-done@bugs.debian.org, 777046-done@bugs.debian.org, 777047-done@bugs.debian.org, 777372-done@bugs.debian.org, 777553-done@bugs.debian.org, 778622-done@bugs.debian.org, 779083-done@bugs.debian.org, 779622-done@bugs.debian.org, 779926-done@bugs.debian.org, 780191-done@bugs.debian.org, 780471-done@bugs.debian.org, 780798-done@bugs.debian.org, 780924-done@bugs.debian.org, 781281-done@bugs.debian.org, 781406-done@bugs.debian.org, 781542-done@bugs.debian.org, 781885-done@bugs.debian.org, 781965-done@bugs.debian.org, 782042-done@bugs.debian.org, 782165-done@bugs.debian.org, 782409-done@bugs.debian.org, 782600-done@bugs.debian.org, 782663-done@bugs.debian.org, 782848-done@bugs.debian.org, 783659-done@bugs.debian.org, 783749-done@bugs.debian.org, 784102-done@bugs.debian.org, 785155-done@bugs.debian.org, 785348-done@bugs.debian.org, 785735-done@bugs.debian.org, 786691-done@bugs.debian.org, 786830-done@bugs.debian.org, 786919-done@bugs.debian.org, 787076-done@bugs.debian.org, 787403-done@bugs.debian.org, 787933-done@bugs.debian.org, 787947-done@bugs.debian.org, 788064-done@bugs.debian.org, 788242-done@bugs.debian.org, 788558-done@bugs.debian.org, 788664-done@bugs.debian.org, 790692-done@bugs.debian.org, 790940-done@bugs.debian.org, 793028-done@bugs.debian.org, 794962-done@bugs.debian.org, 795166-done@bugs.debian.org, 795892-done@bugs.debian.org, 797079-done@bugs.debian.org, 797213-done@bugs.debian.org
- Subject: Closing bugs for 7.9
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 05 Sep 2015 14:33:54 +0100
- Message-id: <1441460034.2151.33.camel@adam-barratt.org.uk>
Version: 7.9 Hi, These bugs relate to updates which were included in the 7.9 point release. Regards, Adam
--- End Message ---