[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#981453: marked as done (buster-pu: package fetchmail/6.4.0~beta4-3+deb10u1)

Your message dated Sat, 27 Mar 2021 10:26:45 +0000
with message-id <702e3cb8159c9986264e966af79023672688a8a4.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 10.9 point release
has caused the Debian Bug report #981453,
regarding buster-pu: package fetchmail/6.4.0~beta4-3+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
981453: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981453
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi RMs,

There are two SSL related bugs in fetchmail that affect Buster. The
first cause is that otherwise working SSL connections fail sometimes
[1]. The fix is in 6.4.0~rc1 and in Bullseye since Aug, 2019.
The second is removing a forced OpenSSL version check that breaks
fetchmail. Fixed for Bullseye since November, 2020 [2].

Proposed patch is attached.

Thanks for consideration,
Laszlo/GCS
[1] https://gitlab.com/fetchmail/fetchmail/-/commit/080d4632298636a9a1b21c3419c059b95fb3cd37.patch
[2] https://packages.qa.debian.org/f/fetchmail/news/20201119T192017Z.html

diff -Nru fetchmail-6.4.0~beta4/debian/changelog fetchmail-6.4.0~beta4/debian/changelog
--- fetchmail-6.4.0~beta4/debian/changelog	2019-02-06 17:33:00.000000000 +0100
+++ fetchmail-6.4.0~beta4/debian/changelog	2021-01-31 11:13:50.000000000 +0100
@@ -1,3 +1,11 @@
+fetchmail (6.4.0~beta4-3+deb10u1) buster; urgency=medium
+
+  * Backport fix to no longer reports System error during SSL_connect():
+    Success (closes: #928916).
+  * Remove forced OpenSSL version check (closes: #980766).
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 31 Jan 2021 11:13:50 +0100
+
 fetchmail (6.4.0~beta4-3) unstable; urgency=medium
 
   * Backport fix potential SIGSEGV in pop3_delete (closes: #921450).
diff -Nru fetchmail-6.4.0~beta4/debian/patches/07_fix_System_error_during_SSL_connect_Success.patch fetchmail-6.4.0~beta4/debian/patches/07_fix_System_error_during_SSL_connect_Success.patch
--- fetchmail-6.4.0~beta4/debian/patches/07_fix_System_error_during_SSL_connect_Success.patch	1970-01-01 01:00:00.000000000 +0100
+++ fetchmail-6.4.0~beta4/debian/patches/07_fix_System_error_during_SSL_connect_Success.patch	2021-01-31 11:13:50.000000000 +0100
@@ -0,0 +1,55 @@
+From 080d4632298636a9a1b21c3419c059b95fb3cd37 Mon Sep 17 00:00:00 2001
+From: Matthias Andree <matthias.andree@gmx.de>
+Date: Mon, 5 Aug 2019 23:11:43 +0200
+Subject: [PATCH] fetchmail no longer reports System error during
+ SSL_connect(): Success.
+
+Fixes Debian Bug#928916, reported by Paul Kimoto.
+---
+ NEWS     |   2 +
+ driver.c |   2 +-
+ po/de.po | 231 ++++++++++++++++++++++++++++---------------------------
+ socket.c |   9 ++-
+ 4 files changed, 127 insertions(+), 117 deletions(-)
+
+diff --git a/driver.c b/driver.c
+index 74e1b28a..3e382d3a 100644
+--- a/driver.c
++++ b/driver.c
+@@ -1107,7 +1107,7 @@ static int do_session(
+ 		    &ctl->remotename) == -1)
+ 	{
+ 	    set_timeout(0);
+-	    report(stderr, GT_("SSL connection failed.\n"));
++	    report(stderr, "%s: %s", ctl->sslcommonname ? ctl->sslcommonname : realhost, GT_("SSL connection failed.\n"));
+ 	    err = PS_SOCKET;
+ 	    goto cleanUp;
+ 	}
+diff --git a/socket.c b/socket.c
+index b3eaaecc..cb93b60e 100644
+--- a/socket.c
++++ b/socket.c
+@@ -1225,14 +1225,17 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
+ 	if (SSL_set_fd(_ssl_context[sock], sock) == 0 
+ 	    || (ssle_connect = SSL_connect(_ssl_context[sock])) < 1) {
+ 		int e = errno;
+-		unsigned long ssle_err_from_queue = ERR_peek_error();
+ 		unsigned long ssle_err_from_get_error = SSL_get_error(_ssl_context[sock], ssle_connect);
++		unsigned long ssle_err_from_queue = ERR_peek_error();
+ 		ERR_print_errors_fp(stderr);
+ 		if (SSL_ERROR_SYSCALL == ssle_err_from_get_error && 0 == ssle_err_from_queue) {
+ 		    if (0 == ssle_connect) {
+-			report(stderr, GT_("Server shut down connection prematurely during SSL_connect().\n"));
++			/* FIXME: the next line was hacked in 6.4.0-rc1 so the translation strings don't change.
++			 * The %s could be merged to the inside of GT_(). */
++			report(stderr, "%s: %s", servercname, GT_("Server shut down connection prematurely during SSL_connect().\n"));
+ 		    } else if (ssle_connect < 0) {
+-			report(stderr, GT_("System error during SSL_connect(): %s\n"), strerror(e));
++			report(stderr, "%s: ", servercname);
++			report(stderr, GT_("System error during SSL_connect(): %s\n"), e ? strerror(e) : GT_("handshake failed at protocol or connection level."));
+ 		    }
+ 		}
+ 		SSL_free( _ssl_context[sock] );
+-- 
+GitLab
+
diff -Nru fetchmail-6.4.0~beta4/debian/patches/08_remove_forced_OpenSSL_check.patch fetchmail-6.4.0~beta4/debian/patches/08_remove_forced_OpenSSL_check.patch
--- fetchmail-6.4.0~beta4/debian/patches/08_remove_forced_OpenSSL_check.patch	1970-01-01 01:00:00.000000000 +0100
+++ fetchmail-6.4.0~beta4/debian/patches/08_remove_forced_OpenSSL_check.patch	2021-01-31 11:13:50.000000000 +0100
@@ -0,0 +1,26 @@
+Description: Remove forced OpenSSL version check
+ Not needed, linker should take care of proper library loading.
+Author: Laszlo Boszormenyi (GCS) <gcs@debian.org>
+Bug-Debian: https://bugs.debian.org/973472
+Forwarded: no
+Last-Update: 2020-11-19
+
+---
+
+--- fetchmail-6.4.13.orig/socket.c
++++ fetchmail-6.4.13/socket.c
+@@ -1065,12 +1065,12 @@ int SSLOpen(int sock, char *mycert, char
+ #else
+ 	ver = OpenSSL_version_num();
+ #endif
+-
++/*
+ 	if (ver < OPENSSL_VERSION_NUMBER) {
+ 	    report(stderr, GT_("Loaded OpenSSL library %#lx older than headers %#lx, refusing to work.\n"), (long)ver, (long)(OPENSSL_VERSION_NUMBER));
+ 	    return -1;
+ 	}
+-
++*/
+ 	if (ver > OPENSSL_VERSION_NUMBER && outlevel >= O_VERBOSE) {
+ 	    report(stdout, GT_("Loaded OpenSSL library %#lx newer than headers %#lx, trying to continue.\n"), (long)ver, (long)(OPENSSL_VERSION_NUMBER));
+ 	}
diff -Nru fetchmail-6.4.0~beta4/debian/patches/series fetchmail-6.4.0~beta4/debian/patches/series
--- fetchmail-6.4.0~beta4/debian/patches/series	2019-02-06 17:33:00.000000000 +0100
+++ fetchmail-6.4.0~beta4/debian/patches/series	2021-01-31 11:13:50.000000000 +0100
@@ -4,3 +4,5 @@
 04_invoke-rc.d.diff
 05_Fix_potential_SIGSEGV_in_pop3_delete.patch
 06_Enable_OpenSSL_native_name_verification.patch
+07_fix_System_error_during_SSL_connect_Success.patch
+08_remove_forced_OpenSSL_check.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.9

Hi,

Each of the updates referenced in these bugs was included in the 10.9
point release today.

Regards,

Adam

--- End Message ---
Reply to: