Bug#658276: marked as done (libcurl3: No more compatible with older SSL implementations)

Fri, 13 Apr 2012 15:48:29 -0700 

Your message dated Fri, 13 Apr 2012 22:47:11 +0000
with message-id <[email protected]>
and subject line Bug#658276: fixed in curl 7.21.0-2.1+squeeze2
has caused the Debian Bug report #658276,
regarding libcurl3: No more compatible with older SSL implementations
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
658276: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658276
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libcurl3
Version: 7.21.0-2.1+squeeze1, 7.24.0-1
Severity: grave

Hi,

After the upgrade from 7.21.0-2 or 7.23.1-3 some sites stop to
work while others continue to work.

My guess is that this is related to the CVE-2011-3389 change.
If my memory is any good, the reason why openssl still does
something with that option is because not all implementations
work without it.  I think I at least saw a blog post about
the state of that issue a few months ago.

I can reproduce this with:
$ curl https://www.eboekhuis.nl
curl: (52) Empty reply from server

Downgrading libcurl3 fixes my issue.


Kurt

--- End Message ---
--- Begin Message --- 
Source: curl
Source-Version: 7.21.0-2.1+squeeze2

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive:

curl_7.21.0-2.1+squeeze2.debian.tar.gz
  to main/c/curl/curl_7.21.0-2.1+squeeze2.debian.tar.gz
curl_7.21.0-2.1+squeeze2.dsc
  to main/c/curl/curl_7.21.0-2.1+squeeze2.dsc
curl_7.21.0-2.1+squeeze2_amd64.deb
  to main/c/curl/curl_7.21.0-2.1+squeeze2_amd64.deb
libcurl3-dbg_7.21.0-2.1+squeeze2_amd64.deb
  to main/c/curl/libcurl3-dbg_7.21.0-2.1+squeeze2_amd64.deb
libcurl3-gnutls_7.21.0-2.1+squeeze2_amd64.deb
  to main/c/curl/libcurl3-gnutls_7.21.0-2.1+squeeze2_amd64.deb
libcurl3_7.21.0-2.1+squeeze2_amd64.deb
  to main/c/curl/libcurl3_7.21.0-2.1+squeeze2_amd64.deb
libcurl4-gnutls-dev_7.21.0-2.1+squeeze2_amd64.deb
  to main/c/curl/libcurl4-gnutls-dev_7.21.0-2.1+squeeze2_amd64.deb
libcurl4-openssl-dev_7.21.0-2.1+squeeze2_amd64.deb
  to main/c/curl/libcurl4-openssl-dev_7.21.0-2.1+squeeze2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessandro Ghedini <[email protected]> (supplier of updated curl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 24 Mar 2012 15:01:45 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev 
libcurl3-dbg
Architecture: source amd64
Version: 7.21.0-2.1+squeeze2
Distribution: stable-security
Urgency: low
Maintainer: Ramakrishnan Muthukrishnan <[email protected]>
Changed-By: Alessandro Ghedini <[email protected]>
Description: 
 curl       - Get a file from an HTTP, HTTPS or FTP server
 libcurl3   - Multi-protocol file transfer library (OpenSSL)
 libcurl3-dbg - libcurl compiled with debug symbols
 libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
 libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
 libcurl4-openssl-dev - Development files and documentation for libcurl 
(OpenSSL)
Closes: 658276
Changes: 
 curl (7.21.0-2.1+squeeze2) stable-security; urgency=low
 .
   * Non-maintainer upload
   * Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (Closes: #658276)
Checksums-Sha1: 
 c6ce1d0916e5281f01a46918b742311f9091d14a 2168 curl_7.21.0-2.1+squeeze2.dsc
 d0e5a1184315b9abb9cc54d77d4a0200526f046d 2714501 curl_7.21.0.orig.tar.gz
 4a238c2898d6ed4dde1b5786b35a91838795074c 100157 
curl_7.21.0-2.1+squeeze2.debian.tar.gz
 d781b7de2462906615993a116dd54a92d9bf032b 228998 
curl_7.21.0-2.1+squeeze2_amd64.deb
 1e19fd99b4cbe8e80cb4b6f757067b3d04ebfe20 285450 
libcurl3_7.21.0-2.1+squeeze2_amd64.deb
 aab1b432abd91b4dbf271dae4d13189b0764a76e 265656 
libcurl3-gnutls_7.21.0-2.1+squeeze2_amd64.deb
 886af90d771a95a3e6258d203a722565770c732a 1098168 
libcurl4-openssl-dev_7.21.0-2.1+squeeze2_amd64.deb
 331dc907046f81730376b9e1d189f4b44bc22905 1074226 
libcurl4-gnutls-dev_7.21.0-2.1+squeeze2_amd64.deb
 ea91639e405a0932cd9029c1f425e801b3a69c03 106266 
libcurl3-dbg_7.21.0-2.1+squeeze2_amd64.deb
Checksums-Sha256: 
 337f1b0c559fb34325460fb43e36e9aaec76b1ad5c5e65c4975c8a40b7642e23 2168 
curl_7.21.0-2.1+squeeze2.dsc
 b3e2047c6f70eb321557af980a9554f0a98fb122d9636f1c98833262eed8de1d 2714501 
curl_7.21.0.orig.tar.gz
 eab89a1678b23b4a9ba5cfb70489889e710f299765ab34017b988fd6901efa83 100157 
curl_7.21.0-2.1+squeeze2.debian.tar.gz
 c129d139b628aae54c1643176b16e8477a6e603b58080e01f372ae97ecbe2130 228998 
curl_7.21.0-2.1+squeeze2_amd64.deb
 9cf2ead12a56ca684c1427195537c479de3027c4665356cad48d3db391e119f5 285450 
libcurl3_7.21.0-2.1+squeeze2_amd64.deb
 45c149e89f54ad56cd888345ba5d7f5dfd7412281a26d8a901920e348db90269 265656 
libcurl3-gnutls_7.21.0-2.1+squeeze2_amd64.deb
 12e7c723628085d6a489a1cc8f1aa1daa8e453f42b49c203cfa492fc08e96504 1098168 
libcurl4-openssl-dev_7.21.0-2.1+squeeze2_amd64.deb
 6269050a6bc7b4c182844087b4bf7d6fe2908a8d5549c041e4d45aa97dd5c9ed 1074226 
libcurl4-gnutls-dev_7.21.0-2.1+squeeze2_amd64.deb
 cb211d4418aa5b990771cfe6fdca6c0795615f88e18bfc112b461a4ad06b0435 106266 
libcurl3-dbg_7.21.0-2.1+squeeze2_amd64.deb
Files: 
 a9bbb2ed75ca53cbd31be481f6ee5206 2168 web optional curl_7.21.0-2.1+squeeze2.dsc
 6dfb911a254a1b5ca8b534b98f2196aa 2714501 web optional curl_7.21.0.orig.tar.gz
 104fcca385ea7ecae85f1bdfe18611d9 100157 web optional 
curl_7.21.0-2.1+squeeze2.debian.tar.gz
 ddb799952cbc28f63e06f674b77deb98 228998 web optional 
curl_7.21.0-2.1+squeeze2_amd64.deb
 ec82d3d931fecaf8a2131db3c570079e 285450 libs optional 
libcurl3_7.21.0-2.1+squeeze2_amd64.deb
 cad3749e58c431693c7df7a81918d124 265656 libs optional 
libcurl3-gnutls_7.21.0-2.1+squeeze2_amd64.deb
 84405ae1ab114887428bb95bdbcce7ab 1098168 libdevel optional 
libcurl4-openssl-dev_7.21.0-2.1+squeeze2_amd64.deb
 ae076f77b8efa0e8d8eb6834a469d149 1074226 libdevel optional 
libcurl4-gnutls-dev_7.21.0-2.1+squeeze2_amd64.deb
 359624088d1a7d8fd738d1613b15df7c 106266 debug extra 
libcurl3-dbg_7.21.0-2.1+squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJPdgB/AAoJEK+lG9bN5XPLa2EP/iKt11suxnv7a1k9Uh/49fCq
cR+GmdgZ+/FjapeQ0mUFnAQe8FwXPW1gZCFMhbLGz1nEyGZOmMX5PMfzOAu60uO2
w3D/6tsX0zXGC2qRxnbmtWRbumyD2QEUcIr7fwwzhXVO7VNCcxFGMgAf97UeiX6m
PulFiw69nKEW7dmCIP27TPcgnwUY3zkAlwGvhn9ZUK2YiMSfhR7SQAS2tYi82YBG
1ezseRQBfJlYbn2wQQ5tWZcy67BJMsfVGwZk/GspsEe070BpKH8M/vXSSrLtppku
H9egsNCABeMFyHBta6a3UvrtVrgWm7vzNl+gUaZJMbGOEdaxSow32M39mraac4k0
x4m4yQrGfiqZmtKUeXFJj6KfcpgD6F2cI2iBDf0oVmQpjLbUqsvNkeXCZhM3gohF
Ka+MgLizTX1FUYrihp7C/r8xbC8gHiXaYTDidbpxzje0t4TlVXRLF94pDqyF5B2U
v2AGj4bllcIVy/zzXpLU8UNtb7VvuYGUJMW+qh2/iOYGdfWkeaqb6+MxZSjZOIHQ
Qp28+fg3vVcHzA38yu/VeILXCdkLkQ4NAqWXLya5YQxrApN0IdDuG+/Erdf1kok+
Q2/eYD4PVGjNkXMO/s7N2oC9UwLYxiOWhO5Mluzm/n3+zDvLP301zistOliEFJr8
xgqaV9F48bGxbJ6RhEmS
=GtRE
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to