Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1055758: opensmtpd: OpenSMTPD release in stable (bookworm) is useless due to #1037359
22 views
Skip to first unread message
Mike Swanson
Nov 10, 2023, 1:10:06 PM11/10/23
to
Package: opensmtpd
Version: 6.8.0p2-4+b4
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: mikeonth...@gmail.com
Dear Maintainer,
Due to the bug mentioned in the subject (#1037359), OpenSMTPD fails to utilize
TLS certificates with OpenSSL >= 3.0.0. As such, the program is a total
non-starter for any internet-facing mail solution (perhaps an internal mail
server without encryption would be fine). While the issue has been resolved
upstream and in the sid and trixie repositories, it remains unusable in
bookworm.
Even if the resolution is to upgrade the version in bookworm (normally a
violation of Debian policy, I know), it would at least restore the package
to a fully-functional state, as it is on both bullseye and trixie.
-- System Information:
Debian Release: 12.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 6.1.0-13-cloud-arm64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages opensmtpd depends on:
ii adduser 3.134
ii debconf [debconf-2.0] 1.5.82
ii ed 1.19-1
ii init-system-helpers 1.65.2
ii libc6 2.36-9+deb12u3
ii libcrypt1 1:4.4.33-2
ii libdb5.3 5.3.28+dfsg2-1
ii libevent-2.1-7 2.1.12-stable-8
ii libpam0g 1.5.2-6+deb12u1
ii libssl3 3.0.11-1~deb12u2
ii sysvinit-utils [lsb-base] 3.06-4
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages opensmtpd recommends:
ii opensmtpd-extras 6.7.1-2
Versions of packages opensmtpd suggests:
ii ca-certificates 20230311
-- Configuration Files:
/etc/smtpd.conf changed [not included]
-- debconf information excluded
Version: 6.8.0p2-4+b4
Severity: grave
Justification: renders package unusable
X-Debbugs-Cc: mikeonth...@gmail.com
Dear Maintainer,
Due to the bug mentioned in the subject (#1037359), OpenSMTPD fails to utilize
TLS certificates with OpenSSL >= 3.0.0. As such, the program is a total
non-starter for any internet-facing mail solution (perhaps an internal mail
server without encryption would be fine). While the issue has been resolved
upstream and in the sid and trixie repositories, it remains unusable in
bookworm.
Even if the resolution is to upgrade the version in bookworm (normally a
violation of Debian policy, I know), it would at least restore the package
to a fully-functional state, as it is on both bullseye and trixie.
-- System Information:
Debian Release: 12.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 6.1.0-13-cloud-arm64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages opensmtpd depends on:
ii adduser 3.134
ii debconf [debconf-2.0] 1.5.82
ii ed 1.19-1
ii init-system-helpers 1.65.2
ii libc6 2.36-9+deb12u3
ii libcrypt1 1:4.4.33-2
ii libdb5.3 5.3.28+dfsg2-1
ii libevent-2.1-7 2.1.12-stable-8
ii libpam0g 1.5.2-6+deb12u1
ii libssl3 3.0.11-1~deb12u2
ii sysvinit-utils [lsb-base] 3.06-4
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages opensmtpd recommends:
ii opensmtpd-extras 6.7.1-2
Versions of packages opensmtpd suggests:
ii ca-certificates 20230311
-- Configuration Files:
/etc/smtpd.conf changed [not included]
-- debconf information excluded
Ryan Kavanagh
Nov 16, 2023, 12:50:06 PM11/16/23
to
On Fri, Nov 10, 2023 at 10:06:11AM -0800, Mike Swanson wrote:
> Due to the bug mentioned in the subject (#1037359), OpenSMTPD fails to
> utilize TLS certificates with OpenSSL >= 3.0.0. As such, the program
> is a total non-starter for any internet-facing mail solution (perhaps
> an internal mail server without encryption would be fine). While the
> issue has been resolved upstream and in the sid and trixie
> repositories, it remains unusable in bookworm.
Indeed, OpenSMTPD in Debian stable is currently (only?) useful as a
> Due to the bug mentioned in the subject (#1037359), OpenSMTPD fails to
> utilize TLS certificates with OpenSSL >= 3.0.0. As such, the program
> is a total non-starter for any internet-facing mail solution (perhaps
> an internal mail server without encryption would be fine). While the
> issue has been resolved upstream and in the sid and trixie
> repositories, it remains unusable in bookworm.
local smarthost (my own use case for OpenSMTPD on Debian).
Unfortunately, a fix for #1037359 was not available in time for
bookworm.
I plan on uploading OpenSMTPD 7.4.0p2 to Debian backports in the near
future. This should at least provide a working version of OpenSMTPD for
those using bookworm.
Ryan
Ryan Kavanagh
Dec 7, 2023, 11:10:04 AM12/7/23
to
On Thu, Nov 16, 2023 at 12:36:16PM -0500, Ryan Kavanagh wrote:
> I plan on uploading OpenSMTPD 7.4.0p2 to Debian backports in the near
> future
7.4.0p1 is now available from stable-backports.
> I plan on uploading OpenSMTPD 7.4.0p2 to Debian backports in the near
> future
Best,
Ryan
--
|)|/ Ryan Kavanagh | 4E46 9519 ED67 7734 268F
|\|\ https://rak.ac | BD95 8F7B F8FC 4A11 C97A
0 new messages