GNU bug report logs - #13406
24.2.92; gnus fails imap connection with TLS

Previous Next

Packages: emacs, gnus;

Reported by: Rainer Orth <ro <at> CeBiTec.Uni-Bielefeld.DE>

Date: Thu, 10 Jan 2013 16:49:02 UTC

Severity: important

Tags: notabug

Found in version 24.2.92

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: Rainer Orth <ro <at> CeBiTec.Uni-Bielefeld.DE>
Cc: 13406 <at> debbugs.gnu.org, 13406-done <at> debbugs.gnu.org
Subject: bug#13406: 24.2.92; gnus fails imap connection with TLS
Date: Wed, 16 Jan 2013 09:09:06 -0500

On Tue, 15 Jan 2013 11:24:29 +0100 Rainer Orth <ro <at> CeBiTec.Uni-Bielefeld.DE> wrote: 

RO> Ted Zlatanov <tzz <at> lifelogs.com> writes:
>> Can you try from the command line, with `gnutls-cli'?

RO> gnutls-cli isn't installed on Solaris 11, so I built the upstream
RO> version of gnutls 2.8.6 myself.  With the unchanged version, imap with
RO> TLS works fine.  I've then dug up the build receipe on opensolaris.org
RO> and found that the fix for CVE-2012-1573 is wrong: while upstream

RO> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=422214868061370aeeb0ac9cd0f021a5c350a57d;hp=cfea38b5482c21fe6ddffaddc59a0040f80bd578

RO> uses a ciphertext.size < hash_size test, Solaris has

RO> http://src.opensolaris.org/source/xref/jds/spec-files/branches/gnome-2-30-s11update/patches/gnutls-02-cve-2012-1573.diff

>> hash_size instead.

RO> So the report is invalid and I'll report upstream.

Thank you for the thoroughness, it saves us a lot of work!  Marking this
bug as done.

Ted
This bug report was last modified 12 years and 186 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.