Description of problem: OpenSSL has issued an advisory on October 16: https://openssl-library.org/news/secadv/20241016.txt The fixes are: https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 (version 3.3.x) https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 (version 3.0.x) Version-Release number of selected component (if applicable): openssl-3.0.15-1.mga9
Suggested advisory: ======================== The updated packages fix a security vulnerability: Low-level invalid GF(2^m) parameters lead to OOB memory access. (CVE-2024-9143) References: https://openssl-library.org/news/secadv/20241016.txt ======================== Updated packages in core/updates_testing: ======================== lib(64)quictls81.3-3.0.15-1.1.mga9 lib(64)quictls-devel-3.0.15-1.1.mga9 lib(64)quictls-static-devel-3.0.15-1.1.mga9 quictls-3.0.15-1.1.mga9 quictls-perl-3.0.15-1.1.mga9 from SRPM: quictls-3.0.15-1.1.mga9.src.rpm
Keywords: (none) => advisory
Test procedure there: https://bugs.mageia.org/show_bug.cgi?id=33650#c4 And there: https://bugs.mageia.org/show_bug.cgi?id=33614#c2
Assignee: bugsquad => qa-bugs
$ cat /etc/mageia-release Mageia release 9 (Official) for x86_64 $ rpm -qa | grep quictls lib64quictls81.3-3.0.15-1.1.mga9 quictls-3.0.15-1.1.mga9 lib64quictls-devel-3.0.15-1.1.mga9 $ echo -n 'hello mageia' | quictls aes-256-cbc -e -K 47bc82c4e6dd271d3a72d526bf6ac3ee520d8ec70f7a1044cd02f098f6b51162 -iv '47bc82c4e6dd271d3a72d526bf6ac3ee' > mageia.enc $ quictls aes-256-cbc -d -in mageia.enc -K 47bc82c4e6dd271d3a72d526bf6ac3ee520d8ec70f7a1044cd02f098f6b51162 -iv '47bc82c4e6dd271d3a72d526bf6ac3ee' hello mageia $ echo -n 'hello mageia' | quictls dgst -sha256 SHA2-256(stdin)= 872f4c6f4fa44aab16bb985dc4b7790f541695db34787f61f58df0f32598a93c $ echo -n 'hello mageia' | sha256sum 872f4c6f4fa44aab16bb985dc4b7790f541695db34787f61f58df0f32598a93c - $ quictls s_client -connect rapsys.eu:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R11 verify return:1 depth=0 CN = rapsys.eu verify return:1 [...] read R BLOCK ^C $ $ quictls ciphers -v TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256 PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1 DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1 DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256 DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1 ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1 ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256 ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1 RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1 RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256 RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1 $ quictls version -a OpenSSL 3.0.15+quic 3 Sep 2024 (Library: OpenSSL 3.0.15+quic 3 Sep 2024) built on: Fri Nov 8 06:22:55 2024 UTC platform: linux-x86_64 options: bn(64,64) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\"" -DSYSTEM_CIPHERS_FILE="/etc/crypto-policies/back-ends/openssl.config" OPENSSLDIR: "/etc/pki/tls-quic" ENGINESDIR: "/usr/lib64/engines-quic-81.3" MODULESDIR: "/usr/lib64/ossl-quic-modules" Seeding source: os-specific CPUINFO: OPENSSL_ia32cap=0x7fbae3ffffebffff:0x281 $ quictls genrsa -out a.key 2048 && [ -f a.key ] && echo true true
CC: (none) => andrewsfarm, brtians1, mageiaWhiteboard: (none) => MGA9-64-OK
For version 3.3.2 in cauldron I have some trouble with failing tests at the %check make test step. If someone may take a look and help me (either fix the tests or disable them), it is sadly over my capabilities...
CC: (none) => marja11
The failing test summary: Test Summary Report ------------------- 70-test_quic_multistream.t (Wstat: 256 (exited 1) Tests: 2 Failed: 1) Failed test: 1 Non-zero exit status: 1 70-test_quic_tserver.t (Wstat: 256 (exited 1) Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 75-test_quicapi.t (Wstat: 512 (exited 2) Tests: 2 Failed: 2) Failed tests: 1-2 Non-zero exit status: 2 90-test_quicfaults.t (Wstat: 512 (exited 2) Tests: 2 Failed: 2) Failed tests: 1-2 Non-zero exit status: 2 Files=314, Tests=2882, 429 wallclock secs ( 7.56 usr 0.62 sys + 352.99 cusr 38.03 csys = 399.20 CPU) Result: FAIL
(In reply to Raphael Gertz from comment #5) > The failing test summary: > > Test Summary Report > ------------------- > 70-test_quic_multistream.t (Wstat: 256 (exited 1) Tests: 2 > Failed: 1) > Failed test: 1 > Non-zero exit status: 1 > 70-test_quic_tserver.t (Wstat: 256 (exited 1) Tests: 1 > Failed: 1) > Failed test: 1 > Non-zero exit status: 1 > 75-test_quicapi.t (Wstat: 512 (exited 2) Tests: 2 > Failed: 2) > Failed tests: 1-2 > Non-zero exit status: 2 > 90-test_quicfaults.t (Wstat: 512 (exited 2) Tests: 2 > Failed: 2) > Failed tests: 1-2 > Non-zero exit status: 2 > Files=314, Tests=2882, 429 wallclock secs ( 7.56 usr 0.62 sys + 352.99 cusr > 38.03 csys = 399.20 CPU) > Result: FAIL Perhaps https://aur.archlinux.org/packages/quictls-openssl#comment-954641 ?
RH x86_64 LC_ALL=C urpmi quictls To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "QA Testing (64-bit)") lib64quictls81.3 3.0.15 1.1.mga9 x86_64 quictls 3.0.15 1.1.mga9 x86_64 8.3MB of additional disk space will be used. 2.4MB of packages will be retrieved. Proceed with the installation of the 2 packages? (Y/n) y installing quictls-3.0.15-1.1.mga9.x86_64.rpm lib64quictls81.3-3.0.15-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: lib64quictls81.3 ################################################################################################## 2/2: quictls ################################################################################################## cat kernel-cves| quictls aes-256-cbc -e -K 47bc82c4e6dd271d3a72d526bf6ac3ee520d8ec70f7a1044cd02f098f6b51162 -iv '47bc82c4e6dd271d3a72d526bf6ac3ee' > kernel-cves.enc quictls aes-256-cbc -d -in kernel-cves.enc -K 47bc82c4e6dd271d3a72d526bf6ac3ee520d8ec70f7a1044cd02f098f6b51162 -iv '47bc82c4e6dd271d3a72d526bf6ac3ee' CVE-2023-52917 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672 CVE-2024-47673 CVE-2024-47675 CVE-2024-47678 CVE-2024-47679 CVE-2024-47681 CVE-2024-47682 CVE-2024-47683 CVE-2024-47684 CVE-2024-47685 CVE-2024-47686 CVE-2024-47688 etc quictls s_client -connect rapsys.eu:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R11 verify return:1 depth=0 CN = rapsys.eu verify return:1 --- Certificate chain 0 s:CN = rapsys.eu i:C = US, O = Let's Encrypt, CN = R11 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Oct 29 03:20:20 2024 GMT; NotAfter: Jan 27 03:20:19 2025 GMT 1 s:C = US, O = Let's Encrypt, CN = R11 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIH7zCCBtegAwIBAgISA2IFEk10mOwZeQciUfejHvCYMA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTEwHhcNMjQxMDI5MDMyMDIwWhcNMjUwMTI3MDMyMDE5WjAUMRIwEAYDVQQD EwlyYXBzeXMuZXUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7lgVH sPRR2muIa6cflsnzaJWEh+R6FodQGuKoekmDiTaFX42mtHyPpudmz3E8NvTfnKOs lmesH4zh1ViorTPvUcbZoXbJ3y/+4WmMnx+/UlGfntnMQOkaf49/0YNKEtczvpEy 1vispNsWgbszqXoSUGuHkdAWnJp68gCTTuPx2LknFQ3aGUQdIRcwQ+qfXSKV1fuH cDrwiv6553eNc/Z9f2i09+HW5zt+xYEPI7UdSNt7fdqlTql67IQ864kluYSkHrzS jw9JRnCsIcm+Lq3xay8sqMSbQCPzyDe7dP9xNdKHNqi83CTyQFAVj2/tDYcsmOL3 NeKsWsi9qkEfjgG/019WS50w4BdjGNtgkVX4eHGh31d83tHFaz7KSIuOjGpsp0oH QxTgFwLEyVEgnwdepI6qvgkVsmpX4YadbL7i8Ffi7qKxMNgGxxfn5B1UtR5NyxuI YeJwXLdac4Zkm6+fcDTp37AVwz3dwTu4NaQtWFQl+Kgk2EzhjoBs5GV4CeC8i4PL 1DHxAlxxxHKC4MnQBGJVAeCYA3OAIAeTGtBCemI34hYC0i+VYZ+ohIkEANcNBwri wFOE0G6lACr2lnxxaqiZ/Aib0mHyQrxkh/Etogr9XNCv7OjM7BnJ43JgX/jl4UHz MrV5D2LsRr+waSQXssPwOpK4KmDAYkGJ9dtDhQIDAQABo4IEGjCCBBYwDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBSvvXyv+QIUNc4h7AWJGbg1d5ahljAfBgNVHSMEGDAW gBTFz0ak6vTDwHpslcQtsF6SLybjuTBXBggrBgEFBQcBAQRLMEkwIgYIKwYBBQUH MAGGFmh0dHA6Ly9yMTEuby5sZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6Ly9y MTEuaS5sZW5jci5vcmcvMIICIAYDVR0RBIICFzCCAhOCC2FpcmxpYnJlLmV1ghJh aXJsaWJyZS5yYXBzeXMuZXWCCmFvaWhpbWUuZXWCDWFwaS5yYXBzeXMuZXWCEGF1 cmFlLmFvaWhpbWUuZXWCFWF1dG9jb25maWcuYW9paGltZS5ldYIUYXV0b2NvbmZp Zy5yYXBzeXMuZXWCFGF1dG9jb25maWcucmFwc3lzLmZygg5ibG9nLnJhcHN5cy5l dYINY2RuLnJhcHN5cy5ldYIUY29uZmVyZW5jZS5yYXBzeXMuZXWCDWRldi5yYXBz eXMuZXWCDWRvYy5yYXBzeXMuZXWCDmZsZXgucmFwc3lzLmV1gg9mb2N1cy5yYXBz eXMuZXWCDWZ0cC5yYXBzeXMuZXWCCGdlcnR6LmZygg1naXQucmFwc3lzLmV1gg5p bWFwLnJhcHN5cy5ldYIObWFpbC5yYXBzeXMuZXWCDm1lZXQucmFwc3lzLmV1gg9w aG90by5yYXBzeXMuZXWCCXJhcHN5cy5ldYIJcmFwc3lzLmZygg5zbXRwLnJhcHN5 cy5ldYIPdGFuZ28ucmFwc3lzLmV1gg92aWRlby5yYXBzeXMuZXWCDndvdy5hb2lo aW1lLmV1gg93d3cuYWlybGlicmUuZXWCDnd3dy5hb2loaW1lLmV1ggx3d3cuZ2Vy dHouZnKCDXd3dy5yYXBzeXMuZXWCDXd3dy5yYXBzeXMuZnIwEwYDVR0gBAwwCjAI BgZngQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgCi4wrkRe+9rZt+OO1H Z3dT14JbhJTXK14bLMS5UKRH5wAAAZLWf3dtAAAEAwBHMEUCIEHnAXAJfyTtHe9A aH9UFWO27tE+DfO0p9LpW/pNbBquAiEAiTAFE5mNuOUzdHJvebkkdT4rEAbdwOSB 9UKAq/OUUzAAdQDgkrP8DB3I52g2H95huZZNClJ4GYpy1nLEsE2lbW9UBAAAAZLW f3eEAAAEAwBGMEQCIBiUTuyGOupOQop5+K4KP4Djb9+LJR81UgbXkeCkeNoHAiAU mhurH7LT+AmNw+/9y3mPcty4JfKNSF209LklCs9urTANBgkqhkiG9w0BAQsFAAOC AQEArLQZTeSIBQyT+2Ix7afWc23UktYBNCCkeIJ0VCMv4MHju0SwoCsZ1jnaBIfo GGMNlnMtrF63iqUUcnmJmCTWgBefiEev9/FjzFExJz+buymRNUkMDQxT7ojR2R7h ZPnnCgwZX4j498q2qA5XmQgalq+mVcDZV0BmisGqPtzWB039jUP50GyakaxIW0iq BlJWzf0vPF4LGlganh0uN8y+fT//zIAFBzCjLUZslNtFYzvEL1XFjH9zOJPanLg2 XzCFoCc7r85Brx6WJ82gZWa4e0wyHxDHRRAP3ryXxb17PGaowAsO3wfT6kdjbRkZ IdiNqz24rvVzlYw5PTKb3GNr8w== -----END CERTIFICATE----- subject=CN = rapsys.eu issuer=C = US, O = Let's Encrypt, CN = R11 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 4130 bytes and written 377 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_128_GCM_SHA256 Session-ID: 019F23CED17480A8E7240A9283E7B4921B7472E4A3AE7073DAC8BA3B39B3A9A9 Session-ID-ctx: Resumption PSK: B7D7F0303637F80947BC88ECDAF5375DC47B6BA70BDD93AFD328306C6E6A0231 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 79 6a 82 de a7 6b 39 e9-65 d3 42 2c ab 84 d3 14 yj...k9.e.B,.... 0010 - cb c9 18 7e 5d 82 1c bf-b8 56 7e c0 24 c7 ef 4c ...~]....V~.$..L Start Time: 1731112102 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_128_GCM_SHA256 Session-ID: 3B2A2E248E0CFF43892381D0B70B7A090FAE8CE1C1F90678F2D772E5824B8613 Session-ID-ctx: Resumption PSK: 8DF285C7DFF0F2F0B2276FBE4F6FB8141B037ACC7AE6B032B51F71F654263307 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - f7 f0 ca 75 5e 25 29 44-44 52 47 99 33 5b 89 f7 ...u^%)DDRG.3[.. 0010 - f5 b5 a6 ea 91 1d d9 d5-95 55 f5 a0 40 e3 51 74 .........U..@.Qt Start Time: 1731112102 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK HTTP/1.1 408 Request Time-out Content-length: 110 Cache-Control: no-cache Connection: close Content-Type: text/html <html><body><h1>408 Request Time-out</h1> Your browser didn't send a complete request in time. </body></html> closed Looks good and consistent with previous round keep OK
Source RPM: openssl-3.0.15-1.mga9.src.rpm => quictls
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Fix source rpm in bug report, sorry bad copy paste
Source RPM: quictls => quictls-3.0.15-1.mga9.src.rpm
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0354.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
(In reply to Raphael Gertz from comment #5) > The failing test summary: > > Test Summary Report > ------------------- > 70-test_quic_multistream.t (Wstat: 256 (exited 1) Tests: 2 > Failed: 1) > Failed test: 1 > Non-zero exit status: 1 > 70-test_quic_tserver.t (Wstat: 256 (exited 1) Tests: 1 > Failed: 1) > Failed test: 1 > Non-zero exit status: 1 > 75-test_quicapi.t (Wstat: 512 (exited 2) Tests: 2 > Failed: 2) > Failed tests: 1-2 > Non-zero exit status: 2 > 90-test_quicfaults.t (Wstat: 512 (exited 2) Tests: 2 > Failed: 2) > Failed tests: 1-2 > Non-zero exit status: 2 > Files=314, Tests=2882, 429 wallclock secs ( 7.56 usr 0.62 sys + 352.99 cusr > 38.03 csys = 399.20 CPU) > Result: FAIL Please report this in dev list