Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package proxytunnel This fixes Debian bug #767301, severity important. This bug notes that due to CVE-2014-3566, SSLv3 is no longer available in openssl, so I have patched proxytunnel to use TLSv1 instead of SSLv3. This may mean that some proxies which still use SSLv3 exclusively will no longer be accessible, but the absence of SSLv3 in libssl would prevent this anyway. I have just uploaded version -4 of proxytunnel - it should hit unstable shortly. The debdiff is attached: I have patched one line in one file via a new quilt patch. Thanks! Julian unblock proxytunnel/1.9.0+svn250-4 -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru proxytunnel-1.9.0+svn250/debian/changelog proxytunnel-1.9.0+svn250/debian/changelog --- proxytunnel-1.9.0+svn250/debian/changelog 2014-01-28 20:15:30.000000000 +0000 +++ proxytunnel-1.9.0+svn250/debian/changelog 2014-11-07 10:21:54.000000000 +0000 @@ -1,3 +1,10 @@ +proxytunnel (1.9.0+svn250-4) unstable; urgency=medium + + * Replace SSLv3 usage with TLSv1 to respond to CVE-2014-3566 removal of + SSLv3 from openssl package (Closes: #767301) + + -- Julian Gilbey <[email protected]> Fri, 07 Nov 2014 10:06:38 +0000 + proxytunnel (1.9.0+svn250-3) unstable; urgency=low * Fix regression: FTBFS on some systems (Closes: #664470) diff -Nru proxytunnel-1.9.0+svn250/debian/patches/06_migrate_from_SSLv3 proxytunnel-1.9.0+svn250/debian/patches/06_migrate_from_SSLv3 --- proxytunnel-1.9.0+svn250/debian/patches/06_migrate_from_SSLv3 1970-01-01 01:00:00.000000000 +0100 +++ proxytunnel-1.9.0+svn250/debian/patches/06_migrate_from_SSLv3 2014-11-07 10:17:50.000000000 +0000 @@ -0,0 +1,11 @@ +--- a/ptstream.c ++++ b/ptstream.c +@@ -167,7 +167,7 @@ + SSLeay_add_ssl_algorithms(); + SSL_load_error_strings(); + +- ctx = SSL_CTX_new (SSLv3_client_method()); ++ ctx = SSL_CTX_new (TLSv1_client_method()); + ssl = SSL_new (ctx); + + if (args_info.verbose_flag) { diff -Nru proxytunnel-1.9.0+svn250/debian/patches/series proxytunnel-1.9.0+svn250/debian/patches/series --- proxytunnel-1.9.0+svn250/debian/patches/series 2014-01-28 20:17:27.000000000 +0000 +++ proxytunnel-1.9.0+svn250/debian/patches/series 2014-11-07 10:05:26.000000000 +0000 @@ -3,3 +3,4 @@ 003_socket_write_loop 004_remove_warnings 005_sni +06_migrate_from_SSLv3
