Bug#768796: marked as done (unblock: proxytunnel/1.9.0+svn250-5)

Sun, 09 Nov 2014 03:36:49 -0800 

Your message dated Sun, 09 Nov 2014 11:33:52 +0000
with message-id <[email protected]>
and subject line Re: Bug#768796: unblock: proxytunnel/1.9.0+svn250-5
has caused the Debian Bug report #768796,
regarding unblock: proxytunnel/1.9.0+svn250-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
768796: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768796
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Please unblock package proxytunnel

An improved fix for important bug #767301 - my original fix restricted
to TLS v1.0, whereas this new patch allows any version of TLS.  (There
is a discussion of this in the bug report.)  Sorry for this second
unblock request for the same bug.

The debdiff is attached.

The changelog from the version in testing:

proxytunnel (1.9.0+svn250-5) unstable; urgency=medium

  * Improved fix to bug#767301: Replace SSLv3_client_method with
    SSLv23_client_method so that any of the TLS versions can be used
    following negotiation with the client (thanks to Peter Meiser for
    pointing out my error with the previous patch) (Closes: #767301)

 -- Julian Gilbey <[email protected]>  Sun, 09 Nov 2014 10:54:14 +0000

proxytunnel (1.9.0+svn250-4) unstable; urgency=medium

  * Replace SSLv3 usage with TLSv1 to respond to CVE-2014-3566 removal of
    SSLv3 from openssl package (Closes: #767301)

-- Julian Gilbey <[email protected]>  Fri, 07 Nov 2014 10:06:38 +0000

Thanks!

   Julian

unblock proxytunnel/1.9.0+svn250-5

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru proxytunnel-1.9.0+svn250/debian/changelog proxytunnel-1.9.0+svn250/debian/changelog
--- proxytunnel-1.9.0+svn250/debian/changelog	2014-01-28 20:15:30.000000000 +0000
+++ proxytunnel-1.9.0+svn250/debian/changelog	2014-11-09 10:54:45.000000000 +0000
@@ -1,3 +1,19 @@
+proxytunnel (1.9.0+svn250-5) unstable; urgency=medium
+
+  * Improved fix to bug#767301: Replace SSLv3_client_method with
+    SSLv23_client_method so that any of the TLS versions can be used
+    following negotiation with the client (thanks to Peter Meiser for
+    pointing out my error with the previous patch) (Closes: #767301)
+
+ -- Julian Gilbey <[email protected]>  Sun, 09 Nov 2014 10:54:14 +0000
+
+proxytunnel (1.9.0+svn250-4) unstable; urgency=medium
+
+  * Replace SSLv3 usage with TLSv1 to respond to CVE-2014-3566 removal of
+    SSLv3 from openssl package (Closes: #767301)
+
+ -- Julian Gilbey <[email protected]>  Fri, 07 Nov 2014 10:06:38 +0000
+
 proxytunnel (1.9.0+svn250-3) unstable; urgency=low
 
   * Fix regression: FTBFS on some systems (Closes: #664470)
diff -Nru proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3 proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3
--- proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3	1970-01-01 01:00:00.000000000 +0100
+++ proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3	2014-11-09 10:54:45.000000000 +0000
@@ -0,0 +1,11 @@
+--- a/ptstream.c
++++ b/ptstream.c
+@@ -167,7 +167,7 @@
+ 	SSLeay_add_ssl_algorithms();
+ 	SSL_load_error_strings();
+ 
+-	ctx = SSL_CTX_new (SSLv3_client_method());
++	ctx = SSL_CTX_new (SSLv23_client_method());
+ 	ssl = SSL_new (ctx);
+ 
+ 	if (args_info.verbose_flag) {
diff -Nru proxytunnel-1.9.0+svn250/debian/patches/series proxytunnel-1.9.0+svn250/debian/patches/series
--- proxytunnel-1.9.0+svn250/debian/patches/series	2014-01-28 20:17:27.000000000 +0000
+++ proxytunnel-1.9.0+svn250/debian/patches/series	2014-11-09 10:55:33.000000000 +0000
@@ -3,3 +3,4 @@
 003_socket_write_loop
 004_remove_warnings
 005_sni
+006_migrate_from_SSLv3

--- End Message ---
--- Begin Message --- 
On 2014-11-09 11:08, Julian Gilbey wrote:

Please unblock package proxytunnel

An improved fix for important bug #767301 - my original fix restricted
to TLS v1.0, whereas this new patch allows any version of TLS.  (There
is a discussion of this in the bug report.)  Sorry for this second
unblock request for the same bug.


Unblocked; thanks.

Regards,

Adam

--- End Message ---

Reply via email to