Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please unblock package haskell-tls Thijs Kinkhorst suggested to remove SSL3 support from haskell-tls due to the POODLE attack. This patch follows that recommendating, taking upstream’s trivial change to disable SSL3 by default. See http://bugs.debian.org/768164 unblock haskell-tls/1.2.9-2 - -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 armhf Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlRpFAgACgkQ9ijrk0dDIGyPjgCfcz7/6ki8vVlccE3aw+PBzbJ3 YdcAn0r90WOQpw0STAbfvgB3QHJjo35h =WlbC -----END PGP SIGNATURE-----
diff -Nru haskell-tls-1.2.9/debian/changelog haskell-tls-1.2.9/debian/changelog --- haskell-tls-1.2.9/debian/changelog 2014-09-16 20:43:09.000000000 +0200 +++ haskell-tls-1.2.9/debian/changelog 2014-11-16 21:47:16.000000000 +0100 @@ -1,3 +1,9 @@ +haskell-tls (1.2.9-2) unstable; urgency=medium + + * Disable SSL3 by default (Closes: #768164) + + -- Joachim Breitner <[email protected]> Sun, 16 Nov 2014 21:47:16 +0100 + haskell-tls (1.2.9-1) unstable; urgency=medium * New upstream version. diff -Nru haskell-tls-1.2.9/debian/patches/no-ssl3 haskell-tls-1.2.9/debian/patches/no-ssl3 --- haskell-tls-1.2.9/debian/patches/no-ssl3 1970-01-01 01:00:00.000000000 +0100 +++ haskell-tls-1.2.9/debian/patches/no-ssl3 2014-11-16 21:43:56.000000000 +0100 @@ -0,0 +1,16 @@ +Debian-Bug: http://bugs.debian.org/768164 +Upstream-Patch: https://github.com/vincenthz/hs-tls/commit/5353bd2f717a31fd63c2a5d67112d8d8279bd1e6 + +Index: haskell-tls-1.2.9/Network/TLS/Parameters.hs +=================================================================== +--- haskell-tls-1.2.9.orig/Network/TLS/Parameters.hs 2014-11-16 21:42:36.875208330 +0100 ++++ haskell-tls-1.2.9/Network/TLS/Parameters.hs 2014-11-16 21:42:47.111406646 +0100 +@@ -126,7 +126,7 @@ + + defaultSupported :: Supported + defaultSupported = Supported +- { supportedVersions = [TLS12,TLS11,TLS10,SSL3] ++ { supportedVersions = [TLS12,TLS11,TLS10] + , supportedCiphers = [] + , supportedCompressions = [nullCompression] + , supportedHashSignatures = [ (Struct.HashSHA512, SignatureRSA) diff -Nru haskell-tls-1.2.9/debian/patches/series haskell-tls-1.2.9/debian/patches/series --- haskell-tls-1.2.9/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ haskell-tls-1.2.9/debian/patches/series 2014-11-16 21:41:55.000000000 +0100 @@ -0,0 +1 @@ +no-ssl3
