Bug#773169: unblock: syncevolution/1.4.99.4-3

Tue, 16 Dec 2014 04:46:02 -0800 

Hi,

I forgot to attach a debdiff in the bugreport. Sorry for that. Now it's
attached.

Regards,
Tino

diff -Nru syncevolution-1.4.99.4/debian/changelog syncevolution-1.4.99.4/debian/changelog
--- syncevolution-1.4.99.4/debian/changelog	2014-10-26 14:43:18.000000000 +0100
+++ syncevolution-1.4.99.4/debian/changelog	2014-12-04 22:46:12.000000000 +0100
@@ -1,3 +1,9 @@
+syncevolution (1.4.99.4-3) unstable; urgency=medium
+
+  * Use TLS instead of SSLv3 in SyncML server script (Closes: #772040)
+
+ -- Tino Mettler <tino+deb...@tikei.de>  Thu, 04 Dec 2014 22:44:49 +0100
+
 syncevolution (1.4.99.4-2) unstable; urgency=medium
 
   * Fix FTBFS on kfreebsd due to missing SOCK_CLOEXEC
diff -Nru syncevolution-1.4.99.4/debian/patches/0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch syncevolution-1.4.99.4/debian/patches/0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch
--- syncevolution-1.4.99.4/debian/patches/0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch	2014-10-26 14:13:38.000000000 +0100
+++ syncevolution-1.4.99.4/debian/patches/0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch	2014-12-04 22:46:46.000000000 +0100
@@ -47,5 +47,5 @@
      GuardFD childfd(fds[1]);
  
 -- 
-2.0.1
+2.1.3
 
diff -Nru syncevolution-1.4.99.4/debian/patches/0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch syncevolution-1.4.99.4/debian/patches/0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch
--- syncevolution-1.4.99.4/debian/patches/0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch	1970-01-01 01:00:00.000000000 +0100
+++ syncevolution-1.4.99.4/debian/patches/0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch	2014-12-04 22:46:46.000000000 +0100
@@ -0,0 +1,30 @@
+From 7d2802314406b0d6218bd04889667e38710b414d Mon Sep 17 00:00:00 2001
+From: Tino Mettler <tino+deb...@tikei.de>
+Date: Thu, 4 Dec 2014 17:11:22 +0100
+Subject: [PATCH] Use TLS instead of SSLv3 in SyncML server script
+
+This fixes a potential security risk. It also avoids connection problems
+with clients that don't support SSLv3 anymore, like the syncevolution SyncML
+client itself.
+
+Closes: #772040
+---
+ test/syncevo-http-server.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/syncevo-http-server.py b/test/syncevo-http-server.py
+index 57210ae..6c14088 100755
+--- a/test/syncevo-http-server.py
++++ b/test/syncevo-http-server.py
+@@ -40,7 +40,7 @@ timeout=100000
+ 
+ class ChainedOpenSSLContextFactory(ssl.DefaultOpenSSLContextFactory):
+     def __init__(self, privateKeyFileName, certificateChainFileName,
+-                 sslmethod = SSL.SSLv3_METHOD):
++                 sslmethod = SSL.TLSv1_METHOD):
+         """
+         @param privateKeyFileName: Name of a file containing a private key
+         @param certificateChainFileName: Name of a file containing a certificate chain
+-- 
+2.1.3
+
diff -Nru syncevolution-1.4.99.4/debian/patches/series syncevolution-1.4.99.4/debian/patches/series
--- syncevolution-1.4.99.4/debian/patches/series	2014-10-26 14:13:38.000000000 +0100
+++ syncevolution-1.4.99.4/debian/patches/series	2014-12-04 22:46:46.000000000 +0100
@@ -1,2 +1,3 @@
 # debian/source/git-patches exported from git by quilt-patches-deb-export-hook
 0001-Fix-FTBFS-on-kfreebsd-due-to-missing-SOCK_CLOEXEC.patch
+0002-Use-TLS-instead-of-SSLv3-in-SyncML-server-script.patch

Reply via email to