Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Hi, This is a pre-approval request to update and unblock tomcat-native/1.1.32~repack-2. This update fixes a mistake in the version uploaded and unblocked in December. The patch disabling the SSLv3 protocol removed the ability to support more than one protocol (see #780447). Thank you, Emmanuel Bourg unblock tomcat-native/1.1.32~repack-2 diff -Nru tomcat-native-1.1.32~repack/debian/changelog tomcat-native-1.1.32~repack/debian/changelog --- tomcat-native-1.1.32~repack/debian/changelog 2014-12-03 22:59:19.000000000 +0100 +++ tomcat-native-1.1.32~repack/debian/changelog 2015-03-14 22:21:26.000000000 +0100 @@ -1,3 +1,10 @@ +tomcat-native (1.1.32~repack-2) unstable; urgency=medium + + * Team upload. + * Fixed the patch disabling the deprecated SSL protocols (Closes: #780447) + + -- Emmanuel Bourg <[email protected]> Sat, 14 Mar 2015 22:18:29 +0100 + tomcat-native (1.1.32~repack-1) unstable; urgency=medium * Team upload. diff -Nru tomcat-native-1.1.32~repack/debian/patches/drop_sslv2_support.diff tomcat-native-1.1.32~repack/debian/patches/drop_sslv2_support.diff --- tomcat-native-1.1.32~repack/debian/patches/drop_sslv2_support.diff 2014-12-03 22:59:19.000000000 +0100 +++ tomcat-native-1.1.32~repack/debian/patches/drop_sslv2_support.diff 2015-03-14 01:08:47.000000000 +0100 @@ -54,33 +54,3 @@ #ifndef OPENSSL_NO_SSL2 } else if (protocol == SSL_PROTOCOL_SSLV2) { if (mode == SSL_MODE_CLIENT) -@@ -121,12 +123,14 @@ - /* requested but not supported */ - #endif - } else { -+#ifndef OPENSSL_NO_SSL2 - if (mode == SSL_MODE_CLIENT) - ctx = SSL_CTX_new(SSLv23_client_method()); - else if (mode == SSL_MODE_SERVER) - ctx = SSL_CTX_new(SSLv23_server_method()); - else - ctx = SSL_CTX_new(SSLv23_method()); -+#endif - } - - if (!ctx) { -@@ -148,10 +152,14 @@ - if (c->bio_os != NULL) - BIO_set_fp(c->bio_os, stderr, BIO_NOCLOSE | BIO_FP_TEXT); - SSL_CTX_set_options(c->ctx, SSL_OP_ALL); -+#ifndef OPENSSL_NO_SSL2 - if (!(protocol & SSL_PROTOCOL_SSLV2)) - SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv2); -+#endif -+#ifndef OPENSSL_NO_SSL3 - if (!(protocol & SSL_PROTOCOL_SSLV3)) - SSL_CTX_set_options(c->ctx, SSL_OP_NO_SSLv3); -+#endif - if (!(protocol & SSL_PROTOCOL_TLSV1)) - SSL_CTX_set_options(c->ctx, SSL_OP_NO_TLSv1); - #ifdef SSL_OP_NO_TLSv1_1 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
