Your message dated Sun, 15 Mar 2015 21:25:57 +0000
with message-id <e1yxg2n-0000wj...@franck.debian.org>
and subject line Bug#780447: fixed in tomcat-native 1.1.32~repack-2
has caused the Debian Bug report #780447,
regarding tomcat-native: SSLv23_* calls shouldn't be disabled
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
780447: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780447
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libtcnative-1
Version: 1.1.32~repack-1
Severity: serious
I'm splitting this comment from Sergio Gelato in #737969 into a new issue.
--- Begin Message ---
found 737969 1.1.32~repack-1
thanks
I'd bump up the severity to serious if this weren't a maintainer's /
release manager's prerogative. This bug does force me to maintain my
own fork of the package.
The main problem, I think, is the following hunk:
@@ -121,12 +123,14 @@
/* requested but not supported */
#endif
} else {
+#ifndef OPENSSL_NO_SSL2
if (mode == SSL_MODE_CLIENT)
ctx = SSL_CTX_new(SSLv23_client_method());
else if (mode == SSL_MODE_SERVER)
ctx = SSL_CTX_new(SSLv23_server_method());
else
ctx = SSL_CTX_new(SSLv23_method());
+#endif
}
if (!ctx) {
The SSLv23_* methods in OpenSSL have misleading names. They are the only
ones that support more than one protocol version at the time, and must be
used in order to support any two or more of SSLv2, SSLv3, TLSv1, TLSv1.1,
TLSv1.2. So it's wrong to comment them out if OPENSSL_NO_SSL2 is defined.
I'd also encourage the Debian maintainers to ponder whether the rest of
the drop_sslv2_support.diff patch is still needed in light of upstream
changes to the package. In my own builds I just disable it.
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
--- End Message ---
--- End Message ---
--- Begin Message ---
Source: tomcat-native
Source-Version: 1.1.32~repack-2
We believe that the bug you reported is fixed in the latest version of
tomcat-native, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 780...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated tomcat-native package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 14 Mar 2015 22:18:29 +0100
Source: tomcat-native
Binary: libtcnative-1
Architecture: source amd64
Version: 1.1.32~repack-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
libtcnative-1 - Tomcat native library using the Apache Portable Runtime
Closes: 780447
Changes:
tomcat-native (1.1.32~repack-2) unstable; urgency=medium
.
* Team upload.
* Fixed the patch disabling the deprecated SSL protocols (Closes: #780447)
Checksums-Sha1:
d1ce5bb27fa9d66cce8d9be97e4ad844a36a4f6d 2072 tomcat-native_1.1.32~repack-2.dsc
319d24cfb01296df3a46ce83a170a0e58ae54765 4568
tomcat-native_1.1.32~repack-2.debian.tar.xz
1ed423e2e8058bbee2941ae914e2d936f9a01b58 85508
libtcnative-1_1.1.32~repack-2_amd64.deb
Checksums-Sha256:
44502a6dc59bed61c4d649bbb2555251c2fdaca7d7f595a457bb912467b8daca 2072
tomcat-native_1.1.32~repack-2.dsc
2effdc001942ac55a0a7a4dbb36e467e3735cdd5b74896309c5109db22e6ef1f 4568
tomcat-native_1.1.32~repack-2.debian.tar.xz
d85d899e31832b5f876896204b9264226b532c23ca7802113cf8613d37964b57 85508
libtcnative-1_1.1.32~repack-2_amd64.deb
Files:
23c28cf34af862378efe0881e1beab6f 2072 java extra
tomcat-native_1.1.32~repack-2.dsc
d49e0fd60e93f8fb89b461c7e7af8876 4568 java extra
tomcat-native_1.1.32~repack-2.debian.tar.xz
d4e07def6822bc360abff862f0cdd20d 85508 java extra
libtcnative-1_1.1.32~repack-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVBenSAAoJEPUTxBnkudCsOqEQALKQmUepQKsUJFrLQYvK+BL/
5tARGx18t+p0nQCDBiAVKGes6bUYis98RaF1el6tSODNEf/lFgHSx999MsFnG8/7
zjfDZCnQJEjRBPvr9N+BaoremLqQBabBEByudJiCmsY1OaIdlSiJCDJ7QIX6pC+0
f5fR0RJ4cYROlhOvcarc8Sn6Sypyd+Nqt6oGVjwcFSy16t8UsOpaE++E9ST6xwwV
p5GoU3wlciS8t264sU3FytuVM/h9Ndeaa+IY30wDK6QxrQ2P8ZLYM1rlVrmmDEPf
yRpUcbeNVwelVj+0bb6TrtrHNVb5RFsL+Cn05DcBXJSWPef7/0cAWNItRPXTs+9m
PnBuliwJQfkDmKx+RjNezOQKp0lJg1ifxYo1DlWHrg+IaYg1p/maEsTjSxfdCwb7
lpe24BGUkaCT2NwFlTwuJevKIRrDHKTp4Xz6ickkywoiYVU3s2VNCGqZwCW34o0k
WNWiXJJnBcYwC16Znu31DxKITLhIqlWvFwP80JJn3LOIWhljco5tbkU+BV2NVbrS
6TyHKqAc07urOQGf1OkPAD2EkaIS86zxMSVkLQu0ZwFUaECzPe0UAcjFnoB0YqCK
rIpb5GIroBl6HffnYX3pH544z3bpUkIJKATRaNdPvBe9xX0HhwDyno+Ms4Hz0iiu
acHs+WRoyX+YK9+p96oj
=WHqj
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
