Your message dated Sat, 07 Nov 2015 00:06:17 +0000
with message-id <e1zur1n-0005yw...@franck.debian.org>
and subject line Bug#803975: fixed in libcrypt-ssleay-perl 0.73.04-1
has caused the Debian Bug report #803975,
regarding libcrypt-ssleay-perl: Uses SSLv3_client_method()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
803975: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libcrypt-ssleay-perl
Version: 0.58-1
Severity: serious
Hi,
Your package has code in SSLeay.xs that does:
if(ssl_version == 23) {
ctx = SSL_CTX_new(SSLv23_client_method());
}
else if(ssl_version == 3) {
ctx = SSL_CTX_new(SSLv3_client_method());
}
else {
#ifndef OPENSSL_NO_SSL2
/* v2 is the default */
ctx = SSL_CTX_new(SSLv2_client_method());
#else
/* v3 is the default */
ctx = SSL_CTX_new(SSLv3_client_method());
#endif
}
You really only ever want to use SSLv23_client_method() since that
is the only one that supports multiple versions. I suggest you
modify your nossl2.patch to just replace all of the above by:
ctx = SSL_CTX_new(SSLv23_client_method());
ssl_version would then become an unused variable.
Just like SSLv2 has already been removed, SSLv3 is now also
removed because it's insecure.
Kurt
--- End Message ---
--- Begin Message ---
Source: libcrypt-ssleay-perl
Source-Version: 0.73.04-1
We believe that the bug you reported is fixed in the latest version of
libcrypt-ssleay-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 803...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <gre...@debian.org> (supplier of updated libcrypt-ssleay-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 07 Nov 2015 00:53:32 +0100
Source: libcrypt-ssleay-perl
Binary: libcrypt-ssleay-perl
Architecture: source
Version: 0.73.04-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: gregor herrmann <gre...@debian.org>
Closes: 803975
Description:
libcrypt-ssleay-perl - OpenSSL support for LWP
Changes:
libcrypt-ssleay-perl (0.73.04-1) unstable; urgency=medium
.
* Team upload.
.
[ Harlan Lieberman-Berg ]
* New upstream release.
* Remove patch accepted upstream.
* Rework d/copyright to conform with final spec.
* Bump s-v to 3.9.5, compat to 9, d-h to >= 9.20120312
* Add dependency for libtry-tiny-perl
* Add deprecation warning.
* Update d/control, d/copyright with new dependencies and files.
.
[ Salvatore Bonaccorso ]
* Change Vcs-Git to canonical URI (git://anonscm.debian.org)
* Change search.cpan.org based URIs to metacpan.org based URIs
.
[ gregor herrmann ]
* Strip trailing slash from metacpan URLs.
.
[ Axel Beckert ]
* Fix Vcs-* headers (Thanks DUCK!)
.
[ Salvatore Bonaccorso ]
* Update Vcs-Browser URL to cgit web frontend
.
[ gregor herrmann ]
* Update years of upstream and packaging copyright.
* Update upstream license.
* Add versions to new build dependencies.
* Add libdevel-checklib-perl to Build-Depends.
* Add debian/upstream/metadata.
* debian/watch: temporarily allow devel releases.
.
* Import upstream development version 0.73_04.
Fixes "Uses SSLv3_client_method()".
(Closes: #803975)
* Add IO::Socket::IP to Recommends and Build-Depends.
* Add (build) dependency on libbytes-random-secure-perl.
* Mark package as autopkgtest-able.
* Declare compliance with Debian Policy 3.9.6.
Checksums-Sha1:
377d48759dbbb6c8357bc8c64bb2bcaffd92375f 2469
libcrypt-ssleay-perl_0.73.04-1.dsc
17722f5343e8474cb7098691b63ef5b27fbfe82d 129261
libcrypt-ssleay-perl_0.73.04.orig.tar.gz
31c1e837038f139eb4714c5fec79f758a07c2163 7568
libcrypt-ssleay-perl_0.73.04-1.debian.tar.xz
Checksums-Sha256:
489583669b3113047eed64b2e894a93877a3987101a6b6ff2501278196a90ead 2469
libcrypt-ssleay-perl_0.73.04-1.dsc
b7098d14d3db4a089eee765440b27c2838e204b61297c062c4feb50eb75aee10 129261
libcrypt-ssleay-perl_0.73.04.orig.tar.gz
16e24712a7f93b3ebd1af168ec3c113ad6a39f188a89c10c3d17bd7dec22e1d0 7568
libcrypt-ssleay-perl_0.73.04-1.debian.tar.xz
Files:
aa284c28d2f2bfc08c70dd812552e885 2469 perl optional
libcrypt-ssleay-perl_0.73.04-1.dsc
7508b2a34da2202cc0c78deb59e36526 129261 perl optional
libcrypt-ssleay-perl_0.73.04.orig.tar.gz
283327b3bc317a387848985b2eff6206 7568 perl optional
libcrypt-ssleay-perl_0.73.04-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJWPT4AXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREMUUxMzE2RTkzQTc2MEE4MTA0RDg1RkFC
QjNBNjgwMTg2NDlBQTA2AAoJELs6aAGGSaoGQVgP/iGLdpW6bSJ7sCBWJjQklE/s
DATUlV0aLTazFndeEfBWkO8F0KQvwNUbTjraOsNyiWwQPF4Wnlc7iMf+VIuPS9tE
uWstQo84FWBjpDUOz/EXKIn284PwAGGMmMg6iK5odPsQdUWEW0A2RScGT1IDtkAd
rgXFI/9sDWk5NuzNoAcNGWONFOkxNueAdqYsKNx3XJKUViwxVwLYa4lpVsaeTW/1
PyEQ1Pz+3mNZTrKF1c0Pm3z4CxASG7d4mAUu3vftD48nJknK9As6ekLSysEohEG1
ZT3nHRpg2G/PYt2glVmhD/+aAOlNgWh/ZTZtkHfFbo2ktb/ff6mzEQJ/eXiAPQAN
stnMtmhVkQylyUUu4GzxsWkKGe70Vc6D4VjM7fZl+zDiKd6EZmosBwzVgAKW8o+L
VBY7fzRzbJTUTOYwBk3tvQb2k9Uo2bWH5IuQeO9yUQtknOuuOpzVxjcnwzxLrn1T
etqdGzgV6i/2PyH1qEQstkdiF37Ko/tU/rwIkZgZQp0of04L+SrEDgqlivhcrHTr
zorDLtny3TTAKs0EzzGhsr3o3td8l1cLQjmyJE35oGGWTR1UnKOqltZpdbKzJyqR
f4JchQLPRPIVKd52KZuttqBXHnEey1AbyLj04xhIuxypSG1hrlL3WyzlJro2co+v
7CqPsoK07U7jjxBL1/Gp
=2rna
-----END PGP SIGNATURE-----
--- End Message ---
