Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package proxytunnel
An improved fix for important bug #767301 - my original fix restricted
to TLS v1.0, whereas this new patch allows any version of TLS. (There
is a discussion of this in the bug report.) Sorry for this second
unblock request for the same bug.
The debdiff is attached.
The changelog from the version in testing:
proxytunnel (1.9.0+svn250-5) unstable; urgency=medium
* Improved fix to bug#767301: Replace SSLv3_client_method with
SSLv23_client_method so that any of the TLS versions can be used
following negotiation with the client (thanks to Peter Meiser for
pointing out my error with the previous patch) (Closes: #767301)
-- Julian Gilbey <j...@debian.org> Sun, 09 Nov 2014 10:54:14 +0000
proxytunnel (1.9.0+svn250-4) unstable; urgency=medium
* Replace SSLv3 usage with TLSv1 to respond to CVE-2014-3566 removal of
SSLv3 from openssl package (Closes: #767301)
-- Julian Gilbey <j...@debian.org> Fri, 07 Nov 2014 10:06:38 +0000
Thanks!
Julian
unblock proxytunnel/1.9.0+svn250-5
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru proxytunnel-1.9.0+svn250/debian/changelog proxytunnel-1.9.0+svn250/debian/changelog
--- proxytunnel-1.9.0+svn250/debian/changelog 2014-01-28 20:15:30.000000000 +0000
+++ proxytunnel-1.9.0+svn250/debian/changelog 2014-11-09 10:54:45.000000000 +0000
@@ -1,3 +1,19 @@
+proxytunnel (1.9.0+svn250-5) unstable; urgency=medium
+
+ * Improved fix to bug#767301: Replace SSLv3_client_method with
+ SSLv23_client_method so that any of the TLS versions can be used
+ following negotiation with the client (thanks to Peter Meiser for
+ pointing out my error with the previous patch) (Closes: #767301)
+
+ -- Julian Gilbey <j...@debian.org> Sun, 09 Nov 2014 10:54:14 +0000
+
+proxytunnel (1.9.0+svn250-4) unstable; urgency=medium
+
+ * Replace SSLv3 usage with TLSv1 to respond to CVE-2014-3566 removal of
+ SSLv3 from openssl package (Closes: #767301)
+
+ -- Julian Gilbey <j...@debian.org> Fri, 07 Nov 2014 10:06:38 +0000
+
proxytunnel (1.9.0+svn250-3) unstable; urgency=low
* Fix regression: FTBFS on some systems (Closes: #664470)
diff -Nru proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3 proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3
--- proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3 1970-01-01 01:00:00.000000000 +0100
+++ proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3 2014-11-09 10:54:45.000000000 +0000
@@ -0,0 +1,11 @@
+--- a/ptstream.c
++++ b/ptstream.c
+@@ -167,7 +167,7 @@
+ SSLeay_add_ssl_algorithms();
+ SSL_load_error_strings();
+
+- ctx = SSL_CTX_new (SSLv3_client_method());
++ ctx = SSL_CTX_new (SSLv23_client_method());
+ ssl = SSL_new (ctx);
+
+ if (args_info.verbose_flag) {
diff -Nru proxytunnel-1.9.0+svn250/debian/patches/series proxytunnel-1.9.0+svn250/debian/patches/series
--- proxytunnel-1.9.0+svn250/debian/patches/series 2014-01-28 20:17:27.000000000 +0000
+++ proxytunnel-1.9.0+svn250/debian/patches/series 2014-11-09 10:55:33.000000000 +0000
@@ -3,3 +3,4 @@
003_socket_write_loop
004_remove_warnings
005_sni
+006_migrate_from_SSLv3
