Bug#622141: tomcat-native: Using SSLv2_method
Le mercredi 06 juillet 2011 16:16:25, Niels Thykier a écrit : Hey, Hi Niels, Any updates on this? I see it has been marked pending since April 13th and upstream has not replied to it on the tracker. No news since April. I'll publish a fixed package with my current patch. We can revert latter if upstream find something wrong with this. Regards, -- Damien - Debian Developper http://wiki.debian.org/DamienRaudeMorvan signature.asc Description: This is a digitally signed message part. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#622141: tomcat-native: Using SSLv2_method
Hey, Any updates on this? I see it has been marked pending since April 13th and upstream has not replied to it on the tracker. ~Niels __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#622141: tomcat-native: Using SSLv2_method
Source: tomcat-native Version: 1.1.20-1 Severity: serious Tags: sid wheezy Hi, When building the package with openssl 1.0.0 you get: src/sslcontext.c:78:17: warning: implicit declaration of function 'SSLv2_client_method' src/sslcontext.c:80:17: warning: implicit declaration of function 'SSLv2_server_method' src/sslcontext.c:82:17: warning: implicit declaration of function 'SSLv2_method' dpkg-shlibdeps: warning: symbol SSLv2_server_method used by debian/libtcnative-1/usr/lib/libtcnative-1.so.0.1.20 found in none of the libraries. dpkg-shlibdeps: warning: symbol SSLv2_method used by debian/libtcnative-1/usr/lib/libtcnative-1.so.0.1.20 found in none of the libraries. dpkg-shlibdeps: warning: symbol SSLv2_client_method used by debian/libtcnative-1/usr/lib/libtcnative-1.so.0.1.20 found in none of the libraries. SSLv2 support got removed and so the SSLv2_* methods too. Even with the functions removed from the headers and library the package builds fine, you just get some warnings instead of failing at compile time. You will probably get errors at runtime instead. You can check that SSLv2 support is available by checking the OPENSSL_NO_SSL2 define. But I suggest you completly remove SSLv2 support. Kurt __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.