tags 622011 + pending thanks Dear maintainer,
I've prepared an NMU for openvas-client (versioned as 2.0.5-1.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards. Konstantinos
diff -u openvas-client-2.0.5/debian/changelog openvas-client-2.0.5/debian/changelog --- openvas-client-2.0.5/debian/changelog +++ openvas-client-2.0.5/debian/changelog @@ -1,3 +1,11 @@ +openvas-client (2.0.5-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Patch from Ubuntu by Ilya Barygin <bary...@gmail.com>, only use SSLv2 if SSLv3 + is not available. (Closes: #622011) + + -- Konstantinos Margaritis <mar...@debian.org> Tue, 31 Jan 2012 16:56:33 +0000 + openvas-client (2.0.5-1) unstable; urgency=low * New upstream release diff -u openvas-client-2.0.5/debian/patches/00list openvas-client-2.0.5/debian/patches/00list --- openvas-client-2.0.5/debian/patches/00list +++ openvas-client-2.0.5/debian/patches/00list @@ -1,0 +2 @@ +02_sslv2.dpatch only in patch2: unchanged: --- openvas-client-2.0.5.orig/debian/patches/02_sslv2.dpatch +++ openvas-client-2.0.5/debian/patches/02_sslv2.dpatch @@ -0,0 +1,23 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## Description: OpenSSL 1.0.0 removed SSLv2 support. Handle this case. +## Author: Ilya Barygin <bary...@gmail.com> +## Bug-Debian: http://bugs.debian.org/622011 + +@DPATCH@ +diff -urNad openvas-client-2.0.5~/nessus/nessus.c openvas-client-2.0.5/nessus/nessus.c +--- openvas-client-2.0.5~/nessus/nessus.c 2011-08-21 17:55:01.000000000 +0400 ++++ openvas-client-2.0.5/nessus/nessus.c 2011-08-21 17:53:12.000000000 +0400 +@@ -481,9 +481,12 @@ + } + if (ssl_mt == NULL) + { ++#ifndef OPENSSL_NO_SSL2 + if (strcasecmp(ssl_ver, "SSLv2") == 0) + ssl_mt = SSLv2_client_method(); ++ else ++#endif ++ if (strcasecmp(ssl_ver, "SSLv3") == 0) +- else if (strcasecmp(ssl_ver, "SSLv3") == 0) + ssl_mt = SSLv3_client_method(); + else if (strcasecmp(ssl_ver, "SSLv23") == 0) + ssl_mt = SSLv23_client_method();