Re: [stable] openssl rfc5746 / renegotiation support

To: Philipp Kern <pkern@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: [stable] openssl rfc5746 / renegotiation support
From: Peter Palfrader <weasel@debian.org>
Date: Sat, 20 Nov 2010 15:12:56 +0100
Message-id: <[🔎] 20101120141256.GY10569@anguilla.noreply.org>
In-reply-to: <[🔎] 20101120122353.GX10569@anguilla.noreply.org>
References: <[🔎] 20101116204806.GA14739@roeckx.be> <[🔎] 20101119103548.GS10569@anguilla.noreply.org> <[🔎] 20101119131202.GA9818@thrall.0x539.de> <[🔎] 20101120122353.GX10569@anguilla.noreply.org>

On Sat, 20 Nov 2010, Peter Palfrader wrote:

> > > When we throw out tor 0.2.0.x from lenny, are we replacing it with the
> > > version currently in lenny-volatile?
> > 
> > I'd be ok with that.
> 
> Ok, I'll upload it later today.  I'll include the no-coredump patch too,
> unless somebody shouts.

Uploaded just the volatile version, with no further changes as per your
request.

interdiff and debdiff attached.

Thanks,
weasel
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

diff -u tor-0.2.1.26/debian/changelog tor-0.2.1.26/debian/changelog
--- tor-0.2.1.26/debian/changelog
+++ tor-0.2.1.26/debian/changelog
@@ -1,3 +1,22 @@
+tor (0.2.1.26-1~lenny+1) stable; urgency=low
+
+  * Upload to stable, since a potential future security upload
+    for openssl will break Tor 0.2.0.35, the version currently in
+    stable.
+    .
+    This libssl update will change how openssl does renegotiation,
+    and Tor 0.2.0.x relies on the old behaviour but does not yet
+    know how to tell openssl to stick to it.  The 0.2.1.x tree
+    has special support for newer openssls and sets the proper, new
+    flags so libssl continues to provide the old renegotiation
+    features.
+    .
+    The old-style renegotiation feature is potentially dangerous
+    in some cases, but it is believed that Tor does everything
+    correctly and thus can use it safely.
+
+ -- Peter Palfrader <weasel@debian.org>  Sat, 20 Nov 2010 11:24:32 +0100
+
 tor (0.2.1.26-1~lennyvolatile1) lenny-volatile; urgency=low
 
   * Upload to lenny-volatile.
diff -u tor-0.2.1.26/debian/micro-revision.i tor-0.2.1.26/debian/micro-revision.i
--- tor-0.2.1.26/debian/micro-revision.i
+++ tor-0.2.1.26/debian/micro-revision.i
@@ -1 +1 @@
-"59d3dbb874f0deb3"
+"0856f24277cd9842"

File lists identical (after any substitutions)

Control files of package tor: lines which differ (wdiff format)
---------------------------------------------------------------
Version: [-0.2.1.26-1~lennyvolatile1-] {+0.2.1.26-1~lenny+1+}

Control files of package tor-dbg: lines which differ (wdiff format)
-------------------------------------------------------------------
Depends: tor (= [-0.2.1.26-1~lennyvolatile1)-] {+0.2.1.26-1~lenny+1)+}
Version: [-0.2.1.26-1~lennyvolatile1-] {+0.2.1.26-1~lenny+1+}

Control files of package tor-geoipdb: lines which differ (wdiff format)
-----------------------------------------------------------------------
Depends: tor (>= [-0.2.1.26-1~lennyvolatile1)-] {+0.2.1.26-1~lenny+1)+}
Version: [-0.2.1.26-1~lennyvolatile1-] {+0.2.1.26-1~lenny+1+}

Reply to:

References:
- openssl rfc5746 / renegotiation support
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: [stable] openssl rfc5746 / renegotiation support
  - From: Peter Palfrader <weasel@debian.org>
- Re: [stable] openssl rfc5746 / renegotiation support
  - From: Philipp Kern <pkern@debian.org>
- Re: [stable] openssl rfc5746 / renegotiation support
  - From: Peter Palfrader <weasel@debian.org>

Prev by Date: NEW changes in proposedupdates
Next by Date: Re: Fixing #548909 (xen-tools: xen-create-image creates world readable disk image files) in stable
Previous by thread: Re: [stable] openssl rfc5746 / renegotiation support
Next by thread: Re: [stable] openssl rfc5746 / renegotiation support
Index(es):
- Date
- Thread