Bug#768421: unblock: proxytunnel/1.9.0+svn250-4

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#768421: unblock: proxytunnel/1.9.0+svn250-4
From: Julian Gilbey <jdg@debian.org>
Date: Fri, 07 Nov 2014 10:32:12 +0000
Message-id: <[🔎] 20141107103212.24922.78241.reportbug@erdos.d-and-j.net>
Reply-to: Julian Gilbey <jdg@debian.org>, 768421@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package proxytunnel

This fixes Debian bug #767301, severity important.

This bug notes that due to CVE-2014-3566, SSLv3 is no longer available
in openssl, so I have patched proxytunnel to use TLSv1 instead of
SSLv3.  This may mean that some proxies which still use SSLv3
exclusively will no longer be accessible, but the absence of SSLv3 in
libssl would prevent this anyway.

I have just uploaded version -4 of proxytunnel - it should hit
unstable shortly.

The debdiff is attached: I have patched one line in one file via a new
quilt patch.

Thanks!

   Julian

unblock proxytunnel/1.9.0+svn250-4

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru proxytunnel-1.9.0+svn250/debian/changelog proxytunnel-1.9.0+svn250/debian/changelog
--- proxytunnel-1.9.0+svn250/debian/changelog	2014-01-28 20:15:30.000000000 +0000
+++ proxytunnel-1.9.0+svn250/debian/changelog	2014-11-07 10:21:54.000000000 +0000
@@ -1,3 +1,10 @@
+proxytunnel (1.9.0+svn250-4) unstable; urgency=medium
+
+  * Replace SSLv3 usage with TLSv1 to respond to CVE-2014-3566 removal of
+    SSLv3 from openssl package (Closes: #767301)
+
+ -- Julian Gilbey <jdg@debian.org>  Fri, 07 Nov 2014 10:06:38 +0000
+
 proxytunnel (1.9.0+svn250-3) unstable; urgency=low
 
   * Fix regression: FTBFS on some systems (Closes: #664470)
diff -Nru proxytunnel-1.9.0+svn250/debian/patches/06_migrate_from_SSLv3 proxytunnel-1.9.0+svn250/debian/patches/06_migrate_from_SSLv3
--- proxytunnel-1.9.0+svn250/debian/patches/06_migrate_from_SSLv3	1970-01-01 01:00:00.000000000 +0100
+++ proxytunnel-1.9.0+svn250/debian/patches/06_migrate_from_SSLv3	2014-11-07 10:17:50.000000000 +0000
@@ -0,0 +1,11 @@
+--- a/ptstream.c
++++ b/ptstream.c
+@@ -167,7 +167,7 @@
+ 	SSLeay_add_ssl_algorithms();
+ 	SSL_load_error_strings();
+ 
+-	ctx = SSL_CTX_new (SSLv3_client_method());
++	ctx = SSL_CTX_new (TLSv1_client_method());
+ 	ssl = SSL_new (ctx);
+ 
+ 	if (args_info.verbose_flag) {
diff -Nru proxytunnel-1.9.0+svn250/debian/patches/series proxytunnel-1.9.0+svn250/debian/patches/series
--- proxytunnel-1.9.0+svn250/debian/patches/series	2014-01-28 20:17:27.000000000 +0000
+++ proxytunnel-1.9.0+svn250/debian/patches/series	2014-11-07 10:05:26.000000000 +0000
@@ -3,3 +3,4 @@
 003_socket_write_loop
 004_remove_warnings
 005_sni
+06_migrate_from_SSLv3

Reply to:

Follow-Ups:
- Bug#768421: marked as done (unblock: proxytunnel/1.9.0+svn250-4)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: tagging 768077
Next by Date: Bug#768421: unblock: proxytunnel
Previous by thread: Processed: tagging 768077
Next by thread: Bug#768421: marked as done (unblock: proxytunnel/1.9.0+svn250-4)
Index(es):
- Date
- Thread