Your message dated Sun, 09 Nov 2014 09:35:04 +0000 with message-id <54abf12f5bf4a77adf953a69fa019076@mail.adsl.funky-badger.org> and subject line Re: Bug#768537: unblock: myproxy/6.0-2 has caused the Debian Bug report #768537, regarding unblock: myproxy/6.0-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 768537: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768537 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: myproxy/6.0-2
- From: Mattias Ellert <mattias.ellert@fysast.uu.se>
- Date: Sat, 8 Nov 2014 10:06:44 +0100
- Message-id: <[🔎] 1415437604.4462.12.camel@localhost>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Closes: #768266 (Severity: serious; RC) In addition to fixing the above bug, the update also applies a patch to enable TLS. The previous package used SSLv3 only, which is no longer appropriate. Some of the tests in the test suite failed without the patch because Debian's openssl 1.0.1j-1 has disabled SSLv3. With the patch the test suite passes. Mattiasdiff -Nru myproxy-6.0/debian/changelog myproxy-6.0/debian/changelog --- myproxy-6.0/debian/changelog 2014-09-27 17:27:12.000000000 +0200 +++ myproxy-6.0/debian/changelog 2014-11-08 06:41:39.000000000 +0100 @@ -1,3 +1,10 @@ +myproxy (6.0-2) unstable; urgency=medium + + * Properly handle symlink-to-dir conversion in doc package (Closes: #768266) + * Enable TLS - debian's openssl has disabled SSLv3 by default + + -- Mattias Ellert <mattias.ellert@fysast.uu.se> Fri, 07 Nov 2014 23:51:15 +0100 + myproxy (6.0-1) unstable; urgency=medium * Update to 6.0, adapt to Globus Toolkit 6 diff -Nru myproxy-6.0/debian/libmyproxy-doc.postinst myproxy-6.0/debian/libmyproxy-doc.postinst --- myproxy-6.0/debian/libmyproxy-doc.postinst 1970-01-01 01:00:00.000000000 +0100 +++ myproxy-6.0/debian/libmyproxy-doc.postinst 2014-11-07 23:49:50.000000000 +0100 @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/doc/libmyproxy-doc \ + libmyproxy-dev 6.0-2~ \ + libmyproxy-doc -- "$@" diff -Nru myproxy-6.0/debian/libmyproxy-doc.postrm myproxy-6.0/debian/libmyproxy-doc.postrm --- myproxy-6.0/debian/libmyproxy-doc.postrm 1970-01-01 01:00:00.000000000 +0100 +++ myproxy-6.0/debian/libmyproxy-doc.postrm 2014-11-07 23:49:50.000000000 +0100 @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/doc/libmyproxy-doc \ + libmyproxy-dev 6.0-2~ \ + libmyproxy-doc -- "$@" diff -Nru myproxy-6.0/debian/libmyproxy-doc.preinst myproxy-6.0/debian/libmyproxy-doc.preinst --- myproxy-6.0/debian/libmyproxy-doc.preinst 1970-01-01 01:00:00.000000000 +0100 +++ myproxy-6.0/debian/libmyproxy-doc.preinst 2014-11-07 23:49:50.000000000 +0100 @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +dpkg-maintscript-helper symlink_to_dir \ + /usr/share/doc/libmyproxy-doc \ + libmyproxy-dev 6.0-2~ \ + libmyproxy-doc -- "$@" diff -Nru myproxy-6.0/debian/patches/myproxy-tls.patch myproxy-6.0/debian/patches/myproxy-tls.patch --- myproxy-6.0/debian/patches/myproxy-tls.patch 1970-01-01 01:00:00.000000000 +0100 +++ myproxy-6.0/debian/patches/myproxy-tls.patch 2014-11-08 06:12:14.000000000 +0100 @@ -0,0 +1,53 @@ +diff --git a/myproxy.c b/myproxy.c +index 24e744f..9f2fb65 100644 +--- a/myproxy.c ++++ b/myproxy.c +@@ -544,8 +544,9 @@ myproxy_bootstrap_trust(myproxy_socket_attrs_t *attrs) + } + + /* get trust root(s) from the myproxy-server */ +- ctx = SSL_CTX_new(SSLv3_client_method()); +- SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); ++ ctx = SSL_CTX_new(SSLv23_client_method()); ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | ++ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); + + if (!(sbio = BIO_new_ssl_connect(ctx))) goto error; + if ( (sockfd = get_connected_myproxy_host_socket( +diff --git a/myproxy_ocsp.c b/myproxy_ocsp.c +index 440f6ef..d39e1dc 100644 +--- a/myproxy_ocsp.c ++++ b/myproxy_ocsp.c +@@ -311,11 +311,12 @@ int myproxy_ocsp_verify(X509 *cert, X509 *issuer) { + goto end; + } + X509_LOOKUP_add_dir(lookup, certdir, X509_FILETYPE_PEM); +- ctx = SSL_CTX_new(SSLv3_client_method()); ++ ctx = SSL_CTX_new(SSLv23_client_method()); + if (ctx == NULL) { + result = MYPROXY_OCSPRESULT_ERROR_OUTOFMEMORY; + goto end; + } ++ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + SSL_CTX_set_cert_store(ctx, store); + SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL); + +diff --git a/ssl_utils.c b/ssl_utils.c +index 0749e5b..4ff5aa5 100644 +--- a/ssl_utils.c ++++ b/ssl_utils.c +@@ -2146,12 +2146,13 @@ ssl_verify_gsi_chain(SSL_CREDENTIALS *chain) + X509_LOOKUP_add_dir(lookup, certdir, X509_FILETYPE_PEM); + X509_STORE_CTX_init(&csc, cert_store, chain->certificate, NULL); + +- sslContext = SSL_CTX_new(SSLv3_server_method()); ++ sslContext = SSL_CTX_new(SSLv23_server_method()); + if (sslContext == NULL) { + verror_put_string("Initializing SSL_CTX"); + ssl_error_to_verror(); + goto end; + } ++ SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2); + + SSL_CTX_set_purpose(sslContext, X509_PURPOSE_ANY); + diff -Nru myproxy-6.0/debian/patches/series myproxy-6.0/debian/patches/series --- myproxy-6.0/debian/patches/series 2014-09-27 18:31:26.000000000 +0200 +++ myproxy-6.0/debian/patches/series 2014-11-08 06:05:21.000000000 +0100 @@ -2,3 +2,5 @@ myproxy-pathmax.patch # Missing depandencies myproxy-deps.patch +# Enable TLS +myproxy-tls.patchAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: Mattias Ellert <mattias.ellert@fysast.uu.se>, 768537-done@bugs.debian.org
- Subject: Re: Bug#768537: unblock: myproxy/6.0-2
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sun, 09 Nov 2014 09:35:04 +0000
- Message-id: <54abf12f5bf4a77adf953a69fa019076@mail.adsl.funky-badger.org>
- In-reply-to: <[🔎] 1415521984.4462.27.camel@localhost>
- References: <[🔎] 1415437604.4462.12.camel@localhost> <[🔎] 330349948b2eb20b59bf160a9d2eedc5@mail.adsl.funky-badger.org> <[🔎] 1415521984.4462.27.camel@localhost>
On 2014-11-09 8:33, Mattias Ellert wrote:Control: -1 tags - moreinfo Control: -1 retitle unblock: myproxy/6.0-3 New version with Pre-Depends: 6.0/3Unblocked, thanks. Regards, Adam
--- End Message ---