Bug#768537: marked as done (unblock: myproxy/6.0-3)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#768537: marked as done (unblock: myproxy/6.0-3)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 09 Nov 2014 09:36:18 +0000
Message-id: <[🔎] handler.768537.D768537.141552571225663.ackdone@bugs.debian.org>
References: <54abf12f5bf4a77adf953a69fa019076@mail.adsl.funky-badger.org> <[🔎] 1415437604.4462.12.camel@localhost>

Your message dated Sun, 09 Nov 2014 09:35:04 +0000
with message-id <54abf12f5bf4a77adf953a69fa019076@mail.adsl.funky-badger.org>
and subject line Re: Bug#768537: unblock: myproxy/6.0-2
has caused the Debian Bug report #768537,
regarding unblock: myproxy/6.0-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
768537: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768537
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: myproxy/6.0-2
From: Mattias Ellert <mattias.ellert@fysast.uu.se>
Date: Sat, 8 Nov 2014 10:06:44 +0100
Message-id: <[🔎] 1415437604.4462.12.camel@localhost>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Closes: #768266 (Severity: serious; RC)

In addition to fixing the above bug, the update also applies a patch to
enable TLS. The previous package used SSLv3 only, which is no longer
appropriate. Some of the tests in the test suite failed without the
patch because Debian's openssl 1.0.1j-1 has disabled SSLv3. With the
patch the test suite passes.

	Mattias

diff -Nru myproxy-6.0/debian/changelog myproxy-6.0/debian/changelog
--- myproxy-6.0/debian/changelog	2014-09-27 17:27:12.000000000 +0200
+++ myproxy-6.0/debian/changelog	2014-11-08 06:41:39.000000000 +0100
@@ -1,3 +1,10 @@
+myproxy (6.0-2) unstable; urgency=medium
+
+  * Properly handle symlink-to-dir conversion in doc package (Closes: #768266)
+  * Enable TLS - debian's openssl has disabled SSLv3 by default
+
+ -- Mattias Ellert <mattias.ellert@fysast.uu.se>  Fri, 07 Nov 2014 23:51:15 +0100
+
 myproxy (6.0-1) unstable; urgency=medium
 
   * Update to 6.0, adapt to Globus Toolkit 6
diff -Nru myproxy-6.0/debian/libmyproxy-doc.postinst myproxy-6.0/debian/libmyproxy-doc.postinst
--- myproxy-6.0/debian/libmyproxy-doc.postinst	1970-01-01 01:00:00.000000000 +0100
+++ myproxy-6.0/debian/libmyproxy-doc.postinst	2014-11-07 23:49:50.000000000 +0100
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+dpkg-maintscript-helper symlink_to_dir \
+    /usr/share/doc/libmyproxy-doc \
+    libmyproxy-dev 6.0-2~ \
+    libmyproxy-doc -- "$@"
diff -Nru myproxy-6.0/debian/libmyproxy-doc.postrm myproxy-6.0/debian/libmyproxy-doc.postrm
--- myproxy-6.0/debian/libmyproxy-doc.postrm	1970-01-01 01:00:00.000000000 +0100
+++ myproxy-6.0/debian/libmyproxy-doc.postrm	2014-11-07 23:49:50.000000000 +0100
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+dpkg-maintscript-helper symlink_to_dir \
+    /usr/share/doc/libmyproxy-doc \
+    libmyproxy-dev 6.0-2~ \
+    libmyproxy-doc -- "$@"
diff -Nru myproxy-6.0/debian/libmyproxy-doc.preinst myproxy-6.0/debian/libmyproxy-doc.preinst
--- myproxy-6.0/debian/libmyproxy-doc.preinst	1970-01-01 01:00:00.000000000 +0100
+++ myproxy-6.0/debian/libmyproxy-doc.preinst	2014-11-07 23:49:50.000000000 +0100
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+dpkg-maintscript-helper symlink_to_dir \
+    /usr/share/doc/libmyproxy-doc \
+    libmyproxy-dev 6.0-2~ \
+    libmyproxy-doc -- "$@"
diff -Nru myproxy-6.0/debian/patches/myproxy-tls.patch myproxy-6.0/debian/patches/myproxy-tls.patch
--- myproxy-6.0/debian/patches/myproxy-tls.patch	1970-01-01 01:00:00.000000000 +0100
+++ myproxy-6.0/debian/patches/myproxy-tls.patch	2014-11-08 06:12:14.000000000 +0100
@@ -0,0 +1,53 @@
+diff --git a/myproxy.c b/myproxy.c
+index 24e744f..9f2fb65 100644
+--- a/myproxy.c
++++ b/myproxy.c
+@@ -544,8 +544,9 @@ myproxy_bootstrap_trust(myproxy_socket_attrs_t *attrs)
+     }
+ 
+     /* get trust root(s) from the myproxy-server */
+-    ctx = SSL_CTX_new(SSLv3_client_method());
+-    SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
++    ctx = SSL_CTX_new(SSLv23_client_method());
++    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 |
++			SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+ 
+     if (!(sbio = BIO_new_ssl_connect(ctx))) goto error;
+     if ( (sockfd = get_connected_myproxy_host_socket(
+diff --git a/myproxy_ocsp.c b/myproxy_ocsp.c
+index 440f6ef..d39e1dc 100644
+--- a/myproxy_ocsp.c
++++ b/myproxy_ocsp.c
+@@ -311,11 +311,12 @@ int myproxy_ocsp_verify(X509 *cert, X509 *issuer) {
+     goto end;
+   }
+   X509_LOOKUP_add_dir(lookup, certdir, X509_FILETYPE_PEM);
+-  ctx = SSL_CTX_new(SSLv3_client_method());
++  ctx = SSL_CTX_new(SSLv23_client_method());
+   if (ctx == NULL) {
+     result = MYPROXY_OCSPRESULT_ERROR_OUTOFMEMORY;
+     goto end;
+   }
++  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+   SSL_CTX_set_cert_store(ctx, store);
+   SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);
+ 
+diff --git a/ssl_utils.c b/ssl_utils.c
+index 0749e5b..4ff5aa5 100644
+--- a/ssl_utils.c
++++ b/ssl_utils.c
+@@ -2146,12 +2146,13 @@ ssl_verify_gsi_chain(SSL_CREDENTIALS *chain)
+    X509_LOOKUP_add_dir(lookup, certdir, X509_FILETYPE_PEM);
+    X509_STORE_CTX_init(&csc, cert_store, chain->certificate, NULL);
+    
+-   sslContext = SSL_CTX_new(SSLv3_server_method());
++   sslContext = SSL_CTX_new(SSLv23_server_method());
+    if (sslContext == NULL) {
+       verror_put_string("Initializing SSL_CTX");
+       ssl_error_to_verror();
+       goto end;
+    }
++   SSL_CTX_set_options(sslContext, SSL_OP_NO_SSLv2);
+ 
+    SSL_CTX_set_purpose(sslContext, X509_PURPOSE_ANY);
+ 
diff -Nru myproxy-6.0/debian/patches/series myproxy-6.0/debian/patches/series
--- myproxy-6.0/debian/patches/series	2014-09-27 18:31:26.000000000 +0200
+++ myproxy-6.0/debian/patches/series	2014-11-08 06:05:21.000000000 +0100
@@ -2,3 +2,5 @@
 myproxy-pathmax.patch
 # Missing depandencies
 myproxy-deps.patch
+# Enable TLS
+myproxy-tls.patch

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---

--- Begin Message ---

To: Mattias Ellert <mattias.ellert@fysast.uu.se>, 768537-done@bugs.debian.org

Subject: Re: Bug#768537: unblock: myproxy/6.0-2

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sun, 09 Nov 2014 09:35:04 +0000

Message-id: <54abf12f5bf4a77adf953a69fa019076@mail.adsl.funky-badger.org>

In-reply-to: <[🔎] 1415521984.4462.27.camel@localhost>

References: <[🔎] 1415437604.4462.12.camel@localhost> <[🔎] 330349948b2eb20b59bf160a9d2eedc5@mail.adsl.funky-badger.org> <[🔎] 1415521984.4462.27.camel@localhost>
On 2014-11-09 8:33, Mattias Ellert wrote:
Control: -1 tags - moreinfo
Control: -1 retitle unblock: myproxy/6.0-3

New version with Pre-Depends: 6.0/3
Unblocked, thanks.

Regards,

Adam
--- End Message ---

Reply to:

References:
- Bug#768537: unblock: myproxy/6.0-2
  - From: Mattias Ellert <mattias.ellert@fysast.uu.se>

Prev by Date: Bug#768784: unblock: libbio-graphics-perl/2.39-2
Next by Date: Bug#768786: unblock: wxglade/0.6.8-2.2
Previous by thread: Bug#768537: unblock: myproxy/6.0-2
Next by thread: Bug#768538: unblock voms/2.0.11-4
Index(es):
- Date
- Thread