Bug#768796: marked as done (unblock: proxytunnel/1.9.0+svn250-5)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 09 Nov 2014 11:33:52 +0000
with message-id <cdc943420ae683cd799b795913478d6a@mail.adsl.funky-badger.org>
and subject line Re: Bug#768796: unblock: proxytunnel/1.9.0+svn250-5
has caused the Debian Bug report #768796,
regarding unblock: proxytunnel/1.9.0+svn250-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
768796: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768796
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: proxytunnel/1.9.0+svn250-5
• From: Julian Gilbey <jdg@debian.org>
• Date: Sun, 09 Nov 2014 11:08:56 +0000
• Message-id: <[🔎] 20141109110856.24294.66150.reportbug@erdos.d-and-j.net>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package proxytunnel

An improved fix for important bug #767301 - my original fix restricted
to TLS v1.0, whereas this new patch allows any version of TLS.  (There
is a discussion of this in the bug report.)  Sorry for this second
unblock request for the same bug.

The debdiff is attached.

The changelog from the version in testing:

proxytunnel (1.9.0+svn250-5) unstable; urgency=medium

  * Improved fix to bug#767301: Replace SSLv3_client_method with
    SSLv23_client_method so that any of the TLS versions can be used
    following negotiation with the client (thanks to Peter Meiser for
    pointing out my error with the previous patch) (Closes: #767301)

 -- Julian Gilbey <jdg@debian.org>  Sun, 09 Nov 2014 10:54:14 +0000

proxytunnel (1.9.0+svn250-4) unstable; urgency=medium

  * Replace SSLv3 usage with TLSv1 to respond to CVE-2014-3566 removal of
    SSLv3 from openssl package (Closes: #767301)

-- Julian Gilbey <jdg@debian.org>  Fri, 07 Nov 2014 10:06:38 +0000

Thanks!

   Julian

unblock proxytunnel/1.9.0+svn250-5

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru proxytunnel-1.9.0+svn250/debian/changelog proxytunnel-1.9.0+svn250/debian/changelog
--- proxytunnel-1.9.0+svn250/debian/changelog	2014-01-28 20:15:30.000000000 +0000
+++ proxytunnel-1.9.0+svn250/debian/changelog	2014-11-09 10:54:45.000000000 +0000
@@ -1,3 +1,19 @@
+proxytunnel (1.9.0+svn250-5) unstable; urgency=medium
+
+  * Improved fix to bug#767301: Replace SSLv3_client_method with
+    SSLv23_client_method so that any of the TLS versions can be used
+    following negotiation with the client (thanks to Peter Meiser for
+    pointing out my error with the previous patch) (Closes: #767301)
+
+ -- Julian Gilbey <jdg@debian.org>  Sun, 09 Nov 2014 10:54:14 +0000
+
+proxytunnel (1.9.0+svn250-4) unstable; urgency=medium
+
+  * Replace SSLv3 usage with TLSv1 to respond to CVE-2014-3566 removal of
+    SSLv3 from openssl package (Closes: #767301)
+
+ -- Julian Gilbey <jdg@debian.org>  Fri, 07 Nov 2014 10:06:38 +0000
+
 proxytunnel (1.9.0+svn250-3) unstable; urgency=low
 
   * Fix regression: FTBFS on some systems (Closes: #664470)
diff -Nru proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3 proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3
--- proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3	1970-01-01 01:00:00.000000000 +0100
+++ proxytunnel-1.9.0+svn250/debian/patches/006_migrate_from_SSLv3	2014-11-09 10:54:45.000000000 +0000
@@ -0,0 +1,11 @@
+--- a/ptstream.c
++++ b/ptstream.c
+@@ -167,7 +167,7 @@
+ 	SSLeay_add_ssl_algorithms();
+ 	SSL_load_error_strings();
+ 
+-	ctx = SSL_CTX_new (SSLv3_client_method());
++	ctx = SSL_CTX_new (SSLv23_client_method());
+ 	ssl = SSL_new (ctx);
+ 
+ 	if (args_info.verbose_flag) {
diff -Nru proxytunnel-1.9.0+svn250/debian/patches/series proxytunnel-1.9.0+svn250/debian/patches/series
--- proxytunnel-1.9.0+svn250/debian/patches/series	2014-01-28 20:17:27.000000000 +0000
+++ proxytunnel-1.9.0+svn250/debian/patches/series	2014-11-09 10:55:33.000000000 +0000
@@ -3,3 +3,4 @@
 003_socket_write_loop
 004_remove_warnings
 005_sni
+006_migrate_from_SSLv3

--- End Message ---

--- Begin Message ---

• To: Julian Gilbey <jdg@debian.org>, 768796-done@bugs.debian.org
• Subject: Re: Bug#768796: unblock: proxytunnel/1.9.0+svn250-5
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sun, 09 Nov 2014 11:33:52 +0000
• Message-id: <cdc943420ae683cd799b795913478d6a@mail.adsl.funky-badger.org>
• In-reply-to: <[🔎] 20141109110856.24294.66150.reportbug@erdos.d-and-j.net>
• References: <[🔎] 20141109110856.24294.66150.reportbug@erdos.d-and-j.net>

On 2014-11-09 11:08, Julian Gilbey wrote:

Please unblock package proxytunnel

An improved fix for important bug #767301 - my original fix restricted
to TLS v1.0, whereas this new patch allows any version of TLS.  (There
is a discussion of this in the bug report.)  Sorry for this second
unblock request for the same bug.

Unblocked; thanks.

Regards,

Adam

--- End Message ---