Bug#769829: unblock: haskell-tls/1.2.9-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Please unblock package haskell-tls
Thijs Kinkhorst suggested to remove SSL3 support from haskell-tls due to
the POODLE attack. This patch follows that recommendating, taking
upstream’s trivial change to disable SSL3 by default.
See http://bugs.debian.org/768164
unblock haskell-tls/1.2.9-2
- -- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
armhf
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRpFAgACgkQ9ijrk0dDIGyPjgCfcz7/6ki8vVlccE3aw+PBzbJ3
YdcAn0r90WOQpw0STAbfvgB3QHJjo35h
=WlbC
-----END PGP SIGNATURE-----
diff -Nru haskell-tls-1.2.9/debian/changelog haskell-tls-1.2.9/debian/changelog
--- haskell-tls-1.2.9/debian/changelog 2014-09-16 20:43:09.000000000 +0200
+++ haskell-tls-1.2.9/debian/changelog 2014-11-16 21:47:16.000000000 +0100
@@ -1,3 +1,9 @@
+haskell-tls (1.2.9-2) unstable; urgency=medium
+
+ * Disable SSL3 by default (Closes: #768164)
+
+ -- Joachim Breitner <nomeata@debian.org> Sun, 16 Nov 2014 21:47:16 +0100
+
haskell-tls (1.2.9-1) unstable; urgency=medium
* New upstream version.
diff -Nru haskell-tls-1.2.9/debian/patches/no-ssl3 haskell-tls-1.2.9/debian/patches/no-ssl3
--- haskell-tls-1.2.9/debian/patches/no-ssl3 1970-01-01 01:00:00.000000000 +0100
+++ haskell-tls-1.2.9/debian/patches/no-ssl3 2014-11-16 21:43:56.000000000 +0100
@@ -0,0 +1,16 @@
+Debian-Bug: http://bugs.debian.org/768164
+Upstream-Patch: https://github.com/vincenthz/hs-tls/commit/5353bd2f717a31fd63c2a5d67112d8d8279bd1e6
+
+Index: haskell-tls-1.2.9/Network/TLS/Parameters.hs
+===================================================================
+--- haskell-tls-1.2.9.orig/Network/TLS/Parameters.hs 2014-11-16 21:42:36.875208330 +0100
++++ haskell-tls-1.2.9/Network/TLS/Parameters.hs 2014-11-16 21:42:47.111406646 +0100
+@@ -126,7 +126,7 @@
+
+ defaultSupported :: Supported
+ defaultSupported = Supported
+- { supportedVersions = [TLS12,TLS11,TLS10,SSL3]
++ { supportedVersions = [TLS12,TLS11,TLS10]
+ , supportedCiphers = []
+ , supportedCompressions = [nullCompression]
+ , supportedHashSignatures = [ (Struct.HashSHA512, SignatureRSA)
diff -Nru haskell-tls-1.2.9/debian/patches/series haskell-tls-1.2.9/debian/patches/series
--- haskell-tls-1.2.9/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ haskell-tls-1.2.9/debian/patches/series 2014-11-16 21:41:55.000000000 +0100
@@ -0,0 +1 @@
+no-ssl3
Reply to: