[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#769829: unblock: haskell-tls/1.2.9-2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please unblock package haskell-tls

Thijs Kinkhorst suggested to remove SSL3 support from haskell-tls due to
the POODLE attack. This patch follows that recommendating, taking
upstream’s trivial change to disable SSL3 by default.

See http://bugs.debian.org/768164

unblock haskell-tls/1.2.9-2

- -- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
armhf

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRpFAgACgkQ9ijrk0dDIGyPjgCfcz7/6ki8vVlccE3aw+PBzbJ3
YdcAn0r90WOQpw0STAbfvgB3QHJjo35h
=WlbC
-----END PGP SIGNATURE-----

diff -Nru haskell-tls-1.2.9/debian/changelog haskell-tls-1.2.9/debian/changelog
--- haskell-tls-1.2.9/debian/changelog	2014-09-16 20:43:09.000000000 +0200
+++ haskell-tls-1.2.9/debian/changelog	2014-11-16 21:47:16.000000000 +0100
@@ -1,3 +1,9 @@
+haskell-tls (1.2.9-2) unstable; urgency=medium
+
+  * Disable SSL3 by default (Closes: #768164)
+
+ -- Joachim Breitner <nomeata@debian.org>  Sun, 16 Nov 2014 21:47:16 +0100
+
 haskell-tls (1.2.9-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru haskell-tls-1.2.9/debian/patches/no-ssl3 haskell-tls-1.2.9/debian/patches/no-ssl3
--- haskell-tls-1.2.9/debian/patches/no-ssl3	1970-01-01 01:00:00.000000000 +0100
+++ haskell-tls-1.2.9/debian/patches/no-ssl3	2014-11-16 21:43:56.000000000 +0100
@@ -0,0 +1,16 @@
+Debian-Bug: http://bugs.debian.org/768164
+Upstream-Patch: https://github.com/vincenthz/hs-tls/commit/5353bd2f717a31fd63c2a5d67112d8d8279bd1e6
+
+Index: haskell-tls-1.2.9/Network/TLS/Parameters.hs
+===================================================================
+--- haskell-tls-1.2.9.orig/Network/TLS/Parameters.hs	2014-11-16 21:42:36.875208330 +0100
++++ haskell-tls-1.2.9/Network/TLS/Parameters.hs	2014-11-16 21:42:47.111406646 +0100
+@@ -126,7 +126,7 @@
+ 
+ defaultSupported :: Supported
+ defaultSupported = Supported
+-    { supportedVersions       = [TLS12,TLS11,TLS10,SSL3]
++    { supportedVersions       = [TLS12,TLS11,TLS10]
+     , supportedCiphers        = []
+     , supportedCompressions   = [nullCompression]
+     , supportedHashSignatures = [ (Struct.HashSHA512, SignatureRSA)
diff -Nru haskell-tls-1.2.9/debian/patches/series haskell-tls-1.2.9/debian/patches/series
--- haskell-tls-1.2.9/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ haskell-tls-1.2.9/debian/patches/series	2014-11-16 21:41:55.000000000 +0100
@@ -0,0 +1 @@
+no-ssl3
Reply to: