Bug#769829: marked as done (unblock: haskell-tls/1.2.9-2)

To: Jonathan Wiltshire <jmw@debian.org>
Subject: Bug#769829: marked as done (unblock: haskell-tls/1.2.9-2)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 16 Nov 2014 21:24:05 +0000
Message-id: <[🔎] handler.769829.D769829.141617287723395.ackdone@bugs.debian.org>
References: <20141116212112.GH6216@lupin.home.powdarrmonkey.net> <[🔎] 20141116211558.8500.56406.reportbug@kirk>

Your message dated Sun, 16 Nov 2014 21:21:12 +0000
with message-id <20141116212112.GH6216@lupin.home.powdarrmonkey.net>
and subject line Re: Bug#769829: unblock: haskell-tls/1.2.9-2
has caused the Debian Bug report #769829,
regarding unblock: haskell-tls/1.2.9-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
769829: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769829
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: haskell-tls/1.2.9-2
From: Joachim Breitner <nomeata@debian.org>
Date: Sun, 16 Nov 2014 22:15:58 +0100
Message-id: <[🔎] 20141116211558.8500.56406.reportbug@kirk>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please unblock package haskell-tls

Thijs Kinkhorst suggested to remove SSL3 support from haskell-tls due to
the POODLE attack. This patch follows that recommendating, taking
upstream’s trivial change to disable SSL3 by default.

See http://bugs.debian.org/768164

unblock haskell-tls/1.2.9-2

- -- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
armhf

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRpFAgACgkQ9ijrk0dDIGyPjgCfcz7/6ki8vVlccE3aw+PBzbJ3
YdcAn0r90WOQpw0STAbfvgB3QHJjo35h
=WlbC
-----END PGP SIGNATURE-----

diff -Nru haskell-tls-1.2.9/debian/changelog haskell-tls-1.2.9/debian/changelog
--- haskell-tls-1.2.9/debian/changelog	2014-09-16 20:43:09.000000000 +0200
+++ haskell-tls-1.2.9/debian/changelog	2014-11-16 21:47:16.000000000 +0100
@@ -1,3 +1,9 @@
+haskell-tls (1.2.9-2) unstable; urgency=medium
+
+  * Disable SSL3 by default (Closes: #768164)
+
+ -- Joachim Breitner <nomeata@debian.org>  Sun, 16 Nov 2014 21:47:16 +0100
+
 haskell-tls (1.2.9-1) unstable; urgency=medium
 
   * New upstream version.
diff -Nru haskell-tls-1.2.9/debian/patches/no-ssl3 haskell-tls-1.2.9/debian/patches/no-ssl3
--- haskell-tls-1.2.9/debian/patches/no-ssl3	1970-01-01 01:00:00.000000000 +0100
+++ haskell-tls-1.2.9/debian/patches/no-ssl3	2014-11-16 21:43:56.000000000 +0100
@@ -0,0 +1,16 @@
+Debian-Bug: http://bugs.debian.org/768164
+Upstream-Patch: https://github.com/vincenthz/hs-tls/commit/5353bd2f717a31fd63c2a5d67112d8d8279bd1e6
+
+Index: haskell-tls-1.2.9/Network/TLS/Parameters.hs
+===================================================================
+--- haskell-tls-1.2.9.orig/Network/TLS/Parameters.hs	2014-11-16 21:42:36.875208330 +0100
++++ haskell-tls-1.2.9/Network/TLS/Parameters.hs	2014-11-16 21:42:47.111406646 +0100
+@@ -126,7 +126,7 @@
+ 
+ defaultSupported :: Supported
+ defaultSupported = Supported
+-    { supportedVersions       = [TLS12,TLS11,TLS10,SSL3]
++    { supportedVersions       = [TLS12,TLS11,TLS10]
+     , supportedCiphers        = []
+     , supportedCompressions   = [nullCompression]
+     , supportedHashSignatures = [ (Struct.HashSHA512, SignatureRSA)
diff -Nru haskell-tls-1.2.9/debian/patches/series haskell-tls-1.2.9/debian/patches/series
--- haskell-tls-1.2.9/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ haskell-tls-1.2.9/debian/patches/series	2014-11-16 21:41:55.000000000 +0100
@@ -0,0 +1 @@
+no-ssl3

--- End Message ---

--- Begin Message ---

To: Joachim Breitner <nomeata@debian.org>, 769829-done@bugs.debian.org

Subject: Re: Bug#769829: unblock: haskell-tls/1.2.9-2

From: Jonathan Wiltshire <jmw@debian.org>

Date: Sun, 16 Nov 2014 21:21:12 +0000

Message-id: <20141116212112.GH6216@lupin.home.powdarrmonkey.net>

In-reply-to: <[🔎] 20141116211558.8500.56406.reportbug@kirk>

References: <[🔎] 20141116211558.8500.56406.reportbug@kirk>
On Sun, Nov 16, 2014 at 10:15:58PM +0100, Joachim Breitner wrote:
> Please unblock package haskell-tls
> 
> Thijs Kinkhorst suggested to remove SSL3 support from haskell-tls due to
> the POODLE attack. This patch follows that recommendating, taking
> upstream’s trivial change to disable SSL3 by default.

Unblocked.

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to:

References:
- Bug#769829: unblock: haskell-tls/1.2.9-2
  - From: Joachim Breitner <nomeata@debian.org>

Prev by Date: Processed: Re: Bug#769813: pre-approval: unblock: hdapsd/1:20141024-2
Next by Date: Bug#769705: unblock: pdns-recursor/3.6.2-2
Previous by thread: Bug#769829: unblock: haskell-tls/1.2.9-2
Next by thread: Processed: tagging 767781
Index(es):
- Date
- Thread