Bug#770446: unblock: oslo.messaging/1.4.0.0+really+1.3.1-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#770446: unblock: oslo.messaging/1.4.0.0+really+1.3.1-2
From: Thomas Goirand <zigo@debian.org>
Date: Fri, 21 Nov 2014 18:22:30 +0800
Message-id: <[🔎] 20141121102230.28548.62570.reportbug@buzig.gplhost.com>
Reply-to: Thomas Goirand <zigo@debian.org>, 770446@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear release team,

Since the last upload of Python and OpenSSL, oslo.messaging is broken,
because we've removed PROTOCOL_SSLv3 (almost certainly, the intend is to
prevent protocol downgrade attacks).

My last upload of oslo.messaging removes the use of PROTOCOL_SSLv3, which
make the package work again. Debdiff attached, as always...

Please unblock oslo.messaging/1.4.0.0+really+1.3.1-2.

Cheers,

Thomas Goirand (zigo)

diff -Nru oslo.messaging-1.4.0.0+really+1.3.1/debian/changelog oslo.messaging-1.4.0.0+really+1.3.1/debian/changelog
--- oslo.messaging-1.4.0.0+really+1.3.1/debian/changelog	2014-09-21 16:28:27.000000000 +0000
+++ oslo.messaging-1.4.0.0+really+1.3.1/debian/changelog	2014-11-21 09:53:40.000000000 +0000
@@ -1,3 +1,9 @@
+oslo.messaging (1.4.0.0+really+1.3.1-2) unstable; urgency=medium
+
+  * Removed the use of PROTOCOL_SSLv3 which is gone from Python.
+
+ -- Thomas Goirand <zigo@debian.org>  Fri, 21 Nov 2014 09:50:49 +0000
+
 oslo.messaging (1.4.0.0+really+1.3.1-1) unstable; urgency=medium
 
   * Repairing wrong upload to unstable (this was due to a wrong release of
diff -Nru oslo.messaging-1.4.0.0+really+1.3.1/debian/patches/remove-PROTOCOL_SSLv3.patch oslo.messaging-1.4.0.0+really+1.3.1/debian/patches/remove-PROTOCOL_SSLv3.patch
--- oslo.messaging-1.4.0.0+really+1.3.1/debian/patches/remove-PROTOCOL_SSLv3.patch	1970-01-01 00:00:00.000000000 +0000
+++ oslo.messaging-1.4.0.0+really+1.3.1/debian/patches/remove-PROTOCOL_SSLv3.patch	2014-11-21 09:53:40.000000000 +0000
@@ -0,0 +1,19 @@
+Description: Remove the use of ssl.PROTOCOL_SSLv3
+ The ssl.PROTOCOL_SSLv3 support has been removed from Python and OpenSSL,
+ which broke completely oslo.messaging. This patch fixes it.
+Author: Thomas Goirand <zigo@debian.org>
+Forwarded: https://review.openstack.org/136278
+Last-Update: 2014-11-21
+
+--- oslo.messaging-1.4.0.0+really+1.3.1.orig/oslo/messaging/_drivers/impl_rabbit.py
++++ oslo.messaging-1.4.0.0+really+1.3.1/oslo/messaging/_drivers/impl_rabbit.py
+@@ -477,8 +477,7 @@ class Connection(object):
+     # FIXME(markmc): use oslo sslutils when it is available as a library
+     _SSL_PROTOCOLS = {
+         "tlsv1": ssl.PROTOCOL_TLSv1,
+-        "sslv23": ssl.PROTOCOL_SSLv23,
+-        "sslv3": ssl.PROTOCOL_SSLv3
++        "sslv23": ssl.PROTOCOL_SSLv23
+     }
+ 
+     try:
diff -Nru oslo.messaging-1.4.0.0+really+1.3.1/debian/patches/series oslo.messaging-1.4.0.0+really+1.3.1/debian/patches/series
--- oslo.messaging-1.4.0.0+really+1.3.1/debian/patches/series	2014-09-21 16:28:27.000000000 +0000
+++ oslo.messaging-1.4.0.0+really+1.3.1/debian/patches/series	2014-11-21 09:53:40.000000000 +0000
@@ -1 +1,2 @@
 no-intersphinx.patch
+remove-PROTOCOL_SSLv3.patch

Reply to:

Follow-Ups:
- Bug#770446: marked as done (unblock: oslo.messaging/1.4.0.0+really+1.3.1-2)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#770443: nmu: inkscape_0.91~pre2-1
Next by Date: Bug#770439: unblock: neutron/2014.1.3-7 (CVE-2014-7821 fix: DoS through invalid DNS configuration)
Previous by thread: Bug#770443: marked as done (nmu: inkscape_0.91~pre2-1)
Next by thread: Bug#770446: marked as done (unblock: oslo.messaging/1.4.0.0+really+1.3.1-2)
Index(es):
- Date
- Thread