Bug#871943: marked as done (stretch-pu: package freerdp/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 07 Oct 2017 11:33:55 +0100
with message-id <1507372435.18586.64.camel@adam-barratt.org.uk>
and subject line Closing bugs for 9.2 point release
has caused the Debian Bug report #871943,
regarding stretch-pu: package freerdp/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
871943: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871943
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: stretch-pu: package freerdp/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2
• From: Mike Gabriel <sunweaver@debian.org>
• Date: Sat, 12 Aug 2017 15:35:58 -0400
• Message-id: <150256655891.29442.2352781030544196706.reportbug@minobo.das-netzwerkteam.de>

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

we received a helpful patch from FreeRDP upstream for the still support
FreeRDP 1.1 version we ship in Debian.

[PATCH 1/1] enable TLS 1+

Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
To be able to also use TLS 1.1 and later use SSLv23_client_method
instead. To make sure SSLv2 or SSLv3 isn't used disable them.

A .debdiff has been attached.

A +/- identical upload could be done for jessie-updates, too. The
upstream versions are the same, the patch level is slightly different.
Shall I file an extra bug report for that?

Thanks!
Mike


-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog	2017-07-27 17:53:25.000000000 -0400
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog	2017-08-12 15:26:43.000000000 -0400
@@ -1,3 +1,11 @@
+freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2) stretch; urgency=medium
+
+  [ Bernhard Miklautz ]
+  * debian/patches:
+    + Add 0009-enable-TLS-12.patch. Enable TLS 1+ support. (Closes: #871478).
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sat, 12 Aug 2017 15:26:43 -0400
+
 freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1) stretch-security; urgency=high
 
   [ Bernhard Miklautz ]
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch	1969-12-31 19:00:00.000000000 -0500
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch	2017-08-12 15:26:22.000000000 -0400
@@ -0,0 +1,38 @@
+From 3ba81cbd5a59434f3053665e9fc4a432afd0db20 Mon Sep 17 00:00:00 2001
+From: Bernhard Miklautz <bernhard.miklautz@shacknet.at>
+Date: Thu, 10 Aug 2017 09:31:21 +0200
+Subject: [PATCH 1/1] enable TLS 1+
+
+Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
+To be able to also use TLS 1.1 and later use SSLv23_client_method
+instead. To make sure SSLv2 or SSLv3 isn't used disable them.
+
+cherry-picked from aa80f63b4ab19101cbdc376f7e0613ed410fee11
+---
+ libfreerdp/crypto/tls.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/libfreerdp/crypto/tls.c
++++ b/libfreerdp/crypto/tls.c
+@@ -102,7 +102,7 @@
+ 	int connection_status;
+ 	char *hostname;
+ 
+-	tls->ctx = SSL_CTX_new(TLSv1_client_method());
++	tls->ctx = SSL_CTX_new(SSLv23_client_method());
+ 
+ 	if (tls->ctx == NULL)
+ 	{
+@@ -141,6 +141,12 @@
+ 	 */
+ 	options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ 
++	/**
++	 * disable SSLv2 and SSLv3
++	 */
++	options |= SSL_OP_NO_SSLv2;
++	options |= SSL_OP_NO_SSLv3;
++
+ 	SSL_CTX_set_options(tls->ctx, options);
+ 
+ 	tls->ssl = SSL_new(tls->ctx);
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series	2017-07-27 17:53:02.000000000 -0400
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series	2017-08-12 15:26:22.000000000 -0400
@@ -20,3 +20,4 @@
 1012_typo-fix.patch
 1013_aligned_meminfo_alignment.patch
 0008-Fix-multiple-security-issues.patch
+0009-enable-TLS-12.patch

--- End Message ---

--- Begin Message ---

• To: 863734-done@bugs.debian.org, 864027-done@bugs.debian.org, 864028-done@bugs.debian.org, 864911-done@bugs.debian.org, 865971-done@bugs.debian.org, 866045-done@bugs.debian.org, 866537-done@bugs.debian.org, 867814-done@bugs.debian.org, 868284-done@bugs.debian.org, 868517-done@bugs.debian.org, 868684-done@bugs.debian.org, 868756-done@bugs.debian.org, 868809-done@bugs.debian.org, 869414-done@bugs.debian.org, 869419-done@bugs.debian.org, 869434-done@bugs.debian.org, 869574-done@bugs.debian.org, 869577-done@bugs.debian.org, 869634-done@bugs.debian.org, 869661-done@bugs.debian.org, 869667-done@bugs.debian.org, 869676-done@bugs.debian.org, 869754-done@bugs.debian.org, 869772-done@bugs.debian.org, 869836-done@bugs.debian.org, 869920-done@bugs.debian.org, 869966-done@bugs.debian.org, 870005-done@bugs.debian.org, 870142-done@bugs.debian.org, 870181-done@bugs.debian.org, 870205-done@bugs.debian.org, 870465-done@bugs.debian.org, 870604-done@bugs.debian.org, 870609-done@bugs.debian.org, 870659-done@bugs.debian.org, 870911-done@bugs.debian.org, 871242-done@bugs.debian.org, 871440-done@bugs.debian.org, 871451-done@bugs.debian.org, 871466-done@bugs.debian.org, 871661-done@bugs.debian.org, 871720-done@bugs.debian.org, 871739-done@bugs.debian.org, 871943-done@bugs.debian.org, 872441-done@bugs.debian.org, 872774-done@bugs.debian.org, 872776-done@bugs.debian.org, 872818-done@bugs.debian.org, 872928-done@bugs.debian.org, 872953-done@bugs.debian.org, 872991-done@bugs.debian.org, 873054-done@bugs.debian.org, 873061-done@bugs.debian.org, 873309-done@bugs.debian.org, 873371-done@bugs.debian.org, 873479-done@bugs.debian.org, 873624-done@bugs.debian.org, 873771-done@bugs.debian.org, 874198-done@bugs.debian.org, 874350-done@bugs.debian.org, 874389-done@bugs.debian.org, 874477-done@bugs.debian.org, 874580-done@bugs.debian.org, 875695-done@bugs.debian.org, 875765-done@bugs.debian.org, 875777-done@bugs.debian.org, 876020-done@bugs.debian.org, 876092-done@bugs.debian.org, 876114-done@bugs.debian.org, 876116-done@bugs.debian.org, 876117-done@bugs.debian.org, 876139-done@bugs.debian.org, 876314-done@bugs.debian.org, 876629-done@bugs.debian.org, 876731-done@bugs.debian.org, 876909-done@bugs.debian.org, 876913-done@bugs.debian.org, 876949-done@bugs.debian.org, 877348-done@bugs.debian.org, 877415-done@bugs.debian.org, 875771-done@bugs.debian.org, 876633-done@bugs.debian.org
• Subject: Closing bugs for 9.2 point release
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sat, 07 Oct 2017 11:33:55 +0100
• Message-id: <1507372435.18586.64.camel@adam-barratt.org.uk>

Version: 9.2

Hi.

The updates referenced by each of these bugs was included in today's
point release of stretch.

Regards,

Adam

--- End Message ---