--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package freerdp/1.1.0~git20140921.1.440916e+dfsg1-4+deb8u2
- From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
- Date: Mon, 28 Aug 2017 19:05:59 +0200
- Message-id: <150393995922.20338.14273538223605563095.reportbug@minobo.das-netzwerkteam.de>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
This request for accepting a freerdp jessie-pu correlates to
https://bugs.debian.org/871943
Quoting my self from the stretch-pu:
```
We received a helpful patch from FreeRDP upstream for the still support
FreeRDP 1.1 version we ship in Debian.
[PATCH 1/1] enable TLS 1+
Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
To be able to also use TLS 1.1 and later use SSLv23_client_method
instead. To make sure SSLv2 or SSLv3 isn't used disable them.
A .debdiff has been attached.
A +/- identical upload could be done for jessie-updates, too. The
upstream versions are the same, the patch level is slightly different.
Shall I file an extra bug report for that?
```
-- System Information:
Debian Release: 9.1
APT prefers stable
APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog 2017-07-28 11:12:43.000000000 +0200
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog 2017-08-28 18:56:18.000000000 +0200
@@ -1,3 +1,11 @@
+freerdp (1.1.0~git20140921.1.440916e+dfsg1-4+deb8u2) jessie-proposed-updates; urgency=medium
+
+ [ Bernhard Miklautz ]
+ * debian/patches:
+ + Add 0009-enable-TLS-12.patch. Enable TLS 1+ support. (Closes: #871478).
+
+ -- Mike Gabriel <sunweaver@debian.org> Mon, 28 Aug 2017 18:56:18 +0200
+
freerdp (1.1.0~git20140921.1.440916e+dfsg1-4+deb8u1) jessie-security; urgency=high
[ Bernhard Miklautz ]
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch 2017-08-28 18:55:20.000000000 +0200
@@ -0,0 +1,38 @@
+From 3ba81cbd5a59434f3053665e9fc4a432afd0db20 Mon Sep 17 00:00:00 2001
+From: Bernhard Miklautz <bernhard.miklautz@shacknet.at>
+Date: Thu, 10 Aug 2017 09:31:21 +0200
+Subject: [PATCH 1/1] enable TLS 1+
+
+Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
+To be able to also use TLS 1.1 and later use SSLv23_client_method
+instead. To make sure SSLv2 or SSLv3 isn't used disable them.
+
+cherry-picked from aa80f63b4ab19101cbdc376f7e0613ed410fee11
+---
+ libfreerdp/crypto/tls.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/libfreerdp/crypto/tls.c
++++ b/libfreerdp/crypto/tls.c
+@@ -102,7 +102,7 @@
+ int connection_status;
+ char *hostname;
+
+- tls->ctx = SSL_CTX_new(TLSv1_client_method());
++ tls->ctx = SSL_CTX_new(SSLv23_client_method());
+
+ if (tls->ctx == NULL)
+ {
+@@ -141,6 +141,12 @@
+ */
+ options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+
++ /**
++ * disable SSLv2 and SSLv3
++ */
++ options |= SSL_OP_NO_SSLv2;
++ options |= SSL_OP_NO_SSLv3;
++
+ SSL_CTX_set_options(tls->ctx, options);
+
+ tls->ssl = SSL_new(tls->ctx);
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series 2017-07-28 11:11:23.000000000 +0200
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series 2017-08-28 18:55:20.000000000 +0200
@@ -11,3 +11,4 @@
0002_handle-old-style-cmdline-options.patch
0003_copy-data-when-adding-glyph-to-cache.patch
0008-Fix-multiple-security-issues.patch
+0009-enable-TLS-12.patch
--- End Message ---
--- Begin Message ---
- To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 873519-done@bugs.debian.org
- Subject: Re: Bug#873519: jessie-pu: package freerdp/1.1.0~git20140921.1.440916e+dfsg1-4+deb8u2
- From: Jonathan Wiltshire <jmw@debian.org>
- Date: Sun, 17 Jun 2018 19:06:50 +0100
- Message-id: <20180617180650.rvmqcfg7kcj2clvp@powdarrmonkey.net>
- In-reply-to: <150393995922.20338.14273538223605563095.reportbug@minobo.das-netzwerkteam.de>
- References: <150393995922.20338.14273538223605563095.reportbug@minobo.das-netzwerkteam.de>
Control: tag -1 wontfix
Hi,
This request was approved and tagged 'confirmed', but no upload was
subsequently made. With the final point release for Jessie now being
prepared, it's unfortunately too late for this package to be updated.
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
--- End Message ---