Bug#871943: marked as done (stretch-pu: package freerdp/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2)

Debian Bug Tracking System Sat, 07 Oct 2017 03:45:50 -0700

Your message dated Sat, 07 Oct 2017 11:33:55 +0100
with message-id <1507372435.18586.64.ca...@adam-barratt.org.uk>
and subject line Closing bugs for 9.2 point release
has caused the Debian Bug report #871943,
regarding stretch-pu: package 
freerdp/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
871943: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871943
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

Dear release team,

we received a helpful patch from FreeRDP upstream for the still support
FreeRDP 1.1 version we ship in Debian.

[PATCH 1/1] enable TLS 1+

Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
To be able to also use TLS 1.1 and later use SSLv23_client_method
instead. To make sure SSLv2 or SSLv3 isn't used disable them.

A .debdiff has been attached.

A +/- identical upload could be done for jessie-updates, too. The
upstream versions are the same, the patch level is slightly different.
Shall I file an extra bug report for that?

Thanks!
Mike


-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog 
freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog  2017-07-27 
17:53:25.000000000 -0400
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/changelog  2017-08-12 
15:26:43.000000000 -0400
@@ -1,3 +1,11 @@
+freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2) stretch; urgency=medium
+
+  [ Bernhard Miklautz ]
+  * debian/patches:
+    + Add 0009-enable-TLS-12.patch. Enable TLS 1+ support. (Closes: #871478).
+
+ -- Mike Gabriel <sunwea...@debian.org>  Sat, 12 Aug 2017 15:26:43 -0400
+
 freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1) stretch-security; 
urgency=high
 
   [ Bernhard Miklautz ]
diff -Nru 
freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch
 
freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch
--- 
freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch
   1969-12-31 19:00:00.000000000 -0500
+++ 
freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/0009-enable-TLS-12.patch
   2017-08-12 15:26:22.000000000 -0400
@@ -0,0 +1,38 @@
+From 3ba81cbd5a59434f3053665e9fc4a432afd0db20 Mon Sep 17 00:00:00 2001
+From: Bernhard Miklautz <bernhard.mikla...@shacknet.at>
+Date: Thu, 10 Aug 2017 09:31:21 +0200
+Subject: [PATCH 1/1] enable TLS 1+
+
+Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
+To be able to also use TLS 1.1 and later use SSLv23_client_method
+instead. To make sure SSLv2 or SSLv3 isn't used disable them.
+
+cherry-picked from aa80f63b4ab19101cbdc376f7e0613ed410fee11
+---
+ libfreerdp/crypto/tls.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/libfreerdp/crypto/tls.c
++++ b/libfreerdp/crypto/tls.c
+@@ -102,7 +102,7 @@
+       int connection_status;
+       char *hostname;
+ 
+-      tls->ctx = SSL_CTX_new(TLSv1_client_method());
++      tls->ctx = SSL_CTX_new(SSLv23_client_method());
+ 
+       if (tls->ctx == NULL)
+       {
+@@ -141,6 +141,12 @@
+        */
+       options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ 
++      /**
++       * disable SSLv2 and SSLv3
++       */
++      options |= SSL_OP_NO_SSLv2;
++      options |= SSL_OP_NO_SSLv3;
++
+       SSL_CTX_set_options(tls->ctx, options);
+ 
+       tls->ssl = SSL_new(tls->ctx);
diff -Nru freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series 
freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series
--- freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series     
2017-07-27 17:53:02.000000000 -0400
+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/debian/patches/series     
2017-08-12 15:26:22.000000000 -0400
@@ -20,3 +20,4 @@
 1012_typo-fix.patch
 1013_aligned_meminfo_alignment.patch
 0008-Fix-multiple-security-issues.patch
+0009-enable-TLS-12.patch

--- End Message ---

--- Begin Message ---

Version: 9.2

Hi.

The updates referenced by each of these bugs was included in today's
point release of stretch.

Regards,

Adam

--- End Message ---

Bug#871943: marked as done (stretch-pu: package freerdp/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2)

Reply via email to