[libnet-tclink-perl] 01/02: Add patch no-SSLv3.patch
gregor herrmann
gregoa at debian.org
Fri Nov 6 15:41:59 UTC 2015
This is an automated email from the git hooks/post-receive script.
gregoa pushed a commit to branch master
in repository libnet-tclink-perl.
commit 345a4f754babcf69b034b1e9dc98bcab56f2b443
Author: gregor herrmann <gregoa at debian.org>
Date: Fri Nov 6 16:37:57 2015 +0100
Add patch no-SSLv3.patch
to use SSLv23_client_method() instead of the insecure and removed
SSLv3_client_method().
Thanks: Kurt Roeckx for the bug report.
Closes: #803974
---
debian/patches/no-SSLv3.patch | 21 +++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 22 insertions(+)
diff --git a/debian/patches/no-SSLv3.patch b/debian/patches/no-SSLv3.patch
new file mode 100644
index 0000000..e3d0db5
--- /dev/null
+++ b/debian/patches/no-SSLv3.patch
@@ -0,0 +1,21 @@
+Description: SSLv3 considered insecure
+ In Debian, The SSLv3_* methods have now been removed in unstable.
+ Use SSLv23_* instead.
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/803974
+Author: gregor herrmann <gregoa at debian.org>
+Last-Update: 2015-11-06
+Forwarded: https://rt.cpan.org/Ticket/Display.html?id=108515
+Bug: https://rt.cpan.org/Ticket/Display.html?id=108515
+
+--- a/tclink.c
++++ b/tclink.c
+@@ -539,7 +539,7 @@
+ {
+ do_SSL_randomize(); /* handle systems without /dev/urandom */
+ SSLeay_add_ssl_algorithms();
+- c->meth = SSLv3_client_method();
++ c->meth = SSLv23_client_method();
+ }
+
+ if (!c->ctx)
diff --git a/debian/patches/series b/debian/patches/series
index 7203169..835d0a3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
add-shebang.patch
disable-network-test.patch
+no-SSLv3.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libnet-tclink-perl.git
More information about the Pkg-perl-cvs-commits
mailing list