[Pkg-sympa-commits] [sympa] 11/12: Add a patch (backported from Sympa 6.2) to fix various SSL/TLS issues (#783595)
Emmanuel Bouthenot
kolter at moszumanska.debian.org
Fri Jul 31 05:18:14 UTC 2015
This is an automated email from the git hooks/post-receive script.
kolter pushed a commit to branch master
in repository sympa.
commit 17d4e1681b30d2f91148dfea293672fd425e8b9d
Author: Emmanuel Bouthenot <kolter at openics.org>
Date: Fri Jul 31 06:36:09 2015 +0200
Add a patch (backported from Sympa 6.2) to fix various SSL/TLS issues (#783595)
---
debian/patches/1016_fix_ldap_ssl | 77 ++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 78 insertions(+)
diff --git a/debian/patches/1016_fix_ldap_ssl b/debian/patches/1016_fix_ldap_ssl
new file mode 100644
index 0000000..4672e3f
--- /dev/null
+++ b/debian/patches/1016_fix_ldap_ssl
@@ -0,0 +1,77 @@
+Description: Improve SSL/TLS support (patch backported from 6.2 branch)
+ - Fix LDAP support to use tlsv1 instead of tls
+ - Globally support TLSv1.1 and TLSv1.2
+Origin: https://sourcesup.renater.fr/scm/viewvc.php?view=rev&root=sympa&revision=11980
+Bug-Debian: https://bugs.debian.org/783595
+Forwarded: not-needed
+Last-Update: 2015-07-31
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/lib/List.pm
++++ b/src/lib/List.pm
+@@ -877,7 +877,8 @@
+ 'gettext_id' => 'use SSL (LDAPS)',
+ 'order' => 2.5,
+ },
+- 'ssl_version' => {'format' => ['sslv2','sslv3','tls'],
++ 'ssl_version' => {'format' => ['sslv2','sslv3','tlsv1','tlsv1_1','tlsv1_2'],
++ 'synonym' => {'tls' => 'tlsv1'},
+ 'default' => 'sslv3',
+ 'gettext_id' => 'SSL version',
+ 'order' => 2.5,
+@@ -1001,8 +1002,9 @@
+ 'gettext_id' => 'use SSL (LDAPS)',
+ 'order' => 2.5,
+ },
+- 'ssl_version' => {'format' => ['sslv2','sslv3','tls'],
+- 'default' => '',
++ 'ssl_version' => {'format' => ['sslv2','sslv3','tlsv1','tlsv1_1','tlsv1_2'],
++ 'synonym' => {'tls' => 'tlsv1'},
++ 'default' => 'sslv3',
+ 'gettext_id' => 'SSL version',
+ 'order' => 2.5,
+ },
+@@ -1577,9 +1579,11 @@
+ 'no' => {'gettext_id' => 'no'},
+
+ # include_ldap_2level_query.ssl_version, include_ldap_query.ssl_version
+- 'sslv2' => {'gettext_id' => 'SSL version 2'},
+- 'sslv3' => {'gettext_id' => 'SSL version 3'},
+- 'tls' => {'gettext_id' => 'TLS'},
++ 'sslv2' => {'gettext_id' => 'SSL version 2'},
++ 'sslv3' => {'gettext_id' => 'SSL version 3'},
++ 'tlsv1' => {'gettext_id' => 'TLS version 1'},
++ 'tlsv1_1' => {'gettext_id' => 'TLS version 1.1'},
++ 'tlsv1_2' => {'gettext_id' => 'TLS version 1.2'},
+
+ # editor.reception, owner_include.reception, owner.reception,
+ # editor_include.reception
+--- a/src/lib/Conf.pm
++++ b/src/lib/Conf.pm
+@@ -1141,7 +1141,7 @@
+ 'scope' => 'base|one|sub',
+ 'authentication_info_url' => 'http(s)?:/.*',
+ 'use_ssl' => '1',
+- 'ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1',
++ 'ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1|tlsv1_1|tlsv1_2',
+ 'ssl_ciphers' => '[\w:]+' },
+
+ 'user_table' => {'regexp' => '.*',
+@@ -1165,7 +1165,7 @@
+ 'ldap_get_email_by_uid_filter' => '.+',
+ 'ldap_email_attribute' => '\w+',
+ 'ldap_use_ssl' => '1',
+- 'ldap_ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1',
++ 'ldap_ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1|tlsv1_1|tlsv1_2',
+ 'ldap_ssl_ciphers' => '[\w:]+'
+ },
+ 'generic_sso' => {'service_name' => '.+',
+@@ -1184,7 +1184,7 @@
+ 'ldap_get_email_by_uid_filter' => '.+',
+ 'ldap_email_attribute' => '\w+',
+ 'ldap_use_ssl' => '1',
+- 'ldap_ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1',
++ 'ldap_ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1|tlsv1_1|tlsv1_2',
+ 'ldap_ssl_ciphers' => '[\w:]+',
+ 'force_email_verify' => '1',
+ 'internal_email_by_netid' => '1',
diff --git a/debian/patches/series b/debian/patches/series
index 0828c04..a4a04fe 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,5 +5,6 @@
1011_fix_sqlite_support
1012_fix_manpages_issues.patch
1015_locales_fallback.path
+1016_fix_ldap_ssl
2001_ca_bundle_check_as_warning.patch
2006_disable_cssupdated_email_on_update.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/sympa.git
More information about the Pkg-sympa-commits
mailing list