On Mon, Oct 20, 2014 at 12:21:19PM -0400, Marc Deslauriers wrote: Hi,
> In Ubuntu, the attached patch was applied to achieve the following: > > * Don't force the use of SSLv3 (LP: #1381484) > - debian/patches/dont_force_sslv3.patch: use SSLv23_client_method() > so the best method gets automatically negotiated in > src/common/ssl.c. Since both upstream and the maintainer seem to be dormant at the moment, I'll scratch my own itch and upload a NMU to delayed-3 just in case someone objects. Sven
diff -Nru xchat-2.8.8/debian/changelog xchat-2.8.8/debian/changelog --- xchat-2.8.8/debian/changelog 2014-10-13 21:57:31.000000000 +0200 +++ xchat-2.8.8/debian/changelog 2014-11-07 10:56:49.000000000 +0100 @@ -1,3 +1,11 @@ +xchat (2.8.8-7.3) unstable; urgency=low + + * Non-maintainer upload. + * Add debian/patches/68_dont_force_sslv3.patch. + Provided via LP: #1381484. (Closes: #766005) + + -- Sven Hoexter <hoex...@debian.org> Fri, 07 Nov 2014 10:55:27 +0100 + xchat (2.8.8-7.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru xchat-2.8.8/debian/patches/68_dont_force_sslv3.patch xchat-2.8.8/debian/patches/68_dont_force_sslv3.patch --- xchat-2.8.8/debian/patches/68_dont_force_sslv3.patch 1970-01-01 01:00:00.000000000 +0100 +++ xchat-2.8.8/debian/patches/68_dont_force_sslv3.patch 2014-11-07 14:31:25.000000000 +0100 @@ -0,0 +1,33 @@ +Description: Don't force the use of SSLv3 +Author: Marc Deslauriers <marc.deslauri...@canonical.com> +Bug: http://sourceforge.net/p/xchat/bugs/1598/ +Bug-Ubuntu: https://bugs.launchpad.net/xchat-gnome/+bug/1381484 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766005 +Forwarded: yes + +--- + src/common/ssl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: b/src/common/ssl.c +=================================================================== +--- a/src/common/ssl.c ++++ b/src/common/ssl.c +@@ -70,7 +70,7 @@ _SSL_context_init (void (*info_cb_func), + + SSLeay_add_ssl_algorithms (); + SSL_load_error_strings (); +- ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ()); ++ ctx = SSL_CTX_new (server ? SSLv23_server_method() : SSLv23_client_method ()); + + SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH); + SSL_CTX_set_timeout (ctx, 300); +@@ -281,7 +281,7 @@ _SSL_socket (SSL_CTX *ctx, int sd) + __SSL_critical_error ("SSL_new"); + + SSL_set_fd (ssl, sd); +- if (ctx->method == SSLv3_client_method()) ++ if (ctx->method == SSLv23_client_method()) + SSL_set_connect_state (ssl); + else + SSL_set_accept_state(ssl); diff -Nru xchat-2.8.8/debian/patches/series xchat-2.8.8/debian/patches/series --- xchat-2.8.8/debian/patches/series 2014-10-13 21:58:48.000000000 +0200 +++ xchat-2.8.8/debian/patches/series 2014-11-07 10:52:49.000000000 +0100 @@ -25,3 +25,4 @@ 65_save_sound.patch 66_load_libnotify4.patch 67_configure_with_gmodule.patch +68_dont_force_sslv3.patch \ No newline at end of file
