Bug#822952: squid3-3.4.8-6

Fri, 29 Apr 2016 03:15:35 -0700 

Package: squid3
Version: 3.4.8-6;

Disables sslv3 if the system's openssl is compiled without it. (Jessie)


I am using Debian GNU/Linux 8 (Jessie), kernel 3.16.0-4-686-pae
and GLIBC 2.19-18+deb8u4

diff -Nru squid3-3.4.8/debian/changelog squid3-3.4.8/debian/changelog
--- squid3-3.4.8/debian/changelog	2016-03-20 17:14:27.000000000 +0400
+++ squid3-3.4.8/debian/changelog	2016-04-29 13:23:52.000000000 +0400
@@ -1,3 +1,10 @@
+squid3 (3.4.8-6+deb8u2.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Remove support for SSLv3 when it is unsupported.
+
+ -- Yash Paupiah <yashpaupia...@gmail.com>  Fri, 29 Apr 2016 13:22:33 +0400
+
 squid3 (3.4.8-6+deb8u2) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru squid3-3.4.8/debian/patches/OPENSSL_NO_SSL3.patch squid3-3.4.8/debian/patches/OPENSSL_NO_SSL3.patch
--- squid3-3.4.8/debian/patches/OPENSSL_NO_SSL3.patch	1970-01-01 04:00:00.000000000 +0400
+++ squid3-3.4.8/debian/patches/OPENSSL_NO_SSL3.patch	2016-04-29 13:21:58.000000000 +0400
@@ -0,0 +1,34 @@
+Index: squid3-3.4.8/src/ssl/support.cc
+===================================================================
+--- squid3-3.4.8.orig/src/ssl/support.cc
++++ squid3-3.4.8/src/ssl/support.cc
+@@ -1020,8 +1020,13 @@ sslCreateClientContext(const char *certf
+         break;
+ 
+     case 3:
++#ifndef OPENSSL_NO_SSL3
+         debugs(83, 5, "Using SSLv3.");
+         method = SSLv3_client_method();
++#else
++	debugs(83, DBG_IMPORTANT, "SSLv3 is not available in this Proxy.");
++	return NULL;
++#endif
+         break;
+ 
+     case 4:
+@@ -1405,9 +1410,14 @@ Ssl::contextMethod(int version)
+         break;
+ 
+     case 3:
++#ifndef OPENSSL_NO_SSL3
+         debugs(83, 5, "Using SSLv3.");
+         method = SSLv3_server_method();
+-        break;
++#else
++        debugs(83, DBG_IMPORTANT, "SSLv3 is not available in this Proxy.");
++        return NULL;
++#endif
++	 break;
+ 
+     case 4:
+         debugs(83, 5, "Using TLSv1.");
diff -Nru squid3-3.4.8/debian/patches/series squid3-3.4.8/debian/patches/series
--- squid3-3.4.8/debian/patches/series	2016-03-20 17:14:27.000000000 +0400
+++ squid3-3.4.8/debian/patches/series	2016-04-29 12:01:13.000000000 +0400
@@ -11,3 +11,4 @@
 35-squid-3.4-13203.patch 
 36-squid-3.4-13225.patch
 37-squid-3.5-13990.patch
+OPENSSL_NO_SSL3.patch

Reply via email to