Your message dated Fri, 20 Nov 2015 15:40:35 +0000 with message-id <e1zznnf-0006io...@franck.debian.org> and subject line Bug#805114: fixed in medusa 2.2~rc3-1 has caused the Debian Bug report #805114, regarding medusa: FTBFS: SSLv3 method removed to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 805114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: medusa Version: 2.1.1-1 Severity: serious Control: block 797926 by -1 Hi, SSLv3 support has been removed in Debian and as a result your package now fails to build. The code looks like this: /* The SSL context can support SSLv2, SSLv3, or both. The default is to use whatever the server demands. The module can override this by setting nSSLVersion. */ /* Debian's OpenSSL has SSLv2 support disabled. */ #ifndef OPENSSL_NO_SSL2 if (pParams->nSSLVersion == 2) sslContext = SSL_CTX_new(SSLv2_client_method()); else #endif if (pParams->nSSLVersion == 3) sslContext = SSL_CTX_new(SSLv3_client_method()); else if (pParams->nSSLVersion == (float)3.1) sslContext = SSL_CTX_new(TLSv1_client_method()); else sslContext = SSL_CTX_new(SSLv23_client_method()); And then you seem to have various code doing things like: params.nSSLVersion = 3.1; /* Force the use of TLSv1 */ And one location doing: params.nSSLVersion = 3; /* VMware Authentication Daemon requires SSLv3 */ There doesn't seem to be a default value for nSSLVersion, so I assume it's 0 in which case you should end up at the SSLv23_* method. Please note that SSLv3 support has been completly removed in the new version. If that VMware Authentication Daemon still requires SSLv3 it's just not going to work anymore. The SSLv23_* methods are the only ones that support multiple protocol versions and I suggest you only use those. The others will go away in the future. If there is a need to limit the protocol please use SSL_(CTX_)set_options with something like SSL_OP_NO_SSLv3. Kurt
--- End Message ---
--- Begin Message ---Source: medusa Source-Version: 2.2~rc3-1 We believe that the bug you reported is fixed in the latest version of medusa, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 805...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luciano Bello <luci...@debian.org> (supplier of updated medusa package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 20 Nov 2015 11:18:41 +0100 Source: medusa Binary: medusa Architecture: source amd64 Version: 2.2~rc3-1 Distribution: unstable Urgency: medium Maintainer: Luciano Bello <luci...@debian.org> Changed-By: Luciano Bello <luci...@debian.org> Description: medusa - fast, parallel, modular, login brute-forcer for network services Closes: 805114 Changes: medusa (2.2~rc3-1) unstable; urgency=medium . * New upstream version. * FTBFS: SSLv3 method removed (closes: #805114). Checksums-Sha1: 657627cbf9975f3b4311db614b971765c272b1be 1710 medusa_2.2~rc3-1.dsc 74d1d3f1f798d7560490056653c392fa2424899d 407437 medusa_2.2~rc3.orig.tar.gz 19f1834f67fd79e8bf75db85b01d23b24a80ff3f 5576 medusa_2.2~rc3-1.debian.tar.xz a711b4ddeb198fcf1d4ba1ac108a11135d25e671 146864 medusa_2.2~rc3-1_amd64.deb Checksums-Sha256: 4777196af88042a04c1ef11cdb3f669cc813bc8aa1b9f851d5111986cfea5191 1710 medusa_2.2~rc3-1.dsc f3ee06026286017fa233667eec4761794f5d3b2c51f774eef9c023afed22982a 407437 medusa_2.2~rc3.orig.tar.gz 5cf627210147077eeb315fda4dad28129c1e7eedf3f53f05f9df8f6a600d7d9f 5576 medusa_2.2~rc3-1.debian.tar.xz e82d0d11b1157f7faacac0dd5b97548e7ed547b1d53510fc590813f059a9963b 146864 medusa_2.2~rc3-1_amd64.deb Files: f3cb551e5ab426aaacc37fae7d9e5f22 1710 admin optional medusa_2.2~rc3-1.dsc 53a55d99243b825f3d5bfb2cdd484c58 407437 admin optional medusa_2.2~rc3.orig.tar.gz afdd4b1a47a96c1797e44ce79dfa136d 5576 admin optional medusa_2.2~rc3-1.debian.tar.xz d3d52297b852bbe0fbe712a8da75ff35 146864 admin optional medusa_2.2~rc3-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWTzplAAoJEG7C3vaP/jd09hcQAKcx4CuIeyF6UqPDve1pjb8t WYa4R5wwQ35kZ2xNlugfB0ZmHS+ViIMPAShQY+XsiBf9N+H4CVwJ3ojY+Sy6Zja0 gfvL89rywx0tXWc/b3jAHhknbHXWZAO+brZaW4T1FJGHx9OBEf9LnsrPZ+REvE7S ZUHcrnNPp3CHUs+rqUusB6AQDubHDaU5h56aGw4+URdTEYkanCSAI5VsLjRZIkZh eP2ioyIFzphh6cJYOgVvXJftHO7W+gcwPaeqgsqtZspkt0mgpUa72U9It9eZN30K 3LAr77B3zrJQrotqhdRWCl0p6g8i6mZCO+WA65gkUsO0nBAtWsVlrOFRfbGi+QMC QJjz5LQaFFxb4oKpVgl1XPCB5RHpqmhA/M/I1xb+sbCQcD8D9THAHu0w+nCetKNL J7SmtewGvk4uDQOnQkWshKyuxEFKelwLKM0HiGN8X3VNg0bPtkJUOwShezT8LIDG SVknOYu1tFcLHv3BdyXQGfjDG6IYeXbaaDCW9l01YN9zRIdpeicIuzKdYjthJMGY 9SE9TJ4Grl9APCamYZC4BUjUp3N9jmLJangKIW/K3LkiFt4DHI0GW+EgCAVAVWp8 rPyRsy0CbPb4P4bGdkYM3Zr44WH4GyLqrnoGatH4MMdwZNRv19YpgWk7cnPlo2XO RE0FS6brHV3wEM23HPTk =Dqxj -----END PGP SIGNATURE-----
--- End Message ---
