Your message dated Mon, 2 Feb 2015 18:19:38 -0200
with message-id <[email protected]>
and subject line Re: Bug#776325: wheezy-pu: package pound/2.6-2+deb7u1
has caused the Debian Bug report #776325,
regarding wheezy-pu: package pound/2.6-2+deb7u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
776325: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776325
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: wheezy
User: [email protected]
Usertags: pu
Hello release team, and pound maintainers (copied via X-Debbugs-Cc).
The wheezy version of pound has a nasty bug that breaks HTTP → HTTPS
redirects for URL's that contain the '=' character , what is arguably
quite common.
I would like to fix this with the attached debdiff.
-- System Information:
Debian Release: 8.0
APT prefers buildd-unstable
APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'),
(1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--
Antonio Terceiro <[email protected]>
diff -Nru pound-2.6/debian/changelog pound-2.6/debian/changelog
--- pound-2.6/debian/changelog 2015-01-26 18:29:53.000000000 -0200
+++ pound-2.6/debian/changelog 2012-02-03 07:50:41.000000000 -0200
@@ -1,12 +1,3 @@
-pound (2.6-2+deb7u1) stable; urgency=medium
-
- * Non-maintainer upload.
- * Update XSS redirect vulnerability patch to not break with '=' in the URL.
- Both the original patch and this update have already been applied
- upstream. Closes: #723731
-
- -- Antonio Terceiro <[email protected]> Mon, 26 Jan 2015 18:26:09 -0200
-
pound (2.6-2) unstable; urgency=low
* Update anti_beast patch
diff -Nru pound-2.6/debian/patches/xss_redirect_fix.patch pound-2.6/debian/patches/xss_redirect_fix.patch
--- pound-2.6/debian/patches/xss_redirect_fix.patch 2015-01-26 18:33:01.000000000 -0200
+++ pound-2.6/debian/patches/xss_redirect_fix.patch 2012-02-03 07:46:07.000000000 -0200
@@ -43,7 +43,7 @@
+ (ch>= 'A' && ch <='Z') ||
+ (ch>= 'a' && ch <='z') ||
+ (ch>= '0' && ch <='9') ||
-+ ch == '-' || ch == '_' || ch == '.' || ch == ':' || ch == '/' || ch == '?' || ch == '&' || ch == ';' || ch == '=') {
++ ch == '-' || ch == '_' || ch == '.' || ch == ':' || ch == '/' || ch == '?' || ch == '&' || ch == ';') {
+
+ urlbuf[j++] = ch;
+ continue;
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Hello Thijs,
On Mon, Feb 02, 2015 at 04:16:07PM +0100, Thijs Kinkhorst wrote:
> Hi Antonio,
>
> On Mon, February 2, 2015 15:34, Antonio Terceiro wrote:
> > ping :)
>
> As a heads up, we're currently preparing a upload for stable-security
> where this patch will most likely be included.
Ah, cool. There is no point in me uploading it, in that case.
Thanks!
--
Antonio Terceiro <[email protected]>
signature.asc
Description: Digital signature
--- End Message ---
