This is an automated email from the git hooks/post-receive script. carnil pushed a commit to branch master in repository libio-socket-ssl-perl.
commit 8f3266f1da170fa0335d69627682ca6a6dd780d7 Author: Salvatore Bonaccorso <[email protected]> Date: Sat Nov 1 23:12:49 2014 +0100 Add 0001-use-only-ICANN-part-in-public-suffix-list.patch Don't use public suffix list to restrict wildcard certificates. Thanks: Stefano Rivera Closes: #767692 --- ...use-only-ICANN-part-in-public-suffix-list.patch | 61 ++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 62 insertions(+) diff --git a/debian/patches/0001-use-only-ICANN-part-in-public-suffix-list.patch b/debian/patches/0001-use-only-ICANN-part-in-public-suffix-list.patch new file mode 100644 index 0000000..30e5df1 --- /dev/null +++ b/debian/patches/0001-use-only-ICANN-part-in-public-suffix-list.patch @@ -0,0 +1,61 @@ +Description: use only ICANN part in public suffix list +Origin: backport, https://github.com/noxxi/p5-io-socket-ssl/commit/1f9482771fd8d71083a2e388634b3787bd9fe147 +Bug-Debian: https://bugs.debian.org/767692 +Forwarded: not-needed +Author: Steffen Ullrich <[email protected]> +Reviewed-by: Salvatore Bonaccorso <[email protected]> +Last-Update: 2014-11-01 + +--- +diff --git a/lib/IO/Socket/SSL/PublicSuffix.pm b/lib/IO/Socket/SSL/PublicSuffix.pm +index 87c8b0b..a84aacd 100644 +--- a/lib/IO/Socket/SSL/PublicSuffix.pm ++++ b/lib/IO/Socket/SSL/PublicSuffix.pm +@@ -293,10 +293,8 @@ sub public_suffix { + sub _default_data { + if ( ! defined $data ) { + $data = do { local $/; <DATA> }; +- # known exceptions of behavior of SSL certificates from PSL +- $data .= "!googleapis.com\n"; +- $data .= "!s3.amazonaws.com\n"; # RT#99702 +- ++ $data =~s{^// ===END ICANN DOMAINS.*}{}ms ++ or die "cannot find END ICANN DOMAINS"; + } + return $data; + } +diff --git a/t/public_suffix_lib.pl b/t/public_suffix_lib.pl +index 66bdfe4..a9dc4c8 100644 +--- a/t/public_suffix_lib.pl ++++ b/t/public_suffix_lib.pl +@@ -30,7 +30,7 @@ sub run_with_lib { + + require IO::Socket::SSL::PublicSuffix; + +- plan tests => 83; ++ plan tests => 79; + + + # all one-level, but co.uk two-level +@@ -117,10 +117,14 @@ sub run_with_lib { + is public_suffix('example.com'), 'com'; + is public_suffix('b.example.com'), 'com'; + is public_suffix('a.b.example.com'), 'com'; +- is public_suffix('uk.com'), 'uk.com'; +- is public_suffix('example.uk.com'), 'uk.com'; +- is public_suffix('b.example.uk.com'), 'uk.com'; +- is public_suffix('a.b.example.uk.com'), 'uk.com'; ++ ++ # uk.com is not in the ICANN part of the list ++ if(0) { ++ is public_suffix('uk.com'), 'uk.com'; ++ is public_suffix('example.uk.com'), 'uk.com'; ++ is public_suffix('b.example.uk.com'), 'uk.com'; ++ is public_suffix('a.b.example.uk.com'), 'uk.com'; ++ } + is public_suffix('test.ac'), 'ac'; + + # TLD with only one (wildcard) rule: +-- +2.1.1 + diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..12003fd --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +0001-use-only-ICANN-part-in-public-suffix-list.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libio-socket-ssl-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits
