This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch master
in repository libio-socket-ssl-perl.

commit 8f3266f1da170fa0335d69627682ca6a6dd780d7
Author: Salvatore Bonaccorso <[email protected]>
Date:   Sat Nov 1 23:12:49 2014 +0100

    Add 0001-use-only-ICANN-part-in-public-suffix-list.patch
    
    Don't use public suffix list to restrict wildcard certificates.
    
    Thanks: Stefano Rivera
    Closes: #767692
---
 ...use-only-ICANN-part-in-public-suffix-list.patch | 61 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 62 insertions(+)

diff --git 
a/debian/patches/0001-use-only-ICANN-part-in-public-suffix-list.patch 
b/debian/patches/0001-use-only-ICANN-part-in-public-suffix-list.patch
new file mode 100644
index 0000000..30e5df1
--- /dev/null
+++ b/debian/patches/0001-use-only-ICANN-part-in-public-suffix-list.patch
@@ -0,0 +1,61 @@
+Description: use only ICANN part in public suffix list
+Origin: backport, 
https://github.com/noxxi/p5-io-socket-ssl/commit/1f9482771fd8d71083a2e388634b3787bd9fe147
+Bug-Debian: https://bugs.debian.org/767692
+Forwarded: not-needed
+Author: Steffen Ullrich <[email protected]>
+Reviewed-by: Salvatore Bonaccorso <[email protected]>
+Last-Update: 2014-11-01
+
+---
+diff --git a/lib/IO/Socket/SSL/PublicSuffix.pm 
b/lib/IO/Socket/SSL/PublicSuffix.pm
+index 87c8b0b..a84aacd 100644
+--- a/lib/IO/Socket/SSL/PublicSuffix.pm
++++ b/lib/IO/Socket/SSL/PublicSuffix.pm
+@@ -293,10 +293,8 @@ sub public_suffix {
+     sub _default_data {
+       if ( ! defined $data ) {
+           $data = do { local $/; <DATA> };
+-          # known exceptions of behavior of SSL certificates from PSL
+-          $data .= "!googleapis.com\n";
+-          $data .= "!s3.amazonaws.com\n"; # RT#99702
+-
++          $data =~s{^// ===END ICANN DOMAINS.*}{}ms
++              or die "cannot find END ICANN DOMAINS";
+       }
+       return $data;
+     }
+diff --git a/t/public_suffix_lib.pl b/t/public_suffix_lib.pl
+index 66bdfe4..a9dc4c8 100644
+--- a/t/public_suffix_lib.pl
++++ b/t/public_suffix_lib.pl
+@@ -30,7 +30,7 @@ sub run_with_lib {
+ 
+     require IO::Socket::SSL::PublicSuffix;
+ 
+-    plan tests => 83;
++    plan tests => 79;
+ 
+ 
+     # all one-level, but co.uk two-level
+@@ -117,10 +117,14 @@ sub run_with_lib {
+     is public_suffix('example.com'), 'com';
+     is public_suffix('b.example.com'), 'com';
+     is public_suffix('a.b.example.com'), 'com';
+-    is public_suffix('uk.com'), 'uk.com';
+-    is public_suffix('example.uk.com'), 'uk.com';
+-    is public_suffix('b.example.uk.com'), 'uk.com';
+-    is public_suffix('a.b.example.uk.com'), 'uk.com';
++
++    # uk.com is not in the ICANN part of the list
++    if(0) {
++      is public_suffix('uk.com'), 'uk.com';
++      is public_suffix('example.uk.com'), 'uk.com';
++      is public_suffix('b.example.uk.com'), 'uk.com';
++      is public_suffix('a.b.example.uk.com'), 'uk.com';
++    }
+     is public_suffix('test.ac'), 'ac';
+ 
+     # TLD with only one (wildcard) rule:
+-- 
+2.1.1
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..12003fd
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-use-only-ICANN-part-in-public-suffix-list.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-perl/packages/libio-socket-ssl-perl.git

_______________________________________________
Pkg-perl-cvs-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits

Reply via email to