subject:"Bug#883292\: jessie\-pu\: package libio\-socket\-ssl\-perl\/2.002\-2\+deb8u3"

Processed: Re: Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

2017-12-02 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + pending
Bug #883292 [release.debian.org] jessie-pu: package 
libio-socket-ssl-perl/2.002-2+deb8u3
Added tag(s) pending.

-- 
883292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883292
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

2017-12-02 Thread Adam D. Barratt

Control: tags -1 + pending

On Fri, 2017-12-01 at 23:50 +0100, Salvatore Bonaccorso wrote:
> Hello Adam,
> 
> On Fri, Dec 01, 2017 at 08:28:47PM +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Fri, 2017-12-01 at 20:47 +0100, Salvatore Bonaccorso wrote:
> > > I know the window for the upcoming point release is this weekend,
> > > so
> > > this one might not made it in time. It was reported that the
> > > version
> > > in jessie of libio-socket-ssl-perl might segfault when using
> > > malformed
> > > client certificates, cf. #881711.
> > > 
> > > For jessie this issue is open, and the reporter confirmed that
> > > the
> > > patch fixes the issue there, so I cherry-picket the change for
> > > jessie.
> > > 
> > > Attached resulted debdiff, would it be fine to include it in this
> > > (or
> > > any further point release)?
> > > 
> > 
> > Please go ahead.
> 
> Thank you, just uploaded.
> 

Flagged for acceptance.

Regards,

Adam

Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

2017-12-01 Thread Salvatore Bonaccorso

Hello Adam,

On Fri, Dec 01, 2017 at 08:28:47PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2017-12-01 at 20:47 +0100, Salvatore Bonaccorso wrote:
> > I know the window for the upcoming point release is this weekend, so
> > this one might not made it in time. It was reported that the version
> > in jessie of libio-socket-ssl-perl might segfault when using
> > malformed
> > client certificates, cf. #881711.
> > 
> > For jessie this issue is open, and the reporter confirmed that the
> > patch fixes the issue there, so I cherry-picket the change for
> > jessie.
> > 
> > Attached resulted debdiff, would it be fine to include it in this (or
> > any further point release)?
> > 
> 
> Please go ahead.

Thank you, just uploaded.

Regards,
Salvatore

Processed: Re: Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

2017-12-01 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #883292 [release.debian.org] jessie-pu: package 
libio-socket-ssl-perl/2.002-2+deb8u3
Added tag(s) confirmed.

-- 
883292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883292
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

2017-12-01 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Fri, 2017-12-01 at 20:47 +0100, Salvatore Bonaccorso wrote:
> I know the window for the upcoming point release is this weekend, so
> this one might not made it in time. It was reported that the version
> in jessie of libio-socket-ssl-perl might segfault when using
> malformed
> client certificates, cf. #881711.
> 
> For jessie this issue is open, and the reporter confirmed that the
> patch fixes the issue there, so I cherry-picket the change for
> jessie.
> 
> Attached resulted debdiff, would it be fine to include it in this (or
> any further point release)?
> 

Please go ahead.

Regards,

Adam

Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

2017-12-01 Thread Salvatore Bonaccorso

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi SRM

I know the window for the upcoming point release is this weekend, so
this one might not made it in time. It was reported that the version
in jessie of libio-socket-ssl-perl might segfault when using malformed
client certificates, cf. #881711.

For jessie this issue is open, and the reporter confirmed that the
patch fixes the issue there, so I cherry-picket the change for jessie.

Attached resulted debdiff, would it be fine to include it in this (or
any further point release)?

Regards,
Salvatore
diff -Nru libio-socket-ssl-perl-2.002/debian/changelog 
libio-socket-ssl-perl-2.002/debian/changelog
--- libio-socket-ssl-perl-2.002/debian/changelog2016-10-08 
17:26:51.0 +0200
+++ libio-socket-ssl-perl-2.002/debian/changelog2017-12-01 
20:40:51.0 +0100
@@ -1,3 +1,9 @@
+libio-socket-ssl-perl (2.002-2+deb8u3) jessie; urgency=medium
+
+  * Fix segfault using malformed client certificates (Closes: #881711)
+
+ -- Salvatore Bonaccorso   Fri, 01 Dec 2017 20:40:51 +0100
+
 libio-socket-ssl-perl (2.002-2+deb8u2) jessie; urgency=medium
 
   * Add 0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch.
diff -Nru 
libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
 
libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
--- 
libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
  1970-01-01 01:00:00.0 +0100
+++ 
libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
  2017-12-01 20:40:51.0 +0100
@@ -0,0 +1,25 @@
+From: Steffen Ullrich 
+Date: Sun, 26 Oct 2014 18:23:15 +0100
+Subject: Propagate error if cert/key could not be used instead of continuing
+ with an invalid context which might cause a segmentation fault
+Origin: 
https://github.com/noxxi/p5-io-socket-ssl/commit/a09f29f423859565bc0384dcfbbc75811d9e4e4a
+Bug-Debian: https://bugs.debian.org/881711
+
+---
+
+diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm
+index 13c6680..2330b45 100644
+--- a/lib/IO/Socket/SSL.pm
 b/lib/IO/Socket/SSL.pm
+@@ -489,7 +489,7 @@ sub configure_SSL {
+ 
+ # create context
+ # this will fill in defaults in $arg_hash
+-$ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash);
++$ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash) || return;
+ 
+ ${*$self}{'_SSL_arguments'} = $arg_hash;
+ ${*$self}{'_SSL_ctx'} = $ctx;
+-- 
+2.15.1
+
diff -Nru libio-socket-ssl-perl-2.002/debian/patches/series 
libio-socket-ssl-perl-2.002/debian/patches/series
--- libio-socket-ssl-perl-2.002/debian/patches/series   2016-10-08 
17:26:51.0 +0200
+++ libio-socket-ssl-perl-2.002/debian/patches/series   2017-12-01 
20:40:51.0 +0100
@@ -1,3 +1,4 @@
 0001-use-only-ICANN-part-in-public-suffix-list.patch
 0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch
 0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch
+0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch

Processed: Re: Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

Processed: Re: Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

6 matches

Site Navigation

Mail list logo

Footer information