Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 01 Dec 2017 20:47:24 +0100
Message-id: <[🔎] 151215764434.30572.11751441815089627049.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 883292@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi SRM

I know the window for the upcoming point release is this weekend, so
this one might not made it in time. It was reported that the version
in jessie of libio-socket-ssl-perl might segfault when using malformed
client certificates, cf. #881711.

For jessie this issue is open, and the reporter confirmed that the
patch fixes the issue there, so I cherry-picket the change for jessie.

Attached resulted debdiff, would it be fine to include it in this (or
any further point release)?

Regards,
Salvatore

diff -Nru libio-socket-ssl-perl-2.002/debian/changelog libio-socket-ssl-perl-2.002/debian/changelog
--- libio-socket-ssl-perl-2.002/debian/changelog	2016-10-08 17:26:51.000000000 +0200
+++ libio-socket-ssl-perl-2.002/debian/changelog	2017-12-01 20:40:51.000000000 +0100
@@ -1,3 +1,9 @@
+libio-socket-ssl-perl (2.002-2+deb8u3) jessie; urgency=medium
+
+  * Fix segfault using malformed client certificates (Closes: #881711)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 01 Dec 2017 20:40:51 +0100
+
 libio-socket-ssl-perl (2.002-2+deb8u2) jessie; urgency=medium
 
   * Add 0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch.
diff -Nru libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
--- libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch	1970-01-01 01:00:00.000000000 +0100
+++ libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch	2017-12-01 20:40:51.000000000 +0100
@@ -0,0 +1,25 @@
+From: Steffen Ullrich <Steffen_Ullrich@genua.de>
+Date: Sun, 26 Oct 2014 18:23:15 +0100
+Subject: Propagate error if cert/key could not be used instead of continuing
+ with an invalid context which might cause a segmentation fault
+Origin: https://github.com/noxxi/p5-io-socket-ssl/commit/a09f29f423859565bc0384dcfbbc75811d9e4e4a
+Bug-Debian: https://bugs.debian.org/881711
+
+---
+
+diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm
+index 13c6680..2330b45 100644
+--- a/lib/IO/Socket/SSL.pm
++++ b/lib/IO/Socket/SSL.pm
+@@ -489,7 +489,7 @@ sub configure_SSL {
+ 
+     # create context
+     # this will fill in defaults in $arg_hash
+-    $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash);
++    $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash) || return;
+ 
+     ${*$self}{'_SSL_arguments'} = $arg_hash;
+     ${*$self}{'_SSL_ctx'} = $ctx;
+-- 
+2.15.1
+
diff -Nru libio-socket-ssl-perl-2.002/debian/patches/series libio-socket-ssl-perl-2.002/debian/patches/series
--- libio-socket-ssl-perl-2.002/debian/patches/series	2016-10-08 17:26:51.000000000 +0200
+++ libio-socket-ssl-perl-2.002/debian/patches/series	2017-12-01 20:40:51.000000000 +0100
@@ -1,3 +1,4 @@
 0001-use-only-ICANN-part-in-public-suffix-list.patch
 0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch
 0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch
+0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch

Reply to:

Next by Date: Help to get Perl scripts of clonalorigin working needed
Next by thread: Help to get Perl scripts of clonalorigin working needed
Index(es):
- Date
- Thread