Bug#883292: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u3
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi SRM
I know the window for the upcoming point release is this weekend, so
this one might not made it in time. It was reported that the version
in jessie of libio-socket-ssl-perl might segfault when using malformed
client certificates, cf. #881711.
For jessie this issue is open, and the reporter confirmed that the
patch fixes the issue there, so I cherry-picket the change for jessie.
Attached resulted debdiff, would it be fine to include it in this (or
any further point release)?
Regards,
Salvatore
diff -Nru libio-socket-ssl-perl-2.002/debian/changelog libio-socket-ssl-perl-2.002/debian/changelog
--- libio-socket-ssl-perl-2.002/debian/changelog 2016-10-08 17:26:51.000000000 +0200
+++ libio-socket-ssl-perl-2.002/debian/changelog 2017-12-01 20:40:51.000000000 +0100
@@ -1,3 +1,9 @@
+libio-socket-ssl-perl (2.002-2+deb8u3) jessie; urgency=medium
+
+ * Fix segfault using malformed client certificates (Closes: #881711)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Fri, 01 Dec 2017 20:40:51 +0100
+
libio-socket-ssl-perl (2.002-2+deb8u2) jessie; urgency=medium
* Add 0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch.
diff -Nru libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
--- libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch 1970-01-01 01:00:00.000000000 +0100
+++ libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch 2017-12-01 20:40:51.000000000 +0100
@@ -0,0 +1,25 @@
+From: Steffen Ullrich <Steffen_Ullrich@genua.de>
+Date: Sun, 26 Oct 2014 18:23:15 +0100
+Subject: Propagate error if cert/key could not be used instead of continuing
+ with an invalid context which might cause a segmentation fault
+Origin: https://github.com/noxxi/p5-io-socket-ssl/commit/a09f29f423859565bc0384dcfbbc75811d9e4e4a
+Bug-Debian: https://bugs.debian.org/881711
+
+---
+
+diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm
+index 13c6680..2330b45 100644
+--- a/lib/IO/Socket/SSL.pm
++++ b/lib/IO/Socket/SSL.pm
+@@ -489,7 +489,7 @@ sub configure_SSL {
+
+ # create context
+ # this will fill in defaults in $arg_hash
+- $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash);
++ $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash) || return;
+
+ ${*$self}{'_SSL_arguments'} = $arg_hash;
+ ${*$self}{'_SSL_ctx'} = $ctx;
+--
+2.15.1
+
diff -Nru libio-socket-ssl-perl-2.002/debian/patches/series libio-socket-ssl-perl-2.002/debian/patches/series
--- libio-socket-ssl-perl-2.002/debian/patches/series 2016-10-08 17:26:51.000000000 +0200
+++ libio-socket-ssl-perl-2.002/debian/patches/series 2017-12-01 20:40:51.000000000 +0100
@@ -1,3 +1,4 @@
0001-use-only-ICANN-part-in-public-suffix-list.patch
0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch
0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch
+0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
Reply to: