Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 590873@bugs.debian.org, debian-release@lists.debian.org
Subject: Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates
From: Dominic Hargreaves <dom@earth.li>
Date: Sat, 28 Aug 2010 11:50:49 +0100
Message-id: <[🔎] 20100828105049.GA26110@urchin.earth.li>
In-reply-to: <[🔎] 1281902206.29656.3117.camel@kaa.jungle.aubergine.my-net-space.net>
References: <alpine.DEB.2.00.1007291535200.14251@dr-wily.mit.edu> <[🔎] 20100815151308.GI547@urchin.earth.li> <[🔎] 1281902206.29656.3117.camel@kaa.jungle.aubergine.my-net-space.net>

On Sun, Aug 15, 2010 at 08:56:46PM +0100, Adam D. Barratt wrote:
> On Sun, 2010-08-15 at 16:13 +0100, Dominic Hargreaves wrote:
> > To the untrained eye, the diff between
> > 6732c0e8ccb4d57d6a970973f994a9d2d3509def
> > and
> > 3b2738befa7fe934d0d55b77fe1fcf28aafbe424
> > 
> > in upstream git is what's required for this, but the patch would need
> > a bit of work to apply cleanly. Note also that there
> > are some memory leaks fixed in 2.25 which might be a good idea to fix
> > too.
> > 
> > Given all this, might the best idea be allow an exception for the 
> > new upstream? The full changelog is:
> 
> Most of the changes sound potentially worthy of inclusion.  What does
> the debdiff look like?

File lists identical (after any substitutions)

Control files: lines which differ (wdiff format)
------------------------------------------------
Installed-Size: [-196-] {+208+}
Version: [-2.22-1.1-] {+2.25-0.1+}

Trivial interdiff (including reverted patch included upstream)
attached.

I've tested 2.25-0.1 against a Cisco VPN service, and basic
functionality works fine.

Let me know if it's okay to upload.

Cheers,
Dominic.


-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

reverted:
--- openconnect-2.22/ssl.c
+++ openconnect-2.22.orig/ssl.c
@@ -33,7 +33,7 @@
 #include <stdio.h>
 #if defined(__linux__)
 #include <sys/vfs.h>
+#elif defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__APPLE__)
-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__OpenBSD__) || defined(__APPLE__)
 #include <sys/param.h>
 #include <sys/mount.h>
 #elif defined (__sun__)
reverted:
--- openconnect-2.22/version.c
+++ openconnect-2.22.orig/version.c
@@ -1 +1 @@
+char openconnect_version[] = "v2.22";
-char openconnect_version[] = "v2.22-unknown";
diff -u openconnect-2.22/debian/changelog openconnect-2.25/debian/changelog
--- openconnect-2.22/debian/changelog
+++ openconnect-2.25/debian/changelog
@@ -1,3 +1,11 @@
+openconnect (2.25-0.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * New upstream release (Closes: #566188)
+    - always verify SSL server certificates (Closes: #590873)
+
+ -- Dominic Hargreaves <dom@earth.li>  Sat, 28 Aug 2010 11:21:16 +0100
+
 openconnect (2.22-1.1) unstable; urgency=low
 
   * Non-maintainer upload.

Reply to:

Follow-Ups:
- Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates
  - From: Julien Cristau <jcristau@debian.org>

References:
- Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates
  - From: Dominic Hargreaves <dom@earth.li>
- Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#594681: unblock: gdebi/0.6.3
Next by Date: Re: please unblock drush 3.3
Previous by thread: Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates
Next by thread: Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates
Index(es):
- Date
- Thread