[SRM] Stable update for perdition (1.17.1-2+lenny1)

To: debian-release@lists.debian.org
Cc: 595207@bugs.debian.org, 595432@bugs.debian.org
Subject: [SRM] Stable update for perdition (1.17.1-2+lenny1)
From: Simon Horman <horms@verge.net.au>
Date: Mon, 6 Sep 2010 12:24:57 +0900
Message-id: <[🔎] 20100906032452.GA15038@verge.net.au>

Hi,

I would like the upload of 1.17.1-2+lenny1 considred.
My proposal resolves two bugs.

	* 595207: This is a fix for CVE-2009-3555 and enables
	  session renegotiation to work with Thunderbird 3.1.
	  This was resolve din 1.19~rc3-1 by making an appropriate
	  call to SSL_CTX_set_session_id_context().
	  I propose the same fix for 1.17.1-2+lenny1

	* 595432: Perdition calls make in its postrm but has no dependency
	  on make. This was resolved in 1.18~rc2-1 by removing the call to
	  make. I propose the same fix for 1.17.1-2+lenny1

The diff of the proposed changes is as follows:

diff -u perdition-1.17.1/debian/changelog perdition-1.17.1/debian/changelog
--- perdition-1.17.1/debian/changelog
+++ perdition-1.17.1/debian/changelog
@@ -1,3 +1,19 @@
+perdition (1.17.1-2+lenny1) stable; urgency=low
+
+  * Don't call make from perdition prerm script
+    - make may not be installed
+    - unnecessary clean up of user-generated files
+    - Upstream patch:
+      http://hg.vergenet.net/perdition/perdition/rev/5425b7c0637b
+    - (closes: #595432)
+  * ssl: Set session_id
+    - CVE-2009-3555
+    - Upstream patch: 
+      http://hg.vergenet.net/perdition/perdition/rev/6d85be38374c
+    - (closes: #595207)
+
+ -- Simon Horman <horms@debian.org>  Mon, 06 Sep 2010 11:36:02 +0900
+
 perdition (1.17.1-2) unstable; urgency=low
 
   * Add LSB tags to init script
only in patch2:
unchanged:
--- perdition-1.17.1.orig/debian/perdition.prerm
+++ perdition-1.17.1/debian/perdition.prerm
@@ -3,8 +3,6 @@
 
 #DEBHELPER#
 
-make -C /etc/perdition/ clean > /dev/null
-
 if [ "$1" = "purge"  -o "$1" = "remove" ]; then
 	if [ -f /etc/init.d/perdition ]; then
 		invoke-rc.d perdition stop
only in patch2:
unchanged:
--- perdition-1.17.1.orig/perdition/ssl.c
+++ perdition-1.17.1/perdition/ssl.c
@@ -443,6 +443,15 @@
 		return NULL;
 	}
 
+	/* Set context for session */
+	if (!SSL_CTX_set_session_id_context(ssl_ctx,
+					    (unsigned char *)PACKAGE,
+					    strlen(PACKAGE))) {
+		VANESSA_LOGGER_DEBUG("SSL_CTX_set_session_id_context");
+		SSL_CTX_free(ssl_ctx);
+		return NULL;
+	}
+
 	/*
 	 * Set the available ciphers
 	 */

Reply to:

Follow-Ups:
- Re: [SRM] Stable update for perdition (1.17.1-2+lenny1)
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Bug#595688: unblock: calife/1:3.0.1-2
Next by Date: Bug#595720: future unblock: libdbm-deep-perl/2.0002-1
Previous by thread: Bug#595705: marked as done (unblock: pstack/1.2-2)
Next by thread: Re: [SRM] Stable update for perdition (1.17.1-2+lenny1)
Index(es):
- Date
- Thread