[SRM] Stable update for perdition (1.17.1-2+lenny1)
Hi,
I would like the upload of 1.17.1-2+lenny1 considred.
My proposal resolves two bugs.
* 595207: This is a fix for CVE-2009-3555 and enables
session renegotiation to work with Thunderbird 3.1.
This was resolve din 1.19~rc3-1 by making an appropriate
call to SSL_CTX_set_session_id_context().
I propose the same fix for 1.17.1-2+lenny1
* 595432: Perdition calls make in its postrm but has no dependency
on make. This was resolved in 1.18~rc2-1 by removing the call to
make. I propose the same fix for 1.17.1-2+lenny1
The diff of the proposed changes is as follows:
diff -u perdition-1.17.1/debian/changelog perdition-1.17.1/debian/changelog
--- perdition-1.17.1/debian/changelog
+++ perdition-1.17.1/debian/changelog
@@ -1,3 +1,19 @@
+perdition (1.17.1-2+lenny1) stable; urgency=low
+
+ * Don't call make from perdition prerm script
+ - make may not be installed
+ - unnecessary clean up of user-generated files
+ - Upstream patch:
+ http://hg.vergenet.net/perdition/perdition/rev/5425b7c0637b
+ - (closes: #595432)
+ * ssl: Set session_id
+ - CVE-2009-3555
+ - Upstream patch:
+ http://hg.vergenet.net/perdition/perdition/rev/6d85be38374c
+ - (closes: #595207)
+
+ -- Simon Horman <horms@debian.org> Mon, 06 Sep 2010 11:36:02 +0900
+
perdition (1.17.1-2) unstable; urgency=low
* Add LSB tags to init script
only in patch2:
unchanged:
--- perdition-1.17.1.orig/debian/perdition.prerm
+++ perdition-1.17.1/debian/perdition.prerm
@@ -3,8 +3,6 @@
#DEBHELPER#
-make -C /etc/perdition/ clean > /dev/null
-
if [ "$1" = "purge" -o "$1" = "remove" ]; then
if [ -f /etc/init.d/perdition ]; then
invoke-rc.d perdition stop
only in patch2:
unchanged:
--- perdition-1.17.1.orig/perdition/ssl.c
+++ perdition-1.17.1/perdition/ssl.c
@@ -443,6 +443,15 @@
return NULL;
}
+ /* Set context for session */
+ if (!SSL_CTX_set_session_id_context(ssl_ctx,
+ (unsigned char *)PACKAGE,
+ strlen(PACKAGE))) {
+ VANESSA_LOGGER_DEBUG("SSL_CTX_set_session_id_context");
+ SSL_CTX_free(ssl_ctx);
+ return NULL;
+ }
+
/*
* Set the available ciphers
*/
Reply to: