Your message dated Sun, 28 Oct 2012 17:48:57 +0000 with message-id <1351446537.5616.70.camel@jacala.jungle.funky-badger.org> and subject line Re: Bug#689765: unblock: libio-socket-ssl-perl/1.76-2 has caused the Debian Bug report #689765, regarding unblock: libio-socket-ssl-perl/1.76-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 689765: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689765 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: [pre-approval request] unblock: libio-socket-ssl-perl/1.76-2
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 6 Oct 2012 08:22:43 +0200
- Message-id: <[🔎] 20121006062243.GA25397@elende>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Severity: normal Dear Release-Team I have prepared an update for libio-socket-ssl-perl 1.76-1 which is found in wheezy and unstable but not yet uploaded. 1.77 was released upstream to fix[1]. [1]: https://rt.cpan.org/Public/Bug/Display.html?id=79916 Upstream RT#79916 is marked 'Serverity Critical'. As comment in SSL.pm we can read, before the _update_peer subroutine: # called if PeerAddr is not set in ${*$self}{'_SSL_arguments'} # this can be the case if start_SSL is called with a normal IO::Socket::INET # so that PeerAddr|PeerPort are not set from args The following script demostrates the problem, but is not exactly what the comment suggest. I was not able to reproduce a better example. Daniel Kahn Gillmor gave me some quidance on #debian-perl. ----cut---------cut---------cut---------cut---------cut---------cut----- #!/usr/bin/perl use strict; use warnings; use IO::Socket::SSL; use IO::Socket::INET6; my $sock = IO::Socket::INET6->new( PeerAddr => '127.0.0.1', PeerPort => "5556", Type => SOCK_STREAM, ) or die "Cannot construct socket - $@"; use Data::Show; show $sock; my $upgraded_sock = IO::Socket::SSL->start_SSL($sock); use Data::Show; show $upgraded_sock; ----cut---------cut---------cut---------cut---------cut---------cut----- With PeerAddr set to 127.0.0.1 you get for upgraded_sock: ----cut---------cut---------cut---------cut---------cut---------cut----- ======( $upgraded_sock )==================[ 'test.pl', line 19 ]====== do { require Symbol; my $a = bless(Symbol::gensym(), "IO::Socket::SSL"); *{$a} = { _SSL_arguments => { PeerAddr => "127.0.0.1", PeerPort => 5556, Proto => "tcp", SSL_cert_file => "certs/client-cert.pem", SSL_check_crl => 0, SSL_honor_cipher_order => 0, SSL_key_file => "certs/client-key.pem", SSL_server => 0, SSL_use_cert => 0, SSL_verify_mode => 0, SSL_version => "SSLv23:!SSLv2", }, _SSL_ctx => bless({ context => 27267440 }, "IO::Socket::SSL::SSL_Context"), _SSL_fileno => 3, _SSL_ioclass_upgraded => "IO::Socket::INET6", _SSL_object => 27913664, _SSL_opened => 1, io_socket_domain => 2, io_socket_proto => 6, io_socket_timeout => undef, io_socket_type => 1, }; $a; } ----cut---------cut---------cut---------cut---------cut---------cut----- but for '::1' you see that PeerAddr is missing from _SSL_arguments: ----cut---------cut---------cut---------cut---------cut---------cut----- ======( $upgraded_sock )==================[ 'test.pl', line 19 ]====== do { require Symbol; my $a = bless(Symbol::gensym(), "IO::Socket::SSL"); *{$a} = { _SSL_arguments => { Proto => "tcp", SSL_cert_file => "certs/client-cert.pem", SSL_check_crl => 0, SSL_honor_cipher_order => 0, SSL_key_file => "certs/client-key.pem", SSL_server => 0, SSL_use_cert => 0, SSL_verify_mode => 0, SSL_version => "SSLv23:!SSLv2", }, _SSL_ctx => bless({ context => 14291248 }, "IO::Socket::SSL::SSL_Context"), _SSL_fileno => 3, _SSL_ioclass_upgraded => "IO::Socket::INET6", _SSL_object => 14937456, _SSL_opened => 1, io_socket_domain => 10, io_socket_proto => 6, io_socket_timeout => undef, io_socket_type => 1, }; $a; } ----cut---------cut---------cut---------cut---------cut---------cut----- but with the patched IO::Socket::SSL: ----cut---------cut---------cut---------cut---------cut---------cut----- ======( $upgraded_sock )==================[ 'test.pl', line 19 ]====== do { require Symbol; my $a = bless(Symbol::gensym(), "IO::Socket::SSL"); *{$a} = { _SSL_arguments => { PeerAddr => "::1", PeerPort => 5556, Proto => "tcp", SSL_cert_file => "certs/client-cert.pem", SSL_check_crl => 0, SSL_honor_cipher_order => 0, SSL_key_file => "certs/client-key.pem", SSL_server => 0, SSL_use_cert => 0, SSL_verify_mode => 0, SSL_version => "SSLv23:!SSLv2", }, _SSL_ctx => bless({ context => 25240480 }, "IO::Socket::SSL::SSL_Context"), _SSL_fileno => 3, _SSL_ioclass_upgraded => "IO::Socket::INET6", _SSL_object => 25890704, _SSL_opened => 1, io_socket_domain => 10, io_socket_proto => 6, io_socket_timeout => undef, io_socket_type => 1, }; $a; } ----cut---------cut---------cut---------cut---------cut---------cut----- Note I have started a service listening on port 5556 with gnutls-serv. Since I'm no IPv6 expert, I would like to ask on your opinion and if it's okay to upload the package to unstable condidering the attached debdiff. As said as I first wanted to hear back from you, I have not uploaded the package to unstable. Regards, Salvatorediff -Nru libio-socket-ssl-perl-1.76/debian/changelog libio-socket-ssl-perl-1.76/debian/changelog --- libio-socket-ssl-perl-1.76/debian/changelog 2012-06-22 15:40:40.000000000 +0200 +++ libio-socket-ssl-perl-1.76/debian/changelog 2012-10-05 17:42:33.000000000 +0200 @@ -1,3 +1,10 @@ +libio-socket-ssl-perl (1.76-2) unstable; urgency=low + + * Add 0001-Fix-update_peer-subroutine-to-work-with-IPv6.patch patch. + Fix update_peer subroutine to work with IPv6. + + -- Salvatore Bonaccorso <carnil@debian.org> Fri, 05 Oct 2012 17:41:19 +0200 + libio-socket-ssl-perl (1.76-1) unstable; urgency=low * Imported Upstream version 1.75 and 1.76 diff -Nru libio-socket-ssl-perl-1.76/debian/patches/0001-Fix-update_peer-subroutine-to-work-with-IPv6.patch libio-socket-ssl-perl-1.76/debian/patches/0001-Fix-update_peer-subroutine-to-work-with-IPv6.patch --- libio-socket-ssl-perl-1.76/debian/patches/0001-Fix-update_peer-subroutine-to-work-with-IPv6.patch 1970-01-01 01:00:00.000000000 +0100 +++ libio-socket-ssl-perl-1.76/debian/patches/0001-Fix-update_peer-subroutine-to-work-with-IPv6.patch 2012-10-05 17:42:33.000000000 +0200 @@ -0,0 +1,48 @@ +Description: Fix update_peer subroutine to work with IPv6 +Origin: vendor +Bug: https://rt.cpan.org/Public/Bug/Display.html?id=79916 +Forwarded: not-needed +Author: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2012-10-05 + +--- + SSL.pm | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +--- a/SSL.pm ++++ b/SSL.pm +@@ -69,11 +69,11 @@ + my $ip6 = eval { + require Socket; + Socket->VERSION(1.95); +- Socket->import( 'inet_pton' ); ++ Socket->import( qw/inet_pton inet_ntop/ ); + 1; + } || eval { + require Socket6; +- Socket6->import( 'inet_pton' ); ++ Socket6->import( qw/inet_pton inet_ntop/ ); + 1; + }; + +@@ -525,9 +525,17 @@ + my $self = shift; + my $arg_hash = ${*$self}{'_SSL_arguments'}; + eval { +- my ($port,$addr) = sockaddr_in( getpeername( $self )); +- $arg_hash->{PeerAddr} = inet_ntoa( $addr ); +- $arg_hash->{PeerPort} = $port; ++ my $sockaddr = getpeername( $self ); ++ my $af = sockaddr_family($sockaddr); ++ if( $af == AF_INET6 ) { ++ my ($port, $addr, $scope, $flow ) = unpack_sockaddr_in6( $sockaddr ); ++ $arg_hash->{PeerAddr} = inet_ntop( $af, $addr ); ++ $arg_hash->{PeerPort} = $port; ++ } else { ++ my ($port,$addr) = sockaddr_in( $sockaddr); ++ $arg_hash->{PeerAddr} = inet_ntoa( $addr ); ++ $arg_hash->{PeerPort} = $port; ++ } + } + } + diff -Nru libio-socket-ssl-perl-1.76/debian/patches/series libio-socket-ssl-perl-1.76/debian/patches/series --- libio-socket-ssl-perl-1.76/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libio-socket-ssl-perl-1.76/debian/patches/series 2012-10-05 17:42:33.000000000 +0200 @@ -0,0 +1 @@ +0001-Fix-update_peer-subroutine-to-work-with-IPv6.patchAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Salvatore Bonaccorso <carnil@debian.org>, 689765-done@bugs.debian.org
- Subject: Re: Bug#689765: unblock: libio-socket-ssl-perl/1.76-2
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sun, 28 Oct 2012 17:48:57 +0000
- Message-id: <1351446537.5616.70.camel@jacala.jungle.funky-badger.org>
- In-reply-to: <[🔎] 20121028165652.GA553@elende>
- References: <[🔎] 20121006062243.GA25397@elende> <[🔎] 20121028165652.GA553@elende>
On Sun, 2012-10-28 at 17:56 +0100, Salvatore Bonaccorso wrote: > I asked on IRC on #debian-release if it is okay to upload this to > unstable to give it testing. Neil McGovern answered me to upload it > now to unstable and ping here again when accepted. > > Would it possible to unblock it? Only change is the patch applied by > upstream. Debdiff for the package is attached. Unblocked; thanks. Regards, Adam
--- End Message ---