Bug#728253: pu: package libnet-smtp-tls-butmaintained-perl/0.17-1+deb7u1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
Hi Stable Release Managers
The Perl module found int libnet-smtp-tls-butmaintained-perl
(Net::SMTP::TLS::ButMaintained) suffers from an error in the use of
SSL_version in the code, which in the version in wheezy is used as
SSL_version => "SSLv3 TLSv1"
I have opened http://bugs.debian.org/728248. This causes first a error
message and sending a mail actually fails.
I have prepared a debdiff with the changes upstream has done up to
0.21, and also bumped the dependency (satisfied in wheezy) to make
clear this version is needed to guarantee
Net::SMTP::TLS::ButMaintained working.
Attached is the debdiff to fix this issue.
Could you accept the package for stable-proposed-updates?
p.s.: the "old, and unmaintained" Net::SMTP::TLS module suffers from
the same problem, I will fix this in unstable first, and then also ask
back for a pu also for this one later.
Regards,
Salvatore
diff -Nru libnet-smtp-tls-butmaintained-perl-0.17/debian/changelog libnet-smtp-tls-butmaintained-perl-0.17/debian/changelog
--- libnet-smtp-tls-butmaintained-perl-0.17/debian/changelog 2011-06-19 18:55:37.000000000 +0200
+++ libnet-smtp-tls-butmaintained-perl-0.17/debian/changelog 2013-10-29 23:33:55.000000000 +0100
@@ -1,3 +1,17 @@
+libnet-smtp-tls-butmaintained-perl (0.17-1+deb7u1) wheezy; urgency=low
+
+ * Team upload.
+ * Add fix-misuse-of-IO-Socket-SSL.patch.
+ Fixes misuse of IO::Socket::SSL in the SSL_version argument (wrong
+ syntax). This causes the errors like "invalid SSL_version specified at
+ /usr/share/perl5/IO/Socket/SSL.pm line 332". (Closes: #728248)
+ * Update (build-)dependency for IO::Socket::SSL.
+ Update Build-Depends-Indep and Depends on libio-socket-ssl-perl to
+ explicitly require at least 1.76 to guarantee to work when applied the
+ patch for #728248.
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 29 Oct 2013 23:22:48 +0100
+
libnet-smtp-tls-butmaintained-perl (0.17-1) unstable; urgency=low
* Initial Release. (Closes: #630981)
diff -Nru libnet-smtp-tls-butmaintained-perl-0.17/debian/control libnet-smtp-tls-butmaintained-perl-0.17/debian/control
--- libnet-smtp-tls-butmaintained-perl-0.17/debian/control 2011-06-19 18:55:37.000000000 +0200
+++ libnet-smtp-tls-butmaintained-perl-0.17/debian/control 2013-10-29 23:33:55.000000000 +0100
@@ -3,7 +3,7 @@
Priority: optional
Build-Depends: debhelper (>= 8)
Build-Depends-Indep: libdigest-hmac-perl,
- libio-socket-ssl-perl,
+ libio-socket-ssl-perl (>= 1.76),
libnet-ssleay-perl,
perl
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
@@ -17,7 +17,7 @@
Architecture: all
Depends: ${misc:Depends}, ${perl:Depends},
libdigest-hmac-perl,
- libio-socket-ssl-perl,
+ libio-socket-ssl-perl (>= 1.76),
libnet-ssleay-perl
Description: Perl module for providing SMTP client supporting TLS and AUTH
Net::SMTP::TLS::ButMaintained is a TLS and AUTH capable SMTP client which
diff -Nru libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/fix-misuse-of-IO-Socket-SSL.patch libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/fix-misuse-of-IO-Socket-SSL.patch
--- libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/fix-misuse-of-IO-Socket-SSL.patch 1970-01-01 01:00:00.000000000 +0100
+++ libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/fix-misuse-of-IO-Socket-SSL.patch 2013-10-29 23:33:55.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Fix misuse of IO::Socket::SSL
+Origin: upstream, https://metacpan.org/diff/release/FAYLAND/Net-SMTP-TLS-ButMaintained-0.17/FAYLAND/Net-SMTP-TLS-ButMaintained-0.21
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=77865
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2013-10-29
+Applied-Upstream: 0.21
+
+--- a/lib/Net/SMTP/TLS/ButMaintained.pm
++++ b/lib/Net/SMTP/TLS/ButMaintained.pm
+@@ -113,7 +113,7 @@
+ }
+ if (
+ not IO::Socket::SSL::socket_to_SSL(
+- $me->{sock}, SSL_version => "SSLv3 TLSv1"
++ $me->{sock}, { SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE }
+ )
+ )
+ {
diff -Nru libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/series libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/series
--- libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/series 2011-06-19 18:55:37.000000000 +0200
+++ libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/series 2013-10-29 23:33:55.000000000 +0100
@@ -1 +1,2 @@
tests.patch
+fix-misuse-of-IO-Socket-SSL.patch
Reply to: