Bug#736971: pu: package gatling/0.12cvs20120114-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#736971: pu: package gatling/0.12cvs20120114-3
From: Roland Stigge <stigge@antcom.de>
Date: Tue, 28 Jan 2014 21:37:05 +0100
Message-id: <[🔎] 20140128203705.23803.47430.reportbug@marx.antcom.de>
Reply-to: Roland Stigge <stigge@antcom.de>, 736971@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

as discussed with Moritz at http://bugs.debian.org/736318, I prepared gatling
0.12cvs20120114-4 for stable. Attached patch is basically Moritz' patch.

Please tell when it's ready for upload.

Roland


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -ruN gatling-0.12cvs20120114/debian/changelog gatling-0.12cvs20120114/debian/changelog
--- gatling-0.12cvs20120114/debian/changelog	2012-11-12 22:13:45.000000000 +0100
+++ gatling-0.12cvs20120114/debian/changelog	2014-01-28 21:26:47.494267979 +0100
@@ -1,3 +1,17 @@
+gatling (0.12cvs20120114-4) stable; urgency=medium
+
+  *  PolarSSL was updated to 1.2.9 in DSA 2782 (due to security fixes which
+     were not backportable to the older releases). Version 1.2.0 introduces
+     several non-backwards-compatible API changes (fully mentioned here:
+     https://polarssl.org/tech-updates/releases/polarssl-1.2.0-released
+     - Rename cipher suites names
+     - Remove call to removed ssl_set_scb() function, TLS session cache is
+       handled internally. Also remove the functions my_get_session() and
+       my_set_session() used for that and adapt the ssl_set_session() call.
+     Thanks to Moritz Mühlenhoff for the patch (Closes: #736318)
+
+ -- Roland Stigge <stigge@antcom.de>  Tue, 28 Jan 2014 21:18:43 +0100
+
 gatling (0.12cvs20120114-3) unstable; urgency=low
 
   * Adding two patches for path traversal vulnerabilities (FTP, HTTP).
diff -ruN gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch
--- gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch	1970-01-01 01:00:00.000000000 +0100
+++ gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch	2014-01-28 21:16:22.345829480 +0100
@@ -0,0 +1,133 @@
+Description: Fix compatibility with polarssl 1.2.x
+ PolarSSL was updated to 1.2.9 in DSA 2782 (due to security fixes which were
+ not backportable to the older releases). Version 1.2.0 introduces several
+ non-backwards-compatible API changes (fully mentioned here:
+ https://polarssl.org/tech-updates/releases/polarssl-1.2.0-released
+ * Rename cipher suites names
+ * Remove call to removed ssl_set_scb() function, TLS session cache is handled
+   internally. Also remove the functions my_get_session() and my_set_session()
+   used for that and adapt the ssl_set_session() call.
+Author: Moritz Mühlenhoff <muehlenhoff@univention.de>
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736318
+
+--- gatling-0.12cvs20120114.orig/pssl.c
++++ gatling-0.12cvs20120114/pssl.c
+@@ -28,95 +28,21 @@ havege_state hs;
+ 
+ int my_ciphersuites[] =
+ {
+-    SSL_EDH_RSA_AES_256_SHA,
+-    SSL_EDH_RSA_CAMELLIA_256_SHA,
+-    SSL_EDH_RSA_AES_128_SHA,
+-    SSL_EDH_RSA_CAMELLIA_128_SHA,
+-    SSL_EDH_RSA_DES_168_SHA,
+-    SSL_RSA_AES_256_SHA,
+-    SSL_RSA_CAMELLIA_256_SHA,
+-    SSL_RSA_AES_128_SHA,
+-    SSL_RSA_CAMELLIA_128_SHA,
+-    SSL_RSA_DES_168_SHA,
+-    SSL_RSA_RC4_128_SHA,
+-    SSL_RSA_RC4_128_MD5,
++    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
++    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
++    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
++    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
++    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
++    TLS_RSA_WITH_AES_256_CBC_SHA,
++    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
++    TLS_RSA_WITH_AES_128_CBC_SHA,
++    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
++    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
++    TLS_RSA_WITH_RC4_128_SHA,
++    TLS_RSA_WITH_RC4_128_MD5,
+     0
+ };
+ 
+-/*
+- * These session callbacks use a simple chained list
+- * to store and retrieve the session information.
+- */
+-ssl_session *s_list_1st = NULL;
+-ssl_session *cur, *prv;
+-
+-static int my_get_session( ssl_context *ssl )
+-{
+-    time_t t = time( NULL );
+-
+-    if( ssl->resume == 0 )
+-        return( 1 );
+-
+-    cur = s_list_1st;
+-    prv = NULL;
+-
+-    while( cur != NULL )
+-    {
+-        prv = cur;
+-        cur = cur->next;
+-
+-        if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
+-            continue;
+-
+-        if( ssl->session->ciphersuite != prv->ciphersuite ||
+-            ssl->session->length != prv->length )
+-            continue;
+-
+-        if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
+-            continue;
+-
+-        memcpy( ssl->session->master, prv->master, 48 );
+-        return( 0 );
+-    }
+-
+-    return( 1 );
+-}
+-
+-static int my_set_session( ssl_context *ssl )
+-{
+-    time_t t = time( NULL );
+-
+-    cur = s_list_1st;
+-    prv = NULL;
+-
+-    while( cur != NULL )
+-    {
+-        if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
+-            break; /* expired, reuse this slot */
+-
+-        if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
+-            break; /* client reconnected */
+-
+-        prv = cur;
+-        cur = cur->next;
+-    }
+-
+-    if( cur == NULL )
+-    {
+-        cur = (ssl_session *) malloc( sizeof( ssl_session ) );
+-        if( cur == NULL )
+-            return( 1 );
+-
+-        if( prv == NULL )
+-              s_list_1st = cur;
+-        else  prv->next  = cur;
+-    }
+-
+-    memcpy( cur, ssl->session, sizeof( ssl_session ) );
+-
+-    return( 0 );
+-}
+-
+ static int my_net_recv( void *ctx, unsigned char *buf, size_t len ) {
+   int sock=(int)(uintptr_t)ctx;
+   return net_recv(&sock,buf,len);
+@@ -178,9 +104,8 @@ fail:
+   ssl_set_authmode( ssl, SSL_VERIFY_NONE );
+   ssl_set_rng( ssl, havege_random, &hs );
+   ssl_set_bio( ssl, my_net_recv, (void*)(uintptr_t)sock, my_net_send, (void*)(uintptr_t)sock );
+-  ssl_set_scb( ssl, my_get_session, my_set_session );
+   ssl_set_ciphersuites( ssl, my_ciphersuites );
+-  ssl_set_session( ssl, 1, 0, ssn );
++  ssl_set_session( ssl, ssn );
+ 
+   ssl_set_ca_chain( ssl, srvcert.next, NULL, NULL );
+   ssl_set_own_cert( ssl, &srvcert, &rsa );
diff -ruN gatling-0.12cvs20120114/debian/patches/series gatling-0.12cvs20120114/debian/patches/series
--- gatling-0.12cvs20120114/debian/patches/series	2012-11-12 22:05:52.000000000 +0100
+++ gatling-0.12cvs20120114/debian/patches/series	2014-01-28 21:24:09.805186884 +0100
@@ -8,3 +8,4 @@
 08-cgi-post-fix.patch
 09-gatling-ftp-fix-traversal.patch
 10-gatling-http-fix-traversal.patch
+11-fix-compat-with-polarssl12.patch

Reply to:

Follow-Ups:
- Bug#736971: pu: package gatling/0.12cvs20120114-3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#736971: pu: package gatling/0.12cvs20120114-3
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#736971: pu: package gatling/0.12cvs20120114-3
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#736920: transition: libcogl15
Next by Date: Processed: Re: Bug#736846: pu: package kfreebsd-9/9.0-10+deb70.6
Previous by thread: Bug#736920: transition: libcogl15
Next by thread: Bug#736971: pu: package gatling/0.12cvs20120114-3
Index(es):
- Date
- Thread