Bug#736971: pu: package gatling/0.12cvs20120114-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
as discussed with Moritz at http://bugs.debian.org/736318, I prepared gatling
0.12cvs20120114-4 for stable. Attached patch is basically Moritz' patch.
Please tell when it's ready for upload.
Roland
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -ruN gatling-0.12cvs20120114/debian/changelog gatling-0.12cvs20120114/debian/changelog
--- gatling-0.12cvs20120114/debian/changelog 2012-11-12 22:13:45.000000000 +0100
+++ gatling-0.12cvs20120114/debian/changelog 2014-01-28 21:26:47.494267979 +0100
@@ -1,3 +1,17 @@
+gatling (0.12cvs20120114-4) stable; urgency=medium
+
+ * PolarSSL was updated to 1.2.9 in DSA 2782 (due to security fixes which
+ were not backportable to the older releases). Version 1.2.0 introduces
+ several non-backwards-compatible API changes (fully mentioned here:
+ https://polarssl.org/tech-updates/releases/polarssl-1.2.0-released
+ - Rename cipher suites names
+ - Remove call to removed ssl_set_scb() function, TLS session cache is
+ handled internally. Also remove the functions my_get_session() and
+ my_set_session() used for that and adapt the ssl_set_session() call.
+ Thanks to Moritz Mühlenhoff for the patch (Closes: #736318)
+
+ -- Roland Stigge <stigge@antcom.de> Tue, 28 Jan 2014 21:18:43 +0100
+
gatling (0.12cvs20120114-3) unstable; urgency=low
* Adding two patches for path traversal vulnerabilities (FTP, HTTP).
diff -ruN gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch
--- gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch 1970-01-01 01:00:00.000000000 +0100
+++ gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch 2014-01-28 21:16:22.345829480 +0100
@@ -0,0 +1,133 @@
+Description: Fix compatibility with polarssl 1.2.x
+ PolarSSL was updated to 1.2.9 in DSA 2782 (due to security fixes which were
+ not backportable to the older releases). Version 1.2.0 introduces several
+ non-backwards-compatible API changes (fully mentioned here:
+ https://polarssl.org/tech-updates/releases/polarssl-1.2.0-released
+ * Rename cipher suites names
+ * Remove call to removed ssl_set_scb() function, TLS session cache is handled
+ internally. Also remove the functions my_get_session() and my_set_session()
+ used for that and adapt the ssl_set_session() call.
+Author: Moritz Mühlenhoff <muehlenhoff@univention.de>
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736318
+
+--- gatling-0.12cvs20120114.orig/pssl.c
++++ gatling-0.12cvs20120114/pssl.c
+@@ -28,95 +28,21 @@ havege_state hs;
+
+ int my_ciphersuites[] =
+ {
+- SSL_EDH_RSA_AES_256_SHA,
+- SSL_EDH_RSA_CAMELLIA_256_SHA,
+- SSL_EDH_RSA_AES_128_SHA,
+- SSL_EDH_RSA_CAMELLIA_128_SHA,
+- SSL_EDH_RSA_DES_168_SHA,
+- SSL_RSA_AES_256_SHA,
+- SSL_RSA_CAMELLIA_256_SHA,
+- SSL_RSA_AES_128_SHA,
+- SSL_RSA_CAMELLIA_128_SHA,
+- SSL_RSA_DES_168_SHA,
+- SSL_RSA_RC4_128_SHA,
+- SSL_RSA_RC4_128_MD5,
++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
++ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
++ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
++ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
++ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
++ TLS_RSA_WITH_AES_256_CBC_SHA,
++ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
++ TLS_RSA_WITH_AES_128_CBC_SHA,
++ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
++ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
++ TLS_RSA_WITH_RC4_128_SHA,
++ TLS_RSA_WITH_RC4_128_MD5,
+ 0
+ };
+
+-/*
+- * These session callbacks use a simple chained list
+- * to store and retrieve the session information.
+- */
+-ssl_session *s_list_1st = NULL;
+-ssl_session *cur, *prv;
+-
+-static int my_get_session( ssl_context *ssl )
+-{
+- time_t t = time( NULL );
+-
+- if( ssl->resume == 0 )
+- return( 1 );
+-
+- cur = s_list_1st;
+- prv = NULL;
+-
+- while( cur != NULL )
+- {
+- prv = cur;
+- cur = cur->next;
+-
+- if( ssl->timeout != 0 && t - prv->start > ssl->timeout )
+- continue;
+-
+- if( ssl->session->ciphersuite != prv->ciphersuite ||
+- ssl->session->length != prv->length )
+- continue;
+-
+- if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 )
+- continue;
+-
+- memcpy( ssl->session->master, prv->master, 48 );
+- return( 0 );
+- }
+-
+- return( 1 );
+-}
+-
+-static int my_set_session( ssl_context *ssl )
+-{
+- time_t t = time( NULL );
+-
+- cur = s_list_1st;
+- prv = NULL;
+-
+- while( cur != NULL )
+- {
+- if( ssl->timeout != 0 && t - cur->start > ssl->timeout )
+- break; /* expired, reuse this slot */
+-
+- if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 )
+- break; /* client reconnected */
+-
+- prv = cur;
+- cur = cur->next;
+- }
+-
+- if( cur == NULL )
+- {
+- cur = (ssl_session *) malloc( sizeof( ssl_session ) );
+- if( cur == NULL )
+- return( 1 );
+-
+- if( prv == NULL )
+- s_list_1st = cur;
+- else prv->next = cur;
+- }
+-
+- memcpy( cur, ssl->session, sizeof( ssl_session ) );
+-
+- return( 0 );
+-}
+-
+ static int my_net_recv( void *ctx, unsigned char *buf, size_t len ) {
+ int sock=(int)(uintptr_t)ctx;
+ return net_recv(&sock,buf,len);
+@@ -178,9 +104,8 @@ fail:
+ ssl_set_authmode( ssl, SSL_VERIFY_NONE );
+ ssl_set_rng( ssl, havege_random, &hs );
+ ssl_set_bio( ssl, my_net_recv, (void*)(uintptr_t)sock, my_net_send, (void*)(uintptr_t)sock );
+- ssl_set_scb( ssl, my_get_session, my_set_session );
+ ssl_set_ciphersuites( ssl, my_ciphersuites );
+- ssl_set_session( ssl, 1, 0, ssn );
++ ssl_set_session( ssl, ssn );
+
+ ssl_set_ca_chain( ssl, srvcert.next, NULL, NULL );
+ ssl_set_own_cert( ssl, &srvcert, &rsa );
diff -ruN gatling-0.12cvs20120114/debian/patches/series gatling-0.12cvs20120114/debian/patches/series
--- gatling-0.12cvs20120114/debian/patches/series 2012-11-12 22:05:52.000000000 +0100
+++ gatling-0.12cvs20120114/debian/patches/series 2014-01-28 21:24:09.805186884 +0100
@@ -8,3 +8,4 @@
08-cgi-post-fix.patch
09-gatling-ftp-fix-traversal.patch
10-gatling-http-fix-traversal.patch
+11-fix-compat-with-polarssl12.patch
Reply to: