Bug#769787: unblock (pre-approval): poco 1.3.6p1-5
Control: tags -1 moreinfo
On 2014-11-16 13:52, Cristian Greco wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Hi,
>
> I'm seeking approval for the upload of poco 1.3.6p1-5.
>
Hi Cristian,
Thanks for doing this.
> I received a patch for CVE-2014-0350 (#746637) from Maxime Chatelle,
> who prepared an upload for unstable.
>
> Debdiff is attached, dsc is available on mentors:
> http://mentors.debian.net/debian/pool/main/p/poco/poco_1.3.6p1-5.dsc
>
> I don't see problems with the patch but would like approval from the
> release team before going ahead. If we don't apply the patch now, poco
> 1.3.6p1-4 should be removed from testing.
>
> Thanks,
> --
> Cristian Greco
> GPG key ID: 0xCF4D32E4
>
> [...]
> +diff -urNad poco-1.3.6p1~/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h poco-1.3.6p1/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h
> +--- poco-1.3.6p1~/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h 2009-12-21 19:15:02.000000000 +0100
> ++++ poco-1.3.6p1/NetSSL_OpenSSL/include/Poco/Net/X509Certificate.h 2014-11-07 22:09:56.519596616 +0100
> +@@ -102,7 +102,7 @@
> +
> + protected:
> + static bool containsWildcards(const std::string& commonName);
> +- static bool matchByAlias(const std::string& alias, const HostEntry& heData);
> ++ static bool matchWildcard(const std::string& wildcard, const std::string& hostName);
> +
> [...]
I suspect we might have an issue here. Changing the name (and/or
arguments) of a protected symbol is definitely an ABI breakage. Since
this is part of a public header it is also an API breakage.
Unfortunatly, I cannot accept the changes as-is. That said, if you can
provide an alternative solution without breaking neither ABI nor API, I
would be interested in seeing it.
~Niels
Reply to: