Bug#912425: stretch-pu: package libxml-stream-perl/1.24-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#912425: stretch-pu: package libxml-stream-perl/1.24-2
From: Florian Schlichting <fsfs@debian.org>
Date: Wed, 31 Oct 2018 12:49:46 +0100
Message-id: <[🔎] 154098658616.3311.1619123268941313285.reportbug@drosophila.zedat.fu-berlin.de>
Reply-to: Florian Schlichting <fsfs@debian.org>, 912425@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

libxml-stream-perl in Stretch turns on verification of SSL certificates
by default, but fails to provide a default path to the CA root
certificates, without which all encrypted connections fail.

In Debian, the default set of certificates is located in /etc/ssl/certs,
so instead - or in addition to - fixing every program using
libxml-stream-perl behind the curtain (such as sendxmpp), this update
ensures a working set of defaults.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru libxml-stream-perl-1.24/debian/changelog libxml-stream-perl-1.24/debian/changelog
--- libxml-stream-perl-1.24/debian/changelog	2015-06-05 22:03:56.000000000 +0200
+++ libxml-stream-perl-1.24/debian/changelog	2018-10-31 12:00:40.000000000 +0100
@@ -1,3 +1,9 @@
+libxml-stream-perl (1.24-2+deb9u1) stretch; urgency=medium
+
+  * Provide a default CA path (closes: #908027, LP: 1774614)
+
+ -- Florian Schlichting <fsfs@debian.org>  Wed, 31 Oct 2018 12:00:40 +0100
+
 libxml-stream-perl (1.24-2) unstable; urgency=medium
 
   * Team upload.
diff -Nru libxml-stream-perl-1.24/debian/patches/default-ca-path.patch libxml-stream-perl-1.24/debian/patches/default-ca-path.patch
--- libxml-stream-perl-1.24/debian/patches/default-ca-path.patch	1970-01-01 01:00:00.000000000 +0100
+++ libxml-stream-perl-1.24/debian/patches/default-ca-path.patch	2018-10-31 11:59:27.000000000 +0100
@@ -0,0 +1,18 @@
+Description: provide a default ssl_ca_path
+ ssl_verify is on by default, but will fail unless provided with a valid
+ ssl_ca_path. On Debian, commonly trusted CA certificates are stored in
+ /etc/ssl/certs
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908027
+Forwarded: https://github.com/dap/XML-Stream/issues/19
+
+--- a/lib/XML/Stream.pm
++++ b/lib/XML/Stream.pm
+@@ -220,7 +220,7 @@
+     $self->{SIDS}->{default}->{ssl} = 0;
+     $self->{SIDS}->{default}->{_tls} = 0;
+     $self->{SIDS}->{default}->{ssl_verify} = 0x01; # verify peer by default
+-    $self->{SIDS}->{default}->{ssl_ca_path} = '';
++    $self->{SIDS}->{default}->{ssl_ca_path} = '/etc/ssl/certs';
+     $self->{SIDS}->{default}->{namespace} = "";
+     $self->{SIDS}->{default}->{myhostname} = $fullname;
+     $self->{SIDS}->{default}->{derivedhostname} = $fullname;
diff -Nru libxml-stream-perl-1.24/debian/patches/series libxml-stream-perl-1.24/debian/patches/series
--- libxml-stream-perl-1.24/debian/patches/series	2015-06-05 22:03:56.000000000 +0200
+++ libxml-stream-perl-1.24/debian/patches/series	2018-10-31 11:59:27.000000000 +0100
@@ -1 +1,2 @@
 t_upstream_uninitialized_value.diff
+default-ca-path.patch

Reply to:

Follow-Ups:
- Bug#912425: stretch-pu: package libxml-stream-perl/1.24-2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#912425: stretch-pu: package libxml-stream-perl/1.24-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: tagging 910065
Next by Date: Bug#912367: stretch-pu: package gthumb/3:3.4.4.1-5
Previous by thread: Processed: tagging 910065
Next by thread: Bug#912425: stretch-pu: package libxml-stream-perl/1.24-2
Index(es):
- Date
- Thread