[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#930975: unblock: libmojolicious-perl/8.12+dfsg-2

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package libmojolicious-perl

As of Debian 10 "buster" the system-wide default minimum supported TLS
level is 1.2. The upstream mojolicious source provides an SSL key intended
for local development testing (/CN=localhost) which does not support TLS 1.2
(it was created with RSA:1024 and SHA1 digests).

New installations of buster and migrations from stretch using the updated
openssl configuration will be affected.

Please see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929675 for the
Debian bug report.

The patch provided in libmojolicious-perl 8.12+dfsg-2 replaces the upstream
RSA:1024/SHA1 key with a new key generated for localhost using RSA:4096/SHA256
that supports TLS 1.3. No code changes are made.

$ debdiff libmojolicious-perl_8.12+dfsg-1.dsc libmojolicious-perl_8.12+dfsg-2.dsc
dpkg-source: warning: extracting unsigned source package (/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-1.dsc)
dpkg-source: warning: extracting unsigned source package (/home/nick/dev/src/git/debian-packaging/build-area/libmojolicious-perl_8.12+dfsg-2.dsc)
diff -Nru libmojolicious-perl-8.12+dfsg/debian/changelog libmojolicious-perl-8.12+dfsg/debian/changelog
--- libmojolicious-perl-8.12+dfsg/debian/changelog      2019-02-05 17:58:40.000000000 +0000
+++ libmojolicious-perl-8.12+dfsg/debian/changelog      2019-06-23 19:51:20.000000000 +0100
@@ -1,3 +1,9 @@
+libmojolicious-perl (8.12+dfsg-2) unstable; urgency=medium
+
+  * d/patches: add update-ssl-tls-certificate (Closes: #929675)
+
+ -- Nick Morrott <knowledgejunkie@gmail.com>  Sun, 23 Jun 2019 19:51:20 +0100
+
 libmojolicious-perl (8.12+dfsg-1) unstable; urgency=medium

   * Import upstream version 8.12+dfsg.
diff -Nru libmojolicious-perl-8.12+dfsg/debian/patches/series libmojolicious-perl-8.12+dfsg/debian/patches/series
--- libmojolicious-perl-8.12+dfsg/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libmojolicious-perl-8.12+dfsg/debian/patches/series 2019-06-23 19:51:20.000000000 +0100
@@ -0,0 +1 @@
+update-ssl-tls-certificate
diff -Nru libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate
--- libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate     1970-01-01 01:00:00.000000000 +0100
+++ libmojolicious-perl-8.12+dfsg/debian/patches/update-ssl-tls-certificate     2019-06-23 19:51:20.000000000 +0100
@@ -0,0 +1,143 @@
+Description: Update default https certificate to support TLS 1.2+
+ This patch replaces the upstream https certificate (RSA:1024, SHA1) that is
+ used for local development (CN=localhost) with a new certificate
+ (RSA:4096, SHA256) that supports the updated TLS 1.2 minimum-default-supported
+ TLS level on buster.
+Author: Nick Morrott <knowledgejunkie@gmail.com>
+Forwarded: https://github.com/mojolicious/mojo/pull/1371
+Last-Update: 2019-06-23
+---
+--- a/lib/Mojo/IOLoop/TLS.pm
++++ b/lib/Mojo/IOLoop/TLS.pm
+@@ -14,8 +14,8 @@
+
+ has reactor => sub { Mojo::IOLoop->singleton->reactor }, weak => 1;
+
+-# To regenerate the certificate run this command (18.04.2012)
+-# openssl req -new -x509 -keyout server.key -out server.crt -nodes -days 7300
++# To regenerate the certificate run this command (22.06.2019)
++# openssl req -x509 -newkey rsa:4096 -nodes -sha256 -out server.crt -keyout server.key -days 7300 -subj '/CN=localhost'
+ my $CERT = path(__FILE__)->sibling('resources', 'server.crt')->to_string;
+ my $KEY  = path(__FILE__)->sibling('resources', 'server.key')->to_string;
+
+--- a/lib/Mojo/IOLoop/resources/server.crt
++++ b/lib/Mojo/IOLoop/resources/server.crt
+@@ -1,21 +1,29 @@
+ -----BEGIN CERTIFICATE-----
+-MIIDaTCCAtKgAwIBAgIJAI+AzotR68CTMA0GCSqGSIb3DQEBBQUAMIGAMQswCQYD
+-VQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjESMBAGA1UEBxMJSGFtYmVy
+-Z2VuMRQwEgYDVQQKEwtNb2pvbGljaW91czESMBAGA1UEAxMJbG9jYWxob3N0MRsw
+-GQYJKoZIhvcNAQkBFgxzcmlAY3Bhbi5vcmcwHhcNMTIwNDE4MTczOTU5WhcNMzIw
+-NDEzMTczOTU5WjCBgDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hz
+-ZW4xEjAQBgNVBAcTCUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQ
+-BgNVBAMTCWxvY2FsaG9zdDEbMBkGCSqGSIb3DQEJARYMc3JpQGNwYW4ub3JnMIGf
+-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCohcU0qG+hHn6JK8XdygAJo7EuRqG2
+-5GSHaRRMyYgd89tEluInMH86tVcktJ1s/0VVvr5anAp8L7Pgu01Wr13OfgIzBxCz
+-51ZIFxq4DtimBftXs9Z9M0sui2NuIPDrMEjkYUhUsxMEZcDSp2KJjDosZjSYUiiF
+-G2ACvVGXSrS16QIDAQABo4HoMIHlMB0GA1UdDgQWBBSrZ+hIlPTgV7xx2O9wzdIO
+-/d4osDCBtQYDVR0jBIGtMIGqgBSrZ+hIlPTgV7xx2O9wzdIO/d4osKGBhqSBgzCB
+-gDELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xEjAQBgNVBAcT
+-CUhhbWJlcmdlbjEUMBIGA1UEChMLTW9qb2xpY2lvdXMxEjAQBgNVBAMTCWxvY2Fs
+-aG9zdDEbMBkGCSqGSIb3DQEJARYMc3JpQGNwYW4ub3JnggkAj4DOi1HrwJMwDAYD
+-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAq6MXA7ZeO7B7vAcWxQKeLPKSy
+-Jzkb1bC/agaISDbOwuZ1AoQSj6OQHKhNIdY5v/oLQJ0B8wB0dIigqn1WVacDtPgu
+-PKSrxpqieDCh2bJ7+dyQIzQHgtZqPHi5k1PyNNXQxC94kPWdFp6PpF0M/y97aCxC
+-ZQjKgDfncFWY3FHqUw==
++MIIFCTCCAvGgAwIBAgIUKG1VkDD+euOxwJ5EE1XFMxfrwEQwDQYJKoZIhvcNAQEL
++BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDYyMjIyMTUzN1oXDTM5MDYx
++NzIyMTUzN1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
++AAOCAg8AMIICCgKCAgEA254eaczkm1l/gFgxaDZvHPAWyR/Bxm3rlEQ5X4+n5fvD
++SvZKInHoidh5AcVbvprE3GgwG5IJM8tsKo0Q6h9TSKm8+tBW8oAirbI2WTEj4EFm
++yWpZcxpVpB07Sqx9WlU/1lMnSFR9AyKEpvTwign4iWCKrfJlh2p8cZ1j0y4brdtF
++mBsueJcyAx5ZW+4lBohF83f4tmX/h5zfGRblV6V7EpjMMWCtqBZ5snJxC1QS/nVb
++UrNqapztW1xwtNZxPmf6YArMPTJ0yRjMpEUbhPz3JjWQQmujgLf/KdyAh1L6LE0q
++PtxTfo3Bi2IORVpOJqMxUSkFNYS/Ami/J8+uX8CUDaBFUyff50ws1r2SHXUOSrUd
++kmlNjX5YZlejUku5nc4ouZ7bgDOaKmBNtesrj2wCbULJwEOZKAvBEZqI4ZyDFDoB
++c/y9YOq8qlUGYtIs46VpApN8kjQnuYziR3ZlPNdpKrEn3VEOwb+9NXSNHa5GxiE+
++wzcGvGyPL/CZGZ9dwMty3I+ssxSdqdo/RnfQxWcjOexTCWz59II4wd3XhU+BkiSO
++2GK8103umWBd/0l1rvTyPgV+O+YP/o2u8V+wh6bOQ8EGahc3mOlJfWRegtFelGOY
+++Y+hIMsNqI+WmcTmhRkNbXHcetOvDW1TLj6gTx8sagqTvmuJa5DYzyY1ahSbmfkC
++AwEAAaNTMFEwHQYDVR0OBBYEFD4OORwa3/UhbMhJjPayxNf5vuZzMB8GA1UdIwQY
++MBaAFD4OORwa3/UhbMhJjPayxNf5vuZzMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
++hvcNAQELBQADggIBANiwCKr8zCPr8UP0KwxnTR6HBosDFzONF1WtiMk2Kq9/W3Rh
++qCzG9novw1dhGsuB23E+roxlaw5El+E41TIQ+APnUWwMq+CyaTP+jA1TNLQ5Y/cm
++euCDrQ35QI7I6vhzg82O+s5oX0u33q7M8DByYkXqCLmJ+oZ3dVunNJ0OSMM19tlf
++2wl5iCKwoIE+uVDTZgZlKIDbXmbmr6cH29qTIrQ1xijmk9VZxBxUm7toOiPEK86K
++blMbH6v2cozAMdp3jn8e6EFkug9S+X5VS77BAu6TpewxhOr4kotewB07WckRaGYe
++sIE2UaoBC/8uyrXIXA8XDYEEs1wDFVxlEcBaAQ977SlhLN2RVa1p/4mXU7y2apXQ
++EcEXWM/Z8DKCiKj034zafTOB+9XDjjtluUSm6ECt8QTlaxOXZmQ0kmSfFqEEXdBf
++RyGqzvHIBOspxIg8PWo9WeGh7yUrCO7uJyewUmH77PwMi+LBMXa24en3N+S7p4wk
++ao7BEf/h80g9XmY3kQGTGa4Pc0Bhla9mP61+BG2orl1K7meqZxBvF29c6qx4orQ0
++eux0xKRiSuvsAptyTzGa5+wHCqYrGlKaC+rjqRVKHvyZWeJ5fnrB2CFPSzezG3EE
++emSP/BgDUdQQXDWgAET/nb6n1eCnYKZqwsp+HPNR/42ibQvwh0a6wnmHDeCD
+ -----END CERTIFICATE-----
+--- a/lib/Mojo/IOLoop/resources/server.key
++++ b/lib/Mojo/IOLoop/resources/server.key
+@@ -1,15 +1,52 @@
+------BEGIN RSA PRIVATE KEY-----
+-MIICXAIBAAKBgQCohcU0qG+hHn6JK8XdygAJo7EuRqG25GSHaRRMyYgd89tEluIn
+-MH86tVcktJ1s/0VVvr5anAp8L7Pgu01Wr13OfgIzBxCz51ZIFxq4DtimBftXs9Z9
+-M0sui2NuIPDrMEjkYUhUsxMEZcDSp2KJjDosZjSYUiiFG2ACvVGXSrS16QIDAQAB
+-AoGALSdqp6lZ/7nD/c0Uv1CYofySROv3+KFJrl6hadG1/xCP99jVz9pWvMxKBTO/
+-2qyrT0ZEitK0nIHLmLOXDVr/rxzbxP/kHmkOLKj45jW31BSap89tUpFjFQXFfjwT
+-YnOgOB4+eqQuGwigCqabcQPtFC4fU7Qzk7pdz/kO4FjR0GECQQDdXthCKgS7E5Zy
+-qqzjepxYvKgkWPD3G9H6I8LOtiVBdcehflF8Y61OGsEST3pbOhrijhY281VnD1AG
+-pNL1rOhDAkEAwuKKTN+2GF3m1mPtGW9jpkP8gU2zcO945U0jxpn2srjQ9oIoB45Y
+-gqtE6yybRY4BBd+hMdgeH5dXSwsZW+FMYwJASrFy5LhKylisndoq5cJ8OJDHZyQ/
+-ghF4Ax/H3nmlDnZQOpRlqEP1uPHcDXKVxWxQn/rzUe0+9rw681Lv/4ctAwJAfyLO
+-2muvHaJUr1QtH0S9m4AKwEfyYiC3m8+BIVTbzagoGki62IMSVtxob4uAGBYVsME9
+-JYk5zZ4rgndRKdGGxQJBAIpbdLBKArvnpbYIqNJGG83mUZ/VZaQl0G+S3zGkgre9
+-KjIuz10nNMNAKmGRrTbClLtvAQ9MVa3Xjnp+XmxPFho=
+------END RSA PRIVATE KEY-----
++-----BEGIN PRIVATE KEY-----
++MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDbnh5pzOSbWX+A
++WDFoNm8c8BbJH8HGbeuURDlfj6fl+8NK9koiceiJ2HkBxVu+msTcaDAbkgkzy2wq
++jRDqH1NIqbz60FbygCKtsjZZMSPgQWbJallzGlWkHTtKrH1aVT/WUydIVH0DIoSm
++9PCKCfiJYIqt8mWHanxxnWPTLhut20WYGy54lzIDHllb7iUGiEXzd/i2Zf+HnN8Z
++FuVXpXsSmMwxYK2oFnmycnELVBL+dVtSs2pqnO1bXHC01nE+Z/pgCsw9MnTJGMyk
++RRuE/PcmNZBCa6OAt/8p3ICHUvosTSo+3FN+jcGLYg5FWk4mozFRKQU1hL8CaL8n
++z65fwJQNoEVTJ9/nTCzWvZIddQ5KtR2SaU2NflhmV6NSS7mdzii5ntuAM5oqYE21
++6yuPbAJtQsnAQ5koC8ERmojhnIMUOgFz/L1g6ryqVQZi0izjpWkCk3ySNCe5jOJH
++dmU812kqsSfdUQ7Bv701dI0drkbGIT7DNwa8bI8v8JkZn13Ay3Lcj6yzFJ2p2j9G
++d9DFZyM57FMJbPn0gjjB3deFT4GSJI7YYrzXTe6ZYF3/SXWu9PI+BX475g/+ja7x
++X7CHps5DwQZqFzeY6Ul9ZF6C0V6UY5j5j6Egyw2oj5aZxOaFGQ1tcdx6068NbVMu
++PqBPHyxqCpO+a4lrkNjPJjVqFJuZ+QIDAQABAoICAGjl2nMAicTl96+O8HJtZZ81
++0jxYrc6gnCBigeDyFekU2tAIWZqgO8jzm8DLyql89UCthyT0GO8jX9PnM0gQlFAl
++uv013AHSUD4U3D636QHpWzYjVPxUfMl5qONfBjTKeUZey2mR6XBA4Yl5fxb/8jVz
++5ml1WSdYJn6CBbdN06y0Cka/3O9+kEXLDjWJxyeamYbUK/i7OVVGCY3LUNoPUXyt
++fQKsweWCbrhcT0Bw9O2Tkn4q8k5gDENSIQdPUiHTulR7c9hbLEsNTFm+JInd5hLb
++DL+c+Ci4Oel9x+pbKOFWLjJ+PGc7QFHaESTxIFj2I803QaSxdiapb3yNhyV3L398
++IKQoR8+1CHmDoJ/AqO9Otve7B4mEZpv/005xoGiE/svSbVi4bQgq0CuMJvv8dMn6
++uImveMLJyGSqzV9LOH+gnf9ZK1T8xRHTtiBlmxaAp7nfuBdhk6Hh1VI6THOuOYvc
++ikhLxKqCoTJFOOcgCEPQOwT+YrREVuWM6rJkALgU7mNIq10JI/jjRONEgMLANNQm
++QIuaWAi+OUv8kq5We/8cf+t8o331CUo5A5oypiprYQe9NG5X1jQgLqDZcfo5KiXx
++6cARt0ar81EmrBas8fHbmvfjueQF/ELRwooF+Vxt8fRHmF7eGcAuMfP9fZK8xGE6
++tWZmgwTAvEyshfOT9wEtAoIBAQDwZpUJy1Hhh+7jpnUKEcHV1lvw4u0vUoBMXG+I
++rrOdI2Wp5CHNzUVFeqwaqnEV4o5FodZEqIeq9ZCwgWzzswpb+ilLM+URLDG46e4Z
++vh40BJe7gHuQm6V195C0FKuIc5jW/qpJewxqRbuROOx/fCu7dRt3Ve5TxHG/ZW2V
++WCaMm1T0etG5Xe5gowGTLzYnIsv/Eq/lSfXb3o/3skG1sbbLZ62llQSrXVJIklHt
++UQP7vdIaYDdJBw1/tZ4elRaxF3EAYcGN5jt1sT3FdPqyJ8jz7sMl5qdKKXdxYbAk
++0bLu3FSPrrATfz5Wh7QBKuHrrxj1ctHIdbw1En30jwVGxpfXAoIBAQDp3kx3d7X7
++sKMF9WlJ4kqS9SZX10B4PWJKc1C71sL9i4pt+giaTlViM0inD7pD5bRihQTLprf1
++mkrF+sdgWRKRYMCrestp/3GHgsWJ9en6DAQABFbfYu44kXURNjWs1YshCiPgByHW
++v70oapKkX5XazUB2wJupdjTd1xOkZDCpFp0yLq9gMlgwyThLqshNCGqhXF6C7C9f
++fQ57B/iCBN7rBJLVb8TkNhj9h2VwfMliKtooXrw6AnkYOR9fJZnoFAMb+qKaexx5
++dWJi1W9qX8j6bs11FvJgk8clRyCHchbXnTO6Uk/OF7rwRlYGEEkoRr59JB8BwG3x
++krOegxqz4uKvAoIBAC9MH3qD1CJJOkjz0QcgI0DNId2s5/ltg+yCKzd7F7+M3U2l
++orj47+4Ripbcfc9OeatdgeiUN8z873CqpiL0UM9z0ngHR8QvK8Ez1TKfYxXc6XVs
++e+MhnFYvVPr5Lh50j9eM1zgJy5GFErgpuO4EIh6JldPOxksY1UBQ1lSRuVPko7xO
++BcEwp9u/dmnc2gytHfGbXZwBBywxB6Y2HhN/WXV/enyfawHEJJI+p3vHer8mw5WI
++5JermY5Mz0U5E/PXptXqZchjScOIEZ0tvL0ccr77dM2aKcO/kM5v59X2o/u2wbRb
++LC1J1Zv0qwenxjc2hfSUmI2WDGdssfdRxDn+jJUCggEBAOmD29pWH9Hmd4EVoEHz
++v/6o5dZDyc3FjQVFy1EjiaNc16YkSL66hKr/BgY5wATXsZvFshoeqASGQS8ZzkY3
++6kBa2Ubf34hBVXy3aMLuVugjY0MZEh0PTUoSg0/iTwn6V2dwFo400Ob6oMdgUnfq
++MVk+JKXuf/9fVj5D6Qr2N1g+ikt3LgnhewmLgbicGFBCnSXtczlK16qC1himxs4c
++SvFjqbGQXop4Mc/Eh9cf4n0wyJASt+M8YOl88AQzKU//23LuebnCP5ZPTSPedddD
++OQxF4sSNWwpvxCNGuAZGNuSnxOTAF4tzSmdr860uSb37lWyiyosXNzBFCTC3O8xu
++OWUCggEBAJGYdDmEaYEZLTgL10QfgNFKm0JWXKJJJ3WU+Bcv2lJyIYKqDdQueFSA
++aMNF/84xrEWR7F+4V3r+Ba5OxAiK9wF/KcsHRAJ6aeFtZl+0mPnaCL3NQgmvacGH
++5947mGHwPc/Lc2m03Is4pgHZuntGfDV2gFjvUgzXyFqbxkUb+pykXOF8fezogUB4
++yJ0m1Z653VlsC0TxoDGqBNs7RXevtlTywFH/4dk38pU3K8U5pBd3i3sy3a85uqLK
++YMpCGdtsAqKNZP6Jyn6dqmW/BW1G49jm4IE5LExR9seUc8o8x1DMkkpADwsfdHEt
++yJAem0VCWqqMK02V9nOZ/ZGTPYVnXds=
++-----END PRIVATE KEY-----


unblock libmojolicious-perl/8.12+dfsg-2

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (600, 'testing'), (200, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: