Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Hi SRM I know the window for the upcoming point release is this weekend, so this one might not made it in time. It was reported that the version in jessie of libio-socket-ssl-perl might segfault when using malformed client certificates, cf. #881711. For jessie this issue is open, and the reporter confirmed that the patch fixes the issue there, so I cherry-picket the change for jessie. Attached resulted debdiff, would it be fine to include it in this (or any further point release)? Regards, Salvatore
diff -Nru libio-socket-ssl-perl-2.002/debian/changelog libio-socket-ssl-perl-2.002/debian/changelog --- libio-socket-ssl-perl-2.002/debian/changelog 2016-10-08 17:26:51.000000000 +0200 +++ libio-socket-ssl-perl-2.002/debian/changelog 2017-12-01 20:40:51.000000000 +0100 @@ -1,3 +1,9 @@ +libio-socket-ssl-perl (2.002-2+deb8u3) jessie; urgency=medium + + * Fix segfault using malformed client certificates (Closes: #881711) + + -- Salvatore Bonaccorso <car...@debian.org> Fri, 01 Dec 2017 20:40:51 +0100 + libio-socket-ssl-perl (2.002-2+deb8u2) jessie; urgency=medium * Add 0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch. diff -Nru libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch --- libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch 1970-01-01 01:00:00.000000000 +0100 +++ libio-socket-ssl-perl-2.002/debian/patches/0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch 2017-12-01 20:40:51.000000000 +0100 @@ -0,0 +1,25 @@ +From: Steffen Ullrich <steffen_ullr...@genua.de> +Date: Sun, 26 Oct 2014 18:23:15 +0100 +Subject: Propagate error if cert/key could not be used instead of continuing + with an invalid context which might cause a segmentation fault +Origin: https://github.com/noxxi/p5-io-socket-ssl/commit/a09f29f423859565bc0384dcfbbc75811d9e4e4a +Bug-Debian: https://bugs.debian.org/881711 + +--- + +diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm +index 13c6680..2330b45 100644 +--- a/lib/IO/Socket/SSL.pm ++++ b/lib/IO/Socket/SSL.pm +@@ -489,7 +489,7 @@ sub configure_SSL { + + # create context + # this will fill in defaults in $arg_hash +- $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash); ++ $ctx ||= IO::Socket::SSL::SSL_Context->new($arg_hash) || return; + + ${*$self}{'_SSL_arguments'} = $arg_hash; + ${*$self}{'_SSL_ctx'} = $ctx; +-- +2.15.1 + diff -Nru libio-socket-ssl-perl-2.002/debian/patches/series libio-socket-ssl-perl-2.002/debian/patches/series --- libio-socket-ssl-perl-2.002/debian/patches/series 2016-10-08 17:26:51.000000000 +0200 +++ libio-socket-ssl-perl-2.002/debian/patches/series 2017-12-01 20:40:51.000000000 +0100 @@ -1,3 +1,4 @@ 0001-use-only-ICANN-part-in-public-suffix-list.patch 0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch 0001-remove-r-for-checking-SSL_-cert-key-_file-since-this.patch +0001-Propagate-error-if-cert-key-could-not-be-used-instea.patch
