Bug#699031: unblock: php-cas/1.3.1-4

Sat, 26 Jan 2013 07:45:27 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package php-cas

The previous upload in 1.3.1-3 (security fix) included an incorrect fix from 
upstream (#698946).

I've now applied the fix (taken from upstream again) and uploaded to unstable. 
Please make sure the fix transitions to wheezy.

Many thanks in advance.

Best regards,


unblock php-cas/1.3.1-4

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (650, 'testing'), (500, 'testing-proposed-updates')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru php-cas-1.3.1/debian/changelog php-cas-1.3.1/debian/changelog
--- php-cas-1.3.1/debian/changelog	2012-12-12 18:43:39.000000000 +0100
+++ php-cas-1.3.1/debian/changelog	2013-01-26 15:54:51.000000000 +0100
@@ -1,3 +1,10 @@
+php-cas (1.3.1-4) unstable; urgency=high
+
+  * Fix wrong call to setSslCaCert() thanks to Thijs Kinkhorst (Closes:
+    #698946).
+
+ -- Olivier Berger <ober...@debian.org>  Sat, 26 Jan 2013 15:43:53 +0100
+
 php-cas (1.3.1-3) unstable; urgency=high
 
   * The previous upload missed the CVE-2012-5583 reference. Rewriting the
diff -Nru php-cas-1.3.1/debian/patches/0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch php-cas-1.3.1/debian/patches/0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch
--- php-cas-1.3.1/debian/patches/0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch	1970-01-01 01:00:00.000000000 +0100
+++ php-cas-1.3.1/debian/patches/0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch	2013-01-26 15:54:51.000000000 +0100
@@ -0,0 +1,69 @@
+From: jfritschi <jfrits...@freenet.de>
+Date: Sun, 16 Dec 2012 17:04:31 +0100
+Subject: =?UTF-8?q?#58=20fix=20bug=20introduced=20in=20previous=20patches.=20?=
+ =?UTF-8?q?Setting=20of=20the=20ssl=20certs=20was=0Anot=20performing=20prope?=
+ =?UTF-8?q?rly.?=
+
+---
+ CAS-1.3.1/CAS/Client.php                  |    7 +++----
+ CAS-1.3.1/CAS/Request/AbstractRequest.php |    1 -
+ CAS-1.3.1/CAS/Request/CurlRequest.php     |    2 +-
+ 3 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/CAS-1.3.1/CAS/Client.php b/CAS-1.3.1/CAS/Client.php
+index 02431ab..14be4bd 100644
+--- a/CAS-1.3.1/CAS/Client.php
++++ b/CAS-1.3.1/CAS/Client.php
+@@ -1618,7 +1618,7 @@ class CAS_Client
+      *
+      * @hideinitializer
+      */
+-    private $_cas_server_ca_cert = '';
++    private $_cas_server_ca_cert = null;
+ 
+ 
+     /**
+@@ -1626,7 +1626,7 @@ class CAS_Client
+      *
+      * @hideinitializer
+      */
+-    private $_cas_server_cn_validate = '';
++    private $_cas_server_cn_validate = true;
+ 
+     /**
+      * Set to true not to validate the CAS server.
+@@ -2427,8 +2427,7 @@ class CAS_Client
+             phpCAS::error('one of the methods phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.');
+         }
+         if ($this->_cas_server_ca_cert != '') {
+-            $request->setSslCaCert($this->_cas_server_ca_cert);
+-            $request->setSslCaCert($this->_cas_server_cn_validate);
++            $request->setSslCaCert($this->_cas_server_ca_cert, $this->_cas_server_cn_validate);
+         }
+ 
+         // add extra stuff if SAML
+diff --git a/CAS-1.3.1/CAS/Request/AbstractRequest.php b/CAS-1.3.1/CAS/Request/AbstractRequest.php
+index 66ad2f2..390e956 100644
+--- a/CAS-1.3.1/CAS/Request/AbstractRequest.php
++++ b/CAS-1.3.1/CAS/Request/AbstractRequest.php
+@@ -194,7 +194,6 @@ implements CAS_Request_RequestInterface
+         if ($this->_sent) {
+             throw new CAS_OutOfSequenceException('Request has already been sent cannot '.__METHOD__);
+         }
+-
+         $this->caCertPath = $caCertPath;
+         $this->validateCN = $validate_cn;
+     }
+diff --git a/CAS-1.3.1/CAS/Request/CurlRequest.php b/CAS-1.3.1/CAS/Request/CurlRequest.php
+index f6026ba..7e4baaf 100644
+--- a/CAS-1.3.1/CAS/Request/CurlRequest.php
++++ b/CAS-1.3.1/CAS/Request/CurlRequest.php
+@@ -124,7 +124,7 @@ implements CAS_Request_RequestInterface
+             }
+             curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+             curl_setopt($ch, CURLOPT_CAINFO, $this->caCertPath);
+-            phpCAS::trace('CURL: Set CURLOPT_CAINFO');
++            phpCAS::trace('CURL: Set CURLOPT_CAINFO ' . $this->caCertPath);
+         } else {
+             curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+         }
diff -Nru php-cas-1.3.1/debian/patches/series php-cas-1.3.1/debian/patches/series
--- php-cas-1.3.1/debian/patches/series	2012-12-12 18:00:38.000000000 +0100
+++ php-cas-1.3.1/debian/patches/series	2013-01-26 15:54:51.000000000 +0100
@@ -1 +1,2 @@
 0001-Fix-security-problem-on-libcurl-verification-of-SSL-cert-s-hostname.patch
+0002-58-fix-bug-introduced-in-previous-patches.-Setting-o.patch

Reply via email to