Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hi, as discussed with Moritz at http://bugs.debian.org/736318, I prepared gatling 0.12cvs20120114-4 for stable. Attached patch is basically Moritz' patch. Please tell when it's ready for upload. Roland -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash
diff -ruN gatling-0.12cvs20120114/debian/changelog gatling-0.12cvs20120114/debian/changelog --- gatling-0.12cvs20120114/debian/changelog 2012-11-12 22:13:45.000000000 +0100 +++ gatling-0.12cvs20120114/debian/changelog 2014-01-28 21:26:47.494267979 +0100 @@ -1,3 +1,17 @@ +gatling (0.12cvs20120114-4) stable; urgency=medium + + * PolarSSL was updated to 1.2.9 in DSA 2782 (due to security fixes which + were not backportable to the older releases). Version 1.2.0 introduces + several non-backwards-compatible API changes (fully mentioned here: + https://polarssl.org/tech-updates/releases/polarssl-1.2.0-released + - Rename cipher suites names + - Remove call to removed ssl_set_scb() function, TLS session cache is + handled internally. Also remove the functions my_get_session() and + my_set_session() used for that and adapt the ssl_set_session() call. + Thanks to Moritz Mühlenhoff for the patch (Closes: #736318) + + -- Roland Stigge <sti...@antcom.de> Tue, 28 Jan 2014 21:18:43 +0100 + gatling (0.12cvs20120114-3) unstable; urgency=low * Adding two patches for path traversal vulnerabilities (FTP, HTTP). diff -ruN gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch --- gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch 1970-01-01 01:00:00.000000000 +0100 +++ gatling-0.12cvs20120114/debian/patches/11-fix-compat-with-polarssl12.patch 2014-01-28 21:16:22.345829480 +0100 @@ -0,0 +1,133 @@ +Description: Fix compatibility with polarssl 1.2.x + PolarSSL was updated to 1.2.9 in DSA 2782 (due to security fixes which were + not backportable to the older releases). Version 1.2.0 introduces several + non-backwards-compatible API changes (fully mentioned here: + https://polarssl.org/tech-updates/releases/polarssl-1.2.0-released + * Rename cipher suites names + * Remove call to removed ssl_set_scb() function, TLS session cache is handled + internally. Also remove the functions my_get_session() and my_set_session() + used for that and adapt the ssl_set_session() call. +Author: Moritz Mühlenhoff <muehlenh...@univention.de> +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736318 + +--- gatling-0.12cvs20120114.orig/pssl.c ++++ gatling-0.12cvs20120114/pssl.c +@@ -28,95 +28,21 @@ havege_state hs; + + int my_ciphersuites[] = + { +- SSL_EDH_RSA_AES_256_SHA, +- SSL_EDH_RSA_CAMELLIA_256_SHA, +- SSL_EDH_RSA_AES_128_SHA, +- SSL_EDH_RSA_CAMELLIA_128_SHA, +- SSL_EDH_RSA_DES_168_SHA, +- SSL_RSA_AES_256_SHA, +- SSL_RSA_CAMELLIA_256_SHA, +- SSL_RSA_AES_128_SHA, +- SSL_RSA_CAMELLIA_128_SHA, +- SSL_RSA_DES_168_SHA, +- SSL_RSA_RC4_128_SHA, +- SSL_RSA_RC4_128_MD5, ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, ++ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, ++ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, ++ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, ++ TLS_RSA_WITH_AES_256_CBC_SHA, ++ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ TLS_RSA_WITH_AES_128_CBC_SHA, ++ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, ++ TLS_RSA_WITH_3DES_EDE_CBC_SHA, ++ TLS_RSA_WITH_RC4_128_SHA, ++ TLS_RSA_WITH_RC4_128_MD5, + 0 + }; + +-/* +- * These session callbacks use a simple chained list +- * to store and retrieve the session information. +- */ +-ssl_session *s_list_1st = NULL; +-ssl_session *cur, *prv; +- +-static int my_get_session( ssl_context *ssl ) +-{ +- time_t t = time( NULL ); +- +- if( ssl->resume == 0 ) +- return( 1 ); +- +- cur = s_list_1st; +- prv = NULL; +- +- while( cur != NULL ) +- { +- prv = cur; +- cur = cur->next; +- +- if( ssl->timeout != 0 && t - prv->start > ssl->timeout ) +- continue; +- +- if( ssl->session->ciphersuite != prv->ciphersuite || +- ssl->session->length != prv->length ) +- continue; +- +- if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 ) +- continue; +- +- memcpy( ssl->session->master, prv->master, 48 ); +- return( 0 ); +- } +- +- return( 1 ); +-} +- +-static int my_set_session( ssl_context *ssl ) +-{ +- time_t t = time( NULL ); +- +- cur = s_list_1st; +- prv = NULL; +- +- while( cur != NULL ) +- { +- if( ssl->timeout != 0 && t - cur->start > ssl->timeout ) +- break; /* expired, reuse this slot */ +- +- if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 ) +- break; /* client reconnected */ +- +- prv = cur; +- cur = cur->next; +- } +- +- if( cur == NULL ) +- { +- cur = (ssl_session *) malloc( sizeof( ssl_session ) ); +- if( cur == NULL ) +- return( 1 ); +- +- if( prv == NULL ) +- s_list_1st = cur; +- else prv->next = cur; +- } +- +- memcpy( cur, ssl->session, sizeof( ssl_session ) ); +- +- return( 0 ); +-} +- + static int my_net_recv( void *ctx, unsigned char *buf, size_t len ) { + int sock=(int)(uintptr_t)ctx; + return net_recv(&sock,buf,len); +@@ -178,9 +104,8 @@ fail: + ssl_set_authmode( ssl, SSL_VERIFY_NONE ); + ssl_set_rng( ssl, havege_random, &hs ); + ssl_set_bio( ssl, my_net_recv, (void*)(uintptr_t)sock, my_net_send, (void*)(uintptr_t)sock ); +- ssl_set_scb( ssl, my_get_session, my_set_session ); + ssl_set_ciphersuites( ssl, my_ciphersuites ); +- ssl_set_session( ssl, 1, 0, ssn ); ++ ssl_set_session( ssl, ssn ); + + ssl_set_ca_chain( ssl, srvcert.next, NULL, NULL ); + ssl_set_own_cert( ssl, &srvcert, &rsa ); diff -ruN gatling-0.12cvs20120114/debian/patches/series gatling-0.12cvs20120114/debian/patches/series --- gatling-0.12cvs20120114/debian/patches/series 2012-11-12 22:05:52.000000000 +0100 +++ gatling-0.12cvs20120114/debian/patches/series 2014-01-28 21:24:09.805186884 +0100 @@ -8,3 +8,4 @@ 08-cgi-post-fix.patch 09-gatling-ftp-fix-traversal.patch 10-gatling-http-fix-traversal.patch +11-fix-compat-with-polarssl12.patch
