r39428 - in /branches/lenny/libio-socket-ssl-perl/debian: README.source changelog control patches/ patches/partial_hostname_fix.patch patches/series rules

dom at users.alioth.debian.org dom at users.alioth.debian.org
Mon Jul 6 21:12:45 UTC 2009


Author: dom
Date: Mon Jul  6 21:12:40 2009
New Revision: 39428

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=39428
Log:
  * Fix partial hostname matching security vulnerability (closes: #535946)
  * Add myself to Uploaders

Added:
    branches/lenny/libio-socket-ssl-perl/debian/README.source
    branches/lenny/libio-socket-ssl-perl/debian/patches/
    branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch
    branches/lenny/libio-socket-ssl-perl/debian/patches/series
Modified:
    branches/lenny/libio-socket-ssl-perl/debian/changelog
    branches/lenny/libio-socket-ssl-perl/debian/control
    branches/lenny/libio-socket-ssl-perl/debian/rules

Added: branches/lenny/libio-socket-ssl-perl/debian/README.source
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/README.source?rev=39428&op=file
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/README.source (added)
+++ branches/lenny/libio-socket-ssl-perl/debian/README.source Mon Jul  6 21:12:40 2009
@@ -1,0 +1,3 @@
+This package uses quilt to manage all modifications to the upstream
+source.  Changes are stored in the source package as diffs in
+debian/patches and applied during the build.

Modified: branches/lenny/libio-socket-ssl-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/changelog?rev=39428&op=diff
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/changelog (original)
+++ branches/lenny/libio-socket-ssl-perl/debian/changelog Mon Jul  6 21:12:40 2009
@@ -1,3 +1,10 @@
+libio-socket-ssl-perl (1.16-1+lenny1) UNRELEASED; urgency=low
+
+  * Fix partial hostname matching security vulnerability (closes: #535946)
+  * Add myself to Uploaders
+
+ -- Dominic Hargreaves <dom at earth.li>  Mon, 06 Jul 2009 22:03:58 +0100
+
 libio-socket-ssl-perl (1.16-1) unstable; urgency=low
 
   * New upstream release.

Modified: branches/lenny/libio-socket-ssl-perl/debian/control
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/control?rev=39428&op=diff
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/control (original)
+++ branches/lenny/libio-socket-ssl-perl/debian/control Mon Jul  6 21:12:40 2009
@@ -4,8 +4,9 @@
 Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
 Uploaders: Florian Ragwitz <rafl at debian.org>,
  gregor herrmann <gregoa at debian.org>,
- Ansgar Burchardt <ansgar at 43-1.org>
-Build-Depends: debhelper (>= 7)
+ Ansgar Burchardt <ansgar at 43-1.org>,
+ Dominic Hargreaves <dom at earth.li>
+Build-Depends: debhelper (>= 7), quilt
 Build-Depends-Indep: perl (>= 5.8.0-7), libnet-ssleay-perl (>= 1.35), netbase,
  libnet-libidn-perl
 Standards-Version: 3.8.0

Added: branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch?rev=39428&op=file
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch (added)
+++ branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch Mon Jul  6 21:12:40 2009
@@ -1,0 +1,34 @@
+Index: libio-socket-ssl-perl/SSL.pm
+===================================================================
+--- libio-socket-ssl-perl.orig/SSL.pm	2009-07-06 22:08:05.000000000 +0100
++++ libio-socket-ssl-perl/SSL.pm	2009-07-06 22:09:18.000000000 +0100
+@@ -1036,7 +1036,7 @@
+ 			$ip4 = inet_aton( $identity ) or croak "'$identity' is not IPv4, but neither IPv6 nor hostname";
+ 		} else {
+ 			# assume hostname
+-			if ( $identity !~m{^[a-zA-Z0-9-_\.]+$} ) {
++			if ( $identity !~m{^[\w\-\.]+$} ) {
+ 				$identity = idn_to_ascii($identity) or
+ 					croak "Warning: Given name '$identity' could not be converted to IDNA!";
+ 			}
+@@ -1058,7 +1058,7 @@
+ 			} elsif ( $wtyp eq 'leftmost' and $name =~m{^\*(\..+)$} ) {
+ 				$pattern = qr{^[\w\-]*\Q$1\E$}i;
+ 			} else {
+-				$pattern = qr{^\Q$name}i;
++				$pattern = qr{^\Q$name\E$}i;
+ 			}
+ 			return $identity =~ $pattern;
+ 		};
+Index: libio-socket-ssl-perl/t/verify_hostname.t
+===================================================================
+--- libio-socket-ssl-perl.orig/t/verify_hostname.t	2009-07-06 22:10:11.000000000 +0100
++++ libio-socket-ssl-perl/t/verify_hostname.t	2009-07-06 22:10:36.000000000 +0100
+@@ -88,6 +88,7 @@
+ 		'www-13.lala.other.local' => [],
+ 		'smtp.mydomain.local' => [qw(smtp ldap www)],
+ 		'xn--lwe-sna.idntest.local' => [qw(smtp ldap www)],
++        'smtp.mydomain.localizing.useless.local' => [],
+ 	);
+ 	if ( $can_idn ) {
+ 		# check IDN handling

Added: branches/lenny/libio-socket-ssl-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/patches/series?rev=39428&op=file
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/patches/series (added)
+++ branches/lenny/libio-socket-ssl-perl/debian/patches/series Mon Jul  6 21:12:40 2009
@@ -1,0 +1,1 @@
+partial_hostname_fix.patch

Modified: branches/lenny/libio-socket-ssl-perl/debian/rules
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/rules?rev=39428&op=diff
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/rules (original)
+++ branches/lenny/libio-socket-ssl-perl/debian/rules Mon Jul  6 21:12:40 2009
@@ -1,11 +1,13 @@
 #!/usr/bin/make -f
 
+include /usr/share/quilt/quilt.make
+
 build: build-stamp
-build-stamp:
+build-stamp: $(QUILT_STAMPFN)
 	dh build
 	touch $@
 
-clean:
+clean: unpatch
 	dh $@
 
 install: install-stamp




More information about the Pkg-perl-cvs-commits mailing list