r39428 - in /branches/lenny/libio-socket-ssl-perl/debian: README.source changelog control patches/ patches/partial_hostname_fix.patch patches/series rules
dom at users.alioth.debian.org
dom at users.alioth.debian.org
Mon Jul 6 21:12:45 UTC 2009
Author: dom
Date: Mon Jul 6 21:12:40 2009
New Revision: 39428
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=39428
Log:
* Fix partial hostname matching security vulnerability (closes: #535946)
* Add myself to Uploaders
Added:
branches/lenny/libio-socket-ssl-perl/debian/README.source
branches/lenny/libio-socket-ssl-perl/debian/patches/
branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch
branches/lenny/libio-socket-ssl-perl/debian/patches/series
Modified:
branches/lenny/libio-socket-ssl-perl/debian/changelog
branches/lenny/libio-socket-ssl-perl/debian/control
branches/lenny/libio-socket-ssl-perl/debian/rules
Added: branches/lenny/libio-socket-ssl-perl/debian/README.source
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/README.source?rev=39428&op=file
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/README.source (added)
+++ branches/lenny/libio-socket-ssl-perl/debian/README.source Mon Jul 6 21:12:40 2009
@@ -1,0 +1,3 @@
+This package uses quilt to manage all modifications to the upstream
+source. Changes are stored in the source package as diffs in
+debian/patches and applied during the build.
Modified: branches/lenny/libio-socket-ssl-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/changelog?rev=39428&op=diff
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/changelog (original)
+++ branches/lenny/libio-socket-ssl-perl/debian/changelog Mon Jul 6 21:12:40 2009
@@ -1,3 +1,10 @@
+libio-socket-ssl-perl (1.16-1+lenny1) UNRELEASED; urgency=low
+
+ * Fix partial hostname matching security vulnerability (closes: #535946)
+ * Add myself to Uploaders
+
+ -- Dominic Hargreaves <dom at earth.li> Mon, 06 Jul 2009 22:03:58 +0100
+
libio-socket-ssl-perl (1.16-1) unstable; urgency=low
* New upstream release.
Modified: branches/lenny/libio-socket-ssl-perl/debian/control
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/control?rev=39428&op=diff
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/control (original)
+++ branches/lenny/libio-socket-ssl-perl/debian/control Mon Jul 6 21:12:40 2009
@@ -4,8 +4,9 @@
Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
Uploaders: Florian Ragwitz <rafl at debian.org>,
gregor herrmann <gregoa at debian.org>,
- Ansgar Burchardt <ansgar at 43-1.org>
-Build-Depends: debhelper (>= 7)
+ Ansgar Burchardt <ansgar at 43-1.org>,
+ Dominic Hargreaves <dom at earth.li>
+Build-Depends: debhelper (>= 7), quilt
Build-Depends-Indep: perl (>= 5.8.0-7), libnet-ssleay-perl (>= 1.35), netbase,
libnet-libidn-perl
Standards-Version: 3.8.0
Added: branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch?rev=39428&op=file
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch (added)
+++ branches/lenny/libio-socket-ssl-perl/debian/patches/partial_hostname_fix.patch Mon Jul 6 21:12:40 2009
@@ -1,0 +1,34 @@
+Index: libio-socket-ssl-perl/SSL.pm
+===================================================================
+--- libio-socket-ssl-perl.orig/SSL.pm 2009-07-06 22:08:05.000000000 +0100
++++ libio-socket-ssl-perl/SSL.pm 2009-07-06 22:09:18.000000000 +0100
+@@ -1036,7 +1036,7 @@
+ $ip4 = inet_aton( $identity ) or croak "'$identity' is not IPv4, but neither IPv6 nor hostname";
+ } else {
+ # assume hostname
+- if ( $identity !~m{^[a-zA-Z0-9-_\.]+$} ) {
++ if ( $identity !~m{^[\w\-\.]+$} ) {
+ $identity = idn_to_ascii($identity) or
+ croak "Warning: Given name '$identity' could not be converted to IDNA!";
+ }
+@@ -1058,7 +1058,7 @@
+ } elsif ( $wtyp eq 'leftmost' and $name =~m{^\*(\..+)$} ) {
+ $pattern = qr{^[\w\-]*\Q$1\E$}i;
+ } else {
+- $pattern = qr{^\Q$name}i;
++ $pattern = qr{^\Q$name\E$}i;
+ }
+ return $identity =~ $pattern;
+ };
+Index: libio-socket-ssl-perl/t/verify_hostname.t
+===================================================================
+--- libio-socket-ssl-perl.orig/t/verify_hostname.t 2009-07-06 22:10:11.000000000 +0100
++++ libio-socket-ssl-perl/t/verify_hostname.t 2009-07-06 22:10:36.000000000 +0100
+@@ -88,6 +88,7 @@
+ 'www-13.lala.other.local' => [],
+ 'smtp.mydomain.local' => [qw(smtp ldap www)],
+ 'xn--lwe-sna.idntest.local' => [qw(smtp ldap www)],
++ 'smtp.mydomain.localizing.useless.local' => [],
+ );
+ if ( $can_idn ) {
+ # check IDN handling
Added: branches/lenny/libio-socket-ssl-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/patches/series?rev=39428&op=file
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/patches/series (added)
+++ branches/lenny/libio-socket-ssl-perl/debian/patches/series Mon Jul 6 21:12:40 2009
@@ -1,0 +1,1 @@
+partial_hostname_fix.patch
Modified: branches/lenny/libio-socket-ssl-perl/debian/rules
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libio-socket-ssl-perl/debian/rules?rev=39428&op=diff
==============================================================================
--- branches/lenny/libio-socket-ssl-perl/debian/rules (original)
+++ branches/lenny/libio-socket-ssl-perl/debian/rules Mon Jul 6 21:12:40 2009
@@ -1,11 +1,13 @@
#!/usr/bin/make -f
+include /usr/share/quilt/quilt.make
+
build: build-stamp
-build-stamp:
+build-stamp: $(QUILT_STAMPFN)
dh build
touch $@
-clean:
+clean: unpatch
dh $@
install: install-stamp
More information about the Pkg-perl-cvs-commits
mailing list