Bug#728253: pu: package libnet-smtp-tls-butmaintained-perl/0.17-1+deb7u1

Tue, 29 Oct 2013 15:54:34 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: pu

Hi Stable Release Managers

The Perl module found int libnet-smtp-tls-butmaintained-perl
(Net::SMTP::TLS::ButMaintained) suffers from an error in the use of
SSL_version in the code, which in the version in wheezy is used as

SSL_version => "SSLv3 TLSv1"

I have opened http://bugs.debian.org/728248. This causes first a error
message and sending a mail actually fails.

I have prepared a debdiff with the changes upstream has done up to
0.21, and also bumped the dependency (satisfied in wheezy) to make
clear this version is needed to guarantee
Net::SMTP::TLS::ButMaintained working.

Attached is the debdiff to fix this issue.

Could you accept the package for stable-proposed-updates?

p.s.: the "old, and unmaintained" Net::SMTP::TLS module suffers from
the same problem, I will fix this in unstable first, and then also ask
back for a pu also for this one later.

Regards,
Salvatore

diff -Nru libnet-smtp-tls-butmaintained-perl-0.17/debian/changelog libnet-smtp-tls-butmaintained-perl-0.17/debian/changelog
--- libnet-smtp-tls-butmaintained-perl-0.17/debian/changelog	2011-06-19 18:55:37.000000000 +0200
+++ libnet-smtp-tls-butmaintained-perl-0.17/debian/changelog	2013-10-29 23:33:55.000000000 +0100
@@ -1,3 +1,17 @@
+libnet-smtp-tls-butmaintained-perl (0.17-1+deb7u1) wheezy; urgency=low
+
+  * Team upload.
+  * Add fix-misuse-of-IO-Socket-SSL.patch.
+    Fixes misuse of IO::Socket::SSL in the SSL_version argument (wrong
+    syntax). This causes the errors like "invalid SSL_version specified at
+    /usr/share/perl5/IO/Socket/SSL.pm line 332". (Closes: #728248)
+  * Update (build-)dependency for IO::Socket::SSL.
+    Update Build-Depends-Indep and Depends on libio-socket-ssl-perl to
+    explicitly require at least 1.76 to guarantee to work when applied the
+    patch for #728248.
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Tue, 29 Oct 2013 23:22:48 +0100
+
 libnet-smtp-tls-butmaintained-perl (0.17-1) unstable; urgency=low
 
   * Initial Release. (Closes: #630981)
diff -Nru libnet-smtp-tls-butmaintained-perl-0.17/debian/control libnet-smtp-tls-butmaintained-perl-0.17/debian/control
--- libnet-smtp-tls-butmaintained-perl-0.17/debian/control	2011-06-19 18:55:37.000000000 +0200
+++ libnet-smtp-tls-butmaintained-perl-0.17/debian/control	2013-10-29 23:33:55.000000000 +0100
@@ -3,7 +3,7 @@
 Priority: optional
 Build-Depends: debhelper (>= 8)
 Build-Depends-Indep: libdigest-hmac-perl,
- libio-socket-ssl-perl,
+ libio-socket-ssl-perl (>= 1.76),
  libnet-ssleay-perl,
  perl
 Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
@@ -17,7 +17,7 @@
 Architecture: all
 Depends: ${misc:Depends}, ${perl:Depends},
  libdigest-hmac-perl,
- libio-socket-ssl-perl,
+ libio-socket-ssl-perl (>= 1.76),
  libnet-ssleay-perl
 Description: Perl module for providing SMTP client supporting TLS and AUTH
  Net::SMTP::TLS::ButMaintained is a TLS and AUTH capable SMTP client which
diff -Nru libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/fix-misuse-of-IO-Socket-SSL.patch libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/fix-misuse-of-IO-Socket-SSL.patch
--- libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/fix-misuse-of-IO-Socket-SSL.patch	1970-01-01 01:00:00.000000000 +0100
+++ libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/fix-misuse-of-IO-Socket-SSL.patch	2013-10-29 23:33:55.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Fix misuse of IO::Socket::SSL
+Origin: upstream, https://metacpan.org/diff/release/FAYLAND/Net-SMTP-TLS-ButMaintained-0.17/FAYLAND/Net-SMTP-TLS-ButMaintained-0.21
+Bug: https://rt.cpan.org/Public/Bug/Display.html?id=77865
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <car...@debian.org>
+Last-Update: 2013-10-29
+Applied-Upstream: 0.21
+
+--- a/lib/Net/SMTP/TLS/ButMaintained.pm
++++ b/lib/Net/SMTP/TLS/ButMaintained.pm
+@@ -113,7 +113,7 @@
+     }
+     if (
+         not IO::Socket::SSL::socket_to_SSL(
+-            $me->{sock}, SSL_version => "SSLv3 TLSv1"
++            $me->{sock}, { SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE }
+         )
+       )
+     {
diff -Nru libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/series libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/series
--- libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/series	2011-06-19 18:55:37.000000000 +0200
+++ libnet-smtp-tls-butmaintained-perl-0.17/debian/patches/series	2013-10-29 23:33:55.000000000 +0100
@@ -1 +1,2 @@
 tests.patch
+fix-misuse-of-IO-Socket-SSL.patch

Reply via email to