Bug#776325: wheezy-pu: package pound/2.6-2+deb7u1

Mon, 26 Jan 2015 12:51:35 -0800 

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian....@packages.debian.org
Usertags: pu

Hello release team, and pound maintainers (copied via X-Debbugs-Cc).

The wheezy version of pound has a nasty bug that breaks HTTP → HTTPS
redirects for URL's that contain the '=' character , what is arguably
quite common.

I would like to fix this with the attached debdiff.

-- System Information:
Debian Release: 8.0
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Antonio Terceiro <terce...@debian.org>

diff -Nru pound-2.6/debian/changelog pound-2.6/debian/changelog
--- pound-2.6/debian/changelog	2015-01-26 18:29:53.000000000 -0200
+++ pound-2.6/debian/changelog	2012-02-03 07:50:41.000000000 -0200
@@ -1,12 +1,3 @@
-pound (2.6-2+deb7u1) stable; urgency=medium
-
-  * Non-maintainer upload.
-  * Update XSS redirect vulnerability patch to not break with '=' in the URL.
-    Both the original patch and this update have already been applied
-    upstream. Closes: #723731
-
- -- Antonio Terceiro <terce...@debian.org>  Mon, 26 Jan 2015 18:26:09 -0200
-
 pound (2.6-2) unstable; urgency=low
 
   * Update anti_beast patch
diff -Nru pound-2.6/debian/patches/xss_redirect_fix.patch pound-2.6/debian/patches/xss_redirect_fix.patch
--- pound-2.6/debian/patches/xss_redirect_fix.patch	2015-01-26 18:33:01.000000000 -0200
+++ pound-2.6/debian/patches/xss_redirect_fix.patch	2012-02-03 07:46:07.000000000 -0200
@@ -43,7 +43,7 @@
 +	    (ch>= 'A' && ch <='Z') ||
 +	    (ch>= 'a' && ch <='z') ||
 +	    (ch>= '0' && ch <='9') ||
-+            ch == '-' || ch == '_' || ch == '.' || ch == ':' || ch == '/' || ch == '?' || ch == '&' || ch == ';' || ch == '=') {
++            ch == '-' || ch == '_' || ch == '.' || ch == ':' || ch == '/' || ch == '?' || ch == '&' || ch == ';') {
 +
 +	    urlbuf[j++] = ch;
 +	    continue;

Attachment: signature.asc
Description: Digital signature

Reply via email to