Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
libxml-stream-perl in Stretch turns on verification of SSL certificates by default, but fails to provide a default path to the CA root certificates, without which all encrypted connections fail. In Debian, the default set of certificates is located in /etc/ssl/certs, so instead - or in addition to - fixing every program using libxml-stream-perl behind the curtain (such as sendxmpp), this update ensures a working set of defaults. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru libxml-stream-perl-1.24/debian/changelog libxml-stream-perl-1.24/debian/changelog --- libxml-stream-perl-1.24/debian/changelog 2015-06-05 22:03:56.000000000 +0200 +++ libxml-stream-perl-1.24/debian/changelog 2018-10-31 12:00:40.000000000 +0100 @@ -1,3 +1,9 @@ +libxml-stream-perl (1.24-2+deb9u1) stretch; urgency=medium + + * Provide a default CA path (closes: #908027, LP: 1774614) + + -- Florian Schlichting <f...@debian.org> Wed, 31 Oct 2018 12:00:40 +0100 + libxml-stream-perl (1.24-2) unstable; urgency=medium * Team upload. diff -Nru libxml-stream-perl-1.24/debian/patches/default-ca-path.patch libxml-stream-perl-1.24/debian/patches/default-ca-path.patch --- libxml-stream-perl-1.24/debian/patches/default-ca-path.patch 1970-01-01 01:00:00.000000000 +0100 +++ libxml-stream-perl-1.24/debian/patches/default-ca-path.patch 2018-10-31 11:59:27.000000000 +0100 @@ -0,0 +1,18 @@ +Description: provide a default ssl_ca_path + ssl_verify is on by default, but will fail unless provided with a valid + ssl_ca_path. On Debian, commonly trusted CA certificates are stored in + /etc/ssl/certs +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908027 +Forwarded: https://github.com/dap/XML-Stream/issues/19 + +--- a/lib/XML/Stream.pm ++++ b/lib/XML/Stream.pm +@@ -220,7 +220,7 @@ + $self->{SIDS}->{default}->{ssl} = 0; + $self->{SIDS}->{default}->{_tls} = 0; + $self->{SIDS}->{default}->{ssl_verify} = 0x01; # verify peer by default +- $self->{SIDS}->{default}->{ssl_ca_path} = ''; ++ $self->{SIDS}->{default}->{ssl_ca_path} = '/etc/ssl/certs'; + $self->{SIDS}->{default}->{namespace} = ""; + $self->{SIDS}->{default}->{myhostname} = $fullname; + $self->{SIDS}->{default}->{derivedhostname} = $fullname; diff -Nru libxml-stream-perl-1.24/debian/patches/series libxml-stream-perl-1.24/debian/patches/series --- libxml-stream-perl-1.24/debian/patches/series 2015-06-05 22:03:56.000000000 +0200 +++ libxml-stream-perl-1.24/debian/patches/series 2018-10-31 11:59:27.000000000 +0100 @@ -1 +1,2 @@ t_upstream_uninitialized_value.diff +default-ca-path.patch
