Bug#595432: [SRM] Stable update for perdition (1.17.1-2+lenny1)

Sun, 05 Sep 2010 20:27:25 -0700 

Hi,

I would like the upload of 1.17.1-2+lenny1 considred.
My proposal resolves two bugs.

        * 595207: This is a fix for CVE-2009-3555 and enables
          session renegotiation to work with Thunderbird 3.1.
          This was resolve din 1.19~rc3-1 by making an appropriate
          call to SSL_CTX_set_session_id_context().
          I propose the same fix for 1.17.1-2+lenny1

        * 595432: Perdition calls make in its postrm but has no dependency
          on make. This was resolved in 1.18~rc2-1 by removing the call to
          make. I propose the same fix for 1.17.1-2+lenny1

The diff of the proposed changes is as follows:

diff -u perdition-1.17.1/debian/changelog perdition-1.17.1/debian/changelog
--- perdition-1.17.1/debian/changelog
+++ perdition-1.17.1/debian/changelog
@@ -1,3 +1,19 @@
+perdition (1.17.1-2+lenny1) stable; urgency=low
+
+  * Don't call make from perdition prerm script
+    - make may not be installed
+    - unnecessary clean up of user-generated files
+    - Upstream patch:
+      http://hg.vergenet.net/perdition/perdition/rev/5425b7c0637b
+    - (closes: #595432)
+  * ssl: Set session_id
+    - CVE-2009-3555
+    - Upstream patch: 
+      http://hg.vergenet.net/perdition/perdition/rev/6d85be38374c
+    - (closes: #595207)
+
+ -- Simon Horman <ho...@debian.org>  Mon, 06 Sep 2010 11:36:02 +0900
+
 perdition (1.17.1-2) unstable; urgency=low
 
   * Add LSB tags to init script
only in patch2:
unchanged:
--- perdition-1.17.1.orig/debian/perdition.prerm
+++ perdition-1.17.1/debian/perdition.prerm
@@ -3,8 +3,6 @@
 
 #DEBHELPER#
 
-make -C /etc/perdition/ clean > /dev/null
-
 if [ "$1" = "purge"  -o "$1" = "remove" ]; then
        if [ -f /etc/init.d/perdition ]; then
                invoke-rc.d perdition stop
only in patch2:
unchanged:
--- perdition-1.17.1.orig/perdition/ssl.c
+++ perdition-1.17.1/perdition/ssl.c
@@ -443,6 +443,15 @@
                return NULL;
        }
 
+       /* Set context for session */
+       if (!SSL_CTX_set_session_id_context(ssl_ctx,
+                                           (unsigned char *)PACKAGE,
+                                           strlen(PACKAGE))) {
+               VANESSA_LOGGER_DEBUG("SSL_CTX_set_session_id_context");
+               SSL_CTX_free(ssl_ctx);
+               return NULL;
+       }
+
        /*
         * Set the available ciphers
         */



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to