Bug#788110: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#788110: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 08 Jun 2015 20:09:42 +0200
Message-id: <[🔎] 20150608180942.29818.7699.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 788110@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hi stable release managers,

I would like to propose an update for libio-socket-ssl-perl through
jessie-pu to address #788035. Upstream fixed that in 2.006:

> - make PublicSuffix::_default_data thread safe

Full changelog:

+libio-socket-ssl-perl (2.002-2+deb8u1) jessie; urgency=medium
+
+  * Add 0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch.
+    Make PublicSuffix::_default_data thread safe by storing the default data
+    inside a function inside within __DATA__.
+    Thanks to Jonny Schulz <info@bloonix.org> for the report (Closes: #788035)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 08 Jun 2015 09:28:47 +0200

Attached is the proposed debdiff. Could you consider it for the next
jessie point release (yes I know will only be in some months ;-)).

Regards,
Salvatore

diff -Nru libio-socket-ssl-perl-2.002/debian/changelog libio-socket-ssl-perl-2.002/debian/changelog
--- libio-socket-ssl-perl-2.002/debian/changelog	2014-11-01 23:43:45.000000000 +0100
+++ libio-socket-ssl-perl-2.002/debian/changelog	2015-06-08 13:51:54.000000000 +0200
@@ -1,3 +1,12 @@
+libio-socket-ssl-perl (2.002-2+deb8u1) jessie; urgency=medium
+
+  * Add 0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch.
+    Make PublicSuffix::_default_data thread safe by storing the default data
+    inside a function inside within __DATA__.
+    Thanks to Jonny Schulz <info@bloonix.org> for the report (Closes: #788035)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 08 Jun 2015 09:28:47 +0200
+
 libio-socket-ssl-perl (2.002-2) unstable; urgency=medium
 
   * Add 0001-use-only-ICANN-part-in-public-suffix-list.patch.
diff -Nru libio-socket-ssl-perl-2.002/debian/patches/0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch libio-socket-ssl-perl-2.002/debian/patches/0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch
--- libio-socket-ssl-perl-2.002/debian/patches/0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch	1970-01-01 01:00:00.000000000 +0100
+++ libio-socket-ssl-perl-2.002/debian/patches/0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch	2015-06-08 13:51:54.000000000 +0200
@@ -0,0 +1,64 @@
+From fbf66f20daf5df2bc70509870ba98e61de7e56e1 Mon Sep 17 00:00:00 2001
+From: Steffen Ullrich <Steffen_Ullrich@genua.de>
+Date: Sat, 22 Nov 2014 21:39:18 +0100
+Subject: [PATCH] make PublicSuffix::_default_data thread safe by storing the
+ default data inside a function inside within __DATA__
+
+---
+ lib/IO/Socket/SSL/PublicSuffix.pm | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/lib/IO/Socket/SSL/PublicSuffix.pm b/lib/IO/Socket/SSL/PublicSuffix.pm
+index a84aacd..8d3fa9b 100644
+--- a/lib/IO/Socket/SSL/PublicSuffix.pm
++++ b/lib/IO/Socket/SSL/PublicSuffix.pm
+@@ -292,7 +292,7 @@ sub public_suffix {
+     my $data;
+     sub _default_data {
+ 	if ( ! defined $data ) {
+-	    $data = do { local $/; <DATA> };
++	    $data = _builtin_data();
+ 	    $data =~s{^// ===END ICANN DOMAINS.*}{}ms
+ 		or die "cannot find END ICANN DOMAINS";
+ 	}
+@@ -309,8 +309,15 @@ sub update_self_from_url {
+     local $/ = "\n";
+     while (<$fh>) {
+ 	$code .= $_;
+-	$code =~m{\A__DATA__\r?\n\Z} and last;
++	m{<<'END_BUILTIN_DATA'} and last;
+     }
++    my $tail;
++    while (<$fh>) {
++	m{\AEND_BUILTIN_DATA\r?\n} or next;
++	$tail = $_;
++	last;
++    }
++    $tail .= do { local $/; <$fh> };
+     close($fh);
+ 
+     require LWP::UserAgent;
+@@ -335,11 +342,10 @@ sub update_self_from_url {
+     }
+ 
+     open( $fh,'>:utf8',$dst ) or die "open $dst: $!";
+-    print $fh $code;
++    print $fh $code.$tail;
+ }
+ 
+-1;
+-__DATA__
++sub _builtin_data { return <<'END_BUILTIN_DATA' }
+ // This Source Code Form is subject to the terms of the Mozilla Public
+ // License, v. 2.0. If a copy of the MPL was not distributed with this
+ // file, You can obtain one at http://mozilla.org/MPL/2.0/.
+@@ -9154,3 +9160,6 @@ za.net
+ za.org
+ 
+ // ===END PRIVATE DOMAINS===
++
++END_BUILTIN_DATA
++1;
+-- 
+2.1.4
+
diff -Nru libio-socket-ssl-perl-2.002/debian/patches/series libio-socket-ssl-perl-2.002/debian/patches/series
--- libio-socket-ssl-perl-2.002/debian/patches/series	2014-11-01 23:43:45.000000000 +0100
+++ libio-socket-ssl-perl-2.002/debian/patches/series	2015-06-08 13:51:54.000000000 +0200
@@ -1 +1,2 @@
 0001-use-only-ICANN-part-in-public-suffix-list.patch
+0001-make-PublicSuffix-_default_data-thread-safe-by-stori.patch

Reply to:

Follow-Ups:
- Bug#788110: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#788110: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#788110: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#787299: jessie-pu: package dovecot/1:2.2.13-12~deb8u1
Next by Date: Bug#787391: transition: evolution-data-server
Previous by thread: Processed: Re: Bug#787299: jessie-pu: package dovecot/1:2.2.13-12~deb8u1
Next by thread: Bug#788110: jessie-pu: package libio-socket-ssl-perl/2.002-2+deb8u1
Index(es):
- Date
- Thread