Control: tags -1 patch On 2014-08-25 Nicolas Kuttler <[email protected]> wrote: > Package: wmbiff > Version: 0.4.27-2.2 > Severity: important
> Dear Developers, > The recent NMU breaks wmbiff for me. I'm trying to connect to a dovecot > running on a wheezy server, IMAPS with a self-signed certificate. [...] Hello, to fix breakage introduced in the previous NMU I have followed up with -2.3. Find attached the diff for this NMU. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru wmbiff-0.4.27/debian/changelog wmbiff-0.4.27/debian/changelog --- wmbiff-0.4.27/debian/changelog 2014-08-09 15:08:45.000000000 +0200 +++ wmbiff-0.4.27/debian/changelog 2014-11-02 08:14:04.000000000 +0100 @@ -1,3 +1,15 @@ +wmbiff (0.4.27-2.3) unstable; urgency=medium + + * Non-maintainer upload. + * 20_gnutls_set_default_priority.diff: Use gnutls_set_default_priority() + to get GnuTLS upstream's recommended default values (SSL/TLS versions, + ciphers, et al.) instead of setting local defaults using the deprecated + gnutls_cipher_set_priority/gnutls_protocol_set_priority/... functions. + This fixes transmission errors to modern systems. Closes: #759259 + (Thanks to Nye Liu for debugging the issue and finding the solution.) + + -- Andreas Metzler <[email protected]> Sun, 02 Nov 2014 08:04:00 +0100 + wmbiff (0.4.27-2.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru wmbiff-0.4.27/debian/patches/20_gnutls_set_default_priority.diff wmbiff-0.4.27/debian/patches/20_gnutls_set_default_priority.diff --- wmbiff-0.4.27/debian/patches/20_gnutls_set_default_priority.diff 1970-01-01 01:00:00.000000000 +0100 +++ wmbiff-0.4.27/debian/patches/20_gnutls_set_default_priority.diff 2014-11-02 08:01:15.000000000 +0100 @@ -0,0 +1,40 @@ +Description: Use gnutls_set_default_priority() to get GnuTLS upstream's + recommended default values (SSL/TLS versions, ciphers, et al.) instead + of setting local defaults using the deprecated + gnutls_cipher_set_priority/gnutls_protocol_set_priority/... + functions. +Author: Andreas Metzler <[email protected]>, Nye Liu <[email protected]> +Bug-Debian: https://bugs.debian.org/759259 +Origin: vendor +Forwarded: no +Last-Update: 2014-11-02 + +--- a/wmbiff/tlsComm.c ++++ b/wmbiff/tlsComm.c +@@ -553,25 +553,7 @@ struct connection_state *initialize_gnut + + assert(gnutls_init(&scs->tls_state, GNUTLS_CLIENT) == 0); + { +- const int protocols[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; +- const int ciphers[] = +- { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC, +- GNUTLS_CIPHER_RIJNDAEL_256_CBC, +- GNUTLS_CIPHER_ARCFOUR, 0 +- }; +- const int compress[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; +- const int key_exch[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, +- GNUTLS_KX_DHE_RSA, 0 +- }; +- /* mutt with gnutls doesn't use kx_srp or kx_anon_dh */ +- const int mac[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; +- assert(gnutls_protocol_set_priority(scs->tls_state, protocols) == +- 0); +- assert(gnutls_cipher_set_priority(scs->tls_state, ciphers) == 0); +- assert(gnutls_compression_set_priority(scs->tls_state, compress) == +- 0); +- assert(gnutls_kx_set_priority(scs->tls_state, key_exch) == 0); +- assert(gnutls_mac_set_priority(scs->tls_state, mac) == 0); ++ assert(gnutls_set_default_priority(scs->tls_state) == 0); + /* no client private key */ + if (gnutls_certificate_allocate_credentials(&scs->xcred) < 0) { + DMA(DEBUG_ERROR, "gnutls memory error\n"); diff -Nru wmbiff-0.4.27/debian/patches/series wmbiff-0.4.27/debian/patches/series --- wmbiff-0.4.27/debian/patches/series 2014-08-09 14:11:55.000000000 +0200 +++ wmbiff-0.4.27/debian/patches/series 2014-11-02 08:13:57.000000000 +0100 @@ -2,3 +2,4 @@ 11_autoconfgenchanges.diff 15_no_more_LZO.diff 16_gnutls_deprecated.diff +20_gnutls_set_default_priority.diff
signature.asc
Description: Digital signature
