tags 812848 +patch
thanks
The code in question is
static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
static int kx_priority[] = {GNUTLS_KX_RSA, 0};
static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_ARCFOUR_128,
0};
static int comp_priority[] = {GNUTLS_COMP_NULL, 0};
static int mac_priority[] = {GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
gnutls_init (&sp->session, GNUTLS_CLIENT);
gnutls_protocol_set_priority (sp->session, protocol_priority);
gnutls_cipher_set_priority (sp->session, cipher_priority);
gnutls_compression_set_priority (sp->session, comp_priority);
gnutls_kx_set_priority (sp->session, kx_priority);
gnutls_mac_set_priority (sp->session, mac_priority);
As well as using removed functions the settings this is trying to
apply are extremely outdated. MD5, RC4 and SSLv3 are considered no
longer fit for use. Most of the other things specified are considered
barely acceptable at best.
According to
http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html#Upgrading-from-previous-versions
the whole set of gnutls_*_set_priority functions used here were replaced
by gnutls_priority_set_direct. I could have tried to reformulate the
settings specified above in the form needed by that function but doing
so would be perverse given those settings make no sense nowadays
So instead I replaced them with a call to gnutls_set_default_priority
I have uploaded the fixed package to raspbian stretch-staging . Debdiff
attatched, no intent to NMU in Debian.
diff -Nru mailutils-2.99.98/debian/changelog mailutils-2.99.98/debian/changelog
--- mailutils-2.99.98/debian/changelog 2014-10-07 22:16:53.000000000 +0000
+++ mailutils-2.99.98/debian/changelog 2016-01-31 18:06:50.000000000 +0000
@@ -1,3 +1,10 @@
+mailutils (1:2.99.98-2+rpi1) stretch-staging; urgency=medium
+
+ * Remove calls to removed gnutls_*_set_priority functions replace them
+ with a call to gnutls_set_default_priority .
+
+ -- Peter Michael Green <plugw...@raspbian.org> Sun, 31 Jan 2016 18:06:22
+0000
+
mailutils (1:2.99.98-2) unstable; urgency=low
* Ack NMU's, thanks! (Closes: #759359)
diff -Nru mailutils-2.99.98/debian/patches/gnutls3.4.patch
mailutils-2.99.98/debian/patches/gnutls3.4.patch
--- mailutils-2.99.98/debian/patches/gnutls3.4.patch 1970-01-01
00:00:00.000000000 +0000
+++ mailutils-2.99.98/debian/patches/gnutls3.4.patch 2016-01-31
18:10:49.000000000 +0000
@@ -0,0 +1,43 @@
+Description: replace calls to gnutls_*_set_priority with call to
gnutls_set_default_priority
+ The code was using the removed gnutls_*_set_priority functions to apply a set
+ of settings that make no sense anymore. Replace them with a call to
+ gnutls_set_default_priority
+Author: Peter Michael Green <plugw...@raspbian.org>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- mailutils-2.99.98.orig/libmu_auth/tls.c
++++ mailutils-2.99.98/libmu_auth/tls.c
+@@ -428,20 +428,9 @@ prepare_client_session (mu_stream_t stre
+ struct _mu_tls_stream *sp = (struct _mu_tls_stream *) stream;
+ int rc;
+ mu_transport_t transport[2];
+- static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
+- static int kx_priority[] = {GNUTLS_KX_RSA, 0};
+- static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC,
+- GNUTLS_CIPHER_ARCFOUR_128,
+- 0};
+- static int comp_priority[] = {GNUTLS_COMP_NULL, 0};
+- static int mac_priority[] = {GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0};
+
+ gnutls_init (&sp->session, GNUTLS_CLIENT);
+- gnutls_protocol_set_priority (sp->session, protocol_priority);
+- gnutls_cipher_set_priority (sp->session, cipher_priority);
+- gnutls_compression_set_priority (sp->session, comp_priority);
+- gnutls_kx_set_priority (sp->session, kx_priority);
+- gnutls_mac_set_priority (sp->session, mac_priority);
++ gnutls_set_default_priority (sp->session);
+
+ gnutls_certificate_allocate_credentials (&x509_cred);
+ if (mu_tls_module_config.ssl_cafile)
diff -Nru mailutils-2.99.98/debian/patches/series
mailutils-2.99.98/debian/patches/series
--- mailutils-2.99.98/debian/patches/series 2014-10-03 07:26:05.000000000
+0000
+++ mailutils-2.99.98/debian/patches/series 2016-01-31 18:08:58.000000000
+0000
@@ -5,3 +5,4 @@
pop3d_auth_crash.patch
readline.patch
10_guile-snarf-CPP.patch
+gnutls3.4.patch