On Sun, 22 Oct 2017 18:49:04 +0200 Andreas Metzler <ametz...@bebt.de> wrote: > Package: filezilla > Version: 3.27.0~rc1-1 > Severity: minor > Tags: upstream > User: ametz...@bebt.de > Usertags: deprecated-gnutls-3.6 > > Hello, > > src/engine/tlssocket_impl.cpp contains this code: > #if FZ_USE_GNUTLS_SYSTEM_CIPHERS > char const ciphers[] = "@SYSTEM"; > #else > char const ciphers[] = > "SECURE256:+SECURE128:-ARCFOUR-128:-3DES-CBC:-MD5:+SIGN-ALL:-SIGN-RSA-MD5:+CTYPE-X509:-CTYPE-OPENPGP:-VERS-SSL3.0"; > #endif > ... > res = gnutls_priority_set_direct(m_session, ciphers, 0); > > i.e. it explicitely disables gnutls support for openpgp certificates. > > GnuTLS stopped enabling OPENPGP certificates by default in 3.0.2 (Sept > 2011). OpenPGP support in gnutls was marked deprecated in 3.5.9 and was > removed in 3.6.0. (Noop stub functions are still shipped to avoid ABI > breakage.) > > Therefore imho it makes sense to drop the pgp/gnutls code from filezilla.
Can be done with --enable-gnutlssystemciphers Regards, Dimitri.
diff -Nru filezilla-3.33.0/debian/changelog filezilla-3.33.0/debian/changelog --- filezilla-3.33.0/debian/changelog 2018-06-14 15:36:59.000000000 +0100 +++ filezilla-3.33.0/debian/changelog 2018-10-14 20:54:23.000000000 +0100 @@ -1,3 +1,10 @@ +filezilla (3.33.0-1ubuntu1) cosmic; urgency=medium + + * Configure with --enable-gnutlssystemciphers to not use OPENPGP cert + type in gnutls configure string. Closes: #879537 + + -- Dimitri John Ledkov <x...@ubuntu.com> Sun, 14 Oct 2018 20:54:23 +0100 + filezilla (3.33.0-1) unstable; urgency=medium * New upstream release diff -Nru filezilla-3.33.0/debian/rules filezilla-3.33.0/debian/rules --- filezilla-3.33.0/debian/rules 2018-06-14 15:36:59.000000000 +0100 +++ filezilla-3.33.0/debian/rules 2018-10-14 20:54:21.000000000 +0100 @@ -6,7 +6,7 @@ dh $@ override_dh_auto_configure: - dh_auto_configure -- --disable-autoupdatecheck --with-dbus + dh_auto_configure -- --disable-autoupdatecheck --with-dbus --enable-gnutlssystemciphers override_dh_auto_install: # Create .xpm from .png and install it
