Bug#499945: lynx-cur: diff for NMU version 2.8.7dev10-2.1

Fri, 03 Oct 2008 14:44:48 -0700 

tags 499945 + patch
thanks

Hi,

here is the lynx-cur 2.8.7dev10-2.1 NMU.

Kind regards

T.

diff -u lynx-cur-2.8.7dev10/debian/changelog 
lynx-cur-2.8.7dev10/debian/changelog
--- lynx-cur-2.8.7dev10/debian/changelog
+++ lynx-cur-2.8.7dev10/debian/changelog
@@ -1,3 +1,14 @@
+lynx-cur (2.8.7dev10-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
+    DN of the present certificate and not hope that it is the same as
+    taking the subject DN of the "next" certificate which
+    may or may not exist. Closes: #499945
+    This is debian/patches/patch-3.
+
+ -- Thomas Viehmann <[EMAIL PROTECTED]>  Fri, 03 Oct 2008 23:24:41 +0200
+
 lynx-cur (2.8.7dev10-2) unstable; urgency=low
 
   * Installed new (dummy) lynx-cur-wrapper.postrm because an old version,
diff -u lynx-cur-2.8.7dev10/debian/patches/00list 
lynx-cur-2.8.7dev10/debian/patches/00list
--- lynx-cur-2.8.7dev10/debian/patches/00list
+++ lynx-cur-2.8.7dev10/debian/patches/00list
@@ -2,0 +3 @@
+patch-3
only in patch2:
unchanged:
--- lynx-cur-2.8.7dev10.orig/debian/patches/patch-3
+++ lynx-cur-2.8.7dev10/debian/patches/patch-3
@@ -0,0 +1,97 @@
+#! /bin/sh -e
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix src/tidy_tls.c X509_get_issuer_name to actually take the
+## DP: issuer DN of the present certificate and not hope that it is
+## DP: the same as taking the subject DN of the "next" certificate
+## DP: which may or may not exist. Debian Bug #499945 has details.
+
+if [ $# -ne 1 ]; then
+    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+    exit 1
+fi
+case "$1" in
+       -patch) patch -f --no-backup-if-mismatch --dry-run -p0 < $0 && patch -f 
--no-backup-if-mismatch -p0 < $0;;
+       -unpatch) patch -f --no-backup-if-mismatch -R -p0 < $0;;
+       *)
+               echo >&2 "`basename $0`: script expects -patch|-unpatch as 
argument"
+               exit 1;;
+esac
+exit 0
+
[EMAIL PROTECTED]@
+--- src/tidy_tls.c~
++++ src/tidy_tls.c
+@@ -1,6 +1,7 @@
+ /*
+  * $LynxId: tidy_tls.c,v 1.1 2008/04/27 22:49:52 tom Exp $
+  * Copyright 2008, Thomas E. Dickey
++ * with fix Copyright 2008 by Thomas Viehmann
+  *
+  * Required libraries:
+  *    libgnutls
+@@ -17,11 +18,16 @@
+ 
+ static int last_error = 0;
+ 
+-#define GetDnByOID(target, oid) \
++// ugly, but hey, we could just use a more sane api, too
++#define GetDnByOID(target, oid, thewhat) \
+               len = sizeof(target); \
+-              gnutls_x509_crt_get_dn_by_oid(xcert, oid, 0, 0, target, &len)
++                if (! thewhat) \
++                gnutls_x509_crt_get_dn_by_oid(xcert, oid, 0, 0, target, 
&len); \
++                else \
++                  gnutls_x509_crt_get_issuer_dn_by_oid(xcert, oid, 0, 0, 
target, &len)
+ 
+-static int ExtractCertificate(const gnutls_datum_t * cert, X509_NAME * result)
++// thewhat: which DN to get 0 = subject, 1 = issuer
++static int ExtractCertificate(const gnutls_datum_t * cert, X509_NAME * 
result, int thewhat)
+ {
+     gnutls_x509_crt_t xcert;
+     int rc;
+@@ -30,19 +36,19 @@
+     if ((rc = gnutls_x509_crt_init(&xcert)) >= 0) {
+       if ((rc = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER)) >= 
0) {
+           GetDnByOID(result->country,
+-                     GNUTLS_OID_X520_COUNTRY_NAME);
++                     GNUTLS_OID_X520_COUNTRY_NAME, thewhat);
+           GetDnByOID(result->organization,
+-                     GNUTLS_OID_X520_ORGANIZATION_NAME);
++                     GNUTLS_OID_X520_ORGANIZATION_NAME, thewhat);
+           GetDnByOID(result->organizational_unit_name,
+-                     GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
++                     GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, thewhat);
+           GetDnByOID(result->common_name,
+-                     GNUTLS_OID_X520_COMMON_NAME);
++                     GNUTLS_OID_X520_COMMON_NAME, thewhat);
+           GetDnByOID(result->locality_name,
+-                     GNUTLS_OID_X520_LOCALITY_NAME);
++                     GNUTLS_OID_X520_LOCALITY_NAME, thewhat);
+           GetDnByOID(result->state_or_province_name,
+-                     GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
++                     GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, thewhat);
+           GetDnByOID(result->email,
+-                     GNUTLS_OID_PKCS9_EMAIL);
++                     GNUTLS_OID_PKCS9_EMAIL, thewhat);
+           rc = 0;
+       }
+       gnutls_x509_crt_deinit(xcert);
+@@ -570,7 +576,7 @@
+     X509_NAME *result;
+ 
+     if ((result = typeCalloc(X509_NAME)) != 0) {
+-      if (ExtractCertificate(&cert[1], result) < 0) {
++      if (ExtractCertificate(cert, result, 1) < 0) {
+           free(result);
+           result = 0;
+       }
+@@ -586,7 +592,7 @@
+     X509_NAME *result;
+ 
+     if ((result = typeCalloc(X509_NAME)) != 0) {
+-      if (ExtractCertificate(&cert[0], result) < 0) {
++      if (ExtractCertificate(cert, result, 0) < 0) {
+           free(result);
+           result = 0;
+       }



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to