Package: libcurl3-gnutls Version: 7.19.5-1.1 Severity: normal Tags: patch upstream
According to curl_getdate(3), its "parser was written to handle date formats specified in RFC 822 (including the update in RFC 1123) using time zone name or time zone delta and RFC 850 (obsoleted by RFC 1036) and ANSI C's asctime() format." RFC 822's date format allows for the use of single letter military timezones; see http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html For example, "Sat, 17 Oct 2009 20:00:00 Z" is a valid date string according to RFC822, and such date strings are seen in the wild (see bug #37491), but are not parsed by curl_getdate(3). The patch below (which I have tested against libcurl CVS HEAD) fixes this. Kind regards, Ray diff -ru ../curl-cvs/lib/parsedate.c ./lib/parsedate.c --- ../curl-cvs/lib/parsedate.c 2009-09-03 10:30:28.000000000 +0200 +++ ./lib/parsedate.c 2009-10-18 12:47:45.000000000 +0200 @@ -147,6 +147,36 @@ {"NZST", -720}, /* New Zealand Standard */ {"NZDT", -720 tDAYZONE}, /* New Zealand Daylight */ {"IDLE", -720}, /* International Date Line East */ + /* Next up: Military timezone names. RFC822 allowed these, but (as noted in + RFC 1123) had their signs wrong. Here we use the correct signs to match + actual military usage. + */ + {"A", +1 * 60}, /* Alpha */ + {"B", +2 * 60}, /* Bravo */ + {"C", +3 * 60}, /* Charlie */ + {"D", +4 * 60}, /* Delta */ + {"E", +5 * 60}, /* Echo */ + {"F", +6 * 60}, /* Foxtrot */ + {"G", +7 * 60}, /* Golf */ + {"H", +8 * 60}, /* Hotel */ + {"I", +9 * 60}, /* India */ + /* "J", Juliet is not used as a timezone, to indicate the observer's local time */ + {"K", +10 * 60}, /* Kilo */ + {"L", +11 * 60}, /* Lima */ + {"M", +12 * 60}, /* Mike */ + {"N", -1 * 60}, /* November */ + {"O", -2 * 60}, /* Oscar */ + {"P", -3 * 60}, /* Papa */ + {"Q", -4 * 60}, /* Quebec */ + {"R", -5 * 60}, /* Romeo */ + {"S", -6 * 60}, /* Sierra */ + {"T", -7 * 60}, /* Tango */ + {"U", -8 * 60}, /* Uniform */ + {"V", -9 * 60}, /* Victor */ + {"W", -10 * 60}, /* Whiskey */ + {"X", -11 * 60}, /* X-ray */ + {"Y", -12 * 60}, /* Yankee */ + {"Z", 0}, /* Zulu, zero meridian, a.k.a. UTC */ }; /* returns: -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing-proposed-updates'), (500, 'oldstable'), (500, 'stable'), (400, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31.4 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libcurl3-gnutls depends on: ii ca-certificates 20090814 Common CA certificates ii libc6 2.9-27 GNU C Library: Shared libraries ii libgcrypt11 1.4.4-4 LGPL Crypto library - runtime libr ii libgnutls26 2.8.4-1 the GNU TLS library - runtime libr ii libgssapi-krb5-2 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - k ii libidn11 1.15-2 GNU Libidn library, implementation ii libldap-2.4-2 2.4.17-2 OpenLDAP libraries ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime libcurl3-gnutls recommends no packages. libcurl3-gnutls suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org