Bug#551461: marked as done (curl_getdate(3) fails to parse some valid RFC 822 dates)

Wed, 11 Nov 2009 05:40:57 -0800 

Your message dated Wed, 11 Nov 2009 13:32:15 +0000
with message-id <e1n8dj1-0004sz...@ries.debian.org>
and subject line Bug#551461: fixed in curl 7.19.7-1
has caused the Debian Bug report #551461,
regarding curl_getdate(3) fails to parse some valid RFC 822 dates
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
551461: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551461
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libcurl3-gnutls
Version: 7.19.5-1.1
Severity: normal
Tags: patch upstream

According to curl_getdate(3), its "parser was written to handle date formats
specified in RFC 822 (including the update in RFC 1123) using time zone name
or time zone delta and RFC 850 (obsoleted by RFC 1036) and ANSI C's
asctime() format."

RFC 822's date format allows for the use of single letter military
timezones; see
        http://www.rfc-ref.org/RFC-TEXTS/822/chapter5.html

For example, "Sat, 17 Oct 2009 20:00:00 Z" is a valid date string according
to RFC822, and such date strings are seen in the wild (see bug #37491), but
are not parsed by curl_getdate(3). The patch below (which I have tested
against libcurl CVS HEAD) fixes this.

Kind regards,
Ray

diff -ru ../curl-cvs/lib/parsedate.c ./lib/parsedate.c
--- ../curl-cvs/lib/parsedate.c 2009-09-03 10:30:28.000000000 +0200
+++ ./lib/parsedate.c   2009-10-18 12:47:45.000000000 +0200
@@ -147,6 +147,36 @@
   {"NZST", -720},          /* New Zealand Standard */
   {"NZDT", -720 tDAYZONE}, /* New Zealand Daylight */
   {"IDLE", -720},          /* International Date Line East */
+  /* Next up: Military timezone names. RFC822 allowed these, but (as noted in
+     RFC 1123) had their signs wrong. Here we use the correct signs to match
+     actual military usage.
+   */
+  {"A",  +1 * 60},         /* Alpha */
+  {"B",  +2 * 60},         /* Bravo */
+  {"C",  +3 * 60},         /* Charlie */
+  {"D",  +4 * 60},         /* Delta */
+  {"E",  +5 * 60},         /* Echo */
+  {"F",  +6 * 60},         /* Foxtrot */
+  {"G",  +7 * 60},         /* Golf */
+  {"H",  +8 * 60},         /* Hotel */
+  {"I",  +9 * 60},         /* India */
+  /* "J", Juliet is not used as a timezone, to indicate the observer's local 
time */
+  {"K", +10 * 60},         /* Kilo */
+  {"L", +11 * 60},         /* Lima */
+  {"M", +12 * 60},         /* Mike */
+  {"N",  -1 * 60},         /* November */
+  {"O",  -2 * 60},         /* Oscar */
+  {"P",  -3 * 60},         /* Papa */
+  {"Q",  -4 * 60},         /* Quebec */
+  {"R",  -5 * 60},         /* Romeo */
+  {"S",  -6 * 60},         /* Sierra */
+  {"T",  -7 * 60},         /* Tango */
+  {"U",  -8 * 60},         /* Uniform */
+  {"V",  -9 * 60},         /* Victor */
+  {"W", -10 * 60},         /* Whiskey */
+  {"X", -11 * 60},         /* X-ray */
+  {"Y", -12 * 60},         /* Yankee */
+  {"Z", 0},                /* Zulu, zero meridian, a.k.a. UTC */
 };
 
 /* returns:

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing-proposed-updates'), (500, 
'oldstable'), (500, 'stable'), (400, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31.4 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libcurl3-gnutls depends on:
ii  ca-certificates        20090814          Common CA certificates
ii  libc6                  2.9-27            GNU C Library: Shared libraries
ii  libgcrypt11            1.4.4-4           LGPL Crypto library - runtime libr
ii  libgnutls26            2.8.4-1           the GNU TLS library - runtime libr
ii  libgssapi-krb5-2       1.7dfsg~beta3-1   MIT Kerberos runtime libraries - k
ii  libidn11               1.15-2            GNU Libidn library, implementation
ii  libldap-2.4-2          2.4.17-2          OpenLDAP libraries
ii  zlib1g                 1:1.2.3.3.dfsg-15 compression library - runtime

libcurl3-gnutls recommends no packages.

libcurl3-gnutls suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: curl
Source-Version: 7.19.7-1

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive:

curl_7.19.7-1.diff.gz
  to main/c/curl/curl_7.19.7-1.diff.gz
curl_7.19.7-1.dsc
  to main/c/curl/curl_7.19.7-1.dsc
curl_7.19.7-1_hppa.deb
  to main/c/curl/curl_7.19.7-1_hppa.deb
curl_7.19.7.orig.tar.gz
  to main/c/curl/curl_7.19.7.orig.tar.gz
libcurl3-dbg_7.19.7-1_hppa.deb
  to main/c/curl/libcurl3-dbg_7.19.7-1_hppa.deb
libcurl3-gnutls_7.19.7-1_hppa.deb
  to main/c/curl/libcurl3-gnutls_7.19.7-1_hppa.deb
libcurl3_7.19.7-1_hppa.deb
  to main/c/curl/libcurl3_7.19.7-1_hppa.deb
libcurl4-gnutls-dev_7.19.7-1_hppa.deb
  to main/c/curl/libcurl4-gnutls-dev_7.19.7-1_hppa.deb
libcurl4-openssl-dev_7.19.7-1_hppa.deb
  to main/c/curl/libcurl4-openssl-dev_7.19.7-1_hppa.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 551...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Domenico Andreoli <ca...@debian.org> (supplier of updated curl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 05 Nov 2009 10:11:57 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl4-openssl-dev libcurl4-gnutls-dev 
libcurl3-dbg
Architecture: source hppa
Version: 7.19.7-1
Distribution: unstable
Urgency: low
Maintainer: Domenico Andreoli <ca...@debian.org>
Changed-By: Domenico Andreoli <ca...@debian.org>
Description: 
 curl       - Get a file from an HTTP, HTTPS or FTP server
 libcurl3   - Multi-protocol file transfer library (OpenSSL)
 libcurl3-dbg - libcurl compiled with debug symbols
 libcurl3-gnutls - Multi-protocol file transfer library (GnuTLS)
 libcurl4-gnutls-dev - Development files and documentation for libcurl (GnuTLS)
 libcurl4-openssl-dev - Development files and documentation for libcurl 
(OpenSSL)
Closes: 548476 551461
Changes: 
 curl (7.19.7-1) unstable; urgency=low
 .
   * New upstream release:
     - curl_getdate(3) now correctly manages single letter military
       timezones as specified in RFC 822 (closes: #551461).
   * build depends on generic libdb-dev (closes: #548476).
   * build depends on libssh2-1-dev (>= 1.2) to enable new curl options.
Checksums-Sha1: 
 b0103dd7cbd64737d96dbcc88df87ac5eeb2a620 1415 curl_7.19.7-1.dsc
 469d7bf849ad6afcee8a7281146e5fe5167d12cf 3013744 curl_7.19.7.orig.tar.gz
 eb514177e5ee2218ac5442b727683cd34679330f 87969 curl_7.19.7-1.diff.gz
 90a7579232e39668e0a17791a29b012307e36649 209018 curl_7.19.7-1_hppa.deb
 7e59cb483fbbe53832d1be2e081d5a7642eb4f80 251104 libcurl3_7.19.7-1_hppa.deb
 c16944b6767e46a59cc7d4e1fb97d58ba2b4ceb8 230004 
libcurl3-gnutls_7.19.7-1_hppa.deb
 53a4e3a9c907b6f824cb094c9e4393902d449892 1030316 
libcurl4-openssl-dev_7.19.7-1_hppa.deb
 bfa31255b4d3e8877452668afb740c587745fcaa 1004854 
libcurl4-gnutls-dev_7.19.7-1_hppa.deb
 0aad34f960bb2bfb280eda8a2927202b9e6a662a 85070 libcurl3-dbg_7.19.7-1_hppa.deb
Checksums-Sha256: 
 29e510f8baeb01a69ff27475d3fbb418ec5c68993d6a87de40d12b424b56d8fe 1415 
curl_7.19.7-1.dsc
 98d247406d2b5ef7621d7a5475dfcf48836b2b454e22c954cfbb379e6dbb44c7 3013744 
curl_7.19.7.orig.tar.gz
 97cc781cd16f813915c9cd5dd30363511a557e0b587dbba4493cbe3fb0b41bdf 87969 
curl_7.19.7-1.diff.gz
 36454ae73d0e4d69d6eb4f954c5abae173c9535a28028d28aeaa31a09bf238d8 209018 
curl_7.19.7-1_hppa.deb
 41d636b8b104fc80b458b9f5417926624e10901c529ac07f871514db02889d1b 251104 
libcurl3_7.19.7-1_hppa.deb
 44d08a986f875e8154d3841e77c4fa6756f540df8d5208de2678a6717974ff63 230004 
libcurl3-gnutls_7.19.7-1_hppa.deb
 ea0b605a1bf6844ae85c05a1edf52f0a4135a59578d1ced29ae072773fa22020 1030316 
libcurl4-openssl-dev_7.19.7-1_hppa.deb
 719220fa76e57aa5af3fa273786aae68b1ab27ec96736c35eeb63404d441b6e6 1004854 
libcurl4-gnutls-dev_7.19.7-1_hppa.deb
 38f0cd30927527269fb6efb327a80e4f7b66c84dff975aae9a5f08e15d1b26ea 85070 
libcurl3-dbg_7.19.7-1_hppa.deb
Files: 
 733cba46f433989c071c74d4c587848b 1415 web optional curl_7.19.7-1.dsc
 ecb2e37e45c9933e2a963cabe03670ab 3013744 web optional curl_7.19.7.orig.tar.gz
 735f4008649b654cc5efe943e4720c4c 87969 web optional curl_7.19.7-1.diff.gz
 0d4fd83e588719b68961d8e90e4e6e0a 209018 web optional curl_7.19.7-1_hppa.deb
 8989313f8d0f36a9144a2abdf526ad8b 251104 libs optional 
libcurl3_7.19.7-1_hppa.deb
 c2943b04343064a06457bcceac5d4301 230004 libs optional 
libcurl3-gnutls_7.19.7-1_hppa.deb
 c52ea8bd05537dee850ae0023a9ed231 1030316 libdevel optional 
libcurl4-openssl-dev_7.19.7-1_hppa.deb
 ab21b0244cadcbb3dd69c44b3fe3c329 1004854 libdevel optional 
libcurl4-gnutls-dev_7.19.7-1_hppa.deb
 d52b65e57b7473f7e461dcfa400bcde8 85070 debug extra 
libcurl3-dbg_7.19.7-1_hppa.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkr6t/oACgkQBneQM6IOvFA78ACeNJA1yqQC/vYy/ki3dAp6tX0t
uzYAoIBPkZdONXOj3ylwCdGA6jwPShPg
=uH2K
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to