[pkg-lynx-commits] [lynx-cur] 01/02: Use gnutls_set_default_priority().
Andreas Metzler
ametzler at moszumanska.debian.org
Thu May 14 06:08:44 UTC 2015
This is an automated email from the git hooks/post-receive script.
ametzler pushed a commit to branch master
in repository lynx-cur.
commit 7c090f5f75eeb408be8a0f9e0e5b984513a46fe7
Author: Andreas Metzler <ametzler at bebt.de>
Date: Thu May 14 08:04:49 2015 +0200
Use gnutls_set_default_priority().
Use gnutls_set_default_priority() instead of custom priority string
NONE:+VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-GCM:+AES-128-G
CM:+AES-256-CBC:+AES-128-CBC:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+COMP
-NULL:+DHE-RSA:+RSA:+DHE-DSS:+SHA1:+MD5
The used string disabled CTYPE-* and SIGN-* which starting with gnutls
3.3.15 (GNUTLS-SA-2015-2) causes tls connection errors on most hosts
(e.g. www.kernel.org).
See #784430.
---
debian/changelog | 7 +++++
debian/patches/gnutls_set_default_priority.diff | 36 +++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 44 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 65fca0b..8642fed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+lynx-cur (2.8.9dev6-2) UNRELEASED; urgency=medium
+
+ * gnutls_set_default_priority.diff: Use gnutls_set_default_priority()
+ instead of a custom priority string. See #784430.
+
+ -- Andreas Metzler <ametzler at debian.org> Thu, 14 May 2015 08:02:45 +0200
+
lynx-cur (2.8.9dev6-1) unstable; urgency=medium
* New upstream version.
diff --git a/debian/patches/gnutls_set_default_priority.diff b/debian/patches/gnutls_set_default_priority.diff
new file mode 100644
index 0000000..fe9d112
--- /dev/null
+++ b/debian/patches/gnutls_set_default_priority.diff
@@ -0,0 +1,36 @@
+Description: Use gnutls_set_default_priority() instead of a custom
+ priority string.
+ This is a minimal patch, leaving the now unused functions alone.
+Author: Andreas Metzler <ametzler at debian.org>
+Origin: vendor
+Forwarded: http://mid.gmane.org/20150512175429.GB1321%40downhill.g.la
+Last-Update: 2015-05-13
+Bug-Debian: http://bugs.debian.org/784430
+
+diff --git a/src/tidy_tls.c b/src/tidy_tls.c
+index f6dea81..df8efb4 100644
+--- a/src/tidy_tls.c
++++ b/src/tidy_tls.c
+@@ -542,21 +542,7 @@ SSL *SSL_new(SSL_CTX * ctx)
+ ssl->ctx = ctx;
+
+ gnutls_init(&ssl->gnutls_state, ctx->method->connend);
+-
+-#if USE_SET_DIRECT
+- UpdatePriority(ssl);
+-#else
+- gnutls_protocol_set_priority(ssl->gnutls_state,
+- ctx->method->priority.protocol);
+- gnutls_cipher_set_priority(ssl->gnutls_state,
+- ctx->method->priority.encrypts);
+- gnutls_compression_set_priority(ssl->gnutls_state,
+- ctx->method->priority.compress);
+- gnutls_kx_set_priority(ssl->gnutls_state,
+- ctx->method->priority.key_xchg);
+- gnutls_mac_set_priority(ssl->gnutls_state,
+- ctx->method->priority.msg_code);
+-#endif
++ gnutls_set_default_priority(ssl->gnutls_state);
+
+ gnutls_credentials_set(ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE,
+ ssl->gnutls_cred);
diff --git a/debian/patches/series b/debian/patches/series
index 4937fdf..5502c0b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ use-dpkg-buildflags.patch
40_reproducible_build.diff
nested_tables.patch
manpage_improved.patch
+gnutls_set_default_priority.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-lynx/lynx-cur.git
More information about the pkg-lynx-commits
mailing list