[Pkg-wmaker-commits] [wmbiff] 66/92: debian/patches: (10_use_pkg-config.diff, 16_gnutls_deprecated.diff, 20_gnutls_set_default_priority.diff) Remove patches; similar patches applied upstream.
Doug Torrance
dtorrance-guest at moszumanska.debian.org
Thu Aug 20 02:59:28 UTC 2015
This is an automated email from the git hooks/post-receive script.
dtorrance-guest pushed a commit to branch master
in repository wmbiff.
commit 9a6d15ea22007dae928877d72618c75364d494c1
Author: Doug Torrance <dtorrance at monmouthcollege.edu>
Date: Wed Nov 5 16:27:48 2014 -0600
debian/patches: (10_use_pkg-config.diff, 16_gnutls_deprecated.diff, 20_gnutls_set_default_priority.diff) Remove patches; similar patches applied upstream.
---
debian/patches/10_use_pkg-config.diff | 38 --------
debian/patches/16_gnutls_deprecated.diff | 107 ---------------------
debian/patches/20_gnutls_set_default_priority.diff | 40 --------
debian/patches/series | 3 -
4 files changed, 188 deletions(-)
diff --git a/debian/patches/10_use_pkg-config.diff b/debian/patches/10_use_pkg-config.diff
deleted file mode 100644
index f350a83..0000000
--- a/debian/patches/10_use_pkg-config.diff
+++ /dev/null
@@ -1,38 +0,0 @@
-Description: Search for gnutls with pkg-config. Required for gnutls 2.8.
-Author: Andreas Metzler <ametzler at debian.org>
-Origin: vendor
-Bug-Debian: http://bugs.debian.org/529915
-Last-Update: 2014-08-09
-
---- wmbiff-0.4.27.orig/configure.ac
-+++ wmbiff-0.4.27/configure.ac
-@@ -77,13 +77,22 @@ AC_ARG_ENABLE(crypto, AC_HELP_STRING([ -
-
- GNUTLS_MAN_STATUS="This copy of WMBiff was not compiled with GNUTLS."
- if test "$gnutls" = "ok"; then
-- AM_PATH_LIBGNUTLS(1.0.4, [LIBS="$LIBS $LIBGNUTLS_LIBS"
-- CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
-- CPPFLAGS="$CPPFLAGS $LIBGNUTLS_CFLAGS"
-- GNUTLS_COMMON_O="gnutls-common.o"
-- GNUTLS_MAN_STATUS="This copy of WMBiff was compiled with GNUTLS."
-- AC_CHECK_HEADERS(gnutls/gnutls.h) ],
-- [ echo GNUTLS can be found at ftp://gnutls.hellug.gr/pub/gnutls ])
-+
-+PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 1.2.0],
-+ [LIBS="$LIBS $LIBGNUTLS_LIBS"
-+ CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
-+ CPPFLAGS="$CPPFLAGS $LIBGNUTLS_CFLAGS"
-+ GNUTLS_COMMON_O="gnutls-common.o"
-+ GNUTLS_MAN_STATUS="This copy of WMBiff was compiled with GNUTLS."
-+ AC_CHECK_HEADERS(gnutls/gnutls.h) ],
-+ [ echo GNUTLS can be found at ftp://gnutls.hellug.gr/pub/gnutls ])
-+## AM_PATH_LIBGNUTLS(1.0.4, [LIBS="$LIBS $LIBGNUTLS_LIBS"
-+## CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
-+## CPPFLAGS="$CPPFLAGS $LIBGNUTLS_CFLAGS"
-+## GNUTLS_COMMON_O="gnutls-common.o"
-+## GNUTLS_MAN_STATUS="This copy of WMBiff was compiled with GNUTLS."
-+## AC_CHECK_HEADERS(gnutls/gnutls.h) ],
-+## [ echo GNUTLS can be found at ftp://gnutls.hellug.gr/pub/gnutls ])
- else
- AC_MSG_RESULT(GNUTLS support requires libz.a and libgdbm.a, so will be disabled)
- fi
diff --git a/debian/patches/16_gnutls_deprecated.diff b/debian/patches/16_gnutls_deprecated.diff
deleted file mode 100644
index e0c533e..0000000
--- a/debian/patches/16_gnutls_deprecated.diff
+++ /dev/null
@@ -1,107 +0,0 @@
-Description: Do not used deprecated/removed old
- gnutls_certificate_verify_peers() function, but use slightly less old
- gnutls_certificate_verify_peers2() instead.
- Pulled from 4e9e018b2236e00aa591f1d5d99ec59f74475480.
-Author: VLASIU <gabriel at vlasiu.net>
-Bug-Debian: http://bugs.debian.org/ #624083
-Origin: upstream, http://repo.or.cz/w/dockapps.git/commit/4e9e018b2236e00aa591f1d5d99ec59f74475480
-Forwarded: not-needed
-Last-Update: 2014-06-09
-
---- a/wmbiff/gnutls-common.c
-+++ b/wmbiff/gnutls-common.c
-@@ -334,15 +334,17 @@ void print_openpgp_info(gnutls_session s
- void print_cert_vrfy(gnutls_session session)
- {
-
-- int status;
-- status = gnutls_certificate_verify_peers(session);
-+ unsigned int status;
-+ int ret;
-+ ret = gnutls_certificate_verify_peers2(session, &status);
- printf("\n");
--
-- if (status == GNUTLS_E_NO_CERTIFICATE_FOUND) {
-+
-+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) {
- printf("- Peer did not send any certificate.\n");
- return;
- }
-- if (status < 0) {
-+
-+ if (ret < 0) {
- printf("- Could not verify certificate (err: %s)\n",
- gnutls_strerror(status));
- return;
---- a/wmbiff/tlsComm.c
-+++ b/wmbiff/tlsComm.c
-@@ -340,6 +340,16 @@ bad_certificate(const struct connection_
- }
- }
-
-+static void
-+warn_certificate(const struct connection_state *scs, const char *msg)
-+{
-+ if (!SkipCertificateCheck) {
-+ TDM(DEBUG_ERROR, "%s", msg);
-+ TDM(DEBUG_ERROR, "to ignore this warning, run wmbiff "
-+ "with the -skip-certificate-check option\n");
-+ }
-+}
-+
- /* a start of a hack at verifying certificates. does not
- provide any security at all. I'm waiting for either
- gnutls to make this as easy as it should be, or someone
-@@ -410,32 +420,45 @@ static void
- tls_check_certificate(struct connection_state *scs,
- const char *remote_hostname)
- {
-- int certstat;
-+ int ret;
-+ unsigned int certstat;
- const gnutls_datum *cert_list;
-- int cert_list_size = 0;
-+ unsigned int cert_list_size = 0;
- gnutls_x509_crt cert;
-
- if (gnutls_auth_get_type(scs->tls_state) != GNUTLS_CRD_CERTIFICATE) {
- bad_certificate(scs, "Unable to get certificate from peer.\n");
- return; /* bad_cert will exit if -skip-certificate-check was not given */
- }
-- certstat = gnutls_certificate_verify_peers(scs->tls_state);
-- if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) {
-- bad_certificate(scs, "server presented no certificate.\n");
-+ ret = gnutls_certificate_verify_peers2(scs->tls_state, &certstat);
-+
-+ if (ret < 0) {
-+ char errbuf[1024];
-+
-+ snprintf(errbuf, 1024, "could not verify certificate: %s (%d).\n",
-+ gnutls_strerror(ret), ret);
-+ bad_certificate(scs, (ret == GNUTLS_E_NO_CERTIFICATE_FOUND ?
-+ "server presented no certificate.\n" :
-+ errbuf));
-+ return;
- #ifdef GNUTLS_CERT_CORRUPTED
- } else if (certstat & GNUTLS_CERT_CORRUPTED) {
- bad_certificate(scs, "server's certificate is corrupt.\n");
- #endif
- } else if (certstat & GNUTLS_CERT_REVOKED) {
- bad_certificate(scs, "server's certificate has been revoked.\n");
-+ } else if (certstat & GNUTLS_CERT_EXPIRED) {
-+ bad_certificate(scs, "server's certificate is expired.\n");
-+ } else if (certstat & GNUTLS_CERT_INSECURE_ALGORITHM) {
-+ warn_certificate(scs, "server's certificate use an insecure algorithm.\n");
- } else if (certstat & GNUTLS_CERT_INVALID) {
- if (gnutls_certificate_type_get(scs->tls_state) == GNUTLS_CRT_X509) {
- /* bad_certificate(scs, "server's certificate is not trusted.\n"
- "there may be a problem with the certificate stored in your certfile\n"); */
- } else {
- bad_certificate(scs,
-- "server's certificate is invalid or not X.509.\n"
-- "there may be a problem with the certificate stored in your certfile\n");
-+ "server's certificate is invalid or not X.509.\n"
-+ "there may be a problem with the certificate stored in your certfile\n");
- }
- #if defined(GNUTLS_CERT_SIGNER_NOT_FOUND)
- } else if (certstat & GNUTLS_CERT_SIGNER_NOT_FOUND) {
diff --git a/debian/patches/20_gnutls_set_default_priority.diff b/debian/patches/20_gnutls_set_default_priority.diff
deleted file mode 100644
index a65215a..0000000
--- a/debian/patches/20_gnutls_set_default_priority.diff
+++ /dev/null
@@ -1,40 +0,0 @@
-Description: Use gnutls_set_default_priority() to get GnuTLS upstream's
- recommended default values (SSL/TLS versions, ciphers, et al.) instead
- of setting local defaults using the deprecated
- gnutls_cipher_set_priority/gnutls_protocol_set_priority/...
- functions.
-Author: Andreas Metzler <ametzler at debian.org>, Nye Liu <nyet at nyet.org>
-Bug-Debian: https://bugs.debian.org/759259
-Origin: vendor
-Forwarded: no
-Last-Update: 2014-11-02
-
---- a/wmbiff/tlsComm.c
-+++ b/wmbiff/tlsComm.c
-@@ -553,25 +553,7 @@ struct connection_state *initialize_gnut
-
- assert(gnutls_init(&scs->tls_state, GNUTLS_CLIENT) == 0);
- {
-- const int protocols[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
-- const int ciphers[] =
-- { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC,
-- GNUTLS_CIPHER_RIJNDAEL_256_CBC,
-- GNUTLS_CIPHER_ARCFOUR, 0
-- };
-- const int compress[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
-- const int key_exch[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS,
-- GNUTLS_KX_DHE_RSA, 0
-- };
-- /* mutt with gnutls doesn't use kx_srp or kx_anon_dh */
-- const int mac[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
-- assert(gnutls_protocol_set_priority(scs->tls_state, protocols) ==
-- 0);
-- assert(gnutls_cipher_set_priority(scs->tls_state, ciphers) == 0);
-- assert(gnutls_compression_set_priority(scs->tls_state, compress) ==
-- 0);
-- assert(gnutls_kx_set_priority(scs->tls_state, key_exch) == 0);
-- assert(gnutls_mac_set_priority(scs->tls_state, mac) == 0);
-+ assert(gnutls_set_default_priority(scs->tls_state) == 0);
- /* no client private key */
- if (gnutls_certificate_allocate_credentials(&scs->xcred) < 0) {
- DMA(DEBUG_ERROR, "gnutls memory error\n");
diff --git a/debian/patches/series b/debian/patches/series
index fa378fc..3ff2258 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1 @@
-10_use_pkg-config.diff
15_no_more_LZO.diff
-16_gnutls_deprecated.diff
-20_gnutls_set_default_priority.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmbiff.git
More information about the Pkg-wmaker-commits
mailing list