[Pkg-wmaker-commits] [wmbiff] 66/92: debian/patches: (10_use_pkg-config.diff, 16_gnutls_deprecated.diff, 20_gnutls_set_default_priority.diff) Remove patches; similar patches applied upstream.

Thu Aug 20 02:59:28 UTC 2015

This is an automated email from the git hooks/post-receive script.

dtorrance-guest pushed a commit to branch master
in repository wmbiff.

commit 9a6d15ea22007dae928877d72618c75364d494c1
Author: Doug Torrance <dtorrance at monmouthcollege.edu>
Date:   Wed Nov 5 16:27:48 2014 -0600

    debian/patches: (10_use_pkg-config.diff, 16_gnutls_deprecated.diff, 20_gnutls_set_default_priority.diff) Remove patches; similar patches applied upstream.
---
 debian/patches/10_use_pkg-config.diff              |  38 --------
 debian/patches/16_gnutls_deprecated.diff           | 107 ---------------------
 debian/patches/20_gnutls_set_default_priority.diff |  40 --------
 debian/patches/series                              |   3 -
 4 files changed, 188 deletions(-)

diff --git a/debian/patches/10_use_pkg-config.diff b/debian/patches/10_use_pkg-config.diff
deleted file mode 100644
index f350a83..0000000
--- a/debian/patches/10_use_pkg-config.diff
+++ /dev/null
@@ -1,38 +0,0 @@
-Description: Search for gnutls with pkg-config. Required for gnutls 2.8.
-Author: Andreas Metzler <ametzler at debian.org>
-Origin: vendor
-Bug-Debian: http://bugs.debian.org/529915
-Last-Update: 2014-08-09
-
---- wmbiff-0.4.27.orig/configure.ac
-+++ wmbiff-0.4.27/configure.ac
-@@ -77,13 +77,22 @@ AC_ARG_ENABLE(crypto, AC_HELP_STRING([ -
- 
- GNUTLS_MAN_STATUS="This copy of WMBiff was not compiled with GNUTLS."
- if test "$gnutls" = "ok"; then
-- AM_PATH_LIBGNUTLS(1.0.4, [LIBS="$LIBS $LIBGNUTLS_LIBS"
--                          CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
--                         CPPFLAGS="$CPPFLAGS $LIBGNUTLS_CFLAGS"
--                         GNUTLS_COMMON_O="gnutls-common.o"
--                         GNUTLS_MAN_STATUS="This copy of WMBiff was compiled with GNUTLS."
--                         AC_CHECK_HEADERS(gnutls/gnutls.h) ],
--                         [ echo GNUTLS can be found at ftp://gnutls.hellug.gr/pub/gnutls ])
-+
-+PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 1.2.0],
-+	[LIBS="$LIBS $LIBGNUTLS_LIBS"
-+        CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
-+        CPPFLAGS="$CPPFLAGS $LIBGNUTLS_CFLAGS"
-+        GNUTLS_COMMON_O="gnutls-common.o"
-+        GNUTLS_MAN_STATUS="This copy of WMBiff was compiled with GNUTLS."
-+        AC_CHECK_HEADERS(gnutls/gnutls.h) ],
-+        [ echo GNUTLS can be found at ftp://gnutls.hellug.gr/pub/gnutls ])
-+## AM_PATH_LIBGNUTLS(1.0.4, [LIBS="$LIBS $LIBGNUTLS_LIBS"
-+##                          CFLAGS="$CFLAGS $LIBGNUTLS_CFLAGS"
-+##                         CPPFLAGS="$CPPFLAGS $LIBGNUTLS_CFLAGS"
-+##                         GNUTLS_COMMON_O="gnutls-common.o"
-+##                         GNUTLS_MAN_STATUS="This copy of WMBiff was compiled with GNUTLS."
-+##                         AC_CHECK_HEADERS(gnutls/gnutls.h) ],
-+##                         [ echo GNUTLS can be found at ftp://gnutls.hellug.gr/pub/gnutls ])
- else
-  AC_MSG_RESULT(GNUTLS support requires libz.a and libgdbm.a, so will be disabled)
- fi
diff --git a/debian/patches/16_gnutls_deprecated.diff b/debian/patches/16_gnutls_deprecated.diff
deleted file mode 100644
index e0c533e..0000000
--- a/debian/patches/16_gnutls_deprecated.diff
+++ /dev/null
@@ -1,107 +0,0 @@
-Description: Do not used deprecated/removed old
- gnutls_certificate_verify_peers() function, but use slightly less old
- gnutls_certificate_verify_peers2() instead.
- Pulled from 4e9e018b2236e00aa591f1d5d99ec59f74475480.
-Author: VLASIU <gabriel at vlasiu.net>
-Bug-Debian: http://bugs.debian.org/ #624083
-Origin: upstream, http://repo.or.cz/w/dockapps.git/commit/4e9e018b2236e00aa591f1d5d99ec59f74475480
-Forwarded: not-needed
-Last-Update: 2014-06-09
-
---- a/wmbiff/gnutls-common.c
-+++ b/wmbiff/gnutls-common.c
-@@ -334,15 +334,17 @@ void print_openpgp_info(gnutls_session s
- void print_cert_vrfy(gnutls_session session)
- {
- 
--	int status;
--	status = gnutls_certificate_verify_peers(session);
-+	unsigned int status;
-+	int ret;
-+	ret = gnutls_certificate_verify_peers2(session, &status);
- 	printf("\n");
--
--	if (status == GNUTLS_E_NO_CERTIFICATE_FOUND) {
-+	
-+	if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) {
- 		printf("- Peer did not send any certificate.\n");
- 		return;
- 	}
--	if (status < 0) {
-+
-+	if (ret < 0) {
- 		printf("- Could not verify certificate (err: %s)\n",
- 		       gnutls_strerror(status));
- 		return;
---- a/wmbiff/tlsComm.c
-+++ b/wmbiff/tlsComm.c
-@@ -340,6 +340,16 @@ bad_certificate(const struct connection_
- 	}
- }
- 
-+static void
-+warn_certificate(const struct connection_state *scs, const char *msg)
-+{
-+	if (!SkipCertificateCheck) {
-+		TDM(DEBUG_ERROR, "%s", msg);
-+		TDM(DEBUG_ERROR, "to ignore this warning, run wmbiff "
-+			"with the -skip-certificate-check option\n");
-+	}
-+}
-+
- /* a start of a hack at verifying certificates.  does not
-    provide any security at all.  I'm waiting for either
-    gnutls to make this as easy as it should be, or someone
-@@ -410,32 +420,45 @@ static void
- tls_check_certificate(struct connection_state *scs,
- 					  const char *remote_hostname) 
- {
--	int certstat;
-+	int ret;
-+	unsigned int certstat;
- 	const gnutls_datum *cert_list;
--	int cert_list_size = 0;
-+	unsigned int cert_list_size = 0;
- 	gnutls_x509_crt cert;
- 
- 	if (gnutls_auth_get_type(scs->tls_state) != GNUTLS_CRD_CERTIFICATE) {
- 		bad_certificate(scs, "Unable to get certificate from peer.\n");
- 		return;	/* bad_cert will exit if -skip-certificate-check was not given */
- 	}
--	certstat = gnutls_certificate_verify_peers(scs->tls_state);
--	if (certstat == GNUTLS_E_NO_CERTIFICATE_FOUND) {
--		bad_certificate(scs, "server presented no certificate.\n");
-+	ret = gnutls_certificate_verify_peers2(scs->tls_state, &certstat);
-+
-+	if (ret < 0) {
-+		char errbuf[1024];
-+
-+		snprintf(errbuf, 1024, "could not verify certificate: %s (%d).\n",
-+			gnutls_strerror(ret), ret);
-+		bad_certificate(scs, (ret == GNUTLS_E_NO_CERTIFICATE_FOUND ?
-+			"server presented no certificate.\n" :
-+			errbuf));
-+		return;
- #ifdef GNUTLS_CERT_CORRUPTED
- 	} else if (certstat & GNUTLS_CERT_CORRUPTED) {
- 		bad_certificate(scs, "server's certificate is corrupt.\n");
- #endif
- 	} else if (certstat & GNUTLS_CERT_REVOKED) {
- 		bad_certificate(scs, "server's certificate has been revoked.\n");
-+	} else if (certstat & GNUTLS_CERT_EXPIRED) {
-+		bad_certificate(scs, "server's certificate is expired.\n");
-+	} else if (certstat & GNUTLS_CERT_INSECURE_ALGORITHM) {
-+		warn_certificate(scs, "server's certificate use an insecure algorithm.\n");
- 	} else if (certstat & GNUTLS_CERT_INVALID) {
- 		if (gnutls_certificate_type_get(scs->tls_state) == GNUTLS_CRT_X509) {
- 			/* bad_certificate(scs, "server's certificate is not trusted.\n"
- 			   "there may be a problem with the certificate stored in your certfile\n"); */
- 		} else {
- 			bad_certificate(scs,
--							"server's certificate is invalid or not X.509.\n"
--							"there may be a problem with the certificate stored in your certfile\n");
-+				"server's certificate is invalid or not X.509.\n"
-+				"there may be a problem with the certificate stored in your certfile\n");
- 		}
- #if defined(GNUTLS_CERT_SIGNER_NOT_FOUND)
- 	} else if (certstat & GNUTLS_CERT_SIGNER_NOT_FOUND) {
diff --git a/debian/patches/20_gnutls_set_default_priority.diff b/debian/patches/20_gnutls_set_default_priority.diff
deleted file mode 100644
index a65215a..0000000
--- a/debian/patches/20_gnutls_set_default_priority.diff
+++ /dev/null
@@ -1,40 +0,0 @@
-Description: Use gnutls_set_default_priority() to get GnuTLS upstream's
- recommended default values (SSL/TLS versions, ciphers, et al.) instead
- of setting local defaults using the deprecated
- gnutls_cipher_set_priority/gnutls_protocol_set_priority/...
- functions.
-Author: Andreas Metzler <ametzler at debian.org>, Nye Liu <nyet at nyet.org>
-Bug-Debian: https://bugs.debian.org/759259
-Origin: vendor
-Forwarded: no
-Last-Update: 2014-11-02
-
---- a/wmbiff/tlsComm.c
-+++ b/wmbiff/tlsComm.c
-@@ -553,25 +553,7 @@ struct connection_state *initialize_gnut
- 
- 	assert(gnutls_init(&scs->tls_state, GNUTLS_CLIENT) == 0);
- 	{
--		const int protocols[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
--		const int ciphers[] =
--			{ GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC,
--			GNUTLS_CIPHER_RIJNDAEL_256_CBC,
--			GNUTLS_CIPHER_ARCFOUR, 0
--		};
--		const int compress[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
--		const int key_exch[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS,
--			GNUTLS_KX_DHE_RSA, 0
--		};
--		/* mutt with gnutls doesn't use kx_srp or kx_anon_dh */
--		const int mac[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
--		assert(gnutls_protocol_set_priority(scs->tls_state, protocols) ==
--			   0);
--		assert(gnutls_cipher_set_priority(scs->tls_state, ciphers) == 0);
--		assert(gnutls_compression_set_priority(scs->tls_state, compress) ==
--			   0);
--		assert(gnutls_kx_set_priority(scs->tls_state, key_exch) == 0);
--		assert(gnutls_mac_set_priority(scs->tls_state, mac) == 0);
-+		assert(gnutls_set_default_priority(scs->tls_state) == 0);
- 		/* no client private key */
- 		if (gnutls_certificate_allocate_credentials(&scs->xcred) < 0) {
- 			DMA(DEBUG_ERROR, "gnutls memory error\n");
diff --git a/debian/patches/series b/debian/patches/series
index fa378fc..3ff2258 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1 @@
-10_use_pkg-config.diff
 15_no_more_LZO.diff
-16_gnutls_deprecated.diff
-20_gnutls_set_default_priority.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmbiff.git

