Bug#706142: pu: telepathy-idle/0.1.11-2+deb7u1
On Fri, 07 Jun 2013 at 09:38:02 +0100, Simon McVittie wrote:
> Does the RT have any opinion on which of the possible resolutions would
> be acceptable/preferred for stable?
In the absence of feedback, I've assumed that this one is likely
to be unacceptable:
> * upload 0.1.16 to wheezy (~1k lines of necessary code for
> interactive certificate prompting, ~1k lines of unrelated
> bugfixes and an unrelated new feature, but has actually
> been tested in this form)
and done this one:
> * upload 0.1.16 to wheezy-backports (which should be trivial),
> and upload 0.1.11-2+deb7u1 with a NEWS file noting the regression
> and suggesting the backport
Assuming my backport gets accepted into wheezy-backports, does the
attached debdiff look OK?
pkg-telepathy: if anyone has any better ideas for handling this,
you are welcome to do them instead.
S
diffstat for telepathy-idle-0.1.11 telepathy-idle-0.1.11
NEWS | 12 ++++
changelog | 8 ++
gbp.conf | 2
patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch | 28 ++++++++++
patches/series | 1
5 files changed, 50 insertions(+), 1 deletion(-)
diff -Nru telepathy-idle-0.1.11/debian/changelog telepathy-idle-0.1.11/debian/changelog
--- telepathy-idle-0.1.11/debian/changelog 2011-11-02 07:12:25.000000000 +0000
+++ telepathy-idle-0.1.11/debian/changelog 2013-06-16 13:35:39.000000000 +0100
@@ -1,3 +1,11 @@
+telepathy-idle (0.1.11-2+deb7u1) wheezy; urgency=low
+
+ * Validate TLS certificates (Closes: #706094)
+ * debian/NEWS: suggest the telepathy-idle backport for users who
+ need interactive TLS certificate validation
+
+ -- Simon McVittie <smcv@debian.org> Sun, 16 Jun 2013 13:26:54 +0100
+
telepathy-idle (0.1.11-2) unstable; urgency=low
* debian/patches/Support-trailing-parameter-without-a-initial.patch:
diff -Nru telepathy-idle-0.1.11/debian/gbp.conf telepathy-idle-0.1.11/debian/gbp.conf
--- telepathy-idle-0.1.11/debian/gbp.conf 2011-11-02 07:12:25.000000000 +0000
+++ telepathy-idle-0.1.11/debian/gbp.conf 2013-06-16 13:35:39.000000000 +0100
@@ -1,5 +1,5 @@
[DEFAULT]
-debian-branch = debian
+debian-branch = debian-wheezy
upstream-branch = upstream
pristine-tar = True
diff -Nru telepathy-idle-0.1.11/debian/NEWS telepathy-idle-0.1.11/debian/NEWS
--- telepathy-idle-0.1.11/debian/NEWS 1970-01-01 01:00:00.000000000 +0100
+++ telepathy-idle-0.1.11/debian/NEWS 2013-06-16 13:35:39.000000000 +0100
@@ -0,0 +1,12 @@
+telepathy-idle (0.1.11-2+deb7u1) wheezy; urgency=low
+
+ This version of telepathy-idle checks that servers' SSL certificates
+ are signed by a trusted certificate authority (CA). It does not support
+ interactive certificate validation through the Empathy or
+ kde-telepathy-auth-handler user interfaces.
+
+ If you need to connect to a server with a self-signed certificate,
+ please use telepathy-idle >= 0.1.16 (from the wheezy-backports repository),
+ which does support interactive certificate validation.
+
+ -- Simon McVittie <smcv@debian.org> Sun, 16 Jun 2013 13:26:54 +0100
diff -Nru telepathy-idle-0.1.11/debian/patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch telepathy-idle-0.1.11/debian/patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch
--- telepathy-idle-0.1.11/debian/patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch 1970-01-01 01:00:00.000000000 +0100
+++ telepathy-idle-0.1.11/debian/patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch 2013-06-16 13:35:39.000000000 +0100
@@ -0,0 +1,28 @@
+From: Simon McVittie <smcv@debian.org>
+Date: Wed, 24 Apr 2013 16:43:00 +0100
+Subject: Don't disable parts of TLS certificate validation
+
+This breaks one regression test, but is a simpler fix than was used
+upstream.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63810
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706094
+Forwarded: not-needed, fixed differently upstream
+---
+ src/idle-server-connection.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/src/idle-server-connection.c b/src/idle-server-connection.c
+index 5b8629c..8c8eeff 100644
+--- a/src/idle-server-connection.c
++++ b/src/idle-server-connection.c
+@@ -469,9 +469,4 @@ IdleServerConnectionState idle_server_connection_get_state(IdleServerConnection
+ void idle_server_connection_set_tls(IdleServerConnection *conn, gboolean tls) {
+ IdleServerConnectionPrivate *priv = IDLE_SERVER_CONNECTION_GET_PRIVATE(conn);
+ g_socket_client_set_tls(priv->socket_client, tls);
+- g_socket_client_set_tls_validation_flags(priv->socket_client,
+- G_TLS_CERTIFICATE_VALIDATE_ALL
+- & ~G_TLS_CERTIFICATE_UNKNOWN_CA
+- & ~G_TLS_CERTIFICATE_BAD_IDENTITY
+- & ~G_TLS_CERTIFICATE_EXPIRED);
+ }
diff -Nru telepathy-idle-0.1.11/debian/patches/series telepathy-idle-0.1.11/debian/patches/series
--- telepathy-idle-0.1.11/debian/patches/series 2011-11-02 07:12:25.000000000 +0000
+++ telepathy-idle-0.1.11/debian/patches/series 2013-06-16 13:35:39.000000000 +0100
@@ -1 +1,2 @@
Support-trailing-parameter-without-a-initial.patch
+0002-Don-t-disable-parts-of-TLS-certificate-validation.patch
Reply to: