Bug#820589: jessie-pu: package opam/1.2.0-1+deb8u1
On Sun, Apr 10, 2016 at 12:49:34 +0200, Mehdi Dogguy wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> Hi,
>
> Following a recommendation from the Security team[1], I'd like to update
> Opam in Jessie to fix #818081.
>
> Please find attached my diff.
>
> [1] https://lists.debian.org/debian-ocaml-maint/2016/04/msg00012.html
>
> -- System Information:
> Debian Release: stretch/sid
> APT prefers testing
> APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,10 @@
> +opam (1.2.0-1+deb8u1) jessie; urgency=medium
> +
> + * Stop using insecure and no-check-certificate flags when fetching
> + files using wget and curl.
> +
Missing "closes:"?
Cheers,
Julien
> + -- Mehdi Dogguy <mehdi@debian.org> Sun, 10 Apr 2016 12:27:13 +0200
> +
> opam (1.2.0-1) unstable; urgency=medium
>
> * New upstream release.
> --- a/debian/gbp.conf
> +++ b/debian/gbp.conf
> @@ -1,4 +1,6 @@
> [DEFAULT]
> +debian-branch = "debian/jessie"
> +upstream-branch = "upstream/1.2.0"
> pristine-tar = True
> filter-pristine-tar = True
> filter = [
> --- /dev/null
> +++ b/debian/patches/0003-remove-insecure-no-check-certificate-flags.patch
> @@ -0,0 +1,30 @@
> +From: Mehdi Dogguy <mehdi@debian.org>
> +Date: Sun, 10 Apr 2016 12:26:17 +0200
> +Subject: remove insecure / no-check-certificate flags
> +
> +---
> + src/core/opamSystem.ml | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/core/opamSystem.ml b/src/core/opamSystem.ml
> +index a8e3168..c4151e9 100644
> +--- a/src/core/opamSystem.ml
> ++++ b/src/core/opamSystem.ml
> +@@ -597,7 +597,7 @@ let download_command =
> + let wget ~compress:_ src =
> + let wget = [
> + "wget";
> +- "--content-disposition"; "--no-check-certificate";
> ++ "--content-disposition";
> + "-t"; retry;
> + src
> + ] in
> +@@ -605,7 +605,7 @@ let download_command =
> + let curl command ~compress src =
> + let curl = [
> + command;
> +- "--write-out"; "%{http_code}\\n"; "--insecure";
> ++ "--write-out"; "%{http_code}\\n";
> + "--retry"; retry; "--retry-delay"; "2";
> + ] @ (if compress then ["--compressed"] else []) @ [
> + "-OL"; src
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -1,2 +1,3 @@
> 0001-Fix-some-spelling-errors.patch
> 0002-Import-uutf-and-jsonm-temporarily.patch
> +0003-remove-insecure-no-check-certificate-flags.patch
Reply to: