[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#820589: jessie-pu: package opam/1.2.0-1+deb8u1



On Sun, Apr 10, 2016 at 12:49:34 +0200, Mehdi Dogguy wrote:

> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Hi,
> 
> Following a recommendation from the Security team[1], I'd like to update
> Opam in Jessie to fix #818081.
> 
> Please find attached my diff.
> 
> [1] https://lists.debian.org/debian-ocaml-maint/2016/04/msg00012.html
> 
> -- System Information:
> Debian Release: stretch/sid
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)

> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,10 @@
> +opam (1.2.0-1+deb8u1) jessie; urgency=medium
> +
> +  * Stop using insecure and no-check-certificate flags when fetching
> +    files using wget and curl.
> +

Missing "closes:"?

Cheers,
Julien

> + -- Mehdi Dogguy <mehdi@debian.org>  Sun, 10 Apr 2016 12:27:13 +0200
> +
>  opam (1.2.0-1) unstable; urgency=medium
>  
>    * New upstream release.
> --- a/debian/gbp.conf
> +++ b/debian/gbp.conf
> @@ -1,4 +1,6 @@
>  [DEFAULT]
> +debian-branch = "debian/jessie"
> +upstream-branch = "upstream/1.2.0"
>  pristine-tar = True
>  filter-pristine-tar = True
>  filter = [
> --- /dev/null
> +++ b/debian/patches/0003-remove-insecure-no-check-certificate-flags.patch
> @@ -0,0 +1,30 @@
> +From: Mehdi Dogguy <mehdi@debian.org>
> +Date: Sun, 10 Apr 2016 12:26:17 +0200
> +Subject: remove insecure / no-check-certificate flags
> +
> +---
> + src/core/opamSystem.ml | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/core/opamSystem.ml b/src/core/opamSystem.ml
> +index a8e3168..c4151e9 100644
> +--- a/src/core/opamSystem.ml
> ++++ b/src/core/opamSystem.ml
> +@@ -597,7 +597,7 @@ let download_command =
> +   let wget ~compress:_ src =
> +     let wget = [
> +       "wget";
> +-      "--content-disposition"; "--no-check-certificate";
> ++      "--content-disposition";
> +       "-t"; retry;
> +       src
> +     ] in
> +@@ -605,7 +605,7 @@ let download_command =
> +   let curl command ~compress src =
> +     let curl = [
> +       command;
> +-      "--write-out"; "%{http_code}\\n"; "--insecure";
> ++      "--write-out"; "%{http_code}\\n";
> +       "--retry"; retry; "--retry-delay"; "2";
> +     ] @ (if compress then ["--compressed"] else []) @ [
> +         "-OL"; src
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -1,2 +1,3 @@
>  0001-Fix-some-spelling-errors.patch
>  0002-Import-uutf-and-jsonm-temporarily.patch
> +0003-remove-insecure-no-check-certificate-flags.patch


Reply to: