--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package emacs25. This upload is intended to fix the
openssl s_client issue, just fixed in emacs24/stretch.
diff -Nru emacs25-25.1+1/debian/.git-dpm emacs25-25.1+1/debian/.git-dpm
--- emacs25-25.1+1/debian/.git-dpm 2016-11-27 13:11:23.000000000 -0600
+++ emacs25-25.1+1/debian/.git-dpm 2017-04-23 11:24:57.000000000 -0500
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-f3fed65c40d2a1e32794cfc3b2c077f2eea52d5c
-f3fed65c40d2a1e32794cfc3b2c077f2eea52d5c
+e2c4be1ad5de241d44d9f8a3ffec5a0663028838
+e2c4be1ad5de241d44d9f8a3ffec5a0663028838
d3e6b8a251634ad673242aaa4a298edbb2e8ee39
d3e6b8a251634ad673242aaa4a298edbb2e8ee39
emacs25_25.1+1.orig.tar.xz
diff -Nru emacs25-25.1+1/debian/changelog emacs25-25.1+1/debian/changelog
--- emacs25-25.1+1/debian/changelog 2016-11-30 18:15:33.000000000 -0600
+++ emacs25-25.1+1/debian/changelog 2017-04-23 11:49:52.000000000 -0500
@@ -1,3 +1,15 @@
+emacs25 (25.1+1-4) unstable; urgency=medium
+
+ * Don't offer/use openssl s_client by default: "s_client is a debug
+ tool, it does not set up a secure connection, it ignores all
+ errors and just continues. It also doesn't do checks it should be
+ doing. This is all documented behaviour." -- Kurt Roeckx
+ Add 0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch to
+ fix the problem. Thanks to Kurt Roeckx for reporting the issue.
+ (Closes: 766397)
+
+ -- Rob Browning <rlb@defaultvalue.org> Sun, 23 Apr 2017 11:49:52 -0500
+
emacs25 (25.1+1-3) unstable; urgency=medium
* Configure with REL_ALLOC=no to fix crashes. Thanks to Santiago
diff -Nru emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch
--- emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch 2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch 2017-04-23 11:24:57.000000000 -0500
@@ -13,7 +13,7 @@
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lisp/info.el b/lisp/info.el
-index 6426cfc..d8a7f72 100644
+index 6426cfcf9ed..d8a7f72e5dc 100644
--- a/lisp/info.el
+++ b/lisp/info.el
@@ -218,7 +218,8 @@ Info-default-directory-list
diff -Nru emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch
--- emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch 2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch 2017-04-23 11:24:57.000000000 -0500
@@ -16,7 +16,7 @@
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/lisp/startup.el b/lisp/startup.el
-index 761e69e..ffd58fd 100644
+index 761e69e03b1..ffd58fd5f6d 100644
--- a/lisp/startup.el
+++ b/lisp/startup.el
@@ -438,6 +438,10 @@ tutorial-directory
diff -Nru emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch
--- emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch 2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch 2017-04-23 11:24:57.000000000 -0500
@@ -30,7 +30,7 @@
5 files changed, 39 insertions(+), 79 deletions(-)
diff --git a/Makefile.in b/Makefile.in
-index b212c91..89584ed 100644
+index b212c914e56..89584ed6166 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -161,7 +161,9 @@ man1dir=$(mandir)/man1
@@ -120,7 +120,7 @@
$(UNINSTALL_DOC):
diff --git a/admin/update_autogen b/admin/update_autogen
-index 82ad622..7bca0d6 100755
+index 82ad622c64e..7bca0d67e0d 100755
--- a/admin/update_autogen
+++ b/admin/update_autogen
@@ -269,8 +269,7 @@ info_dir ()
@@ -134,7 +134,7 @@
## FIXME do not ignore w32 if OS is w32.
case $file in
diff --git a/configure.ac b/configure.ac
-index cd4d1c0..eeaa79d 100644
+index cd4d1c0f8e0..eeaa79d1788 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5389,11 +5389,11 @@ dnl This will work, but you get a config.status that is not quite right
@@ -173,7 +173,7 @@
dnl If we give this the more natural name, etc/refcards/emacsver.texi,
dnl then a directory etc/refcards is created in the build directory,
diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in
-index 4dffeaf..9d144cc 100644
+index 4dffeafb1d2..9d144cc4528 100644
--- a/doc/misc/Makefile.in
+++ b/doc/misc/Makefile.in
@@ -61,18 +61,14 @@ INSTALL_DATA = @INSTALL_DATA@
@@ -257,7 +257,7 @@
.PHONY: mostlyclean clean distclean bootstrap-clean maintainer-clean
diff --git a/lisp/help.el b/lisp/help.el
-index 57f358b..69a45ef 100644
+index 57f358b9a72..69a45effab5 100644
--- a/lisp/help.el
+++ b/lisp/help.el
@@ -292,6 +292,14 @@ view-help-file
diff -Nru emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch
--- emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch 2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch 2017-04-23 11:24:57.000000000 -0500
@@ -12,7 +12,7 @@
1 file changed, 5 insertions(+)
diff --git a/etc/NEWS b/etc/NEWS
-index 7cd1c5e..07c4b9e 100644
+index 7cd1c5eb151..07c4b9e7dfb 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -15,6 +15,11 @@ and NEWS.1-17 for changes in older Emacs versions.
diff -Nru emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch
--- emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch 2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch 2017-04-23 11:24:57.000000000 -0500
@@ -12,7 +12,7 @@
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lisp/version.el b/lisp/version.el
-index 77188a5..ea02e53 100644
+index 77188a51ee3..ea02e53b254 100644
--- a/lisp/version.el
+++ b/lisp/version.el
@@ -59,8 +59,8 @@ emacs-version
diff -Nru emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
--- emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch 2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch 2017-04-23 11:24:57.000000000 -0500
@@ -10,7 +10,7 @@
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/admin/unidata/Makefile.in b/admin/unidata/Makefile.in
-index d46420d..1a32a28 100644
+index d46420d0a3c..1a32a2862ec 100644
--- a/admin/unidata/Makefile.in
+++ b/admin/unidata/Makefile.in
@@ -53,16 +53,7 @@ am__v_at_1 =
diff -Nru emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch
--- emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch 2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch 2017-04-23 11:24:57.000000000 -0500
@@ -20,7 +20,7 @@
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/test/automated/package-test.el b/test/automated/package-test.el
-index c4c856f..d071958 100644
+index c4c856f3031..d0719588c89 100644
--- a/test/automated/package-test.el
+++ b/test/automated/package-test.el
@@ -149,7 +149,14 @@ package-test-fake-contents-file
diff -Nru emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch
--- emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch 2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch 2017-04-23 11:24:57.000000000 -0500
@@ -19,7 +19,7 @@
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/configure.ac b/configure.ac
-index eeaa79d..95502ee 100644
+index eeaa79d1788..95502ee3b90 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5159,25 +5159,29 @@ case "$opsys" in
diff -Nru emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch
--- emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch 1969-12-31 18:00:00.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch 2017-04-23 11:24:57.000000000 -0500
@@ -0,0 +1,62 @@
+From e2c4be1ad5de241d44d9f8a3ffec5a0663028838 Mon Sep 17 00:00:00 2001
+From: Rob Browning <rlb@defaultvalue.org>
+Date: Sat, 22 Apr 2017 12:02:00 -0500
+Subject: openssl s_client is no longer a default for ssl connections
+
+"s_client is a debug tool, it does not set up a secure connection, it
+ignores all errors and just continues. It also doesn't do checks it
+should be doing. This is all documented behaviour." -- Kurt Roeckx
+
+Bug-Debian: https://bugs.debian.org/766397
+---
+ lisp/net/tls.el | 15 +++++----------
+ 1 file changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/lisp/net/tls.el b/lisp/net/tls.el
+index f1219fdddbd..92a1a1306a1 100644
+--- a/lisp/net/tls.el
++++ b/lisp/net/tls.el
+@@ -78,8 +78,7 @@ tls-end-of-info
+
+ (defcustom tls-program
+ '("gnutls-cli --x509cafile %t -p %p %h"
+- "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+- "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
++ "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3")
+ "List of strings containing commands to start TLS stream to a host.
+ Each entry in the list is tried until a connection is successful.
+ %h is replaced with the server hostname, %p with the port to
+@@ -94,20 +93,17 @@ tls-program
+ '(choice
+ (const :tag "Default list of commands"
+ ("gnutls-cli --x509cafile %t -p %p %h"
+- "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+- "openssl s_client -CAfile %t -connect %h:%p -no_ssl2 -ign_eof"))
++ "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"))
+ (list :tag "Choose commands"
+ :value
+ ("gnutls-cli --x509cafile %t -p %p %h"
+- "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+- "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
++ "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3")
+ (set :inline t
+ ;; FIXME: add brief `:tag "..."' descriptions.
+ ;; (repeat :inline t :tag "Other" (string))
+ ;; No trust check:
+ (const "gnutls-cli --insecure -p %p %h")
+- (const "gnutls-cli --insecure -p %p %h --protocols ssl3")
+- (const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
++ (const "gnutls-cli --insecure -p %p %h --protocols ssl3"))
+ (repeat :inline t :tag "Other" (string)))
+ (list :tag "List of commands"
+ (repeat :tag "Command" (string))))
+@@ -138,8 +134,7 @@ tls-checktrust
+
+ \(setq tls-program
+ \\='(\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h\"
+- \"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"
+- \"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof\"))"
++ \"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"))"
+ :type '(choice (const :tag "Always" t)
+ (const :tag "Never" nil)
+ (const :tag "Ask" ask))
diff -Nru emacs25-25.1+1/debian/patches/series emacs25-25.1+1/debian/patches/series
--- emacs25-25.1+1/debian/patches/series 2016-11-27 13:11:23.000000000 -0600
+++ emacs25-25.1+1/debian/patches/series 2017-04-23 11:24:57.000000000 -0500
@@ -6,3 +6,4 @@
0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch
0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch
+0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch
unblock: emacs25/25.1+1-4
Thanks
--
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
--- End Message ---