[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#861017: marked as done (unblock: emacs25/25.1+1-4)

Your message dated Sun, 23 Apr 2017 21:10:00 +0000
with message-id <b8c64fdb-f133-cf2e-666a-4b2efa6db602@thykier.net>
and subject line Re: Bug#861017: unblock: emacs25/25.1+1-4
has caused the Debian Bug report #861017,
regarding unblock: emacs25/25.1+1-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
861017: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861017
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package emacs25.  This upload is intended to fix the
openssl s_client issue, just fixed in emacs24/stretch.


diff -Nru emacs25-25.1+1/debian/.git-dpm emacs25-25.1+1/debian/.git-dpm
--- emacs25-25.1+1/debian/.git-dpm	2016-11-27 13:11:23.000000000 -0600
+++ emacs25-25.1+1/debian/.git-dpm	2017-04-23 11:24:57.000000000 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-f3fed65c40d2a1e32794cfc3b2c077f2eea52d5c
-f3fed65c40d2a1e32794cfc3b2c077f2eea52d5c
+e2c4be1ad5de241d44d9f8a3ffec5a0663028838
+e2c4be1ad5de241d44d9f8a3ffec5a0663028838
 d3e6b8a251634ad673242aaa4a298edbb2e8ee39
 d3e6b8a251634ad673242aaa4a298edbb2e8ee39
 emacs25_25.1+1.orig.tar.xz
diff -Nru emacs25-25.1+1/debian/changelog emacs25-25.1+1/debian/changelog
--- emacs25-25.1+1/debian/changelog	2016-11-30 18:15:33.000000000 -0600
+++ emacs25-25.1+1/debian/changelog	2017-04-23 11:49:52.000000000 -0500
@@ -1,3 +1,15 @@
+emacs25 (25.1+1-4) unstable; urgency=medium
+
+  * Don't offer/use openssl s_client by default: "s_client is a debug
+    tool, it does not set up a secure connection, it ignores all
+    errors and just continues.  It also doesn't do checks it should be
+    doing.  This is all documented behaviour." -- Kurt Roeckx
+    Add 0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch to
+    fix the problem.  Thanks to Kurt Roeckx for reporting the issue.
+    (Closes: 766397)
+
+ -- Rob Browning <rlb@defaultvalue.org>  Sun, 23 Apr 2017 11:49:52 -0500
+
 emacs25 (25.1+1-3) unstable; urgency=medium
 
   * Configure with REL_ALLOC=no to fix crashes.  Thanks to Santiago
diff -Nru emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch
--- emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch	2017-04-23 11:24:57.000000000 -0500
@@ -13,7 +13,7 @@
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/lisp/info.el b/lisp/info.el
-index 6426cfc..d8a7f72 100644
+index 6426cfcf9ed..d8a7f72e5dc 100644
 --- a/lisp/info.el
 +++ b/lisp/info.el
 @@ -218,7 +218,8 @@ Info-default-directory-list
diff -Nru emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch
--- emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch	2017-04-23 11:24:57.000000000 -0500
@@ -16,7 +16,7 @@
  1 file changed, 19 insertions(+), 2 deletions(-)
 
 diff --git a/lisp/startup.el b/lisp/startup.el
-index 761e69e..ffd58fd 100644
+index 761e69e03b1..ffd58fd5f6d 100644
 --- a/lisp/startup.el
 +++ b/lisp/startup.el
 @@ -438,6 +438,10 @@ tutorial-directory
diff -Nru emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch
--- emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch	2017-04-23 11:24:57.000000000 -0500
@@ -30,7 +30,7 @@
  5 files changed, 39 insertions(+), 79 deletions(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index b212c91..89584ed 100644
+index b212c914e56..89584ed6166 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -161,7 +161,9 @@ man1dir=$(mandir)/man1
@@ -120,7 +120,7 @@
  
  $(UNINSTALL_DOC):
 diff --git a/admin/update_autogen b/admin/update_autogen
-index 82ad622..7bca0d6 100755
+index 82ad622c64e..7bca0d67e0d 100755
 --- a/admin/update_autogen
 +++ b/admin/update_autogen
 @@ -269,8 +269,7 @@ info_dir ()
@@ -134,7 +134,7 @@
              ## FIXME do not ignore w32 if OS is w32.
              case $file in
 diff --git a/configure.ac b/configure.ac
-index cd4d1c0..eeaa79d 100644
+index cd4d1c0f8e0..eeaa79d1788 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -5389,11 +5389,11 @@ dnl This will work, but you get a config.status that is not quite right
@@ -173,7 +173,7 @@
  dnl If we give this the more natural name, etc/refcards/emacsver.texi,
  dnl then a directory etc/refcards is created in the build directory,
 diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in
-index 4dffeaf..9d144cc 100644
+index 4dffeafb1d2..9d144cc4528 100644
 --- a/doc/misc/Makefile.in
 +++ b/doc/misc/Makefile.in
 @@ -61,18 +61,14 @@ INSTALL_DATA = @INSTALL_DATA@
@@ -257,7 +257,7 @@
  .PHONY: mostlyclean clean distclean bootstrap-clean maintainer-clean
  
 diff --git a/lisp/help.el b/lisp/help.el
-index 57f358b..69a45ef 100644
+index 57f358b9a72..69a45effab5 100644
 --- a/lisp/help.el
 +++ b/lisp/help.el
 @@ -292,6 +292,14 @@ view-help-file
diff -Nru emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch
--- emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch	2017-04-23 11:24:57.000000000 -0500
@@ -12,7 +12,7 @@
  1 file changed, 5 insertions(+)
 
 diff --git a/etc/NEWS b/etc/NEWS
-index 7cd1c5e..07c4b9e 100644
+index 7cd1c5eb151..07c4b9e7dfb 100644
 --- a/etc/NEWS
 +++ b/etc/NEWS
 @@ -15,6 +15,11 @@ and NEWS.1-17 for changes in older Emacs versions.
diff -Nru emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch
--- emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch	2017-04-23 11:24:57.000000000 -0500
@@ -12,7 +12,7 @@
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/lisp/version.el b/lisp/version.el
-index 77188a5..ea02e53 100644
+index 77188a51ee3..ea02e53b254 100644
 --- a/lisp/version.el
 +++ b/lisp/version.el
 @@ -59,8 +59,8 @@ emacs-version
diff -Nru emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
--- emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch	2017-04-23 11:24:57.000000000 -0500
@@ -10,7 +10,7 @@
  1 file changed, 2 insertions(+), 11 deletions(-)
 
 diff --git a/admin/unidata/Makefile.in b/admin/unidata/Makefile.in
-index d46420d..1a32a28 100644
+index d46420d0a3c..1a32a2862ec 100644
 --- a/admin/unidata/Makefile.in
 +++ b/admin/unidata/Makefile.in
 @@ -53,16 +53,7 @@ am__v_at_1 =
diff -Nru emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch
--- emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch	2017-04-23 11:24:57.000000000 -0500
@@ -20,7 +20,7 @@
  1 file changed, 8 insertions(+), 1 deletion(-)
 
 diff --git a/test/automated/package-test.el b/test/automated/package-test.el
-index c4c856f..d071958 100644
+index c4c856f3031..d0719588c89 100644
 --- a/test/automated/package-test.el
 +++ b/test/automated/package-test.el
 @@ -149,7 +149,14 @@ package-test-fake-contents-file
diff -Nru emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch
--- emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch	2017-04-23 11:24:57.000000000 -0500
@@ -19,7 +19,7 @@
  1 file changed, 18 insertions(+), 14 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index eeaa79d..95502ee 100644
+index eeaa79d1788..95502ee3b90 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -5159,25 +5159,29 @@ case "$opsys" in
diff -Nru emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch
--- emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch	1969-12-31 18:00:00.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch	2017-04-23 11:24:57.000000000 -0500
@@ -0,0 +1,62 @@
+From e2c4be1ad5de241d44d9f8a3ffec5a0663028838 Mon Sep 17 00:00:00 2001
+From: Rob Browning <rlb@defaultvalue.org>
+Date: Sat, 22 Apr 2017 12:02:00 -0500
+Subject: openssl s_client is no longer a default for ssl connections
+
+"s_client is a debug tool, it does not set up a secure connection, it
+ignores all errors and just continues.  It also doesn't do checks it
+should be doing.  This is all documented behaviour." -- Kurt Roeckx
+
+Bug-Debian: https://bugs.debian.org/766397
+---
+ lisp/net/tls.el | 15 +++++----------
+ 1 file changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/lisp/net/tls.el b/lisp/net/tls.el
+index f1219fdddbd..92a1a1306a1 100644
+--- a/lisp/net/tls.el
++++ b/lisp/net/tls.el
+@@ -78,8 +78,7 @@ tls-end-of-info
+ 
+ (defcustom tls-program
+   '("gnutls-cli --x509cafile %t -p %p %h"
+-    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+-    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
++    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3")
+   "List of strings containing commands to start TLS stream to a host.
+ Each entry in the list is tried until a connection is successful.
+ %h is replaced with the server hostname, %p with the port to
+@@ -94,20 +93,17 @@ tls-program
+   '(choice
+     (const :tag "Default list of commands"
+ 	   ("gnutls-cli --x509cafile %t -p %p %h"
+-	    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+-	    "openssl s_client -CAfile %t -connect %h:%p -no_ssl2 -ign_eof"))
++	    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"))
+     (list :tag "Choose commands"
+ 	  :value
+ 	  ("gnutls-cli --x509cafile %t -p %p %h"
+-	   "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+-	   "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
++	   "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3")
+ 	  (set :inline t
+ 	       ;; FIXME: add brief `:tag "..."' descriptions.
+ 	       ;; (repeat :inline t :tag "Other" (string))
+ 	       ;; No trust check:
+ 	       (const "gnutls-cli --insecure -p %p %h")
+-	       (const "gnutls-cli --insecure -p %p %h --protocols ssl3")
+-	       (const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
++	       (const "gnutls-cli --insecure -p %p %h --protocols ssl3"))
+ 	  (repeat :inline t :tag "Other" (string)))
+     (list :tag "List of commands"
+ 	  (repeat :tag "Command" (string))))
+@@ -138,8 +134,7 @@ tls-checktrust
+ 
+ \(setq tls-program
+       \\='(\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h\"
+-	\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"
+-	\"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof\"))"
++	\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"))"
+   :type '(choice (const :tag "Always" t)
+ 		 (const :tag "Never" nil)
+ 		 (const :tag "Ask" ask))
diff -Nru emacs25-25.1+1/debian/patches/series emacs25-25.1+1/debian/patches/series
--- emacs25-25.1+1/debian/patches/series	2016-11-27 13:11:23.000000000 -0600
+++ emacs25-25.1+1/debian/patches/series	2017-04-23 11:24:57.000000000 -0500
@@ -6,3 +6,4 @@
 0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
 0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch
 0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch
+0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch

unblock: emacs25/25.1+1-4

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

--- End Message ---
--- Begin Message --- 
Rob Browning:
> 
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package emacs25.  This upload is intended to fix the
> openssl s_client issue, just fixed in emacs24/stretch.
> 
> 
> 
> 
> unblock: emacs25/25.1+1-4
> 
> Thanks
> 


Unblocked, thanks.

~Niels

--- End Message ---
Reply to: