Bug#928548: unblock: libetpan/1.9.3-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#928548: unblock: libetpan/1.9.3-2
From: Ricardo Mones <mones@debian.org>
Date: Mon, 06 May 2019 23:58:30 +0200
Message-id: <[🔎] 155717991039.20734.14960560705179501283.reportbug@curuxu>
Reply-to: Ricardo Mones <mones@debian.org>, 928548@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libetpan

The upload just adds an upstream patch to fix serious bug #927709.

Full debdiff attached, thanks in advance!

unblock libetpan/1.9.3-2

-- System Information:
Debian Release: 9.8
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru libetpan-1.9.3/debian/changelog libetpan-1.9.3/debian/changelog
--- libetpan-1.9.3/debian/changelog	2019-01-26 20:49:11.000000000 +0100
+++ libetpan-1.9.3/debian/changelog	2019-05-06 23:27:54.000000000 +0200
@@ -1,3 +1,11 @@
+libetpan (1.9.3-2) unstable; urgency=high
+
+  * debian/patches/90_fix_tls_timeout.diff
+  - Add upstream patch to fix TLS timeout (Closes: #927709)
+  * Raised changelog urgency because of serious bug
+
+ -- Ricardo Mones <mones@debian.org>  Mon, 06 May 2019 23:27:54 +0200
+
 libetpan (1.9.3-1) unstable; urgency=medium
 
   * New upstream version 1.9.3
diff -Nru libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff
--- libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff	1970-01-01 01:00:00.000000000 +0100
+++ libetpan-1.9.3/debian/patches/90_fix_tls_timeout.diff	2019-05-06 23:27:54.000000000 +0200
@@ -0,0 +1,19 @@
+Origin: https://github.com/dinhviethoa/libetpan/commit/4aee22436809af67f23170fe15106b91ff2971e6
+Subject: Fix TLS timeouts with recent versions of GnuTLS
+ gnutls_handshake_set_timeout takes a timeout value in ms, but we were
+ providing a value in seconds. This means that on new-enough platforms
+ that use GnuTLS (e.g., Debian Buster), we would accidentally configure
+ a timeout 1,000 times shorter than requested.
+Bug-Debian: https://bugs.debian.org/927709
+
+--- a/src/data-types/mailstream_ssl.c
++++ b/src/data-types/mailstream_ssl.c
+@@ -636,7 +636,7 @@ static struct mailstream_ssl_data * ssl_data_new(int fd, time_t timeout,
+ 		timeout_value = mailstream_network_delay.tv_sec * 1000 + mailstream_network_delay.tv_usec / 1000;
+   }
+   else {
+-		timeout_value = timeout;
++		timeout_value = timeout * 1000;
+   }
+ #if GNUTLS_VERSION_NUMBER >= 0x030100
+ 	gnutls_handshake_set_timeout(session, timeout_value);
diff -Nru libetpan-1.9.3/debian/patches/series libetpan-1.9.3/debian/patches/series
--- libetpan-1.9.3/debian/patches/series	2019-01-26 20:49:11.000000000 +0100
+++ libetpan-1.9.3/debian/patches/series	2019-05-06 23:27:54.000000000 +0200
@@ -1,3 +1,4 @@
 # 10_unnecessary_linkage.diff
 11_use_openjade.diff
 12_add_dummy_readme.diff
+90_fix_tls_timeout.diff

Reply to:

Follow-Ups:
- Bug#928548: marked as done (unblock: libetpan/1.9.3-2)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#928527: marked as done (unblock: peek/1.3.1-6)
Next by Date: Bug#928553: stretch-pu: package libthrift-java/0.9.1-2.1~deb9u1
Previous by thread: Bug#926992: marked as done (unblock: sia/1.3.0-1.1~deb10u1 [t-p-u])
Next by thread: Bug#928548: marked as done (unblock: libetpan/1.9.3-2)
Index(es):
- Date
- Thread