Bug#861017: unblock: emacs25/25.1+1-4

Sun, 23 Apr 2017 11:33:33 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package emacs25.  This upload is intended to fix the
openssl s_client issue, just fixed in emacs24/stretch.


diff -Nru emacs25-25.1+1/debian/.git-dpm emacs25-25.1+1/debian/.git-dpm
--- emacs25-25.1+1/debian/.git-dpm	2016-11-27 13:11:23.000000000 -0600
+++ emacs25-25.1+1/debian/.git-dpm	2017-04-23 11:24:57.000000000 -0500
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-f3fed65c40d2a1e32794cfc3b2c077f2eea52d5c
-f3fed65c40d2a1e32794cfc3b2c077f2eea52d5c
+e2c4be1ad5de241d44d9f8a3ffec5a0663028838
+e2c4be1ad5de241d44d9f8a3ffec5a0663028838
 d3e6b8a251634ad673242aaa4a298edbb2e8ee39
 d3e6b8a251634ad673242aaa4a298edbb2e8ee39
 emacs25_25.1+1.orig.tar.xz
diff -Nru emacs25-25.1+1/debian/changelog emacs25-25.1+1/debian/changelog
--- emacs25-25.1+1/debian/changelog	2016-11-30 18:15:33.000000000 -0600
+++ emacs25-25.1+1/debian/changelog	2017-04-23 11:49:52.000000000 -0500
@@ -1,3 +1,15 @@
+emacs25 (25.1+1-4) unstable; urgency=medium
+
+  * Don't offer/use openssl s_client by default: "s_client is a debug
+    tool, it does not set up a secure connection, it ignores all
+    errors and just continues.  It also doesn't do checks it should be
+    doing.  This is all documented behaviour." -- Kurt Roeckx
+    Add 0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch to
+    fix the problem.  Thanks to Kurt Roeckx for reporting the issue.
+    (Closes: 766397)
+
+ -- Rob Browning <r...@defaultvalue.org>  Sun, 23 Apr 2017 11:49:52 -0500
+
 emacs25 (25.1+1-3) unstable; urgency=medium
 
   * Configure with REL_ALLOC=no to fix crashes.  Thanks to Santiago
diff -Nru emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch
--- emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0001-Prefer-usr-share-info-emacs-MAJORVERSION.patch	2017-04-23 11:24:57.000000000 -0500
@@ -13,7 +13,7 @@
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/lisp/info.el b/lisp/info.el
-index 6426cfc..d8a7f72 100644
+index 6426cfcf9ed..d8a7f72e5dc 100644
 --- a/lisp/info.el
 +++ b/lisp/info.el
 @@ -218,7 +218,8 @@ Info-default-directory-list
diff -Nru emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch
--- emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0002-Run-debian-startup-and-set-debian-emacs-flavor.patch	2017-04-23 11:24:57.000000000 -0500
@@ -16,7 +16,7 @@
  1 file changed, 19 insertions(+), 2 deletions(-)
 
 diff --git a/lisp/startup.el b/lisp/startup.el
-index 761e69e..ffd58fd 100644
+index 761e69e03b1..ffd58fd5f6d 100644
 --- a/lisp/startup.el
 +++ b/lisp/startup.el
 @@ -438,6 +438,10 @@ tutorial-directory
diff -Nru emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch
--- emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0003-Remove-files-that-appear-to-be-incompatible-with-the.patch	2017-04-23 11:24:57.000000000 -0500
@@ -30,7 +30,7 @@
  5 files changed, 39 insertions(+), 79 deletions(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index b212c91..89584ed 100644
+index b212c914e56..89584ed6166 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -161,7 +161,9 @@ man1dir=$(mandir)/man1
@@ -120,7 +120,7 @@
  
  $(UNINSTALL_DOC):
 diff --git a/admin/update_autogen b/admin/update_autogen
-index 82ad622..7bca0d6 100755
+index 82ad622c64e..7bca0d67e0d 100755
 --- a/admin/update_autogen
 +++ b/admin/update_autogen
 @@ -269,8 +269,7 @@ info_dir ()
@@ -134,7 +134,7 @@
              ## FIXME do not ignore w32 if OS is w32.
              case $file in
 diff --git a/configure.ac b/configure.ac
-index cd4d1c0..eeaa79d 100644
+index cd4d1c0f8e0..eeaa79d1788 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -5389,11 +5389,11 @@ dnl This will work, but you get a config.status that is not quite right
@@ -173,7 +173,7 @@
  dnl If we give this the more natural name, etc/refcards/emacsver.texi,
  dnl then a directory etc/refcards is created in the build directory,
 diff --git a/doc/misc/Makefile.in b/doc/misc/Makefile.in
-index 4dffeaf..9d144cc 100644
+index 4dffeafb1d2..9d144cc4528 100644
 --- a/doc/misc/Makefile.in
 +++ b/doc/misc/Makefile.in
 @@ -61,18 +61,14 @@ INSTALL_DATA = @INSTALL_DATA@
@@ -257,7 +257,7 @@
  .PHONY: mostlyclean clean distclean bootstrap-clean maintainer-clean
  
 diff --git a/lisp/help.el b/lisp/help.el
-index 57f358b..69a45ef 100644
+index 57f358b9a72..69a45effab5 100644
 --- a/lisp/help.el
 +++ b/lisp/help.el
 @@ -292,6 +292,14 @@ view-help-file
diff -Nru emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch
--- emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0004-Adjust-documentation-references-for-Debian.patch	2017-04-23 11:24:57.000000000 -0500
@@ -12,7 +12,7 @@
  1 file changed, 5 insertions(+)
 
 diff --git a/etc/NEWS b/etc/NEWS
-index 7cd1c5e..07c4b9e 100644
+index 7cd1c5eb151..07c4b9e7dfb 100644
 --- a/etc/NEWS
 +++ b/etc/NEWS
 @@ -15,6 +15,11 @@ and NEWS.1-17 for changes in older Emacs versions.
diff -Nru emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch
--- emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0005-Modify-the-output-of-version-to-indicate-Debian-modi.patch	2017-04-23 11:24:57.000000000 -0500
@@ -12,7 +12,7 @@
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/lisp/version.el b/lisp/version.el
-index 77188a5..ea02e53 100644
+index 77188a51ee3..ea02e53b254 100644
 --- a/lisp/version.el
 +++ b/lisp/version.el
 @@ -59,8 +59,8 @@ emacs-version
diff -Nru emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
--- emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch	2017-04-23 11:24:57.000000000 -0500
@@ -10,7 +10,7 @@
  1 file changed, 2 insertions(+), 11 deletions(-)
 
 diff --git a/admin/unidata/Makefile.in b/admin/unidata/Makefile.in
-index d46420d..1a32a28 100644
+index d46420d0a3c..1a32a2862ec 100644
 --- a/admin/unidata/Makefile.in
 +++ b/admin/unidata/Makefile.in
 @@ -53,16 +53,7 @@ am__v_at_1 =
diff -Nru emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch
--- emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch	2017-04-23 11:24:57.000000000 -0500
@@ -20,7 +20,7 @@
  1 file changed, 8 insertions(+), 1 deletion(-)
 
 diff --git a/test/automated/package-test.el b/test/automated/package-test.el
-index c4c856f..d071958 100644
+index c4c856f3031..d0719588c89 100644
 --- a/test/automated/package-test.el
 +++ b/test/automated/package-test.el
 @@ -149,7 +149,14 @@ package-test-fake-contents-file
diff -Nru emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch
--- emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch	2016-11-26 13:02:18.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch	2017-04-23 11:24:57.000000000 -0500
@@ -19,7 +19,7 @@
  1 file changed, 18 insertions(+), 14 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index eeaa79d..95502ee 100644
+index eeaa79d1788..95502ee3b90 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -5159,25 +5159,29 @@ case "$opsys" in
diff -Nru emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch
--- emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch	1969-12-31 18:00:00.000000000 -0600
+++ emacs25-25.1+1/debian/patches/0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch	2017-04-23 11:24:57.000000000 -0500
@@ -0,0 +1,62 @@
+From e2c4be1ad5de241d44d9f8a3ffec5a0663028838 Mon Sep 17 00:00:00 2001
+From: Rob Browning <r...@defaultvalue.org>
+Date: Sat, 22 Apr 2017 12:02:00 -0500
+Subject: openssl s_client is no longer a default for ssl connections
+
+"s_client is a debug tool, it does not set up a secure connection, it
+ignores all errors and just continues.  It also doesn't do checks it
+should be doing.  This is all documented behaviour." -- Kurt Roeckx
+
+Bug-Debian: https://bugs.debian.org/766397
+---
+ lisp/net/tls.el | 15 +++++----------
+ 1 file changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/lisp/net/tls.el b/lisp/net/tls.el
+index f1219fdddbd..92a1a1306a1 100644
+--- a/lisp/net/tls.el
++++ b/lisp/net/tls.el
+@@ -78,8 +78,7 @@ tls-end-of-info
+ 
+ (defcustom tls-program
+   '("gnutls-cli --x509cafile %t -p %p %h"
+-    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+-    "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
++    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3")
+   "List of strings containing commands to start TLS stream to a host.
+ Each entry in the list is tried until a connection is successful.
+ %h is replaced with the server hostname, %p with the port to
+@@ -94,20 +93,17 @@ tls-program
+   '(choice
+     (const :tag "Default list of commands"
+ 	   ("gnutls-cli --x509cafile %t -p %p %h"
+-	    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+-	    "openssl s_client -CAfile %t -connect %h:%p -no_ssl2 -ign_eof"))
++	    "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"))
+     (list :tag "Choose commands"
+ 	  :value
+ 	  ("gnutls-cli --x509cafile %t -p %p %h"
+-	   "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3"
+-	   "openssl s_client -connect %h:%p -no_ssl2 -ign_eof")
++	   "gnutls-cli --x509cafile %t -p %p %h --protocols ssl3")
+ 	  (set :inline t
+ 	       ;; FIXME: add brief `:tag "..."' descriptions.
+ 	       ;; (repeat :inline t :tag "Other" (string))
+ 	       ;; No trust check:
+ 	       (const "gnutls-cli --insecure -p %p %h")
+-	       (const "gnutls-cli --insecure -p %p %h --protocols ssl3")
+-	       (const "openssl s_client -connect %h:%p -no_ssl2 -ign_eof"))
++	       (const "gnutls-cli --insecure -p %p %h --protocols ssl3"))
+ 	  (repeat :inline t :tag "Other" (string)))
+     (list :tag "List of commands"
+ 	  (repeat :tag "Command" (string))))
+@@ -138,8 +134,7 @@ tls-checktrust
+ 
+ \(setq tls-program
+       \\='(\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h\"
+-	\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"
+-	\"openssl s_client -connect %h:%p -CAfile /etc/ssl/certs/ca-certificates.crt -no_ssl2 -ign_eof\"))"
++	\"gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt -p %p %h --protocols ssl3\"))"
+   :type '(choice (const :tag "Always" t)
+ 		 (const :tag "Never" nil)
+ 		 (const :tag "Ask" ask))
diff -Nru emacs25-25.1+1/debian/patches/series emacs25-25.1+1/debian/patches/series
--- emacs25-25.1+1/debian/patches/series	2016-11-27 13:11:23.000000000 -0600
+++ emacs25-25.1+1/debian/patches/series	2017-04-23 11:24:57.000000000 -0500
@@ -6,3 +6,4 @@
 0006-Don-t-try-to-build-src-macuvs.h-via-IVD_Sequences.tx.patch
 0007-Kill-gpg-agent-in-package-test.el-to-avoid-a-race.patch
 0008-Emacs-shouldn-t-segfault-when-gcc-expects-nopie.patch
+0009-openssl-s_client-is-no-longer-a-default-for-ssl-conn.patch

unblock: emacs25/25.1+1-4

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

Reply via email to