On 2014-11-01 Nye Liu <[email protected]> wrote:
> On Sat, Nov 01, 2014 at 01:47:04PM +0100, Andreas Metzler wrote:
> > #1 Use gnutls_priority_set_direct():
[...]
> You were correct. This is the required change. I have not tried
> backing out all of deprecation and warning fixes, but backing out
> this change alone causes the problem to come back.
[...]

Hello,

could you please verify that applying *only* the attached minimal patch
on top of 0.4.27-2.2 fixes the bug? I need to come up with a
minimal change which is acceptable for a NMU.

I will forward the other changes upstream.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Description: Use gnutls_set_default_priority() to get GnuTLS upstream's
 recommended default values (SSL/TLS versions, ciphers, et al.) instead
 of setting local defaults using the deprecated
 gnutls_cipher_set_priority/gnutls_protocol_set_priority/...
 functions.
Author: Andreas Metzler <[email protected]>, Nye Liu <[email protected]>
Bug-Debian: https://bugs.debian.org/759259
Origin: vendor
Forwarded: no
Last-Update: 2014-11-02

--- a/wmbiff/tlsComm.c
+++ b/wmbiff/tlsComm.c
@@ -553,25 +553,7 @@ struct connection_state *initialize_gnut
 
 	assert(gnutls_init(&scs->tls_state, GNUTLS_CLIENT) == 0);
 	{
-		const int protocols[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 };
-		const int ciphers[] =
-			{ GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC,
-			GNUTLS_CIPHER_RIJNDAEL_256_CBC,
-			GNUTLS_CIPHER_ARCFOUR, 0
-		};
-		const int compress[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
-		const int key_exch[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS,
-			GNUTLS_KX_DHE_RSA, 0
-		};
-		/* mutt with gnutls doesn't use kx_srp or kx_anon_dh */
-		const int mac[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
-		assert(gnutls_protocol_set_priority(scs->tls_state, protocols) ==
-			   0);
-		assert(gnutls_cipher_set_priority(scs->tls_state, ciphers) == 0);
-		assert(gnutls_compression_set_priority(scs->tls_state, compress) ==
-			   0);
-		assert(gnutls_kx_set_priority(scs->tls_state, key_exch) == 0);
-		assert(gnutls_mac_set_priority(scs->tls_state, mac) == 0);
+		assert(gnutls_set_default_priority(scs->tls_state) == 0);
 		/* no client private key */
 		if (gnutls_certificate_allocate_credentials(&scs->xcred) < 0) {
 			DMA(DEBUG_ERROR, "gnutls memory error\n");

Reply via email to