Bug#706142: pu: telepathy-idle/0.1.11-2+deb7u1

Sun, 16 Jun 2013 06:15:33 -0700 

On Fri, 07 Jun 2013 at 09:38:02 +0100, Simon McVittie wrote:
> Does the RT have any opinion on which of the possible resolutions would
> be acceptable/preferred for stable?

In the absence of feedback, I've assumed that this one is likely
to be unacceptable:

> * upload 0.1.16 to wheezy (~1k lines of necessary code for
>   interactive certificate prompting, ~1k lines of unrelated
>   bugfixes and an unrelated new feature, but has actually
>   been tested in this form)

and done this one:

> * upload 0.1.16 to wheezy-backports (which should be trivial),
>   and upload 0.1.11-2+deb7u1 with a NEWS file noting the regression
>   and suggesting the backport

Assuming my backport gets accepted into wheezy-backports, does the
attached debdiff look OK?

pkg-telepathy: if anyone has any better ideas for handling this,
you are welcome to do them instead.

    S

diffstat for telepathy-idle-0.1.11 telepathy-idle-0.1.11

 NEWS                                                                 |   12 ++++
 changelog                                                            |    8 ++
 gbp.conf                                                             |    2 
 patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch |   28 ++++++++++
 patches/series                                                       |    1 
 5 files changed, 50 insertions(+), 1 deletion(-)

diff -Nru telepathy-idle-0.1.11/debian/changelog telepathy-idle-0.1.11/debian/changelog
--- telepathy-idle-0.1.11/debian/changelog	2011-11-02 07:12:25.000000000 +0000
+++ telepathy-idle-0.1.11/debian/changelog	2013-06-16 13:35:39.000000000 +0100
@@ -1,3 +1,11 @@
+telepathy-idle (0.1.11-2+deb7u1) wheezy; urgency=low
+
+  * Validate TLS certificates (Closes: #706094)
+  * debian/NEWS: suggest the telepathy-idle backport for users who
+    need interactive TLS certificate validation
+
+ -- Simon McVittie <s...@debian.org>  Sun, 16 Jun 2013 13:26:54 +0100
+
 telepathy-idle (0.1.11-2) unstable; urgency=low
 
   * debian/patches/Support-trailing-parameter-without-a-initial.patch:
diff -Nru telepathy-idle-0.1.11/debian/gbp.conf telepathy-idle-0.1.11/debian/gbp.conf
--- telepathy-idle-0.1.11/debian/gbp.conf	2011-11-02 07:12:25.000000000 +0000
+++ telepathy-idle-0.1.11/debian/gbp.conf	2013-06-16 13:35:39.000000000 +0100
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch = debian
+debian-branch = debian-wheezy
 upstream-branch = upstream
 pristine-tar = True
 
diff -Nru telepathy-idle-0.1.11/debian/NEWS telepathy-idle-0.1.11/debian/NEWS
--- telepathy-idle-0.1.11/debian/NEWS	1970-01-01 01:00:00.000000000 +0100
+++ telepathy-idle-0.1.11/debian/NEWS	2013-06-16 13:35:39.000000000 +0100
@@ -0,0 +1,12 @@
+telepathy-idle (0.1.11-2+deb7u1) wheezy; urgency=low
+
+  This version of telepathy-idle checks that servers' SSL certificates
+  are signed by a trusted certificate authority (CA). It does not support
+  interactive certificate validation through the Empathy or
+  kde-telepathy-auth-handler user interfaces.
+  
+  If you need to connect to a server with a self-signed certificate,
+  please use telepathy-idle >= 0.1.16 (from the wheezy-backports repository),
+  which does support interactive certificate validation.
+
+ -- Simon McVittie <s...@debian.org>  Sun, 16 Jun 2013 13:26:54 +0100
diff -Nru telepathy-idle-0.1.11/debian/patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch telepathy-idle-0.1.11/debian/patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch
--- telepathy-idle-0.1.11/debian/patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch	1970-01-01 01:00:00.000000000 +0100
+++ telepathy-idle-0.1.11/debian/patches/0002-Don-t-disable-parts-of-TLS-certificate-validation.patch	2013-06-16 13:35:39.000000000 +0100
@@ -0,0 +1,28 @@
+From: Simon McVittie <s...@debian.org>
+Date: Wed, 24 Apr 2013 16:43:00 +0100
+Subject: Don't disable parts of TLS certificate validation
+
+This breaks one regression test, but is a simpler fix than was used
+upstream.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63810
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706094
+Forwarded: not-needed, fixed differently upstream
+---
+ src/idle-server-connection.c |    5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/src/idle-server-connection.c b/src/idle-server-connection.c
+index 5b8629c..8c8eeff 100644
+--- a/src/idle-server-connection.c
++++ b/src/idle-server-connection.c
+@@ -469,9 +469,4 @@ IdleServerConnectionState idle_server_connection_get_state(IdleServerConnection
+ void idle_server_connection_set_tls(IdleServerConnection *conn, gboolean tls) {
+ 	IdleServerConnectionPrivate *priv = IDLE_SERVER_CONNECTION_GET_PRIVATE(conn);
+ 	g_socket_client_set_tls(priv->socket_client, tls);
+-	g_socket_client_set_tls_validation_flags(priv->socket_client,
+-		G_TLS_CERTIFICATE_VALIDATE_ALL
+-		& ~G_TLS_CERTIFICATE_UNKNOWN_CA
+-		& ~G_TLS_CERTIFICATE_BAD_IDENTITY
+-		& ~G_TLS_CERTIFICATE_EXPIRED);
+ }
diff -Nru telepathy-idle-0.1.11/debian/patches/series telepathy-idle-0.1.11/debian/patches/series
--- telepathy-idle-0.1.11/debian/patches/series	2011-11-02 07:12:25.000000000 +0000
+++ telepathy-idle-0.1.11/debian/patches/series	2013-06-16 13:35:39.000000000 +0100
@@ -1 +1,2 @@
 Support-trailing-parameter-without-a-initial.patch
+0002-Don-t-disable-parts-of-TLS-certificate-validation.patch

Reply via email to