Bug#820589: jessie-pu: package opam/1.2.0-1+deb8u1

Sun, 10 Apr 2016 03:52:02 -0700 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Hi,

Following a recommendation from the Security team[1], I'd like to update
Opam in Jessie to fix #818081.

Please find attached my diff.

[1] https://lists.debian.org/debian-ocaml-maint/2016/04/msg00012.html

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+opam (1.2.0-1+deb8u1) jessie; urgency=medium
+
+  * Stop using insecure and no-check-certificate flags when fetching
+    files using wget and curl.
+
+ -- Mehdi Dogguy <me...@debian.org>  Sun, 10 Apr 2016 12:27:13 +0200
+
 opam (1.2.0-1) unstable; urgency=medium
 
   * New upstream release.
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,4 +1,6 @@
 [DEFAULT]
+debian-branch = "debian/jessie"
+upstream-branch = "upstream/1.2.0"
 pristine-tar = True
 filter-pristine-tar = True
 filter = [
--- /dev/null
+++ b/debian/patches/0003-remove-insecure-no-check-certificate-flags.patch
@@ -0,0 +1,30 @@
+From: Mehdi Dogguy <me...@debian.org>
+Date: Sun, 10 Apr 2016 12:26:17 +0200
+Subject: remove insecure / no-check-certificate flags
+
+---
+ src/core/opamSystem.ml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/opamSystem.ml b/src/core/opamSystem.ml
+index a8e3168..c4151e9 100644
+--- a/src/core/opamSystem.ml
++++ b/src/core/opamSystem.ml
+@@ -597,7 +597,7 @@ let download_command =
+   let wget ~compress:_ src =
+     let wget = [
+       "wget";
+-      "--content-disposition"; "--no-check-certificate";
++      "--content-disposition";
+       "-t"; retry;
+       src
+     ] in
+@@ -605,7 +605,7 @@ let download_command =
+   let curl command ~compress src =
+     let curl = [
+       command;
+-      "--write-out"; "%{http_code}\\n"; "--insecure";
++      "--write-out"; "%{http_code}\\n";
+       "--retry"; retry; "--retry-delay"; "2";
+     ] @ (if compress then ["--compressed"] else []) @ [
+         "-OL"; src
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 0001-Fix-some-spelling-errors.patch
 0002-Import-uutf-and-jsonm-temporarily.patch
+0003-remove-insecure-no-check-certificate-flags.patch

Reply via email to