Bug#950547: buster-pu: package mew-beta/7.0.50~6.8+0.20190228-1+deb10u1

[Tatsuya Kinoshita]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

Hi, the release team,

I'd like to update package mew-beta in buster to fix a security issue,
managed as no advisory by the security team.

See this changelog and the attached debdiff.

mew-beta (7.0.50~6.8+0.20190228-1+deb10u1) buster; urgency=medium

  * New patch 070_checkhost.patch to enable checkHost for stunnel
    (closes: #950412)

 -- Tatsuya Kinoshita <t...@debian.org>  Sun, 02 Feb 2020 18:43:08 +0900

Please let me know if I can upload it.

Thanks,
--
Tatsuya Kinoshita

diffstat for mew-beta-7.0.50~6.8+0.20190228 mew-beta-7.0.50~6.8+0.20190228

 changelog                   |    7 +++++++
 patches/070_checkhost.patch |   15 +++++++++++++++
 patches/series              |    1 +
 3 files changed, 23 insertions(+)

diff -Nru mew-beta-7.0.50~6.8+0.20190228/debian/changelog 
mew-beta-7.0.50~6.8+0.20190228/debian/changelog
--- mew-beta-7.0.50~6.8+0.20190228/debian/changelog     2019-02-28 
20:45:20.000000000 +0900
+++ mew-beta-7.0.50~6.8+0.20190228/debian/changelog     2020-02-02 
18:43:08.000000000 +0900
@@ -1,3 +1,10 @@
+mew-beta (7.0.50~6.8+0.20190228-1+deb10u1) buster; urgency=medium
+
+  * New patch 070_checkhost.patch to enable checkHost for stunnel
+    (closes: #950412)
+
+ -- Tatsuya Kinoshita <t...@debian.org>  Sun, 02 Feb 2020 18:43:08 +0900
+
 mew-beta (7.0.50~6.8+0.20190228-1) unstable; urgency=medium
 
   * New upstream version 7.0.50~6.8+0.20190228
diff -Nru mew-beta-7.0.50~6.8+0.20190228/debian/patches/070_checkhost.patch 
mew-beta-7.0.50~6.8+0.20190228/debian/patches/070_checkhost.patch
--- mew-beta-7.0.50~6.8+0.20190228/debian/patches/070_checkhost.patch   
1970-01-01 09:00:00.000000000 +0900
+++ mew-beta-7.0.50~6.8+0.20190228/debian/patches/070_checkhost.patch   
2020-02-01 22:10:00.000000000 +0900
@@ -0,0 +1,15 @@
+Subject: Enable checkHost for stunnel
+Origin: upstream, 
https://github.com/kazu-yamamoto/Mew/commit/8de0a1398f10d0e8da29ce91ec22af17430c0004
+Bug: https://github.com/kazu-yamamoto/Mew/pull/133
+
+--- a/mew-ssl.el
++++ b/mew-ssl.el
+@@ -109,6 +109,8 @@ insert no extra text.")
+       (if mew-ssl-unixlike
+           (insert "pid=\n"))
+       (insert (format "verify=%d\n" (mew-ssl-verify-level case)))
++      (if (> (mew-ssl-verify-level case) 0)
++          (insert (format "checkHost=%s\n" server)))
+       (if mew-ssl-unixlike
+           (insert "foreground=yes\n"))
+       (insert "debug=debug\n")
diff -Nru mew-beta-7.0.50~6.8+0.20190228/debian/patches/series 
mew-beta-7.0.50~6.8+0.20190228/debian/patches/series
--- mew-beta-7.0.50~6.8+0.20190228/debian/patches/series        2019-01-06 
00:28:09.000000000 +0900
+++ mew-beta-7.0.50~6.8+0.20190228/debian/patches/series        2020-02-01 
22:16:29.000000000 +0900
@@ -2,4 +2,5 @@
 020_netpbm.patch
 030_cache-long-scans.patch
 040_incm-lock.patch
+070_checkhost.patch
 900_changes.patch

pgpLNnx3eCwJN.pgp
Description: PGP signature