Hi,
Luk Claes wrote:
> Please upload a targeted fix for this bug to testing-proposed-updates as
> the current version in unstable has a too large diff compared to the
> version in testing.
uploaded, enjoy.
Kind regards
T.
--
Thomas Viehmann, http://thomas.viehmann.net/
diff -u lynx-cur-2.8.7dev9/debian/changelog lynx-cur-2.8.7dev9/debian/changelog
--- lynx-cur-2.8.7dev9/debian/changelog
+++ lynx-cur-2.8.7dev9/debian/changelog
@@ -1,3 +1,15 @@
+lynx-cur (2.8.7dev9-2.1) testing; urgency=medium
+
+ * Non-maintainer upload for testing, identical to the the
+ unstable 2.8.7dev9-2.1 one.
+ * fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
+ DN of the present certificate and not hope that it is the same as
+ taking the subject DN of the "next" certificate which
+ may or may not exist. Closes: #499945
+ This is debian/patches/patch-3.
+
+ -- Thomas Viehmann <[EMAIL PROTECTED]> Mon, 13 Oct 2008 23:24:41 +0200
+
lynx-cur (2.8.7dev9-2) unstable; urgency=low
* Andreas' efforts keep this package in Debian. Thanks Andreas Metzler.
diff -u lynx-cur-2.8.7dev9/debian/patches/00list lynx-cur-2.8.7dev9/debian/patches/00list
--- lynx-cur-2.8.7dev9/debian/patches/00list
+++ lynx-cur-2.8.7dev9/debian/patches/00list
@@ -2,0 +3 @@
+patch-3
only in patch2:
unchanged:
--- lynx-cur-2.8.7dev9.orig/debian/patches/patch-3
+++ lynx-cur-2.8.7dev9/debian/patches/patch-3
@@ -0,0 +1,97 @@
+#! /bin/sh -e
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix src/tidy_tls.c X509_get_issuer_name to actually take the
+## DP: issuer DN of the present certificate and not hope that it is
+## DP: the same as taking the subject DN of the "next" certificate
+## DP: which may or may not exist. Debian Bug #499945 has details.
+
+if [ $# -ne 1 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+case "$1" in
+ -patch) patch -f --no-backup-if-mismatch --dry-run -p0 < $0 && patch -f --no-backup-if-mismatch -p0 < $0;;
+ -unpatch) patch -f --no-backup-if-mismatch -R -p0 < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1;;
+esac
+exit 0
+
[EMAIL PROTECTED]@
+--- src/tidy_tls.c~
++++ src/tidy_tls.c
+@@ -1,6 +1,7 @@
+ /*
+ * $LynxId: tidy_tls.c,v 1.1 2008/04/27 22:49:52 tom Exp $
+ * Copyright 2008, Thomas E. Dickey
++ * with fix Copyright 2008 by Thomas Viehmann
+ *
+ * Required libraries:
+ * libgnutls
+@@ -17,11 +18,16 @@
+
+ static int last_error = 0;
+
+-#define GetDnByOID(target, oid) \
++// ugly, but hey, we could just use a more sane api, too
++#define GetDnByOID(target, oid, thewhat) \
+ len = sizeof(target); \
+- gnutls_x509_crt_get_dn_by_oid(xcert, oid, 0, 0, target, &len)
++ if (! thewhat) \
++ gnutls_x509_crt_get_dn_by_oid(xcert, oid, 0, 0, target, &len); \
++ else \
++ gnutls_x509_crt_get_issuer_dn_by_oid(xcert, oid, 0, 0, target, &len)
+
+-static int ExtractCertificate(const gnutls_datum_t * cert, X509_NAME * result)
++// thewhat: which DN to get 0 = subject, 1 = issuer
++static int ExtractCertificate(const gnutls_datum_t * cert, X509_NAME * result, int thewhat)
+ {
+ gnutls_x509_crt_t xcert;
+ int rc;
+@@ -30,19 +36,19 @@
+ if ((rc = gnutls_x509_crt_init(&xcert)) >= 0) {
+ if ((rc = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER)) >= 0) {
+ GetDnByOID(result->country,
+- GNUTLS_OID_X520_COUNTRY_NAME);
++ GNUTLS_OID_X520_COUNTRY_NAME, thewhat);
+ GetDnByOID(result->organization,
+- GNUTLS_OID_X520_ORGANIZATION_NAME);
++ GNUTLS_OID_X520_ORGANIZATION_NAME, thewhat);
+ GetDnByOID(result->organizational_unit_name,
+- GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME);
++ GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, thewhat);
+ GetDnByOID(result->common_name,
+- GNUTLS_OID_X520_COMMON_NAME);
++ GNUTLS_OID_X520_COMMON_NAME, thewhat);
+ GetDnByOID(result->locality_name,
+- GNUTLS_OID_X520_LOCALITY_NAME);
++ GNUTLS_OID_X520_LOCALITY_NAME, thewhat);
+ GetDnByOID(result->state_or_province_name,
+- GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME);
++ GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, thewhat);
+ GetDnByOID(result->email,
+- GNUTLS_OID_PKCS9_EMAIL);
++ GNUTLS_OID_PKCS9_EMAIL, thewhat);
+ rc = 0;
+ }
+ gnutls_x509_crt_deinit(xcert);
+@@ -570,7 +576,7 @@
+ X509_NAME *result;
+
+ if ((result = typeCalloc(X509_NAME)) != 0) {
+- if (ExtractCertificate(&cert[1], result) < 0) {
++ if (ExtractCertificate(cert, result, 1) < 0) {
+ free(result);
+ result = 0;
+ }
+@@ -586,7 +592,7 @@
+ X509_NAME *result;
+
+ if ((result = typeCalloc(X509_NAME)) != 0) {
+- if (ExtractCertificate(&cert[0], result) < 0) {
++ if (ExtractCertificate(cert, result, 0) < 0) {
+ free(result);
+ result = 0;
+ }
