Wouter Verhelst:
> On Tue, Feb 14, 2017 at 04:41:00PM +0000, Niels Thykier wrote:
>> Wouter Verhelst:
>>> Hi Niels,
>>>
>>> On Sun, Feb 12, 2017 at 08:52:00AM +0000, Niels Thykier wrote:
>>>> Any news on this bug?
>>>
>>> I'm going to release (upstream) nbd 3.15.2 later this week (probably on
>>> thursday), which contains the fix:
>>>
>>> https://github.com/NetworkBlockDevice/nbd/compare/nbd-3.15.1...master
>>>
>>> This patch series includes:
>>>
>>> - The fix for this bug, commit a43a2d8;
>>> - Several minor documentation fixes (e.g., fixed the sorting of a listing
>>> in a
>>> man page);
>>> - A better fix for the issue of nbd-client-udeb being compiled against
>>> GnuTLS
>>> that does not break the build on kFreeBSD etc;
>>> - The ability to change the GnuTLS priority string, to follow TLS best
>>> practices and allow people to lock down the TLS configuration
>>>
>>> I would like to update nbd to that version; but if the release team
>>> prefers, I can cherry-pick a43a2d8 onto 3.15.1 and upload that instead.
>>>
>>
>> Thanks for getting back to me on this.
>>
>> On the note of the actual changes, could you please provide a (source)
>> debdiff, so I know what we are looking at?
>
> Attached.
>
> Unfortunately, there's a bit of churn because I forgot to rename
> nbd-3.15.1.tar.gz to nbd_3.15.1.orig.tar.gz, thereby causing it to be
> uploaded as a native package, with a bit of stuff that shouldn't have
> been in there. At least it didn't contain random junk like in the past,
> but a .gitignore, some autotools metadata files, as well as a few files
> that are meant to be shipped as symlinks rather than copies of files
> from elsewhere in the tree (e.g., tests/run/buffer.c) do show up in the
> debdiff.
>
> If you ignore those, what remains is the changelog entry plus the
> changes that I pointed to earlier.
>
> Thanks for looking at this,
>
Ok, please go ahead with the upload.
The only question I have is about this bit here:
> + if (s->hostname && *s->hostname)
> + {
> + if (!gnutls_x509_crt_check_hostname (cert, s->hostname))
> + {
> + debugout (s,
> + "The certificate's owner does not match hostname '%s'\n",
> + s->hostname);
> + return GNUTLS_E_CERTIFICATE_ERROR;
> + }
> + }
When is the "s->hostname" is blank / NULL ?
Thanks,
~Niels
