upstream/624058-gnutls-deprecated.patch: deprecate gnutls_protocol_set_priority(...

diff --git a/debian/changelog b/debian/changelog
index 14c7e28f4f839dd66657da9c9536757e5cffa9c4..37a47d82c60fe9c5f916d5d25e1955242fa772db 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -18,6 +18,8 @@ mutt (1.5.21-5) unstable; urgency=low
   * debian/patches/upstream:
     + 611412-bts-regexp.patch: fixes a regexp for BTS in the mutt manual 
       (Closes: 611412)
+    + 624058-gnutls-deprecated.patch: deprecate gnutls_protocol_set_priority() 
+      (Closes: 624058)
   * debian/extra/samples/sidebar.muttrc: documented the options that
     the sidebar-{sorted,dotted} patches are introducing; documentation 
     submitted by Julien Valroff (Closes: 603186)

diff --git a/debian/patches/upstream/624058-gnutls-deprecated.patch b/debian/patches/upstream/624058-gnutls-deprecated.patch
new file mode 100644 (file)
index 0000000..a5257c3
--- /dev/null
+++ b/debian/patches/upstream/624058-gnutls-deprecated.patch
@@ -0,0 +1,73 @@
+Tentative fix to replace the deprecated gnutls_protocol_set_priority() with
+gnutls_priority_set_direct(), initially reported in http://bugs.debian.org/624058
+
+--- a/mutt_ssl_gnutls.c
++++ b/mutt_ssl_gnutls.c
+@@ -238,8 +238,6 @@
+   gnutls_x509_crt_deinit (clientcrt);
+ }
+ 
+-static int protocol_priority[] = {GNUTLS_TLS1, GNUTLS_SSL3, 0};
+-
+ /* tls_negotiate: After TLS state has been initialised, attempt to negotiate
+  *   TLS over the wire, including certificate checks. */
+ static int tls_negotiate (CONNECTION * conn)
+@@ -247,6 +245,18 @@
+   tlssockdata *data;
+   int err;
+ 
++#if GNUTLS_VERSION_MAJOR >= 2 && GNUTLS_VERSION_MINOR >= 12
++  const char *force_sslv3_str = "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0";
++  const char *force_tls_str = "NORMAL:-VERS-SSL3.0:+VERS-TLS-ALL";
++#else
++  const char *force_sslv3_str =
++        "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0";
++  const char *force_tls_str = "NORMAL:-VERS-SSL3.0:+VERS-TLS-1.2:+VERS-TLS1.1:+VERS-TLS1.0";
++#endif
++  char *priority_str = "NORMAL";
++  const char *error_pos;
++  int error_code;
++
+   data = (tlssockdata *) safe_calloc (1, sizeof (tlssockdata));
+   conn->sockdata = data;
+   err = gnutls_certificate_allocate_credentials (&data->xcred);
+@@ -294,13 +304,11 @@
+   }
+   else if (!option(OPTTLSV1))
+   {
+-    protocol_priority[0] = GNUTLS_SSL3;
+-    protocol_priority[1] = 0;
++    priority_str = force_sslv3_str;
+   }
+   else if (!option(OPTSSLV3))
+   {
+-    protocol_priority[0] = GNUTLS_TLS1;
+-    protocol_priority[1] = 0;
++    priority_str = force_tls_str;
+   }
+   /*
+   else
+@@ -309,7 +317,22 @@
+ 
+   /* We use default priorities (see gnutls documentation),
+      except for protocol version */
+-  gnutls_set_default_priority (data->state);
++  error_pos = NULL;
++  if ( (error_code = gnutls_priority_set_direct (data->state, priority_str,
++                   &error_pos)) != 0 )
++  {
++    if ( error_pos )
++    {
++      mutt_error("gnutls_priority_set_direct(%s) pos %s", priority_str, error_pos);
++    }
++    else
++    {
++      mutt_error("gnutls_priority_set_direct(%s)", priority_str);
++    }
++    mutt_sleep(2);
++    goto fail;
++  }
++
+   gnutls_protocol_set_priority (data->state, protocol_priority);
+ 
+   if (SslDHPrimeBits > 0)