Bug#950546: buster-pu: package mew/1:6.8-4+deb10u1

To: submit@bugs.debian.org
Subject: Bug#950546: buster-pu: package mew/1:6.8-4+deb10u1
From: Tatsuya Kinoshita <tats@debian.org>
Date: Mon, 03 Feb 2020 21:36:14 +0900 (JST)
Message-id: <[🔎] 20200203.213614.344537115434812712.tats%nobody@tats.iris.ne.jp>
Reply-to: Tatsuya Kinoshita <tats@debian.org>, 950546@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi, the release team,

I'd like to update package mew in buster to fix a security issue,
managed as no advisory by the security team.

See this changelog and the attached debdiff.

mew (1:6.8-4+deb10u1) buster; urgency=medium

  * New patch 070_checkhost.patch to enable checkHost for stunnel
    (closes: #950411)

 -- Tatsuya Kinoshita <tats@debian.org>  Sun, 02 Feb 2020 18:31:28 +0900

Please let me know if I can upload it.

Thanks,
--
Tatsuya Kinoshita

diffstat for mew-6.8 mew-6.8

 changelog                   |    7 +++++++
 patches/070_checkhost.patch |   15 +++++++++++++++
 patches/series              |    1 +
 3 files changed, 23 insertions(+)

diff -Nru mew-6.8/debian/changelog mew-6.8/debian/changelog
--- mew-6.8/debian/changelog	2019-01-06 00:22:08.000000000 +0900
+++ mew-6.8/debian/changelog	2020-02-02 18:31:28.000000000 +0900
@@ -1,3 +1,10 @@
+mew (1:6.8-4+deb10u1) buster; urgency=medium
+
+  * New patch 070_checkhost.patch to enable checkHost for stunnel
+    (closes: #950411)
+
+ -- Tatsuya Kinoshita <tats@debian.org>  Sun, 02 Feb 2020 18:31:28 +0900
+
 mew (1:6.8-4) unstable; urgency=medium
 
   [ YAMANAKA Hitoshi ]
diff -Nru mew-6.8/debian/patches/070_checkhost.patch mew-6.8/debian/patches/070_checkhost.patch
--- mew-6.8/debian/patches/070_checkhost.patch	1970-01-01 09:00:00.000000000 +0900
+++ mew-6.8/debian/patches/070_checkhost.patch	2020-02-01 22:18:14.000000000 +0900
@@ -0,0 +1,15 @@
+Subject: Enable checkHost for stunnel
+Origin: upstream, https://github.com/kazu-yamamoto/Mew/commit/8de0a1398f10d0e8da29ce91ec22af17430c0004
+Bug: https://github.com/kazu-yamamoto/Mew/pull/133
+
+--- a/mew-ssl.el
++++ b/mew-ssl.el
+@@ -106,6 +106,8 @@ insert no extra text.")
+ 	(insert "client=yes\n")
+ 	(insert "pid=\n")
+ 	(insert (format "verify=%d\n" (mew-ssl-verify-level case)))
++	(if (> (mew-ssl-verify-level case) 0)
++	    (insert (format "checkHost=%s\n" server)))
+ 	(insert "foreground=yes\n")
+ 	(insert "debug=debug\n")
+ 	(if (and mew-ssl-libwrap (or (>= mew-ssl-ver 5) (>= mew-ssl-minor-ver 45)))
diff -Nru mew-6.8/debian/patches/series mew-6.8/debian/patches/series
--- mew-6.8/debian/patches/series	2019-01-06 00:19:10.000000000 +0900
+++ mew-6.8/debian/patches/series	2020-02-01 22:18:14.000000000 +0900
@@ -2,3 +2,4 @@
 020_netpbm.patch
 030_cache-long-scans.patch
 040_incm-lock.patch
+070_checkhost.patch

Attachment: pgpGvvT0SxCY2.pgp
Description: PGP signature

Reply to:

Prev by Date: NEW changes in oldstable-new
Next by Date: Bug#950547: buster-pu: package mew-beta/7.0.50~6.8+0.20190228-1+deb10u1
Previous by thread: Re: [Pkg-rust-maintainers] rust ecosystem worries of a release team member
Next by thread: Bug#950547: buster-pu: package mew-beta/7.0.50~6.8+0.20190228-1+deb10u1
Index(es):
- Date
- Thread