Accepting request 1105300 from home:pmonrealgonzalez:branches:security:tls

- Fix missing GNUTLS_NO_EXTENSIONS compatibility. * Upstream: gitlab.com/gnutls/gnutls/commit/abfa8634 * Add gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch OBS-URL: https://build.opensuse.org/request/show/1105300 OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=99
2023-08-22 15:49:16 +00:00 · 2023-08-22 15:49:16 +00:00 · d830af4f9e
commit d830af4f9e
parent ab8ae2104b
3 changed files with 65 additions and 0 deletions
--- a/gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
+++ b/gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
@ -0,0 +1,56 @@
+From abfa8634db940115a11a07596ce53c8f9c4f87d2 Mon Sep 17 00:00:00 2001
+From: Adrian Bunk <bunk@debian.org>
+Date: Sun, 6 Aug 2023 22:46:22 +0300
+Subject: [PATCH] Move the GNUTLS_NO_EXTENSIONS compatibility #define to
+ gnutls.h
+
+Signed-off-by: Adrian Bunk <bunk@debian.org>
+---
+ lib/ext/ext_master_secret.h     | 3 ---
+ lib/includes/gnutls/gnutls.h.in | 3 +++
+ lib/state.h                     | 3 ---
+ 3 files changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/lib/ext/ext_master_secret.h b/lib/ext/ext_master_secret.h
+index 45d38178bd..419335b4e3 100644
+--- a/lib/ext/ext_master_secret.h
+++ b/lib/ext/ext_master_secret.h
+@@ -23,9 +23,6 @@
+ #ifndef GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
+ #define GNUTLS_LIB_EXT_EXT_MASTER_SECRET_H
+ 
+-/* Keep backward compatibility */
+-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
+-
+ #include <hello_ext.h>
+ 
+ extern const hello_ext_entry_st ext_mod_ext_master_secret;
+diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
+index ec132cb5c3..fc64c7a228 100644
+--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
+@@ -542,6 +542,9 @@ typedef enum {
+ #define GNUTLS_ENABLE_CERT_TYPE_NEG 0
+ // Here for compatibility reasons
+ 
+/* Keep backward compatibility */
+#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
+
+ /**
+  * gnutls_alert_level_t:
+  * @GNUTLS_AL_WARNING: Alert of warning severity.
+diff --git a/lib/state.h b/lib/state.h
+index dc086bcf0d..975ceee3a7 100644
+--- a/lib/state.h
+++ b/lib/state.h
+@@ -110,7 +110,4 @@ inline static int _gnutls_PRF(gnutls_session_t session, const uint8_t *secret,
+ 
+ #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
+ 
+-/* Keep backward compatibility */
+-#define GNUTLS_NO_EXTENSIONS GNUTLS_NO_DEFAULT_EXTENSIONS
+-
+ #endif /* GNUTLS_LIB_STATE_H */
+-- 
+GitLab
+
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Aug 22 15:00:57 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix missing GNUTLS_NO_EXTENSIONS compatibility.
+  * Upstream: gitlab.com/gnutls/gnutls/commit/abfa8634
+  * Add gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
+
 -------------------------------------------------------------------
 Mon Aug 21 09:33:40 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

--- a/gnutls.spec
+++ b/gnutls.spec
@ -58,6 +58,8 @@ Patch1:         gnutls-FIPS-TLS_KDF_selftest.patch
 Patch2:         gnutls-disable-flaky-test-dtls-resume.patch
 # PATCH-FIX-OPENSUSE The srp test fails with SIGPIPE
 Patch3:         gnutls-srp-test-SIGPIPE.patch
+# PATCH-FIX-OPENSUSE Fix missing GNUTLS_NO_EXTENSIONS compatibility
+Patch4:         gnutls-GNUTLS_NO_EXTENSIONS-compatibility.patch
 # FIPS 140-3 patches:
 #PATCH-FIX-SUSE bsc#1207346 FIPS: Change FIPS 140-2 references to FIPS 140-3
 Patch100:       gnutls-FIPS-140-3-references.patch