Accepting request 94864 from Base:System

Fix licenses (forwarded request 94646 from vuntz) OBS-URL: https://build.opensuse.org/request/show/94864 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=40
2011-12-02 15:25:49 +00:00 · 2011-12-02 15:25:49 +00:00 · 3c0ee622a8
commit 3c0ee622a8
parent b82f3b94cd
3 changed files with 50 additions and 13 deletions
--- a/CVE-2011-4128.patch
+++ b/CVE-2011-4128.patch
@ -0,0 +1,20 @@
+Index: gnutls-3.0.3/lib/gnutls_session.c
+===================================================================
+--- gnutls-3.0.3.orig/lib/gnutls_session.c
+++ gnutls-3.0.3/lib/gnutls_session.c
+@@ -63,13 +63,14 @@ gnutls_session_get_data (gnutls_session_
+       gnutls_assert ();
+       return ret;
+     }
+-  *session_data_size = psession.size;
+ 
+   if (psession.size > *session_data_size)
+     {
+      *session_data_size = psession.size;
+       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+       goto error;
+     }
+  *session_data_size = psession.size;
+ 
+   if (session_data != NULL)
+     memcpy (session_data, psession.data, psession.size);
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Wed Nov 30 12:43:57 UTC 2011 - vuntz@opensuse.org
+
+- Fix licenses (bnc#733661): the applications as well as
+  gnutls-extra and gnutls-openssl libraries are under GPL-3.0+
+  while the library is LGPL-3.0+.
+
+-------------------------------------------------------------------
+Wed Nov 30 09:57:27 UTC 2011 - coolo@suse.com
+
+- add automake as buildrequire to avoid implicit dependency
+
+-------------------------------------------------------------------
+Mon Nov 14 07:29:29 UTC 2011 - gjhe@suse.com
+
+- fix #Bug 729486 - gnutls: buffer overflow
+  CVE-2011-4128
+
 -------------------------------------------------------------------
 Mon Oct 17 13:21:57 UTC 2011 - vuntz@opensuse.org

--- a/gnutls.spec
+++ b/gnutls.spec
@ -24,7 +24,7 @@
 Name:           gnutls
 Version:        3.0.3
 Release:        1
-License:        LGPLv3+
+License:        LGPL-3.0+ ; GPL-3.0+
 Summary:        The GNU Transport Layer Security Library
 Url:            http://www.gnutls.org/
 Group:          Productivity/Networking/Security
@ -34,6 +34,8 @@ Source1:        baselibs.conf
 Patch0:         gnutls-fix-compression.patch
 # PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 vuntz@opensuse.org -- Fix a crash because of badly used strcat, sent upstream by mail on 2011-10-17
 Patch1:         gnutls-fix-crash-on-strcat.patch
+Patch2:         CVE-2011-4128.patch
+BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel >= 2.2
 BuildRequires:  p11-kit-devel
@ -54,8 +56,7 @@ layer over a reliable transport layer. Currently the GnuTLS library
 implements the proposed standards of the IETF's TLS working group.

 %package -n libgnutls%{gnutls_sover}
-
-License:        LGPLv2.1+
+License:        LGPL-3.0+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security

@ -65,8 +66,7 @@ layer over a reliable transport layer. Currently the GnuTLS library
 implements the proposed standards of the IETF's TLS working group.

 %package -n libgnutlsxx%{gnutlsxx_sover}
-
-License:        LGPLv2.1+
+License:        LGPL-3.0+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security

@ -77,8 +77,7 @@ implements the proposed standards of the IETF's TLS working group.


 %package -n libgnutls-extra%{gnutls_extra_sover}
-
-License:        GPLv3+
+License:        GPL-3.0+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security

@ -89,8 +88,7 @@ implements the proposed standards of the IETF's TLS working group.


 %package -n libgnutls-openssl%{gnutls_ossl_sover}
-
-License:        GPLv3+
+License:        GPL-3.0+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security

@ -101,7 +99,7 @@ implements the proposed standards of the IETF's TLS working group.


 %package -n libgnutls-devel
-License:        LGPLv2.1+
+License:        LGPL-3.0+
 Summary:        Development package for gnutls
 Group:          Development/Libraries/C and C++
 PreReq:         %install_info_prereq
@ -112,7 +110,7 @@ Requires:       libgnutls%{gnutls_sover} = %{version}
 Files needed for software development using gnutls.

 %package -n libgnutlsxx-devel
-License:        LGPLv2.1+
+License:        LGPL-3.0+
 Summary:        Development package for gnutls
 Group:          Development/Libraries/C and C++
 PreReq:         %install_info_prereq
@ -125,7 +123,7 @@ Files needed for software development using gnutls.


 %package -n libgnutls-openssl-devel
-License:        LGPLv2.1+
+License:        GPL-3.0+
 Summary:        Development package for gnutls
 Group:          Development/Libraries/C and C++
 Requires:       libgnutls-openssl%{gnutls_ossl_sover} = %{version}
@ -136,7 +134,7 @@ Files needed for software development using gnutls.


 %package -n libgnutls-extra-devel
-License:        GPLv3+
+License:        GPL-3.0+
 Summary:        The GNU Transport Layer Security Library
 Group:          Development/Libraries/C and C++
 Requires:       libgnutls-devel = %{version}
@ -159,6 +157,7 @@ implements the proposed standards of the IETF's TLS working group.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1

 %build
 %configure \