Accepting request 94864 from Base:System

Fix licenses (forwarded request 94646 from vuntz) OBS-URL: https://build.opensuse.org/request/show/94864 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=40
2011-12-02 15:25:49 +00:00 · 2011-12-02 15:25:49 +00:00 · 3c0ee622a8
commit 3c0ee622a8
parent b82f3b94cd
3 changed files with 50 additions and 13 deletions
--- a/CVE-2011-4128.patch
+++ b/CVE-2011-4128.patch
@ -0,0 +1,20 @@
 Index: gnutls-3.0.3/lib/gnutls_session.c
 ===================================================================
 --- gnutls-3.0.3.orig/lib/gnutls_session.c
 +++ gnutls-3.0.3/lib/gnutls_session.c
@@ -63,13 +63,14 @@ gnutls_session_get_data (gnutls_session_
       gnutls_assert ();
       return ret;
     }
 -  *session_data_size = psession.size;
   if (psession.size > *session_data_size)
     {
 +      *session_data_size = psession.size;
       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
       goto error;
     }
 +  *session_data_size = psession.size;
   if (session_data != NULL)
     memcpy (session_data, psession.data, psession.size);
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Wed Nov 30 12:43:57 UTC 2011 - vuntz@opensuse.org
 - Fix licenses (bnc#733661): the applications as well as
  gnutls-extra and gnutls-openssl libraries are under GPL-3.0+
  while the library is LGPL-3.0+.
 -------------------------------------------------------------------
 Wed Nov 30 09:57:27 UTC 2011 - coolo@suse.com
 - add automake as buildrequire to avoid implicit dependency
 -------------------------------------------------------------------
 Mon Nov 14 07:29:29 UTC 2011 - gjhe@suse.com
 - fix #Bug 729486 - gnutls: buffer overflow
  CVE-2011-4128
 -------------------------------------------------------------------
 Mon Oct 17 13:21:57 UTC 2011 - vuntz@opensuse.org
--- a/gnutls.spec
+++ b/gnutls.spec
@ -24,7 +24,7 @@
 Name:           gnutls
 Version:        3.0.3
 Release:        1
-License:        LGPLv3+
+License:        LGPL-3.0+ ; GPL-3.0+
 Summary:        The GNU Transport Layer Security Library
 Url:            http://www.gnutls.org/
 Group:          Productivity/Networking/Security
@ -34,6 +34,8 @@ Source1:        baselibs.conf
 Patch0:         gnutls-fix-compression.patch
 # PATCH-FIX-UPSTREAM gnutls-fix-crash-on-strcat.patch bnc#724421 vuntz@opensuse.org -- Fix a crash because of badly used strcat, sent upstream by mail on 2011-10-17
 Patch1:         gnutls-fix-crash-on-strcat.patch
 Patch2:         CVE-2011-4128.patch
 BuildRequires:  automake
 BuildRequires:  gcc-c++
 BuildRequires:  libnettle-devel >= 2.2
 BuildRequires:  p11-kit-devel
@ -54,8 +56,7 @@ layer over a reliable transport layer. Currently the GnuTLS library
 implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutls%{gnutls_sover}
-
+License:        LGPL-3.0+
 License:        LGPLv2.1+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@ -65,8 +66,7 @@ layer over a reliable transport layer. Currently the GnuTLS library
 implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutlsxx%{gnutlsxx_sover}
-
+License:        LGPL-3.0+
 License:        LGPLv2.1+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@ -77,8 +77,7 @@ implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutls-extra%{gnutls_extra_sover}
-
+License:        GPL-3.0+
 License:        GPLv3+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@ -89,8 +88,7 @@ implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutls-openssl%{gnutls_ossl_sover}
-
+License:        GPL-3.0+
 License:        GPLv3+
 Summary:        The GNU Transport Layer Security Library
 Group:          Productivity/Networking/Security
@ -101,7 +99,7 @@ implements the proposed standards of the IETF's TLS working group.
 %package -n libgnutls-devel
-License:        LGPLv2.1+
+License:        LGPL-3.0+
 Summary:        Development package for gnutls
 Group:          Development/Libraries/C and C++
 PreReq:         %install_info_prereq
@ -112,7 +110,7 @@ Requires:       libgnutls%{gnutls_sover} = %{version}
 Files needed for software development using gnutls.
 %package -n libgnutlsxx-devel
-License:        LGPLv2.1+
+License:        LGPL-3.0+
 Summary:        Development package for gnutls
 Group:          Development/Libraries/C and C++
 PreReq:         %install_info_prereq
@ -125,7 +123,7 @@ Files needed for software development using gnutls.
 %package -n libgnutls-openssl-devel
-License:        LGPLv2.1+
+License:        GPL-3.0+
 Summary:        Development package for gnutls
 Group:          Development/Libraries/C and C++
 Requires:       libgnutls-openssl%{gnutls_ossl_sover} = %{version}
@ -136,7 +134,7 @@ Files needed for software development using gnutls.
 %package -n libgnutls-extra-devel
-License:        GPLv3+
+License:        GPL-3.0+
 Summary:        The GNU Transport Layer Security Library
 Group:          Development/Libraries/C and C++
 Requires:       libgnutls-devel = %{version}
@ -159,6 +157,7 @@ implements the proposed standards of the IETF's TLS working group.
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %build
 %configure \