rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=14

Browse Source
This commit is contained in:
OBS User unknown 2008-07-24 22:38:45 +00:00 committed by Git OBS Bridge
parent 075362dcc5
commit 8abab062c3
10 changed files with 129 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
baselibs.conf
View File

@ -1,3 +1,2 @@
gnutls
libgnutls26
obsoletes "gnutls-<targettype>"

12
gnutls-1.6.1-srptool.patch
View File

@ -1,12 +0,0 @@
Index: gnutls-1.6.1/src/crypt.c
===================================================================
--- gnutls-1.6.1.orig/src/crypt.c
+++ gnutls-1.6.1/src/crypt.c
@@ -220,6 +220,7 @@ _verify_passwd_int (const char *username
/* encode the verifier into _salt */
salt_size = sizeof (_salt);
+ memset(_salt, '\0', salt_size);
if (gnutls_srp_base64_encode (&new_verifier, _salt, &salt_size) < 0)
{
fprintf (stderr, "Encoding error\n");

34
gnutls-2.2.2-uninitialized.patch
View File

@ -1,34 +0,0 @@
Index: gnutls-2.2.2/libextra/openpgp/pgp.c
===================================================================
--- gnutls-2.2.2.orig/libextra/openpgp/pgp.c
+++ gnutls-2.2.2/libextra/openpgp/pgp.c
@@ -489,7 +489,7 @@ gnutls_openpgp_crt_check_hostname (gnutl
{
char dnsname[MAX_CN];
size_t dnsnamesize;
- int ret;
+ int ret = 0;
int i;
/* Check through all included names. */
Index: gnutls-2.2.2/libextra/gnutls_openpgp.c
===================================================================
--- gnutls-2.2.2.orig/libextra/gnutls_openpgp.c
+++ gnutls-2.2.2/libextra/gnutls_openpgp.c
@@ -726,8 +726,6 @@ gnutls_certificate_set_openpgp_keyring_m
gnutls_openpgp_keyring_deinit( c->keyring);
return rc;
}
-
- return 0;
#else
c->keyring_format = format;
@@ -743,6 +741,7 @@ gnutls_certificate_set_openpgp_keyring_m
c->keyring.size = dlen;
#endif
+ return 0;
}
/*-

3
gnutls-2.2.2.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cbb0e76c28a8b8ee93d49e1fea4cb31549904d95cd8f488309126f7f5046d616
size 4923519

39
gnutls-2.4.1-disable_cxx.patch Normal file
View File

@ -0,0 +1,39 @@
commit 6d9c52778b359c35cfe157156d27915227e59c5e
Author: Simon Josefsson <simon@josefsson.org>
Date: Thu Jun 19 13:48:53 2008 +0200
Disable C++ library if psk, srp, anon etc have been disabled.
The libgnutlsxx.cpp file calls several functions that may have been removed.
Index: gnutls-2.4.1/configure.in
===================================================================
--- gnutls-2.4.1.orig/configure.in 2008-07-02 19:35:02.000000000 +0200
+++ gnutls-2.4.1/configure.in 2008-07-02 19:39:42.000000000 +0200
@@ -113,9 +113,6 @@ if test "$use_cxx" != "no"; then
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
AC_LANG_POP(C++)
fi
-AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
-AC_MSG_CHECKING([whether to build C++ library])
-AC_MSG_RESULT($use_cxx)
AC_MSG_CHECKING([whether C99 macros are supported])
AC_TRY_COMPILE(,[
@@ -524,6 +521,17 @@ AC_MSG_RESULT($minitasn1_enabled)
AM_CONDITIONAL(ENABLE_MINITASN1, test "$minitasn1_enabled" = "yes")
+if test "$ac_full" != 1; then
+ AC_MSG_WARN([[
+***
+*** C++ library disabled because some parts of GnuTLS has been disabled.
+]])
+ use_cxx=no
+fi
+AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
+AC_MSG_CHECKING([whether to build C++ library])
+AC_MSG_RESULT($use_cxx)
+
dnl Check for libcfg+
SAVED_LIBS=$LIBS

3
gnutls-2.4.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d91401a6828d7300dc2b1106ff99610479aa35af05d39746cacdab8cdc7be5fd
size 4940118

93
gnutls-GNUTLS_SA_2008_1.patch
View File

@ -1,93 +0,0 @@
diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c
index 72e42ff..a2db949 100644
--- a/lib/ext_server_name.c
+++ b/lib/ext_server_name.c
@@ -74,10 +74,27 @@ _gnutls_server_name_recv_params (gnutls_session_t session,
len = _gnutls_read_uint16 (p);
p += 2;
- DECR_LENGTH_RET (data_size, len, 0);
- server_names++;
+ if (len > 0)
+ {
+ DECR_LENGTH_RET (data_size, len, 0);
+ server_names++;
+ p += len;
+ }
+ else
+ _gnutls_handshake_log
+ ("HSK[%x]: Received zero size server name (under attack?)\n",
+ session);
- p += len;
+ }
+
+ /* we cannot accept more server names.
+ */
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ {
+ _gnutls_handshake_log
+ ("HSK[%x]: Too many server names received (under attack?)\n",
+ session);
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
}
session->security_parameters.extensions.server_names_size =
@@ -85,10 +102,6 @@ _gnutls_server_name_recv_params (gnutls_session_t session,
if (server_names == 0)
return 0; /* no names found */
- /* we cannot accept more server names.
- */
- if (server_names > MAX_SERVER_NAME_EXTENSIONS)
- server_names = MAX_SERVER_NAME_EXTENSIONS;
p = data + 2;
for (i = 0; i < server_names; i++)
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index e930c1d..e16ad1f 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -504,17 +503,20 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
- length = ciphertext.size - hash_size - pad;
-
- if (pad > ciphertext.size - hash_size)
+ if ((int)pad > (int)ciphertext.size - hash_size)
{
gnutls_assert ();
+ _gnutls_record_log
+ ("REC[%x]: Short record length %d > %d - %d (under attack?)\n",
+ session, pad, ciphertext.size, hash_size);
/* We do not fail here. We check below for the
* the pad_failed. If zero means success.
*/
pad_failed = GNUTLS_E_DECRYPTION_FAILED;
}
+ length = ciphertext.size - hash_size - pad;
+
/* Check the pading bytes (TLS 1.x)
*/
if (ver >= GNUTLS_TLS1 && pad_failed == 0)
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 4ab6db6..d798180 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1003,6 +1003,14 @@ _gnutls_recv_handshake_header (gnutls_session_t session,
*recv_type = session->internals.handshake_header_buffer.recv_type;
+ if (*recv_type != type)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%x]: Handshake type mismatch (under attack?)\n", session);
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
+
return session->internals.handshake_header_buffer.packet_length;
}

11
gnutls-char-signedness.patch
View File

@ -1,11 +0,0 @@
--- lib/x509/crl_write.c
+++ lib/x509/crl_write.c
@@ -60,7 +60,7 @@
gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
{
int result;
- char null = version;
+ signed char null = version;
if (crl == NULL)
{

45
gnutls.changes
View File

@ -1,3 +1,48 @@
-------------------------------------------------------------------
Thu Jul 17 15:27:42 CEST 2008 - mkoenig@suse.de
- update to version 2.4.1
* libgnutls: Fix local crash in gnutls_handshake
* libgnutls: Fix memory leaks when doing a re-handshake
* Fix compiler warnings
* Fix ordering of -I's to avoid opencdk.h conflict with
system headers
* srptool: Fix a problem where --verify check does not succeed
- remove C++ wrapper lib, it is not usable without SRP
- remove patch
gnutls-1.6.1-srptool.patch
-------------------------------------------------------------------
Wed Jul 2 15:49:50 CEST 2008 - mkoenig@suse.de
- remove gnutls main package from baselibs.conf
-------------------------------------------------------------------
Thu Jun 26 15:08:38 CEST 2008 - mkoenig@suse.de
- update to version 2.4.0
* The OpenPGP sub-system has been improved and now supports subkeys
* The PSK sub-system has been improved and now supports password
derivation and PSK identity hints
* The certtool --inder and --outder has been replaced
by --inraw and --outraw
* New APIs to access the raw X.509 Subject and Issuer DN's and
elements from the certificate credentials structure
* New APIs to improve working with username/passwords and PSK
* Names of constants to affect certificate printing changed
* The function gnutls_openpgp_privkey_get_id has been renamed to
gnutls_openpgp_privkey_get_key_id
* API/ABI changes in GnuTLS 2.4
All OpenPGP related functions have been moved from
libgnutls-extra to libgnutls, and several new functions have
been added
- remove SRP functionality from C++ wrapper, otherwise it cannot
be linked against it
- removed patches
gnutls-2.2.2-uninitialized.patch
gnutls-char-signedness.patch
gnutls-GNUTLS_SA_2008_1.patch
-------------------------------------------------------------------
Mon Jun 23 10:53:20 CEST 2008 - mkoenig@suse.de

55
gnutls.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package gnutls (Version 2.2.2)
# spec file for package gnutls (Version 2.4.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -13,16 +13,13 @@
Name: gnutls
BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel
Version: 2.2.2
Release: 19
Version: 2.4.1
Release: 1
License: GPL v3 or later; LGPL v2.1 or later
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://www.gnutls.org/
Source0: %name-%version.tar.bz2
Patch0: gnutls-char-signedness.patch
Patch1: gnutls-1.6.1-srptool.patch
Patch2: gnutls-2.2.2-uninitialized.patch
Patch3: gnutls-GNUTLS_SA_2008_1.patch
Patch1: gnutls-2.4.1-disable_cxx.patch
Summary: The GNU Transport Layer Security Library
Group: Productivity/Networking/Security
AutoReqProv: on
@ -101,7 +98,7 @@ Authors:
%package -n libgnutls-extra-devel
License: GPL v3 or later
Summary: The GNU Transport Layer Security Library
Group: Productivity/Networking/Security
Group: Development/Libraries/C and C++
Requires: libgnutls-extra26 = %version libgnutls-devel
# gnutls-devel last used in 10.3
Obsoletes: gnutls-devel < %version
@ -123,10 +120,7 @@ Authors:
%prep
%setup -q
%patch0
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
autoreconf -fi
@ -138,6 +132,7 @@ autoreconf -fi
--with-included-libtasn1 \
--without-lzo \
--disable-srp-authentication \
--disable-rpath \
CFLAGS="$RPM_OPT_FLAGS" \
CXXFLAGS="$RPM_OPT_FLAGS"
make
@ -185,7 +180,6 @@ rm -rf %buildroot
%files -n libgnutls26
%defattr(-,root,root)
%_libdir/libgnutls.so.26*
%_libdir/libgnutlsxx.so.26*
%files -n libgnutls-extra26
%defattr(-,root,root)
@ -197,7 +191,6 @@ rm -rf %buildroot
%_bindir/libgnutls-config
%_includedir/*
%_libdir/libgnutls.so
%_libdir/libgnutlsxx.so
%_datadir/aclocal/libgnutls.m4
%_libdir/pkgconfig/gnutls.pc
%_mandir/man3/*
@ -213,6 +206,42 @@ rm -rf %buildroot
%_libdir/pkgconfig/gnutls-extra.pc
%changelog
* Thu Jul 17 2008 mkoenig@suse.de
- update to version 2.4.1
* libgnutls: Fix local crash in gnutls_handshake
* libgnutls: Fix memory leaks when doing a re-handshake
* Fix compiler warnings
* Fix ordering of -I's to avoid opencdk.h conflict with
system headers
* srptool: Fix a problem where --verify check does not succeed
- remove C++ wrapper lib, it is not usable without SRP
- remove patch
gnutls-1.6.1-srptool.patch
* Wed Jul 02 2008 mkoenig@suse.de
- remove gnutls main package from baselibs.conf
* Thu Jun 26 2008 mkoenig@suse.de
- update to version 2.4.0
* The OpenPGP sub-system has been improved and now supports subkeys
* The PSK sub-system has been improved and now supports password
derivation and PSK identity hints
* The certtool --inder and --outder has been replaced
by --inraw and --outraw
* New APIs to access the raw X.509 Subject and Issuer DN's and
elements from the certificate credentials structure
* New APIs to improve working with username/passwords and PSK
* Names of constants to affect certificate printing changed
* The function gnutls_openpgp_privkey_get_id has been renamed to
gnutls_openpgp_privkey_get_key_id
* API/ABI changes in GnuTLS 2.4
All OpenPGP related functions have been moved from
libgnutls-extra to libgnutls, and several new functions have
been added
- remove SRP functionality from C++ wrapper, otherwise it cannot
be linked against it
- removed patches
gnutls-2.2.2-uninitialized.patch
gnutls-char-signedness.patch
gnutls-GNUTLS_SA_2008_1.patch
* Mon Jun 23 2008 mkoenig@suse.de
- disable SRP [bnc#65192]
* Wed May 21 2008 mkoenig@suse.de