From 8abab062c3dff6f7420851b947575387a584517f12449a468f7ed15a2dac29b4 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 24 Jul 2008 22:38:45 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=14 --- baselibs.conf | 1 - gnutls-1.6.1-srptool.patch | 12 ----- gnutls-2.2.2-uninitialized.patch | 34 ------------ gnutls-2.2.2.tar.bz2 | 3 -- gnutls-2.4.1-disable_cxx.patch | 39 ++++++++++++++ gnutls-2.4.1.tar.bz2 | 3 ++ gnutls-GNUTLS_SA_2008_1.patch | 93 -------------------------------- gnutls-char-signedness.patch | 11 ---- gnutls.changes | 45 ++++++++++++++++ gnutls.spec | 55 ++++++++++++++----- 10 files changed, 129 insertions(+), 167 deletions(-) delete mode 100644 gnutls-1.6.1-srptool.patch delete mode 100644 gnutls-2.2.2-uninitialized.patch delete mode 100644 gnutls-2.2.2.tar.bz2 create mode 100644 gnutls-2.4.1-disable_cxx.patch create mode 100644 gnutls-2.4.1.tar.bz2 delete mode 100644 gnutls-GNUTLS_SA_2008_1.patch delete mode 100644 gnutls-char-signedness.patch diff --git a/baselibs.conf b/baselibs.conf index 9036b76..85b52e1 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,3 +1,2 @@ -gnutls libgnutls26 obsoletes "gnutls-" diff --git a/gnutls-1.6.1-srptool.patch b/gnutls-1.6.1-srptool.patch deleted file mode 100644 index e0a967d..0000000 --- a/gnutls-1.6.1-srptool.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: gnutls-1.6.1/src/crypt.c -=================================================================== ---- gnutls-1.6.1.orig/src/crypt.c -+++ gnutls-1.6.1/src/crypt.c -@@ -220,6 +220,7 @@ _verify_passwd_int (const char *username - - /* encode the verifier into _salt */ - salt_size = sizeof (_salt); -+ memset(_salt, '\0', salt_size); - if (gnutls_srp_base64_encode (&new_verifier, _salt, &salt_size) < 0) - { - fprintf (stderr, "Encoding error\n"); diff --git a/gnutls-2.2.2-uninitialized.patch b/gnutls-2.2.2-uninitialized.patch deleted file mode 100644 index 127ce6d..0000000 --- a/gnutls-2.2.2-uninitialized.patch +++ /dev/null @@ -1,34 +0,0 @@ -Index: gnutls-2.2.2/libextra/openpgp/pgp.c -=================================================================== ---- gnutls-2.2.2.orig/libextra/openpgp/pgp.c -+++ gnutls-2.2.2/libextra/openpgp/pgp.c -@@ -489,7 +489,7 @@ gnutls_openpgp_crt_check_hostname (gnutl - { - char dnsname[MAX_CN]; - size_t dnsnamesize; -- int ret; -+ int ret = 0; - int i; - - /* Check through all included names. */ -Index: gnutls-2.2.2/libextra/gnutls_openpgp.c -=================================================================== ---- gnutls-2.2.2.orig/libextra/gnutls_openpgp.c -+++ gnutls-2.2.2/libextra/gnutls_openpgp.c -@@ -726,8 +726,6 @@ gnutls_certificate_set_openpgp_keyring_m - gnutls_openpgp_keyring_deinit( c->keyring); - return rc; - } -- -- return 0; - #else - - c->keyring_format = format; -@@ -743,6 +741,7 @@ gnutls_certificate_set_openpgp_keyring_m - c->keyring.size = dlen; - - #endif -+ return 0; - } - - /*- diff --git a/gnutls-2.2.2.tar.bz2 b/gnutls-2.2.2.tar.bz2 deleted file mode 100644 index 4f412aa..0000000 --- a/gnutls-2.2.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cbb0e76c28a8b8ee93d49e1fea4cb31549904d95cd8f488309126f7f5046d616 -size 4923519 diff --git a/gnutls-2.4.1-disable_cxx.patch b/gnutls-2.4.1-disable_cxx.patch new file mode 100644 index 0000000..80b1908 --- /dev/null +++ b/gnutls-2.4.1-disable_cxx.patch @@ -0,0 +1,39 @@ +commit 6d9c52778b359c35cfe157156d27915227e59c5e +Author: Simon Josefsson +Date: Thu Jun 19 13:48:53 2008 +0200 + + Disable C++ library if psk, srp, anon etc have been disabled. + The libgnutlsxx.cpp file calls several functions that may have been removed. + +Index: gnutls-2.4.1/configure.in +=================================================================== +--- gnutls-2.4.1.orig/configure.in 2008-07-02 19:35:02.000000000 +0200 ++++ gnutls-2.4.1/configure.in 2008-07-02 19:39:42.000000000 +0200 +@@ -113,9 +113,6 @@ if test "$use_cxx" != "no"; then + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no) + AC_LANG_POP(C++) + fi +-AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") +-AC_MSG_CHECKING([whether to build C++ library]) +-AC_MSG_RESULT($use_cxx) + + AC_MSG_CHECKING([whether C99 macros are supported]) + AC_TRY_COMPILE(,[ +@@ -524,6 +521,17 @@ AC_MSG_RESULT($minitasn1_enabled) + + AM_CONDITIONAL(ENABLE_MINITASN1, test "$minitasn1_enabled" = "yes") + ++if test "$ac_full" != 1; then ++ AC_MSG_WARN([[ ++*** ++*** C++ library disabled because some parts of GnuTLS has been disabled. ++]]) ++ use_cxx=no ++fi ++AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") ++AC_MSG_CHECKING([whether to build C++ library]) ++AC_MSG_RESULT($use_cxx) ++ + dnl Check for libcfg+ + + SAVED_LIBS=$LIBS diff --git a/gnutls-2.4.1.tar.bz2 b/gnutls-2.4.1.tar.bz2 new file mode 100644 index 0000000..fced69f --- /dev/null +++ b/gnutls-2.4.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d91401a6828d7300dc2b1106ff99610479aa35af05d39746cacdab8cdc7be5fd +size 4940118 diff --git a/gnutls-GNUTLS_SA_2008_1.patch b/gnutls-GNUTLS_SA_2008_1.patch deleted file mode 100644 index 4a56c51..0000000 --- a/gnutls-GNUTLS_SA_2008_1.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c -index 72e42ff..a2db949 100644 ---- a/lib/ext_server_name.c -+++ b/lib/ext_server_name.c -@@ -74,10 +74,27 @@ _gnutls_server_name_recv_params (gnutls_session_t session, - len = _gnutls_read_uint16 (p); - p += 2; - -- DECR_LENGTH_RET (data_size, len, 0); -- server_names++; -+ if (len > 0) -+ { -+ DECR_LENGTH_RET (data_size, len, 0); -+ server_names++; -+ p += len; -+ } -+ else -+ _gnutls_handshake_log -+ ("HSK[%x]: Received zero size server name (under attack?)\n", -+ session); - -- p += len; -+ } -+ -+ /* we cannot accept more server names. -+ */ -+ if (server_names > MAX_SERVER_NAME_EXTENSIONS) -+ { -+ _gnutls_handshake_log -+ ("HSK[%x]: Too many server names received (under attack?)\n", -+ session); -+ server_names = MAX_SERVER_NAME_EXTENSIONS; - } - - session->security_parameters.extensions.server_names_size = -@@ -85,10 +102,6 @@ _gnutls_server_name_recv_params (gnutls_session_t session, - if (server_names == 0) - return 0; /* no names found */ - -- /* we cannot accept more server names. -- */ -- if (server_names > MAX_SERVER_NAME_EXTENSIONS) -- server_names = MAX_SERVER_NAME_EXTENSIONS; - - p = data + 2; - for (i = 0; i < server_names; i++) -diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c -index e930c1d..e16ad1f 100644 ---- a/lib/gnutls_cipher.c -+++ b/lib/gnutls_cipher.c -@@ -504,17 +503,20 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, - - pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ - -- length = ciphertext.size - hash_size - pad; -- -- if (pad > ciphertext.size - hash_size) -+ if ((int)pad > (int)ciphertext.size - hash_size) - { - gnutls_assert (); -+ _gnutls_record_log -+ ("REC[%x]: Short record length %d > %d - %d (under attack?)\n", -+ session, pad, ciphertext.size, hash_size); - /* We do not fail here. We check below for the - * the pad_failed. If zero means success. - */ - pad_failed = GNUTLS_E_DECRYPTION_FAILED; - } - -+ length = ciphertext.size - hash_size - pad; -+ - /* Check the pading bytes (TLS 1.x) - */ - if (ver >= GNUTLS_TLS1 && pad_failed == 0) -diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c -index 4ab6db6..d798180 100644 ---- a/lib/gnutls_handshake.c -+++ b/lib/gnutls_handshake.c -@@ -1003,6 +1003,14 @@ _gnutls_recv_handshake_header (gnutls_session_t session, - - *recv_type = session->internals.handshake_header_buffer.recv_type; - -+ if (*recv_type != type) -+ { -+ gnutls_assert (); -+ _gnutls_handshake_log -+ ("HSK[%x]: Handshake type mismatch (under attack?)\n", session); -+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; -+ } -+ - return session->internals.handshake_header_buffer.packet_length; - } - diff --git a/gnutls-char-signedness.patch b/gnutls-char-signedness.patch deleted file mode 100644 index 0314829..0000000 --- a/gnutls-char-signedness.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/x509/crl_write.c -+++ lib/x509/crl_write.c -@@ -60,7 +60,7 @@ - gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version) - { - int result; -- char null = version; -+ signed char null = version; - - if (crl == NULL) - { diff --git a/gnutls.changes b/gnutls.changes index fcdec4c..5c6fbc3 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,48 @@ +------------------------------------------------------------------- +Thu Jul 17 15:27:42 CEST 2008 - mkoenig@suse.de + +- update to version 2.4.1 + * libgnutls: Fix local crash in gnutls_handshake + * libgnutls: Fix memory leaks when doing a re-handshake + * Fix compiler warnings + * Fix ordering of -I's to avoid opencdk.h conflict with + system headers + * srptool: Fix a problem where --verify check does not succeed +- remove C++ wrapper lib, it is not usable without SRP +- remove patch + gnutls-1.6.1-srptool.patch + +------------------------------------------------------------------- +Wed Jul 2 15:49:50 CEST 2008 - mkoenig@suse.de + +- remove gnutls main package from baselibs.conf + +------------------------------------------------------------------- +Thu Jun 26 15:08:38 CEST 2008 - mkoenig@suse.de + +- update to version 2.4.0 + * The OpenPGP sub-system has been improved and now supports subkeys + * The PSK sub-system has been improved and now supports password + derivation and PSK identity hints + * The certtool --inder and --outder has been replaced + by --inraw and --outraw + * New APIs to access the raw X.509 Subject and Issuer DN's and + elements from the certificate credentials structure + * New APIs to improve working with username/passwords and PSK + * Names of constants to affect certificate printing changed + * The function gnutls_openpgp_privkey_get_id has been renamed to + gnutls_openpgp_privkey_get_key_id + * API/ABI changes in GnuTLS 2.4 + All OpenPGP related functions have been moved from + libgnutls-extra to libgnutls, and several new functions have + been added +- remove SRP functionality from C++ wrapper, otherwise it cannot + be linked against it +- removed patches + gnutls-2.2.2-uninitialized.patch + gnutls-char-signedness.patch + gnutls-GNUTLS_SA_2008_1.patch + ------------------------------------------------------------------- Mon Jun 23 10:53:20 CEST 2008 - mkoenig@suse.de diff --git a/gnutls.spec b/gnutls.spec index 0f56de4..f3d6733 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,5 +1,5 @@ # -# spec file for package gnutls (Version 2.2.2) +# spec file for package gnutls (Version 2.4.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -13,16 +13,13 @@ Name: gnutls BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel -Version: 2.2.2 -Release: 19 +Version: 2.4.1 +Release: 1 License: GPL v3 or later; LGPL v2.1 or later BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://www.gnutls.org/ Source0: %name-%version.tar.bz2 -Patch0: gnutls-char-signedness.patch -Patch1: gnutls-1.6.1-srptool.patch -Patch2: gnutls-2.2.2-uninitialized.patch -Patch3: gnutls-GNUTLS_SA_2008_1.patch +Patch1: gnutls-2.4.1-disable_cxx.patch Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security AutoReqProv: on @@ -101,7 +98,7 @@ Authors: %package -n libgnutls-extra-devel License: GPL v3 or later Summary: The GNU Transport Layer Security Library -Group: Productivity/Networking/Security +Group: Development/Libraries/C and C++ Requires: libgnutls-extra26 = %version libgnutls-devel # gnutls-devel last used in 10.3 Obsoletes: gnutls-devel < %version @@ -123,10 +120,7 @@ Authors: %prep %setup -q -%patch0 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build autoreconf -fi @@ -138,6 +132,7 @@ autoreconf -fi --with-included-libtasn1 \ --without-lzo \ --disable-srp-authentication \ + --disable-rpath \ CFLAGS="$RPM_OPT_FLAGS" \ CXXFLAGS="$RPM_OPT_FLAGS" make @@ -185,7 +180,6 @@ rm -rf %buildroot %files -n libgnutls26 %defattr(-,root,root) %_libdir/libgnutls.so.26* -%_libdir/libgnutlsxx.so.26* %files -n libgnutls-extra26 %defattr(-,root,root) @@ -197,7 +191,6 @@ rm -rf %buildroot %_bindir/libgnutls-config %_includedir/* %_libdir/libgnutls.so -%_libdir/libgnutlsxx.so %_datadir/aclocal/libgnutls.m4 %_libdir/pkgconfig/gnutls.pc %_mandir/man3/* @@ -213,6 +206,42 @@ rm -rf %buildroot %_libdir/pkgconfig/gnutls-extra.pc %changelog +* Thu Jul 17 2008 mkoenig@suse.de +- update to version 2.4.1 + * libgnutls: Fix local crash in gnutls_handshake + * libgnutls: Fix memory leaks when doing a re-handshake + * Fix compiler warnings + * Fix ordering of -I's to avoid opencdk.h conflict with + system headers + * srptool: Fix a problem where --verify check does not succeed +- remove C++ wrapper lib, it is not usable without SRP +- remove patch + gnutls-1.6.1-srptool.patch +* Wed Jul 02 2008 mkoenig@suse.de +- remove gnutls main package from baselibs.conf +* Thu Jun 26 2008 mkoenig@suse.de +- update to version 2.4.0 + * The OpenPGP sub-system has been improved and now supports subkeys + * The PSK sub-system has been improved and now supports password + derivation and PSK identity hints + * The certtool --inder and --outder has been replaced + by --inraw and --outraw + * New APIs to access the raw X.509 Subject and Issuer DN's and + elements from the certificate credentials structure + * New APIs to improve working with username/passwords and PSK + * Names of constants to affect certificate printing changed + * The function gnutls_openpgp_privkey_get_id has been renamed to + gnutls_openpgp_privkey_get_key_id + * API/ABI changes in GnuTLS 2.4 + All OpenPGP related functions have been moved from + libgnutls-extra to libgnutls, and several new functions have + been added +- remove SRP functionality from C++ wrapper, otherwise it cannot + be linked against it +- removed patches + gnutls-2.2.2-uninitialized.patch + gnutls-char-signedness.patch + gnutls-GNUTLS_SA_2008_1.patch * Mon Jun 23 2008 mkoenig@suse.de - disable SRP [bnc#65192] * Wed May 21 2008 mkoenig@suse.de