diff --git a/automake-1.12.patch b/automake-1.12.patch deleted file mode 100644 index 02f1160..0000000 --- a/automake-1.12.patch +++ /dev/null @@ -1,52 +0,0 @@ -Index: gnutls-3.2.1/aclocal.m4 -=================================================================== ---- gnutls-3.2.1.orig/aclocal.m4 -+++ gnutls-3.2.1/aclocal.m4 -@@ -517,7 +517,7 @@ AM_MISSING_PROG(AUTOHEADER, autoheader) - AM_MISSING_PROG(MAKEINFO, makeinfo) - AC_REQUIRE([AM_PROG_INSTALL_SH])dnl - AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl --AC_REQUIRE([AM_PROG_MKDIR_P])dnl -+AC_REQUIRE([AC_PROG_MKDIR_P])dnl - # We need awk for the "check" target. The system "awk" is bad on - # some platforms. - AC_REQUIRE([AC_PROG_AWK])dnl -@@ -761,10 +761,10 @@ fi - - # serial 1 - --# AM_PROG_MKDIR_P -+# AC_PROG_MKDIR_P - # --------------- - # Check for `mkdir -p'. --AC_DEFUN([AM_PROG_MKDIR_P], -+AC_DEFUN([AC_PROG_MKDIR_P], - [AC_PREREQ([2.60])dnl - AC_REQUIRE([AC_PROG_MKDIR_P])dnl - dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, -Index: gnutls-3.2.1/gl/m4/gnulib-common.m4 -=================================================================== ---- gnutls-3.2.1.orig/gl/m4/gnulib-common.m4 -+++ gnutls-3.2.1/gl/m4/gnulib-common.m4 -@@ -303,7 +303,7 @@ m4_ifdef([AC_PROG_MKDIR_P], [ - AC_SUBST([MKDIR_P])])], [ - dnl For autoconf < 2.60: Backport of AC_PROG_MKDIR_P. - AC_DEFUN_ONCE([AC_PROG_MKDIR_P], -- [AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake -+ [AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake - MKDIR_P='$(mkdir_p)' - AC_SUBST([MKDIR_P])])]) - ]) -Index: gnutls-3.2.1/m4/po.m4 -=================================================================== ---- gnutls-3.2.1.orig/m4/po.m4 -+++ gnutls-3.2.1/m4/po.m4 -@@ -24,7 +24,7 @@ AC_DEFUN([AM_PO_SUBDIRS], - [ - AC_REQUIRE([AC_PROG_MAKE_SET])dnl - AC_REQUIRE([AC_PROG_INSTALL])dnl -- AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake -+ AC_REQUIRE([AC_PROG_MKDIR_P])dnl defined by automake - AC_REQUIRE([AM_NLS])dnl - - dnl Release version of the gettext macros. This is used to ensure that diff --git a/gnutls-3.2.1-pkcs11.diff b/gnutls-3.2.1-pkcs11.diff deleted file mode 100644 index 8b2d063..0000000 --- a/gnutls-3.2.1-pkcs11.diff +++ /dev/null @@ -1,28 +0,0 @@ -From 9008620a9c452fb33942f0f8ee03a44fdf277475 Mon Sep 17 00:00:00 2001 -From: Stef Walter -Date: Thu, 4 Jul 2013 16:15:03 +0200 -Subject: [PATCH] pkcs11: Use the correct attribute length for CKA_TRUSTED - -CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches -are done with the attribute byte values, we need to get the length -exactly right. ---- - lib/pkcs11.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/pkcs11.c b/lib/pkcs11.c -index 27ea3f4..3da3b92 100644 ---- a/lib/pkcs11.c -+++ b/lib/pkcs11.c -@@ -2201,7 +2201,7 @@ find_objs (struct pkcs11_session_info* sinfo, - struct ck_attribute *attr; - ck_object_class_t class = (ck_object_class_t)-1; - ck_certificate_type_t type = (ck_certificate_type_t)-1; -- unsigned int trusted; -+ unsigned char trusted; - unsigned long category; - ck_rv_t rv; - ck_object_handle_t obj; --- -1.8.3.1 - diff --git a/gnutls-3.2.1.tar.xz b/gnutls-3.2.1.tar.xz deleted file mode 100644 index fb3f89b..0000000 --- a/gnutls-3.2.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:abfa8165947837ada2363355ada25d913f48e6bb261f0a67f20d2fb6079e22fe -size 5127332 diff --git a/gnutls-3.2.1.tar.xz.sig b/gnutls-3.2.1.tar.xz.sig deleted file mode 100644 index c8ebaca..0000000 Binary files a/gnutls-3.2.1.tar.xz.sig and /dev/null differ diff --git a/gnutls-3.2.1-noecc.patch b/gnutls-3.2.3-noecc.patch similarity index 65% rename from gnutls-3.2.1-noecc.patch rename to gnutls-3.2.3-noecc.patch index db4835f..9b45115 100644 --- a/gnutls-3.2.1-noecc.patch +++ b/gnutls-3.2.3-noecc.patch @@ -1,7 +1,7 @@ -Index: gnutls-3.2.1/lib/algorithms/kx.c +Index: gnutls-3.2.3/lib/algorithms/kx.c =================================================================== ---- gnutls-3.2.1.orig/lib/algorithms/kx.c -+++ gnutls-3.2.1/lib/algorithms/kx.c +--- gnutls-3.2.3.orig/lib/algorithms/kx.c ++++ gnutls-3.2.3/lib/algorithms/kx.c @@ -28,9 +28,11 @@ extern mod_auth_st rsa_auth_struct; @@ -14,18 +14,25 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c extern mod_auth_st dhe_dss_auth_struct; extern mod_auth_st anon_auth_struct; extern mod_auth_st anon_ecdh_auth_struct; -@@ -57,8 +59,10 @@ static const gnutls_cred_map cred_mappin +@@ -57,13 +59,17 @@ static const gnutls_cred_map cred_mappin {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, -+#ifdef ENABLE_ECC ++#ifdef ENABLE_ECDHE {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, +#endif {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, -@@ -98,7 +102,7 @@ static const gnutls_kx_algo_entry _gnutl + {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, ++#ifdef ENABLE_ECDHE + {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, ++#endif + {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP}, + {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, + {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, +@@ -98,7 +104,7 @@ static const gnutls_kx_algo_entry _gnutl {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1}, {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1}, #endif @@ -34,7 +41,7 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0}, {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0}, #endif -@@ -113,7 +117,7 @@ static const gnutls_kx_algo_entry _gnutl +@@ -113,7 +119,7 @@ static const gnutls_kx_algo_entry _gnutl {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct, 1 /* needs DHE params */}, # endif @@ -43,10 +50,10 @@ Index: gnutls-3.2.1/lib/algorithms/kx.c {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0}, # endif #endif -Index: gnutls-3.2.1/lib/algorithms/publickey.c +Index: gnutls-3.2.3/lib/algorithms/publickey.c =================================================================== ---- gnutls-3.2.1.orig/lib/algorithms/publickey.c -+++ gnutls-3.2.1/lib/algorithms/publickey.c +--- gnutls-3.2.3.orig/lib/algorithms/publickey.c ++++ gnutls-3.2.3/lib/algorithms/publickey.c @@ -49,8 +49,10 @@ static const gnutls_pk_map pk_mappings[] {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT}, {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, @@ -68,29 +75,10 @@ Index: gnutls-3.2.1/lib/algorithms/publickey.c {0, 0, 0} }; -Index: gnutls-3.2.1/lib/algorithms/sign.c +Index: gnutls-3.2.3/lib/auth/cert.c =================================================================== ---- gnutls-3.2.1.orig/lib/algorithms/sign.c -+++ gnutls-3.2.1/lib/algorithms/sign.c -@@ -43,6 +43,14 @@ typedef struct gnutls_sign_entry gnutls_ - #define TLS_SIGN_AID_UNKNOWN {255, 255} - static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN; - -+#ifndef ENABLE_ECC -+#define GNUTLS_SIGN_ECDSA_SHA1 0 -+#define GNUTLS_SIGN_ECDSA_SHA224 0 -+#define GNUTLS_SIGN_ECDSA_SHA256 0 -+#define GNUTLS_SIGN_ECDSA_SHA384 0 -+#define GNUTLS_SIGN_ECDSA_SHA512 0 -+#endif -+ - static const gnutls_sign_entry sign_algorithms[] = { - {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, - GNUTLS_DIG_SHA1, {2, 1}}, -Index: gnutls-3.2.1/lib/auth/cert.c -=================================================================== ---- gnutls-3.2.1.orig/lib/auth/cert.c -+++ gnutls-3.2.1/lib/auth/cert.c +--- gnutls-3.2.3.orig/lib/auth/cert.c ++++ gnutls-3.2.3/lib/auth/cert.c @@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p key, int deinit); #endif @@ -114,7 +102,7 @@ Index: gnutls-3.2.1/lib/auth/cert.c } return -1; -@@ -1726,7 +1732,9 @@ _gnutls_gen_cert_server_cert_req (gnutls +@@ -1735,7 +1741,9 @@ _gnutls_gen_cert_server_cert_req (gnutls tmp_data[0] = CERTTYPE_SIZE - 1; tmp_data[1] = RSA_SIGN; tmp_data[2] = DSA_SIGN; @@ -124,10 +112,10 @@ Index: gnutls-3.2.1/lib/auth/cert.c ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE); if (ret < 0) -Index: gnutls-3.2.1/lib/auth/dhe_psk.c +Index: gnutls-3.2.3/lib/auth/dhe_psk.c =================================================================== ---- gnutls-3.2.1.orig/lib/auth/dhe_psk.c -+++ gnutls-3.2.1/lib/auth/dhe_psk.c +--- gnutls-3.2.3.orig/lib/auth/dhe_psk.c ++++ gnutls-3.2.3/lib/auth/dhe_psk.c @@ -92,6 +92,7 @@ const mod_auth_st ecdhe_psk_auth_struct }; #endif @@ -192,10 +180,10 @@ Index: gnutls-3.2.1/lib/auth/dhe_psk.c +#endif #endif /* ENABLE_PSK */ -Index: gnutls-3.2.1/lib/ext/ecc.c +Index: gnutls-3.2.3/lib/ext/ecc.c =================================================================== ---- gnutls-3.2.1.orig/lib/ext/ecc.c -+++ gnutls-3.2.1/lib/ext/ecc.c +--- gnutls-3.2.3.orig/lib/ext/ecc.c ++++ gnutls-3.2.3/lib/ext/ecc.c @@ -35,6 +35,7 @@ /* Maps record size to numbers according to the * extensions draft. @@ -210,10 +198,10 @@ Index: gnutls-3.2.1/lib/ext/ecc.c } + +#endif -Index: gnutls-3.2.1/lib/gnutls_extensions.c +Index: gnutls-3.2.3/lib/gnutls_extensions.c =================================================================== ---- gnutls-3.2.1.orig/lib/gnutls_extensions.c -+++ gnutls-3.2.1/lib/gnutls_extensions.c +--- gnutls-3.2.3.orig/lib/gnutls_extensions.c ++++ gnutls-3.2.3/lib/gnutls_extensions.c @@ -351,6 +351,7 @@ _gnutls_ext_init (void) if (ret != GNUTLS_E_SUCCESS) return ret; @@ -230,10 +218,10 @@ Index: gnutls-3.2.1/lib/gnutls_extensions.c ret = _gnutls_ext_register (&ext_mod_sig); if (ret != GNUTLS_E_SUCCESS) -Index: gnutls-3.2.1/lib/gnutls_priority.c +Index: gnutls-3.2.3/lib/gnutls_priority.c =================================================================== ---- gnutls-3.2.1.orig/lib/gnutls_priority.c -+++ gnutls-3.2.1/lib/gnutls_priority.c +--- gnutls-3.2.3.orig/lib/gnutls_priority.c ++++ gnutls-3.2.3/lib/gnutls_priority.c @@ -245,35 +245,45 @@ gnutls_certificate_type_set_priority (gn } @@ -356,10 +344,10 @@ Index: gnutls-3.2.1/lib/gnutls_priority.c 0 }; -Index: gnutls-3.2.1/lib/nettle/pk.c +Index: gnutls-3.2.3/lib/nettle/pk.c =================================================================== ---- gnutls-3.2.1.orig/lib/nettle/pk.c -+++ gnutls-3.2.1/lib/nettle/pk.c +--- gnutls-3.2.3.orig/lib/nettle/pk.c ++++ gnutls-3.2.3/lib/nettle/pk.c @@ -146,6 +146,7 @@ static int _wrap_nettle_pk_derive(gnutls switch (algo) @@ -384,7 +372,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c case GNUTLS_PK_EC: /* we do ECDSA */ { struct ecc_scalar priv; -@@ -369,6 +372,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith +@@ -370,6 +373,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith } break; } @@ -392,7 +380,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c case GNUTLS_PK_DSA: { struct dsa_public_key pub; -@@ -470,6 +474,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori +@@ -472,6 +476,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori switch (algo) { @@ -400,7 +388,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c case GNUTLS_PK_EC: /* ECDSA */ { struct ecc_point pub; -@@ -511,6 +516,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori +@@ -514,6 +519,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori ecc_point_clear( &pub); break; } @@ -408,7 +396,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c case GNUTLS_PK_DSA: { struct dsa_public_key pub; -@@ -717,6 +723,7 @@ rsa_fail: +@@ -721,6 +727,7 @@ rsa_fail: break; } @@ -416,7 +404,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c case GNUTLS_PK_EC: { struct ecc_scalar key; -@@ -757,6 +764,7 @@ ecc_cleanup: +@@ -761,6 +768,7 @@ ecc_cleanup: break; } @@ -424,7 +412,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; -@@ -873,6 +881,7 @@ dsa_cleanup: +@@ -877,6 +885,7 @@ dsa_cleanup: } break; @@ -432,7 +420,7 @@ Index: gnutls-3.2.1/lib/nettle/pk.c case GNUTLS_PK_EC: { struct ecc_point r, pub; -@@ -934,6 +943,7 @@ ecc_cleanup: +@@ -938,6 +947,7 @@ ecc_cleanup: ecc_point_clear(&pub); } break; @@ -440,10 +428,10 @@ Index: gnutls-3.2.1/lib/nettle/pk.c default: ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } -Index: gnutls-3.2.1/tests/cert-tests/dane +Index: gnutls-3.2.3/tests/cert-tests/dane =================================================================== ---- gnutls-3.2.1.orig/tests/cert-tests/dane -+++ gnutls-3.2.1/tests/cert-tests/dane +--- gnutls-3.2.3.orig/tests/cert-tests/dane ++++ gnutls-3.2.3/tests/cert-tests/dane @@ -22,6 +22,8 @@ set -e @@ -453,10 +441,10 @@ Index: gnutls-3.2.1/tests/cert-tests/dane srcdir=${srcdir:-.} DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT} -Index: gnutls-3.2.1/tests/dtls/dtls-nb +Index: gnutls-3.2.3/tests/dtls/dtls-nb =================================================================== ---- gnutls-3.2.1.orig/tests/dtls/dtls-nb -+++ gnutls-3.2.1/tests/dtls/dtls-nb +--- gnutls-3.2.3.orig/tests/dtls/dtls-nb ++++ gnutls-3.2.3/tests/dtls/dtls-nb @@ -22,9 +22,7 @@ set -e @@ -468,10 +456,10 @@ Index: gnutls-3.2.1/tests/dtls/dtls-nb ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished ./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone -Index: gnutls-3.2.1/tests/dtls/dtls +Index: gnutls-3.2.3/tests/dtls/dtls =================================================================== ---- gnutls-3.2.1.orig/tests/dtls/dtls -+++ gnutls-3.2.1/tests/dtls/dtls +--- gnutls-3.2.3.orig/tests/dtls/dtls ++++ gnutls-3.2.3/tests/dtls/dtls @@ -22,9 +22,7 @@ set -e @@ -483,10 +471,10 @@ Index: gnutls-3.2.1/tests/dtls/dtls ./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished ./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone -Index: gnutls-3.2.1/tests/ecdsa/ecdsa +Index: gnutls-3.2.3/tests/ecdsa/ecdsa =================================================================== ---- gnutls-3.2.1.orig/tests/ecdsa/ecdsa -+++ gnutls-3.2.1/tests/ecdsa/ecdsa +--- gnutls-3.2.3.orig/tests/ecdsa/ecdsa ++++ gnutls-3.2.3/tests/ecdsa/ecdsa @@ -22,6 +22,8 @@ #set -e @@ -496,10 +484,10 @@ Index: gnutls-3.2.1/tests/ecdsa/ecdsa srcdir=${srcdir:-.} CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} -Index: gnutls-3.2.1/tests/mini-dtls-heartbeat.c +Index: gnutls-3.2.3/tests/mini-dtls-heartbeat.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-dtls-heartbeat.c -+++ gnutls-3.2.1/tests/mini-dtls-heartbeat.c +--- gnutls-3.2.3.orig/tests/mini-dtls-heartbeat.c ++++ gnutls-3.2.3/tests/mini-dtls-heartbeat.c @@ -27,7 +27,7 @@ #include #include @@ -509,11 +497,11 @@ Index: gnutls-3.2.1/tests/mini-dtls-heartbeat.c int main () -Index: gnutls-3.2.1/tests/mini-dtls-record.c +Index: gnutls-3.2.3/tests/mini-dtls-record.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-dtls-record.c -+++ gnutls-3.2.1/tests/mini-dtls-record.c -@@ -27,7 +27,7 @@ +--- gnutls-3.2.3.orig/tests/mini-dtls-record.c ++++ gnutls-3.2.3/tests/mini-dtls-record.c +@@ -29,7 +29,7 @@ #include #include @@ -522,10 +510,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-record.c int main () -Index: gnutls-3.2.1/tests/mini-dtls-rehandshake.c +Index: gnutls-3.2.3/tests/mini-dtls-rehandshake.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-dtls-rehandshake.c -+++ gnutls-3.2.1/tests/mini-dtls-rehandshake.c +--- gnutls-3.2.3.orig/tests/mini-dtls-rehandshake.c ++++ gnutls-3.2.3/tests/mini-dtls-rehandshake.c @@ -27,7 +27,7 @@ #include #include @@ -535,10 +523,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-rehandshake.c int main() { -Index: gnutls-3.2.1/tests/mini-dtls-srtp.c +Index: gnutls-3.2.3/tests/mini-dtls-srtp.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-dtls-srtp.c -+++ gnutls-3.2.1/tests/mini-dtls-srtp.c +--- gnutls-3.2.3.orig/tests/mini-dtls-srtp.c ++++ gnutls-3.2.3/tests/mini-dtls-srtp.c @@ -27,7 +27,7 @@ #include #include @@ -548,10 +536,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-srtp.c int main (int argc, char** argv) -Index: gnutls-3.2.1/tests/mini-handshake-timeout.c +Index: gnutls-3.2.3/tests/mini-handshake-timeout.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-handshake-timeout.c -+++ gnutls-3.2.1/tests/mini-handshake-timeout.c +--- gnutls-3.2.3.orig/tests/mini-handshake-timeout.c ++++ gnutls-3.2.3/tests/mini-handshake-timeout.c @@ -28,7 +28,7 @@ #include #include @@ -574,10 +562,10 @@ Index: gnutls-3.2.1/tests/mini-handshake-timeout.c } static void -Index: gnutls-3.2.1/tests/mini-loss-time.c +Index: gnutls-3.2.3/tests/mini-loss-time.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-loss-time.c -+++ gnutls-3.2.1/tests/mini-loss-time.c +--- gnutls-3.2.3.orig/tests/mini-loss-time.c ++++ gnutls-3.2.3/tests/mini-loss-time.c @@ -28,7 +28,7 @@ #include #include @@ -587,10 +575,10 @@ Index: gnutls-3.2.1/tests/mini-loss-time.c int main() { -Index: gnutls-3.2.1/tests/mini-record.c +Index: gnutls-3.2.3/tests/mini-record.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-record.c -+++ gnutls-3.2.1/tests/mini-record.c +--- gnutls-3.2.3.orig/tests/mini-record.c ++++ gnutls-3.2.3/tests/mini-record.c @@ -27,7 +27,7 @@ #include #include @@ -600,10 +588,10 @@ Index: gnutls-3.2.1/tests/mini-record.c int main() { -Index: gnutls-3.2.1/tests/mini-record-range.c +Index: gnutls-3.2.3/tests/mini-record-range.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-record-range.c -+++ gnutls-3.2.1/tests/mini-record-range.c +--- gnutls-3.2.3.orig/tests/mini-record-range.c ++++ gnutls-3.2.3/tests/mini-record-range.c @@ -27,7 +27,7 @@ #include #include @@ -613,10 +601,10 @@ Index: gnutls-3.2.1/tests/mini-record-range.c int main() { -Index: gnutls-3.2.1/tests/mini-xssl.c +Index: gnutls-3.2.3/tests/mini-xssl.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-xssl.c -+++ gnutls-3.2.1/tests/mini-xssl.c +--- gnutls-3.2.3.orig/tests/mini-xssl.c ++++ gnutls-3.2.3/tests/mini-xssl.c @@ -27,7 +27,7 @@ #include #include @@ -626,10 +614,10 @@ Index: gnutls-3.2.1/tests/mini-xssl.c int main() { -Index: gnutls-3.2.1/tests/pkcs12_simple.c +Index: gnutls-3.2.3/tests/pkcs12_simple.c =================================================================== ---- gnutls-3.2.1.orig/tests/pkcs12_simple.c -+++ gnutls-3.2.1/tests/pkcs12_simple.c +--- gnutls-3.2.3.orig/tests/pkcs12_simple.c ++++ gnutls-3.2.3/tests/pkcs12_simple.c @@ -50,6 +50,10 @@ doit (void) gnutls_x509_privkey_t pkey; int ret; @@ -641,10 +629,10 @@ Index: gnutls-3.2.1/tests/pkcs12_simple.c ret = global_init (); if (ret < 0) fail ("global_init failed %d\n", ret); -Index: gnutls-3.2.1/tests/slow/keygen.c +Index: gnutls-3.2.3/tests/slow/keygen.c =================================================================== ---- gnutls-3.2.1.orig/tests/slow/keygen.c -+++ gnutls-3.2.1/tests/slow/keygen.c +--- gnutls-3.2.3.orig/tests/slow/keygen.c ++++ gnutls-3.2.3/tests/slow/keygen.c @@ -65,6 +65,11 @@ doit (void) if (algorithm == GNUTLS_PK_DH) continue; @@ -657,10 +645,10 @@ Index: gnutls-3.2.1/tests/slow/keygen.c ret = gnutls_x509_privkey_init (&pkey); if (ret < 0) { -Index: gnutls-3.2.1/tests/srp/mini-srp.c +Index: gnutls-3.2.3/tests/srp/mini-srp.c =================================================================== ---- gnutls-3.2.1.orig/tests/srp/mini-srp.c -+++ gnutls-3.2.1/tests/srp/mini-srp.c +--- gnutls-3.2.3.orig/tests/srp/mini-srp.c ++++ gnutls-3.2.3/tests/srp/mini-srp.c @@ -27,7 +27,7 @@ #include #include @@ -670,10 +658,10 @@ Index: gnutls-3.2.1/tests/srp/mini-srp.c int main() { -Index: gnutls-3.2.1/lib/auth/ecdhe.c +Index: gnutls-3.2.3/lib/auth/ecdhe.c =================================================================== ---- gnutls-3.2.1.orig/lib/auth/ecdhe.c -+++ gnutls-3.2.1/lib/auth/ecdhe.c +--- gnutls-3.2.3.orig/lib/auth/ecdhe.c ++++ gnutls-3.2.3/lib/auth/ecdhe.c @@ -50,7 +50,7 @@ static int proc_ecdhe_client_kx (gnutls_session_t session, uint8_t * data, size_t _data_size); @@ -683,10 +671,10 @@ Index: gnutls-3.2.1/lib/auth/ecdhe.c const mod_auth_st ecdhe_ecdsa_auth_struct = { "ECDHE_ECDSA", _gnutls_gen_cert_server_crt, -Index: gnutls-3.2.1/tests/mini-dtls-hello-verify.c +Index: gnutls-3.2.3/tests/mini-dtls-hello-verify.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-dtls-hello-verify.c -+++ gnutls-3.2.1/tests/mini-dtls-hello-verify.c +--- gnutls-3.2.3.orig/tests/mini-dtls-hello-verify.c ++++ gnutls-3.2.3/tests/mini-dtls-hello-verify.c @@ -27,7 +27,7 @@ #include #include @@ -696,10 +684,10 @@ Index: gnutls-3.2.1/tests/mini-dtls-hello-verify.c int main() { -Index: gnutls-3.2.1/tests/mini-alpn.c +Index: gnutls-3.2.3/tests/mini-alpn.c =================================================================== ---- gnutls-3.2.1.orig/tests/mini-alpn.c -+++ gnutls-3.2.1/tests/mini-alpn.c +--- gnutls-3.2.3.orig/tests/mini-alpn.c ++++ gnutls-3.2.3/tests/mini-alpn.c @@ -25,7 +25,7 @@ #include #include @@ -709,3 +697,112 @@ Index: gnutls-3.2.1/tests/mini-alpn.c int main (int argc, char** argv) +Index: gnutls-3.2.3/tests/mini-dtls-large.c +=================================================================== +--- gnutls-3.2.3.orig/tests/mini-dtls-large.c ++++ gnutls-3.2.3/tests/mini-dtls-large.c +@@ -25,7 +25,7 @@ + #include + #include + +-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) ++#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC) + + int + main () +@@ -194,7 +194,11 @@ server (int fd) + * are adequate. + */ + gnutls_priority_set_direct (session, ++#ifdef ENABLE_ECDH + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", ++#else ++ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", ++#endif + NULL); + + gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); +Index: gnutls-3.2.3/tests/priorities.c +=================================================================== +--- gnutls-3.2.3.orig/tests/priorities.c ++++ gnutls-3.2.3/tests/priorities.c +@@ -73,7 +73,7 @@ unsigned i, si, count = 0; + for (i=0;i -Date: Sun, 2 Jun 2013 12:10:06 +0200 -Subject: [PATCH] Avoid comparing the expiration date to prevent false positive error in 32-bit systems. - ---- - tests/cert-tests/pem-decoding | 6 ++++-- - 1 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding -index fe769ec..f8c6372 100755 ---- a/tests/cert-tests/pem-decoding -+++ b/tests/cert-tests/pem-decoding -@@ -61,7 +61,9 @@ if test "$rc" != "0"; then - exit $rc - fi - --diff $srcdir/complex-cert.pem tmp-pem.pem -+cat $srcdir/complex-cert.pem |grep -v "Not After:" >tmp1 -+cat $srcdir/tmp-pem.pem |grep -v "Not After:" >tmp2 -+diff tmp1 tmp2 - rc=$? - - if test "$rc" != "0"; then -@@ -69,6 +71,6 @@ if test "$rc" != "0"; then - exit $rc - fi - --rm -f tmp-pem.pem -+rm -f tmp-pem.pem tmp1 tmp2 - - exit 0 --- -1.7.1 - diff --git a/gnutls-implement-trust-store-dir.diff b/gnutls-implement-trust-store-dir.diff index e7fb953..97e8339 100644 --- a/gnutls-implement-trust-store-dir.diff +++ b/gnutls-implement-trust-store-dir.diff @@ -1,8 +1,8 @@ -Index: gnutls-3.2.1/configure.ac +Index: gnutls-3.2.3/configure.ac =================================================================== ---- gnutls-3.2.1.orig/configure.ac -+++ gnutls-3.2.1/configure.ac -@@ -398,6 +398,25 @@ if test "$with_default_trust_store_file" +--- gnutls-3.2.3.orig/configure.ac ++++ gnutls-3.2.3/configure.ac +@@ -418,6 +418,25 @@ if test "$with_default_trust_store_file" with_default_trust_store_file="" fi @@ -28,7 +28,7 @@ Index: gnutls-3.2.1/configure.ac AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) -@@ -407,6 +426,11 @@ if test "x$with_default_trust_store_file +@@ -427,6 +446,11 @@ if test "x$with_default_trust_store_file ["$with_default_trust_store_file"], [use the given file default trust store]) fi @@ -40,7 +40,7 @@ Index: gnutls-3.2.1/configure.ac if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) -@@ -683,6 +707,7 @@ AC_MSG_NOTICE([System files: +@@ -704,6 +728,7 @@ AC_MSG_NOTICE([System files: Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file @@ -48,10 +48,10 @@ Index: gnutls-3.2.1/configure.ac CRL file: $with_default_crl_file DNSSEC root key file: $unbound_root_key_file ]) -Index: gnutls-3.2.1/lib/system.c +Index: gnutls-3.2.3/lib/system.c =================================================================== ---- gnutls-3.2.1.orig/lib/system.c -+++ gnutls-3.2.1/lib/system.c +--- gnutls-3.2.3.orig/lib/system.c ++++ gnutls-3.2.3/lib/system.c @@ -385,7 +385,45 @@ const char *home_dir = getenv ("HOME"); return 0; } diff --git a/gnutls.changes b/gnutls.changes index 4f23ab5..869762e 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu Aug 1 13:42:11 UTC 2013 - meissner@suse.com + +- Updated to 3.2.3 + ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan + Buehler. + + ** libgnutls: Solve issue with received TLS packets that exceed 2^14. + (this fixes a bug that was accidentally introduced in 3.2.2) + + ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly + be used by the library. + + ** libgnutls: Fixes in gnutls_record_send_range(). Report and initial + fix by Alfredo Pironti. + +- Updated to 3.2.2 + ** libgnutls: Several optimizations in the related to packet processing + subsystems. + + ** libgnutls: DTLS replay detection can now be disabled (to be used + in certain transport layers like SCTP). + + ** libgnutls: Fixes in SRTP extension generation when MKI is being used. + + ** libgnutls: Added ability to set hooks before or + after sending or receiving any handshake message with + gnutls_handshake_set_hook_function(). + +- gnutls-3.2.3-noecc.patch: updated to disable ECC. +- automake-1.12.patch: upstream, dropped +- gnutls-32bit.patch: upstream, dropped +- gnutls-3.2.1-pkcs11.diff: upstream, dropped + ------------------------------------------------------------------- Fri Jul 26 12:45:45 UTC 2013 - lnussel@suse.de diff --git a/gnutls.spec b/gnutls.spec index 29b1d75..23c66d5 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -21,7 +21,7 @@ %define gnutls_ossl_sover 27 Name: gnutls -Version: 3.2.1 +Version: 3.2.3 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ and GPL-3.0+ @@ -32,20 +32,12 @@ Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.x Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/%{name}-%{version}.tar.xz.sig Source2: %name.keyring Source3: baselibs.conf -# https://gitorious.org/gnutls/gnutls/commit/7613c3251430a212fe5d6001863045f20eca7563 -# PATCH-UPSTREAM lnussel@suse.de -- fix reading ca-certificates # via pkcs11 interface -Patch1: gnutls-3.2.1-pkcs11.diff -Patch2: automake-1.12.patch # PATCH-FIX-OPENSUSE gnutls-3.0.26-skip-test-fwrite.patch andreas.stieger@gmx.de -- skip a failing test Patch3: gnutls-3.0.26-skip-test-fwrite.patch -# https://gitorious.org/gnutls/gnutls/commit/b12040aeab5fbaf02677571db1d8bf1995bd5ee0?format=patch -# PATCH-UPSTREAM gnutls-32bit.patch meissner@suse.de -- avoid dates after 2037 with 32bit time_t -Patch4: gnutls-32bit.patch - # Disable elliptic curves for reasons. - meissner&cfarrell -Patch5: gnutls-3.2.1-noecc.patch +Patch5: gnutls-3.2.3-noecc.patch Patch6: gnutls-implement-trust-store-dir.diff BuildRequires: automake @@ -143,10 +135,7 @@ Files needed for software development using gnutls. %prep %setup -q -%patch1 -p1 -%patch2 -p1 %patch3 -%patch4 -p1 %patch5 -p1 %patch6 -p1