[openvas-libraries] change from deprecated gnutls_*_set_priority to gnutls_priority_set_direct
rebus
rebus at fedoraproject.org
Mon Jul 4 01:11:55 UTC 2011
commit 4ac3f4e4ac185655240f5a652a08da7d6b641221
Author: Michal Ambroz <rebus at seznam.cz>
Date: Mon Jul 4 03:11:15 2011 +0200
change from deprecated gnutls_*_set_priority to gnutls_priority_set_direct
openvas-libraries-gnutls.patch | 148 ++++++++++++++++++++++++++++++++++++++++
openvas-libraries.spec | 8 ++-
2 files changed, 155 insertions(+), 1 deletions(-)
---
diff --git a/openvas-libraries-gnutls.patch b/openvas-libraries-gnutls.patch
new file mode 100644
index 0000000..d94dd4b
--- /dev/null
+++ b/openvas-libraries-gnutls.patch
@@ -0,0 +1,148 @@
+Change from deprecated gnutls_*_set_priority to new gnutls_priority_set_direct
+Reported upstream in bug #2526.
+http://wald.intevation.org/tracker/?func=detail&atid=220&aid=2526&group_id=29
+http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html
+diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc/network.c
+--- openvas-libraries-4.0.5/misc/network.c 2011-06-01 15:38:37.000000000 +0200
++++ openvas-libraries-4.0.5.new/misc/network.c 2011-07-04 02:53:17.000000000 +0200
+@@ -413,17 +413,26 @@
+ }
+
+ static int
+-set_gnutls_priorities (gnutls_session_t session, int *protocol_priority,
+- int *cipher_priority, int *comp_priority,
+- int *kx_priority, int *mac_priority)
+-{
+- int err;
+-
+- if ((err = gnutls_protocol_set_priority (session, protocol_priority))
+- || (err = gnutls_cipher_set_priority (session, cipher_priority))
+- || (err = gnutls_compression_set_priority (session, comp_priority))
+- || (err = gnutls_kx_set_priority (session, kx_priority))
+- || (err = gnutls_mac_set_priority (session, mac_priority)))
++set_gnutls_priorities (gnutls_session_t session, const char *protocol_priority,
++ const char *cipher_priority, const char *comp_priority,
++ const char *kx_priority, const char *mac_priority)
++{
++ const char *error_pos = NULL;
++ int err=0;
++
++ char *priorities=malloc(strlen(protocol_priority) + strlen(cipher_priority)
++ + strlen(comp_priority) + strlen(kx_priority)
++ + strlen(mac_priority) + 5 );
++
++ strcpy(priorities,"NONE");
++ strcpy(priorities,protocol_priority);
++ strcpy(priorities,cipher_priority);
++ strcpy(priorities,comp_priority);
++ strcpy(priorities,kx_priority);
++ strcpy(priorities,mac_priority);
++
++
++ if ((err = gnutls_priority_set_direct (session, priorities, &error_pos)) != 0 )
+ {
+ tlserror ("setting session priorities", err);
+ return -1;
+@@ -434,29 +443,11 @@
+ static int
+ set_gnutls_sslv23 (gnutls_session_t session)
+ {
+- static int protocol_priority[] = { GNUTLS_TLS1,
+- GNUTLS_SSL3,
+- 0
+- };
+- static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
+- GNUTLS_CIPHER_3DES_CBC,
+- GNUTLS_CIPHER_AES_256_CBC,
+- GNUTLS_CIPHER_ARCFOUR_128,
+- 0
+- };
+- static int comp_priority[] = { GNUTLS_COMP_ZLIB,
+- GNUTLS_COMP_NULL,
+- 0
+- };
+- static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
+- GNUTLS_KX_RSA,
+- GNUTLS_KX_DHE_DSS,
+- 0
+- };
+- static int mac_priority[] = { GNUTLS_MAC_SHA1,
+- GNUTLS_MAC_MD5,
+- 0
+- };
++ const char *protocol_priority=":+VERS-TLS-ALL";
++ const char *cipher_priority=":+AES-128-CBC:+3DES-CBC:+AES-256-CBC:+ARCFOUR-128";
++ const char *comp_priority=":+COMP-ALL";
++ const char *kx_priority=":+DHE-RSA:+RSA:+DHE-DSS";
++ const char *mac_priority=":+SHA1:+MD5";
+
+ return set_gnutls_priorities (session, protocol_priority, cipher_priority,
+ comp_priority, kx_priority, mac_priority);
+@@ -465,28 +456,11 @@
+ static int
+ set_gnutls_sslv3 (gnutls_session_t session)
+ {
+- static int protocol_priority[] = { GNUTLS_SSL3,
+- 0
+- };
+- static int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC,
+- GNUTLS_CIPHER_ARCFOUR_128,
+- 0
+- };
+- static int comp_priority[] = { GNUTLS_COMP_ZLIB,
+- GNUTLS_COMP_NULL,
+- 0
+- };
+-
+- static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
+- GNUTLS_KX_RSA,
+- GNUTLS_KX_DHE_DSS,
+- 0
+- };
+-
+- static int mac_priority[] = { GNUTLS_MAC_SHA1,
+- GNUTLS_MAC_MD5,
+- 0
+- };
++ const char *protocol_priority=":+VERS-SSL3.0";
++ const char *cipher_priority=":+3DES-CBC:+ARCFOUR-128";
++ const char *comp_priority=":+COMP-ALL";
++ const char *kx_priority=":+DHE-RSA::+RSA+DHE-DSS";
++ const char *mac_priority=":+SHA1:+MD5";
+
+ return set_gnutls_priorities (session, protocol_priority, cipher_priority,
+ comp_priority, kx_priority, mac_priority);
+@@ -495,28 +469,11 @@
+ static int
+ set_gnutls_tlsv1 (gnutls_session_t session)
+ {
+- static int protocol_priority[] = { GNUTLS_TLS1,
+- 0
+- };
+- static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
+- GNUTLS_CIPHER_3DES_CBC,
+- GNUTLS_CIPHER_AES_256_CBC,
+- GNUTLS_CIPHER_ARCFOUR_128,
+- 0
+- };
+- static int comp_priority[] = { GNUTLS_COMP_ZLIB,
+- GNUTLS_COMP_NULL,
+- 0
+- };
+- static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
+- GNUTLS_KX_RSA,
+- GNUTLS_KX_DHE_DSS,
+- 0
+- };
+- static int mac_priority[] = { GNUTLS_MAC_SHA1,
+- GNUTLS_MAC_MD5,
+- 0
+- };
++ const char *protocol_priority="+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
++ const char *cipher_priority=":+AES-128-CBC:+3DES-CBC:+AES-256-CBC:+ARCFOUR-128";
++ const char *comp_priority=":+COMP-ALL";
++ const char *kx_priority=":+DHE-RSA::+RSA+DHE-DSS";
++ const char *mac_priority=":+SHA1:+MD5";
+
+ return set_gnutls_priorities (session, protocol_priority, cipher_priority,
+ comp_priority, kx_priority, mac_priority);
diff --git a/openvas-libraries.spec b/openvas-libraries.spec
index 450ab31..7b85ba9 100644
--- a/openvas-libraries.spec
+++ b/openvas-libraries.spec
@@ -4,13 +4,15 @@ URL: http://www.openvas.org
License: LGPLv2
Group: System Environment/Libraries
Version: 4.0.5
-Release: 1%{?dist}
+Release: 2%{?dist}
Source0: http://wald.intevation.org/frs/download.php/872/%{name}-%{version}.tar.gz
#Reported as bug 1942 Fix compile time errors - variable 'xxx' set but not used
#http://wald.intevation.org/tracker/index.php?func=detail&aid=1942&group_id=29&atid=220
Patch0: openvas-libraries-notused.patch
+Patch1: openvas-libraries-gnutls.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Obsoletes: openvas-libnasl
BuildRequires: glib2-devel
@@ -40,6 +42,7 @@ Development libraries and headers for use with openvas-libraries.
%prep
%setup -q
%patch0 -p 1 -b notused.patch
+%patch1 -p 1 -b gnutls.patch
%build
@@ -90,6 +93,9 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/libopenvas.pc
%changelog
+* Sun Jul 3 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-2
+- change from deprecated gnutls_*_set_priority to gnutls_priority_set_direct
+
* Fri Jun 10 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-1
- bump to 4.0.5
More information about the scm-commits
mailing list