[openvas-libraries] change from deprecated gnutls_*_set_priority to gnutls_priority_set_direct

rebus rebus at fedoraproject.org
Mon Jul 4 01:11:55 UTC 2011 

commit 4ac3f4e4ac185655240f5a652a08da7d6b641221
Author: Michal Ambroz <rebus at seznam.cz>
Date:   Mon Jul 4 03:11:15 2011 +0200

    change from deprecated gnutls_*_set_priority to gnutls_priority_set_direct

 openvas-libraries-gnutls.patch |  148 ++++++++++++++++++++++++++++++++++++++++
 openvas-libraries.spec         |    8 ++-
 2 files changed, 155 insertions(+), 1 deletions(-)
---
diff --git a/openvas-libraries-gnutls.patch b/openvas-libraries-gnutls.patch
new file mode 100644
index 0000000..d94dd4b
--- /dev/null
+++ b/openvas-libraries-gnutls.patch
@@ -0,0 +1,148 @@
+Change from deprecated gnutls_*_set_priority to new gnutls_priority_set_direct
+Reported upstream in bug #2526.
+http://wald.intevation.org/tracker/?func=detail&atid=220&aid=2526&group_id=29
+http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html
+diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc/network.c
+--- openvas-libraries-4.0.5/misc/network.c	2011-06-01 15:38:37.000000000 +0200
++++ openvas-libraries-4.0.5.new/misc/network.c	2011-07-04 02:53:17.000000000 +0200
+@@ -413,17 +413,26 @@
+ }
+ 
+ static int
+-set_gnutls_priorities (gnutls_session_t session, int *protocol_priority,
+-                       int *cipher_priority, int *comp_priority,
+-                       int *kx_priority, int *mac_priority)
+-{
+-  int err;
+-
+-  if ((err = gnutls_protocol_set_priority (session, protocol_priority))
+-      || (err = gnutls_cipher_set_priority (session, cipher_priority))
+-      || (err = gnutls_compression_set_priority (session, comp_priority))
+-      || (err = gnutls_kx_set_priority (session, kx_priority))
+-      || (err = gnutls_mac_set_priority (session, mac_priority)))
++set_gnutls_priorities (gnutls_session_t session, const char *protocol_priority,
++                       const char *cipher_priority, const char *comp_priority,
++                       const char *kx_priority, const char *mac_priority)
++{
++  const char *error_pos = NULL;
++  int err=0;
++
++  char *priorities=malloc(strlen(protocol_priority) + strlen(cipher_priority)
++			+ strlen(comp_priority) + strlen(kx_priority) 
++			+ strlen(mac_priority) + 5 );
++
++  strcpy(priorities,"NONE");
++  strcpy(priorities,protocol_priority);
++  strcpy(priorities,cipher_priority);
++  strcpy(priorities,comp_priority);
++  strcpy(priorities,kx_priority);
++  strcpy(priorities,mac_priority);
++
++
++  if ((err = gnutls_priority_set_direct (session, priorities, &error_pos)) != 0 )
+     {
+       tlserror ("setting session priorities", err);
+       return -1;
+@@ -434,29 +443,11 @@
+ static int
+ set_gnutls_sslv23 (gnutls_session_t session)
+ {
+-  static int protocol_priority[] = { GNUTLS_TLS1,
+-    GNUTLS_SSL3,
+-    0
+-  };
+-  static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
+-    GNUTLS_CIPHER_3DES_CBC,
+-    GNUTLS_CIPHER_AES_256_CBC,
+-    GNUTLS_CIPHER_ARCFOUR_128,
+-    0
+-  };
+-  static int comp_priority[] = { GNUTLS_COMP_ZLIB,
+-    GNUTLS_COMP_NULL,
+-    0
+-  };
+-  static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
+-    GNUTLS_KX_RSA,
+-    GNUTLS_KX_DHE_DSS,
+-    0
+-  };
+-  static int mac_priority[] = { GNUTLS_MAC_SHA1,
+-    GNUTLS_MAC_MD5,
+-    0
+-  };
++  const char *protocol_priority=":+VERS-TLS-ALL";
++  const char *cipher_priority=":+AES-128-CBC:+3DES-CBC:+AES-256-CBC:+ARCFOUR-128";
++  const char *comp_priority=":+COMP-ALL";
++  const char *kx_priority=":+DHE-RSA:+RSA:+DHE-DSS";
++  const char *mac_priority=":+SHA1:+MD5";
+ 
+   return set_gnutls_priorities (session, protocol_priority, cipher_priority,
+                                 comp_priority, kx_priority, mac_priority);
+@@ -465,28 +456,11 @@
+ static int
+ set_gnutls_sslv3 (gnutls_session_t session)
+ {
+-  static int protocol_priority[] = { GNUTLS_SSL3,
+-    0
+-  };
+-  static int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC,
+-    GNUTLS_CIPHER_ARCFOUR_128,
+-    0
+-  };
+-  static int comp_priority[] = { GNUTLS_COMP_ZLIB,
+-    GNUTLS_COMP_NULL,
+-    0
+-  };
+-
+-  static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
+-    GNUTLS_KX_RSA,
+-    GNUTLS_KX_DHE_DSS,
+-    0
+-  };
+-
+-  static int mac_priority[] = { GNUTLS_MAC_SHA1,
+-    GNUTLS_MAC_MD5,
+-    0
+-  };
++  const char *protocol_priority=":+VERS-SSL3.0";
++  const char *cipher_priority=":+3DES-CBC:+ARCFOUR-128";
++  const char *comp_priority=":+COMP-ALL";
++  const char *kx_priority=":+DHE-RSA::+RSA+DHE-DSS";
++  const char *mac_priority=":+SHA1:+MD5";
+ 
+   return set_gnutls_priorities (session, protocol_priority, cipher_priority,
+                                 comp_priority, kx_priority, mac_priority);
+@@ -495,28 +469,11 @@
+ static int
+ set_gnutls_tlsv1 (gnutls_session_t session)
+ {
+-  static int protocol_priority[] = { GNUTLS_TLS1,
+-    0
+-  };
+-  static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC,
+-    GNUTLS_CIPHER_3DES_CBC,
+-    GNUTLS_CIPHER_AES_256_CBC,
+-    GNUTLS_CIPHER_ARCFOUR_128,
+-    0
+-  };
+-  static int comp_priority[] = { GNUTLS_COMP_ZLIB,
+-    GNUTLS_COMP_NULL,
+-    0
+-  };
+-  static int kx_priority[] = { GNUTLS_KX_DHE_RSA,
+-    GNUTLS_KX_RSA,
+-    GNUTLS_KX_DHE_DSS,
+-    0
+-  };
+-  static int mac_priority[] = { GNUTLS_MAC_SHA1,
+-    GNUTLS_MAC_MD5,
+-    0
+-  };
++  const char *protocol_priority="+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
++  const char *cipher_priority=":+AES-128-CBC:+3DES-CBC:+AES-256-CBC:+ARCFOUR-128";
++  const char *comp_priority=":+COMP-ALL";
++  const char *kx_priority=":+DHE-RSA::+RSA+DHE-DSS";
++  const char *mac_priority=":+SHA1:+MD5";
+ 
+   return set_gnutls_priorities (session, protocol_priority, cipher_priority,
+                                 comp_priority, kx_priority, mac_priority);
diff --git a/openvas-libraries.spec b/openvas-libraries.spec
index 450ab31..7b85ba9 100644
--- a/openvas-libraries.spec
+++ b/openvas-libraries.spec
@@ -4,13 +4,15 @@ URL:		http://www.openvas.org
 License:	LGPLv2
 Group:		System Environment/Libraries
 Version:	4.0.5
-Release:	1%{?dist}
+Release:	2%{?dist}
 Source0:	http://wald.intevation.org/frs/download.php/872/%{name}-%{version}.tar.gz
 
 #Reported as bug 1942	Fix compile time errors - variable 'xxx' set but not used
 #http://wald.intevation.org/tracker/index.php?func=detail&aid=1942&group_id=29&atid=220
 Patch0:		openvas-libraries-notused.patch
 
+Patch1:		openvas-libraries-gnutls.patch
+
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
 Obsoletes:	openvas-libnasl
 BuildRequires:	glib2-devel
@@ -40,6 +42,7 @@ Development libraries and headers for use with openvas-libraries.
 %prep
 %setup -q
 %patch0 -p 1 -b notused.patch
+%patch1 -p 1 -b gnutls.patch
 
 
 %build
@@ -90,6 +93,9 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/libopenvas.pc
 
 %changelog
+* Sun Jul 3 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-2
+- change from deprecated gnutls_*_set_priority to gnutls_priority_set_direct
+
 * Fri Jun 10 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-1
 - bump to 4.0.5

More information about the scm-commits mailing list