[openvas-libraries] Patch for new gnutls version.

Mon Oct 3 18:52:40 UTC 2011

commit 13c6b0f1f60671e82873c8d52cf285ae63ae7d08
Author: Michal Ambroz <mambroz at mixer.localdomain>
Date:   Mon Oct 3 20:51:28 2011 +0200

    Patch for new gnutls version.

 openvas-libraries-gnutls.patch |   88 ++++++++++++++++++++++++++++++++++++++++
 1 files changed, 88 insertions(+), 0 deletions(-)
---

diff --git a/openvas-libraries-gnutls.patch b/openvas-libraries-gnutls.patch
index d94dd4b..58c11af 100644
--- a/openvas-libraries-gnutls.patch
+++ b/openvas-libraries-gnutls.patch
@@ -146,3 +146,91 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
  
    return set_gnutls_priorities (session, protocol_priority, cipher_priority,
                                  comp_priority, kx_priority, mac_priority);
+diff -ru openvas-libraries-4.0.5.new/misc/network.c openvas-libraries-4.0.5/misc/network.c
+--- openvas-libraries-4.0.5.new/misc/network.c	2011-10-03 20:38:16.372079165 +0200
++++ openvas-libraries-4.0.5/misc/network.c	2011-10-03 20:40:13.970763808 +0200
+@@ -466,7 +466,7 @@
+                                 comp_priority, kx_priority, mac_priority);
+ }
+ 
++int
+-static int
+ set_gnutls_tlsv1 (gnutls_session_t session)
+ {
+   const char *protocol_priority="+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
+diff -ru openvas-libraries-4.0.5.new/misc/network.h openvas-libraries-4.0.5/misc/network.h
+--- openvas-libraries-4.0.5.new/misc/network.h	2011-10-03 20:38:24.274923568 +0200
++++ openvas-libraries-4.0.5/misc/network.h	2011-06-01 15:38:37.000000000 +0200
+@@ -121,4 +121,6 @@
+ 
+ void convipv4toipv4mappedaddr (struct in_addr, struct in6_addr *);
+ 
++int set_gnutls_tlsv1 (gnutls_session_t session);
++
+ #endif
+diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0.5/misc/openvas_server.c
+--- openvas-libraries-4.0.5.new/misc/openvas_server.c	2011-10-03 20:39:25.165724711 +0200
++++ openvas-libraries-4.0.5/misc/openvas_server.c	2011-06-01 15:38:37.000000000 +0200
+@@ -58,6 +58,7 @@
+ #include <string.h>
+ 
+ #include "openvas_server.h"
++#include "network.h"
+ 
+ /**
+  * @todo This module nearly fulfils the requirements to be placed in the base
+@@ -143,6 +142,7 @@
+       return -1;
+     }
+ 
++  /* FIX - should we set some priorities?
+   const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
+     GNUTLS_KX_RSA,
+     GNUTLS_KX_DHE_DSS,
+@@ -156,6 +154,7 @@
+       gnutls_certificate_free_credentials (credentials);
+       return -1;
+     }
++  */
+ 
+   if (gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, credentials))
+     {
+@@ -619,6 +616,7 @@
+                     gnutls_certificate_credentials_t * server_credentials)
+ {
+   // FIX static vars?
++  /*
+   const int protocol_priority[] = { GNUTLS_TLS1,
+     0
+   };
+@@ -642,6 +638,8 @@
+     GNUTLS_MAC_MD5,
+     0
+   };
++  */
++
+ 
+   /* Turn off use of /dev/random, as this can block. */
+ 
+@@ -692,6 +686,7 @@
+       goto server_free_fail;
+     }
+ 
++  /*
+   if (gnutls_protocol_set_priority (*server_session, protocol_priority))
+     {
+       g_warning ("%s: failed to set protocol priority\n", __FUNCTION__);
+@@ -722,6 +715,13 @@
+     {
+       g_warning ("%s: failed to set mac priority\n", __FUNCTION__);
+       goto server_fail;
++    }
++  */
++
++  if (set_gnutls_tlsv1(*server_session))
++    {
++      g_warning ("%s: failed to set mac priority\n", __FUNCTION__);
++      goto server_fail;
+     }
+ 
+   if (gnutls_credentials_set
