[openvas-libraries] fix the gnutls patch

rebus rebus at fedoraproject.org
Fri Oct 7 00:09:24 UTC 2011 

commit ef61669ed46fac74a38bc3cce363b81cf0d5c17f
Author: Michal Ambroz <rebus at seznam.cz>
Date:   Fri Oct 7 02:09:02 2011 +0200

    fix the gnutls patch

 openvas-libraries-gnutls.patch |   83 +++++++++++++++++----------------------
 openvas-libraries.spec         |   10 ++--
 2 files changed, 41 insertions(+), 52 deletions(-)
---
diff --git a/openvas-libraries-gnutls.patch b/openvas-libraries-gnutls.patch
index 79e9085..e34c798 100644
--- a/openvas-libraries-gnutls.patch
+++ b/openvas-libraries-gnutls.patch
@@ -3,47 +3,46 @@ Reported upstream in bug #2526.
 http://wald.intevation.org/tracker/?func=detail&atid=220&aid=2526&group_id=29
 http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html
 diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc/network.c
---- openvas-libraries-4.0.5/misc/network.c	2011-06-01 15:38:37.000000000 +0200
-+++ openvas-libraries-4.0.5.new/misc/network.c	2011-07-04 02:53:17.000000000 +0200
-@@ -413,17 +413,26 @@
+--- openvas-libraries-4.0.5/misc/network.c	2011-10-07 01:45:36.406348779 +0200
++++ openvas-libraries-4.0.5.new/misc/network.c	2011-10-05 01:21:23.182790595 +0200
+@@ -413,17 +413,27 @@
  }
  
  static int
 -set_gnutls_priorities (gnutls_session_t session, int *protocol_priority,
 -                       int *cipher_priority, int *comp_priority,
 -                       int *kx_priority, int *mac_priority)
--{
++set_gnutls_priorities (gnutls_session_t session, const char *protocol_priority,
++                       const char *cipher_priority, const char *comp_priority,
++                       const char *kx_priority, const char *mac_priority)
+ {
 -  int err;
--
++  const char *error_pos = NULL;
++  int err=0;
+ 
 -  if ((err = gnutls_protocol_set_priority (session, protocol_priority))
 -      || (err = gnutls_cipher_set_priority (session, cipher_priority))
 -      || (err = gnutls_compression_set_priority (session, comp_priority))
 -      || (err = gnutls_kx_set_priority (session, kx_priority))
 -      || (err = gnutls_mac_set_priority (session, mac_priority)))
-+set_gnutls_priorities (gnutls_session_t session, const char *protocol_priority,
-+                       const char *cipher_priority, const char *comp_priority,
-+                       const char *kx_priority, const char *mac_priority)
-+{
-+  const char *error_pos = NULL;
-+  int err=0;
-+
 +  char *priorities=malloc(strlen(protocol_priority) + strlen(cipher_priority)
 +			+ strlen(comp_priority) + strlen(kx_priority) 
 +			+ strlen(mac_priority) + 5 );
 +
 +  strcpy(priorities,"NONE");
-+  strcpy(priorities,protocol_priority);
-+  strcpy(priorities,cipher_priority);
-+  strcpy(priorities,comp_priority);
-+  strcpy(priorities,kx_priority);
-+  strcpy(priorities,mac_priority);
++  strcat(priorities,protocol_priority);
++  strcat(priorities,cipher_priority);
++  strcat(priorities,comp_priority);
++  strcat(priorities,kx_priority);
++  strcat(priorities,mac_priority);
 +
++  g_debug("priorities: %s", priorities);
 +
 +  if ((err = gnutls_priority_set_direct (session, priorities, &error_pos)) != 0 )
      {
        tlserror ("setting session priorities", err);
        return -1;
-@@ -434,29 +443,11 @@
+@@ -434,29 +444,11 @@
  static int
  set_gnutls_sslv23 (gnutls_session_t session)
  {
@@ -78,7 +77,7 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
  
    return set_gnutls_priorities (session, protocol_priority, cipher_priority,
                                  comp_priority, kx_priority, mac_priority);
-@@ -465,28 +456,11 @@
+@@ -465,58 +457,24 @@
  static int
  set_gnutls_sslv3 (gnutls_session_t session)
  {
@@ -107,13 +106,15 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
 +  const char *protocol_priority=":+VERS-SSL3.0";
 +  const char *cipher_priority=":+3DES-CBC:+ARCFOUR-128";
 +  const char *comp_priority=":+COMP-ALL";
-+  const char *kx_priority=":+DHE-RSA:+RSA:+DHE-DSS";
++  const char *kx_priority=":+DHE-RSA::+RSA+DHE-DSS";
 +  const char *mac_priority=":+SHA1:+MD5";
  
    return set_gnutls_priorities (session, protocol_priority, cipher_priority,
                                  comp_priority, kx_priority, mac_priority);
-@@ -495,28 +469,11 @@
- static int
+ }
+ 
+-static int
++int
  set_gnutls_tlsv1 (gnutls_session_t session)
  {
 -  static int protocol_priority[] = { GNUTLS_TLS1,
@@ -138,7 +139,7 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
 -    GNUTLS_MAC_MD5,
 -    0
 -  };
-+  const char *protocol_priority=":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
++  const char *protocol_priority=":+VERS-TLS-ALL";
 +  const char *cipher_priority=":+AES-128-CBC:+3DES-CBC:+AES-256-CBC:+ARCFOUR-128";
 +  const char *comp_priority=":+COMP-ALL";
 +  const char *kx_priority=":+DHE-RSA:+RSA:+DHE-DSS";
@@ -146,21 +147,9 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
  
    return set_gnutls_priorities (session, protocol_priority, cipher_priority,
                                  comp_priority, kx_priority, mac_priority);
-diff -ru openvas-libraries-4.0.5.new/misc/network.c openvas-libraries-4.0.5/misc/network.c
---- openvas-libraries-4.0.5.new/misc/network.c	2011-10-03 20:38:16.372079165 +0200
-+++ openvas-libraries-4.0.5/misc/network.c	2011-10-03 20:40:13.970763808 +0200
-@@ -466,7 +466,7 @@
-                                 comp_priority, kx_priority, mac_priority);
- }
- 
-+int
--static int
- set_gnutls_tlsv1 (gnutls_session_t session)
- {
-   const char *protocol_priority="+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
-diff -ru openvas-libraries-4.0.5.new/misc/network.h openvas-libraries-4.0.5/misc/network.h
---- openvas-libraries-4.0.5.new/misc/network.h	2011-10-03 20:38:24.274923568 +0200
-+++ openvas-libraries-4.0.5/misc/network.h	2011-06-01 15:38:37.000000000 +0200
+diff -ru openvas-libraries-4.0.5/misc/network.h openvas-libraries-4.0.5.new/misc/network.h
+--- openvas-libraries-4.0.5/misc/network.h	2011-06-01 15:38:37.000000000 +0200
++++ openvas-libraries-4.0.5.new/misc/network.h	2011-10-04 16:49:43.985911401 +0200
 @@ -121,4 +121,6 @@
  
  void convipv4toipv4mappedaddr (struct in_addr, struct in6_addr *);
@@ -168,9 +157,9 @@ diff -ru openvas-libraries-4.0.5.new/misc/network.h openvas-libraries-4.0.5/misc
 +int set_gnutls_tlsv1 (gnutls_session_t session);
 +
  #endif
-diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0.5/misc/openvas_server.c
---- openvas-libraries-4.0.5.new/misc/openvas_server.c	2011-10-03 20:39:25.165724711 +0200
-+++ openvas-libraries-4.0.5/misc/openvas_server.c	2011-06-01 15:38:37.000000000 +0200
+diff -ru openvas-libraries-4.0.5/misc/openvas_server.c openvas-libraries-4.0.5.new/misc/openvas_server.c
+--- openvas-libraries-4.0.5/misc/openvas_server.c	2011-06-01 15:38:37.000000000 +0200
++++ openvas-libraries-4.0.5.new/misc/openvas_server.c	2011-10-04 16:49:43.986911382 +0200
 @@ -58,6 +58,7 @@
  #include <string.h>
  
@@ -179,7 +168,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
  
  /**
   * @todo This module nearly fulfils the requirements to be placed in the base
-@@ -143,6 +142,7 @@
+@@ -142,6 +143,7 @@
        return -1;
      }
  
@@ -187,7 +176,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
    const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
      GNUTLS_KX_RSA,
      GNUTLS_KX_DHE_DSS,
-@@ -156,6 +154,7 @@
+@@ -154,6 +156,7 @@
        gnutls_certificate_free_credentials (credentials);
        return -1;
      }
@@ -195,7 +184,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
  
    if (gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, credentials))
      {
-@@ -619,6 +616,7 @@
+@@ -616,6 +619,7 @@
                      gnutls_certificate_credentials_t * server_credentials)
  {
    // FIX static vars?
@@ -203,7 +192,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
    const int protocol_priority[] = { GNUTLS_TLS1,
      0
    };
-@@ -642,6 +638,8 @@
+@@ -638,6 +642,8 @@
      GNUTLS_MAC_MD5,
      0
    };
@@ -212,7 +201,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
  
    /* Turn off use of /dev/random, as this can block. */
  
-@@ -692,6 +686,7 @@
+@@ -686,6 +692,7 @@
        goto server_free_fail;
      }
  
@@ -220,7 +209,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
    if (gnutls_protocol_set_priority (*server_session, protocol_priority))
      {
        g_warning ("%s: failed to set protocol priority\n", __FUNCTION__);
-@@ -722,6 +715,13 @@
+@@ -715,6 +722,13 @@
      {
        g_warning ("%s: failed to set mac priority\n", __FUNCTION__);
        goto server_fail;
diff --git a/openvas-libraries.spec b/openvas-libraries.spec
index 02e70c6..6806023 100644
--- a/openvas-libraries.spec
+++ b/openvas-libraries.spec
@@ -44,9 +44,9 @@ Development libraries and headers for use with openvas-libraries.
 
 %prep
 %setup -q
-%patch0 -p 1 -b notused.patch
-%patch1 -p 1 -b gnutls.patch
-%patch2 -p 1 -b lowat.patch
+%patch0 -p 1 -b .notused.patch
+%patch1 -p 1 -b .gnutls.patch
+%patch2 -p 1 -b .lowat.patch
 
 
 %build
@@ -97,8 +97,8 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/libopenvas.pc
 
 %changelog
-* Thu Oct 07 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-4
-- fix the gnutls preferences string
+* Thu Oct 06 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-4
+- fix the priorities string
 
 * Sat Jul 30 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-3
 - gnutls > 2.12.0 has deprecated gnutls_transport_set_lowat

More information about the scm-commits mailing list