[openvas-libraries] fix the gnutls patch
rebus
rebus at fedoraproject.org
Fri Oct 7 00:09:24 UTC 2011
commit ef61669ed46fac74a38bc3cce363b81cf0d5c17f
Author: Michal Ambroz <rebus at seznam.cz>
Date: Fri Oct 7 02:09:02 2011 +0200
fix the gnutls patch
openvas-libraries-gnutls.patch | 83 +++++++++++++++++----------------------
openvas-libraries.spec | 10 ++--
2 files changed, 41 insertions(+), 52 deletions(-)
---
diff --git a/openvas-libraries-gnutls.patch b/openvas-libraries-gnutls.patch
index 79e9085..e34c798 100644
--- a/openvas-libraries-gnutls.patch
+++ b/openvas-libraries-gnutls.patch
@@ -3,47 +3,46 @@ Reported upstream in bug #2526.
http://wald.intevation.org/tracker/?func=detail&atid=220&aid=2526&group_id=29
http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html
diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc/network.c
---- openvas-libraries-4.0.5/misc/network.c 2011-06-01 15:38:37.000000000 +0200
-+++ openvas-libraries-4.0.5.new/misc/network.c 2011-07-04 02:53:17.000000000 +0200
-@@ -413,17 +413,26 @@
+--- openvas-libraries-4.0.5/misc/network.c 2011-10-07 01:45:36.406348779 +0200
++++ openvas-libraries-4.0.5.new/misc/network.c 2011-10-05 01:21:23.182790595 +0200
+@@ -413,17 +413,27 @@
}
static int
-set_gnutls_priorities (gnutls_session_t session, int *protocol_priority,
- int *cipher_priority, int *comp_priority,
- int *kx_priority, int *mac_priority)
--{
++set_gnutls_priorities (gnutls_session_t session, const char *protocol_priority,
++ const char *cipher_priority, const char *comp_priority,
++ const char *kx_priority, const char *mac_priority)
+ {
- int err;
--
++ const char *error_pos = NULL;
++ int err=0;
+
- if ((err = gnutls_protocol_set_priority (session, protocol_priority))
- || (err = gnutls_cipher_set_priority (session, cipher_priority))
- || (err = gnutls_compression_set_priority (session, comp_priority))
- || (err = gnutls_kx_set_priority (session, kx_priority))
- || (err = gnutls_mac_set_priority (session, mac_priority)))
-+set_gnutls_priorities (gnutls_session_t session, const char *protocol_priority,
-+ const char *cipher_priority, const char *comp_priority,
-+ const char *kx_priority, const char *mac_priority)
-+{
-+ const char *error_pos = NULL;
-+ int err=0;
-+
+ char *priorities=malloc(strlen(protocol_priority) + strlen(cipher_priority)
+ + strlen(comp_priority) + strlen(kx_priority)
+ + strlen(mac_priority) + 5 );
+
+ strcpy(priorities,"NONE");
-+ strcpy(priorities,protocol_priority);
-+ strcpy(priorities,cipher_priority);
-+ strcpy(priorities,comp_priority);
-+ strcpy(priorities,kx_priority);
-+ strcpy(priorities,mac_priority);
++ strcat(priorities,protocol_priority);
++ strcat(priorities,cipher_priority);
++ strcat(priorities,comp_priority);
++ strcat(priorities,kx_priority);
++ strcat(priorities,mac_priority);
+
++ g_debug("priorities: %s", priorities);
+
+ if ((err = gnutls_priority_set_direct (session, priorities, &error_pos)) != 0 )
{
tlserror ("setting session priorities", err);
return -1;
-@@ -434,29 +443,11 @@
+@@ -434,29 +444,11 @@
static int
set_gnutls_sslv23 (gnutls_session_t session)
{
@@ -78,7 +77,7 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
return set_gnutls_priorities (session, protocol_priority, cipher_priority,
comp_priority, kx_priority, mac_priority);
-@@ -465,28 +456,11 @@
+@@ -465,58 +457,24 @@
static int
set_gnutls_sslv3 (gnutls_session_t session)
{
@@ -107,13 +106,15 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
+ const char *protocol_priority=":+VERS-SSL3.0";
+ const char *cipher_priority=":+3DES-CBC:+ARCFOUR-128";
+ const char *comp_priority=":+COMP-ALL";
-+ const char *kx_priority=":+DHE-RSA:+RSA:+DHE-DSS";
++ const char *kx_priority=":+DHE-RSA::+RSA+DHE-DSS";
+ const char *mac_priority=":+SHA1:+MD5";
return set_gnutls_priorities (session, protocol_priority, cipher_priority,
comp_priority, kx_priority, mac_priority);
-@@ -495,28 +469,11 @@
- static int
+ }
+
+-static int
++int
set_gnutls_tlsv1 (gnutls_session_t session)
{
- static int protocol_priority[] = { GNUTLS_TLS1,
@@ -138,7 +139,7 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
- GNUTLS_MAC_MD5,
- 0
- };
-+ const char *protocol_priority=":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
++ const char *protocol_priority=":+VERS-TLS-ALL";
+ const char *cipher_priority=":+AES-128-CBC:+3DES-CBC:+AES-256-CBC:+ARCFOUR-128";
+ const char *comp_priority=":+COMP-ALL";
+ const char *kx_priority=":+DHE-RSA:+RSA:+DHE-DSS";
@@ -146,21 +147,9 @@ diff -ru openvas-libraries-4.0.5/misc/network.c openvas-libraries-4.0.5.new/misc
return set_gnutls_priorities (session, protocol_priority, cipher_priority,
comp_priority, kx_priority, mac_priority);
-diff -ru openvas-libraries-4.0.5.new/misc/network.c openvas-libraries-4.0.5/misc/network.c
---- openvas-libraries-4.0.5.new/misc/network.c 2011-10-03 20:38:16.372079165 +0200
-+++ openvas-libraries-4.0.5/misc/network.c 2011-10-03 20:40:13.970763808 +0200
-@@ -466,7 +466,7 @@
- comp_priority, kx_priority, mac_priority);
- }
-
-+int
--static int
- set_gnutls_tlsv1 (gnutls_session_t session)
- {
- const char *protocol_priority="+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0";
-diff -ru openvas-libraries-4.0.5.new/misc/network.h openvas-libraries-4.0.5/misc/network.h
---- openvas-libraries-4.0.5.new/misc/network.h 2011-10-03 20:38:24.274923568 +0200
-+++ openvas-libraries-4.0.5/misc/network.h 2011-06-01 15:38:37.000000000 +0200
+diff -ru openvas-libraries-4.0.5/misc/network.h openvas-libraries-4.0.5.new/misc/network.h
+--- openvas-libraries-4.0.5/misc/network.h 2011-06-01 15:38:37.000000000 +0200
++++ openvas-libraries-4.0.5.new/misc/network.h 2011-10-04 16:49:43.985911401 +0200
@@ -121,4 +121,6 @@
void convipv4toipv4mappedaddr (struct in_addr, struct in6_addr *);
@@ -168,9 +157,9 @@ diff -ru openvas-libraries-4.0.5.new/misc/network.h openvas-libraries-4.0.5/misc
+int set_gnutls_tlsv1 (gnutls_session_t session);
+
#endif
-diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0.5/misc/openvas_server.c
---- openvas-libraries-4.0.5.new/misc/openvas_server.c 2011-10-03 20:39:25.165724711 +0200
-+++ openvas-libraries-4.0.5/misc/openvas_server.c 2011-06-01 15:38:37.000000000 +0200
+diff -ru openvas-libraries-4.0.5/misc/openvas_server.c openvas-libraries-4.0.5.new/misc/openvas_server.c
+--- openvas-libraries-4.0.5/misc/openvas_server.c 2011-06-01 15:38:37.000000000 +0200
++++ openvas-libraries-4.0.5.new/misc/openvas_server.c 2011-10-04 16:49:43.986911382 +0200
@@ -58,6 +58,7 @@
#include <string.h>
@@ -179,7 +168,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
/**
* @todo This module nearly fulfils the requirements to be placed in the base
-@@ -143,6 +142,7 @@
+@@ -142,6 +143,7 @@
return -1;
}
@@ -187,7 +176,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
const int kx_priority[] = { GNUTLS_KX_DHE_RSA,
GNUTLS_KX_RSA,
GNUTLS_KX_DHE_DSS,
-@@ -156,6 +154,7 @@
+@@ -154,6 +156,7 @@
gnutls_certificate_free_credentials (credentials);
return -1;
}
@@ -195,7 +184,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
if (gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, credentials))
{
-@@ -619,6 +616,7 @@
+@@ -616,6 +619,7 @@
gnutls_certificate_credentials_t * server_credentials)
{
// FIX static vars?
@@ -203,7 +192,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
const int protocol_priority[] = { GNUTLS_TLS1,
0
};
-@@ -642,6 +638,8 @@
+@@ -638,6 +642,8 @@
GNUTLS_MAC_MD5,
0
};
@@ -212,7 +201,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
/* Turn off use of /dev/random, as this can block. */
-@@ -692,6 +686,7 @@
+@@ -686,6 +692,7 @@
goto server_free_fail;
}
@@ -220,7 +209,7 @@ diff -ru openvas-libraries-4.0.5.new/misc/openvas_server.c openvas-libraries-4.0
if (gnutls_protocol_set_priority (*server_session, protocol_priority))
{
g_warning ("%s: failed to set protocol priority\n", __FUNCTION__);
-@@ -722,6 +715,13 @@
+@@ -715,6 +722,13 @@
{
g_warning ("%s: failed to set mac priority\n", __FUNCTION__);
goto server_fail;
diff --git a/openvas-libraries.spec b/openvas-libraries.spec
index 02e70c6..6806023 100644
--- a/openvas-libraries.spec
+++ b/openvas-libraries.spec
@@ -44,9 +44,9 @@ Development libraries and headers for use with openvas-libraries.
%prep
%setup -q
-%patch0 -p 1 -b notused.patch
-%patch1 -p 1 -b gnutls.patch
-%patch2 -p 1 -b lowat.patch
+%patch0 -p 1 -b .notused.patch
+%patch1 -p 1 -b .gnutls.patch
+%patch2 -p 1 -b .lowat.patch
%build
@@ -97,8 +97,8 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/libopenvas.pc
%changelog
-* Thu Oct 07 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-4
-- fix the gnutls preferences string
+* Thu Oct 06 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-4
+- fix the priorities string
* Sat Jul 30 2011 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-3
- gnutls > 2.12.0 has deprecated gnutls_transport_set_lowat
More information about the scm-commits
mailing list