mooninite pushed to mingw-gnutls (epel7). "Update to 3.3.6"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 16 13:56:47 UTC 2015
>From 4e0f29d7742995f93c797ed2fe5ba9f971d2a512 Mon Sep 17 00:00:00 2001
From: Michael Cronenworth <mike at cchtml.com>
Date: Sun, 17 Aug 2014 17:19:05 -0500
Subject: Update to 3.3.6
diff --git a/.gitignore b/.gitignore
index 080a824..283f8ac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,24 +1 @@
-gnutls-2.6.4-nosrp.tar.bz2
-/gnutls-2.10.5-nosrp.tar.bz2
-/gnutls-2.12.11-nosrp.tar.bz2
-/gnutls-2.12.12-nosrp.tar.bz2
-/gnutls-2.12.14-nosrp.tar.bz2
-/gnutls-2.12.17-nosrp.tar.xz
-/gnutls-2.12.18-nosrp.tar.xz
-/gnutls-2.12.19-nosrp.tar.xz
-/gnutls-2.12.20-nosrp.tar.xz
-/gnutls-2.12.21-nosrp.tar.xz
-/gnutls-3.1.7-hobbled.tar.xz
-/gnutls-3.1.8-hobbled.tar.xz
-/gnutls-3.1.10-hobbled.tar.xz
-/gnutls-3.1.11-hobbled.tar.xz
-/gnutls-3.1.13-hobbled.tar.xz
-/gnutls-3.1.15-hobbled.tar.xz
-/gnutls-3.1.16-hobbled.tar.xz
-/gnutls-3.2.7-hobbled.tar.xz
-/gnutls-3.2.8-hobbled.tar.xz
-/gnutls-3.2.11-hobbled.tar.xz
-/gnutls-3.2.12.1-hobbled.tar.xz
-/gnutls-3.3.0-hobbled.tar.xz
-/gnutls-3.3.2-hobbled.tar.xz
-/gnutls-3.3.5-hobbled.tar.xz
+/gnutls-3.3.6-hobbled.tar.xz
diff --git a/gnutls-2.12.21-fips-algorithms.patch b/gnutls-2.12.21-fips-algorithms.patch
deleted file mode 100644
index f40af01..0000000
--- a/gnutls-2.12.21-fips-algorithms.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-diff -up gnutls-2.12.21/lib/gcrypt/init.c.fips gnutls-2.12.21/lib/gcrypt/init.c
---- gnutls-2.12.21/lib/gcrypt/init.c.fips 2012-01-06 20:06:23.000000000 +0100
-+++ gnutls-2.12.21/lib/gcrypt/init.c 2012-11-09 19:57:54.651624659 +0100
-@@ -43,6 +43,8 @@ static struct gcry_thread_cbs gct = {
- .recvmsg = NULL,
- };
-
-+int gnutls_gcrypt_fips;
-+
- int
- gnutls_crypto_init (void)
- {
-@@ -72,6 +74,8 @@ gnutls_crypto_init (void)
- return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
- }
-
-+ gnutls_gcrypt_fips = gcry_fips_mode_active();
-+
- /* for gcrypt in order to be able to allocate memory */
- gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);
-
-diff -up gnutls-2.12.21/lib/gnutls_algorithms.c.fips gnutls-2.12.21/lib/gnutls_algorithms.c
---- gnutls-2.12.21/lib/gnutls_algorithms.c.fips 2012-01-06 20:06:23.000000000 +0100
-+++ gnutls-2.12.21/lib/gnutls_algorithms.c 2012-11-28 14:19:34.507948036 +0100
-@@ -44,11 +44,11 @@ typedef struct
- } gnutls_sec_params_entry;
-
- static const gnutls_sec_params_entry sec_params[] = {
-- {"Weak", GNUTLS_SEC_PARAM_WEAK, 64, 816, 1024, 128, 128},
-- {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
-- {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
-- {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
-- {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
-+ {"Weak", GNUTLS_SEC_PARAM_WEAK, 64, 1024, 1024, 128, 128},
-+ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1280, 2048, 160, 160},
-+ {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2560, 3072, 224, 224},
-+ {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3328, 3072, 256, 256},
-+ {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15616, 3072, 512, 512},
- {NULL, 0, 0, 0, 0, 0}
- };
-
-diff -up gnutls-2.12.21/lib/gnutls_priority.c.fips gnutls-2.12.21/lib/gnutls_priority.c
---- gnutls-2.12.21/lib/gnutls_priority.c.fips 2012-11-08 17:11:11.000000000 +0100
-+++ gnutls-2.12.21/lib/gnutls_priority.c 2012-11-09 19:57:54.651624659 +0100
-@@ -30,6 +30,7 @@
- #include "gnutls_algorithms.h"
- #include "gnutls_errors.h"
- #include <gnutls_num.h>
-+#include <gcrypt.h>
-
- static void
- break_comma_list (char *etag,
-@@ -223,6 +224,13 @@ static const int protocol_priority[] = {
- 0
- };
-
-+static const int protocol_priority_fips[] = {
-+ GNUTLS_TLS1_2,
-+ GNUTLS_TLS1_1,
-+ GNUTLS_TLS1_0,
-+ 0
-+};
-+
- static const int kx_priority_performance[] = {
- GNUTLS_KX_RSA,
- GNUTLS_KX_DHE_RSA,
-@@ -269,6 +277,13 @@ static const int cipher_priority_perform
- 0
- };
-
-+static const int cipher_priority_performance_fips[] = {
-+ GNUTLS_CIPHER_AES_128_CBC,
-+ GNUTLS_CIPHER_3DES_CBC,
-+ GNUTLS_CIPHER_AES_256_CBC,
-+ 0
-+};
-+
- static const int cipher_priority_normal[] = {
- GNUTLS_CIPHER_AES_128_CBC,
- #ifdef ENABLE_CAMELLIA
-@@ -284,6 +299,13 @@ static const int cipher_priority_normal[
- 0
- };
-
-+static const int cipher_priority_normal_fips[] = {
-+ GNUTLS_CIPHER_AES_128_CBC,
-+ GNUTLS_CIPHER_AES_256_CBC,
-+ GNUTLS_CIPHER_3DES_CBC,
-+ 0
-+};
-+
- static const int cipher_priority_secure128[] = {
- GNUTLS_CIPHER_AES_128_CBC,
- #ifdef ENABLE_CAMELLIA
-@@ -295,6 +317,11 @@ static const int cipher_priority_secure1
- 0
- };
-
-+static const int cipher_priority_secure128_fips[] = {
-+ GNUTLS_CIPHER_AES_128_CBC,
-+ GNUTLS_CIPHER_3DES_CBC,
-+ 0
-+};
-
- static const int cipher_priority_secure256[] = {
- GNUTLS_CIPHER_AES_256_CBC,
-@@ -311,6 +338,13 @@ static const int cipher_priority_secure2
- 0
- };
-
-+static const int cipher_priority_secure256_fips[] = {
-+ GNUTLS_CIPHER_AES_256_CBC,
-+ GNUTLS_CIPHER_AES_128_CBC,
-+ GNUTLS_CIPHER_3DES_CBC,
-+ 0
-+};
-+
- /* The same as cipher_priority_security_normal + arcfour-40. */
- static const int cipher_priority_export[] = {
- GNUTLS_CIPHER_AES_128_CBC,
-@@ -362,6 +396,12 @@ static const int mac_priority_normal[] =
- 0
- };
-
-+static const int mac_priority_normal_fips[] = {
-+ GNUTLS_MAC_SHA1,
-+ GNUTLS_MAC_SHA256,
-+ 0
-+};
-+
-
- static const int mac_priority_secure[] = {
- GNUTLS_MAC_SHA256,
-@@ -462,6 +502,8 @@ gnutls_priority_set (gnutls_session_t se
-
- #define MAX_ELEMENTS 48
-
-+extern int gnutls_gcrypt_fips;
-+
- /**
- * gnutls_priority_init:
- * @priority_cache: is a #gnutls_prioritity_t structure.
-@@ -561,7 +603,7 @@ gnutls_priority_init (gnutls_priority_t
- */
- if (strcasecmp (broken_list[0], "NONE") != 0)
- {
-- _set_priority (&(*priority_cache)->protocol, protocol_priority);
-+ _set_priority (&(*priority_cache)->protocol, gnutls_gcrypt_fips?protocol_priority_fips:protocol_priority);
- _set_priority (&(*priority_cache)->compression, comp_priority);
- _set_priority (&(*priority_cache)->cert_type, cert_type_priority_default);
- _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
-@@ -577,17 +619,17 @@ gnutls_priority_init (gnutls_priority_t
- if (strcasecmp (broken_list[i], "PERFORMANCE") == 0)
- {
- _set_priority (&(*priority_cache)->cipher,
-- cipher_priority_performance);
-+ gnutls_gcrypt_fips?cipher_priority_performance_fips:cipher_priority_performance);
- _set_priority (&(*priority_cache)->kx, kx_priority_performance);
-- _set_priority (&(*priority_cache)->mac, mac_priority_normal);
-+ _set_priority (&(*priority_cache)->mac, gnutls_gcrypt_fips?mac_priority_normal_fips:mac_priority_normal);
- _set_priority (&(*priority_cache)->sign_algo,
- sign_priority_default);
- }
- else if (strcasecmp (broken_list[i], "NORMAL") == 0)
- {
-- _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
-+ _set_priority (&(*priority_cache)->cipher, gnutls_gcrypt_fips?cipher_priority_normal_fips:cipher_priority_normal);
- _set_priority (&(*priority_cache)->kx, kx_priority_secure);
-- _set_priority (&(*priority_cache)->mac, mac_priority_normal);
-+ _set_priority (&(*priority_cache)->mac, gnutls_gcrypt_fips?mac_priority_normal_fips:mac_priority_normal);
- _set_priority (&(*priority_cache)->sign_algo,
- sign_priority_default);
- }
-@@ -595,7 +637,7 @@ gnutls_priority_init (gnutls_priority_t
- || strcasecmp (broken_list[i], "SECURE") == 0)
- {
- _set_priority (&(*priority_cache)->cipher,
-- cipher_priority_secure256);
-+ gnutls_gcrypt_fips?cipher_priority_secure256_fips:cipher_priority_secure256);
- _set_priority (&(*priority_cache)->kx, kx_priority_secure);
- _set_priority (&(*priority_cache)->mac, mac_priority_secure);
- _set_priority (&(*priority_cache)->sign_algo,
-@@ -604,7 +646,7 @@ gnutls_priority_init (gnutls_priority_t
- else if (strcasecmp (broken_list[i], "SECURE128") == 0)
- {
- _set_priority (&(*priority_cache)->cipher,
-- cipher_priority_secure128);
-+ gnutls_gcrypt_fips?cipher_priority_secure128_fips:cipher_priority_secure128);
- _set_priority (&(*priority_cache)->kx, kx_priority_secure);
- _set_priority (&(*priority_cache)->mac, mac_priority_secure);
- _set_priority (&(*priority_cache)->sign_algo,
-@@ -646,7 +688,7 @@ gnutls_priority_init (gnutls_priority_t
- if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
- {
- bulk_fn (&(*priority_cache)->protocol,
-- protocol_priority);
-+ gnutls_gcrypt_fips?protocol_priority_fips:protocol_priority);
- }
- else
- {
-@@ -718,7 +760,7 @@ gnutls_priority_init (gnutls_priority_t
- else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 7) == 0)
- {
- bulk_fn (&(*priority_cache)->cipher,
-- cipher_priority_normal);
-+ gnutls_gcrypt_fips?cipher_priority_normal_fips:cipher_priority_normal);
- }
- else
- goto error;
diff --git a/gnutls-3.3.1-default-policy.patch b/gnutls-3.3.1-default-policy.patch
deleted file mode 100644
index 631ad72..0000000
--- a/gnutls-3.3.1-default-policy.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
-index 769eed1..3a94b20 100644
---- a/lib/gnutls_priority.c
-+++ b/lib/gnutls_priority.c
-@@ -1107,6 +1107,7 @@ gnutls_priority_init(gnutls_priority_t * priority_cache,
- int algo;
- rmadd_func *fn;
- bulk_rmadd_func *bulk_fn;
-+ unsigned dset = 0;
-
- *priority_cache =
- gnutls_calloc(1, sizeof(struct gnutls_priority_st));
-@@ -1126,10 +1127,16 @@ gnutls_priority_init(gnutls_priority_t * priority_cache,
-
- (*priority_cache)->max_empty_records = DEFAULT_MAX_EMPTY_RECORDS;
-
-- if (priorities == NULL)
-- priorities = "NORMAL";
-+ if (priorities == NULL) {
-+ priorities = "@SYSTEM";
-+ dset = 1;
-+ }
-
- darg = resolve_priorities(priorities);
-+ if (darg == NULL && dset == 1) {
-+ priorities = "NORMAL";
-+ darg = resolve_priorities(priorities);
-+ }
- if (darg == NULL) {
- gnutls_assert();
- goto error;
diff --git a/gnutls-3.3.6-default-policy.patch b/gnutls-3.3.6-default-policy.patch
new file mode 100644
index 0000000..94185e8
--- /dev/null
+++ b/gnutls-3.3.6-default-policy.patch
@@ -0,0 +1,31 @@
+diff -ur gnutls-3.3.6.orig/lib/gnutls_priority.c gnutls-3.3.6/lib/gnutls_priority.c
+--- gnutls-3.3.6.orig/lib/gnutls_priority.c 2014-07-22 23:43:41.000000000 +0200
++++ gnutls-3.3.6/lib/gnutls_priority.c 2014-07-23 10:13:30.456310043 +0200
+@@ -1110,6 +1110,7 @@
+ int algo;
+ rmadd_func *fn;
+ bulk_rmadd_func *bulk_fn;
++ unsigned dset = 0;
+
+ if (err_pos)
+ *err_pos = priorities;
+@@ -1129,10 +1130,16 @@
+
+ (*priority_cache)->max_empty_records = DEFAULT_MAX_EMPTY_RECORDS;
+
+- if (priorities == NULL)
+- priorities = "NORMAL";
++ if (priorities == NULL) {
++ priorities = "@SYSTEM";
++ dset = 1;
++ }
+
+ darg = resolve_priorities(priorities);
++ if (darg == NULL && dset == 1) {
++ priorities = "NORMAL";
++ darg = resolve_priorities(priorities);
++ }
+ if (darg == NULL) {
+ gnutls_assert();
+ goto error;
+Only in gnutls-3.3.6/lib: gnutls_priority.c.orig
diff --git a/gnutls-mingw-fixes.patch b/gnutls-mingw-fixes.patch
new file mode 100644
index 0000000..beabeff
--- /dev/null
+++ b/gnutls-mingw-fixes.patch
@@ -0,0 +1,42 @@
+From 88b97ff3962d94e56764c334a71fa2f82815a096 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at redhat.com>
+Date: Thu, 31 Jul 2014 12:18:16 +0200
+Subject: [PATCH] several windows compilation fixes
+
+---
+ lib/nettle/rnd-common.c | 1 +
+ lib/x509/verify-high2.c | 6 +++++-
+ 2 files changed, 6 insertions(+), 1 deletions(-)
+
+diff --git a/lib/nettle/rnd-common.c b/lib/nettle/rnd-common.c
+index 3bdfdbd..0a015d5 100644
+--- a/lib/nettle/rnd-common.c
++++ b/lib/nettle/rnd-common.c
+@@ -80,6 +80,7 @@ void _rnd_get_event(struct event_st *e)
+
+ static HCRYPTPROV device_fd = 0;
+
++static
+ int _rnd_get_system_entropy_win32(void* rnd, size_t size)
+ {
+ if (!CryptGenRandom(device_fd, (DWORD) size, rnd)) {
+diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c
+index ec55f38..fd90a99 100644
+--- a/lib/x509/verify-high2.c
++++ b/lib/x509/verify-high2.c
+@@ -304,7 +304,11 @@ int load_dir_certs(const char *dirname,
+ if (dirp != NULL) {
+ do {
+ d = readdir(dirp);
+- if (d != NULL && d->d_type == DT_REG) {
++ if (d != NULL
++#ifndef _WIN32
++ && d->d_type == DT_REG
++#endif
++ ) {
+ snprintf(path, sizeof(path), "%s/%s",
+ dirname, d->d_name);
+
+--
+1.7.1
+
diff --git a/gnutls-mingw-inet.patch b/gnutls-mingw-inet.patch
new file mode 100644
index 0000000..733882c
--- /dev/null
+++ b/gnutls-mingw-inet.patch
@@ -0,0 +1,355 @@
+From d11334a55e2f91e5f14391ed46bc4adfad6894e1 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at redhat.com>
+Date: Mon, 28 Jul 2014 15:00:25 +0200
+Subject: [PATCH] Added replacements of inet_aton and inet_pton on systems they are not present
+
+gnulib is avoided due to keep the gnulib network replacements out of
+the library.
+---
+ lib/Makefile.am | 2 +-
+ lib/inet_pton.c | 266 +++++++++++++++++++++++++++++++++++++++++++
+ lib/system.h | 11 ++
+ lib/x509/rfc2818_hostname.c | 6 +-
+ 4 files changed, 279 insertions(+), 6 deletions(-)
+ create mode 100644 lib/inet_pton.c
+
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index 4daa19d..52b0588 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -82,7 +82,7 @@ COBJECTS = gnutls_range.c gnutls_record.c \
+ random.c crypto-api.c gnutls_privkey.c gnutls_pcert.c \
+ gnutls_pubkey.c locks.c gnutls_dtls.c system_override.c \
+ crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \
+- safe-memset.c
++ safe-memset.c inet_pton.c
+
+ if ENABLE_SELF_CHECKS
+ COBJECTS += crypto-selftests.c crypto-selftests-pk.c
+diff --git a/lib/inet_pton.c b/lib/inet_pton.c
+new file mode 100644
+index 0000000..cc9254f
+--- /dev/null
++++ b/lib/inet_pton.c
+@@ -0,0 +1,266 @@
++/*
++ * Copyright (c) 1996,1999 by Internet Software Consortium.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
++ * SOFTWARE.
++ */
++
++#include <config.h>
++
++#ifdef HAVE_SYS_PARAM_H
++#include <sys/param.h>
++#endif
++
++#ifdef HAVE_SYS_TYPES_H
++#include <sys/types.h>
++#endif
++
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h> /* needed to define AF_ values on UNIX */
++#endif
++
++#ifdef HAVE_WINSOCK2_H
++#include <winsock2.h> /* needed to define AF_ values on Windows */
++#if _MSC_VER < 1600 /* errno.h defines EAFNOSUPPORT in Windows VC10 (and presumably eventually in VC11 ...) */
++#define EAFNOSUPPORT WSAEAFNOSUPPORT
++#endif
++#endif
++
++#ifdef HAVE_NETINET_IN_H
++#include <netinet/in.h>
++#endif
++
++#ifdef HAVE_ARPA_INET_H
++#include <arpa/inet.h>
++#endif
++
++#ifdef HAVE_ARPA_NAMESER_H
++#include <arpa/nameser.h>
++#endif
++
++#include <string.h>
++#include <errno.h>
++
++#include <system.h>
++
++#ifndef HAVE_INET_PTON
++
++#ifndef NS_INADDRSZ
++#define NS_INADDRSZ 4
++#endif
++#ifndef NS_IN6ADDRSZ
++#define NS_IN6ADDRSZ 16
++#endif
++#ifndef NS_INT16SZ
++#define NS_INT16SZ 2
++#endif
++
++/*
++ * WARNING: Don't even consider trying to compile this on a system where
++ * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
++ */
++
++static int inet_pton4 (const char *src, u_char *dst);
++static int inet_pton6 (const char *src, u_char *dst);
++
++/* int
++ * inet_pton(af, src, dst)
++ * convert from presentation format (which usually means ASCII printable)
++ * to network format (which is usually some kind of binary format).
++ * return:
++ * 1 if the address was valid for the specified address family
++ * 0 if the address wasn't valid (`dst' is untouched in this case)
++ * -1 if some other error occurred (`dst' is untouched in this case, too)
++ * author:
++ * Paul Vixie, 1996.
++ */
++int
++inet_pton(af, src, dst)
++ int af;
++ const char *src;
++ void *dst;
++{
++ switch (af) {
++ case AF_INET:
++ return (inet_pton4(src, dst));
++ case AF_INET6:
++ return (inet_pton6(src, dst));
++ default:
++ errno = EAFNOSUPPORT;
++ return (-1);
++ }
++ /* NOTREACHED */
++}
++#endif
++
++#ifdef _WIN32
++int inet_aton(const char *cp, struct in_addr *inp)
++{
++ return inet_pton(AF_INET, cp, inp);
++}
++#endif
++
++#ifndef HAVE_INET_PTON
++/* int
++ * inet_pton4(src, dst)
++ * like inet_aton() but without all the hexadecimal and shorthand.
++ * return:
++ * 1 if `src' is a valid dotted quad, else 0.
++ * notice:
++ * does not touch `dst' unless it's returning 1.
++ * author:
++ * Paul Vixie, 1996.
++ */
++static int
++inet_pton4(src, dst)
++ const char *src;
++ u_char *dst;
++{
++ static const char digits[] = "0123456789";
++ int saw_digit, octets, ch;
++ u_char tmp[NS_INADDRSZ], *tp;
++
++ saw_digit = 0;
++ octets = 0;
++ *(tp = tmp) = 0;
++ while ((ch = *src++) != '\0') {
++ const char *pch;
++
++ if ((pch = strchr(digits, ch)) != NULL) {
++ size_t new = *tp * 10 + (pch - digits);
++
++ if (new > 255)
++ return (0);
++ *tp = (u_char) new;
++ if (! saw_digit) {
++ if (++octets > 4)
++ return (0);
++ saw_digit = 1;
++ }
++ } else if (ch == '.' && saw_digit) {
++ if (octets == 4)
++ return (0);
++ *++tp = 0;
++ saw_digit = 0;
++ } else
++ return (0);
++ }
++ if (octets < 4)
++ return (0);
++ memcpy(dst, tmp, NS_INADDRSZ);
++ return (1);
++}
++
++/* int
++ * inet_pton6(src, dst)
++ * convert presentation level address to network order binary form.
++ * return:
++ * 1 if `src' is a valid [RFC1884 2.2] address, else 0.
++ * notice:
++ * (1) does not touch `dst' unless it's returning 1.
++ * (2) :: in a full address is silently ignored.
++ * credit:
++ * inspired by Mark Andrews.
++ * author:
++ * Paul Vixie, 1996.
++ */
++static int
++inet_pton6(src, dst)
++ const char *src;
++ u_char *dst;
++{
++ static const char xdigits_l[] = "0123456789abcdef",
++ xdigits_u[] = "0123456789ABCDEF";
++ u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
++ const char *xdigits, *curtok;
++ int ch, saw_xdigit;
++ u_int val;
++
++ memset((tp = tmp), '\0', NS_IN6ADDRSZ);
++ endp = tp + NS_IN6ADDRSZ;
++ colonp = NULL;
++ /* Leading :: requires some special handling. */
++ if (*src == ':')
++ if (*++src != ':')
++ return (0);
++ curtok = src;
++ saw_xdigit = 0;
++ val = 0;
++ while ((ch = *src++) != '\0') {
++ const char *pch;
++
++ if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
++ pch = strchr((xdigits = xdigits_u), ch);
++ if (pch != NULL) {
++ val <<= 4;
++ val |= (pch - xdigits);
++ if (val > 0xffff)
++ return (0);
++ saw_xdigit = 1;
++ continue;
++ }
++ if (ch == ':') {
++ curtok = src;
++ if (!saw_xdigit) {
++ if (colonp)
++ return (0);
++ colonp = tp;
++ continue;
++ } else if (*src == '\0') {
++ return (0);
++ }
++ if (tp + NS_INT16SZ > endp)
++ return (0);
++ *tp++ = (u_char) (val >> 8) & 0xff;
++ *tp++ = (u_char) val & 0xff;
++ saw_xdigit = 0;
++ val = 0;
++ continue;
++ }
++ if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
++ inet_pton4(curtok, tp) > 0) {
++ tp += NS_INADDRSZ;
++ saw_xdigit = 0;
++ break; /* '\0' was seen by inet_pton4(). */
++ }
++ return (0);
++ }
++ if (saw_xdigit) {
++ if (tp + NS_INT16SZ > endp)
++ return (0);
++ *tp++ = (u_char) (val >> 8) & 0xff;
++ *tp++ = (u_char) val & 0xff;
++ }
++ if (colonp != NULL) {
++ /*
++ * Since some memmove()'s erroneously fail to handle
++ * overlapping regions, we'll do the shift by hand.
++ */
++ const int n = (int) (tp - colonp);
++ int i;
++
++ if (tp == endp)
++ return (0);
++ for (i = 1; i <= n; i++) {
++ endp[- i] = colonp[n - i];
++ colonp[n - i] = 0;
++ }
++ tp = endp;
++ }
++ if (tp != endp)
++ return (0);
++ memcpy(dst, tmp, NS_IN6ADDRSZ);
++ return (1);
++}
++
++#endif /* HAVE_INET_PTON */
+diff --git a/lib/system.h b/lib/system.h
+index d2e695a..0e7bcfb 100644
+--- a/lib/system.h
++++ b/lib/system.h
+@@ -98,4 +98,16 @@ int _gnutls_ucs2_to_utf8(const void *data, size_t size,
+ int gnutls_system_global_init(void);
+ void gnutls_system_global_deinit(void);
+
++#ifndef _WIN32
++# include <arpa/inet.h>
++#else
++# define inet_aton _gnutls_inet_aton
++int inet_aton(const char *cp, struct in_addr *inp);
++#endif
++
++#ifndef HAVE_INET_PTON
++# define inet_pton _gnutls_inet_pton
++int inet_pton(int af, const char *src, void *dst);
++#endif
++
+ #endif /* SYSTEM_H */
+diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
+index 1eeb548..1341bbf 100644
+--- a/lib/x509/rfc2818_hostname.c
++++ b/lib/x509/rfc2818_hostname.c
+@@ -24,7 +24,7 @@
+ #include <x509_int.h>
+ #include <common.h>
+ #include <gnutls_errors.h>
+-#include <arpa/inet.h>
++#include <system.h>
+
+ /**
+ * gnutls_x509_crt_check_hostname:
+@@ -128,7 +128,6 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
+ if ((p=strchr(hostname, ':')) != NULL || inet_aton(hostname, &ipv4) != 0) {
+
+ if (p != NULL) {
+-#ifdef HAVE_INET_PTON
+ struct in6_addr ipv6;
+
+ ret = inet_pton(AF_INET6, hostname, &ipv6);
+@@ -137,9 +136,6 @@ gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert,
+ goto hostname_fallback;
+ }
+ ret = check_ip(cert, &ipv6, 16, flags);
+-#else
+- ret = 0;
+-#endif
+ } else {
+ ret = check_ip(cert, &ipv4, 4, flags);
+ }
+--
+1.7.1
+
diff --git a/mingw-gnutls.spec b/mingw-gnutls.spec
index 4dbdeb9..35824af 100644
--- a/mingw-gnutls.spec
+++ b/mingw-gnutls.spec
@@ -1,7 +1,7 @@
%?mingw_package_header
Name: mingw-gnutls
-Version: 3.3.5
+Version: 3.3.6
Release: 1%{?dist}
Summary: MinGW GnuTLS TLS/SSL encryption library
@@ -21,10 +21,12 @@ Patch1: gnutls-3.2.7-rpath.patch
# Use only FIPS approved ciphers in the FIPS mode
Patch2: gnutls-2.12.21-fips-algorithms.patch
Patch3: gnutls-3.1.11-nosrp.patch
-Patch4: gnutls-3.3.1-default-policy.patch
+Patch4: gnutls-3.3.6-default-policy.patch
# MinGW-specific patches.
-Patch1002: gnutls-fix-external-libtasn1-detection.patch
+Patch1000: gnutls-fix-external-libtasn1-detection.patch
+Patch1001: gnutls-mingw-fixes.patch
+Patch1002: gnutls-mingw-inet.patch
BuildRequires: mingw32-filesystem >= 95
BuildRequires: mingw32-gcc
@@ -99,7 +101,9 @@ for MinGW.
%patch3 -p1 -b .nosrp
%patch4 -p1 -b .default-policy
-%patch1002 -p0 -b .libtasn1
+%patch1000 -p0 -b .libtasn1
+%patch1001 -p1 -b .mingw-fixes
+%patch1002 -p1 -b .mingw-inet
sed 's/gnutls_srp.c//g' -i lib/Makefile.in
sed 's/gnutls_srp.lo//g' -i lib/Makefile.in
@@ -177,6 +181,9 @@ rm -rf $RPM_BUILD_ROOT%{mingw64_mandir}
%changelog
+* Sun Aug 17 2014 Michael Cronenworth <mike at cchtml.com> - 3.3.6-1
+- Update to 3.3.6
+
* Tue Jul 01 2014 Michael Cronenworth <mike at cchtml.com> - 3.3.5-1
- Update to 3.3.5
diff --git a/sources b/sources
index f4f65a5..368b3cd 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-01ffa603f8af390748bdf743a35ddc3f gnutls-3.3.5-hobbled.tar.xz
+656f56e3cf1021efe8543dc06a7f10c6 gnutls-3.3.6-hobbled.tar.xz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/mingw-gnutls.git/commit/?h=epel7&id=4e0f29d7742995f93c797ed2fe5ba9f971d2a512
More information about the scm-commits
mailing list