kalev pushed to tigervnc (master). "Fix the build with gnutls 3.4 (..more)"

notifications at fedoraproject.org notifications at fedoraproject.org
Tue May 5 08:33:51 UTC 2015 

>From 85b690b6cd0b35f01a7f168b723b5daa42ab6620 Mon Sep 17 00:00:00 2001
From: Kalev Lember <kalevlember at gmail.com>
Date: Tue, 5 May 2015 09:30:06 +0200
Subject: Fix the build with gnutls 3.4

https://bugzilla.redhat.com/show_bug.cgi?id=1218518

diff --git a/tigervnc-gnutls-3.4.patch b/tigervnc-gnutls-3.4.patch
new file mode 100644
index 0000000..491e488
--- /dev/null
+++ b/tigervnc-gnutls-3.4.patch
@@ -0,0 +1,68 @@
+Patch by Nikos Mavrogiannopoulos <nmavrogi at redhat.com>
+
+gnutls 3.4.0 drops gnutls_kx_set_priority which is used by tigervnc. The
+attached patch fixes this issue and allows tigervnc to compile with new gnutls
+versions.
+
+diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
+index 222748c..f7e9dfd 100644
+--- a/common/rfb/CSecurityTLS.cxx
++++ b/common/rfb/CSecurityTLS.cxx
+@@ -202,13 +202,12 @@ bool CSecurityTLS::processMsg(CConnection* cc)
+ 
+ void CSecurityTLS::setParam()
+ {
+-  static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 };
+-  static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
+-				     GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
++  int ret;
+ 
+   if (anon) {
+-    if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS)
+-      throw AuthFailureException("gnutls_kx_set_priority failed");
++    ret = gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
++    if (ret < 0)
++      throw AuthFailureException("gnutls_priority_set_direct failed");
+ 
+     if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
+       throw AuthFailureException("gnutls_anon_allocate_client_credentials failed");
+@@ -218,8 +217,9 @@ void CSecurityTLS::setParam()
+ 
+     vlog.debug("Anonymous session has been set");
+   } else {
+-    if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS)
+-      throw AuthFailureException("gnutls_kx_set_priority failed");
++    ret = gnutls_set_default_priority(session);
++    if (ret < 0)
++      throw AuthFailureException("gnutls_set_default_priority failed");
+ 
+     if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
+       throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
+diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
+index d4e88d7..7ac4652 100644
+--- a/common/rfb/SSecurityTLS.cxx
++++ b/common/rfb/SSecurityTLS.cxx
+@@ -166,13 +166,17 @@ bool SSecurityTLS::processMsg(SConnection *sc)
+ 
+ void SSecurityTLS::setParams(gnutls_session session)
+ {
+-  static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 };
+-  static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA,
+-				     GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
++  int ret;
+ 
+-  if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority)
+-      != GNUTLS_E_SUCCESS)
+-    throw AuthFailureException("gnutls_kx_set_priority failed");
++  if (anon) {
++    ret = gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
++    if (ret < 0)
++      throw AuthFailureException("gnutls_priority_set_direct failed");
++  } else {
++    ret = gnutls_set_default_priority(session);
++    if (ret < 0)
++      throw AuthFailureException("gnutls_set_default_priority failed");
++  }
+ 
+   if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
+     throw AuthFailureException("gnutls_dh_params_init failed");
diff --git a/tigervnc.spec b/tigervnc.spec
index cdb8b5b..d975853 100644
--- a/tigervnc.spec
+++ b/tigervnc.spec
@@ -5,7 +5,7 @@
 
 Name:		tigervnc
 Version:	1.4.3
-Release:	8%{?dist}
+Release:	9%{?dist}
 Summary:	A TigerVNC remote display system
 
 %global _hardened_build 1
@@ -61,6 +61,7 @@ Patch9:		tigervnc-shebang.patch
 Patch11:	tigervnc-format-security.patch
 Patch14:	tigervnc-xstartup.patch
 Patch15:	tigervnc-xserver117.patch
+Patch16:	tigervnc-gnutls-3.4.patch
 
 # This is tigervnc-%{version}/unix/xserver116.patch rebased on the latest xorg
 Patch100:       tigervnc-xserver116-rebased.patch
@@ -193,6 +194,9 @@ popd
 # Allow build against xorg-x11-server-1.17.
 %patch15 -p1 -b .xserver117
 
+# Fix the build with gnutls 3.4 (bug #1218518).
+%patch16 -p1 -b .gnutls-3.4
+
 %build
 %ifarch sparcv9 sparc64 s390 s390x
 export CFLAGS="$RPM_OPT_FLAGS -fPIC"
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/tigervnc.git/commit/?h=master&id=85b690b6cd0b35f01a7f168b723b5daa42ab6620

More information about the scm-commits mailing list