[gentoo-commits] gentoo-x86 commit in net-libs/neon/files: neon-0.29.6-gnutls-3-types.patch neon-0.29.6-gnutls-3-functions.patch - gentoo-commits

From:	"Alexander Vershilov (qnikst)" <qnikst@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-libs/neon/files: neon-0.29.6-gnutls-3-types.patch neon-0.29.6-gnutls-3-functions.patch
Date:	Thu, 01 Nov 2012 15:52:44
Message-Id:	`20121101155228.528F921601@flycatcher.gentoo.org`

1

qnikst      12/11/01 15:52:28

2

3

  Added:                neon-0.29.6-gnutls-3-types.patch

4

                        neon-0.29.6-gnutls-3-functions.patch

5

  Log:

6

  fix gnutls-3 breakage #421441, thanks to Bartosz Brachaczek

7

8

  (Portage version: 2.2.0_alpha142/cvs/Linux x86_64, unsigned Manifest commit)

9

10

Revision  Changes    Path

11

1.1                  net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch?rev=1.1&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch?rev=1.1&content-type=text/plain

15

16

Index: neon-0.29.6-gnutls-3-types.patch

17

===================================================================

18

From 9033b72dc4fa250519379cb39142a3e42141d3f5 Mon Sep 17 00:00:00 2001

19

From: Alexander V Vershilov <alexander.vershilov@×××××.com>

20

Date: Thu, 1 Nov 2012 11:44:36 +0400

21

Subject: [PATCH 2/2] neon gnutls types fix

22

23

---

24

 src/ne_gnutls.c | 10 +++++-----

25

 1 file changed, 5 insertions(+), 5 deletions(-)

26

27

diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c

28

index d50c6ce..11dfd8e 100644

29

--- a/src/ne_gnutls.c

30

+++ b/src/ne_gnutls.c

31

@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s {

32

};

33

34

 struct ne_ssl_client_cert_s {

35

-    gnutls_pkcs12 p12;

36

+    gnutls_pkcs12_t p12;

37

     int decrypted; /* non-zero if successfully decrypted. */

38

     int keyless;

39

     ne_ssl_certificate cert;

40

@@ -1041,11 +1041,11 @@ static int read_to_datum(const char *filename, gnutls_datum *datum)

41

 /* Parses a PKCS#12 structure and loads the certificate, private key

42

  * and friendly name if possible.  Returns zero on success, non-zero

43

  * on error. */

44

-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,

45

+static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey,

46

                         gnutls_x509_crt *x5, char **friendly_name,

47

                         const char *password)

48

{

49

-    gnutls_pkcs12_bag bag = NULL;

50

+    gnutls_pkcs12_bag_t bag = NULL;

51

     int i, j, ret = 0;

52

53

     for (i = 0; ret == 0; ++i) {

54

@@ -1060,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,

55

         gnutls_pkcs12_bag_decrypt(bag, password);

56

57

         for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) {

58

-            gnutls_pkcs12_bag_type type;

59

+            gnutls_pkcs12_bag_type_t type;

60

             gnutls_datum data;

61

62

             if (friendly_name && *friendly_name == NULL) {

63

@@ -1130,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)

64

{

65

     int ret;

66

     gnutls_datum data;

67

-    gnutls_pkcs12 p12;

68

+    gnutls_pkcs12_t p12;

69

     ne_ssl_client_cert *cc;

70

     char *friendly_name = NULL;

71

     gnutls_x509_crt cert = NULL;

72

--

73

1.7.12.3

1.1                  net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch

79

80

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch?rev=1.1&view=markup

81

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch?rev=1.1&content-type=text/plain

82

83

Index: neon-0.29.6-gnutls-3-functions.patch

84

===================================================================

85

From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001

86

From: Alexander V Vershilov <alexander.vershilov@×××××.com>

87

Date: Thu, 1 Nov 2012 11:44:10 +0400

88

Subject: [PATCH 1/2] neon gnutls-3 fixes

89

90

---

91

 macros/neon.m4  |  9 ++++++++-

92

 src/ne_gnutls.c | 13 +++++++++++--

93

 src/ne_socket.c | 10 +++++++---

94

 3 files changed, 26 insertions(+), 6 deletions(-)

95

96

diff --git a/macros/neon.m4 b/macros/neon.m4

97

index 32111c7..40f1d71 100644

98

--- a/macros/neon.m4

99

+++ b/macros/neon.m4

100

@@ -982,13 +982,20 @@ gnutls)

101

    # Check for functions in later releases

102

    NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \

103

                   gnutls_sign_callback_set \

104

+                  gnutls_certificate_get_issuer \

105

                   gnutls_certificate_get_x509_cas \

106

-                  gnutls_certificate_verify_peers2])

107

+                  gnutls_certificate_verify_peers2 \

108

+                  gnutls_x509_crt_sign2])

109

110

    # fail if gnutls_certificate_verify_peers2 is not found

111

    if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then

112

        AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required])

113

fi

114

+

115

+   # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)

116

+   if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then

117

+       AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])

118

+   fi

119

120

    # Check for iconv support if using the new RDN access functions:

121

    if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then

122

diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c

123

index eec5655..d50c6ce 100644

124

--- a/src/ne_gnutls.c

125

+++ b/src/ne_gnutls.c

126

@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx)

127

     ne_free(ctx);

128

}

129

130

-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS

131

+#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)

132

 /* Return the issuer of the given certificate, or NULL if none can be

133

  * found. */

134

 static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list,

135

@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock,

136

}

137

}

138

139

-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS

140

+#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)

141

     /* GnuTLS only returns the peers which were *sent* by the server

142

      * in the Certificate list during the handshake.  Fill in the

143

      * complete chain manually against the certs we trust: */

144

     if (current->issuer == NULL) {

145

         gnutls_x509_crt issuer;

146

+

147

+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER

148

         gnutls_x509_crt *ca_list;

149

         unsigned int num_cas;

150

151

         gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas);

152

+#endif

153

154

         do { 

155

             /* Look up the issuer. */

156

+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER

157

             issuer = find_issuer(ca_list, num_cas, current->subject);

158

+#else

159

+            if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0))

160

+                issuer = NULL;

161

+#endif

162

+

163

             if (issuer) {

164

                 issuer = x509_crt_copy(issuer);

165

                 cert = populate_cert(ne_calloc(sizeof *cert), issuer);

166

diff --git a/src/ne_socket.c b/src/ne_socket.c

167

index 12cf020..faee20c 100644

168

--- a/src/ne_socket.c

169

+++ b/src/ne_socket.c

170

@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret)

171

                     _("SSL alert received: %s"),

172

                     gnutls_alert_get_name(gnutls_alert_get(sock->ssl)));

173

         break;

174

+#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99)

175

+    case GNUTLS_E_PREMATURE_TERMINATION:

176

+#else

177

     case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:

178

-        /* It's not exactly an API guarantee but this error will

179

-         * always mean a premature EOF. */

180

+#endif

181

         ret = NE_SOCK_TRUNC;

182

         set_error(sock, _("Secure connection truncated"));

183

         break;

184

@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)

185

         NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n");

186

}

187

 #elif defined(HAVE_GNUTLS)

188

+    unsigned int verify_status;

189

+

190

     gnutls_init(&ssl, GNUTLS_SERVER);

191

     gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);

192

     gnutls_set_default_priority(ssl);

193

@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx)

194

     if (ret < 0) {

195

         return error_gnutls(sock, ret);

196

}

197

-    if (ctx->verify && gnutls_certificate_verify_peers(ssl)) {

198

+    if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) {

199

         set_error(sock, _("Client certificate verification failed"));

200

         return NE_SOCK_ERROR;

201

}

202

--

203

1.7.12.3

1	qnikst 12/11/01 15:52:28
2
3	Added: neon-0.29.6-gnutls-3-types.patch
4	neon-0.29.6-gnutls-3-functions.patch
5	Log:
6	fix gnutls-3 breakage #421441, thanks to Bartosz Brachaczek
7
8	(Portage version: 2.2.0_alpha142/cvs/Linux x86_64, unsigned Manifest commit)
9
10	Revision Changes Path
11	1.1 net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch?rev=1.1&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-types.patch?rev=1.1&content-type=text/plain
15
16	Index: neon-0.29.6-gnutls-3-types.patch
17	===================================================================
18	From 9033b72dc4fa250519379cb39142a3e42141d3f5 Mon Sep 17 00:00:00 2001
19	From: Alexander V Vershilov <alexander.vershilov@×××××.com>
20	Date: Thu, 1 Nov 2012 11:44:36 +0400
21	Subject: [PATCH 2/2] neon gnutls types fix
22
23	---
24	src/ne_gnutls.c \| 10 +++++-----
25	1 file changed, 5 insertions(+), 5 deletions(-)
26
27	diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
28	index d50c6ce..11dfd8e 100644
29	--- a/src/ne_gnutls.c
30	+++ b/src/ne_gnutls.c
31	@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s {
32	};
33
34	struct ne_ssl_client_cert_s {
35	- gnutls_pkcs12 p12;
36	+ gnutls_pkcs12_t p12;
37	int decrypted; /* non-zero if successfully decrypted. */
38	int keyless;
39	ne_ssl_certificate cert;
40	@@ -1041,11 +1041,11 @@ static int read_to_datum(const char filename, gnutls_datum datum)
41	/* Parses a PKCS#12 structure and loads the certificate, private key
42	* and friendly name if possible. Returns zero on success, non-zero
43	* on error. */
44	-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
45	+static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey,
46	gnutls_x509_crt x5, char *friendly_name,
47	const char *password)
48	{
49	- gnutls_pkcs12_bag bag = NULL;
50	+ gnutls_pkcs12_bag_t bag = NULL;
51	int i, j, ret = 0;
52
53	for (i = 0; ret == 0; ++i) {
54	@@ -1060,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
55	gnutls_pkcs12_bag_decrypt(bag, password);
56
57	for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) {
58	- gnutls_pkcs12_bag_type type;
59	+ gnutls_pkcs12_bag_type_t type;
60	gnutls_datum data;
61
62	if (friendly_name && *friendly_name == NULL) {
63	@@ -1130,7 +1130,7 @@ ne_ssl_client_cert ne_ssl_clicert_read(const char filename)
64	{
65	int ret;
66	gnutls_datum data;
67	- gnutls_pkcs12 p12;
68	+ gnutls_pkcs12_t p12;
69	ne_ssl_client_cert *cc;
70	char *friendly_name = NULL;
71	gnutls_x509_crt cert = NULL;
72	--
73	1.7.12.3
74
75
76
77
78	1.1 net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch
79
80	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch?rev=1.1&view=markup
81	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-libs/neon/files/neon-0.29.6-gnutls-3-functions.patch?rev=1.1&content-type=text/plain
82
83	Index: neon-0.29.6-gnutls-3-functions.patch
84	===================================================================
85	From d7516e56dc854308349419b81904e9a61751cde4 Mon Sep 17 00:00:00 2001
86	From: Alexander V Vershilov <alexander.vershilov@×××××.com>
87	Date: Thu, 1 Nov 2012 11:44:10 +0400
88	Subject: [PATCH 1/2] neon gnutls-3 fixes
89
90	---
91	macros/neon.m4 \| 9 ++++++++-
92	src/ne_gnutls.c \| 13 +++++++++++--
93	src/ne_socket.c \| 10 +++++++---
94	3 files changed, 26 insertions(+), 6 deletions(-)
95
96	diff --git a/macros/neon.m4 b/macros/neon.m4
97	index 32111c7..40f1d71 100644
98	--- a/macros/neon.m4
99	+++ b/macros/neon.m4
100	@@ -982,13 +982,20 @@ gnutls)
101	# Check for functions in later releases
102	NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \
103	gnutls_sign_callback_set \
104	+ gnutls_certificate_get_issuer \
105	gnutls_certificate_get_x509_cas \
106	- gnutls_certificate_verify_peers2])
107	+ gnutls_certificate_verify_peers2 \
108	+ gnutls_x509_crt_sign2])
109
110	# fail if gnutls_certificate_verify_peers2 is not found
111	if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then
112	AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required])
113	fi
114	+
115	+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
116	+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
117	+ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
118	+ fi
119
120	# Check for iconv support if using the new RDN access functions:
121	if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then
122	diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
123	index eec5655..d50c6ce 100644
124	--- a/src/ne_gnutls.c
125	+++ b/src/ne_gnutls.c
126	@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx)
127	ne_free(ctx);
128	}
129
130	-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
131	+#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
132	/* Return the issuer of the given certificate, or NULL if none can be
133	* found. */
134	static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list,
135	@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock,
136	}
137	}
138
139	-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
140	+#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) \|\| defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
141	/* GnuTLS only returns the peers which were sent by the server
142	* in the Certificate list during the handshake. Fill in the
143	* complete chain manually against the certs we trust: */
144	if (current->issuer == NULL) {
145	gnutls_x509_crt issuer;
146	+
147	+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
148	gnutls_x509_crt *ca_list;
149	unsigned int num_cas;
150
151	gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas);
152	+#endif
153
154	do {
155	/* Look up the issuer. */
156	+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
157	issuer = find_issuer(ca_list, num_cas, current->subject);
158	+#else
159	+ if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0))
160	+ issuer = NULL;
161	+#endif
162	+
163	if (issuer) {
164	issuer = x509_crt_copy(issuer);
165	cert = populate_cert(ne_calloc(sizeof *cert), issuer);
166	diff --git a/src/ne_socket.c b/src/ne_socket.c
167	index 12cf020..faee20c 100644
168	--- a/src/ne_socket.c
169	+++ b/src/ne_socket.c
170	@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *sock, ssize_t sret)
171	_("SSL alert received: %s"),
172	gnutls_alert_get_name(gnutls_alert_get(sock->ssl)));
173	break;
174	+#if GNUTLS_VERSION_MAJOR > 2 \|\| (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99)
175	+ case GNUTLS_E_PREMATURE_TERMINATION:
176	+#else
177	case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
178	- /* It's not exactly an API guarantee but this error will
179	- * always mean a premature EOF. */
180	+#endif
181	ret = NE_SOCK_TRUNC;
182	set_error(sock, _("Secure connection truncated"));
183	break;
184	@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket sock, ne_ssl_context ctx)
185	NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n");
186	}
187	#elif defined(HAVE_GNUTLS)
188	+ unsigned int verify_status;
189	+
190	gnutls_init(&ssl, GNUTLS_SERVER);
191	gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);
192	gnutls_set_default_priority(ssl);
193	@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket sock, ne_ssl_context ctx)
194	if (ret < 0) {
195	return error_gnutls(sock, ret);
196	}
197	- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) {
198	+ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) \|\| verify_status)) {
199	set_error(sock, _("Client certificate verification failed"));
200	return NE_SOCK_ERROR;
201	}
202	--
203	1.7.12.3

Gentoo Archives: gentoo-commits