From 8ca802ec83d3ba4a4f0ae0fcb7afde1dc53fce4d Mon Sep 17 00:00:00 2001 From: Marcin Juszkiewicz Date: Wed, 21 May 2008 19:28:11 +0000 Subject: gnutls: update to 2.2.5 (security updates) git-svn-id: https://svn.o-hand.com/repos/poky/trunk@4523 311d38ba-8fff-0310-9ca6-ca027cbcb966 --- .../gnutls/gnutls-2.2.3/configure_madness.patch | 57 ---------- .../gnutls/gnutls-2.2.3/gnutls-openssl.patch | 124 --------------------- .../gnutls/gnutls-2.2.3/gnutls-texinfo-euro.patch | 16 --- .../gnutls/gnutls-2.2.5/configure_madness.patch | 57 ++++++++++ .../gnutls/gnutls-2.2.5/gnutls-openssl.patch | 124 +++++++++++++++++++++ .../gnutls/gnutls-2.2.5/gnutls-texinfo-euro.patch | 16 +++ meta/packages/gnutls/gnutls_2.2.3.bb | 7 -- meta/packages/gnutls/gnutls_2.2.5.bb | 7 ++ 8 files changed, 204 insertions(+), 204 deletions(-) delete mode 100644 meta/packages/gnutls/gnutls-2.2.3/configure_madness.patch delete mode 100644 meta/packages/gnutls/gnutls-2.2.3/gnutls-openssl.patch delete mode 100644 meta/packages/gnutls/gnutls-2.2.3/gnutls-texinfo-euro.patch create mode 100644 meta/packages/gnutls/gnutls-2.2.5/configure_madness.patch create mode 100644 meta/packages/gnutls/gnutls-2.2.5/gnutls-openssl.patch create mode 100644 meta/packages/gnutls/gnutls-2.2.5/gnutls-texinfo-euro.patch delete mode 100644 meta/packages/gnutls/gnutls_2.2.3.bb create mode 100644 meta/packages/gnutls/gnutls_2.2.5.bb (limited to 'meta/packages/gnutls') diff --git a/meta/packages/gnutls/gnutls-2.2.3/configure_madness.patch b/meta/packages/gnutls/gnutls-2.2.3/configure_madness.patch deleted file mode 100644 index 475dc3f31..000000000 --- a/meta/packages/gnutls/gnutls-2.2.3/configure_madness.patch +++ /dev/null @@ -1,57 +0,0 @@ ---- - configure.in | 8 ++++---- - lib/gnutls.pc.in | 3 ++- - libextra/gnutls-extra.pc.in | 3 ++- - 3 files changed, 8 insertions(+), 6 deletions(-) - ---- gnutls-2.2.2.orig/configure.in -+++ gnutls-2.2.2/configure.in -@@ -698,17 +698,17 @@ AC_MSG_RESULT([*** - *** Detecting options for shared libraries... - ]) - AC_LIBTOOL_WIN32_DLL - AC_PROG_LIBTOOL - --LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBTASN1_LIBS $LIBGCRYPT_LIBS $LIBS" --LIBGNUTLS_CFLAGS="$LIBGCRYPT_CFLAGS $LIBTASN1_CFLAGS -I${includedir}" -+LIBGNUTLS_LIBS="-lgnutls $LIBTASN1_LIBS $LIBGCRYPT_LIBS $LIBS" -+LIBGNUTLS_CFLAGS="$LIBGCRYPT_CFLAGS $LIBTASN1_CFLAGS" - AC_SUBST(LIBGNUTLS_LIBS) - AC_SUBST(LIBGNUTLS_CFLAGS) - --LIBGNUTLS_EXTRA_LIBS="-L${libdir} -lgnutls-extra $LTLIBOPENCDK $LZO_LIBS $LIBGNUTLS_LIBS" --LIBGNUTLS_EXTRA_CFLAGS="$INCOPENCDK -I${includedir}" -+LIBGNUTLS_EXTRA_LIBS="-lgnutls-extra $LTLIBOPENCDK $LZO_LIBS $LIBGNUTLS_LIBS" -+LIBGNUTLS_EXTRA_CFLAGS="$INCOPENCDK" - AC_SUBST(LIBGNUTLS_EXTRA_LIBS) - AC_SUBST(LIBGNUTLS_EXTRA_CFLAGS) - export ac_full - - AM_CFLAGS="${AM_CFLAGS} ${LIBGCRYPT_CFLAGS}" ---- gnutls-2.2.2.orig/lib/gnutls.pc.in -+++ gnutls-2.2.2/lib/gnutls.pc.in -@@ -16,8 +16,9 @@ libdir=@libdir@ - includedir=@includedir@ - - Name: GnuTLS - Description: Transport Security Layer implementation for the GNU system - Version: @VERSION@ -+Requires.private: libgcrypt - Libs: -L${libdir} -lgnutls --Libs.private: @LIBGNUTLS_LIBS@ -+Libs.private: -L${libdir} -lgnutls - Cflags: -I${includedir} ---- gnutls-2.2.2.orig/libextra/gnutls-extra.pc.in -+++ gnutls-2.2.2/libextra/gnutls-extra.pc.in -@@ -16,9 +16,10 @@ libdir=@libdir@ - includedir=@includedir@ - - Name: GnuTLS-extra - Description: Additional add-ons for GnuTLS licensed under GPL - Requires: gnutls -+Requires.private: gnutls - Version: @VERSION@ - Libs: -L${libdir} -lgnutls-extra --Libs.private: @LIBGNUTLS_EXTRA_LIBS@ -+Libs.private: -L${libdir} -lgnutls-extra - Cflags: -I${includedir} diff --git a/meta/packages/gnutls/gnutls-2.2.3/gnutls-openssl.patch b/meta/packages/gnutls/gnutls-2.2.3/gnutls-openssl.patch deleted file mode 100644 index e2c189592..000000000 --- a/meta/packages/gnutls/gnutls-2.2.3/gnutls-openssl.patch +++ /dev/null @@ -1,124 +0,0 @@ -Index: gnutls-1.6.0/libextra/gnutls_openssl.c -=================================================================== ---- gnutls-1.6.0.orig/libextra/gnutls_openssl.c 2006-08-13 22:34:09.000000000 +0200 -+++ gnutls-1.6.0/libextra/gnutls_openssl.c 2006-12-12 15:07:59.002227000 +0100 -@@ -256,12 +256,17 @@ - ssl->rfd = (gnutls_transport_ptr_t) - 1; - ssl->wfd = (gnutls_transport_ptr_t) - 1; - -+ ssl->ssl_peek_buffer = NULL; -+ ssl->ssl_peek_buffer_size = ssl->ssl_peek_avail = 0; -+ - return ssl; - } - - void - SSL_free (SSL * ssl) - { -+ if (ssl->ssl_peek_buffer) -+ free(ssl->ssl_peek_buffer); - gnutls_certificate_free_credentials (ssl->gnutls_cred); - gnutls_deinit (ssl->gnutls_state); - free (ssl); -@@ -285,6 +290,7 @@ - SSL_set_fd (SSL * ssl, int fd) - { - gnutls_transport_set_ptr (ssl->gnutls_state, GNUTLS_INT_TO_POINTER (fd)); -+ ssl->rfd = ssl->wfd = fd; - return 1; - } - -@@ -310,6 +316,17 @@ - return 1; - } - -+int SSL_get_rfd(SSL *ssl) -+{ -+ return ssl->rfd; -+} -+ -+int SSL_get_wfd(SSL *ssl) -+{ -+ return ssl->wfd; -+} -+ -+ - void - SSL_set_bio (SSL * ssl, BIO * rbio, BIO * wbio) - { -@@ -325,6 +342,8 @@ - int - SSL_pending (SSL * ssl) - { -+ if (ssl->ssl_peek_avail) -+ return ssl->ssl_peek_avail; - return gnutls_record_check_pending (ssl->gnutls_state); - } - -@@ -480,11 +499,50 @@ - return 1; - } - -+int SSL_peek(SSL *ssl, void *buf, int len) -+{ -+ if (len > ssl->ssl_peek_buffer_size) { -+ ssl->ssl_peek_buffer = realloc (ssl->ssl_peek_buffer, len); -+ ssl->ssl_peek_buffer_size = len; -+ } -+ -+ if (ssl->ssl_peek_avail == 0) { -+ -+ int ret; -+ -+ ret = gnutls_record_recv(ssl->gnutls_state, ssl->ssl_peek_buffer, len); -+ ssl->last_error = ret; -+ -+ if (ret > 0) -+ ssl->ssl_peek_avail += ret; -+ } -+ -+ if (len > ssl->ssl_peek_avail) -+ len = ssl->ssl_peek_avail; -+ -+ memcpy (buf, ssl->ssl_peek_buffer, len); -+ -+ return len; -+} -+ - int - SSL_read (SSL * ssl, void *buf, int len) - { - int ret; - -+ if (ssl->ssl_peek_avail) { -+ int n = (ssl->ssl_peek_avail > len) ? len : ssl->ssl_peek_avail; -+ -+ memcpy (buf, ssl->ssl_peek_buffer, n); -+ -+ if (ssl->ssl_peek_avail > n) -+ memmove (ssl->ssl_peek_buffer, ssl->ssl_peek_buffer + n, ssl->ssl_peek_avail - n); -+ -+ ssl->ssl_peek_avail -= n; -+ -+ return n; -+ } -+ - ret = gnutls_record_recv (ssl->gnutls_state, buf, len); - ssl->last_error = ret; - -Index: gnutls-1.6.0/includes/gnutls/openssl.h -=================================================================== ---- gnutls-1.6.0.orig/includes/gnutls/openssl.h 2006-03-08 11:44:58.000000000 +0100 -+++ gnutls-1.6.0/includes/gnutls/openssl.h 2006-12-12 15:07:26.032227000 +0100 -@@ -164,6 +164,11 @@ - - gnutls_transport_ptr_t rfd; - gnutls_transport_ptr_t wfd; -+ -+ char *ssl_peek_buffer; -+ size_t ssl_peek_buffer_size; -+ size_t ssl_peek_avail; -+ - }; - - #define rbio gnutls_state diff --git a/meta/packages/gnutls/gnutls-2.2.3/gnutls-texinfo-euro.patch b/meta/packages/gnutls/gnutls-2.2.3/gnutls-texinfo-euro.patch deleted file mode 100644 index e2a276242..000000000 --- a/meta/packages/gnutls/gnutls-2.2.3/gnutls-texinfo-euro.patch +++ /dev/null @@ -1,16 +0,0 @@ -The version of texinfo in Debian Sarge does not understand the @euro{} command. -This patch replaces the @euro{} command with the word "euro". - ---- gnutls-1.3.5/doc/signatures.texi.orig 2006-04-26 08:06:40.918268000 +0930 -+++ gnutls-1.3.5/doc/signatures.texi 2006-04-26 08:06:52.446515440 +0930 -@@ -11,8 +11,8 @@ - long as it is difficult enough to generate two different messages with - the same hash algorithm output. In that case the same signature could - be used as a proof for both messages. Nobody wants to sign an innocent --message of donating 1 @euro{} to Greenpeace and find out that he --donated 1.000.000 @euro{} to Bad Inc. -+message of donating 1 euro to Greenpeace and find out that he -+donated 1.000.000 euro to Bad Inc. - - For a hash algorithm to be called cryptographic the following three - requirements must hold diff --git a/meta/packages/gnutls/gnutls-2.2.5/configure_madness.patch b/meta/packages/gnutls/gnutls-2.2.5/configure_madness.patch new file mode 100644 index 000000000..475dc3f31 --- /dev/null +++ b/meta/packages/gnutls/gnutls-2.2.5/configure_madness.patch @@ -0,0 +1,57 @@ +--- + configure.in | 8 ++++---- + lib/gnutls.pc.in | 3 ++- + libextra/gnutls-extra.pc.in | 3 ++- + 3 files changed, 8 insertions(+), 6 deletions(-) + +--- gnutls-2.2.2.orig/configure.in ++++ gnutls-2.2.2/configure.in +@@ -698,17 +698,17 @@ AC_MSG_RESULT([*** + *** Detecting options for shared libraries... + ]) + AC_LIBTOOL_WIN32_DLL + AC_PROG_LIBTOOL + +-LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBTASN1_LIBS $LIBGCRYPT_LIBS $LIBS" +-LIBGNUTLS_CFLAGS="$LIBGCRYPT_CFLAGS $LIBTASN1_CFLAGS -I${includedir}" ++LIBGNUTLS_LIBS="-lgnutls $LIBTASN1_LIBS $LIBGCRYPT_LIBS $LIBS" ++LIBGNUTLS_CFLAGS="$LIBGCRYPT_CFLAGS $LIBTASN1_CFLAGS" + AC_SUBST(LIBGNUTLS_LIBS) + AC_SUBST(LIBGNUTLS_CFLAGS) + +-LIBGNUTLS_EXTRA_LIBS="-L${libdir} -lgnutls-extra $LTLIBOPENCDK $LZO_LIBS $LIBGNUTLS_LIBS" +-LIBGNUTLS_EXTRA_CFLAGS="$INCOPENCDK -I${includedir}" ++LIBGNUTLS_EXTRA_LIBS="-lgnutls-extra $LTLIBOPENCDK $LZO_LIBS $LIBGNUTLS_LIBS" ++LIBGNUTLS_EXTRA_CFLAGS="$INCOPENCDK" + AC_SUBST(LIBGNUTLS_EXTRA_LIBS) + AC_SUBST(LIBGNUTLS_EXTRA_CFLAGS) + export ac_full + + AM_CFLAGS="${AM_CFLAGS} ${LIBGCRYPT_CFLAGS}" +--- gnutls-2.2.2.orig/lib/gnutls.pc.in ++++ gnutls-2.2.2/lib/gnutls.pc.in +@@ -16,8 +16,9 @@ libdir=@libdir@ + includedir=@includedir@ + + Name: GnuTLS + Description: Transport Security Layer implementation for the GNU system + Version: @VERSION@ ++Requires.private: libgcrypt + Libs: -L${libdir} -lgnutls +-Libs.private: @LIBGNUTLS_LIBS@ ++Libs.private: -L${libdir} -lgnutls + Cflags: -I${includedir} +--- gnutls-2.2.2.orig/libextra/gnutls-extra.pc.in ++++ gnutls-2.2.2/libextra/gnutls-extra.pc.in +@@ -16,9 +16,10 @@ libdir=@libdir@ + includedir=@includedir@ + + Name: GnuTLS-extra + Description: Additional add-ons for GnuTLS licensed under GPL + Requires: gnutls ++Requires.private: gnutls + Version: @VERSION@ + Libs: -L${libdir} -lgnutls-extra +-Libs.private: @LIBGNUTLS_EXTRA_LIBS@ ++Libs.private: -L${libdir} -lgnutls-extra + Cflags: -I${includedir} diff --git a/meta/packages/gnutls/gnutls-2.2.5/gnutls-openssl.patch b/meta/packages/gnutls/gnutls-2.2.5/gnutls-openssl.patch new file mode 100644 index 000000000..e2c189592 --- /dev/null +++ b/meta/packages/gnutls/gnutls-2.2.5/gnutls-openssl.patch @@ -0,0 +1,124 @@ +Index: gnutls-1.6.0/libextra/gnutls_openssl.c +=================================================================== +--- gnutls-1.6.0.orig/libextra/gnutls_openssl.c 2006-08-13 22:34:09.000000000 +0200 ++++ gnutls-1.6.0/libextra/gnutls_openssl.c 2006-12-12 15:07:59.002227000 +0100 +@@ -256,12 +256,17 @@ + ssl->rfd = (gnutls_transport_ptr_t) - 1; + ssl->wfd = (gnutls_transport_ptr_t) - 1; + ++ ssl->ssl_peek_buffer = NULL; ++ ssl->ssl_peek_buffer_size = ssl->ssl_peek_avail = 0; ++ + return ssl; + } + + void + SSL_free (SSL * ssl) + { ++ if (ssl->ssl_peek_buffer) ++ free(ssl->ssl_peek_buffer); + gnutls_certificate_free_credentials (ssl->gnutls_cred); + gnutls_deinit (ssl->gnutls_state); + free (ssl); +@@ -285,6 +290,7 @@ + SSL_set_fd (SSL * ssl, int fd) + { + gnutls_transport_set_ptr (ssl->gnutls_state, GNUTLS_INT_TO_POINTER (fd)); ++ ssl->rfd = ssl->wfd = fd; + return 1; + } + +@@ -310,6 +316,17 @@ + return 1; + } + ++int SSL_get_rfd(SSL *ssl) ++{ ++ return ssl->rfd; ++} ++ ++int SSL_get_wfd(SSL *ssl) ++{ ++ return ssl->wfd; ++} ++ ++ + void + SSL_set_bio (SSL * ssl, BIO * rbio, BIO * wbio) + { +@@ -325,6 +342,8 @@ + int + SSL_pending (SSL * ssl) + { ++ if (ssl->ssl_peek_avail) ++ return ssl->ssl_peek_avail; + return gnutls_record_check_pending (ssl->gnutls_state); + } + +@@ -480,11 +499,50 @@ + return 1; + } + ++int SSL_peek(SSL *ssl, void *buf, int len) ++{ ++ if (len > ssl->ssl_peek_buffer_size) { ++ ssl->ssl_peek_buffer = realloc (ssl->ssl_peek_buffer, len); ++ ssl->ssl_peek_buffer_size = len; ++ } ++ ++ if (ssl->ssl_peek_avail == 0) { ++ ++ int ret; ++ ++ ret = gnutls_record_recv(ssl->gnutls_state, ssl->ssl_peek_buffer, len); ++ ssl->last_error = ret; ++ ++ if (ret > 0) ++ ssl->ssl_peek_avail += ret; ++ } ++ ++ if (len > ssl->ssl_peek_avail) ++ len = ssl->ssl_peek_avail; ++ ++ memcpy (buf, ssl->ssl_peek_buffer, len); ++ ++ return len; ++} ++ + int + SSL_read (SSL * ssl, void *buf, int len) + { + int ret; + ++ if (ssl->ssl_peek_avail) { ++ int n = (ssl->ssl_peek_avail > len) ? len : ssl->ssl_peek_avail; ++ ++ memcpy (buf, ssl->ssl_peek_buffer, n); ++ ++ if (ssl->ssl_peek_avail > n) ++ memmove (ssl->ssl_peek_buffer, ssl->ssl_peek_buffer + n, ssl->ssl_peek_avail - n); ++ ++ ssl->ssl_peek_avail -= n; ++ ++ return n; ++ } ++ + ret = gnutls_record_recv (ssl->gnutls_state, buf, len); + ssl->last_error = ret; + +Index: gnutls-1.6.0/includes/gnutls/openssl.h +=================================================================== +--- gnutls-1.6.0.orig/includes/gnutls/openssl.h 2006-03-08 11:44:58.000000000 +0100 ++++ gnutls-1.6.0/includes/gnutls/openssl.h 2006-12-12 15:07:26.032227000 +0100 +@@ -164,6 +164,11 @@ + + gnutls_transport_ptr_t rfd; + gnutls_transport_ptr_t wfd; ++ ++ char *ssl_peek_buffer; ++ size_t ssl_peek_buffer_size; ++ size_t ssl_peek_avail; ++ + }; + + #define rbio gnutls_state diff --git a/meta/packages/gnutls/gnutls-2.2.5/gnutls-texinfo-euro.patch b/meta/packages/gnutls/gnutls-2.2.5/gnutls-texinfo-euro.patch new file mode 100644 index 000000000..e2a276242 --- /dev/null +++ b/meta/packages/gnutls/gnutls-2.2.5/gnutls-texinfo-euro.patch @@ -0,0 +1,16 @@ +The version of texinfo in Debian Sarge does not understand the @euro{} command. +This patch replaces the @euro{} command with the word "euro". + +--- gnutls-1.3.5/doc/signatures.texi.orig 2006-04-26 08:06:40.918268000 +0930 ++++ gnutls-1.3.5/doc/signatures.texi 2006-04-26 08:06:52.446515440 +0930 +@@ -11,8 +11,8 @@ + long as it is difficult enough to generate two different messages with + the same hash algorithm output. In that case the same signature could + be used as a proof for both messages. Nobody wants to sign an innocent +-message of donating 1 @euro{} to Greenpeace and find out that he +-donated 1.000.000 @euro{} to Bad Inc. ++message of donating 1 euro to Greenpeace and find out that he ++donated 1.000.000 euro to Bad Inc. + + For a hash algorithm to be called cryptographic the following three + requirements must hold diff --git a/meta/packages/gnutls/gnutls_2.2.3.bb b/meta/packages/gnutls/gnutls_2.2.3.bb deleted file mode 100644 index 3313a456a..000000000 --- a/meta/packages/gnutls/gnutls_2.2.3.bb +++ /dev/null @@ -1,7 +0,0 @@ -require gnutls.inc - -SRC_URI += "\ - file://gnutls-openssl.patch;patch=1 \ - file://gnutls-texinfo-euro.patch;patch=1 \ - file://configure_madness.patch;patch=1 \ - " diff --git a/meta/packages/gnutls/gnutls_2.2.5.bb b/meta/packages/gnutls/gnutls_2.2.5.bb new file mode 100644 index 000000000..3313a456a --- /dev/null +++ b/meta/packages/gnutls/gnutls_2.2.5.bb @@ -0,0 +1,7 @@ +require gnutls.inc + +SRC_URI += "\ + file://gnutls-openssl.patch;patch=1 \ + file://gnutls-texinfo-euro.patch;patch=1 \ + file://configure_madness.patch;patch=1 \ + " -- cgit v1.2.3