- upgrade to latest upstream

.cvsignore

@@ -1 +1 @@
-gnutls-2.0.4-nosrp.tar.bz2
+gnutls-2.4.0-nosrp.tar.bz2

gnutls-1.4.1-sa-2008-1.patch

@@ -1,98 +0,0 @@
-diff -up gnutls-1.4.1/lib/ext_server_name.c.sa-2008-1 gnutls-1.4.1/lib/ext_server_name.c
---- gnutls-1.4.1/lib/ext_server_name.c.sa-2008-1	2006-03-08 11:44:59.000000000 +0100
-+++ gnutls-1.4.1/lib/ext_server_name.c	2008-05-20 09:52:13.000000000 +0200
-@@ -74,10 +74,27 @@ _gnutls_server_name_recv_params (gnutls_
- 	  len = _gnutls_read_uint16 (p);
- 	  p += 2;
- 
--	  DECR_LENGTH_RET (data_size, len, 0);
--	  server_names++;
-+	  if (len > 0)
-+	    {
-+	      DECR_LENGTH_RET (data_size, len, 0);
-+	      server_names++;
-+	      p += len;
-+	    }
-+	  else
-+	    _gnutls_handshake_log
-+	      ("HSK[%x]: Received zero size server name (under attack?)\n",
-+	       session);
- 
--	  p += len;
-+	}
-+
-+      /* we cannot accept more server names.
-+       */
-+      if (server_names > MAX_SERVER_NAME_EXTENSIONS)
-+	{
-+	  _gnutls_handshake_log
-+	    ("HSK[%x]: Too many server names received (under attack?)\n",
-+	     session);
-+	  server_names = MAX_SERVER_NAME_EXTENSIONS;
- 	}
- 
-       session->security_parameters.extensions.server_names_size =
-@@ -85,10 +102,6 @@ _gnutls_server_name_recv_params (gnutls_
-       if (server_names == 0)
- 	return 0;		/* no names found */
- 
--      /* we cannot accept more server names.
--       */
--      if (server_names > MAX_SERVER_NAME_EXTENSIONS)
--	server_names = MAX_SERVER_NAME_EXTENSIONS;
- 
-       p = data + 2;
-       for (i = 0; i < server_names; i++)
-diff -up gnutls-1.4.1/lib/gnutls_handshake.c.sa-2008-1 gnutls-1.4.1/lib/gnutls_handshake.c
---- gnutls-1.4.1/lib/gnutls_handshake.c.sa-2008-1	2006-04-17 18:32:16.000000000 +0200
-+++ gnutls-1.4.1/lib/gnutls_handshake.c	2008-05-20 09:52:13.000000000 +0200
-@@ -929,6 +929,14 @@ _gnutls_recv_handshake_header (gnutls_se
- 
-       *recv_type = session->internals.handshake_header_buffer.recv_type;
- 
-+      if (*recv_type != type)
-+	{
-+	  gnutls_assert ();
-+	  _gnutls_handshake_log
-+	    ("HSK[%x]: Handshake type mismatch (under attack?)\n", session);
-+	  return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
-+	}
-+
-       return session->internals.handshake_header_buffer.packet_length;
-     }
- 
-diff -up gnutls-1.4.1/lib/gnutls_cipher.c.sa-2008-1 gnutls-1.4.1/lib/gnutls_cipher.c
---- gnutls-1.4.1/lib/gnutls_cipher.c.sa-2008-1	2006-03-08 11:44:59.000000000 +0100
-+++ gnutls-1.4.1/lib/gnutls_cipher.c	2008-05-20 09:52:48.000000000 +0200
-@@ -445,7 +445,6 @@ _gnutls_ciphertext2compressed (gnutls_se
-       return GNUTLS_E_INTERNAL_ERROR;
-     }
- 
--
-   /* actual decryption (inplace)
-    */
-   switch (_gnutls_cipher_is_block
-@@ -496,17 +495,20 @@ _gnutls_ciphertext2compressed (gnutls_se
- 
-       pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
- 
--      length = ciphertext.size - hash_size - pad;
--
--      if (pad > ciphertext.size - hash_size)
-+      if ((int)pad > (int)ciphertext.size - hash_size)
- 	{
- 	  gnutls_assert ();
-+	  _gnutls_record_log
-+	    ("REC[%x]: Short record length %d > %d - %d (under attack?)\n",
-+	     session, pad, ciphertext.size, hash_size);
- 	  /* We do not fail here. We check below for the
- 	   * the pad_failed. If zero means success.
- 	   */
- 	  pad_failed = GNUTLS_E_DECRYPTION_FAILED;
- 	}
- 
-+      length = ciphertext.size - hash_size - pad;
-+
-       /* Check the pading bytes (TLS 1.x)
-        */
-       if (ver >= GNUTLS_TLS1 && pad_failed == 0)

gnutls-2.0.4-nosrp.patch

@@ -1,70 +0,0 @@
-diff -up gnutls-2.0.4/doc/examples/ex-serv-srp.c.nosrp gnutls-2.0.4/doc/examples/ex-serv-srp.c
---- gnutls-2.0.4/doc/examples/ex-serv-srp.c.nosrp	2007-11-15 16:24:56.000000000 +0100
-+++ gnutls-2.0.4/doc/examples/ex-serv-srp.c	2007-11-29 14:50:37.000000000 +0100
-@@ -29,6 +29,7 @@
- #define MAX_BUF 1024
- #define PORT 5556		/* listen to 5556 port */
- 
-+#if 0
- /* These are global */
- gnutls_srp_server_credentials_t srp_cred;
- gnutls_certificate_credentials_t cert_cred;
-@@ -57,10 +58,12 @@ initialize_tls_session (void)
- 
-   return session;
- }
-+#endif
- 
- int
- main (void)
- {
-+#if 0
-   int err, listen_sd, i;
-   int sd, ret;
-   struct sockaddr_in sa_serv;
-@@ -173,7 +176,7 @@ main (void)
-   gnutls_certificate_free_credentials (cert_cred);
- 
-   gnutls_global_deinit ();
--
-+#endif
-   return 0;
- 
- }
-diff -up gnutls-2.0.4/doc/examples/ex-session-info.c.nosrp gnutls-2.0.4/doc/examples/ex-session-info.c
---- gnutls-2.0.4/doc/examples/ex-session-info.c.nosrp	2007-11-15 16:24:56.000000000 +0100
-+++ gnutls-2.0.4/doc/examples/ex-session-info.c	2007-11-29 15:54:12.000000000 +0100
-@@ -35,12 +35,12 @@ print_info (gnutls_session_t session)
-       printf ("- TLS/IA session\n");
-       break;
- 
--
-+#if 0
-     case GNUTLS_CRD_SRP:
-       printf ("- SRP session with username %s\n",
- 	      gnutls_srp_server_get_username (session));
-       break;
--
-+#endif
-     case GNUTLS_CRD_PSK:
-       if (gnutls_psk_server_get_username (session) != NULL)
- 	printf ("- PSK authentication. Connected as '%s'\n",
-diff -up gnutls-2.0.4/doc/examples/ex-client-srp.c.nosrp gnutls-2.0.4/doc/examples/ex-client-srp.c
---- gnutls-2.0.4/doc/examples/ex-client-srp.c.nosrp	2007-11-15 16:24:56.000000000 +0100
-+++ gnutls-2.0.4/doc/examples/ex-client-srp.c	2007-11-29 14:50:37.000000000 +0100
-@@ -24,6 +24,7 @@ extern void tcp_close (int sd);
- int
- main (void)
- {
-+#if 0
-   int ret;
-   int sd, ii;
-   gnutls_session_t session;
-@@ -121,6 +122,6 @@ end:
-   gnutls_certificate_free_credentials (cert_cred);
- 
-   gnutls_global_deinit ();
--
-+#endif
-   return 0;
- }

gnutls-2.4.0-nosrp.patch

@@ -0,0 +1,33 @@
+diff -up gnutls-2.4.0/lib/gnutlsxx.cpp.nosrp gnutls-2.4.0/lib/gnutlsxx.cpp
+--- gnutls-2.4.0/lib/gnutlsxx.cpp.nosrp	2008-05-19 10:01:43.000000000 +0200
++++ gnutls-2.4.0/lib/gnutlsxx.cpp	2008-06-23 20:11:26.000000000 +0200
+@@ -398,7 +398,11 @@ void session::set_credentials( credentia
+ 
+ const char* server_session::get_srp_username() const
+ {
++#ifdef ENABLE_SRP
+     return gnutls_srp_server_get_username( s);
++#else
++    return NULL;
++#endif
+ }
+ 
+ const char* server_session::get_psk_username() const
+@@ -677,7 +681,7 @@ void certificate_client_credentials::set
+ }
+ 
+ // SRP
+-
++#ifdef ENABLE_SRP
+ srp_server_credentials::srp_server_credentials() : credentials(GNUTLS_CRD_SRP)
+ { 
+     RETWRAP(gnutls_srp_allocate_server_credentials( &cred));
+@@ -721,7 +725,7 @@ void srp_client_credentials::set_credent
+ {
+     gnutls_srp_set_client_credentials_function( cred, func);
+ }
+-
++#endif
+ // PSK
+ 
+ psk_server_credentials::psk_server_credentials() : credentials(GNUTLS_CRD_PSK)

gnutls.spec

@@ -1,7 +1,7 @@
 Summary: A TLS protocol implementation
 Name: gnutls
-Version: 2.0.4
-Release: 3%{?dist}
+Version: 2.4.0
+Release: 1%{?dist}
 # The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv2+
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Libraries
@@ -14,8 +14,7 @@ URL: http://www.gnutls.org/
 # XXX patent tainted SRP code removed.
 Source0: %{name}-%{version}-nosrp.tar.bz2
 Source1: libgnutls-config
-Patch0: gnutls-2.0.4-nosrp.patch
-Patch4: gnutls-1.4.1-sa-2008-1.patch
+Patch1: gnutls-2.4.0-nosrp.patch
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: libgcrypt >= 1.2.2
@@ -56,8 +55,7 @@ manipulation tools.
 
 %prep
 %setup -q
-%patch0 -p1 -b .nosrp
-%patch4 -p1 -b .sa-2008-1
+%patch1 -p1 -b .nosrp
 
 for i in auth_srp_rsa.c auth_srp_sb64.c auth_srp_passwd.c auth_srp.c gnutls_srp.c ext_srp.c; do
     touch lib/$i
@@ -126,6 +124,9 @@ fi
 %{_mandir}/man1/*
 
 %changelog
+* Tue Jun 24 2008 Tomas Mraz <tmraz@redhat.com> 2.4.0-1
+- upgrade to latest upstream
+
 * Tue May 20 2008 Tomas Mraz <tmraz@redhat.com> 2.0.4-3
 - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1
   (#447461, #447462, #447463)

sources

@@ -1 +1 @@
-9227132e5e92bcf1e4d674c86779e9ef  gnutls-2.0.4-nosrp.tar.bz2
+45595b7146b135fc883ca8010a6b185c  gnutls-2.4.0-nosrp.tar.bz2