- upgrade to a new upstream version

2008-12-04 16:50:10 +00:00 · 2008-12-04 16:50:10 +00:00 · 9c5b7534c4
commit 9c5b7534c4
parent 202be7c37f
7 changed files with 50 additions and 78 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-gnutls-2.4.2-nosrp.tar.bz2
+gnutls-2.6.2-nosrp.tar.bz2
--- a/gnutls-1.4.1-cve-2008-4989.patch
+++ b/gnutls-1.4.1-cve-2008-4989.patch
@ -1,39 +0,0 @@
-diff -up gnutls-1.4.1/lib/x509/verify.c.chain-verify gnutls-1.4.1/lib/x509/verify.c
--- gnutls-1.4.1/lib/x509/verify.c.chain-verify	2008-11-11 10:55:19.000000000 +0100
-+++ gnutls-1.4.1/lib/x509/verify.c	2008-11-11 10:58:54.000000000 +0100
-@@ -379,6 +379,17 @@ _gnutls_x509_verify_certificate (const g
-   int i = 0, ret;
-   unsigned int status = 0, output;
- 
-+  /* Check if the last certificate in the path is self signed.
-+   * In that case ignore it (a certificate is trusted only if it
-+   * leads to a trusted party by us, not the server's).
-+   */
-+  if (clist_size > 1 &&
-+      gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
-+				    certificate_list[clist_size - 1]) > 0)
-+    {
-+      clist_size--;
-+    }
-+
-   /* Verify the last certificate in the certificate path
-    * against the trusted CA certificate list.
-    *
-@@ -417,17 +428,6 @@ _gnutls_x509_verify_certificate (const g
-     }
- #endif
- 
-  /* Check if the last certificate in the path is self signed.
-   * In that case ignore it (a certificate is trusted only if it
-   * leads to a trusted party by us, not the server's).
-   */
-  if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
-				    certificate_list[clist_size - 1]) > 0
-      && clist_size > 0)
-    {
-      clist_size--;
-    }
-
-   /* Verify the certificate path (chain) 
-    */
-   for (i = clist_size - 1; i > 0; i--)
--- a/gnutls-2.4.0-nosrp.patch
+++ b/gnutls-2.4.0-nosrp.patch
@ -1,33 +0,0 @@
-diff -up gnutls-2.4.0/lib/gnutlsxx.cpp.nosrp gnutls-2.4.0/lib/gnutlsxx.cpp
--- gnutls-2.4.0/lib/gnutlsxx.cpp.nosrp	2008-05-19 10:01:43.000000000 +0200
-+++ gnutls-2.4.0/lib/gnutlsxx.cpp	2008-06-23 20:11:26.000000000 +0200
-@@ -398,7 +398,11 @@ void session::set_credentials( credentia
- 
- const char* server_session::get_srp_username() const
- {
-+#ifdef ENABLE_SRP
-     return gnutls_srp_server_get_username( s);
-+#else
-+    return NULL;
-+#endif
- }
- 
- const char* server_session::get_psk_username() const
-@@ -677,7 +681,7 @@ void certificate_client_credentials::set
- }
- 
- // SRP
-
-+#ifdef ENABLE_SRP
- srp_server_credentials::srp_server_credentials() : credentials(GNUTLS_CRD_SRP)
- { 
-     RETWRAP(gnutls_srp_allocate_server_credentials( &cred));
-@@ -721,7 +725,7 @@ void srp_client_credentials::set_credent
- {
-     gnutls_srp_set_client_credentials_function( cred, func);
- }
-
-+#endif
- // PSK
- 
- psk_server_credentials::psk_server_credentials() : credentials(GNUTLS_CRD_PSK)
--- a/gnutls-2.6.2-chain-verify.patch
+++ b/gnutls-2.6.2-chain-verify.patch
@ -0,0 +1,21 @@
+diff -up gnutls-2.6.2/lib/x509/verify.c.chain-verify gnutls-2.6.2/lib/x509/verify.c
+--- gnutls-2.6.2/lib/x509/verify.c.chain-verify	2008-11-12 15:01:46.000000000 +0100
+++ gnutls-2.6.2/lib/x509/verify.c	2008-12-04 14:35:52.000000000 +0100
+@@ -374,6 +374,17 @@ _gnutls_x509_verify_certificate (const g
+   int i = 0, ret;
+   unsigned int status = 0, output;
+ 
+  /* Check if the last certificate in the path is self signed.
+   * In that case ignore it (a certificate is trusted only if it
+   * leads to a trusted party by us, not the server's).
+   */
+  if (clist_size > 1 &&
+      gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+				    certificate_list[clist_size - 1]) > 0)
+    {
+      clist_size--;
+    }
+
+   /* Verify the last certificate in the certificate path
+    * against the trusted CA certificate list.
+    *
--- a/gnutls-2.6.2-nosrp.patch
+++ b/gnutls-2.6.2-nosrp.patch
@ -0,0 +1,20 @@
+diff -up gnutls-2.6.2/lib/gnutlsxx.cpp.nosrp gnutls-2.6.2/lib/gnutlsxx.cpp
+--- gnutls-2.6.2/lib/gnutlsxx.cpp.nosrp	2008-11-12 10:56:28.000000000 +0100
+++ gnutls-2.6.2/lib/gnutlsxx.cpp	2008-12-04 14:34:10.000000000 +0100
+@@ -396,12 +396,14 @@ void session::set_credentials( credentia
+     RETWRAP(gnutls_credentials_set( s, cred.get_type(), cred.ptr()));
+ }
+ 
+-#ifdef ENABLE_SRP
+ const char* server_session::get_srp_username() const
+ {
+#ifdef ENABLE_SRP
+     return gnutls_srp_server_get_username( s);
+-}
+#else
+    return NULL;
+ #endif
+}
+ 
+ const char* server_session::get_psk_username() const
+ {
--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,7 +1,7 @@
 Summary: A TLS protocol implementation
 Name: gnutls
-Version: 2.4.2
-Release: 3%{?dist}
+Version: 2.6.2
+Release: 1%{?dist}
 # The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
 License: GPLv3+ and LGPLv2+
 Group: System Environment/Libraries
@ -15,8 +15,8 @@ URL: http://www.gnutls.org/
 # XXX patent tainted SRP code removed.
 Source0: %{name}-%{version}-nosrp.tar.bz2
 Source1: libgnutls-config
-Patch1: gnutls-2.4.0-nosrp.patch
-Patch5: gnutls-1.4.1-cve-2008-4989.patch
+Patch1: gnutls-2.6.2-nosrp.patch
+Patch5: gnutls-2.6.2-chain-verify.patch

 BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: libgcrypt >= 1.2.2
@ -150,6 +150,9 @@ fi
 %{_datadir}/guile/site/gnutls.scm

 %changelog
+* Thu Dec  4 2008 Tomas Mraz <tmraz@redhat.com> 2.6.2-1
+- upgrade to a new upstream version
+
 * Tue Nov 11 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-3
 - fix chain verification issue CVE-2008-4989 (#470079)

--- a/2
+++ b/2
@ -1 +1 @@
-dcc09099518f4560a01d3b153bcafc5d  gnutls-2.4.2-nosrp.tar.bz2
+b74cfcc8af6a81fa3a51fc798660af0b  gnutls-2.6.2-nosrp.tar.bz2