update to 0.30.0 (#983563, #926212)

Resolves: rhbz#983563 Resolves: rhbz#926212
12 years ago · b5589e3c47
parent da2f7ddcd0
commit b5589e3c47
4 changed files with 5 additions and 196 deletions
--- a/neon-0.28.2-nocomp.patch
+++ b/neon-0.28.2-nocomp.patch
@ -1,19 +0,0 @@
--- neon-0.28.2/src/ne_openssl.c.nocomp
-+++ neon-0.28.2/src/ne_openssl.c
-@@ -1,6 +1,6 @@
- /* 
-    neon SSL/TLS support using OpenSSL
-   Copyright (C) 2002-2007, Joe Orton <joe@manyfish.co.uk>
-+   Copyright (C) 2002-2008, Joe Orton <joe@manyfish.co.uk>
-    Portions are:
-    Copyright (C) 1999-2000 Tommi Komulainen <Tommi.Komulainen@iki.fi>
- 
-@@ -545,7 +545,7 @@ ne_ssl_context *ne_ssl_context_create(in
-         /* set client cert callback. */
-         SSL_CTX_set_client_cert_cb(ctx->ctx, provide_client_cert);
-         /* enable workarounds for buggy SSL server implementations */
-        SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL);
-+        SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL | SSL_OP_NO_COMP);
-     } else if (mode == NE_SSL_CTX_SERVER) {
-         ctx->ctx = SSL_CTX_new(SSLv23_server_method());
-         SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT);
--- a/neon-0.29.6-gnutls3.patch
+++ b/neon-0.29.6-gnutls3.patch
@ -1,140 +0,0 @@
-diff -up neon-0.29.6/macros/neon.m4.gnutls3 neon-0.29.6/macros/neon.m4
--- neon-0.29.6/macros/neon.m4.gnutls3	2011-05-03 14:14:56.000000000 +0200
-+++ neon-0.29.6/macros/neon.m4	2013-02-25 09:25:30.373456383 +0100
-@@ -982,12 +982,13 @@ gnutls)
-    # Check for functions in later releases
-    NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \
-                   gnutls_sign_callback_set \
-+                  gnutls_certificate_get_issuer \
-                   gnutls_certificate_get_x509_cas \
-                  gnutls_certificate_verify_peers2])
-+                  gnutls_x509_crt_sign2])
- 
-   # fail if gnutls_certificate_verify_peers2 is not found
-   if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then
-       AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required])
-+   # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required)
-+   if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then
-+       AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)])
-    fi
-                   
-    # Check for iconv support if using the new RDN access functions:
-diff -up neon-0.29.6/src/ne_gnutls.c.gnutls3 neon-0.29.6/src/ne_gnutls.c
--- neon-0.29.6/src/ne_gnutls.c.gnutls3	2011-05-03 14:07:08.000000000 +0200
-+++ neon-0.29.6/src/ne_gnutls.c	2013-02-25 09:25:30.375456392 +0100
-@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s {
- };
- 
- struct ne_ssl_client_cert_s {
-    gnutls_pkcs12 p12;
-+    gnutls_pkcs12_t p12;
-     int decrypted; /* non-zero if successfully decrypted. */
-     int keyless;
-     ne_ssl_certificate cert;
-@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_conte
-     ne_free(ctx);
- }
- 
-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
-+#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
- /* Return the issuer of the given certificate, or NULL if none can be
-  * found. */
- static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list,
-@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_ch
-         }
-     }
- 
-#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
-+#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS)
-     /* GnuTLS only returns the peers which were *sent* by the server
-      * in the Certificate list during the handshake.  Fill in the
-      * complete chain manually against the certs we trust: */
-     if (current->issuer == NULL) {
-         gnutls_x509_crt issuer;
-+
-+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
-         gnutls_x509_crt *ca_list;
-         unsigned int num_cas;
-         
-         gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas);
-+#endif
- 
-         do { 
-             /* Look up the issuer. */
-+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER
-             issuer = find_issuer(ca_list, num_cas, current->subject);
-+#else
-+            if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0))
-+                issuer = NULL;
-+#endif
-+
-             if (issuer) {
-                 issuer = x509_crt_copy(issuer);
-                 cert = populate_cert(ne_calloc(sizeof *cert), issuer);
-@@ -1032,11 +1041,11 @@ static int read_to_datum(const char *fil
- /* Parses a PKCS#12 structure and loads the certificate, private key
-  * and friendly name if possible.  Returns zero on success, non-zero
-  * on error. */
-static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
-+static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey,
-                         gnutls_x509_crt *x5, char **friendly_name,
-                         const char *password)
- {
-    gnutls_pkcs12_bag bag = NULL;
-+    gnutls_pkcs12_bag_t bag = NULL;
-     int i, j, ret = 0;
- 
-     for (i = 0; ret == 0; ++i) {
-@@ -1051,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p1
-         gnutls_pkcs12_bag_decrypt(bag, password);
- 
-         for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) {
-            gnutls_pkcs12_bag_type type;
-+            gnutls_pkcs12_bag_type_t type;
-             gnutls_datum data;
- 
-             if (friendly_name && *friendly_name == NULL) {
-@@ -1121,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read(
- {
-     int ret;
-     gnutls_datum data;
-    gnutls_pkcs12 p12;
-+    gnutls_pkcs12_t p12;
-     ne_ssl_client_cert *cc;
-     char *friendly_name = NULL;
-     gnutls_x509_crt cert = NULL;
-diff -up neon-0.29.6/src/ne_socket.c.gnutls3 neon-0.29.6/src/ne_socket.c
--- neon-0.29.6/src/ne_socket.c.gnutls3	2010-10-09 18:07:17.000000000 +0200
-+++ neon-0.29.6/src/ne_socket.c	2013-02-25 09:25:30.376456395 +0100
-@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *s
-                     _("SSL alert received: %s"),
-                     gnutls_alert_get_name(gnutls_alert_get(sock->ssl)));
-         break;
-+#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99)
-+    case GNUTLS_E_PREMATURE_TERMINATION:
-+#else
-     case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
-        /* It's not exactly an API guarantee but this error will
-         * always mean a premature EOF. */
-+#endif
-         ret = NE_SOCK_TRUNC;
-         set_error(sock, _("Secure connection truncated"));
-         break;
-@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock,
-         NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n");
-     }
- #elif defined(HAVE_GNUTLS)
-+    unsigned int verify_status;
-+
-     gnutls_init(&ssl, GNUTLS_SERVER);
-     gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred);
-     gnutls_set_default_priority(ssl);
-@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock,
-     if (ret < 0) {
-         return error_gnutls(sock, ret);
-     }
-    if (ctx->verify && gnutls_certificate_verify_peers(ssl)) {
-+    if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) {
-         set_error(sock, _("Client certificate verification failed"));
-         return NE_SOCK_ERROR;
-     }
--- a/neon-0.29.6-md5alias.patch
+++ b/neon-0.29.6-md5alias.patch
@ -1,31 +0,0 @@
-
-Upstream r1896.
-
--- neon-0.29.6/src/ne_md5.c.md5alias
-+++ neon-0.29.6/src/ne_md5.c
-@@ -139,6 +139,7 @@ md5_finish_ctx (struct md5_ctx *ctx, voi
- {
-   /* Take yet unprocessed bytes into account.  */
-   md5_uint32 bytes = ctx->buflen;
-+  md5_uint32 swap_bytes;
-   size_t pad;
- 
-   /* Now count remaining bytes.  */
-@@ -149,10 +150,13 @@ md5_finish_ctx (struct md5_ctx *ctx, voi
-   pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
-   memcpy (&ctx->buffer[bytes], fillbuf, pad);
- 
-  /* Put the 64-bit file length in *bits* at the end of the buffer.  */
-  *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3);
-  *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) |
-							(ctx->total[0] >> 29));
-+  /* Put the 64-bit file length in *bits* at the end of the buffer.
-+     Use memcpy to avoid aliasing problems.  On most systems, this
-+     will be optimized away to the same code.  */
-+  swap_bytes = SWAP (ctx->total[0] << 3);
-+  memcpy (&ctx->buffer[bytes + pad], &swap_bytes, sizeof (swap_bytes));
-+  swap_bytes = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
-+  memcpy (&ctx->buffer[bytes + pad + 4], &swap_bytes, sizeof (swap_bytes));
- 
-   /* Process last bytes.  */
-   md5_process_block (ctx->buffer, bytes + pad + 8, ctx);
--- a/neon.spec
+++ b/neon.spec
@ -1,14 +1,12 @@
 Summary: An HTTP and WebDAV client library
 Name: neon
-Version: 0.29.6
-Release: 6%{?dist}
+Version: 0.30.0
+Release: 1%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 URL: http://www.webdav.org/neon/
 Source0: http://www.webdav.org/neon/neon-%{version}.tar.gz
 Patch0: neon-0.27.0-multilib.patch
-Patch1: neon-0.29.6-gnutls3.patch
-Patch2: neon-0.29.6-md5alias.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: expat-devel, gnutls-devel, zlib-devel, krb5-devel, libproxy-devel
 BuildRequires: pkgconfig, pakchois-devel
@ -35,8 +33,6 @@ The development library for the C language HTTP and WebDAV client library.
 %prep
 %setup -q
 %patch0 -p1 -b .multilib
-%patch1 -p1 -b .gnutls3
-%patch2 -p1 -b .md5alias

 %build
 export CC="%{__cc} -pthread"
@ -80,6 +76,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*.so

 %changelog
+* Wed Jul 31 2013 Joe Orton <jorton@redhat.com> - 0.30.0-1
+- update to 0.30.0 (#983563, #926212)
+
 * Mon Mar 18 2013 Joe Orton <jorton@redhat.com> - 0.29.6-6
 - fix strict-aliasing warning (upstream r1896)