From b5589e3c47c468c58ad5835db05ae85568712008 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Wed, 31 Jul 2013 17:37:18 +0100 Subject: [PATCH] update to 0.30.0 (#983563, #926212) Resolves: rhbz#983563 Resolves: rhbz#926212 --- neon-0.28.2-nocomp.patch | 19 ----- neon-0.29.6-gnutls3.patch | 140 ------------------------------------- neon-0.29.6-md5alias.patch | 31 -------- neon.spec | 11 ++- 4 files changed, 5 insertions(+), 196 deletions(-) delete mode 100644 neon-0.28.2-nocomp.patch delete mode 100644 neon-0.29.6-gnutls3.patch delete mode 100644 neon-0.29.6-md5alias.patch diff --git a/neon-0.28.2-nocomp.patch b/neon-0.28.2-nocomp.patch deleted file mode 100644 index 207c465..0000000 --- a/neon-0.28.2-nocomp.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- neon-0.28.2/src/ne_openssl.c.nocomp -+++ neon-0.28.2/src/ne_openssl.c -@@ -1,6 +1,6 @@ - /* - neon SSL/TLS support using OpenSSL -- Copyright (C) 2002-2007, Joe Orton -+ Copyright (C) 2002-2008, Joe Orton - Portions are: - Copyright (C) 1999-2000 Tommi Komulainen - -@@ -545,7 +545,7 @@ ne_ssl_context *ne_ssl_context_create(in - /* set client cert callback. */ - SSL_CTX_set_client_cert_cb(ctx->ctx, provide_client_cert); - /* enable workarounds for buggy SSL server implementations */ -- SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL); -+ SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL | SSL_OP_NO_COMP); - } else if (mode == NE_SSL_CTX_SERVER) { - ctx->ctx = SSL_CTX_new(SSLv23_server_method()); - SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT); diff --git a/neon-0.29.6-gnutls3.patch b/neon-0.29.6-gnutls3.patch deleted file mode 100644 index 5927f9b..0000000 --- a/neon-0.29.6-gnutls3.patch +++ /dev/null @@ -1,140 +0,0 @@ -diff -up neon-0.29.6/macros/neon.m4.gnutls3 neon-0.29.6/macros/neon.m4 ---- neon-0.29.6/macros/neon.m4.gnutls3 2011-05-03 14:14:56.000000000 +0200 -+++ neon-0.29.6/macros/neon.m4 2013-02-25 09:25:30.373456383 +0100 -@@ -982,12 +982,13 @@ gnutls) - # Check for functions in later releases - NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ - gnutls_sign_callback_set \ -+ gnutls_certificate_get_issuer \ - gnutls_certificate_get_x509_cas \ -- gnutls_certificate_verify_peers2]) -+ gnutls_x509_crt_sign2]) - -- # fail if gnutls_certificate_verify_peers2 is not found -- if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then -- AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required]) -+ # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required) -+ if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then -+ AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)]) - fi - - # Check for iconv support if using the new RDN access functions: -diff -up neon-0.29.6/src/ne_gnutls.c.gnutls3 neon-0.29.6/src/ne_gnutls.c ---- neon-0.29.6/src/ne_gnutls.c.gnutls3 2011-05-03 14:07:08.000000000 +0200 -+++ neon-0.29.6/src/ne_gnutls.c 2013-02-25 09:25:30.375456392 +0100 -@@ -83,7 +83,7 @@ struct ne_ssl_certificate_s { - }; - - struct ne_ssl_client_cert_s { -- gnutls_pkcs12 p12; -+ gnutls_pkcs12_t p12; - int decrypted; /* non-zero if successfully decrypted. */ - int keyless; - ne_ssl_certificate cert; -@@ -692,7 +692,7 @@ void ne_ssl_context_destroy(ne_ssl_conte - ne_free(ctx); - } - --#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS -+#if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) - /* Return the issuer of the given certificate, or NULL if none can be - * found. */ - static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, -@@ -747,20 +747,29 @@ static ne_ssl_certificate *make_peers_ch - } - } - --#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS -+#if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) - /* GnuTLS only returns the peers which were *sent* by the server - * in the Certificate list during the handshake. Fill in the - * complete chain manually against the certs we trust: */ - if (current->issuer == NULL) { - gnutls_x509_crt issuer; -+ -+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER - gnutls_x509_crt *ca_list; - unsigned int num_cas; - - gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); -+#endif - - do { - /* Look up the issuer. */ -+#ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER - issuer = find_issuer(ca_list, num_cas, current->subject); -+#else -+ if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0)) -+ issuer = NULL; -+#endif -+ - if (issuer) { - issuer = x509_crt_copy(issuer); - cert = populate_cert(ne_calloc(sizeof *cert), issuer); -@@ -1032,11 +1041,11 @@ static int read_to_datum(const char *fil - /* Parses a PKCS#12 structure and loads the certificate, private key - * and friendly name if possible. Returns zero on success, non-zero - * on error. */ --static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, -+static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey *pkey, - gnutls_x509_crt *x5, char **friendly_name, - const char *password) - { -- gnutls_pkcs12_bag bag = NULL; -+ gnutls_pkcs12_bag_t bag = NULL; - int i, j, ret = 0; - - for (i = 0; ret == 0; ++i) { -@@ -1051,7 +1060,7 @@ static int pkcs12_parse(gnutls_pkcs12 p1 - gnutls_pkcs12_bag_decrypt(bag, password); - - for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { -- gnutls_pkcs12_bag_type type; -+ gnutls_pkcs12_bag_type_t type; - gnutls_datum data; - - if (friendly_name && *friendly_name == NULL) { -@@ -1121,7 +1130,7 @@ ne_ssl_client_cert *ne_ssl_clicert_read( - { - int ret; - gnutls_datum data; -- gnutls_pkcs12 p12; -+ gnutls_pkcs12_t p12; - ne_ssl_client_cert *cc; - char *friendly_name = NULL; - gnutls_x509_crt cert = NULL; -diff -up neon-0.29.6/src/ne_socket.c.gnutls3 neon-0.29.6/src/ne_socket.c ---- neon-0.29.6/src/ne_socket.c.gnutls3 2010-10-09 18:07:17.000000000 +0200 -+++ neon-0.29.6/src/ne_socket.c 2013-02-25 09:25:30.376456395 +0100 -@@ -721,9 +721,11 @@ static ssize_t error_gnutls(ne_socket *s - _("SSL alert received: %s"), - gnutls_alert_get_name(gnutls_alert_get(sock->ssl))); - break; -+#if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99) -+ case GNUTLS_E_PREMATURE_TERMINATION: -+#else - case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: -- /* It's not exactly an API guarantee but this error will -- * always mean a premature EOF. */ -+#endif - ret = NE_SOCK_TRUNC; - set_error(sock, _("Secure connection truncated")); - break; -@@ -1678,6 +1680,8 @@ int ne_sock_accept_ssl(ne_socket *sock, - NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); - } - #elif defined(HAVE_GNUTLS) -+ unsigned int verify_status; -+ - gnutls_init(&ssl, GNUTLS_SERVER); - gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); - gnutls_set_default_priority(ssl); -@@ -1697,7 +1701,7 @@ int ne_sock_accept_ssl(ne_socket *sock, - if (ret < 0) { - return error_gnutls(sock, ret); - } -- if (ctx->verify && gnutls_certificate_verify_peers(ssl)) { -+ if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { - set_error(sock, _("Client certificate verification failed")); - return NE_SOCK_ERROR; - } diff --git a/neon-0.29.6-md5alias.patch b/neon-0.29.6-md5alias.patch deleted file mode 100644 index 6febacf..0000000 --- a/neon-0.29.6-md5alias.patch +++ /dev/null @@ -1,31 +0,0 @@ - -Upstream r1896. - ---- neon-0.29.6/src/ne_md5.c.md5alias -+++ neon-0.29.6/src/ne_md5.c -@@ -139,6 +139,7 @@ md5_finish_ctx (struct md5_ctx *ctx, voi - { - /* Take yet unprocessed bytes into account. */ - md5_uint32 bytes = ctx->buflen; -+ md5_uint32 swap_bytes; - size_t pad; - - /* Now count remaining bytes. */ -@@ -149,10 +150,13 @@ md5_finish_ctx (struct md5_ctx *ctx, voi - pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; - memcpy (&ctx->buffer[bytes], fillbuf, pad); - -- /* Put the 64-bit file length in *bits* at the end of the buffer. */ -- *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3); -- *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) | -- (ctx->total[0] >> 29)); -+ /* Put the 64-bit file length in *bits* at the end of the buffer. -+ Use memcpy to avoid aliasing problems. On most systems, this -+ will be optimized away to the same code. */ -+ swap_bytes = SWAP (ctx->total[0] << 3); -+ memcpy (&ctx->buffer[bytes + pad], &swap_bytes, sizeof (swap_bytes)); -+ swap_bytes = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)); -+ memcpy (&ctx->buffer[bytes + pad + 4], &swap_bytes, sizeof (swap_bytes)); - - /* Process last bytes. */ - md5_process_block (ctx->buffer, bytes + pad + 8, ctx); diff --git a/neon.spec b/neon.spec index 9ee68a5..a296329 100644 --- a/neon.spec +++ b/neon.spec @@ -1,14 +1,12 @@ Summary: An HTTP and WebDAV client library Name: neon -Version: 0.29.6 -Release: 6%{?dist} +Version: 0.30.0 +Release: 1%{?dist} License: LGPLv2+ Group: System Environment/Libraries URL: http://www.webdav.org/neon/ Source0: http://www.webdav.org/neon/neon-%{version}.tar.gz Patch0: neon-0.27.0-multilib.patch -Patch1: neon-0.29.6-gnutls3.patch -Patch2: neon-0.29.6-md5alias.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: expat-devel, gnutls-devel, zlib-devel, krb5-devel, libproxy-devel BuildRequires: pkgconfig, pakchois-devel @@ -35,8 +33,6 @@ The development library for the C language HTTP and WebDAV client library. %prep %setup -q %patch0 -p1 -b .multilib -%patch1 -p1 -b .gnutls3 -%patch2 -p1 -b .md5alias %build export CC="%{__cc} -pthread" @@ -80,6 +76,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/*.so %changelog +* Wed Jul 31 2013 Joe Orton - 0.30.0-1 +- update to 0.30.0 (#983563, #926212) + * Mon Mar 18 2013 Joe Orton - 0.29.6-6 - fix strict-aliasing warning (upstream r1896)