[Gpg4win-commits] [git] Gpg4win - branch, gpg4win-2, updated. gpg4win-2.3.3-6-gb07ecc9
by Andre Heinecke
cvs at cvs.gnupg.org
Thu Jul 6 10:57:04 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG for Windows".
The branch, gpg4win-2 has been updated
via b07ecc99ba99d4c723b50e7a3bdca3905dbe23a0 (commit)
from bc7c1fcf6aeaa201749e063071829b3d42db20e7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b07ecc99ba99d4c723b50e7a3bdca3905dbe23a0
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Thu Jul 6 10:52:02 2017 +0200
Remove most gnutls patches after the update
* patches/gnutls-2.12.24/02-cve-2013-2116.patch,
patches/gnutls-2.12.24/03-cve-2014-1959.patch,
patches/gnutls-2.12.24/04-cve-2014-0092.patch,
patches/gnutls-2.12.24/05-cve-2014-3466.patch,
patches/gnutls-2.12.24/06-cve-2015-0282.patch,
patches/gnutls-2.12.24/07-cve-2015-0294.patch,
patches/gnutls-2.12.24/25_updatedgdocfrommaster.patch,
patches/gnutls-2.12.24/fix-gcrypt-private-api-usage.patch: Removed.
--
These issues have been addressed in the 2.12.24 release.
diff --git a/Makefile.am b/Makefile.am
index 7482a24..3e5c4bc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -37,15 +37,7 @@ EXTRA_DIST = autogen.sh README.GIT ONEWS \
patches/gnupg2/01-version.patch \
patches/gnupg2/01-version.patch.in \
patches/gnutls-2.12.24/01-openssl-wincrypt.patch \
- patches/gnutls-2.12.24/02-cve-2013-2116.patch \
- patches/gnutls-2.12.24/03-cve-2014-1959.patch \
- patches/gnutls-2.12.24/04-cve-2014-0092.patch \
- patches/gnutls-2.12.24/05-cve-2014-3466.patch \
- patches/gnutls-2.12.24/06-cve-2015-0282.patch \
- patches/gnutls-2.12.24/07-cve-2015-0294.patch \
- patches/gnutls-2.12.24/fix-gcrypt-private-api-usage.patch \
patches/gnutls-2.12.24/gnulib-mingw-w64-fix.patch \
- patches/gnutls-2.12.24/25_updatedgdocfrommaster.patch \
patches/libtasn1-2.14/gnulib-mingw-w64-fix.patch \
patches/w32pth-2.0.5/workaround-broken-libtool.patch \
patches/scute-1.4.0/workaround-broken-libtool.patch \
diff --git a/patches/gnutls-2.12.24/02-cve-2013-2116.patch b/patches/gnutls-2.12.24/02-cve-2013-2116.patch
deleted file mode 100755
index 432f2ac..0000000
--- a/patches/gnutls-2.12.24/02-cve-2013-2116.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
-Date: Thu, 23 May 2013 09:54:37 +0200
-Subject: [PATCH 3/3] re-applied sanity check patch
-
----
- lib/gnutls_cipher.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
-index 2835121..71f5a98 100644
---- a/lib/gnutls_cipher.c
-+++ b/lib/gnutls_cipher.c
-@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
- return GNUTLS_E_DECRYPTION_FAILED;
- }
- pad = ciphertext.data[ciphertext.size - 1]; /* pad */
-+ if (pad+1 > ciphertext.size-hash_size)
-+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
-
- /* Check the pading bytes (TLS 1.x).
- * Note that we access all 256 bytes of ciphertext for padding check
---
-1.7.10.4
diff --git a/patches/gnutls-2.12.24/03-cve-2014-1959.patch b/patches/gnutls-2.12.24/03-cve-2014-1959.patch
deleted file mode 100755
index cb2e6e2..0000000
--- a/patches/gnutls-2.12.24/03-cve-2014-1959.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-From b1abfe3d182d68539900092eb42fc62cf1bb7e7c Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav at redhat.com>
-Date: Wed, 12 Feb 2014 16:11:58 +0100
-Subject: [PATCH] Fix bug that prevented the rejection of v1 intermediate CA
- certificates.
-
-Reported by Suman Jana.
-
-
-Description: fix rejection of v1 intermediate CA
- Fix bug that prevented the rejection of v1 intermediate CA
- certificates.
- Reported by Suman Jana.
- This is b1abfe3d182d68539900092eb42fc62cf1bb7e7c from upstream git,
- unfuzzed for 2.12.x by Andreas Metzler.
-Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
-Origin: upstream
-Bug: http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
-Forwarded: not-needed
-Last-Update: 2014-02-15
-
---- gnutls26-2.12.23.orig/lib/x509/verify.c
-+++ gnutls26-2.12.23/lib/x509/verify.c
-@@ -644,8 +644,10 @@ _gnutls_x509_verify_certificate (const g
- /* note that here we disable this V1 CA flag. So that no version 1
- * certificates can exist in a supplied chain.
- */
-- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
-+ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
- flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
-+ flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
-+ }
- if ((ret =
- _gnutls_verify_certificate2 (certificate_list[i - 1],
- &certificate_list[i], 1, flags,
diff --git a/patches/gnutls-2.12.24/04-cve-2014-0092.patch b/patches/gnutls-2.12.24/04-cve-2014-0092.patch
deleted file mode 100755
index e0bd8ee..0000000
--- a/patches/gnutls-2.12.24/04-cve-2014-0092.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
-Date: Thu, 27 Feb 2014 19:42:26 +0100
-Subject: [PATCH] corrected return codes
-
----
- lib/x509/verify.c | 16 ++++++++++------
- 1 files changed, 10 insertions(+), 6 deletions(-)
-
-diff --git a/lib/x509/verify.c b/lib/x509/verify.c
-index c9a6b0d..eef85a8 100644
---- a/lib/x509/verify.c
-+++ b/lib/x509/verify.c
-@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- if (result < 0)
- {
- gnutls_assert ();
-- goto cleanup;
-+ goto fail;
- }
-
- result =
-@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- if (result < 0)
- {
- gnutls_assert ();
-- goto cleanup;
-+ goto fail;
- }
-
- result =
-@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- if (result < 0)
- {
- gnutls_assert ();
-- goto cleanup;
-+ goto fail;
- }
-
- result =
-@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- if (result < 0)
- {
- gnutls_assert ();
-- goto cleanup;
-+ goto fail;
- }
-
- /* If the subject certificate is the same as the issuer
-@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
- else
- gnutls_assert ();
-
-+fail:
- result = 0;
-
- cleanup:
-@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- gnutls_datum_t cert_signed_data = { NULL, 0 };
- gnutls_datum_t cert_signature = { NULL, 0 };
- gnutls_x509_crt_t issuer = NULL;
-- int issuer_version, result;
-+ int issuer_version, result = 0;
-
- if (output)
- *output = 0;
-@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- if (issuer_version < 0)
- {
- gnutls_assert ();
-- return issuer_version;
-+ return 0;
- }
-
- if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
-@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- if (result < 0)
- {
- gnutls_assert ();
-+ result = 0;
- goto cleanup;
- }
-
-@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- if (result < 0)
- {
- gnutls_assert ();
-+ result = 0;
- goto cleanup;
- }
-
-@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
- else if (result < 0)
- {
- gnutls_assert();
-+ result = 0;
- goto cleanup;
- }
-
---
-1.7.1
diff --git a/patches/gnutls-2.12.24/05-cve-2014-3466.patch b/patches/gnutls-2.12.24/05-cve-2014-3466.patch
deleted file mode 100755
index 58af165..0000000
--- a/patches/gnutls-2.12.24/05-cve-2014-3466.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-From 89238044ade02c4d80e334ab74056ef28599663d Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
-Date: Fri, 23 May 2014 19:53:03 +0200
-Subject: [PATCH] Prevent memory corruption due to server hello parsing.
-
-Issue discovered by Joonas Kuorilehto of Codenomicon.
----
- lib/gnutls_handshake.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
-index e4a63e4..e652528 100644
---- a/lib/gnutls_handshake.c
-+++ b/lib/gnutls_handshake.c
-@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
- DECR_LEN (len, 1);
- session_id_len = data[pos++];
-
-- if (len < session_id_len)
-+ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
- {
- gnutls_assert ();
- return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
---
-1.7.1
diff --git a/patches/gnutls-2.12.24/06-cve-2015-0282.patch b/patches/gnutls-2.12.24/06-cve-2015-0282.patch
deleted file mode 100755
index a12dd6a..0000000
--- a/patches/gnutls-2.12.24/06-cve-2015-0282.patch
+++ /dev/null
@@ -1,484 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-From d326f81daed5a1a06476d66a81584f8c7b71141d Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav at redhat.com>
-Date: Mon, 23 Feb 2015 10:03:47 +0100
-Subject: [PATCH] Added fix for GNUTLS-SA-2015-1
-
----
- lib/gnutls_algorithms.c | 8 ++++++++
- lib/gnutls_algorithms.h | 1 +
- lib/gnutls_pubkey.c | 4 ++--
- lib/gnutls_sig.c | 14 ++++++++------
- lib/x509/common.h | 2 +-
- lib/x509/crq.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
- lib/x509/privkey.c | 3 ++-
- lib/x509/verify.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------
- lib/x509/x509.c | 4 ++--
- lib/x509/x509_int.h | 7 ++++---
- 10 files changed, 127 insertions(+), 42 deletions(-)
-
-Index: gnutls26-2.12.23/lib/gnutls_algorithms.c
-===================================================================
---- gnutls26-2.12.23.orig/lib/gnutls_algorithms.c 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/gnutls_algorithms.c 2015-03-20 09:07:52.579827744 -0400
-@@ -2056,6 +2056,14 @@
- return ret;
- }
-
-+int
-+_gnutls_sign_get_hash (gnutls_sign_algorithm_t algorithm)
-+{
-+ GNUTLS_SIGN_LOOP (if (p->id == algorithm) return p->mac);
-+
-+ return GNUTLS_MAC_UNKNOWN;
-+}
-+
- gnutls_sign_algorithm_t
- _gnutls_x509_oid2sign_algorithm (const char *oid)
- {
-Index: gnutls26-2.12.23/lib/gnutls_algorithms.h
-===================================================================
---- gnutls26-2.12.23.orig/lib/gnutls_algorithms.h 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/gnutls_algorithms.h 2015-03-20 09:07:52.583827801 -0400
-@@ -105,6 +105,7 @@
- enum encipher_type _gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm);
-
- /* Functions for sign algorithms. */
-+int _gnutls_sign_get_hash (gnutls_sign_algorithm_t algorithm);
- gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
- gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk,
- gnutls_mac_algorithm_t mac);
-Index: gnutls26-2.12.23/lib/gnutls_pubkey.c
-===================================================================
---- gnutls26-2.12.23.orig/lib/gnutls_pubkey.c 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/gnutls_pubkey.c 2015-03-20 09:07:52.583827801 -0400
-@@ -1048,7 +1048,7 @@
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-- ret = pubkey_verify_sig( data, NULL, signature, pubkey->pk_algorithm,
-+ ret = pubkey_verify_sig(GNUTLS_MAC_UNKNOWN, data, NULL, signature, pubkey->pk_algorithm,
- pubkey->params, pubkey->params_size);
- if (ret < 0)
- {
-@@ -1086,7 +1086,7 @@
- }
-
- ret =
-- pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm,
-+ pubkey_verify_sig (GNUTLS_MAC_UNKNOWN, NULL, hash, signature, key->pk_algorithm,
- key->params, key->params_size);
-
- return ret;
-Index: gnutls26-2.12.23/lib/gnutls_sig.c
-===================================================================
---- gnutls26-2.12.23.orig/lib/gnutls_sig.c 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/gnutls_sig.c 2015-03-20 09:07:52.583827801 -0400
-@@ -273,7 +273,8 @@
- verify_tls_hash (gnutls_session_t session, gnutls_protocol_t ver, gnutls_cert * cert,
- const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature, size_t sha1pos,
-- gnutls_pk_algorithm_t pk_algo)
-+ gnutls_pk_algorithm_t pk_algo,
-+ int hashalg)
- {
- int ret;
- gnutls_datum_t vdata;
-@@ -309,7 +310,7 @@
- ret = _gnutls_rsa_verify (&vdata, signature, cert->params,
- cert->params_size, 1);
- else
-- ret = pubkey_verify_sig( NULL, &vdata, signature, pk_algo,
-+ ret = pubkey_verify_sig(hashalg, NULL, &vdata, signature, pk_algo,
- cert->params, cert->params_size);
-
- if (ret < 0)
-@@ -324,7 +325,7 @@
- vdata.data = &hash_concat->data[sha1pos];
- vdata.size = hash_concat->size - sha1pos;
-
-- ret = pubkey_verify_sig( NULL, &vdata, signature, pk_algo,
-+ ret = pubkey_verify_sig(hashalg, NULL, &vdata, signature, pk_algo,
- cert->params, cert->params_size);
- /* verify signature */
- if (ret < 0)
-@@ -428,7 +429,8 @@
- ret = verify_tls_hash (session, ver, cert, &dconcat, signature,
- dconcat.size -
- _gnutls_hash_get_algo_len (hash_algo),
-- _gnutls_sign_get_pk_algorithm (algo));
-+ _gnutls_sign_get_pk_algorithm (algo),
-+ hash_algo);
- if (ret < 0)
- {
- gnutls_assert ();
-@@ -491,7 +493,7 @@
-
- ret =
- verify_tls_hash (session, ver, cert, &dconcat, signature, 0,
-- cert->subject_pk_algorithm);
-+ cert->subject_pk_algorithm, hash_algo);
- if (ret < 0)
- {
- gnutls_assert ();
-@@ -582,7 +584,7 @@
-
- ret =
- verify_tls_hash (session, ver, cert, &dconcat, signature, 16,
-- cert->subject_pk_algorithm);
-+ cert->subject_pk_algorithm, GNUTLS_MAC_UNKNOWN);
- if (ret < 0)
- {
- gnutls_assert ();
-Index: gnutls26-2.12.23/lib/x509/common.h
-===================================================================
---- gnutls26-2.12.23.orig/lib/x509/common.h 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/x509/common.h 2015-03-20 09:07:52.583827801 -0400
-@@ -151,7 +151,7 @@
- void _asnstr_append_name (char *name, size_t name_size, const char *part1,
- const char *part2);
-
--int pubkey_verify_sig (const gnutls_datum_t * tbs,
-+int pubkey_verify_sig (int hashalg, const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
-Index: gnutls26-2.12.23/lib/x509/crq.c
-===================================================================
---- gnutls26-2.12.23.orig/lib/x509/crq.c 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/x509/crq.c 2015-03-20 09:07:52.583827801 -0400
-@@ -2540,6 +2540,7 @@
- gnutls_datum signature = { NULL, 0 };
- bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
- int ret, params_size = 0, i;
-+int hashalg, sigalg;
-
- ret =
- _gnutls_x509_get_signed_data (crq->crq, "certificationRequestInfo", &data);
-@@ -2565,7 +2566,10 @@
- goto cleanup;
- }
-
-- ret = pubkey_verify_sig(&data, NULL, &signature,
-+ sigalg = gnutls_x509_crq_get_signature_algorithm (crq);
-+ hashalg = _gnutls_sign_get_hash(sigalg);
-+
-+ ret = pubkey_verify_sig(hashalg, &data, NULL, &signature,
- gnutls_x509_crq_get_pk_algorithm (crq, NULL),
- params, params_size);
- if (ret < 0)
-@@ -2588,5 +2592,48 @@
- return ret;
- }
-
-+/**
-+ * gnutls_x509_crq_get_signature_algorithm:
-+ * @crl: should contain a #gnutls_x509_crl_t structure
-+ *
-+ * This function will return a value of the #gnutls_sign_algorithm_t
-+ * enumeration that is the signature algorithm.
-+ *
-+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
-+ * negative error value.
-+ **/
-+int
-+gnutls_x509_crq_get_signature_algorithm (gnutls_x509_crq_t crq)
-+{
-+ int result;
-+ gnutls_datum_t sa;
-+
-+ if (crq == NULL)
-+ {
-+ gnutls_assert ();
-+ return GNUTLS_E_INVALID_REQUEST;
-+ }
-+
-+ /* Read the signature algorithm. Note that parameters are not
-+ * read. They will be read from the issuer's certificate if needed.
-+ */
-+
-+ result =
-+ _gnutls_x509_read_value (crq->crq, "signatureAlgorithm.algorithm",
-+ &sa, 0);
-+
-+ if (result < 0)
-+ {
-+ gnutls_assert ();
-+ return result;
-+ }
-+
-+ result = _gnutls_x509_oid2sign_algorithm ((const char *) sa.data);
-+
-+ _gnutls_free_datum (&sa);
-+
-+ return result;
-+}
-+
- #endif /* ENABLE_PKI */
-
-Index: gnutls26-2.12.23/lib/x509/privkey.c
-===================================================================
---- gnutls26-2.12.23.orig/lib/x509/privkey.c 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/x509/privkey.c 2015-03-20 09:07:52.583827801 -0400
-@@ -1828,7 +1828,8 @@
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-- result = _gnutls_x509_privkey_verify_signature (data, signature, key);
-+ result = _gnutls_x509_privkey_verify_signature (GNUTLS_MAC_UNKNOWN, data, signature, key);
-+
- if (result < 0)
- {
- gnutls_assert ();
-Index: gnutls26-2.12.23/lib/x509/verify.c
-===================================================================
---- gnutls26-2.12.23.orig/lib/x509/verify.c 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/x509/verify.c 2015-03-20 09:07:52.587827857 -0400
-@@ -332,6 +332,7 @@
- gnutls_datum_t cert_signature = { NULL, 0 };
- gnutls_x509_crt_t issuer = NULL;
- int issuer_version, result = 0;
-+ int sigalg, hashalg;
-
- if (output)
- *output = 0;
-@@ -399,8 +400,18 @@
- goto cleanup;
- }
-
-+ sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
-+ hashalg = _gnutls_sign_get_hash(sigalg);
-+
-+ if (hashalg == GNUTLS_MAC_UNKNOWN)
-+ {
-+ gnutls_assert();
-+ result = 0;
-+ goto cleanup;
-+ }
-+
- result =
-- _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
-+ _gnutls_x509_verify_signature (hashalg, &cert_signed_data, NULL, &cert_signature,
- issuer);
- if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
- {
-@@ -423,10 +434,6 @@
- */
- if (is_issuer (cert, cert) == 0)
- {
-- int sigalg;
--
-- sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
--
- if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
- ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
-@@ -749,12 +756,12 @@
- * params[1] is public key
- */
- static int
--_pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
-- const gnutls_datum_t * prehash,
-- const gnutls_datum_t * signature, bigint_t * params,
-- int params_len)
-+_pkcs1_rsa_verify_sig (gnutls_mac_algorithm_t hash, const gnutls_datum_t * text,
-+ const gnutls_datum_t * prehash,
-+ const gnutls_datum_t * signature, bigint_t * params,
-+ int params_len)
- {
-- gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
-+ gnutls_mac_algorithm_t phash = GNUTLS_MAC_UNKNOWN;
- int ret;
- opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE], *cmp;
- int digest_size;
-@@ -774,7 +781,7 @@
-
- digest_size = sizeof (digest);
- if ((ret =
-- decode_ber_digest_info (&decrypted, &hash, digest, &digest_size)) != 0)
-+ decode_ber_digest_info (&decrypted, &phash, digest, &digest_size)) != 0)
- {
- gnutls_assert ();
- _gnutls_free_datum (&decrypted);
-@@ -783,6 +790,15 @@
-
- _gnutls_free_datum (&decrypted);
-
-+ if (hash != GNUTLS_MAC_UNKNOWN && hash != phash)
-+ {
-+ gnutls_assert();
-+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
-+ }
-+ else
-+ hash = phash;
-+
-+
- if (digest_size != _gnutls_hash_get_algo_len (hash))
- {
- gnutls_assert ();
-@@ -878,11 +894,11 @@
- * not verified, or 1 otherwise.
- */
- int
--pubkey_verify_sig (const gnutls_datum_t * tbs,
-- const gnutls_datum_t * hash,
-- const gnutls_datum_t * signature,
-- gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
-- int issuer_params_size)
-+pubkey_verify_sig (int hashalg, const gnutls_datum_t * tbs,
-+ const gnutls_datum_t * hash,
-+ const gnutls_datum_t * signature,
-+ gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
-+ int issuer_params_size)
- {
-
- switch (pk)
-@@ -890,7 +906,7 @@
- case GNUTLS_PK_RSA:
-
- if (_pkcs1_rsa_verify_sig
-- (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
-+ (hashalg, tbs, hash, signature, issuer_params, issuer_params_size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
-@@ -1021,7 +1037,7 @@
- * 'signature' is the signature!
- */
- int
--_gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
-+_gnutls_x509_verify_signature (int hashalg, const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_x509_crt_t issuer)
-@@ -1041,7 +1057,7 @@
- }
-
- ret =
-- pubkey_verify_sig (tbs, hash, signature,
-+ pubkey_verify_sig (hashalg, tbs, hash, signature,
- gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
- issuer_params, issuer_params_size);
- if (ret < 0)
-@@ -1066,13 +1082,13 @@
- * 'signature' is the signature!
- */
- int
--_gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
-+_gnutls_x509_privkey_verify_signature (int hashalg, const gnutls_datum_t * tbs,
- const gnutls_datum_t * signature,
- gnutls_x509_privkey_t issuer)
- {
- int ret;
-
-- ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm,
-+ ret = pubkey_verify_sig (hashalg, tbs, NULL, signature, issuer->pk_algorithm,
- issuer->params, issuer->params_size);
- if (ret < 0)
- {
-@@ -1293,6 +1309,7 @@
- gnutls_datum_t crl_signature = { NULL, 0 };
- gnutls_x509_crt_t issuer;
- int result;
-+ int sigalg, hashalg;
-
- if (output)
- *output = 0;
-@@ -1334,6 +1351,7 @@
- if (result < 0)
- {
- gnutls_assert ();
-+ result = 0;
- goto cleanup;
- }
-
-@@ -1341,11 +1359,21 @@
- if (result < 0)
- {
- gnutls_assert ();
-+ result = 0;
-+ goto cleanup;
-+ }
-+
-+ sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
-+ hashalg = _gnutls_sign_get_hash(sigalg);
-+ if (hashalg == GNUTLS_MAC_UNKNOWN)
-+ {
-+ gnutls_assert();
-+ result = 0;
- goto cleanup;
- }
-
- result =
-- _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature,
-+ _gnutls_x509_verify_signature (hashalg, &crl_signed_data, NULL, &crl_signature,
- issuer);
- if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
- {
-@@ -1358,14 +1386,11 @@
- else if (result < 0)
- {
- gnutls_assert ();
-+ result = 0;
- goto cleanup;
- }
-
- {
-- int sigalg;
--
-- sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
--
- if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
- !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
- ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
-Index: gnutls26-2.12.23/lib/x509/x509.c
-===================================================================
---- gnutls26-2.12.23.orig/lib/x509/x509.c 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/x509/x509.c 2015-03-20 09:07:52.587827857 -0400
-@@ -2714,7 +2714,7 @@
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-- result = _gnutls_x509_verify_signature (data, NULL, signature, crt);
-+ result = _gnutls_x509_verify_signature (GNUTLS_MAC_UNKNOWN, data, NULL, signature, crt);
- if (result < 0)
- {
- gnutls_assert ();
-@@ -2752,7 +2752,7 @@
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-- result = _gnutls_x509_verify_signature (NULL, hash, signature, crt);
-+ result = _gnutls_x509_verify_signature (GNUTLS_MAC_UNKNOWN, NULL, hash, signature, crt);
- if (result < 0)
- {
- gnutls_assert ();
-Index: gnutls26-2.12.23/lib/x509/x509_int.h
-===================================================================
---- gnutls26-2.12.23.orig/lib/x509/x509_int.h 2015-03-20 09:07:52.587827857 -0400
-+++ gnutls26-2.12.23/lib/x509/x509_int.h 2015-03-20 09:07:52.587827857 -0400
-@@ -187,11 +187,11 @@
- bigint_t * issuer_params,
- unsigned int issuer_params_size);
-
--int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
-+int _gnutls_x509_verify_signature (int sigalg, const gnutls_datum_t * tbs,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_x509_crt_t issuer);
--int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
-+int _gnutls_x509_privkey_verify_signature (int sigalg, const gnutls_datum_t * tbs,
- const gnutls_datum_t * signature,
- gnutls_x509_privkey_t issuer);
-
-@@ -390,5 +390,6 @@
- const char *ext_id,
- const gnutls_datum_t * ext_data,
- unsigned int critical);
--
-+int
-+gnutls_x509_crq_get_signature_algorithm (gnutls_x509_crq_t crq);
- #endif
diff --git a/patches/gnutls-2.12.24/07-cve-2015-0294.patch b/patches/gnutls-2.12.24/07-cve-2015-0294.patch
deleted file mode 100755
index 2983fec..0000000
--- a/patches/gnutls-2.12.24/07-cve-2015-0294.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-From 2458d6d158fd523418e331e50abb35cd334bb795 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav at redhat.com>
-Date: Mon, 23 Feb 2015 10:41:56 +0100
-Subject: [PATCH] added fix for certificate algorithm consistency check
-
----
- lib/x509/x509.c | 34 +++++++++++++++++++++++++++++++++-
- 1 file changed, 33 insertions(+), 1 deletion(-)
-
-diff --git a/lib/x509/x509.c b/lib/x509/x509.c
-index 6db574c..f51ba3b 100644
---- a/lib/x509/x509.c
-+++ b/lib/x509/x509.c
-@@ -165,7 +165,7 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- gnutls_x509_crt_fmt_t format)
- {
- int result = 0, need_free = 0;
-- gnutls_datum_t _data;
-+ gnutls_datum_t _data, sa1 = {NULL, 0}, sa2 = {NULL, 0};
-
- if (cert == NULL)
- {
-@@ -233,6 +233,36 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- goto cleanup;
- }
-
-+ result =
-+ _gnutls_x509_read_value (cert->cert, "tbsCertificate.signature.algorithm",
-+ &sa1, 0);
-+ if (result != ASN1_SUCCESS)
-+ {
-+ result = _gnutls_asn2err (result);
-+ gnutls_assert ();
-+ goto cleanup;
-+ }
-+
-+ result =
-+ _gnutls_x509_read_value (cert->cert, "signatureAlgorithm.algorithm",
-+ &sa2, 0);
-+ if (result != ASN1_SUCCESS)
-+ {
-+ result = _gnutls_asn2err (result);
-+ gnutls_assert ();
-+ goto cleanup;
-+ }
-+
-+ if (sa1.size != sa2.size || sa1.size == 0 || strcmp(sa1.data, sa2.data) != 0)
-+ {
-+ result = GNUTLS_E_CERTIFICATE_ERROR;
-+ gnutls_assert ();
-+ goto cleanup;
-+ }
-+
-+ _gnutls_free_datum (&sa1);
-+ _gnutls_free_datum (&sa2);
-+
- /* Since we do not want to disable any extension
- */
- cert->use_extensions = 1;
-@@ -242,6 +272,8 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert,
- return 0;
-
- cleanup:
-+ _gnutls_free_datum (&sa1);
-+ _gnutls_free_datum (&sa2);
- if (need_free)
- _gnutls_free_datum (&_data);
- return result;
---
-libgit2 0.21.4
diff --git a/patches/gnutls-2.12.24/25_updatedgdocfrommaster.patch b/patches/gnutls-2.12.24/25_updatedgdocfrommaster.patch
deleted file mode 100755
index 2f77d3b..0000000
--- a/patches/gnutls-2.12.24/25_updatedgdocfrommaster.patch
+++ /dev/null
@@ -1,637 +0,0 @@
-#! /bin/sh
-patch -p1 -l -f $* < $0
-exit $?
-
-Description: Update gdoc script from gnutls master.
- This includes bef38b98c0536d81c0e4b2e78a9182e1df1d451c among other fixes:
- .
- [PATCH] Avoid depending on hash order in gdoc.
- .
- Previously, gdoc had a hash of regexp replacements for each output
- format, and applied the replacements in the order that "keys" returned
- for the hash. However, not all orders are safe -- and now that Perl 5.18
- randomises hash order per-process, it only worked sometimes!
-Origin: upstream
-Bug-Debian: http://bugs.debian.org/724167
-Forwarded: not-needed
-
---- gnutls26-2.12.23.orig/doc/scripts/gdoc
-+++ gnutls26-2.12.23/doc/scripts/gdoc
-@@ -1,4 +1,6 @@
--#!/usr/bin/perl
-+eval '(exit $?0)' && eval 'exec perl "$0" ${1+"$@"}'
-+ & eval 'exec perl "$0" $argv:q'
-+ if 0;
-
- ## Copyright (c) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Simon Josefsson
- ## added -texinfo, -listfunc, -pkg-name
-@@ -7,6 +9,8 @@
- ## Copyright (c) 2001, 2002 Nikos Mavrogiannopoulos
- ## added -tex
- ## Copyright (c) 1998 Michael Zucchi
-+## Copyright (c) 2013 Adam Sampson
-+## made highlighting not depend on hash order, for Perl 5.18
-
- # This program is free software: you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
-@@ -132,57 +136,59 @@
- use POSIX qw(strftime);
-
- # match expressions used to find embedded type information
--$type_constant = "((?<!\")\\\%(\\w+))";
--$type_func = "(\\w+\\(\\))";
--$type_param = "\\\@(\\w+)";
--$type_struct = "\\\#(\\w+)";
--$type_env = "(\\\$\\w+)";
-+$type_constant = "\\\%([A-Za-z0-9_]+)";
-+$type_func = "([A-Za-z0-9_]+\\(\\))";
-+$type_param = '\@([A-Za-z0-9_]+)\s*';
-+$type_struct = "\\\#([A-Za-z0-9_]+)";
-+$type_env = "(\\\$[A-Za-z0-9_]+)";
-
-
- # Output conversion substitutions.
- # One for each output format
-
- # these work fairly well
--%highlights_html = ( $type_constant, "<i>\$2</i>",
-- $type_func, "<b>\$1</b>",
-- $type_struct, "<i>\$1</i>",
-- $type_param, "<tt><b>\$1</b></tt>" );
-+ at highlights_html = ( [$type_constant, '"<i>$1</i>"'],
-+ [$type_func, '"<b>$1</b>"'],
-+ [$type_struct, '"<i>$1</i>"'],
-+ [$type_param, '" <tt><b>$1</b></tt> "'] );
- $blankline_html = "<p>";
-
--%highlights_texinfo = ( $type_constant, "\\\@code{\$2}",
-- $type_func, "\\\@code{\$1}",
-- $type_struct, "\\\@code{\$1}",
-- $type_param, "\\\@code{\$1}" );
-+ at highlights_texinfo = ( [$type_param, '" \@code{$1} "'],
-+ [$type_constant, '"\@code{$1} "'],
-+ [$type_func, '"\@code{$1} "'],
-+ [$type_struct, '"\@code{$1} "'],
-+ );
- $blankline_texinfo = "";
-
--%highlights_tex = ( $type_constant, "{\\\\it \$2}",
-- $type_func, "{\\\\bf \$1}",
-- $type_struct, "{\\\\it \$1}",
-- $type_param, "{\\\\bf \$1}" );
-+ at highlights_tex = ( [$type_param, '" {\\\bf $1} "'],
-+ [$type_constant, '"{\\\it $1}"'],
-+ [$type_func, '"{\\\bf $1}"'],
-+ [$type_struct, '"{\\\it $1}"'],
-+ );
- $blankline_tex = "\\\\";
-
- # sgml, docbook format
--%highlights_sgml = ( $type_constant, "<replaceable class=\"option\">\$2</replaceable>",
-- $type_func, "<function>\$1</function>",
-- $type_struct, "<structname>\$1</structname>",
-- $type_env, "<envar>\$1</envar>",
-- $type_param, "<parameter>\$1</parameter>" );
-+ at highlights_sgml = ( [$type_constant, '"<replaceable class=\"option\">$1</replaceable>"'],
-+ [$type_func, '"<function>$1</function>"'],
-+ [$type_struct, '"<structname>$1</structname>"'],
-+ [$type_env, '"<envar>$1</envar>"'],
-+ [$type_param, '" <parameter>$1</parameter> "'] );
- $blankline_sgml = "</para><para>\n";
-
- # these are pretty rough
--%highlights_man = ( $type_constant, "\\\\fB\$2\\\\fP",
-- $type_func, "\\\\fB\$1\\\\fP",
-- $type_struct, "\\\\fB\$1\\\\fP",
-- $type_param, "\\\\fI\$1\\\\fP" );
-+ at highlights_man = ( [$type_constant, '"\\\fB$1\\\fP"'],
-+ [$type_func, '"\\\fB$1\\\fP"'],
-+ [$type_struct, '"\\\fB$1\\\fP"'],
-+ [$type_param, '" \\\fI$1\\\fP "'] );
- $blankline_man = "";
-
- # text-mode
--%highlights_text = ( $type_constant, "\$2",
-- $type_func, "\$1",
-- $type_struct, "\$1",
-- $type_param, "\$1" );
-+ at highlights_text = ( [$type_constant, '"$1"'],
-+ [$type_func, '"$1"'],
-+ [$type_struct, '"$1"'],
-+ [$type_param, '"$1 "'] );
- $blankline_text = "";
--
-+my $lineprefix = "";
-
- sub usage {
- print "Usage: $0 [ -v ] [ -docbook | -html | -text | -man | -tex | -texinfo -listfunc ]\n";
-@@ -201,7 +207,7 @@ if ($#ARGV==-1) {
-
- $verbose = 0;
- $output_mode = "man";
--%highlights = %highlights_man;
-+ at highlights = @highlights_man;
- $blankline = $blankline_man;
- $modulename = "API Documentation";
- $sourceversion = strftime "%Y-%m-%d", localtime;
-@@ -210,27 +216,27 @@ while ($ARGV[0] =~ m/^-(.*)/) {
- $cmd = shift @ARGV;
- if ($cmd eq "-html") {
- $output_mode = "html";
-- %highlights = %highlights_html;
-+ @highlights = @highlights_html;
- $blankline = $blankline_html;
- } elsif ($cmd eq "-man") {
- $output_mode = "man";
-- %highlights = %highlights_man;
-+ @highlights = @highlights_man;
- $blankline = $blankline_man;
- } elsif ($cmd eq "-tex") {
- $output_mode = "tex";
-- %highlights = %highlights_tex;
-+ @highlights = @highlights_tex;
- $blankline = $blankline_tex;
- } elsif ($cmd eq "-texinfo") {
- $output_mode = "texinfo";
-- %highlights = %highlights_texinfo;
-+ @highlights = @highlights_texinfo;
- $blankline = $blankline_texinfo;
- } elsif ($cmd eq "-text") {
- $output_mode = "text";
-- %highlights = %highlights_text;
-+ @highlights = @highlights_text;
- $blankline = $blankline_text;
- } elsif ($cmd eq "-docbook") {
- $output_mode = "sgml";
-- %highlights = %highlights_sgml;
-+ @highlights = @highlights_sgml;
- $blankline = $blankline_sgml;
- } elsif ($cmd eq "-listfunc") {
- $output_mode = "listfunc";
-@@ -270,6 +276,8 @@ sub dump_section {
- my $name = shift @_;
- my $contents = join "\n", @_;
-
-+ $name = " $name";
-+
- if ($name =~ m/$type_constant/) {
- $name = $1;
- # print STDERR "constant section '$1' = '$contents'\n";
-@@ -280,6 +288,7 @@ sub dump_section {
- $parameters{$name} = $contents;
- } else {
- # print STDERR "other section '$name' = '$contents'\n";
-+ $name =~ tr/ //d;
- $sections{$name} = $contents;
- push @sectionlist, $name;
- }
-@@ -296,35 +305,15 @@ sub dump_section {
- # sections => %descriont descriptions
- #
-
--sub repstr {
-- $pattern = shift;
-- $repl = shift;
-- $match1 = shift;
-- $match2 = shift;
-- $match3 = shift;
-- $match4 = shift;
--
-- $output = $repl;
-- $output =~ s,\$1,$match1,g;
-- $output =~ s,\$2,$match2,g;
-- $output =~ s,\$3,$match3,g;
-- $output =~ s,\$4,$match4,g;
--
-- eval "\$return = qq/$output/";
--
--# print "pattern $pattern matched 1=$match1 2=$match2 3=$match3 4=$match4 replace $repl yielded $output interpolated $return\n";
--
-- $return;
--}
--
- sub just_highlight {
- my $contents = join "\n", @_;
- my $line;
- my $ret = "";
-
-- foreach $pattern (keys %highlights) {
--# print "scanning pattern $pattern ($highlights{$pattern})\n";
-- $contents =~ s:$pattern:repstr($pattern, $highlights{$pattern}, $1, $2, $3, $4):gse;
-+ foreach $highlight (@highlights) {
-+ my ($pattern, $replace) = @$highlight;
-+ #print "scanning pattern $pattern ($replace)\n";
-+ $contents =~ s/$pattern/$replace/gees;
- }
- foreach $line (split "\n", $contents) {
- if ($line eq ""){
-@@ -370,13 +359,45 @@ sub output_texinfo {
- }
- }
- foreach $section (@{$args{'sectionlist'}}) {
-+ $section =~ s/\@//g;
- print "\n\@strong{$section:} " if $section ne $section_default;
-- $args{'sections'}{$section} =~ s:([{}]):\@\1:gs;
-+ $args{'sections'}{$section} =~ s:([{}]):\@$1:gs;
- output_highlight($args{'sections'}{$section});
- }
- print "\@end deftypefun\n\n";
- }
-
-+sub output_enum_texinfo {
-+ my %args = %{$_[0]};
-+ my ($parameter, $section);
-+ my $count;
-+ my $name = $args{'enum'};
-+ my $param;
-+ my $param2;
-+ my $sec;
-+ my $check;
-+ my $type;
-+
-+ print "\n\@c $name\n";
-+ print "\@table \@code\n";
-+
-+ $check=0;
-+ foreach $parameter (@{$args{'parameterlist'}}) {
-+ $param1 = $parameter;
-+ $param1 =~ s/_/_\@-/g;
-+
-+ $check = 1;
-+ print "\@item ".$param1."\n";
-+# print "\n";
-+
-+ $param2 = $args{'parameters'}{$parameter};
-+ $out = just_highlight($param2);
-+ chomp $out;
-+ print $out . "\n";
-+ }
-+ print "\@end table\n";
-+}
-+
- # output in html
- sub output_html {
- my %args = %{$_[0]};
-@@ -428,7 +449,9 @@ sub output_tex {
-
- $func =~ s/_/\\_/g;
-
-- print "\n\n\\subsection{". $func . "}\n\\label{" . $args{'function'} . "}\n";
-+ print "\n\n\\begin{function}\n";
-+ print "\\functionTitle{". $func . "}\n";
-+ print "\\index{". $func . "}\n";
-
- $type = $args{'functiontype'};
- $type =~ s/_/\\_/g;
-@@ -451,9 +474,8 @@ sub output_tex {
- }
- print ")\n";
-
-- print "\n{\\large{Arguments}}\n";
-+ print "\n\\begin{functionArguments}\n";
-
-- print "\\begin{itemize}\n";
- $check=0;
- foreach $parameter (@{$args{'parameterlist'}}) {
- $param1 = $args{'parametertypes'}{$parameter};
-@@ -462,11 +484,12 @@ sub output_tex {
- $param2 =~ s/_/\\_/g;
-
- $check = 1;
-- print "\\item {\\it ".$param1."} {\\bf ".$param2."}: \n";
-+ print "\\functionArgument {\\it ".$param1."} {\\bf ".$param2."}: \n";
- # print "\n";
-
- $param3 = $args{'parameters'}{$parameter};
-- $param3 =~ s/#([a-zA-Z\_]+)/{\\it \1}/g;
-+ $param3 =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
-+ $param3 =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g;
-
- $out = just_highlight($param3);
- $out =~ s/_/\\_/g;
-@@ -475,31 +498,72 @@ sub output_tex {
- if ($check==0) {
- print "\\item void\n";
- }
-- print "\\end{itemize}\n";
-+ print "\\end{functionArguments}\n";
-
- foreach $section (@{$args{'sectionlist'}}) {
- $sec = $section;
- $sec =~ s/_/\\_/g;
-- $sec =~ s/#([a-zA-Z\_]+)/{\\it \1}/g;
-+ $sec =~ s/#([a-zA-Z\_]+)/{\\it $1}/g;
-
-- print "\n{\\large{$sec}}\\\\\n";
-- print "\\begin{rmfamily}\n";
-+ print "\n\\begin{function${sec}}\n";
-+ $out = $args{'sections'}{$section};
-
-- $sec = $args{'sections'}{$section};
-- $sec =~ s/\\:/:/g;
-- $sec =~ s/#([a-zA-Z\_]+)/{\\it \1}/g;
-- $sec =~ s/->/\$\\rightarrow\$/g;
-- $sec =~ s/([0-9]+)\^([0-9]+)/\$\{\1\}\^\{\2\}\$/g;
--
-- $out = just_highlight($sec);
-- $out =~ s/_/\\_/g;
-+ $out =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
-+ $out =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g;
-+ $out =~ s/\@([a-zA-Z\_]+)/{\\bf $1}/g;
-+ $out =~ s/_/\\_\\-/g;
-+ $out =~ s/\$/\\\$/g;
-+ $out =~ s/#/\\#/g;
-+ $out =~ s/\n\n/\n/g;
-+ $out =~ s/\\:/:/g;
-+ $out =~ s/\-\>/\$\\rightarrow\$/g;
-+ $out =~ s/([0-9]+)\^([0-9]+)/\$\{$1\}\^\{$2\}\$/g;
-
- print $out;
-- print "\\end{rmfamily}\n";
-+ print "\\end{function${sec}}\n";
- }
-- print "\n";
-+ print "\\end{function}\n\n";
- }
-
-+sub output_enum_tex {
-+ my %args = %{$_[0]};
-+ my ($parameter, $section);
-+ my $count;
-+ my $name = $args{'enum'};
-+ my $param;
-+ my $param2;
-+ my $sec;
-+ my $check;
-+ my $type;
-+
-+ print "\n\n\\begin{enum}\n";
-+ $name =~ s/_/\\_/g;
-+ print "\\enumTitle{". $name . "}\n";
-+ print "\\index{". $name . "}\n";
-+
-+ print "\n\\begin{enumList}\n";
-+
-+ $check=0;
-+ foreach $parameter (@{$args{'parameterlist'}}) {
-+ $param1 = $parameter;
-+ $param1 =~ s/_/\\_\\-/g;
-+
-+ $check = 1;
-+ print "\\enumElement{".$param1."}{";
-+# print "\n";
-+
-+ $param2 = $args{'parameters'}{$parameter};
-+ $param2 =~ s/\#([a-zA-Z\_]+)/{\\it $1}/g;
-+ $param2 =~ s/\%([a-zA-Z\_]+)/{\\bf $1}/g;
-+ $out = just_highlight($param2);
-+ $out =~ s/_/\\_/g;
-+ chomp $out;
-+ print $out . "}\n";
-+ }
-+ print "\\end{enumList}\n";
-+
-+ print "\\end{enum}\n\n";
-+}
-
- # output in sgml DocBook
- sub output_sgml {
-@@ -639,11 +703,14 @@ sub output_man {
- if ($args{'bugsto'}) {
- print ".SH \"REPORTING BUGS\"\n";
- print "Report bugs to <". $args{'bugsto'} . ">.\n";
-+ print ".br\n";
-+ print "General guidelines for reporting bugs: http://www.gnu.org/gethelp/\n";
-+ print ".br\n";
- if ($args{'pkgname'}) {
- print $args{'pkgname'} . " home page: " .
- "http://www.gnu.org/software/" . $args{'module'} . "/\n";
- }
-- print "General help using GNU software: http://www.gnu.org/gethelp/\n";
-+ print "\n";
- }
-
- if ($args{'copyright'}) {
-@@ -670,6 +737,10 @@ sub output_man {
- print ".B info " . $args{'seeinfo'} . "\n";
- print ".PP\n";
- print "should give you access to the complete manual.\n";
-+ print "As an alternative you may obtain the manual from:\n";
-+ print ".IP\n";
-+ print ".B http://www.gnu.org/software/" . $args{'module'} . "/manual/\n";
-+ print ".PP\n";
- }
- }
-
-@@ -705,6 +776,10 @@ sub output_function {
- eval "output_".$output_mode."(\@_);";
- }
-
-+sub output_enum {
-+ eval "output_enum_".$output_mode."(\@_);";
-+}
-+
-
- ##
- # takes a function prototype and spits out all the details
-@@ -744,7 +819,7 @@ sub dump_function {
- # print STDERR " :> @args\n";
- $type = join " ", @args;
-
-- if ($parameters{$param} eq "" && $param != "void") {
-+ if ((!defined($parameters{$param}) || $parameters{$param} eq "") && $param ne "void") {
- $parameters{$param} = "-- undescribed --";
- print STDERR "warning: $lineno: Function parameter '$param' not described in '$function_name'\n";
- }
-@@ -781,6 +856,56 @@ sub dump_function {
- }
- }
-
-+sub dump_enum {
-+ my $prototype = shift @_;
-+
-+ if (($prototype =~ m/^\s*typedef\s+enum\s*[a-zA-Z0-9_~:]*\s*\{([\-a-zA-Z0-9_~=,:\s\(\)\<]+)\s*\}\s*([a-zA-Z0-9_]+);.*/)) {
-+# || $prototype =~ m/^\s*enum\s+([a-zA-Z0-9_~:]+).*/) {
-+ $args = $1;
-+ $name = $2;
-+
-+ foreach $arg (split ',', $args) {
-+ # strip leading/trailing spaces
-+ $arg =~ s/^\s*//;
-+ $arg =~ s/\s*$//;
-+ $arg =~ s/([A-Za-z0-9_]+)\s*=.*/$1/g;
-+# print STDERR "SCAN ARG: '$arg'\n";
-+
-+ next if $arg eq '';
-+ if ((!defined($parameters{$arg}) || $parameters{$arg} eq "")) {
-+ $parameters{$arg} = "-- undescribed --";
-+ print STDERR "warning: $lineno: Enumeration parameter '$arg' not described in '$name'\n";
-+ }
-+
-+ push @parameterlist, $arg;
-+
-+# print STDERR "param = '$arg'\n";
-+ }
-+ } else {
-+# print STDERR "warning: $lineno: Cannot understand enumeration: '$prototype'\n";
-+ return;
-+ }
-+
-+ output_enum({'enum' => $name,
-+ 'module' => $modulename,
-+ 'sourceversion' => $sourceversion,
-+ 'include' => $include,
-+ 'includefuncprefix' => $includefuncprefix,
-+ 'bugsto' => $bugsto,
-+ 'pkgname' => $pkgname,
-+ 'copyright' => $copyright,
-+ 'verbatimcopying' => $verbatimcopying,
-+ 'seeinfo' => $seeinfo,
-+ 'functiontype' => $return_type,
-+ 'parameterlist' => \@parameterlist,
-+ 'parameters' => \%parameters,
-+ 'parametertypes' => \%parametertypes,
-+ 'sectionlist' => \@sectionlist,
-+ 'sections' => \%sections,
-+ 'purpose' => $function_purpose
-+ });
-+}
-+
- ######################################################################
- # main
- # states
-@@ -797,7 +922,7 @@ $doc_start = "^/\\*\\*\$";
- $doc_end = "\\*/";
- $doc_com = "\\s*\\*\\s*";
- $doc_func = $doc_com."(\\w+):?";
--$doc_sect = $doc_com."([".$doc_special."[:upper:]][\\w ]+):\\s*(.*)";
-+$doc_sect = $doc_com."([".$doc_special."[:upper:]][\\w]+):\\s*(.*)";
- $doc_content = $doc_com."(.*)";
-
- %constants = ();
-@@ -809,6 +934,7 @@ $doc_content = $doc_com."(.*)";
- $contents = "";
- $section_default = "Description"; # default section
- $section = $section_default;
-+$enum = 0;
-
- $lineno = 0;
- foreach $file (@ARGV) {
-@@ -816,18 +942,21 @@ foreach $file (@ARGV) {
- print STDERR "Error: Cannot open file $file\n";
- next;
- }
-- while (<IN>) {
-+ while ($line = <IN>) {
- $lineno++;
-
- if ($state == 0) {
-- if (/$doc_start/o) {
-+ if ($line =~ /$doc_start/o) {
- $state = 1; # next line is always the function name
-+# print STDERR "XXX: start of doc comment\n";
- }
- } elsif ($state == 1) { # this line is the function name (always)
-- if (/$doc_func/o) {
-+ if ($line =~ /$doc_func/o) {
- $function = $1;
- $state = 2;
-- if (/-\s*(.*)/) {
-+# print STDERR "XXX: start of doc comment, looking for prototype\n";
-+
-+ if ($line =~ /-\s*(.*)/) {
- $function_purpose = $1;
- } else {
- $function_purpose = "";
-@@ -841,11 +970,11 @@ foreach $file (@ARGV) {
- $state = 0;
- }
- } elsif ($state == 2) { # look for head: lines, and include content
-- if (/$doc_sect/o) {
-+ if ($line =~ /$doc_sect/o) {
- $newsection = $1;
- $newcontents = $2;
-
-- if ($contents ne "") {
-+ if ($contents ne '') {
- dump_section($section, $contents);
- $section = $section_default;
- }
-@@ -855,7 +984,7 @@ foreach $file (@ARGV) {
- $contents .= "\n";
- }
- $section = $newsection;
-- } elsif (/$doc_end/) {
-+ } elsif ($line =~ /$doc_end/) {
-
- if ($contents ne "") {
- dump_section($section, $contents);
-@@ -863,13 +992,12 @@ foreach $file (@ARGV) {
- $contents = "";
- }
-
--# print STDERR "end of doc comment, looking for prototype\n";
- $prototype = "";
- $state = 3;
-- } elsif (/$doc_content/) {
-+ } elsif ($line =~ /$doc_content/) {
- # miguel-style comment kludge, look for blank lines after
- # @parameter line to signify start of description
-- if ($1 eq "" && $section =~ m/^@/) {
-+ if ($1 eq '' && $section =~ m/^@/) {
- dump_section($section, $contents);
- $section = $section_default;
- $contents = "";
-@@ -881,13 +1009,16 @@ foreach $file (@ARGV) {
- print STDERR "warning: $lineno: Bad line: $_";
- }
- } elsif ($state == 3) { # scanning for function { (end of prototype)
-- if (m#\s*/\*\s+MACDOC\s*#io) {
-+ if ($line =~ m#\s*/\*\s+MACDOC\s*#io) {
- # do nothing
- }
-- elsif (/([^\{]*)/) {
-+ elsif ($enum == 1 && $line =~ /(^\s*\{).*/) {
-+ $prototype .= "{";
-+ }
-+ elsif ($line =~ /([^\{]*)/) {
- $prototype .= $1;
- }
-- if (/\{/) {
-+ if ($enum == 0 && $line =~ /\{/) {
- $prototype =~ s@/\*.*?\*/@@gos; # strip comments.
- $prototype =~ s@[\r\n]+@ @gos; # strip newlines/cr's.
- $prototype =~ s@^ +@@gos; # strip leading spaces
-@@ -901,9 +1032,32 @@ foreach $file (@ARGV) {
- %sections = ();
- @sectionlist = ();
- $prototype = "";
-+ $enum = 0;
-
- $state = 0;
- }
-+ elsif ($enum == 1 && $line =~ /\}/) {
-+ $prototype =~ s@/\*.*?\*/@@gos; # strip comments.
-+ $prototype =~ s@[\r\n]+@ @gos; # strip newlines/cr's.
-+ $prototype =~ s@^ +@@gos; # strip leading spaces
-+ dump_enum($prototype);
-+
-+ $function = "";
-+ %constants = ();
-+ %parameters = ();
-+ %parametertypes = ();
-+ @parameterlist = ();
-+ %sections = ();
-+ @sectionlist = ();
-+ $prototype = "";
-+ $enum = 0;
-+
-+ $state = 0;
-+ }
-+ elsif ($line =~ /([a-zA-Z\s]+)enum(.*)$/) {
-+ $enum = 1;
-+ }
-+
- }
- }
- }
diff --git a/patches/gnutls-2.12.24/fix-gcrypt-private-api-usage.patch b/patches/gnutls-2.12.24/fix-gcrypt-private-api-usage.patch
deleted file mode 100755
index c4efe34..0000000
--- a/patches/gnutls-2.12.24/fix-gcrypt-private-api-usage.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-#! /bin/sh
-patch -p0 -l -f $* < $0
-exit $?
-
-2014-08-06 Andre Heinecke <aheinecke at intevation.de>
-
- * lib/gcrypt/init.c: Use GCRY_THREAD_OPTION_PTHREAD_IMPL macro
- instead of defining the gcry_thread_cbs structure itself.
-
---- lib/gcrypt/init.c.oirg 2014-08-06 11:52:26.858064946 +0000
-+++ lib/gcrypt/init.c 2014-08-06 12:10:31.121726144 +0000
-@@ -32,16 +32,9 @@
- /* Functions that refer to the initialization of the libgcrypt library.
- */
-
--static struct gcry_thread_cbs gct = {
-- .option = (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)),
-- .init = NULL,
-- .select = NULL,
-- .waitpid = NULL,
-- .accept = NULL,
-- .connect = NULL,
-- .sendmsg = NULL,
-- .recvmsg = NULL,
--};
-+GCRY_THREAD_OPTION_PTHREAD_IMPL;
-+
-+static struct gcry_thread_cbs gct;
-
- int
- gnutls_crypto_init (void)
-@@ -53,11 +46,12 @@
-
- if (gnutls_mutex_init != NULL)
- {
-+#if GCRYPT_VERSION_NUMBER < 0x010600
- gct.mutex_init = gnutls_mutex_init;
- gct.mutex_destroy = gnutls_mutex_deinit;
- gct.mutex_lock = gnutls_mutex_lock;
- gct.mutex_unlock = gnutls_mutex_unlock;
--
-+#endif
- gcry_control (GCRYCTL_SET_THREAD_CBS, &gct);
- }
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 8 -
patches/gnutls-2.12.24/02-cve-2013-2116.patch | 28 -
patches/gnutls-2.12.24/03-cve-2014-1959.patch | 39 --
patches/gnutls-2.12.24/04-cve-2014-0092.patch | 105 ----
patches/gnutls-2.12.24/05-cve-2014-3466.patch | 29 -
patches/gnutls-2.12.24/06-cve-2015-0282.patch | 484 ----------------
patches/gnutls-2.12.24/07-cve-2015-0294.patch | 74 ---
.../gnutls-2.12.24/25_updatedgdocfrommaster.patch | 637 ---------------------
.../fix-gcrypt-private-api-usage.patch | 44 --
9 files changed, 1448 deletions(-)
delete mode 100755 patches/gnutls-2.12.24/02-cve-2013-2116.patch
delete mode 100755 patches/gnutls-2.12.24/03-cve-2014-1959.patch
delete mode 100755 patches/gnutls-2.12.24/04-cve-2014-0092.patch
delete mode 100755 patches/gnutls-2.12.24/05-cve-2014-3466.patch
delete mode 100755 patches/gnutls-2.12.24/06-cve-2015-0282.patch
delete mode 100755 patches/gnutls-2.12.24/07-cve-2015-0294.patch
delete mode 100755 patches/gnutls-2.12.24/25_updatedgdocfrommaster.patch
delete mode 100755 patches/gnutls-2.12.24/fix-gcrypt-private-api-usage.patch
hooks/post-receive
--
GnuPG for Windows
http://git.gnupg.org
More information about the Gpg4win-commits
mailing list