Commit 2f10cbf0 authored by Daniel Sabogal's avatar Daniel Sabogal Committed by Natanael Copa

main/gnutls: security upgrade to 3.4.15 (GNUTLS-SA-2016-3)

Remove unused patches
parent 42dfc526
......@@ -2,16 +2,15 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnutls
pkgver=3.4.14
pkgrel=1
pkgver=3.4.15
pkgrel=0
pkgdesc="A TLS protocol implementation"
url="http://www.gnutls.org/"
arch="all"
license="GPL"
depends=
depends=""
depends_dev="nettle-dev zlib-dev libtasn1-dev p11-kit-dev"
makedepends="$depends_dev texinfo"
install=
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils $pkgname-c++:xx"
_v=${pkgver%.*}
case $pkgver in
......@@ -20,19 +19,10 @@ esac
source="ftp://ftp.gnutls.org/gcrypt/gnutls/v${_v}/$pkgname-$pkgver.tar.xz
"
_builddir="$srcdir/$pkgname-$pkgver"
prepare() {
cd "$_builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
}
builddir="$srcdir/$pkgname-$pkgver"
build() {
cd "$_builddir"
cd "$builddir"
LIBS="-lgmp" ./configure \
--build=$CBUILD \
--host=$CHOST \
......@@ -46,12 +36,12 @@ build() {
--disable-guile \
--disable-valgrind-tests \
|| return 1
make
make || return 1
}
package() {
cd "$_builddir"
make -j1 DESTDIR="$pkgdir" install
make -j1 DESTDIR="$pkgdir" \
-C "$builddir" install
}
utils() {
......@@ -66,6 +56,6 @@ xx() {
mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
}
md5sums="ad3e269a6793424d5d21c9626e1c9ef1 gnutls-3.4.14.tar.xz"
sha256sums="35deddf2779b76ac11057de38bf380b8066c05de21b94263ad5b6dfa75dfbb23 gnutls-3.4.14.tar.xz"
sha512sums="d75f6b4dea2dc742cd7f60ee0ee540d41b69991aaa937ca0138cfdf4a1e0dfaaa3863464303bfa5799e14ee02de252f71c59a7a9e57b96ff8af653e419edfd4e gnutls-3.4.14.tar.xz"
md5sums="4ea5b239bd8bf1b734dda02997b36459 gnutls-3.4.15.tar.xz"
sha256sums="eb2a013905f5f2a0cbf7bcc1d20c85a50065063ee87bd33b496c4e19815e3498 gnutls-3.4.15.tar.xz"
sha512sums="03157f2da22890ecd080ad58144a9aabe933382c0b7e969b7b194a0248bb5e6e25207078c0a92755650d0004970eb1c0cf0140dbdbf2e615808f9978e965a5e5 gnutls-3.4.15.tar.xz"
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
---
src/certtool-common.c | 180 +++++++++---
src/certtool-extras.c | 21 +-
src/certtool.c | 763 +++++++++++++++++++++++++++++++++++++++----------
src/danetool.c | 97 +++++--
src/ocsptool-common.c | 48 +++-
src/ocsptool.c | 171 +++++++++---
src/p11tool.c | 16 +-
src/pkcs11.c | 1 -
src/serv.c | 2 +
src/tpmtool.c | 41 ++-
10 files changed, 1055 insertions(+), 285 deletions(-)
diff --git a/src/certtool-common.c b/src/certtool-common.c
index cca7c49..1799250 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -37,7 +37,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <error.h>
#include <common.h>
#include "certtool-common.h"
#include "certtool-args.h"
@@ -86,7 +85,10 @@ load_secret_key (int mand, common_info_st * info)
if (info->secret_key == NULL)
{
if (mand)
- error (EXIT_FAILURE, 0, "missing --secret-key");
+ {
+ fprintf (stderr, "missing --secret-key");
+ exit(1);
+ }
else
return NULL;
}
@@ -96,7 +98,10 @@ load_secret_key (int mand, common_info_st * info)
ret = gnutls_hex_decode (&hex_key, raw_key, &raw_key_size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "hex_decode: %s", gnutls_strerror (ret));
+ exit(1);
+ }
key.data = (void*)raw_key;
key.size = raw_key_size;
@@ -135,7 +140,10 @@ const char* pass;
ret = gnutls_privkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_privkey_import_x509_raw (key, dat, info->incert_format, NULL, 0);
if (ret == GNUTLS_E_DECRYPTION_FAILED)
@@ -146,14 +154,18 @@ const char* pass;
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- error (EXIT_FAILURE, 0,
+ fprintf (stderr,
"import error: could not find a valid PEM header; "
"check if your key is PKCS #12 encoded");
+ exit(1);
}
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
+ {
+ fprintf (stderr, "importing --load-privkey: %s: %s",
info->privkey, gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -165,12 +177,18 @@ gnutls_privkey_t key;
ret = gnutls_privkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_privkey_import_url(key, url, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing key: %s: %s",
+ {
+ fprintf (stderr, "importing key: %s: %s",
url, gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -214,7 +232,10 @@ load_private_key (int mand, common_info_st * info)
return NULL;
if (info->privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-privkey");
+ {
+ fprintf (stderr, "missing --load-privkey");
+ exit(1);
+ }
if (gnutls_url_is_supported(info->privkey) != 0)
return _load_url_privkey(info->privkey);
@@ -223,7 +244,10 @@ load_private_key (int mand, common_info_st * info)
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
+ {
+ fprintf (stderr, "reading --load-privkey: %s", info->privkey);
+ exit(1);
+ }
key = _load_privkey(&dat, info);
@@ -249,17 +273,26 @@ load_x509_private_key (int mand, common_info_st * info)
return NULL;
if (info->privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-privkey");
+ {
+ fprintf (stderr, "missing --load-privkey");
+ exit(1);
+ }
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (info->privkey, &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
+ {
+ fprintf (stderr, "reading --load-privkey: %s", info->privkey);
+ exit(1);
+ }
if (info->pkcs8)
{
@@ -282,14 +315,18 @@ load_x509_private_key (int mand, common_info_st * info)
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- error (EXIT_FAILURE, 0,
+ fprintf (stderr,
"import error: could not find a valid PEM header; "
- "check if your key is PKCS #12 encoded");
+ "check if your key is PEM encoded");
+ exit(1);
}
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
+ {
+ fprintf( stderr, "importing --load-privkey: %s: %s",
info->privkey, gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -332,14 +369,20 @@ load_cert_list (int mand, size_t * crt_size, common_info_st * info)
if (info->cert == NULL)
{
if (mand)
- error (EXIT_FAILURE, 0, "missing --load-certificate");
+ {
+ fprintf (stderr, "missing --load-certificate");
+ exit(1);
+ }
else
return NULL;
}
fd = fopen (info->cert, "r");
if (fd == NULL)
- error (EXIT_FAILURE, errno, "%s", info->cert);
+ {
+ fprintf (stderr, "%s", info->cert);
+ exit(1);
+ }
size = fread (buffer, 1, sizeof (buffer) - 1, fd);
buffer[size] = 0;
@@ -353,7 +396,10 @@ load_cert_list (int mand, size_t * crt_size, common_info_st * info)
{
ret = gnutls_x509_crt_init (&crt[i]);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)ptr;
dat.size = ptr_size;
@@ -362,7 +408,10 @@ load_cert_list (int mand, size_t * crt_size, common_info_st * info)
if (ret < 0 && *crt_size > 0)
break;
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crt_import: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ptr = strstr (ptr, "---END");
if (ptr == NULL)
@@ -399,26 +448,35 @@ load_request (common_info_st * info)
ret = gnutls_x509_crq_init (&crq);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crq_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (info->request, &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-request: %s", info->request);
+ {
+ fprintf (stderr, "reading --load-request: %s", info->request);
+ exit(1);
+ }
ret = gnutls_x509_crq_import (crq, &dat, info->incert_format);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- error (EXIT_FAILURE, 0,
+ fprintf(stderr,
"import error: could not find a valid PEM header");
+ exit(1);
}
free (dat.data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
- info->request, gnutls_strerror (ret));
-
+ {
+ fprintf(stderr, "importing --load-request: %s: %s",
+ info->request, gnutls_strerror (ret));
+ exit(1);
+ }
return crq;
}
@@ -432,7 +490,10 @@ load_ca_private_key (common_info_st * info)
size_t size;
if (info->ca_privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
+ {
+ fprintf(stderr, "missing --load-ca-privkey");
+ exit(1);
+ }
if (gnutls_url_is_supported(info->ca_privkey) != 0)
return _load_url_privkey(info->ca_privkey);
@@ -441,8 +502,11 @@ load_ca_private_key (common_info_st * info)
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
+ {
+ fprintf (stderr, "reading --load-ca-privkey: %s",
info->ca_privkey);
+ exit(1);
+ }
key = _load_privkey(&dat, info);
@@ -462,24 +526,36 @@ load_ca_cert (common_info_st * info)
size_t size;
if (info->ca == NULL)
- error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
+ {
+ fprintf(stderr, "missing --load-ca-certificate");
+ exit(1);
+ }
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (info->ca, &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s",
+ {
+ fprintf( stderr, "reading --load-ca-certificate: %s",
info->ca);
+ exit(1);
+ }
ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
free (dat.data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
- info->ca, gnutls_strerror (ret));
+ {
+ fprintf(stderr, "importing --load-ca-certificate: %s: %s",
+ info->ca, gnutls_strerror (ret));
+ exit(1);
+ }
return crt;
}
@@ -499,20 +575,29 @@ load_pubkey (int mand, common_info_st * info)
return NULL;
if (info->pubkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-pubkey");
+ {
+ fprintf(stderr, "missing --load-pubkey");
+ exit(1);
+ }
if (gnutls_url_is_supported(info->pubkey) != 0)
return _load_url_pubkey(info->pubkey);
ret = gnutls_pubkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (info->pubkey, &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info->pubkey);
+ {
+ fprintf( stderr, "reading --load-pubkey: %s", info->pubkey);
+ exit(1);
+ }
ret = gnutls_pubkey_import (key, &dat, info->incert_format);
@@ -520,14 +605,18 @@ load_pubkey (int mand, common_info_st * info)
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- error (EXIT_FAILURE, 0,
+ fprintf(stderr,
"import error: could not find a valid PEM header; "
"check if your key has the PUBLIC KEY header");
+ exit(1);
}
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
+ {
+ fprintf(stderr, "importing --load-pubkey: %s: %s",
info->pubkey, gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -539,8 +628,11 @@ int ret;
ret = gnutls_pubkey_init(&pubkey);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_pubkey_init: %s",
+ {
+ fprintf(stderr, "gnutls_pubkey_init: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
if (!privkey || (ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0)) < 0)
{ /* could not get (e.g. on PKCS #11 */
@@ -747,7 +839,10 @@ size_t size;
ret = gnutls_pubkey_print(pubkey, format, &data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "pubkey_print error: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "pubkey_print error: %s", gnutls_strerror (ret));
+ exit(1);
+ }
fprintf (outfile, "%s\n", data.data);
gnutls_free (data.data);
@@ -755,7 +850,10 @@ size_t size;
size = buffer_size;
ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "export error: %s", gnutls_strerror (ret));
+ exit(1);
+ }
fprintf (outfile, "\n%s\n", buffer);
}
diff --git a/src/certtool-extras.c b/src/certtool-extras.c
index 1422188..ee89434 100644
--- a/src/certtool-extras.c
+++ b/src/certtool-extras.c
@@ -38,7 +38,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <error.h>
#include "certtool-common.h"
#include "certtool-cfg.h"
@@ -64,14 +63,20 @@ load_privkey_list (int mand, size_t * privkey_size, common_info_st * info)
if (info->privkey == NULL)
{
if (mand)
- error (EXIT_FAILURE, 0, "missing --load-privkey");
+ {
+ fprintf( stderr, "missing --load-privkey");
+ exit(1);
+ }
else
return NULL;
}
ret = gnutls_load_file(info->privkey, &file_data);
if (ret < 0)
- error (EXIT_FAILURE, errno, "%s", info->privkey);
+ {
+ fprintf (stderr, "%s", info->privkey);
+ exit(1);
+ }
ptr = (void*)file_data.data;
ptr_size = file_data.size;
@@ -80,7 +85,10 @@ load_privkey_list (int mand, size_t * privkey_size, common_info_st * info)
{
ret = gnutls_x509_privkey_init (&key[i]);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)ptr;
dat.size = ptr_size;
@@ -95,7 +103,10 @@ load_privkey_list (int mand, size_t * privkey_size, common_info_st * info)
if (ret < 0 && *privkey_size > 0)
break;
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_import: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "privkey_import: %s", gnutls_strerror (ret));
+ exit(1);
+ }
(*privkey_size)++;
diff --git a/src/certtool.c b/src/certtool.c
index 2a1a668..0ea52e8 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -38,7 +38,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <error.h>
/* Gnulib portability files. */
#include <read-file.h>
@@ -109,7 +108,10 @@ generate_private_key_int (common_info_st * cinfo)
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
bits = get_bits (key_type, cinfo->bits, cinfo->sec_param, 1);
@@ -122,11 +124,17 @@ generate_private_key_int (common_info_st * cinfo)
ret = gnutls_x509_privkey_generate (key, key_type, bits, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "privkey_generate: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_x509_privkey_verify_params (key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_verify_params: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "privkey_verify_params: %s", gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -167,8 +175,8 @@ cipher_to_flags (const char *cipher)
return GNUTLS_PKCS_USE_PKCS12_RC2_40;
}
- error (EXIT_FAILURE, 0, "unknown cipher %s\n", cipher);
- return -1;
+ fprintf(stderr, "unknown cipher %s\n", cipher);
+ exit(1);
}
@@ -190,7 +198,10 @@ print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key)
ret = gnutls_x509_privkey_export (key, outcert_format,
buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_export: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "privkey_export: %s", gnutls_strerror (ret));
+ exit(1);
+ }
}
else
{
@@ -205,8 +216,11 @@ print_private_key (common_info_st* cinfo, gnutls_x509_privkey_t key)
gnutls_x509_privkey_export_pkcs8 (key, outcert_format, pass,
flags, buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_export_pkcs8: %s",
+ {
+ fprintf(stderr, "privkey_export_pkcs8: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
}
fwrite (buffer, 1, size, outfile);
@@ -244,7 +258,10 @@ generate_certificate (gnutls_privkey_t * ret_key,
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
crq = load_request (cinfo);
@@ -266,8 +283,11 @@ generate_certificate (gnutls_privkey_t * ret_key,
{
result = gnutls_x509_crt_set_proxy_dn (crt, ca_crt, 0, NULL, 0);
if (result < 0)
- error (EXIT_FAILURE, 0, "set_proxy_dn: %s",
+ {
+ fprintf(stderr, "set_proxy_dn: %s",
gnutls_strerror (result));
+ exit(1);
+ }
get_dn_crt_set (crt);
get_cn_crt_set (crt);
@@ -297,13 +317,19 @@ generate_certificate (gnutls_privkey_t * ret_key,
result = gnutls_x509_crt_set_pubkey (crt, pubkey);
if (result < 0)
- error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (result));
+ {
+ fprintf(stderr, "set_key: %s", gnutls_strerror (result));