cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security fix for GNUTLS-SA-2013-3,

Browse Source 
GnuTLS Denial of Service vulnerability in DANE records processing.
(no CVE assigned yet)

ok aja@ (MAINTAINER)
This commit is contained in:
jca 2013-10-24 15:42:08 +00:00
parent e41ca635ab
commit 3df624f906
13 changed files with 6 additions and 3204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/gnutls/Makefile
View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.82 2013/09/06 16:27:51 ajacoutot Exp $
# $OpenBSD: Makefile,v 1.83 2013/10/24 15:42:08 jca Exp $
COMMENT= GNU Transport Layer Security library
V= 3.2.4
V= 3.2.5
DISTNAME= gnutls-${V}
EXTRACT_SUFX= .tar.xz

4
security/gnutls/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (gnutls-3.2.4.tar.xz) = EZVwrz64O0ESUr9hdoi5uRQ+Q0n0hle3666lfZD/cH8=
SIZE (gnutls-3.2.4.tar.xz) = 4959876
SHA256 (gnutls-3.2.5.tar.xz) = xvvNzTKy84zKO7+hB1lVbWb0eVrG5uUFA/LuXAjAgbc=
SIZE (gnutls-3.2.5.tar.xz) = 4987156

418
security/gnutls/patches/patch-src_certtool-common_c
View File

@ -1,418 +0,0 @@
$OpenBSD: patch-src_certtool-common_c,v 1.1 2013/09/06 16:27:51 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/certtool-common.c.orig Wed Apr 24 10:34:02 2013
+++ src/certtool-common.c Fri Sep 6 17:25:49 2013
@@ -37,7 +37,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <error.h>
#include <common.h>
#include "certtool-common.h"
#include "certtool-args.h"
@@ -86,7 +85,10 @@ load_secret_key (int mand, common_info_st * info)
if (info->secret_key == NULL)
{
if (mand)
- error (EXIT_FAILURE, 0, "missing --secret-key");
+ {
+ fprintf (stderr, "missing --secret-key");
+ exit(1);
+ }
else
return NULL;
}
@@ -96,7 +98,10 @@ load_secret_key (int mand, common_info_st * info)
ret = gnutls_hex_decode (&hex_key, raw_key, &raw_key_size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "hex_decode: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "hex_decode: %s", gnutls_strerror (ret));
+ exit(1);
+ }
key.data = (void*)raw_key;
key.size = raw_key_size;
@@ -135,7 +140,10 @@ const char* pass;
ret = gnutls_privkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_privkey_import_x509_raw (key, dat, info->incert_format, NULL, 0);
if (ret == GNUTLS_E_DECRYPTION_FAILED)
@@ -146,14 +154,18 @@ const char* pass;
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- error (EXIT_FAILURE, 0,
+ fprintf (stderr,
"import error: could not find a valid PEM header; "
"check if your key is PKCS #12 encoded");
+ exit(1);
}
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
+ {
+ fprintf (stderr, "importing --load-privkey: %s: %s",
info->privkey, gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -165,12 +177,18 @@ gnutls_privkey_t key;
ret = gnutls_privkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_privkey_import_url(key, url, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing key: %s: %s",
+ {
+ fprintf (stderr, "importing key: %s: %s",
url, gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -214,7 +232,10 @@ load_private_key (int mand, common_info_st * info)
return NULL;
if (info->privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-privkey");
+ {
+ fprintf (stderr, "missing --load-privkey");
+ exit(1);
+ }
if (gnutls_url_is_supported(info->privkey) != 0)
return _load_url_privkey(info->privkey);
@@ -223,7 +244,10 @@ load_private_key (int mand, common_info_st * info)
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
+ {
+ fprintf (stderr, "reading --load-privkey: %s", info->privkey);
+ exit(1);
+ }
key = _load_privkey(&dat, info);
@@ -249,17 +273,26 @@ load_x509_private_key (int mand, common_info_st * info
return NULL;
if (info->privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-privkey");
+ {
+ fprintf (stderr, "missing --load-privkey");
+ exit(1);
+ }
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (info->privkey, &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
+ {
+ fprintf (stderr, "reading --load-privkey: %s", info->privkey);
+ exit(1);
+ }
if (info->pkcs8)
{
@@ -282,14 +315,18 @@ load_x509_private_key (int mand, common_info_st * info
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- error (EXIT_FAILURE, 0,
+ fprintf (stderr,
"import error: could not find a valid PEM header; "
- "check if your key is PKCS #12 encoded");
+ "check if your key is PEM encoded");
+ exit(1);
}
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
+ {
+ fprintf( stderr, "importing --load-privkey: %s: %s",
info->privkey, gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -332,14 +369,20 @@ load_cert_list (int mand, size_t * crt_size, common_in
if (info->cert == NULL)
{
if (mand)
- error (EXIT_FAILURE, 0, "missing --load-certificate");
+ {
+ fprintf (stderr, "missing --load-certificate");
+ exit(1);
+ }
else
return NULL;
}
fd = fopen (info->cert, "r");
if (fd == NULL)
- error (EXIT_FAILURE, errno, "%s", info->cert);
+ {
+ fprintf (stderr, "%s", info->cert);
+ exit(1);
+ }
size = fread (buffer, 1, sizeof (buffer) - 1, fd);
buffer[size] = 0;
@@ -353,7 +396,10 @@ load_cert_list (int mand, size_t * crt_size, common_in
{
ret = gnutls_x509_crt_init (&crt[i]);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)ptr;
dat.size = ptr_size;
@@ -362,7 +408,10 @@ load_cert_list (int mand, size_t * crt_size, common_in
if (ret < 0 && *crt_size > 0)
break;
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crt_import: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ptr = strstr (ptr, "---END");
if (ptr == NULL)
@@ -399,26 +448,35 @@ load_request (common_info_st * info)
ret = gnutls_x509_crq_init (&crq);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crq_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crq_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (info->request, &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-request: %s", info->request);
+ {
+ fprintf (stderr, "reading --load-request: %s", info->request);
+ exit(1);
+ }
ret = gnutls_x509_crq_import (crq, &dat, info->incert_format);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- error (EXIT_FAILURE, 0,
+ fprintf(stderr,
"import error: could not find a valid PEM header");
+ exit(1);
}
free (dat.data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-request: %s: %s",
- info->request, gnutls_strerror (ret));
-
+ {
+ fprintf(stderr, "importing --load-request: %s: %s",
+ info->request, gnutls_strerror (ret));
+ exit(1);
+ }
return crq;
}
@@ -432,7 +490,10 @@ load_ca_private_key (common_info_st * info)
size_t size;
if (info->ca_privkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-ca-privkey");
+ {
+ fprintf(stderr, "missing --load-ca-privkey");
+ exit(1);
+ }
if (gnutls_url_is_supported(info->ca_privkey) != 0)
return _load_url_privkey(info->ca_privkey);
@@ -441,8 +502,11 @@ load_ca_private_key (common_info_st * info)
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s",
+ {
+ fprintf (stderr, "reading --load-ca-privkey: %s",
info->ca_privkey);
+ exit(1);
+ }
key = _load_privkey(&dat, info);
@@ -462,24 +526,36 @@ load_ca_cert (common_info_st * info)
size_t size;
if (info->ca == NULL)
- error (EXIT_FAILURE, 0, "missing --load-ca-certificate");
+ {
+ fprintf(stderr, "missing --load-ca-certificate");
+ exit(1);
+ }
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "crt_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (info->ca, &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s",
+ {
+ fprintf( stderr, "reading --load-ca-certificate: %s",
info->ca);
+ exit(1);
+ }
ret = gnutls_x509_crt_import (crt, &dat, info->incert_format);
free (dat.data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s",
- info->ca, gnutls_strerror (ret));
+ {
+ fprintf(stderr, "importing --load-ca-certificate: %s: %s",
+ info->ca, gnutls_strerror (ret));
+ exit(1);
+ }
return crt;
}
@@ -499,20 +575,29 @@ load_pubkey (int mand, common_info_st * info)
return NULL;
if (info->pubkey == NULL)
- error (EXIT_FAILURE, 0, "missing --load-pubkey");
+ {
+ fprintf(stderr, "missing --load-pubkey");
+ exit(1);
+ }
if (gnutls_url_is_supported(info->pubkey) != 0)
return _load_url_pubkey(info->pubkey);
ret = gnutls_pubkey_init (&key);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (info->pubkey, &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-pubkey: %s", info->pubkey);
+ {
+ fprintf( stderr, "reading --load-pubkey: %s", info->pubkey);
+ exit(1);
+ }
ret = gnutls_pubkey_import (key, &dat, info->incert_format);
@@ -520,14 +605,18 @@ load_pubkey (int mand, common_info_st * info)
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- error (EXIT_FAILURE, 0,
+ fprintf(stderr,
"import error: could not find a valid PEM header; "
"check if your key has the PUBLIC KEY header");
+ exit(1);
}
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s",
+ {
+ fprintf(stderr, "importing --load-pubkey: %s: %s",
info->pubkey, gnutls_strerror (ret));
+ exit(1);
+ }
return key;
}
@@ -539,8 +628,11 @@ int ret;
ret = gnutls_pubkey_init(&pubkey);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_pubkey_init: %s",
+ {
+ fprintf(stderr, "gnutls_pubkey_init: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
if (!privkey || (ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0)) < 0)
{ /* could not get (e.g. on PKCS #11 */
@@ -747,7 +839,10 @@ size_t size;
ret = gnutls_pubkey_print(pubkey, format, &data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "pubkey_print error: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "pubkey_print error: %s", gnutls_strerror (ret));
+ exit(1);
+ }
fprintf (outfile, "%s\n", data.data);
gnutls_free (data.data);
@@ -755,7 +850,10 @@ size_t size;
size = buffer_size;
ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "export error: %s", gnutls_strerror (ret));
+ exit(1);
+ }
fprintf (outfile, "\n%s\n", buffer);
}

64
security/gnutls/patches/patch-src_certtool-extras_c
View File

@ -1,64 +0,0 @@
$OpenBSD: patch-src_certtool-extras_c,v 1.1 2013/09/06 16:27:51 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/certtool-extras.c.orig Wed Apr 24 10:34:02 2013
+++ src/certtool-extras.c Fri Sep 6 17:25:49 2013
@@ -38,7 +38,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <error.h>
#include "certtool-common.h"
#include "certtool-cfg.h"
@@ -64,14 +63,20 @@ load_privkey_list (int mand, size_t * privkey_size, co
if (info->privkey == NULL)
{
if (mand)
- error (EXIT_FAILURE, 0, "missing --load-privkey");
+ {
+ fprintf( stderr, "missing --load-privkey");
+ exit(1);
+ }
else
return NULL;
}
ret = gnutls_load_file(info->privkey, &file_data);
if (ret < 0)
- error (EXIT_FAILURE, errno, "%s", info->privkey);
+ {
+ fprintf (stderr, "%s", info->privkey);
+ exit(1);
+ }
ptr = (void*)file_data.data;
ptr_size = file_data.size;
@@ -80,7 +85,10 @@ load_privkey_list (int mand, size_t * privkey_size, co
{
ret = gnutls_x509_privkey_init (&key[i]);
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "privkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)ptr;
dat.size = ptr_size;
@@ -95,7 +103,10 @@ load_privkey_list (int mand, size_t * privkey_size, co
if (ret < 0 && *privkey_size > 0)
break;
if (ret < 0)
- error (EXIT_FAILURE, 0, "privkey_import: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "privkey_import: %s", gnutls_strerror (ret));
+ exit(1);
+ }
(*privkey_size)++;

1788
security/gnutls/patches/patch-src_certtool_c
View File

File diff suppressed because it is too large Load Diff

236
security/gnutls/patches/patch-src_danetool_c
View File

@ -1,236 +0,0 @@
$OpenBSD: patch-src_danetool_c,v 1.1 2013/09/06 16:27:51 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/danetool.c.orig Sat Aug 10 11:30:18 2013
+++ src/danetool.c Fri Sep 6 17:25:49 2013
@@ -42,7 +42,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <error.h>
/* Gnulib portability files. */
#include <read-file.h>
@@ -95,7 +94,10 @@ cmd_parser (int argc, char **argv)
{
outfile = safe_open_rw (OPT_ARG(OUTFILE), privkey_op);
if (outfile == NULL)
- error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
+ {
+ fprintf (stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
}
else
outfile = stdout;
@@ -122,7 +124,10 @@ cmd_parser (int argc, char **argv)
else if (strcasecmp (OPT_ARG(HASH), "rmd160") == 0)
default_dig = GNUTLS_DIG_RMD160;
else
- error (EXIT_FAILURE, 0, "invalid hash: %s", OPT_ARG(HASH));
+ {
+ fprintf (stderr, "invalid hash: %s", OPT_ARG(HASH));
+ exit(1);
+ }
}
gnutls_global_set_log_function (tls_log_func);
@@ -134,7 +139,10 @@ cmd_parser (int argc, char **argv)
}
if ((ret = gnutls_global_init ()) < 0)
- error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
#ifdef ENABLE_PKCS11
pkcs11_common();
@@ -207,31 +215,46 @@ unsigned vflags = DANE_VFLAG_FAIL_IF_NOT_CHECKED;
printf("Querying %s (%s:%d)...\n", host, proto, port);
ret = dane_state_init(&s, flags);
if (ret < 0)
- error (EXIT_FAILURE, 0, "dane_state_init: %s", dane_strerror (ret));
+ {
+ fprintf (stderr, "dane_state_init: %s", dane_strerror (ret));
+ exit(1);
+ }
if (HAVE_OPT(DLV))
{
ret = dane_state_set_dlv_file(s, OPT_ARG(DLV));
if (ret < 0)
- error (EXIT_FAILURE, 0, "dane_state_set_dlv_file: %s", dane_strerror (ret));
+ {
+ fprintf (stderr, "dane_state_set_dlv_file: %s", dane_strerror (ret));
+ exit(1);
+ }
}
ret = dane_query_tlsa(s, &q, host, proto, port);
if (ret < 0)
- error (EXIT_FAILURE, 0, "dane_query_tlsa: %s", dane_strerror (ret));
+ {
+ fprintf (stderr, "dane_query_tlsa: %s", dane_strerror (ret));
+ exit(1);
+ }
entries = dane_query_entries(q);
for (i=0;i<entries;i++)
{
ret = dane_query_data(q, i, &usage, &type, &match, &data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "dane_query_data: %s", dane_strerror (ret));
+ {
+ fprintf (stderr, "dane_query_data: %s", dane_strerror (ret));
+ exit(1);
+ }
size = buffer_size;
ret = gnutls_hex_encode(&data, (void*)buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_hex_encode: %s", dane_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_hex_encode: %s", dane_strerror (ret));
+ exit(1);
+ }
if (entries > 1) printf("\nEntry %d:\n", i+1);
@@ -249,11 +272,17 @@ unsigned vflags = DANE_VFLAG_FAIL_IF_NOT_CHECKED;
ret = gnutls_load_file(cinfo->cert, &file);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_load_file: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_load_file: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_x509_crt_list_import2( &clist, &clist_size, &file, cinfo->incert_format, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_import2: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_x509_crt_list_import2: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (clist_size > 0)
{
@@ -265,17 +294,26 @@ unsigned vflags = DANE_VFLAG_FAIL_IF_NOT_CHECKED;
{
ret = gnutls_x509_crt_export2( clist[i], GNUTLS_X509_FMT_DER, &certs[i]);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_export2: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_x509_crt_export2: %s", gnutls_strerror (ret));
+ exit(1);
+ }
}
ret = dane_verify_crt( s, certs, clist_size, GNUTLS_CRT_X509,
host, proto, port, 0, vflags, &status);
if (ret < 0)
- error (EXIT_FAILURE, 0, "dane_verify_crt: %s", dane_strerror (ret));
+ {
+ fprintf (stderr, "dane_verify_crt: %s", dane_strerror (ret));
+ exit(1);
+ }
ret = dane_verification_status_print(status, &out, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "dane_verification_status_print: %s", dane_strerror (ret));
+ {
+ fprintf( stderr, "dane_verification_status_print: %s", dane_strerror (ret));
+ exit(1);
+ }
printf("\nVerification: %s\n", out.data);
gnutls_free(out.data);
@@ -331,7 +369,10 @@ static void dane_info(const char* host, const char* pr
size = buffer_size;
ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "export error: %s", gnutls_strerror (ret));
+ exit(1);
+ }
gnutls_x509_crt_deinit (crt);
}
@@ -341,7 +382,10 @@ static void dane_info(const char* host, const char* pr
ret = gnutls_pubkey_init (&pubkey);
if (ret < 0)
- error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "pubkey_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (crt != NULL)
{
@@ -349,16 +393,18 @@ static void dane_info(const char* host, const char* pr
ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
if (ret < 0)
{
- error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
+ fprintf (stderr, "pubkey_import_x509: %s",
gnutls_strerror (ret));
+ exit(1);
}
size = buffer_size;
ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
if (ret < 0)
{
- error (EXIT_FAILURE, 0, "pubkey_export: %s",
+ fprintf( stderr, "pubkey_export: %s",
gnutls_strerror (ret));
+ exit(1);
}
gnutls_x509_crt_deinit(crt);
@@ -370,7 +416,10 @@ static void dane_info(const char* host, const char* pr
size = buffer_size;
ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "export error: %s", gnutls_strerror (ret));
+ exit(1);
+ }
}
gnutls_pubkey_deinit (pubkey);
@@ -384,7 +433,10 @@ static void dane_info(const char* host, const char* pr
ret = gnutls_hash_fast(default_dig, buffer, size, digest);
if (ret < 0)
- error (EXIT_FAILURE, 0, "hash error: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "hash error: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (default_dig == GNUTLS_DIG_SHA256)
type = 1;
@@ -408,7 +460,10 @@ static void dane_info(const char* host, const char* pr
size = buffer_size;
ret = gnutls_hex_encode(&t, (void*)buffer, &size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "hex encode error: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "hex encode error: %s", gnutls_strerror (ret));
+ exit(1);
+ }
fprintf(outfile, "_%u._%s.%s. IN TLSA ( %.2x %.2x %.2x %s )\n", port, proto, host, usage, selector, type, buffer);

114
security/gnutls/patches/patch-src_ocsptool-common_c
View File

@ -1,114 +0,0 @@
$OpenBSD: patch-src_ocsptool-common_c,v 1.1 2013/09/06 16:27:51 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/ocsptool-common.c.orig Sat Aug 10 11:30:18 2013
+++ src/ocsptool-common.c Fri Sep 6 17:25:49 2013
@@ -31,7 +31,6 @@
#include <gnutls/crypto.h>
/* Gnulib portability files. */
-#include <error.h>
#include <read-file.h>
#include <socket.h>
@@ -83,12 +82,18 @@ _generate_request (gnutls_x509_crt_t cert, gnutls_x509
ret = gnutls_ocsp_req_init (&req);
if (ret < 0)
- error (EXIT_FAILURE, 0, "ocsp_req_init: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "ocsp_req_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_ocsp_req_add_cert (req, GNUTLS_DIG_SHA1,
issuer, cert);
if (ret < 0)
- error (EXIT_FAILURE, 0, "ocsp_req_add_cert: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "ocsp_req_add_cert: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (nonce)
{
@@ -97,17 +102,26 @@ _generate_request (gnutls_x509_crt_t cert, gnutls_x509
ret = gnutls_rnd (GNUTLS_RND_RANDOM, nonce.data, nonce.size);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_rnd: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "gnutls_rnd: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_ocsp_req_set_nonce (req, 0, &nonce);
if (ret < 0)
- error (EXIT_FAILURE, 0, "ocsp_req_set_nonce: %s",
+ {
+ fprintf( stderr, "ocsp_req_set_nonce: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
}
ret = gnutls_ocsp_req_export (req, rdata);
if (ret != 0)
- error (EXIT_FAILURE, 0, "ocsp_req_export: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "ocsp_req_export: %s", gnutls_strerror (ret));
+ exit(1);
+ }
gnutls_ocsp_req_deinit (req);
return;
@@ -321,11 +335,17 @@ check_ocsp_response (gnutls_x509_crt_t cert,
ret = gnutls_ocsp_resp_init (&resp);
if (ret < 0)
- error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "ocsp_resp_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_ocsp_resp_import (resp, data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "importing response: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_ocsp_resp_check_crt(resp, 0, cert);
if (ret < 0)
@@ -337,8 +357,11 @@ check_ocsp_response (gnutls_x509_crt_t cert,
ret = gnutls_ocsp_resp_verify_direct( resp, issuer, &status, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify_direct: %s",
- gnutls_strerror (ret));
+ {
+ fprintf(stderr, "gnutls_ocsp_resp_verify_direct: %s",
+ gnutls_strerror (ret));
+ exit(1);
+ }
if (status != 0)
{
@@ -357,7 +380,10 @@ check_ocsp_response (gnutls_x509_crt_t cert,
ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
&cert_status, &vtime, &ntime, &rtime, NULL);
if (ret < 0)
- error (EXIT_FAILURE, 0, "reading response: %s", gnutls_strerror (ret));
+ {
+ fprintf(stderr, "reading response: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (cert_status == GNUTLS_OCSP_CERT_REVOKED)
{

379
security/gnutls/patches/patch-src_ocsptool_c
View File

@ -1,379 +0,0 @@
$OpenBSD: patch-src_ocsptool_c,v 1.1 2013/09/06 16:27:51 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/ocsptool.c.orig Sat Aug 10 11:30:18 2013
+++ src/ocsptool.c Fri Sep 6 17:25:49 2013
@@ -31,7 +31,6 @@
#include <gnutls/crypto.h>
/* Gnulib portability files. */
-#include <error.h>
#include <read-file.h>
#include <socket.h>
@@ -59,24 +58,36 @@ request_info (void)
ret = gnutls_ocsp_req_init (&req);
if (ret < 0)
- error (EXIT_FAILURE, 0, "ocsp_req_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "ocsp_req_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (HAVE_OPT(LOAD_REQUEST))
dat.data = (void*)read_binary_file (OPT_ARG(LOAD_REQUEST), &size);
else
dat.data = (void*)fread_file (infile, &size);
if (dat.data == NULL)
- error (EXIT_FAILURE, errno, "reading request");
+ {
+ fprintf (stderr, "reading request");
+ exit(1);
+ }
dat.size = size;
ret = gnutls_ocsp_req_import (req, &dat);
free (dat.data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing request: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "importing request: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_ocsp_req_print (req, GNUTLS_OCSP_PRINT_FULL, &dat);
if (ret != 0)
- error (EXIT_FAILURE, 0, "ocsp_req_print: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "ocsp_req_print: %s", gnutls_strerror (ret));
+ exit(1);
+ }
printf ("%.*s", dat.size, dat.data);
gnutls_free (dat.data);
@@ -93,18 +104,27 @@ _response_info (const gnutls_datum_t* data)
ret = gnutls_ocsp_resp_init (&resp);
if (ret < 0)
- error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "ocsp_resp_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_ocsp_resp_import (resp, data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "importing response: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (ENABLED_OPT(VERBOSE))
ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_FULL, &buf);
else
ret = gnutls_ocsp_resp_print (resp, GNUTLS_OCSP_PRINT_COMPACT, &buf);
if (ret != 0)
- error (EXIT_FAILURE, 0, "ocsp_resp_print: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "ocsp_resp_print: %s", gnutls_strerror (ret));
+ exit(1);
+ }
printf ("%.*s", buf.size, buf.data);
gnutls_free (buf.data);
@@ -123,7 +143,10 @@ response_info (void)
else
dat.data = (void*)fread_file (infile, &size);
if (dat.data == NULL)
- error (EXIT_FAILURE, errno, "reading response");
+ {
+ fprintf (stderr, "reading response");
+ exit(1);
+ }
dat.size = size;
_response_info(&dat);
@@ -139,23 +162,35 @@ load_issuer (void)
size_t size;
if (!HAVE_OPT(LOAD_ISSUER))
- error (EXIT_FAILURE, 0, "missing --load-issuer");
+ {
+ fprintf( stderr, "missing --load-issuer");
+ exit(1);
+ }
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (OPT_ARG(LOAD_ISSUER), &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-issuer: %s", OPT_ARG(LOAD_ISSUER));
+ {
+ fprintf (stderr, "reading --load-issuer: %s", OPT_ARG(LOAD_ISSUER));
+ exit(1);
+ }
ret = gnutls_x509_crt_import (crt, &dat, encoding);
free (dat.data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-issuer: %s: %s",
+ {
+ fprintf (stderr, "importing --load-issuer: %s: %s",
OPT_ARG(LOAD_ISSUER), gnutls_strerror (ret));
+ exit(1);
+ }
return crt;
}
@@ -169,23 +204,35 @@ load_cert (void)
size_t size;
if (!HAVE_OPT(LOAD_CERT))
- error (EXIT_FAILURE, 0, "missing --load-cert");
+ {
+ fprintf (stderr, "missing --load-cert");
+ exit(1);
+ }
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (OPT_ARG(LOAD_CERT), &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-cert: %s", OPT_ARG(LOAD_CERT));
+ {
+ fprintf (stderr, "reading --load-cert: %s", OPT_ARG(LOAD_CERT));
+ exit(1);
+ }
ret = gnutls_x509_crt_import (crt, &dat, encoding);
free (dat.data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-cert: %s: %s",
+ {
+ fprintf (stderr, "importing --load-cert: %s: %s",
OPT_ARG(LOAD_CERT), gnutls_strerror (ret));
+ exit(1);
+ }
return crt;
}
@@ -218,29 +265,44 @@ _verify_response (gnutls_datum_t *data)
ret = gnutls_ocsp_resp_init (&resp);
if (ret < 0)
- error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "ocsp_resp_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_ocsp_resp_import (resp, data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "importing response: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (HAVE_OPT(LOAD_TRUST))
{
dat.data = (void*)read_binary_file (OPT_ARG(LOAD_TRUST), &size);
if (dat.data == NULL)
- error (EXIT_FAILURE, errno, "reading --load-trust: %s", OPT_ARG(LOAD_TRUST));
+ {
+ fprintf (stderr, "reading --load-trust: %s", OPT_ARG(LOAD_TRUST));
+ exit(1);
+ }
dat.size = size;
ret = gnutls_x509_trust_list_init (&list, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_trust_list_init: %s",
+ {
+ fprintf (stderr, "gnutls_x509_trust_list_init: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
ret = gnutls_x509_crt_list_import2 (&x509_ca_list, &x509_ncas, &dat,
GNUTLS_X509_FMT_PEM, 0);
if (ret < 0 || x509_ncas < 1)
- error (EXIT_FAILURE, 0, "error parsing CAs: %s",
+ {
+ fprintf (stderr, "error parsing CAs: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
if (HAVE_OPT(VERBOSE))
{
@@ -253,8 +315,11 @@ _verify_response (gnutls_datum_t *data)
ret = gnutls_x509_crt_print (x509_ca_list[i],
GNUTLS_CRT_PRINT_ONELINE, &out);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_print: %s",
+ {
+ fprintf (stderr, "gnutls_x509_crt_print: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
printf ("%d: %.*s\n", i, out.size, out.data);
gnutls_free (out.data);
@@ -264,33 +329,48 @@ _verify_response (gnutls_datum_t *data)
ret = gnutls_x509_trust_list_add_cas (list, x509_ca_list, x509_ncas, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_trust_add_cas: %s",
+ {
+ fprintf (stderr, "gnutls_x509_trust_add_cas: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
if (HAVE_OPT(VERBOSE))
fprintf (stdout, "Loaded %d trust anchors\n", x509_ncas);
ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify: %s",
+ {
+ fprintf (stderr, "gnutls_ocsp_resp_verify: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
}
else if (HAVE_OPT(LOAD_SIGNER))
{
ret = gnutls_x509_crt_init (&signer);
if (ret < 0)
- error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "crt_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
dat.data = (void*)read_binary_file (OPT_ARG(LOAD_SIGNER), &size);
if (dat.data == NULL)
- error (EXIT_FAILURE, errno, "reading --load-signer: %s", OPT_ARG(LOAD_SIGNER));
+ {
+ fprintf (stderr, "reading --load-signer: %s", OPT_ARG(LOAD_SIGNER));
+ exit(1);
+ }
dat.size = size;
ret = gnutls_x509_crt_import (signer, &dat, encoding);
free (dat.data);
if (ret < 0)
- error (EXIT_FAILURE, 0, "importing --load-signer: %s: %s",
+ {
+ fprintf (stderr, "importing --load-signer: %s: %s",
OPT_ARG(LOAD_SIGNER), gnutls_strerror (ret));
+ exit(1);
+ }
if (HAVE_OPT(VERBOSE))
{
@@ -298,8 +378,11 @@ _verify_response (gnutls_datum_t *data)
ret = gnutls_x509_crt_print (signer, GNUTLS_CRT_PRINT_ONELINE, &out);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_x509_crt_print: %s",
+ {
+ fprintf (stderr, "gnutls_x509_crt_print: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
printf ("Signer: %.*s\n", out.size, out.data);
gnutls_free (out.data);
@@ -308,11 +391,17 @@ _verify_response (gnutls_datum_t *data)
ret = gnutls_ocsp_resp_verify_direct (resp, signer, &verify, 0);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify_direct: %s",
+ {
+ fprintf (stderr, "gnutls_ocsp_resp_verify_direct: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
}
else
- error (EXIT_FAILURE, 0, "missing --load-trust or --load-signer");
+ {
+ fprintf (stderr, "missing --load-trust or --load-signer");
+ exit(1);
+ }
printf ("Verifying OCSP Response: ");
print_ocsp_verify_res (verify);
@@ -334,7 +423,10 @@ verify_response (void)
else
dat.data = (void*)fread_file (infile, &size);
if (dat.data == NULL)
- error (EXIT_FAILURE, errno, "reading response");
+ {
+ fprintf (stderr, "reading response");
+ exit(1);
+ }
dat.size = size;
_verify_response(&dat);
@@ -381,7 +473,10 @@ main (int argc, char **argv)
int ret;
if ((ret = gnutls_global_init ()) < 0)
- error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
+ {
+ fprintf( stderr, "global_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
optionProcess( &ocsptoolOptions, argc, argv);
@@ -392,7 +487,10 @@ main (int argc, char **argv)
{
outfile = fopen (OPT_ARG(OUTFILE), "wb");
if (outfile == NULL)
- error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
+ {
+ fprintf( stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
}
else
outfile = stdout;
@@ -401,7 +499,10 @@ main (int argc, char **argv)
{
infile = fopen (OPT_ARG(INFILE), "rb");
if (infile == NULL)
- error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
+ {
+ fprintf( stderr, "%s", OPT_ARG(INFILE));
+ exit(1);
+ }
}
else
infile = stdin;

54
security/gnutls/patches/patch-src_p11tool_c
View File

@ -1,54 +0,0 @@
$OpenBSD: patch-src_p11tool_c,v 1.1 2013/09/06 16:27:51 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/p11tool.c.orig Sat Aug 10 11:30:18 2013
+++ src/p11tool.c Fri Sep 6 17:25:49 2013
@@ -39,7 +39,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <error.h>
/* Gnulib portability files. */
#include <read-file.h>
@@ -97,7 +96,10 @@ cmd_parser (int argc, char **argv)
printf ("Setting log level to %d\n", debug);
if ((ret = gnutls_global_init ()) < 0)
- error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (HAVE_OPT(PROVIDER))
{
@@ -108,8 +110,11 @@ cmd_parser (int argc, char **argv)
{
ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL);
if (ret < 0)
- error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s",
+ {
+ fprintf (stderr, "pkcs11_add_provider: %s",
gnutls_strerror (ret));
+ exit(1);
+ }
}
}
else
@@ -123,7 +128,10 @@ cmd_parser (int argc, char **argv)
{
outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
if (outfile == NULL)
- error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
+ {
+ fprintf (stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
}
else
outfile = stdout;

17
security/gnutls/patches/patch-src_pkcs11_c
View File

@ -1,17 +0,0 @@
$OpenBSD: patch-src_pkcs11_c,v 1.1 2013/09/06 16:27:51 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/pkcs11.c.orig Sun Aug 4 00:05:10 2013
+++ src/pkcs11.c Fri Sep 6 17:25:49 2013
@@ -75,7 +75,6 @@ pkcs11_list (FILE * outfile, const char *url, int type
unsigned int detailed, common_info_st * info)
{
gnutls_pkcs11_obj_t *crt_list;
- gnutls_x509_crt_t xcrt;
unsigned int crt_list_size = 0, i;
int ret, otype;
char *output;

18
security/gnutls/patches/patch-src_serv_c
View File

@ -1,18 +0,0 @@
$OpenBSD: patch-src_serv_c,v 1.1 2013/09/06 16:27:52 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/serv.c.orig Thu Aug 29 13:07:03 2013
+++ src/serv.c Fri Sep 6 17:25:49 2013
@@ -1216,6 +1216,8 @@ main (int argc, char **argv)
udp_server (name, port, mtu);
else
tcp_server (name, port);
+
+ return 0;
}
static void

111
security/gnutls/patches/patch-src_tpmtool_c
View File

@ -1,111 +0,0 @@
$OpenBSD: patch-src_tpmtool_c,v 1.1 2013/09/06 16:27:52 ajacoutot Exp $
From 1df1b0f7b28c733bf01e5d1faa2f8ccdb3db1665 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 2 Sep 2013 13:47:18 +0300
Subject: [PATCH] Avoid using gnulib's error()
--- src/tpmtool.c.orig Sat Aug 10 11:30:18 2013
+++ src/tpmtool.c Fri Sep 6 17:25:49 2013
@@ -39,7 +39,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <error.h>
/* Gnulib portability files. */
#include <read-file.h>
@@ -130,13 +129,19 @@ cmd_parser (int argc, char **argv)
printf ("Setting log level to %d\n", debug);
if ((ret = gnutls_global_init ()) < 0)
- error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "global_init: %s", gnutls_strerror (ret));
+ exit(1);
+ }
if (HAVE_OPT(OUTFILE))
{
outfile = safe_open_rw (OPT_ARG(OUTFILE), 0);
if (outfile == NULL)
- error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
+ {
+ fprintf (stderr, "%s", OPT_ARG(OUTFILE));
+ exit(1);
+ }
}
else
outfile = stdout;
@@ -145,7 +150,10 @@ cmd_parser (int argc, char **argv)
{
infile = fopen (OPT_ARG(INFILE), "rb");
if (infile == NULL)
- error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
+ {
+ fprintf (stderr, "%s", OPT_ARG(INFILE));
+ exit(1);
+ }
}
else
infile = stdin;
@@ -210,7 +218,10 @@ static void tpm_generate(FILE* outfile, unsigned int k
free(srk_pass);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_tpm_privkey_generate: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_tpm_privkey_generate: %s", gnutls_strerror (ret));
+ exit(1);
+ }
/* fwrite (pubkey.data, 1, pubkey.size, outfile);
fputs ("\n", outfile);*/
@@ -230,7 +241,10 @@ static void tpm_delete(const char* url, FILE* outfile)
ret = gnutls_tpm_privkey_delete(url, srk_pass);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_tpm_privkey_delete: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_tpm_privkey_delete: %s", gnutls_strerror (ret));
+ exit(1);
+ }
fprintf (outfile, "Key %s deleted\n", url);
}
@@ -244,7 +258,10 @@ static void tpm_list(FILE* outfile)
ret = gnutls_tpm_get_registered (&list);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_tpm_get_registered: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_tpm_get_registered: %s", gnutls_strerror (ret));
+ exit(1);
+ }
fprintf(outfile, "Available keys:\n");
for (i=0;;i++)
@@ -253,7 +270,10 @@ static void tpm_list(FILE* outfile)
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
else if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_tpm_key_list_get_url: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_tpm_key_list_get_url: %s", gnutls_strerror (ret));
+ exit(1);
+ }
fprintf(outfile, "\t%u: %s\n", i, url);
gnutls_free(url);
@@ -279,7 +299,10 @@ static void tpm_pubkey(const char* url, FILE* outfile)
free(srk_pass);
if (ret < 0)
- error (EXIT_FAILURE, 0, "gnutls_pubkey_import_tpm_url: %s", gnutls_strerror (ret));
+ {
+ fprintf (stderr, "gnutls_pubkey_import_tpm_url: %s", gnutls_strerror (ret));
+ exit(1);
+ }
_pubkey_info(outfile, GNUTLS_CRT_PRINT_FULL, pubkey);

3
security/gnutls/pkg/PLIST
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST,v 1.29 2013/09/06 16:27:52 ajacoutot Exp $
@comment $OpenBSD: PLIST,v 1.30 2013/10/24 15:42:09 jca Exp $
@bin bin/certtool
@bin bin/danetool
@bin bin/gnutls-cli
@ -86,6 +86,7 @@ lib/pkgconfig/gnutls.pc
@man man/man3/gnutls_certificate_free_credentials.3
@man man/man3/gnutls_certificate_free_crls.3
@man man/man3/gnutls_certificate_free_keys.3
@man man/man3/gnutls_certificate_get_crt_raw.3
@man man/man3/gnutls_certificate_get_issuer.3
@man man/man3/gnutls_certificate_get_ours.3
@man man/man3/gnutls_certificate_get_peers.3