wok rev 25064
openvas-libraries, openvas-client: update gnutls calls
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Jun 08 16:46:37 2022 +0000 (22 months ago) |
| parents | 2b38bdfd12b2 |
| children | 85fc2431322f |
| files | openvas-client/receipt openvas-client/stuff/gnutls.2.2.u openvas-libraries/receipt openvas-libraries/stuff/gnutls.2.2.u |
line diff
1.1 --- a/openvas-client/receipt Tue Jun 07 20:10:22 2022 +0000 1.2 +++ b/openvas-client/receipt Wed Jun 08 16:46:37 2022 +0000 1.3 @@ -18,7 +18,9 @@ 1.4 # Rules to configure and make the package. 1.5 compile_rules() 1.6 { 1.7 - cd $src 1.8 + # Update for gnutls 1.9 + patch -p1 -i $stuff/gnutls.2.2.u 1.10 + 1.11 ./configure --prefix=/usr --sysconfdir=/etc \ 1.12 --mandir=/usr/share/man \ 1.13 $CONFIGURE_ARGS || return 1
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/openvas-client/stuff/gnutls.2.2.u Wed Jun 08 16:46:37 2022 +0000 2.3 @@ -0,0 +1,118 @@ 2.4 +--- openvas-client-3.0.1/openvas/openvas-client.c 2.5 ++++ openvas-client-3.0.1/openvas/openvas-client.c 2.6 +@@ -466,89 +466,26 @@ 2.7 + static void 2.8 + set_gnutls_sslv23 (gnutls_session_t session) 2.9 + { 2.10 +- static int protocol_priority[] = {GNUTLS_TLS1, 2.11 +- GNUTLS_SSL3, 2.12 +- 0}; 2.13 +- static int cipher_priority[] = {GNUTLS_CIPHER_AES_128_CBC, 2.14 +- GNUTLS_CIPHER_3DES_CBC, 2.15 +- GNUTLS_CIPHER_AES_256_CBC, 2.16 +- GNUTLS_CIPHER_ARCFOUR_128, 2.17 +- 0}; 2.18 +- static int comp_priority[] = {GNUTLS_COMP_ZLIB, 2.19 +- GNUTLS_COMP_NULL, 2.20 +- 0}; 2.21 +- static int kx_priority[] = {GNUTLS_KX_DHE_RSA, 2.22 +- GNUTLS_KX_RSA, 2.23 +- GNUTLS_KX_DHE_DSS, 2.24 +- 0}; 2.25 +- static int mac_priority[] = {GNUTLS_MAC_SHA1, 2.26 +- GNUTLS_MAC_MD5, 2.27 +- 0}; 2.28 +- 2.29 +- gnutls_protocol_set_priority(session, protocol_priority); 2.30 +- gnutls_cipher_set_priority(session, cipher_priority); 2.31 +- gnutls_compression_set_priority(session, comp_priority); 2.32 +- gnutls_kx_set_priority (session, kx_priority); 2.33 +- gnutls_mac_set_priority(session, mac_priority); 2.34 ++ // gnutls 2.2.0+ 2.35 ++ return gnutls_priority_set_direct(session, 2.36 ++ "NONE:+VERS-TLS1:+VERS-SSL3:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL); 2.37 + } 2.38 + 2.39 + 2.40 + static void 2.41 + set_gnutls_sslv3(gnutls_session_t session) 2.42 + { 2.43 +- static int protocol_priority[] = {GNUTLS_SSL3, 2.44 +- 0}; 2.45 +- static int cipher_priority[] = {GNUTLS_CIPHER_3DES_CBC, 2.46 +- GNUTLS_CIPHER_ARCFOUR_128, 2.47 +- 0}; 2.48 +- static int comp_priority[] = {GNUTLS_COMP_ZLIB, 2.49 +- GNUTLS_COMP_NULL, 2.50 +- 0}; 2.51 +- 2.52 +- static int kx_priority[] = {GNUTLS_KX_DHE_RSA, 2.53 +- GNUTLS_KX_RSA, 2.54 +- GNUTLS_KX_DHE_DSS, 2.55 +- GNUTLS_KX_ANON_DH, 2.56 +- 0}; 2.57 +- 2.58 +- static int mac_priority[] = {GNUTLS_MAC_SHA1, 2.59 +- GNUTLS_MAC_MD5, 2.60 +- 0}; 2.61 +- 2.62 +- gnutls_protocol_set_priority(session, protocol_priority); 2.63 +- gnutls_cipher_set_priority(session, cipher_priority); 2.64 +- gnutls_compression_set_priority(session, comp_priority); 2.65 +- gnutls_kx_set_priority (session, kx_priority); 2.66 +- gnutls_mac_set_priority(session, mac_priority); 2.67 ++ // gnutls 2.2.0+ 2.68 ++ return gnutls_priority_set_direct(session, 2.69 ++ "NONE:+VERS-SSL3:+3DES_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+ANON_DH:+SHA1:+MD5", NULL); 2.70 + } 2.71 + 2.72 + static void 2.73 + set_gnutls_tlsv1(gnutls_session_t session) 2.74 + { 2.75 +- static int protocol_priority[] = {GNUTLS_TLS1, 2.76 +- 0}; 2.77 +- static int cipher_priority[] = {GNUTLS_CIPHER_AES_128_CBC, 2.78 +- GNUTLS_CIPHER_3DES_CBC, 2.79 +- GNUTLS_CIPHER_AES_256_CBC, 2.80 +- GNUTLS_CIPHER_ARCFOUR_128, 2.81 +- 0}; 2.82 +- static int comp_priority[] = {GNUTLS_COMP_ZLIB, 2.83 +- GNUTLS_COMP_NULL, 2.84 +- 0}; 2.85 +- static int kx_priority[] = {GNUTLS_KX_DHE_RSA, 2.86 +- GNUTLS_KX_RSA, 2.87 +- GNUTLS_KX_DHE_DSS, 2.88 +- GNUTLS_KX_ANON_DH, 2.89 +- 0}; 2.90 +- static int mac_priority[] = {GNUTLS_MAC_SHA1, 2.91 +- GNUTLS_MAC_MD5, 2.92 +- 0}; 2.93 +- 2.94 +- gnutls_protocol_set_priority(session, protocol_priority); 2.95 +- gnutls_cipher_set_priority(session, cipher_priority); 2.96 +- gnutls_compression_set_priority(session, comp_priority); 2.97 +- gnutls_kx_set_priority (session, kx_priority); 2.98 +- gnutls_mac_set_priority(session, mac_priority); 2.99 ++ // gnutls 2.2.0+ 2.100 ++ return gnutls_priority_set_direct(session, 2.101 ++ "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+ANON_DH:+SHA1:+MD5", NULL); 2.102 + } 2.103 + 2.104 + 2.105 +@@ -698,7 +635,6 @@ 2.106 + #endif 2.107 + gnutls_session_t ssl = NULL; 2.108 + gnutls_certificate_credentials_t certcred = NULL; 2.109 +- int certprio[2] = { GNUTLS_CRT_X509, 0 }; 2.110 + 2.111 + const char *cert, *key, *client_ca, *trusted_ca, *ssl_ver; 2.112 + int use_client_cert = prefs_get_int(context, "use_client_cert"); 2.113 +@@ -868,7 +804,7 @@ 2.114 + 2.115 + if(use_client_cert) 2.116 + { 2.117 +- rc = gnutls_certificate_type_set_priority (ssl, certprio); 2.118 ++ rc = gnutls_set_default_priority (ssl); 2.119 + if (rc) 2.120 + { 2.121 + gnutls_deinit (ssl);
3.1 --- a/openvas-libraries/receipt Tue Jun 07 20:10:22 2022 +0000 3.2 +++ b/openvas-libraries/receipt Wed Jun 08 16:46:37 2022 +0000 3.3 @@ -27,6 +27,9 @@ 3.4 sed -e 's|_parser$|-parser\n%parse-param {naslctxt * parm}\n%lex-param {naslctxt * parm}|' \ 3.5 -e 's|naslerror(|&naslctxt *parm, |' -i nasl/nasl_grammar.y 3.6 3.7 + # Update for gnutls 3.8 + patch -p1 -i $stuff/gnutls.2.2.u 3.9 + 3.10 ./configure --prefix=/usr --localstatedir=/var \ 3.11 --mandir=/usr/share/man \ 3.12 $CONFIGURE_ARGS &&
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/openvas-libraries/stuff/gnutls.2.2.u Wed Jun 08 16:46:37 2022 +0000 4.3 @@ -0,0 +1,212 @@ 4.4 +--- openvas-libraries-3.1.4/misc/network.c 4.5 ++++ openvas-libraries-3.1.4/misc/network.c 4.6 +@@ -406,113 +406,27 @@ ovas_get_tlssession_from_connection (int 4.7 + } 4.8 + 4.9 + static int 4.10 +-set_gnutls_priorities (gnutls_session_t session, int *protocol_priority, 4.11 +- int *cipher_priority, int *comp_priority, 4.12 +- int *kx_priority, int *mac_priority) 4.13 +-{ 4.14 +- int err; 4.15 +- 4.16 +- if ((err = gnutls_protocol_set_priority (session, protocol_priority)) 4.17 +- || (err = gnutls_cipher_set_priority (session, cipher_priority)) 4.18 +- || (err = gnutls_compression_set_priority (session, comp_priority)) 4.19 +- || (err = gnutls_kx_set_priority (session, kx_priority)) 4.20 +- || (err = gnutls_mac_set_priority (session, mac_priority))) 4.21 +- { 4.22 +- tlserror ("setting session priorities", err); 4.23 +- return -1; 4.24 +- } 4.25 +- return 0; 4.26 +-} 4.27 +- 4.28 +-static int 4.29 + set_gnutls_sslv23 (gnutls_session_t session) 4.30 + { 4.31 +- static int protocol_priority[] = { GNUTLS_TLS1, 4.32 +- GNUTLS_SSL3, 4.33 +- 0 4.34 +- }; 4.35 +- static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC, 4.36 +- GNUTLS_CIPHER_3DES_CBC, 4.37 +- GNUTLS_CIPHER_AES_256_CBC, 4.38 +- GNUTLS_CIPHER_ARCFOUR_128, 4.39 +- 0 4.40 +- }; 4.41 +- static int comp_priority[] = { GNUTLS_COMP_ZLIB, 4.42 +- GNUTLS_COMP_NULL, 4.43 +- 0 4.44 +- }; 4.45 +- static int kx_priority[] = { GNUTLS_KX_DHE_RSA, 4.46 +- GNUTLS_KX_RSA, 4.47 +- GNUTLS_KX_DHE_DSS, 4.48 +- 0 4.49 +- }; 4.50 +- static int mac_priority[] = { GNUTLS_MAC_SHA1, 4.51 +- GNUTLS_MAC_MD5, 4.52 +- 0 4.53 +- }; 4.54 +- 4.55 +- return set_gnutls_priorities (session, protocol_priority, cipher_priority, 4.56 +- comp_priority, kx_priority, mac_priority); 4.57 ++ // gnutls 2.2.0+ 4.58 ++ return gnutls_priority_set_direct(session, 4.59 ++ "NONE:+VERS-TLS1:+VERS-SSL3:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL); 4.60 + } 4.61 + 4.62 + static int 4.63 + set_gnutls_sslv3 (gnutls_session_t session) 4.64 + { 4.65 +- static int protocol_priority[] = { GNUTLS_SSL3, 4.66 +- 0 4.67 +- }; 4.68 +- static int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC, 4.69 +- GNUTLS_CIPHER_ARCFOUR_128, 4.70 +- 0 4.71 +- }; 4.72 +- static int comp_priority[] = { GNUTLS_COMP_ZLIB, 4.73 +- GNUTLS_COMP_NULL, 4.74 +- 0 4.75 +- }; 4.76 +- 4.77 +- static int kx_priority[] = { GNUTLS_KX_DHE_RSA, 4.78 +- GNUTLS_KX_RSA, 4.79 +- GNUTLS_KX_DHE_DSS, 4.80 +- 0 4.81 +- }; 4.82 +- 4.83 +- static int mac_priority[] = { GNUTLS_MAC_SHA1, 4.84 +- GNUTLS_MAC_MD5, 4.85 +- 0 4.86 +- }; 4.87 +- 4.88 +- return set_gnutls_priorities (session, protocol_priority, cipher_priority, 4.89 +- comp_priority, kx_priority, mac_priority); 4.90 ++ // gnutls 2.2.0+ 4.91 ++ return gnutls_priority_set_direct(session, 4.92 ++ "NONE:+VERS-SSL3:+3DES_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL); 4.93 + } 4.94 + 4.95 + static int 4.96 + set_gnutls_tlsv1 (gnutls_session_t session) 4.97 + { 4.98 +- static int protocol_priority[] = { GNUTLS_TLS1, 4.99 +- 0 4.100 +- }; 4.101 +- static int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC, 4.102 +- GNUTLS_CIPHER_3DES_CBC, 4.103 +- GNUTLS_CIPHER_AES_256_CBC, 4.104 +- GNUTLS_CIPHER_ARCFOUR_128, 4.105 +- 0 4.106 +- }; 4.107 +- static int comp_priority[] = { GNUTLS_COMP_ZLIB, 4.108 +- GNUTLS_COMP_NULL, 4.109 +- 0 4.110 +- }; 4.111 +- static int kx_priority[] = { GNUTLS_KX_DHE_RSA, 4.112 +- GNUTLS_KX_RSA, 4.113 +- GNUTLS_KX_DHE_DSS, 4.114 +- 0 4.115 +- }; 4.116 +- static int mac_priority[] = { GNUTLS_MAC_SHA1, 4.117 +- GNUTLS_MAC_MD5, 4.118 +- 0 4.119 +- }; 4.120 +- 4.121 +- return set_gnutls_priorities (session, protocol_priority, cipher_priority, 4.122 +- comp_priority, kx_priority, mac_priority); 4.123 ++ // gnutls 2.2.0+ 4.124 ++ return gnutls_priority_set_direct(session, 4.125 ++ "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+SHA1:+MD5", NULL); 4.126 + } 4.127 + 4.128 + /** 4.129 +--- openvas-libraries-3.1.4/misc/openvas_server.c 4.130 ++++ openvas-libraries-3.1.4/misc/openvas_server.c 4.131 +@@ -142,12 +142,8 @@ openvas_server_open (gnutls_session_t * 4.132 + return -1; 4.133 + } 4.134 + 4.135 +- const int kx_priority[] = { GNUTLS_KX_DHE_RSA, 4.136 +- GNUTLS_KX_RSA, 4.137 +- GNUTLS_KX_DHE_DSS, 4.138 +- 0 4.139 +- }; 4.140 +- if (gnutls_kx_set_priority (*session, kx_priority)) 4.141 ++ // gnutls 2.2.0+ 4.142 ++ if (gnutls_priority_set_direct(*session, "+DHE_RSA:+RSA:+DHE_DSS", NULL)) 4.143 + { 4.144 + g_message ("Failed to set server key exchange priority."); 4.145 + gnutls_deinit (*session); 4.146 +@@ -593,30 +589,6 @@ openvas_server_new (unsigned int end_typ 4.147 + gnutls_session_t * server_session, 4.148 + gnutls_certificate_credentials_t * server_credentials) 4.149 + { 4.150 +- // FIX static vars? 4.151 +- const int protocol_priority[] = { GNUTLS_TLS1, 4.152 +- 0 4.153 +- }; 4.154 +- const int cipher_priority[] = { GNUTLS_CIPHER_AES_128_CBC, 4.155 +- GNUTLS_CIPHER_3DES_CBC, 4.156 +- GNUTLS_CIPHER_AES_256_CBC, 4.157 +- GNUTLS_CIPHER_ARCFOUR_128, 4.158 +- 0 4.159 +- }; 4.160 +- const int comp_priority[] = { GNUTLS_COMP_ZLIB, 4.161 +- GNUTLS_COMP_NULL, 4.162 +- 0 4.163 +- }; 4.164 +- const int kx_priority[] = { GNUTLS_KX_DHE_RSA, 4.165 +- GNUTLS_KX_RSA, 4.166 +- GNUTLS_KX_DHE_DSS, 4.167 +- 0 4.168 +- }; 4.169 +- const int mac_priority[] = { GNUTLS_MAC_SHA1, 4.170 +- GNUTLS_MAC_MD5, 4.171 +- 0 4.172 +- }; 4.173 +- 4.174 + /* Turn off use of /dev/random, as this can block. */ 4.175 + 4.176 + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); 4.177 +@@ -664,34 +636,11 @@ openvas_server_new (unsigned int end_typ 4.178 + goto server_free_fail; 4.179 + } 4.180 + 4.181 +- if (gnutls_protocol_set_priority (*server_session, protocol_priority)) 4.182 +- { 4.183 +- g_warning ("%s: failed to set protocol priority\n", __FUNCTION__); 4.184 +- goto server_fail; 4.185 +- } 4.186 +- 4.187 +- if (gnutls_cipher_set_priority (*server_session, cipher_priority)) 4.188 +- { 4.189 +- g_warning ("%s: failed to set cipher priority\n", __FUNCTION__); 4.190 +- goto server_fail; 4.191 +- } 4.192 +- 4.193 +- if (gnutls_compression_set_priority (*server_session, comp_priority)) 4.194 +- { 4.195 +- g_warning ("%s: failed to set compression priority\n", __FUNCTION__); 4.196 +- goto server_fail; 4.197 +- } 4.198 +- 4.199 +- if (gnutls_kx_set_priority (*server_session, kx_priority)) 4.200 +- { 4.201 +- g_warning ("%s: failed to set server key exchange priority\n", 4.202 +- __FUNCTION__); 4.203 +- goto server_fail; 4.204 +- } 4.205 +- 4.206 +- if (gnutls_mac_set_priority (*server_session, mac_priority)) 4.207 ++ // gnutls 2.2.0+ 4.208 ++ if (gnutls_priority_set_direct(*server_session, 4.209 ++ "NONE:+VERS-TLS1:+AES_128_CBC:+3DES_CBC:+AES_256_CBC:+ARCFOUR_128:+COMP_ZLIB:+COMP_NULL:+DHE_RSA:+RSA:+DHE_DSS:+MD5", NULL)) 4.210 + { 4.211 +- g_warning ("%s: failed to set mac priority\n", __FUNCTION__); 4.212 ++ g_warning ("%s: failed to set priority\n", __FUNCTION__); 4.213 + goto server_fail; 4.214 + } 4.215 +