From 85b690b6cd0b35f01a7f168b723b5daa42ab6620 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: May 05 2015 07:31:55 +0000 Subject: Fix the build with gnutls 3.4 https://bugzilla.redhat.com/show_bug.cgi?id=1218518 --- diff --git a/tigervnc-gnutls-3.4.patch b/tigervnc-gnutls-3.4.patch new file mode 100644 index 0000000..491e488 --- /dev/null +++ b/tigervnc-gnutls-3.4.patch @@ -0,0 +1,68 @@ +Patch by Nikos Mavrogiannopoulos + +gnutls 3.4.0 drops gnutls_kx_set_priority which is used by tigervnc. The +attached patch fixes this issue and allows tigervnc to compile with new gnutls +versions. + +diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx +index 222748c..f7e9dfd 100644 +--- a/common/rfb/CSecurityTLS.cxx ++++ b/common/rfb/CSecurityTLS.cxx +@@ -202,13 +202,12 @@ bool CSecurityTLS::processMsg(CConnection* cc) + + void CSecurityTLS::setParam() + { +- static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 }; +- static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, +- GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; ++ int ret; + + if (anon) { +- if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS) +- throw AuthFailureException("gnutls_kx_set_priority failed"); ++ ret = gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL); ++ if (ret < 0) ++ throw AuthFailureException("gnutls_priority_set_direct failed"); + + if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_anon_allocate_client_credentials failed"); +@@ -218,8 +217,9 @@ void CSecurityTLS::setParam() + + vlog.debug("Anonymous session has been set"); + } else { +- if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS) +- throw AuthFailureException("gnutls_kx_set_priority failed"); ++ ret = gnutls_set_default_priority(session); ++ if (ret < 0) ++ throw AuthFailureException("gnutls_set_default_priority failed"); + + if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); +diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx +index d4e88d7..7ac4652 100644 +--- a/common/rfb/SSecurityTLS.cxx ++++ b/common/rfb/SSecurityTLS.cxx +@@ -166,13 +166,17 @@ bool SSecurityTLS::processMsg(SConnection *sc) + + void SSecurityTLS::setParams(gnutls_session session) + { +- static const int kx_anon_priority[] = { GNUTLS_KX_ANON_DH, 0 }; +- static const int kx_priority[] = { GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, +- GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 }; ++ int ret; + +- if (gnutls_kx_set_priority(session, anon ? kx_anon_priority : kx_priority) +- != GNUTLS_E_SUCCESS) +- throw AuthFailureException("gnutls_kx_set_priority failed"); ++ if (anon) { ++ ret = gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL); ++ if (ret < 0) ++ throw AuthFailureException("gnutls_priority_set_direct failed"); ++ } else { ++ ret = gnutls_set_default_priority(session); ++ if (ret < 0) ++ throw AuthFailureException("gnutls_set_default_priority failed"); ++ } + + if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS) + throw AuthFailureException("gnutls_dh_params_init failed"); diff --git a/tigervnc.spec b/tigervnc.spec index cdb8b5b..d975853 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -5,7 +5,7 @@ Name: tigervnc Version: 1.4.3 -Release: 8%{?dist} +Release: 9%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -61,6 +61,7 @@ Patch9: tigervnc-shebang.patch Patch11: tigervnc-format-security.patch Patch14: tigervnc-xstartup.patch Patch15: tigervnc-xserver117.patch +Patch16: tigervnc-gnutls-3.4.patch # This is tigervnc-%{version}/unix/xserver116.patch rebased on the latest xorg Patch100: tigervnc-xserver116-rebased.patch @@ -193,6 +194,9 @@ popd # Allow build against xorg-x11-server-1.17. %patch15 -p1 -b .xserver117 +# Fix the build with gnutls 3.4 (bug #1218518). +%patch16 -p1 -b .gnutls-3.4 + %build %ifarch sparcv9 sparc64 s390 s390x export CFLAGS="$RPM_OPT_FLAGS -fPIC"