Changeset 2db6923 in mod_gnutls

Timestamp:

Aug 22, 2015, 3:52:52 PM (8 years ago)

Author:

Daniel Kahn Gillmor <dkg@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports

Children:

71e9a5c

Parents:

8ed8e96

Message:

refresh patches with gbp pq

Location:

debian/patches

Files:

• enable-tls-per-connection.patch (modified) (8 diffs)
• fix-tls-client-auth.patch (modified) (2 diffs)
• no-deinit-on-proxy-disable.patch (modified) (3 diffs)
• proxy-segfault-fix.patch (modified) (2 diffs)
• test-setup.patch (modified) (2 diffs)

debian/patches/enable-tls-per-connection.patch

@@ -1 @@
-From e8acf058857eae21cde2fca0f4e97338075f5f60 Mon Sep 17 00:00:00 2001
 From: Thomas Klute <thomas2.klute@uni-dortmund.de>
 Date: Tue, 20 Jan 2015 16:30:36 +0100
-Subject: [PATCH] Enable/disable TLS per connection in ssl_engine_disable
+Subject: Enable/disable TLS per connection in ssl_engine_disable
 
 Previously, ssl_engine_disable set the server wide variable sc->enabled
@@ -19 +18 @@
  3 files changed, 53 insertions(+), 22 deletions(-)
 
-Index: mod-gnutls-0.6/include/mod_gnutls.h.in
-===================================================================
---- mod-gnutls-0.6.orig/include/mod_gnutls.h.in
-+++ mod-gnutls-0.6/include/mod_gnutls.h.in
+diff --git a/include/mod_gnutls.h.in b/include/mod_gnutls.h.in
+index 57aa52e..eba4cb2 100644
+--- a/include/mod_gnutls.h.in
++++ b/include/mod_gnutls.h.in
 @@ -170,6 +170,8 @@ typedef struct {
      mgs_srvconf_rec *sc;
@@ -32 +31 @@
      gnutls_session_t session;
         /* module input status */
-Index: mod-gnutls-0.6/src/gnutls_hooks.c
-===================================================================
---- mod-gnutls-0.6.orig/src/gnutls_hooks.c
-+++ mod-gnutls-0.6/src/gnutls_hooks.c
-@@ -674,14 +674,23 @@ mgs_srvconf_rec *mgs_find_sni_server(gnu
+diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
+index e6e7a67..9ba4ca1 100644
+--- a/src/gnutls_hooks.c
++++ b/src/gnutls_hooks.c
+@@ -674,14 +674,23 @@ mgs_srvconf_rec *mgs_find_sni_server(gnutls_session_t session) {
      return NULL;
  }
@@ -66 +65 @@
      ctxt->sc = sc;
      ctxt->status = 0;
-@@ -692,6 +701,7 @@ static void create_gnutls_handle(conn_re
+@@ -692,6 +701,7 @@ static void create_gnutls_handle(conn_rec * c) {
      ctxt->output_bb = apr_brigade_create(c->pool, c->bucket_alloc);
      ctxt->output_blen = 0;
@@ -74 +73 @@
      gnutls_init(&ctxt->session, GNUTLS_SERVER);
      /* Initialize Session Tickets */
-@@ -707,8 +717,6 @@ static void create_gnutls_handle(conn_re
+@@ -707,8 +717,6 @@ static void create_gnutls_handle(conn_rec * c) {
      /* Initialize Session Cache */
      mgs_cache_session_init(ctxt);
@@ -83 +82 @@
      gnutls_transport_set_pull_function(ctxt->session,
              mgs_transport_read);
-@@ -722,15 +730,20 @@ static void create_gnutls_handle(conn_re
+@@ -722,15 +730,20 @@ static void create_gnutls_handle(conn_rec * c) {
              ctxt, NULL, c);
  }
@@ -96 +95 @@
 -    sc = (mgs_srvconf_rec *) ap_get_module_config(c->base_server->module_config,
 -            &gnutls_module);
--
--    if (sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) {
 +    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
 +        ap_get_module_config(c->base_server->module_config, &gnutls_module);
 +    mgs_handle_t *ctxt = (mgs_handle_t *)
 +        ap_get_module_config(c->conn_config, &gnutls_module);
-+
+ 
+-    if (sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE)) {
 +    if ((sc && (!sc->enabled || sc->proxy_enabled == GNUTLS_ENABLED_TRUE))
 +        || (ctxt && ctxt->enabled == GNUTLS_ENABLED_FALSE))
@@ -128 +126 @@
      }
  
-Index: mod-gnutls-0.6/src/mod_gnutls.c
-===================================================================
---- mod-gnutls-0.6.orig/src/mod_gnutls.c
-+++ mod-gnutls-0.6/src/mod_gnutls.c
+diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
+index 0a32ffd..e974ae8 100644
+--- a/src/mod_gnutls.c
++++ b/src/mod_gnutls.c
 @@ -19,8 +19,12 @@
  

debian/patches/fix-tls-client-auth.patch

@@ -1 @@
-From 5a8a32bbfb8a83fe6358c5c31c443325a7775fc2 Mon Sep 17 00:00:00 2001
 From: Thomas Klute <thomas2.klute@uni-dortmund.de>
 Date: Thu, 5 Feb 2015 14:48:45 +0100
-Subject: [PATCH] TLS Client auth: Check server verify mode if unset for dir
+Subject: TLS Client auth: Check server verify mode if unset for dir
 
 The authentication hook (mgs_hook_authz) failed to consider the server's
@@ -23 +22 @@
  1 file changed, 6 insertions(+), 3 deletions(-)
 
-Index: mod-gnutls-0.6/src/gnutls_hooks.c
-===================================================================
---- mod-gnutls-0.6.orig/src/gnutls_hooks.c
-+++ mod-gnutls-0.6/src/gnutls_hooks.c
+diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
+index 1c2e094..e6e7a67 100644
+--- a/src/gnutls_hooks.c
++++ b/src/gnutls_hooks.c
 @@ -871,9 +871,12 @@ int mgs_hook_authz(request_rec * r) {
              return DECLINED;

debian/patches/no-deinit-on-proxy-disable.patch

@@ -1 @@
-From c782c1f12c0ed4d5048eb52fd3ef51037c53f426 Mon Sep 17 00:00:00 2001
 From: Thomas Klute <thomas2.klute@uni-dortmund.de>
 Date: Wed, 21 Jan 2015 09:41:51 +0100
-Subject: [PATCH] Don't do global deinit when disabling TLS for a proxy back
- end connection
+Subject: Don't do global deinit when disabling TLS for a proxy back end
+ connection
 
 Prior to this commit, ssl_engine_disable called mgs_cleanup_pre_config
@@ -29 +28 @@
 
 diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
-index a77364d..2d0e6ea 100644
+index e974ae8..760445f 100644
 --- a/src/mod_gnutls.c
 +++ b/src/mod_gnutls.c
@@ -41 +40 @@
  }
  
--- 
-2.1.4
-

debian/patches/proxy-segfault-fix.patch

@@ -1 @@
-From 3d361b8e5d7c4c971d344658728979fe978dc759 Mon Sep 17 00:00:00 2001
 From: Thomas Klute <thomas2.klute@uni-dortmund.de>
 Date: Tue, 13 Jan 2015 17:04:38 +0100
-Subject: [PATCH] Check if filters exist before removing them in
- ssl_engine_disable
+Subject: Check if filters exist before removing them in ssl_engine_disable
 
 Trying to remove filters that are NULL leads to a segfault in the worker
@@ -14 +12 @@
  1 file changed, 4 insertions(+), 2 deletions(-)
 
+diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
+index e576fb8..0a32ffd 100644
 --- a/src/mod_gnutls.c
 +++ b/src/mod_gnutls.c
-@@ -80,8 +80,10 @@
+@@ -80,8 +80,10 @@ int ssl_engine_disable(conn_rec *c) {
      if(sc->enabled == GNUTLS_ENABLED_FALSE) {
          return 1;

debian/patches/test-setup.patch

@@ -1 +1 @@
 From: Jurica Stanojkovic <Jurica.Stanojkovic@imgtec.com>
-Subject: Re: FTBFS on many architectures, test suite errors
 Date: Wed, 29 Oct 2014 13:55:56 +0000
+Subject: FTBFS on many architectures, test suite errors
 
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750857
@@ -7 +7 @@
 Use ip6-loopback for TEST_IP and increment the timeout values so the tests
 won't fail on slow build machines.
+---
+ t/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
 
-Index: mod-gnutls-0.6/t/Makefile
-===================================================================
---- mod-gnutls-0.6.orig/t/Makefile
-+++ mod-gnutls-0.6/t/Makefile
+diff --git a/t/Makefile b/t/Makefile
+index c7e7e2c..4c39bac 100644
+--- a/t/Makefile
++++ b/t/Makefile
 @@ -6,13 +6,13 @@
  # simple configuration choices.