Control: tags -1 patch fixed-upstream pending
Control: severity -1 important
On 2015-04-18 Andreas Metzler <ametz...@bebt.de> wrote:
> retitle 624028 libprelude: Uses deprecated _set_priority GnuTLS functions,
> FTBFS against gnutls 3.4.0
[...]
Hello,
I have just uploaded a NMU with the attached patch to delayed/15.
Please tell me if it should be delayed further.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru libprelude-1.0.0/debian/changelog libprelude-1.0.0/debian/changelog
--- libprelude-1.0.0/debian/changelog 2015-07-09 11:27:34.000000000 +0200
+++ libprelude-1.0.0/debian/changelog 2015-07-25 13:21:14.000000000 +0200
@@ -1,3 +1,11 @@
+libprelude (1.0.0-11.6) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Pull and unfuzz 020_Update-to-latest-GnuTLS-API.patch from upstream GIT.
+ Closes: #624028
+
+ -- Andreas Metzler <ametz...@debian.org> Sat, 25 Jul 2015 13:21:12 +0200
+
libprelude (1.0.0-11.5) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru libprelude-1.0.0/debian/patches/020_Update-to-latest-GnuTLS-API.patch libprelude-1.0.0/debian/patches/020_Update-to-latest-GnuTLS-API.patch
--- libprelude-1.0.0/debian/patches/020_Update-to-latest-GnuTLS-API.patch 1970-01-01 01:00:00.000000000 +0100
+++ libprelude-1.0.0/debian/patches/020_Update-to-latest-GnuTLS-API.patch 2015-07-25 13:18:30.000000000 +0200
@@ -0,0 +1,944 @@
+From 507a8ce0074461a692c1c8864f957c3ed3e8eaa3 Mon Sep 17 00:00:00 2001
+From: Yoann Vandoorselaere <yoa...@gmail.com>
+Date: Sun, 15 Dec 2013 16:38:11 +0100
+Subject: [PATCH] Update to latest GnuTLS API
+
+---
+ prelude-admin/prelude-admin.c | 66 ++++++++++-----------
+ prelude-admin/server.c | 54 +++++++++--------
+ prelude-admin/server.h | 4 +-
+ prelude-admin/tls-register.c | 131 ++++++++++++++++++++++++++----------------
+ prelude-admin/tls-register.h | 18 +++---
+ src/include/tls-auth.h | 2 +-
+ src/include/tls-util.h | 14 ++---
+ src/prelude-client-profile.c | 2 +-
+ src/tls-auth.c | 26 ++++-----
+ src/tls-util.c | 28 ++++-----
+ 10 files changed, 191 insertions(+), 154 deletions(-)
+
+--- a/prelude-admin/prelude-admin.c
++++ b/prelude-admin/prelude-admin.c
+@@ -843,10 +843,10 @@ static int anon_check_passwd(prelude_io_
+ }
+
+
+-static inline gnutls_transport_ptr fd_to_ptr(int fd)
++static inline gnutls_transport_ptr_t fd_to_ptr(int fd)
+ {
+ union {
+- gnutls_transport_ptr ptr;
++ gnutls_transport_ptr_t ptr;
+ int fd;
+ } data;
+
+@@ -856,10 +856,10 @@ static inline gnutls_transport_ptr fd_to
+ }
+
+
+-static inline int ptr_to_fd(gnutls_transport_ptr ptr)
++static inline int ptr_to_fd(gnutls_transport_ptr_t ptr)
+ {
+ union {
+- gnutls_transport_ptr ptr;
++ gnutls_transport_ptr_t ptr;
+ int fd;
+ } data;
+
+@@ -869,40 +869,42 @@ static inline int ptr_to_fd(gnutls_trans
+ }
+
+
+-static ssize_t tls_pull(gnutls_transport_ptr fd, void *buf, size_t count)
++static ssize_t tls_pull(gnutls_transport_ptr_t fd, void *buf, size_t count)
+ {
+ return read(ptr_to_fd(fd), buf, count);
+ }
+
+
+
+-static ssize_t tls_push(gnutls_transport_ptr fd, const void *buf, size_t count)
++static ssize_t tls_push(gnutls_transport_ptr_t fd, const void *buf, size_t count)
+ {
+ return write(ptr_to_fd(fd), buf, count);
+ }
+
+
+-static gnutls_session new_tls_session(int sock, char *passwd)
++static gnutls_session_t new_tls_session(int sock, char *passwd)
+ {
+ int ret;
+- gnutls_session session;
+- gnutls_anon_client_credentials anoncred;
+-
+- const int kx_priority[] = {
+- GNUTLS_KX_ANON_DH,
++ const char *err;
++ gnutls_session_t session;
++ gnutls_anon_client_credentials_t anoncred;
+ #ifdef GNUTLS_SRP_ENABLED
+- GNUTLS_KX_SRP, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA,
++ const char *pstring = "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA:+ANON-DH";
++#else
++ const char *pstring = "NORMAL:-KX-ALL:+ANON-DH";
+ #endif
+- 0
+- };
+-
++
+ gnutls_init(&session, GNUTLS_CLIENT);
+ gnutls_set_default_priority(session);
+- gnutls_kx_set_priority(session, kx_priority);
++ ret = gnutls_priority_set_direct(session, pstring, &err);
++ if (ret < 0) {
++ fprintf(stderr, "TLS priority syntax error at: %s\n", err);
++ return NULL;
++ }
+
+ #ifdef GNUTLS_SRP_ENABLED
+ {
+- gnutls_srp_client_credentials srpcred;
++ gnutls_srp_client_credentials_t srpcred;
+ gnutls_srp_allocate_client_credentials(&srpcred);
+ gnutls_srp_set_client_credentials(srpcred, "prelude-adduser", passwd);
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred);
+@@ -939,7 +941,7 @@ static prelude_io_t *connect_manager(con
+ {
+ int ret, sock;
+ prelude_io_t *fd;
+- gnutls_session session;
++ gnutls_session_t session;
+ char buf[sizeof("65535")];
+ struct addrinfo hints, *ai;
+
+@@ -1027,7 +1029,7 @@ static int create_directory(prelude_clie
+
+
+ static int setup_analyzer_files(prelude_client_profile_t *profile, uint64_t *analyzerid,
+- gnutls_x509_privkey *key, gnutls_x509_crt *crt)
++ gnutls_x509_privkey_t *key, gnutls_x509_crt_t *crt)
+ {
+ int ret;
+ char buf[256];
+@@ -1301,8 +1303,8 @@ static int get_existing_profile_owner(co
+
+
+
+-static int add_analyzer(const char *name, uint64_t *analyzerid, gnutls_x509_privkey *key,
+- gnutls_x509_crt *crt, gnutls_x509_crt *ca_crt)
++static int add_analyzer(const char *name, uint64_t *analyzerid, gnutls_x509_privkey_t *key,
++ gnutls_x509_crt_t *crt, gnutls_x509_crt_t *ca_crt)
+ {
+ int ret;
+ char buf[PATH_MAX];
+@@ -1349,8 +1351,8 @@ static int add_cmd(int argc, char **argv
+ int ret, i;
+ uint64_t analyzerid;
+ prelude_string_t *err;
+- gnutls_x509_privkey key;
+- gnutls_x509_crt ca_crt, crt;
++ gnutls_x509_privkey_t key;
++ gnutls_x509_crt_t ca_crt, crt;
+ prelude_client_profile_t *testprofile;
+
+ ret = _prelude_client_profile_new(&profile);
+@@ -1481,8 +1483,8 @@ static int register_cmd(int argc, char *
+ prelude_io_t *fd;
+ uint64_t analyzerid;
+ prelude_string_t *err;
+- gnutls_x509_privkey key;
+- gnutls_x509_crt crt, ca_crt;
++ gnutls_x509_privkey_t key;
++ gnutls_x509_crt_t crt, ca_crt;
+ prelude_connection_permission_t permission_bits;
+
+ ret = _prelude_client_profile_new(&profile);
+@@ -1595,8 +1597,8 @@ static int registration_server_cmd(int a
+ int ret, i;
+ uint64_t analyzerid;
+ prelude_string_t *err;
+- gnutls_x509_privkey key;
+- gnutls_x509_crt ca_crt, crt;
++ gnutls_x509_privkey_t key;
++ gnutls_x509_crt_t ca_crt, crt;
+
+ ret = _prelude_client_profile_new(&profile);
+
+@@ -1679,8 +1681,8 @@ static int revoke_cmd(int argc, char **a
+ char *eptr = NULL;
+ uint64_t analyzerid;
+ prelude_string_t *err;
+- gnutls_x509_privkey key;
+- gnutls_x509_crt ca_crt, crt;
++ gnutls_x509_privkey_t key;
++ gnutls_x509_crt_t ca_crt, crt;
+
+ i = ret = prelude_option_read(parentopt, NULL, &argc, argv, &err, NULL);
+ if ( ret < 0 ) {
+@@ -2050,11 +2052,11 @@ static int list_cmd(int argc, char **arg
+ struct group *gr;
+ struct passwd *pw;
+ #endif
+- gnutls_datum data;
++ gnutls_datum_t data;
+ prelude_string_t *str;
+ unsigned int cert_max, i;
+ int ret, permission;
+- gnutls_x509_crt certs[1024];
++ gnutls_x509_crt_t certs[1024];
+ char dirname[PATH_MAX];
+ char buf[1024], analyzerid[128], uidbuf[128] = { 0 }, gidbuf[128] = { 0 };
+
+--- a/prelude-admin/server.c
++++ b/prelude-admin/server.c
+@@ -55,11 +55,11 @@
+
+
+ static const char *one_shot_passwd;
+-static gnutls_anon_server_credentials anoncred;
++static gnutls_anon_server_credentials_t anoncred;
+
+
+ #ifdef GNUTLS_SRP_ENABLED
+- static gnutls_srp_server_credentials srpcred;
++ static gnutls_srp_server_credentials_t srpcred;
+ #endif
+
+
+@@ -99,10 +99,10 @@ static int anon_check_passwd(prelude_io_
+ }
+
+
+-static inline gnutls_transport_ptr fd_to_ptr(int fd)
++static inline gnutls_transport_ptr_t fd_to_ptr(int fd)
+ {
+ union {
+- gnutls_transport_ptr ptr;
++ gnutls_transport_ptr_t ptr;
+ int fd;
+ } data;
+
+@@ -112,10 +112,10 @@ static inline gnutls_transport_ptr fd_to
+ }
+
+
+-static inline int ptr_to_fd(gnutls_transport_ptr ptr)
++static inline int ptr_to_fd(gnutls_transport_ptr_t ptr)
+ {
+ union {
+- gnutls_transport_ptr ptr;
++ gnutls_transport_ptr_t ptr;
+ int fd;
+ } data;
+
+@@ -125,34 +125,38 @@ static inline int ptr_to_fd(gnutls_trans
+ }
+
+
+-static ssize_t tls_pull(gnutls_transport_ptr fd, void *buf, size_t count)
++static ssize_t tls_pull(gnutls_transport_ptr_t fd, void *buf, size_t count)
+ {
+ return read(ptr_to_fd(fd), buf, count);
+ }
+
+
+
+-static ssize_t tls_push(gnutls_transport_ptr fd, const void *buf, size_t count)
++static ssize_t tls_push(gnutls_transport_ptr_t fd, const void *buf, size_t count)
+ {
+ return write(ptr_to_fd(fd), buf, count);
+ }
+
+
+-static gnutls_session new_tls_session(int sock)
++static gnutls_session_t new_tls_session(int sock)
+ {
+ int ret;
+- gnutls_session session;
+- const int kx_priority[] = {
+- GNUTLS_KX_ANON_DH,
++ gnutls_session_t session;
++ const char *err;
+ #ifdef GNUTLS_SRP_ENABLED
+- GNUTLS_KX_SRP, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA,
++ const char *pstring = "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA:+ANON-DH";
++#else
++ const char *pstring = "NORMAL:-KX-ALL:+ANON-DH";
+ #endif
+- 0 };
+
+ gnutls_init(&session, GNUTLS_SERVER);
+-
+ gnutls_set_default_priority(session);
+- gnutls_kx_set_priority(session, kx_priority);
++
++ ret = gnutls_priority_set_direct(session, pstring, &err);
++ if (ret < 0) {
++ fprintf(stderr, "TLS priority syntax error at: %s\n", err);
++ return NULL;
++ }
+
+ #ifdef GNUTLS_SRP_ENABLED
+ gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred);
+@@ -177,9 +181,9 @@ static gnutls_session new_tls_session(in
+
+
+ static int handle_client_connection(const char *srcinfo, prelude_client_profile_t *cp, prelude_io_t *fd,
+- gnutls_x509_privkey key, gnutls_x509_crt cacrt, gnutls_x509_crt crt)
++ gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt)
+ {
+- gnutls_session session;
++ gnutls_session_t session;
+
+ session = new_tls_session(prelude_io_get_fd(fd));
+ if ( ! session )
+@@ -196,7 +200,7 @@ static int handle_client_connection(cons
+
+
+ static int process_event(prelude_client_profile_t *cp, int server_sock, prelude_io_t *fd,
+- gnutls_x509_privkey key, gnutls_x509_crt cacrt, gnutls_x509_crt crt)
++ gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt)
+ {
+ char buf[512];
+ void *inaddr;
+@@ -244,7 +248,7 @@ static int process_event(prelude_client_
+
+ static int wait_connection(prelude_client_profile_t *cp, int sock,
+ struct pollfd *pfd, size_t size, int keepalive,
+- gnutls_x509_privkey key, gnutls_x509_crt cacrt, gnutls_x509_crt crt)
++ gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt)
+ {
+ size_t i;
+ prelude_io_t *fd;
+@@ -369,7 +373,7 @@ static int setup_server(const char *addr
+
+ #ifdef GNUTLS_SRP_ENABLED
+
+-static int copy_datum(gnutls_datum *dst, const gnutls_datum *src)
++static int copy_datum(gnutls_datum_t *dst, const gnutls_datum_t *src)
+ {
+ dst->size = src->size;
+
+@@ -386,8 +390,8 @@ static int copy_datum(gnutls_datum *dst,
+
+
+
+-static int srp_callback(gnutls_session session, const char *username, gnutls_datum *salt,
+- gnutls_datum *verifier, gnutls_datum *generator, gnutls_datum *prime)
++static int srp_callback(gnutls_session_t session, const char *username, gnutls_datum_t *salt,
++ gnutls_datum_t *verifier, gnutls_datum_t *generator, gnutls_datum_t *prime)
+ {
+ int ret;
+
+@@ -419,12 +423,12 @@ static int srp_callback(gnutls_session s
+
+
+ int server_create(prelude_client_profile_t *cp, const char *addr, unsigned int port,
+- prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey key, gnutls_x509_crt cacrt, gnutls_x509_crt crt)
++ prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt)
+ {
+ int sock;
+ size_t size;
+ struct pollfd pfd[128];
+- gnutls_dh_params dh_params;
++ gnutls_dh_params_t dh_params;
+
+ #ifdef GNUTLS_SRP_ENABLED
+ int ret;
+--- a/prelude-admin/server.h
++++ b/prelude-admin/server.h
+@@ -22,6 +22,6 @@
+ *****/
+
+ int server_create(prelude_client_profile_t *cp, const char *addr, unsigned int port,
+- prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey key,
+- gnutls_x509_crt cacrt, gnutls_x509_crt crt);
++ prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey_t key,
++ gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt);
+
+--- a/prelude-admin/tls-register.c
++++ b/prelude-admin/tls-register.c
+@@ -34,6 +34,7 @@
+
+ #include <gnutls/gnutls.h>
+ #include <gnutls/x509.h>
++#include <gnutls/abstract.h>
+ #include <gcrypt.h>
+
+ #include "prelude-client.h"
+@@ -52,7 +53,7 @@ extern int authority_certificate_lifetim
+ extern int generated_certificate_lifetime;
+
+
+-static int cmp_certificate_dn(gnutls_x509_crt crt, uint64_t wanted_dn, uint64_t wanted_issuer_dn)
++static int cmp_certificate_dn(gnutls_x509_crt_t crt, uint64_t wanted_dn, uint64_t wanted_issuer_dn)
+ {
+ int ret;
+ char buf[128];
+@@ -102,8 +103,8 @@ static int remove_old_certificate(const
+ unsigned char *data, *datap;
+ size_t size;
+ FILE *fd;
+- gnutls_datum datum;
+- gnutls_x509_crt crt;
++ gnutls_datum_t datum;
++ gnutls_x509_crt_t crt;
+ prelude_string_t *out;
+
+ ret = _prelude_load_file(filename, &data, &size);
+@@ -181,8 +182,8 @@ static int remove_old(const char *filena
+ {
+ int ret;
+ char out[512];
+- gnutls_datum data;
+- gnutls_x509_crt crt;
++ gnutls_datum_t data;
++ gnutls_x509_crt_t crt;
+ uint64_t dn, issuer_dn;
+
+ data.size = size;
+@@ -287,11 +288,11 @@ static int save_buf(const char *filename
+
+
+
+-static gnutls_x509_crt generate_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey key, int expire)
++static gnutls_x509_crt_t generate_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey_t key, int expire)
+ {
+ int ret;
+ char buf[1024];
+- gnutls_x509_crt crt;
++ gnutls_x509_crt_t crt;
+ uint64_t analyzerid;
+ size_t size = sizeof(buf);
+
+@@ -343,14 +344,14 @@ static gnutls_x509_crt generate_certific
+
+
+
+-static gnutls_x509_crt generate_signed_certificate(prelude_client_profile_t *cp,
+- uint64_t analyzerid,
+- gnutls_x509_crt ca_crt,
+- gnutls_x509_privkey ca_key,
+- gnutls_x509_crq crq)
++static gnutls_x509_crt_t generate_signed_certificate(prelude_client_profile_t *cp,
++ uint64_t analyzerid,
++ gnutls_x509_crt_t ca_crt,
++ gnutls_x509_privkey_t ca_key,
++ gnutls_x509_crq_t crq)
+ {
+ int ret;
+- gnutls_x509_crt crt;
++ gnutls_x509_crt_t crt;
+ unsigned char buf[65535];
+ size_t size = sizeof(buf);
+
+@@ -398,10 +399,10 @@ static gnutls_x509_crt generate_signed_c
+
+
+
+-static gnutls_x509_crt generate_ca_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey key)
++static gnutls_x509_crt_t generate_ca_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey_t key)
+ {
+ int ret;
+- gnutls_x509_crt crt;
++ gnutls_x509_crt_t crt;
+ unsigned int usage = 0;
+
+ crt = generate_certificate(cp, key, authority_certificate_lifetime);
+@@ -441,10 +442,10 @@ static void entropy_progress_cb(void *cb
+ }
+
+
+-static gnutls_x509_privkey generate_private_key(void)
++static gnutls_x509_privkey_t generate_private_key(void)
+ {
+ int ret;
+- gnutls_x509_privkey key;
++ gnutls_x509_privkey_t key;
+
+ ret = gnutls_x509_privkey_init(&key);
+ if ( ret < 0 ) {
+@@ -474,12 +475,13 @@ static gnutls_x509_privkey generate_priv
+
+
+
+-static gnutls_x509_crq generate_certificate_request(prelude_client_profile_t *cp,
+- prelude_connection_permission_t permission,
+- gnutls_x509_privkey key, unsigned char *buf, size_t *size)
++static gnutls_x509_crq_t generate_certificate_request(prelude_client_profile_t *cp,
++ prelude_connection_permission_t permission,
++ gnutls_x509_privkey_t x509key, unsigned char *buf, size_t *size)
+ {
+ int ret;
+- gnutls_x509_crq crq;
++ gnutls_privkey_t key;
++ gnutls_x509_crq_t crq;
+
+ ret = gnutls_x509_crq_init(&crq);
+ if ( ret < 0 ) {
+@@ -487,7 +489,7 @@ static gnutls_x509_crq generate_certific
+ return NULL;
+ }
+
+- ret = gnutls_x509_crq_set_key(crq, key);
++ ret = gnutls_x509_crq_set_key(crq, x509key);
+ if ( ret < 0 ) {
+ fprintf(stderr, "error setting certificate request key: %s.\n", gnutls_strerror(ret));
+ gnutls_x509_crq_deinit(crq);
+@@ -512,7 +514,21 @@ static gnutls_x509_crq generate_certific
+ return NULL;
+ }
+
+- ret = gnutls_x509_crq_sign(crq, key);
++ ret = gnutls_privkey_init(&key);
++ if ( ret < 0 ) {
++ fprintf(stderr, "error creating abstract key: %s.\n", gnutls_strerror(ret));
++ return NULL;
++ }
++
++ ret = gnutls_privkey_import_x509(key, x509key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
++ if ( ret < 0 ) {
++ fprintf(stderr, "error importing x509 abstract key: %s.\n", gnutls_strerror(ret));
++ gnutls_privkey_deinit(key);
++ return NULL;
++ }
++
++ printf("HERE2\n");
++ ret = gnutls_x509_crq_privkey_sign(crq, key, GNUTLS_DIG_SHA256, 0);
+ if ( ret < 0 ) {
+ fprintf(stderr, "error signing certificate request: %s.\n", gnutls_strerror(ret));
+ gnutls_x509_crq_deinit(crq);
+@@ -531,12 +547,12 @@ static gnutls_x509_crq generate_certific
+
+
+
+-static gnutls_x509_privkey gen_crypto(prelude_client_profile_t *cp,
+- const char *filename, prelude_uid_t uid, prelude_gid_t gid)
++static gnutls_x509_privkey_t gen_crypto(prelude_client_profile_t *cp,
++ const char *filename, prelude_uid_t uid, prelude_gid_t gid)
+ {
+ int ret;
+ char buf[65535];
+- gnutls_x509_privkey key;
++ gnutls_x509_privkey_t key;
+ size_t size = sizeof(buf);
+
+ key = generate_private_key();
+@@ -563,13 +579,13 @@ static gnutls_x509_privkey gen_crypto(pr
+
+
+
+-gnutls_x509_privkey tls_load_privkey(prelude_client_profile_t *cp)
++gnutls_x509_privkey_t tls_load_privkey(prelude_client_profile_t *cp)
+ {
+ int ret;
+ size_t size;
+- gnutls_datum data;
++ gnutls_datum_t data;
+ char filename[256];
+- gnutls_x509_privkey key;
++ gnutls_x509_privkey_t key;
+
+ prelude_client_profile_get_tls_key_filename(cp, filename, sizeof(filename));
+
+@@ -620,7 +636,7 @@ static char ask_req_confirmation(void)
+
+
+
+-static int check_req(const char *srcinfo, prelude_io_t *fd, gnutls_x509_crq crq, uint64_t *analyzerid)
++static int check_req(const char *srcinfo, prelude_io_t *fd, gnutls_x509_crq_t crq, uint64_t *analyzerid)
+ {
+ int ret;
+ size_t size;
+@@ -676,17 +692,17 @@ static int check_req(const char *srcinfo
+
+
+ int tls_handle_certificate_request(const char *srcinfo, prelude_client_profile_t *cp, prelude_io_t *fd,
+- gnutls_x509_privkey cakey, gnutls_x509_crt cacrt,
+- gnutls_x509_crt crt)
++ gnutls_x509_privkey_t cakey, gnutls_x509_crt_t cacrt,
++ gnutls_x509_crt_t crt)
+ {
+ ssize_t ret;
+ size_t size;
+ char buf[65535];
+- gnutls_datum data;
+- gnutls_x509_crq crq;
++ gnutls_datum_t data;
++ gnutls_x509_crq_t crq;
+ unsigned char *rbuf;
+ uint64_t analyzerid;
+- gnutls_x509_crt gencrt;
++ gnutls_x509_crt_t gencrt;
+
+ /*
+ * Read the client CRQ and generate a certificate for it.
+@@ -752,13 +768,13 @@ int tls_handle_certificate_request(const
+
+
+ int tls_request_certificate(prelude_client_profile_t *cp, prelude_io_t *fd,
+- gnutls_x509_privkey key, prelude_connection_permission_t permission)
++ gnutls_x509_privkey_t key, prelude_connection_permission_t permission)
+ {
+ ssize_t ret;
+ ssize_t rsize;
+ char buf[65535];
+ unsigned char *rbuf;
+- gnutls_x509_crq crq;
++ gnutls_x509_crq_t crq;
+ size_t size = sizeof(buf);
+
+ prelude_log_debug(1, "Sending certificate request.\n");
+@@ -816,11 +832,11 @@ int tls_request_certificate(prelude_clie
+ }
+
+
+-static int crt_import(gnutls_x509_crt *crt, const char *filename)
++static int crt_import(gnutls_x509_crt_t *crt, const char *filename)
+ {
+ int ret;
+ size_t dsize;
+- gnutls_datum data;
++ gnutls_datum_t data;
+
+ ret = _prelude_load_file(filename, &data.data, &dsize);
+ if ( ret < 0 ) {
+@@ -841,7 +857,7 @@ static int crt_import(gnutls_x509_crt *c
+
+
+
+-static int crt_export(prelude_client_profile_t *cp, gnutls_x509_crt *crt, const char *filename)
++static int crt_export(prelude_client_profile_t *cp, gnutls_x509_crt_t *crt, const char *filename)
+ {
+ int ret;
+ size_t size;
+@@ -867,7 +883,7 @@ static int crt_export(prelude_client_pro
+ }
+
+
+-int tls_load_ca_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey key, gnutls_x509_crt *crt)
++int tls_load_ca_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey_t key, gnutls_x509_crt_t *crt)
+ {
+ int ret;
+ char filename[256];
+@@ -892,13 +908,13 @@ int tls_load_ca_certificate(prelude_clie
+
+
+ int tls_load_ca_signed_certificate(prelude_client_profile_t *cp,
+- gnutls_x509_privkey cakey,
+- gnutls_x509_crt cacrt,
+- gnutls_x509_crt *crt)
++ gnutls_x509_privkey_t cakey,
++ gnutls_x509_crt_t cacrt,
++ gnutls_x509_crt_t *crt)
+ {
+ int ret;
+ char filename[256];
+- gnutls_x509_crq crq;
++ gnutls_x509_crq_t crq;
+ unsigned char buf[65535];
+ size_t size = sizeof(buf);
+
+@@ -925,13 +941,14 @@ int tls_load_ca_signed_certificate(prelu
+
+
+
+-int tls_revoke_analyzer(prelude_client_profile_t *cp, gnutls_x509_privkey key,
+- gnutls_x509_crt crt, uint64_t revoked_analyzerid)
++int tls_revoke_analyzer(prelude_client_profile_t *cp, gnutls_x509_privkey_t x509key,
++ gnutls_x509_crt_t crt, uint64_t revoked_analyzerid)
+ {
+ int ret, i;
+ size_t len, dsize;
+- gnutls_datum data;
+- gnutls_x509_crl crl;
++ gnutls_datum_t data;
++ gnutls_privkey_t key;
++ gnutls_x509_crl_t crl;
+ uint64_t analyzerid;
+ char crlfile[PATH_MAX], buf[65535];
+
+@@ -973,7 +990,21 @@ int tls_revoke_analyzer(prelude_client_p
+ gnutls_x509_crl_set_next_update(crl, time(NULL));
+ gnutls_x509_crl_set_this_update(crl, time(NULL));
+
+- ret = gnutls_x509_crl_sign(crl, crt, key);
++ ret = gnutls_privkey_init(&key);
++ if ( ret < 0 ) {
++ fprintf(stderr, "error creating abstract key: %s.\n", gnutls_strerror(ret));
++ return -1;
++ }
++
++ printf("HERE");
++ ret = gnutls_privkey_import_x509(key, x509key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
++ if ( ret < 0 ) {
++ fprintf(stderr, "error importing x509 abstract key: %s.\n", gnutls_strerror(ret));
++ gnutls_privkey_deinit(key);
++ return -1;
++ }
++
++ ret = gnutls_x509_crl_privkey_sign(crl, crt, key, GNUTLS_DIG_SHA256, 0);
+ if ( ret < 0 ) {
+ fprintf(stderr, "error signing CRL: %s.\n", gnutls_strerror(ret));
+ return -1;
+--- a/prelude-admin/tls-register.h
++++ b/prelude-admin/tls-register.h
+@@ -23,22 +23,22 @@
+
+ #include "tls-util.h"
+
+-int tls_request_certificate(prelude_client_profile_t *cp, prelude_io_t *fd, gnutls_x509_privkey key,
++int tls_request_certificate(prelude_client_profile_t *cp, prelude_io_t *fd, gnutls_x509_privkey_t key,
+ prelude_connection_permission_t permission);
+
+ int tls_handle_certificate_request(const char *srcinfo, prelude_client_profile_t *cp, prelude_io_t *fd,
+- gnutls_x509_privkey cakey, gnutls_x509_crt cacrt, gnutls_x509_crt crt);
++ gnutls_x509_privkey_t cakey, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt);
+
+-gnutls_x509_privkey tls_load_privkey(prelude_client_profile_t *cp);
++gnutls_x509_privkey_t tls_load_privkey(prelude_client_profile_t *cp);
+
+
+ int tls_load_ca_certificate(prelude_client_profile_t *cp,
+- gnutls_x509_privkey key, gnutls_x509_crt *crt);
++ gnutls_x509_privkey_t key, gnutls_x509_crt_t *crt);
+
+ int tls_load_ca_signed_certificate(prelude_client_profile_t *cp,
+- gnutls_x509_privkey cakey,
+- gnutls_x509_crt cacrt,
+- gnutls_x509_crt *crt);
++ gnutls_x509_privkey_t cakey,
++ gnutls_x509_crt_t cacrt,
++ gnutls_x509_crt_t *crt);
+
+-int tls_revoke_analyzer(prelude_client_profile_t *cp, gnutls_x509_privkey key,
+- gnutls_x509_crt crt, uint64_t revoked_analyzerid);
++int tls_revoke_analyzer(prelude_client_profile_t *cp, gnutls_x509_privkey_t key,
++ gnutls_x509_crt_t crt, uint64_t revoked_analyzerid);
+--- a/src/include/tls-auth.h
++++ b/src/include/tls-auth.h
+@@ -31,7 +31,7 @@
+ int tls_auth_connection(prelude_client_profile_t *cp, prelude_io_t *io, int crypt,
+ uint64_t *peer_analyzerid, prelude_connection_permission_t *permission);
+
+-int tls_auth_init(prelude_client_profile_t *cp, gnutls_certificate_credentials *cred);
++int tls_auth_init(prelude_client_profile_t *cp, gnutls_certificate_credentials_t *cred);
+
+ int tls_auth_init_priority(const char *tlsopts);
+
+--- a/src/include/tls-util.h
++++ b/src/include/tls-util.h
+@@ -25,17 +25,17 @@
+ #define _LIBPRELUDE_TLS_UTIL_H
+
+
+-void tls_unload_file(gnutls_datum *data);
++void tls_unload_file(gnutls_datum_t *data);
+
+-int tls_load_file(const char *filename, gnutls_datum *data);
++int tls_load_file(const char *filename, gnutls_datum_t *data);
+
+-int tls_certificates_load(gnutls_x509_privkey key, const char *certfile, gnutls_certificate_credentials cred);
++int tls_certificates_load(gnutls_x509_privkey_t key, const char *certfile, gnutls_certificate_credentials_t cred);
+
+-int tls_certificate_get_peer_analyzerid(gnutls_session session, uint64_t *analyzerid);
++int tls_certificate_get_peer_analyzerid(gnutls_session_t session, uint64_t *analyzerid);
+
+-int tls_certificate_get_permission(gnutls_session session, prelude_connection_permission_t *permission);
++int tls_certificate_get_permission(gnutls_session_t session, prelude_connection_permission_t *permission);
+
+-int _prelude_tls_crt_list_import(gnutls_x509_crt *certs, unsigned int *cmax,
+- const gnutls_datum *data, gnutls_x509_crt_fmt format);
++int _prelude_tls_crt_list_import(gnutls_x509_crt_t *certs, unsigned int *cmax,
++ const gnutls_datum_t *data, gnutls_x509_crt_fmt_t format);
+
+ #endif
+--- a/src/prelude-client-profile.c
++++ b/src/prelude-client-profile.c
+@@ -75,7 +75,7 @@ struct prelude_client_profile {
+ prelude_gid_t gid;
+ char *name;
+ uint64_t analyzerid;
+- gnutls_certificate_credentials credentials;
++ gnutls_certificate_credentials_t credentials;
+ };
+
+
+--- a/src/tls-auth.c
++++ b/src/tls-auth.c
+@@ -98,7 +98,7 @@ static int read_auth_result(prelude_io_t
+
+
+
+-static int verify_certificate(gnutls_session session)
++static int verify_certificate(gnutls_session_t session)
+ {
+ time_t now;
+ int ret, alert = 0;
+@@ -155,7 +155,7 @@ static int verify_certificate(gnutls_ses
+
+
+
+-static int handle_gnutls_error(gnutls_session session, int ret)
++static int handle_gnutls_error(gnutls_session_t session, int ret)
+ {
+ int last_alert;
+
+@@ -180,10 +180,10 @@ static int handle_gnutls_error(gnutls_se
+
+
+
+-static inline gnutls_transport_ptr fd_to_ptr(int fd)
++static inline gnutls_transport_ptr_t fd_to_ptr(int fd)
+ {
+ union {
+- gnutls_transport_ptr ptr;
++ gnutls_transport_ptr_t ptr;
+ int fd;
+ } data;
+
+@@ -193,10 +193,10 @@ static inline gnutls_transport_ptr fd_to
+ }
+
+
+-static inline int ptr_to_fd(gnutls_transport_ptr ptr)
++static inline int ptr_to_fd(gnutls_transport_ptr_t ptr)
+ {
+ union {
+- gnutls_transport_ptr ptr;
++ gnutls_transport_ptr_t ptr;
+ int fd;
+ } data;
+
+@@ -206,7 +206,7 @@ static inline int ptr_to_fd(gnutls_trans
+ }
+
+
+-static void set_default_priority(gnutls_session session)
++static void set_default_priority(gnutls_session_t session)
+ {
+ #ifdef HAVE_GNUTLS_STRING_PRIORITY
+ gnutls_priority_set(session, tls_priority);
+@@ -250,14 +250,14 @@ int tls_auth_init_priority(const char *t
+
+
+
+-static ssize_t tls_pull(gnutls_transport_ptr fd, void *buf, size_t count)
++static ssize_t tls_pull(gnutls_transport_ptr_t fd, void *buf, size_t count)
+ {
+ return read(ptr_to_fd(fd), buf, count);
+ }
+
+
+
+-static ssize_t tls_push(gnutls_transport_ptr fd, const void *buf, size_t count)
++static ssize_t tls_push(gnutls_transport_ptr_t fd, const void *buf, size_t count)
+ {
+ return write(ptr_to_fd(fd), buf, count);
+ }
+@@ -268,7 +268,7 @@ int tls_auth_connection(prelude_client_p
+ {
+ void *cred;
+ int ret, fd;
+- gnutls_session session;
++ gnutls_session_t session;
+
+ if ( ! priority_set ) {
+ ret = tls_auth_init_priority(NULL);
+@@ -339,12 +339,12 @@ int tls_auth_connection(prelude_client_p
+
+
+
+-int tls_auth_init(prelude_client_profile_t *cp, gnutls_certificate_credentials *cred)
++int tls_auth_init(prelude_client_profile_t *cp, gnutls_certificate_credentials_t *cred)
+ {
+ int ret;
+ size_t size;
+- gnutls_datum data;
+- gnutls_x509_privkey key;
++ gnutls_datum_t data;
++ gnutls_x509_privkey_t key;
+ char keyfile[PATH_MAX], certfile[PATH_MAX];
+
+ *cred = NULL;
+--- a/src/tls-util.c
++++ b/src/tls-util.c
+@@ -48,12 +48,12 @@
+ #define X509_BEGIN_STR1 "-----BEGIN X509 CERTIFICATE"
+ #define X509_BEGIN_STR2 "-----BEGIN CERTIFICATE"
+
+-int _prelude_tls_crt_list_import(gnutls_x509_crt *certs, unsigned int *cmax,
+- const gnutls_datum *indata, gnutls_x509_crt_fmt format)
++int _prelude_tls_crt_list_import(gnutls_x509_crt_t *certs, unsigned int *cmax,
++ const gnutls_datum_t *indata, gnutls_x509_crt_fmt_t format)
+ {
+ int ret;
+ size_t skiplen;
+- gnutls_datum data;
++ gnutls_datum_t data;
+ unsigned int i = 0;
+ unsigned char *ptr;
+
+@@ -103,8 +103,8 @@ int _prelude_tls_crt_list_import(gnutls_
+
+ #else
+
+-int _prelude_tls_crt_list_import(gnutls_x509_crt *certs, unsigned int *cmax,
+- const gnutls_datum *indata, gnutls_x509_crt_fmt format)
++int _prelude_tls_crt_list_import(gnutls_x509_crt_t *certs, unsigned int *cmax,
++ const gnutls_datum_t *indata, gnutls_x509_crt_fmt_t format)
+ {
+ return gnutls_x509_crt_list_import(certs, cmax, indata, format, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ }
+@@ -112,13 +112,13 @@ int _prelude_tls_crt_list_import(gnutls_
+ #endif
+
+
+-int tls_certificates_load(gnutls_x509_privkey key, const char *certfname, gnutls_certificate_credentials cred)
++int tls_certificates_load(gnutls_x509_privkey_t key, const char *certfname, gnutls_certificate_credentials_t cred)
+ {
+ int ret;
+ size_t size;
+- gnutls_datum certfile;
++ gnutls_datum_t certfile;
+ unsigned int cert_max, i;
+- gnutls_x509_crt certs[1024];
++ gnutls_x509_crt_t certs[1024];
+
+ ret = _prelude_load_file(certfname, &certfile.data, &size);
+ if ( ret < 0 )
+@@ -150,14 +150,14 @@ err:
+
+
+
+-int tls_certificate_get_peer_analyzerid(gnutls_session session, uint64_t *analyzerid)
++int tls_certificate_get_peer_analyzerid(gnutls_session_t session, uint64_t *analyzerid)
+ {
+ int ret;
+ char buf[1024];
+- gnutls_x509_crt cert;
++ gnutls_x509_crt_t cert;
+ size_t size = sizeof(buf);
+ unsigned int cert_list_size;
+- const gnutls_datum *cert_list;
++ const gnutls_datum_t *cert_list;
+
+ cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
+ if ( ! cert_list || cert_list_size != 1 )
+@@ -193,14 +193,14 @@ int tls_certificate_get_peer_analyzerid(
+
+
+
+-int tls_certificate_get_permission(gnutls_session session,
++int tls_certificate_get_permission(gnutls_session_t session,
+ prelude_connection_permission_t *permission)
+ {
+ int ret, tmp;
+ char buf[1024];
+- gnutls_x509_crt cert;
++ gnutls_x509_crt_t cert;
+ size_t size = sizeof(buf);
+- const gnutls_datum *data;
++ const gnutls_datum_t *data;
+
+ data = gnutls_certificate_get_ours(session);
+ if ( ! data )
diff -Nru libprelude-1.0.0/debian/patches/series libprelude-1.0.0/debian/patches/series
--- libprelude-1.0.0/debian/patches/series 2015-07-09 11:26:22.000000000 +0200
+++ libprelude-1.0.0/debian/patches/series 2015-07-25 13:18:08.000000000 +0200
@@ -8,3 +8,4 @@
010_gnutlsextrainclude.diff
016_ppc64el-isnan-tests-fix-for-little-endian-PowerPC.patch
gcc5.diff
+020_Update-to-latest-GnuTLS-API.patch
