Control: tags -1 patch fixed-upstream pending Control: severity -1 important
On 2015-04-18 Andreas Metzler <ametz...@bebt.de> wrote: > retitle 624028 libprelude: Uses deprecated _set_priority GnuTLS functions, > FTBFS against gnutls 3.4.0 [...] Hello, I have just uploaded a NMU with the attached patch to delayed/15. Please tell me if it should be delayed further. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru libprelude-1.0.0/debian/changelog libprelude-1.0.0/debian/changelog --- libprelude-1.0.0/debian/changelog 2015-07-09 11:27:34.000000000 +0200 +++ libprelude-1.0.0/debian/changelog 2015-07-25 13:21:14.000000000 +0200 @@ -1,3 +1,11 @@ +libprelude (1.0.0-11.6) unstable; urgency=low + + * Non-maintainer upload. + * Pull and unfuzz 020_Update-to-latest-GnuTLS-API.patch from upstream GIT. + Closes: #624028 + + -- Andreas Metzler <ametz...@debian.org> Sat, 25 Jul 2015 13:21:12 +0200 + libprelude (1.0.0-11.5) unstable; urgency=medium * Non-maintainer upload. diff -Nru libprelude-1.0.0/debian/patches/020_Update-to-latest-GnuTLS-API.patch libprelude-1.0.0/debian/patches/020_Update-to-latest-GnuTLS-API.patch --- libprelude-1.0.0/debian/patches/020_Update-to-latest-GnuTLS-API.patch 1970-01-01 01:00:00.000000000 +0100 +++ libprelude-1.0.0/debian/patches/020_Update-to-latest-GnuTLS-API.patch 2015-07-25 13:18:30.000000000 +0200 @@ -0,0 +1,944 @@ +From 507a8ce0074461a692c1c8864f957c3ed3e8eaa3 Mon Sep 17 00:00:00 2001 +From: Yoann Vandoorselaere <yoa...@gmail.com> +Date: Sun, 15 Dec 2013 16:38:11 +0100 +Subject: [PATCH] Update to latest GnuTLS API + +--- + prelude-admin/prelude-admin.c | 66 ++++++++++----------- + prelude-admin/server.c | 54 +++++++++-------- + prelude-admin/server.h | 4 +- + prelude-admin/tls-register.c | 131 ++++++++++++++++++++++++++---------------- + prelude-admin/tls-register.h | 18 +++--- + src/include/tls-auth.h | 2 +- + src/include/tls-util.h | 14 ++--- + src/prelude-client-profile.c | 2 +- + src/tls-auth.c | 26 ++++----- + src/tls-util.c | 28 ++++----- + 10 files changed, 191 insertions(+), 154 deletions(-) + +--- a/prelude-admin/prelude-admin.c ++++ b/prelude-admin/prelude-admin.c +@@ -843,10 +843,10 @@ static int anon_check_passwd(prelude_io_ + } + + +-static inline gnutls_transport_ptr fd_to_ptr(int fd) ++static inline gnutls_transport_ptr_t fd_to_ptr(int fd) + { + union { +- gnutls_transport_ptr ptr; ++ gnutls_transport_ptr_t ptr; + int fd; + } data; + +@@ -856,10 +856,10 @@ static inline gnutls_transport_ptr fd_to + } + + +-static inline int ptr_to_fd(gnutls_transport_ptr ptr) ++static inline int ptr_to_fd(gnutls_transport_ptr_t ptr) + { + union { +- gnutls_transport_ptr ptr; ++ gnutls_transport_ptr_t ptr; + int fd; + } data; + +@@ -869,40 +869,42 @@ static inline int ptr_to_fd(gnutls_trans + } + + +-static ssize_t tls_pull(gnutls_transport_ptr fd, void *buf, size_t count) ++static ssize_t tls_pull(gnutls_transport_ptr_t fd, void *buf, size_t count) + { + return read(ptr_to_fd(fd), buf, count); + } + + + +-static ssize_t tls_push(gnutls_transport_ptr fd, const void *buf, size_t count) ++static ssize_t tls_push(gnutls_transport_ptr_t fd, const void *buf, size_t count) + { + return write(ptr_to_fd(fd), buf, count); + } + + +-static gnutls_session new_tls_session(int sock, char *passwd) ++static gnutls_session_t new_tls_session(int sock, char *passwd) + { + int ret; +- gnutls_session session; +- gnutls_anon_client_credentials anoncred; +- +- const int kx_priority[] = { +- GNUTLS_KX_ANON_DH, ++ const char *err; ++ gnutls_session_t session; ++ gnutls_anon_client_credentials_t anoncred; + #ifdef GNUTLS_SRP_ENABLED +- GNUTLS_KX_SRP, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA, ++ const char *pstring = "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA:+ANON-DH"; ++#else ++ const char *pstring = "NORMAL:-KX-ALL:+ANON-DH"; + #endif +- 0 +- }; +- ++ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_set_default_priority(session); +- gnutls_kx_set_priority(session, kx_priority); ++ ret = gnutls_priority_set_direct(session, pstring, &err); ++ if (ret < 0) { ++ fprintf(stderr, "TLS priority syntax error at: %s\n", err); ++ return NULL; ++ } + + #ifdef GNUTLS_SRP_ENABLED + { +- gnutls_srp_client_credentials srpcred; ++ gnutls_srp_client_credentials_t srpcred; + gnutls_srp_allocate_client_credentials(&srpcred); + gnutls_srp_set_client_credentials(srpcred, "prelude-adduser", passwd); + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred); +@@ -939,7 +941,7 @@ static prelude_io_t *connect_manager(con + { + int ret, sock; + prelude_io_t *fd; +- gnutls_session session; ++ gnutls_session_t session; + char buf[sizeof("65535")]; + struct addrinfo hints, *ai; + +@@ -1027,7 +1029,7 @@ static int create_directory(prelude_clie + + + static int setup_analyzer_files(prelude_client_profile_t *profile, uint64_t *analyzerid, +- gnutls_x509_privkey *key, gnutls_x509_crt *crt) ++ gnutls_x509_privkey_t *key, gnutls_x509_crt_t *crt) + { + int ret; + char buf[256]; +@@ -1301,8 +1303,8 @@ static int get_existing_profile_owner(co + + + +-static int add_analyzer(const char *name, uint64_t *analyzerid, gnutls_x509_privkey *key, +- gnutls_x509_crt *crt, gnutls_x509_crt *ca_crt) ++static int add_analyzer(const char *name, uint64_t *analyzerid, gnutls_x509_privkey_t *key, ++ gnutls_x509_crt_t *crt, gnutls_x509_crt_t *ca_crt) + { + int ret; + char buf[PATH_MAX]; +@@ -1349,8 +1351,8 @@ static int add_cmd(int argc, char **argv + int ret, i; + uint64_t analyzerid; + prelude_string_t *err; +- gnutls_x509_privkey key; +- gnutls_x509_crt ca_crt, crt; ++ gnutls_x509_privkey_t key; ++ gnutls_x509_crt_t ca_crt, crt; + prelude_client_profile_t *testprofile; + + ret = _prelude_client_profile_new(&profile); +@@ -1481,8 +1483,8 @@ static int register_cmd(int argc, char * + prelude_io_t *fd; + uint64_t analyzerid; + prelude_string_t *err; +- gnutls_x509_privkey key; +- gnutls_x509_crt crt, ca_crt; ++ gnutls_x509_privkey_t key; ++ gnutls_x509_crt_t crt, ca_crt; + prelude_connection_permission_t permission_bits; + + ret = _prelude_client_profile_new(&profile); +@@ -1595,8 +1597,8 @@ static int registration_server_cmd(int a + int ret, i; + uint64_t analyzerid; + prelude_string_t *err; +- gnutls_x509_privkey key; +- gnutls_x509_crt ca_crt, crt; ++ gnutls_x509_privkey_t key; ++ gnutls_x509_crt_t ca_crt, crt; + + ret = _prelude_client_profile_new(&profile); + +@@ -1679,8 +1681,8 @@ static int revoke_cmd(int argc, char **a + char *eptr = NULL; + uint64_t analyzerid; + prelude_string_t *err; +- gnutls_x509_privkey key; +- gnutls_x509_crt ca_crt, crt; ++ gnutls_x509_privkey_t key; ++ gnutls_x509_crt_t ca_crt, crt; + + i = ret = prelude_option_read(parentopt, NULL, &argc, argv, &err, NULL); + if ( ret < 0 ) { +@@ -2050,11 +2052,11 @@ static int list_cmd(int argc, char **arg + struct group *gr; + struct passwd *pw; + #endif +- gnutls_datum data; ++ gnutls_datum_t data; + prelude_string_t *str; + unsigned int cert_max, i; + int ret, permission; +- gnutls_x509_crt certs[1024]; ++ gnutls_x509_crt_t certs[1024]; + char dirname[PATH_MAX]; + char buf[1024], analyzerid[128], uidbuf[128] = { 0 }, gidbuf[128] = { 0 }; + +--- a/prelude-admin/server.c ++++ b/prelude-admin/server.c +@@ -55,11 +55,11 @@ + + + static const char *one_shot_passwd; +-static gnutls_anon_server_credentials anoncred; ++static gnutls_anon_server_credentials_t anoncred; + + + #ifdef GNUTLS_SRP_ENABLED +- static gnutls_srp_server_credentials srpcred; ++ static gnutls_srp_server_credentials_t srpcred; + #endif + + +@@ -99,10 +99,10 @@ static int anon_check_passwd(prelude_io_ + } + + +-static inline gnutls_transport_ptr fd_to_ptr(int fd) ++static inline gnutls_transport_ptr_t fd_to_ptr(int fd) + { + union { +- gnutls_transport_ptr ptr; ++ gnutls_transport_ptr_t ptr; + int fd; + } data; + +@@ -112,10 +112,10 @@ static inline gnutls_transport_ptr fd_to + } + + +-static inline int ptr_to_fd(gnutls_transport_ptr ptr) ++static inline int ptr_to_fd(gnutls_transport_ptr_t ptr) + { + union { +- gnutls_transport_ptr ptr; ++ gnutls_transport_ptr_t ptr; + int fd; + } data; + +@@ -125,34 +125,38 @@ static inline int ptr_to_fd(gnutls_trans + } + + +-static ssize_t tls_pull(gnutls_transport_ptr fd, void *buf, size_t count) ++static ssize_t tls_pull(gnutls_transport_ptr_t fd, void *buf, size_t count) + { + return read(ptr_to_fd(fd), buf, count); + } + + + +-static ssize_t tls_push(gnutls_transport_ptr fd, const void *buf, size_t count) ++static ssize_t tls_push(gnutls_transport_ptr_t fd, const void *buf, size_t count) + { + return write(ptr_to_fd(fd), buf, count); + } + + +-static gnutls_session new_tls_session(int sock) ++static gnutls_session_t new_tls_session(int sock) + { + int ret; +- gnutls_session session; +- const int kx_priority[] = { +- GNUTLS_KX_ANON_DH, ++ gnutls_session_t session; ++ const char *err; + #ifdef GNUTLS_SRP_ENABLED +- GNUTLS_KX_SRP, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP_RSA, ++ const char *pstring = "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA:+ANON-DH"; ++#else ++ const char *pstring = "NORMAL:-KX-ALL:+ANON-DH"; + #endif +- 0 }; + + gnutls_init(&session, GNUTLS_SERVER); +- + gnutls_set_default_priority(session); +- gnutls_kx_set_priority(session, kx_priority); ++ ++ ret = gnutls_priority_set_direct(session, pstring, &err); ++ if (ret < 0) { ++ fprintf(stderr, "TLS priority syntax error at: %s\n", err); ++ return NULL; ++ } + + #ifdef GNUTLS_SRP_ENABLED + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srpcred); +@@ -177,9 +181,9 @@ static gnutls_session new_tls_session(in + + + static int handle_client_connection(const char *srcinfo, prelude_client_profile_t *cp, prelude_io_t *fd, +- gnutls_x509_privkey key, gnutls_x509_crt cacrt, gnutls_x509_crt crt) ++ gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt) + { +- gnutls_session session; ++ gnutls_session_t session; + + session = new_tls_session(prelude_io_get_fd(fd)); + if ( ! session ) +@@ -196,7 +200,7 @@ static int handle_client_connection(cons + + + static int process_event(prelude_client_profile_t *cp, int server_sock, prelude_io_t *fd, +- gnutls_x509_privkey key, gnutls_x509_crt cacrt, gnutls_x509_crt crt) ++ gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt) + { + char buf[512]; + void *inaddr; +@@ -244,7 +248,7 @@ static int process_event(prelude_client_ + + static int wait_connection(prelude_client_profile_t *cp, int sock, + struct pollfd *pfd, size_t size, int keepalive, +- gnutls_x509_privkey key, gnutls_x509_crt cacrt, gnutls_x509_crt crt) ++ gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt) + { + size_t i; + prelude_io_t *fd; +@@ -369,7 +373,7 @@ static int setup_server(const char *addr + + #ifdef GNUTLS_SRP_ENABLED + +-static int copy_datum(gnutls_datum *dst, const gnutls_datum *src) ++static int copy_datum(gnutls_datum_t *dst, const gnutls_datum_t *src) + { + dst->size = src->size; + +@@ -386,8 +390,8 @@ static int copy_datum(gnutls_datum *dst, + + + +-static int srp_callback(gnutls_session session, const char *username, gnutls_datum *salt, +- gnutls_datum *verifier, gnutls_datum *generator, gnutls_datum *prime) ++static int srp_callback(gnutls_session_t session, const char *username, gnutls_datum_t *salt, ++ gnutls_datum_t *verifier, gnutls_datum_t *generator, gnutls_datum_t *prime) + { + int ret; + +@@ -419,12 +423,12 @@ static int srp_callback(gnutls_session s + + + int server_create(prelude_client_profile_t *cp, const char *addr, unsigned int port, +- prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey key, gnutls_x509_crt cacrt, gnutls_x509_crt crt) ++ prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt) + { + int sock; + size_t size; + struct pollfd pfd[128]; +- gnutls_dh_params dh_params; ++ gnutls_dh_params_t dh_params; + + #ifdef GNUTLS_SRP_ENABLED + int ret; +--- a/prelude-admin/server.h ++++ b/prelude-admin/server.h +@@ -22,6 +22,6 @@ + *****/ + + int server_create(prelude_client_profile_t *cp, const char *addr, unsigned int port, +- prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey key, +- gnutls_x509_crt cacrt, gnutls_x509_crt crt); ++ prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey_t key, ++ gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt); + +--- a/prelude-admin/tls-register.c ++++ b/prelude-admin/tls-register.c +@@ -34,6 +34,7 @@ + + #include <gnutls/gnutls.h> + #include <gnutls/x509.h> ++#include <gnutls/abstract.h> + #include <gcrypt.h> + + #include "prelude-client.h" +@@ -52,7 +53,7 @@ extern int authority_certificate_lifetim + extern int generated_certificate_lifetime; + + +-static int cmp_certificate_dn(gnutls_x509_crt crt, uint64_t wanted_dn, uint64_t wanted_issuer_dn) ++static int cmp_certificate_dn(gnutls_x509_crt_t crt, uint64_t wanted_dn, uint64_t wanted_issuer_dn) + { + int ret; + char buf[128]; +@@ -102,8 +103,8 @@ static int remove_old_certificate(const + unsigned char *data, *datap; + size_t size; + FILE *fd; +- gnutls_datum datum; +- gnutls_x509_crt crt; ++ gnutls_datum_t datum; ++ gnutls_x509_crt_t crt; + prelude_string_t *out; + + ret = _prelude_load_file(filename, &data, &size); +@@ -181,8 +182,8 @@ static int remove_old(const char *filena + { + int ret; + char out[512]; +- gnutls_datum data; +- gnutls_x509_crt crt; ++ gnutls_datum_t data; ++ gnutls_x509_crt_t crt; + uint64_t dn, issuer_dn; + + data.size = size; +@@ -287,11 +288,11 @@ static int save_buf(const char *filename + + + +-static gnutls_x509_crt generate_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey key, int expire) ++static gnutls_x509_crt_t generate_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey_t key, int expire) + { + int ret; + char buf[1024]; +- gnutls_x509_crt crt; ++ gnutls_x509_crt_t crt; + uint64_t analyzerid; + size_t size = sizeof(buf); + +@@ -343,14 +344,14 @@ static gnutls_x509_crt generate_certific + + + +-static gnutls_x509_crt generate_signed_certificate(prelude_client_profile_t *cp, +- uint64_t analyzerid, +- gnutls_x509_crt ca_crt, +- gnutls_x509_privkey ca_key, +- gnutls_x509_crq crq) ++static gnutls_x509_crt_t generate_signed_certificate(prelude_client_profile_t *cp, ++ uint64_t analyzerid, ++ gnutls_x509_crt_t ca_crt, ++ gnutls_x509_privkey_t ca_key, ++ gnutls_x509_crq_t crq) + { + int ret; +- gnutls_x509_crt crt; ++ gnutls_x509_crt_t crt; + unsigned char buf[65535]; + size_t size = sizeof(buf); + +@@ -398,10 +399,10 @@ static gnutls_x509_crt generate_signed_c + + + +-static gnutls_x509_crt generate_ca_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey key) ++static gnutls_x509_crt_t generate_ca_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey_t key) + { + int ret; +- gnutls_x509_crt crt; ++ gnutls_x509_crt_t crt; + unsigned int usage = 0; + + crt = generate_certificate(cp, key, authority_certificate_lifetime); +@@ -441,10 +442,10 @@ static void entropy_progress_cb(void *cb + } + + +-static gnutls_x509_privkey generate_private_key(void) ++static gnutls_x509_privkey_t generate_private_key(void) + { + int ret; +- gnutls_x509_privkey key; ++ gnutls_x509_privkey_t key; + + ret = gnutls_x509_privkey_init(&key); + if ( ret < 0 ) { +@@ -474,12 +475,13 @@ static gnutls_x509_privkey generate_priv + + + +-static gnutls_x509_crq generate_certificate_request(prelude_client_profile_t *cp, +- prelude_connection_permission_t permission, +- gnutls_x509_privkey key, unsigned char *buf, size_t *size) ++static gnutls_x509_crq_t generate_certificate_request(prelude_client_profile_t *cp, ++ prelude_connection_permission_t permission, ++ gnutls_x509_privkey_t x509key, unsigned char *buf, size_t *size) + { + int ret; +- gnutls_x509_crq crq; ++ gnutls_privkey_t key; ++ gnutls_x509_crq_t crq; + + ret = gnutls_x509_crq_init(&crq); + if ( ret < 0 ) { +@@ -487,7 +489,7 @@ static gnutls_x509_crq generate_certific + return NULL; + } + +- ret = gnutls_x509_crq_set_key(crq, key); ++ ret = gnutls_x509_crq_set_key(crq, x509key); + if ( ret < 0 ) { + fprintf(stderr, "error setting certificate request key: %s.\n", gnutls_strerror(ret)); + gnutls_x509_crq_deinit(crq); +@@ -512,7 +514,21 @@ static gnutls_x509_crq generate_certific + return NULL; + } + +- ret = gnutls_x509_crq_sign(crq, key); ++ ret = gnutls_privkey_init(&key); ++ if ( ret < 0 ) { ++ fprintf(stderr, "error creating abstract key: %s.\n", gnutls_strerror(ret)); ++ return NULL; ++ } ++ ++ ret = gnutls_privkey_import_x509(key, x509key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); ++ if ( ret < 0 ) { ++ fprintf(stderr, "error importing x509 abstract key: %s.\n", gnutls_strerror(ret)); ++ gnutls_privkey_deinit(key); ++ return NULL; ++ } ++ ++ printf("HERE2\n"); ++ ret = gnutls_x509_crq_privkey_sign(crq, key, GNUTLS_DIG_SHA256, 0); + if ( ret < 0 ) { + fprintf(stderr, "error signing certificate request: %s.\n", gnutls_strerror(ret)); + gnutls_x509_crq_deinit(crq); +@@ -531,12 +547,12 @@ static gnutls_x509_crq generate_certific + + + +-static gnutls_x509_privkey gen_crypto(prelude_client_profile_t *cp, +- const char *filename, prelude_uid_t uid, prelude_gid_t gid) ++static gnutls_x509_privkey_t gen_crypto(prelude_client_profile_t *cp, ++ const char *filename, prelude_uid_t uid, prelude_gid_t gid) + { + int ret; + char buf[65535]; +- gnutls_x509_privkey key; ++ gnutls_x509_privkey_t key; + size_t size = sizeof(buf); + + key = generate_private_key(); +@@ -563,13 +579,13 @@ static gnutls_x509_privkey gen_crypto(pr + + + +-gnutls_x509_privkey tls_load_privkey(prelude_client_profile_t *cp) ++gnutls_x509_privkey_t tls_load_privkey(prelude_client_profile_t *cp) + { + int ret; + size_t size; +- gnutls_datum data; ++ gnutls_datum_t data; + char filename[256]; +- gnutls_x509_privkey key; ++ gnutls_x509_privkey_t key; + + prelude_client_profile_get_tls_key_filename(cp, filename, sizeof(filename)); + +@@ -620,7 +636,7 @@ static char ask_req_confirmation(void) + + + +-static int check_req(const char *srcinfo, prelude_io_t *fd, gnutls_x509_crq crq, uint64_t *analyzerid) ++static int check_req(const char *srcinfo, prelude_io_t *fd, gnutls_x509_crq_t crq, uint64_t *analyzerid) + { + int ret; + size_t size; +@@ -676,17 +692,17 @@ static int check_req(const char *srcinfo + + + int tls_handle_certificate_request(const char *srcinfo, prelude_client_profile_t *cp, prelude_io_t *fd, +- gnutls_x509_privkey cakey, gnutls_x509_crt cacrt, +- gnutls_x509_crt crt) ++ gnutls_x509_privkey_t cakey, gnutls_x509_crt_t cacrt, ++ gnutls_x509_crt_t crt) + { + ssize_t ret; + size_t size; + char buf[65535]; +- gnutls_datum data; +- gnutls_x509_crq crq; ++ gnutls_datum_t data; ++ gnutls_x509_crq_t crq; + unsigned char *rbuf; + uint64_t analyzerid; +- gnutls_x509_crt gencrt; ++ gnutls_x509_crt_t gencrt; + + /* + * Read the client CRQ and generate a certificate for it. +@@ -752,13 +768,13 @@ int tls_handle_certificate_request(const + + + int tls_request_certificate(prelude_client_profile_t *cp, prelude_io_t *fd, +- gnutls_x509_privkey key, prelude_connection_permission_t permission) ++ gnutls_x509_privkey_t key, prelude_connection_permission_t permission) + { + ssize_t ret; + ssize_t rsize; + char buf[65535]; + unsigned char *rbuf; +- gnutls_x509_crq crq; ++ gnutls_x509_crq_t crq; + size_t size = sizeof(buf); + + prelude_log_debug(1, "Sending certificate request.\n"); +@@ -816,11 +832,11 @@ int tls_request_certificate(prelude_clie + } + + +-static int crt_import(gnutls_x509_crt *crt, const char *filename) ++static int crt_import(gnutls_x509_crt_t *crt, const char *filename) + { + int ret; + size_t dsize; +- gnutls_datum data; ++ gnutls_datum_t data; + + ret = _prelude_load_file(filename, &data.data, &dsize); + if ( ret < 0 ) { +@@ -841,7 +857,7 @@ static int crt_import(gnutls_x509_crt *c + + + +-static int crt_export(prelude_client_profile_t *cp, gnutls_x509_crt *crt, const char *filename) ++static int crt_export(prelude_client_profile_t *cp, gnutls_x509_crt_t *crt, const char *filename) + { + int ret; + size_t size; +@@ -867,7 +883,7 @@ static int crt_export(prelude_client_pro + } + + +-int tls_load_ca_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey key, gnutls_x509_crt *crt) ++int tls_load_ca_certificate(prelude_client_profile_t *cp, gnutls_x509_privkey_t key, gnutls_x509_crt_t *crt) + { + int ret; + char filename[256]; +@@ -892,13 +908,13 @@ int tls_load_ca_certificate(prelude_clie + + + int tls_load_ca_signed_certificate(prelude_client_profile_t *cp, +- gnutls_x509_privkey cakey, +- gnutls_x509_crt cacrt, +- gnutls_x509_crt *crt) ++ gnutls_x509_privkey_t cakey, ++ gnutls_x509_crt_t cacrt, ++ gnutls_x509_crt_t *crt) + { + int ret; + char filename[256]; +- gnutls_x509_crq crq; ++ gnutls_x509_crq_t crq; + unsigned char buf[65535]; + size_t size = sizeof(buf); + +@@ -925,13 +941,14 @@ int tls_load_ca_signed_certificate(prelu + + + +-int tls_revoke_analyzer(prelude_client_profile_t *cp, gnutls_x509_privkey key, +- gnutls_x509_crt crt, uint64_t revoked_analyzerid) ++int tls_revoke_analyzer(prelude_client_profile_t *cp, gnutls_x509_privkey_t x509key, ++ gnutls_x509_crt_t crt, uint64_t revoked_analyzerid) + { + int ret, i; + size_t len, dsize; +- gnutls_datum data; +- gnutls_x509_crl crl; ++ gnutls_datum_t data; ++ gnutls_privkey_t key; ++ gnutls_x509_crl_t crl; + uint64_t analyzerid; + char crlfile[PATH_MAX], buf[65535]; + +@@ -973,7 +990,21 @@ int tls_revoke_analyzer(prelude_client_p + gnutls_x509_crl_set_next_update(crl, time(NULL)); + gnutls_x509_crl_set_this_update(crl, time(NULL)); + +- ret = gnutls_x509_crl_sign(crl, crt, key); ++ ret = gnutls_privkey_init(&key); ++ if ( ret < 0 ) { ++ fprintf(stderr, "error creating abstract key: %s.\n", gnutls_strerror(ret)); ++ return -1; ++ } ++ ++ printf("HERE"); ++ ret = gnutls_privkey_import_x509(key, x509key, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); ++ if ( ret < 0 ) { ++ fprintf(stderr, "error importing x509 abstract key: %s.\n", gnutls_strerror(ret)); ++ gnutls_privkey_deinit(key); ++ return -1; ++ } ++ ++ ret = gnutls_x509_crl_privkey_sign(crl, crt, key, GNUTLS_DIG_SHA256, 0); + if ( ret < 0 ) { + fprintf(stderr, "error signing CRL: %s.\n", gnutls_strerror(ret)); + return -1; +--- a/prelude-admin/tls-register.h ++++ b/prelude-admin/tls-register.h +@@ -23,22 +23,22 @@ + + #include "tls-util.h" + +-int tls_request_certificate(prelude_client_profile_t *cp, prelude_io_t *fd, gnutls_x509_privkey key, ++int tls_request_certificate(prelude_client_profile_t *cp, prelude_io_t *fd, gnutls_x509_privkey_t key, + prelude_connection_permission_t permission); + + int tls_handle_certificate_request(const char *srcinfo, prelude_client_profile_t *cp, prelude_io_t *fd, +- gnutls_x509_privkey cakey, gnutls_x509_crt cacrt, gnutls_x509_crt crt); ++ gnutls_x509_privkey_t cakey, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt); + +-gnutls_x509_privkey tls_load_privkey(prelude_client_profile_t *cp); ++gnutls_x509_privkey_t tls_load_privkey(prelude_client_profile_t *cp); + + + int tls_load_ca_certificate(prelude_client_profile_t *cp, +- gnutls_x509_privkey key, gnutls_x509_crt *crt); ++ gnutls_x509_privkey_t key, gnutls_x509_crt_t *crt); + + int tls_load_ca_signed_certificate(prelude_client_profile_t *cp, +- gnutls_x509_privkey cakey, +- gnutls_x509_crt cacrt, +- gnutls_x509_crt *crt); ++ gnutls_x509_privkey_t cakey, ++ gnutls_x509_crt_t cacrt, ++ gnutls_x509_crt_t *crt); + +-int tls_revoke_analyzer(prelude_client_profile_t *cp, gnutls_x509_privkey key, +- gnutls_x509_crt crt, uint64_t revoked_analyzerid); ++int tls_revoke_analyzer(prelude_client_profile_t *cp, gnutls_x509_privkey_t key, ++ gnutls_x509_crt_t crt, uint64_t revoked_analyzerid); +--- a/src/include/tls-auth.h ++++ b/src/include/tls-auth.h +@@ -31,7 +31,7 @@ + int tls_auth_connection(prelude_client_profile_t *cp, prelude_io_t *io, int crypt, + uint64_t *peer_analyzerid, prelude_connection_permission_t *permission); + +-int tls_auth_init(prelude_client_profile_t *cp, gnutls_certificate_credentials *cred); ++int tls_auth_init(prelude_client_profile_t *cp, gnutls_certificate_credentials_t *cred); + + int tls_auth_init_priority(const char *tlsopts); + +--- a/src/include/tls-util.h ++++ b/src/include/tls-util.h +@@ -25,17 +25,17 @@ + #define _LIBPRELUDE_TLS_UTIL_H + + +-void tls_unload_file(gnutls_datum *data); ++void tls_unload_file(gnutls_datum_t *data); + +-int tls_load_file(const char *filename, gnutls_datum *data); ++int tls_load_file(const char *filename, gnutls_datum_t *data); + +-int tls_certificates_load(gnutls_x509_privkey key, const char *certfile, gnutls_certificate_credentials cred); ++int tls_certificates_load(gnutls_x509_privkey_t key, const char *certfile, gnutls_certificate_credentials_t cred); + +-int tls_certificate_get_peer_analyzerid(gnutls_session session, uint64_t *analyzerid); ++int tls_certificate_get_peer_analyzerid(gnutls_session_t session, uint64_t *analyzerid); + +-int tls_certificate_get_permission(gnutls_session session, prelude_connection_permission_t *permission); ++int tls_certificate_get_permission(gnutls_session_t session, prelude_connection_permission_t *permission); + +-int _prelude_tls_crt_list_import(gnutls_x509_crt *certs, unsigned int *cmax, +- const gnutls_datum *data, gnutls_x509_crt_fmt format); ++int _prelude_tls_crt_list_import(gnutls_x509_crt_t *certs, unsigned int *cmax, ++ const gnutls_datum_t *data, gnutls_x509_crt_fmt_t format); + + #endif +--- a/src/prelude-client-profile.c ++++ b/src/prelude-client-profile.c +@@ -75,7 +75,7 @@ struct prelude_client_profile { + prelude_gid_t gid; + char *name; + uint64_t analyzerid; +- gnutls_certificate_credentials credentials; ++ gnutls_certificate_credentials_t credentials; + }; + + +--- a/src/tls-auth.c ++++ b/src/tls-auth.c +@@ -98,7 +98,7 @@ static int read_auth_result(prelude_io_t + + + +-static int verify_certificate(gnutls_session session) ++static int verify_certificate(gnutls_session_t session) + { + time_t now; + int ret, alert = 0; +@@ -155,7 +155,7 @@ static int verify_certificate(gnutls_ses + + + +-static int handle_gnutls_error(gnutls_session session, int ret) ++static int handle_gnutls_error(gnutls_session_t session, int ret) + { + int last_alert; + +@@ -180,10 +180,10 @@ static int handle_gnutls_error(gnutls_se + + + +-static inline gnutls_transport_ptr fd_to_ptr(int fd) ++static inline gnutls_transport_ptr_t fd_to_ptr(int fd) + { + union { +- gnutls_transport_ptr ptr; ++ gnutls_transport_ptr_t ptr; + int fd; + } data; + +@@ -193,10 +193,10 @@ static inline gnutls_transport_ptr fd_to + } + + +-static inline int ptr_to_fd(gnutls_transport_ptr ptr) ++static inline int ptr_to_fd(gnutls_transport_ptr_t ptr) + { + union { +- gnutls_transport_ptr ptr; ++ gnutls_transport_ptr_t ptr; + int fd; + } data; + +@@ -206,7 +206,7 @@ static inline int ptr_to_fd(gnutls_trans + } + + +-static void set_default_priority(gnutls_session session) ++static void set_default_priority(gnutls_session_t session) + { + #ifdef HAVE_GNUTLS_STRING_PRIORITY + gnutls_priority_set(session, tls_priority); +@@ -250,14 +250,14 @@ int tls_auth_init_priority(const char *t + + + +-static ssize_t tls_pull(gnutls_transport_ptr fd, void *buf, size_t count) ++static ssize_t tls_pull(gnutls_transport_ptr_t fd, void *buf, size_t count) + { + return read(ptr_to_fd(fd), buf, count); + } + + + +-static ssize_t tls_push(gnutls_transport_ptr fd, const void *buf, size_t count) ++static ssize_t tls_push(gnutls_transport_ptr_t fd, const void *buf, size_t count) + { + return write(ptr_to_fd(fd), buf, count); + } +@@ -268,7 +268,7 @@ int tls_auth_connection(prelude_client_p + { + void *cred; + int ret, fd; +- gnutls_session session; ++ gnutls_session_t session; + + if ( ! priority_set ) { + ret = tls_auth_init_priority(NULL); +@@ -339,12 +339,12 @@ int tls_auth_connection(prelude_client_p + + + +-int tls_auth_init(prelude_client_profile_t *cp, gnutls_certificate_credentials *cred) ++int tls_auth_init(prelude_client_profile_t *cp, gnutls_certificate_credentials_t *cred) + { + int ret; + size_t size; +- gnutls_datum data; +- gnutls_x509_privkey key; ++ gnutls_datum_t data; ++ gnutls_x509_privkey_t key; + char keyfile[PATH_MAX], certfile[PATH_MAX]; + + *cred = NULL; +--- a/src/tls-util.c ++++ b/src/tls-util.c +@@ -48,12 +48,12 @@ + #define X509_BEGIN_STR1 "-----BEGIN X509 CERTIFICATE" + #define X509_BEGIN_STR2 "-----BEGIN CERTIFICATE" + +-int _prelude_tls_crt_list_import(gnutls_x509_crt *certs, unsigned int *cmax, +- const gnutls_datum *indata, gnutls_x509_crt_fmt format) ++int _prelude_tls_crt_list_import(gnutls_x509_crt_t *certs, unsigned int *cmax, ++ const gnutls_datum_t *indata, gnutls_x509_crt_fmt_t format) + { + int ret; + size_t skiplen; +- gnutls_datum data; ++ gnutls_datum_t data; + unsigned int i = 0; + unsigned char *ptr; + +@@ -103,8 +103,8 @@ int _prelude_tls_crt_list_import(gnutls_ + + #else + +-int _prelude_tls_crt_list_import(gnutls_x509_crt *certs, unsigned int *cmax, +- const gnutls_datum *indata, gnutls_x509_crt_fmt format) ++int _prelude_tls_crt_list_import(gnutls_x509_crt_t *certs, unsigned int *cmax, ++ const gnutls_datum_t *indata, gnutls_x509_crt_fmt_t format) + { + return gnutls_x509_crt_list_import(certs, cmax, indata, format, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + } +@@ -112,13 +112,13 @@ int _prelude_tls_crt_list_import(gnutls_ + #endif + + +-int tls_certificates_load(gnutls_x509_privkey key, const char *certfname, gnutls_certificate_credentials cred) ++int tls_certificates_load(gnutls_x509_privkey_t key, const char *certfname, gnutls_certificate_credentials_t cred) + { + int ret; + size_t size; +- gnutls_datum certfile; ++ gnutls_datum_t certfile; + unsigned int cert_max, i; +- gnutls_x509_crt certs[1024]; ++ gnutls_x509_crt_t certs[1024]; + + ret = _prelude_load_file(certfname, &certfile.data, &size); + if ( ret < 0 ) +@@ -150,14 +150,14 @@ err: + + + +-int tls_certificate_get_peer_analyzerid(gnutls_session session, uint64_t *analyzerid) ++int tls_certificate_get_peer_analyzerid(gnutls_session_t session, uint64_t *analyzerid) + { + int ret; + char buf[1024]; +- gnutls_x509_crt cert; ++ gnutls_x509_crt_t cert; + size_t size = sizeof(buf); + unsigned int cert_list_size; +- const gnutls_datum *cert_list; ++ const gnutls_datum_t *cert_list; + + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); + if ( ! cert_list || cert_list_size != 1 ) +@@ -193,14 +193,14 @@ int tls_certificate_get_peer_analyzerid( + + + +-int tls_certificate_get_permission(gnutls_session session, ++int tls_certificate_get_permission(gnutls_session_t session, + prelude_connection_permission_t *permission) + { + int ret, tmp; + char buf[1024]; +- gnutls_x509_crt cert; ++ gnutls_x509_crt_t cert; + size_t size = sizeof(buf); +- const gnutls_datum *data; ++ const gnutls_datum_t *data; + + data = gnutls_certificate_get_ours(session); + if ( ! data ) diff -Nru libprelude-1.0.0/debian/patches/series libprelude-1.0.0/debian/patches/series --- libprelude-1.0.0/debian/patches/series 2015-07-09 11:26:22.000000000 +0200 +++ libprelude-1.0.0/debian/patches/series 2015-07-25 13:18:08.000000000 +0200 @@ -8,3 +8,4 @@ 010_gnutlsextrainclude.diff 016_ppc64el-isnan-tests-fix-for-little-endian-PowerPC.patch gcc5.diff +020_Update-to-latest-GnuTLS-API.patch