diff -Nru libaws-3.2.0/debian/changelog libaws-3.2.0/debian/changelog --- libaws-3.2.0/debian/changelog 2014-10-06 21:31:41.000000000 +0000 +++ libaws-3.2.0/debian/changelog 2016-01-30 00:04:32.000000000 +0000 @@ -1,3 +1,11 @@ +libaws (3.2.0-3+rpi1) stretch-staging; urgency=medium + + * Add patches based on upstream commits to fix build with new gnutls + (Closes: 782801) + * Tweak debian/rules to build wrappers.c when building with gnutls. + + -- Peter Michael Green Fri, 29 Jan 2016 23:40:28 +0000 + libaws (3.2.0-3) unstable; urgency=medium * Move source package to section libs, raise -bin and -doc binary packages diff -Nru libaws-3.2.0/debian/patches/gnutls3.4.4.diff libaws-3.2.0/debian/patches/gnutls3.4.4.diff --- libaws-3.2.0/debian/patches/gnutls3.4.4.diff 1970-01-01 00:00:00.000000000 +0000 +++ libaws-3.2.0/debian/patches/gnutls3.4.4.diff 2016-01-29 22:12:29.000000000 +0000 @@ -0,0 +1,66 @@ +This patch is based on the git commit described below and was refreshed against +the Debian package by Peter Michael Green. + +commit 7857ccafe14848d8378272421d2e49c3b351334b +Author: Dmitriy Anisimkov +Date: Fri Sep 25 12:12:20 2015 +0600 + + GNUTLS version 3.4.4 and newer compartibility. + + * config/ssl/ssl-thin__gnutls.ads: + More session flags. + + * config/ssl/aws-net-ssl__gnutls.adb: + Use GNUTLS_NO_EXTENSIONS session flag when ticket support is not necessary. + +Index: libaws-3.2.0/config/ssl/aws-net-ssl__gnutls.adb +=================================================================== +--- libaws-3.2.0.orig/config/ssl/aws-net-ssl__gnutls.adb ++++ libaws-3.2.0/config/ssl/aws-net-ssl__gnutls.adb +@@ -1646,7 +1646,11 @@ package body AWS.Net.SSL is + Check_Config (Socket); + + Check_Error_Code +- (gnutls_init (Socket.SSL'Access, GNUTLS_CLIENT), Socket); ++ (gnutls_init ++ (Socket.SSL'Access, ++ GNUTLS_CLIENT + (if Socket.Config.Ticket_Support then 0 ++ else GNUTLS_NO_EXTENSIONS)), ++ Socket); + + if Socket.Config.Ticket_Support then + Check_Error_Code (gnutls_session_ticket_enable_client (Socket.SSL)); +@@ -1744,7 +1748,11 @@ package body AWS.Net.SSL is + end if; + + Check_Error_Code +- (gnutls_init (Socket.SSL'Access, GNUTLS_SERVER), Socket); ++ (gnutls_init ++ (Socket.SSL'Access, ++ GNUTLS_SERVER + (if Socket.Config.Ticket_Support then 0 ++ else GNUTLS_NO_EXTENSIONS)), ++ Socket); + + if Socket.Config.Ticket_Support then + Check_Error_Code +Index: libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads +=================================================================== +--- libaws-3.2.0.orig/config/ssl/ssl-thin__gnutls.ads ++++ libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads +@@ -177,10 +177,12 @@ package SSL.Thin is + GNUTLS_CRD_PSK : constant gnutls_credentials_type_t := 4; + GNUTLS_CRD_IA : constant gnutls_credentials_type_t := 5; + +- GNUTLS_SERVER : constant C.unsigned := 1; +- GNUTLS_CLIENT : constant C.unsigned := 2; +- GNUTLS_DATAGRAM : constant C.unsigned := 4; +- GNUTLS_NONBLOCK : constant C.unsigned := 8; ++ GNUTLS_SERVER : constant C.unsigned := 1; ++ GNUTLS_CLIENT : constant C.unsigned := 2; ++ GNUTLS_DATAGRAM : constant C.unsigned := 4; ++ GNUTLS_NONBLOCK : constant C.unsigned := 8; ++ GNUTLS_NO_EXTENSIONS : constant C.unsigned := 16; ++ GNUTLS_NO_REPLAY_PROTECTION : constant C.unsigned := 32; + + type gnutls_certificate_verify_flags is new C.int; + subtype certificate_verify_flags is gnutls_certificate_verify_flags; diff -Nru libaws-3.2.0/debian/patches/gnutls3.4.diff libaws-3.2.0/debian/patches/gnutls3.4.diff --- libaws-3.2.0/debian/patches/gnutls3.4.diff 1970-01-01 00:00:00.000000000 +0000 +++ libaws-3.2.0/debian/patches/gnutls3.4.diff 2016-01-29 22:11:36.000000000 +0000 @@ -0,0 +1,271 @@ +This patch is based on the git commit described below with modifications by +plugwash to make it apply to the Debian package. + +commit 958f5f9e4ba752ca3e4045c09618579eae74f219 +Author: Dmitriy Anisimkov +Date: Wed Sep 23 19:09:32 2015 +0600 + + GNUTLS 3.4 compartibility. + + * config/ssl/ssl-thin__gnutls.ads: + (GNUTLS_SEC_PARAM_*): constants imported from C wrapper. + (gnutls_rsa_params_t): became subtype of gnutls_x509_privkey_t. + (gnutls_certificate_set_rsa_export_params): Removed. + (gnutls_rsa_params_init): Removed. + (gnutls_rsa_params_deinit): Removed. + (gnutls_rsa_params_cpy): Removed. + (gnutls_rsa_params_import_raw): Removed. + (gnutls_rsa_params_generate2): Removed. + (gnutls_rsa_params_export_raw): Removed. + (gnutls_rsa_params_import_pkcs1): Removed. + (gnutls_x509_privkey_generate): New bound routine. + + * ssl/ssl.gpr, config/ssl/gnutls/wrappers.c: + C wrapper for GNUTLS_SEC_PARAM_* constants. + + * config/ssl/aws-net-ssl__gnutls.adb: + (Generate_RSA): Use gnutls_x509_privkey_generate instead of + obsolete gnutls_rsa_params_generate2. + +Index: libaws-3.2.0/config/ssl/aws-net-ssl__gnutls.adb +=================================================================== +--- libaws-3.2.0.orig/config/ssl/aws-net-ssl__gnutls.adb ++++ libaws-3.2.0/config/ssl/aws-net-ssl__gnutls.adb +@@ -859,14 +859,14 @@ package body AWS.Net.SSL is + return; + end if; + +- Check_Error_Code (TSSL.gnutls_rsa_params_init (New_One'Access)); ++ Check_Error_Code (TSSL.gnutls_x509_privkey_init (New_One'Access)); + Check_Error_Code +- (TSSL.gnutls_rsa_params_generate2 +- (New_One, ++ (TSSL.gnutls_x509_privkey_generate ++ (New_One, TSSL.GNUTLS_PK_RSA, + TSSL.gnutls_sec_param_to_pk_bits +- (TSSL.GNUTLS_PK_RSA, TSSL.GNUTLS_SEC_PARAM_NORMAL))); ++ (TSSL.GNUTLS_PK_RSA, TSSL.GNUTLS_SEC_PARAM_NORMAL), 0)); + +- TSSL.gnutls_rsa_params_deinit (RSA_Params (1)); ++ TSSL.gnutls_x509_privkey_deinit (RSA_Params (1)); + + RSA_Params (1) := RSA_Params (0); + RSA_Params (0) := New_One; +Index: libaws-3.2.0/config/ssl/gnutls/wrappers.c +=================================================================== +--- /dev/null ++++ libaws-3.2.0/config/ssl/gnutls/wrappers.c +@@ -0,0 +1,46 @@ ++/*************************************************************************** ++ * Ada Web Server * ++ * * ++ * Copyright (C) 2015, AdaCore * ++ * * ++ * This library is free software; you can redistribute it and/or modify * ++ * it under the terms of the GNU General Public License as published by * ++ * the Free Software Foundation; either version 2 of the License, or (at * ++ * your option) any later version. * ++ * * ++ * This library is distributed in the hope that it will be useful, but * ++ * WITHOUT ANY WARRANTY; without even the implied warranty of * ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * ++ * General Public License for more details. * ++ * * ++ * You should have received a copy of the GNU General Public License * ++ * along with this library; if not, write to the Free Software Foundation, * ++ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * ++ * * ++ * As a special exception, if other files instantiate generics from this * ++ * unit, or you link this unit with other files to produce an executable, * ++ * this unit does not by itself cause the resulting executable to be * ++ * covered by the GNU General Public License. This exception does not * ++ * however invalidate any other reasons why the executable file might be * ++ * covered by the GNU Public License. * ++ ***************************************************************************/ ++ ++/* This wrappers is neccessary because the constants GNUTLS_SEC_PARAM_* changed ++ * in GNUTLS version 3.4. We could use this constants directly when decide to ++ * complete support of the GNUTLS versions earlier then 3.4. ++ */ ++ ++#include ++#define AWS_EXPORT(c) extern const int _AWS_##c; \ ++ const int _AWS_##c = c; ++ ++AWS_EXPORT(GNUTLS_SEC_PARAM_INSECURE); ++AWS_EXPORT(GNUTLS_SEC_PARAM_EXPORT); ++AWS_EXPORT(GNUTLS_SEC_PARAM_VERY_WEAK); ++AWS_EXPORT(GNUTLS_SEC_PARAM_WEAK); ++AWS_EXPORT(GNUTLS_SEC_PARAM_UNKNOWN); ++AWS_EXPORT(GNUTLS_SEC_PARAM_LOW); ++AWS_EXPORT(GNUTLS_SEC_PARAM_LEGACY); ++AWS_EXPORT(GNUTLS_SEC_PARAM_NORMAL); ++AWS_EXPORT(GNUTLS_SEC_PARAM_HIGH); ++AWS_EXPORT(GNUTLS_SEC_PARAM_ULTRA); +Index: libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads +=================================================================== +--- libaws-3.2.0.orig/config/ssl/ssl-thin__gnutls.ads ++++ libaws-3.2.0/config/ssl/ssl-thin__gnutls.ads +@@ -335,29 +335,32 @@ package SSL.Thin is + GNUTLS_SIGN_RSA_MD2 : constant gnutls_sign_algorithm_t := 4; + GNUTLS_SIGN_UNKNOWN : constant gnutls_sign_algorithm_t := 255; + +- type gnutls_sec_param_t is +- (GNUTLS_SEC_PARAM_INSECURE, +- GNUTLS_SEC_PARAM_EXPORT, +- GNUTLS_SEC_PARAM_VERY_WEAK, +- GNUTLS_SEC_PARAM_WEAK, +- GNUTLS_SEC_PARAM_UNKNOWN, +- GNUTLS_SEC_PARAM_LOW, +- GNUTLS_SEC_PARAM_LEGACY, +- GNUTLS_SEC_PARAM_NORMAL, +- GNUTLS_SEC_PARAM_HIGH, +- GNUTLS_SEC_PARAM_ULTRA); +- for gnutls_sec_param_t use +- (GNUTLS_SEC_PARAM_INSECURE => -20, +- GNUTLS_SEC_PARAM_EXPORT => -15, +- GNUTLS_SEC_PARAM_VERY_WEAK => -12, +- GNUTLS_SEC_PARAM_WEAK => -10, +- GNUTLS_SEC_PARAM_UNKNOWN => 0, +- GNUTLS_SEC_PARAM_LOW => 1, +- GNUTLS_SEC_PARAM_LEGACY => 2, +- GNUTLS_SEC_PARAM_NORMAL => 3, +- GNUTLS_SEC_PARAM_HIGH => 4, +- GNUTLS_SEC_PARAM_ULTRA => 5); +- for gnutls_sec_param_t'Size use C.int'Size; ++ type gnutls_sec_param_t is new C.int; ++ GNUTLS_SEC_PARAM_UNKNOWN : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_UNKNOWN"; ++ GNUTLS_SEC_PARAM_INSECURE : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_INSECURE"; ++ GNUTLS_SEC_PARAM_EXPORT : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_EXPORT"; ++ GNUTLS_SEC_PARAM_VERY_WEAK : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_VERY_WEAK"; ++ GNUTLS_SEC_PARAM_WEAK : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_WEAK"; ++ GNUTLS_SEC_PARAM_LOW : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_LOW"; ++ GNUTLS_SEC_PARAM_LEGACY : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_LEGACY"; ++ GNUTLS_SEC_PARAM_MEDIUM : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_NORMAL"; ++ -- MEDIUM parameter imported as NORMAL for compartibility with different ++ -- GNUTLS versions. MEDIUM appeared at GNUTLS version 3.3. ++ GNUTLS_SEC_PARAM_HIGH : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_HIGH"; ++ GNUTLS_SEC_PARAM_ULTRA : constant gnutls_sec_param_t with Import, ++ Convention => C, External_Name => "_AWS_GNUTLS_SEC_PARAM_ULTRA"; ++ ++ GNUTLS_SEC_PARAM_NORMAL : constant gnutls_sec_param_t := ++ GNUTLS_SEC_PARAM_MEDIUM; + + type gnutls_params_type_t is new C.int; + GNUTLS_PARAMS_RSA_EXPORT : constant gnutls_params_type_t := 1; +@@ -384,7 +387,6 @@ package SSL.Thin is + + type gnutls_session_t is access all STRUCT_DSTRUCT; + type gnutls_dh_params_t is access all STRUCT_DSTRUCT; +- type gnutls_rsa_params_t is access all STRUCT_DSTRUCT; + type gnutls_ecdh_params_t is access all STRUCT_DSTRUCT; + type gnutls_certificate_credentials_t is access all STRUCT_DSTRUCT; + type gnutls_anon_server_credentials_t is access all STRUCT_DSTRUCT; +@@ -403,6 +405,7 @@ package SSL.Thin is + type gnutls_privkey_t is access all STRUCT_DSTRUCT; + type gnutls_priority_t is access all STRUCT_DSTRUCT; + ++ subtype gnutls_rsa_params_t is gnutls_x509_privkey_t; + type gnutls_retr_st is record + cert_type : gnutls_certificate_type_t; + cert_x509 : a_gnutls_x509_crt_t; +@@ -951,11 +954,6 @@ package SSL.Thin is + p2 : gnutls_dh_params_t) + with Import, Convention => C; + +- procedure gnutls_certificate_set_rsa_export_params +- (res : gnutls_certificate_credentials_t; +- rsa_params : gnutls_rsa_params_t) +- with Import, Convention => C; +- + procedure gnutls_certificate_set_verify_flags + (res : gnutls_certificate_credentials_t; + flags : C.unsigned) +@@ -1050,6 +1048,12 @@ package SSL.Thin is + (key : access gnutls_x509_privkey_t) return C.int + with Import, Convention => C; + ++ function gnutls_x509_privkey_generate ++ (key : gnutls_x509_privkey_t; ++ algo : gnutls_pk_algorithm_t; ++ bits : C.unsigned; ++ flags : C.unsigned) return C.int with Import, Convention => C; ++ + procedure gnutls_x509_privkey_deinit (key : gnutls_x509_privkey_t) + with Import, Convention => C; + +@@ -1201,50 +1205,6 @@ package SSL.Thin is + src : gnutls_dh_params_t) return C.int + with Import, Convention => C; + +- function gnutls_rsa_params_init +- (rsa_params : access gnutls_rsa_params_t) return C.int +- with Import, Convention => C; +- +- procedure gnutls_rsa_params_deinit (rsa_params : gnutls_rsa_params_t) +- with Import, Convention => C; +- +- function gnutls_rsa_params_cpy +- (dst : gnutls_rsa_params_t; +- src : gnutls_rsa_params_t) return C.int +- with Import, Convention => C; +- +- function gnutls_rsa_params_import_raw +- (rsa_params : gnutls_rsa_params_t; +- m : a_gnutls_datum_t; +- e : a_gnutls_datum_t; +- d : a_gnutls_datum_t; +- p : a_gnutls_datum_t; +- q : a_gnutls_datum_t; +- u : a_gnutls_datum_t) return C.int +- with Import, Convention => C; +- +- function gnutls_rsa_params_generate2 +- (params : gnutls_rsa_params_t; +- bits : C.unsigned) return C.int +- with Import, Convention => C; +- +- function gnutls_rsa_params_export_raw +- (params : gnutls_rsa_params_t; +- m : a_gnutls_datum_t; +- e : a_gnutls_datum_t; +- d : a_gnutls_datum_t; +- p : a_gnutls_datum_t; +- q : a_gnutls_datum_t; +- u : a_gnutls_datum_t; +- bits : access C.unsigned) return C.int +- with Import, Convention => C; +- +- function gnutls_rsa_params_import_pkcs1 +- (params : gnutls_rsa_params_t; +- pkcs1_params : a_gnutls_datum_t; +- format : gnutls_x509_crt_fmt_t) return C.int +- with Import, Convention => C; +- + function gnutls_transport_get_ptr + (session : gnutls_session_t) return gnutls_transport_ptr_t + with Import, Convention => C; +Index: libaws-3.2.0/ssl/ssl.gpr +=================================================================== +--- libaws-3.2.0.orig/ssl/ssl.gpr ++++ libaws-3.2.0/ssl/ssl.gpr +@@ -28,8 +28,8 @@ library project SSL is + for Languages use ("Ada", "Project file"); + for Source_Dirs use (".", "../config/ssl"); + when "gnutls" => +- for Languages use ("Ada", "Project file"); +- for Source_Dirs use (".", "../config/ssl"); ++ for Languages use ("Ada", "Project file", "C"); ++ for Source_Dirs use (".", "../config/ssl", "../config/ssl/gnutls"); + when others => + for Languages use ("Ada", "Project file", "C"); + for Source_Dirs use (".", "../config/ssl", "../config/ssl/openssl"); diff -Nru libaws-3.2.0/debian/patches/series libaws-3.2.0/debian/patches/series --- libaws-3.2.0/debian/patches/series 2014-10-06 21:20:44.000000000 +0000 +++ libaws-3.2.0/debian/patches/series 2016-01-29 22:08:33.000000000 +0000 @@ -4,6 +4,9 @@ noisy_style_warnings.diff build_flags_doc_gen.diff +gnutls3.4.diff +gnutls3.4.4.diff + # These patches may be useful if we ever attempt to use upstream build # system (see libaws-doc.TODO). # no_silent_makefile.diff diff -Nru libaws-3.2.0/debian/rules libaws-3.2.0/debian/rules --- libaws-3.2.0/debian/rules 2014-10-06 21:20:44.000000000 +0000 +++ libaws-3.2.0/debian/rules 2016-01-30 00:05:39.000000000 +0000 @@ -89,17 +89,20 @@ ###################################################################### # Compile C sources from config/ssl/openssl (currently, only # wrappers.c) as described in build_aws.gpr. -AWS_C_SRC_DIR := config/ssl/openssl +ifeq ($(SSL),openssl) + AWS_C_SRC_DIR := config/ssl/openssl +else + AWS_C_SRC_DIR := config/ssl/gnutls +endif AWS_C_OBJ_DIR_D := debian/build_aws_obj_dynamic AWS_C_OBJ_DIR_S := debian/build_aws_obj_static AWS_C_SRCS := $(wildcard $(AWS_C_SRC_DIR)/*.c) AWS_C_OBJS_D := $(patsubst $(AWS_C_SRC_DIR)/%.c,$(AWS_C_OBJ_DIR_D)/%.o,$(AWS_C_SRCS)) AWS_C_OBJS_S := $(patsubst $(AWS_C_SRC_DIR)/%.c,$(AWS_C_OBJ_DIR_S)/%.o,$(AWS_C_SRCS)) -ifeq ($(SSL),openssl) - build-aws-dynamic: $(AWS_C_OBJS_D) - build-aws-static : $(AWS_C_OBJS_S) -endif +build-aws-dynamic: $(AWS_C_OBJS_D) +build-aws-static : $(AWS_C_OBJS_S) + $(AWS_C_OBJS_D): $(AWS_C_OBJ_DIR_D)/%.o: $(AWS_C_SRC_DIR)/%.c $(CC) -c -fPIC $(CFLAGS) $(CPPFLAGS) $< -o $@ $(AWS_C_OBJS_S): $(AWS_C_OBJ_DIR_S)/%.o: $(AWS_C_SRC_DIR)/%.c