main/xen: upgrade to 4.4.2

1 files changed, 36 insertions, 0 deletions

diff --git a/main/xen/gnutls-3.4.0.patch b/main/xen/gnutls-3.4.0.patch
new file mode 100644
index 0000000000..9d2ed166dd
--- /dev/null
+++ b/main/xen/gnutls-3.4.0.patch
@@ -0,0 +1,36 @@
+--- ./tools/qemu-xen-traditional/vnc.c.orig
++++ ./tools/qemu-xen-traditional/vnc.c
+@@ -2137,10 +2137,6 @@
+ 
+ 
+ static int vnc_start_tls(struct VncState *vs) {
+-    static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
+-    static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
+-    static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
+-    static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
+ 
+     VNC_DEBUG("Do TLS setup\n");
+     if (vnc_tls_initialize() < 0) {
+@@ -2161,21 +2157,7 @@
+ 	    return -1;
+ 	}
+ 
+-	if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
+-	    gnutls_deinit(vs->tls_session);
+-	    vs->tls_session = NULL;
+-	    vnc_client_error(vs);
+-	    return -1;
+-	}
+-
+-	if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
+-	    gnutls_deinit(vs->tls_session);
+-	    vs->tls_session = NULL;
+-	    vnc_client_error(vs);
+-	    return -1;
+-	}
+-
+-	if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
++	if (gnutls_priority_set_direct(vs->tls_session, NEED_X509_AUTH(vs) ? "NORMAL" : "NORMAL:+ANON-DH", NULL) < 0) {
+ 	    gnutls_deinit(vs->tls_session);
+ 	    vs->tls_session = NULL;
+ 	    vnc_client_error(vs);