Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Leo
aports
Commits
c2c9115c
Commit
c2c9115c
authored
Mar 31, 2020
by
Leo
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/gnutls: fix GNUTLS-SA-2020-03-31
parent
fca0c1b3
Pipeline
#11891
canceled with stages
in 169 minutes and 6 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
42 additions
and
8 deletions
+42
-8
main/gnutls/APKBUILD
main/gnutls/APKBUILD
+9
-8
main/gnutls/GNUTLS-SA-2020-03-31.patch
main/gnutls/GNUTLS-SA-2020-03-31.patch
+33
-0
No files found.
main/gnutls/APKBUILD
View file @
c2c9115c
...
...
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
gnutls
pkgver
=
3.6.7
pkgrel
=
0
pkgrel
=
1
pkgdesc
=
"A TLS protocol implementation"
url
=
"https://www.gnutls.org/"
arch
=
"all"
...
...
@@ -16,11 +16,14 @@ _v=${pkgver%.*}
case
$pkgver
in
*
.
*
.
*
.
*
)
_v
=
${
_v
%.*
}
;;
esac
source
=
"https://www.gnupg.org/ftp/gcrypt/gnutls/v
${
_v
}
/gnutls-
$pkgver
.tar.xz
tests-date-compat.patch"
builddir
=
"
$srcdir
/
$pkgname
-
$pkgver
"
source
=
"https://www.gnupg.org/ftp/gcrypt/gnutls/v
$_v
/gnutls-
$pkgver
.tar.xz
GNUTLS-SA-2020-03-31.patch
tests-date-compat.patch
"
# secfixes:
# 3.6.7-r1:
# - GNUTLS-SA-2020-03-31
# 3.6.7-r0:
# - CVE-2019-3836
# - CVE-2019-3829
...
...
@@ -28,7 +31,6 @@ builddir="$srcdir/$pkgname-$pkgver"
# - CVE-2017-7507
build
()
{
cd
"
$builddir
"
LIBS
=
"-lgmp"
./configure
\
--build
=
$CBUILD
\
--host
=
$CHOST
\
...
...
@@ -45,8 +47,6 @@ build() {
}
check
()
{
cd
"
$builddir
"
make check
}
...
...
@@ -68,4 +68,5 @@ xx() {
}
sha512sums
=
"ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz
b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch"
b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch
abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch"
main/gnutls/GNUTLS-SA-2020-03-31.patch
0 → 100644
View file @
c2c9115c
From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Fri, 27 Mar 2020 17:17:57 +0100
Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
hello verify request", which failed to "De Morgan" properly.
Signed-off-by: Stefan Bühler <stbuehler@web.de>
---
lib/handshake.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/handshake.c b/lib/handshake.c
index 5739df213e..84a0e52101 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2167,7 +2167,7 @@
static int send_client_hello(gnutls_session_t session, int again)
/* Generate random data
*/
if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
+ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) {
ret = _gnutls_gen_client_random(session);
if (ret < 0) {
gnutls_assert();
--
2.24.1
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
