Skip to content

GitLab

aports
aports
Commit c2c9115c authored by Leo's avatar Leo
Browse files
Options

main/gnutls: fix GNUTLS-SA-2020-03-31

parent fca0c1b3
Pipeline #11891 canceled with stages
      in 169 minutes and 6 seconds
      Hide whitespace changes
      Inline Side-by-side
      Showing with 42 additions and 8 deletions
      main/gnutls/APKBUILD
      View file @ c2c9115c
      ......@@ -3,7 +3,7 @@
      # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
      pkgname=gnutls
      pkgver=3.6.7
      pkgrel=0
      pkgrel=1
      pkgdesc="A TLS protocol implementation"
      url="https://www.gnutls.org/"
      arch="all"
      ......@@ -16,11 +16,14 @@ _v=${pkgver%.*}
      case $pkgver in
      *.*.*.*) _v=${_v%.*};;
      esac
      source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/gnutls-$pkgver.tar.xz
      tests-date-compat.patch"
      builddir="$srcdir/$pkgname-$pkgver"
      source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz
      GNUTLS-SA-2020-03-31.patch
      tests-date-compat.patch
      "
      # secfixes:
      # 3.6.7-r1:
      # - GNUTLS-SA-2020-03-31
      # 3.6.7-r0:
      # - CVE-2019-3836
      # - CVE-2019-3829
      ......@@ -28,7 +31,6 @@ builddir="$srcdir/$pkgname-$pkgver"
      # - CVE-2017-7507
      build() {
      cd "$builddir"
      LIBS="-lgmp" ./configure \
      --build=$CBUILD \
      --host=$CHOST \
      ......@@ -45,8 +47,6 @@ build() {
      }
      check() {
      cd "$builddir"
      make check
      }
      ......@@ -68,4 +68,5 @@ xx() {
      }
      sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz
      b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch"
      b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch
      abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch"
      main/gnutls/GNUTLS-SA-2020-03-31.patch 0 → 100644
      View file @ c2c9115c
      From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001
      From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
      Date: Fri, 27 Mar 2020 17:17:57 +0100
      Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960)
      MIME-Version: 1.0
      Content-Type: text/plain; charset=UTF-8
      Content-Transfer-Encoding: 8bit
      This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
      hello verify request", which failed to "De Morgan" properly.
      Signed-off-by: Stefan Bühler <stbuehler@web.de>
      ---
      lib/handshake.c | 2 +-
      1 file changed, 1 insertion(+), 1 deletion(-)
      diff --git a/lib/handshake.c b/lib/handshake.c
      index 5739df213e..84a0e52101 100644
      --- a/lib/handshake.c
      +++ b/lib/handshake.c
      @@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again)
      /* Generate random data
      */
      if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
      - !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
      + !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) {
      ret = _gnutls_gen_client_random(session);
      if (ret < 0) {
      gnutls_assert();
      --
      2.24.1
      Markdown is supported
      0% or
      You are about to add 0 people to the discussion. Proceed with caution.
      Finish editing this message first!
      Please register or to comment