Commit 7eb9ebd5 authored by Natanael Copa's avatar Natanael Copa

main/gnutls: security upgrade to 3.6.14 (CVE-2020-13777)

fixes #11627
parent 06fe05c6
......@@ -2,8 +2,8 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnutls
pkgver=3.6.8
pkgrel=1
pkgver=3.6.14
pkgrel=0
pkgdesc="A TLS protocol implementation"
url="https://www.gnutls.org/"
arch="all"
......@@ -17,12 +17,13 @@ case $pkgver in
*.*.*.*) _v=${_v%.*};;
esac
source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz
GNUTLS-SA-2020-03-31.patch
"
# secfixes:
# 3.6.14-r0:
# - CVE-2020-13777
# 3.6.8-r1:
# - GNUTLS-SA-2020-03-31 CVE-2020-11501
# - CVE-2020-11501 GNUTLS-SA-2020-03-31
# 3.6.7-r0:
# - CVE-2019-3836
# - CVE-2019-3829
......@@ -66,5 +67,4 @@ xx() {
mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
}
sha512sums="71f0899de0ffb2a39b25928042114e2bbfde7fbf2029d9f91f60bf60794916d13f544fc97337e4e3282e7faa17e79a8012b0e08f98805bee543c0ba4e5d5a905 gnutls-3.6.8.tar.xz
abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch"
sha512sums="b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604 gnutls-3.6.14.tar.xz"
From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
Date: Fri, 27 Mar 2020 17:17:57 +0100
Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
hello verify request", which failed to "De Morgan" properly.
Signed-off-by: Stefan Bühler <stbuehler@web.de>
---
lib/handshake.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/handshake.c b/lib/handshake.c
index 5739df213e..84a0e52101 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again)
/* Generate random data
*/
if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
+ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) {
ret = _gnutls_gen_client_random(session);
if (ret < 0) {
gnutls_assert();
--
2.24.1
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment