diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2013-04-08 11:41:07 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2013-04-08 11:41:07 +0000 |
commit | 59984fc0a1f4c2f70961ecaa4ff79cea56bdc7cb (patch) | |
tree | c0b720eb3792fcd3ea7e0440d09e32fbf933687a | |
parent | e284167aecd00197e8f835d500d9956bfa3a90fb (diff) | |
download | aports-59984fc0a1f4c2f70961ecaa4ff79cea56bdc7cb.tar.bz2 aports-59984fc0a1f4c2f70961ecaa4ff79cea56bdc7cb.tar.xz |
Revert "main/gnutls: security upgrade to 2.12.23 (CVE-2013-1619). Fixes #1657"
This reverts commit e284167aecd00197e8f835d500d9956bfa3a90fb.
-rw-r--r-- | main/gnutls/APKBUILD | 13 | ||||
-rw-r--r-- | main/gnutls/cve-2012-1573.patch | 22 |
2 files changed, 29 insertions, 6 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD index fb4b313757..4eb2c53630 100644 --- a/main/gnutls/APKBUILD +++ b/main/gnutls/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Michael Mason <ms13sp@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gnutls -pkgver=2.12.23 -pkgrel=0 +pkgver=2.10.5 +pkgrel=3 pkgdesc="A library which provides a secure connection" url="http://www.gnu.org/software/gnutls/" arch="all" @@ -12,7 +12,9 @@ depends_dev="libgcrypt-dev libgpg-error-dev zlib-dev libtasn1-dev" makedepends="$depends_dev perl" install= subpackages="$pkgname-doc $pkgname-dev" -source="ftp://ftp.gnutls.org/gcrypt/gnutls/v${pkgver%.*}/$pkgname-$pkgver.tar.bz2" +source="http://ftp.gnu.org/pub/gnu/gnutls/$pkgname-$pkgver.tar.bz2 + cve-2012-1573.patch + " prepare() { cd "$srcdir/$pkgname-$pkgver" @@ -39,6 +41,5 @@ package() { make -j1 DESTDIR="$pkgdir" install } -md5sums="f3c1d34bd5f113395c4be0d5dfc2b7fe gnutls-2.12.23.tar.bz2" -sha256sums="dfa67a7e40727eb0913e75f3c44911d5d8cd58d1ead5acfe73dd933fc0d17ed2 gnutls-2.12.23.tar.bz2" -sha512sums="7780e9ca7b592350ce9b11e53a63d3212320402d8ad2462bfbc0e69aec4a48bb372a1925627abb7996535c87c90e3d79537ea118c8bb36d26aae8e19eaae3a06 gnutls-2.12.23.tar.bz2" +md5sums="1b032e07ccd22f71a5df78aa73bd91f2 gnutls-2.10.5.tar.bz2 +b37bbb419598cf04d3cc9b9d9d5dd79e cve-2012-1573.patch" diff --git a/main/gnutls/cve-2012-1573.patch b/main/gnutls/cve-2012-1573.patch new file mode 100644 index 0000000000..b377c391c2 --- /dev/null +++ b/main/gnutls/cve-2012-1573.patch @@ -0,0 +1,22 @@ +--- ./lib/gnutls_cipher.c.orig ++++ ./lib/gnutls_cipher.c +@@ -515,14 +515,13 @@ + { + ciphertext.size -= blocksize; + ciphertext.data += blocksize; +- +- if (ciphertext.size == 0) +- { +- gnutls_assert (); +- return GNUTLS_E_DECRYPTION_FAILED; +- } + } + ++ if (ciphertext.size < hash_size) ++ { ++ gnutls_assert (); ++ return GNUTLS_E_DECRYPTION_FAILED; ++ } + pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ + + if ((int) pad > (int) ciphertext.size - hash_size) |