diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2020-03-31 12:57:12 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-31 13:01:20 -0300 |
| commit | 44c9daa55611bd457eb611d79681a63dc74bb6c2 (patch) | |
| tree | 7986732b8769c34dc43a0ca60d73be3dcfa8078b | |
| parent | 4c4ac30e53cc0d439c47078f876511f0a37723b8 (diff) | |
| download | aports-44c9daa55611bd457eb611d79681a63dc74bb6c2.tar.bz2 aports-44c9daa55611bd457eb611d79681a63dc74bb6c2.tar.xz | |
main/gnutls: fix GNUTLS-SA-2020-03-31
| -rw-r--r-- | main/gnutls/APKBUILD | 17 | ||||
| -rw-r--r-- | main/gnutls/GNUTLS-SA-2020-03-31.patch | 33 |
2 files changed, 42 insertions, 8 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD index 7e83be5b91..60134bef8a 100644 --- a/main/gnutls/APKBUILD +++ b/main/gnutls/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gnutls pkgver=3.6.7 -pkgrel=0 +pkgrel=1 pkgdesc="A TLS protocol implementation" url="https://www.gnutls.org/" arch="all" @@ -16,11 +16,14 @@ _v=${pkgver%.*} case $pkgver in *.*.*.*) _v=${_v%.*};; esac -source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/gnutls-$pkgver.tar.xz - tests-date-compat.patch" -builddir="$srcdir/$pkgname-$pkgver" +source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz + GNUTLS-SA-2020-03-31.patch + tests-date-compat.patch + " # secfixes: +# 3.6.7-r1: +# - GNUTLS-SA-2020-03-31 # 3.6.7-r0: # - CVE-2019-3836 # - CVE-2019-3829 @@ -28,7 +31,6 @@ builddir="$srcdir/$pkgname-$pkgver" # - CVE-2017-7507 build() { - cd "$builddir" LIBS="-lgmp" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -45,8 +47,6 @@ build() { } check() { - cd "$builddir" - make check } @@ -68,4 +68,5 @@ xx() { } sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz -b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch" +b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch +abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch" diff --git a/main/gnutls/GNUTLS-SA-2020-03-31.patch b/main/gnutls/GNUTLS-SA-2020-03-31.patch new file mode 100644 index 0000000000..e9554e2ea8 --- /dev/null +++ b/main/gnutls/GNUTLS-SA-2020-03-31.patch @@ -0,0 +1,33 @@ +From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de> +Date: Fri, 27 Mar 2020 17:17:57 +0100 +Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This broke with bcf4de03 "handshake: treat reply to HRR as a reply to +hello verify request", which failed to "De Morgan" properly. + +Signed-off-by: Stefan Bühler <stbuehler@web.de> +--- + lib/handshake.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/handshake.c b/lib/handshake.c +index 5739df213e..84a0e52101 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again) + /* Generate random data + */ + if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) && +- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) { ++ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) { + ret = _gnutls_gen_client_random(session); + if (ret < 0) { + gnutls_assert(); +-- +2.24.1 + + |