diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2020-03-31 12:57:12 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-31 12:57:12 -0300 |
| commit | 4a0c4741e713ac2f2bff164ee6290e2b05b38337 (patch) | |
| tree | 22fad1242686355da206cf767d3757c4fc952e2a | |
| parent | 1862afa26481549008a0ebd670bcade978b6d7c9 (diff) | |
| download | aports-4a0c4741e713ac2f2bff164ee6290e2b05b38337.tar.bz2 aports-4a0c4741e713ac2f2bff164ee6290e2b05b38337.tar.xz | |
main/gnutls: fix GNUTLS-SA-2020-03-31
| -rw-r--r-- | main/gnutls/APKBUILD | 14 | ||||
| -rw-r--r-- | main/gnutls/GNUTLS-SA-2020-03-31.patch | 33 |
2 files changed, 41 insertions, 6 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD index 234fc2a618..e48099675d 100644 --- a/main/gnutls/APKBUILD +++ b/main/gnutls/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gnutls pkgver=3.6.10 -pkgrel=0 +pkgrel=1 pkgdesc="A TLS protocol implementation" url="https://www.gnutls.org/" arch="all" @@ -16,9 +16,13 @@ _v=${pkgver%.*} case $pkgver in *.*.*.*) _v=${_v%.*};; esac -source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz" +source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz + GNUTLS-SA-2020-03-31.patch + " # secfixes: +# 3.6.10-r1: +# - GNUTLS-SA-2020-03-31 # 3.6.7-r0: # - CVE-2019-3836 # - CVE-2019-3829 @@ -26,7 +30,6 @@ source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz" # - CVE-2017-7507 build() { - cd "$builddir" LIBS="-lgmp" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -43,8 +46,6 @@ build() { } check() { - cd "$builddir" - make check } @@ -65,4 +66,5 @@ xx() { mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/ } -sha512sums="fe0481f9e4219e983b01b91e69ffd95819a4c0d0c09028509106d561967e9c5d900bc5e3a48140a34fa4467feda2a619085adf3fa8fdade96c8debf125e91ae8 gnutls-3.6.10.tar.xz" +sha512sums="fe0481f9e4219e983b01b91e69ffd95819a4c0d0c09028509106d561967e9c5d900bc5e3a48140a34fa4467feda2a619085adf3fa8fdade96c8debf125e91ae8 gnutls-3.6.10.tar.xz +abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch" diff --git a/main/gnutls/GNUTLS-SA-2020-03-31.patch b/main/gnutls/GNUTLS-SA-2020-03-31.patch new file mode 100644 index 0000000000..e9554e2ea8 --- /dev/null +++ b/main/gnutls/GNUTLS-SA-2020-03-31.patch @@ -0,0 +1,33 @@ +From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de> +Date: Fri, 27 Mar 2020 17:17:57 +0100 +Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This broke with bcf4de03 "handshake: treat reply to HRR as a reply to +hello verify request", which failed to "De Morgan" properly. + +Signed-off-by: Stefan Bühler <stbuehler@web.de> +--- + lib/handshake.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/handshake.c b/lib/handshake.c +index 5739df213e..84a0e52101 100644 +--- a/lib/handshake.c ++++ b/lib/handshake.c +@@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again) + /* Generate random data + */ + if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) && +- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) { ++ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) { + ret = _gnutls_gen_client_random(session); + if (ret < 0) { + gnutls_assert(); +-- +2.24.1 + + |