aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2020-06-09 10:21:08 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2020-06-09 10:25:49 +0200
commit001e8c2217317bd8dc53c360e2a1067d338cdb09 (patch)
treed16e2c6a6be9cd6a62d85b394910ecfed5f65aef
parentf91a48ba3659cc21c3b5467576f4b35da642164b (diff)
downloadaports-001e8c2217317bd8dc53c360e2a1067d338cdb09.tar.gz
aports-001e8c2217317bd8dc53c360e2a1067d338cdb09.tar.bz2
aports-001e8c2217317bd8dc53c360e2a1067d338cdb09.tar.xz
main/gnutls: security upgrade to 3.6.14 (CVE-2020-13777)
ref #11627
-rw-r--r--main/gnutls/APKBUILD14
-rw-r--r--main/gnutls/GNUTLS-SA-2020-03-31.patch33
-rw-r--r--main/gnutls/tests-date-compat.patch12
3 files changed, 6 insertions, 53 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD
index b8d7c2bd23..bfc7fbb4c4 100644
--- a/main/gnutls/APKBUILD
+++ b/main/gnutls/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnutls
-pkgver=3.6.7
-pkgrel=1
+pkgver=3.6.14
+pkgrel=0
pkgdesc="A TLS protocol implementation"
url="https://www.gnutls.org/"
arch="all"
@@ -17,13 +17,13 @@ case $pkgver in
*.*.*.*) _v=${_v%.*};;
esac
source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz
- GNUTLS-SA-2020-03-31.patch
- tests-date-compat.patch
"
# secfixes:
+# 3.6.14-r0:
+# - CVE-2020-13777
# 3.6.7-r1:
-# - GNUTLS-SA-2020-03-31 CVE-2020-11501
+# - CVE-2020-11501 GNUTLS-SA-2020-03-31 CVE-2020-11501
# 3.6.7-r0:
# - CVE-2019-3836
# - CVE-2019-3829
@@ -67,6 +67,4 @@ xx() {
mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
}
-sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz
-b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch
-abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch"
+sha512sums="b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604 gnutls-3.6.14.tar.xz"
diff --git a/main/gnutls/GNUTLS-SA-2020-03-31.patch b/main/gnutls/GNUTLS-SA-2020-03-31.patch
deleted file mode 100644
index e9554e2ea8..0000000000
--- a/main/gnutls/GNUTLS-SA-2020-03-31.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
-Date: Fri, 27 Mar 2020 17:17:57 +0100
-Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
-hello verify request", which failed to "De Morgan" properly.
-
-Signed-off-by: Stefan Bühler <stbuehler@web.de>
----
- lib/handshake.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/handshake.c b/lib/handshake.c
-index 5739df213e..84a0e52101 100644
---- a/lib/handshake.c
-+++ b/lib/handshake.c
-@@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again)
- /* Generate random data
- */
- if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
-- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
-+ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) {
- ret = _gnutls_gen_client_random(session);
- if (ret < 0) {
- gnutls_assert();
---
-2.24.1
-
-
diff --git a/main/gnutls/tests-date-compat.patch b/main/gnutls/tests-date-compat.patch
deleted file mode 100644
index 82e3314d29..0000000000
--- a/main/gnutls/tests-date-compat.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Busybox date does not support %N, this is GNU extension.
---- a/tests/scripts/common.sh
-+++ b/tests/scripts/common.sh
-@@ -61,7 +61,7 @@
- # Find a port number not currently in use.
- GETPORT='rc=0; unset myrandom
- if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi
-- if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi
-+ if test -z "$myrandom"; then myrandom=$(date +%s | sed s/^0*//); fi
- if test -z "$myrandom"; then myrandom=0; fi
- while test $rc = 0;do
- PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))"