diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2020-06-09 10:21:08 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2020-06-09 10:25:49 +0200 |
commit | 001e8c2217317bd8dc53c360e2a1067d338cdb09 (patch) | |
tree | d16e2c6a6be9cd6a62d85b394910ecfed5f65aef | |
parent | f91a48ba3659cc21c3b5467576f4b35da642164b (diff) |
main/gnutls: security upgrade to 3.6.14 (CVE-2020-13777)
ref #11627
-rw-r--r-- | main/gnutls/APKBUILD | 14 | ||||
-rw-r--r-- | main/gnutls/GNUTLS-SA-2020-03-31.patch | 33 | ||||
-rw-r--r-- | main/gnutls/tests-date-compat.patch | 12 |
3 files changed, 6 insertions, 53 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD index b8d7c2bd230..bfc7fbb4c46 100644 --- a/main/gnutls/APKBUILD +++ b/main/gnutls/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Michael Mason <ms13sp@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gnutls -pkgver=3.6.7 -pkgrel=1 +pkgver=3.6.14 +pkgrel=0 pkgdesc="A TLS protocol implementation" url="https://www.gnutls.org/" arch="all" @@ -17,13 +17,13 @@ case $pkgver in *.*.*.*) _v=${_v%.*};; esac source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz - GNUTLS-SA-2020-03-31.patch - tests-date-compat.patch " # secfixes: +# 3.6.14-r0: +# - CVE-2020-13777 # 3.6.7-r1: -# - GNUTLS-SA-2020-03-31 CVE-2020-11501 +# - CVE-2020-11501 GNUTLS-SA-2020-03-31 CVE-2020-11501 # 3.6.7-r0: # - CVE-2019-3836 # - CVE-2019-3829 @@ -67,6 +67,4 @@ xx() { mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/ } -sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz -b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch -abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch" +sha512sums="b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604 gnutls-3.6.14.tar.xz" diff --git a/main/gnutls/GNUTLS-SA-2020-03-31.patch b/main/gnutls/GNUTLS-SA-2020-03-31.patch deleted file mode 100644 index e9554e2ea80..00000000000 --- a/main/gnutls/GNUTLS-SA-2020-03-31.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de> -Date: Fri, 27 Mar 2020 17:17:57 +0100 -Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This broke with bcf4de03 "handshake: treat reply to HRR as a reply to -hello verify request", which failed to "De Morgan" properly. - -Signed-off-by: Stefan Bühler <stbuehler@web.de> ---- - lib/handshake.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/handshake.c b/lib/handshake.c -index 5739df213e..84a0e52101 100644 ---- a/lib/handshake.c -+++ b/lib/handshake.c -@@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again) - /* Generate random data - */ - if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) && -- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) { -+ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) { - ret = _gnutls_gen_client_random(session); - if (ret < 0) { - gnutls_assert(); --- -2.24.1 - - diff --git a/main/gnutls/tests-date-compat.patch b/main/gnutls/tests-date-compat.patch deleted file mode 100644 index 82e3314d298..00000000000 --- a/main/gnutls/tests-date-compat.patch +++ /dev/null @@ -1,12 +0,0 @@ -Busybox date does not support %N, this is GNU extension. ---- a/tests/scripts/common.sh -+++ b/tests/scripts/common.sh -@@ -61,7 +61,7 @@ - # Find a port number not currently in use. - GETPORT='rc=0; unset myrandom - if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi -- if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi -+ if test -z "$myrandom"; then myrandom=$(date +%s | sed s/^0*//); fi - if test -z "$myrandom"; then myrandom=0; fi - while test $rc = 0;do - PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" |