aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-03-31 12:57:12 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-03-31 13:01:20 -0300
commit44c9daa55611bd457eb611d79681a63dc74bb6c2 (patch)
tree7986732b8769c34dc43a0ca60d73be3dcfa8078b
parent4c4ac30e53cc0d439c47078f876511f0a37723b8 (diff)
downloadaports-44c9daa55611bd457eb611d79681a63dc74bb6c2.tar.gz
aports-44c9daa55611bd457eb611d79681a63dc74bb6c2.tar.bz2
aports-44c9daa55611bd457eb611d79681a63dc74bb6c2.tar.xz
main/gnutls: fix GNUTLS-SA-2020-03-31
-rw-r--r--main/gnutls/APKBUILD17
-rw-r--r--main/gnutls/GNUTLS-SA-2020-03-31.patch33
2 files changed, 42 insertions, 8 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD
index 7e83be5b91..60134bef8a 100644
--- a/main/gnutls/APKBUILD
+++ b/main/gnutls/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnutls
pkgver=3.6.7
-pkgrel=0
+pkgrel=1
pkgdesc="A TLS protocol implementation"
url="https://www.gnutls.org/"
arch="all"
@@ -16,11 +16,14 @@ _v=${pkgver%.*}
case $pkgver in
*.*.*.*) _v=${_v%.*};;
esac
-source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/gnutls-$pkgver.tar.xz
- tests-date-compat.patch"
-builddir="$srcdir/$pkgname-$pkgver"
+source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz
+ GNUTLS-SA-2020-03-31.patch
+ tests-date-compat.patch
+ "
# secfixes:
+# 3.6.7-r1:
+# - GNUTLS-SA-2020-03-31
# 3.6.7-r0:
# - CVE-2019-3836
# - CVE-2019-3829
@@ -28,7 +31,6 @@ builddir="$srcdir/$pkgname-$pkgver"
# - CVE-2017-7507
build() {
- cd "$builddir"
LIBS="-lgmp" ./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -45,8 +47,6 @@ build() {
}
check() {
- cd "$builddir"
-
make check
}
@@ -68,4 +68,5 @@ xx() {
}
sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz
-b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch"
+b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch
+abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch"
diff --git a/main/gnutls/GNUTLS-SA-2020-03-31.patch b/main/gnutls/GNUTLS-SA-2020-03-31.patch
new file mode 100644
index 0000000000..e9554e2ea8
--- /dev/null
+++ b/main/gnutls/GNUTLS-SA-2020-03-31.patch
@@ -0,0 +1,33 @@
+From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
+Date: Fri, 27 Mar 2020 17:17:57 +0100
+Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
+hello verify request", which failed to "De Morgan" properly.
+
+Signed-off-by: Stefan Bühler <stbuehler@web.de>
+---
+ lib/handshake.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/handshake.c b/lib/handshake.c
+index 5739df213e..84a0e52101 100644
+--- a/lib/handshake.c
++++ b/lib/handshake.c
+@@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again)
+ /* Generate random data
+ */
+ if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
+- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
++ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) {
+ ret = _gnutls_gen_client_random(session);
+ if (ret < 0) {
+ gnutls_assert();
+--
+2.24.1
+
+