aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/gnutls/APKBUILD13
-rw-r--r--main/gnutls/cve-2012-1573.patch22
2 files changed, 29 insertions, 6 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD
index fb4b313757..4eb2c53630 100644
--- a/main/gnutls/APKBUILD
+++ b/main/gnutls/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnutls
-pkgver=2.12.23
-pkgrel=0
+pkgver=2.10.5
+pkgrel=3
pkgdesc="A library which provides a secure connection"
url="http://www.gnu.org/software/gnutls/"
arch="all"
@@ -12,7 +12,9 @@ depends_dev="libgcrypt-dev libgpg-error-dev zlib-dev libtasn1-dev"
makedepends="$depends_dev perl"
install=
subpackages="$pkgname-doc $pkgname-dev"
-source="ftp://ftp.gnutls.org/gcrypt/gnutls/v${pkgver%.*}/$pkgname-$pkgver.tar.bz2"
+source="http://ftp.gnu.org/pub/gnu/gnutls/$pkgname-$pkgver.tar.bz2
+ cve-2012-1573.patch
+ "
prepare() {
cd "$srcdir/$pkgname-$pkgver"
@@ -39,6 +41,5 @@ package() {
make -j1 DESTDIR="$pkgdir" install
}
-md5sums="f3c1d34bd5f113395c4be0d5dfc2b7fe gnutls-2.12.23.tar.bz2"
-sha256sums="dfa67a7e40727eb0913e75f3c44911d5d8cd58d1ead5acfe73dd933fc0d17ed2 gnutls-2.12.23.tar.bz2"
-sha512sums="7780e9ca7b592350ce9b11e53a63d3212320402d8ad2462bfbc0e69aec4a48bb372a1925627abb7996535c87c90e3d79537ea118c8bb36d26aae8e19eaae3a06 gnutls-2.12.23.tar.bz2"
+md5sums="1b032e07ccd22f71a5df78aa73bd91f2 gnutls-2.10.5.tar.bz2
+b37bbb419598cf04d3cc9b9d9d5dd79e cve-2012-1573.patch"
diff --git a/main/gnutls/cve-2012-1573.patch b/main/gnutls/cve-2012-1573.patch
new file mode 100644
index 0000000000..b377c391c2
--- /dev/null
+++ b/main/gnutls/cve-2012-1573.patch
@@ -0,0 +1,22 @@
+--- ./lib/gnutls_cipher.c.orig
++++ ./lib/gnutls_cipher.c
+@@ -515,14 +515,13 @@
+ {
+ ciphertext.size -= blocksize;
+ ciphertext.data += blocksize;
+-
+- if (ciphertext.size == 0)
+- {
+- gnutls_assert ();
+- return GNUTLS_E_DECRYPTION_FAILED;
+- }
+ }
+
++ if (ciphertext.size < hash_size)
++ {
++ gnutls_assert ();
++ return GNUTLS_E_DECRYPTION_FAILED;
++ }
+ pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
+
+ if ((int) pad > (int) ciphertext.size - hash_size)