From 59984fc0a1f4c2f70961ecaa4ff79cea56bdc7cb Mon Sep 17 00:00:00 2001
From: Leonardo Arena <rnalrd@alpinelinux.org>
Date: Mon, 8 Apr 2013 11:41:07 +0000
Subject: Revert "main/gnutls: security upgrade to 2.12.23 (CVE-2013-1619).
 Fixes #1657"

This reverts commit e284167aecd00197e8f835d500d9956bfa3a90fb.
---
 main/gnutls/APKBUILD            | 13 +++++++------
 main/gnutls/cve-2012-1573.patch | 22 ++++++++++++++++++++++
 2 files changed, 29 insertions(+), 6 deletions(-)
 create mode 100644 main/gnutls/cve-2012-1573.patch

diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD
index fb4b3137575..4eb2c53630b 100644
--- a/main/gnutls/APKBUILD
+++ b/main/gnutls/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Michael Mason <ms13sp@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=gnutls
-pkgver=2.12.23
-pkgrel=0
+pkgver=2.10.5
+pkgrel=3
 pkgdesc="A library which provides a secure connection"
 url="http://www.gnu.org/software/gnutls/"
 arch="all"
@@ -12,7 +12,9 @@ depends_dev="libgcrypt-dev libgpg-error-dev zlib-dev libtasn1-dev"
 makedepends="$depends_dev perl"
 install=
 subpackages="$pkgname-doc $pkgname-dev"
-source="ftp://ftp.gnutls.org/gcrypt/gnutls/v${pkgver%.*}/$pkgname-$pkgver.tar.bz2"
+source="http://ftp.gnu.org/pub/gnu/gnutls/$pkgname-$pkgver.tar.bz2
+	cve-2012-1573.patch
+	"
 
 prepare() {
 	cd "$srcdir/$pkgname-$pkgver"
@@ -39,6 +41,5 @@ package() {
 	make -j1 DESTDIR="$pkgdir" install
 }
 
-md5sums="f3c1d34bd5f113395c4be0d5dfc2b7fe  gnutls-2.12.23.tar.bz2"
-sha256sums="dfa67a7e40727eb0913e75f3c44911d5d8cd58d1ead5acfe73dd933fc0d17ed2  gnutls-2.12.23.tar.bz2"
-sha512sums="7780e9ca7b592350ce9b11e53a63d3212320402d8ad2462bfbc0e69aec4a48bb372a1925627abb7996535c87c90e3d79537ea118c8bb36d26aae8e19eaae3a06  gnutls-2.12.23.tar.bz2"
+md5sums="1b032e07ccd22f71a5df78aa73bd91f2  gnutls-2.10.5.tar.bz2
+b37bbb419598cf04d3cc9b9d9d5dd79e  cve-2012-1573.patch"
diff --git a/main/gnutls/cve-2012-1573.patch b/main/gnutls/cve-2012-1573.patch
new file mode 100644
index 00000000000..b377c391c2e
--- /dev/null
+++ b/main/gnutls/cve-2012-1573.patch
@@ -0,0 +1,22 @@
+--- ./lib/gnutls_cipher.c.orig
++++ ./lib/gnutls_cipher.c
+@@ -515,14 +515,13 @@
+ 	{
+ 	  ciphertext.size -= blocksize;
+ 	  ciphertext.data += blocksize;
+-
+-	  if (ciphertext.size == 0)
+-	    {
+-	      gnutls_assert ();
+-	      return GNUTLS_E_DECRYPTION_FAILED;
+-	    }
+ 	}
+ 
++      if (ciphertext.size < hash_size)
++        {
++          gnutls_assert ();
++          return GNUTLS_E_DECRYPTION_FAILED;
++        }
+       pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
+ 
+       if ((int) pad > (int) ciphertext.size - hash_size)
-- 
cgit v1.2.3