diff options
author | Leo <thinkabit.ukim@gmail.com> | 2020-03-31 12:57:12 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-31 12:59:49 -0300 |
commit | c2c9115ca359c0954ad5ab58b933f20dc5486043 (patch) | |
tree | 2ad2f60fea0f1575ff83e757798b1b7ef5e8e7b0 | |
parent | fca0c1b309a0b278f09a3c7d30ad1d8d2576b40a (diff) | |
download | alpine_aports-c2c9115ca359c0954ad5ab58b933f20dc5486043.tar.bz2 alpine_aports-c2c9115ca359c0954ad5ab58b933f20dc5486043.tar.xz alpine_aports-c2c9115ca359c0954ad5ab58b933f20dc5486043.zip |
main/gnutls: fix GNUTLS-SA-2020-03-31
-rw-r--r-- | main/gnutls/APKBUILD | 17 | ||||
-rw-r--r-- | main/gnutls/GNUTLS-SA-2020-03-31.patch | 33 |
2 files changed, 42 insertions, 8 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD index 7e83be5b91..60134bef8a 100644 --- a/main/gnutls/APKBUILD +++ b/main/gnutls/APKBUILD | |||
@@ -3,7 +3,7 @@ | |||
3 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 3 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
4 | pkgname=gnutls | 4 | pkgname=gnutls |
5 | pkgver=3.6.7 | 5 | pkgver=3.6.7 |
6 | pkgrel=0 | 6 | pkgrel=1 |
7 | pkgdesc="A TLS protocol implementation" | 7 | pkgdesc="A TLS protocol implementation" |
8 | url="https://www.gnutls.org/" | 8 | url="https://www.gnutls.org/" |
9 | arch="all" | 9 | arch="all" |
@@ -16,11 +16,14 @@ _v=${pkgver%.*} | |||
16 | case $pkgver in | 16 | case $pkgver in |
17 | *.*.*.*) _v=${_v%.*};; | 17 | *.*.*.*) _v=${_v%.*};; |
18 | esac | 18 | esac |
19 | source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/gnutls-$pkgver.tar.xz | 19 | source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz |
20 | tests-date-compat.patch" | 20 | GNUTLS-SA-2020-03-31.patch |
21 | builddir="$srcdir/$pkgname-$pkgver" | 21 | tests-date-compat.patch |
22 | " | ||
22 | 23 | ||
23 | # secfixes: | 24 | # secfixes: |
25 | # 3.6.7-r1: | ||
26 | # - GNUTLS-SA-2020-03-31 | ||
24 | # 3.6.7-r0: | 27 | # 3.6.7-r0: |
25 | # - CVE-2019-3836 | 28 | # - CVE-2019-3836 |
26 | # - CVE-2019-3829 | 29 | # - CVE-2019-3829 |
@@ -28,7 +31,6 @@ builddir="$srcdir/$pkgname-$pkgver" | |||
28 | # - CVE-2017-7507 | 31 | # - CVE-2017-7507 |
29 | 32 | ||
30 | build() { | 33 | build() { |
31 | cd "$builddir" | ||
32 | LIBS="-lgmp" ./configure \ | 34 | LIBS="-lgmp" ./configure \ |
33 | --build=$CBUILD \ | 35 | --build=$CBUILD \ |
34 | --host=$CHOST \ | 36 | --host=$CHOST \ |
@@ -45,8 +47,6 @@ build() { | |||
45 | } | 47 | } |
46 | 48 | ||
47 | check() { | 49 | check() { |
48 | cd "$builddir" | ||
49 | |||
50 | make check | 50 | make check |
51 | } | 51 | } |
52 | 52 | ||
@@ -68,4 +68,5 @@ xx() { | |||
68 | } | 68 | } |
69 | 69 | ||
70 | sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz | 70 | sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz |
71 | b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch" | 71 | b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch |
72 | abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch" | ||
diff --git a/main/gnutls/GNUTLS-SA-2020-03-31.patch b/main/gnutls/GNUTLS-SA-2020-03-31.patch new file mode 100644 index 0000000000..e9554e2ea8 --- /dev/null +++ b/main/gnutls/GNUTLS-SA-2020-03-31.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de> | ||
3 | Date: Fri, 27 Mar 2020 17:17:57 +0100 | ||
4 | Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960) | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | This broke with bcf4de03 "handshake: treat reply to HRR as a reply to | ||
10 | hello verify request", which failed to "De Morgan" properly. | ||
11 | |||
12 | Signed-off-by: Stefan Bühler <stbuehler@web.de> | ||
13 | --- | ||
14 | lib/handshake.c | 2 +- | ||
15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
16 | |||
17 | diff --git a/lib/handshake.c b/lib/handshake.c | ||
18 | index 5739df213e..84a0e52101 100644 | ||
19 | --- a/lib/handshake.c | ||
20 | +++ b/lib/handshake.c | ||
21 | @@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again) | ||
22 | /* Generate random data | ||
23 | */ | ||
24 | if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) && | ||
25 | - !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) { | ||
26 | + !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) { | ||
27 | ret = _gnutls_gen_client_random(session); | ||
28 | if (ret < 0) { | ||
29 | gnutls_assert(); | ||
30 | -- | ||
31 | 2.24.1 | ||
32 | |||
33 | |||