diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2020-03-31 12:57:12 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-31 12:59:49 -0300 |
| commit | c2c9115ca359c0954ad5ab58b933f20dc5486043 (patch) | |
| tree | 2ad2f60fea0f1575ff83e757798b1b7ef5e8e7b0 | |
| parent | fca0c1b309a0b278f09a3c7d30ad1d8d2576b40a (diff) | |
| download | alpine_aports-c2c9115ca359c0954ad5ab58b933f20dc5486043.tar.bz2 alpine_aports-c2c9115ca359c0954ad5ab58b933f20dc5486043.tar.xz alpine_aports-c2c9115ca359c0954ad5ab58b933f20dc5486043.zip | |
main/gnutls: fix GNUTLS-SA-2020-03-31
| -rw-r--r-- | main/gnutls/APKBUILD | 17 | ||||
| -rw-r--r-- | main/gnutls/GNUTLS-SA-2020-03-31.patch | 33 |
2 files changed, 42 insertions, 8 deletions
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD index 7e83be5b91..60134bef8a 100644 --- a/main/gnutls/APKBUILD +++ b/main/gnutls/APKBUILD | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 3 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
| 4 | pkgname=gnutls | 4 | pkgname=gnutls |
| 5 | pkgver=3.6.7 | 5 | pkgver=3.6.7 |
| 6 | pkgrel=0 | 6 | pkgrel=1 |
| 7 | pkgdesc="A TLS protocol implementation" | 7 | pkgdesc="A TLS protocol implementation" |
| 8 | url="https://www.gnutls.org/" | 8 | url="https://www.gnutls.org/" |
| 9 | arch="all" | 9 | arch="all" |
| @@ -16,11 +16,14 @@ _v=${pkgver%.*} | |||
| 16 | case $pkgver in | 16 | case $pkgver in |
| 17 | *.*.*.*) _v=${_v%.*};; | 17 | *.*.*.*) _v=${_v%.*};; |
| 18 | esac | 18 | esac |
| 19 | source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/gnutls-$pkgver.tar.xz | 19 | source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz |
| 20 | tests-date-compat.patch" | 20 | GNUTLS-SA-2020-03-31.patch |
| 21 | builddir="$srcdir/$pkgname-$pkgver" | 21 | tests-date-compat.patch |
| 22 | " | ||
| 22 | 23 | ||
| 23 | # secfixes: | 24 | # secfixes: |
| 25 | # 3.6.7-r1: | ||
| 26 | # - GNUTLS-SA-2020-03-31 | ||
| 24 | # 3.6.7-r0: | 27 | # 3.6.7-r0: |
| 25 | # - CVE-2019-3836 | 28 | # - CVE-2019-3836 |
| 26 | # - CVE-2019-3829 | 29 | # - CVE-2019-3829 |
| @@ -28,7 +31,6 @@ builddir="$srcdir/$pkgname-$pkgver" | |||
| 28 | # - CVE-2017-7507 | 31 | # - CVE-2017-7507 |
| 29 | 32 | ||
| 30 | build() { | 33 | build() { |
| 31 | cd "$builddir" | ||
| 32 | LIBS="-lgmp" ./configure \ | 34 | LIBS="-lgmp" ./configure \ |
| 33 | --build=$CBUILD \ | 35 | --build=$CBUILD \ |
| 34 | --host=$CHOST \ | 36 | --host=$CHOST \ |
| @@ -45,8 +47,6 @@ build() { | |||
| 45 | } | 47 | } |
| 46 | 48 | ||
| 47 | check() { | 49 | check() { |
| 48 | cd "$builddir" | ||
| 49 | |||
| 50 | make check | 50 | make check |
| 51 | } | 51 | } |
| 52 | 52 | ||
| @@ -68,4 +68,5 @@ xx() { | |||
| 68 | } | 68 | } |
| 69 | 69 | ||
| 70 | sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz | 70 | sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz |
| 71 | b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch" | 71 | b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch |
| 72 | abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch" | ||
diff --git a/main/gnutls/GNUTLS-SA-2020-03-31.patch b/main/gnutls/GNUTLS-SA-2020-03-31.patch new file mode 100644 index 0000000000..e9554e2ea8 --- /dev/null +++ b/main/gnutls/GNUTLS-SA-2020-03-31.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de> | ||
| 3 | Date: Fri, 27 Mar 2020 17:17:57 +0100 | ||
| 4 | Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960) | ||
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | |||
| 9 | This broke with bcf4de03 "handshake: treat reply to HRR as a reply to | ||
| 10 | hello verify request", which failed to "De Morgan" properly. | ||
| 11 | |||
| 12 | Signed-off-by: Stefan Bühler <stbuehler@web.de> | ||
| 13 | --- | ||
| 14 | lib/handshake.c | 2 +- | ||
| 15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 16 | |||
| 17 | diff --git a/lib/handshake.c b/lib/handshake.c | ||
| 18 | index 5739df213e..84a0e52101 100644 | ||
| 19 | --- a/lib/handshake.c | ||
| 20 | +++ b/lib/handshake.c | ||
| 21 | @@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again) | ||
| 22 | /* Generate random data | ||
| 23 | */ | ||
| 24 | if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) && | ||
| 25 | - !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) { | ||
| 26 | + !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) { | ||
| 27 | ret = _gnutls_gen_client_random(session); | ||
| 28 | if (ret < 0) { | ||
| 29 | gnutls_assert(); | ||
| 30 | -- | ||
| 31 | 2.24.1 | ||
| 32 | |||
| 33 | |||