Updated to 3.6.4
This commit is contained in:
Nikos Mavrogiannopoulos
parent
bb2c5903d1
commit
1d95a2eb84
2
.gitignore
vendored
2
.gitignore
vendored
@ -98,3 +98,5 @@ gnutls-2.10.1-nosrp.tar.bz2
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/gnutls-3.6.3.tar.xz.sig
|
||||
/gnutls-3.6.3.tar.xz
|
||||
/gnutls-3.6.4.tar.xz
|
||||
/gnutls-3.6.4.tar.xz.sig
|
||||
|
||||
@ -1,55 +0,0 @@
|
||||
diff --git a/lib/cert-cred.c b/lib/cert-cred.c
|
||||
index d3777e51f..2150e903f 100644
|
||||
--- a/lib/cert-cred.c
|
||||
+++ b/lib/cert-cred.c
|
||||
@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session,
|
||||
if (ret < 0)
|
||||
return gnutls_assert_val(ret);
|
||||
|
||||
+ if (st2.ncerts == 0) {
|
||||
+ *pcert_length = 0;
|
||||
+ *ocsp_length = 0;
|
||||
+ *privkey = NULL;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (st2.cert_type != GNUTLS_CRT_X509) {
|
||||
gnutls_assert();
|
||||
ret = GNUTLS_E_INVALID_REQUEST;
|
||||
@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function
|
||||
gnutls_certificate_retrieve_function * func)
|
||||
{
|
||||
cred->legacy_cert_cb1 = func;
|
||||
- cred->get_cert_callback3 = call_legacy_cert_cb1;
|
||||
+ if (!func)
|
||||
+ cred->get_cert_callback3 = NULL;
|
||||
+ else
|
||||
+ cred->get_cert_callback3 = call_legacy_cert_cb1;
|
||||
}
|
||||
|
||||
static int call_legacy_cert_cb2(gnutls_session_t session,
|
||||
@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2
|
||||
gnutls_certificate_retrieve_function2 * func)
|
||||
{
|
||||
cred->legacy_cert_cb2 = func;
|
||||
- cred->get_cert_callback3 = call_legacy_cert_cb2;
|
||||
+ if (!func)
|
||||
+ cred->get_cert_callback3 = NULL;
|
||||
+ else
|
||||
+ cred->get_cert_callback3 = call_legacy_cert_cb2;
|
||||
}
|
||||
|
||||
/**
|
||||
diff --git a/lib/hello_ext.c b/lib/hello_ext.c
|
||||
index a3027130a..f72afe77f 100644
|
||||
--- a/lib/hello_ext.c
|
||||
+++ b/lib/hello_ext.c
|
||||
@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
|
||||
|
||||
if (tls_id == PRE_SHARED_KEY_TLS_ID) {
|
||||
ctx->seen_pre_shared_key = 1;
|
||||
- } else if (ctx->seen_pre_shared_key) {
|
||||
+ } else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) {
|
||||
/* the pre-shared key extension must always be the last one,
|
||||
* draft-ietf-tls-tls13-28: 4.2.11 */
|
||||
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
||||
@ -1,27 +0,0 @@
|
||||
diff --git a/lib/pubkey.c b/lib/pubkey.c
|
||||
index 162ceaa4a..8fc42b95a 100644
|
||||
--- a/lib/pubkey.c
|
||||
+++ b/lib/pubkey.c
|
||||
@@ -1072,7 +1072,6 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
|
||||
int result = 0, need_free = 0;
|
||||
gnutls_datum_t _data;
|
||||
ASN1_TYPE spk;
|
||||
- gnutls_ecc_curve_t curve;
|
||||
|
||||
if (key == NULL) {
|
||||
gnutls_assert();
|
||||
@@ -1119,14 +1118,7 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- /* this has already been called by get_asn_mpis() thus it cannot
|
||||
- * fail.
|
||||
- */
|
||||
- key->params.algo = _gnutls_x509_get_pk_algorithm(spk, "", &curve, NULL);
|
||||
-
|
||||
- key->params.curve = curve;
|
||||
key->bits = pubkey_to_bits(&key->params);
|
||||
-
|
||||
result = 0;
|
||||
|
||||
cleanup:
|
||||
@ -1,12 +0,0 @@
|
||||
diff --git a/src/cli.c b/src/cli.c
|
||||
index 21be015dc..42d027736 100644
|
||||
--- a/src/cli.c
|
||||
+++ b/src/cli.c
|
||||
@@ -1273,7 +1273,6 @@ int main(int argc, char **argv)
|
||||
}
|
||||
continue;
|
||||
}
|
||||
- bytes=strlen(buffer);
|
||||
buffer[bytes] = 0;
|
||||
|
||||
if (crlf != 0) {
|
||||
@ -1,65 +0,0 @@
|
||||
diff --git a/lib/handshake.c b/lib/handshake.c
|
||||
index ebea926aa..8dce170fe 100644
|
||||
--- a/lib/handshake.c
|
||||
+++ b/lib/handshake.c
|
||||
@@ -248,6 +248,7 @@ int _gnutls_set_server_random(gnutls_session_t session, const version_entry_st *
|
||||
memcpy(session->security_parameters.server_random, rnd,
|
||||
GNUTLS_RANDOM_SIZE);
|
||||
|
||||
+#if 0 /* This was not supposed to be checked in draft-versions */
|
||||
/* check whether the server random value is set according to
|
||||
* to TLS 1.3. p4.1.3 requirements */
|
||||
if (!IS_DTLS(session) && vers->id <= GNUTLS_TLS1_2 && have_creds_for_tls13(session)) {
|
||||
@@ -272,6 +273,7 @@ int _gnutls_set_server_random(gnutls_session_t session, const version_entry_st *
|
||||
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -291,6 +293,7 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version)
|
||||
|
||||
max = _gnutls_version_max(session);
|
||||
|
||||
+#if 0
|
||||
if (!IS_DTLS(session) && max->id >= GNUTLS_TLS1_3 &&
|
||||
version <= GNUTLS_TLS1_2) {
|
||||
if (version == GNUTLS_TLS1_2) {
|
||||
@@ -303,7 +306,9 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version)
|
||||
ret =
|
||||
gnutls_rnd(GNUTLS_RND_NONCE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE-8);
|
||||
|
||||
- } else {
|
||||
+ } else
|
||||
+#endif
|
||||
+ {
|
||||
ret =
|
||||
gnutls_rnd(GNUTLS_RND_NONCE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
|
||||
}
|
||||
diff --git a/tests/tls13/rnd-check-rollback-val.c b/tests/tls13/rnd-check-rollback-val.c
|
||||
index f573596c5..6934b2507 100644
|
||||
--- a/tests/tls13/rnd-check-rollback-val.c
|
||||
+++ b/tests/tls13/rnd-check-rollback-val.c
|
||||
@@ -222,6 +222,8 @@ void doit(void)
|
||||
int ret;
|
||||
pid_t child;
|
||||
|
||||
+ exit(77);
|
||||
+
|
||||
signal(SIGCHLD, ch_handler);
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
|
||||
diff --git a/tests/tls13/rnd-rollback-detection.c b/tests/tls13/rnd-rollback-detection.c
|
||||
index 0d1ef0149..8cbb658cf 100644
|
||||
--- a/tests/tls13/rnd-rollback-detection.c
|
||||
+++ b/tests/tls13/rnd-rollback-detection.c
|
||||
@@ -206,6 +206,8 @@ void doit(void)
|
||||
int ret;
|
||||
pid_t child;
|
||||
|
||||
+ exit(77);
|
||||
+
|
||||
signal(SIGCHLD, ch_handler);
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
diff --git a/tests/priority-init2.c b/tests/priority-init2.c
|
||||
index 850a6d9..d6b7659 100644
|
||||
--- a/tests/priority-init2.c
|
||||
+++ b/tests/priority-init2.c
|
||||
@@ -91,8 +91,8 @@ static void start(struct test_st *test)
|
||||
if (test->exp_err == ret) {
|
||||
if (ep-test->add_prio != test->err_pos) {
|
||||
fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio));
|
||||
- fail("error expected error on different position[%d]: %s\n",
|
||||
- test->err_pos, test->add_prio);
|
||||
+// fail("error expected error on different position[%d]: %s\n",
|
||||
+// test->err_pos, test->add_prio);
|
||||
}
|
||||
goto cleanup;
|
||||
}
|
||||
diff --git a/tests/set-default-prio.c b/tests/set-default-prio.c
|
||||
index 48e8bf1..16235f8 100644
|
||||
--- a/tests/set-default-prio.c
|
||||
+++ b/tests/set-default-prio.c
|
||||
@@ -90,8 +90,8 @@ static void start(struct test_st *test)
|
||||
if (test->exp_err == ret) {
|
||||
if (ep-test->add_prio != test->err_pos) {
|
||||
fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio));
|
||||
- fail("error expected error on different position[%d]: %s\n",
|
||||
- test->err_pos, test->add_prio);
|
||||
+// fail("error expected error on different position[%d]: %s\n",
|
||||
+// test->err_pos, test->add_prio);
|
||||
}
|
||||
goto cleanup;
|
||||
}
|
||||
@ -1,7 +1,8 @@
|
||||
diff -up gnutls-3.4.2/guile/src/Makefile.in.jx gnutls-3.4.2/guile/src/Makefile.in
|
||||
--- gnutls-3.4.2/guile/src/Makefile.in.jx 2015-06-16 12:23:31.000000000 -0400
|
||||
+++ gnutls-3.4.2/guile/src/Makefile.in 2015-07-02 14:01:19.415060204 -0400
|
||||
@@ -1316,7 +1316,7 @@ guileextension_LTLIBRARIES = guile-gnutl
|
||||
diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in
|
||||
index 3e4f547..6ffec0e 100644
|
||||
--- a/guile/src/Makefile.in
|
||||
+++ b/guile/src/Makefile.in
|
||||
@@ -1430,7 +1430,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la
|
||||
# Use '-module' to build a "dlopenable module", in Libtool terms.
|
||||
# Use '-undefined' to placate Libtool on Windows; see
|
||||
# <http://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.
|
||||
35
gnutls.spec
35
gnutls.spec
@ -1,13 +1,8 @@
|
||||
# This spec file has been automatically updated
|
||||
Version: 3.6.3
|
||||
Release: 4%{?dist}
|
||||
Version: 3.6.4
|
||||
Release: 1%{?dist}
|
||||
Patch1: gnutls-3.2.7-rpath.patch
|
||||
Patch2: gnutls-3.4.2-no-now-guile.patch
|
||||
Patch3: gnutls-3.6.3-skip-new-priority-funcs-err-pos.patch
|
||||
Patch4: gnutls-3.6.3-backport-upstream-fixes.patch
|
||||
Patch5: gnutls-3.6.3-fix-ecdsa.patch
|
||||
Patch6: gnutls-3.6.3-gnutls-cli-fix.patch
|
||||
Patch7: gnutls-3.6.3-rollback-fix.patch
|
||||
Patch2: gnutls-3.6.4-no-now-guile.patch
|
||||
%bcond_without dane
|
||||
%if 0%{?rhel}
|
||||
%bcond_with guile
|
||||
@ -152,14 +147,7 @@ This package contains Guile bindings for the library.
|
||||
%prep
|
||||
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%autosetup -p1
|
||||
|
||||
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
|
||||
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
|
||||
@ -167,16 +155,15 @@ rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/
|
||||
|
||||
echo "SYSTEM=NORMAL" >> tests/system.prio
|
||||
|
||||
# Note that we explicitly enable SHA1, as SHA1 deprecation is handled
|
||||
# via the crypto policies
|
||||
|
||||
%build
|
||||
%configure --with-libtasn1-prefix=%{_prefix} \
|
||||
%if (0%{?fedora} <= 28)
|
||||
--enable-ssl3-support \
|
||||
%else
|
||||
--enable-tls13-support \
|
||||
%endif
|
||||
%if %{with fips}
|
||||
--enable-fips140-mode \
|
||||
%endif
|
||||
--enable-sha1-support \
|
||||
--disable-static \
|
||||
--disable-openssl-compatibility \
|
||||
--disable-non-suiteb-curves \
|
||||
@ -315,6 +302,12 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Sep 25 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-1
|
||||
- Updated to upstream 3.6.4 release
|
||||
- Added support for the latest version of the TLS1.3 protocol
|
||||
- Enabled SHA1 support as SHA1 deprecation is handled via the
|
||||
fedora crypto policies.
|
||||
|
||||
* Thu Aug 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-4
|
||||
- Fixed gnutls-cli input reading
|
||||
- Ensure that we do not cause issues with version rollback detection
|
||||
|
||||
5
sources
5
sources
@ -1,3 +1,2 @@
|
||||
SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad
|
||||
SHA512 (gnutls-3.6.3.tar.xz.sig) = 5377352aa239a4458b0ac6aaada438dce0336b989c4f65949fec3e469531dfb2397bb36dbe69dbc6f479f6944999937ebb4a5cb40e806d0bd4062c5647aa397b
|
||||
SHA512 (gnutls-3.6.3.tar.xz) = 6238502464d229a9777e3076f4c745d16deaada83c9da756ecdcd370947576e0446bda3a7f85d5a099b745bbf8c0134ebdf6632e4b26d61daf170792fb4f5abe
|
||||
SHA512 (gnutls-3.6.4.tar.xz) = f39ac09b48ebf230653cbf82b29ded39a1403313067135495b23f428b35783f9ef073993157d1f284678abedd19e2cf1fd01af843001b88320ca17b346b219ab
|
||||
SHA512 (gnutls-3.6.4.tar.xz.sig) = 3f96dd3bb6f12f677b3106e6d46e93e56c501b9c4072c94f45235c35b9242ba2bddc71a22736bafe2b6532bcc498dac30869861beb8d705345b1197d3526da0e
|
||||
|
||||
Loading…
Reference in New Issue
Block a user