rpms/gnutls
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Updated to 3.6.4

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos 2018-09-25 08:58:48 +02:00
parent bb2c5903d1
commit 1d95a2eb84
9 changed files with 23 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -98,3 +98,5 @@ gnutls-2.10.1-nosrp.tar.bz2
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg /gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
/gnutls-3.6.3.tar.xz.sig /gnutls-3.6.3.tar.xz.sig
/gnutls-3.6.3.tar.xz /gnutls-3.6.3.tar.xz
/gnutls-3.6.4.tar.xz
/gnutls-3.6.4.tar.xz.sig

55
gnutls-3.6.3-backport-upstream-fixes.patch
View File

@ -1,55 +0,0 @@
diff --git a/lib/cert-cred.c b/lib/cert-cred.c
index d3777e51f..2150e903f 100644
--- a/lib/cert-cred.c
+++ b/lib/cert-cred.c
@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
+ if (st2.ncerts == 0) {
+ *pcert_length = 0;
+ *ocsp_length = 0;
+ *privkey = NULL;
+ return 0;
+ }
+
if (st2.cert_type != GNUTLS_CRT_X509) {
gnutls_assert();
ret = GNUTLS_E_INVALID_REQUEST;
@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function
gnutls_certificate_retrieve_function * func)
{
cred->legacy_cert_cb1 = func;
- cred->get_cert_callback3 = call_legacy_cert_cb1;
+ if (!func)
+ cred->get_cert_callback3 = NULL;
+ else
+ cred->get_cert_callback3 = call_legacy_cert_cb1;
}
static int call_legacy_cert_cb2(gnutls_session_t session,
@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2
gnutls_certificate_retrieve_function2 * func)
{
cred->legacy_cert_cb2 = func;
- cred->get_cert_callback3 = call_legacy_cert_cb2;
+ if (!func)
+ cred->get_cert_callback3 = NULL;
+ else
+ cred->get_cert_callback3 = call_legacy_cert_cb2;
}
/**
diff --git a/lib/hello_ext.c b/lib/hello_ext.c
index a3027130a..f72afe77f 100644
--- a/lib/hello_ext.c
+++ b/lib/hello_ext.c
@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
if (tls_id == PRE_SHARED_KEY_TLS_ID) {
ctx->seen_pre_shared_key = 1;
- } else if (ctx->seen_pre_shared_key) {
+ } else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) {
/* the pre-shared key extension must always be the last one,
* draft-ietf-tls-tls13-28: 4.2.11 */
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);

27
gnutls-3.6.3-fix-ecdsa.patch
View File

@ -1,27 +0,0 @@
diff --git a/lib/pubkey.c b/lib/pubkey.c
index 162ceaa4a..8fc42b95a 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -1072,7 +1072,6 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
int result = 0, need_free = 0;
gnutls_datum_t _data;
ASN1_TYPE spk;
- gnutls_ecc_curve_t curve;
if (key == NULL) {
gnutls_assert();
@@ -1119,14 +1118,7 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
goto cleanup;
}
- /* this has already been called by get_asn_mpis() thus it cannot
- * fail.
- */
- key->params.algo = _gnutls_x509_get_pk_algorithm(spk, "", &curve, NULL);
-
- key->params.curve = curve;
key->bits = pubkey_to_bits(&key->params);
-
result = 0;
cleanup:

12
gnutls-3.6.3-gnutls-cli-fix.patch
View File

@ -1,12 +0,0 @@
diff --git a/src/cli.c b/src/cli.c
index 21be015dc..42d027736 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -1273,7 +1273,6 @@ int main(int argc, char **argv)
}
continue;
}
- bytes=strlen(buffer);
buffer[bytes] = 0;
if (crlf != 0) {

65
gnutls-3.6.3-rollback-fix.patch
View File

@ -1,65 +0,0 @@
diff --git a/lib/handshake.c b/lib/handshake.c
index ebea926aa..8dce170fe 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -248,6 +248,7 @@ int _gnutls_set_server_random(gnutls_session_t session, const version_entry_st *
memcpy(session->security_parameters.server_random, rnd,
GNUTLS_RANDOM_SIZE);
+#if 0 /* This was not supposed to be checked in draft-versions */
/* check whether the server random value is set according to
* to TLS 1.3. p4.1.3 requirements */
if (!IS_DTLS(session) && vers->id <= GNUTLS_TLS1_2 && have_creds_for_tls13(session)) {
@@ -272,6 +273,7 @@ int _gnutls_set_server_random(gnutls_session_t session, const version_entry_st *
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
}
}
+#endif
return 0;
}
@@ -291,6 +293,7 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version)
max = _gnutls_version_max(session);
+#if 0
if (!IS_DTLS(session) && max->id >= GNUTLS_TLS1_3 &&
version <= GNUTLS_TLS1_2) {
if (version == GNUTLS_TLS1_2) {
@@ -303,7 +306,9 @@ int _gnutls_gen_server_random(gnutls_session_t session, int version)
ret =
gnutls_rnd(GNUTLS_RND_NONCE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE-8);
- } else {
+ } else
+#endif
+ {
ret =
gnutls_rnd(GNUTLS_RND_NONCE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
}
diff --git a/tests/tls13/rnd-check-rollback-val.c b/tests/tls13/rnd-check-rollback-val.c
index f573596c5..6934b2507 100644
--- a/tests/tls13/rnd-check-rollback-val.c
+++ b/tests/tls13/rnd-check-rollback-val.c
@@ -222,6 +222,8 @@ void doit(void)
int ret;
pid_t child;
+ exit(77);
+
signal(SIGCHLD, ch_handler);
signal(SIGPIPE, SIG_IGN);
diff --git a/tests/tls13/rnd-rollback-detection.c b/tests/tls13/rnd-rollback-detection.c
index 0d1ef0149..8cbb658cf 100644
--- a/tests/tls13/rnd-rollback-detection.c
+++ b/tests/tls13/rnd-rollback-detection.c
@@ -206,6 +206,8 @@ void doit(void)
int ret;
pid_t child;
+ exit(77);
+
signal(SIGCHLD, ch_handler);
signal(SIGPIPE, SIG_IGN);

30
gnutls-3.6.3-skip-new-priority-funcs-err-pos.patch
View File

@ -1,30 +0,0 @@
diff --git a/tests/priority-init2.c b/tests/priority-init2.c
index 850a6d9..d6b7659 100644
--- a/tests/priority-init2.c
+++ b/tests/priority-init2.c
@@ -91,8 +91,8 @@ static void start(struct test_st *test)
if (test->exp_err == ret) {
if (ep-test->add_prio != test->err_pos) {
fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio));
- fail("error expected error on different position[%d]: %s\n",
- test->err_pos, test->add_prio);
+// fail("error expected error on different position[%d]: %s\n",
+// test->err_pos, test->add_prio);
}
goto cleanup;
}
diff --git a/tests/set-default-prio.c b/tests/set-default-prio.c
index 48e8bf1..16235f8 100644
--- a/tests/set-default-prio.c
+++ b/tests/set-default-prio.c
@@ -90,8 +90,8 @@ static void start(struct test_st *test)
if (test->exp_err == ret) {
if (ep-test->add_prio != test->err_pos) {
fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio));
- fail("error expected error on different position[%d]: %s\n",
- test->err_pos, test->add_prio);
+// fail("error expected error on different position[%d]: %s\n",
+// test->err_pos, test->add_prio);
}
goto cleanup;
}

9
gnutls-3.4.2-no-now-guile.patch → gnutls-3.6.4-no-now-guile.patch
View File

@ -1,7 +1,8 @@
diff -up gnutls-3.4.2/guile/src/Makefile.in.jx gnutls-3.4.2/guile/src/Makefile.in diff --git a/guile/src/Makefile.in b/guile/src/Makefile.in
--- gnutls-3.4.2/guile/src/Makefile.in.jx 2015-06-16 12:23:31.000000000 -0400 index 3e4f547..6ffec0e 100644
+++ gnutls-3.4.2/guile/src/Makefile.in 2015-07-02 14:01:19.415060204 -0400 --- a/guile/src/Makefile.in
@@ -1316,7 +1316,7 @@ guileextension_LTLIBRARIES = guile-gnutl +++ b/guile/src/Makefile.in
@@ -1430,7 +1430,7 @@ guileextension_LTLIBRARIES = guile-gnutls-v-2.la
# Use '-module' to build a "dlopenable module", in Libtool terms. # Use '-module' to build a "dlopenable module", in Libtool terms.
# Use '-undefined' to placate Libtool on Windows; see # Use '-undefined' to placate Libtool on Windows; see
# <http://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>. # <http://lists.gnutls.org/pipermail/gnutls-devel/2014-December/007294.html>.

35
gnutls.spec
View File

@ -1,13 +1,8 @@
# This spec file has been automatically updated # This spec file has been automatically updated
Version: 3.6.3 Version: 3.6.4
Release: 4%{?dist} Release: 1%{?dist}
Patch1: gnutls-3.2.7-rpath.patch Patch1: gnutls-3.2.7-rpath.patch
Patch2: gnutls-3.4.2-no-now-guile.patch Patch2: gnutls-3.6.4-no-now-guile.patch
Patch3: gnutls-3.6.3-skip-new-priority-funcs-err-pos.patch
Patch4: gnutls-3.6.3-backport-upstream-fixes.patch
Patch5: gnutls-3.6.3-fix-ecdsa.patch
Patch6: gnutls-3.6.3-gnutls-cli-fix.patch
Patch7: gnutls-3.6.3-rollback-fix.patch
%bcond_without dane %bcond_without dane
%if 0%{?rhel} %if 0%{?rhel}
%bcond_with guile %bcond_with guile
@ -152,14 +147,7 @@ This package contains Guile bindings for the library.
%prep %prep
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%setup -q %autosetup -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
rm -f lib/minitasn1/*.c lib/minitasn1/*.h rm -f lib/minitasn1/*.c lib/minitasn1/*.h
@ -167,16 +155,15 @@ rm -f src/libopts/*.c src/libopts/*.h src/libopts/compat/*.c src/libopts/compat/
echo "SYSTEM=NORMAL" >> tests/system.prio echo "SYSTEM=NORMAL" >> tests/system.prio
# Note that we explicitly enable SHA1, as SHA1 deprecation is handled
# via the crypto policies
%build %build
%configure --with-libtasn1-prefix=%{_prefix} \ %configure --with-libtasn1-prefix=%{_prefix} \
%if (0%{?fedora} <= 28)
--enable-ssl3-support \
%else
--enable-tls13-support \
%endif
%if %{with fips} %if %{with fips}
--enable-fips140-mode \ --enable-fips140-mode \
%endif %endif
--enable-sha1-support \
--disable-static \ --disable-static \
--disable-openssl-compatibility \ --disable-openssl-compatibility \
--disable-non-suiteb-curves \ --disable-non-suiteb-curves \
@ -315,6 +302,12 @@ fi
%endif %endif
%changelog %changelog
* Tue Sep 25 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.4-1
- Updated to upstream 3.6.4 release
- Added support for the latest version of the TLS1.3 protocol
- Enabled SHA1 support as SHA1 deprecation is handled via the
fedora crypto policies.
* Thu Aug 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-4 * Thu Aug 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-4
- Fixed gnutls-cli input reading - Fixed gnutls-cli input reading
- Ensure that we do not cause issues with version rollback detection - Ensure that we do not cause issues with version rollback detection

5
sources
View File

@ -1,3 +1,2 @@
SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad SHA512 (gnutls-3.6.4.tar.xz) = f39ac09b48ebf230653cbf82b29ded39a1403313067135495b23f428b35783f9ef073993157d1f284678abedd19e2cf1fd01af843001b88320ca17b346b219ab
SHA512 (gnutls-3.6.3.tar.xz.sig) = 5377352aa239a4458b0ac6aaada438dce0336b989c4f65949fec3e469531dfb2397bb36dbe69dbc6f479f6944999937ebb4a5cb40e806d0bd4062c5647aa397b SHA512 (gnutls-3.6.4.tar.xz.sig) = 3f96dd3bb6f12f677b3106e6d46e93e56c501b9c4072c94f45235c35b9242ba2bddc71a22736bafe2b6532bcc498dac30869861beb8d705345b1197d3526da0e
SHA512 (gnutls-3.6.3.tar.xz) = 6238502464d229a9777e3076f4c745d16deaada83c9da756ecdcd370947576e0446bda3a7f85d5a099b745bbf8c0134ebdf6632e4b26d61daf170792fb4f5abe