Backported regression fixes from upstream

2018-07-26 12:50:16 +02:00 · 2018-07-26 12:50:16 +02:00 · abd1baafcc
commit abd1baafcc
parent fbb0a84717
2 changed files with 61 additions and 1 deletions
--- a/gnutls-3.6.3-backport-upstream-fixes.patch
+++ b/gnutls-3.6.3-backport-upstream-fixes.patch
@ -0,0 +1,55 @@
+diff --git a/lib/cert-cred.c b/lib/cert-cred.c
+index d3777e51f..2150e903f 100644
+--- a/lib/cert-cred.c
+++ b/lib/cert-cred.c
+@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session,
+ 	if (ret < 0)
+ 		return gnutls_assert_val(ret);
+ 
+	if (st2.ncerts == 0) {
+		*pcert_length = 0;
+		*ocsp_length = 0;
+		*privkey = NULL;
+		return 0;
+	}
+
+ 	if (st2.cert_type != GNUTLS_CRT_X509) {
+ 		gnutls_assert();
+ 		ret = GNUTLS_E_INVALID_REQUEST;
+@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function
+      gnutls_certificate_retrieve_function * func)
+ {
+ 	cred->legacy_cert_cb1 = func;
+-	cred->get_cert_callback3 = call_legacy_cert_cb1;
+	if (!func)
+		cred->get_cert_callback3 = NULL;
+	else
+		cred->get_cert_callback3 = call_legacy_cert_cb1;
+ }
+ 
+ static int call_legacy_cert_cb2(gnutls_session_t session,
+@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2
+      gnutls_certificate_retrieve_function2 * func) 
+ {
+ 	cred->legacy_cert_cb2 = func;
+-	cred->get_cert_callback3 = call_legacy_cert_cb2;
+	if (!func)
+		cred->get_cert_callback3 = NULL;
+	else
+		cred->get_cert_callback3 = call_legacy_cert_cb2;
+ }
+ 
+ /**
+diff --git a/lib/hello_ext.c b/lib/hello_ext.c
+index a3027130a..f72afe77f 100644
+--- a/lib/hello_ext.c
+++ b/lib/hello_ext.c
+@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
+ 
+ 	if (tls_id == PRE_SHARED_KEY_TLS_ID) {
+ 		ctx->seen_pre_shared_key = 1;
+-	} else if (ctx->seen_pre_shared_key) {
+	} else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) {
+ 		/* the pre-shared key extension must always be the last one,
+ 		 * draft-ietf-tls-tls13-28: 4.2.11 */
+ 		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,9 +1,10 @@
 # This spec file has been automatically updated
 Version:	3.6.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 Patch1:	gnutls-3.2.7-rpath.patch
 Patch2:	gnutls-3.4.2-no-now-guile.patch
 Patch3:	gnutls-3.6.3-skip-new-priority-funcs-err-pos.patch
+Patch4: gnutls-3.6.3-backport-upstream-fixes.patch
 %bcond_without dane
 %if 0%{?rhel}
 %bcond_with guile
@ -152,6 +153,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1

 sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
 rm -f lib/minitasn1/*.c lib/minitasn1/*.h
@ -307,6 +309,9 @@ fi
 %endif

 %changelog
+* Thu Jul 26 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-2
+- Backported regression fixed from 3.6.2
+
 * Mon Jul 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-1
 - Update to upstream 3.6.3 release