From abd1baafcc8d5c69549a455f6e74eb2359b1a654 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 26 Jul 2018 12:50:16 +0200 Subject: [PATCH] Backported regression fixes from upstream --- gnutls-3.6.3-backport-upstream-fixes.patch | 55 ++++++++++++++++++++++ gnutls.spec | 7 ++- 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 gnutls-3.6.3-backport-upstream-fixes.patch diff --git a/gnutls-3.6.3-backport-upstream-fixes.patch b/gnutls-3.6.3-backport-upstream-fixes.patch new file mode 100644 index 0000000..a7aad33 --- /dev/null +++ b/gnutls-3.6.3-backport-upstream-fixes.patch @@ -0,0 +1,55 @@ +diff --git a/lib/cert-cred.c b/lib/cert-cred.c +index d3777e51f..2150e903f 100644 +--- a/lib/cert-cred.c ++++ b/lib/cert-cred.c +@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session, + if (ret < 0) + return gnutls_assert_val(ret); + ++ if (st2.ncerts == 0) { ++ *pcert_length = 0; ++ *ocsp_length = 0; ++ *privkey = NULL; ++ return 0; ++ } ++ + if (st2.cert_type != GNUTLS_CRT_X509) { + gnutls_assert(); + ret = GNUTLS_E_INVALID_REQUEST; +@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function + gnutls_certificate_retrieve_function * func) + { + cred->legacy_cert_cb1 = func; +- cred->get_cert_callback3 = call_legacy_cert_cb1; ++ if (!func) ++ cred->get_cert_callback3 = NULL; ++ else ++ cred->get_cert_callback3 = call_legacy_cert_cb1; + } + + static int call_legacy_cert_cb2(gnutls_session_t session, +@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2 + gnutls_certificate_retrieve_function2 * func) + { + cred->legacy_cert_cb2 = func; +- cred->get_cert_callback3 = call_legacy_cert_cb2; ++ if (!func) ++ cred->get_cert_callback3 = NULL; ++ else ++ cred->get_cert_callback3 = call_legacy_cert_cb2; + } + + /** +diff --git a/lib/hello_ext.c b/lib/hello_ext.c +index a3027130a..f72afe77f 100644 +--- a/lib/hello_ext.c ++++ b/lib/hello_ext.c +@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d + + if (tls_id == PRE_SHARED_KEY_TLS_ID) { + ctx->seen_pre_shared_key = 1; +- } else if (ctx->seen_pre_shared_key) { ++ } else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) { + /* the pre-shared key extension must always be the last one, + * draft-ietf-tls-tls13-28: 4.2.11 */ + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); diff --git a/gnutls.spec b/gnutls.spec index 1df8b28..15d152e 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,9 +1,10 @@ # This spec file has been automatically updated Version: 3.6.3 -Release: 1%{?dist} +Release: 2%{?dist} Patch1: gnutls-3.2.7-rpath.patch Patch2: gnutls-3.4.2-no-now-guile.patch Patch3: gnutls-3.6.3-skip-new-priority-funcs-err-pos.patch +Patch4: gnutls-3.6.3-backport-upstream-fixes.patch %bcond_without dane %if 0%{?rhel} %bcond_with guile @@ -152,6 +153,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure rm -f lib/minitasn1/*.c lib/minitasn1/*.h @@ -307,6 +309,9 @@ fi %endif %changelog +* Thu Jul 26 2018 Nikos Mavrogiannopoulos - 3.6.3-2 +- Backported regression fixed from 3.6.2 + * Mon Jul 16 2018 Nikos Mavrogiannopoulos - 3.6.3-1 - Update to upstream 3.6.3 release