rpms/gnutls
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backported regression fixes from upstream

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos 2018-07-26 12:50:16 +02:00
parent fbb0a84717
commit abd1baafcc
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
gnutls-3.6.3-backport-upstream-fixes.patch Normal file
View File

@ -0,0 +1,55 @@
diff --git a/lib/cert-cred.c b/lib/cert-cred.c
index d3777e51f..2150e903f 100644
--- a/lib/cert-cred.c
+++ b/lib/cert-cred.c
@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
+ if (st2.ncerts == 0) {
+ *pcert_length = 0;
+ *ocsp_length = 0;
+ *privkey = NULL;
+ return 0;
+ }
+
if (st2.cert_type != GNUTLS_CRT_X509) {
gnutls_assert();
ret = GNUTLS_E_INVALID_REQUEST;
@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function
gnutls_certificate_retrieve_function * func)
{
cred->legacy_cert_cb1 = func;
- cred->get_cert_callback3 = call_legacy_cert_cb1;
+ if (!func)
+ cred->get_cert_callback3 = NULL;
+ else
+ cred->get_cert_callback3 = call_legacy_cert_cb1;
}
static int call_legacy_cert_cb2(gnutls_session_t session,
@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2
gnutls_certificate_retrieve_function2 * func)
{
cred->legacy_cert_cb2 = func;
- cred->get_cert_callback3 = call_legacy_cert_cb2;
+ if (!func)
+ cred->get_cert_callback3 = NULL;
+ else
+ cred->get_cert_callback3 = call_legacy_cert_cb2;
}
/**
diff --git a/lib/hello_ext.c b/lib/hello_ext.c
index a3027130a..f72afe77f 100644
--- a/lib/hello_ext.c
+++ b/lib/hello_ext.c
@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
if (tls_id == PRE_SHARED_KEY_TLS_ID) {
ctx->seen_pre_shared_key = 1;
- } else if (ctx->seen_pre_shared_key) {
+ } else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) {
/* the pre-shared key extension must always be the last one,
* draft-ietf-tls-tls13-28: 4.2.11 */
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);

7
gnutls.spec
View File

@ -1,9 +1,10 @@
# This spec file has been automatically updated # This spec file has been automatically updated
Version: 3.6.3 Version: 3.6.3
Release: 1%{?dist} Release: 2%{?dist}
Patch1: gnutls-3.2.7-rpath.patch Patch1: gnutls-3.2.7-rpath.patch
Patch2: gnutls-3.4.2-no-now-guile.patch Patch2: gnutls-3.4.2-no-now-guile.patch
Patch3: gnutls-3.6.3-skip-new-priority-funcs-err-pos.patch Patch3: gnutls-3.6.3-skip-new-priority-funcs-err-pos.patch
Patch4: gnutls-3.6.3-backport-upstream-fixes.patch
%bcond_without dane %bcond_without dane
%if 0%{?rhel} %if 0%{?rhel}
%bcond_with guile %bcond_with guile
@ -152,6 +153,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
rm -f lib/minitasn1/*.c lib/minitasn1/*.h rm -f lib/minitasn1/*.c lib/minitasn1/*.h
@ -307,6 +309,9 @@ fi
%endif %endif
%changelog %changelog
* Thu Jul 26 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-2
- Backported regression fixed from 3.6.2
* Mon Jul 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-1 * Mon Jul 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-1
- Update to upstream 3.6.3 release - Update to upstream 3.6.3 release