diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2018-09-18 19:22:30 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2018-09-19 09:00:33 +0200 |
| commit | a22d1843900f65ede3f87d55207ca0b8f2a38b98 (patch) | |
| tree | 2a80883ce31d38a325747f2d3b7596f19a647d35 /source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch | |
| parent | 77f4f1f5e6332a7c51dad716aba3ff2b03dc8d8a (diff) | |
| download | current-a22d1843900f65ede3f87d55207ca0b8f2a38b98.tar.gz current-a22d1843900f65ede3f87d55207ca0b8f2a38b98.tar.xz | |
Tue Sep 18 19:22:30 UTC 201820180918192230
ap/dmidecode-3.2-x86_64-1.txz: Upgraded.
ap/nano-3.1-x86_64-1.txz: Upgraded.
ap/slackpkg-2.83.0-noarch-4.txz: Rebuilt.
Merged two patches from git:
Clarify that a press of "Enter" is needed to confirm kernel change
Mention possible stale mirror if CHECKSUMS.md5 gpg verify fails
Thanks to Mario Preksavec and Robby Workman.
ap/sqlite-3.25.0-x86_64-1.txz: Upgraded.
ap/xorriso-1.5.0-x86_64-1.txz: Upgraded.
l/lmdb-0.9.22-x86_64-2.txz: Rebuilt.
Fixed the build script to clear out the build area properly - previously
it was possible for binaries of the wrong $ARCH to end up in the package.
Thanks to reddog83.
n/gnutls-3.6.3-x86_64-2.txz: Rebuilt.
Merged backported SSL/TLS fixes. Thanks to orbea.
n/samba-4.9.0-x86_64-2.txz: Rebuilt.
Recompiled in case the lmdb package was broken.
Diffstat (limited to '')
| -rw-r--r-- | source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch b/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch new file mode 100644 index 000000000..a7aad333c --- /dev/null +++ b/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch @@ -0,0 +1,55 @@ +diff --git a/lib/cert-cred.c b/lib/cert-cred.c +index d3777e51f..2150e903f 100644 +--- a/lib/cert-cred.c ++++ b/lib/cert-cred.c +@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session, + if (ret < 0) + return gnutls_assert_val(ret); + ++ if (st2.ncerts == 0) { ++ *pcert_length = 0; ++ *ocsp_length = 0; ++ *privkey = NULL; ++ return 0; ++ } ++ + if (st2.cert_type != GNUTLS_CRT_X509) { + gnutls_assert(); + ret = GNUTLS_E_INVALID_REQUEST; +@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function + gnutls_certificate_retrieve_function * func) + { + cred->legacy_cert_cb1 = func; +- cred->get_cert_callback3 = call_legacy_cert_cb1; ++ if (!func) ++ cred->get_cert_callback3 = NULL; ++ else ++ cred->get_cert_callback3 = call_legacy_cert_cb1; + } + + static int call_legacy_cert_cb2(gnutls_session_t session, +@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2 + gnutls_certificate_retrieve_function2 * func) + { + cred->legacy_cert_cb2 = func; +- cred->get_cert_callback3 = call_legacy_cert_cb2; ++ if (!func) ++ cred->get_cert_callback3 = NULL; ++ else ++ cred->get_cert_callback3 = call_legacy_cert_cb2; + } + + /** +diff --git a/lib/hello_ext.c b/lib/hello_ext.c +index a3027130a..f72afe77f 100644 +--- a/lib/hello_ext.c ++++ b/lib/hello_ext.c +@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d + + if (tls_id == PRE_SHARED_KEY_TLS_ID) { + ctx->seen_pre_shared_key = 1; +- } else if (ctx->seen_pre_shared_key) { ++ } else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) { + /* the pre-shared key extension must always be the last one, + * draft-ietf-tls-tls13-28: 4.2.11 */ + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); |