Tue Sep 18 19:22:30 UTC 201820180918192230

ap/dmidecode-3.2-x86_64-1.txz:  Upgraded.
ap/nano-3.1-x86_64-1.txz:  Upgraded.
ap/slackpkg-2.83.0-noarch-4.txz:  Rebuilt.
  Merged two patches from git:
  Clarify that a press of "Enter" is needed to confirm kernel change
  Mention possible stale mirror if CHECKSUMS.md5 gpg verify fails
  Thanks to Mario Preksavec and Robby Workman.
ap/sqlite-3.25.0-x86_64-1.txz:  Upgraded.
ap/xorriso-1.5.0-x86_64-1.txz:  Upgraded.
l/lmdb-0.9.22-x86_64-2.txz:  Rebuilt.
  Fixed the build script to clear out the build area properly - previously
  it was possible for binaries of the wrong $ARCH to end up in the package.
  Thanks to reddog83.
n/gnutls-3.6.3-x86_64-2.txz:  Rebuilt.
  Merged backported SSL/TLS fixes. Thanks to orbea.
n/samba-4.9.0-x86_64-2.txz:  Rebuilt.
  Recompiled in case the lmdb package was broken.

2 files changed, 62 insertions, 1 deletions

diff --git a/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch b/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch
new file mode 100644
index 000000000..a7aad333c
--- /dev/null
+++ b/source/n/gnutls/gnutls-3.6.3-backport-upstream-fixes.patch
@@ -0,0 +1,55 @@
+diff --git a/lib/cert-cred.c b/lib/cert-cred.c
+index d3777e51f..2150e903f 100644
+--- a/lib/cert-cred.c
++++ b/lib/cert-cred.c
+@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session,
+ 	if (ret < 0)
+ 		return gnutls_assert_val(ret);
+ 
++	if (st2.ncerts == 0) {
++		*pcert_length = 0;
++		*ocsp_length = 0;
++		*privkey = NULL;
++		return 0;
++	}
++
+ 	if (st2.cert_type != GNUTLS_CRT_X509) {
+ 		gnutls_assert();
+ 		ret = GNUTLS_E_INVALID_REQUEST;
+@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function
+      gnutls_certificate_retrieve_function * func)
+ {
+ 	cred->legacy_cert_cb1 = func;
+-	cred->get_cert_callback3 = call_legacy_cert_cb1;
++	if (!func)
++		cred->get_cert_callback3 = NULL;
++	else
++		cred->get_cert_callback3 = call_legacy_cert_cb1;
+ }
+ 
+ static int call_legacy_cert_cb2(gnutls_session_t session,
+@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2
+      gnutls_certificate_retrieve_function2 * func) 
+ {
+ 	cred->legacy_cert_cb2 = func;
+-	cred->get_cert_callback3 = call_legacy_cert_cb2;
++	if (!func)
++		cred->get_cert_callback3 = NULL;
++	else
++		cred->get_cert_callback3 = call_legacy_cert_cb2;
+ }
+ 
+ /**
+diff --git a/lib/hello_ext.c b/lib/hello_ext.c
+index a3027130a..f72afe77f 100644
+--- a/lib/hello_ext.c
++++ b/lib/hello_ext.c
+@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
+ 
+ 	if (tls_id == PRE_SHARED_KEY_TLS_ID) {
+ 		ctx->seen_pre_shared_key = 1;
+-	} else if (ctx->seen_pre_shared_key) {
++	} else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) {
+ 		/* the pre-shared key extension must always be the last one,
+ 		 * draft-ietf-tls-tls13-28: 4.2.11 */
+ 		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
diff --git a/source/n/gnutls/gnutls.SlackBuild b/source/n/gnutls/gnutls.SlackBuild
index 331b9b94f..11320730f 100755
--- a/source/n/gnutls/gnutls.SlackBuild
+++ b/source/n/gnutls/gnutls.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=gnutls
 VERSION=${VERSION:-$(echo gnutls-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -60,6 +60,9 @@ else
   LIBDIRSUFFIX=""
 fi
 
+# Don't use icecream:
+PATH=$(echo $PATH | sed "s|/usr/libexec/icecc/bin||g" | tr -s : | sed "s/^://g" | sed "s/:$//g")
+
 TMP=${TMP:-/tmp}
 PKG=$TMP/package-$PKGNAM
 rm -rf $PKG
@@ -78,6 +81,9 @@ find . \
   \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
   -exec chmod 644 {} \;
 
+# This patch addresses some issues with SSL/TLS breakage in 3.6.3:
+zcat $CWD/gnutls-3.6.3-backport-upstream-fixes.patch.gz | patch -p1 --verbose || exit 1
+
 # Need to reconf to find guile-2.2.x:
 autoreconf -vif