[arch-commits] Commit in gnutls/trunk (PKGBUILD tls_fix.diff)

Fri Jul 26 15:45:07 UTC 2013

Date: Friday, July 26, 2013 @ 17:45:07
  Author: andyrtr
Revision: 191597

upgpkg: gnutls 3.2.2-2

fix tls connection issues; FS#36212 and FS#36207

Added:
  gnutls/trunk/tls_fix.diff
Modified:
  gnutls/trunk/PKGBUILD

--------------+
 PKGBUILD     |   18 ++++++++++++------
 tls_fix.diff |   32 ++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 6 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2013-07-26 15:21:02 UTC (rev 191596)
+++ PKGBUILD	2013-07-26 15:45:07 UTC (rev 191597)
@@ -4,7 +4,7 @@
 
 pkgname=gnutls
 pkgver=3.2.2
-pkgrel=1
+pkgrel=2
 pkgdesc="A library which provides a secure layer over a reliable transport layer"
 arch=('i686' 'x86_64')
 license=('GPL3' 'LGPL2.1')
@@ -13,12 +13,18 @@
 options=('!libtool' '!zipman')
 depends=('gcc-libs' 'libtasn1' 'readline' 'zlib' 'nettle' 'p11-kit')
 makedepends=('valgrind' 'strace' 'datefudge')
-source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${pkgname}-${pkgver}.tar.xz{,.sig})
+source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${pkgname}-${pkgver}.tar.xz{,.sig}
+        tls_fix.diff)
 md5sums=('9dd691ad1ccdb7386029809afef6b5ea'
-         'SKIP')
+         'SKIP'
+         '1bbf5bfb4e1420fd61c75e14347340fc')
 
 build() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
+  cd ${pkgname}-${pkgver}
+  
+  # fix broken TLS connections
+  patch -Np1 -i ../tls_fix.diff
+  
   ./configure --prefix=/usr \
 	--with-zlib \
 	--disable-static \
@@ -28,13 +34,13 @@
 }
 
 check() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
+  cd ${pkgname}-${pkgver}
   #make -k check
   make -j1 check
 }
 
 package() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
+  cd ${pkgname}-${pkgver}
   make DESTDIR="${pkgdir}" install
   
   # lots of .png files are put into infodir and are gzipped by makepkg! this may need to be fixed by using !zipman

Added: tls_fix.diff
===================================================================
--- tls_fix.diff	                        (rev 0)
+++ tls_fix.diff	2013-07-26 15:45:07 UTC (rev 191597)
@@ -0,0 +1,32 @@
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 198cb34..3caa5ac 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session,
+         return gnutls_assert_val(ret);
+ 
+       if (unlikely((unsigned)length_to_decrypt > compressed->size))
+-        return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
++        {
++          _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
++                    (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
++          return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
++        }
+ 
+       ret =
+            _gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
+diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
+index 993ddb9..4795711 100644
+--- a/lib/gnutls_record.c
++++ b/lib/gnutls_record.c
+@@ -1193,8 +1193,8 @@ begin:
+   /* We allocate the maximum possible to allow few compressed bytes to expand to a
+    * full record.
+    */
+-  decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session), 
+-                             MAX_RECORD_RECV_SIZE(session));
++  t.size = _gnutls_get_max_decrypted_data(session);
++  decrypted = _mbuffer_alloc(t.size, t.size);
+   if (decrypted == NULL)
+     return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ 


