[arch-commits] Commit in gnutls/trunk (PKGBUILD tls_fix.diff)
Andreas Radke
andyrtr at nymeria.archlinux.org
Fri Jul 26 15:45:07 UTC 2013
Date: Friday, July 26, 2013 @ 17:45:07
Author: andyrtr
Revision: 191597
upgpkg: gnutls 3.2.2-2
fix tls connection issues; FS#36212 and FS#36207
Added:
gnutls/trunk/tls_fix.diff
Modified:
gnutls/trunk/PKGBUILD
--------------+
PKGBUILD | 18 ++++++++++++------
tls_fix.diff | 32 ++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 6 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-07-26 15:21:02 UTC (rev 191596)
+++ PKGBUILD 2013-07-26 15:45:07 UTC (rev 191597)
@@ -4,7 +4,7 @@
pkgname=gnutls
pkgver=3.2.2
-pkgrel=1
+pkgrel=2
pkgdesc="A library which provides a secure layer over a reliable transport layer"
arch=('i686' 'x86_64')
license=('GPL3' 'LGPL2.1')
@@ -13,12 +13,18 @@
options=('!libtool' '!zipman')
depends=('gcc-libs' 'libtasn1' 'readline' 'zlib' 'nettle' 'p11-kit')
makedepends=('valgrind' 'strace' 'datefudge')
-source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${pkgname}-${pkgver}.tar.xz{,.sig})
+source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${pkgname}-${pkgver}.tar.xz{,.sig}
+ tls_fix.diff)
md5sums=('9dd691ad1ccdb7386029809afef6b5ea'
- 'SKIP')
+ 'SKIP'
+ '1bbf5bfb4e1420fd61c75e14347340fc')
build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ cd ${pkgname}-${pkgver}
+
+ # fix broken TLS connections
+ patch -Np1 -i ../tls_fix.diff
+
./configure --prefix=/usr \
--with-zlib \
--disable-static \
@@ -28,13 +34,13 @@
}
check() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ cd ${pkgname}-${pkgver}
#make -k check
make -j1 check
}
package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ cd ${pkgname}-${pkgver}
make DESTDIR="${pkgdir}" install
# lots of .png files are put into infodir and are gzipped by makepkg! this may need to be fixed by using !zipman
Added: tls_fix.diff
===================================================================
--- tls_fix.diff (rev 0)
+++ tls_fix.diff 2013-07-26 15:45:07 UTC (rev 191597)
@@ -0,0 +1,32 @@
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 198cb34..3caa5ac 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session,
+ return gnutls_assert_val(ret);
+
+ if (unlikely((unsigned)length_to_decrypt > compressed->size))
+- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
++ {
++ _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
++ (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
++ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
++ }
+
+ ret =
+ _gnutls_auth_cipher_decrypt2 (¶ms->read.cipher_state,
+diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
+index 993ddb9..4795711 100644
+--- a/lib/gnutls_record.c
++++ b/lib/gnutls_record.c
+@@ -1193,8 +1193,8 @@ begin:
+ /* We allocate the maximum possible to allow few compressed bytes to expand to a
+ * full record.
+ */
+- decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session),
+- MAX_RECORD_RECV_SIZE(session));
++ t.size = _gnutls_get_max_decrypted_data(session);
++ decrypted = _mbuffer_alloc(t.size, t.size);
+ if (decrypted == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
More information about the arch-commits
mailing list