[arch-commits] Commit in lib32-gnutls/trunk (PKGBUILD tls_fix.diff)
Laurent Carlier
lcarlier at nymeria.archlinux.org
Fri Jul 26 16:48:01 UTC 2013
Date: Friday, July 26, 2013 @ 18:48:01
Author: lcarlier
Revision: 94545
upgpkg: lib32-gnutls 3.2.2-2
Add tls fix
Added:
lib32-gnutls/trunk/tls_fix.diff
Modified:
lib32-gnutls/trunk/PKGBUILD
--------------+
PKGBUILD | 11 ++++++++---
tls_fix.diff | 32 ++++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-07-26 15:55:51 UTC (rev 94544)
+++ PKGBUILD 2013-07-26 16:48:01 UTC (rev 94545)
@@ -8,7 +8,7 @@
_pkgbasename=gnutls
pkgname=lib32-$_pkgbasename
pkgver=3.2.2
-pkgrel=1
+pkgrel=2
pkgdesc="A library which provides a secure layer over a reliable transport layer (32-bit)"
arch=('x86_64')
license=('GPL3' 'LGPL2.1')
@@ -16,9 +16,11 @@
options=('!libtool')
depends=('lib32-zlib' 'lib32-nettle' 'lib32-p11-kit' 'lib32-libtasn1' $_pkgbasename)
makedepends=('gcc-multilib' 'lib32-libidn')
-source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${_pkgbasename}-${pkgver}.tar.xz{,.sig})
+source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${_pkgbasename}-${pkgver}.tar.xz{,.sig}
+ tls_fix.diff)
md5sums=('9dd691ad1ccdb7386029809afef6b5ea'
- 'SKIP')
+ 'SKIP'
+ '1bbf5bfb4e1420fd61c75e14347340fc')
build() {
export CC="gcc -m32"
@@ -27,6 +29,9 @@
cd ${srcdir}/${_pkgbasename}-${pkgver}
+ # fix broken TLS connections
+ patch -Np1 -i ../tls_fix.diff
+
# build fails without --disable-hardware-acceleration because of assembler errors
./configure --prefix=/usr --libdir=/usr/lib32 \
--with-zlib \
Added: tls_fix.diff
===================================================================
--- tls_fix.diff (rev 0)
+++ tls_fix.diff 2013-07-26 16:48:01 UTC (rev 94545)
@@ -0,0 +1,32 @@
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 198cb34..3caa5ac 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session,
+ return gnutls_assert_val(ret);
+
+ if (unlikely((unsigned)length_to_decrypt > compressed->size))
+- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
++ {
++ _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
++ (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
++ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
++ }
+
+ ret =
+ _gnutls_auth_cipher_decrypt2 (¶ms->read.cipher_state,
+diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
+index 993ddb9..4795711 100644
+--- a/lib/gnutls_record.c
++++ b/lib/gnutls_record.c
+@@ -1193,8 +1193,8 @@ begin:
+ /* We allocate the maximum possible to allow few compressed bytes to expand to a
+ * full record.
+ */
+- decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session),
+- MAX_RECORD_RECV_SIZE(session));
++ t.size = _gnutls_get_max_decrypted_data(session);
++ decrypted = _mbuffer_alloc(t.size, t.size);
+ if (decrypted == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
More information about the arch-commits
mailing list