[arch-commits] Commit in lib32-gnutls/trunk (PKGBUILD tls_fix.diff)

Fri Jul 26 16:48:01 UTC 2013

Date: Friday, July 26, 2013 @ 18:48:01
  Author: lcarlier
Revision: 94545

upgpkg: lib32-gnutls 3.2.2-2

Add tls fix

Added:
  lib32-gnutls/trunk/tls_fix.diff
Modified:
  lib32-gnutls/trunk/PKGBUILD

--------------+
 PKGBUILD     |   11 ++++++++---
 tls_fix.diff |   32 ++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2013-07-26 15:55:51 UTC (rev 94544)
+++ PKGBUILD	2013-07-26 16:48:01 UTC (rev 94545)
@@ -8,7 +8,7 @@
 _pkgbasename=gnutls
 pkgname=lib32-$_pkgbasename
 pkgver=3.2.2
-pkgrel=1
+pkgrel=2
 pkgdesc="A library which provides a secure layer over a reliable transport layer (32-bit)"
 arch=('x86_64')
 license=('GPL3' 'LGPL2.1')
@@ -16,9 +16,11 @@
 options=('!libtool')
 depends=('lib32-zlib' 'lib32-nettle' 'lib32-p11-kit' 'lib32-libtasn1' $_pkgbasename)
 makedepends=('gcc-multilib' 'lib32-libidn')
-source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${_pkgbasename}-${pkgver}.tar.xz{,.sig})
+source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${_pkgbasename}-${pkgver}.tar.xz{,.sig}
+	tls_fix.diff)
 md5sums=('9dd691ad1ccdb7386029809afef6b5ea'
-         'SKIP')
+         'SKIP'
+	 '1bbf5bfb4e1420fd61c75e14347340fc')
 
 build() {
   export CC="gcc -m32"
@@ -27,6 +29,9 @@
 
   cd ${srcdir}/${_pkgbasename}-${pkgver}
 
+  # fix broken TLS connections
+  patch -Np1 -i ../tls_fix.diff
+
   # build fails without --disable-hardware-acceleration because of assembler errors
   ./configure --prefix=/usr --libdir=/usr/lib32 \
     --with-zlib \

Added: tls_fix.diff
===================================================================
--- tls_fix.diff	                        (rev 0)
+++ tls_fix.diff	2013-07-26 16:48:01 UTC (rev 94545)
@@ -0,0 +1,32 @@
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 198cb34..3caa5ac 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session,
+         return gnutls_assert_val(ret);
+ 
+       if (unlikely((unsigned)length_to_decrypt > compressed->size))
+-        return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
++        {
++          _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n",
++                    (unsigned int)length_to_decrypt, (unsigned int)compressed->size);
++          return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
++        }
+ 
+       ret =
+            _gnutls_auth_cipher_decrypt2 (&params->read.cipher_state,
+diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
+index 993ddb9..4795711 100644
+--- a/lib/gnutls_record.c
++++ b/lib/gnutls_record.c
+@@ -1193,8 +1193,8 @@ begin:
+   /* We allocate the maximum possible to allow few compressed bytes to expand to a
+    * full record.
+    */
+-  decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session), 
+-                             MAX_RECORD_RECV_SIZE(session));
++  t.size = _gnutls_get_max_decrypted_data(session);
++  decrypted = _mbuffer_alloc(t.size, t.size);
+   if (decrypted == NULL)
+     return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ 


