diff options
Diffstat (limited to 'extra/gnutls')
-rw-r--r-- | extra/gnutls/PKGBUILD | 20 | ||||
-rw-r--r-- | extra/gnutls/tls_fix.diff | 32 |
2 files changed, 45 insertions, 7 deletions
diff --git a/extra/gnutls/PKGBUILD b/extra/gnutls/PKGBUILD index a06f9d2dc..878bf27c5 100644 --- a/extra/gnutls/PKGBUILD +++ b/extra/gnutls/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 191197 2013-07-19 17:34:12Z andyrtr $ +# $Id: PKGBUILD 191598 2013-07-26 15:46:23Z andyrtr $ # Maintainer: Jan de Groot <jgc@archlinux.org> # Maintainer: Andreas Radke <andyrtr@archlinux.org> pkgname=gnutls pkgver=3.2.2 -pkgrel=1 +pkgrel=2 pkgdesc="A library which provides a secure layer over a reliable transport layer" arch=('i686' 'x86_64') license=('GPL3' 'LGPL2.1') @@ -13,12 +13,18 @@ install=gnutls.install options=('!libtool' '!zipman') depends=('gcc-libs' 'libtasn1' 'readline' 'zlib' 'nettle' 'p11-kit') makedepends=('valgrind' 'strace' 'datefudge') -source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${pkgname}-${pkgver}.tar.xz{,.sig}) +source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${pkgname}-${pkgver}.tar.xz{,.sig} + tls_fix.diff) md5sums=('9dd691ad1ccdb7386029809afef6b5ea' - 'SKIP') + 'SKIP' + '1bbf5bfb4e1420fd61c75e14347340fc') build() { - cd "${srcdir}/${pkgname}-${pkgver}" + cd ${pkgname}-${pkgver} + + # fix broken TLS connections + patch -Np1 -i ../tls_fix.diff + ./configure --prefix=/usr \ --with-zlib \ --disable-static \ @@ -28,13 +34,13 @@ build() { } check() { - cd "${srcdir}/${pkgname}-${pkgver}" + cd ${pkgname}-${pkgver} #make -k check make -j1 check } package() { - cd "${srcdir}/${pkgname}-${pkgver}" + cd ${pkgname}-${pkgver} make DESTDIR="${pkgdir}" install # lots of .png files are put into infodir and are gzipped by makepkg! this may need to be fixed by using !zipman diff --git a/extra/gnutls/tls_fix.diff b/extra/gnutls/tls_fix.diff new file mode 100644 index 000000000..8277e2b2d --- /dev/null +++ b/extra/gnutls/tls_fix.diff @@ -0,0 +1,32 @@ +diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c +index 198cb34..3caa5ac 100644 +--- a/lib/gnutls_cipher.c ++++ b/lib/gnutls_cipher.c +@@ -710,7 +710,11 @@ ciphertext_to_compressed (gnutls_session_t session, + return gnutls_assert_val(ret); + + if (unlikely((unsigned)length_to_decrypt > compressed->size)) +- return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); ++ { ++ _gnutls_audit_log(session, "Received %u bytes, while expecting less than %u\n", ++ (unsigned int)length_to_decrypt, (unsigned int)compressed->size); ++ return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); ++ } + + ret = + _gnutls_auth_cipher_decrypt2 (¶ms->read.cipher_state, +diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c +index 993ddb9..4795711 100644 +--- a/lib/gnutls_record.c ++++ b/lib/gnutls_record.c +@@ -1193,8 +1193,8 @@ begin: + /* We allocate the maximum possible to allow few compressed bytes to expand to a + * full record. + */ +- decrypted = _mbuffer_alloc(MAX_RECORD_RECV_SIZE(session), +- MAX_RECORD_RECV_SIZE(session)); ++ t.size = _gnutls_get_max_decrypted_data(session); ++ decrypted = _mbuffer_alloc(t.size, t.size); + if (decrypted == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + |