# HG changeset patch # User Hans-G?nter Theisgen # Date 1659803301 -3600 # Node ID ccaf36d9b80214537c69eaf527dd1df035e2acaf # Parent cf19e70a635213a9e0bf9b92a79b3cbab0c88bbe added recipe for gnutls diff -r cf19e70a6352 -r ccaf36d9b802 gnutls/receipt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/gnutls/receipt Sat Aug 06 17:28:21 2022 +0100 @@ -0,0 +1,66 @@ +# SliTaz package receipt. + +PACKAGE="gnutls" +VERSION="3.6.12" +CATEGORY="security" +SHORT_DESC="GNU Transport Layer Security Library." +MAINTAINER="erjo@slitaz.org" +LICENSE="GPL3" +WEB_SITE="https://www.gnutls.org/" + +TARBALL="$PACKAGE-$VERSION.tar.xz" +WGET_URL="https://www.gnupg.org/ftp/gcrypt/gnutls/v${VERSION%.*}/$TARBALL" + +SUGGESTED="cacerts" +DEPENDS="gcc-lib-base libcrypto libgnutls libgpg-error + libtasn1 libunistring ncurses nettle readline zlib" +BUILD_DEPENDS="gmp-dev libcrypto-dev libgcrypt-dev libgpg-error-dev libtasn1-dev + libunistring-dev ncurses-dev nettle-dev readline-dev" + +HOST_ARCH="i486 arm" + +# Handle SliTaz arch. +case "$SLITAZ_ARCH" in + i?86) DEPENDS="$DEPENDS p11-kit" ;; +esac + +# Handle cross compilation. +case "$ARCH" in + i?86) + BUILD_DEPENDS="$BUILD_DEPENDS p11-kit-dev cacerts" ;; + arm*) + ARCH_ARGS="--with-libgcrypt-prefix=/cross/$ARCH/sysroot/usr \ + --without-p11-kit --disable-rpath" ;; +esac + +# What is the latest version available today? +current_version() +{ + wget -O - $WEB_SITE 2>/dev/null | \ + sed '/GnuTLS [0-9]/!d;s|.*TLS ||;s|<.*||' | sort -Vr | sed q +} + +# Rules to configure and make the package. +compile_rules() +{ + # 3.6.12 unrecognised: + # --with-libgcrypt + # --with-zlib + + # Disabled GOST support to compile with nettle-373 + # Is GOST support indispensable? + ./configure \ + --disable-gost \ + --disable-guile \ + --with-default-trust-store-file="/etc/ssl/ca-bundle.crt" \ + $CONFIGURE_ARGS $ARCH_ARGS && + make && + make install +} + +# Rules to gen a SliTaz package suitable for Tazpkg. +genpkg_rules() +{ + mkdir -p $fs/usr + cp -a $install/usr/bin $fs/usr +} diff -r cf19e70a6352 -r ccaf36d9b802 gnutls/stuff/CVE-2014-0092.u --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/gnutls/stuff/CVE-2014-0092.u Sat Aug 06 17:28:21 2022 +0100 @@ -0,0 +1,102 @@ +From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Thu, 27 Feb 2014 19:42:26 +0100 +Subject: [PATCH] corrected return codes + +--- + lib/x509/verify.c | 16 ++++++++++------ + 1 files changed, 10 insertions(+), 6 deletions(-) + +diff --git a/lib/x509/verify.c b/lib/x509/verify.c +index c9a6b0d..eef85a8 100644 +--- a/lib/x509/verify.c ++++ b/lib/x509/verify.c +@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + result = +@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + if (result < 0) + { + gnutls_assert (); +- goto cleanup; ++ goto fail; + } + + /* If the subject certificate is the same as the issuer +@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + else + gnutls_assert (); + ++fail: + result = 0; + + cleanup: +@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + gnutls_datum_t cert_signed_data = { NULL, 0 }; + gnutls_datum_t cert_signature = { NULL, 0 }; + gnutls_x509_crt_t issuer = NULL; +- int issuer_version, result; ++ int issuer_version, result = 0; + + if (output) + *output = 0; +@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (issuer_version < 0) + { + gnutls_assert (); +- return issuer_version; ++ return 0; + } + + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && +@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + if (result < 0) + { + gnutls_assert (); ++ result = 0; + goto cleanup; + } + +@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + else if (result < 0) + { + gnutls_assert(); ++ result = 0; + goto cleanup; + } + +-- +1.7.1 +