wok-undigest rev 1237
added recipe for gnutls
| author | Hans-G?nter Theisgen |
|---|---|
| date | Sat Aug 06 17:28:21 2022 +0100 (21 months ago) |
| parents | cf19e70a6352 |
| children | 8d40ce8afd35 |
| files | gnutls/receipt gnutls/stuff/CVE-2014-0092.u |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/gnutls/receipt Sat Aug 06 17:28:21 2022 +0100 1.3 @@ -0,0 +1,66 @@ 1.4 +# SliTaz package receipt. 1.5 + 1.6 +PACKAGE="gnutls" 1.7 +VERSION="3.6.12" 1.8 +CATEGORY="security" 1.9 +SHORT_DESC="GNU Transport Layer Security Library." 1.10 +MAINTAINER="erjo@slitaz.org" 1.11 +LICENSE="GPL3" 1.12 +WEB_SITE="https://www.gnutls.org/" 1.13 + 1.14 +TARBALL="$PACKAGE-$VERSION.tar.xz" 1.15 +WGET_URL="https://www.gnupg.org/ftp/gcrypt/gnutls/v${VERSION%.*}/$TARBALL" 1.16 + 1.17 +SUGGESTED="cacerts" 1.18 +DEPENDS="gcc-lib-base libcrypto libgnutls libgpg-error 1.19 + libtasn1 libunistring ncurses nettle readline zlib" 1.20 +BUILD_DEPENDS="gmp-dev libcrypto-dev libgcrypt-dev libgpg-error-dev libtasn1-dev 1.21 + libunistring-dev ncurses-dev nettle-dev readline-dev" 1.22 + 1.23 +HOST_ARCH="i486 arm" 1.24 + 1.25 +# Handle SliTaz arch. 1.26 +case "$SLITAZ_ARCH" in 1.27 + i?86) DEPENDS="$DEPENDS p11-kit" ;; 1.28 +esac 1.29 + 1.30 +# Handle cross compilation. 1.31 +case "$ARCH" in 1.32 + i?86) 1.33 + BUILD_DEPENDS="$BUILD_DEPENDS p11-kit-dev cacerts" ;; 1.34 + arm*) 1.35 + ARCH_ARGS="--with-libgcrypt-prefix=/cross/$ARCH/sysroot/usr \ 1.36 + --without-p11-kit --disable-rpath" ;; 1.37 +esac 1.38 + 1.39 +# What is the latest version available today? 1.40 +current_version() 1.41 +{ 1.42 + wget -O - $WEB_SITE 2>/dev/null | \ 1.43 + sed '/GnuTLS [0-9]/!d;s|.*TLS ||;s|<.*||' | sort -Vr | sed q 1.44 +} 1.45 + 1.46 +# Rules to configure and make the package. 1.47 +compile_rules() 1.48 +{ 1.49 + # 3.6.12 unrecognised: 1.50 + # --with-libgcrypt 1.51 + # --with-zlib 1.52 + 1.53 + # Disabled GOST support to compile with nettle-373 1.54 + # Is GOST support indispensable? 1.55 + ./configure \ 1.56 + --disable-gost \ 1.57 + --disable-guile \ 1.58 + --with-default-trust-store-file="/etc/ssl/ca-bundle.crt" \ 1.59 + $CONFIGURE_ARGS $ARCH_ARGS && 1.60 + make && 1.61 + make install 1.62 +} 1.63 + 1.64 +# Rules to gen a SliTaz package suitable for Tazpkg. 1.65 +genpkg_rules() 1.66 +{ 1.67 + mkdir -p $fs/usr 1.68 + cp -a $install/usr/bin $fs/usr 1.69 +}
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/gnutls/stuff/CVE-2014-0092.u Sat Aug 06 17:28:21 2022 +0100 2.3 @@ -0,0 +1,102 @@ 2.4 +From 6aa26f78150ccbdf0aec1878a41c17c41d358a3b Mon Sep 17 00:00:00 2001 2.5 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2.6 +Date: Thu, 27 Feb 2014 19:42:26 +0100 2.7 +Subject: [PATCH] corrected return codes 2.8 + 2.9 +--- 2.10 + lib/x509/verify.c | 16 ++++++++++------ 2.11 + 1 files changed, 10 insertions(+), 6 deletions(-) 2.12 + 2.13 +diff --git a/lib/x509/verify.c b/lib/x509/verify.c 2.14 +index c9a6b0d..eef85a8 100644 2.15 +--- a/lib/x509/verify.c 2.16 ++++ b/lib/x509/verify.c 2.17 +@@ -141,7 +141,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.18 + if (result < 0) 2.19 + { 2.20 + gnutls_assert (); 2.21 +- goto cleanup; 2.22 ++ goto fail; 2.23 + } 2.24 + 2.25 + result = 2.26 +@@ -150,7 +150,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.27 + if (result < 0) 2.28 + { 2.29 + gnutls_assert (); 2.30 +- goto cleanup; 2.31 ++ goto fail; 2.32 + } 2.33 + 2.34 + result = 2.35 +@@ -158,7 +158,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.36 + if (result < 0) 2.37 + { 2.38 + gnutls_assert (); 2.39 +- goto cleanup; 2.40 ++ goto fail; 2.41 + } 2.42 + 2.43 + result = 2.44 +@@ -166,7 +166,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.45 + if (result < 0) 2.46 + { 2.47 + gnutls_assert (); 2.48 +- goto cleanup; 2.49 ++ goto fail; 2.50 + } 2.51 + 2.52 + /* If the subject certificate is the same as the issuer 2.53 +@@ -206,6 +206,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, 2.54 + else 2.55 + gnutls_assert (); 2.56 + 2.57 ++fail: 2.58 + result = 0; 2.59 + 2.60 + cleanup: 2.61 +@@ -330,7 +331,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.62 + gnutls_datum_t cert_signed_data = { NULL, 0 }; 2.63 + gnutls_datum_t cert_signature = { NULL, 0 }; 2.64 + gnutls_x509_crt_t issuer = NULL; 2.65 +- int issuer_version, result; 2.66 ++ int issuer_version, result = 0; 2.67 + 2.68 + if (output) 2.69 + *output = 0; 2.70 +@@ -363,7 +364,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.71 + if (issuer_version < 0) 2.72 + { 2.73 + gnutls_assert (); 2.74 +- return issuer_version; 2.75 ++ return 0; 2.76 + } 2.77 + 2.78 + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && 2.79 +@@ -385,6 +386,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.80 + if (result < 0) 2.81 + { 2.82 + gnutls_assert (); 2.83 ++ result = 0; 2.84 + goto cleanup; 2.85 + } 2.86 + 2.87 +@@ -393,6 +395,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.88 + if (result < 0) 2.89 + { 2.90 + gnutls_assert (); 2.91 ++ result = 0; 2.92 + goto cleanup; 2.93 + } 2.94 + 2.95 +@@ -410,6 +413,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, 2.96 + else if (result < 0) 2.97 + { 2.98 + gnutls_assert(); 2.99 ++ result = 0; 2.100 + goto cleanup; 2.101 + } 2.102 + 2.103 +-- 2.104 +1.7.1 2.105 +