Hello community, here is the log from the commit of package gnutls for openSUSE:Factory checked in at 2018-09-26 16:01:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnutls (Old) and /work/SRC/openSUSE:Factory/.gnutls.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnutls" Wed Sep 26 16:01:09 2018 rev:113 rq:636363 version:3.6.3 Changes: -------- --- /work/SRC/openSUSE:Factory/gnutls/gnutls.changes 2018-09-11 17:08:41.136210306 +0200 +++ /work/SRC/openSUSE:Factory/.gnutls.new/gnutls.changes 2018-09-26 16:01:11.424517917 +0200 @@ -1,0 +2,17 @@ +Tue Sep 18 08:39:56 UTC 2018 - [email protected] + +- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch + test/Makefile.in as autoreconf does not work + +------------------------------------------------------------------- +Fri Sep 14 13:07:41 UTC 2018 - Luis Henriques <[email protected]> + +- Backport of upstream fixes (boo#1108450) + * gnutls-3.6.3-backport-upstream-fixes.patch + Fixes taken from upstream commits: + ** 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert retrieval function") + ** 42945a7aab6d ("allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks") + ** 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext being last on client hello") + The patch was taken from https://github.com/weechat/weechat/issues/1231 + +------------------------------------------------------------------- New: ---- gnutls-3.6.3-backport-upstream-fixes.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.ffAgQT/_old 2018-09-26 16:01:12.292516411 +0200 +++ /var/tmp/diff_new_pack.ffAgQT/_new 2018-09-26 16:01:12.292516411 +0200 @@ -41,6 +41,7 @@ Source3: baselibs.conf Patch1: gnutls-3.5.11-skip-trust-store-tests.patch Patch2: gnutls-3.6.0-disable-flaky-dtls_resume-test.patch +Patch3: gnutls-3.6.3-backport-upstream-fixes.patch BuildRequires: autogen BuildRequires: automake BuildRequires: datefudge @@ -163,6 +164,7 @@ %ifarch ppc64 ppc64le ppc %patch2 -p1 %endif +%patch3 -p1 %build export LDFLAGS="-pie" ++++++ gnutls-3.6.0-disable-flaky-dtls_resume-test.patch ++++++ --- /var/tmp/diff_new_pack.ffAgQT/_old 2018-09-26 16:01:12.332516341 +0200 +++ /var/tmp/diff_new_pack.ffAgQT/_new 2018-09-26 16:01:12.332516341 +0200 @@ -1,8 +1,8 @@ -Index: gnutls-3.6.2/tests/Makefile.am +Index: gnutls-3.6.3/tests/Makefile.am =================================================================== ---- gnutls-3.6.2.orig/tests/Makefile.am 2018-02-16 08:27:16.000000000 +0100 -+++ gnutls-3.6.2/tests/Makefile.am 2018-03-23 12:07:47.003150907 +0100 -@@ -330,7 +330,7 @@ if !WINDOWS +--- gnutls-3.6.3.orig/tests/Makefile.am ++++ gnutls-3.6.3/tests/Makefile.am +@@ -406,7 +406,7 @@ if !WINDOWS # List of tests not available/functional under windows # @@ -11,3 +11,25 @@ indirect_tests += dtls-stress +Index: gnutls-3.6.3/tests/Makefile.in +=================================================================== +--- gnutls-3.6.3.orig/tests/Makefile.in ++++ gnutls-3.6.3/tests/Makefile.in +@@ -161,7 +161,7 @@ host_triplet = @host@ + # + # List of tests not available/functional under windows + # +-@WINDOWS_FALSE@am__append_12 = dtls/dtls dtls/dtls-resume fastopen.sh \ ++@WINDOWS_FALSE@am__append_12 = dtls/dtls fastopen.sh \ + @WINDOWS_FALSE@ pkgconfig.sh starttls.sh starttls-ftp.sh \ + @WINDOWS_FALSE@ starttls-smtp.sh starttls-lmtp.sh \ + @WINDOWS_FALSE@ starttls-pop3.sh starttls-nntp.sh \ +@@ -2507,7 +2507,7 @@ x509sign_verify_rsa_DEPENDENCIES = $(COM + $(am__DEPENDENCIES_2) + am__dist_check_SCRIPTS_DIST = rfc2253-escape-test \ + rsa-md5-collision/rsa-md5-collision.sh systemkey.sh dtls/dtls \ +- dtls/dtls-resume fastopen.sh pkgconfig.sh starttls.sh \ ++ fastopen.sh pkgconfig.sh starttls.sh \ + starttls-ftp.sh starttls-smtp.sh starttls-lmtp.sh \ + starttls-pop3.sh starttls-nntp.sh starttls-sieve.sh \ + ocsp-tests/ocsp-tls-connection \ ++++++ gnutls-3.6.3-backport-upstream-fixes.patch ++++++ diff --git a/lib/cert-cred.c b/lib/cert-cred.c index d3777e51f..2150e903f 100644 --- a/lib/cert-cred.c +++ b/lib/cert-cred.c @@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); + if (st2.ncerts == 0) { + *pcert_length = 0; + *ocsp_length = 0; + *privkey = NULL; + return 0; + } + if (st2.cert_type != GNUTLS_CRT_X509) { gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; @@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function gnutls_certificate_retrieve_function * func) { cred->legacy_cert_cb1 = func; - cred->get_cert_callback3 = call_legacy_cert_cb1; + if (!func) + cred->get_cert_callback3 = NULL; + else + cred->get_cert_callback3 = call_legacy_cert_cb1; } static int call_legacy_cert_cb2(gnutls_session_t session, @@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2 gnutls_certificate_retrieve_function2 * func) { cred->legacy_cert_cb2 = func; - cred->get_cert_callback3 = call_legacy_cert_cb2; + if (!func) + cred->get_cert_callback3 = NULL; + else + cred->get_cert_callback3 = call_legacy_cert_cb2; } /** diff --git a/lib/hello_ext.c b/lib/hello_ext.c index a3027130a..f72afe77f 100644 --- a/lib/hello_ext.c +++ b/lib/hello_ext.c @@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d if (tls_id == PRE_SHARED_KEY_TLS_ID) { ctx->seen_pre_shared_key = 1; - } else if (ctx->seen_pre_shared_key) { + } else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) { /* the pre-shared key extension must always be the last one, * draft-ietf-tls-tls13-28: 4.2.11 */ return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
