- Version update to 3.6.4 bsc#1111757:

- Drop upstreamed patch: * gnutls-3.6.3-backport-upstream-fixes.patch OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=11
2018-10-15 08:47:20 +00:00 · 2018-10-15 08:47:20 +00:00 · 36cac07d0e
commit 36cac07d0e
parent 60b4dea541
3 changed files with 3 additions and 58 deletions
--- a/gnutls-3.6.3-backport-upstream-fixes.patch
+++ b/gnutls-3.6.3-backport-upstream-fixes.patch
@ -1,55 +0,0 @@
 diff --git a/lib/cert-cred.c b/lib/cert-cred.c
 index d3777e51f..2150e903f 100644
 --- a/lib/cert-cred.c
 +++ b/lib/cert-cred.c
@@ -387,6 +387,13 @@ static int call_legacy_cert_cb1(gnutls_session_t session,
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 +	if (st2.ncerts == 0) {
 +		*pcert_length = 0;
 +		*ocsp_length = 0;
 +		*privkey = NULL;
 +		return 0;
 +	}
 +
 	if (st2.cert_type != GNUTLS_CRT_X509) {
 		gnutls_assert();
 		ret = GNUTLS_E_INVALID_REQUEST;
@@ -503,7 +510,10 @@ void gnutls_certificate_set_retrieve_function
      gnutls_certificate_retrieve_function * func)
 {
 	cred->legacy_cert_cb1 = func;
 -	cred->get_cert_callback3 = call_legacy_cert_cb1;
 +	if (!func)
 +		cred->get_cert_callback3 = NULL;
 +	else
 +		cred->get_cert_callback3 = call_legacy_cert_cb1;
 }
 static int call_legacy_cert_cb2(gnutls_session_t session,
@@ -578,7 +588,10 @@ void gnutls_certificate_set_retrieve_function2
      gnutls_certificate_retrieve_function2 * func) 
 {
 	cred->legacy_cert_cb2 = func;
 -	cred->get_cert_callback3 = call_legacy_cert_cb2;
 +	if (!func)
 +		cred->get_cert_callback3 = NULL;
 +	else
 +		cred->get_cert_callback3 = call_legacy_cert_cb2;
 }
 /**
 diff --git a/lib/hello_ext.c b/lib/hello_ext.c
 index a3027130a..f72afe77f 100644
 --- a/lib/hello_ext.c
 +++ b/lib/hello_ext.c
@@ -208,7 +208,7 @@ int hello_ext_parse(void *_ctx, unsigned tls_id, const uint8_t *data, unsigned d
 	if (tls_id == PRE_SHARED_KEY_TLS_ID) {
 		ctx->seen_pre_shared_key = 1;
 -	} else if (ctx->seen_pre_shared_key) {
 +	} else if (ctx->seen_pre_shared_key && session->security_parameters.entity == GNUTLS_SERVER) {
 		/* the pre-shared key extension must always be the last one,
 		 * draft-ietf-tls-tls13-28: 4.2.11 */
 		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
--- a/gnutls.changes
+++ b/gnutls.changes
@ -1,7 +1,7 @@
 -------------------------------------------------------------------
 Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
- Version update to 3.6.4:
+- Version update to 3.6.4 bsc#1111757:
  ** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
  ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
     gnutls_certificate_set_retrieve_function() which could not handle the case where
@ -25,6 +25,8 @@ Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
  ** libgnutls: Added support for seperately negotiating client and server certificate types
     as defined in RFC7250. This mechanism must be explicitly enabled via the
     GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
 - Drop upstreamed patch:
  * gnutls-3.6.3-backport-upstream-fixes.patch
 -------------------------------------------------------------------
 Tue Sep 18 08:39:56 UTC 2018 - schwab@suse.de
--- a/gnutls.spec
+++ b/gnutls.spec
@ -41,7 +41,6 @@ Source2:        %{name}.keyring
 Source3:        baselibs.conf
 Patch1:         gnutls-3.5.11-skip-trust-store-tests.patch
 Patch2:         gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
 Patch3:         gnutls-3.6.3-backport-upstream-fixes.patch
 BuildRequires:  autogen
 BuildRequires:  automake
 BuildRequires:  datefudge
@ -164,7 +163,6 @@ GnuTLS Wrappers for GNU Guile, a dialect of Scheme.
 %ifarch ppc64 ppc64le ppc
 %patch2 -p1
 %endif
 %patch3 -p1
 %build
 export LDFLAGS="-pie"