summaryrefslogtreecommitdiff
path: root/user/gnutls
diff options
context:
space:
mode:
Diffstat (limited to 'user/gnutls')
-rw-r--r--user/gnutls/APKBUILD22
-rw-r--r--user/gnutls/disable-certtool-test.patch34
-rw-r--r--user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch10
3 files changed, 47 insertions, 19 deletions
diff --git a/user/gnutls/APKBUILD b/user/gnutls/APKBUILD
index 2ca589cae..0afc05196 100644
--- a/user/gnutls/APKBUILD
+++ b/user/gnutls/APKBUILD
@@ -1,13 +1,12 @@
# Contriburo: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Michael Mason <ms13sp@gmail.com>
-# Maintainer:
+# Maintainer: Zach van Rijn <me@zv.io>
pkgname=gnutls
-pkgver=3.6.9
-pkgrel=1
+pkgver=3.7.4
+pkgrel=0
pkgdesc="A TLS protocol implementation"
-url="http://www.gnutls.org/"
+url="https://www.gnutls.org/"
arch="all"
-options="!check" # https://gitlab.com/gnutls/gnutls/issues/560
license="LGPL-2.1+"
makedepends="libtasn1-dev libunistring-dev nettle-dev p11-kit-dev texinfo
unbound-dev cmd:which zlib-dev"
@@ -23,12 +22,17 @@ case $pkgver in
;;
esac
source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/$pkgname-$pkgver.tar.xz
- gnulib-tests-dont-require-gpg-passphrase.patch"
-builddir="$srcdir/$pkgname-$_v2"
+ disable-certtool-test.patch
+ "
# secfixes:
# 3.5.13-r0:
# - CVE-2017-7507
+# 3.6.14-r0:
+# - CVE-2020-11501
+# - CVE-2020-13777
+# 3.6.15-r0:
+# - CVE-2020-24659
build() {
LIBS="-lgmp" ./configure \
@@ -80,5 +84,5 @@ xx() {
mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
}
-sha512sums="a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07 gnutls-3.6.9.tar.xz
-abc24ee59cc67805fe953535b0bae33080fc8b0bf788304377f6d10ec8c162c4cf203a69c98a4ba3483b4c60ed7a204433cc7db9b8190eddb0d68f6fb6dad52d gnulib-tests-dont-require-gpg-passphrase.patch"
+sha512sums="38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6 gnutls-3.7.4.tar.xz
+510b0fd3464592cfffefa6cbfd09935aa26ab057b9dab7e588527efa2373a6f1ff8344270b4c143c669697e1bfa14218da29730dbc14e27daa21f770a519af1b disable-certtool-test.patch"
diff --git a/user/gnutls/disable-certtool-test.patch b/user/gnutls/disable-certtool-test.patch
new file mode 100644
index 000000000..39cba942b
--- /dev/null
+++ b/user/gnutls/disable-certtool-test.patch
@@ -0,0 +1,34 @@
+If GNUTLS_PIN is not available in the environment, the test will fail
+because it cannot ask for the password:
+
+Generating a self signed certificate...
+No PIN given.
+note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables
+cert generation failed
+FAIL certtool (exit status: 1)
+
+The comment above this line says "some CI runners need GNUTLS_PIN
+(GNUTLS_PIN=${PASS})" (i.e. GNUTLS_PIN=1234). When this is passed
+instead, the test fails again because "No password was asked" (it greps
+for "Enter password" in the output, but this won't happen because
+GNUTLS_PIN is set).
+
+The folks at Nix believe this is an incompatibility due to musl's
+getpass not falling back to stdin/stderr if it cannot connect to a tty,
+as glibc does. Upstream believes this test should only be run on glibc
+systems, so we skip it.
+
+https://gitlab.com/gnutls/gnutls/-/issues/945
+
+--- gnutls-3.6.13/tests/cert-tests/certtool.sh 2020-01-01 14:10:19.000000000 -0600
++++ gnutls-3.6.13/tests/cert-tests/certtool.sh 2020-06-02 20:36:20.380039844 -0500
+@@ -20,6 +20,9 @@
+
+ #set -e
+
++echo 'this test is not compatible with musl'
++exit 77
++
+ : ${srcdir=.}
+ : ${CERTTOOL=../../src/certtool${EXEEXT}}
+ : ${DIFF=diff -b -B}
diff --git a/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch b/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch
deleted file mode 100644
index 2c9276cbc..000000000
--- a/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- gnutls-3.6.2/gl/tests/test-vc-list-files-git.sh 2018-01-03 18:36:29.000000000 -0600
-+++ gnutls-3.6.2/gl/tests/test-vc-list-files-git.sh 2018-06-18 21:57:08.305562148 -0500
-@@ -32,6 +32,7 @@
- touch d/a b c &&
- git config user.email "you@example.com" &&
- git config user.name "Your Name" &&
-+ git config commit.gpgsign false &&
- git add . > /dev/null &&
- git commit -q -a -m log &&
- printf '%s\n' b c d/a > expected &&