diff options
Diffstat (limited to 'user/gnutls')
-rw-r--r-- | user/gnutls/APKBUILD | 22 | ||||
-rw-r--r-- | user/gnutls/disable-certtool-test.patch | 34 | ||||
-rw-r--r-- | user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch | 10 |
3 files changed, 47 insertions, 19 deletions
diff --git a/user/gnutls/APKBUILD b/user/gnutls/APKBUILD index 2ca589cae..0afc05196 100644 --- a/user/gnutls/APKBUILD +++ b/user/gnutls/APKBUILD @@ -1,13 +1,12 @@ # Contriburo: Łukasz Jendrysik <scadu@yandex.com> # Contributor: Michael Mason <ms13sp@gmail.com> -# Maintainer: +# Maintainer: Zach van Rijn <me@zv.io> pkgname=gnutls -pkgver=3.6.9 -pkgrel=1 +pkgver=3.7.4 +pkgrel=0 pkgdesc="A TLS protocol implementation" -url="http://www.gnutls.org/" +url="https://www.gnutls.org/" arch="all" -options="!check" # https://gitlab.com/gnutls/gnutls/issues/560 license="LGPL-2.1+" makedepends="libtasn1-dev libunistring-dev nettle-dev p11-kit-dev texinfo unbound-dev cmd:which zlib-dev" @@ -23,12 +22,17 @@ case $pkgver in ;; esac source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/$pkgname-$pkgver.tar.xz - gnulib-tests-dont-require-gpg-passphrase.patch" -builddir="$srcdir/$pkgname-$_v2" + disable-certtool-test.patch + " # secfixes: # 3.5.13-r0: # - CVE-2017-7507 +# 3.6.14-r0: +# - CVE-2020-11501 +# - CVE-2020-13777 +# 3.6.15-r0: +# - CVE-2020-24659 build() { LIBS="-lgmp" ./configure \ @@ -80,5 +84,5 @@ xx() { mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/ } -sha512sums="a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07 gnutls-3.6.9.tar.xz -abc24ee59cc67805fe953535b0bae33080fc8b0bf788304377f6d10ec8c162c4cf203a69c98a4ba3483b4c60ed7a204433cc7db9b8190eddb0d68f6fb6dad52d gnulib-tests-dont-require-gpg-passphrase.patch" +sha512sums="38b488ca1223d9aa8fc25756df08db6f29aaf76fb5816fdeaa14bd89fb431a2e1c495fefc64094f726337d5b89e198146ec7dc22e9a1bca6841a9d881b0d99e6 gnutls-3.7.4.tar.xz +510b0fd3464592cfffefa6cbfd09935aa26ab057b9dab7e588527efa2373a6f1ff8344270b4c143c669697e1bfa14218da29730dbc14e27daa21f770a519af1b disable-certtool-test.patch" diff --git a/user/gnutls/disable-certtool-test.patch b/user/gnutls/disable-certtool-test.patch new file mode 100644 index 000000000..39cba942b --- /dev/null +++ b/user/gnutls/disable-certtool-test.patch @@ -0,0 +1,34 @@ +If GNUTLS_PIN is not available in the environment, the test will fail +because it cannot ask for the password: + +Generating a self signed certificate... +No PIN given. +note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables +cert generation failed +FAIL certtool (exit status: 1) + +The comment above this line says "some CI runners need GNUTLS_PIN +(GNUTLS_PIN=${PASS})" (i.e. GNUTLS_PIN=1234). When this is passed +instead, the test fails again because "No password was asked" (it greps +for "Enter password" in the output, but this won't happen because +GNUTLS_PIN is set). + +The folks at Nix believe this is an incompatibility due to musl's +getpass not falling back to stdin/stderr if it cannot connect to a tty, +as glibc does. Upstream believes this test should only be run on glibc +systems, so we skip it. + +https://gitlab.com/gnutls/gnutls/-/issues/945 + +--- gnutls-3.6.13/tests/cert-tests/certtool.sh 2020-01-01 14:10:19.000000000 -0600 ++++ gnutls-3.6.13/tests/cert-tests/certtool.sh 2020-06-02 20:36:20.380039844 -0500 +@@ -20,6 +20,9 @@ + + #set -e + ++echo 'this test is not compatible with musl' ++exit 77 ++ + : ${srcdir=.} + : ${CERTTOOL=../../src/certtool${EXEEXT}} + : ${DIFF=diff -b -B} diff --git a/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch b/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch deleted file mode 100644 index 2c9276cbc..000000000 --- a/user/gnutls/gnulib-tests-dont-require-gpg-passphrase.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- gnutls-3.6.2/gl/tests/test-vc-list-files-git.sh 2018-01-03 18:36:29.000000000 -0600 -+++ gnutls-3.6.2/gl/tests/test-vc-list-files-git.sh 2018-06-18 21:57:08.305562148 -0500 -@@ -32,6 +32,7 @@ - touch d/a b c && - git config user.email "you@example.com" && - git config user.name "Your Name" && -+ git config commit.gpgsign false && - git add . > /dev/null && - git commit -q -a -m log && - printf '%s\n' b c d/a > expected && |