The Samba-Bugzilla – Attachment 15762 Details for
Bug 14250
Only blacklist GnuTLS 3.6.10 but allow to use versions with GNUTLS_AEAD_CIPHER_ENCRYPTV2 backported
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.12
0001-libcli-smb-Improve-check-for-gnutls_aead_cipher_-en-.patch (text/plain), 3.22 KB, created by
Andreas Schneider
on 2020-02-04 08:51:24 UTC
(
hide
)
Description:
patch for 4.12
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2020-02-04 08:51:24 UTC
Size:
3.22 KB
patch
obsolete
>From 51428329cc78c3c7e051c41f55f07daa1ed1f9c1 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 24 Jan 2020 16:34:42 +0100 >Subject: [PATCH] libcli:smb: Improve check for > gnutls_aead_cipher_(en|de)cryptv2 > >This is available since version 3.6.10, but 3.6.10 has a bug which got fixed >in 3.6.11, see: > > https://gitlab.com/gnutls/gnutls/-/merge_requests/1085 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14250 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Tue Feb 4 06:44:00 UTC 2020 on sn-devel-184 > >(cherry picked from commit d459ca04fc46a52276a860e73ae9ec8f813c260e) >--- > libcli/smb/smb2_signing.c | 7 ++----- > wscript_configure_system_gnutls | 15 +++++++++++++-- > 2 files changed, 15 insertions(+), 7 deletions(-) > >diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c >index 7561a7a858d..7b33a42526e 100644 >--- a/libcli/smb/smb2_signing.c >+++ b/libcli/smb/smb2_signing.c >@@ -478,9 +478,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, > 0, > 16 - iv_size); > >-/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */ >-#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \ >- GNUTLS_VERSION_NUMBER > 0x03060a >+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) > { > uint8_t tag[tag_size]; > giovec_t auth_iov[1]; >@@ -682,8 +680,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, > } > > /* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */ >-#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \ >- GNUTLS_VERSION_NUMBER > 0x03060a >+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) > { > giovec_t auth_iov[1]; > >diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls >index f6d9ac3c65e..b2b955f3c90 100644 >--- a/wscript_configure_system_gnutls >+++ b/wscript_configure_system_gnutls >@@ -1,5 +1,8 @@ > from waflib import Options > >+def parse_version(v): >+ return tuple(map(int, (v.split(".")))) >+ > gnutls_min_required_version = "3.4.7" > > gnutls_required_version = gnutls_min_required_version >@@ -9,14 +12,22 @@ conf.CHECK_CFG(package='gnutls', > msg='Checking for GnuTLS >= %s' % gnutls_required_version, > mandatory=True) > >+gnutls_version = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip() >+ > # Define gnutls as a system library > conf.SET_TARGET_TYPE('gnutls', 'SYSLIB') > > # Check for gnutls_pkcs7_get_embedded_data_oid (>= 3.5.5) required by libmscat > conf.CHECK_FUNCS_IN('gnutls_pkcs7_get_embedded_data_oid', 'gnutls') > >-# Check for gnutls_aead_cipher_encryptv2 (>= 3.6.10) >-conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') >+# Check for gnutls_aead_cipher_encryptv2 >+# >+# This is available since version 3.6.10, but 3.6.10 has a bug which got fixed >+# in 3.6.11, see: >+# >+# https://gitlab.com/gnutls/gnutls/-/merge_requests/1085 >+if (parse_version('3.6.10') != parse_version(gnutls_version)): >+ conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') > > if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'): > conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1) >-- >2.25.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15762">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
ab
:
review+
Actions:
View
Attachments on
bug 14250
: 15762