packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
systemd/0073-backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch
overweight b95c118210 fix patches name and patches num
2021-05-30 22:04:06 -04:00

59 lines
2.4 KiB
Diff
Raw Blame History

From 38e053c58fa139e0f546f327b5d8ce3db7cf1647 Mon Sep 17 00:00:00 2001
From: Iwan Timmer <irtimmer@gmail.com>
Date: Tue, 29 Oct 2019 20:26:05 +0100
Subject: [PATCH] resolved: require at least version 3.6.0 of GnuTLS for
DNS-over-TLS
Increase the required version to ensure TLS 1.3 is always supported when using GnuTLS for DNS-over-TLS and allow further changes to use recent API additions.
---
README | 2 +-
meson.build | 2 +-
src/resolve/resolved-dnstls-gnutls.c | 4 ----
3 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/README b/README
index 8aa16fe8c9..8dbf94b49c 100644
--- a/README
+++ b/README
@@ -155,7 +155,7 @@ REQUIREMENTS:
libmicrohttpd (optional)
libpython (optional)
libidn2 or libidn (optional)
- gnutls >= 3.1.4 (optional, >= 3.5.3 is required to support DNS-over-TLS with gnutls)
+ gnutls >= 3.1.4 (optional, >= 3.6.0 is required to support DNS-over-TLS with gnutls)
openssl >= 1.1.0 (optional, required to support DNS-over-TLS with openssl)
elfutils >= 158 (optional)
polkit (optional)
diff --git a/meson.build b/meson.build
index 0001504d53..a7a9222582 100644
--- a/meson.build
+++ b/meson.build
@@ -1199,7 +1199,7 @@ if dns_over_tls != 'false'
if dns_over_tls == 'openssl'
have_gnutls = false
else
- have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.5.3'))
+ have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0'))
if dns_over_tls == 'gnutls' and not have_gnutls
error('DNS-over-TLS support was requested with gnutls, but dependencies are not available')
endif
diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c
index 7ad9662073..ea276d2c20 100644
--- a/src/resolve/resolved-dnstls-gnutls.c
+++ b/src/resolve/resolved-dnstls-gnutls.c
@@ -9,11 +9,7 @@
#include "resolved-dns-stream.h"
#include "resolved-dnstls.h"
-#if GNUTLS_VERSION_NUMBER >= 0x030600
#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2"
-#else
-#define PRIORTY_STRING "NORMAL:-VERS-ALL:+VERS-TLS1.2"
-#endif
DEFINE_TRIVIAL_CLEANUP_FUNC(gnutls_session_t, gnutls_deinit);
static ssize_t dnstls_stream_writev(gnutls_transport_ptr_t p, const giovec_t *iov, int iovcnt) {
--
2.26.2
Reference in New Issue View Git Blame Copy Permalink