diff options
| author | Roman Bogorodskiy <novel@FreeBSD.org> | 2008-11-16 08:47:08 +0000 |
|---|---|---|
| committer | Roman Bogorodskiy <novel@FreeBSD.org> | 2008-11-16 08:47:08 +0000 |
| commit | b0d0a954076c465a3c71a1db44aa94cde46d6882 (patch) | |
| tree | d9cc1e11f4a691001c4f7214c7fcff4e87193ea5 /security/gnutls | |
| parent | 8c9f7a332112bc11f8d26673f9d9bca45c322b9d (diff) | |
| download | ports-b0d0a954076c465a3c71a1db44aa94cde46d6882.tar.gz ports-b0d0a954076c465a3c71a1db44aa94cde46d6882.zip | |
Notes
Diffstat (limited to 'security/gnutls')
| -rw-r--r-- | security/gnutls/Makefile | 3 | ||||
| -rw-r--r-- | security/gnutls/distinfo | 6 | ||||
| -rw-r--r-- | security/gnutls/files/patch-CVE-2008-4989 | 38 |
3 files changed, 42 insertions, 5 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 6eb183b2b2fc..1f359eb01e77 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -6,8 +6,7 @@ # PORTNAME= gnutls -PORTVERSION= 2.4.1 -PORTREVISION= 1 +PORTVERSION= 2.4.2 CATEGORIES= security net MASTER_SITES= http://josefsson.org/gnutls/releases/ \ ftp://ftp.gnutls.org/pub/gnutls/ \ diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index 914c3e554b08..742388c78939 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,3 +1,3 @@ -MD5 (gnutls-2.4.1.tar.bz2) = 573db36cb3f8472b0293cfa1f52c607a -SHA256 (gnutls-2.4.1.tar.bz2) = d91401a6828d7300dc2b1106ff99610479aa35af05d39746cacdab8cdc7be5fd -SIZE (gnutls-2.4.1.tar.bz2) = 4940118 +MD5 (gnutls-2.4.2.tar.bz2) = 148bde1f43cae2ea4265439df0da6399 +SHA256 (gnutls-2.4.2.tar.bz2) = 1c70e916c691c7c31ea3c8f2abeedae6c7dfda754e02b373287ceb5b46bfbb0e +SIZE (gnutls-2.4.2.tar.bz2) = 4958098 diff --git a/security/gnutls/files/patch-CVE-2008-4989 b/security/gnutls/files/patch-CVE-2008-4989 new file mode 100644 index 000000000000..9389b7bc4638 --- /dev/null +++ b/security/gnutls/files/patch-CVE-2008-4989 @@ -0,0 +1,38 @@ +--- lib/x509/verify.c.orig 2008-09-16 00:04:19.000000000 +0400 ++++ lib/x509/verify.c 2008-11-14 16:06:59.000000000 +0300 +@@ -376,6 +376,17 @@ + int i = 0, ret; + unsigned int status = 0, output; + ++ /* Check if the last certificate in the path is self signed. ++ * In that case ignore it (a certificate is trusted only if it ++ * leads to a trusted party by us, not the server's). ++ */ ++ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], ++ certificate_list[clist_size - 1]) > 0 ++ && clist_size > 0) ++ { ++ clist_size--; ++ } ++ + /* Verify the last certificate in the certificate path + * against the trusted CA certificate list. + * +@@ -414,17 +425,6 @@ + } + #endif + +- /* Check if the last certificate in the path is self signed. +- * In that case ignore it (a certificate is trusted only if it +- * leads to a trusted party by us, not the server's). +- */ +- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], +- certificate_list[clist_size - 1]) > 0 +- && clist_size > 0) +- { +- clist_size--; +- } +- + /* Verify the certificate path (chain) + */ + for (i = clist_size - 1; i > 0; i--) |