rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=19

Browse Source
This commit is contained in:
OBS User unknown 2009-03-20 18:25:39 +00:00 committed by Git OBS Bridge
parent af60aea4fa
commit 3092809221
3 changed files with 16 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
CVE-2008-4989.patch
View File

@ -1,29 +1,11 @@
Index: gnutls/lib/x509/verify.c Index: gnutls-2.4.1/lib/x509/verify.c
=================================================================== ===================================================================
--- gnutls/lib/x509/verify.c 2008-11-10 10:58:33.000000000 +0100 --- gnutls-2.4.1.orig/lib/x509/verify.c
+++ gnutls/lib/x509/verify.c 2008-11-10 10:58:41.000000000 +0100 +++ gnutls-2.4.1/lib/x509/verify.c
@@ -374,6 +374,17 @@ @@ -414,17 +414,6 @@ _gnutls_x509_verify_certificate (const g
int i = 0, ret;
unsigned int status = 0, output;
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ */
+ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) > 0
+ && clist_size > 0)
+ {
+ clist_size--;
+ }
+
/* Verify the last certificate in the certificate path
* against the trusted CA certificate list.
*
@@ -412,17 +423,6 @@
} }
#endif #endif
- /* Check if the last certificate in the path is self signed. - /* Check if the last certificate in the path is self signed.
- * In that case ignore it (a certificate is trusted only if it - * In that case ignore it (a certificate is trusted only if it
- * leads to a trusted party by us, not the server's). - * leads to a trusted party by us, not the server's).

6
gnutls.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Mar 13 13:37:15 CET 2009 - jshi@suse.de
- fix security bug [bnc#457938]
new CVE-2008-4989
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de Wed Dec 10 12:34:56 CET 2008 - olh@suse.de

7
gnutls.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package gnutls (Version 2.4.1) # spec file for package gnutls (Version 2.4.1)
# #
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -21,7 +21,7 @@
Name: gnutls Name: gnutls
BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel
Version: 2.4.1 Version: 2.4.1
Release: 24 Release: 25
License: GPL v3 or later; LGPL v2.1 or later License: GPL v3 or later; LGPL v2.1 or later
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://www.gnutls.org/ Url: http://www.gnutls.org/
@ -226,6 +226,9 @@ rm -rf %buildroot
%_libdir/pkgconfig/gnutls-extra.pc %_libdir/pkgconfig/gnutls-extra.pc
%changelog %changelog
* Fri Mar 13 2009 jshi@suse.de
- fix security bug [bnc#457938]
new CVE-2008-4989
* Wed Dec 10 2008 olh@suse.de * Wed Dec 10 2008 olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293) (bnc#437293)