diff options
| author | Pav Lucistnik <pav@FreeBSD.org> | 2008-11-19 10:36:46 +0000 |
|---|---|---|
| committer | Pav Lucistnik <pav@FreeBSD.org> | 2008-11-19 10:36:46 +0000 |
| commit | 3c87dd26c7b55bb09bec1be47269a915221f7798 (patch) | |
| tree | 2d7d9d71e88c7a430634a88b0cd7af04ab538fe3 | |
| parent | - update to 1.18 (diff) | |
- Fix the patch for CVE-2008-4989 not to cause segfaults on runtime anymore
PR: ports/128868
Obtained from: vendor
Notes
Notes:
svn path=/head/; revision=223034
| -rw-r--r-- | security/gnutls/Makefile | 1 | ||||
| -rw-r--r-- | security/gnutls/files/patch-CVE-2008-4989 | 18 |
2 files changed, 1 insertions, 18 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 1f359eb01e77..a5fdad237602 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -7,6 +7,7 @@ PORTNAME= gnutls PORTVERSION= 2.4.2 +PORTREVISION= 1 CATEGORIES= security net MASTER_SITES= http://josefsson.org/gnutls/releases/ \ ftp://ftp.gnutls.org/pub/gnutls/ \ diff --git a/security/gnutls/files/patch-CVE-2008-4989 b/security/gnutls/files/patch-CVE-2008-4989 index 9389b7bc4638..0fcbc839f437 100644 --- a/security/gnutls/files/patch-CVE-2008-4989 +++ b/security/gnutls/files/patch-CVE-2008-4989 @@ -1,23 +1,5 @@ --- lib/x509/verify.c.orig 2008-09-16 00:04:19.000000000 +0400 +++ lib/x509/verify.c 2008-11-14 16:06:59.000000000 +0300 -@@ -376,6 +376,17 @@ - int i = 0, ret; - unsigned int status = 0, output; - -+ /* Check if the last certificate in the path is self signed. -+ * In that case ignore it (a certificate is trusted only if it -+ * leads to a trusted party by us, not the server's). -+ */ -+ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], -+ certificate_list[clist_size - 1]) > 0 -+ && clist_size > 0) -+ { -+ clist_size--; -+ } -+ - /* Verify the last certificate in the certificate path - * against the trusted CA certificate list. - * @@ -414,17 +425,6 @@ } #endif |