rpms/gnutls
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- upgrade to a new upstream version

Browse Source
This commit is contained in:
Tomáš Mráz 2008-12-04 16:50:10 +00:00
parent 202be7c37f
commit 9c5b7534c4
7 changed files with 50 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cvsignore
View File

@ -1 +1 @@
gnutls-2.4.2-nosrp.tar.bz2 gnutls-2.6.2-nosrp.tar.bz2

39
gnutls-1.4.1-cve-2008-4989.patch
View File

@ -1,39 +0,0 @@
diff -up gnutls-1.4.1/lib/x509/verify.c.chain-verify gnutls-1.4.1/lib/x509/verify.c
--- gnutls-1.4.1/lib/x509/verify.c.chain-verify 2008-11-11 10:55:19.000000000 +0100
+++ gnutls-1.4.1/lib/x509/verify.c 2008-11-11 10:58:54.000000000 +0100
@@ -379,6 +379,17 @@ _gnutls_x509_verify_certificate (const g
int i = 0, ret;
unsigned int status = 0, output;
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ */
+ if (clist_size > 1 &&
+ gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) > 0)
+ {
+ clist_size--;
+ }
+
/* Verify the last certificate in the certificate path
* against the trusted CA certificate list.
*
@@ -417,17 +428,6 @@ _gnutls_x509_verify_certificate (const g
}
#endif
- /* Check if the last certificate in the path is self signed.
- * In that case ignore it (a certificate is trusted only if it
- * leads to a trusted party by us, not the server's).
- */
- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
- certificate_list[clist_size - 1]) > 0
- && clist_size > 0)
- {
- clist_size--;
- }
-
/* Verify the certificate path (chain)
*/
for (i = clist_size - 1; i > 0; i--)

33
gnutls-2.4.0-nosrp.patch
View File

@ -1,33 +0,0 @@
diff -up gnutls-2.4.0/lib/gnutlsxx.cpp.nosrp gnutls-2.4.0/lib/gnutlsxx.cpp
--- gnutls-2.4.0/lib/gnutlsxx.cpp.nosrp 2008-05-19 10:01:43.000000000 +0200
+++ gnutls-2.4.0/lib/gnutlsxx.cpp 2008-06-23 20:11:26.000000000 +0200
@@ -398,7 +398,11 @@ void session::set_credentials( credentia
const char* server_session::get_srp_username() const
{
+#ifdef ENABLE_SRP
return gnutls_srp_server_get_username( s);
+#else
+ return NULL;
+#endif
}
const char* server_session::get_psk_username() const
@@ -677,7 +681,7 @@ void certificate_client_credentials::set
}
// SRP
-
+#ifdef ENABLE_SRP
srp_server_credentials::srp_server_credentials() : credentials(GNUTLS_CRD_SRP)
{
RETWRAP(gnutls_srp_allocate_server_credentials( &cred));
@@ -721,7 +725,7 @@ void srp_client_credentials::set_credent
{
gnutls_srp_set_client_credentials_function( cred, func);
}
-
+#endif
// PSK
psk_server_credentials::psk_server_credentials() : credentials(GNUTLS_CRD_PSK)

21
gnutls-2.6.2-chain-verify.patch Normal file
View File

@ -0,0 +1,21 @@
diff -up gnutls-2.6.2/lib/x509/verify.c.chain-verify gnutls-2.6.2/lib/x509/verify.c
--- gnutls-2.6.2/lib/x509/verify.c.chain-verify 2008-11-12 15:01:46.000000000 +0100
+++ gnutls-2.6.2/lib/x509/verify.c 2008-12-04 14:35:52.000000000 +0100
@@ -374,6 +374,17 @@ _gnutls_x509_verify_certificate (const g
int i = 0, ret;
unsigned int status = 0, output;
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ */
+ if (clist_size > 1 &&
+ gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) > 0)
+ {
+ clist_size--;
+ }
+
/* Verify the last certificate in the certificate path
* against the trusted CA certificate list.
*

20
gnutls-2.6.2-nosrp.patch Normal file
View File

@ -0,0 +1,20 @@
diff -up gnutls-2.6.2/lib/gnutlsxx.cpp.nosrp gnutls-2.6.2/lib/gnutlsxx.cpp
--- gnutls-2.6.2/lib/gnutlsxx.cpp.nosrp 2008-11-12 10:56:28.000000000 +0100
+++ gnutls-2.6.2/lib/gnutlsxx.cpp 2008-12-04 14:34:10.000000000 +0100
@@ -396,12 +396,14 @@ void session::set_credentials( credentia
RETWRAP(gnutls_credentials_set( s, cred.get_type(), cred.ptr()));
}
-#ifdef ENABLE_SRP
const char* server_session::get_srp_username() const
{
+#ifdef ENABLE_SRP
return gnutls_srp_server_get_username( s);
-}
+#else
+ return NULL;
#endif
+}
const char* server_session::get_psk_username() const
{

11
gnutls.spec
View File

@ -1,7 +1,7 @@
Summary: A TLS protocol implementation Summary: A TLS protocol implementation
Name: gnutls Name: gnutls
Version: 2.4.2 Version: 2.6.2
Release: 3%{?dist} Release: 1%{?dist}
# The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+ # The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
License: GPLv3+ and LGPLv2+ License: GPLv3+ and LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
@ -15,8 +15,8 @@ URL: http://www.gnutls.org/
# XXX patent tainted SRP code removed. # XXX patent tainted SRP code removed.
Source0: %{name}-%{version}-nosrp.tar.bz2 Source0: %{name}-%{version}-nosrp.tar.bz2
Source1: libgnutls-config Source1: libgnutls-config
Patch1: gnutls-2.4.0-nosrp.patch Patch1: gnutls-2.6.2-nosrp.patch
Patch5: gnutls-1.4.1-cve-2008-4989.patch Patch5: gnutls-2.6.2-chain-verify.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: libgcrypt >= 1.2.2 Requires: libgcrypt >= 1.2.2
@ -150,6 +150,9 @@ fi
%{_datadir}/guile/site/gnutls.scm %{_datadir}/guile/site/gnutls.scm
%changelog %changelog
* Thu Dec 4 2008 Tomas Mraz <tmraz@redhat.com> 2.6.2-1
- upgrade to a new upstream version
* Tue Nov 11 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-3 * Tue Nov 11 2008 Tomas Mraz <tmraz@redhat.com> 2.4.2-3
- fix chain verification issue CVE-2008-4989 (#470079) - fix chain verification issue CVE-2008-4989 (#470079)

2
sources
View File

@ -1 +1 @@
dcc09099518f4560a01d3b153bcafc5d gnutls-2.4.2-nosrp.tar.bz2 b74cfcc8af6a81fa3a51fc798660af0b gnutls-2.6.2-nosrp.tar.bz2