rpms/gnutls/devel gnutls-2.6.2-chain-verify.patch, NONE, 1.1 gnutls-2.6.2-nosrp.patch, NONE, 1.1 .cvsignore, 1.16, 1.17 gnutls.spec, 1.37, 1.38 sources, 1.16, 1.17 gnutls-1.4.1-cve-2008-4989.patch, 1.1, NONE gnutls-2.4.0-nosrp.patch, 1.1, NONE
Tomáš Mráz
tmraz at fedoraproject.org
Thu Dec 4 16:50:11 UTC 2008
- Previous message (by thread): rpms/foomatic/devel .cvsignore, 1.68, 1.69 foomatic.spec, 1.209, 1.210 sources, 1.70, 1.71 foomatic-ppd-filenames.patch, 1.1, NONE
- Next message (by thread): rpms/bcel/devel bcel.spec,1.35,1.36
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/gnutls/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15968
Modified Files:
.cvsignore gnutls.spec sources
Added Files:
gnutls-2.6.2-chain-verify.patch gnutls-2.6.2-nosrp.patch
Removed Files:
gnutls-1.4.1-cve-2008-4989.patch gnutls-2.4.0-nosrp.patch
Log Message:
* Thu Dec 4 2008 Tomas Mraz <tmraz at redhat.com> 2.6.2-1
- upgrade to a new upstream version
gnutls-2.6.2-chain-verify.patch:
--- NEW FILE gnutls-2.6.2-chain-verify.patch ---
diff -up gnutls-2.6.2/lib/x509/verify.c.chain-verify gnutls-2.6.2/lib/x509/verify.c
--- gnutls-2.6.2/lib/x509/verify.c.chain-verify 2008-11-12 15:01:46.000000000 +0100
+++ gnutls-2.6.2/lib/x509/verify.c 2008-12-04 14:35:52.000000000 +0100
@@ -374,6 +374,17 @@ _gnutls_x509_verify_certificate (const g
int i = 0, ret;
unsigned int status = 0, output;
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ */
+ if (clist_size > 1 &&
+ gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) > 0)
+ {
+ clist_size--;
+ }
+
/* Verify the last certificate in the certificate path
* against the trusted CA certificate list.
*
gnutls-2.6.2-nosrp.patch:
--- NEW FILE gnutls-2.6.2-nosrp.patch ---
diff -up gnutls-2.6.2/lib/gnutlsxx.cpp.nosrp gnutls-2.6.2/lib/gnutlsxx.cpp
--- gnutls-2.6.2/lib/gnutlsxx.cpp.nosrp 2008-11-12 10:56:28.000000000 +0100
+++ gnutls-2.6.2/lib/gnutlsxx.cpp 2008-12-04 14:34:10.000000000 +0100
@@ -396,12 +396,14 @@ void session::set_credentials( credentia
RETWRAP(gnutls_credentials_set( s, cred.get_type(), cred.ptr()));
}
-#ifdef ENABLE_SRP
const char* server_session::get_srp_username() const
{
+#ifdef ENABLE_SRP
return gnutls_srp_server_get_username( s);
-}
+#else
+ return NULL;
#endif
+}
const char* server_session::get_psk_username() const
{
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/gnutls/devel/.cvsignore,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- .cvsignore 23 Sep 2008 18:56:47 -0000 1.16
+++ .cvsignore 4 Dec 2008 16:50:10 -0000 1.17
@@ -1 +1 @@
-gnutls-2.4.2-nosrp.tar.bz2
+gnutls-2.6.2-nosrp.tar.bz2
Index: gnutls.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gnutls/devel/gnutls.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- gnutls.spec 11 Nov 2008 12:12:17 -0000 1.37
+++ gnutls.spec 4 Dec 2008 16:50:10 -0000 1.38
@@ -1,7 +1,7 @@
Summary: A TLS protocol implementation
Name: gnutls
-Version: 2.4.2
-Release: 3%{?dist}
+Version: 2.6.2
+Release: 1%{?dist}
# The libgnutls library is LGPLv2+, utilities and remaining libraries are GPLv3+
License: GPLv3+ and LGPLv2+
Group: System Environment/Libraries
@@ -15,8 +15,8 @@
# XXX patent tainted SRP code removed.
Source0: %{name}-%{version}-nosrp.tar.bz2
Source1: libgnutls-config
-Patch1: gnutls-2.4.0-nosrp.patch
-Patch5: gnutls-1.4.1-cve-2008-4989.patch
+Patch1: gnutls-2.6.2-nosrp.patch
+Patch5: gnutls-2.6.2-chain-verify.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: libgcrypt >= 1.2.2
@@ -150,6 +150,9 @@
%{_datadir}/guile/site/gnutls.scm
%changelog
+* Thu Dec 4 2008 Tomas Mraz <tmraz at redhat.com> 2.6.2-1
+- upgrade to a new upstream version
+
* Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3
- fix chain verification issue CVE-2008-4989 (#470079)
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/gnutls/devel/sources,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- sources 23 Sep 2008 18:56:47 -0000 1.16
+++ sources 4 Dec 2008 16:50:10 -0000 1.17
@@ -1 +1 @@
-dcc09099518f4560a01d3b153bcafc5d gnutls-2.4.2-nosrp.tar.bz2
+b74cfcc8af6a81fa3a51fc798660af0b gnutls-2.6.2-nosrp.tar.bz2
--- gnutls-1.4.1-cve-2008-4989.patch DELETED ---
--- gnutls-2.4.0-nosrp.patch DELETED ---
- Previous message (by thread): rpms/foomatic/devel .cvsignore, 1.68, 1.69 foomatic.spec, 1.209, 1.210 sources, 1.70, 1.71 foomatic-ppd-filenames.patch, 1.1, NONE
- Next message (by thread): rpms/bcel/devel bcel.spec,1.35,1.36
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list