diff options
author | tron <tron> | 2014-02-20 12:31:26 +0000 |
---|---|---|
committer | tron <tron> | 2014-02-20 12:31:26 +0000 |
commit | 96d04cf9ade03e76cdef94289b8b55e2f6f42713 (patch) | |
tree | 8362e14ee241ed5fe57adab9c9c50bf3487f9414 /security/gnutls/patches/patch-CVE-2014-1959 | |
parent | 6e68f91e23cf1f6780bc5ff503599be5ddbef4d7 (diff) | |
download | pkgsrc-96d04cf9ade03e76cdef94289b8b55e2f6f42713.tar.gz |
Pullup ticket #4331 - requested by drochner
security/gnutls: security patch
Apply patch to fix security vulnerability reported in CVE-2014-1959.
Diffstat (limited to 'security/gnutls/patches/patch-CVE-2014-1959')
-rw-r--r-- | security/gnutls/patches/patch-CVE-2014-1959 | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/security/gnutls/patches/patch-CVE-2014-1959 b/security/gnutls/patches/patch-CVE-2014-1959 new file mode 100644 index 00000000000..bb3018f82fd --- /dev/null +++ b/security/gnutls/patches/patch-CVE-2014-1959 @@ -0,0 +1,26 @@ +$NetBSD: patch-CVE-2014-1959,v 1.1.2.1 2014/02/20 12:31:26 tron Exp $ + +https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c + +--- lib/x509/verify.c.orig 2013-11-10 17:59:14.000000000 +0000 ++++ lib/x509/verify.c +@@ -167,6 +167,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnut + result = 1; + goto cleanup; + } ++ + /* Handle V1 CAs that do not have a basicConstraint, but accept + these certs only if the appropriate flags are set. */ + else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) && +@@ -666,8 +667,10 @@ _gnutls_x509_verify_certificate(const gn + /* note that here we disable this V1 CA flag. So that no version 1 + * certificates can exist in a supplied chain. + */ +- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) ++ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) { + flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); ++ flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT; ++ } + if ((ret = + _gnutls_verify_certificate2(certificate_list[i - 1], + &certificate_list[i], 1, |