rpms/gnutls/F-8 gnutls-1.4.1-cve-2008-4989.patch,NONE,1.1
Tomáš Mráz
tmraz at fedoraproject.org
Tue Nov 11 14:36:53 UTC 2008
- Previous message (by thread): rpms/gnutls/F-8 gnutls.spec,1.31,1.32
- Next message (by thread): rpms/acpid/devel acpid-1.0.8-makefile.patch, NONE, 1.1 acpid.power.sh, NONE, 1.1 .cvsignore, 1.7, 1.8 acpid.init, 1.10, 1.11 acpid.spec, 1.31, 1.32 sources, 1.7, 1.8 acpid-1.0.6-fd.patch, 1.2, NONE acpid-1.0.6-log.patch, 1.1, NONE acpid-1.0.6-makefile.patch, 1.2, NONE acpid-1.0.6-return.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/gnutls/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9322
Added Files:
gnutls-1.4.1-cve-2008-4989.patch
Log Message:
* Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 1.6.3-5
- fix chain verification issue CVE-2008-4989 (#470079)
gnutls-1.4.1-cve-2008-4989.patch:
--- NEW FILE gnutls-1.4.1-cve-2008-4989.patch ---
diff -up gnutls-1.4.1/lib/x509/verify.c.chain-verify gnutls-1.4.1/lib/x509/verify.c
--- gnutls-1.4.1/lib/x509/verify.c.chain-verify 2008-11-11 10:55:19.000000000 +0100
+++ gnutls-1.4.1/lib/x509/verify.c 2008-11-11 10:58:54.000000000 +0100
@@ -379,6 +379,17 @@ _gnutls_x509_verify_certificate (const g
int i = 0, ret;
unsigned int status = 0, output;
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ */
+ if (clist_size > 1 &&
+ gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) > 0)
+ {
+ clist_size--;
+ }
+
/* Verify the last certificate in the certificate path
* against the trusted CA certificate list.
*
@@ -417,17 +428,6 @@ _gnutls_x509_verify_certificate (const g
}
#endif
- /* Check if the last certificate in the path is self signed.
- * In that case ignore it (a certificate is trusted only if it
- * leads to a trusted party by us, not the server's).
- */
- if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
- certificate_list[clist_size - 1]) > 0
- && clist_size > 0)
- {
- clist_size--;
- }
-
/* Verify the certificate path (chain)
*/
for (i = clist_size - 1; i > 0; i--)
- Previous message (by thread): rpms/gnutls/F-8 gnutls.spec,1.31,1.32
- Next message (by thread): rpms/acpid/devel acpid-1.0.8-makefile.patch, NONE, 1.1 acpid.power.sh, NONE, 1.1 .cvsignore, 1.7, 1.8 acpid.init, 1.10, 1.11 acpid.spec, 1.31, 1.32 sources, 1.7, 1.8 acpid-1.0.6-fd.patch, 1.2, NONE acpid-1.0.6-log.patch, 1.1, NONE acpid-1.0.6-makefile.patch, 1.2, NONE acpid-1.0.6-return.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list