Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Pull in the latest updates to gnutls fixing the important security bug:

  • Loading branch information...
commit 96fa4be220eab2fc5a3f54e88fe866292e268391 1 parent a28384e
@kmoore134 kmoore134 authored
View
5 security/gnutls-devel/Makefile
@@ -12,6 +12,11 @@ PKGNAMESUFFIX= -devel
MAINTAINER= novel@FreeBSD.org
COMMENT= GNU Transport Layer Security library
+BROKEN= Does not build
+FORBIDDEN= Vulnerable to CVE-2014-0092
+DEPRECATED= Stale, broken and vulnerable
+EXPIRATION_DATE= 2014-04-01
+
LIB_DEPENDS= gpg-error.0:${PORTSDIR}/security/libgpg-error \
nettle.4:${PORTSDIR}/security/nettle \
p11-kit.0:${PORTSDIR}/security/p11-kit
View
2  security/gnutls/Makefile
@@ -3,7 +3,7 @@
PORTNAME= gnutls
PORTVERSION= 2.12.23
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security net
MASTER_SITES= \
ftp://ftp.gnutls.org/gcrypt/gnutls/v${PORTVERSION:C/.[0-9]+$//}/
View
103 security/gnutls/files/patch-lib__x509__verify.c
@@ -0,0 +1,103 @@
+CVE-2014-0092
+CVE-2014-1959
+
+--- ./lib/x509/verify.c.orig 2012-05-24 11:19:05.000000000 -0500
++++ ./lib/x509/verify.c 2014-03-04 16:43:13.053087407 -0600
+@@ -141,7 +141,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -150,7 +150,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -158,7 +158,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -166,7 +166,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ /* If the subject certificate is the same as the issuer
+@@ -206,6 +206,7 @@
+ else
+ gnutls_assert ();
+
++fail:
+ result = 0;
+
+ cleanup:
+@@ -330,7 +331,7 @@
+ gnutls_datum_t cert_signed_data = { NULL, 0 };
+ gnutls_datum_t cert_signature = { NULL, 0 };
+ gnutls_x509_crt_t issuer = NULL;
+- int issuer_version, result;
++ int issuer_version, result = 0;
+
+ if (output)
+ *output = 0;
+@@ -363,7 +364,7 @@
+ if (issuer_version < 0)
+ {
+ gnutls_assert ();
+- return issuer_version;
++ return 0;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
+@@ -385,6 +386,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -393,6 +395,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -410,6 +413,7 @@
+ else if (result < 0)
+ {
+ gnutls_assert();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -644,8 +648,10 @@
+ /* note that here we disable this V1 CA flag. So that no version 1
+ * certificates can exist in a supplied chain.
+ */
+- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
++ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
+ flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
++ flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
++ }
+ if ((ret =
+ _gnutls_verify_certificate2 (certificate_list[i - 1],
+ &certificate_list[i], 1, flags,
View
2  security/gnutls3/Makefile
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= gnutls
-PORTVERSION= 3.1.18
+PORTVERSION= 3.1.22
CATEGORIES= security net
MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/
PKGNAMESUFFIX= ${GNUTLS_SUFFIX}
View
4 security/gnutls3/distinfo
@@ -1,2 +1,2 @@
-SHA256 (gnutls-3.1.18.tar.xz) = 62c0a9963bb3e5466bb614e78839f2ae0ed8d2c9f1e3b6d2727214f810fa5dc4
-SIZE (gnutls-3.1.18.tar.xz) = 5027408
+SHA256 (gnutls-3.1.22.tar.xz) = ef1aedf4118f2f7c75c1a13094ec70cdff92cb724d0413333b4079ea492b9dce
+SIZE (gnutls-3.1.22.tar.xz) = 5159752
View
3  security/gnutls3/pkg-plist
@@ -36,6 +36,9 @@ info/gnutls3/gnutls-modauth.png
info/gnutls3/gnutls-pgp.png
info/gnutls3/gnutls-x509.png
info/gnutls3/gnutls.info
+info/gnutls3/gnutls.info-1
+info/gnutls3/gnutls.info-2
+info/gnutls3/gnutls.info-3
info/gnutls3/gnutls.info-4
info/gnutls3/gnutls.info-5
info/gnutls3/pkcs11-vision.png
Please sign in to comment.
Something went wrong with that request. Please try again.