Skip to content
Browse files

Pull in the latest updates to gnutls fixing the important security bug:

  • Loading branch information...
1 parent a28384e commit 96fa4be220eab2fc5a3f54e88fe866292e268391 @kmoore134 kmoore134 committed Mar 6, 2014
View
5 security/gnutls-devel/Makefile
@@ -12,6 +12,11 @@ PKGNAMESUFFIX= -devel
MAINTAINER= novel@FreeBSD.org
COMMENT= GNU Transport Layer Security library
+BROKEN= Does not build
+FORBIDDEN= Vulnerable to CVE-2014-0092
+DEPRECATED= Stale, broken and vulnerable
+EXPIRATION_DATE= 2014-04-01
+
LIB_DEPENDS= gpg-error.0:${PORTSDIR}/security/libgpg-error \
nettle.4:${PORTSDIR}/security/nettle \
p11-kit.0:${PORTSDIR}/security/p11-kit
View
2 security/gnutls/Makefile
@@ -3,7 +3,7 @@
PORTNAME= gnutls
PORTVERSION= 2.12.23
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security net
MASTER_SITES= \
ftp://ftp.gnutls.org/gcrypt/gnutls/v${PORTVERSION:C/.[0-9]+$//}/
View
103 security/gnutls/files/patch-lib__x509__verify.c
@@ -0,0 +1,103 @@
+CVE-2014-0092
+CVE-2014-1959
+
+--- ./lib/x509/verify.c.orig 2012-05-24 11:19:05.000000000 -0500
++++ ./lib/x509/verify.c 2014-03-04 16:43:13.053087407 -0600
+@@ -141,7 +141,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -150,7 +150,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -158,7 +158,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ result =
+@@ -166,7 +166,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
+- goto cleanup;
++ goto fail;
+ }
+
+ /* If the subject certificate is the same as the issuer
+@@ -206,6 +206,7 @@
+ else
+ gnutls_assert ();
+
++fail:
+ result = 0;
+
+ cleanup:
+@@ -330,7 +331,7 @@
+ gnutls_datum_t cert_signed_data = { NULL, 0 };
+ gnutls_datum_t cert_signature = { NULL, 0 };
+ gnutls_x509_crt_t issuer = NULL;
+- int issuer_version, result;
++ int issuer_version, result = 0;
+
+ if (output)
+ *output = 0;
+@@ -363,7 +364,7 @@
+ if (issuer_version < 0)
+ {
+ gnutls_assert ();
+- return issuer_version;
++ return 0;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
+@@ -385,6 +386,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -393,6 +395,7 @@
+ if (result < 0)
+ {
+ gnutls_assert ();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -410,6 +413,7 @@
+ else if (result < 0)
+ {
+ gnutls_assert();
++ result = 0;
+ goto cleanup;
+ }
+
+@@ -644,8 +648,10 @@
+ /* note that here we disable this V1 CA flag. So that no version 1
+ * certificates can exist in a supplied chain.
+ */
+- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
++ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
+ flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
++ flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
++ }
+ if ((ret =
+ _gnutls_verify_certificate2 (certificate_list[i - 1],
+ &certificate_list[i], 1, flags,
View
2 security/gnutls3/Makefile
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= gnutls
-PORTVERSION= 3.1.18
+PORTVERSION= 3.1.22
CATEGORIES= security net
MASTER_SITES= ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/
PKGNAMESUFFIX= ${GNUTLS_SUFFIX}
View
4 security/gnutls3/distinfo
@@ -1,2 +1,2 @@
-SHA256 (gnutls-3.1.18.tar.xz) = 62c0a9963bb3e5466bb614e78839f2ae0ed8d2c9f1e3b6d2727214f810fa5dc4
-SIZE (gnutls-3.1.18.tar.xz) = 5027408
+SHA256 (gnutls-3.1.22.tar.xz) = ef1aedf4118f2f7c75c1a13094ec70cdff92cb724d0413333b4079ea492b9dce
+SIZE (gnutls-3.1.22.tar.xz) = 5159752
View
3 security/gnutls3/pkg-plist
@@ -36,6 +36,9 @@ info/gnutls3/gnutls-modauth.png
info/gnutls3/gnutls-pgp.png
info/gnutls3/gnutls-x509.png
info/gnutls3/gnutls.info
+info/gnutls3/gnutls.info-1
+info/gnutls3/gnutls.info-2
+info/gnutls3/gnutls.info-3
info/gnutls3/gnutls.info-4
info/gnutls3/gnutls.info-5
info/gnutls3/pkcs11-vision.png

0 comments on commit 96fa4be

Please sign in to comment.
Something went wrong with that request. Please try again.