Fix CVE-2014-1959, bug#501282

(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key BF20DC51)
author: Alon Bar-Lev <alonbl@gentoo.org> 2014-03-04 20:26:38 +0000
committer: Alon Bar-Lev <alonbl@gentoo.org> 2014-03-04 20:26:38 +0000
commit: 275f11cf2fe0c96006842d26aa793dc999db8a11 (patch)
tree: 20db69be2bb6fe42a31c294d8feb06dede86a9d6 /net-libs/gnutls/files
parent: Add ~mips keyword. (diff)
download: gentoo-2-275f11cf2fe0c96006842d26aa793dc999db8a11.tar.gz
gentoo-2-275f11cf2fe0c96006842d26aa793dc999db8a11.tar.bz2
gentoo-2-275f11cf2fe0c96006842d26aa793dc999db8a11.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch
new file mode 100644
index 000000000000..28989c97ceb7
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch
@@ -0,0 +1,14 @@
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -692,8 +693,10 @@
+       /* note that here we disable this V1 CA flag. So that no version 1
+        * certificates can exist in a supplied chain.
+        */
+-      if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
++      if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
+         flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
++        flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
++      }
+       if ((ret =
+            _gnutls_verify_certificate2(certificate_list[i - 1],
+                &certificate_list[i], 1,
+\ No newline at end of file
author	Alon Bar-Lev <alonbl@gentoo.org>	2014-03-04 20:26:38 +0000
committer	Alon Bar-Lev <alonbl@gentoo.org>	2014-03-04 20:26:38 +0000
commit	275f11cf2fe0c96006842d26aa793dc999db8a11 (patch)
tree	20db69be2bb6fe42a31c294d8feb06dede86a9d6 /net-libs/gnutls/files
parent	Add ~mips keyword. (diff)
download	gentoo-2-275f11cf2fe0c96006842d26aa793dc999db8a11.tar.gz gentoo-2-275f11cf2fe0c96006842d26aa793dc999db8a11.tar.bz2 gentoo-2-275f11cf2fe0c96006842d26aa793dc999db8a11.zip