Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch')
-rw-r--r--net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch14
1 files changed, 14 insertions, 0 deletions
diff --git a/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch
new file mode 100644
index 000000000000..28989c97ceb7
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-2.12.23-CVE-2014-1959.patch
@@ -0,0 +1,14 @@
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -692,8 +693,10 @@
+ /* note that here we disable this V1 CA flag. So that no version 1
+ * certificates can exist in a supplied chain.
+ */
+- if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
++ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) {
+ flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
++ flags |= GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT;
++ }
+ if ((ret =
+ _gnutls_verify_certificate2(certificate_list[i - 1],
+ &certificate_list[i], 1, \ No newline at end of file