[Pkg-gnutls-commits] r762 - in /packages/gnutls26/branches/branch2.4.2-6lenny/debian: changelog patches/22_X509v1_enable.patch

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Sat Aug 15 11:22:48 UTC 2009 

Author: ametzler
Date: Sat Aug 15 11:22:47 2009
New Revision: 762

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=762
Log:
Import 2.4.2-6+lenny1 release.

Added:
    packages/gnutls26/branches/branch2.4.2-6lenny/debian/patches/22_X509v1_enable.patch
Modified:
    packages/gnutls26/branches/branch2.4.2-6lenny/debian/changelog

Modified: packages/gnutls26/branches/branch2.4.2-6lenny/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.4.2-6lenny/debian/changelog?rev=762&op=diff
==============================================================================
--- packages/gnutls26/branches/branch2.4.2-6lenny/debian/changelog (original)
+++ packages/gnutls26/branches/branch2.4.2-6lenny/debian/changelog Sat Aug 15 11:22:47 2009
@@ -1,3 +1,10 @@
+gnutls26 (2.4.2-6+lenny1) stable-security; urgency=high
+
+  * Add patch from Simon Josefsson to reenable X.509v1 support for root
+    CAs.  Closes: #514807, #514735.
+
+ -- Florian Weimer <fw at deneb.enyo.de>  Mon, 23 Feb 2009 21:56:10 +0100
+
 gnutls26 (2.4.2-6) unstable; urgency=medium
 
   * New patches, syncing with 2.4.3 upstream oldstable release:

Added: packages/gnutls26/branches/branch2.4.2-6lenny/debian/patches/22_X509v1_enable.patch
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.4.2-6lenny/debian/patches/22_X509v1_enable.patch?rev=762&op=file
==============================================================================
--- packages/gnutls26/branches/branch2.4.2-6lenny/debian/patches/22_X509v1_enable.patch (added)
+++ packages/gnutls26/branches/branch2.4.2-6lenny/debian/patches/22_X509v1_enable.patch Sat Aug 15 11:22:47 2009
@@ -1,0 +1,20 @@
+From: Simon Josefsson <simon at josefsson.org>
+Subject: Bug#514807: Regression in libgnutls security update
+To: Florian Weimer <fw at deneb.enyo.de>
+CC: 514807 at bugs.debian.org,  Edward Allcutt <emallcut at gleim.com>,
+ team at security.debian.org
+Date: Thu, 12 Feb 2009 11:40:28 +0100
+Reply-To: Simon Josefsson <simon at josefsson.org>, 514807 at bugs.debian.org
+
+diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
+index 7872f20..fe7ad22 100644
+--- a/lib/gnutls_cert.c
++++ b/lib/gnutls_cert.c
+@@ -280,6 +280,7 @@ gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t *
+ 
+   (*res)->verify_bits = DEFAULT_VERIFY_BITS;
+   (*res)->verify_depth = DEFAULT_VERIFY_DEPTH;
++  (*res)->verify_flags = GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
+ 
+   return 0;
+ }

More information about the Pkg-gnutls-commits mailing list