[Pkg-gnutls-commits] r765 - in /packages/gnutls26/trunk/debian: changelog patches/15_openpgp.diff

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Sat Aug 22 12:11:06 UTC 2009 

Author: ametzler
Date: Sat Aug 22 12:11:06 2009
New Revision: 765

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=765
Log:
Fix OpenPGP hostname comparison.

Added:
    packages/gnutls26/trunk/debian/patches/15_openpgp.diff
Modified:
    packages/gnutls26/trunk/debian/changelog

Modified: packages/gnutls26/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/changelog?rev=765&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/changelog (original)
+++ packages/gnutls26/trunk/debian/changelog Sat Aug 22 12:11:06 2009
@@ -1,6 +1,8 @@
 gnutls26 (2.8.3-2) UNRELEASED; urgency=low
 
   * NOT RELEASED YET
+  * [ debian/patches/15_openpgp.diff ] The CVE-2009-2730 broke openpgp
+    connections.
 
  -- Andreas Metzler <ametzler at debian.org>  Fri, 14 Aug 2009 20:07:06 +0200
 

Added: packages/gnutls26/trunk/debian/patches/15_openpgp.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/15_openpgp.diff?rev=765&op=file
==============================================================================
--- packages/gnutls26/trunk/debian/patches/15_openpgp.diff (added)
+++ packages/gnutls26/trunk/debian/patches/15_openpgp.diff Sat Aug 22 12:11:06 2009
@@ -1,0 +1,23 @@
+From 9eed44b4ef9538117cc134956b32bc8fd39534fd Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon at josefsson.org>
+Date: Thu, 20 Aug 2009 10:21:09 +0000
+Subject: Fix OpenPGP hostname comparison.
+
+---
+diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
+index 8018ced..aa2a235 100644
+--- a/lib/openpgp/pgp.c
++++ b/lib/openpgp/pgp.c
+@@ -589,6 +589,10 @@ gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
+ 
+       if (ret == 0)
+ 	{
++	  /* Length returned by gnutls_openpgp_crt_get_name includes
++	     the terminating zero. */
++	  dnsnamesize--;
++
+ 	  if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+ 	    return 1;
+ 	}
+--
+cgit v0.8.2.1

More information about the Pkg-gnutls-commits mailing list