[Pkg-gnutls-commits] r663 - in /packages/gnutls26/trunk/debian: changelog patches/22_whitespace.patch patches/24_intermedcert.patch

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Sat Feb 7 11:16:38 UTC 2009 

Author: ametzler
Date: Sat Feb  7 11:16:38 2009
New Revision: 663

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=663
Log:
Sync whitespace changes with upstream 2.4.3

Added:
    packages/gnutls26/trunk/debian/patches/22_whitespace.patch
Modified:
    packages/gnutls26/trunk/debian/changelog
    packages/gnutls26/trunk/debian/patches/24_intermedcert.patch

Modified: packages/gnutls26/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/changelog?rev=663&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/changelog (original)
+++ packages/gnutls26/trunk/debian/changelog Sat Feb  7 11:16:38 2009
@@ -1,10 +1,12 @@
 gnutls26 (2.4.2-6) UNRELEASED; urgency=low
 
   * NOT RELEASED YET
-  * To new patches, making this 2.4.3 in disguise:
+  * New patches, syncing with 2.4.3 upstream oldstable release:
     + 24_intermedcertificate.patch If a non-root certificate ist trusted
       gnutls certificateificate verification stops there instead of checking
       to up to the root of the certificate chain.
+    + 22_whitespace.patch - Whitespace only changes, to make it possible to
+      apply upstream fixes without manual changes. 
     + 25_1_bufferoverrun.patch. Fix buffer overrun bug in
       gnutls_x509_crt_list_import.
       http://news.gmane.org/find-root.php?message_id=%3c000001c91d6e%2463059c90%242910d5b0%24%40com%3e

Added: packages/gnutls26/trunk/debian/patches/22_whitespace.patch
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/22_whitespace.patch?rev=663&op=file
==============================================================================
--- packages/gnutls26/trunk/debian/patches/22_whitespace.patch (added)
+++ packages/gnutls26/trunk/debian/patches/22_whitespace.patch Sat Feb  7 11:16:38 2009
@@ -1,0 +1,36 @@
+From bfdfe47993b050b3bee490f239a05d6d4b98f3b3 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon at josefsson.org>
+Date: Fri, 12 Dec 2008 18:47:20 +0000
+Subject: Fix whitespace.
+
+---
+diff --git a/lib/x509/verify.c b/lib/x509/verify.c
+index 00e2422..be01b5f 100644
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -374,7 +374,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
+   int i = 0, ret;
+   unsigned int status = 0, output;
+ 
+-  if (clist_size > 1) 
++  if (clist_size > 1)
+     {
+       /* Check if the last certificate in the path is self signed.
+        * In that case ignore it (a certificate is trusted only if it
+@@ -386,10 +386,10 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
+        * algorithm.
+        */
+       if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+-  				    certificate_list[clist_size - 1]) > 0)
+-        {
+-          clist_size--;
+-        }
++					certificate_list[clist_size - 1]) > 0)
++	{
++	  clist_size--;
++	}
+     }
+ 
+   /* Verify the last certificate in the certificate path
+--
+cgit v0.8.2

Modified: packages/gnutls26/trunk/debian/patches/24_intermedcert.patch
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/24_intermedcert.patch?rev=663&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/patches/24_intermedcert.patch (original)
+++ packages/gnutls26/trunk/debian/patches/24_intermedcert.patch Sat Feb  7 11:16:38 2009
@@ -1,5 +1,12 @@
+From 8770b1cf409811decc278f63f3cf634d0f30027a Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon at josefsson.org>
+Date: Mon, 02 Feb 2009 16:38:53 +0000
+Subject: Make it possible to trust intermediary certificates.
 
-** libgnutls: Accept chains where intermediary certs are trusted.
+Based on tiny patch from "Douglas E. Engert" <deengert at anl.gov>
+in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3376>.
+ 
+Accept chains where intermediary certs are trusted.
 Before GnuTLS needed to validate the entire chain back to a
 self-signed certificate.  GnuTLS will now stop looking when it has
 found an intermediary trusted certificate.  The new behaviour is
@@ -11,10 +18,12 @@
 has a chance to validate correctly.  Reported by "Douglas E. Engert"
 <deengert at anl.gov> in
 <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
-
---- x/lib/verify.c	2009-02-04 19:52:19.000000000 +0100
-+++ x/lib/x509/verify.c	2009-02-04 20:06:24.000000000 +0100
-@@ -53,6 +53,38 @@
+ 
+diff --git a/lib/x509/verify.c b/lib/x509/verify.c
+index ffc7704..ee66060 100644
+--- a/lib/x509/verify.c
++++ b/lib/x509/verify.c
+@@ -51,6 +51,38 @@ static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
  				int tcas_size, unsigned int flags,
  				unsigned int *output);
  
@@ -53,7 +62,7 @@
  
  /* Checks if the issuer of a certificate is a
   * Certificate Authority, or if the certificate is the same
-@@ -367,16 +399,12 @@
+@@ -365,16 +397,12 @@ gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
  }
  
  
@@ -73,7 +82,7 @@
   */
  static unsigned int
  _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
-@@ -389,16 +417,32 @@
+@@ -387,34 +415,72 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
    int i = 0, ret;
    unsigned int status = 0, output;
  
@@ -93,7 +102,7 @@
 +    }
 +#endif
 +
-   if (clist_size > 1) 
+   if (clist_size > 1)
      {
        /* Check if the last certificate in the path is self signed.
         * In that case ignore it (a certificate is trusted only if it
@@ -109,9 +118,11 @@
 +       * MD2 algorithm.
         */
        if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
-   				    certificate_list[clist_size - 1]) > 0)
-@@ -407,6 +451,30 @@
-         }
+-					certificate_list[clist_size - 1]) > 0)
++				    certificate_list[clist_size - 1]) > 0)
+ 	{
+ 	  clist_size--;
+ 	}
      }
  
 +  /* We want to shorten the chain by removing the cert that matches
@@ -141,7 +152,19 @@
    /* Verify the last certificate in the certificate path
     * against the trusted CA certificate list.
     *
-@@ -429,22 +497,6 @@
+    * If no CAs are present returns CERT_INVALID. Thus works
+    * in self signed etc certificates.
+    */
+-  ret =
+-    _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
+-				 trusted_cas, tcas_size, flags, &output);
+-
++  ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
++				     trusted_cas, tcas_size, flags, &output);
+   if (ret == 0)
+     {
+       /* if the last certificate in the certificate
+@@ -427,23 +493,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
        return status;
      }
  
@@ -161,6 +184,10 @@
 -    }
 -#endif
 -
-   /* Verify the certificate path (chain) 
+-  /* Verify the certificate path (chain) 
++  /* Verify the certificate path (chain)
     */
    for (i = clist_size - 1; i > 0; i--)
+     {
+--
+cgit v0.8.2

More information about the Pkg-gnutls-commits mailing list