revision bump to fix security bug 245850 (CVE-2008-4989), straight to stable on alpha amd64 hppa ia64 sparc x86 as tested on the mentioned bug

Package-Manager: portage-2.2_rc13/cvs/Linux 2.6.27-gentoo x86_64 RepoMan-Options: --force
author: Christian Hoffmann <hoffie@gentoo.org> 2008-11-10 15:00:56 +0000
committer: Christian Hoffmann <hoffie@gentoo.org> 2008-11-10 15:00:56 +0000
commit: ea466dd4c72e5773c70dc1802bfe8bab194bfbfb (patch)
tree: dd5069ea79f27ef9aaf8d4fd54f1380de4aec72c /net-libs/gnutls
parent: move to ~mips (diff)
download: historical-ea466dd4c72e5773c70dc1802bfe8bab194bfbfb.tar.gz
historical-ea466dd4c72e5773c70dc1802bfe8bab194bfbfb.tar.bz2
historical-ea466dd4c72e5773c70dc1802bfe8bab194bfbfb.zip
4 files changed, 136 insertions, 2 deletions
diff --git a/net-libs/gnutls/ChangeLog b/net-libs/gnutls/ChangeLog
index d1d1e9595da0..41265a123b31 100644
--- a/net-libs/gnutls/ChangeLog
+++ b/net-libs/gnutls/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-libs/gnutls
 # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/ChangeLog,v 1.167 2008/11/05 10:39:09 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/ChangeLog,v 1.168 2008/11/10 15:00:56 hoffie Exp $
+
+*gnutls-2.4.1-r1 (10 Nov 2008)
+
+  10 Nov 2008; Christian Hoffmann <hoffie@gentoo.org>
+  +files/gnutls-2.2.5-CVE-2008-4989.patch, +gnutls-2.4.1-r1.ebuild:
+  revision bump to fix security bug 245850 (CVE-2008-4989), straight to
+  stable on alpha amd64 hppa ia64 sparc x86 as tested on the mentioned bug
 
   05 Nov 2008; Daniel Black <dragonheart@gentoo.org> gnutls-2.6.0.ebuild:
   alternate and much better solution by loki_val
diff --git a/net-libs/gnutls/Manifest b/net-libs/gnutls/Manifest
index ecfaab14440e..07393234a2fc 100644
--- a/net-libs/gnutls/Manifest
+++ b/net-libs/gnutls/Manifest
@@ -1,3 +1,7 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX gnutls-2.2.5-CVE-2008-4989.patch 1241 RMD160 aa9afc5fc882fb2c348424a311bf7d72ac8280b3 SHA1 e4cd6fd26f320aa0a8fbe6ca2e57b819091e7c14 SHA256 f92e5fd0c98174ef1c485c1f2070fe8a103a211d1abbb12d625430651db43001
 AUX gnutls-2.3.11+gcc-4.3.patch 349 RMD160 192c663f741c6a2b6681b3873c199c64996d0000 SHA1 657ed9b73f7cfcbf348b94cff9f1ab9c2f8c7b59 SHA256 30dc6126ffa85a4765ca4724355759932990545c962ef2239fdb692af631e018
 AUX gnutls-2.6.0-cxx-configure.in.patch 451 RMD160 d449a7f5de65a6e8768b93dd30c0891dde66884c SHA1 628bc60599692f9d2753cc93ba4e6998552db3bc SHA256 8cfa6fa3ee545b4cd5845f4fa3b9017cddd22568c00222431136486a1b64f1bb
 DIST gnutls-2.2.5.tar.bz2 4920322 RMD160 dd48a780849fc81c0a688116984eab8f41ea8ebf SHA1 7620d092c790f0a5ac5486c3563786ca8777083d SHA256 cf2689bd5b5f095e27f7a1aa2246212ef9322c0707aeb104238e9eb0f925ae57
@@ -5,8 +9,16 @@ DIST gnutls-2.4.1.tar.bz2 4940118 RMD160 4e21a82047add916b8ccce8aa82c36b2c9bcff9
 DIST gnutls-2.5.4.tar.bz2 5035669 RMD160 ca8a46f2ead196fbf8b0bb85ba26a039bb189e10 SHA1 f73374eed8ff703834979558af1e0cf2d61919b2 SHA256 5309671f0eef1fcb5599d975c544f91b7d8ab19330838e1da0bcd08b152d9ff4
 DIST gnutls-2.6.0.tar.bz2 5112845 RMD160 1d92662edd64e93e658fc527f1dfbfc99ab3a1da SHA1 bbd9e5f3a77bfcbef5a769c67d1576e7a6e4bda5 SHA256 9270a3eab9a9371839af79be92d50b8b21e7fbe157ebe915edae8e352f4e9fb5
 EBUILD gnutls-2.2.5.ebuild 2025 RMD160 af9f9b2cec5ebd1b50a48eb9acae55014d01a464 SHA1 5450b5833019cb6bc809d1ab38dbc40651e8d9b4 SHA256 57732a9022e09682530e3e271b836852f0b9de06aa42fc2b0101df72a862091e
+EBUILD gnutls-2.4.1-r1.ebuild 2094 RMD160 a60a59f76a73b9cfee69f338099a64dd578b8d9e SHA1 b1c0492c2f600717c66a9336361607e2a590c2e1 SHA256 1872d4c6cbbe888f1438424caf2149dcaa7a62b231fe5efbb126e9fb35fb9e15
 EBUILD gnutls-2.4.1.ebuild 2042 RMD160 37348a20c0a3985f40494fb4db04b110470635a7 SHA1 3274aca625492b0fc34c8ff8d6314d68da74469d SHA256 5748c71e75cd46b8a7a3cd3f9a42453abed4d4c2684d3373388eadda2d4c11b6
 EBUILD gnutls-2.5.4.ebuild 2076 RMD160 eab3659e87dcab4aaf919ed4d53842e938911125 SHA1 32969e57d5b3603465d372f2a49e14e9fd50cbf2 SHA256 198f071b5928267e9421343fdc60ba1b08b2565d74aee542564e574971b446dc
 EBUILD gnutls-2.6.0.ebuild 2355 RMD160 d74daf324001c81895b6fbee134ab8401b05f1ea SHA1 74782652c764905062d59519400d708c3b4d5f37 SHA256 c9cff64b80654593aef81229dc6d2f52f87fb66fa1a8ab99101b6daba58e99e6
-MISC ChangeLog 24746 RMD160 4a451c4fa746fc5991c1c6a74ed87d8d5ea3605e SHA1 dd7e59cd33360d1d91bd87c2f01ea3dad9fa963f SHA256 aa31528c3e71276f1c0f05da9759c8de90e44663c9905da8d89448c8fdc68544
+MISC ChangeLog 25043 RMD160 e0ddc59e2167bbb6abb7bf1671002e6b3032c6d3 SHA1 9bf6bf49b02169fce368fca54fae4cf5d5df4376 SHA256 4580e7ebe7bd8869611c7101ac250ba285f2160fc70d0ea68bdbf051e8860d60
 MISC metadata.xml 160 RMD160 61ea9f9370afee3db802f40f7c6b2edd2f5347cf SHA1 51cf29a3589cff823294704e225b0de18f65e6dd SHA256 7419f4e73ddd07284403525f1380824fc68280cad69e2dfae0645ad52b33ef10
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.9 (GNU/Linux)
+
+iEYEARECAAYFAkkYTLAACgkQSamB34AN3N6jPwCdElGbciwshvMNQECafxGg7RhG
+x5gAn1N5hu5BlNzXAahhgMnUTHLbO95l
+=hXem
+-----END PGP SIGNATURE-----
diff --git a/net-libs/gnutls/files/gnutls-2.2.5-CVE-2008-4989.patch b/net-libs/gnutls/files/gnutls-2.2.5-CVE-2008-4989.patch
new file mode 100644
index 000000000000..fc4d80f2544c
--- /dev/null
+++ b/net-libs/gnutls/files/gnutls-2.2.5-CVE-2008-4989.patch
@@ -0,0 +1,38 @@
+--- gnutls-2.4.1/lib/x509/verify.c.orig	2008-07-01 06:45:51.000000000 +1000
++++ gnutls-2.4.1/lib/x509/verify.c	2008-11-07 16:48:08.000000000 +1100
+@@ -376,6 +376,17 @@
+   int i = 0, ret;
+   unsigned int status = 0, output;
+ 
++  /* Check if the last certificate in the path is self signed.
++   * In that case ignore it (a certificate is trusted only if it
++   * leads to a trusted party by us, not the server's).
++   */
++  if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
++                                   certificate_list[clist_size - 1]) > 0
++      && clist_size > 0)
++    {
++      clist_size--;
++    }
++
+   /* Verify the last certificate in the certificate path
+    * against the trusted CA certificate list.
+    *
+@@ -414,17 +425,6 @@
+     }
+ #endif
+ 
+-  /* Check if the last certificate in the path is self signed.
+-   * In that case ignore it (a certificate is trusted only if it
+-   * leads to a trusted party by us, not the server's).
+-   */
+-  if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+-				    certificate_list[clist_size - 1]) > 0
+-      && clist_size > 0)
+-    {
+-      clist_size--;
+-    }
+-
+   /* Verify the certificate path (chain) 
+    */
+   for (i = clist_size - 1; i > 0; i--)
diff --git a/net-libs/gnutls/gnutls-2.4.1-r1.ebuild b/net-libs/gnutls/gnutls-2.4.1-r1.ebuild
new file mode 100644
index 000000000000..23286a635b70
--- /dev/null
+++ b/net-libs/gnutls/gnutls-2.4.1-r1.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-libs/gnutls/gnutls-2.4.1-r1.ebuild,v 1.1 2008/11/10 15:00:56 hoffie Exp $
+
+inherit libtool eutils
+
+DESCRIPTION="A TLS 1.0 and SSL 3.0 implementation for the GNU project"
+HOMEPAGE="http://www.gnutls.org/"
+SRC_URI="http://www.gnu.org/software/gnutls/releases/${P}.tar.bz2"
+#SRC_URI="mirror://gnu/gnutls/${P}.tar.bz2"
+
+# GPL-3 for the gnutls-extras library and LGPL for the gnutls library.
+LICENSE="LGPL-2.1 GPL-3"
+SLOT="0"
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd"
+IUSE="zlib lzo doc nls guile bindist"
+
+RDEPEND="dev-libs/libgpg-error
+	>=dev-libs/libgcrypt-1.2.4
+	>=dev-libs/libtasn1-0.3.4
+	nls? ( virtual/libintl )
+	guile? ( dev-scheme/guile )
+	zlib? ( >=sys-libs/zlib-1.1 )
+	!bindist? ( lzo? ( >=dev-libs/lzo-2 ) )"
+DEPEND="${RDEPEND}
+	sys-devel/libtool
+	doc? ( dev-util/gtk-doc )
+	nls? ( sys-devel/gettext )"
+
+pkg_setup() {
+	if use guile && ! built_with_use dev-scheme/guile networking; then
+		eerror "You are trying to compile ${PN} package with USE=\"guile\""
+		eerror "while dev-scheme/guile does not have USE=\"networking\""
+		die
+	fi
+	if use lzo && use bindist; then
+		ewarn "lzo support was disabled for binary distribution of gnutls"
+		ewarn "due to licensing issues. See Bug 202381 for details."
+		epause 5
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/${PN}-2.3.11+gcc-4.3.patch
+	pwd
+	epatch "${FILESDIR}"/gnutls-2.2.5-CVE-2008-4989.patch
+
+	elibtoolize # for sane .so versioning on FreeBSD
+}
+
+src_compile() {
+	local myconf
+	use bindist && myconf="--without-lzo" || myconf="$(use_with lzo)"
+	econf  \
+		$(use_with zlib) \
+		$(use_enable nls) \
+		$(use_enable guile) \
+		$(use_enable doc gtk-doc) \
+		${myconf}
+	emake || die
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die
+
+	dodoc AUTHORS ChangeLog NEWS \
+		README THANKS doc/TODO
+
+	if use doc ; then
+		dodoc doc/README.autoconf doc/tex/gnutls.ps
+		docinto examples
+		dodoc doc/examples/*.c
+	fi
+}
author	Christian Hoffmann <hoffie@gentoo.org>	2008-11-10 15:00:56 +0000
committer	Christian Hoffmann <hoffie@gentoo.org>	2008-11-10 15:00:56 +0000
commit	ea466dd4c72e5773c70dc1802bfe8bab194bfbfb (patch)
tree	dd5069ea79f27ef9aaf8d4fd54f1380de4aec72c /net-libs/gnutls
parent	move to ~mips (diff)
download	historical-ea466dd4c72e5773c70dc1802bfe8bab194bfbfb.tar.gz historical-ea466dd4c72e5773c70dc1802bfe8bab194bfbfb.tar.bz2 historical-ea466dd4c72e5773c70dc1802bfe8bab194bfbfb.zip