[vlc-commits] contrib: gnutls: update to current stable 3.5.18
vlc/vlc-3.0 | branch: master | Steve Lhomme | Thu Mar 29 08:54:44 2018 +0200| [1e785499537da8f1f779d71e93d93e565b62f900] | committer: Jean-Baptiste Kempf contrib: gnutls: update to current stable 3.5.18 (cherry picked from commit 1a49a339391f583032d711685cd950b23434d1f4) Signed-off-by: Jean-Baptiste Kempf > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=1e785499537da8f1f779d71e93d93e565b62f900 --- contrib/src/gnutls/32b5628-upstream.patch | 42 --- contrib/src/gnutls/SHA512SUMS | 2 +- contrib/src/gnutls/rules.mak | 3 +-- 3 files changed, 2 insertions(+), 45 deletions(-) diff --git a/contrib/src/gnutls/32b5628-upstream.patch b/contrib/src/gnutls/32b5628-upstream.patch deleted file mode 100644 index 70ffdce4ed..00 --- a/contrib/src/gnutls/32b5628-upstream.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 32b56287cc9d07dfbbc2ee21b70a8fbe1f2d9f2f Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Sat, 30 Dec 2017 19:57:08 +0100 -Subject: [PATCH] x509/verify: when verifying against a self signed certificate ignore issuer - -That is, ignore issuer when checking the issuer's parameters strength. That -resolves the issue of marking self-signed certificates as with insecure -parameters during verification. - -Resolves #347 - -Signed-off-by: Nikos Mavrogiannopoulos - lib/x509/verify.c | 12 +++- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/lib/x509/verify.c b/lib/x509/verify.c -index 26b1ab3..a59e637 100644 a/lib/x509/verify.c -+++ b/lib/x509/verify.c -@@ -431,11 +431,13 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned - _gnutls_debug_log(#level": certificate's security level is unacceptable\n"); \ - return gnutls_assert_val(0); \ - } \ -- sp = gnutls_pk_bits_to_sec_param(issuer_pkalg, issuer_bits); \ -- if (sp < level) { \ -- _gnutls_cert_log("issuer", issuer); \ -- _gnutls_debug_log(#level": certificate's issuer security level is unacceptable\n"); \ -- return gnutls_assert_val(0); \ -+ if (issuer) { \ -+ sp = gnutls_pk_bits_to_sec_param(issuer_pkalg, issuer_bits); \ -+ if (sp < level) { \ -+ _gnutls_cert_log("issuer", issuer); \ -+ _gnutls_debug_log(#level": certificate's issuer security level is unacceptable\n"); \ -+ return gnutls_assert_val(0); \ -+ } \ - } \ - break; - --- -libgit2 0.26.0 - diff --git a/contrib/src/gnutls/SHA512SUMS b/contrib/src/gnutls/SHA512SUMS index e5e3af8db4..79bb5eed37 100644 --- a/contrib/src/gnutls/SHA512SUMS +++ b/contrib/src/gnutls/SHA512SUMS @@ -1 +1 @@ -451d3167be599ed8e0333dd7c9f8501fcb47b7aa871aeb461c368381c0b7ecd7e2026ec35dbbb2aa685cb2c3a22e9296e0a0699409e3744b731c1bb7e7e69f07 gnutls-3.5.16.tar.xz +434cf33a4221fe2edce1b531cb53690d14a0991cb2056006021f625fb018987351f8ec917c3a7803e5e64179cf1647a3002ae783736ffca3188d2d294b76df52 gnutls-3.5.18.tar.xz diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak index 9cd29beead..c8454d4d13 100644 --- a/contrib/src/gnutls/rules.mak +++ b/contrib/src/gnutls/rules.mak @@ -1,6 +1,6 @@ # GnuTLS -GNUTLS_VERSION := 3.5.16 +GNUTLS_VERSION := 3.5.18 GNUTLS_URL := ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-$(GNUTLS_VERSION).tar.xz ifdef BUILD_NETWORK @@ -19,7 +19,6 @@ $(TARBALLS)/gnutls-$(GNUTLS_VERSION).tar.xz: gnutls: gnutls-$(GNUTLS_VERSION).tar.xz .sum-gnutls $(UNPACK) - $(APPLY) $(SRC)/gnutls/32b5628-upstream.patch $(APPLY) $(SRC)/gnutls/gnutls-pkgconfig-static.patch ifdef HAVE_WIN32 $(APPLY) $(SRC)/gnutls/gnutls-win32.patch ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
[vlc-commits] contrib: gnutls: update to current stable 3.5.18
vlc | branch: master | Steve Lhomme | Thu Mar 29 08:54:44 2018 +0200| [1a49a339391f583032d711685cd950b23434d1f4] | committer: Steve Lhomme contrib: gnutls: update to current stable 3.5.18 > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=1a49a339391f583032d711685cd950b23434d1f4 --- contrib/src/gnutls/32b5628-upstream.patch | 42 --- contrib/src/gnutls/SHA512SUMS | 2 +- contrib/src/gnutls/rules.mak | 3 +-- 3 files changed, 2 insertions(+), 45 deletions(-) diff --git a/contrib/src/gnutls/32b5628-upstream.patch b/contrib/src/gnutls/32b5628-upstream.patch deleted file mode 100644 index 70ffdce4ed..00 --- a/contrib/src/gnutls/32b5628-upstream.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 32b56287cc9d07dfbbc2ee21b70a8fbe1f2d9f2f Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Sat, 30 Dec 2017 19:57:08 +0100 -Subject: [PATCH] x509/verify: when verifying against a self signed certificate ignore issuer - -That is, ignore issuer when checking the issuer's parameters strength. That -resolves the issue of marking self-signed certificates as with insecure -parameters during verification. - -Resolves #347 - -Signed-off-by: Nikos Mavrogiannopoulos - lib/x509/verify.c | 12 +++- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/lib/x509/verify.c b/lib/x509/verify.c -index 26b1ab3..a59e637 100644 a/lib/x509/verify.c -+++ b/lib/x509/verify.c -@@ -431,11 +431,13 @@ unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned - _gnutls_debug_log(#level": certificate's security level is unacceptable\n"); \ - return gnutls_assert_val(0); \ - } \ -- sp = gnutls_pk_bits_to_sec_param(issuer_pkalg, issuer_bits); \ -- if (sp < level) { \ -- _gnutls_cert_log("issuer", issuer); \ -- _gnutls_debug_log(#level": certificate's issuer security level is unacceptable\n"); \ -- return gnutls_assert_val(0); \ -+ if (issuer) { \ -+ sp = gnutls_pk_bits_to_sec_param(issuer_pkalg, issuer_bits); \ -+ if (sp < level) { \ -+ _gnutls_cert_log("issuer", issuer); \ -+ _gnutls_debug_log(#level": certificate's issuer security level is unacceptable\n"); \ -+ return gnutls_assert_val(0); \ -+ } \ - } \ - break; - --- -libgit2 0.26.0 - diff --git a/contrib/src/gnutls/SHA512SUMS b/contrib/src/gnutls/SHA512SUMS index e5e3af8db4..79bb5eed37 100644 --- a/contrib/src/gnutls/SHA512SUMS +++ b/contrib/src/gnutls/SHA512SUMS @@ -1 +1 @@ -451d3167be599ed8e0333dd7c9f8501fcb47b7aa871aeb461c368381c0b7ecd7e2026ec35dbbb2aa685cb2c3a22e9296e0a0699409e3744b731c1bb7e7e69f07 gnutls-3.5.16.tar.xz +434cf33a4221fe2edce1b531cb53690d14a0991cb2056006021f625fb018987351f8ec917c3a7803e5e64179cf1647a3002ae783736ffca3188d2d294b76df52 gnutls-3.5.18.tar.xz diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak index dfc31eec6f..b26d7c8350 100644 --- a/contrib/src/gnutls/rules.mak +++ b/contrib/src/gnutls/rules.mak @@ -1,6 +1,6 @@ # GnuTLS -GNUTLS_VERSION := 3.5.16 +GNUTLS_VERSION := 3.5.18 GNUTLS_URL := ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-$(GNUTLS_VERSION).tar.xz ifdef BUILD_NETWORK @@ -19,7 +19,6 @@ $(TARBALLS)/gnutls-$(GNUTLS_VERSION).tar.xz: gnutls: gnutls-$(GNUTLS_VERSION).tar.xz .sum-gnutls $(UNPACK) - $(APPLY) $(SRC)/gnutls/32b5628-upstream.patch $(APPLY) $(SRC)/gnutls/gnutls-pkgconfig-static.patch ifdef HAVE_WIN32 $(APPLY) $(SRC)/gnutls/gnutls-win32.patch ___ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits