diff options
| author |   Gilles Dartiguelongue <eva@gentoo.org> | 2009-07-26 18:08:11 +0000 |
|---|---|---|
| committer | Gilles Dartiguelongue <eva@gentoo.org> | 2009-07-26 18:08:11 +0000 |
| commit | 3bb9c5d49c66ed623ccfe821aa88c770c3a7731c (patch) | |
| tree | b7e6ec3a48f0a1d05ea41ff7dff1457fa3bee7eb /net-libs | |
| parent | Correct description (diff) | |
| download | gentoo-2-3bb9c5d49c66ed623ccfe821aa88c770c3a7731c.tar.gz gentoo-2-3bb9c5d49c66ed623ccfe821aa88c770c3a7731c.tar.bz2 gentoo-2-3bb9c5d49c66ed623ccfe821aa88c770c3a7731c.zip | |
Version bump. Bug fixes. Include patch for gnutls from distributor list.
(Portage version: 2.2_rc33/cvs/Linux x86_64)
Diffstat (limited to 'net-libs')
| -rw-r--r-- | net-libs/libsoup/ChangeLog | 9 | ||||
| -rw-r--r-- | net-libs/libsoup/files/libsoup-2.26.3-gnutls-strict.patch | 42 | ||||
| -rw-r--r-- | net-libs/libsoup/libsoup-2.26.3.ebuild (renamed from net-libs/libsoup/libsoup-2.26.1.ebuild) | 9 |
3 files changed, 56 insertions, 4 deletions
diff --git a/net-libs/libsoup/ChangeLog b/net-libs/libsoup/ChangeLog index 5d9aba05de9c..61c3ecdb4a16 100644 --- a/net-libs/libsoup/ChangeLog +++ b/net-libs/libsoup/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-libs/libsoup # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/libsoup/ChangeLog,v 1.191 2009/07/26 04:56:14 dirtyepic Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/libsoup/ChangeLog,v 1.192 2009/07/26 18:08:09 eva Exp $ + +*libsoup-2.26.3 (26 Jul 2009) + + 26 Jul 2009; Gilles Dartiguelongue <eva@gentoo.org> + -libsoup-2.26.1.ebuild, +libsoup-2.26.3.ebuild, + +files/libsoup-2.26.3-gnutls-strict.patch: + Version bump. Bug fixes. Include patch for gnutls from distributor list. 26 Jul 2009; Ryan Hill <dirtyepic@gentoo.org> libsoup-2.2.105-r2.ebuild, +files/libsoup-2.2.105-dprintf.patch: diff --git a/net-libs/libsoup/files/libsoup-2.26.3-gnutls-strict.patch b/net-libs/libsoup/files/libsoup-2.26.3-gnutls-strict.patch new file mode 100644 index 000000000000..5459e8c063e8 --- /dev/null +++ b/net-libs/libsoup/files/libsoup-2.26.3-gnutls-strict.patch @@ -0,0 +1,42 @@ +From 139502583e065520e1c7a31e73c6e68969153d70 Mon Sep 17 00:00:00 2001 +From: Patrick Ohly <patrick.ohly@gmx.de> +Date: Thu, 23 Jul 2009 16:03:34 +0200 +Subject: [PATCH] Allow version 1 CA certificates in clients + +This is done by setting the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT +flag while setting up the credentials and parsing the CA certificate +file. This is necessary because without it, some releases of gnutls +reject certificates that are currently in use by major sites, including +Google. + +Setting the flag is safe in libsoup because the file is meant to +contain only CA certificates. The main weakness around version 1 +certs is that personal certificates could be mistaken for CA certs, +which shouldn't happen if libsoup is used as intended. + +Servers don't have the possibility to verify their clients, so this +problem doesn't apply to them. + +http://bugzilla.gnome.org/show_bug.cgi?id=589323 +--- + libsoup/soup-gnutls.c | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c +index 46b4188..b4f0876 100644 +--- a/libsoup/soup-gnutls.c ++++ b/libsoup/soup-gnutls.c +@@ -529,6 +529,10 @@ soup_ssl_get_client_credentials (const char *ca_file) + creds = g_slice_new0 (SoupSSLCredentials); + gnutls_certificate_allocate_credentials (&creds->creds); + ++ /* http://bugzilla.gnome.org/show_bug.cgi?id=589323 */ ++ gnutls_certificate_set_verify_flags (creds->creds, ++ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); ++ + if (ca_file) { + creds->have_ca_file = TRUE; + status = gnutls_certificate_set_x509_trust_file ( +-- +1.6.3.3 + diff --git a/net-libs/libsoup/libsoup-2.26.1.ebuild b/net-libs/libsoup/libsoup-2.26.3.ebuild index b3393bc483c6..48103876557c 100644 --- a/net-libs/libsoup/libsoup-2.26.1.ebuild +++ b/net-libs/libsoup/libsoup-2.26.3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2009 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-libs/libsoup/libsoup-2.26.1.ebuild,v 1.12 2009/05/20 19:27:54 ranger Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-libs/libsoup/libsoup-2.26.3.ebuild,v 1.1 2009/07/26 18:08:09 eva Exp $ EAPI="2" @@ -11,7 +11,7 @@ HOMEPAGE="http://www.gnome.org/" LICENSE="LGPL-2" SLOT="2.4" -KEYWORDS="alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" # Do NOT build with --disable-debug/--enable-debug=no - gnome2.eclass takes care of that IUSE="debug doc gnome ssl" @@ -30,7 +30,7 @@ DEPEND="${RDEPEND} # dev-lang/php # net-misc/curl ) -DOCS="AUTHORS ChangeLog NEWS README" +DOCS="AUTHORS NEWS README" pkg_setup() { G2CONF="${G2CONF} @@ -42,6 +42,9 @@ pkg_setup() { src_prepare() { gnome2_src_prepare + # Allow validation of common certificates, upstream bug #589323 + epatch "${FILESDIR}/${PN}-2.26.3-gnutls-strict.patch" + # Fix test to follow POSIX (for x86-fbsd) # No patch to prevent having to eautoreconf sed -e 's/\(test.*\)==/\1=/g' -i configure.in configure || die "sed failed" |