net-libs/gnutls-3.6.13 fails to properly handle TLS certificate expiry in a chain of certificates, effectively breaking since today https sites that ought to continue to be working, due to expiration of AddTrust root certificate. For example adblockplus filters for epiphany can't be retrieved anymore. https://mail.gnome.org/archives/distributor-list/2020-June/msg00000.html https://gitlab.com/gnutls/gnutls/-/issues/1008 https://gitlab.com/gnutls/gnutls/-/merge_requests/1271 https://gitlab.com/gnutls/gnutls/-/merge_requests/1271.patch Please consider it urgent to get the last link patch included in a stable revision.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7402bdfcb5c3017b29d80d60312804b4b3fbebd commit f7402bdfcb5c3017b29d80d60312804b4b3fbebd Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-06-01 19:01:34 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-01 19:17:15 +0000 net-libs/gnutls: rev bump to fix handling of expired root certificates Link: https://gitlab.com/gnutls/gnutls/-/issues/1008 Closes: https://bugs.gentoo.org/726650 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> ...s-3.6.13-handle-expired-root-certificates.patch | 391 +++++++++++++++++++++ ...nutls-3.6.13.ebuild => gnutls-3.6.13-r1.ebuild} | 2 + 2 files changed, 393 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=617b767f5022f81117e028e258d8b0e008594a31 commit 617b767f5022f81117e028e258d8b0e008594a31 Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2020-06-02 16:48:35 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2020-06-02 17:13:18 +0000 app-misc/ca-certificates: bump Bump to unreleased latest Debian sources which haven't been formally announced but are available via the Debian git systems. Removes expired AddTrust External CA root causing problems with GnuTLS & OpenSSL 1.0. Closes: https://bugs.gentoo.org/726412 Bug: https://bugs.gentoo.org/show_bug.cgi?id=726650 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> app-misc/ca-certificates/Manifest | 1 + .../ca-certificates-20200601.3.53.ebuild | 192 +++++++++++++++++++++ 2 files changed, 193 insertions(+)