Pullup ticket 1830 - requested by wiz

security update for gnutls

Revisions pulled up:
- pkgsrc/security/gnutls/Makefile		1.50, 1.51, 1.52
- pkgsrc/security/gnutls/PLIST			1.22
- pkgsrc/security/gnutls/distinfo		1.29, 1.30, 1.31

   Module Name:		pkgsrc
   Committed By:	wiz
   Date:		Mon Jul 17 17:02:02 UTC 2006

   Modified Files:
   	pkgsrc/security/gnutls: Makefile PLIST distinfo

   Log Message:
   Update to 1.4.1:

   * Version 1.4.1 (released 2006-06-14)

   ** Replaced inactive ifdefs to enable openpgp support in test programs.

   ** Fixed bug in OpenPGP authentication handshake.

   ** Fixed typographical in man pages.

   ** Build fixes of the manual.

   ** Added Swedish translation.

   ** API and ABI modifications:
   No changes since last version.
---
   Module Name:		pkgsrc
   Committed By:	wiz
   Date:		Sun Sep 10 21:12:21 UTC 2006

   Modified Files:
   	pkgsrc/security/gnutls: Makefile distinfo

   Log Message:
   Update to 1.4.3:

   * Version 1.4.3 (released 2006-09-08)

   ** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's
   ** Crypto 06 rump session attack.
   In particular, we check that the digestAlgorithm.parameters field is
   empty, to avoid that it can contain "garbage" that may be used to
   alter the numeric properties of the signature.  See
   <http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
   not exactly the same as the problem we fix here).  Reported by Yutaka
   OIWA <y.oiwa@aist.go.jp>.

   See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more
   up to date information.

   ** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.
   See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>.
   Reported by Werner Koch <wk@gnupg.org>.

   See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more
   up to date information.

   ** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.

   ** API and ABI modifications:
   No changes since last version.

   * Version 1.4.2 (released 2006-08-12)

   ** Fix a crash (strcmp() on a NULL value) in the certificate verification logic.
   This can happen if you call gnutls_certificate_verify_peers2 and have
   a certain mix of local CA certificates and the peer send special
   certificates, that together trigger certain behaviour.  It is not
   known at this point whether the crash can be triggered without the
   special local CA certificate, and thus turn this into a remote crash
   of clients that verify server certificates when they talk to a server
   with the special server certificate.  See GNUTLS-SA-2006-2 on
   http://www.gnu.org/software/gnutls/security.html for more up to date
   information.  Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>.

   ** Change SRP and Cert-Type extensions to match IANA registry.

   ** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support.

   ** Make --without-included-libtasn1 work.
   Reported by Daniel Black <dragonheart@gentoo.org>.

   ** API and ABI modifications:
   No changes since last version.
---
   Module Name:		pkgsrc
   Committed By:	wiz
   Date:		Sat Sep 16 06:21:22 UTC 2006

   Modified Files:
   	pkgsrc/security/gnutls: Makefile distinfo

   Log Message:
   Update to 1.4.4:

   * Version 1.4.4 (released 2006-09-12)

   ** Relax the test that caught signatures that exploit the variant of
   ** Bleichenbacher's Crypto 06 rump session attack on our
   ** verification logic flaw.
   In particular, we now permit the digestAlgorithm.parameters field to
   be present but empty, whereas in 1.4.3 we actually checked that the
   field was absent.

   ** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem.
   The messages are only printed in debug mode, which is not recommended
   for normal use, and thus logging this situation cannot be abused as an
   oracle in typical recommended situations.

   ** API and ABI modifications:
   No changes since last version.

3 files changed, 8 insertions, 7 deletions

diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile
index 7cbc6dd242b..6fa691a1122 100644
--- a/security/gnutls/Makefile
+++ b/security/gnutls/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.49 2006/05/17 21:50:22 wiz Exp $
+# $NetBSD: Makefile,v 1.49.2.1 2006/09/17 09:09:38 salo Exp $
 
-DISTNAME=	gnutls-1.4.0
+DISTNAME=	gnutls-1.4.4
 CATEGORIES=	security devel
 MASTER_SITES=	http://josefsson.org/gnutls/releases/ \
 		ftp://ftp.gnutls.org/pub/gnutls/ \
diff --git a/security/gnutls/PLIST b/security/gnutls/PLIST
index a823184f4e5..0c8fc061488 100644
--- a/security/gnutls/PLIST
+++ b/security/gnutls/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.21 2006/05/17 21:50:22 wiz Exp $
+@comment $NetBSD: PLIST,v 1.21.2.1 2006/09/17 09:09:38 salo Exp $
 bin/certtool
 bin/gnutls-cli
 bin/gnutls-cli-debug
@@ -449,6 +449,7 @@ share/examples/gnutls/tcp.c
 share/locale/en@boldquot/LC_MESSAGES/gnutls.mo
 share/locale/en@quot/LC_MESSAGES/gnutls.mo
 share/locale/pl/LC_MESSAGES/gnutls.mo
+share/locale/sv/LC_MESSAGES/gnutls.mo
 @dirrm share/examples/gnutls
 @dirrm share/doc/gnutls
 @dirrm include/gnutls
diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo
index cdae81eca9a..8e7f3378d7b 100644
--- a/security/gnutls/distinfo
+++ b/security/gnutls/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.28 2006/05/17 21:50:22 wiz Exp $
+$NetBSD: distinfo,v 1.28.2.1 2006/09/17 09:09:38 salo Exp $
 
-SHA1 (gnutls-1.4.0.tar.bz2) = 71c2df8072796592bb20910f3554923b4178b352
-RMD160 (gnutls-1.4.0.tar.bz2) = f3af3a76a630244e82461cdb804b09218f79eff5
-Size (gnutls-1.4.0.tar.bz2) = 3281324 bytes
+SHA1 (gnutls-1.4.4.tar.bz2) = 8f6ee112c8d93dd726e8e3d0e3fbf234f085a2cd
+RMD160 (gnutls-1.4.4.tar.bz2) = a31dfe33934ddf2500ae0e6c67aa265cd5b9ede4
+Size (gnutls-1.4.4.tar.bz2) = 4048916 bytes
 SHA1 (patch-ab) = 503bf7fa154341504db7ba3b5c6602627ff27dc5