diff options
author | wiz <wiz> | 2009-02-21 13:45:31 +0000 |
---|---|---|
committer | wiz <wiz> | 2009-02-21 13:45:31 +0000 |
commit | 6cf5bfe8bb6f518c82e4f841da065fab87654ed0 (patch) | |
tree | e5a55fecbf983fa34ec9584c01eba9df6ae93143 /security/gnutls/patches | |
parent | 8cc8a1516cbe5644a41cf56ea1dd2a9dface1fd0 (diff) | |
download | pkgsrc-6cf5bfe8bb6f518c82e4f841da065fab87654ed0.tar.gz |
Update to 2.6.4:
* Version 2.6.4 (released 2009-02-06)
** libgnutls: Accept chains where intermediary certs are trusted.
Before GnuTLS needed to validate the entire chain back to a
self-signed certificate. GnuTLS will now stop looking when it has
found an intermediary trusted certificate. The new behaviour is
useful when chains, for example, contains a top-level CA, an
intermediary CA signed using RSA-MD5, and an end-entity certificate.
To avoid chain validation errors due to the RSA-MD5 cert, you can
explicitly add the intermediary RSA-MD5 cert to your trusted certs.
The signature on trusted certificates are not checked, so the chain
has a chance to validate correctly. Reported by "Douglas E. Engert"
<deengert@anl.gov> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
** libgnutls: result_size in gnutls_hex_encode now holds
the size of the result. Report by John Brooks <special@dereferenced.net>.
** libgnutls: gnutls_handshake when sending client hello during a
rehandshake, will not offer a version number larger than the current.
Reported by Tristan Hill <stan@saticed.me.uk>.
** libgnutls: Permit V1 Certificate Authorities properly.
Before they were mistakenly rejected even though
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
"Douglas E. Engert" <deengert@anl.gov> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
This is a bugfix -- the previous attempt to do this from internal x509
certificate verification procedures did not return the correct value
for certificates using a weak hash. Reported by Daniel Kahn Gillmor
<dkg@fifthhorseman.net> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
Gillmor <dkg@fifthhorseman.net>.
** libgnutls: Fix compile error with Sun CC.
Reported by Jeff Cai <jeff.cai@sun.com> in
<https://savannah.gnu.org/support/?106549>.
Diffstat (limited to 'security/gnutls/patches')
-rw-r--r-- | security/gnutls/patches/patch-ag | 13 | ||||
-rw-r--r-- | security/gnutls/patches/patch-ah | 13 |
2 files changed, 0 insertions, 26 deletions
diff --git a/security/gnutls/patches/patch-ag b/security/gnutls/patches/patch-ag deleted file mode 100644 index 16f253e719e..00000000000 --- a/security/gnutls/patches/patch-ag +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ag,v 1.3 2008/10/29 11:38:09 shannonjr Exp $ - ---- lib/mpi-libgcrypt.c.orig 2008-10-05 07:41:43.000000000 -0600 -+++ lib/mpi-libgcrypt.c -@@ -120,7 +120,7 @@ wrap_gcry_mpi_get_nbits (bigint_t a) - static void - wrap_gcry_mpi_release (bigint_t a) - { -- return gcry_mpi_release (a); -+ gcry_mpi_release (a); - } - - #undef _gnutls_mpi_alloc_like diff --git a/security/gnutls/patches/patch-ah b/security/gnutls/patches/patch-ah deleted file mode 100644 index e182a1ccaf8..00000000000 --- a/security/gnutls/patches/patch-ah +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ah,v 1.1 2008/10/29 11:38:09 shannonjr Exp $ - ---- lib/mac-libgcrypt.c.orig 2008-10-05 07:41:43.000000000 -0600 -+++ lib/mac-libgcrypt.c -@@ -93,7 +93,7 @@ wrap_gcry_md_copy (void **bhd, void *ahd - static void - wrap_gcry_md_close (void *hd) - { -- return gcry_md_close (hd); -+ gcry_md_close (hd); - } - - static int |