summaryrefslogtreecommitdiff
path: root/security/gnutls/patches
diff options
context:
space:
mode:
authorwiz <wiz>2009-02-21 13:45:31 +0000
committerwiz <wiz>2009-02-21 13:45:31 +0000
commit6cf5bfe8bb6f518c82e4f841da065fab87654ed0 (patch)
treee5a55fecbf983fa34ec9584c01eba9df6ae93143 /security/gnutls/patches
parent8cc8a1516cbe5644a41cf56ea1dd2a9dface1fd0 (diff)
downloadpkgsrc-6cf5bfe8bb6f518c82e4f841da065fab87654ed0.tar.gz
Update to 2.6.4:
* Version 2.6.4 (released 2009-02-06) ** libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: result_size in gnutls_hex_encode now holds the size of the result. Report by John Brooks <special@dereferenced.net>. ** libgnutls: gnutls_handshake when sending client hello during a rehandshake, will not offer a version number larger than the current. Reported by Tristan Hill <stan@saticed.me.uk>. ** libgnutls: Permit V1 Certificate Authorities properly. Before they were mistakenly rejected even though GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. This is a bugfix -- the previous attempt to do this from internal x509 certificate verification procedures did not return the correct value for certificates using a weak hash. Reported by Daniel Kahn Gillmor <dkg@fifthhorseman.net> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn Gillmor <dkg@fifthhorseman.net>. ** libgnutls: Fix compile error with Sun CC. Reported by Jeff Cai <jeff.cai@sun.com> in <https://savannah.gnu.org/support/?106549>.
Diffstat (limited to 'security/gnutls/patches')
-rw-r--r--security/gnutls/patches/patch-ag13
-rw-r--r--security/gnutls/patches/patch-ah13
2 files changed, 0 insertions, 26 deletions
diff --git a/security/gnutls/patches/patch-ag b/security/gnutls/patches/patch-ag
deleted file mode 100644
index 16f253e719e..00000000000
--- a/security/gnutls/patches/patch-ag
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ag,v 1.3 2008/10/29 11:38:09 shannonjr Exp $
-
---- lib/mpi-libgcrypt.c.orig 2008-10-05 07:41:43.000000000 -0600
-+++ lib/mpi-libgcrypt.c
-@@ -120,7 +120,7 @@ wrap_gcry_mpi_get_nbits (bigint_t a)
- static void
- wrap_gcry_mpi_release (bigint_t a)
- {
-- return gcry_mpi_release (a);
-+ gcry_mpi_release (a);
- }
-
- #undef _gnutls_mpi_alloc_like
diff --git a/security/gnutls/patches/patch-ah b/security/gnutls/patches/patch-ah
deleted file mode 100644
index e182a1ccaf8..00000000000
--- a/security/gnutls/patches/patch-ah
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ah,v 1.1 2008/10/29 11:38:09 shannonjr Exp $
-
---- lib/mac-libgcrypt.c.orig 2008-10-05 07:41:43.000000000 -0600
-+++ lib/mac-libgcrypt.c
-@@ -93,7 +93,7 @@ wrap_gcry_md_copy (void **bhd, void *ahd
- static void
- wrap_gcry_md_close (void *hd)
- {
-- return gcry_md_close (hd);
-+ gcry_md_close (hd);
- }
-
- static int