diff options
| author | wiz <wiz> | 2009-02-21 13:45:31 +0000 |
|---|---|---|
| committer | wiz <wiz> | 2009-02-21 13:45:31 +0000 |
| commit | 6cf5bfe8bb6f518c82e4f841da065fab87654ed0 (patch) | |
| tree | e5a55fecbf983fa34ec9584c01eba9df6ae93143 /security/gnutls | |
| parent | 8cc8a1516cbe5644a41cf56ea1dd2a9dface1fd0 (diff) | |
| download | pkgsrc-6cf5bfe8bb6f518c82e4f841da065fab87654ed0.tar.gz | |
Update to 2.6.4:
* Version 2.6.4 (released 2009-02-06)
** libgnutls: Accept chains where intermediary certs are trusted.
Before GnuTLS needed to validate the entire chain back to a
self-signed certificate. GnuTLS will now stop looking when it has
found an intermediary trusted certificate. The new behaviour is
useful when chains, for example, contains a top-level CA, an
intermediary CA signed using RSA-MD5, and an end-entity certificate.
To avoid chain validation errors due to the RSA-MD5 cert, you can
explicitly add the intermediary RSA-MD5 cert to your trusted certs.
The signature on trusted certificates are not checked, so the chain
has a chance to validate correctly. Reported by "Douglas E. Engert"
<deengert@anl.gov> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
** libgnutls: result_size in gnutls_hex_encode now holds
the size of the result. Report by John Brooks <special@dereferenced.net>.
** libgnutls: gnutls_handshake when sending client hello during a
rehandshake, will not offer a version number larger than the current.
Reported by Tristan Hill <stan@saticed.me.uk>.
** libgnutls: Permit V1 Certificate Authorities properly.
Before they were mistakenly rejected even though
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
"Douglas E. Engert" <deengert@anl.gov> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
This is a bugfix -- the previous attempt to do this from internal x509
certificate verification procedures did not return the correct value
for certificates using a weak hash. Reported by Daniel Kahn Gillmor
<dkg@fifthhorseman.net> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
Gillmor <dkg@fifthhorseman.net>.
** libgnutls: Fix compile error with Sun CC.
Reported by Jeff Cai <jeff.cai@sun.com> in
<https://savannah.gnu.org/support/?106549>.
Diffstat (limited to 'security/gnutls')
| -rw-r--r-- | security/gnutls/Makefile | 4 | ||||
| -rw-r--r-- | security/gnutls/distinfo | 10 | ||||
| -rw-r--r-- | security/gnutls/patches/patch-ag | 13 | ||||
| -rw-r--r-- | security/gnutls/patches/patch-ah | 13 |
4 files changed, 6 insertions, 34 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 0b66e92480c..42a47ce5367 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.76 2008/12/19 15:43:20 adam Exp $ +# $NetBSD: Makefile,v 1.77 2009/02/21 13:45:31 wiz Exp $ -DISTNAME= gnutls-2.6.3 +DISTNAME= gnutls-2.6.4 CATEGORIES= security devel MASTER_SITES= ftp://ftp.gnutls.org/pub/gnutls/ \ http://www.mirrors.wiretapped.net/security/network-security/gnutls/ \ diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index 43c45233c22..d1aba552041 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,12 +1,10 @@ -$NetBSD: distinfo,v 1.51 2008/12/19 15:43:20 adam Exp $ +$NetBSD: distinfo,v 1.52 2009/02/21 13:45:31 wiz Exp $ -SHA1 (gnutls-2.6.3.tar.bz2) = f9b6a1d6135ef0a57a5cdd9fcb3e82bc62a27dcd -RMD160 (gnutls-2.6.3.tar.bz2) = 318c91f167988f2dfcde50015491b7dc7d4eea33 -Size (gnutls-2.6.3.tar.bz2) = 5114214 bytes +SHA1 (gnutls-2.6.4.tar.bz2) = 11dd1e11599906a32b3ff92308f4c4dbaadbad58 +RMD160 (gnutls-2.6.4.tar.bz2) = 771fd64026df69d770a0a681141591b21f9be751 +Size (gnutls-2.6.4.tar.bz2) = 5115205 bytes SHA1 (patch-aa) = 8e9ea317342d584fb6f931f96458cc3d7d747ca0 SHA1 (patch-ab) = 17605f0d3b1895c1c63c8dabc21bdebf95eb7785 SHA1 (patch-ae) = f505476ce0477dc547e8698d205d6ba26fe85f48 SHA1 (patch-af) = bd4701640dfef5bfdce87d620befd93098b0dff3 -SHA1 (patch-ag) = 39298bf6cbff77d880654067e797a9a4cb868b9b -SHA1 (patch-ah) = 889b69c23b4b0584fddd08a6827b10b78fc8f018 SHA1 (patch-ai) = 2c5c181ec6de9622cac66c2d5fe2cc8f3f89fbe8 diff --git a/security/gnutls/patches/patch-ag b/security/gnutls/patches/patch-ag deleted file mode 100644 index 16f253e719e..00000000000 --- a/security/gnutls/patches/patch-ag +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ag,v 1.3 2008/10/29 11:38:09 shannonjr Exp $ - ---- lib/mpi-libgcrypt.c.orig 2008-10-05 07:41:43.000000000 -0600 -+++ lib/mpi-libgcrypt.c -@@ -120,7 +120,7 @@ wrap_gcry_mpi_get_nbits (bigint_t a) - static void - wrap_gcry_mpi_release (bigint_t a) - { -- return gcry_mpi_release (a); -+ gcry_mpi_release (a); - } - - #undef _gnutls_mpi_alloc_like diff --git a/security/gnutls/patches/patch-ah b/security/gnutls/patches/patch-ah deleted file mode 100644 index e182a1ccaf8..00000000000 --- a/security/gnutls/patches/patch-ah +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ah,v 1.1 2008/10/29 11:38:09 shannonjr Exp $ - ---- lib/mac-libgcrypt.c.orig 2008-10-05 07:41:43.000000000 -0600 -+++ lib/mac-libgcrypt.c -@@ -93,7 +93,7 @@ wrap_gcry_md_copy (void **bhd, void *ahd - static void - wrap_gcry_md_close (void *hd) - { -- return gcry_md_close (hd); -+ gcry_md_close (hd); - } - - static int |