pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/gnutls Update to gnutls-2.6.6.
details: https://anonhg.NetBSD.org/pkgsrc/rev/872c39c78281
branches: trunk
changeset: 558410:872c39c78281
user: tnn <tnn%pkgsrc.org@localhost>
date: Sat May 02 20:04:32 2009 +0000
description:
Update to gnutls-2.6.6.
* Version 2.6.6 (released 2009-04-30)
libgnutls: Corrected double free on signature verification failure.
Reported by Miroslav Kratochvil. See the advisory
for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415]
libgnutls: Fix DSA key generation.
Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All
DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory
for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416]
libgnutls: Check expiration/activation time on untrusted certificates.
Reported by Romain Francoise. Before the
library did not check activation/expiration times on certificates, and
was documented as not doing so. We have realized that many
applications that use libgnutls, including gnutls-cli, fail to perform
proper checks. Implementing similar logic in all applications leads
to code duplication. Hence, we decided to check whether the current
time (as reported by the time function) is within the
activation/expiration period of certificates when verifying untrusted
certificates.
This changes the semantics of gnutls_x509_crt_list_verify, which in
turn is used by gnutls_certificate_verify_peers and
gnutls_certificate_verify_peers2. We add two new
gnutls_certificate_status_t codes for reporting the new error
condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
add a new gnutls_certificate_verify_flags flag,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
behaviour.
API and ABI modifications:
gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
gnutls_certificate_verify_peers: Likewise.
gnutls_certificate_verify_peers2: Likewise.
GNUTLS_CERT_NOT_ACTIVATED: ADDED.
GNUTLS_CERT_EXPIRED: ADDED.
GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
diffstat:
security/gnutls/Makefile | 4 ++--
security/gnutls/distinfo | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diffs (28 lines):
diff -r b88e4f06141b -r 872c39c78281 security/gnutls/Makefile
--- a/security/gnutls/Makefile Sat May 02 19:44:51 2009 +0000
+++ b/security/gnutls/Makefile Sat May 02 20:04:32 2009 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.79 2009/05/01 13:49:07 zafer Exp $
+# $NetBSD: Makefile,v 1.80 2009/05/02 20:04:32 tnn Exp $
-DISTNAME= gnutls-2.6.5
+DISTNAME= gnutls-2.6.6
CATEGORIES= security devel
MASTER_SITES= ftp://ftp.gnutls.org/pub/gnutls/ \
ftp://ftp.gnupg.org/gcrypt/gnutls/ \
diff -r b88e4f06141b -r 872c39c78281 security/gnutls/distinfo
--- a/security/gnutls/distinfo Sat May 02 19:44:51 2009 +0000
+++ b/security/gnutls/distinfo Sat May 02 20:04:32 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.53 2009/04/20 13:11:57 wiz Exp $
+$NetBSD: distinfo,v 1.54 2009/05/02 20:04:33 tnn Exp $
-SHA1 (gnutls-2.6.5.tar.bz2) = 87d0fd82debee0d644f72fcf404ccd7540c6c71a
-RMD160 (gnutls-2.6.5.tar.bz2) = 9e484d26c50bda0e26e0788ca5465da1ef620fe3
-Size (gnutls-2.6.5.tar.bz2) = 5112923 bytes
+SHA1 (gnutls-2.6.6.tar.bz2) = d1693e611aa7270f14bc500bd56ef529ffcb1703
+RMD160 (gnutls-2.6.6.tar.bz2) = dc6e717e38741628508208244f07fed8faedb13c
+Size (gnutls-2.6.6.tar.bz2) = 5116385 bytes
SHA1 (patch-aa) = 8e9ea317342d584fb6f931f96458cc3d7d747ca0
SHA1 (patch-ab) = 17605f0d3b1895c1c63c8dabc21bdebf95eb7785
SHA1 (patch-ae) = f505476ce0477dc547e8698d205d6ba26fe85f48
Home |
Main Index |
Thread Index |
Old Index