CVS commit: pkgsrc/security/gnutls

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/gnutls
From: Thomas Klausner <wiz%netbsd.org@localhost>
Date: Sat, 21 Feb 2009 13:45:31 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sat Feb 21 13:45:31 UTC 2009

Modified Files:
        pkgsrc/security/gnutls: Makefile distinfo
Removed Files:
        pkgsrc/security/gnutls/patches: patch-ag patch-ah

Log Message:
Update to 2.6.4:

* Version 2.6.4 (released 2009-02-06)

** libgnutls: Accept chains where intermediary certs are trusted.
Before GnuTLS needed to validate the entire chain back to a
self-signed certificate.  GnuTLS will now stop looking when it has
found an intermediary trusted certificate.  The new behaviour is
useful when chains, for example, contains a top-level CA, an
intermediary CA signed using RSA-MD5, and an end-entity certificate.
To avoid chain validation errors due to the RSA-MD5 cert, you can
explicitly add the intermediary RSA-MD5 cert to your trusted certs.
The signature on trusted certificates are not checked, so the chain
has a chance to validate correctly.  Reported by "Douglas E. Engert"
<deengert%anl.gov@localhost> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

** libgnutls: result_size in gnutls_hex_encode now holds
the size of the result. Report by John Brooks 
<special%dereferenced.net@localhost>.

** libgnutls: gnutls_handshake when sending client hello during a
rehandshake, will not offer a version number larger than the current.
Reported by Tristan Hill <stan%saticed.me.uk@localhost>.

** libgnutls: Permit V1 Certificate Authorities properly.
Before they were mistakenly rejected even though
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied.  Reported by
"Douglas E. Engert" <deengert%anl.gov@localhost> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
This is a bugfix -- the previous attempt to do this from internal x509
certificate verification procedures did not return the correct value
for certificates using a weak hash.  Reported by Daniel Kahn Gillmor
<dkg%fifthhorseman.net@localhost> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
debugged and patch by Tomas Mraz <tmraz%redhat.com@localhost> and Daniel Kahn
Gillmor <dkg%fifthhorseman.net@localhost>.

** libgnutls: Fix compile error with Sun CC.
Reported by Jeff Cai <jeff.cai%sun.com@localhost> in
<https://savannah.gnu.org/support/?106549>.


To generate a diff of this commit:
cvs rdiff -r1.76 -r1.77 pkgsrc/security/gnutls/Makefile
cvs rdiff -r1.51 -r1.52 pkgsrc/security/gnutls/distinfo
cvs rdiff -r1.3 -r0 pkgsrc/security/gnutls/patches/patch-ag
cvs rdiff -r1.1 -r0 pkgsrc/security/gnutls/patches/patch-ah

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index