--- - branch: MAIN date: Tue Jun 9 18:56:38 UTC 2009 files: - new: '1.83' old: '1.82' path: pkgsrc/security/gnutls/Makefile pathrev: pkgsrc/security/gnutls/Makefile@1.83 type: modified - new: '1.34' old: '1.33' path: pkgsrc/security/gnutls/PLIST pathrev: pkgsrc/security/gnutls/PLIST@1.34 type: modified - new: '1.55' old: '1.54' path: pkgsrc/security/gnutls/distinfo pathrev: pkgsrc/security/gnutls/distinfo@1.55 type: modified - new: '0' old: '1.13' path: pkgsrc/security/gnutls/patches/patch-aa pathrev: pkgsrc/security/gnutls/patches/patch-aa@0 type: deleted id: 20090609T185638Z.92d5c15a9db7ca28b89a885b22ed20ae0b12ec9d log: "Update to 2.8.0:\n\n* Version 2.8.0 (released 2009-05-27)\n\n** doc: Fix gnutls_dh_get_prime_bits. \ Fix error codes and algorithm lists.\n\n** Major changes compared to the v2.4 branch:\n\n*** lib: Linker version scripts reduces number of exported symbols.\n\n*** lib: Limit exported symbols on systems without LD linker scripts.\n\n*** libgnutls: Fix namespace issue with version symbols.\n\n*** libgnutls: Add functions to verify a hash against a certificate.\ngnutls_x509_crt_verify_hash: ADDED\ngnutls_x509_crt_get_verify_algorithm: ADDED\n\n*** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6.\n\n*** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'.\n\n*** certtool: Query for multiple dnsName subjectAltName in interactive mode.\n\n*** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify.\n\n*** gnutls-serv: No longer disable MAC padding by default.\n\n*** gnutls-cli: Certificate information output format changed.\n\n*** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5\n*** and %VERIFY_ALLOW_X509_V1_CA_CRT.\n\n*** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.\n\n*** libgnutls: gnutls_openpgp_crt_print supports oneline mode.\n\n*** libgnutls: gnutls_handshake when sending client hello during a\nrehandshake, will not offer a version number larger than the current.\n\n*** libgnutls: New interface to get key id for certificate requests.\ngnutls_x509_crq_get_key_id: ADDED.\n\n*** libgnutls: gnutls_x509_crq_print will now also print public key id.\n\n*** certtool: --verify-chain now prints results of using library verification.\n\n*** libgnutls: Libgcrypt initialization changed.\n\n*** libgnutls: Small byte reads via gnutls_record_recv() optimized.\n\n*** gnutls-cli: Return non-zero exit code on error conditions.\n\n*** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.\n\n*** certtool: allow setting arbitrary key purpose object identifiers.\n\n*** libgnutls: Change detection of when to use a linker version script.\nUse --enable-ld-version-script or --disable-ld-version-script to\noverride auto-detection logic.\n\n*** Fix warnings and build GnuTLS with more warnings enabled.\n\n*** New API to set X.509 credentials from PKCS#12 memory structure.\ngnutls_certificate_set_x509_simple_pkcs12_mem: ADDED\n\n*** Old libgnutls.m4 and libgnutls-config scripts removed.\nPlease use pkg-config instead.\n\n*** libgnutls: Added functions to handle CRL extensions.\ngnutls_x509_crl_get_authority_key_id: ADDED\ngnutls_x509_crl_get_number: ADDED\ngnutls_x509_crl_get_extension_oid: ADDED\ngnutls_x509_crl_get_extension_info: ADDED\ngnutls_x509_crl_get_extension_data: ADDED\ngnutls_x509_crl_set_authority_key_id: ADDED\ngnutls_x509_crl_set_number: ADDED\n\n*** libgnutls: Added functions to handle X.509 extensions in Certificate\nRequests.\ngnutls_x509_crq_get_key_rsa_raw: ADDED\ngnutls_x509_crq_get_attribute_info: ADDED\ngnutls_x509_crq_get_attribute_data: ADDED\ngnutls_x509_crq_get_extension_info: ADDED\ngnutls_x509_crq_get_extension_data: ADDED\ngnutls_x509_crq_get_key_usage: ADDED\ngnutls_x509_crq_get_basic_constraints: ADDED\ngnutls_x509_crq_get_subject_alt_name: ADDED\ngnutls_x509_crq_get_subject_alt_othername_oid: ADDED\ngnutls_x509_crq_get_extension_by_oid: ADDED\ngnutls_x509_crq_set_subject_alt_name: ADDED\ngnutls_x509_crq_set_basic_constraints: ADDED\ngnutls_x509_crq_set_key_usage: ADDED\ngnutls_x509_crq_get_key_purpose_oid: ADDED\ngnutls_x509_crq_set_key_purpose_oid: ADDED\ngnutls_x509_crq_print: ADDED\ngnutls_x509_crt_set_crq_extensions: ADDED\n\n*** certtool: Print and set CRL and CRQ extensions.\n\n*** minitasn1: Internal copy updated to libtasn1 v2.1.\n\n*** examples: Now released into the public domain.\n\n*** The Texinfo and GTK-DOC manuals were improved.\n\n*** Several self-tests were added and others improved.\n\n*** API/ABI changes in GnuTLS 2.8 compared to GnuTLS 2.6.x\nNo offically supported interfaces have been modified or removed. The\nlibrary should be completely backwards compatible on both the source\nand binary level.\n\nThe shared library no longer exports some symbols that have never been\nofficially supported, i.e., not mentioned in any of the header files.\nThe symbols are:\n\n \ _gnutls*\n gnutls_asn1_tab\n\nNormally when symbols are removed, the shared library version has to\nbe incremented. This leads to a significant cost for everyone using\nthe library. Because none of the above symbols have ever been\nintended for use by well-behaved applications, we decided that the it\nwould be better for those applications to pay the price rather than\nincurring problems on the majority of applications.\n\nIf it turns out that applications have been using unofficial\ninterfaces, we will need to release a follow-on release on the v2.8\nbranch to exports additional interfaces. However, initial testing\nsuggests that few if any applications have been using any of the\ninternal symbols.\n\nAlthough not a new change compared to 2.6.x, we'd like to remind you\ninterfaces have been modified so that X.509 chain verification now\nalso checks activation/expiration times on certificates. The affected\nfunctions are:\n\ngnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.\ngnutls_certificate_verify_peers: Likewise.\ngnutls_certificate_verify_peers2: Likewise.\nGNUTLS_CERT_NOT_ACTIVATED: ADDED.\nGNUTLS_CERT_EXPIRED: ADDED.\nGNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.\n\nThis change in behaviour was made during the GnuTLS 2.6.x cycle, and\nwe gave our rationale for it in earlier release notes.\n\nThe following symbols have been added to the library:\n\ngnutls_certificate_set_x509_simple_pkcs12_mem: ADDED\ngnutls_x509_crl_get_authority_key_id: ADDED\ngnutls_x509_crl_get_extension_data: ADDED\ngnutls_x509_crl_get_extension_info: ADDED\ngnutls_x509_crl_get_extension_oid: ADDED\ngnutls_x509_crl_get_number: ADDED\ngnutls_x509_crl_set_authority_key_id: ADDED\ngnutls_x509_crl_set_number: ADDED\ngnutls_x509_crq_get_attribute_data: ADDED\ngnutls_x509_crq_get_attribute_info: ADDED\ngnutls_x509_crq_get_basic_constraints: ADDED\ngnutls_x509_crq_get_extension_by_oid: ADDED\ngnutls_x509_crq_get_extension_data: ADDED\ngnutls_x509_crq_get_extension_info: ADDED\ngnutls_x509_crq_get_key_id: ADDED.\ngnutls_x509_crq_get_key_purpose_oid: ADDED\ngnutls_x509_crq_get_key_rsa_raw: ADDED\ngnutls_x509_crq_get_key_usage: ADDED\ngnutls_x509_crq_get_subject_alt_name: ADDED\ngnutls_x509_crq_get_subject_alt_othername_oid: ADDED\ngnutls_x509_crq_print: ADDED\ngnutls_x509_crq_set_basic_constraints: ADDED\ngnutls_x509_crq_set_key_purpose_oid: ADDED\ngnutls_x509_crq_set_key_usage: ADDED\ngnutls_x509_crq_set_subject_alt_name: ADDED\ngnutls_x509_crt_get_verify_algorithm: ADDED\ngnutls_x509_crt_set_crq_extensions: ADDED\ngnutls_x509_crt_verify_hash: ADDED\n\nThe following interfaces have been added to the header files:\n\nGNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION.\nGNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR.\nGNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR.\nGNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH.\nGNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER.\nGNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION.\n\nThe following interfaces have been deprecated:\n\nLIBGNUTLS_VERSION: DEPRECATED.\nLIBGNUTLS_VERSION_MAJOR: DEPRECATED.\nLIBGNUTLS_VERSION_MINOR: DEPRECATED.\nLIBGNUTLS_VERSION_PATCH: DEPRECATED.\nLIBGNUTLS_VERSION_NUMBER: DEPRECATED.\nLIBGNUTLS_EXTRA_VERSION: DEPRECATED.\n\n* Version 2.7.14 (released 2009-05-26)\n\n** libgnutls: Fix namespace issue with version symbol for libgnutls-extra.\nThe symbol LIBGNUTLS_EXTRA_VERSION were renamed to\nGNUTLS_EXTRA_VERSION. The old symbol will continue to work but is\ndeprecated.\n\n** Doc: Several typo fixes in documentation.\nReported by Peter Hendrickson .\n\n** API and ABI modifications:\nGNUTLS_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION.\nLIBGNUTLS_EXTRA_VERSION: DEPRECATED.\n\n* Version 2.7.13 (released 2009-05-25)\n\n** libgnutls: Fix version of some exported symbols in the shared library.\nReported by Andreas Metzler in\n.\n\n** tests: Handle recently expired certificates in chainverify self-test.\nReported by Andreas Metzler in\n.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.12 (released 2009-05-20)\n\n** gnutls-serv, gnutls-cli-debug: Make them work on Windows.\n\n** tests/crq_key_id: Don't read entropy from /dev/random in self-test.\nReported by Andreas Metzler in\n.\n\n** Fix build failures.\nMissing sa_family_t and vsnprintf on IRIX. Reported by \"Tom\nG. Christensen\" in\n.\n\n** minitasn1: Internal copy updated to libtasn1 v2.2.\nGnuTLS should work fine with libtasn1 v1.x and that is still\nsupported.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.11 (released 2009-05-18)\n\n** minitasn1: Fix build failure when using internal libtasn1.\nReported by \"Tom G. Christensen\" in\n.\n\n** libgnutls: Fix build failure with --disable-cxx.\nReported by Andreas Metzler in\n.\n\n** gnutls-serv: Fix build failure for unportable NI_MAXHOST/NI_MAXSERV.\nReported by \"Tom G. Christensen\" in\n\n\n** Building with many warning flags now requires --enable-gcc-warnings.\nThis avoids crying wolf for normal compiles.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.10 (released 2009-05-13)\n\n** examples: Now released into the public domain.\nThis makes the license of the example code compatible with more\nlicenses, including the (L)GPL.\n\n** minitasn1: Internal copy updated to libtasn1 v2.1.\nGnuTLS should work fine with libtasn1 v1.x and that is still\nsupported.\n\n** libgnutls: Fix crash in signature verification\nThe fix for the CVE-2009-1415 problem wasn't merged completely.\n\n** doc: Fixes for GTK-DOC output.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.9 (released 2009-05-11)\n\n** doc: Fix strings in man page of gnutls_priority_init.\n\n** doc: Fix tables of error codes and supported algorithms.\n\n** Fix build failure when cross-compiled using MinGW.\n\n** Fix build failure when LZO is enabled.\nReported by Arfrever Frehtes Taifersar Arahesis\n in\n.\n\n** Fix build failure on systems without AF_INET6, e.g., Solaris 2.6.\nReported by \"Tom G. Christensen\" in\n.\n\n** Fix warnings in self-tests.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.8 (released 2009-05-03)\n\n** libgnutls: Fix DSA key generation.\nMerged from stable branch. [GNUTLS-SA-2009-2] [CVE-2009-1416]\n\n** libgnutls: Check expiration/activation time on untrusted certificates.\nMerged from stable branch. Reported by Romain Francoise\n. This changes the semantics of\ngnutls_x509_crt_list_verify, which in turn is used by\ngnutls_certificate_verify_peers and gnutls_certificate_verify_peers2.\nWe add two new gnutls_certificate_status_t codes for reporting the new\nerror condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED.\nWe also add a new gnutls_certificate_verify_flags flag,\nGNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new\nbehaviour. [GNUTLS-SA-2009-3] [CVE-2009-1417]\n\n** lib: Linker version scripts reduces number of exported symbols.\nThe linker version script now lists all exported ABIs explicitly, to\navoid accidentally exporting unintended functions. Compared to\nbefore, most symbols beginning with _gnutls* are no longer exported.\nThese functions have never been intended for use by applications, and\nthere were no prototypes for these function in the public header\nfiles. \ Thus we believe it is possible to do this without incrementing\nthe library ABI version which normally has to be done when removing an\ninterface.\n\n** lib: Limit exported symbols on systems without LD linker scripts.\nBefore all symbols were exported. Now we limit the exported symbols\nto (for libgnutls and libgnutls-extra) gnutls* and (for libgnutls)\n_gnutls*. This is a superset of the actual supported ABI, but still\nan improvement compared to before. This is implemented using Libtool\n-export-symbols-regex. It is more portable than linker version\nscripts.\n\n** libgnutls: Incremented CURRENT/AGE libtool version to reflect new symbols.\nThis should have been done in the last release.\n\n** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6.\nReported by Peter Hendrickson in\n.\n\n** doc: Improved sections for the info manual.\nWe now follow the advice given by the texinfo manual on which\ndirectory categories to use. In particular, libgnutls moved from the\n'GNU Libraries' section to the 'Software libraries' and the command\nline tools moved from 'Network Applications' to 'System\nAdministration'.\n\n** API and ABI modifications:\ngnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.\ngnutls_certificate_verify_peers: Likewise.\ngnutls_certificate_verify_peers2: Likewise.\nGNUTLS_CERT_NOT_ACTIVATED: ADDED.\nGNUTLS_CERT_EXPIRED: ADDED.\nGNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.\n\n* Version 2.7.7 (released 2009-04-20)\n\n** libgnutls: Applied patch by Cedric Bail to add functions\ngnutls_x509_crt_verify_hash() and gnutls_x509_crt_get_verify_algorithm().\n\n** gnutls.pc: Add -ltasn1 to 'pkg-config --libs --static gnutls' output.\nReported by Andreas Metzler in\n.\n\n** minitasn1: Internal copy updated to libtasn1 v1.8.\nGnuTLS is also internally ready to be used with libtasn1 v2.0.\n\n** doc: Fix build failure of errcodes/printlist.\nReported by Roman Bogorodskiy in\n.\n\n** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'.\nIt is currently only used by the core library. This will enable a new\ndomain 'gnutls' for translations of the command line tools.\n\n** Corrected possible memory corruption on signature verification failure.\nReported by Miroslav Kratochvil \n\n** API and ABI modifications:\ngnutls_x509_crt_verify_hash: ADDED\ngnutls_x509_crt_get_verify_algorithm: ADDED\n\n* Version 2.7.6 (released 2009-02-27)\n\n** certtool: Query for multiple dnsName subjectAltName in interactive mode.\nThis applies both to generating certificates and certificate requests.\n\n** pkix.asn: Removed unneeded definitions to reduce memory usage.\n\n** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify.\nUse --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to\nbe used for chain verification.\n\n** gnutls-serv: No longer disable MAC padding by default.\nUse --priority NORMAL:%COMPAT to disable MAC padding again.\n\n** gnutls-cli: Certificate information output format changed.\nThe tool now uses libgnutls' functions to print certificate\ninformation. This avoids code duplication.\n\n** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5\n** and %VERIFY_ALLOW_X509_V1_CA_CRT.\nThey can be used to override the default certificate chain validation\nbehaviour.\n\n** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to\nspecify the client hello message record version. Used to overcome buggy\nTLS servers. Report by Martin von Gagern.\n\n** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.\n\n** libgnutls: gnutls_openpgp_crt_print supports oneline mode.\n\n** doc: Update gnutls-cli and gnutls-serv --help output descriptions.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.5 (released 2009-02-06)\n\n** libgnutls: Accept chains where intermediary certs are trusted.\nBefore GnuTLS needed to validate the entire chain back to a\nself-signed certificate. GnuTLS will now stop looking when it has\nfound an intermediary trusted certificate. The new behaviour is\nuseful when chains, for example, contains a top-level CA, an\nintermediary CA signed using RSA-MD5, and an end-entity certificate.\nTo avoid chain validation errors due to the RSA-MD5 cert, you can\nexplicitly add the intermediary RSA-MD5 cert to your trusted certs.\nThe signature on trusted certificates are not checked, so the chain\nhas a chance to validate correctly. \ Reported by \"Douglas E. Engert\"\n in\n.\n\n** libgnutls: result_size in gnutls_hex_encode now holds\nthe size of the result. Report by John Brooks .\n\n** libgnutls: gnutls_handshake when sending client hello during a\nrehandshake, will not offer a version number larger than the current.\nReported by Tristan Hill .\n\n** libgnutls: Permit V1 Certificate Authorities properly.\nBefore they were mistakenly rejected even though\nGNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or\nGNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by\n\"Douglas E. Engert\" in\n.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.4 (released 2009-01-07)\n\n** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.\nThis is a bugfix -- the previous attempt to do this from internal x509\ncertificate verification procedures did not return the correct value\nfor certificates using a weak hash. Reported by Daniel Kahn Gillmor\n in\n,\ndebugged and patch by Tomas Mraz and Daniel Kahn\nGillmor .\n\n** libgnutls: New interface to get key id for certificate requests.\nPatch from David Maré±\x88n Carreå\x8D\x98o in\n.\n\n** libgnutls: gnutls_x509_crq_print will now also print public key id.\n\n** certtool: --verify-chain now prints results of using library verification.\nEarlier, certtool --verify-chain used its own validation algorithm\nwhich wasn't guaranteed to give the same result as the libgnutls\ninternal validation algorithm. Now this command print a new final\nline with header 'Chain verification output:' that contains the result\nfrom using the internal verification algorithm on the same chain.\n\n** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id.\n\n** API and ABI modifications:\ngnutls_x509_crq_get_key_id: ADDED.\n\n* Version 2.7.3 (released 2008-12-10)\n\n** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.\nReported by Michael Kiefer in\n forwarded by\nAndreas Metzler in\n.\n\n** libgnutls: Libgcrypt initialization changed.\nIf libgcrypt has not already been initialized, GnuTLS will now\ninitialize libgcrypt with disabled secure memory. \ Initialize\nlibgcrypt explicitly in your application if you want to enable secure\nmemory. \ Before GnuTLS initialized libgcrypt to use GnuTLS's memory\nallocation functions, which doesn't use secure memory, so there is no\nreal change in behaviour.\n\n** libgnutls: Fix memory leak in PSK authentication.\nReported by Michael Weiser in\n.\n\n** libgnutls: Small byte reads via gnutls_record_recv() optimized.\n\n** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier.\nIt needs to be invoked before libgcrypt is initialized.\n\n** gnutls-cli: Return non-zero exit code on error conditions.\n\n** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.\n\n** tests: Added chainverify self-test that tests X.509 chain verifications.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.2 (released 2008-11-18)\n\n** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]\nThe flaw makes it possible for man in the middle attackers (i.e.,\nactive attackers) to assume any name and trick GNU TLS clients into\ntrusting that name. Thanks for report and analysis from Martin von\nGagern . [CVE-2008-4989]\n\nAny updates with more details about this vulnerability will be added\nto \n\n** libgnutls: Fix namespace issue with version symbols.\nThe symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR,\nLIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and\nLIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER,\nGNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and\nGNUTLS_VERSION_NUMBER respectively. The old symbols will continue to\nwork but are deprecated.\n\n** certtool: allow setting arbitrary key purpose object identifiers.\n\n** libgnutls: Fix detection of C99 macros, to make debug logging work again.\n\n** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.\nReported by Kevin Quick in\n.\n\n** libgnutls-extra: Make building with LZO compression work again.\nBuild failure reported by Arfrever Frehtes Taifersar Arahesis\n in\n.\n\n** libgnutls: Change detection of when to use a linker version script.\nUse --enable-ld-version-script or --disable-ld-version-script to\noverride auto-detection logic.\n\n** doc: Change license on the manual to GFDLv1.3+.\n\n** doc: GTK-DOC fixes for new splitted configuration system.\n\n** doc: Texinfo stylesheet uses white background.\n\n** tests: Add cve-2008-4989.c self-test.\nTests regressions of the GNUTLS-SA-2008-3 security problem, and the\nfollow-on problem with crashes on length 1 certificate chains.\n\n** gnulib: Deprecated modules removed.\nModules include memchr and memcmp.\n\n** Fix warnings and build GnuTLS with more warnings enabled.\n\n** minitasn1: Internal copy updated to libtasn1 v1.7.\n\n** API and ABI modifications:\ngnutls_certificate_set_x509_simple_pkcs12_mem: ADDED\nGNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION.\nGNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR.\nGNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR.\nGNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH.\nGNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER.\nLIBGNUTLS_VERSION: DEPRECATED.\nLIBGNUTLS_VERSION_MAJOR: DEPRECATED.\nLIBGNUTLS_VERSION_MINOR: DEPRECATED.\nLIBGNUTLS_VERSION_PATCH: DEPRECATED.\nLIBGNUTLS_VERSION_NUMBER: DEPRECATED.\n\n* Version 2.7.1 (released 2008-10-31)\n\n** certtool: print a PKCS #8 key even if it is not encrypted.\n\n** Old libgnutls.m4 and libgnutls-config scripts removed.\nPlease use pkg-config instead.\n\n** Configuration system modified.\nThere is now a configure script in lib/ and libextra/ as well, because\ngnulib works better with a config.h per gnulib directory.\n\n** API and ABI modifications:\nNo changes since last version.\n\n* Version 2.7.0 (released 2008-10-16)\n\n** libgnutls: Added functions to handle CRL extensions.\n\n** libgnutls: Added functions to handle X.509 extensions in Certificate\nRequests.\n\n** libgnutls: Improved error string for GNUTLS_E_AGAIN.\nSuggested by \"Lavrentiev, Anton (NIH/NLM/NCBI) [C]\" .\n\n** certtool: Print and set CRL and CRQ extensions.\n\n** libgnutls-extra: Protect internal symbols with static.\nFixes problem when linking certtool statically. Tiny patch from Aaron\nUcko .\n\n** libgnutls-openssl: fix out of bounds access.\nProblem in X509_get_subject_name and X509_get_issuer_name. Tiny patch\nfrom Thomas Viehmann .\n\n** libgnutlsxx: Define server_session::get_srp_username even if no SRP.\n\n** tests: Make tests compile when using internal libtasn1.\nPatch by ludo@gnu.org (Ludovic Court竪s).\n\n** Changed detection of libtasn1 and libgcrypt to avoid depending on *-config.\nWe now require a libgcrypt that has Camellia constants declared in\ngcrypt.h, which means v1.3.0 or later.\n\n** API and ABI modifications:\ngnutls_x509_crl_get_authority_key_id: ADDED\ngnutls_x509_crl_get_number: ADDED\ngnutls_x509_crl_get_extension_oid: ADDED\ngnutls_x509_crl_get_extension_info: ADDED\ngnutls_x509_crl_get_extension_data: ADDED\ngnutls_x509_crl_set_authority_key_id: ADDED\ngnutls_x509_crl_set_number: ADDED\ngnutls_x509_crq_get_key_rsa_raw: ADDED\ngnutls_x509_crq_get_attribute_info: ADDED\ngnutls_x509_crq_get_attribute_data: ADDED\ngnutls_x509_crq_get_extension_info: ADDED\ngnutls_x509_crq_get_extension_data: ADDED\ngnutls_x509_crq_get_key_usage: ADDED\ngnutls_x509_crq_get_basic_constraints: ADDED\ngnutls_x509_crq_get_subject_alt_name: ADDED\ngnutls_x509_crq_get_subject_alt_othername_oid: ADDED\ngnutls_x509_crq_get_extension_by_oid: ADDED\ngnutls_x509_crq_set_subject_alt_name: ADDED\ngnutls_x509_crq_set_basic_constraints: ADDED\ngnutls_x509_crq_set_key_usage: ADDED\ngnutls_x509_crq_get_key_purpose_oid: ADDED\ngnutls_x509_crq_set_key_purpose_oid: ADDED\ngnutls_x509_crq_print: ADDED\ngnutls_x509_crt_set_crq_extensions: ADDED\n" module: pkgsrc subject: 'CVS commit: pkgsrc/security/gnutls' unixtime: '1244573798' user: wiz