From: Thomas Klausner <wiz@netbsd.org>
Subject: CVS commit: pkgsrc/security/gnutls
To: pkgsrc-changes@NetBSD.org
Reply-To: wiz@netbsd.org
Message-Id: <20081110173320.7121F175D0@cvs.netbsd.org>
Date: Mon, 10 Nov 2008 17:33:20 +0000 (UTC)
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: list


Module Name:	pkgsrc
Committed By:	wiz
Date:		Mon Nov 10 17:33:20 UTC 2008

Modified Files:
	pkgsrc/security/gnutls: Makefile distinfo

Log Message:
Update to 2.6.1:

* Version 2.6.1 (released 2008-11-10)

** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
The flaw makes it possible for man in the middle attackers (i.e.,
active attackers) to assume any name and trick GNU TLS clients into
trusting that name.  Thanks for report and analysis from Martin von
Gagern <Martin.vGagern@gmx.net>.  [CVE-2008-4989]

Any updates with more details about this vulnerability will be added
to <http://www.gnu.org/software/gnutls/security.html>

** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.
Reported by Kevin Quick <quick@sparq.org> in
<https://savannah.gnu.org/support/index.php?106454>.

** libgnutls-extra: Protect internal symbols with static.
Fixes problem when linking certtool statically.  Tiny patch from Aaron
Ucko <ucko@ncbi.nlm.nih.gov>.

** libgnutls-openssl: Fix patch against X509_get_issuer_name.
It incorrectly returned the subject DN instead of issuer DN in v2.6.0.
Thanks to Thomas Viehmann <tv@beamnet.de> for report.

** certtool: Print a PKCS #8 key even if it is not encrypted.

** tests: Make tests compile when using internal libtasn1.
Patch by ludo@gnu.org (Ludovic Courtès).

** API and ABI modifications:
No changes since last version.


To generate a diff of this commit:
cvs rdiff -r1.73 -r1.74 pkgsrc/security/gnutls/Makefile
cvs rdiff -r1.48 -r1.49 pkgsrc/security/gnutls/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.