Update to 2.6.4: * Version 2.6.4 (released 2009-02-06) ** libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: result_size in gnutls_hex_encode now holds the size of the result. Report by John Brooks <special@dereferenced.net>. ** libgnutls: gnutls_handshake when sending client hello during a rehandshake, will not offer a version number larger than the current. Reported by Tristan Hill <stan@saticed.me.uk>. ** libgnutls: Permit V1 Certificate Authorities properly. Before they were mistakenly rejected even though GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. This is a bugfix -- the previous attempt to do this from internal x509 certificate verification procedures did not return the correct value for certificates using a weak hash. Reported by Daniel Kahn Gillmor <dkg@fifthhorseman.net> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn Gillmor <dkg@fifthhorseman.net>. ** libgnutls: Fix compile error with Sun CC. Reported by Jeff Cai <jeff.cai@sun.com> in <https://savannah.gnu.org/support/?106549>.

(wiz)

 @@ -1,16 +1,16 @@
-# $NetBSD: Makefile,v 1.76 2008/12/19 15:43:20 adam Exp $
+# $NetBSD: Makefile,v 1.77 2009/02/21 13:45:31 wiz Exp $
-DISTNAME=	gnutls-2.6.3
+DISTNAME=	gnutls-2.6.4
 CATEGORIES=	security devel
 MASTER_SITES=	ftp://ftp.gnutls.org/pub/gnutls/ \
 		http://www.mirrors.wiretapped.net/security/network-security/gnutls/ \
 		ftp://ftp.mirrors.wiretapped.net/pub/security/network-security/gnutls/ \
 		${MASTER_SITE_GNU:=gnutls/}
 EXTRACT_SUFX=	.tar.bz2
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.gnutls.org/
 COMMENT=	GNU Transport Layer Security library
 #LICENSE=	gnu-gpl-v2 gnu-lgpl-v2.1
 PKG_INSTALLATION_TYPES=	overwrite pkgviews

 @@ -1,12 +1,10 @@
-$NetBSD: distinfo,v 1.51 2008/12/19 15:43:20 adam Exp $
+$NetBSD: distinfo,v 1.52 2009/02/21 13:45:31 wiz Exp $
-SHA1 (gnutls-2.6.3.tar.bz2) = f9b6a1d6135ef0a57a5cdd9fcb3e82bc62a27dcd
+SHA1 (gnutls-2.6.4.tar.bz2) = 11dd1e11599906a32b3ff92308f4c4dbaadbad58
-RMD160 (gnutls-2.6.3.tar.bz2) = 318c91f167988f2dfcde50015491b7dc7d4eea33
+RMD160 (gnutls-2.6.4.tar.bz2) = 771fd64026df69d770a0a681141591b21f9be751
-Size (gnutls-2.6.3.tar.bz2) = 5114214 bytes
+Size (gnutls-2.6.4.tar.bz2) = 5115205 bytes
 SHA1 (patch-aa) = 8e9ea317342d584fb6f931f96458cc3d7d747ca0
 SHA1 (patch-ab) = 17605f0d3b1895c1c63c8dabc21bdebf95eb7785
 SHA1 (patch-ae) = f505476ce0477dc547e8698d205d6ba26fe85f48
 SHA1 (patch-af) = bd4701640dfef5bfdce87d620befd93098b0dff3
 SHA1 (patch-ag) = 39298bf6cbff77d880654067e797a9a4cb868b9b
 SHA1 (patch-ah) = 889b69c23b4b0584fddd08a6827b10b78fc8f018
 SHA1 (patch-ai) = 2c5c181ec6de9622cac66c2d5fe2cc8f3f89fbe8