Update to 2.6.4: * Version 2.6.4 (released 2009-02-06) ** libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: result_size in gnutls_hex_encode now holds the size of the result. Report by John Brooks <special@dereferenced.net>. ** libgnutls: gnutls_handshake when sending client hello during a rehandshake, will not offer a version number larger than the current. Reported by Tristan Hill <stan@saticed.me.uk>. ** libgnutls: Permit V1 Certificate Authorities properly. Before they were mistakenly rejected even though GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. This is a bugfix -- the previous attempt to do this from internal x509 certificate verification procedures did not return the correct value for certificates using a weak hash. Reported by Daniel Kahn Gillmor <dkg@fifthhorseman.net> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn Gillmor <dkg@fifthhorseman.net>. ** libgnutls: Fix compile error with Sun CC. Reported by Jeff Cai <jeff.cai@sun.com> in <https://savannah.gnu.org/support/?106549>.diff -r1.76 -r1.77 pkgsrc/security/gnutls/Makefile
(wiz)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.76 2008/12/19 15:43:20 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.77 2009/02/21 13:45:31 wiz Exp $ | |
2 | 2 | |||
3 | DISTNAME= gnutls-2.6.3 | 3 | DISTNAME= gnutls-2.6.4 | |
4 | CATEGORIES= security devel | 4 | CATEGORIES= security devel | |
5 | MASTER_SITES= ftp://ftp.gnutls.org/pub/gnutls/ \ | 5 | MASTER_SITES= ftp://ftp.gnutls.org/pub/gnutls/ \ | |
6 | http://www.mirrors.wiretapped.net/security/network-security/gnutls/ \ | 6 | http://www.mirrors.wiretapped.net/security/network-security/gnutls/ \ | |
7 | ftp://ftp.mirrors.wiretapped.net/pub/security/network-security/gnutls/ \ | 7 | ftp://ftp.mirrors.wiretapped.net/pub/security/network-security/gnutls/ \ | |
8 | ${MASTER_SITE_GNU:=gnutls/} | 8 | ${MASTER_SITE_GNU:=gnutls/} | |
9 | EXTRACT_SUFX= .tar.bz2 | 9 | EXTRACT_SUFX= .tar.bz2 | |
10 | 10 | |||
11 | MAINTAINER= pkgsrc-users@NetBSD.org | 11 | MAINTAINER= pkgsrc-users@NetBSD.org | |
12 | HOMEPAGE= http://www.gnutls.org/ | 12 | HOMEPAGE= http://www.gnutls.org/ | |
13 | COMMENT= GNU Transport Layer Security library | 13 | COMMENT= GNU Transport Layer Security library | |
14 | #LICENSE= gnu-gpl-v2 gnu-lgpl-v2.1 | 14 | #LICENSE= gnu-gpl-v2 gnu-lgpl-v2.1 | |
15 | 15 | |||
16 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 16 | PKG_INSTALLATION_TYPES= overwrite pkgviews |
@@ -1,12 +1,10 @@ | @@ -1,12 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.51 2008/12/19 15:43:20 adam Exp $ | 1 | $NetBSD: distinfo,v 1.52 2009/02/21 13:45:31 wiz Exp $ | |
2 | 2 | |||
3 | SHA1 (gnutls-2.6.3.tar.bz2) = f9b6a1d6135ef0a57a5cdd9fcb3e82bc62a27dcd | 3 | SHA1 (gnutls-2.6.4.tar.bz2) = 11dd1e11599906a32b3ff92308f4c4dbaadbad58 | |
4 | RMD160 (gnutls-2.6.3.tar.bz2) = 318c91f167988f2dfcde50015491b7dc7d4eea33 | 4 | RMD160 (gnutls-2.6.4.tar.bz2) = 771fd64026df69d770a0a681141591b21f9be751 | |
5 | Size (gnutls-2.6.3.tar.bz2) = 5114214 bytes | 5 | Size (gnutls-2.6.4.tar.bz2) = 5115205 bytes | |
6 | SHA1 (patch-aa) = 8e9ea317342d584fb6f931f96458cc3d7d747ca0 | 6 | SHA1 (patch-aa) = 8e9ea317342d584fb6f931f96458cc3d7d747ca0 | |
7 | SHA1 (patch-ab) = 17605f0d3b1895c1c63c8dabc21bdebf95eb7785 | 7 | SHA1 (patch-ab) = 17605f0d3b1895c1c63c8dabc21bdebf95eb7785 | |
8 | SHA1 (patch-ae) = f505476ce0477dc547e8698d205d6ba26fe85f48 | 8 | SHA1 (patch-ae) = f505476ce0477dc547e8698d205d6ba26fe85f48 | |
9 | SHA1 (patch-af) = bd4701640dfef5bfdce87d620befd93098b0dff3 | 9 | SHA1 (patch-af) = bd4701640dfef5bfdce87d620befd93098b0dff3 | |
10 | SHA1 (patch-ag) = 39298bf6cbff77d880654067e797a9a4cb868b9b | |||
11 | SHA1 (patch-ah) = 889b69c23b4b0584fddd08a6827b10b78fc8f018 | |||
12 | SHA1 (patch-ai) = 2c5c181ec6de9622cac66c2d5fe2cc8f3f89fbe8 | 10 | SHA1 (patch-ai) = 2c5c181ec6de9622cac66c2d5fe2cc8f3f89fbe8 |