[pkgsrc/trunk]: pkgsrc/security/gnutls Update to 2.6.4:

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/785ffd3df895
branches:  trunk
changeset: 554819:785ffd3df895
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sat Feb 21 13:45:31 2009 +0000

description:
Update to 2.6.4:

* Version 2.6.4 (released 2009-02-06)

** libgnutls: Accept chains where intermediary certs are trusted.
Before GnuTLS needed to validate the entire chain back to a
self-signed certificate.  GnuTLS will now stop looking when it has
found an intermediary trusted certificate.  The new behaviour is
useful when chains, for example, contains a top-level CA, an
intermediary CA signed using RSA-MD5, and an end-entity certificate.
To avoid chain validation errors due to the RSA-MD5 cert, you can
explicitly add the intermediary RSA-MD5 cert to your trusted certs.
The signature on trusted certificates are not checked, so the chain
has a chance to validate correctly.  Reported by "Douglas E. Engert"
<deengert%anl.gov@localhost> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

** libgnutls: result_size in gnutls_hex_encode now holds
the size of the result. Report by John Brooks <special%dereferenced.net@localhost>.

** libgnutls: gnutls_handshake when sending client hello during a
rehandshake, will not offer a version number larger than the current.
Reported by Tristan Hill <stan%saticed.me.uk@localhost>.

** libgnutls: Permit V1 Certificate Authorities properly.
Before they were mistakenly rejected even though
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied.  Reported by
"Douglas E. Engert" <deengert%anl.gov@localhost> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
This is a bugfix -- the previous attempt to do this from internal x509
certificate verification procedures did not return the correct value
for certificates using a weak hash.  Reported by Daniel Kahn Gillmor
<dkg%fifthhorseman.net@localhost> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
debugged and patch by Tomas Mraz <tmraz%redhat.com@localhost> and Daniel Kahn
Gillmor <dkg%fifthhorseman.net@localhost>.

** libgnutls: Fix compile error with Sun CC.
Reported by Jeff Cai <jeff.cai%sun.com@localhost> in
<https://savannah.gnu.org/support/?106549>.

diffstat:

 security/gnutls/Makefile         |   4 ++--
 security/gnutls/distinfo         |  10 ++++------
 security/gnutls/patches/patch-ag |  13 -------------
 security/gnutls/patches/patch-ah |  13 -------------
 4 files changed, 6 insertions(+), 34 deletions(-)

diffs (66 lines):

diff -r f586537c0407 -r 785ffd3df895 security/gnutls/Makefile
--- a/security/gnutls/Makefile  Sat Feb 21 13:38:47 2009 +0000
+++ b/security/gnutls/Makefile  Sat Feb 21 13:45:31 2009 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.76 2008/12/19 15:43:20 adam Exp $
+# $NetBSD: Makefile,v 1.77 2009/02/21 13:45:31 wiz Exp $
 
-DISTNAME=      gnutls-2.6.3
+DISTNAME=      gnutls-2.6.4
 CATEGORIES=    security devel
 MASTER_SITES=  ftp://ftp.gnutls.org/pub/gnutls/ \
                http://www.mirrors.wiretapped.net/security/network-security/gnutls/ \
diff -r f586537c0407 -r 785ffd3df895 security/gnutls/distinfo
--- a/security/gnutls/distinfo  Sat Feb 21 13:38:47 2009 +0000
+++ b/security/gnutls/distinfo  Sat Feb 21 13:45:31 2009 +0000
@@ -1,12 +1,10 @@
-$NetBSD: distinfo,v 1.51 2008/12/19 15:43:20 adam Exp $
+$NetBSD: distinfo,v 1.52 2009/02/21 13:45:31 wiz Exp $
 
-SHA1 (gnutls-2.6.3.tar.bz2) = f9b6a1d6135ef0a57a5cdd9fcb3e82bc62a27dcd
-RMD160 (gnutls-2.6.3.tar.bz2) = 318c91f167988f2dfcde50015491b7dc7d4eea33
-Size (gnutls-2.6.3.tar.bz2) = 5114214 bytes
+SHA1 (gnutls-2.6.4.tar.bz2) = 11dd1e11599906a32b3ff92308f4c4dbaadbad58
+RMD160 (gnutls-2.6.4.tar.bz2) = 771fd64026df69d770a0a681141591b21f9be751
+Size (gnutls-2.6.4.tar.bz2) = 5115205 bytes
 SHA1 (patch-aa) = 8e9ea317342d584fb6f931f96458cc3d7d747ca0
 SHA1 (patch-ab) = 17605f0d3b1895c1c63c8dabc21bdebf95eb7785
 SHA1 (patch-ae) = f505476ce0477dc547e8698d205d6ba26fe85f48
 SHA1 (patch-af) = bd4701640dfef5bfdce87d620befd93098b0dff3
-SHA1 (patch-ag) = 39298bf6cbff77d880654067e797a9a4cb868b9b
-SHA1 (patch-ah) = 889b69c23b4b0584fddd08a6827b10b78fc8f018
 SHA1 (patch-ai) = 2c5c181ec6de9622cac66c2d5fe2cc8f3f89fbe8
diff -r f586537c0407 -r 785ffd3df895 security/gnutls/patches/patch-ag
--- a/security/gnutls/patches/patch-ag  Sat Feb 21 13:38:47 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ag,v 1.3 2008/10/29 11:38:09 shannonjr Exp $
-
---- lib/mpi-libgcrypt.c.orig   2008-10-05 07:41:43.000000000 -0600
-+++ lib/mpi-libgcrypt.c
-@@ -120,7 +120,7 @@ wrap_gcry_mpi_get_nbits (bigint_t a)
- static void
- wrap_gcry_mpi_release (bigint_t a)
- {
--  return gcry_mpi_release (a);
-+  gcry_mpi_release (a);
- }
- 
- #undef _gnutls_mpi_alloc_like
diff -r f586537c0407 -r 785ffd3df895 security/gnutls/patches/patch-ah
--- a/security/gnutls/patches/patch-ah  Sat Feb 21 13:38:47 2009 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-$NetBSD: patch-ah,v 1.1 2008/10/29 11:38:09 shannonjr Exp $
-
---- lib/mac-libgcrypt.c.orig   2008-10-05 07:41:43.000000000 -0600
-+++ lib/mac-libgcrypt.c
-@@ -93,7 +93,7 @@ wrap_gcry_md_copy (void **bhd, void *ahd
- static void
- wrap_gcry_md_close (void *hd)
- {
--  return gcry_md_close (hd);
-+  gcry_md_close (hd);
- }
- 
- static int