[pkgsrc/trunk]: pkgsrc/security/gnutls Update to 1.4.3:

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c40ae12a3425
branches:  trunk
changeset: 518491:c40ae12a3425
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sun Sep 10 21:12:21 2006 +0000

description:
Update to 1.4.3:

* Version 1.4.3 (released 2006-09-08)

** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's
** Crypto 06 rump session attack.
In particular, we check that the digestAlgorithm.parameters field is
empty, to avoid that it can contain "garbage" that may be used to
alter the numeric properties of the signature.  See
<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
not exactly the same as the problem we fix here).  Reported by Yutaka
OIWA <y.oiwa%aist.go.jp@localhost>.

See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more
up to date information.

** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.
See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>.
Reported by Werner Koch <wk%gnupg.org@localhost>.

See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more
up to date information.

** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.

** API and ABI modifications:
No changes since last version.

* Version 1.4.2 (released 2006-08-12)

** Fix a crash (strcmp() on a NULL value) in the certificate verification logic.
This can happen if you call gnutls_certificate_verify_peers2 and have
a certain mix of local CA certificates and the peer send special
certificates, that together trigger certain behaviour.  It is not
known at this point whether the crash can be triggered without the
special local CA certificate, and thus turn this into a remote crash
of clients that verify server certificates when they talk to a server
with the special server certificate.  See GNUTLS-SA-2006-2 on
http://www.gnu.org/software/gnutls/security.html for more up to date
information.  Reported by satyakumar <satyam_kkd%hyd.hellosoft.com@localhost>.

** Change SRP and Cert-Type extensions to match IANA registry.

** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support.

** Make --without-included-libtasn1 work.
Reported by Daniel Black <dragonheart%gentoo.org@localhost>.

** API and ABI modifications:
No changes since last version.

diffstat:

 security/gnutls/Makefile |  4 ++--
 security/gnutls/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (26 lines):

diff -r 0dd83f809ab9 -r c40ae12a3425 security/gnutls/Makefile
--- a/security/gnutls/Makefile  Sun Sep 10 20:24:32 2006 +0000
+++ b/security/gnutls/Makefile  Sun Sep 10 21:12:21 2006 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.50 2006/07/17 17:02:02 wiz Exp $
+# $NetBSD: Makefile,v 1.51 2006/09/10 21:12:21 wiz Exp $
 
-DISTNAME=      gnutls-1.4.1
+DISTNAME=      gnutls-1.4.3
 CATEGORIES=    security devel
 MASTER_SITES=  http://josefsson.org/gnutls/releases/ \
                ftp://ftp.gnutls.org/pub/gnutls/ \
diff -r 0dd83f809ab9 -r c40ae12a3425 security/gnutls/distinfo
--- a/security/gnutls/distinfo  Sun Sep 10 20:24:32 2006 +0000
+++ b/security/gnutls/distinfo  Sun Sep 10 21:12:21 2006 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.29 2006/07/17 17:02:02 wiz Exp $
+$NetBSD: distinfo,v 1.30 2006/09/10 21:12:21 wiz Exp $
 
-SHA1 (gnutls-1.4.1.tar.bz2) = 25d183fef21abbcaab0afe6b5809893aa70b577d
-RMD160 (gnutls-1.4.1.tar.bz2) = 1bb959a118ce8d776693f602034342c31a8737aa
-Size (gnutls-1.4.1.tar.bz2) = 4046780 bytes
+SHA1 (gnutls-1.4.3.tar.bz2) = c4182c3804235d6f3eb2f3e59bb560f22370d4fc
+RMD160 (gnutls-1.4.3.tar.bz2) = 3be97523303c5350dea1b74e50feeab71804f857
+Size (gnutls-1.4.3.tar.bz2) = 4047997 bytes
 SHA1 (patch-ab) = 503bf7fa154341504db7ba3b5c6602627ff27dc5