CVS commit: [pkgsrc-2009Q2] pkgsrc/security/gnutls

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2009Q2] pkgsrc/security/gnutls
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Sat, 29 Aug 2009 09:49:14 +0000
Module Name:    pkgsrc
Committed By:   spz
Date:           Sat Aug 29 09:49:14 UTC 2009

Modified Files:
        pkgsrc/security/gnutls [pkgsrc-2009Q2]: Makefile PLIST distinfo
Added Files:
        pkgsrc/security/gnutls/patches [pkgsrc-2009Q2]: patch-ak patch-al

Log Message:
Pullup ticket 2874 - requested by tron
security update

Revisions pulled up:
- pkgsrc/security/gnutls/Makefile               1.86
- pkgsrc/security/gnutls/PLIST                  1.36
- pkgsrc/security/gnutls/distinfo               1.60

Files added:
pkgsrc/security/gnutls/patches/patch-ak         1.2
pkgsrc/security/gnutls/patches/patch-al         1.2

   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Sat Jul 18 10:32:32 UTC 2009

   Modified Files:
        pkgsrc/security/gnutls: Makefile distinfo

   Log Message:
   Update to 2.8.1:

   * Version 2.8.1 (released 2009-06-10)

   ** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cyc=
   le.
   Forwarded by Martin von Gagern <Martin.vGagern%gmx.net@localhost> from
   <http://bugs.gentoo.org/272388>.

   ** libgnutls: Fix PKCS#12 decryption from password.
   The encryption key derived from the password was incorrect for (on
   average) 1 in every 128 input for random inputs.  Reported by "Kukosa,
   Tomas" <tomas.kukosa%siemens-enterprise.com@localhost> in
   <http://permalink.gmane.org/gmane.network.gnutls.general/1663>.

   ** API and ABI modifications:
   No changes since last version.

   To generate a diff of this commit:
   cvs rdiff -u -r1.83 -r1.84 pkgsrc/security/gnutls/Makefile
   cvs rdiff -u -r1.57 -r1.58 pkgsrc/security/gnutls/distinfo

   ----------------------------------------------------------------------

   Module Name: pkgsrc
   Committed By:        drochner
   Date:                Wed Jul 22 16:50:07 UTC 2009

   Modified Files:
        pkgsrc/security/gnutls: Makefile PLIST distinfo
   Added Files:
        pkgsrc/security/gnutls/patches: patch-ak patch-al

   Log Message:
   disable the openssl compatibility library -- no pkg I know of needs
   it, and it only has a potential to conflict with the real openssl
   (bad things will happen if a program links or dlopen()s both)
   bump PKGREVISION
   (the bug fixed in the added patches is already fixed upstream, will
   be in the next release)

   To generate a diff of this commit:
   cvs rdiff -u -r1.84 -r1.85 pkgsrc/security/gnutls/Makefile
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/security/gnutls/PLIST
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/security/gnutls/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnutls/patches/patch-ak \
       pkgsrc/security/gnutls/patches/patch-al

   ----------------------------------------------------------------------

   Module Name: pkgsrc
   Committed By:        snj
   Date:                Thu Aug 13 18:56:32 UTC 2009

   Modified Files:
        pkgsrc/security/gnutls: Makefile distinfo
        pkgsrc/security/gnutls/patches: patch-ak patch-al

   Log Message:
   Update to 2.8.3.  Changes:

   * Version 2.8.3 (released 2009-08-13)

   ** libgnutls: Fix patch for NUL in CN/SAN in last release.
   Code intended to be removed would lead to an read-out-bound error in
   some situations.  Reported by Tomas Hoger <thoger%redhat.com@localhost>.  A 
CVE
   code have been allocated for the vulnerability: [CVE-2009-2730].

   ** libgnutls: Fix rare failure in gnutls_x509_crt_import.
   The function may fail incorrectly when an earlier certificate was
   imported to the same gnutls_x509_crt_t structure.

   ** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build
   error.

   ** tests: Made self-test mini-eagain take less time.

   ** doc: Typo fixes.

   ** API and ABI modifications:
   No changes since last version.

   * Version 2.8.2 (released 2009-08-10)

   ** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
   By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
   into 1) not printing the entire CN/SAN field value when printing a
   certificate and 2) cause incorrect positive matches when matching a
   hostname against a certificate.  Some CAs apparently have poor
   checking of CN/SAN values and issue these (arguable invalid)
   certificates.  Combined, this can be used by attackers to become a
   MITM on server-authenticated TLS sessions.  The problem is mitigated
   since attackers needs to get one certificate per site they want to
   attack, and the attacker reveals his tracks by applying for a
   certificate at the CA.  It does not apply to client authenticated TLS
   sessions.  Research presented independently by Dan Kaminsky and Moxie
   Marlinspike at BlackHat09.  Thanks to Tomas Hoger 
<thoger%redhat.com@localhost>
   for providing one part of the patch.  [GNUTLS-SA-2009-4].

   ** libgnutls: Fix return value of gnutls_certificate_client_get_request_sta=
   tus.
   Before it always returned false.  Reported by Peter Hendrickson
   <pdh%wiredyne.com@localhost> in
   <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.

   ** libgnutls: Fix off-by-one size computation error in unknown DN printing.
   The error resulted in truncated strings when printing unknown OIDs in
   X.509 certificate DNs.  Reported by Tim Kosse
   <tim.kosse%filezilla-project.org@localhost> in
   <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.

   ** libgnutls: Return correct bit lengths of some MPIs.
   gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
   gnutls_dh_get_peers_public_bits.  Before the reported value was
   overestimated.  Reported by Peter Hendrickson <pdh%wiredyne.com@localhost> in
   <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.

   ** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
   Report and patch by Tim Kosse <tim.kosse%filezilla-project.org@localhost> in
   <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
   and
   <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.

   ** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
   Before we required that the runtime library used the same (or more
   recent) libgcrypt/libtasn1 as it was compiled with.  Now we just check
   that the runtime usage is above the minimum required.  Reported by
   Marco d'Itri <md%linux.it@localhost> via Andreas Metzler
   <ametzler%downhill.at.eu.org@localhost> in <http://bugs.debian.org/540449>.

   ** minitasn1: Internal copy updated to libtasn1 v2.3.

   ** tests: Fix failure in "chainverify" because a certificate have expired.

   ** API and ABI modifications:
   No changes since last version.

   To generate a diff of this commit:
   cvs rdiff -u -r1.85 -r1.86 pkgsrc/security/gnutls/Makefile
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/security/gnutls/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/gnutls/patches/patch-ak \
       pkgsrc/security/gnutls/patches/patch-al


To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.83.2.1 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.35 -r1.35.2.1 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.57 -r1.57.2.1 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r0 -r1.2.2.2 pkgsrc/security/gnutls/patches/patch-ak \
    pkgsrc/security/gnutls/patches/patch-al

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Prev by Date: CVS commit: pkgsrc/misc/openoffice3
Next by Date: CVS commit: [pkgsrc-2009Q2] pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/misc/openoffice3
Next by Thread: CVS commit: [pkgsrc-2009Q2] pkgsrc/doc
Indexes:
Home | Main Index | Thread Index | Old Index