![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / pkgsrc / security / gnutls
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.111 / (download) - annotate - [select for diffs], Tue Apr 17 17:53:01 2012 UTC (5 weeks, 3 days ago) by drochner
Branch: MAIN
CVS Tags: HEAD
Changes since 1.110: +2 -2
lines
Diff to previous 1.110 (colored)
update to 2.12.18 changes: -Corrected SRP-RSA ciphersuites when used under TLS 1.2 -Fixed leaks in key generation
Revision 1.110 / (download) - annotate - [select for diffs], Thu Mar 15 16:41:48 2012 UTC (2 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1
Changes since 1.109: +2 -2
lines
Diff to previous 1.109 (colored)
Changes 2.12.17: * libgnutls: Corrections in record packet parsing. * libgnutls: Fixes in SRP authentication. * libgnutls: Added function to force explicit reinitialization of PKCS 11 modules. This is required on the child process after a fork. * libgnutls: PKCS 11 objects that do not have ID no longer crash listing. * API and ABI modifications: gnutls_pkcs11_reinit: Added
Revision 1.109 / (download) - annotate - [select for diffs], Tue Jan 17 14:54:19 2012 UTC (4 months, 1 week ago) by drochner
Branch: MAIN
Changes since 1.108: +2 -3
lines
Diff to previous 1.108 (colored)
update to 2.12.16 changes: bugfixes
Revision 1.108 / (download) - annotate - [select for diffs], Wed Nov 16 08:23:49 2011 UTC (6 months, 1 week ago) by sbd
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base,
pkgsrc-2011Q4
Changes since 1.107: +3 -1
lines
Diff to previous 1.107 (colored)
Add missing devel/readline buildlinks. Bump PKGREVISIONs
Revision 1.107 / (download) - annotate - [select for diffs], Wed Nov 9 18:41:46 2011 UTC (6 months, 2 weeks ago) by drochner
Branch: MAIN
Changes since 1.106: +2 -2
lines
Diff to previous 1.106 (colored)
update to 2.12.14 This fixes a Possible buffer overflow/Denial of service problem (CVE-2011-4128)
Revision 1.106 / (download) - annotate - [select for diffs], Sun Oct 30 18:07:55 2011 UTC (6 months, 3 weeks ago) by drochner
Branch: MAIN
Changes since 1.105: +2 -2
lines
Diff to previous 1.105 (colored)
update to 2.12.12 changes: minor fixes and cleanup
Revision 1.105 / (download) - annotate - [select for diffs], Thu Oct 6 17:56:25 2011 UTC (7 months, 2 weeks ago) by drochner
Branch: MAIN
Changes since 1.104: +2 -2
lines
Diff to previous 1.104 (colored)
update to 2.12.11 changes: bugfixes
Revision 1.104 / (download) - annotate - [select for diffs], Mon Sep 12 17:31:40 2011 UTC (8 months, 1 week ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.103: +2 -2
lines
Diff to previous 1.103 (colored)
update to 2.12.10 changes: bugfixes
Revision 1.103 / (download) - annotate - [select for diffs], Mon Aug 22 15:14:58 2011 UTC (9 months ago) by wiz
Branch: MAIN
Changes since 1.102: +2 -2
lines
Diff to previous 1.102 (colored)
Update to 2.12.9: * Version 2.12.9 (released 2011-08-21) ** libgnutls-extra: Replaced enumeration with unsigned int, in openssl.h to make it identical to the 3.0.0 version. This shouldn't introduce binary incompatibility. ** libgnutls: When asking for a PIN multiple times, the flags in the callback were not being updated to reflect for PIN low count or final try. ** API and ABI modifications: GNUTLS_PKCS11_PIN_WRONG: New flag for PIN callback
Revision 1.102 / (download) - annotate - [select for diffs], Thu Aug 11 11:03:35 2011 UTC (9 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.101: +7 -7
lines
Diff to previous 1.101 (colored)
Changes 2.12.8: * libgnutls: PKCS-11 back-end was replaced by p11-kit * libgnutls: gcrypt: replaced occurences of gcry_sexp_nth_mpi (..., 0) with gcry_sexp_nth_mpi (..., GCRYMPI_FMT_USG) to fix errors with 1.5.0. * libgnutls: Verify that a certificate liste specified using gnutls_certificate_set_x509_key*(), is sorted according to TLS specification * libgnutls: Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for gnutls_x509_crt_list_import. It checks whether the list to be imported is properly sorted. * libgnutls: writev_emu: stop on the first incomplete write. * libgnutls: Fix zlib handling in gnutls.pc. * certtool: bug fixes in certificate request generation. * API and ABI modifications: GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: New element in gnutls_certificate_import_flags
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jul 11 16:10:29 2011 UTC (10 months, 2 weeks ago) by drochner
Branch: MAIN
Changes since 1.100: +5 -5
lines
Diff to previous 1.100 (colored)
update to 2.12.7 changes: -bugfixes -minor feature additions pkgsrc change: since the pkg was changed to build against "nettle" instead of libgcrypt (whether this was a good idea or not...), the latter isn't needed anymore, so remove the stale dependency This can cause build breakage -- in this case addition of a local dependency should restore the old state. (This dependency is technically unnecessary often, but the assumption that gnutls needs libgcrypt is sometimes hardwired in configure scripts and/or code.)
Revision 1.100 / (download) - annotate - [select for diffs], Wed Apr 27 16:56:43 2011 UTC (12 months, 4 weeks ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.99: +2 -1
lines
Diff to previous 1.99 (colored)
"pkg-config --cflags gnutls" failed with: Package zlib was not found in the pkg-config search path. ... there is no zlib.pc, so comment out the part of the configure script that adds that to the pkg-config file. Bump PKGREVISION.
Revision 1.99 / (download) - annotate - [select for diffs], Tue Apr 26 10:35:29 2011 UTC (13 months ago) by adam
Branch: MAIN
Changes since 1.98: +3 -3
lines
Diff to previous 1.98 (colored)
Changes 2.12.3: * libgnutls: Several minor bugfixes. * libgnutls: Restored HMAC-MD5 for compatibility. Although considered weak, several sites require it for connection. It is enabled for "NORMAL" and "PERFORMANCE" priority strings. * libgnutls: depend on libdl. * libgnutls: gnutls_transport_set_global_errno() was deprecated. Use your system's errno fascility or gnutls_transport_set_errno(). * gnutls-cli: Correction with usage of select to check for pending data in gnutls sessions. It now uses gnutls_record_check_pending(). * tests: More fixes and updates for win32. Patches by LRN. * libgnutls: Several files unnecessarily included <gcrypt.h>; this has been fixed. ** API and ABI modifications: gnutls_transport_set_global_errno: DEPRECATED Changes 2.12.2: * libgnutls: Several updates and fixes for win32. Patches by LRN. * libgnutls: Several bug and memory leak fixes. * srptool: Accepts the -d option to enable debugging. * libgnutls: Corrected bug in gnutls_srp_verifier() that prevented the allocation of a verifier. Reported by Andrew Wiseman. Changes 2.12.1: * certtool: Generated certificate request with stricter permissions. * libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov. * libgnutls: Corrected windows system_errno() function prototype. * libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand. * libgnutls: Fix size of gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler.
Revision 1.98 / (download) - annotate - [select for diffs], Fri Apr 22 13:42:00 2011 UTC (13 months ago) by obache
Branch: MAIN
Changes since 1.97: +2 -2
lines
Diff to previous 1.97 (colored)
recursive bump from gettext-lib shlib bump.
Revision 1.97 / (download) - annotate - [select for diffs], Wed Mar 9 10:52:25 2011 UTC (14 months, 2 weeks ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base,
pkgsrc-2011Q1
Changes since 1.96: +2 -1
lines
Diff to previous 1.96 (colored)
fix installed pkgconfig .pc file: Don't refer to zlib.pc -- this fails with system libz. We propagate a dependency per bl3 file, this should be sufficient. bump PKGREV
Revision 1.96 / (download) - annotate - [select for diffs], Mon Mar 7 13:45:34 2011 UTC (14 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.95: +2 -2
lines
Diff to previous 1.95 (colored)
Changes 2.10.5: * libgnutls: Corrected verification of finished messages. * libgnutls: Corrected signature generation and verification in the Certificate Verify message when in TLS 1.2. * pkg-config gnutls.pc improvements. * API and ABI modifications: No changes since last version.
Revision 1.95 / (download) - annotate - [select for diffs], Sun Dec 12 11:58:53 2010 UTC (17 months, 1 week ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base,
pkgsrc-2010Q4
Changes since 1.94: +2 -2
lines
Diff to previous 1.94 (colored)
Update to 2.10.4: * Version 2.10.4 (released 2010-12-06) ** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. ** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. This makes us comply with RFC3279. Reported by Michael Rommel. ** libgnutls: Reverted default behavior for verification and introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1 trusted CAs are allowed, unless the new flag is specified. ** minitasn1: Updated to Libtasn1 2.9. ** API and ABI modifications: No changes since last version.
Revision 1.94 / (download) - annotate - [select for diffs], Fri Nov 26 17:56:14 2010 UTC (17 months, 4 weeks ago) by drochner
Branch: MAIN
Changes since 1.93: +2 -2
lines
Diff to previous 1.93 (colored)
update to 2.10.3 changes: bugfixes
Revision 1.93 / (download) - annotate - [select for diffs], Sat Oct 16 16:43:42 2010 UTC (19 months, 1 week ago) by wiz
Branch: MAIN
Changes since 1.92: +2 -2
lines
Diff to previous 1.92 (colored)
Update to 2.10.2: * Version 2.10.2 (released 2010-09-30) ** Use Libtool 2.2.10 to ease MinGW64 builds. ** libgnutls: Add new extended key usage ipsecIKE. ** libgnutls: Is now more liberal in the PEM decoding. That is spaces and tabs are being skipped. ** libgnutls: Renamed NULL MAC to MAC-NULL to prevent clash with NULL cipher. This prevented the usage of the TLS ciphersuites with NULL cipher. See <http://thread.gmane.org/gmane.network.gnutls.general/2093>. ** libgnutls: The %COMPAT flag now allows larger records that violate the TLS spec. ** libgnutls: Fix asynchronous API handling. The code was clearing session hash data on EAGAIN. Problem reported by Sjoerd Simons <sjoerd.simons@collabora.co.uk> and Vivek Dasmohapatra <vivek@collabora.co.uk>. See <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4531>. ** gnutls-cli: Flush stdout/stderr before removing buffering. Reported by Knut Anders Hatlen see <http://savannah.gnu.org/support/?107481>.
Revision 1.92 / (download) - annotate - [select for diffs], Wed Sep 1 16:32:17 2010 UTC (20 months, 3 weeks ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base,
pkgsrc-2010Q3
Changes since 1.91: +2 -4
lines
Diff to previous 1.91 (colored)
update to 2.10.1 many fixes and API extensions, but still binary compatible afaict
Revision 1.91 / (download) - annotate - [select for diffs], Tue Apr 13 16:31:27 2010 UTC (2 years, 1 month ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base,
pkgsrc-2010Q2
Changes since 1.90: +2 -3
lines
Diff to previous 1.90 (colored)
update to 2.8.6 changes: -interoperability improvements (especially for VeriSign) -misc fixes -translation updates
Revision 1.90 / (download) - annotate - [select for diffs], Wed Mar 24 19:43:28 2010 UTC (2 years, 2 months ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.89: +2 -1
lines
Diff to previous 1.89 (colored)
Recursive revision bump for GMP update.
Revision 1.89 / (download) - annotate - [select for diffs], Tue Nov 3 00:15:41 2009 UTC (2 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4
Changes since 1.88: +2 -2
lines
Diff to previous 1.88 (colored)
Update to 2.8.5: * Version 2.8.5 (released 2009-11-02) ** libgnutls: In server side when resuming a session do not overwrite the ** initial session data with the resumed session data. ** libgnutls: Fix PKCS#12 encoding. The error you would get was "The OID is not supported.". Problem introduced for the v2.8.x branch in 2.7.6. ** guile: Compatibility with guile 2.x. By Ludovic Courtes <ludovic.courtes@laas.fr>. ** tests: Fix expired cert in chainverify self-test. ** tests: Fix time bomb in chainverify self-test. Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>. ** API and ABI modifications: No changes since last version.
Revision 1.88 / (download) - annotate - [select for diffs], Sat Oct 31 01:16:42 2009 UTC (2 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.87: +2 -2
lines
Diff to previous 1.87 (colored)
Update to 2.8.4: * Version 2.8.4 (released 2009-09-18) ** libgnutls: Enable Camellia ciphers by default. ** libgnutls: Make OpenPGP hostname checking work again. The patch to resolve the X.509 CN/SAN issue accidentally broken OpenPGP hostname comparison. ** libgnutls: When printing X.509 certificates, handle XMPP SANs better. Reported by Howard Chu <hyc@symas.com> in <https://savannah.gnu.org/support/?106975>. ** API and ABI modifications: No changes since last version.
Revision 1.87 / (download) - annotate - [select for diffs], Mon Oct 12 15:25:14 2009 UTC (2 years, 7 months ago) by reed
Branch: MAIN
Changes since 1.86: +2 -2
lines
Diff to previous 1.86 (colored)
Increase the BUILDLINK_API_DEPENDS.libgcrypt requirement. The configure requires GCRY_CIPHER_CAMELLIA128. (Not bumping PKGREVISION as this is a build issue.)
Revision 1.83.2.1 / (download) - annotate - [select for diffs], Sat Aug 29 09:49:13 2009 UTC (2 years, 8 months ago) by spz
Branch: pkgsrc-2009Q2
Changes since 1.83: +6 -3
lines
Diff to previous 1.83 (colored) next main 1.84 (colored)
Pullup ticket 2874 - requested by tron
security update
Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.86
- pkgsrc/security/gnutls/PLIST 1.36
- pkgsrc/security/gnutls/distinfo 1.60
Files added:
pkgsrc/security/gnutls/patches/patch-ak 1.2
pkgsrc/security/gnutls/patches/patch-al 1.2
Module Name: pkgsrc
Committed By: wiz
Date: Sat Jul 18 10:32:32 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to 2.8.1:
* Version 2.8.1 (released 2009-06-10)
** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cyc=
le.
Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
<http://bugs.gentoo.org/272388>.
** libgnutls: Fix PKCS#12 decryption from password.
The encryption key derived from the password was incorrect for (on
average) 1 in every 128 input for random inputs. Reported by "Kukosa,
Tomas" <tomas.kukosa@siemens-enterprise.com> in
<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
** API and ABI modifications:
No changes since last version.
To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.84 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.57 -r1.58 pkgsrc/security/gnutls/distinfo
----------------------------------------------------------------------
Module Name: pkgsrc
Committed By: drochner
Date: Wed Jul 22 16:50:07 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Added Files:
pkgsrc/security/gnutls/patches: patch-ak patch-al
Log Message:
disable the openssl compatibility library -- no pkg I know of needs
it, and it only has a potential to conflict with the real openssl
(bad things will happen if a program links or dlopen()s both)
bump PKGREVISION
(the bug fixed in the added patches is already fixed upstream, will
be in the next release)
To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/security/gnutls/PLIST
cvs rdiff -u -r1.58 -r1.59 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnutls/patches/patch-ak \
pkgsrc/security/gnutls/patches/patch-al
----------------------------------------------------------------------
Module Name: pkgsrc
Committed By: snj
Date: Thu Aug 13 18:56:32 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
pkgsrc/security/gnutls/patches: patch-ak patch-al
Log Message:
Update to 2.8.3. Changes:
* Version 2.8.3 (released 2009-08-13)
** libgnutls: Fix patch for NUL in CN/SAN in last release.
Code intended to be removed would lead to an read-out-bound error in
some situations. Reported by Tomas Hoger <thoger@redhat.com>. A CVE
code have been allocated for the vulnerability: [CVE-2009-2730].
** libgnutls: Fix rare failure in gnutls_x509_crt_import.
The function may fail incorrectly when an earlier certificate was
imported to the same gnutls_x509_crt_t structure.
** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build
error.
** tests: Made self-test mini-eagain take less time.
** doc: Typo fixes.
** API and ABI modifications:
No changes since last version.
* Version 2.8.2 (released 2009-08-10)
** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
into 1) not printing the entire CN/SAN field value when printing a
certificate and 2) cause incorrect positive matches when matching a
hostname against a certificate. Some CAs apparently have poor
checking of CN/SAN values and issue these (arguable invalid)
certificates. Combined, this can be used by attackers to become a
MITM on server-authenticated TLS sessions. The problem is mitigated
since attackers needs to get one certificate per site they want to
attack, and the attacker reveals his tracks by applying for a
certificate at the CA. It does not apply to client authenticated TLS
sessions. Research presented independently by Dan Kaminsky and Moxie
Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com>
for providing one part of the patch. [GNUTLS-SA-2009-4].
** libgnutls: Fix return value of gnutls_certificate_client_get_request_sta=
tus.
Before it always returned false. Reported by Peter Hendrickson
<pdh@wiredyne.com> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
** libgnutls: Fix off-by-one size computation error in unknown DN printing.
The error resulted in truncated strings when printing unknown OIDs in
X.509 certificate DNs. Reported by Tim Kosse
<tim.kosse@filezilla-project.org> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
** libgnutls: Return correct bit lengths of some MPIs.
gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
gnutls_dh_get_peers_public_bits. Before the reported value was
overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
and
<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.
** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
Before we required that the runtime library used the same (or more
recent) libgcrypt/libtasn1 as it was compiled with. Now we just check
that the runtime usage is above the minimum required. Reported by
Marco d'Itri <md@linux.it> via Andreas Metzler
<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.
** minitasn1: Internal copy updated to libtasn1 v2.3.
** tests: Fix failure in "chainverify" because a certificate have expired.
** API and ABI modifications:
No changes since last version.
To generate a diff of this commit:
cvs rdiff -u -r1.85 -r1.86 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.59 -r1.60 pkgsrc/security/gnutls/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/gnutls/patches/patch-ak \
pkgsrc/security/gnutls/patches/patch-al
Revision 1.86 / (download) - annotate - [select for diffs], Thu Aug 13 18:56:32 2009 UTC (2 years, 9 months ago) by snj
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base,
pkgsrc-2009Q3
Changes since 1.85: +2 -3
lines
Diff to previous 1.85 (colored)
Update to 2.8.3. Changes: * Version 2.8.3 (released 2009-08-13) ** libgnutls: Fix patch for NUL in CN/SAN in last release. Code intended to be removed would lead to an read-out-bound error in some situations. Reported by Tomas Hoger <thoger@redhat.com>. A CVE code have been allocated for the vulnerability: [CVE-2009-2730]. ** libgnutls: Fix rare failure in gnutls_x509_crt_import. The function may fail incorrectly when an earlier certificate was imported to the same gnutls_x509_crt_t structure. ** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build error. ** tests: Made self-test mini-eagain take less time. ** doc: Typo fixes. ** API and ABI modifications: No changes since last version. * Version 2.8.2 (released 2009-08-10) ** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate. Some CAs apparently have poor checking of CN/SAN values and issue these (arguable invalid) certificates. Combined, this can be used by attackers to become a MITM on server-authenticated TLS sessions. The problem is mitigated since attackers needs to get one certificate per site they want to attack, and the attacker reveals his tracks by applying for a certificate at the CA. It does not apply to client authenticated TLS sessions. Research presented independently by Dan Kaminsky and Moxie Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com> for providing one part of the patch. [GNUTLS-SA-2009-4]. ** libgnutls: Fix return value of gnutls_certificate_client_get_request_status. Before it always returned false. Reported by Peter Hendrickson <pdh@wiredyne.com> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>. ** libgnutls: Fix off-by-one size computation error in unknown DN printing. The error resulted in truncated strings when printing unknown OIDs in X.509 certificate DNs. Reported by Tim Kosse <tim.kosse@filezilla-project.org> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>. ** libgnutls: Return correct bit lengths of some MPIs. gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and gnutls_dh_get_peers_public_bits. Before the reported value was overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>. ** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN. Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671> and <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>. ** libgnutls: Relax checking of required libtasn1/libgcrypt versions. Before we required that the runtime library used the same (or more recent) libgcrypt/libtasn1 as it was compiled with. Now we just check that the runtime usage is above the minimum required. Reported by Marco d'Itri <md@linux.it> via Andreas Metzler <ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>. ** minitasn1: Internal copy updated to libtasn1 v2.3. ** tests: Fix failure in "chainverify" because a certificate have expired. ** API and ABI modifications: No changes since last version.
Revision 1.85 / (download) - annotate - [select for diffs], Wed Jul 22 16:50:07 2009 UTC (2 years, 10 months ago) by drochner
Branch: MAIN
Changes since 1.84: +5 -1
lines
Diff to previous 1.84 (colored)
disable the openssl compatibility library -- no pkg I know of needs it, and it only has a potential to conflict with the real openssl (bad things will happen if a program links or dlopen()s both) bump PKGREVISION (the bug fixed in the added patches is already fixed upstream, will be in the next release)
Revision 1.84 / (download) - annotate - [select for diffs], Sat Jul 18 10:32:32 2009 UTC (2 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.83: +3 -3
lines
Diff to previous 1.83 (colored)
Update to 2.8.1: * Version 2.8.1 (released 2009-06-10) ** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from <http://bugs.gentoo.org/272388>. ** libgnutls: Fix PKCS#12 decryption from password. The encryption key derived from the password was incorrect for (on average) 1 in every 128 input for random inputs. Reported by "Kukosa, Tomas" <tomas.kukosa@siemens-enterprise.com> in <http://permalink.gmane.org/gmane.network.gnutls.general/1663>. ** API and ABI modifications: No changes since last version.
Revision 1.83 / (download) - annotate - [select for diffs], Tue Jun 9 18:56:37 2009 UTC (2 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.82: +2 -3
lines
Diff to previous 1.82 (colored)
Update to 2.8.0: * Version 2.8.0 (released 2009-05-27) ** doc: Fix gnutls_dh_get_prime_bits. Fix error codes and algorithm lists. ** Major changes compared to the v2.4 branch: *** lib: Linker version scripts reduces number of exported symbols. *** lib: Limit exported symbols on systems without LD linker scripts. *** libgnutls: Fix namespace issue with version symbols. *** libgnutls: Add functions to verify a hash against a certificate. gnutls_x509_crt_verify_hash: ADDED gnutls_x509_crt_get_verify_algorithm: ADDED *** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. *** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'. *** certtool: Query for multiple dnsName subjectAltName in interactive mode. *** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. *** gnutls-serv: No longer disable MAC padding by default. *** gnutls-cli: Certificate information output format changed. *** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 *** and %VERIFY_ALLOW_X509_V1_CA_CRT. *** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. *** libgnutls: gnutls_openpgp_crt_print supports oneline mode. *** libgnutls: gnutls_handshake when sending client hello during a rehandshake, will not offer a version number larger than the current. *** libgnutls: New interface to get key id for certificate requests. gnutls_x509_crq_get_key_id: ADDED. *** libgnutls: gnutls_x509_crq_print will now also print public key id. *** certtool: --verify-chain now prints results of using library verification. *** libgnutls: Libgcrypt initialization changed. *** libgnutls: Small byte reads via gnutls_record_recv() optimized. *** gnutls-cli: Return non-zero exit code on error conditions. *** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. *** certtool: allow setting arbitrary key purpose object identifiers. *** libgnutls: Change detection of when to use a linker version script. Use --enable-ld-version-script or --disable-ld-version-script to override auto-detection logic. *** Fix warnings and build GnuTLS with more warnings enabled. *** New API to set X.509 credentials from PKCS#12 memory structure. gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED *** Old libgnutls.m4 and libgnutls-config scripts removed. Please use pkg-config instead. *** libgnutls: Added functions to handle CRL extensions. gnutls_x509_crl_get_authority_key_id: ADDED gnutls_x509_crl_get_number: ADDED gnutls_x509_crl_get_extension_oid: ADDED gnutls_x509_crl_get_extension_info: ADDED gnutls_x509_crl_get_extension_data: ADDED gnutls_x509_crl_set_authority_key_id: ADDED gnutls_x509_crl_set_number: ADDED *** libgnutls: Added functions to handle X.509 extensions in Certificate Requests. gnutls_x509_crq_get_key_rsa_raw: ADDED gnutls_x509_crq_get_attribute_info: ADDED gnutls_x509_crq_get_attribute_data: ADDED gnutls_x509_crq_get_extension_info: ADDED gnutls_x509_crq_get_extension_data: ADDED gnutls_x509_crq_get_key_usage: ADDED gnutls_x509_crq_get_basic_constraints: ADDED gnutls_x509_crq_get_subject_alt_name: ADDED gnutls_x509_crq_get_subject_alt_othername_oid: ADDED gnutls_x509_crq_get_extension_by_oid: ADDED gnutls_x509_crq_set_subject_alt_name: ADDED gnutls_x509_crq_set_basic_constraints: ADDED gnutls_x509_crq_set_key_usage: ADDED gnutls_x509_crq_get_key_purpose_oid: ADDED gnutls_x509_crq_set_key_purpose_oid: ADDED gnutls_x509_crq_print: ADDED gnutls_x509_crt_set_crq_extensions: ADDED *** certtool: Print and set CRL and CRQ extensions. *** minitasn1: Internal copy updated to libtasn1 v2.1. *** examples: Now released into the public domain. *** The Texinfo and GTK-DOC manuals were improved. *** Several self-tests were added and others improved. *** API/ABI changes in GnuTLS 2.8 compared to GnuTLS 2.6.x No offically supported interfaces have been modified or removed. The library should be completely backwards compatible on both the source and binary level. The shared library no longer exports some symbols that have never been officially supported, i.e., not mentioned in any of the header files. The symbols are: _gnutls* gnutls_asn1_tab Normally when symbols are removed, the shared library version has to be incremented. This leads to a significant cost for everyone using the library. Because none of the above symbols have ever been intended for use by well-behaved applications, we decided that the it would be better for those applications to pay the price rather than incurring problems on the majority of applications. If it turns out that applications have been using unofficial interfaces, we will need to release a follow-on release on the v2.8 branch to exports additional interfaces. However, initial testing suggests that few if any applications have been using any of the internal symbols. Although not a new change compared to 2.6.x, we'd like to remind you interfaces have been modified so that X.509 chain verification now also checks activation/expiration times on certificates. The affected functions are: gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. gnutls_certificate_verify_peers: Likewise. gnutls_certificate_verify_peers2: Likewise. GNUTLS_CERT_NOT_ACTIVATED: ADDED. GNUTLS_CERT_EXPIRED: ADDED. GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. This change in behaviour was made during the GnuTLS 2.6.x cycle, and we gave our rationale for it in earlier release notes. The following symbols have been added to the library: gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED gnutls_x509_crl_get_authority_key_id: ADDED gnutls_x509_crl_get_extension_data: ADDED gnutls_x509_crl_get_extension_info: ADDED gnutls_x509_crl_get_extension_oid: ADDED gnutls_x509_crl_get_number: ADDED gnutls_x509_crl_set_authority_key_id: ADDED gnutls_x509_crl_set_number: ADDED gnutls_x509_crq_get_attribute_data: ADDED gnutls_x509_crq_get_attribute_info: ADDED gnutls_x509_crq_get_basic_constraints: ADDED gnutls_x509_crq_get_extension_by_oid: ADDED gnutls_x509_crq_get_extension_data: ADDED gnutls_x509_crq_get_extension_info: ADDED gnutls_x509_crq_get_key_id: ADDED. gnutls_x509_crq_get_key_purpose_oid: ADDED gnutls_x509_crq_get_key_rsa_raw: ADDED gnutls_x509_crq_get_key_usage: ADDED gnutls_x509_crq_get_subject_alt_name: ADDED gnutls_x509_crq_get_subject_alt_othername_oid: ADDED gnutls_x509_crq_print: ADDED gnutls_x509_crq_set_basic_constraints: ADDED gnutls_x509_crq_set_key_purpose_oid: ADDED gnutls_x509_crq_set_key_usage: ADDED gnutls_x509_crq_set_subject_alt_name: ADDED gnutls_x509_crt_get_verify_algorithm: ADDED gnutls_x509_crt_set_crq_extensions: ADDED gnutls_x509_crt_verify_hash: ADDED The following interfaces have been added to the header files: GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. GNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. The following interfaces have been deprecated: LIBGNUTLS_VERSION: DEPRECATED. LIBGNUTLS_VERSION_MAJOR: DEPRECATED. LIBGNUTLS_VERSION_MINOR: DEPRECATED. LIBGNUTLS_VERSION_PATCH: DEPRECATED. LIBGNUTLS_VERSION_NUMBER: DEPRECATED. LIBGNUTLS_EXTRA_VERSION: DEPRECATED. * Version 2.7.14 (released 2009-05-26) ** libgnutls: Fix namespace issue with version symbol for libgnutls-extra. The symbol LIBGNUTLS_EXTRA_VERSION were renamed to GNUTLS_EXTRA_VERSION. The old symbol will continue to work but is deprecated. ** Doc: Several typo fixes in documentation. Reported by Peter Hendrickson <pdh@wiredyne.com>. ** API and ABI modifications: GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. LIBGNUTLS_EXTRA_VERSION: DEPRECATED. * Version 2.7.13 (released 2009-05-25) ** libgnutls: Fix version of some exported symbols in the shared library. Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3576>. ** tests: Handle recently expired certificates in chainverify self-test. Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3580>. ** API and ABI modifications: No changes since last version. * Version 2.7.12 (released 2009-05-20) ** gnutls-serv, gnutls-cli-debug: Make them work on Windows. ** tests/crq_key_id: Don't read entropy from /dev/random in self-test. Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3570>. ** Fix build failures. Missing sa_family_t and vsnprintf on IRIX. Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3571>. ** minitasn1: Internal copy updated to libtasn1 v2.2. GnuTLS should work fine with libtasn1 v1.x and that is still supported. ** API and ABI modifications: No changes since last version. * Version 2.7.11 (released 2009-05-18) ** minitasn1: Fix build failure when using internal libtasn1. Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3548>. ** libgnutls: Fix build failure with --disable-cxx. Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3557>. ** gnutls-serv: Fix build failure for unportable NI_MAXHOST/NI_MAXSERV. Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3560> ** Building with many warning flags now requires --enable-gcc-warnings. This avoids crying wolf for normal compiles. ** API and ABI modifications: No changes since last version. * Version 2.7.10 (released 2009-05-13) ** examples: Now released into the public domain. This makes the license of the example code compatible with more licenses, including the (L)GPL. ** minitasn1: Internal copy updated to libtasn1 v2.1. GnuTLS should work fine with libtasn1 v1.x and that is still supported. ** libgnutls: Fix crash in signature verification The fix for the CVE-2009-1415 problem wasn't merged completely. ** doc: Fixes for GTK-DOC output. ** API and ABI modifications: No changes since last version. * Version 2.7.9 (released 2009-05-11) ** doc: Fix strings in man page of gnutls_priority_init. ** doc: Fix tables of error codes and supported algorithms. ** Fix build failure when cross-compiled using MinGW. ** Fix build failure when LZO is enabled. Reported by Arfrever Frehtes Taifersar Arahesis <arfrever.fta@gmail.com> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3522>. ** Fix build failure on systems without AF_INET6, e.g., Solaris 2.6. Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3524>. ** Fix warnings in self-tests. ** API and ABI modifications: No changes since last version. * Version 2.7.8 (released 2009-05-03) ** libgnutls: Fix DSA key generation. Merged from stable branch. [GNUTLS-SA-2009-2] [CVE-2009-1416] ** libgnutls: Check expiration/activation time on untrusted certificates. Merged from stable branch. Reported by Romain Francoise <romain@orebokech.com>. This changes the semantics of gnutls_x509_crt_list_verify, which in turn is used by gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2. We add two new gnutls_certificate_status_t codes for reporting the new error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also add a new gnutls_certificate_verify_flags flag, GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new behaviour. [GNUTLS-SA-2009-3] [CVE-2009-1417] ** lib: Linker version scripts reduces number of exported symbols. The linker version script now lists all exported ABIs explicitly, to avoid accidentally exporting unintended functions. Compared to before, most symbols beginning with _gnutls* are no longer exported. These functions have never been intended for use by applications, and there were no prototypes for these function in the public header files. Thus we believe it is possible to do this without incrementing the library ABI version which normally has to be done when removing an interface. ** lib: Limit exported symbols on systems without LD linker scripts. Before all symbols were exported. Now we limit the exported symbols to (for libgnutls and libgnutls-extra) gnutls* and (for libgnutls) _gnutls*. This is a superset of the actual supported ABI, but still an improvement compared to before. This is implemented using Libtool -export-symbols-regex. It is more portable than linker version scripts. ** libgnutls: Incremented CURRENT/AGE libtool version to reflect new symbols. This should have been done in the last release. ** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. Reported by Peter Hendrickson <pdh@wiredyne.com> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3476>. ** doc: Improved sections for the info manual. We now follow the advice given by the texinfo manual on which directory categories to use. In particular, libgnutls moved from the 'GNU Libraries' section to the 'Software libraries' and the command line tools moved from 'Network Applications' to 'System Administration'. ** API and ABI modifications: gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. gnutls_certificate_verify_peers: Likewise. gnutls_certificate_verify_peers2: Likewise. GNUTLS_CERT_NOT_ACTIVATED: ADDED. GNUTLS_CERT_EXPIRED: ADDED. GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. * Version 2.7.7 (released 2009-04-20) ** libgnutls: Applied patch by Cedric Bail to add functions gnutls_x509_crt_verify_hash() and gnutls_x509_crt_get_verify_algorithm(). ** gnutls.pc: Add -ltasn1 to 'pkg-config --libs --static gnutls' output. Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in <http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3467>. ** minitasn1: Internal copy updated to libtasn1 v1.8. GnuTLS is also internally ready to be used with libtasn1 v2.0. ** doc: Fix build failure of errcodes/printlist. Reported by Roman Bogorodskiy <novel@FreeBSD.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3435>. ** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'. It is currently only used by the core library. This will enable a new domain 'gnutls' for translations of the command line tools. ** Corrected possible memory corruption on signature verification failure. Reported by Miroslav Kratochvil <exa.exa@gmail.com> ** API and ABI modifications: gnutls_x509_crt_verify_hash: ADDED gnutls_x509_crt_get_verify_algorithm: ADDED * Version 2.7.6 (released 2009-02-27) ** certtool: Query for multiple dnsName subjectAltName in interactive mode. This applies both to generating certificates and certificate requests. ** pkix.asn: Removed unneeded definitions to reduce memory usage. ** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to be used for chain verification. ** gnutls-serv: No longer disable MAC padding by default. Use --priority NORMAL:%COMPAT to disable MAC padding again. ** gnutls-cli: Certificate information output format changed. The tool now uses libgnutls' functions to print certificate information. This avoids code duplication. ** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 ** and %VERIFY_ALLOW_X509_V1_CA_CRT. They can be used to override the default certificate chain validation behaviour. ** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to specify the client hello message record version. Used to overcome buggy TLS servers. Report by Martin von Gagern. ** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. ** libgnutls: gnutls_openpgp_crt_print supports oneline mode. ** doc: Update gnutls-cli and gnutls-serv --help output descriptions. ** API and ABI modifications: No changes since last version. * Version 2.7.5 (released 2009-02-06) ** libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: result_size in gnutls_hex_encode now holds the size of the result. Report by John Brooks <special@dereferenced.net>. ** libgnutls: gnutls_handshake when sending client hello during a rehandshake, will not offer a version number larger than the current. Reported by Tristan Hill <stan@saticed.me.uk>. ** libgnutls: Permit V1 Certificate Authorities properly. Before they were mistakenly rejected even though GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** API and ABI modifications: No changes since last version. * Version 2.7.4 (released 2009-01-07) ** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. This is a bugfix -- the previous attempt to do this from internal x509 certificate verification procedures did not return the correct value for certificates using a weak hash. Reported by Daniel Kahn Gillmor <dkg@fifthhorseman.net> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn Gillmor <dkg@fifthhorseman.net>. ** libgnutls: New interface to get key id for certificate requests. Patch from David Marín Carreño <davefx@gmail.com> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>. ** libgnutls: gnutls_x509_crq_print will now also print public key id. ** certtool: --verify-chain now prints results of using library verification. Earlier, certtool --verify-chain used its own validation algorithm which wasn't guaranteed to give the same result as the libgnutls internal validation algorithm. Now this command print a new final line with header 'Chain verification output:' that contains the result from using the internal verification algorithm on the same chain. ** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id. ** API and ABI modifications: gnutls_x509_crq_get_key_id: ADDED. * Version 2.7.3 (released 2008-12-10) ** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. Reported by Michael Kiefer <Michael-Kiefer@web.de> in <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by Andreas Metzler <ametzler@downhill.at.eu.org> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>. ** libgnutls: Libgcrypt initialization changed. If libgcrypt has not already been initialized, GnuTLS will now initialize libgcrypt with disabled secure memory. Initialize libgcrypt explicitly in your application if you want to enable secure memory. Before GnuTLS initialized libgcrypt to use GnuTLS's memory allocation functions, which doesn't use secure memory, so there is no real change in behaviour. ** libgnutls: Fix memory leak in PSK authentication. Reported by Michael Weiser <michael@weiser.dinsnail.net> in <http://permalink.gmane.org/gmane.network.gnutls.general/1465>. ** libgnutls: Small byte reads via gnutls_record_recv() optimized. ** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier. It needs to be invoked before libgcrypt is initialized. ** gnutls-cli: Return non-zero exit code on error conditions. ** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. ** tests: Added chainverify self-test that tests X.509 chain verifications. ** API and ABI modifications: No changes since last version. * Version 2.7.2 (released 2008-11-18) ** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] The flaw makes it possible for man in the middle attackers (i.e., active attackers) to assume any name and trick GNU TLS clients into trusting that name. Thanks for report and analysis from Martin von Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989] Any updates with more details about this vulnerability will be added to <http://www.gnu.org/software/gnutls/security.html> ** libgnutls: Fix namespace issue with version symbols. The symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR, LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and LIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER, GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and GNUTLS_VERSION_NUMBER respectively. The old symbols will continue to work but are deprecated. ** certtool: allow setting arbitrary key purpose object identifiers. ** libgnutls: Fix detection of C99 macros, to make debug logging work again. ** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. Reported by Kevin Quick <quick@sparq.org> in <https://savannah.gnu.org/support/index.php?106454>. ** libgnutls-extra: Make building with LZO compression work again. Build failure reported by Arfrever Frehtes Taifersar Arahesis <arfrever.fta@gmail.com> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3194>. ** libgnutls: Change detection of when to use a linker version script. Use --enable-ld-version-script or --disable-ld-version-script to override auto-detection logic. ** doc: Change license on the manual to GFDLv1.3+. ** doc: GTK-DOC fixes for new splitted configuration system. ** doc: Texinfo stylesheet uses white background. ** tests: Add cve-2008-4989.c self-test. Tests regressions of the GNUTLS-SA-2008-3 security problem, and the follow-on problem with crashes on length 1 certificate chains. ** gnulib: Deprecated modules removed. Modules include memchr and memcmp. ** Fix warnings and build GnuTLS with more warnings enabled. ** minitasn1: Internal copy updated to libtasn1 v1.7. ** API and ABI modifications: gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. LIBGNUTLS_VERSION: DEPRECATED. LIBGNUTLS_VERSION_MAJOR: DEPRECATED. LIBGNUTLS_VERSION_MINOR: DEPRECATED. LIBGNUTLS_VERSION_PATCH: DEPRECATED. LIBGNUTLS_VERSION_NUMBER: DEPRECATED. * Version 2.7.1 (released 2008-10-31) ** certtool: print a PKCS #8 key even if it is not encrypted. ** Old libgnutls.m4 and libgnutls-config scripts removed. Please use pkg-config instead. ** Configuration system modified. There is now a configure script in lib/ and libextra/ as well, because gnulib works better with a config.h per gnulib directory. ** API and ABI modifications: No changes since last version. * Version 2.7.0 (released 2008-10-16) ** libgnutls: Added functions to handle CRL extensions. ** libgnutls: Added functions to handle X.509 extensions in Certificate Requests. ** libgnutls: Improved error string for GNUTLS_E_AGAIN. Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr@ncbi.nlm.nih.gov>. ** certtool: Print and set CRL and CRQ extensions. ** libgnutls-extra: Protect internal symbols with static. Fixes problem when linking certtool statically. Tiny patch from Aaron Ucko <ucko@ncbi.nlm.nih.gov>. ** libgnutls-openssl: fix out of bounds access. Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch from Thomas Viehmann <tv@beamnet.de>. ** libgnutlsxx: Define server_session::get_srp_username even if no SRP. ** tests: Make tests compile when using internal libtasn1. Patch by ludo@gnu.org (Ludovic Courtès). ** Changed detection of libtasn1 and libgcrypt to avoid depending on *-config. We now require a libgcrypt that has Camellia constants declared in gcrypt.h, which means v1.3.0 or later. ** API and ABI modifications: gnutls_x509_crl_get_authority_key_id: ADDED gnutls_x509_crl_get_number: ADDED gnutls_x509_crl_get_extension_oid: ADDED gnutls_x509_crl_get_extension_info: ADDED gnutls_x509_crl_get_extension_data: ADDED gnutls_x509_crl_set_authority_key_id: ADDED gnutls_x509_crl_set_number: ADDED gnutls_x509_crq_get_key_rsa_raw: ADDED gnutls_x509_crq_get_attribute_info: ADDED gnutls_x509_crq_get_attribute_data: ADDED gnutls_x509_crq_get_extension_info: ADDED gnutls_x509_crq_get_extension_data: ADDED gnutls_x509_crq_get_key_usage: ADDED gnutls_x509_crq_get_basic_constraints: ADDED gnutls_x509_crq_get_subject_alt_name: ADDED gnutls_x509_crq_get_subject_alt_othername_oid: ADDED gnutls_x509_crq_get_extension_by_oid: ADDED gnutls_x509_crq_set_subject_alt_name: ADDED gnutls_x509_crq_set_basic_constraints: ADDED gnutls_x509_crq_set_key_usage: ADDED gnutls_x509_crq_get_key_purpose_oid: ADDED gnutls_x509_crq_set_key_purpose_oid: ADDED gnutls_x509_crq_print: ADDED gnutls_x509_crt_set_crq_extensions: ADDED
Revision 1.82 / (download) - annotate - [select for diffs], Wed May 20 00:58:26 2009 UTC (3 years ago) by wiz
Branch: MAIN
Changes since 1.81: +2 -1
lines
Diff to previous 1.81 (colored)
Recursive ABI depends update and PKGREVISION bump for readline-6.0 shlib major change. Reported by Robert Elz in PR 41345.
Revision 1.81 / (download) - annotate - [select for diffs], Tue May 19 08:59:31 2009 UTC (3 years ago) by wiz
Branch: MAIN
Changes since 1.80: +1 -2
lines
Diff to previous 1.80 (colored)
Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT block). Uncomment some commented out LICENSE lines while here.
Revision 1.77.2.1 / (download) - annotate - [select for diffs], Wed May 6 09:34:11 2009 UTC (3 years ago) by spz
Branch: pkgsrc-2009Q1
Changes since 1.77: +8 -9
lines
Diff to previous 1.77 (colored) next main 1.78 (colored)
Pullup ticket 2756 - requested by tnn
Security fix
Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.80
- pkgsrc/security/gnutls/distinfo 1.54
Module Name: pkgsrc
Committed By: wiz
Date: Mon Apr 20 13:11:57 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to 2.6.5. Update commented out LICENSE (needs two).
* Version 2.6.5 (released 2009-04-11)
** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
specify the client hello message record version. Used to overcome buggy
TLS servers. Report by Martin von Gagern.
** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
Libtasn1 0.3.4 or later is required. This is to align with the
upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.
** API and ABI modifications:
No changes since last version.
To generate a diff of this commit:
cvs rdiff -u -r1.77 -r1.78 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.52 -r1.53 pkgsrc/security/gnutls/distinfo
Module Name: pkgsrc
Committed By: zafer
Date: Fri May 1 13:49:07 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile
Log Message:
replace non working mirrors with working ones.
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/security/gnutls/Makefile
Module Name: pkgsrc
Committed By: tnn
Date: Sat May 2 20:04:33 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to gnutls-2.6.6.
* Version 2.6.6 (released 2009-04-30)
libgnutls: Corrected double free on signature verification failure.
Reported by Miroslav Kratochvil. See the advisory
for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415]
libgnutls: Fix DSA key generation.
Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All
DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory
for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416]
To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.53 -r1.54 pkgsrc/security/gnutls/distinfo
Revision 1.80 / (download) - annotate - [select for diffs], Sat May 2 20:04:32 2009 UTC (3 years ago) by tnn
Branch: MAIN
Changes since 1.79: +2 -2
lines
Diff to previous 1.79 (colored)
Update to gnutls-2.6.6. * Version 2.6.6 (released 2009-04-30) libgnutls: Corrected double free on signature verification failure. Reported by Miroslav Kratochvil. See the advisory for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415] libgnutls: Fix DSA key generation. Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416] libgnutls: Check expiration/activation time on untrusted certificates. Reported by Romain Francoise. Before the library did not check activation/expiration times on certificates, and was documented as not doing so. We have realized that many applications that use libgnutls, including gnutls-cli, fail to perform proper checks. Implementing similar logic in all applications leads to code duplication. Hence, we decided to check whether the current time (as reported by the time function) is within the activation/expiration period of certificates when verifying untrusted certificates. This changes the semantics of gnutls_x509_crt_list_verify, which in turn is used by gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2. We add two new gnutls_certificate_status_t codes for reporting the new error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also add a new gnutls_certificate_verify_flags flag, GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new behaviour. API and ABI modifications: gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. gnutls_certificate_verify_peers: Likewise. gnutls_certificate_verify_peers2: Likewise. GNUTLS_CERT_NOT_ACTIVATED: ADDED. GNUTLS_CERT_EXPIRED: ADDED. GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
Revision 1.79 / (download) - annotate - [select for diffs], Fri May 1 13:49:07 2009 UTC (3 years ago) by zafer
Branch: MAIN
Changes since 1.78: +2 -3
lines
Diff to previous 1.78 (colored)
replace non working mirrors with working ones.
Revision 1.78 / (download) - annotate - [select for diffs], Mon Apr 20 13:11:57 2009 UTC (3 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.77: +7 -7
lines
Diff to previous 1.77 (colored)
Update to 2.6.5. Update commented out LICENSE (needs two). * Version 2.6.5 (released 2009-04-11) ** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to specify the client hello message record version. Used to overcome buggy TLS servers. Report by Martin von Gagern. ** GnuTLS no longer uses the libtasn1-config script to find libtasn1. Libtasn1 0.3.4 or later is required. This is to align with the upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script. ** API and ABI modifications: No changes since last version.
Revision 1.77 / (download) - annotate - [select for diffs], Sat Feb 21 13:45:31 2009 UTC (3 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base
Branch point for: pkgsrc-2009Q1
Changes since 1.76: +2 -2
lines
Diff to previous 1.76 (colored)
Update to 2.6.4: * Version 2.6.4 (released 2009-02-06) ** libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: result_size in gnutls_hex_encode now holds the size of the result. Report by John Brooks <special@dereferenced.net>. ** libgnutls: gnutls_handshake when sending client hello during a rehandshake, will not offer a version number larger than the current. Reported by Tristan Hill <stan@saticed.me.uk>. ** libgnutls: Permit V1 Certificate Authorities properly. Before they were mistakenly rejected even though GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. This is a bugfix -- the previous attempt to do this from internal x509 certificate verification procedures did not return the correct value for certificates using a weak hash. Reported by Daniel Kahn Gillmor <dkg@fifthhorseman.net> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn Gillmor <dkg@fifthhorseman.net>. ** libgnutls: Fix compile error with Sun CC. Reported by Jeff Cai <jeff.cai@sun.com> in <https://savannah.gnu.org/support/?106549>.
Revision 1.76 / (download) - annotate - [select for diffs], Fri Dec 19 15:43:20 2008 UTC (3 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q4
Changes since 1.75: +2 -2
lines
Diff to previous 1.75 (colored)
Changes 2.6.3 * gnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. * gnutls: Fix memory leak in PSK authentication. * certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier. It needs to be invoked before libgcrypt is initialized. * gnutls-cli: Return non-zero exit code on error conditions. * gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
Revision 1.75 / (download) - annotate - [select for diffs], Sat Nov 15 23:02:09 2008 UTC (3 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.74: +5 -6
lines
Diff to previous 1.74 (colored)
Update to 2.6.2: * Version 2.6.2 (released 2008-11-12) ** libgnutls: Fix crash in X.509 validation code for self-signed certificates. The patch to fix the security problem GNUTLS-SA-2008-3 introduced a problem for certificate chains that contained just one self-signed certificate. Reported by Michael Meskes <meskes@debian.org> in <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>. ** API and ABI modifications: No changes since last version.
Revision 1.74 / (download) - annotate - [select for diffs], Mon Nov 10 17:33:20 2008 UTC (3 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.73: +2 -2
lines
Diff to previous 1.73 (colored)
Update to 2.6.1: * Version 2.6.1 (released 2008-11-10) ** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] The flaw makes it possible for man in the middle attackers (i.e., active attackers) to assume any name and trick GNU TLS clients into trusting that name. Thanks for report and analysis from Martin von Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989] Any updates with more details about this vulnerability will be added to <http://www.gnu.org/software/gnutls/security.html> ** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. Reported by Kevin Quick <quick@sparq.org> in <https://savannah.gnu.org/support/index.php?106454>. ** libgnutls-extra: Protect internal symbols with static. Fixes problem when linking certtool statically. Tiny patch from Aaron Ucko <ucko@ncbi.nlm.nih.gov>. ** libgnutls-openssl: Fix patch against X509_get_issuer_name. It incorrectly returned the subject DN instead of issuer DN in v2.6.0. Thanks to Thomas Viehmann <tv@beamnet.de> for report. ** certtool: Print a PKCS #8 key even if it is not encrypted. ** tests: Make tests compile when using internal libtasn1. Patch by ludo@gnu.org (Ludovic Courtès). ** API and ABI modifications: No changes since last version.
Revision 1.73 / (download) - annotate - [select for diffs], Sat Oct 18 11:55:11 2008 UTC (3 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.72: +2 -3
lines
Diff to previous 1.72 (colored)
Changes 2.6.0: * libgnutls: Correct printing and parsing of IPv6 addresses. * libgnutls-openssl: fix out of bounds access. * certtool: Use inet_pton for parsing IPv6 addresses. * Added API to replace and update the crypto backend. * certtool: can add several subject alternative names via template file. * opencdk: Parse (but not decrypt) encrypted secret keys. * more...
Revision 1.72 / (download) - annotate - [select for diffs], Sat Sep 27 23:11:36 2008 UTC (3 years, 7 months ago) by tonnerre
Branch: MAIN
CVS Tags: pkgsrc-2008Q3-base,
pkgsrc-2008Q3
Changes since 1.71: +2 -1
lines
Diff to previous 1.71 (colored)
If strverscmp() is not present, gnutls shouldn't export a symbol of the same name, breaking the builds of libraries trying to both link against libcurl and use strverscmp(). Bump PKGREVISION. Fixes PR 39640.
Revision 1.70.4.1 / (download) - annotate - [select for diffs], Mon Aug 18 12:26:48 2008 UTC (3 years, 9 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.70: +2 -2
lines
Diff to previous 1.70 (colored) next main 1.71 (colored)
pullup ticket #2497 - requested by kefren
gnutls: update package for fixes
revisions pulled up:
pkgsrc/security/gnutls/Makefile 1.71
pkgsrc/security/gnutls/PLIST 1.32
pkgsrc/security/gnutls/distinfo 1.45
pkgsrc/security/gnutls/patches/patch-ad r0
Module Name: pkgsrc
Committed By: kefren
Date: Wed Jul 30 17:17:21 UTC 2008
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/gnutls/patches: patch-ad
Log Message:
update to gnutls-2.4.1
Changes:
** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2]
** libgnutls: Fix memory leaks when doing a re-handshake.
** Fix compiler warnings.
** Fix ordering of -I's to avoid opencdk.h conflict with system headers.
** srptool: Fix a problem where --verify check does not succeed.
Revision 1.71 / (download) - annotate - [select for diffs], Wed Jul 30 17:17:21 2008 UTC (3 years, 9 months ago) by kefren
Branch: MAIN
CVS Tags: cube-native-xorg-base,
cube-native-xorg
Changes since 1.70: +2 -2
lines
Diff to previous 1.70 (colored)
update to gnutls-2.4.1 Changes: ** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2] ** libgnutls: Fix memory leaks when doing a re-handshake. ** Fix compiler warnings. ** Fix ordering of -I's to avoid opencdk.h conflict with system headers. ** srptool: Fix a problem where --verify check does not succeed.
Revision 1.70 / (download) - annotate - [select for diffs], Sat May 24 04:59:59 2008 UTC (4 years ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.69: +3 -3
lines
Diff to previous 1.69 (colored)
Require libgcrypt>=1.2.2. Noticed by Steve Bellovin in pkgsrc-users@. And also require opencdk>=0.6.5.
Revision 1.68.2.1 / (download) - annotate - [select for diffs], Fri May 23 11:39:51 2008 UTC (4 years ago) by rtr
Branch: pkgsrc-2008Q1
Changes since 1.68: +2 -2
lines
Diff to previous 1.68 (colored) next main 1.69 (colored)
pullup ticket #2397 - requested by tnn
gnutls: update for security fixes
revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.69
- pkgsrc/security/gnutls/distinfo 1.44
Module Name: pkgsrc
Committed By: tnn
Date: Thu May 22 13:18:52 UTC 2008
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to gnutls-2.2.5.
* Version 2.2.5 (released 2008-05-19)
Fix flaw in fix for GNUTLS-SA-2008-1-3.
* Version 2.2.4 (released 2008-05-19)
Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
[GNUTLS-SA-2008-1-1]
libgnutls: Fix crash when sending invalid server name.
[GNUTLS-SA-2008-1-2]
libgnutls: Fix crash when sending repeated client hellos.
[GNUTLS-SA-2008-1-3]
libgnutls: Fix crash in cipher padding decoding for invalid record
lengths.
* Version 2.2.3 (released 2008-05-06)
Increase default handshake packet size limit to 48kb.
Fix compilation error related to __FUNCTION__ on some systems.
Documented the --priority option to gnutls-cli and gnutls-serv.
Fix fopen file descriptor leak in PSK server code.
Build Guile code with -fgnu89-inline only when supported.
Make Camellia encryption work.
Revision 1.69 / (download) - annotate - [select for diffs], Thu May 22 13:18:52 2008 UTC (4 years ago) by tnn
Branch: MAIN
Changes since 1.68: +2 -2
lines
Diff to previous 1.68 (colored)
Update to gnutls-2.2.5. * Version 2.2.5 (released 2008-05-19) Fix flaw in fix for GNUTLS-SA-2008-1-3. * Version 2.2.4 (released 2008-05-19) Fix three security vulnerabilities. [GNUTLS-SA-2008-1] [GNUTLS-SA-2008-1-1] libgnutls: Fix crash when sending invalid server name. [GNUTLS-SA-2008-1-2] libgnutls: Fix crash when sending repeated client hellos. [GNUTLS-SA-2008-1-3] libgnutls: Fix crash in cipher padding decoding for invalid record lengths. * Version 2.2.3 (released 2008-05-06) Increase default handshake packet size limit to 48kb. Fix compilation error related to __FUNCTION__ on some systems. Documented the --priority option to gnutls-cli and gnutls-serv. Fix fopen file descriptor leak in PSK server code. Build Guile code with -fgnu89-inline only when supported. Make Camellia encryption work.
Revision 1.68 / (download) - annotate - [select for diffs], Thu Mar 6 14:52:12 2008 UTC (4 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base
Branch point for: pkgsrc-2008Q1
Changes since 1.67: +2 -2
lines
Diff to previous 1.67 (colored)
Update to 2.2.2:
* Version 2.2.2 (released 2008-02-21)
** Cipher priority string handling now handle strings that starts with NULL.
Thanks to Laurence Withers <l@lwithers.me.uk>.
** Corrected memory leaks in session resuming and DHE ciphersuites. Reported
by Daniel Stenberg.
** Increased the default certificate verification chain limits and allowed
for checks without limitation.
** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
strings and return the proper size.
** API and ABI modifications:
No changes since last version.
* Version 2.2.1 (released 2008-01-17)
** Prevent linking libextra against previously installed libgnutls.
Tiny patch from "Alon Bar-Lev" <alon.barlev@gmail.com>, see
<http://bugs.gentoo.org/show_bug.cgi?id=202269>.
** Fixes the post_client_hello_function(). The extensions are now parsed
in a callback friendly way.
** Fix for certificate selection in servers with certificate callbacks.
** API and ABI modifications:
No changes since last version.
* Version 2.2.0 (released 2007-12-14)
Major changes compared to the v2.0 branch:
* SRP support aligned with newly published RFC 5054.
* OpenPGP support aligned with newly published RFC 5081.
* Support for DSA2 keys.
* Support for Camellia cipher.
* Support for Opaque PRF Input extension.
* PKCS#8 parser now handle DSA keys.
* Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra,
etc. Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier
versions, such as 2.01 which is included with GnuTLS, is available under
GPLv2 or later. If this incompatibility causes problems, we recommend
you to disable LZO using --without-lzo. LZO compression is not a
standard TLS compression algorithm, so the impact should be minimal.
* Functions for disabling record protocol padding.
Works around bugs on Nokia/Ericsson phones.
* New functions gnutls_priority_set() for setting cipher priorities easily.
Priorities like "COMPAT" also enables other work arounds, such as
disabling padding.
* Other minor improvements and bug fixes.
Minor changes compared to the latest v2.1.8 release candidate:
* Update internal copy of libtasn1 to version 1.2.
* Certtool --verify-chain now handle inputs larger than 64kb.
This fixes the self-test "rsa-md5-collision" under MinGW+Wine with
recent versions of libgcrypt. The problem was that Wine with the
libgcrypt RNG generates huge amounts of debugging output.
* Translation updates.
Added Dutch translation. Updated Polish and Swedish translation.
Backwards incompatible API/ABI changes in GnuTLS 2.2
====================================================
To adapt to changes in the TLS extension specifications for OpenPGP
and SRP, the GnuTLS API had to be modified. This means breaking the
API and ABI backwards compatibility. That is something we try to
avoid unless it is necessary. We decided to also remove the already
deprecated stub functions for X.509 to XML conversion and TLS
authorization (see below) when we had the opportunity.
Generally, most applications does not need to be modified. Just
re-compile them against the latest GnuTLS release, and it should work
fine.
Applications that use the OpenPGP or SRP features needs to be
modified. Below is a list of the modified APIs and discussion of what
the minimal things you need to modify in your application to make it
work with GnuTLS 2.2.
Note that GnuTLS 2.2 also introduces new APIs -- such as
gnutls_set_priority() that is superior to
gnutls_set_default_priority() -- that you may want to start using.
However, using those new APIs is not required to use GnuTLS 2.2 since
the old functions continue are still supported. This text only
discuss what you minimally have to modify.
XML related changes
-------------------
The function `gnutls_x509_crt_to_xml' has been removed. It has been
deprecated and only returned an error code since GnuTLS version
1.2.11. Nobody has complained, so users doesn't seem to miss the
functionality. We don't know of any other library to convert X.509
certificates into XML format, but we decided (long ago) that GnuTLS
isn't the right place for this kind of functionality. If you want
help to find some other library to use here, please explain and
discuss your use case on help-gnutls <at> gnu.org.
TLS Authorization related changes
---------------------------------
Everything related to TLS authorizations have been removed, they were
only stub functions that returned an error code:
GNUTLS_SUPPLEMENTAL_AUTHZ_DATA
gnutls_authz_data_format_type_t
gnutls_authz_recv_callback_func
gnutls_authz_send_callback_func
gnutls_authz_enable
gnutls_authz_send_x509_attr_cert
gnutls_authz_send_saml_assertion
gnutls_authz_send_x509_attr_cert_url
gnutls_authz_send_saml_assertion_url
SRP related changes
-------------------
The callback gnutls_srp_client_credentials_function has a new
prototype, and its semantic has changed. You need to rewrite the
callback, see the updated function documentation and SRP example code
(doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more
information.
The alert codes GNUTLS_A_MISSING_SRP_USERNAME and
GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP
specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is
used. There are #define's to map the old names to the new. You may
run into problems if you have a switch-case with cases for both SRP
alerts, since they are now mapped to the same value. The solution is
to drop the SRP alerts from such switch cases, as they are now
deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY.
OpenPGP related changes
-----------------------
The function `gnutls_certificate_set_openpgp_keyserver' have been
removed. There is no replacement functionality inside GnuTLS. If you
need keyserver functionality, consider using the GnuPG tools.
All functions, types, and error codes related to OpenPGP trustdb
format have been removed. The trustdb format is a non-standard
GnuPG-specific format, and we recommend you to use key rings instead.
The following have been removed:
gnutls_certificate_set_openpgp_trustdb
gnutls_openpgp_trustdb_init
gnutls_openpgp_trustdb_deinit
gnutls_openpgp_trustdb_import
gnutls_openpgp_key_verify_trustdb
gnutls_openpgp_trustdb_t
GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED
The following functions has an added parameter of the (new) type
`gnutls_openpgp_crt_fmt_t'. The type specify the format of the data
(binary or base64). The functions are:
gnutls_certificate_set_openpgp_key_file
gnutls_certificate_set_openpgp_key_mem
gnutls_certificate_set_openpgp_keyring_mem
gnutls_certificate_set_openpgp_keyring_file
To improve terminology and align with the X.509 interface, some
functions have been renamed. Compatibility mappings exists. The old
and new names of the affected functions and types are:
Old name New name
gnutls_openpgp_key_t gnutls_openpgp_crt_t
gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
gnutls_openpgp_key_init gnutls_openpgp_crt_init
gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
gnutls_openpgp_key_import gnutls_openpgp_crt_import
gnutls_openpgp_key_export gnutls_openpgp_crt_export
gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
gnutls_openpgp_send_key gnutls_openpgp_send_cert
* Version 2.0.0 (released 2007-09-04)
The following changes have been made since GnuTLS 1.6:
* Support for external RSA/DSA signing for TLS client authentication.
This allows you to secure the private key better, for example by using
privilege-separation techniques between the private key and the
network client/server.
* Support for signing X.509 certificates using RSA with SHA-256/384/512.
* Experimental support for TLS 1.2 (disabled by default). The TLS 1.2
specification is not finalized yet, but we implement a draft version
for testing.
* Support for X.509 Proxy Certificates (RFC 3820)
* Support for Supplemental handshakes messages (RFC 4680).
* Support for TLS authorization extension (draft-housley-tls-authz-extns-07).
* Support for the X.509 'otherName' Subject Altnerative Names (for XMPP).
* Guile bindings for GnuTLS have been added, thanks to Ludovic Courtes.
* Improve logic of gnutls_set_default_priority() which can now be more
recommended.
* New APIs to enumerate supported algorithms in the library.
* New APIs to access X.509 Certificate extension sequentially.
* New APIs to print X.509 Certificates and CRLs in human readable formats.
* New APIs to extract X.509 Distinguished Names from certificates.
* New APIs to handle pathLenConstraint in X.509 Basic Constraints.
* Certtool can export more than one certificate to PKCS#12.
* Several message translation improvements.
* Instructions and improvements to easily set up a HTTPS test server.
* Included copies updated to Libtasn1 1.1 and OpenCDK 0.6.4.
* Build improvements for Windows, Mac OS X, uClinux, etc.
* GnuTLS is now developed in GIT.
* Improved manual
* Many bugfixes and minor improvements.
Revision 1.67 / (download) - annotate - [select for diffs], Sun Nov 25 23:45:15 2007 UTC (4 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4
Changes since 1.66: +2 -2
lines
Diff to previous 1.66 (colored)
Update to 2.0.4: * Version 2.0.4 (released 2007-11-16) ** Corrected bug in decompression of expanded compression data. ** API and ABI modifications: No changes since last version.
Revision 1.66 / (download) - annotate - [select for diffs], Sun Nov 11 19:28:27 2007 UTC (4 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.65: +3 -2
lines
Diff to previous 1.65 (colored)
Update to 2.0.3: * Version 2.0.3 (released 2007-11-10) ** This version backports several fixes from the 2.1.x branch. ** Fixed PKCS #3 parameter export. ** Added gnutls_record_disable_padding() to allow servers talking to buggy clients that complain if the TLS 1.0 record protocol padding is used. ** Introduced gnutls_session_enable_compatibility_mode() to allow enabling all supported compatibility options (like disabling padding). ** Corrected bug which did not allow a server to run without supporting certificates. ** API and ABI modifications: gnutls_session_enable_compatibility_mode: ADDED gnutls_record_disable_padding: ADDED Add LICENSE, commented out; it contains both LGPL-2.1 and GPL2 code.
Revision 1.65 / (download) - annotate - [select for diffs], Tue Oct 23 11:43:56 2007 UTC (4 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.64: +2 -2
lines
Diff to previous 1.64 (colored)
Update to 2.0.2:
* Version 2.0.2 (released 2007-10-17)
** TLS authorization support removed.
This technique may be patented in the future, and it is not of crucial
importance for the Internet community. After deliberation we have
concluded that the best thing we can do in this situation is to
encourage society not to adopt this technique. We have decided to
lead the way with our own actions.
** certtool: Fixed data corruption when using --outder.
** Fix configure-time Guile detection.
** API and ABI modifications:
GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the
gnutls_supplemental_data_format_type_t enum type becomes empty.
* Version 2.0.1 (released 2007-09-20)
** New directory doc/credentials/ with test credentials.
This collects the test credentials from the web page and from src/.
The script gnutls-http-serv has also been moved to that directory.
** Update SRP extension type and cipher suite with official IANA values.
This breaks backwards compatibility with SRP in older versions of
GnuTLS, but this is intentional to speed up the adoption of the
official values. The old values we used were incorrect.
** Guile: Fix `x509-certificate-dn-oid'
** API and ABI modifications:
No changes since last version.
Revision 1.64 / (download) - annotate - [select for diffs], Thu Sep 6 01:12:33 2007 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base,
pkgsrc-2007Q3
Changes since 1.63: +2 -2
lines
Diff to previous 1.63 (colored)
Fix typo in comment.
Revision 1.63 / (download) - annotate - [select for diffs], Wed Sep 5 21:51:21 2007 UTC (4 years, 8 months ago) by drochner
Branch: MAIN
Changes since 1.62: +6 -8
lines
Diff to previous 1.62 (colored)
update to 2.0.0 While an update to a .0 version is somehow risky, it finishes the unfortunate state that the pkgsrc gnutls didn't work with the pkgsrc opencdk, which I wouldn't like to go into the next stable branch. Release candidates have worked for me, and there is some time left before the Q3 branch, so I'm confident. changes: * Support for external RSA/DSA signing for TLS client authentication -many X.509 enhancements Support for Supplemental handshakes messages (RFC 4680) * Support for TLS authorization extension (draft-housley-tls-authz-extns-07) * Improve logic of gnutls_set_default_priority() * New APIs to enumerate supported algorithms in the library * Certtool can export more than one certificate to PKCS#12 * Several message translation improvements * Improved manual * Many bugfixes and minor improvements
Revision 1.62 / (download) - annotate - [select for diffs], Wed Jun 6 06:23:58 2007 UTC (4 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base,
pkgsrc-2007Q2
Changes since 1.61: +6 -3
lines
Diff to previous 1.61 (colored)
Use included opencdk for now, opencdk-0.6.x is not compatible with gnutls-1.6.x (the stable branch). No further PKGREVISION bumps necessary, because opencdk caused recursive PKGREVISION bumps and afterwards gnutls wouldn't build. Addresses PR pkg/36448.
Revision 1.61 / (download) - annotate - [select for diffs], Tue Jun 5 05:36:59 2007 UTC (4 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.60: +2 -1
lines
Diff to previous 1.60 (colored)
opencdk shlib major changed; bump ABI depends and PKGREVISIONs of affected packages.
Revision 1.60 / (download) - annotate - [select for diffs], Fri Jun 1 20:12:44 2007 UTC (4 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.59: +2 -2
lines
Diff to previous 1.59 (colored)
Update to 1.6.3: * Version 1.6.3 (released 2007-05-26) ** New API functions to extract DER encoded X.509 Subject/Issuer DN. Suggested by Nate Nielsen <nielsen-list@memberwebs.com>. Backported from the 1.7.x branch, see <http://lists.gnu.org/archive/html/help-gnutls/2007-05/msg00029.html>. ** Have PKCS8 parser return better error codes. Reported by Nate Nielsen <nielsen-list@memberwebs.com>, see <http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001653.html> and <http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001654.html>. ** Fix mem leak for sessions with client authentication via certificates. Reported by Andrew W. Nosenko <andrew.w.nosenko@gmail.com>, see <http://lists.gnupg.org/pipermail/gnutls-dev/2007-April/001539.html>. ** Fix building of 'tlsia' self test. Earlier some gcc are known to build tlsia linking to $prefix/lib/libgnutls-extra.so rather than the libgnutls-extra.so in the build directory, even though command line parameters look OK. Changing order of some parameters fixes it. ** API and ABI modifications: gnutls_x509_crt_get_raw_issuer_dn: ADD. gnutls_x509_crt_get_raw_dn: ADD.
Revision 1.59 / (download) - annotate - [select for diffs], Fri Apr 20 06:07:15 2007 UTC (5 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.58: +2 -3
lines
Diff to previous 1.58 (colored)
Update to 1.6.2: * Version 1.6.2 (released 2007-04-18) ** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields. Before, we remove the parameters field, which resulted in a slightly different DER encoding which in turn caused signature verification failures of GnuTLS-generated RSA certificates in some other implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs you read, this may or may not be correct, but our new behaviour appear to be consistent with other widely used implementations. ** Regenerate the PKIX ASN.1 syntax tree. For some reason, after changing the ASN.1 type of ldap-UID in the last release, the generated C file built from the ASN.1 schema was not refreshed. This can cause problems when reading/writing UID components inside X.500 Distinguished Names. Reported by devel <dev001@pas-world.com>. ** Updated translations. ** API and ABI modifications: No changes since last version.
Revision 1.58 / (download) - annotate - [select for diffs], Wed Jan 24 15:58:04 2007 UTC (5 years, 4 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base,
pkgsrc-2007Q1
Changes since 1.57: +3 -10
lines
Diff to previous 1.57 (colored)
Renable and fix build of C++ library under Mac OS X. Bump package revision because of this fix.
Revision 1.57 / (download) - annotate - [select for diffs], Sun Jan 21 18:13:55 2007 UTC (5 years, 4 months ago) by minskim
Branch: MAIN
Changes since 1.56: +11 -1
lines
Diff to previous 1.56 (colored)
Disable the C++ library on Darwin to avoid a link error (PR 35456). According to the gnutls maintainer, the C++ compiler on Darwin is probably broken.
Revision 1.56 / (download) - annotate - [select for diffs], Sat Jan 20 17:38:06 2007 UTC (5 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.55: +3 -2
lines
Diff to previous 1.55 (colored)
Update to 1.6.1: * Version 1.6.1 (released 2006-12-28) ** Fix the list of trusted CAs that server's send to clients. Before, the list contained issuer DN's instead of subject DN's of the trusted CAs. Reported by Max Kellermann ** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. Reported by Max Kellermann ** Encode UID fields in DN's as DirectoryString. Before GnuTLS encoded and parsed UID fields as IA5String. This was incorrect, it should have used DirectoryString. Now it will use DirectoryString for the UID field, but for backwards compatibility it will also accept IA5String UID's. Reported by Max Kellermann ** Fix ./configure failure with non-GCC compilers. This fixes the following error message: configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined. Reported by "Michael C. Vergallen" * Version 1.6.0 (released 2006-11-17) ** No changes since 1.5.5. The major changes compared to the 1.4.x branch are: *** A GnuTLS C++ library is part of the official distribution. Currently there are no examples or documentation, but hopefully this will change. See gnutlsxx.h for the API. *** Windows is a supported platform. There are, however, two know bugs. One is related to select() in command line tools (not, nota bene, in the library), the other is a problem with libgcrypt that causes delays. Help is needed to resolve those issues, so we feel we can't delay the release because of this. *** New APIs for custom push/pull function error reporting. The new APIs are gnutls_transport_set_errno and gnutls_transport_set_global_errno. See the release notes for version 1.5.4 for more information. *** Self tests are run under valgrind, if available. See --disable-valgrind.
Revision 1.55 / (download) - annotate - [select for diffs], Fri Dec 8 05:44:19 2006 UTC (5 years, 5 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4
Changes since 1.54: +2 -1
lines
Diff to previous 1.54 (colored)
Needs PKGLOCALEDIR.
Revision 1.54 / (download) - annotate - [select for diffs], Mon Nov 13 18:15:14 2006 UTC (5 years, 6 months ago) by drochner
Branch: MAIN
Changes since 1.53: +2 -2
lines
Diff to previous 1.53 (colored)
update to 1.4.5 changes: minor bugfixes
Revision 1.53 / (download) - annotate - [select for diffs], Sun Nov 5 17:35:58 2006 UTC (5 years, 6 months ago) by joerg
Branch: MAIN
Changes since 1.52: +6 -8
lines
Diff to previous 1.52 (colored)
DESTDIR support.
Revision 1.49.2.1 / (download) - annotate - [select for diffs], Sun Sep 17 09:09:38 2006 UTC (5 years, 8 months ago) by salo
Branch: pkgsrc-2006Q2
Changes since 1.49: +2 -2
lines
Diff to previous 1.49 (colored) next main 1.50 (colored)
Pullup ticket 1830 - requested by wiz security update for gnutls Revisions pulled up: - pkgsrc/security/gnutls/Makefile 1.50, 1.51, 1.52 - pkgsrc/security/gnutls/PLIST 1.22 - pkgsrc/security/gnutls/distinfo 1.29, 1.30, 1.31 Module Name: pkgsrc Committed By: wiz Date: Mon Jul 17 17:02:02 UTC 2006 Modified Files: pkgsrc/security/gnutls: Makefile PLIST distinfo Log Message: Update to 1.4.1: * Version 1.4.1 (released 2006-06-14) ** Replaced inactive ifdefs to enable openpgp support in test programs. ** Fixed bug in OpenPGP authentication handshake. ** Fixed typographical in man pages. ** Build fixes of the manual. ** Added Swedish translation. ** API and ABI modifications: No changes since last version. --- Module Name: pkgsrc Committed By: wiz Date: Sun Sep 10 21:12:21 UTC 2006 Modified Files: pkgsrc/security/gnutls: Makefile distinfo Log Message: Update to 1.4.3: * Version 1.4.3 (released 2006-09-08) ** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's ** Crypto 06 rump session attack. In particular, we check that the digestAlgorithm.parameters field is empty, to avoid that it can contain "garbage" that may be used to alter the numeric properties of the signature. See <http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA <y.oiwa@aist.go.jp>. See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more up to date information. ** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack. See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>. Reported by Werner Koch <wk@gnupg.org>. See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more up to date information. ** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. ** API and ABI modifications: No changes since last version. * Version 1.4.2 (released 2006-08-12) ** Fix a crash (strcmp() on a NULL value) in the certificate verification logic. This can happen if you call gnutls_certificate_verify_peers2 and have a certain mix of local CA certificates and the peer send special certificates, that together trigger certain behaviour. It is not known at this point whether the crash can be triggered without the special local CA certificate, and thus turn this into a remote crash of clients that verify server certificates when they talk to a server with the special server certificate. See GNUTLS-SA-2006-2 on http://www.gnu.org/software/gnutls/security.html for more up to date information. Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>. ** Change SRP and Cert-Type extensions to match IANA registry. ** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support. ** Make --without-included-libtasn1 work. Reported by Daniel Black <dragonheart@gentoo.org>. ** API and ABI modifications: No changes since last version. --- Module Name: pkgsrc Committed By: wiz Date: Sat Sep 16 06:21:22 UTC 2006 Modified Files: pkgsrc/security/gnutls: Makefile distinfo Log Message: Update to 1.4.4: * Version 1.4.4 (released 2006-09-12) ** Relax the test that caught signatures that exploit the variant of ** Bleichenbacher's Crypto 06 rump session attack on our ** verification logic flaw. In particular, we now permit the digestAlgorithm.parameters field to be present but empty, whereas in 1.4.3 we actually checked that the field was absent. ** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem. The messages are only printed in debug mode, which is not recommended for normal use, and thus logging this situation cannot be abused as an oracle in typical recommended situations. ** API and ABI modifications: No changes since last version.
Revision 1.52 / (download) - annotate - [select for diffs], Sat Sep 16 06:21:22 2006 UTC (5 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base,
pkgsrc-2006Q3
Changes since 1.51: +2 -2
lines
Diff to previous 1.51 (colored)
Update to 1.4.4: * Version 1.4.4 (released 2006-09-12) ** Relax the test that caught signatures that exploit the variant of ** Bleichenbacher's Crypto 06 rump session attack on our ** verification logic flaw. In particular, we now permit the digestAlgorithm.parameters field to be present but empty, whereas in 1.4.3 we actually checked that the field was absent. ** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem. The messages are only printed in debug mode, which is not recommended for normal use, and thus logging this situation cannot be abused as an oracle in typical recommended situations. ** API and ABI modifications: No changes since last version.
Revision 1.51 / (download) - annotate - [select for diffs], Sun Sep 10 21:12:21 2006 UTC (5 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.50: +2 -2
lines
Diff to previous 1.50 (colored)
Update to 1.4.3: * Version 1.4.3 (released 2006-09-08) ** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's ** Crypto 06 rump session attack. In particular, we check that the digestAlgorithm.parameters field is empty, to avoid that it can contain "garbage" that may be used to alter the numeric properties of the signature. See <http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA <y.oiwa@aist.go.jp>. See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more up to date information. ** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack. See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>. Reported by Werner Koch <wk@gnupg.org>. See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more up to date information. ** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. ** API and ABI modifications: No changes since last version. * Version 1.4.2 (released 2006-08-12) ** Fix a crash (strcmp() on a NULL value) in the certificate verification logic. This can happen if you call gnutls_certificate_verify_peers2 and have a certain mix of local CA certificates and the peer send special certificates, that together trigger certain behaviour. It is not known at this point whether the crash can be triggered without the special local CA certificate, and thus turn this into a remote crash of clients that verify server certificates when they talk to a server with the special server certificate. See GNUTLS-SA-2006-2 on http://www.gnu.org/software/gnutls/security.html for more up to date information. Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>. ** Change SRP and Cert-Type extensions to match IANA registry. ** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support. ** Make --without-included-libtasn1 work. Reported by Daniel Black <dragonheart@gentoo.org>. ** API and ABI modifications: No changes since last version.
Revision 1.50 / (download) - annotate - [select for diffs], Mon Jul 17 17:02:02 2006 UTC (5 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.49: +2 -2
lines
Diff to previous 1.49 (colored)
Update to 1.4.1: * Version 1.4.1 (released 2006-06-14) ** Replaced inactive ifdefs to enable openpgp support in test programs. ** Fixed bug in OpenPGP authentication handshake. ** Fixed typographical in man pages. ** Build fixes of the manual. ** Added Swedish translation. ** API and ABI modifications: No changes since last version.
Revision 1.49 / (download) - annotate - [select for diffs], Wed May 17 21:50:22 2006 UTC (6 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Changes since 1.48: +3 -3
lines
Diff to previous 1.48 (colored)
Update to 1.4.0: * Version 1.4.0 (released 2006-05-15) ** Remove GnuTLS 0.8.x compatibility functions. ** The libgcrypt RNG is initialized in gnutls_global_init(). ** TLS/IA API changes from Emile van Bergen. A dummy credential structure is not needed now, if you wish to use the low-level TLS/IA API, simply call gnutls_ia_enable to enable TLS/IA on a session. ** The self-tests are now run under valgrind, if it is installed. ** Libtasn1 is updated to 0.3.4, and that version is now required. ** The command line tools now use getaddrinfo and support IPv6. ** API and ABI modifications: _gnutls_x509_get_raw_crt_activation_time, _gnutls_x509_get_raw_crt_expiration_time: Removed. gnutls_ia_require_inner_phase: Removed, replaced by gnutls_ia_enable. gnutls_ia_enable: Added.
Revision 1.48 / (download) - annotate - [select for diffs], Thu Apr 6 06:22:38 2006 UTC (6 years, 1 month ago) by reed
Branch: MAIN
Changes since 1.47: +4 -4
lines
Diff to previous 1.47 (colored)
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Revision 1.47 / (download) - annotate - [select for diffs], Fri Mar 31 23:56:29 2006 UTC (6 years, 1 month ago) by jlam
Branch: MAIN
Changes since 1.46: +2 -3
lines
Diff to previous 1.46 (colored)
List the info pages directly in the PLIST and ensure that we honor PKGINFODIR.
Revision 1.46 / (download) - annotate - [select for diffs], Thu Mar 9 17:25:54 2006 UTC (6 years, 2 months ago) by cube
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.45: +3 -4
lines
Diff to previous 1.45 (colored)
Update to version 1.3.5. Fixes build failures related to libtasn1. - Error messages are now translated using GNU Gettext. - The function gnutls_x509_crt_to_xml now return an internal error. This means that the code to convert X.509 certificates to XML format does not work any more. The reason is that the function called libtasn1 internal functions. It seems unclean for libtasn1 to export the APIs needed here. Instead it would be better to implement XML support inside libtasn1 properly. If you need this functionality strongly, please consider looking into implementing this suggested approach instead. As a workaround, you may also modify lib/x509/xml.c (change '#if 1' to '#if 0') and build using --with-included-libtasn1. - Doc fixes to explain that gnutls_record_send can block. - gnutls-cli can now recognize services and port numbers with the -p option.
Revision 1.45 / (download) - annotate - [select for diffs], Sun Mar 5 00:33:54 2006 UTC (6 years, 2 months ago) by grant
Branch: MAIN
Changes since 1.44: +2 -1
lines
Diff to previous 1.44 (colored)
bump PKGREVISION for libtasn1 depends change
Revision 1.44 / (download) - annotate - [select for diffs], Sat Mar 4 23:45:07 2006 UTC (6 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.43: +2 -2
lines
Diff to previous 1.43 (colored)
Fix build with libtasn1-0.3.0, and depend on it.
Revision 1.43 / (download) - annotate - [select for diffs], Sat Mar 4 21:30:34 2006 UTC (6 years, 2 months ago) by jlam
Branch: MAIN
Changes since 1.42: +2 -2
lines
Diff to previous 1.42 (colored)
Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no developer is officially maintaining the package. The rationale for changing this from "tech-pkg" to "pkgsrc-users" is that it implies that any user can try to maintain the package (by submitting patches to the mailing list). Since the folks most likely to care about the package are the folks that want to use it or are already using it, this would leverage the energy of users who aren't developers.
Revision 1.37.2.1 / (download) - annotate - [select for diffs], Tue Feb 14 17:35:33 2006 UTC (6 years, 3 months ago) by salo
Branch: pkgsrc-2005Q4
Changes since 1.37: +3 -3
lines
Diff to previous 1.37 (colored) next main 1.38 (colored)
Pullup ticket 1125 - requested by Matthias Drochner security updates for libtasn1 and gnutls Revisions pulled up: - pkgsrc/security/libtasn1/Makefile 1.20 - pkgsrc/security/libtasn1/distinfo 1.11 Gnutls updated via patch. Module Name: pkgsrc Committed By: drochner Date: Fri Feb 10 12:39:25 UTC 2006 Modified Files: pkgsrc/security/gnutls: Makefile distinfo pkgsrc/security/libtasn1: Makefile distinfo Log Message: update libtasn1 to 0.2.18 and gnutls to 1.2.10 fixes possible DOS (crash by invalid DER input) "GNUTLS-SA-2006-1"
Revision 1.42 / (download) - annotate - [select for diffs], Mon Feb 13 11:04:54 2006 UTC (6 years, 3 months ago) by drochner
Branch: MAIN
Changes since 1.41: +2 -2
lines
Diff to previous 1.41 (colored)
"configure" checks for libtasn1>=0.2.18, so require it explicitely
Revision 1.41 / (download) - annotate - [select for diffs], Fri Feb 10 12:39:25 2006 UTC (6 years, 3 months ago) by drochner
Branch: MAIN
Changes since 1.40: +2 -3
lines
Diff to previous 1.40 (colored)
update libtasn1 to 0.2.18 and gnutls to 1.3.4, fixes possible DOS (crash by invalid DER input) "GNUTLS-SA-2006-1"
Revision 1.40 / (download) - annotate - [select for diffs], Sun Feb 5 23:10:43 2006 UTC (6 years, 3 months ago) by joerg
Branch: MAIN
Changes since 1.39: +2 -1
lines
Diff to previous 1.39 (colored)
Recursive revision bump / recommended bump for gettext ABI change.
Revision 1.39 / (download) - annotate - [select for diffs], Fri Jan 20 21:14:04 2006 UTC (6 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.38: +3 -2
lines
Diff to previous 1.38 (colored)
Changes 1.3.3: ** New API to access the TLS master secret. When possible, you should use the TLS PRF functions instead. ** Improved handling when multiple libraries use GnuTLS at the same time. Now gnutls_global_init() can be called multiple times, and gnutls_global_deinit() will only deallocate the structure when it has been called as many times as gnutls_global_init() was called. ** Added a self test of TLS resume functionality. ** Fix crash in TLS resume code, caused by TLS/IA changes. ** Add 'const' keywords in various places, from Frediano ZIGLIO. ** The code was indented again, including the external header files. ** API and ABI modifications: New functions to retrieve the master secret value: gnutls_session_get_master_secret Add a 'const' keyword to existing API: gnutls_x509_crq_get_challenge_password
Revision 1.38 / (download) - annotate - [select for diffs], Sat Dec 31 00:02:58 2005 UTC (6 years, 4 months ago) by wiz
Branch: MAIN
Changes since 1.37: +2 -2
lines
Diff to previous 1.37 (colored)
Update to 1.3.2:
* Version 1.3.2 (released 2005-12-15)
** GnuTLS now support TLS Inner application (TLS/IA).
This is per draft-funk-tls-inner-application-extension-01. This
functionality is added to libgnutls-extra, so it is licensed under the
GNU General Public License.
** New APIs to access the TLS Pseudo-Random-Function (PRF).
The PRF is used by some protocols building on TLS, such as EAP-PEAP
and EAP-TTLS. One function to access the raw PRF and one to access
the PRF seeded with the client/server random fields are provided.
Suggested by Jouni Malinen <jkmaline@cc.hut.fi>.
** New APIs to acceess the client and server random fields in a session.
These fields can be useful by protocols using TLS. Note that these
fields are typically used as input to the TLS PRF, and if this is your
intended use, you should use the TLS PRF API that use the
client/server random field directly. Suggested by Jouni Malinen
<jkmaline@cc.hut.fi>.
** Internal type cleanups.
The uint8, uint16, uint32 types have been replaced by uint8_t,
uint16_t, uint32_t. Gnulib is used to guarantee the presence of
correct types on platforms that lack them. The uint type have been
replaced by unsigned.
** API and ABI modifications:
New functions to invoke the TLS Pseudo-Random-Function (PRF):
gnutls_prf
gnutls_prf_raw
New functions to retrieve the session's client and server random values:
gnutls_session_get_server_random
gnutls_session_get_client_random
New function, to perform TLS/IA handshake:
gnutls_ia_handshake
New function to decide whether to do a TLS/IA handshake:
gnutls_ia_handshake_p
New functions to allocate a TLS/IA credential:
gnutls_ia_allocate_client_credentials
gnutls_ia_free_client_credentials
gnutls_ia_allocate_server_credentials
gnutls_ia_free_server_credentials
New functions to handle the AVP callback:
gnutls_ia_set_client_avp_function
gnutls_ia_set_client_avp_ptr
gnutls_ia_get_client_avp_ptr
gnutls_ia_set_server_avp_function
gnutls_ia_set_server_avp_ptr
gnutls_ia_get_server_avp_ptr
New functions, to toggle TLS/IA application phases:
gnutls_ia_require_inner_phase
New function to mix session keys with inner secret:
gnutls_ia_permute_inner_secret
Low-level API (used internally by gnutls_ia_handshake):
gnutls_ia_endphase_send
gnutls_ia_send
gnutls_ia_recv
New functions that can be used after successful TLS/IA negotiation:
gnutls_ia_generate_challenge
gnutls_ia_extract_inner_secret
Enum type with TLS/IA modes:
gnutls_ia_mode_t
Enum type with TLS/IA packet types:
gnutls_ia_apptype_t
Enum values for TLS/IA alerts:
GNUTLS_A_INNER_APPLICATION_FAILURE
GNUTLS_A_INNER_APPLICATION_VERIFICATION
New error codes, to signal when an application phase has finished:
GNUTLS_E_WARNING_IA_IPHF_RECEIVED
GNUTLS_E_WARNING_IA_FPHF_RECEIVED
New error code to signal TLS/IA verify failure:
GNUTLS_E_IA_VERIFY_FAILED
* Version 1.3.1 (released 2005-12-08)
** Support for DHE-PSK cipher suites has been added.
This method offers perfect forward secrecy.
** Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to
Otto Maddox <ottomaddox@fastmail.fm> and Nozomu Ando <nand@mac.com>.
** Corrected a bug in certtool for 64 bit machines. Reported
by Max Kellermann <max@duempel.org>.
** New function to set a X.509 private key and certificate pairs, and/or
CRLs, from an PKCS#12 file, suggested by Emile van Bergen
<emile@e-advies.nl>.
The integrity of the PKCS#12 file is protected through a password
based MAC; public-key based signatures for integrity protection are
not supported. PKCS#12 bags may be encrypted using password derived
symmetric keys, public-key based encryption is not supported. The
PKCS#8 keys may be encrypted using passwords. The API use the same
password for all operations. We believe that any more flexibility
create too much complexity that would hurt overall security, but may
add more PKCS#12 related APIs if real-world experience indicate
otherwise.
** gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys,
reported by Emile van Bergen <emile@e-advies.nl>.
This will enable "certtool -k -8" to parse those keys.
** Certtool now generate keys in unencrypted PKCS#8 format for empty passwords.
Use "certtool -p -8" and press press enter at the prompt. Earlier,
certtool would have encrypted the key using an empty password.
** Certtool now accept --password for --key-info and encrypted PKCS#8 keys.
Earlier it would have prompted the user for it, even if --password was
supplied.
** Added self test of PKCS#8 parsing.
Unencrypted and encrypted (pbeWithSHAAnd3-KeyTripleDES-CBC and
pbeWithSHAAnd40BitRC2-CBC) formats are tested. The test is in
tests/pkcs8.
** API and ABI modifications:
New function to set X.509 credentials from a PKCS#12 file:
gnutls_certificate_set_x509_simple_pkcs12_file
New gnutls_kx_algorithm_t enum type:
GNUTLS_KX_DHE_PSK
New API to return session data (better data types than
gnutls_session_get_data):
gnutls_session_get_data2
New API to set PSK Diffie-Hellman parameters:
gnutls_psk_set_server_dh_params
* Version 1.3.0 (2005-11-15)
** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added.
This add several new APIs, see below. Read the updated manual for
more information. A new self test "pskself" has been added, that will
test this functionality.
** The session resumption data are now system independent.
** The code has been re-indented to conform to the GNU coding style.
** Removed the RIPEMD ciphersuites.
** Added a discussion of the internals of gnutls in manual.
** Fixes for Tru64 UNIX 4.0D that lack MAP_FAILED, from Albert Chin.
** Remove trailing comma in enums, for IBM C v6, from Albert Chin.
** Make sure config.h is included first in a few files, from Albert Chin.
** Don't use C++ comments ("//") as they are invalid, from Albert Chin.
** Don't install SRP programs and man pages if --disable-srp-authentication,
from Albert Chin.
** API and ABI modifications:
New gnutls_kx_algorithm_t key exchange type: GNUTLS_KX_PSK
New gnutls_credentials_type_t credential type:
GNUTLS_CRD_PSK
New credential types:
gnutls_psk_server_credentials_t
gnutls_psk_client_credentials_t
New functions to allocate PSK credentials:
gnutls_psk_allocate_client_credentials
gnutls_psk_free_client_credentials
gnutls_psk_free_server_credentials
gnutls_psk_allocate_server_credentials
New enum type for PSK key flags:
gnutls_psk_key_flags
New function prototypes for credential callback:
gnutls_psk_client_credentials_function
gnutls_psk_server_credentials_function
New function to set PSK username and key:
gnutls_psk_set_client_credentials
New function to set PSK passwd file:
gnutls_psk_set_server_credentials_file
New function to extract PSK user in server:
gnutls_psk_server_get_username
New functions to set PSK callback:
gnutls_psk_set_server_credentials_function
gnutls_psk_set_client_credentials_function
Use size_t instead of int for output size parameter:
gnutls_srp_base64_encode
gnutls_srp_base64_decode
Revision 1.37 / (download) - annotate - [select for diffs], Mon Dec 5 20:50:56 2005 UTC (6 years, 5 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Changes since 1.36: +5 -5
lines
Diff to previous 1.36 (colored)
Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Revision 1.36 / (download) - annotate - [select for diffs], Mon Nov 14 18:17:49 2005 UTC (6 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.35: +2 -2
lines
Diff to previous 1.35 (colored)
Update to 1.2.9:
* Version 1.2.9 (2005-11-07)
- Documentation was updated and improved.
- RSA-MD2 is now supported for verifying digital signatures.
- Due to cryptographic advances, verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output. For
applications that must remain interoperable, you can use the
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
flags when verifying certificates. Naturally, this is not
recommended default behaviour for applications. To enable the
broken algorithms, call gnutls_certificate_set_verify_flags with the
proper flag, to change the verification mode used by
gnutls_certificate_verify_peers2.
- Make it possible to send empty data through gnutls_record_send,
to align with the send(2) API.
- Some changes in the certificate receiving part of handshake to prevent
some possible errors with non-blocking servers.
- Added numeric version symbols to permit simple CPP-based feature
tests, suggested by Daniel Stenberg <daniel@haxx.se>.
- The (experimental) low-level crypto alternative to libgcrypt used
earlier (Nettle) has been replaced with crypto code from gnulib.
This leads to easier re-use of these components in other projects,
leading to more review and simpler maintenance. The new configure
parameter --with-builtin-crypto replace the old --with-nettle, and
must be used if you wish to enable this functionality. See README
under "Experimental" for more information. Internally, GnuTLS has
been updated to use the new "Generic Crypto" API in gl/gc.h. The
API is similar to the old crypto/gc.h, because the gnulib code were
based on GnuTLS's gc.h.
- Fix compiler warning in the "anonself" self test.
- API and ABI modifications:
gnutls_x509_crt_list_verify: Added 'const' to prototype in <gnutls/x509.h>.
This doesn't reflect a change in behaviour,
so we don't break backwards compatibility.
GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value.
GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value.
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values.
Use when calling
gnutls_x509_crt_list_verify,
gnutls_x509_crt_verify, or
gnutls_certificate_set_verify_flags.
GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value,
used when broken signature algorithms
is used (currently RSA-MD2/MD5).
LIBGNUTLS_VERSION_MAJOR,
LIBGNUTLS_VERSION_MINOR,
LIBGNUTLS_VERSION_PATCH,
LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS
version number, can be used for feature existence
tests.
Revision 1.35 / (download) - annotate - [select for diffs], Thu Oct 20 00:43:32 2005 UTC (6 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.34: +5 -3
lines
Diff to previous 1.34 (colored)
Update to 1.2.8: * Version 1.2.8 (2005-10-07) - Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers. - Don't install the auxilliary libexamples library used by the examples in doc/examples/ on "make install", report and tiny patch from Thomas Klausner - If you pass a X.509 CA or PGP trust database to the command line tool, it will now abort the connection if the server certificate validation fails. Use the parameter --insecure to continue even after certificate validation failures. Inspired from discussion with Alexander Kotelnikov - The test for socklen_t has been moved to gnulib. - Link failures for duplicate or missing "program_name" symbol has been fixed, patch from Martin Lambers - The command line tool and the examples no longer uses mmap or bzero, to make them more portable, patch from Martin Lambers - Made the PKCS #12 API handle null passwords. Based on patch by Anton Altaparmakov - The GTK-DOC manual should build with current released tools. (But a copy of the output is included, so the tools are not required.) - API and ABI modifications: No changes since last version.
Revision 1.34 / (download) - annotate - [select for diffs], Fri Sep 30 13:11:34 2005 UTC (6 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.33: +2 -2
lines
Diff to previous 1.33 (colored)
Update to 1.2.7: * Version 1.2.7 (2005-09-09) - The GNUTLS and GNUTLS-EXTRA libraries are now built with versioned symbols. - Certtool now complains when reading out-of-range X.509 serial numbers, suggested by Fran - Certtool now uses the readline library (when available) when reading X.509 serial numbers. - Fixed build problems in getpass on uClibc and Mingw32 platforms. - Fixed compile warning regarding socklen_t on Mingw32, reported by Martin Lambers - Fixed examples in doc/examples/, suggested by Fran - Gnulib is now used for the core library, enabling future code cleanups. - The gnutls-cli tool now use gnutls_certificate_verify_peers2, suggested by Daniel Stenberg - Doc fixes for gnutls_transport_set_push and gnutls_transport_set_pull. - Minilibtasn1 is now 0.2.17 (removed optional use of C99 macros). - Disable zlib support if zlib.h is not present. - A number of internal cleanups. - API and ABI modifications: No changes since last version. pkgsrc change: do not install libexamples (looks like a bug)
Revision 1.33 / (download) - annotate - [select for diffs], Mon Sep 5 07:34:05 2005 UTC (6 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base,
pkgsrc-2005Q3
Changes since 1.32: +2 -4
lines
Diff to previous 1.32 (colored)
buildlink3.mk matches Makefile now
Revision 1.32 / (download) - annotate - [select for diffs], Tue Aug 30 14:29:00 2005 UTC (6 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.31: +5 -5
lines
Diff to previous 1.31 (colored)
Changes 1.2.6: - MiniLZO updated to version 2.01 and moved to separate directory. - Collision between system LZO header files and MiniLZO header file fixed. - Will now test for liblzo functionality in liblzo2 too. - Minilibtasn1 is now 0.2.14 (no code changes). - Some code changes to avoid GTK-DOC warnings. - API and ABI modifications: No changes since last version.
Revision 1.31 / (download) - annotate - [select for diffs], Thu Jul 14 20:16:23 2005 UTC (6 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.30: +3 -2
lines
Diff to previous 1.30 (colored)
Update comment about lzo.
Revision 1.30 / (download) - annotate - [select for diffs], Thu Jul 14 19:19:43 2005 UTC (6 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.29: +4 -3
lines
Diff to previous 1.29 (colored)
Update to 1.2.5: * Version 1.2.5 (2005-07-03) - More builddir != srcdir fixes, reported by Mike Castle - Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn, reported by Adam Langley - Corrected some stuff in minilzo detection. Pointed out by Sergey Lipnevich. - MiniLZO updated to version 2.00. - gnutls_x509_crt_list_import now accept a DER formatted CRL. - API and ABI modifications: No changes since last version.
Revision 1.29 / (download) - annotate - [select for diffs], Tue May 31 17:48:30 2005 UTC (6 years, 11 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
Update to 1.2.4: * Version 1.2.4 (2005-05-28) - Corrected some bugs that could affect 64 bit systems. - Some corrections in the header files to include the prototype of memmem properly (affected 64 bit systems). Report and patch by Yoann Vandoorselaere <yoann@prelude-ids.org>. - Introduced the --fix-key option to certtool, which can be used to regenerate the (optional) parameters in a private key. It should be used together with --key-info. - Corrected a bug in certificate chain verification that could lead to marking a trusted chain as non trusted, if the last certificate in the chain was a self signed one. - Gnulib portability files were updated. - License were updated to reflect new FSF address.
Revision 1.25.2.1 / (download) - annotate - [select for diffs], Mon May 2 20:14:06 2005 UTC (7 years ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.25: +3 -2
lines
Diff to previous 1.25 (colored) next main 1.26 (colored)
Pullup ticket 479 - requested by Thomas Klausner
security update for gnutls
Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.26, 1.28
- pkgsrc/security/gnutls/PLIST 1.13-1.14
- pkgsrc/security/gnutls/buildlink3.mk 1.8
- pkgsrc/security/gnutls/distinfo 1.15-1.16
- pkgsrc/security/gnutls/patches/patch-aa removed
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 8 15:50:41 UTC 2005
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Removed Files:
pkgsrc/security/gnutls/patches: patch-aa
Log Message:
Update to 1.2.1:
* Version 1.2.1 (2005-04-04)
- gnutls_bye() will no longer fail when RDWR is used and application
data are available for reading.
- Added more strict checks for the SRP parameters (g,n), when they
are not in the included list.
- Added warning to certtool when MD5 is being used for digital
signatures.
- Optimizations ("-O2 -finline-functions") are not enabled by default,
instead the standard autoconf defaults are used. Use `./configure
CFLAGS="-O2 -finline-functions"' to get the old optimizations.
- Added the option --get-dh-params to certtool, in order to get the
included in the library primes and generators.
- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to
allow only trusted Version 1 CAs and introduced
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics.
- Nettle self tests now build properly, reported by Pierre
- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites.
Reported by Yoann Vandoorselaere
- Added the functions:
gnutls_x509_crt_list_import(),
gnutls_x509_crq_get_attribute_by_oid(),
gnutls_x509_crq_set_attribute_by_oid() and
gnutls_x509_crt_set_extension_by_oid().
- If the library has been compiled with features disabled, a warning is
issued during the compilation of any program.
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon May 2 12:59:24 UTC 2005
Modified Files:
pkgsrc/security/gnutls: Makefile PLIST distinfo
Log Message:
Update to 1.2.3:
* Version 1.2.3
- Corrected bug in record packet parsing that could lead
to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
gnutls_x509_privkey_fix(): Add.
* Version 1.2.2 (2005-04-25)
- gnutls_error_to_alert() now considers
GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
- Fixed error in session resuming that could cause a crash in
a session.
- Fixed pkcs12 friendly name and local key identifier decoding.
- Internal cleanups, removed duplicate typedef/struct definitions,
and made source code include external include file, to check
function prototypes during compile time.
- API and ABI modifications:
No changes since last version. At least not intentional, but due
to the include header changes, there may be inadvertant changes,
please let us know if you find any.
---
Module Name: pkgsrc
Committed By: salo
Date: Mon May 2 19:48:37 UTC 2005
Modified Files:
pkgsrc/security/gnutls: buildlink3.mk
Log Message:
Bump BUILDLINK_RECOMMENDED after latest security update. (hi wiz!)
Revision 1.28 / (download) - annotate - [select for diffs], Mon May 2 12:59:24 2005 UTC (7 years ago) by wiz
Branch: MAIN
Changes since 1.27: +2 -2
lines
Diff to previous 1.27 (colored)
Update to 1.2.3:
* Version 1.2.3
- Corrected bug in record packet parsing that could lead
to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
gnutls_x509_privkey_fix(): Add.
* Version 1.2.2 (2005-04-25)
- gnutls_error_to_alert() now considers
GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
- Fixed error in session resuming that could cause a crash in a session.
- Fixed pkcs12 friendly name and local key identifier decoding.
- Internal cleanups, removed duplicate typedef/struct definitions,
and made source code include external include file, to check
function prototypes during compile time.
- API and ABI modifications:
No changes since last version. At least not intentional, but due
to the include header changes, there may be inadvertant changes,
please let us know if you find any.
Revision 1.27 / (download) - annotate - [select for diffs], Mon Apr 11 21:47:11 2005 UTC (7 years, 1 month ago) by tv
Branch: MAIN
Changes since 1.26: +1 -2
lines
Diff to previous 1.26 (colored)
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Revision 1.26 / (download) - annotate - [select for diffs], Fri Apr 8 15:50:41 2005 UTC (7 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.25: +3 -2
lines
Diff to previous 1.25 (colored)
Update to 1.2.1:
* Version 1.2.1 (2005-04-04)
- gnutls_bye() will no longer fail when RDWR is used and application
data are available for reading.
- Added more strict checks for the SRP parameters (g,n), when they
are not in the included list.
- Added warning to certtool when MD5 is being used for digital
signatures.
- Optimizations ("-O2 -finline-functions") are not enabled by default,
instead the standard autoconf defaults are used. Use `./configure
CFLAGS="-O2 -finline-functions"' to get the old optimizations.
- Added the option --get-dh-params to certtool, in order to get the
included in the library primes and generators.
- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to
allow only trusted Version 1 CAs and introduced
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics.
- Nettle self tests now build properly, reported by Pierre
- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites.
Reported by Yoann Vandoorselaere
- Added the functions:
gnutls_x509_crt_list_import(),
gnutls_x509_crq_get_attribute_by_oid(),
gnutls_x509_crq_set_attribute_by_oid() and
gnutls_x509_crt_set_extension_by_oid().
- If the library has been compiled with features disabled, a warning is
issued during the compilation of any program.
Revision 1.25 / (download) - annotate - [select for diffs], Fri Feb 25 15:23:24 2005 UTC (7 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Changes since 1.24: +2 -1
lines
Diff to previous 1.24 (colored)
Work around broken dependency handling by explicitly setting timezone to UTC. Fixes PR 29530.
Revision 1.24 / (download) - annotate - [select for diffs], Sat Feb 19 00:14:23 2005 UTC (7 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.23: +9 -4
lines
Diff to previous 1.23 (colored)
Update to 1.2.0. From the release announcement: We are pleased to announce the availability of GnuTLS 1.2.0! This release is the result of the 23 development releases made on the development branch (1.1.x). Major changes compared to the 1.0 branch include: * Moved SRP password authentication from the GnuTLS-extra library (licensed under GPL) to the core library (licensed under LGPL). * The API has been cleaned up, and data types now use a '_t' suffix. * Fixes to handle denial of service problem when verifying long certificate chains. * The manual has been converted to Texinfo and is consequently available in many formats, see: <http://josefsson.org/gnutls/manual/> * A reference API manual has been added, and is available in HTML and DevHelp formats, thanks to GTK-DOC, see: <http://josefsson.org/gnutls/reference/gnutls-gnutls.html> The 1.2.0 version is intended to be stable, and to be a drop-in replacement of the stable 1.0.x branch. We encourage developers to move to the 1.2 branch as soon as possible, since we will now spend less time improving version 1.0.x. We are not planning to open a 1.3 development branch soon, because there are no plans to start work on any major new feature today. Instead, we will continue to carefully improve the quality of this release over time. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment.
Revision 1.23 / (download) - annotate - [select for diffs], Sun Nov 28 12:59:10 2004 UTC (7 years, 5 months ago) by recht
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored)
update to gnutls-1.0.23 Noteworthy changes since the last release: - Replace GNU LD version script with Libtool -export-symbols-regex, from Joe Orton <joe at manyfish.co.uk>. - Copy libtasn1 has been updated to version 0.2.11. - Corrected the write of CRL distribution points. - It is now possible to generate PKCS#12 structures without private keys using "certtool --to-p12", suggested by Fabian Fagerholm <fabbe at paniq.net>.
Revision 1.22 / (download) - annotate - [select for diffs], Mon Nov 8 19:34:46 2004 UTC (7 years, 6 months ago) by jmmv
Branch: MAIN
Changes since 1.21: +5 -3
lines
Diff to previous 1.21 (colored)
Update to 1.0.22: Version 1.0.22 (28/10/2004) - Print DN of certificates with unknown characters in them, but in hexform only. - Corrected bug in _gnutls_x509_get_dn_oid(), and returns the actual OID. - Added second precision to the X.509 parsing functions. - Add parameter --la-file to libgnutls-config and libgnutls-extra-config, tiny patch contributed by Joe Orton <joe@manyfish.co.uk>. - Add pkg-config meta files, suggested by Stéphane LOEUILLET <stephane.loeuillet@tiscali.fr>. - Fix memory initializaion bug in gnutls_certificate_set_x509_trust, tiny patch by Aleix Conchillo Flaque <aleix@member.fsf.org>. - Fix certtool --password for PKCS #12, back ported from 1.1.x branch. - Fix library order in libgnutls*-config --libs output, to permit static linking, reported by Yoann Vandoorselaere <yoann@prelude-ids.org>. Version 1.0.21 (07/10/2004) - Fix memory leak in gnutls_certificate_verify_peers and gnutls_certificate_free_credentials, report and patch by Simon Posnjak <simon.posnjak@cetrtapot.si>. - Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting a key and no certificate to PKCS#12. - Fix objdir != srcdir builds, reported by "Gerrit P. Haase" <gp@familiehaase.de>. - Avoid redefining getpass if system already has it, reported by Yoann Vandoorselaere <yoann@prelude-ids.org>. - Add new example "ex-rfc2818" for certificate verification, from Nikos. - Known bug: the library require snprintf.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Oct 6 10:17:06 2004 UTC (7 years, 7 months ago) by grant
Branch: MAIN
Changes since 1.20: +2 -2
lines
Diff to previous 1.20 (colored)
rename cfg+ directory to libcfg+ so it matches the PKGNAME.
Revision 1.20 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:08 2004 UTC (7 years, 7 months ago) by tv
Branch: MAIN
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Revision 1.19 / (download) - annotate - [select for diffs], Mon Sep 6 20:39:13 2004 UTC (7 years, 8 months ago) by danw
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.18: +2 -1
lines
Diff to previous 1.18 (colored)
bump PKGREVISION for devel/cfg+ soname change
Revision 1.18 / (download) - annotate - [select for diffs], Fri Aug 27 13:16:16 2004 UTC (7 years, 8 months ago) by drochner
Branch: MAIN
Changes since 1.17: +5 -2
lines
Diff to previous 1.17 (colored)
update to 1.0.20 changes: -bugfixes -adds some limits to the verification functions to avoid denial of service attacks -selftests added
Revision 1.16.2.1 / (download) - annotate - [select for diffs], Fri Jul 30 16:20:33 2004 UTC (7 years, 9 months ago) by agc
Branch: pkgsrc-2004Q2
Changes since 1.16: +3 -1
lines
Diff to previous 1.16 (colored) next main 1.17 (colored)
Pullup ticket 89 to the pkgsrc-2004Q2 branch, requested by Grant Beattie
Build fix for gnutls
Module Name: pkgsrc
Committed By: grant
Date: Sun Jul 25 06:15:25 UTC 2004
Modified Files:
pkgsrc/security/gnutls: Makefile
Log Message:
one of the Makefiles uses ${RM} but doesn't define it, so pass
RM=${RM} in MAKE_ENV.
Revision 1.17 / (download) - annotate - [select for diffs], Sun Jul 25 06:15:24 2004 UTC (7 years, 10 months ago) by grant
Branch: MAIN
Changes since 1.16: +3 -1
lines
Diff to previous 1.16 (colored)
one of the Makefiles uses ${RM} but doesn't define it, so pass
RM=${RM} in MAKE_ENV.
Revision 1.16 / (download) - annotate - [select for diffs], Sat May 22 10:09:53 2004 UTC (8 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base
Branch point for: pkgsrc-2004Q2
Changes since 1.15: +9 -6
lines
Diff to previous 1.15 (colored)
Changes 1.0.13: - Some complilation fixes. - Added the --xml parameter to the certtool utility. Changes 1.0.12: - Corrected bug in OpenPGP key loading using a callback. - Renamed gnutls-srpcrypt to srptool - Allow handshake requests by the client. * Things backported from the development branch: - Added support for authority key identifier and the extended key usage X.509 extension fields. The certtoool was updated to support them. - Added batch support to certtool. Now it can use templates. - The RC2 cipher is no more included. The one in libgcrypt is now used. Changes 1.0.11: - Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() - Corrected bug in TLS renegotiation. Changes 1.0.10: - Corrected bug in RSA parameters handling which could cause unexpected crashes. - Corrected bug in SSL 3.0 authentication.
Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 29 10:31:16 2004 UTC (8 years ago) by jmmv
Branch: MAIN
Changes since 1.14: +4 -1
lines
Diff to previous 1.14 (colored)
Precreate the include/gnutls directory to fix installation. Dunno how this worked before (maybe the joys of make replace did not expose the problem)... Fixes PR pkg/25304.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Mar 1 15:14:45 2004 UTC (8 years, 2 months ago) by jmmv
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.13: +2 -3
lines
Diff to previous 1.13 (colored)
Update to 1.0.8. Changes since 1.0.6: Version 1.0.8 (28/02/2004) - Corrected bug in mutual certificate authentication in SSL 3.0. - Several other minor bugfixes. Version 1.0.7 (25/02/2004) - Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack). - Some updates in the documentation.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Feb 25 18:27:33 2004 UTC (8 years, 3 months ago) by minskim
Branch: MAIN
Changes since 1.12: +3 -1
lines
Diff to previous 1.12 (colored)
Enable pkgviews installation.
Revision 1.12 / (download) - annotate - [select for diffs], Wed Feb 25 15:53:17 2004 UTC (8 years, 3 months ago) by minskim
Branch: MAIN
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
Bump PKGREVISION due to the update of libgcrypt.
Revision 1.11 / (download) - annotate - [select for diffs], Sat Feb 14 17:21:50 2004 UTC (8 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.10: +1 -3
lines
Diff to previous 1.10 (colored)
LIBTOOL_OVERRIDE and SHLIBTOOL_OVERRIDE are now lists of shell globs
relative to ${WRKSRC}. Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.
Revision 1.10 / (download) - annotate - [select for diffs], Tue Feb 10 00:20:29 2004 UTC (8 years, 3 months ago) by jlam
Branch: MAIN
Changes since 1.9: +8 -9
lines
Diff to previous 1.9 (colored)
bl3ify
Revision 1.9 / (download) - annotate - [select for diffs], Mon Jan 12 22:57:38 2004 UTC (8 years, 4 months ago) by xtraeme
Branch: MAIN
Changes since 1.8: +2 -4
lines
Diff to previous 1.8 (colored)
Update to 1.0.4 Version 1.0.4 (04/01/2004) - Changed handshake behaviour to send the lowest TLS version when an unsupported version was advertized. The current behaviour is to send the maximum version we support. - certtool no longer asks the password in unencrypted private keys. - The source is now compiled to use the reentrant libc functions.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Dec 22 23:08:03 2003 UTC (8 years, 5 months ago) by jmmv
Branch: MAIN
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Update to 1.0.3: - Corrected bug in gnutls_bye() which made it return an error code of INVALID_REQUEST instead of success. - Corrected a bug in the GNUTLS_KEY key usage definitions.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Dec 21 10:17:30 2003 UTC (8 years, 5 months ago) by xtraeme
Branch: MAIN
Changes since 1.6: +3 -2
lines
Diff to previous 1.6 (colored)
Update to 1.0.2, this also closes PR pkg/23766. Changes: o Corrected a bug in the RSA key generation. This was generating unusable RSA keys.
Revision 1.6 / (download) - annotate - [select for diffs], Thu Dec 18 06:04:10 2003 UTC (8 years, 5 months ago) by xtraeme
Branch: MAIN
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
Update to 1.0.1 from Min Sik Kim PR pkg/23754. Changes since 1.0.0: - Some minor fixes in the makefiles. They now include CFLAGS from libgcrypt or opencdk if installed in a non standard directory. - Fixed the SRP detection test in gnutls-cli-debug. - Added gnutls_rsa_params_export_pkcs1() and gnutls_rsa_params_import_pkcs1().
Revision 1.5 / (download) - annotate - [select for diffs], Sat Dec 6 00:52:21 2003 UTC (8 years, 5 months ago) by xtraeme
Branch: MAIN
Changes since 1.4: +5 -7
lines
Diff to previous 1.4 (colored)
Updated to 1.0.0, provided by Min Sik Kim PR pkg/23661. Changes: - Exported the static SRP group parameters. - Some fixes in the certificate authenticated SRP ciphersuites. - Improved the support for draft-ietf-tls-srp-05. The two-phase handshake is now fully supported without any interaction with the application layer (except for a callback). - Some fixes in the openpgp authentication. - Removed the Twofish cipher. - The openssl compatibility layer was moved to gnutls-openssl library instead of being included in the gnutls-extra library. - Added the RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04. - Building with openpgp support is now mandatory. - gnutls4 compatibility header is no longer included by default in gnutls.h. - gnutls8 function usage yelds a deprecation warning in gcc3. - gnutls_x509_*_set_dn_by_oid() and gnutls_x509_*_get_*_dn_by_oid() functions have a raw_flag parameter added. - The certtool utility can now generate PKCS #12 structures without specifying a certificate. - Added capability to read CRLs to certtool. - Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER to properly set the required buffer size. - Corrected a bug in libgcrypt detection. And more...
Revision 1.4 / (download) - annotate - [select for diffs], Sat Oct 18 08:10:57 2003 UTC (8 years, 7 months ago) by jmmv
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.3: +7 -2
lines
Diff to previous 1.3 (colored)
Make this package use the libtasn library that comes with it, instead of our own security/libtasn1 package, which is too new to work fine with gnutls. While here, add missing dependency on devel/zlib. Fixes PR pkg/23172; reviewed by wiz@. Bump PKGREVISION to 1.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jul 17 22:52:55 2003 UTC (8 years, 10 months ago) by grant
Branch: MAIN
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
s/netbsd.org/NetBSD.org/
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 2 01:17:18 2003 UTC (8 years, 11 months ago) by jschauma
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
Use tech-pkg@ in favor of packages@ as MAINTAINER for orphaned packages. Should anybody feel like they could be the maintainer for any of thewe packages, please adjust.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed May 14 03:46:44 2003 UTC (9 years ago) by salo
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Import of gnutls-0.8.7: GNU Transport Layer Security library. GnuTLS is a portable ANSI C based library which implements the TLS 1.0 and SSL 3.0 protocols. The library does not include any patented algorithms and is available under the GNU Lesser GPL license. Important features of the GnuTLS library include: - Thread safety - Support for both TLS 1.0 and SSL 3.0 protocols - Support for both X.509 and OpenPGP certificates - Support for basic parsing and verification of certificates - Support for SRP for TLS authentication - Support for TLS Extension mechanism - Support for TLS Compression Methods Additionaly GnuTLS provides an emulation API for the widely used OpenSSL library, to ease integration with existing applications. Package provided by Juan RP via pkgsrc-wip with modifications by me.
Revision 1.1 / (download) - annotate - [select for diffs], Wed May 14 03:46:44 2003 UTC (9 years ago) by salo
Branch: MAIN
Initial revision