./security/gnutls, GNU Transport Layer Security library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2009Q2, Version: 2.8.3, Package name: gnutls-2.8.3, Maintainer: pkgsrc-users

GnuTLS is a portable ANSI C based library which implements the TLS 1.0 and SSL
3.0 protocols. The library does not include any patented algorithms and is
available under the GNU Lesser GPL license.

Important features of the GnuTLS library include:
- Thread safety
- Support for both TLS 1.0 and SSL 3.0 protocols
- Support for both X.509 and OpenPGP certificates
- Support for basic parsing and verification of certificates
- Support for SRP for TLS authentication
- Support for TLS Extension mechanism
- Support for TLS Compression Methods

Additionally GnuTLS provides an emulation API for the widely used OpenSSL
library, to ease integration with existing applications.


Required to run:
[devel/libcfg+] [archivers/lzo] [security/opencdk] [security/libtasn1] [security/libgcrypt]

Required to build:
[devel/libtool-base] [devel/gmake]

Master sites: (Expand)

SHA1: c25fb354258777f9ee34b79b08eb87c024cada75
RMD160: 01763fad93e4b76e18dcfb1881c5f09011804dca
Filesize: 6053.001 KB

Version history: (Expand)


CVS history: (Expand)


   2009-08-29 11:49:14 by S.P.Zeidler | Files touched by this commit (5) | Package updated
Log message:
Pullup ticket 2874 - requested by tron
security update

Revisions pulled up:
- pkgsrc/security/gnutls/Makefile		1.86
- pkgsrc/security/gnutls/PLIST			1.36
- pkgsrc/security/gnutls/distinfo		1.60

Files added:
pkgsrc/security/gnutls/patches/patch-ak		1.2
pkgsrc/security/gnutls/patches/patch-al		1.2

   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Jul 18 10:32:32 UTC 2009

   Modified Files:
   	pkgsrc/security/gnutls: Makefile distinfo

   Log message:
   Update to 2.8.1:

   * Version 2.8.1 (released 2009-06-10)

   ** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cyc=
   le.
   Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
   <http://bugs.gentoo.org/272388>.

   ** libgnutls: Fix PKCS#12 decryption from password.
   The encryption key derived from the password was incorrect for (on
   average) 1 in every 128 input for random inputs.  Reported by "Kukosa,
   Tomas" <tomas.kukosa@siemens-enterprise.com> in
   <http://permalink.gmane.org/gmane.network.gnutls.general/1663>.

   ** API and ABI modifications:
   No changes since last version.

   To generate a diff of this commit:
   cvs rdiff -u -r1.83 -r1.84 pkgsrc/security/gnutls/Makefile
   cvs rdiff -u -r1.57 -r1.58 pkgsrc/security/gnutls/distinfo

   ----------------------------------------------------------------------

   Module Name:	pkgsrc
   Committed By:	drochner
   Date:		Wed Jul 22 16:50:07 UTC 2009

   Modified Files:
   	pkgsrc/security/gnutls: Makefile PLIST distinfo
   Added Files:
   	pkgsrc/security/gnutls/patches: patch-ak patch-al

   Log message:
   disable the openssl compatibility library -- no pkg I know of needs
   it, and it only has a potential to conflict with the real openssl
   (bad things will happen if a program links or dlopen()s both)
   bump PKGREVISION
   (the bug fixed in the added patches is already fixed upstream, will
   be in the next release)

   To generate a diff of this commit:
   cvs rdiff -u -r1.84 -r1.85 pkgsrc/security/gnutls/Makefile
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/security/gnutls/PLIST
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/security/gnutls/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/security/gnutls/patches/patch-ak \
       pkgsrc/security/gnutls/patches/patch-al

   ----------------------------------------------------------------------

   Module Name:	pkgsrc
   Committed By:	snj
   Date:		Thu Aug 13 18:56:32 UTC 2009

   Modified Files:
   	pkgsrc/security/gnutls: Makefile distinfo
   	pkgsrc/security/gnutls/patches: patch-ak patch-al

   Log message:
   Update to 2.8.3.  Changes:

   * Version 2.8.3 (released 2009-08-13)

   ** libgnutls: Fix patch for NUL in CN/SAN in last release.
   Code intended to be removed would lead to an read-out-bound error in
   some situations.  Reported by Tomas Hoger <thoger@redhat.com>.  A CVE
   code have been allocated for the vulnerability: [CVE-2009-2730].

   ** libgnutls: Fix rare failure in gnutls_x509_crt_import.
   The function may fail incorrectly when an earlier certificate was
   imported to the same gnutls_x509_crt_t structure.

   ** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build
   error.

   ** tests: Made self-test mini-eagain take less time.

   ** doc: Typo fixes.

   ** API and ABI modifications:
   No changes since last version.

   * Version 2.8.2 (released 2009-08-10)

   ** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
   By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
   into 1) not printing the entire CN/SAN field value when printing a
   certificate and 2) cause incorrect positive matches when matching a
   hostname against a certificate.  Some CAs apparently have poor
   checking of CN/SAN values and issue these (arguable invalid)
   certificates.  Combined, this can be used by attackers to become a
   MITM on server-authenticated TLS sessions.  The problem is mitigated
   since attackers needs to get one certificate per site they want to
   attack, and the attacker reveals his tracks by applying for a
   certificate at the CA.  It does not apply to client authenticated TLS
   sessions.  Research presented independently by Dan Kaminsky and Moxie
   Marlinspike at BlackHat09.  Thanks to Tomas Hoger <thoger@redhat.com>
   for providing one part of the patch.  [GNUTLS-SA-2009-4].

   ** libgnutls: Fix return value of gnutls_certificate_client_get_request_sta=
   tus.
   Before it always returned false.  Reported by Peter Hendrickson
   <pdh@wiredyne.com> in
   <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.

   ** libgnutls: Fix off-by-one size computation error in unknown DN printing.
   The error resulted in truncated strings when printing unknown OIDs in
   X.509 certificate DNs.  Reported by Tim Kosse
   <tim.kosse@filezilla-project.org> in
   <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.

   ** libgnutls: Return correct bit lengths of some MPIs.
   gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
   gnutls_dh_get_peers_public_bits.  Before the reported value was
   overestimated.  Reported by Peter Hendrickson <pdh@wiredyne.com> in
   <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.

   ** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
   Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
   <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
   and
   <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.

   ** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
   Before we required that the runtime library used the same (or more
   recent) libgcrypt/libtasn1 as it was compiled with.  Now we just check
   that the runtime usage is above the minimum required.  Reported by
   Marco d'Itri <md@linux.it> via Andreas Metzler
   <ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.

   ** minitasn1: Internal copy updated to libtasn1 v2.3.

   ** tests: Fix failure in "chainverify" because a certificate have \ 
expired.

   ** API and ABI modifications:
   No changes since last version.

   To generate a diff of this commit:
   cvs rdiff -u -r1.85 -r1.86 pkgsrc/security/gnutls/Makefile
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/security/gnutls/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/gnutls/patches/patch-ak \
       pkgsrc/security/gnutls/patches/patch-al