Update to 1.4.4:

* Version 1.4.4 (released 2006-09-12) ** Relax the test that caught signatures that exploit the variant of ** Bleichenbacher's Crypto 06 rump session attack on our ** verification logic flaw. In particular, we now permit the digestAlgorithm.parameters field to be present but empty, whereas in 1.4.3 we actually checked that the field was absent. ** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem. The messages are only printed in debug mode, which is not recommended for normal use, and thus logging this situation cannot be abused as an oracle in typical recommended situations. ** API and ABI modifications: No changes since last version.
2006-09-16 06:21:22 +00:00 · 2006-09-16 06:21:22 +00:00 · 770746f32b
commit 770746f32b
parent 21201708ed
2 changed files with 6 additions and 6 deletions
--- a/security/gnutls/Makefile
+++ b/security/gnutls/Makefile
@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.51 2006/09/10 21:12:21 wiz Exp $
+# $NetBSD: Makefile,v 1.52 2006/09/16 06:21:22 wiz Exp $

-DISTNAME=	gnutls-1.4.3
+DISTNAME=	gnutls-1.4.4
 CATEGORIES=	security devel
 MASTER_SITES=	http://josefsson.org/gnutls/releases/ \
 		ftp://ftp.gnutls.org/pub/gnutls/ \
--- a/security/gnutls/distinfo
+++ b/security/gnutls/distinfo
@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.30 2006/09/10 21:12:21 wiz Exp $
+$NetBSD: distinfo,v 1.31 2006/09/16 06:21:22 wiz Exp $

-SHA1 (gnutls-1.4.3.tar.bz2) = c4182c3804235d6f3eb2f3e59bb560f22370d4fc
-RMD160 (gnutls-1.4.3.tar.bz2) = 3be97523303c5350dea1b74e50feeab71804f857
-Size (gnutls-1.4.3.tar.bz2) = 4047997 bytes
+SHA1 (gnutls-1.4.4.tar.bz2) = 8f6ee112c8d93dd726e8e3d0e3fbf234f085a2cd
+RMD160 (gnutls-1.4.4.tar.bz2) = a31dfe33934ddf2500ae0e6c67aa265cd5b9ede4
+Size (gnutls-1.4.4.tar.bz2) = 4048916 bytes
 SHA1 (patch-ab) = 503bf7fa154341504db7ba3b5c6602627ff27dc5