00462a6e26
* Version 2.8.3 (released 2009-08-13) ** libgnutls: Fix patch for NUL in CN/SAN in last release. Code intended to be removed would lead to an read-out-bound error in some situations. Reported by Tomas Hoger <thoger@redhat.com>. A CVE code have been allocated for the vulnerability: [CVE-2009-2730]. ** libgnutls: Fix rare failure in gnutls_x509_crt_import. The function may fail incorrectly when an earlier certificate was imported to the same gnutls_x509_crt_t structure. ** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build error. ** tests: Made self-test mini-eagain take less time. ** doc: Typo fixes. ** API and ABI modifications: No changes since last version. * Version 2.8.2 (released 2009-08-10) ** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate. Some CAs apparently have poor checking of CN/SAN values and issue these (arguable invalid) certificates. Combined, this can be used by attackers to become a MITM on server-authenticated TLS sessions. The problem is mitigated since attackers needs to get one certificate per site they want to attack, and the attacker reveals his tracks by applying for a certificate at the CA. It does not apply to client authenticated TLS sessions. Research presented independently by Dan Kaminsky and Moxie Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com> for providing one part of the patch. [GNUTLS-SA-2009-4]. ** libgnutls: Fix return value of gnutls_certificate_client_get_request_status. Before it always returned false. Reported by Peter Hendrickson <pdh@wiredyne.com> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>. ** libgnutls: Fix off-by-one size computation error in unknown DN printing. The error resulted in truncated strings when printing unknown OIDs in X.509 certificate DNs. Reported by Tim Kosse <tim.kosse@filezilla-project.org> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>. ** libgnutls: Return correct bit lengths of some MPIs. gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and gnutls_dh_get_peers_public_bits. Before the reported value was overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>. ** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN. Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671> and <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>. ** libgnutls: Relax checking of required libtasn1/libgcrypt versions. Before we required that the runtime library used the same (or more recent) libgcrypt/libtasn1 as it was compiled with. Now we just check that the runtime usage is above the minimum required. Reported by Marco d'Itri <md@linux.it> via Andreas Metzler <ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>. ** minitasn1: Internal copy updated to libtasn1 v2.3. ** tests: Fix failure in "chainverify" because a certificate have expired. ** API and ABI modifications: No changes since last version.
12 lines
657 B
Text
12 lines
657 B
Text
$NetBSD: distinfo,v 1.60 2009/08/13 18:56:32 snj Exp $
|
|
|
|
SHA1 (gnutls-2.8.3.tar.bz2) = c25fb354258777f9ee34b79b08eb87c024cada75
|
|
RMD160 (gnutls-2.8.3.tar.bz2) = 01763fad93e4b76e18dcfb1881c5f09011804dca
|
|
Size (gnutls-2.8.3.tar.bz2) = 6198273 bytes
|
|
SHA1 (patch-ab) = 4b6801f6c8f00b8da8e78f7277450c6f53366fb4
|
|
SHA1 (patch-ae) = f505476ce0477dc547e8698d205d6ba26fe85f48
|
|
SHA1 (patch-af) = bd4701640dfef5bfdce87d620befd93098b0dff3
|
|
SHA1 (patch-ai) = 2c5c181ec6de9622cac66c2d5fe2cc8f3f89fbe8
|
|
SHA1 (patch-aj) = 55187c2a07d67f789678b1a404c6b119b311fc82
|
|
SHA1 (patch-ak) = f2f4e6f1c6f937eca67235cb01aff1b32cbe4fd8
|
|
SHA1 (patch-al) = f1c9def7d8150d93e14678b1acdbbc1534099452
|