head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.10
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.8
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.6
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.4
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.2
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.1.0.2
	pkgsrc-2008Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2009.02.21.13.45.31;	author wiz;	state dead;
branches;
next	1.1;

1.1
date	2008.10.29.11.38.09;	author shannonjr;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to 2.6.4:

* Version 2.6.4 (released 2009-02-06)

** libgnutls: Accept chains where intermediary certs are trusted.
Before GnuTLS needed to validate the entire chain back to a
self-signed certificate.  GnuTLS will now stop looking when it has
found an intermediary trusted certificate.  The new behaviour is
useful when chains, for example, contains a top-level CA, an
intermediary CA signed using RSA-MD5, and an end-entity certificate.
To avoid chain validation errors due to the RSA-MD5 cert, you can
explicitly add the intermediary RSA-MD5 cert to your trusted certs.
The signature on trusted certificates are not checked, so the chain
has a chance to validate correctly.  Reported by "Douglas E. Engert"
<deengert@@anl.gov> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

** libgnutls: result_size in gnutls_hex_encode now holds
the size of the result. Report by John Brooks <special@@dereferenced.net>.

** libgnutls: gnutls_handshake when sending client hello during a
rehandshake, will not offer a version number larger than the current.
Reported by Tristan Hill <stan@@saticed.me.uk>.

** libgnutls: Permit V1 Certificate Authorities properly.
Before they were mistakenly rejected even though
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied.  Reported by
"Douglas E. Engert" <deengert@@anl.gov> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
This is a bugfix -- the previous attempt to do this from internal x509
certificate verification procedures did not return the correct value
for certificates using a weak hash.  Reported by Daniel Kahn Gillmor
<dkg@@fifthhorseman.net> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
debugged and patch by Tomas Mraz <tmraz@@redhat.com> and Daniel Kahn
Gillmor <dkg@@fifthhorseman.net>.

** libgnutls: Fix compile error with Sun CC.
Reported by Jeff Cai <jeff.cai@@sun.com> in
<https://savannah.gnu.org/support/?106549>.
@
text
@$NetBSD: patch-ah,v 1.1 2008/10/29 11:38:09 shannonjr Exp $

--- lib/mac-libgcrypt.c.orig	2008-10-05 07:41:43.000000000 -0600
+++ lib/mac-libgcrypt.c
@@@@ -93,7 +93,7 @@@@ wrap_gcry_md_copy (void **bhd, void *ahd
 static void
 wrap_gcry_md_close (void *hd)
 {
-  return gcry_md_close (hd);
+  gcry_md_close (hd);
 }
 
 static int
@


1.1
log
@Three patches to permit compilation under Solaris with SunPro compiler:

patch-ag and patch-ah fix void functions that attempt to return the result
of calling a void function.

patch-ai conditionally includes <sys/inttypes.h> to pick up uint32_t
@
text
@d1 1
a1 1
$NetBSD$
@