net-libs/gnutls-2.6.4 was released on 2009-02-06. Renaming of the 2.6.3 ebuild is sufficient. What's New ========== Version 2.6.4 is a maintenance release on our stable branch. ** libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: result_size in gnutls_hex_encode now holds the size of the result. Report by John Brooks <special@dereferenced.net>. ** libgnutls: gnutls_handshake when sending client hello during a rehandshake, will not offer a version number larger than the current. Reported by Tristan Hill <stan@saticed.me.uk>. ** libgnutls: Permit V1 Certificate Authorities properly. Before they were mistakenly rejected even though GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. This is a bugfix -- the previous attempt to do this from internal x509 certificate verification procedures did not return the correct value for certificates using a weak hash. Reported by Daniel Kahn Gillmor <dkg@fifthhorseman.net> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>, debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn Gillmor <dkg@fifthhorseman.net>. ** libgnutls: Fix compile error with Sun CC. Reported by Jeff Cai <jeff.cai@sun.com> in <https://savannah.gnu.org/support/?106549>. ** API and ABI modifications: No changes since last version.
net-libs/gnutls-2.7.5 was released on 2009-02-06. * Version 2.7.5 (released 2009-02-06) ** libgnutls: Accept chains where intermediary certs are trusted. Before GnuTLS needed to validate the entire chain back to a self-signed certificate. GnuTLS will now stop looking when it has found an intermediary trusted certificate. The new behaviour is useful when chains, for example, contains a top-level CA, an intermediary CA signed using RSA-MD5, and an end-entity certificate. To avoid chain validation errors due to the RSA-MD5 cert, you can explicitly add the intermediary RSA-MD5 cert to your trusted certs. The signature on trusted certificates are not checked, so the chain has a chance to validate correctly. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** libgnutls: result_size in gnutls_hex_encode now holds the size of the result. Report by John Brooks <special@dereferenced.net>. ** libgnutls: gnutls_handshake when sending client hello during a rehandshake, will not offer a version number larger than the current. Reported by Tristan Hill <stan@saticed.me.uk>. ** libgnutls: Permit V1 Certificate Authorities properly. Before they were mistakenly rejected even though GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by "Douglas E. Engert" <deengert@anl.gov> in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>. ** API and ABI modifications: No changes since last version.
Created attachment 182075 [details, diff] gnutls-2.7.5.ebuild.patch
net-libs/gnutls-2.7.6 was released on 2009-02-27. * Version 2.7.6 (released 2009-02-27) ** certtool: Query for multiple dnsName subjectAltName in interactive mode. This applies both to generating certificates and certificate requests. ** pkix.asn: Removed unneeded definitions to reduce memory usage. ** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to be used for chain verification. ** gnutls-serv: No longer disable MAC padding by default. Use --priority NORMAL:%COMPAT to disable MAC padding again. ** gnutls-cli: Certificate information output format changed. The tool now uses libgnutls' functions to print certificate information. This avoids code duplication. ** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 ** and %VERIFY_ALLOW_X509_V1_CA_CRT. They can be used to override the default certificate chain validation behaviour. ** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to specify the client hello message record version. Used to overcome buggy TLS servers. Report by Martin von Gagern. ** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. ** libgnutls: gnutls_openpgp_crt_print supports oneline mode. ** doc: Update gnutls-cli and gnutls-serv --help output descriptions. ** API and ABI modifications: No changes since last version.
added thanks Arfrever
net-libs/gnutls-2.6.4 also should be added. Renaming of the 2.6.3 ebuild should be sufficient.
(In reply to comment #5) > net-libs/gnutls-2.6.4 also should be added. > Renaming of the 2.6.3 ebuild should be sufficient. > ok - done now - sorry for being slack
